M68k - IDA Pro 24-bit addressing?

Question

I'm trying to disassemble a BIOS image for the 68000, and I'm having trouble getting IDA Pro 6.5 to correctly cross-reference addresses.

For those who aren't aware, the Motorola 68000 has a couple of interesting features/quirks related to addressing:

1. When given a 16-bit absolute address, the processor sign-extends it to 32 bits before dereferencing it.
2. The 68K uses a 24-bit address bus, so the high byte in a 32-bit address is ignored.

The original authors of this BIOS took advantage of these properties in a number of places to save a few bytes: for any address above 0xFF8000, it's possible to specify the address using only two bytes instead of four. For example, if I wanted to access the memory at address 0xFF9134:

lea (0x9134).w, a0
< sign extension >
lea (0xFFFF9134).l, a0
< discard high byte >
lea 0xFF9134, a0

The problem I'm running into is that IDA Pro is performing the sign extension, but then considers the entire 32-bit address instead of only the lower 24 bits. IDA ends up trying to cross-reference addresses that don't (or at least shouldn't) exist, and any segments/code/data I have in the 0xFF8000-0xFFFFFF address range get completely ignored.

I'm still new to IDA Pro, so I don't know if this would be solvable with a script, let alone how to write such a thing. Is there a way I can get the disassembler to correctly handle this dirty/clever addressing trick?

Answer 1

I have the same problem. My decision was to create custom_ana callback and then change every operand address as the following: op.add &= 0xFFFFFF. But it is not so easy. Because you don't have fully recognized "cmd" at this moment, and you must prepare it by your own code.