0

I have a freescale mpc565 powerpc, I have a copy of the raw firmware I have read from the device and I have decompiled it within Ida pro.

Is it now possible to debug the assembly using trace32 and a bdm without the original elf file and none of the symbol information?

I would like to step through the assembly and view the ram contents.

I could possibly use the trace32 api to write something that will achieve this however I don't know hurdles I will need to jump due to not having the original source of symbol tables.

Any help much appreciated.

rollsch
  • 2,518
  • 4
  • 39
  • 65

1 Answers1

2

Stepping through the assembly and debugging the assembler code (so setting breakpoints etc) is no problem.

But: without the symbol information/original elf file, you are limited to only assembly. Meaning: If you for example try "Break.Set main" (so set a breakpoint onto the entry of the main function), this will not work, because the debugger does not know what address the "main" function has.

The debugger will report "symbol not found" in this example (because it does not know anything about the "main" function).

Additionally the debugger will not be able to display the source code matching to a bunch of assembler instructions.

I hope this helps.

Ingo Blackman
  • 991
  • 8
  • 13
  • Good answer. I'd like to add, that you don't need to use the TRACE32 API. TRACE32 comes with it's own disassembler, so all you need is to ensure that the raw application code is in the RAM of your target. – Holger Sep 27 '16 at 08:55
  • Thanks. So can I debug via IDAPro using a BDM easily? I'm not sure how I could load the assembly into trace32 as all I have is a raw ROM dump. Any guides you are aware of? Doesn't have to be the same architecture. Aware there will be no source code, I just want to debug the ASM instructions directly. – rollsch Oct 03 '16 at 02:59
  • Ok I have checked what IDAPro is: As far as using a disassembler, TRACE32 already contains one. I think what you really want is using TRACE32 as BDM backend. As far as I can tell the only option to connect IDAPro with TRACE32 is via GDB protocol. This might work, but I do not know if that's supported for mpc565 (parts of the GDB protocol are completely architecture specific...) I have to check. – Ingo Blackman Oct 05 '16 at 17:19
  • Ok thanks for your help, I'll see if the trace32 disassembler works with raw firmware. I suspect I may run into problems without an elf or linker file. Using GDB might be the best as all I really care about is telling it which address to break on then reading the RAM at that point in time. I could do this via a console and then run IDA in another window perhaps. I'll post up how I go when I try this (perhaps a few weeks away) – rollsch Oct 07 '16 at 04:12
  • If you really only need a disassembler then for sure this will work without an ELF or Linker File. In TRACE32 just use "Data.List
    " to view the disassembly. Regarding Breakpoint: You mention that you want to debug firmware; in that case I guess Software breakpoints (so replacing an instruction) might be problematic, because the firmware might be located in FLASH, which is not easy to write. Try "Break.Set
    /Onchip" to use CPU onchip breakpoints instead of SW breakpoints.
     – Ingo Blackman Oct 07 '16 at 12:24