68kMLA Classic Interface
This is a version of the 68kMLA forums for viewing on your favorite old mac. Visitors on modern platforms may prefer the main site.
| Click here to select a new forum. | |
| A-Traps in Ghidra | |
| Posted by: cy384 on 2022-12-05 17:59:14 For those unfamiliar with them, a-traps are a clever(?) trick used by the classic mac OS: it uses illegal instructions as a system call interface. When an illegal instruction gets hit, a lookup table is examined to figure out what code to run. This enables lots of shenanigans since the lookup table can be patched/modified at runtime. Anyway, if you try to examine a classic mac application in most disassemblers, they'll freak out because there are illegal instructions everywhere. I (and I suspect some others) wanted to use Ghidra, so I came up with a dumb little hack. Basically, I defined ~800 new kinds of 68000 NOP instructions, one for every a-trap I could find, and stuck them in the appropriate data file for Ghidra. This allows the disassembler to continue when it runs into them and display at least the name of the a-trap.  How to: Copy the contents of this file into "68000.sinc" right below the line starting with ":nop" Caveats: * there are duplicate names for some a-traps, I picked whatever one I liked best * this doesn't tell Ghidra anything about what they actually do or what the expected parameters are * definitely a hack, I imagine there's a better way to do it tagging @cheesestraws and @mdeverhart since they mentioned interest! | |
| Posted by: mdeverhart on 2022-12-05 18:45:28 @cy384 Outstanding, thank you! | |
| Posted by: cheesestraws on 2022-12-06 01:32:43 Thankyou! | |
| Posted by: olePigeon on 2022-12-06 12:59:29 Not to be confused with "a trap" used in Godzilla vs. Ghidra. 🤡 | |
| Posted by: Melkhior on 2022-12-07 06:28:25 Would someone have some tutorial on how to disassemble Mac code resources using Ghidra? There's some acceleration drivers I'd like to examine, but I'm not 68k-fluent enough to make heads or tails from Resorcerer's disassembly. The snippet of regenerated C code posted by @cheesestraws in the VNC-on-AU/X thread seems a lot more readable to me. | |
Posted by: Crutch on 2022-12-07 06:51:04Not to be confused with "a trap" used in Godzilla vs. Ghidra. 🤡I always enjoyed this classic meme about MacOS assembly. (That IS what it’s about … right??)  | |
Posted by: cheesestraws on 2022-12-07 07:56:12Would someone have some tutorial on how to disassemble Mac code resources using Ghidra? There's some acceleration drivers I'd like to examine, but I'm not 68k-fluent enough to make heads or tails from Resorcerer's disassembly. The snippet of regenerated C code posted by @cheesestraws in the VNC-on-AU/X thread seems a lot more readable to me. I have had some luck using https://github.com/Hopper262/classic-mac-utils to get the code resources out of the resource fork to start with, then loading them into Ghidra just as raw binaries. You'll need to set the header up manually, but after that it's usually OK IME? The big annoyance is that Ghidra doesn't support debugging symbols in the style that's usually used in code resources, so you need to go and manually rename everything (unless someone has a better trick for this) | |
| Posted by: Melkhior on 2022-12-07 09:27:43 @cheesestraws Thanks, that's the kind of tools I needed. Acceleration cdev / init usually 'hide' the code in custom resources with weird headers (for dispatch?), but worst-case scenario they can be renamed to 'code' and post-processed to get something usable. Now to find the time for that and the other billions things I'd like to do... | |
Posted by: cheesestraws on 2022-12-07 10:26:33custom resources with weird headers There's actually a standard for these headers that Apple recommended people writing code resources follow. So you may well get lucky and find these are all variations on a theme. I can't remember where the theme is documented, though. | |
| Posted by: Scott Squires on 2022-12-10 15:39:32 I have used this code for resolving A traps in Ghidra: GitHub - ubuntor/m68k_mac_reversing_tools: Binary Ninja and Ghidra tools for reversing M68k Mac binariesBinary Ninja and Ghidra tools for reversing M68k Mac binaries - GitHub - ubuntor/m68k_mac_reversing_tools: Binary Ninja and Ghidra tools for reversing M68k Mac binaries
github.com
| |
| Posted by: robin-fo on 2023-11-07 02:47:52 Sorry for hijacking this thread, but does anybody have experience/tips about disassembling Extensions or other Code Resources? | |
| Posted by: twelvetone12 on 2023-11-16 00:50:52 Upping this, I too would be interested on how to disassemble code resouces! | |
Posted by: Snial on 2023-11-16 02:00:18Upping this, I too would be interested on how to disassemble code resouces!There used to be a plug-in for ResEdit 2.1.3 which did that. | |
Posted by: robin-fo on 2023-11-16 02:57:48disassemblingSorry I meant decompiling 😉 | |
| Posted by: twelvetone12 on 2023-11-16 03:18:14 Yes yes I mean the same, I can already explore the disassembled code with Resourcer. | |
| Posted by: hippietrail on 2024-11-01 02:36:25 In case anyone here is still interested in using Ghidra with Classic Mac software, I've got a project on GitHub called "RetroGhidra" which has a basic loader for Classic Mac files. Ghidra doesn't know about resource forks though so if you're using it on a Mac you have to manually add `..namedfork/rsrc` to the filename to load it. I've also been working on ways to handle A-line and F-line traps. It turns out that different Motorola 680x0-based platforms use them in different ways. GitHub - hippietrail/RetroGhidra: Ghidra Loaders and FileSystems for retrocomputing platformsGhidra Loaders and FileSystems for retrocomputing platforms - hippietrail/RetroGhidra
github.com
M68000: implement lineA/lineF opcodes · Issue #487 · NationalSecurityAgency/ghidraSega Mega Drive has special handlers for opcodes that started with 0xF/0xA nibbles. In these cases Sega calls vectors places at 0x0B(LineF) and at 0x0A(LineA) positions in vectors table. As minimum...
github.com
M68k a line trap support for at least Classic Mac, Apple Lisa, and Sharp X68000 by hippietrail · Pull Request #7126 · NationalSecurityAgency/ghidraHere's my work so far on #487 to get so-called "A-line traps" working with the disassembler for Motorola 68000. This is an early draft for discussion, not intended to be merged yet. ...
github.com
| |
| 1 |