Last active
September 23, 2016 23:57
-
-
Save ashquarky/1c56f020eb28d77f4323d09f34034ef1 to your computer and use it in GitHub Desktop.
Reverse-engineering of the important bits of MasterAgent_ProcessPacket. By important, I mean gdb_query and *nothing else*.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct _globals { | |
| unsigned int isDebuggerPresent; | |
| unsigned short word_100D1378; //referenced in start() | |
| unsigned int dword_100523D8; //referenced in start() | |
| unsigned int tickStorage; //dword_100523D0, also referenced in start() | |
| char* stringStorage; //dword_1004F964 | |
| } | |
| struct _globals globals; | |
| typedef struct _MasterAgent_Packet { | |
| unsigned char command; | |
| //This is different depending on which command you pick | |
| //More REing will be needed | |
| //This is weird; it seems that this is a bunch of chars; | |
| //NOT a char* to somewhere else. | |
| //This is a dynamic length; the code can handle strings of other lengths. | |
| char s, u, p, p, o, r, t, e, d, nullchar; | |
| //TODO: re-check pointers, is there actually a nullchar? | |
| //the real memory location of param1 is dynamic, based on the length of the above string | |
| unsigned char param1; | |
| } MasterAgent_Packet; | |
| void MasterAgent_ProcessPacket(MasterAgent_Packet* packet) { | |
| if (packet->command == 0x71) { | |
| gdb_query(packet); | |
| } | |
| } | |
| void gdb_query(MasterAgent_Packet* packet) { | |
| int ret = __gdb_strncmp(packet->s, "Supported", 9); | |
| if (ret != 0) { | |
| //loc_203D9D4 | |
| /* | |
| Involves "Attached", "1" and writestring | |
| */ | |
| } else { | |
| if (packet->param1 == 0x3A) { | |
| //loc_203D9C8 | |
| /* | |
| Many branches and __gdb_strncmps ensue. | |
| I can take a look if you *really* want... | |
| */ | |
| } else { | |
| //loc_203D80C | |
| globals.isDebuggerPresent = 1; | |
| globals.word_100D1378++; | |
| globals.tickStorage = globals.dword_100523D8 + OSGetSystemTick(); | |
| //sub_2039158 | |
| globals.stringStorage = 0; | |
| //return | |
| writestring("PacketSize="); | |
| char* buf = 0x100D855C; | |
| AFunctionThatIsProbablySnprintf(buf, 0x64, "%x", 0x800); | |
| writestring(buf); | |
| writestring(";qXfer:libraries:read+"); | |
| writestring("COSver="); | |
| AFunctionThatIsProbablySnprintf(buf, 0x64, "%d", 0x5335); | |
| writestring(buf); | |
| SomeSortOfLoggingFunction(0); | |
| } | |
| } | |
| } | |
| //sub_203B6B4 | |
| //this doesn't look quite right | |
| void writestring(char* string) { | |
| if (string[0] == 0) { | |
| globals.stringStorage = globals.stringStorage; //yes, really | |
| return; | |
| } | |
| int val = 0; | |
| int i = 0; | |
| while (globals.stringStorage < 0x7FC) { | |
| char* addr = 0x100D0000 | globals.stringStorage; | |
| globals.stringStorage++; | |
| *(addr + 0x6CF4) = string[i]; | |
| i++; | |
| if (string[i] == 0) { | |
| break; | |
| } | |
| } | |
| //globals.stringStorage is written to memory down here | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment