ESP8266 Community Forum

- Tue Oct 07, 2014 6:28 am #1369 i'm not sure if they implemented on lx106, haven't found any wsr.epc in rom nor other disasembly (xt-objdump) of ESP8266 or ESP8089 apps/roms, as well nothing found when searching for bin patterns.

EDIT: hmm, i found some other errors, fixed until now 'addmi' and 'movi' size. Checking other right now.

I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.

- Tue Oct 07, 2014 2:09 pm #1386 Attached updated version of the xtensa.py for IDA.

Changes:
# v0.1
# bug fix for 'l8ui','l16si','l16ui','l32i','s8i','s16i' and 's32i' size and shift
# bug fix for 'rsr.epc2','rsr.epc3' detection
# 'ill' added, normally one can work without
# 'rsr.epc4','rsr.epc5','rsr.epc6','rsr.epc7' added
#
# v0.2
# bug fix for 'addmi' size
# bug fix for 'movi' size
# bug fix for 'l32r' with offset >= 0
# in 'call0' the CF_CALL param commented out to fix the "; End of function" bug.

i don't like as well how e.g. movi or addi with value > 127 will get displayed, they looks bit wired in compare to xt-objdump.
E.g. addi a1, a1, 0xC0 but in objdump addi a1, a1, -64.
So one have to know it, better would be maybe to change that plugin to do 'ret.value = 0x80 - ret.value', anyway.

I haven't found any other bugs, will not check it anymore as i'm happy with the result (for now).

EDIT: attachment removed, see https://github.com/themadinventor/ida-xtensa

Last edited by tinhead on Mon Oct 13, 2014 12:14 pm, edited 2 times in total.

I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.

- Tue Oct 07, 2014 11:24 pm #1406 Wow, so much effort was put in this disassembler. Tip of hat.
FYI, there's a C library ("libisa") that can decode all instructions for this or any Xtensa core. Not sure how to invoke that from python though...
For example, if you build GDB for Xtensa you'll notice it's able to disassemble everything. It does this using bfd/xtensa-isa.c (part of GDB sources) and xtensa-modules.c (which you get from the overlay tarball that describes the particular Xtensa processor). The GDB's include/xtensa-isa.h describes the API that can be used to encode or decode any instruction. And opcodes/xtensa-dis.c does the actual disassembly (not very big). I suppose you can use it to compare.

- Thu Oct 09, 2014 4:49 pm #1490 Could someone with IDA please post the ROM disassembly between 0x40003924 and 0x40003a14?
I tried to use objdump -D (as in xtensa-lx106-elf-objdump -D --adjust-vma=0x40000000 -b binary -mxtensa 0x4000000-0x4011000.bin) but it produces strange results.

edit: never mind, found http://df.lth.se/~kongo/esp8266.bin/iram0.txt in another topic.