Skip to content

Scripts to simplify analysis of Atari TOS code with Ghidra (software reverse engineering framework)

Notifications You must be signed in to change notification settings

czietz/ghidraScripts_for_Atari

Repository files navigation

ghidraScripts_for_Atari

Scripts to simplify analysis of Atari TOS code with Ghidra (software reverse engineering framework).

Ghidra is a powerful cross-platform software reverse engineering framework, which also supports the Motorola 68k architecture used in Atari ST/TT/Falcon computers. The scripts in this repository are meant to help with the analysis of Atari software.

Starting with Ghidra

Download it from https://ghidra-sre.org/. This site also has a Getting Started video, an installation guide and a quick reference to show you the first steps with Ghidra. Ghidra: A quick overview for the curious has a nice illustrated tour through some of the features.

Installing and running the scripts

Copy the scripts into a script directory. By default, Ghidra looks into $USER_HOME/ghidra_scripts, i.e., ghidra_scripts in your home directory. (%USERPROFILE% for Windows.) To run a script, open a Code Browser window. (Click the button with the dragon in the Ghidra project manager.) Open the Script Manager (Window -> Script Manager). Right-click on the script and select Run.

Short description of scripts and files

  • ImportAtariPRG.py: Imports a TOS program (PRG, TOS, TTP, APP, ...) into Ghidra. It creates a memory map for TEXT, DATA and BSS sections from the program header. It can also optionally import a symbol table in DRI/GST format, the creation of which is supported by many compilers. (For m68k-atari-mint-gcc use the -Wl,--traditional option to create a suitable symbol table.)
  • ImportAtariTOSROM.py: Imports a TOS ROM image into Ghidra. It automatically determines the correct address range from the header. Optionally, when importing an EmuTOS image, you can load a symbol file created by the map2sym.sh script provided with EmuTOS. In that case public symbols will be named correctly in Ghidra. (Click Cancel if you don't want to load a symbol file.)
  • ImportAOutObject.py: Imports an object (.o) file in the a.out file format, as created by m68k-atari-mint-gcc/m68k-atari-mint-gas. It creates sections for TEXT, DATA, BSS and external symbols and imports the symbols from the symbol table.
  • mintlib.fidbf: A nice feature of Ghidra is Function ID. Quoting the documentation: »Function ID is an analyzer that performs function identification analysis on a program. [...] Function ID is suitable for identifying statically linked libraries [...]. Because of the hashing strategy, functions remain identifiable even if the library is relocated during linking.« This file is a database for MiNTLib as provided by Vincent Rivière's m68k-atari-mint cross-tools. Currently it only contains the standard C library for the 68000 target. mintlib.fidbf needs to be copied to Ghidra/Features/FunctionID/data. When loading a program built using this MiNTLib version, Ghidra can be told via Analysis -> One Shot -> Function ID to identify any standard library functions, greatly simplifying analysis of unknown programs.
  • system_variables.txt: A list of system variables from tos.hyp. To import, use ImportSymbolsScript.py that comes with Ghidra.

Ideas for future development

  • A script to annotate TRAPs (OS calls) according to function number.
  • A script to handle Line A (low level graphic) calls.
  • Adding hardware addresses to system_variables.txt.

About

Scripts to simplify analysis of Atari TOS code with Ghidra (software reverse engineering framework)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages