Author Topic: Source code/disasm of Sierra drivers (using Ghidra?)  (Read 507 times)

0 Members and 1 Guest are viewing this topic.

Offline ZvikaZ

Source code/disasm of Sierra drivers (using Ghidra?)
« on: May 19, 2020, 04:03:26 AM »
Hi.

I'd like to check something in Sierra's original adl.drv (for qfg1 ega, if that matters)
Is there source code of it, or of any other Sierra's drivers? I haven't found in https://github.com/OmerMor/SCI16/tree/master/INTERP
Or maybe someone has good disassemblies?

And anyway, how can I disassemble it myself?
(I have never done reverse engineering, but I'm a quick learner ;-) )
I've downloaded Ghidra. Is it a good tool for this?
Just opened the driver in Ghidra, selected the language as "x86/Real Mode/16 bit/LE" (is it??), and it doesn't look very nice  :-\
Does it need some more information/configuration?
« Last Edit: May 19, 2020, 04:06:12 AM by ZvikaZ »



Offline lskovlun

Re: Source code/disasm of Sierra drivers (using Ghidra?)
« Reply #1 on: May 19, 2020, 04:54:36 AM »
The Sierra drivers start with a jump instruction to the entry point followed by a bunch of data. The actual code is near the end of the file.

I haven't tried Ghidra, so I don't know if it needs to be configured in any way to handle these files. Sounds like it's interpreting the data area as code?
« Last Edit: May 19, 2020, 04:56:10 AM by lskovlun »

Offline OmerMor

Re: Source code/disasm of Sierra drivers (using Ghidra?)
« Reply #2 on: May 19, 2020, 05:08:00 AM »
Take a look at Ravi's research on SCI drivers: http://sci.sierrahelp.com/Tools/RavisSoundDrivers.html
You can also try contacting NewRisingSun who I believe have experience reverse engineering the drivers.

Offline ZvikaZ

Re: Source code/disasm of Sierra drivers (using Ghidra?)
« Reply #3 on: May 19, 2020, 05:24:33 AM »
Thanks you both!
With your tips, it started to make sense...

@OmerMor - using Ravi's 'Framework Driver' is a very good reference - disassembling his driver with one hand, and reading his commented source assembly on the other hand...

@lskovlun - you were right - Ghidra was a little bit confused - it somehow thought it's all data. I just had to right click on the first 'data', and choose 'Disassemble', and it started working.

Offline Kawa



SMF 2.0.14 | SMF © 2017, Simple Machines
Simple Audio Video Embedder

Page created in 0.117 seconds with 25 queries.