zerokilo / n64loaderwv Goto Github PK

First of all great plugin, it works like a charm! But I am not sure how to create signatures for the loader, is it possible to use IDA/Yara files from here:
https://assemblergames.com/threads/reverse-engineering-n64-signature-files-for-ida-pro-radare2.70138/

Many thanks

See Yoshi's Story as an example: the header reports 0x80200400 as the ram start in the header, but it is using boot chip CIC-NUS-6106, which means 0x200000 gets subtracted from the header-reported ram address to get the actual ram address of the code: 0x80000400

An example of a python script of mine that checks for the boot chip and does the adjustment based on which one it finds: https://github.com/ethteck/splat/blob/master/util/n64/rominfo.py

Hi,

Thanks for writing this plugin. I'm sure it works great, but I'm having major trouble getting it to recognize N64 ROM files.

I've tried using the latest Ghidra 9.1-BETA_Dev from the official site.

I can get the extension to seemingly install fine, by copying the N64LoaderWV.zip file into C:\ghidra_9.1-BETA_DEV\Extensions\Ghidra, then renaming the start of the file to match the sig of the sample.

That then apparently extracts the extension zip into C:\ghidra_9.1-BETA_DEV\Ghidra\Extensions

(which is quite confusing, btw, but that's a Ghidra folder naming convention.)

I have Mario 64 as SM64.n64 and SM64.z64 in C:\ghidra_projects

The .n64 file is byte-swapped, so says "RAMIO 46" etc. in the cart header. The .z64 is normal endianess, so says "MARIO 64".

But Ghidra still only detects the ROM file(s) as raw binary?

So I then tried downloading the older 9.0.4 commit of your extension, and the older 9.0.4 of Ghidra, deleted the old project, installed the extension, restarted Ghidra, created a new project, and tried doing an Import of SM64 again, but no joy. It's like the extension isn't being run at all?

I'm on Win 10 x64 on an i5. I tried running ghidraRun.bat as Administrator, but nothing seems to help.

This freezes for OoTMQ (Debug Version) Auto Analyzis.

Hi, when trying to load Rayman 2 N64 (.z64 file), I do not see the N64 Loader Format appear, only the raw binary format option. I have restarted Ghidra after ticking the install checkbox. Any idea how to fix this?

I use the latest stable Ghidra version (9.0.4)

If I compiled a rom from source, how can I import debug/symbol information into Ghidra to help with analysis?

I'm trying to get a better idea of how specific code works at the hardware level once compiled.

i made sure to download the latest version and the latest release but this happens

Hi,

I did all of the steps to install the extension on Ghidra and the extension does not show up in the Install Extension window that is under File then Install Extension. I have tried it on Ghdria 9.1.2 and 9.1.0. I even updated my JDK version to 14 but nothing has worked.

So, when I load the rom, the rom main is detected properly, but everything before that function is not even mapped in a memory so ghidra doesn't analyse them. This is bad because even main jumps to somewhere ghidra doesn't recognise as an address and from what someone who know a lot more about the game than me told me, this region in ram skips over important operating system stuff.

So it seems the load address is always the start of memory, but in this case, this would be incorrect as there's memory and code before it.

Is there a way to fix this? I tried on mario party 3 and that one loaded fine, but the load address was very close to 0x80000000 so that is probably why it didn't had the issue.

On arch linux (and any system in which you've installed ghidra with your distro's package manager, likely most of them) it's not obvious what GHIDRA_INSTALL_DIR should be.

This one-liner should provide the correct directory, so long ghidra is in PATH:

GHIDRA_INSTALL_DIR=$(dirname $(readlink -fe $(which ghidra))) gradle

we run which ghidra, then we figure out what that path is a symlink to using readlink -fe, and then we use the return value of that as the environment value, we then run gradle with this env preloaded (we may not want to export it as this could clobber the user's environment).

This extension should be updated for Ghidra 10.x, And I saw the N64 DD registers were absent in this build - they can be found in an older commit. Also, there is a slightly more accurate version of the N64's CPU, noted here: https://github.com/mkst/conker/wiki/Using-Ghidra

I'm not sure the effort involved to release a new version compatible with the latest Ghidra release (10.3). If your time does not allow, I totally understand.