What firmware did you use?
The procedure is the following: name the entry point as "fw_base" and the run smart_disasm(), it will calculate the disasm region bounds and call smart_disasm_region().
Calling smart_disasm_region for a small part of the firmware is a bad idea, as pointers may be very distant from the corresponding functions.
This script is better than the previous because it has a very small amount of false positives. And false positives frequently make IDA disassemble data, not code, and then the disasm looks awful. The old script is especially awful for nuvis 34xx, 24x5 (when the firmware uses Thumb2 instructions).
UPD
Yeah, it does miss functions, can't yet explain why.
I thought that any function is either called indirectly (and then its address is stored as integer), or it's called directly by some function and then we can proceed recursively with the caller. By this reasoning the new script should disassemble all functions.
I'm aware that this reasoning is false sometimes (the italic part), as some functions are first copied to another location and only after they are called, also there is infinite amount of perverted ways to call a function (but only small amount of them is used by the compiler). But I'm hoping that it's false for not too many functions.
So, in conclusion, the new script is better because the disasm is clearer (no images/other data is disassembled!), while almost all usable functions are found.
22nd November 2012, 04:17 PM
haute
ok, I'm testing with etrex20/30 firmware.
fw_all.bin load the file in IDA Pro, rom in 0x80100000.
The problem is not you designate the entry point in the round.
I do not see the command to set it, if I see the command to see the entry point.
22nd November 2012, 04:34 PM
kunix
If you loaded fw_all.bin with garmin-ida-loader then everything is set up automatically, you can call smart_disasm().
"entry point" is just the first command of the firmware (I meant to say this), it is named "fw_base" by garmin-ida-loader. Press "n" if you want to set/change the name.
22nd November 2012, 05:06 PM
haute
Hi, ah ... thought there was no need to use the (IDA Pro loader)
now I understand.
The script checks that some functions (IDA Pro loader), misunderstood.
These are the ones found in my case.
Code:
smart_disasm(): started; fw_base = 80100000
smart_disasm_region(80100000,80926E00)
80323D40 - ARM function detected
80323D40 - ARM function detected
80323E24 - ARM function detected
80323E24 - ARM function detected
80222B38 - ARM function detected
80223C60 - ARM function detected
8021D89C - ARM function detected
80222CF4 - ARM function detected
8021EC0C - ARM function detected
80221AB0 - ARM function detected
80220BEC - ARM function detected
8021DFF8 - ARM function detected
8021DE08 - ARM function detected
8021DBCC - ARM function detected
8021E3D4 - ARM function detected
8021E7C0 - ARM function detected
8021F248 - ARM function detected
8021F7B0 - ARM function detected
8021FE9C - ARM function detected
802204D0 - ARM function detected
802213BC - ARM function detected
80221F68 - ARM function detected
802223B0 - ARM function detected
802226C8 - ARM function detected
80222980 - ARM function detected
802232D4 - ARM function detected
80223884 - ARM function detected
80223F8C - ARM function detected
8022434C - ARM function detected
80224504 - ARM function detected
8021C9D4 - ARM function detected
8021D370 - ARM function detected
8021CFE0 - ARM function detected
803549C0 - ARM function detected
80354B30 - ARM function detected
80354B30 - ARM function detected
80353B34 - ARM function detected
80353AB4 - ARM function detected
80353BA4 - ARM function detected
80353C90 - ARM function detected
80353C2C - ARM function detected
80353D30 - ARM function detected
80353B34 - ARM function detected
80353AB4 - ARM function detected
80315D44 - ARM function detected
80353B34 - ARM function detected
80353AB4 - ARM function detected
80316070 - ARM function detected
80354444 - ARM function detected
80353F88 - ARM function detected
80354A98 - ARM function detected
80354A0C - ARM function detected
22nd November 2012, 07:12 PM
kunix
It's just functions which have pointers. There could be much more functions which are called by them. I tested the script on 37xx/24x5 firmwares and the result is satisfying, at least for my purposes. No scary megabyte-long lines of "disassembled" data which make no sense.
5th March 2013, 03:24 PM
haute
Hello let the latest firmware version 2.90, the Etrex 20to30 + JNX
To run a Etrex20 menu with some functions and a Etrex 30.
Test it, plz...
pelsta of spanish forum test it:
Code:
Everything is ok
After updating all the settings, tracks, maps, waypoints etc are preserved.
I use the following functions of eTrex30 in eTrex20:
1. Page "Elevation Plot"
2. Elevation Plot on the map
3. Reseting fields "Total Ascent" and "Total Descent"
Full satisfaction.
25th September 2013, 01:24 PM
haute
1 Attachment(s)
Hello let the latest firmware version 3.20, the Etrex 20to30 + JNX
To run a Etrex20 menu with some functions and a Etrex 30.
Test it, plz...
29th September 2013, 07:11 PM
Schermann
I'm interested in getting the altitude dashboard happening in the Etrex 20. Does you software provide this?
8th October 2013, 06:06 PM
netman220
Hi.
Firmware v3.20 working fine. Just to say that to use the compass is necessary in settings to disable the magnetic compass.
Тhank you, haute!
Regards: Alexander
20th October 2013, 02:32 PM
Schermann
Firmware version 3.30 is out.
Hoping you can mod this one without too much trouble as this one seems to have fixed the slow stop issue.