I've bought a pda with arm processor.
Should i see more

I know ida can disassemble but know i've to learn those arm mnemonics ???
(i doesn't see jumps or calls,sjit!)
So i am looking the best way to reverse the progs of this machine...
Debugging on my xp machine is possible ???
Somebody here who did it earlier?
Yep i read the forum-threads about wince but i need to know whats to best way to start and using what tools.

SpeKK.

Try http://Ka0s.net and the links in there.
They have lists of ARM opcodes, links and tuts for debuggers etc.

In IDA, you can go to Options -> General -> Disassembly tab, and check Auto comments. This may give you enough info on the mnemonics to do your task.

Thanks for the link and yes that auto comments in ida is very usefull!
Now looking futher how to debug.

Thanks again,

Spekk

Hajo,

Trying to debug a pocketpc prog. i followed a tut by hexc ( www.woodmann.com/fravia/hexc_evtdebug.htm ) after installing ms embedded c++ 4.0 i copied the file target file from pocket to my desktop pc> then went to settings and gave in debug tab the download directory from the target of the pocketpc.Then when start to debug all went fine till it tries to copy the file from my desktop comp. :errorownloading failed while copying the file from my hd... .
Anyone knows what i am doing wrong ??

Thanks,

Spekk

just yesterday we released an first tut on wince patching, http://tutorials.accessroot.com/ might help you.

Thanks Shub,

Verry good tutorial (there are so few ).
It seems i had the wrong version or missed some sdk?????
I installed 3.0 and all goes fine.
Back to "Hello world" ans study your tut!

Spekk.

That is a very nice and thorough tutorial indeed Shub.
I have one comment (irrelavant to the contents of the tut, just a curosity)

When you state that ARM asm does not have an op code equivalent to the x86 'nop': 0x90, so we have to implement an operation that does nothing, like (MOV R1, R1).

Actually, that is exactly what x86 assembler does: the true meaining of the instruction coded by 0x90 is 'xchg ax,ax', while 0x91 codes for 'xchg ax,cx'. of course everybody uses the most popular opcode synonym : nop

Well, in x86 architectures the NOP is one of the documented official instructions which the CPU uses and for which there's an opcode. How that is implemented by the cpu is another matter..

this is what the intel instruction reference document tells..



ARM doesn't even have this..

Shub-nigurrath,
naides is pointing out a (nice) outcome from opcodes decoding.

If you look at the opcode for XCHG Reg, EAX, the manual says it is implemented with one-byte opcode: 90+Reg,
where Reg (according to one of the initial tables of the manual) can assume the values


So 90 (90+0) can be indifferently decoded as NOP, or also as XCHG EAX,EAX (in 16 bit mode XCHG AX,AX).

Best regards, bilbo

humm, interesting, indeed, nice being this the situation so the observation is correct..ARM doesn't have an "official" way to implement the NOP (this is directly "suggested" by intel), you have to think one, given the NOP concept as one operation doing nothing, modifying only the EIP.

..fine.