Advantage(s): Syscalls are functions (so xrefs work), nicer handling of thunks
Disadvantage(s): Stack-based syscall arguments are ugly
-
Make a dump using one of the dumpers corresponding to your compiler.
-
Install the
M68kMacLanguageGhidra extension provided in this repo.- Build the extension with
build.shin the extension directory. - In the main Ghidra Project window (NOT CodeBrowser), go to: File > Configure > Install Extensions...
- Check the box next to 'M68kMacLanguage' and click OK.
- Restart Ghidra.
Alternatively, you can use
quickInstall.shfor a more development-friendly install. - Build the extension with
-
Open the dump as processor
68000, variantMac, and the compiler of your choice. -
Run the
RunAllM68kMacAnalysis.javascript (or its constituents).
The dumpers are conceptually very simple - they first create a low-memory region for Mac OS globals, then construct an A5 world (and jump table within it), then relocate and append the CODE resources sequentially:
0x00000000 ┌─────────────────────────────────────┐
│ LOW-MEMORY SYSTEM GLOBALS │
│ - Magic bytes at address 0 │
│ - M68k exception vectors (0x0-0x3FF)
│ - Mac OS system globals: │
│ • Ticks (0x016A) │
│ • CurrentA5 (0x0904) │
│ • ApplLimit (0x0130) │
│ • QuickDraw globals (0x800+) │
│ • Other system variables │
├─────────────────────────────────────┤
│ PADDING │
│ (Align A5 world at 0x10000) │
0x00010000 ├═════════════════════════════════════┤ ◄── System RAM ends (64 KB total)
│ │
│ BELOW A5 DATA │ below_a5_size bytes
│ (Application Globals) │
│ - DATA 0 resource │
│ - Zero-init data (ZERO) │
│ - Relocations applied │
│ │
A5 ═══╪═════════════════════════════════════╪═══ ◄── A5 Register
│ │ points here
│ ABOVE A5 DATA │ above_a5_size bytes
│ (Jump Table) │
│ - Entry 0: jmp CODE_1_func_0 │
│ - Entry 1: jmp CODE_1_func_1 │
│ - Entry 2: jmp CODE_2_func_0 │
│ - ... │
│ All entries now LOADED: │
│ 0x4EF9 <absolute_address> │
│ │
├─────────────────────────────────────┤
│ CODE SEGMENT 1 │ CODE 1 size
│ (Main segment) │
│ - Relocated code │
│ - Function entry points │
├─────────────────────────────────────┤
│ CODE SEGMENT 2 │ CODE 2 size
│ (Additional code) │
│ - Relocated code │
├─────────────────────────────────────┤
│ CODE SEGMENT 3 │ CODE 3 size
│ (Additional code) │
├─────────────────────────────────────┤
│ ... │
│ (More CODE segments) │
└─────────────────────────────────────┘
- RetroGhidra has a resource fork loader, but it does not construct the A5 world at all. This is a deal-breaker for code that relies heavily on global data.
- Finish creating properly typed functions for
_FP68Kroutines - Create properly typed functions for
_*Dispatch,_Pack*routines - Finish all syscalls
- Direct loader for Ghidra from binhex/derez