mirror of
https://github.com/alfishe/amiga-bootcamp.git
synced 2026-06-12 16:16:28 +00:00
f8f8d1c834
- New: 11_libraries/ahi_programming.md — AHI retargetable audio API - New: 13_toolchain/cross_compilation_guide.md — cross-compiling for Amiga - New: 08_graphics/rtg_programming.md — RTG Picasso96/CyberGraphX programming - New: 17_demoscene/ — full demoscene techniques section: - copper_effects.md (6 techniques, 10 Pouet screenshots, antipatterns) - sprite_techniques.md (5 techniques, antipatterns) - pixel_tricks.md (5 techniques, antipatterns) - 3d_rendering.md (fixed-point math, 4 techniques, antipatterns) - timing_optimization.md (7 techniques, instruction timing tables) - README.md (section index with Mermaid diagrams) - images/ (10 authentic Amiga screenshots from Pouet.net) - New: 05_reversing/games/ (4 copper-analysis screenshots) - Updated: README index, TODO status (30/30 complete) - Added external references: Pouet/Demozoo links, Scoopex YouTube tutorial series, Amiga Graphics Archive, coppershade.org |
||
|---|---|---|
| .. | ||
| case_studies | ||
| dynamic | ||
| games | ||
| scripts | ||
| static | ||
| anti_debugging.md | ||
| compiler_fingerprints.md | ||
| custom_loaders_and_drm.md | ||
| ghidra_setup.md | ||
| ida_setup.md | ||
| methodology.md | ||
| patching_techniques.md | ||
| README.md | ||
| unpacking_and_decrunching.md | ||
Reverse Engineering AmigaOS Binaries
Overview
This section provides a systematic methodology for reverse engineering AmigaOS executables and shared libraries using IDA Pro (or Ghidra with the Amiga plugin), with focus on:
- Reconstructing the library JMP table
- Identifying compiler-specific code patterns
- Understanding the exec/dos calling convention at the assembly level
- Tracing library patches (SetFunction)
- Case studies from real Amiga software
Contents
| File | Topic |
|---|---|
| methodology.md | Step-by-step RE workflow for Amiga HUNK binaries |
| ida_setup.md | IDA Pro configuration for 68k/Amiga analysis |
| ghidra_setup.md | Ghidra configuration for 68k/Amiga analysis & decompilation |
| compiler_fingerprints.md | Compiler identification by code patterns |
| static/library_jmp_table.md | Reconstructing unknown library JMP tables and LVOs |
| static/code_vs_data_disambiguation.md | Distinguishing code bytes from data — IDA/Ghidra workflows |
| patching_techniques.md | Surgical binary patching methods |
| unpacking_and_decrunching.md | Executable unpacking, decruncher architecture, and manual extraction |
| custom_loaders_and_drm.md | Custom bootblocks, trackloader architecture (raw MFM/Paula DMA), 6 DRM systems (Copylock, Psygnosis, EA, Gremlin), bootblock checksum, 5 antipatterns, trackloader identification cookbook, cracking scene history, modern analogies, 7 FAQ |
| anti_debugging.md | The Cracker vs. Developer arms race: Trace vector abuse, NMI defeat, CIA timers |
| games/whdload_architecture.md | WHDLoad internals, slaves, resload_DiskLoad, and runtime memory patching |
| case_studies/ | Real-world RE walkthroughs |
| case_studies/ramdrive_device.md | ramdrive.device RE walkthrough |
Game Reverse Engineering
| File | Topic |
|---|---|
| games/game_reversing.md | Game RE: disassembly, modification, asset extraction, save game analysis |
Per-Compiler Reverse Engineering — Binary Field Manuals
| File | Topic |
|---|---|
| static/compilers/README.md | Compiler identification flowchart and comparison matrix |
| static/compilers/sasc.md | SAS/C 5.x/6.x — LINK A5 + 9-reg save, absolute strings, _LibBase globals |
| static/compilers/gcc.md | GCC 2.95.x — .text hunk, A6 frame pointer, PC-relative strings, __CTOR_LIST__ |
| static/compilers/vbcc.md | VBCC — No frame pointer, per-function saves, __reg(), __MERGED hunks |
| static/compilers/stormc.md | StormC / StormC++ — SAS/C-compatible C, unique C++ ABI, PPC support |
| static/compilers/aztec_c.md | Manx Aztec C — D3-D7 save only (5 regs), D2 scratch, pre-1990 era |
| static/compilers/lattice_c.md | Lattice C 3.x/4.x — SAS/C predecessor, simpler optimizer, 6-reg save |
| static/compilers/dice_c.md | DICE C — No frame pointer, _mainCRTStartup, fast compile speed |
Language-Specific Reverse Engineering
| File | Topic |
|---|---|
| static/asm68k_binaries.md | Hand-written assembly reverse engineering — demos, games, bootblocks |
| static/ansi_c_reversing.md | ANSI C reverse engineering — struct recovery, control flow, library anchoring |
| static/cpp_vtables_reversing.md | C++ OOP reverse engineering — vtables, inheritance, RTTI, name mangling |
| static/other_languages.md | Non-C languages — AMOS, Blitz Basic, Amiga E, Modula-2, FORTH, ARexx |
Core Principles
- Know the ABI first — All library calls are
JSR LVO(A6). Before reversing any function, identify which library A6 holds using thelib_Node.ln_Namestring atbase+$00. - Use .fd files — The NDK39
.fdfiles give you every function name and parameter mapping for free. - Relocations are your friend — HUNK_RELOC32 entries tell you exactly which longwords are inter-hunk references, making it easy to distinguish code from data.
- Compiler signatures reduce work — SAS/C vs GCC produces distinct prologues. Identifying the compiler narrows the pattern space dramatically.
Tool Setup
| Tool | Purpose |
|---|---|
| IDA Pro 7.x | Primary static disassembler (no native M68k decompilation) |
| IDA Amiga plugin | HUNK loader, HUNK_SYMBOL import |
| Ghidra + ghidra-amiga | Powerful disassembler and C-pseudocode decompiler for M68k |
hunkinfo |
Quick hunk/symbol/reloc dump |
| wack / MonAm | On-device debugger |
References
- NDK39:
fd/,include/ - ADCD 2.1: complete library autodocs
- Amiga ROM Kernel Reference Manual: Libraries and Devices