21751c0025
Comprehensive technical documentation covering: - Hardware: OCS/ECS/AGA custom chip registers, Copper & Blitter deep dives - Boot sequence: cold boot through startup-sequence - Binary format: HUNK executable spec, relocation, debug info - Linking & ABI: .fd files, LVO tables, register calling conventions - Exec kernel: tasks, interrupts, memory, signals, semaphores - AmigaDOS: file I/O, FFS/OFS layout, CLI/Shell scripting - Graphics: planar bitmaps, Copper programming, HAM/EHB modes - Intuition: screens, windows, IDCMP, BOOPSI - Devices: trackdisk, SCSI, serial, timer, audio, keyboard - Libraries: utility, expansion, IFFParse, locale, ARexx - Networking: bsdsocket API, SANA-II, TCP/IP stack comparison - Toolchain: GCC, vasm/vlink, SAS/C, NDK, debugging - Reverse engineering: IDA/Ghidra setup, compiler fingerprints, case studies - CPU & MMU: 68040/060 emulation libs, PMMU, cache management - Driver development: SANA-II, Picasso96/RTG, AHI audio All files include breadcrumb navigation. No local paths or proprietary content.
3.4 KiB
String Cross-Reference Analysis
Overview
String references are the fastest entry point into a disassembled Amiga binary. Library name strings, error messages, and format strings immediately reveal program intent and identify OS API usage patterns.
Finding Library Name Strings
Every OpenLibrary call is preceded by a string reference. Search for ".library":
# Host: grep for library name strings in binary
strings mybinary | grep -i library
# → "dos.library", "graphics.library", "intuition.library", ...
In IDA:
View → Open Subviews → Strings(Shift+F12)- Search for
.library - Press
Xon any result to see all cross-references - Each xref leads to a
LEA str(PC), A1orMOVE.L #str, A1before aJSR -552(A6)(OpenLibrary)
Tracing OpenLibrary Calls to Their Targets
; Pattern to find:
LEA (_str_dos).L, A1 ; "dos.library"
MOVEQ #36, D0 ; min version
MOVEA.L 4.W, A6 ; exec.library
JSR (-552,A6) ; OpenLibrary → D0 = DOSBase
MOVE.L D0, (_DOSBase).L ; store for later use
Xref _str_dos → find this block → identify the stored library base variable → label it _DOSBase.
Using HUNK_SYMBOL Names as Seed Labels
If HUNK_SYMBOL is present (debug build), IDA auto-applies names. These seed labels help bootstrap analysis:
View → Open Subviews → Names→ look for any_prefixed symbols- Named functions often call unnamed helpers nearby — work outward
- String xrefs from named functions propagate names further
Error Message Strings
Error/diagnostic strings reveal program flow:
; Common pattern:
LEA _err_nolib(PC), A0 ; "Can't open dos.library"
MOVEA.L _DOSBase, A6
JSR (-60,A6) ; Output() → D0 = stdout
MOVE.L D0, D1
LEA _err_nolib(PC), A2
MOVE.L A2, D2
MOVEQ #_err_nolib_end - _err_nolib, D3
JSR (-48,A6) ; Write(stdout, msg, len)
The error string tells you exactly what this code path handles.
Format String Xref Analysis (printf)
SAS/C printf style calls via dos.library VPrintf:
MOVEA.L _DOSBase, A6
LEA _fmt_str(PC), A0 ; "Error: %ld\n"
MOVE.L A0, D1
MOVE.L A1, D2 ; varargs array
JSR (-954,A6) ; VPrintf()
Format strings like "Error: %ld\n" or "Processing: %s" reveal parameter types and function purpose.
Workbench Title Strings
; Typical NewScreen/OpenScreen call sequence:
LEA _screen_title(PC), A0 ; "MyApp v1.0"
MOVE.L A0, (NewScreen+ns_Title)
Screen/window title strings appear in intuition.library OpenScreen / OpenWindow calls and give the product name.
Automated String Map
Build a complete string inventory:
# IDA script: map all string xrefs
for s in idautils.Strings():
text = str(idc.get_strlit_contents(s.ea, s.length, s.strtype))
refs = list(idautils.XrefsTo(s.ea))
if refs:
for ref in refs:
func = idc.get_func_name(ref.frm)
print(f"{s.ea:#x} [{text!r:40s}] ← {func or 'unknown'} @ {ref.frm:#x}")
References
- IDA Pro: Strings subview (Shift+F12), Xrefs (X key)
static/api_call_identification.md— resolving library base from string xrefs- NDK39:
dos/dos.h—VPrintf,FPrintf, error code strings