I'm trying to reverse engineer an old embedded system that has a NEC v40 on it, which is very similar to an 80186 (more like 80188) I guess. As a member of the x86 family, it has a separate I/O memory space, and "memory" memory space.
By reverse engineering the schematic, I've ascertained that certain addresses in that memory space correspond to certain functions. Even further, I know what each bit at those addresses does.
Example:
| address | direction | name | bit7 | bit6 | bit5 | ... | bit 0 |
|---|---|---|---|---|---|---|---|
| 0xc | write | Control register 1 | Watchdog reset bit | power LED | standby LED |
Bear in mind that due to the nature of old x86s and how they do output (heavily multiplexed), the same address in the I/O space can mean one thing for writes, and an entirely different thing for reads.
Anyway, I have all these things already, and now during analysis, when I see either something like:
out(0xc, 0xa0)
in the disassembly, or the equivalent assembly, I want the address to be replaced with a symbolic one, and the value to be equals'd into something sensible, like:
out(o__control_register_1, o__control_register_1__watchdog_reset | o__control_register_1__standby_led)
Is there a builtin way to do this in Ghidra? If not, I may try and script it with Python to generate such annotations. In that case, is there a more appropriate thing I can annotate than just inserting comments? Like some var thing or something? Setting up equals?
Maybe there's like a plugin or script that does it?
Same question for radare2, I'm at the beginning of this project and may as well switch to r2 if handles things like this better, as it has the Ghidra decompiler as well.
