cy384
Well-known member
For those unfamiliar with them, a-traps are a clever(?) trick used by the classic mac OS: it uses illegal instructions as a system call interface. When an illegal instruction gets hit, a lookup table is examined to figure out what code to run. This enables lots of shenanigans since the lookup table can be patched/modified at runtime.
Anyway, if you try to examine a classic mac application in most disassemblers, they'll freak out because there are illegal instructions everywhere. I (and I suspect some others) wanted to use Ghidra, so I came up with a dumb little hack. Basically, I defined ~800 new kinds of 68000 NOP instructions, one for every a-trap I could find, and stuck them in the appropriate data file for Ghidra. This allows the disassembler to continue when it runs into them and display at least the name of the a-trap.
How to:
Copy the contents of this file into "68000.sinc" right below the line starting with ":nop"
Caveats:
* there are duplicate names for some a-traps, I picked whatever one I liked best
* this doesn't tell Ghidra anything about what they actually do or what the expected parameters are
* definitely a hack, I imagine there's a better way to do it
tagging @cheesestraws and @mdeverhart since they mentioned interest!
Anyway, if you try to examine a classic mac application in most disassemblers, they'll freak out because there are illegal instructions everywhere. I (and I suspect some others) wanted to use Ghidra, so I came up with a dumb little hack. Basically, I defined ~800 new kinds of 68000 NOP instructions, one for every a-trap I could find, and stuck them in the appropriate data file for Ghidra. This allows the disassembler to continue when it runs into them and display at least the name of the a-trap.
How to:
Copy the contents of this file into "68000.sinc" right below the line starting with ":nop"
Caveats:
* there are duplicate names for some a-traps, I picked whatever one I liked best
* this doesn't tell Ghidra anything about what they actually do or what the expected parameters are
* definitely a hack, I imagine there's a better way to do it
tagging @cheesestraws and @mdeverhart since they mentioned interest!