Things are quite easy with the Symbian TRK! Today I decided to write a small program to interact with it and everything worked extremely smoothly. My driver program can download a SIS file to the phone, automatically install and run it. It reacts to debugging events and gracefully closes the connection when the application terminates. Below are just a few pictures for the curious.

Here's the applications folder of the phone:

The TRK comes with the Pro version of the Carbide development environment. HelloWorld is just a sample application (maybe I spent more time on it than on the driver). The TRK kernel can connect to the main computer over USB or Bluetooth. Since my computer does not have a Bluetooth connection, I use a USB cable. The port number and baud rate seem to be irrelevant but they are displayed anyway:

At the main computer the connection is visible as a serial (COM) port. Connecting to the phone and sending bytes forth and back is quite easy: just open the serial port with CreateFile and use regular read/write system functions. Currently the driver is just a text-mode program and prints the communication packets on the screen:

Finally, here's the helloworld application. It has been installed and ran by the driver program:

There is still a lot to do, but the foundation already exists. All this stuff is quite stable (IMHO much stabler than WinCE, probably because of a better memory protection).

We will have to modify the debugger in IDA to be able to work with TRK. IDA expects the application memory and registers to be available at all times but Symbian TRK is irresponsive while the application is running. Many other debugger servers behave the same way, so it is a good idea to support this mode.

If things go as well as today, we will have a Symbian debugger pretty soon!

Posted by Ilfak Guilfanov at 02:06 AM | Permalink | Comments (3)

Yesterday I created my first Symbian program :) Sure enough, it was a "hello world" and to tell the truth I did not write it myself. But it still took me 3 (three) hours to get it running on Nokia E51. The good side is that I learned a lot about possible failures with Symbian applications (there are quite many of them, some of them with cryptic error messages like "install failed").

The main reason why it took so much time is that I used a sample file from Examples/Basics/HelloWorld in the SDK. I have no idea why this file is included in the SDK, because it is incomplete and even manually adding a .pkg file does not help. My manual pkg file had all types of problems (wrong vendor id, secureid, uid, install directory, etc). I tested all combinations trying to make the application to install (this site was very helpful). Finally I installed it on the device. "I did i!" I congratulated myself - and immediately noticed that the installed application is nowhere. The installer claims that it is on the device, I can see the \sys\bin\hellworld.exe file on the disk, but there is no icon to click on and no other means to launch it. That was disappointing, to tell the least.

If you think about it, this is an expected outcome. The sample application consisted of a single cpp file, no resources, to icons, nothing. I guess Symbian does not display an icon for an application if it was not linked into the sis file (a sound approach, if you ask me).

My problems ended when I located another helloworld in S60Ex\helloworldbasic. With all skills I learned with the other helloworld, it took me only a few moments to build, download, and run it. Don't ask me why there are 2 different helloworlds but I'm glad that I went through this. Here are some good side effects of this failed endeavor:

• the EFD utility displays detailed information about the latest (S60 9.1 3d edition) SIS files
  
  
• IDA can disassemble them
  
  

I also found that Symbian supports on-device debugging on new devices. The Target Resident Kernel (TRK) from Metrowerks is used as a debugger server. The TRK seems to be documented. The obvious idea is to connect it to IDA and debug Symbian applications (and maybe even system software!) I'm not sure that this will work but it is worth trying.

Posted by Ilfak Guilfanov at 11:30 AM | Permalink | Comments (0)

This demo is not just a teaser like the previous one. It is much deeper and shows many decompiler aspects in detail: it starts with the plugin configuration, shows a couple of simple decompilation cases, and then moves on to more complex functions. If you wondered how to improve the resulting pseudocode and handle typical cases, this video is for you!

Posted by Ilfak Guilfanov at 06:36 PM | Permalink | Comments (0)

A brilliant blog post by Ero Carrera: IDAPython in action:

http://blog.dkbza.org/2008/03/digging-up-system-call-ordinals.html

Just note how concise and powerful is the script!

Posted by Ilfak Guilfanov at 12:22 AM | Permalink | Comments (0)

Just a quick post to announce that we have published a small plugin to specify jump table information. When IDA misses them, the flow charts are virtually useless - they fall apart into several loosely connected components and the logic is completely hidden. This plugin is especially useful for rarely used processors with unusual switch idioms.

The plugin and its source code can be found on our forum.

Posted by Ilfak Guilfanov at 04:25 PM | Permalink | Comments (0)