Usage: RomScanner [-v] DB [ROM] [-o <int>] [-i <int>] [--help]
Options are:
DB Database file
ROM Rom file for scanning. If not provided, display the
database information
-o, --voffset=<int> Virtual offset. If not provided, the default value
in the database will be used
-i, --index=<int> Choose which database for scanning
-v, --version Show the version information
--help Print this help and exit
-
Get code binary from rom.
-
Extrct code binary with ndstool:
ndstool [XXX.nds] -x -9 code.bin -
Or dump it with No$GBA (recommend this way):
After the rom is loaded, dump 4M bytes from address 0x02000000.
- Decrypt the CIA file
- Extract the code.bin (make sure it's uncompressed)
-
-
Scan the binary file and save the output to a sym file.
RomScanner nds.zdb code.bin > XXX.sym
| Name | Description |
|---|---|
| collect.py | search all function binary codes from static libraries, save the patterns to a txt file |
| GenDB | Generate a datebase from txt files that collected by collect.py |
| RomScanner | According to the database, search all function names in the code binary |
| ida_helper.py | import symbols to ida |
-
Put the static libs to directory xxx_v1, xxx_v2 ...
-
Collect information from static libs, generate xxx_v1.txt, xxx_v2.txt
collect.py xxx_v1collect.py xxx_v2... -
Compile patterns, get database, it may take a long time
GenDB xxx.zdb xxx_v1.txt xxxv2.txt ... -voffset [Default Virtual Offset]