SPU Debugger IDA PRO: Debug The Cell Processor - Are you a PS3 developer looking to learn more about the Cell? Check out this awesome debugging app!
The PS3's Cell Processor is a beast of a chip, but this tiny app is able to extract lots of different data from it. By following the steps below, you'll be able to dump the processor's details and read them for yourself. This doesn't have much use for the average end user, but if you can read debug code, then this procedure is definitely worth checking out. Otherwise, I would say this is designed for talented developers only.
I had some spare time this weekend, and i have been reading up on my Python. So i set the goal for adding debugging support for SPU proccesor in ida, since the procs. is written in Python.
Download the package at the bottom (linked above) and overwrite the files in ida dir.
You can edit the line in gdb_arch.cfg if you dont have ida in c:ida
set QEMUPATHA C:idapluginsSpuDebug
to what ever you have.
You have to have Python installed correctly. See techbliss.org/threads/setting-up-ida-with-pyside-and-pyqt-it-makes-big-difference.211/ for help (there are finished packages there somewhere).
First set system environment setting: itechtics.com/customize-windows-environment-variables/
Make new one called:
Turn Firewall off when debugging or pass it throug or it wont connect. Restart PC.
Okay fire up ida and load a spu.elf file. Choose spu proccessor
Right away after its loaded you would notice that we can selct debuggers, the original spu dosent support this.
I code so it start with the remote gdb debugger since this is what we need, we have to setup some small stuff before we start, press debugger options at the top.
Tick run program before debugging and choose configoration.
Now i have made two options we can choose from.
Debugger or dump ls. We start with dump since its the fun one.
Press ok ok ok. I will give a short explainasion later.
Press run the green arrow and it dumps the ls.bin
Now we test out the live debugger option. We chosse under debugger settings again.
IMPORTANT !! We have to have max package size set to 1024.
Tick stop on debugging start it seems to be the most stable. Then click edit exceptions in the button.
Locate SIGABRT and press right click edit and untick stop.
You press the green arrow again to run or set Breakpoint and run to cursor.
Success! We can now write custom anergistic to do specific needs. Remeber anergistic is basicly gdbserver in a shell.
Little more about the Dumper module. I use a custom version off Anergistic. That works with patching my way throug a spu file. When loaded any spu module it loads a spesial patcher module also. Credits to computerline
You find it under views>> subview >> patches. Press that.
Under edit >> patches you have two new options.
Select the jump in graph view and select edit selection.
Patch and go to patch windows >> right click and refresh.