Hello,

i tried a vxworks based mpc8xx powerquicc firmware (dumped from a flash chip) on ghidra with your script, vxhunter_firmware_init, the result is :

[INFO ][vxhunter_core.find_symbol_table] symbol table start offset: 0000bdf29b
[INFO ][vxhunter_core.find_symbol_table] Symbol table end offset: 0000bdfacb
[INFO ][vxhunter_core._check_vxworks_endian] VxWorks endian: Little endian.
[INFO ][vxhunter_core.quick_test] Load address is not 0080002000
[INFO ][vxhunter_core.quick_test] Load address is not 0000010000
[INFO ][vxhunter_core.quick_test] Load address is not 0000001000
[INFO ][vxhunter_core.quick_test] Load address is not 00f2003fe4
[INFO ][vxhunter_core.quick_test] Load address is not 0000100000
[INFO ][vxhunter_core.quick_test] Load address is not 0000107fe0
[INFO ][vxhunter_core.quick_test] Load address is not 00e0000000
[ERROR ][vxhunter_core.find_loading_address] Exception occurred while loading key_function_index: substring not found. Continuing...
Traceback (most recent call last):
File "D:\Downloads\vxhunter-master\firmware_tools\ghidra\vxhunter_core.py", line 593, in find_loading_address
key_function_index = self._firmware.index('\x00' + function_name_key_words[0] + '\x00')
ValueError: substring not found
substring not found
vxhunter_firmware_init.py> Finished!

The last load address, i just add it myself just to try, because i see it in early codes after reset (which is at 0x100). apparently, it doesn't worked. I had compared the symbol table with example firmware at your folder, but it's a bit different. Would you take a look at this? (this is my email : dion dot storage at gmail dot com.)

thanks in advance.

Hi @mrdion as we communicated at mail, VxHunter doesn't support your flash dump file since symbols are not compiled in the VxWorks image.  
We have to analyze this flash dump file manually for now, until we find a way to automatically analyze the VxWorks init stack codes.

Thanks a lot for your effort and guides.