I've been using all sorts of LAs since the beginning of 90s in the reverse engineering for the systems with scarse or no technical documentation. Simply at the start I had my own home built machine initially based on Intel FlexLogic ICs (they had the fastest clock rate in 1993) then switching to Altera FLEX/APEX families. Then at the beginning of 2000s HP/Agilent LAs with a deep memory became available at the bargain prices. I talk mainly about the arcade machine HW (as this role goes I analyze the chipset architecture in details and re-produce its functional analogues for the FPGA/semicustom IP implementation) which are not the simple uP based HW (Tek is a such example). So, I know something about the reverse engineering bringing the concrete examples ;))
Everyone in the embedded "professional" hacking knows IDA. This is not a panacea as a cross-platform disassembler, but almost and certainly the best of all. But since there is a lot's of the dynamic code in the FW (especially when ppl translating from C++), which can't be analyzed statically (by the disassembler), this runtime can be only analyzed on the working maching by using the LA even without any built-in inverse assembler. So the synergy of both are required to understand the code architecture. Getting the architecture, control and data flow and symbolizing the source is the most important steps. Also we shouldn't forget that the source can be actually compiled by not a very optimal compiler generating the spagetty code.
From all the above, the current example (Tek 6802 base platform) is quite simple, HW is all documented and it can be analyzed statically. But due to the code volume superimposing the calls will be necessary and there the LA will be undispensable.
Back to the oscilloscope, I've got 2445a CAL01 re-calibrated. This time I got it right (digital scopes unfortunately are quite useless). Still CAL02 gives the LIMIT error. But what I also noticed is that when I put the time cursors to the 1st and 11st vertical line the displayed frequency/period gives the precise value in seconds. However, it seems that when I just put them one division apart or a few, then I do have the error in the displayed delta T. Negative if both cursors are to the left from the center and positive when both to the right. It seems like there is a problem with the DAC linearity or something in its path.
IMHO this kind of error then hits back in CAL02.
What do you think?
Thank you again and all the Best,