FreeCalypso > hg > freecalypso-reveng
comparison bootrom.disasm @ 14:3443b1b08af4
boot ROM re: starting to unravel the serial command handling
messed up earlier with some var locations: the darned offsets were decimal
author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
---|---|
date | Wed, 24 Apr 2013 23:49:39 +0000 |
parents | e0ce45f043c0 |
children | 2e3cecd6716c |
comparison
equal
deleted
inserted
replaced
13:e0ce45f043c0 | 14:3443b1b08af4 |
---|---|
88 10c: e31c0040 tst r12, #64 ; 0x40 | 88 10c: e31c0040 tst r12, #64 ; 0x40 |
89 110: 0afffffc beq 0x108 | 89 110: 0afffffc beq 0x108 |
90 114: eb000513 bl 0x1568 ; IND_CALL | 90 114: eb000513 bl 0x1568 ; IND_CALL |
91 118: eafffffe b 0x118 | 91 118: eafffffe b 0x118 |
92 | 92 |
93 ; This routine handles the '<i' command - it initializes the vars | |
94 ; starting at 800518. It is called with R0=0x800518. | |
95 | |
93 11c: e3a0c004 mov r12, #4 ; 0x4 | 96 11c: e3a0c004 mov r12, #4 ; 0x4 |
94 120: e5c0c000 strb r12, [r0] | 97 120: e5c0c000 strb r12, [r0] |
95 124: e3a0c000 mov r12, #0 ; 0x0 | 98 124: e3a0c000 mov r12, #0 ; 0x0 |
96 128: e1c0c0be strh r12, [r0, #14] | 99 128: e1c0c0be strh r12, [r0, #14] |
97 12c: e1c0c1b0 strh r12, [r0, #16] | 100 12c: e1c0c1b0 strh r12, [r0, #16] |
98 130: e580c014 str r12, [r0, #20] | 101 130: e580c014 str r12, [r0, #20] |
99 134: e5c0c018 strb r12, [r0, #24] | 102 134: e5c0c018 strb r12, [r0, #24] |
100 138: e12fff1e bx lr | 103 138: e12fff1e bx lr |
101 | 104 |
105 ; This routine at 0x13c apparently generates the serial response messages | |
106 ; back to the host, using the buffer at 80010C as its scratchpad. | |
107 ; The argument in R0 encodes what type of message to generate: | |
108 | |
102 13c: e92d4000 stmdb sp!, {lr} | 109 13c: e92d4000 stmdb sp!, {lr} |
103 140: e1a0c000 mov r12, r0 | 110 140: e1a0c000 mov r12, r0 |
104 144: e59f0cc0 ldr r0, [pc, #3264] ; 0xe0c | 111 144: e59f0cc0 ldr r0, =0x80010C ; via 0xe0c |
105 148: e3a0103e mov r1, #62 ; 0x3e | 112 148: e3a0103e mov r1, #62 ; 0x3e |
106 14c: e5c01000 strb r1, [r0] | 113 14c: e5c01000 strb r1, [r0] |
107 150: e35c0009 cmp r12, #9 ; 0x9 | 114 150: e35c0009 cmp r12, #9 ; 0x9 |
108 154: 88bd8000 ldmhiia sp!, {pc} | 115 154: 88bd8000 ldmhiia sp!, {pc} |
109 158: e28f1000 add r1, pc, #0 ; 0x0 | 116 158: e28f1000 add r1, pc, #0 ; 0x0 |
110 15c: e791f10c ldr pc, [r1, r12, lsl #2] | 117 15c: e791f10c ldr pc, [r1, r12, lsl #2] |
111 160: 000002ac andeq r0, r0, r12, lsr #5 | 118 ; switch table, absolute addresses |
112 164: 00000280 andeq r0, r0, r0, lsl #5 | 119 160: 000002ac |
113 168: 00000264 andeq r0, r0, r4, ror #4 | 120 164: 00000280 |
114 16c: 00000248 andeq r0, r0, r8, asr #4 | 121 168: 00000264 |
115 170: 00000224 andeq r0, r0, r4, lsr #4 | 122 16c: 00000248 |
116 174: 00000200 andeq r0, r0, r0, lsl #4 | 123 170: 00000224 |
117 178: 000001dc ldreqd r0, [r0], -r12 | 124 174: 00000200 |
118 17c: 000001c0 andeq r0, r0, r0, asr #3 | 125 178: 000001dc |
119 180: 000001a4 andeq r0, r0, r4, lsr #3 | 126 17c: 000001c0 |
120 184: 00000188 andeq r0, r0, r8, lsl #3 | 127 180: 000001a4 |
121 | 128 184: 00000188 |
122 188: e3a0c042 mov r12, #66 ; 0x42 | 129 ; case 9: |
130 188: e3a0c042 mov r12, #66 ; 0x42 'B' | |
123 18c: e5c0c001 strb r12, [r0, #1] | 131 18c: e5c0c001 strb r12, [r0, #1] |
124 190: e3a01002 mov r1, #2 ; 0x2 | 132 190: e3a01002 mov r1, #2 ; 0x2 |
125 194: e59fcc74 ldr r12, [pc, #3188] ; 0xe10 | 133 194: e59fcc74 ldr r12, =0x800520 ; via 0xe10 |
126 198: e5dc2000 ldrb r2, [r12] | 134 198: e5dc2000 ldrb r2, [r12] |
127 19c: eb000458 bl 0x1304 | 135 19c: eb000458 bl 0x1304 |
128 1a0: e8bd8000 ldmia sp!, {pc} | 136 1a0: e8bd8000 ldmia sp!, {pc} |
129 | 137 |
130 1a4: e3a0c062 mov r12, #98 ; 0x62 | 138 1a4: e3a0c062 mov r12, #98 ; 0x62 |
223 ; *R0 return byte values: | 231 ; *R0 return byte values: |
224 ; 00 = got nothing (timeout) or an invalid/non-understood command | 232 ; 00 = got nothing (timeout) or an invalid/non-understood command |
225 ; 01 = got 'i' | 233 ; 01 = got 'i' |
226 ; 02 = got 'p', 9 additional bytes received, a bunch of vars filled | 234 ; 02 = got 'p', 9 additional bytes received, a bunch of vars filled |
227 ; 03 = got 'w', the rest of the command read into the buffer at | 235 ; 03 = got 'w', the rest of the command read into the buffer at |
228 ; 80010C, the flag at 80053C set | 236 ; 80010C, the flag at 800530 set |
229 ; 04 = got 'c', 1 additional byte received, extended to a half-word | 237 ; 04 = got 'c', 1 additional byte received, extended to a half-word |
230 ; and written to 80052C | 238 ; and written to 800526 |
231 ; 05 = got 'a' | 239 ; 05 = got 'a' |
232 ; 06 = got 'b', 4 bytes written to 800538 | 240 ; 06 = got 'b', 4 bytes written to 80052C |
233 | 241 |
234 2c8: e92d4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, r10, r11, lr} | 242 2c8: e92d4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, r10, r11, lr} |
235 2cc: e24dd004 sub sp, sp, #4 ; 0x4 | 243 2cc: e24dd004 sub sp, sp, #4 ; 0x4 |
236 2d0: e1a0b000 mov r11, r0 | 244 2d0: e1a0b000 mov r11, r0 |
237 2d4: e3a05000 mov r5, #0 ; 0x0 | 245 2d4: e3a05000 mov r5, #0 ; 0x0 |
256 320: e25cc007 subs r12, r12, #7 ; 0x7 'p' | 264 320: e25cc007 subs r12, r12, #7 ; 0x7 'p' |
257 324: 0a0000b8 beq 0x60c | 265 324: 0a0000b8 beq 0x60c |
258 328: e25cc007 subs r12, r12, #7 ; 0x7 'w' | 266 328: e25cc007 subs r12, r12, #7 ; 0x7 'w' |
259 32c: 1a0000fc bne 0x724 | 267 32c: 1a0000fc bne 0x724 |
260 ; got 'w' | 268 ; got 'w' |
261 ; R4=0x800518, byte at 80053C used for something, init to 0 | 269 ; R4=0x800518, byte at 800530 used for something, init to 0 |
262 330: e5c45018 strb r5, [r4, #24] | 270 330: e5c45018 strb r5, [r4, #24] |
263 334: e3a0a000 mov r10, #0 ; 0x0 | 271 334: e3a0a000 mov r10, #0 ; 0x0 |
264 338: e3a06000 mov r6, #0 ; 0x0 | 272 338: e3a06000 mov r6, #0 ; 0x0 |
265 33c: ea000015 b 0x398 | 273 33c: ea000015 b 0x398 |
266 ; more blocks | 274 ; more blocks |
633 ; The routine at 0x8b4 handles the command received by the 0x2c8 routine. | 641 ; The routine at 0x8b4 handles the command received by the 0x2c8 routine. |
634 ; The argument in R0 is the code produced by the latter. | 642 ; The argument in R0 is the code produced by the latter. |
635 | 643 |
636 8b4: e92d4070 stmdb sp!, {r4, r5, r6, lr} | 644 8b4: e92d4070 stmdb sp!, {r4, r5, r6, lr} |
637 8b8: e24dd008 sub sp, sp, #8 ; 0x8 | 645 8b8: e24dd008 sub sp, sp, #8 ; 0x8 |
638 8bc: e59f4560 ldr r4, [pc, #1376] ; 0xe24 | 646 8bc: e59f4560 ldr r4, =0x800108 ; via 0xe24 |
639 8c0: e5d4c000 ldrb r12, [r4] | 647 8c0: e5d4c000 ldrb r12, [r4] |
640 8c4: e25cc001 subs r12, r12, #1 ; 0x1 | 648 8c4: e25cc001 subs r12, r12, #1 ; 0x1 |
641 8c8: 0a000102 beq 0xcd8 | 649 8c8: 0a000102 beq 0xcd8 |
642 8cc: e25cc001 subs r12, r12, #1 ; 0x1 | 650 8cc: e25cc001 subs r12, r12, #1 ; 0x1 |
643 8d0: 0a00008a beq 0xb00 | 651 8d0: 0a00008a beq 0xb00 |
896 cc4: e3a00000 mov r0, #0 ; 0x0 | 904 cc4: e3a00000 mov r0, #0 ; 0x0 |
897 cc8: ebfffd1b bl 0x13c | 905 cc8: ebfffd1b bl 0x13c |
898 ccc: e3a0c002 mov r12, #2 ; 0x2 | 906 ccc: e3a0c002 mov r12, #2 ; 0x2 |
899 cd0: e5c4c000 strb r12, [r4] | 907 cd0: e5c4c000 strb r12, [r4] |
900 cd4: ea000048 b 0xdfc | 908 cd4: ea000048 b 0xdfc |
909 ; in the initial state, with [800108]==1, control comes here | |
901 cd8: e250c001 subs r12, r0, #1 ; 0x1 | 910 cd8: e250c001 subs r12, r0, #1 ; 0x1 |
902 cdc: 0a000040 beq 0xde4 | 911 cdc: 0a000040 beq 0xde4 |
903 ce0: e25cc001 subs r12, r12, #1 ; 0x1 | 912 ce0: e25cc001 subs r12, r12, #1 ; 0x1 |
904 ce4: 0a00000b beq 0xd18 | 913 ce4: 0a00000b beq 0xd18 |
905 ce8: e24cc001 sub r12, r12, #1 ; 0x1 | 914 ce8: e24cc001 sub r12, r12, #1 ; 0x1 |
963 dd0: e596c004 ldr r12, [r6, #4] | 972 dd0: e596c004 ldr r12, [r6, #4] |
964 dd4: e580c000 str r12, [r0] | 973 dd4: e580c000 str r12, [r0] |
965 dd8: e3a0c002 mov r12, #2 ; 0x2 | 974 dd8: e3a0c002 mov r12, #2 ; 0x2 |
966 ddc: e5c4c000 strb r12, [r4] | 975 ddc: e5c4c000 strb r12, [r4] |
967 de0: ea000005 b 0xdfc | 976 de0: ea000005 b 0xdfc |
968 de4: e59f0018 ldr r0, [pc, #24] ; 0xe04 | 977 ; response to '<i' is handled here |
978 de4: e59f0018 ldr r0, =0x800518 ; via 0xe04 | |
969 de8: ebfffccb bl 0x11c | 979 de8: ebfffccb bl 0x11c |
970 dec: e3a00000 mov r0, #0 ; 0x0 | 980 dec: e3a00000 mov r0, #0 ; 0x0 |
971 df0: ebfffcd1 bl 0x13c | 981 df0: ebfffcd1 bl 0x13c |
972 df4: e3a0c001 mov r12, #1 ; 0x1 | 982 df4: e3a0c001 mov r12, #1 ; 0x1 |
973 df8: e5c4c000 strb r12, [r4] | 983 df8: e5c4c000 strb r12, [r4] |