FreeCalypso > hg > freecalypso-reveng
comparison bootrom.disasm @ 2:979d97fe75eb
boot ROM rev eng: progressing on the RESET code
author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
---|---|
date | Mon, 15 Apr 2013 04:51:12 +0000 |
parents | 4b5e22875181 |
children | e3f8fe6a848e |
comparison
equal
deleted
inserted
replaced
1:4b5e22875181 | 2:979d97fe75eb |
---|---|
1347 | 1347 |
1348 148c: 00001fcc andeq r1, r0, r12, asr #31 | 1348 148c: 00001fcc andeq r1, r0, r12, asr #31 |
1349 1490: ffff6000 swinv 0x00ff6000 | 1349 1490: ffff6000 swinv 0x00ff6000 |
1350 1494: 00001fd4 ldreqd r1, [r0], -r4 | 1350 1494: 00001fd4 ldreqd r1, [r0], -r4 |
1351 | 1351 |
1352 The RESET entry point branches here: | 1352 ; The RESET entry point branches here |
1353 1498: e59f003c ldr r0, [pc, #60] ; 0x14dc | 1353 ; |
1354 149c: e59f103c ldr r1, [pc, #60] ; 0x14e0 | 1354 ; First order of business: copy the 7 vector instructions from |
1355 ; 0x1FE0 to 0x80001C. | |
1356 1498: e59f003c ldr r0, =0x1FE0 ; via 0x14dc | |
1357 149c: e59f103c ldr r1, =0x80001C ; via 0x14e0 | |
1355 14a0: e3a02000 mov r2, #0 ; 0x0 | 1358 14a0: e3a02000 mov r2, #0 ; 0x0 |
1356 14a4: e7903002 ldr r3, [r0, r2] | 1359 14a4: e7903002 ldr r3, [r0, r2] |
1357 14a8: e7813002 str r3, [r1, r2] | 1360 14a8: e7813002 str r3, [r1, r2] |
1358 14ac: e2822004 add r2, r2, #4 ; 0x4 | 1361 14ac: e2822004 add r2, r2, #4 ; 0x4 |
1359 14b0: e352001c cmp r2, #28 ; 0x1c | 1362 14b0: e352001c cmp r2, #28 ; 0x1c |
1360 14b4: 1afffffa bne 0x14a4 | 1363 14b4: 1afffffa bne 0x14a4 |
1361 14b8: e59f0014 ldr r0, [pc, #20] ; 0x14d4 | 1364 ; done with that; now set up the stack |
1362 14bc: e59f1014 ldr r1, [pc, #20] ; 0x14d8 | 1365 14b8: e59f0014 ldr r0, =0x8005C0 ; via 0x14d4 |
1366 14bc: e59f1014 ldr r1, =0x190 ; via 0x14d8 | |
1363 14c0: e2411004 sub r1, r1, #4 ; 0x4 | 1367 14c0: e2411004 sub r1, r1, #4 ; 0x4 |
1364 14c4: e0802001 add r2, r0, r1 | 1368 14c4: e0802001 add r2, r0, r1 |
1365 14c8: e3c22003 bic r2, r2, #3 ; 0x3 | 1369 14c8: e3c22003 bic r2, r2, #3 ; 0x3 |
1366 14cc: e1a0d002 mov sp, r2 | 1370 14cc: e1a0d002 mov sp, r2 |
1367 14d0: ea000003 b 0x14e4 | 1371 14d0: ea000003 b 0x14e4 |
1368 | 1372 |
1369 14d4: 008005c0 addeq r0, r0, r0, asr #11 | 1373 ; literals for the above code |
1370 14d8: 00000190 muleq r0, r0, r1 | 1374 14d4: 008005c0 |
1371 14dc: 00001fe0 andeq r1, r0, r0, ror #31 | 1375 14d8: 00000190 |
1372 14e0: 0080001c addeq r0, r0, r12, lsl r0 | 1376 14dc: 00001fe0 |
1373 | 1377 14e0: 0080001c |
1374 14e4: e59f0078 ldr r0, [pc, #120] ; 0x1564 | 1378 |
1379 ; continuation of the RESET entry code | |
1380 14e4: e59f0078 ldr r0, =0x1694 ; via 0x1564 | |
1375 14e8: e3700001 cmn r0, #1 ; 0x1 | 1381 14e8: e3700001 cmn r0, #1 ; 0x1 |
1376 14ec: 1b000003 blne 0x1500 | 1382 14ec: 1b000003 blne 0x1500 |
1377 14f0: ebffff38 bl 0x11d8 | 1383 14f0: ebffff38 bl 0x11d8 |
1378 14f4: e3a00001 mov r0, #1 ; 0x1 | 1384 14f4: e3a00001 mov r0, #1 ; 0x1 |
1379 14f8: eb000022 bl 0x1588 | 1385 14f8: eb000022 bl 0x1588 |
1380 14fc: eafffffe b 0x14fc | 1386 14fc: eafffffe b 0x14fc |
1387 | |
1388 ; 0x1500: Subroutine entry | |
1389 ; | |
1390 ; This routine initializes multiple RAM areas from a single ROM init data | |
1391 ; table. Takes one argument in R0, which points to the ROM table. | |
1392 ; The ROM table consists of one or more abutted variable-length records, | |
1393 ; each of the following format: | |
1394 ; | |
1395 ; 1 word: number of bytes to copy (may or may not be word-aligned) | |
1396 ; 1 word: copy destination address (ditto) | |
1397 ; variable length: data to be copied | |
1398 ; 0 to 3 bytes of padding to put the next record on a word boundary | |
1399 ; | |
1400 ; The list is terminated by a zero word. | |
1401 | |
1381 1500: ea000011 b 0x154c | 1402 1500: ea000011 b 0x154c |
1382 1504: e4901004 ldr r1, [r0], #4 | 1403 1504: e4901004 ldr r1, [r0], #4 |
1383 1508: e3110003 tst r1, #3 ; 0x3 | 1404 1508: e3110003 tst r1, #3 ; 0x3 |
1384 150c: 1a000007 bne 0x1530 | 1405 150c: 1a000007 bne 0x1530 |
1385 1510: e2522004 subs r2, r2, #4 ; 0x4 | 1406 1510: e2522004 subs r2, r2, #4 ; 0x4 |
1400 154c: e4902004 ldr r2, [r0], #4 | 1421 154c: e4902004 ldr r2, [r0], #4 |
1401 1550: e3520000 cmp r2, #0 ; 0x0 | 1422 1550: e3520000 cmp r2, #0 ; 0x0 |
1402 1554: 1affffea bne 0x1504 | 1423 1554: 1affffea bne 0x1504 |
1403 1558: e1a0f00e mov pc, lr | 1424 1558: e1a0f00e mov pc, lr |
1404 | 1425 |
1405 155c: 008005c0 addeq r0, r0, r0, asr #11 | 1426 ; literal pool |
1406 1560: 00000190 muleq r0, r0, r1 | 1427 155c: 008005c0 ; low address of the stack - unused duplicate? |
1407 1564: 00001694 muleq r0, r4, r6 | 1428 1560: 00000190 ; size of the stack - ditto |
1429 1564: 00001694 | |
1408 | 1430 |
1409 1568: e3140001 tst r4, #1 ; 0x1 | 1431 1568: e3140001 tst r4, #1 ; 0x1 |
1410 156c: 1a000000 bne 0x1574 | 1432 156c: 1a000000 bne 0x1574 |
1411 1570: e12fff14 bx r4 | 1433 1570: e12fff14 bx r4 |
1412 1574: e1a0c004 mov r12, r4 | 1434 1574: e1a0c004 mov r12, r4 |
1413 1578: e1a0400e mov r4, lr | 1435 1578: e1a0400e mov r4, lr |
1414 157c: e28fe001 add lr, pc, #1 ; 0x1 | 1436 157c: e28fe001 add lr, pc, #1 ; 0x1 |
1415 1580: e12fff1c bx r12 | 1437 1580: e12fff1c bx r12 |
1416 1584: 46c04720 strmib r4, [r0], r0, lsr #14 | 1438 1584: 46c04720 strmib r4, [r0], r0, lsr #14 |
1439 | |
1417 1588: eafffffe b 0x1588 | 1440 1588: eafffffe b 0x1588 |
1441 | |
1418 158c: e92d4010 stmdb sp!, {r4, lr} | 1442 158c: e92d4010 stmdb sp!, {r4, lr} |
1419 1590: e1a04000 mov r4, r0 | 1443 1590: e1a04000 mov r4, r0 |
1420 1594: e1b0c0a4 movs r12, r4, lsr #1 | 1444 1594: e1b0c0a4 movs r12, r4, lsr #1 |
1421 1598: 0a000001 beq 0x15a4 | 1445 1598: 0a000001 beq 0x15a4 |
1422 159c: e3a00001 mov r0, #1 ; 0x1 | 1446 159c: e3a00001 mov r0, #1 ; 0x1 |
1472 1664: e490c004 ldr r12, [r0], #4 | 1496 1664: e490c004 ldr r12, [r0], #4 |
1473 1668: e482c004 str r12, [r2], #4 | 1497 1668: e482c004 str r12, [r2], #4 |
1474 166c: e2511004 subs r1, r1, #4 ; 0x4 | 1498 166c: e2511004 subs r1, r1, #4 ; 0x4 |
1475 1670: 1afffffb bne 0x1664 | 1499 1670: 1afffffb bne 0x1664 |
1476 1674: e12fff1e bx lr | 1500 1674: e12fff1e bx lr |
1501 | |
1502 ; The soft-vector pointers at 0x800000 are initially set to point | |
1503 ; to the ROM addresses of the following 7 tight-loop branch instructions: | |
1477 1678: eafffffe b 0x1678 | 1504 1678: eafffffe b 0x1678 |
1478 167c: eafffffe b 0x167c | 1505 167c: eafffffe b 0x167c |
1479 1680: eafffffe b 0x1680 | 1506 1680: eafffffe b 0x1680 |
1480 1684: eafffffe b 0x1684 | 1507 1684: eafffffe b 0x1684 |
1481 1688: eafffffe b 0x1688 | 1508 1688: eafffffe b 0x1688 |
1482 168c: eafffffe b 0x168c | 1509 168c: eafffffe b 0x168c |
1483 1690: eafffffe b 0x1690 | 1510 1690: eafffffe b 0x1690 |
1484 1694: 0000001c andeq r0, r0, r12, lsl r0 | 1511 |
1485 1698: 00800000 addeq r0, r0, r0 | 1512 ; RAM init table for the 0x1500 subroutine |
1486 169c: 00001678 andeq r1, r0, r8, ror r6 | 1513 ; vector init |
1487 16a0: 0000167c andeq r1, r0, r12, ror r6 | 1514 1694: 0000001c |
1488 16a4: 00001680 andeq r1, r0, r0, lsl #13 | 1515 1698: 00800000 |
1489 16a8: 00001684 andeq r1, r0, r4, lsl #13 | 1516 169c: 00001678 |
1490 16ac: 00001688 andeq r1, r0, r8, lsl #13 | 1517 16a0: 0000167c |
1491 16b0: 0000168c andeq r1, r0, r12, lsl #13 | 1518 16a4: 00001680 |
1492 16b4: 00001690 muleq r0, r0, r6 | 1519 16a8: 00001684 |
1493 16b8: 00000004 andeq r0, r0, r4 | 1520 16ac: 00001688 |
1494 16bc: 00800104 addeq r0, r0, r4, lsl #2 | 1521 16b0: 0000168c |
1495 16c0: 0001d4c0 andeq sp, r1, r0, asr #9 | 1522 16b4: 00001690 |
1496 16c4: 00000001 andeq r0, r0, r1 | 1523 ; another record |
1497 16c8: 00800108 addeq r0, r0, r8, lsl #2 | 1524 16b8: 00000004 |
1498 16cc: 00000001 andeq r0, r0, r1 | 1525 16bc: 00800104 |
1499 16d0: 00000001 andeq r0, r0, r1 | 1526 16c0: 0001d4c0 |
1500 16d4: 00800534 addeq r0, r0, r4, lsr r5 | 1527 ; another record |
1501 | 1528 16c4: 00000001 |
1502 ; The word at 0x16D4 appears to be the last word of the actual boot | 1529 16c8: 00800108 |
1530 16cc: 00000001 | |
1531 ; another record | |
1532 16d0: 00000001 | |
1533 16d4: 00800534 | |
1534 16d8: 00000000 | |
1535 ; end marker | |
1536 16dc: 00000000 | |
1537 | |
1538 ; The word at 0x16DC appears to be the last word of the actual boot | |
1503 ; code + data. Between here and 0x1FCC we've got what looks like | 1539 ; code + data. Between here and 0x1FCC we've got what looks like |
1504 ; filler: | 1540 ; filler: |
1505 | 1541 |
1506 000016C0: C0 D4 01 00 01 00 00 00 08 01 80 00 01 00 00 00 ................ | 1542 000016C0: C0 D4 01 00 01 00 00 00 08 01 80 00 01 00 00 00 ................ |
1507 000016D0: 01 00 00 00 34 05 80 00 00 00 00 00 00 00 00 00 ....4........... | 1543 000016D0: 01 00 00 00 34 05 80 00 00 00 00 00 00 00 00 00 ....4........... |