freecalypso-reveng: dsample-fw-disasm comparison

comparison dsample-fw-disasm @ 207:d12a3207b1aa

D-Sample 20020917 firmware analysis

author	Mychaela Falconia <falcon@ivan.Harhan.ORG>
date	Fri, 01 Jan 2016 23:24:05 +0000
parents
children	7b679943b57d

comparison

equal deleted inserted replaced

-:11761eaf712c
+:d12a3207b1aa
+; The present work is a disassembly analysis of the 20020917 firmware image
+; read out of our vintage D-Sample C05 board.
+0:	ea0004e7	b	0x13a4
+4:	ea003ffd	b	0x10000
+8:	ea003ffd	b	0x10004
+c:	ea003ffd	b	0x10008
+10:	ea003ffd	b	0x1000c
+14:	ea003ffd	b	0x10010
+18:	ea003ffd	b	0x10014
+1c:	ea003ffd	b	0x10018
+; constant pool before _INT_Bootloader_Start matches TCS211
+1378:	fffffb00
+137c:	02a102a1
+1380:	028302a1
+1384:	00c00281
+1388:	002a0040
+138c:	fffffd00
+1390:	ffff9800
+1394:	fffffb10
+1398:	ffffff08
+139c:	20061081
+13a0:	00000800
+_INT_Bootloader_Start:	; code fully matches TCS211
+13a4:	e51f101c	ldr	r1, =0xffff9800	; via 0x1390
+13a8:	e15f21b2	ldrh	r2, =0x2006	; via 0x139e
+13ac:	e1c120b0	strh	r2, [r1]
+13b0:	e5912000	ldr	r2, [r1]
+13b4:	e2022001	and	r2, r2, #1
+13b8:	e3520001	cmp	r2, #1
+13bc:	0afffffb	beq	0x13b0
+13c0:	e51f103c	ldr	r1, =0xfffffd00	; via 0x138c
+13c4:	e15f23b0	ldrh	r2, =0x1081	; via 0x139c
+13c8:	e1c120b0	strh	r2, [r1]
+13cc:	e51f1040	ldr	r1, =0xfffffb10	; via 0x1394
+13d0:	e15f23b8	ldrh	r2, =0x800	; via 0x13a0
+13d4:	e1d100b0	ldrh	r0, [r1]
+13d8:	e1800002	orr	r0, r0, r2
+13dc:	e1c100b0	strh	r0, [r1]
+13e0:	e51f1050	ldr	r1, =0xffffff08	; via 0x1398
+13e4:	e15f24ba	ldrh	r2, =0x0	; via 0x13a2
+13e8:	e1c120b0	strh	r2, [r1]
+13ec:	e51f107c	ldr	r1, =0xfffffb00	; via 0x1378
+13f0:	e15f27bc	ldrh	r2, =0x2a1	; via 0x137c
+13f4:	e1c120b0	strh	r2, [r1]
+13f8:	e15f28b2	ldrh	r2, =0x2a1	; via 0x137e
+13fc:	e1c120b2	strh	r2, [r1, #2]
+1400:	e15f28b8	ldrh	r2, =0x2a1	; via 0x1380
+1404:	e1c120b4	strh	r2, [r1, #4]
+1408:	e15f28be	ldrh	r2, =0x283	; via 0x1382
+140c:	e1c120b6	strh	r2, [r1, #6]
+1410:	e15f29b4	ldrh	r2, =0x281	; via 0x1384
+1414:	e1c120ba	strh	r2, [r1, #10]	; 0xa
+1418:	e15f29ba	ldrh	r2, =0xc0	; via 0x1386
+141c:	e1c120bc	strh	r2, [r1, #12]	; 0xc
+1420:	e15f2ab0	ldrh	r2, =0x40	; via 0x1388
+1424:	e1c120b8	strh	r2, [r1, #8]
+1428:	e15f2ab6	ldrh	r2, =0x2a	; via 0x138a
+142c:	e1c120be	strh	r2, [r1, #14]	; 0xe
+1430:	e59f0020	ldr	r0, =0x107921c	; via 0x1458
+1434:	e3a01b01	mov	r1, #1024	; 0x400
+1438:	e2411004	sub	r1, r1, #4
+143c:	e0802001	add	r2, r0, r1
+1440:	e3c22003	bic	r2, r2, #3
+1444:	e1a0d002	mov	sp, r2
+1448:	e92d100f	stmdb	sp!, {r0, r1, r2, r3, r12}
+144c:	eb000046	bl	0x156c
+1450:	e8bd100f	ldmia	sp!, {r0, r1, r2, r3, r12}
+1454:	ea003afd	b	0x10050
+1458:	0107921c
+_sta_select_application:	(ARM->Thumb veneer)
+156c:	e92d4000	stmdb	sp!, {lr}
+1570:	e28fe001	add	lr, pc, #1
+1574:	e12fff1e	bx	lr
+1578:	f7ff fd63	bl	0x1042
+157c:	4778		bx	pc
+157e:	46c0		nop			(mov r8, r8)
+1580:	e8bd8000	ldmia	sp!, {pc}
+; branch target addresses differ from TCS211
+10000:	ea0000bf	b	0x10304
+10004:	ea0000c4	b	0x1031c
+10008:	ea0000c9	b	0x10334
+1000c:	ea0000ce	b	0x1034c
+10010:	ea0000d3	b	0x10364
+10014:	ea0000b0	b	0x102dc
+10018:	ea0000b4	b	0x102f0
+; Constant pool
+; Difference between this version and TCS211: the newer TCS211 version
+; includes constants 0xFFFEF006 and 0x00000008 for the 8 MiB
+; memory bank setup.  This difference must be responsible for the
+; 0x10050 vs. 0x10058 discrepancy.
+1001c:	02a102a1
+10020:	028302a1
+10024:	02c00e85
+10028:	002a0040
+1002c:	fffffb00
+10030:	fffffd00
+10034:	ffff9800
+10038:	fffffb10
+1003c:	ffffff08
+10040:	20021081
+10044:	f7ff0800
+10048:	00000000
+1004c:	0001047c	; .cinit base
+_INT_Initialize:
+; beginning matches TCS211
+10050:	e51f1024	ldr	r1, =0xffff9800	; via 0x10034
+10054:	e15f21ba	ldrh	r2, =0x2002	; via 0x10042
+10058:	e1c120b0	strh	r2, [r1]
+1005c:	e5912000	ldr	r2, [r1]
+10060:	e2022001	and	r2, r2, #1
+10064:	e3520001	cmp	r2, #1
+10068:	0afffffb	beq	0x1005c
+1006c:	e51f1044	ldr	r1, =0xfffffd00	; via 0x10030
+10070:	e15f23b8	ldrh	r2, =0x1081	; via 0x10040
+10074:	e1c120b0	strh	r2, [r1]
+10078:	e51f1048	ldr	r1, =0xfffffb10	; via 0x10038
+1007c:	e15f23be	ldrh	r2, =0xf7ff	; via 0x10046
+10080:	e1d100b0	ldrh	r0, [r1]
+10084:	e0000002	and	r0, r0, r2
+10088:	e1c100b0	strh	r0, [r1]
+1008c:	e51f1058	ldr	r1, =0xffffff08	; via 0x1003c
+10090:	e15f25b0	ldrh	r2, =0x0	; via 0x10048
+10094:	e1c120b0	strh	r2, [r1]
+10098:	e51f1074	ldr	r1, =0xfffffb00	; via 0x1002c
+1009c:	e15f28b8	ldrh	r2, =0x2a1	; via 0x1001c
+100a0:	e1c120b0	strh	r2, [r1]
+100a4:	e15f28be	ldrh	r2, =0x2a1	; via 0x1001e
+100a8:	e1c120b2	strh	r2, [r1, #2]
+100ac:	e15f29b4	ldrh	r2, =0x2a1	; via 0x10020
+100b0:	e1c120b4	strh	r2, [r1, #4]
+100b4:	e15f29ba	ldrh	r2, =0x283	; via 0x10022
+100b8:	e1c120b6	strh	r2, [r1, #6]
+100bc:	e15f2ab0	ldrh	r2, =0xe85	; via 0x10024
+100c0:	e1c120ba	strh	r2, [r1, #10]	; 0xa
+100c4:	e15f2ab6	ldrh	r2, =0x2c0	; via 0x10026
+100c8:	e1c120bc	strh	r2, [r1, #12]	; 0xc
+100cc:	e15f2abc	ldrh	r2, =0x40	; via 0x10028
+100d0:	e1c120b8	strh	r2, [r1, #8]
+100d4:	e15f2bb2	ldrh	r2, =0x2a	; via 0x1002a
+100d8:	e1c120be	strh	r2, [r1, #14]	; 0xe
+; TCS211 version does the 8 MiB memory bank setup at this point
+100dc:	e10f0000	mrs	r0, CPSR
+100e0:	e3c0001f	bic	r0, r0, #31	; 0x1f
+100e4:	e3800013	orr	r0, r0, #19	; 0x13
+100e8:	e38000c0	orr	r0, r0, #192	; 0xc0
+100ec:	e129f000	msr	CPSR_fc, r0
+; bss clearing is done inline here, whereas TCS211 version calls _INT_memset
+100f0:	e59f0304	ldr	r0, =0x1000cf4	; via 0x103fc
+100f4:	e3a02000	mov	r2, #0
+100f8:	e59f1300	ldr	r1, =0x107921c	; via 0x10400
+100fc:	e4802004	str	r2, [r0], #4
+10100:	e1500001	cmp	r0, r1
+10104:	1afffffc	bne	0x100fc
+10108:	e59f02f4	ldr	r0, =0x819450	; via 0x10404
+1010c:	e3a02000	mov	r2, #0
+10110:	e59f12f0	ldr	r1, =0x83eda0	; via 0x10408
+10114:	e4802004	str	r2, [r0], #4
+10118:	e1500001	cmp	r0, r1
+1011c:	1afffffc	bne	0x10114
+; setting _INT_Loaded_Flag?
+; code matches TCS211 0x10150 from this point onward
+10120:	e3a00001	mov	r0, #1
+10124:	e59f12e4	ldr	r1, =0x107916c	; via 0x10410
+10128:	e5810000	str	r0, [r1]
+; stack setup matching 0x1015c in TCS211
+1012c:	e59f02d8	ldr	r0, =0x1079308	; via 0x1040c
+10130:	e3a01b01	mov	r1, #1024	; 0x400
+10134:	e2411004	sub	r1, r1, #4
+10138:	e0802001	add	r2, r0, r1
+1013c:	e1a0a000	mov	r10, r0
+10140:	e59f32cc	ldr	r3, =0x83c148	; via 0x10414
+10144:	e583a000	str	r10, [r3]
+10148:	e1a0d002	mov	sp, r2
+1014c:	e59f32c4	ldr	r3, =0x83c26c	; via 0x10418
+10150:	e583d000	str	sp, [r3]
+10154:	e3a01080	mov	r1, #128	; 0x80
+10158:	e0822001	add	r2, r2, r1
+1015c:	e10f0000	mrs	r0, CPSR
+10160:	e3c0001f	bic	r0, r0, #31	; 0x1f
+10164:	e3800012	orr	r0, r0, #18	; 0x12
+10168:	e129f000	msr	CPSR_fc, r0
+1016c:	e1a0d002	mov	sp, r2
+10170:	e3a01c02	mov	r1, #512	; 0x200
+10174:	e0822001	add	r2, r2, r1
+10178:	e10f0000	mrs	r0, CPSR
+1017c:	e3c0001f	bic	r0, r0, #31	; 0x1f
+10180:	e3800011	orr	r0, r0, #17	; 0x11
+10184:	e129f000	msr	CPSR_fc, r0
+10188:	e1a0d002	mov	sp, r2
+1018c:	e10f0000	mrs	r0, CPSR
+10190:	e3c0001f	bic	r0, r0, #31	; 0x1f
+10194:	e3800017	orr	r0, r0, #23	; 0x17
+10198:	e129f000	msr	CPSR_fc, r0
+1019c:	e59fd288	ldr	sp, =0x1079270	; via 0x1042c
+101a0:	e10f0000	mrs	r0, CPSR
+101a4:	e3c0001f	bic	r0, r0, #31	; 0x1f
+101a8:	e380001b	orr	r0, r0, #27	; 0x1b
+101ac:	e129f000	msr	CPSR_fc, r0
+101b0:	e59fd274	ldr	sp, =0x1079270	; via 0x1042c
+101b4:	e10f0000	mrs	r0, CPSR
+101b8:	e3c0001f	bic	r0, r0, #31	; 0x1f
+101bc:	e3800013	orr	r0, r0, #19	; 0x13
+101c0:	e129f000	msr	CPSR_fc, r0
+101c4:	e59f3250	ldr	r3, =0x83c0b0	; via 0x1041c
+101c8:	e2822004	add	r2, r2, #4
+101cc:	e5832000	str	r2, [r3]
+101d0:	e3a01b01	mov	r1, #1024	; 0x400
+101d4:	e3c11003	bic	r1, r1, #3
+101d8:	e0822001	add	r2, r2, r1
+101dc:	e59f323c	ldr	r3, =0x83c134	; via 0x10420
+101e0:	e5831000	str	r1, [r3]
+101e4:	e3a01002	mov	r1, #2
+101e8:	e59f3234	ldr	r3, =0x83c144	; via 0x10424
+101ec:	e5831000	str	r1, [r3]
+101f0:	e1a04002	mov	r4, r2
+101f4:	eb09153c	bl	0x2556ec	; _f_load_int_mem
+101f8:	e1a02004	mov	r2, r4
+101fc:	e59f1210	ldr	r1, =0x83c148	; via 0x10414
+10200:	e5910000	ldr	r0, [r1]
+10204:	e3a030fe	mov	r3, #254	; 0xfe
+10208:	e5c03000	strb	r3, [r0]
+1020c:	e5c03001	strb	r3, [r0, #1]
+10210:	e5c03002	strb	r3, [r0, #2]
+10214:	e5c03003	strb	r3, [r0, #3]
+10218:	e4903004	ldr	r3, [r0], #4
+1021c:	e4803004	str	r3, [r0], #4
+10220:	e1500002	cmp	r0, r2
+10224:	bafffffc	blt	0x1021c
+10228:	e51f01e4	ldr	r0, =0x1047c	; via 0x1004c
+1022c:	e3700001	cmn	r0, #1
+10230:	1b00007f	blne	0x10434		; _auto_init
+10234:	e59f01ec	ldr	r0, =0x1078744	; via 0x10428
+10238:	ea09151f	b	0x2556bc	; _INC_Initialize
+; $Init_Target:
+2458f0:	b570		push	{r4, r5, r6, lr}
+2458f2:	b081		sub	sp, #4
+; write 0x6000 into FFFE:F008 like TCS211
+2458f4:	4d62		ldr	r5, =0xfffef006	; via 0x245a80
+2458f6:	2003		mov	r0, #3
+2458f8:	0340		lsl	r0, r0, #13
+2458fa:	8068		strh	r0, [r5, #2]
+; TM_DisableWatchdog() ?
+2458fc:	f006 fd03	bl	0x24c306
+; 8 MiB memory bank setup
+245900:	2008		mov	r0, #8
+245902:	8829		ldrh	r1, [r5, #0]
+245904:	4308		orr	r0, r1
+245906:	8028		strh	r0, [r5, #0]
+; CNTL_CLK (FFFF:FD02) register setup
+;
+; TCS211 does this:
+;	CNTL_CLK |= 0x0005;
+;	CNTL_CLK &= 0xFF3F;
+;	CNTL_CLK |= 0x0080;
+;	CNTL_CLK &= 0xFFDF;
+;
+; The present version does this:
+;	CNTL_CLK  = 0x0005;
+;	CNTL_CLK &= 0xFF3F;
+;	CNTL_CLK &= 0xFFDF;
+;
+; Difference 1: initial straight write vs. OR: it must be the effect
+;		of the change in the definition of the CLKM_INITCNTL()
+;		macro seen in the diff between MV100 and Sotovik versions.
+;
+; Difference 2: VTCXO_DIV2 bit setting for Clara (13 MHz) vs. Rita (26 MHz)
+245908:	485e		ldr	r0, =0xfffffd02	; via 0x245a84
+24590a:	2105		mov	r1, #5
+24590c:	8001		strh	r1, [r0, #0]
+24590e:	495e		ldr	r1, =0xff3f	; via 0x245a88
+245910:	8802		ldrh	r2, [r0, #0]
+245912:	4011		and	r1, r2
+245914:	8001		strh	r1, [r0, #0]
+245916:	495d		ldr	r1, =0xffdf	; via 0x245a8c
+245918:	8802		ldrh	r2, [r0, #0]
+24591a:	4011		and	r1, r2
+24591c:	8001		strh	r1, [r0, #0]
+; RHEA_CNTL_REG setup: this version writes 0x7F00, TCS211 writes 0xFF00
+24591e:	4e5c		ldr	r6, =0xfffff900	; via 0x245a90
+245920:	207f		mov	r0, #127	; 0x7f
+245922:	0200		lsl	r0, r0, #8
+245924:	8030		strh	r0, [r6, #0]
+; PLL setup: the code structure (sequence of steps) is the same as in TCS211,
+; but the PLL multiplier is set to 6 instead of 8.  Thus the DSP runs at
+; 78 MHz and the ARM runs at 39 MHz.
+245926:	4c5b		ldr	r4, =0xffff9800	; via 0x245a94
+245928:	485b		ldr	r0, =0xfff3	; via 0x245a98
+24592a:	8821		ldrh	r1, [r4, #0]
+24592c:	4008		and	r0, r1
+24592e:	8020		strh	r0, [r4, #0]
+245930:	8820		ldrh	r0, [r4, #0]
+245932:	8020		strh	r0, [r4, #0]
+245934:	4859		ldr	r0, =0xf01f	; via 0x245a9c
+245936:	8821		ldrh	r1, [r4, #0]
+245938:	4008		and	r0, r1
+24593a:	8020		strh	r0, [r4, #0]
+24593c:	2003		mov	r0, #3
+24593e:	0200		lsl	r0, r0, #8
+245940:	8821		ldrh	r1, [r4, #0]
+245942:	4308		orr	r0, r1
+245944:	8020		strh	r0, [r4, #0]
+; ARM clock setup: divide by 2 like in TCS211
+245946:	2000		mov	r0, #0
+245948:	2102		mov	r1, #2
+24594a:	2200		mov	r2, #0
+24594c:	f007 fe00	bl	0x24d550
+; Memory timings: definitely peculiar
+245950:	4953		ldr	r1, =0xfffffb00	; via 0x245aa0
+245952:	20a5		mov	r0, #165	; 0xa5
+245954:	8008		strh	r0, [r1, #0]
+245956:	8048		strh	r0, [r1, #2]
+245958:	20a2		mov	r0, #162	; 0xa2
+24595a:	8088		strh	r0, [r1, #4]
+24595c:	2085		mov	r0, #133	; 0x85
+24595e:	80c8		strh	r0, [r1, #6]
+245960:	2080		mov	r0, #128	; 0x80
+245962:	8148		strh	r0, [r1, #10]	; 0xa
+245964:	200b		mov	r0, #11	; 0xb
+245966:	0180		lsl	r0, r0, #6
+245968:	8188		strh	r0, [r1, #12]	; 0xc
+24596a:	2040		mov	r0, #64	; 0x40
+24596c:	8108		strh	r0, [r1, #8]
+; FFFF:F902 and FFFF:F904 registers set up exactly the same as in TCS211
+24596e:	2020		mov	r0, #32	; 0x20
+245970:	8070		strh	r0, [r6, #2]
+245972:	2000		mov	r0, #0
+245974:	80b0		strh	r0, [r6, #4]
+; PLL turn-on just like in TCS211
+245976:	2010		mov	r0, #16	; 0x10
+245978:	8821		ldrh	r1, [r4, #0]
+24597a:	4308		orr	r0, r1
+24597c:	8020		strh	r0, [r4, #0]
+; remaining Target_Init() code not studied yet
+24597e:	4849		ldr	r0, =0xfffffa08	; via 0x245aa4
+245980:	4949		ldr	r1, =0xffff	; via 0x245aa8
+245982:	8001		strh	r1, [r0, #0]
+245984:	241f		mov	r4, #31	; 0x1f
+245986:	8044		strh	r4, [r0, #2]
+245988:	2103		mov	r1, #3
+24598a:	8181		strh	r1, [r0, #12]	; 0xc
+24598c:	f005 fc28	bl	0x24b1e0
+245990:	4846		ldr	r0, =0xfffffc00	; via 0x245aac
+245992:	2124		mov	r1, #36	; 0x24
+245994:	8001		strh	r1, [r0, #0]
+245996:	210d		mov	r1, #13	; 0xd
+245998:	8041		strh	r1, [r0, #2]
+24599a:	2300		mov	r3, #0
+24599c:	4844		ldr	r0, =0xfffe2016	; via 0x245ab0
+24599e:	8003		strh	r3, [r0, #0]
+2459a0:	4844		ldr	r0, =0xfffe2014	; via 0x245ab4
+2459a2:	2102		mov	r1, #2
+2459a4:	8001		strh	r1, [r0, #0]
+2459a6:	4844		ldr	r0, =0xfffe2002	; via 0x245ab8
+2459a8:	2184		mov	r1, #132	; 0x84
+2459aa:	8001		strh	r1, [r0, #0]
+2459ac:	4943		ldr	r1, =0xfffe2000	; via 0x245abc
+2459ae:	4844		ldr	r0, =0x3de0	; via 0x245ac0
+2459b0:	8008		strh	r0, [r1, #0]
+2459b2:	4a44		ldr	r2, =0xfffe2022	; via 0x245ac4
+2459b4:	2009		mov	r0, #9
+2459b6:	8010		strh	r0, [r2, #0]
+2459b8:	4843		ldr	r0, =0xfffe2020	; via 0x245ac8
+2459ba:	4a44		ldr	r2, =0x45a	; via 0x245acc
+2459bc:	8002		strh	r2, [r0, #0]
+2459be:	4844		ldr	r0, =0xfffe201e	; via 0x245ad0
+2459c0:	22b4		mov	r2, #180	; 0xb4
+2459c2:	8002		strh	r2, [r0, #0]
+2459c4:	4843		ldr	r0, =0xfffe201c	; via 0x245ad4
+2459c6:	8004		strh	r4, [r0, #0]
+2459c8:	1c1c		add	r4, r3, #0
+2459ca:	4843		ldr	r0, =0xfffe2024	; via 0x245ad8
+2459cc:	8004		strh	r4, [r0, #0]
+2459ce:	4b43		ldr	r3, =0xfffe2010	; via 0x245adc
+2459d0:	2002		mov	r0, #2
+2459d2:	881a		ldrh	r2, [r3, #0]
+2459d4:	4310		orr	r0, r2
+2459d6:	8018		strh	r0, [r3, #0]
+2459d8:	4840		ldr	r0, =0xfffe2010	; via 0x245adc
+2459da:	2304		mov	r3, #4
+2459dc:	8802		ldrh	r2, [r0, #0]
+2459de:	4313		orr	r3, r2
+2459e0:	8003		strh	r3, [r0, #0]
+2459e2:	2027		mov	r0, #39	; 0x27
+2459e4:	80e8		strh	r0, [r5, #6]
+2459e6:	8a08		ldrh	r0, [r1, #16]	; 0x10
+2459e8:	0840		lsr	r0, r0, #1
+2459ea:	d310		bcc	0x245a0e
+2459ec:	8a08		ldrh	r0, [r1, #16]	; 0x10
+2459ee:	0400		lsl	r0, r0, #16
+2459f0:	0c40		lsr	r0, r0, #17
+2459f2:	0040		lsl	r0, r0, #1
+2459f4:	8208		strh	r0, [r1, #16]	; 0x10
+2459f6:	2001		mov	r0, #1
+2459f8:	9000		str	r0, [sp, #0]
+2459fa:	e002		b	0x245a02
+2459fc:	9800		ldr	r0, [sp, #0]
+2459fe:	3001		add	r0, #1
+245a00:	9000		str	r0, [sp, #0]
+245a02:	9800		ldr	r0, [sp, #0]
+245a04:	2832		cmp	r0, #50	; 0x32
+245a06:	d3f9		bcc	0x2459fc
+245a08:	8a48		ldrh	r0, [r1, #18]	; 0x12
+245a0a:	2800		cmp	r0, #0
+245a0c:	d0fc		beq	0x245a08
+245a0e:	f006 fdbf	bl	0x24c590
+245a12:	f006 fdc3	bl	0x24c59c
+245a16:	2027		mov	r0, #39	; 0x27
+245a18:	0500		lsl	r0, r0, #20
+245a1a:	8004		strh	r4, [r0, #0]
+245a1c:	2001		mov	r0, #1
+245a1e:	f006 fc80	bl	0x24c322
+245a22:	2002		mov	r0, #2
+245a24:	f006 fc7d	bl	0x24c322
+245a28:	b001		add	sp, #4
+245a2a:	bd70		pop	{r4, r5, r6, pc}
+; $Init_Drivers:
+245a2c:	b500		push	{lr}
+245a2e:	f7ce f9b0	bl	0x213d92
+245a32:	f7af fb41	bl	0x1f50b8
+245a36:	f7da fd20	bl	0x22047a
+245a3a:	f755 fc4f	bl	0x19b2dc
+245a3e:	bd00		pop	{pc}
+; $Init_Serial_Flows:
+245a40:	b500		push	{lr}
+245a42:	4827		ldr	r0, =0x10786fc	; via 0x245ae0
+245a44:	f795 f98e	bl	0x1dad64
+245a48:	2000		mov	r0, #0
+245a4a:	2102		mov	r1, #2
+245a4c:	2200		mov	r2, #0
+245a4e:	f795 fbdc	bl	0x1db20a
+245a52:	f795 fc51	bl	0x1db2f8
+245a56:	bd00		pop	{pc}
+; $Init_Unmask_IT:
+245a58:	b500		push	{lr}
+245a5a:	2004		mov	r0, #4
+245a5c:	f005 fc21	bl	0x24b2a2
+245a60:	2012		mov	r0, #18	; 0x12
+245a62:	f005 fc1e	bl	0x24b2a2
+245a66:	2007		mov	r0, #7
+245a68:	f005 fc1b	bl	0x24b2a2
+245a6c:	2008		mov	r0, #8
+245a6e:	f005 fc18	bl	0x24b2a2
+245a72:	bd00		pop	{pc}
+; The following BX LR instructions must be empty functions in the same init
+; module as the recognizable functions above, as they lie between the previous
+; code and its associated literal pool.
+245a74:	4770		bx	lr
+245a76:	4770		bx	lr
+245a78:	4770		bx	lr
+245a7a:	4770		bx	lr
+245a7c:	4770		bx	lr
+245a7e:	4770		bx	lr
+; Appears to the old Thumb implementation of f_load_int_mem(),
+; differs from TCS211 version which is ARM and appears to be assembly
+250408:	b5f0		push	{r4, r5, r6, r7, lr}
+25040a:	4640		mov	r0, r8
+25040c:	4649		mov	r1, r9
+25040e:	4652		mov	r2, r10
+250410:	465b		mov	r3, r11
+250412:	b40f		push	{r0, r1, r2, r3}
+250414:	4f22		ldr	r7, =0x1079168	; via 0x2504a0
+250416:	2000		mov	r0, #0
+250418:	8038		strh	r0, [r7, #0]
+25041a:	4922		ldr	r1, =0x107916a	; via 0x2504a4
+25041c:	4688		mov	r8, r1
+25041e:	8008		strh	r0, [r1, #0]
+250420:	4821		ldr	r0, =0x800000	; via 0x2504a8
+250422:	4922		ldr	r1, =0x81944c	; via 0x2504ac
+250424:	1a09		sub	r1, r1, r0
+250426:	3904		sub	r1, #4
+250428:	468c		mov	r12, r1
+25042a:	2104		mov	r1, #4
+25042c:	180e		add	r6, r1, r0
+25042e:	1c30		add	r0, r6, #0
+250430:	4661		mov	r1, r12
+250432:	f7ff ffe0	bl	0x2503f6
+250436:	4c1e		ldr	r4, =0x83eda4	; via 0x2504b0
+250438:	481e		ldr	r0, =0x83f294	; via 0x2504b4
+25043a:	1b05		sub	r5, r0, r4
+25043c:	1c20		add	r0, r4, #0
+25043e:	1c29		add	r1, r5, #0
+250440:	f7ff ffd9	bl	0x2503f6
+250444:	481c		ldr	r0, =0x20508	; via 0x2504b8
+250446:	4681		mov	r9, r0
+250448:	4661		mov	r1, r12
+25044a:	f7ff ffc7	bl	0x2503dc
+25044e:	4682		mov	r10, r0
+250450:	8038		strh	r0, [r7, #0]
+250452:	481a		ldr	r0, =0x155e8	; via 0x2504bc
+250454:	4683		mov	r11, r0
+250456:	1c29		add	r1, r5, #0
+250458:	f7ff ffc0	bl	0x2503dc
+25045c:	4651		mov	r1, r10
+25045e:	1808		add	r0, r1, r0
+250460:	8038		strh	r0, [r7, #0]
+250462:	4648		mov	r0, r9
+250464:	4661		mov	r1, r12
+250466:	1c32		add	r2, r6, #0
+250468:	f7ff ffae	bl	0x2503c8
+25046c:	4658		mov	r0, r11
+25046e:	1c29		add	r1, r5, #0
+250470:	1c22		add	r2, r4, #0
+250472:	f7ff ffa9	bl	0x2503c8
+250476:	1c30		add	r0, r6, #0
+250478:	4661		mov	r1, r12
+25047a:	f7ff ffaf	bl	0x2503dc
+25047e:	1c06		add	r6, r0, #0
+250480:	4640		mov	r0, r8
+250482:	8006		strh	r6, [r0, #0]
+250484:	1c20		add	r0, r4, #0
+250486:	1c29		add	r1, r5, #0
+250488:	f7ff ffa8	bl	0x2503dc
+25048c:	1830		add	r0, r6, r0
+25048e:	4641		mov	r1, r8
+250490:	8008		strh	r0, [r1, #0]
+250492:	bc0f		pop	{r0, r1, r2, r3}
+250494:	4680		mov	r8, r0
+250496:	4689		mov	r9, r1
+250498:	4692		mov	r10, r2
+25049a:	469b		mov	r11, r3
+25049c:	bdf0		pop	{r4, r5, r6, r7, pc}
+; $INC_Initialize:
+254654:	b530		push	{r4, r5, lr}
+254656:	1c05		add	r5, r0, #0
+254658:	4c13		ldr	r4, =0x1079150	; via 0x2546a8
+25465a:	2001		mov	r0, #1
+25465c:	6020		str	r0, [r4, #0]
+25465e:	f001 f9eb	bl	0x255a38
+254662:	f001 f9ed	bl	0x255a40
+254666:	f001 f9ad	bl	0x2559c4
+25466a:	f000 fd45	bl	0x2550f8
+25466e:	f7fb ffa3	bl	0x2505b8
+254672:	f000 ff0d	bl	0x255490
+254676:	f000 fedb	bl	0x255430
+25467a:	f000 fef9	bl	0x255470
+25467e:	f000 fec7	bl	0x255410
+254682:	f000 ff25	bl	0x2554d0
+254686:	f000 fee3	bl	0x255450
+25468a:	f000 ff31	bl	0x2554f0
+25468e:	f7fe faef	bl	0x252c70
+254692:	f000 ff0d	bl	0x2554b0
+254696:	1c28		add	r0, r5, #0
+254698:	f000 fda5	bl	0x2551e6	; app init
+25469c:	2002		mov	r0, #2
+25469e:	6020		str	r0, [r4, #0]
+2546a0:	f001 fefa	bl	0x256498	; $TCT_Schedule veneer
+2546a4:	bd30		pop	{r4, r5, pc}
+; $Application_Initialize:
+2551e6:	b500		push	{lr}
+2551e8:	f7f0 fb82	bl	0x2458f0	; $Init_Target
+2551ec:	f7f0 fc1e	bl	0x245a2c	; $Init_Drivers
+2551f0:	f001 fa82	bl	0x2566f8	; $Cust_Init_Layer1
+2551f4:	f7f0 fc24	bl	0x245a40	; $Init_Serial_Flows
+2551f8:	f7a0 fba6	bl	0x1f5948	; $StartFrame
+2551fc:	f7f0 fc2c	bl	0x245a58	; $Init_Unmask_IT
+255200:	bd00		pop	{pc}
+2556a4:	e58de004	str	lr, [sp, #4]
+2556a8:	e28fe001	add	lr, pc, #1
+2556ac:	e12fff1e	bx	lr
+2556b0:	f7e8 f8e6	bl	0x23d880
+2556b4:	4778		bx	pc
+2556b6:	46c0		nop			(mov r8, r8)
+2556b8:	e59df004	ldr	pc, [sp, #4]
+; _INC_Initialize call veneer
+2556bc:	e92d4000	stmdb	sp!, {lr}
+2556c0:	e28fe001	add	lr, pc, #1
+2556c4:	e12fff1e	bx	lr
+2556c8:	f7fe ffc4	bl	0x254654
+2556cc:	4778		bx	pc
+2556ce:	46c0		nop			(mov r8, r8)
+2556d0:	e8bd8000	ldmia	sp!, {pc}
+2556d4:	e92d4000	stmdb	sp!, {lr}
+2556d8:	e28fe001	add	lr, pc, #1
+2556dc:	e12fff1e	bx	lr
+2556e0:	f7e7 fb27	bl	0x23cd32
+2556e4:	4778		bx	pc
+2556e6:	46c0		nop			(mov r8, r8)
+2556e8:	e8bd8000	ldmia	sp!, {pc}
+; _f_load_int_mem call veneer
+2556ec:	e92d4000	stmdb	sp!, {lr}
+2556f0:	e28fe001	add	lr, pc, #1
+2556f4:	e12fff1e	bx	lr
+2556f8:	f7fa fe86	bl	0x250408
+2556fc:	4778		bx	pc
+2556fe:	46c0		nop			(mov r8, r8)
+255700:	e8bd8000	ldmia	sp!, {pc}
+255704:	e92d4000	stmdb	sp!, {lr}
+255708:	e28fe001	add	lr, pc, #1
+25570c:	e12fff1e	bx	lr
+255710:	f7ff fd69	bl	0x2551e6
+255714:	4778		bx	pc
+255716:	46c0		nop			(mov r8, r8)
+255718:	e8bd8000	ldmia	sp!, {pc}
+25571c:	e92d4000	stmdb	sp!, {lr}
+255720:	e28fe001	add	lr, pc, #1
+255724:	e12fff1e	bx	lr
+255728:	f76e f932	bl	0x1c3990
+25572c:	4778		bx	pc
+25572e:	46c0		nop			(mov r8, r8)
+255730:	e8bd8000	ldmia	sp!, {pc}
+255734:	e92d4000	stmdb	sp!, {lr}
+255738:	e28fe001	add	lr, pc, #1
+25573c:	e12fff1e	bx	lr
+255740:	f7a6 fe10	bl	0x1fc364
+255744:	4778		bx	pc
+255746:	46c0		nop			(mov r8, r8)
+255748:	e8bd8000	ldmia	sp!, {pc}
+25574c:	e92d4000	stmdb	sp!, {lr}
+255750:	e28fe001	add	lr, pc, #1
+255754:	e12fff1e	bx	lr
+255758:	f6f4 fa10	bl	0x149b7c
+25575c:	4778		bx	pc
+25575e:	46c0		nop			(mov r8, r8)
+255760:	e8bd8000	ldmia	sp!, {pc}
+255764:	e92d4000	stmdb	sp!, {lr}
+255768:	e28fe001	add	lr, pc, #1
+25576c:	e12fff1e	bx	lr
+255770:	f785 ff3b	bl	0x1db5ea
+255774:	4778		bx	pc
+255776:	46c0		nop			(mov r8, r8)
+255778:	e8bd8000	ldmia	sp!, {pc}
+25577c:	e92d4000	stmdb	sp!, {lr}
+255780:	e28fe001	add	lr, pc, #1
+255784:	e12fff1e	bx	lr
+255788:	f785 ff10	bl	0x1db5ac
+25578c:	4778		bx	pc
+25578e:	46c0		nop			(mov r8, r8)
+255790:	e8bd8000	ldmia	sp!, {pc}

FreeCalypso > hg > freecalypso-reveng

comparison dsample-fw-disasm @ 207:d12a3207b1aa