NefMoto

Still learning a bunch, so any advice will help.

Been trying to figure out memory mapping, and address calculations and lookups.

Came up with an idea for a spreadsheet calculator, and a reverse lookup for DPPx & possible address offsets.

Let me know if anything is wrong, needs to be changed, or if there is a possible better way to go about it. Tried
to make it as simple to understand as possible.

The reverse lookup uses up to a 24bit address to calculate the required value of the DPP & the offset value
used with the DPP value to land on the address entered.

Pic won't load from drive I guess

Also, don't know if my drive link to the sheet actually works for anyone else, but here is a hard copy of it.

Hmm, looks like it could be a useful little bit of software, thanks for taking the time to make it  :)

No problem at all, here is an updated version of it. Fixed a few of my own bugs that I found, and added some
more tools I built to it.

Got it

Now, care to explain how it works lol.  ;)

It looks good to me. In practice normally the registers are maintained in all the code in a segment. I wrote a module in IDA that marks the functions that modify the dpp then traverse down the call tree and make the adjustments to every call below that. For function calls I use some scripts because it's part of the ABI.

If you have a function like:
uint16_t axis_lookup_8_0(AXIS_STRUC *axis,uint8_t axis_var) { ... }

It compiles as:
seg009:0F3E E6 FC 2F 00                 mov     r12, #axis_unknown ; Move Word
seg009:0F42 E6 FD 2C 00                 mov     r13, #2Ch ; ',' ; Move Word
seg009:0F46 C2 FE 06 82                 movbz   r14, byte_F0206 ; Move Byte Zero Extend
seg009:0F4A DA 04 A6 8C                 calls   4, axis_lookup_8_0 ; Call Inter-Segment Subroutine
seg009:0F4E F6 F4 36 83                 mov     word_F0336, r4  ; Move Word

In this case it would be something like:
word_F0336= axis_lookup_8_0(&axis_unknown,byte_F0206);

So passing the pointer is always going to require the DPPx portion to be passed. In this case you just create a reference OFF16 on axis_unknown using base address of 0xB0000 which is determined by r13.

I'm still learning my way around IDA, reverse engineering in general, embedded processors, and assembly language.

Given the vast knowledge available here on the forums that I've been learning, I was just hoping to share my work in hopes that it could speed up the learning process for some people that might feel intimidated by the scope of this whole process.

I know the BUSCON sheet in my most recent upload isn't functioning as I want it yet, as well as the manual STKSZ bit entry on SYSCON. I will upload new versions with the fixes when I get some time to work on it.

I'll also try to get around to releasing some notes and pictures on how everything works in reference to actual IDA code.

Thanks for the input BTW