Yes, you right.
Actually I try to find the first address of this array. But I can't calculate this address. How I can calculate actual address till I can get the right value.
Please pay attention to the picture shown below:
According to the picture I deeply feel I am wrong
totally i wanna to calculate actual address of an array especially in this case.
Best regards.
Here I think I have some wrong in base concepts,
I check once again.
In the code shown below as you have seen, `r4` is input argument for `sub_37C2` where `r4` is `r0 + 6`. And probably this function return `r4` and `r5`.
So, we have a 32-bit address after `sub_37C2`.
loc_1892:
mov r9, #4
add r9, r0
mov r12, #0FFFFh
mov r4, r9
add r4, #2
calls 0, sub_37C2
mov r13, r4
mov r14, r5
mov r15, #6
calls 0, CRC_16_Calculate
mov word_E7F8, r4
mov r12, #0FFFFh
mov r4, #4
add r4, r0
calls 0, sub_37C2
mov r13, r4
mov r14, r5
mov r15, #6
calls 0, CRC_16_Calculate
mov word_E7FA, r4
OK. In `sub_37C2`we have:
sub_37C2:
mov r5, r4
shr r5, #14
shl r5, #1
mov r5, [r5+0FE00h] ; DPP0
bmov r4.14, r5.0
bmov r4.15, r5.1
shr r5, #2
rets
Suppose we know what this function does.(Convert near address to far)
But, There are some basically question.
Why `r5` shifted 14 times to right after that 1 times to left? Does this have a specific purpose?
In line `mov r5, [r5+0FE00h] ; DPP0`, what is the `r5` after execute? DPP0 is 1D.
After that, we have `CRC_16_Calculate` function that used `r4,r5`(as `r13` and `r14`) for input argument and use in sub function that shown below:
loc_29A4:
mov r4, r13
mov r5, r14
add r13, #1
addc r14, #0
exts r5, #1
movb rl3, [r4]
movbz r7, rl3
movb rl6, #0
Too000 weird.
Why `r13` increment but `r4` is used as the address?
Can anyone help me until I find my answer?
Thanks people.
