Pages: [1]
Author Topic: C167 Address Lookup and Calculator  (Read 6766 times)
vjborelli
Jr. Member
**

Karma: +1/-0
Offline Offline

Posts: 27


« on: September 25, 2015, 11:55:47 AM »

Still learning a bunch, so any advice will help.

Been trying to figure out memory mapping, and address calculations and lookups.

Came up with an idea for a spreadsheet calculator, and a reverse lookup for DPPx & possible address offsets.

Let me know if anything is wrong, needs to be changed, or if there is a possible better way to go about it. Tried
to make it as simple to understand as possible.

The reverse lookup uses up to a 24bit address to calculate the required value of the DPP & the offset value
used with the DPP value to land on the address entered.
Logged
vjborelli
Jr. Member
**

Karma: +1/-0
Offline Offline

Posts: 27


« Reply #1 on: September 25, 2015, 01:01:19 PM »

Pic won't load from drive I guess
Logged
vjborelli
Jr. Member
**

Karma: +1/-0
Offline Offline

Posts: 27


« Reply #2 on: September 25, 2015, 01:24:10 PM »

Also, don't know if my drive link to the sheet actually works for anyone else, but here is a hard copy of it.
Logged
mister t
Sr. Member
****

Karma: +74/-18
Offline Offline

Posts: 343


« Reply #3 on: October 31, 2015, 08:39:37 AM »

Hmm, looks like it could be a useful little bit of software, thanks for taking the time to make it  Smiley
Logged
vjborelli
Jr. Member
**

Karma: +1/-0
Offline Offline

Posts: 27


« Reply #4 on: October 31, 2015, 10:54:24 AM »

No problem at all, here is an updated version of it. Fixed a few of my own bugs that I found, and added some
more tools I built to it.

Logged
mister t
Sr. Member
****

Karma: +74/-18
Offline Offline

Posts: 343


« Reply #5 on: November 01, 2015, 12:51:20 AM »

Got it

Now, care to explain how it works lol.  Wink
Logged
hackish
Full Member
***

Karma: +1/-1
Offline Offline

Posts: 56


« Reply #6 on: November 10, 2015, 08:06:16 AM »

It looks good to me. In practice normally the registers are maintained in all the code in a segment. I wrote a module in IDA that marks the functions that modify the dpp then traverse down the call tree and make the adjustments to every call below that. For function calls I use some scripts because it's part of the ABI.

If you have a function like:
uint16_t axis_lookup_8_0(AXIS_STRUC *axis,uint8_t axis_var) { ... }

It compiles as:
seg009:0F3E E6 FC 2F 00                 mov     r12, #axis_unknown ; Move Word
seg009:0F42 E6 FD 2C 00                 mov     r13, #2Ch ; ',' ; Move Word
seg009:0F46 C2 FE 06 82                 movbz   r14, byte_F0206 ; Move Byte Zero Extend
seg009:0F4A DA 04 A6 8C                 calls   4, axis_lookup_8_0 ; Call Inter-Segment Subroutine
seg009:0F4E F6 F4 36 83                 mov     word_F0336, r4  ; Move Word

In this case it would be something like:
word_F0336= axis_lookup_8_0(&axis_unknown,byte_F0206);

So passing the pointer is always going to require the DPPx portion to be passed. In this case you just create a reference OFF16 on axis_unknown using base address of 0xB0000 which is determined by r13.
Logged
vjborelli
Jr. Member
**

Karma: +1/-0
Offline Offline

Posts: 27


« Reply #7 on: November 10, 2015, 12:19:29 PM »

It looks good to me. In practice normally the registers are maintained in all the code in a segment. I wrote a module in IDA that marks the functions that modify the dpp then traverse down the call tree and make the adjustments to every call below that. For function calls I use some scripts because it's part of the ABI.

If you have a function like:
uint16_t axis_lookup_8_0(AXIS_STRUC *axis,uint8_t axis_var) { ... }

It compiles as:
seg009:0F3E E6 FC 2F 00                 mov     r12, #axis_unknown ; Move Word
seg009:0F42 E6 FD 2C 00                 mov     r13, #2Ch ; ',' ; Move Word
seg009:0F46 C2 FE 06 82                 movbz   r14, byte_F0206 ; Move Byte Zero Extend
seg009:0F4A DA 04 A6 8C                 calls   4, axis_lookup_8_0 ; Call Inter-Segment Subroutine
seg009:0F4E F6 F4 36 83                 mov     word_F0336, r4  ; Move Word

In this case it would be something like:
word_F0336= axis_lookup_8_0(&axis_unknown,byte_F0206);

So passing the pointer is always going to require the DPPx portion to be passed. In this case you just create a reference OFF16 on axis_unknown using base address of 0xB0000 which is determined by r13.
I'm still learning my way around IDA, reverse engineering in general, embedded processors, and assembly language.

Given the vast knowledge available here on the forums that I've been learning, I was just hoping to share my work in hopes that it could speed up the learning process for some people that might feel intimidated by the scope of this whole process.

I know the BUSCON sheet in my most recent upload isn't functioning as I want it yet, as well as the manual STKSZ bit entry on SYSCON. I will upload new versions with the fixes when I get some time to work on it.

I'll also try to get around to releasing some notes and pictures on how everything works in reference to actual IDA code.

Thanks for the input BTW
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.017 seconds with 16 queries. (Pretty URLs adds 0s, 0q)