Page 1 of 7
Amiga disassembly
Posted: Wed Sep 08, 2010 7:42 am
by tin
LocalH thought this might be useful, so I thought I'd attach it.It's just the raw output of an amiga reassembler called IRA (
http://aminet.net/package/dev/asm/ira)
Re: Amiga disassembly
Posted: Thu May 19, 2011 1:42 pm
by AriX
I know very little about assembly, 680000, or Amigas. But I'm poking through this to see if I can find anything interesting.
Notes so far:
LAB_1AED seems to be the function that sets up the genlock
LAB_14BC appears to deal with the DSR port (bit-banging!)
The labels LAB_14BC, LAB_14BD, and LAB_14BE seem to be part of a subroutine that reads the control data. When LAB_14BC is run, the DSR pin is read. If DSR is 0, D0 is set to 1. If DSR is 1, D0 is set to 0. (i.e. D0 is set to the opposite of the DSR pin)
Label LAB_14BF is a similar routine that sets D0 to 32 if the CD/DCD pin is 1, otherwise it sets D0 to 0.
[html]
<pre>
LAB_14BC:<br>
MOVEM.L D6-D7,-(A7) ;294b6: 48e70300 "back up" the contents of registers D6 and D7 to be restored later<br>
MOVEQ #0,D7 ;294ba: 7e00 set D7 to 0<br>
MOVE.B CIAB_PRA,D7 ;294bc: 1e3900bfd000 move one byte from CIAB_PRA (serial state) to D7<br>
BTST #3,D7 ;294c2: 08070003 if bit 3 (DSR) of register D7 is zero, set zero flag. otherwise, clear it.<br>
BEQ.S LAB_14BD ;294c6: 6704 if zero flag is false (DSR is non-zero), branch to LAB_14BD<br>
MOVEQ #1,D6 ;294c8: 7c01 set D6 to 1<br>
BRA.S LAB_14BE ;294ca: 6002 branch (BRanch Always) to LAB_14BE (skip LAB_14BD)<br>
LAB_14BD:<br>
MOVEQ #0,D6 ;294cc: 7c00 set D6 to 0<br>
LAB_14BE:<br>
MOVE.L D6,D0 ;294ce: 2006 move contents of D6 to D0<br>
MOVEM.L (A7)+,D6-D7 ;294d0: 4cdf00c0 "restore" registers D6 and D7<br>
RTS ;294d4: 4e75 return<br>
<br>
LAB_14BF:<br>
MOVEM.L D6-D7,-(A7) ;294d6: 48e70300 "back up" the contents of registers D6 and D7<br>
MOVEQ #0,D7 ;294da: 7e00 set D7 to 0<br>
MOVE.B CIAB_PRA,D7 ;294dc: 1e3900bfd000 move a byte from CIAB_PRA (serial state) to D7<br>
MOVEQ #0,D0 ;294e2: 7000 set D0 to 0<br>
MOVE.W D7,D0 ;294e4: 3007 move D7 (serial state) to D0<br>
MOVEQ #32,D1 ;294e6: 7220 set D1 to 32<br>
AND.L D1,D0 ;294e8: c081 set D0 to 32 if CD/DCD is true, otherwise 0<br>
MOVE.L D0,D6 ;294ea: 2c00 move D0 to D6<br>
MOVE.L D6,D0 ;294ec: 2006 move D6 to D0 (I don't know why this happens)<br>
MOVEM.L (A7)+,D6-D7 ;294ee: 4cdf00c0 "restore" the contents of registers D6 and d7<br>
RTS ;294f2: 4e75 return<br>
<br>
LAB_1AED:<br>
MOVE.B CIAB_PRA,D1 ;33aea: 123900bfd000 read one byte from CIAB_PRA to D1 (register 1)<br>
BTST #0,D1 ;33af0: 08010000 if bit 0 of D1 ("BUSY") is 0, set zero flag. otherwise, clear it.<br>
BNE.S LAB_1AED ;33af4: 66f4 if zero flag is set, branch to LAB_1AED (loop again)<br>
MOVE.B #$ff,CIAA_DDRB ;33af6: 13fc00ff00bfe301 set parallel port (CIAA_DDRB) to output (0xFF)<br>
MOVE.B D0,CIAA_PRB ;33afe: 13c000bfe101 write the byte in D0 to parallel port<br>
RTS ;33b04: 4e75 return<br>
</pre>
[/html]
Re: Amiga disassembly
Posted: Thu May 19, 2011 9:35 pm
by AriX
Man, this is REALLY tedious and confusing work. The only thing I have been able to figure out so far is one routine (LAB_099D) that reads a bit from DSR (I think) and sets something to "OPEN (OFF AIR)" if it's 0 and "CLOSED (ON AIR)" if it's one. And I have no idea what that means. Then it does a big, long, complicated routine that involves some interesting debug strings like: " CartSW: %s CartREL: %s VidSW: %s on_air: %s ", "insertime = %s, WINIT = 0x%04X ", " local_mode=%ld local_update=%ld LA_(mode=%d state=%d curEv=%d) laCur(curType=%d curEvent=%d) ", " CTime = %02d/%02d/%04d %2d:%02d:%02d%s, LATime = %04d ", " L_CHIP:%07ld FAST:%08ld MAX:%08ld ", " DATA: CMD CNT:%08ld CRC ERRS:%03ld LEN ERRS:%03ld BUF MAX:%0 5ld BUF CNT:%05ld", " CTRL: CMD CNT:%08ld CRC ERRS:%03ld LEN ERRS:%03ld BUF MAX:%0 5ld BUF CNT:%05ld "
I did find another interesting-looking routine (LAB_1571/LAB_1576) that reads byte 13 of the settings (VIN), checks something that I haven't figured out yet that may have to do with the VIN setting, reads a bit from DSR, and then sets something to 0, 1, or 2, somehow depending on the outcomes of the things it's checking. I think this is related to the other thing though, which is odd because these are the only two routines I see that are directly accessing the DSR.
It looks like LAB_08B7 is printf or sprintf... If I can figure that out, maybe I can figure out where the data that is being printf'ed/sprintf'ed in the strings above is coming from.
Re: Amiga disassembly
Posted: Sat May 21, 2011 11:50 am
by hen7713
AriX wrote:Man, this is REALLY tedious and confusing work. The only thing I have been able to figure out so far is one routine (LAB_099D) that reads a bit from DSR (I think) and sets something to "OPEN (OFF AIR)" if it's 0 and "CLOSED (ON AIR)" if it's one. And I have no idea what that means.
That would be for what I assume is the top half video
Re: Amiga disassembly
Posted: Sat May 21, 2011 7:55 pm
by AriX
I started using IDA for the disassembly instead of this text file, and I also found a few more routines that deal with the DSR, so I'll keep you guys updated. Also, if anyone's interested, I can share the IDA Pro 5.5 disassembly database if you want to see it/contribute.
Re: Amiga disassembly
Posted: Sat May 21, 2011 7:56 pm
by tin
A lot of the strings there are the ones displayed in diagnostic mode, and the cart and closed messages I think are related to the ability for the cableco to insert local video (the contact close on the back of the card is labelled cart sw.
Re: Amiga disassembly
Posted: Sat May 21, 2011 7:57 pm
by tin
AriX wrote:I started using IDA for the disassembly instead of this text file, and I also found a few more routines that deal with the DSR, so I'll keep you guys updated. Also, if anyone's interested, I can share the IDA Pro 5.5 disassembly database if you want to see it/contribute.
Yeah I would be interested. Is ere a way we can collaborate on it properly?
Re: Amiga disassembly
Posted: Sat May 21, 2011 8:31 pm
by AriX
tin wrote:AriX wrote:I started using IDA for the disassembly instead of this text file, and I also found a few more routines that deal with the DSR, so I'll keep you guys updated. Also, if anyone's interested, I can share the IDA Pro 5.5 disassembly database if you want to see it/contribute.
Yeah I would be interested. Is ere a way we can collaborate on it properly?
There is an IDA plugin called collabREate that is designed for collaborative reverse engineering. I may give that a try soon. Otherwise, we could just send the database back and forth :p
I would recommend finding yourself a copy of IDA Pro 5.5 and play around with it if you haven't already. I'm considering going in on an actual license to v6.1 with some friends, but it would be for the Mac version, because right now I only have the Windows version, and Windows is a pain (to me). Maybe I should get 8GB of RAM so I can run it better in a VM :p
Re: Amiga disassembly
Posted: Sun May 22, 2011 4:47 pm
by tin
Just clicked, the paralell port stuff is more than likely to control the genlock as I figured here
viewtopic.php?f=5&t=231&start=30#p1112 fits in with the other stuff about cart sw etc.
I had a look at the disassembly this afternoon but I don't think I am actually going to be of much use with this
Re: Amiga disassembly
Posted: Sun May 22, 2011 9:27 pm
by AriX
tin wrote:Just clicked, the paralell port stuff is more than likely to control the genlock as I figured here
viewtopic.php?f=5&t=231&start=30#p1112 fits in with the other stuff about cart sw etc.
Yeah, your post is why I assumed that.
tin wrote:I had a look at the disassembly this afternoon but I don't think I am actually going to be of much use with this
Don't worry about it! I'll still send you what I'm working on soon just in case you want to see it.