Calum

I T'm looking for a C++ programmer with mad skills and free time. The disassembler I use for initial B13/S13 (and soon B14) rom disassembly is broken. The problem (and disassembler with source code) is in this thread (different forum), along with my description of what is broken:

http://eccs.hybridka.com/viewtopic.php?t=75&start=30

I just don't have enough time to work on this, and I'm not very fast at anything to do with C++. If you think you can fix this, please reply in this thread. If succesfull I can compensate your time with spare ecu stuff or paypal.

Peanuthead

Calum, looks like you need to register for the site.

__________________
'92 Super Black Se-r w/ just mods - SOLD
'91 Super Black Se-r stock (for now )
"I'm more afraid of being nothing then I am of being hurt."

Calum

Sorry, I didn't realize that. Let me repost the problem here, in a nutshell:

The 7700-series mcus (what a B13 and B14 uses) are hard to disassemble because the processor can either run in 8 or 16 bit modes (as indicated by the m and x flags), and you have to know the mode to correctly disassemble each line (icky!). This means a straight disassembler is of limited use because you would have to manually walk the disassembler through the binary and tell it when the mode has changed. A dude in Japan (Mr. Kashima) wrote a simple straight disassembler (DASM77), but again, you have to manually walk it through the binary. It also doesn't know any specific registers to the 7790 (the specific mcu model used in the B13) so the output is hard to read.

Soooo, this other cool guy (Erich) wrote a C++ program that 'walks' DASM77 through the binary, and also parses the output correctly for the 7790 and notes which blocks are called by what. Way cool, but it has a problem. As it walks through the code it maintains a stack of starting addresses of code blocks that it still needs to disassemble, and the correct state of the m and x flags. When it finishes a block it moves down the stack, and every time it hits a branch or jump command it adds the destination to the stack (with the flags). All cool, except jumps can modify the flags (they return to the current block!), so they must be skimmed first to see if the flags need to be changed before proceeding further with the current block.

This next is a cut and paste from the other forum describing the exact problem:

---
What I'd like it to do is change how it handles jumps. Right now it just adds branches and jumps to the stack, both in the same manner. The problem is that branches don't affect future code, but jumps do because the jump is executed before the next line of code. So if the jump changes the X or M flags then RTS, that needs to be tracked before moving down. What I would like is to change the jump handling so it adds the jump to the stack like normal, then does a quick pass through the jump code (ignoring any branch instructions, but following new jmp instructions) checking for X and M changes, the on the end of the jump passes the changes back and continues with the original block. The jump would still get handled like normal later.

The example code below illustrates what I think the problem is:

I added outputs to the program so you can see what its doing as it disassembles. Here's how it handles the block:

In this case the "jsr 0xbcac" on line 00B982 works out correctly because that jump doesn't change the X or M flags, but had it the next branch added to the stack would have been added with the wrong flag. It should scan the jump for changes to the flags before moving to the next branch.
---

I've attached DASM77 and the code for Erich's program (with the debug lines I added to watch what it was doing, remove them of course to make it run correctly). Usage for the disassembler is '*** filename offset', so for a B13 type this is *** filename 8000. The output is just printf, not pointed to a file, so you have to manually pipe it to a file.

Are you intrested in working on this? Erich is too busy and I just haven't had time either.

http://www.calumsult.com/calumsu/***.zip

micra_pete

pd77sim not working well enough for you calum? i'm having the same issue, im trying to get through it all in ida, but its taking some time and checking

Calum

Yea, I don't think pd77sim correctly disassembles either, I think it doesn't trace the X and M flags. That and I like the output parsed for the 7790. It should be easy to port it to the other 77xx versions too.

I still have the problem in IDA of it covering up the actual hex of the consult commands, and I also suspect IDA isn't dealing with the X and M flags correctly either. I always end up with chunks of code not disassembled. I gave up on IDA, Erich's disasm will work for me if this little bug can be ironed out.

I need something that will spit out code that is correct and relinkable downstream. Long term I really want to add a new consult command. The R/W signal is carried out to the 40-pin header, if you follow where I'm heading.

micra_pete

aye i know what you mean, in may be telling you how to suck eggs here, but using alt-g, in IDA you can specify flags, its not easy to work through, i do still use pd77sim to work through it though, i know what you mean about it covering up hex too, i still haven't figured that out, i use a couple of disassemblies to work through it, im more interested in getting my address list filled out so to speak and knowledge of the ecu sorted before i start re-writing the code too much.

micra_pete

but thats getting ot, we'll talk later