Developing a disassembler. Send me your binaries to test

This is where the BIN Hackers and definition junkies discuss the inner workings of the EEC code and hardware. General tuning questions do not go here. Only technical/hardware-specific/code questions and discussions belong here.

Moderators: cgrey8, EDS50, Jon 94GT, 2Shaker

tvrfan
Tuning Addict
Posts: 348
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: Developing a disassembler. Send me your binaries to test

Post by tvrfan » Mon Sep 15, 2014 3:55 pm

BillMarkViii wrote:Have you also used the interrupt table and background tables to find function entry points?

Many of those are never entered by 'foreground' code.
Yes - SAD starts with a code scan from 0x2000, and then adds scans for each interrupt vector at 0x2010 onwards.

Whenever it finds a PUSHW opcode, it then checks to see if the PUSH address is a list of subroutines - which mostly works right. I need to add some more logic around this as it sometimes screws up.

For multibanks and 8065 does the same, but longer interrupt list, and only one bank will have a true jump, which is bank 8, others are loopstops.

Andy.
TVR, Triumph (cars), kit cars, classics. Ex IT geek, development and databases.

https://github.com/tvrfan/EEC-IV-disassembler

tvrfan
Tuning Addict
Posts: 348
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: Developing a disassembler. Send me your binaries to test

Post by tvrfan » Mon Sep 15, 2014 4:12 pm

decipha wrote:how can you multiply an equation in the directive file?
lets say I need x*512
recip is V +0.001953125 but your only allowed 3 decimals
???
Sorry, but not sure what you mean.

At the moment you can specify a 'scale' for DATA values, expressed as a DIVISOR, and it's not a true float, but 3 digits fixed point.
I did this originally for A/D to volts in func/tab displays (V 12800), and ignition timing (v 4), etc. where the values are binary scaled

I didn't think of a multiplier being required, but could always add it in, and look at changing to a true float calc.


Can you give me a bit more info on what you are doing/trying ?

Thanks.

Andy.
TVR, Triumph (cars), kit cars, classics. Ex IT geek, development and databases.

https://github.com/tvrfan/EEC-IV-disassembler

ranga83
Gear Head
Posts: 53
Joined: Thu Jan 03, 2013 8:33 am

Re: Developing a disassembler. Send me your binaries to test

Post by ranga83 » Sun Oct 05, 2014 4:58 am

tvrfan wrote:
ranga83 wrote:
tvrfan wrote: Sometimes SAD doesn't recognise the routine which does the table and function accesses, or it misses a chunk of code which calls that routine for a table - these are the kind of things I am trying to sort out for next release. Some of the subroutines which have embedded parameters are difficult to decipher...
This applies to all bins, but the later multibanks have some clever code tricks that have so far resisted my attempts to crack them, so they are, unfortunately, more likely to have bits missed.
so the tables it did find ARE actually tables the eec uses? if so then that's great because those addresses haven't been defined yet.
Yes, should be. SAD looks for the subroutines which are used to read tables, and functions. I did this because the code used is exactly the same (almost) over all the bins. [ Once you have a good fast solution, why change it ? ] . From these subroutines, SAD then logs any addresses fed in to those subrotuines and analyses them to see if they are a table or function. It's possible, but not likely, that it may get one wrong, but it should be obvious from the data. (for clarification - tables are 2D , two lookup variables, functions are 1D, one lookup variable)
just checking what I think is correct, what is labelled as a "byte or word" in the lst would they be scalars and switches in the binary? might have been covered before and I didn't see it (tired eyes and laptop don't mix)
cheers

Mburns212
Gear Head
Posts: 8
Joined: Mon Nov 17, 2014 7:52 am

Re: Developing a disassembler. Send me your binaries to test

Post by Mburns212 » Sun Dec 28, 2014 12:29 pm

Not sure if you are still developing this tool, but if you are here are two binaries from a Puma 1.7 variable cam timing. Both use same stratergy, one from a standard puma 125bhp, one from a Ford racing puma 155bhp (still an oem ford file).

Ive tried them in various file sizes in TSAD and SAD but i get an error.

Regards
Martin
Attachments
ford puma.rar
(147.56 KiB) Downloaded 735 times

decipha

Re: Developing a disassembler. Send me your binaries to test

Post by decipha » Tue Dec 30, 2014 9:08 am

hey andy I think I found a bug in the comments file on 4 bank bins

any unidentified bank or incorrectly labelled bank (bank 3,7,etc...) or anything you comment for bank 8 shows up in bank 9

bank ordered

0
1
9
8

also, SAD.pdf incorrectly shows the bank number after the address instead of before

tvrfan
Tuning Addict
Posts: 348
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: Developing a disassembler. Send me your binaries to test

Post by tvrfan » Thu Jan 01, 2015 3:30 am

Thanks for bug reports - Life has thrown a few unexpected things at me, so I have been quiet for a while.
I do still intend to continue with SAD, but it may be a while yet before I get back into driver's seat.
TVR, Triumph (cars), kit cars, classics. Ex IT geek, development and databases.

https://github.com/tvrfan/EEC-IV-disassembler

decipha

Re: Developing a disassembler. Send me your binaries to test

Post by decipha » Thu Jan 01, 2015 5:17 am

I hear ya, I myself have been doing too much with the holidays to spend any appreciable time messing with anything too involved

btw, I also have a thought on trying to automate some more code when you get a chance

tvrfan
Tuning Addict
Posts: 348
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: Developing a disassembler. Send me your binaries to test

Post by tvrfan » Thu Jan 01, 2015 6:15 pm

decipha wrote:hey andy I think I found a bug in the comments file on 4 bank bins
any unidentified bank or incorrectly labelled bank (bank 3,7,etc...) or anything you comment for bank 8 shows up in bank 9
bank ordered 0,1,9,8 also, SAD.pdf incorrectly shows the bank number after the address instead of before
Yeah, I don't think comments bank+address verification always kept up with other changes, so I'm not too surprised.
Also, I suspect that bank 9 before bank 8 in the order may further mess things up for any following comments after this happens.

Must update the help doco too - I moved the bank number position to try to make numbering&addressing more consistent.

Thanks again...

I have now realised to handle some of the 'clever' code, especially around stack and subroutine params, I will have to emulate some of the code - this means some *big* changes (as mentioned above). I was also trying to make the bank stuff generic for all 16 possible banks. I know this never happens, but it actually makes SAD simpler in the long run, so less errors - I hope.

I got a way in to this and then progress was halted....back to it soon I hope.
TVR, Triumph (cars), kit cars, classics. Ex IT geek, development and databases.

https://github.com/tvrfan/EEC-IV-disassembler

ender11
Gear Head
Posts: 58
Joined: Fri Jan 06, 2012 10:14 am
Location: Krasnoyarsk, Russia

Re: Developing a disassembler. Send me your binaries to test

Post by ender11 » Thu Jan 08, 2015 2:50 pm

Hello Andy, hope you are OK.
I can't understand, how can I define the following situation: say, sub at 0x4932 uses R22 as an index. and is called with R22=0. then, it is called with R22=2.
What can I do to receive more 'clean' listing?

decipha

Re: Developing a disassembler. Send me your binaries to test

Post by decipha » Fri Jan 09, 2015 10:47 am

is that just arguments passed to it? you can use the args command in the directive file if so

I suppose it would help us understand what your trying to do if we knew what the routine was doing with r22
can you post the routine

ender11
Gear Head
Posts: 58
Joined: Fri Jan 06, 2012 10:14 am
Location: Krasnoyarsk, Russia

Re: Developing a disassembler. Send me your binaries to test

Post by ender11 » Fri Jan 09, 2015 2:47 pm

ok, here it is:

Code: Select all

  Sub103:
493a: 38,9e,02          jb    B0,R9e,493f    if (!B0_R9e)  {
493d: 28,fd             scall 4a3c           Sub104(); }
493f: 31,27,08          jnb   B1,R27,494a    if (B1_R27)  {
4942: 01,18             clrw  R18            R18 = 0;
4944: 01,1c             clrw  R1c            R1c = 0;
4946: 01,3c             clrw  R3c            R3c = 0;
4948: 20,72             sjmp  49bc           goto 49bc; }
494a: a3,72,f4,34       ldw   R34,[R72+f4]   R34 = [174];
494e: 6c,be,34          ml2w  R34,Rbe        R34L *= RPMx4;
4951: af,f2,07,34       ldzbw R34,[Rf2+7]    R34 = (uns)[8fc9];
4955: 6c,36,34          ml2w  R34,R36        R34L *= R36;
4958: 0c,01,34          shrdw R34,1          R34 = R34L / 2;
495b: 88,00,36          cmpw  R36,0          
495e: df,03             je    4963           if (R36 != 0)  {
4960: bd,ff,34          ldsbw R34,ff         R34 = (int)ff; }
4963: 11,30             clrb  R30            R30 = 0;
4965: a3,72,ea,32       ldw   R32,[R72+ea]   R32 = [16a];
4969: a0,9a,38          ldw   R38,R9a        R38 = R9a;
496c: 2f,4d             scall 48bb           Sub105();
496e: c0,18,38          stw   R38,R18        R18 = R38;
4971: 17,30             incb  R30            R30++;
4973: a3,72,fe,38       ldw   R38,[R72+fe]   R38 = [17e];
4977: 2f,42             scall 48bb           Sub105();
4979: c0,1c,38          stw   R38,R1c        R1c = R38;
497c: 17,30             incb  R30            R30++;
497e: a0,98,38          ldw   R38,R98        R38 = R98;
4981: 2f,38             scall 48bb           Sub105();
4983: c0,16,38          stw   R38,R16        R16 = R38;
4986: 30,2b,07          jnb   B0,R2b,4990    if (Undsp)  {
4989: ef,15,eb          call  34a1           UUByteLU(Func73,ECT,);
498c: 78,60,c0,00       #args                }
4990: 11,30             clrb  R30            R30 = 0;
4992: b0,21,31          ldb   R31,R21        R31 = R21;
4995: 01,32             clrw  R32            R32 = 0;
4997: b3,f2,34,34       ldb   R34,[Rf2+34]   R34 = [8ff6];
499b: 7f,f2,3a,34       ml2b  R34,[Rf2+3a]   R34 *= [8ffc];
499f: 8c,34,30          divw  R30,R34        R30 = R30L / R34;
49a2: a0,18,3c          ldw   R3c,R18        R3c = R18;
49a5: 2f,64             scall 490b           Sub106();
49a7: c0,18,3c          stw   R3c,R18        R18 = R3c;
49aa: a0,1c,3c          ldw   R3c,R1c        R3c = R1c;
49ad: 2f,5c             scall 490b           Sub106();
49af: 30,1e,02          jnb   B0,R1e,49b4    if (B0_R1e)  {
49b2: 03,3c             negw  R3c            R3c = -R3c; }
49b4: c0,1c,3c          stw   R3c,R1c        R1c = R3c;
49b7: a0,16,3c          ldw   R3c,R16        R3c = R16;
49ba: 2f,4f             scall 490b           Sub106();
49bc: 71,df,a3          an2b  Ra3,df         Ra3 &= df;
49bf: 39,27,16          jb    B1,R27,49d8    if (!B1_R27)  {
49c2: 3d,2a,13          jb    B5,R2a,49d8    if (!Self_test)  {
49c5: 8b,fe,06,3c       cmpw  R3c,[Rfe+6]    
49c9: db,10             jc    49db           if ((uns) R3c >= [9ca8]) goto 49db;
49cb: a3,fe,06,3c       ldw   R3c,[Rfe+6]    R3c = [9ca8];
49cf: a1,00,80,16       ldw   R16,8000       R16 = 8000;
49d3: c3,23,94,01,16    stw   R16,[R22+194]  [R22+194] = R16; } }
49d8: 91,20,a3          orb   Ra3,20         Ra3 |= 20;
49db: a3,72,fc,1e       ldw   R1e,[R72+fc]   R1e = [17c];
49df: fa                di                   disable ints;
49e0: ff                nop                  
49e1: c3,23,84,01,18    stw   R18,[R22+184]  [R22+184] = R18;
49e6: c3,72,fa,1e       stw   R1e,[R72+fa]   [17a] = R1e;
49ea: c3,23,88,01,1c    stw   R1c,[R22+188]  [R22+188] = R1c;
49ef: c7,b6,df,20       stb   R20,[Rb6+df]   [35f] = R20;
49f3: c7,b6,e0,21       stb   R21,[Rb6+e0]   [360] = R21;
49f7: fb                ei                   enable ints;
49f8: c3,23,80,01,3c    stw   R3c,[R22+180]  [R22+180] = R3c;
49fd: f0                ret                  return;
and how it's called:

Code: Select all

488c: 01,22             clrw  R22            R22 = 0;
488e: 2e,e8             scall 4778           Sub79();
4890: 71,fe,9e          an2b  R9e,fe         B0_R9e = 0;
4893: 28,a5             scall 493a           Sub103();
4895: af,fa,47,22       ldzbw R22,[Rfa+47]   R22 = (uns)[99bf]; //[99bf]=2
4899: 31,22,02          jnb   B1,R22,489e    if (B1_R22)  {
489c: 28,9c             scall 493a           Sub103(); }

decipha

Re: Developing a disassembler. Send me your binaries to test

Post by decipha » Fri Jan 09, 2015 8:39 pm

cant you just assign that subroutine a name? I dont understand what your trying to do, maybe someone else will chime in

Unrelated, I dont see why they would do this, Instead of just loading a word, specifically since its time critical??

49ef: c7,b6,df,20       stb   R20,[Rb6+df]   [35f] = R20;
49f3: c7,b6,e0,21       stb   R21,[Rb6+e0]   [360] = R21;

ender11
Gear Head
Posts: 58
Joined: Fri Jan 06, 2012 10:14 am
Location: Krasnoyarsk, Russia

Re: Developing a disassembler. Send me your binaries to test

Post by ender11 » Sat Jan 10, 2015 4:17 pm

Code: Select all

49d3: c3,23,94,01,16    stw   R16,[R22+194]  [R22+194] = R16; } }
49e1: c3,23,84,01,18    stw   R18,[R22+184]  [R22+184] = R18;
49ea: c3,23,88,01,1c    stw   R1c,[R22+188]  [R22+188] = R1c;
R22 is defined where sub is called. It have a value of 0x00 or 0x02. thus I can't define memory locations, say, 0x0184 and 0x0186, so they appear in the listing at 0x49e1.
would you like to take a look at the binary? it's 0GGA I posted above.
to 'stb stb': maybe, that was a single 'stb' there, then they extended it :)

decipha

Re: Developing a disassembler. Send me your binaries to test

Post by decipha » Sun May 10, 2015 10:12 pm

Hey Andy, I've found a rather large problem with the disassembler

the opcode 45 isn't being resolved to an address

any chance of posting a quick update?

btw, I figured out that if the banks are structured 0,1,8,9 then the comments and directives work fine otherwise it won't function with 8 and 9 swapped

shoot me back an email decipha at efidynotuning dot com

jsa
Tuning Addict
Posts: 492
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

SAD and File Naming

Post by jsa » Sun Jun 28, 2015 11:53 pm

I've been having problems with SAD which I have finally nailed down.

My bin file names had quite descriptive names exceeding 27.3

Turns out, SAD can only handle up to 27 characters on the input file name.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

ender11
Gear Head
Posts: 58
Joined: Fri Jan 06, 2012 10:14 am
Location: Krasnoyarsk, Russia

Re: Developing a disassembler. Send me your binaries to test

Post by ender11 » Wed Jul 01, 2015 12:07 pm

sometimes it works, sometimes no:

Code: Select all

sym 737a "ROM1"
sym 8fd2 "BASEMD"

Code: Select all

3e15: 6f,f2,10,3c       ml2w  R3c,[Rf2+10]   R3cL *= [8fd2];
and then:

Code: Select all

7359: a1,7a,73,42       ldw   R42,737a       R42 = ROM1;
don't sure if it is affected by index register

jsa
Tuning Addict
Posts: 492
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: Developing a disassembler. Send me your binaries to test

Post by jsa » Thu Jul 02, 2015 12:02 am

I see significant differences in SAD output depending on if the input file is the upper 56k or whole 64k.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

dant
Gear Head
Posts: 1
Joined: Tue May 05, 2015 5:58 pm
Location: Australia

Re: Developing a disassembler. Send me your binaries to test

Post by dant » Wed Aug 05, 2015 3:44 pm

Sad doesn't seem to support converting functions with different divisors in each column to human readable decimal output. eg. My RPM scaler table requires the first column to be divided by 4 and the second column by 128, entering something like below just takes the last 'V' argument as the divisor for the whole func making the values wrong

Code: Select all

func  716A 7185 "Scaler_for_RPM" :W V+4 V+256
Here's how it looks (applies wrong divisor to first column)

Code: Select all

  Scaler_for_RPM:
716a: ff,ff,00,0b  func         256   ,   11 
716e: 20,4e,00,0b  func          78.12,   11 
7172: 80,3e,00,0a  func          62.5 ,   10
7176: e0,2e,00,06  func          46.88,    6
717a: a0,0f,00,02  func          15.62,    2
717e: 40,06,00,00  func           6.25,    0
7182: 00,00,00,00  func           0   ,    0
Something like this would be ideal

Code: Select all

  Scaler_for_RPM:                                       /4      /128
716a: ff,ff,00,0b  func        ffff,  b00          # 16383.75	  11
716e: 20,4e,00,0b  func        4e20,  b00          #  5000	     11
7172: 80,3e,00,0a  func        3e80,  a00          #  4000	     10
7176: e0,2e,00,06  func        2ee0,  600          #  3000	      6
717a: a0,0f,00,02  func         fa0,  200          #  1000	      2
717e: 40,06,00,00  func         640,    0          #   400	      0
7182: 00,00,00,00  func           0,    0          #     0	      0
EDIT: I got it working thanks to deciphas write up, it needs to be formatted like this:

Code: Select all

func  716A 7185 "Scaler_for_RPM" :W V+4  :W V+256
EEC-IV & V Falcons

tvrfan
Tuning Addict
Posts: 348
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: Developing a disassembler. Send me your binaries to test

Post by tvrfan » Wed Sep 23, 2015 12:26 am

I was about to post that explanation - by default, if you only specify one set of params for a function, which always has two columns, SAD duplicates the params to make 2 levels - looking at this again, I did that because it was simple, but perhaps I should drop the 'V' in the auto copy.....

Note that a few functions appear where one column is signed, and one column is not, use an 'S' for signed values, unsigned is default.

Still working on a new version when I have the time - Discovered quite a bit that doesn't work automatically at the moment in the various bins.
Trying out a totally different way of solving the code - very slow progress, the ordinary old A9L is still a tough nut to crack, it seems to have a lot of programmer 'fiddles'. If I can solve that automatically, then I'll be happy. Still have some other issues with variable parameter subroutines to crack.

I have added true floating point for V command, and am considering auto types for AD voltages, and have noted the bugs reported here. Picked up a few others whilst updating and testing.
I agree, I think there is something weird in the 56k to 64k, haven't found it, but new version does analysis differently anyway.
Yep, original arrays for filenames were 32 characters - will extend in new version to Windows standard (253 I think).

Tried to make the new version simpler as well -

Banks are always printed in order 0,1,8,9 independent of the binary file order. This makes stuff like comments much easier to deal with. Made addresses simpler with a 5 digit hex number, (i.e. 12563 = 2563 in bank 1, 823B6 = 23B6 in bank 8 ) and used it everywhere. Still prints 4 digit for single bank, but 82000 in a command will work (=2000) as single banks treated as bank 8.

A soon as I get a reliable version, I'll post it here for you guys to play with.

Andy
TVR, Triumph (cars), kit cars, classics. Ex IT geek, development and databases.

https://github.com/tvrfan/EEC-IV-disassembler

jsa
Tuning Addict
Posts: 492
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: Developing a disassembler. Send me your binaries to test

Post by jsa » Wed Sep 23, 2015 2:49 am

Great to here from you Andy.

Also good to here your making progress.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

decipha

Re: Developing a disassembler. Send me your binaries to test

Post by decipha » Fri Sep 25, 2015 1:15 pm

Hey Andy welcome back!!!

Any chance you can post an el quicko update where the ldw opcodes get resolved to an address ? That would make a HUGE improvement in the amount of time I spend following out addresses

If its not 'that easy' don't bother but figured it wouldn't hurt to ask

also, is there any chance you will allow the disassembler to spit out a listing similar to that of the old bill lawrence disassembler for those that prefer that type of listing? That would be a SIGNIFICANT help.

tvrfan
Tuning Addict
Posts: 348
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: Developing a disassembler. Send me your binaries to test

Post by tvrfan » Sun Sep 27, 2015 2:50 pm

decipha wrote:Hey Andy welcome back!!!
Any chance you can post an el quicko update where the ldw opcodes get resolved to an address ? That would make a HUGE improvement in the amount of time I spend following out addresses If its not 'that easy' don't bother but figured it wouldn't hurt to ask
also, is there any chance you will allow the disassembler to spit out a listing similar to that of the old bill lawrence disassembler for those that prefer that type of listing? That would be a SIGNIFICANT help.
Can you give me an example of where the ldw doesn't work ? I don't think I've seen that before (but could be my bad memory !!), so could be a bug.
Currently SAD should resolve addresses to names always, even for registers, and for indexed and indirect addresses. (indexed addresses (like A9L) will work if an RBASE command is made)

Bill L disassembler - You can switch off the source code listing part now by taking away the 'C" in the opts command , but please give me a short example and I'll see if it can be done...
(default is opts : P N S C = auto subroutine names, auto interrupt names, source code, look for (and name) 'signature' subroutines (e.g. table lookup))
TVR, Triumph (cars), kit cars, classics. Ex IT geek, development and databases.

https://github.com/tvrfan/EEC-IV-disassembler

decipha

Re: Developing a disassembler. Send me your binaries to test

Post by decipha » Mon Sep 28, 2015 11:37 am

Code: Select all

9 39f7: c3,d4,3a,30       stw   R30,[Rd4+3a]   [4ba] = x30;
9 39fb: a1,38,72,36       ldw   R36,7238       x36 = func_X_Scaling_RPM_VE_Corr; // X RPM Scaling VE Correction
9 39ff: a0,23,38          ldw   R38,R23        x38 = xRPMx;
9 3a02: ef,cf,e8          call  22d4           subr_IntWdLU_X38_F36_O3c();
9 3a05: a0,3c,24          ldw   R24,R3c        x24 = x3c;
9 3a08: a1,54,72,36       ldw   R36,7254       x36 = func_Y_Scaling_Load_VE_Corr; // Y Load Scaling VE Correction
9 3a0c: a3,d4,3a,38       ldw   R38,[Rd4+3a]   x38 = [4ba];
9 3a10: ef,c1,e8          call  22d4           subr_IntWdLU_X38_F36_O3c();
9 3a13: a0,3c,26          ldw   R26,R3c        x26 = x3c;
9 3a16: a0,24,34          ldw   R34,R24        x34 = x24;
9 3a19: a0,26,36          ldw   R36,R26        x36 = x26;
9 3a1c: ad,06,38          ldzbw R38,6          x38 = (uns)6;
9 3a1f: 45,ec,11,fe,3c    ad3w  R3c,Rfe,11ec   x3c = 8498;                    //Tbl_EngineTQ
9 3a24: ef,1d,eb          call  2544           subr_EngTqLookup();
9 3a27: c0,28,3e          stw   R3e,R28        x28 = x3e;
9 3a2a: 89,ff,7f,28       cmpw  R28,7fff       
9 3a2e: d1,04             jleu  3a34           if ((uns) x28 > 7fff )  {
9 3a30: a1,ff,7f,28       ldw   R28,7fff       x28 = 7fff; }
9 3a34: c3,d4,30,28       stw   R28,[Rd4+30]   [4b0] = x28;
9 3a38: a3,d4,34,34       ldw   R34,[Rd4+34]   x34 = [4b4];
9 3a3c: c3,d4,36,34       stw   R34,[Rd4+36]   [4b6] = x34;
9 3a40: a3,d4,32,34       ldw   R34,[Rd4+32]   x34 = [4b2];
9 3a44: c3,d4,34,34       stw   R34,[Rd4+34]   [4b4] = x34;
9 3a48: c3,d4,32,28       stw   R28,[Rd4+32]   [4b2] = x28;
9 3a4c: a0,24,34          ldw   R34,R24        x34 = x24;
9 3a4f: a0,26,36          ldw   R36,R26        x36 = x26;
9 3a52: ad,06,38          ldzbw R38,6          x38 = (uns)6;
9 3a55: 45,34,12,fe,3c    ad3w  R3c,Rfe,1234   x3c = 84e0;                    //EngineTqFriction Table//
9 3a5a: ef,e7,ea          call  2544           subr_EngTqLookup();
9 3a5d: a0,3e,2c          ldw   R2c,R3e        x2c = x3e;
9 3a60: a1,1e,4d,36       ldw   R36,4d1e       x36 = Func_X_ECT_MBT;
9 3a64: b0,79,38          ldb   R38,R79        x38 = ECT;
9 3a67: ef,be,e6          call  2128           subr_IntByLUSig_X38_F36_O3c();
9 3a6a: 09,04,3c          shlw  R3c,4          x3c *= 10;
you can see 45 isn't resolving to a full address almost as if it doesn't know to reference bank 1 by default, perhaps it assumes bank 8 as per single bank? just a hunch
but 4 bank would default bank 1

tvrfan
Tuning Addict
Posts: 348
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: Developing a disassembler. Send me your binaries to test

Post by tvrfan » Tue Sep 29, 2015 6:08 pm

Ah, right. I see. Thanks, that snapshot helps !

From that snapshot, I see Rfe is detected as an RBASE register, and I can easily believe there is a bug in there, where SAD is using current 'code' bank (=8) instead of data bank.
You could try command RBASE fe 1 <address> (I think that's right....) and see if that fixes it. Not sure if that will work, but worth a try.

I did note a few bugs around auto detection of various stuff with multibanks - one I have fixed was around subroutine task lists, a couple of binaries I use for testing have the actual list in the data bank, but call subrs in bank 8.
TVR, Triumph (cars), kit cars, classics. Ex IT geek, development and databases.

https://github.com/tvrfan/EEC-IV-disassembler

tvrfan
Tuning Addict
Posts: 348
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: Developing a disassembler. Send me your binaries to test

Post by tvrfan » Thu Oct 01, 2015 1:18 pm

Now I remember,

One of the reasons I went to 5 digit addresses was because there were a few places where it was hard to keep track of the bank when original calculations were all done in 16 bit.
This showed up in a few places, especially when subroutine was in say bank 8, and it called a task list in bank 1 which referred back to bank 8.
I could have decreed that data was always in Bank 1, which does seem to be true so far, but even the old A9L has some data lookups in the middle of the code, so I decided not to do that.
The best solution was to roll the bank number into the main address and treat it as a single value.
So all internal addresses are now 5 digits, 20 bit, so they will handle a full 16 bank range, and bank number is always embedded within the address (even for single banks).
This was extended to command structure. so it's all consistent throughout.
This gave me a neater and faster way to decode/access the banks as laid out in the binary file, so it was a good thing in several ways.

So it may not be possible to fix that RBASE bug in older versions of SAD.

New version - I think I've found the weird annoying crash, and I'm trying it out on a range of bins right now. If it survives, I'll probably release a test copy early for you guys, just be aware it's not fully tested and may go nuts - but then you will probably find stuff I won't !!
TVR, Triumph (cars), kit cars, classics. Ex IT geek, development and databases.

https://github.com/tvrfan/EEC-IV-disassembler

decipha

Re: Developing a disassembler. Send me your binaries to test

Post by decipha » Fri Oct 02, 2015 1:10 pm

cool, can you email it to me when you do 'release' it?

jsa
Tuning Addict
Posts: 492
Joined: Sat Nov 23, 2013 7:28 pm
Location: 'straya

Re: Developing a disassembler. Send me your binaries to test

Post by jsa » Fri Oct 02, 2015 4:41 pm

That'd be great Andy, then I can go back to my show stopping, LOL, story in a file name system.
Cheers

John

95 Escort RS Cosworth - GHAJ0 / ANTI on a COSY box code
Moates QH & BE
ForDiag

tvrfan
Tuning Addict
Posts: 348
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: Developing a disassembler. Send me your binaries to test

Post by tvrfan » Tue Oct 06, 2015 3:21 pm

Hop over to the "who is disassembling 8061 or 8065 thread, and I have posted the source code of a previous version of SAD. Download and enjoy the terrible 'C' code !!
TVR, Triumph (cars), kit cars, classics. Ex IT geek, development and databases.

https://github.com/tvrfan/EEC-IV-disassembler

decipha

Re: Developing a disassembler. Send me your binaries to test

Post by decipha » Tue Oct 13, 2015 12:12 pm

hey andy any chance you can add in the message file if the comments file has an error like the directive file would list, by error i mean any address that isn't sequential

I have a bad habit of mixing up 8 and A when i type, in my head i know whats correct but my hand has a separate mind of its own lol

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests