Assembly langauge code or C code

Hi Mike,

 

I don't think it is very clever at all, but I have never really tried to learn how to use it properly.

For the 08 I have only ever wanted to disassemble small sections of code and figured it was easier to  work on the first pass by hand than learn how to automate it.

Obviously with a job the size of venki's I would be reading every word of help I could find.

I was actually hoping someone more knowledgeable was going to jump in here and suggest some more powerful software (or methods) to achieve this.

 

 

 

 

Dear Mac,

Pls let me know the best way to get either c code or Assembly code from the file attached.

 

Regards

Venki

Hi venki,

 

I have already given you the assembly and told you how to do it yourself.

What Mac is saying (and I tend to agree it is possible) is that the code supplied looks as though it may have started out as C code.

It is very difficult to disassemble machine code to readable assembly, but it always possible due to the 1 to 1 relationship. It is virtually impossible to convert machine code to c code!

The problem that Mac is trying to point out is that if the code started from c code it makes the conversion of the machine code to assembly even more difficult than it already is.

If you really have to do this it is going to take many many hours of painstaking work. The difficulty level will depend on your knowledge of what it is actually supposed to do and the details of the hardware connected to the original MCU.

 

Dear Peg,

Our assembly code starts from $8000,which is starting address of Flash Memory then we should not have any confusion that assembly code  what we achieved is what we required.I will take pain of undestanding as i know the function & hardware well.Let me know what the upper half portion of code resembles.Please confirm whether the assembly code what we achieved is what we needed.

 

Regards

Venki

Hi venki,

 

Yes the FLASH is programmed starting at $8000 which is the start address of the flash for this device.

However programme execution starts at $80E8 as defined by the double byte programmed at $FFFE which is the reset vector. This makes sense in that the byte above this is RTS.

I have taken the trouble to form a rough vector table for you. Going through this table you can see that although all vectors have handler routines a lot of them simply disable that particular interrupt.

 

From here you can make a start at breaking the code up into small manageable chunks.

Another technique is to look for RTS and RTI and seperate out these subroutines.

One of the first things is to replace all the absolute addresses in the register areas and replace them with there register names.

 

The code above approx. $CF00 looks like it is data rather than code and there seems to be a lot of it. Does this make sense to have this much hard coded data?

 

Anyway, good luck I do not envy your job.

 

Dear Peg,

Rough Vector table which you have created correspond to opcode & operands of the instruction infront of it.I dont understand  how vectors are handled

 

Regards

Venki

Hi venki,

 

The vector table at the very top of memory holds the interrupt vectors for the various interrupt sources within the device. You should read the chapter on interrupts in the text I referenced before for a full explanation. I will attempt to give rough explanation here that glosses over some of the specifics and just give you the stuff you need now.

The vector table I gave you has three columns the first is the address within the device and the second column is the contents of that address, and the next, in word format. The third is the description

The simplest one is the reset vector at $FFFE. On power up or reset the programme counter will be loaded with the address stored here and execution will begin from there.

 

Another one is the SCIRX vector.

Say the programme is running and the serial port recieves a character. This character will need to processed quite quickly in case there are others coming in right behind it. The best way to do this is use interrupts. When setup, and the character comes in, a SCIRX interrupt will be generated and registers and the current address of programme execution is stored away in a piece of RAM called the stack. Then the programme counter is loaded with $85CC (in this case). Execution will then jump to there and continue until an RTI is found. This then gets the info back of the stack and the programme continues as before.

 

The code at 85CC (I haven't looked in this case) possible just stores the incoming character into a buffer and checks what it was to see if it should do anything else (possible a CR would mean the end of a string etc)

 

So in the code you should find many "interrupt routines" that start at addresses in the second column and continue up to a RTI. You could start here, seperate all the routines out from each other and work out which ones do something useful and which ones are just there for safety (just in case the interrupt should trigger even though it is not intended to do so).

 

I hope I have made some sense here and helped you out, you have a long, long way to go...

 

Dear Peg,

I apologise for not giving you correct information what i inteded to.What i mean to say is whatever address

(8564) is infront of Vector (FFDC) is opcode,operand of instuction(TPA) whose opcode is 85.

Refering to your vector table,

 

                                      Instuction           opcode     operand

FFDC 8564 timebase    TPA                      85
FFDE 85D7 adc             LSR 133,X           64              85
FFE0 85D2 kbi                STA                     D7             85D2
FFE2 85CF sci tx            TPA                     85
FFE4 85CC sci rx           STX $85CC         CF            85CC
FFE6 85B9 sci err           TPA                     85
FFE8 85B4 spi tx             ADC $85             B9            85
FFEA 85AD spi rx            AND $85             B4            85  
FFEC 8594 tim2 oflow     BSR *-121          AD            85
FFEE 858F t2ch1             TXS                     94
FFF0 858A t2ch0              TPA                     85
FFF2 8571 t1 oflow           WAIT                   8F
FFF4 856C t1ch1              TPA                     85
FFF6 8567 t1ch0               PULH                  8A
FFF8 855F pll                    TPA                    85
FFFA 855A irq                    DECX                5A
FFFC 80E8 swi                  EOR 128,X        E8           80    
FFFE 80E8 reset               EOR 0,X            E8           00

 

I Feel you have formed a vector table (Address) with opcode & operand of instuction in front of it.

 

Regards

Venki

Hi venki,

 

No! What I have done is correct!

The disassembler does not know about the flash area reserved for the vector table so it has simply blindly attempted to convert the data here into code.

The note I made before about the code after a certain address being data is similar to this. The programmer was using an area of flash for data (not code) but the disassembler does not know about this either and just blindly attemps to convert it. You will see many illegal opcodes in this area. This is also a problem in that it takes some time for the disassemble to fall back into sync after these areas.

 

Dear Peg,

As we noticed code above $CF00 Contains data.It is not fair enough to have so much hard coded data

in flash.1)What are the different options to keep these data?

            2) Means of transfering this data

 

Regards

Venki

Hi venki,

 

You can have as much hard coded data as you like (as long as it fits)

I was simply asking whether this made sense to you knowing what this thing does.

I would leave this section till last anyway. That way hopefully you will uncover the routines that make use of the data and this may then help to seperate it into logical sections etc. Knowing the connected peripheral devices would help. For instance if there is an attached LCD there would normally be a number of text strings that would appear on it, so you would be looking at decoding the data as if it were ASCII. Or it could be calibration data or a big lookup table etc etc.....

 

 

 

 

 

Dear Mac,

assembler used is CW C compiller.I dont know how to get assembler directive & string data.Whatever String you have sent is exactly what we get on hyperterminal connected to rs-232 port.Please help me out to get string address table,string data.

 

Regards

Venki

Hi venki,

 

It is easy to spot these blocks of strings by eye as they contain hex values restricted to the 2X to 7X range (printable ASCII) with the occasional string terminator. Usually loaded towards the 4x to 7x range of upper and lower case letters as well.

So you just put a line break after the terminator ($00 in this case) then sit there with a paper ASCII table and do the conversion by hand. Then change it to the lines to feed into an assembler as Mac has demonstrated. There maybe some tool available to do this or you could probably write some script to do it or maybe just get stuck in and do it the hard way. I already warned you it wasn't going to be easy!

 

Dear Peg,

Pls help me out to understand the code in attached file.

 

Regards

Venki

 

 

Hi venki,

 

Had a quick look and made some comments prefixed with Peg,

 

Dear Peg,

Thanks it is clear now.

 

Regards

Venki