diff --git a/doc/caldump.txt b/doc/caldump.txt new file mode 100644 index 000000000..302698d60 --- /dev/null +++ b/doc/caldump.txt @@ -0,0 +1,85 @@ +0x4051b4 is the base that all the radioinit entries get offset from + + +r7 base +(gdb) x/128x $r7 +0x4051b4 : 0x80009000 0x80050300 0x80009004 0x00000101 +0x4051c4 : 0x80009008 0x00000000 0x8000900c 0x00000000 +0x4051d4 : 0x80009020 0x0000000c 0x80009000 0xc0050300 +0x4051e4 : 0x80003048 0x00000f78 0x8000304c 0x00607707 +0x4051f4 : 0x00000000 0x000161a8 0x8000a050 0x0000047b +0x405204 : 0x8000a054 0x0000007b 0x00005dc0 0x00000000 +0x405214 : 0x00000000 0x00000000 0x00000000 0x00000000 +0x405224 : 0x00000000 0x80009400 0x00000017 0x8000a050 +0x405234 : 0x00000000 0x8000a054 0x00000000 0x80003048 +0x405244 : 0x00000f00 0x00000000 0x00000000 0x10000108 +0x405254 : 0x03180002 0x00042000 0x30000528 0x07380006 +0x405264 : 0x0000fd01 0xc60081ff 0xb90f0000 ---Type to continue, or q to quit--- +0xc51e0000 +0x405274: 0x00901200 0x05030080 0x00900480 0x00010180 +0x405284: 0x00900800 0x0300fc80 0x8000900c 0x200400fc +0x405294: 0x0c800090 0x901500fc 0x03008000 0x3048c005 +0x4052a4: 0x0f788000 0x304c0000 0x77078000 0x1000fb60 +0x4052b4: 0x000161a8 0x8000a050 0x0000047b 0x8000a054 +0x4052c4: 0x0300e07b 0x17800094 0x500300fd 0xfc8000a0 +0x4052d4: 0xa0540300 0x00fc8000 0x00304805 0xf60f0080 +0x4052e4: 0x01081400 0x00021000 0x20000318 0x05280004 +0x4052f4: 0x00063000 0x00010738 0x00000000 0x00000000 +0x405304: 0x00000000 0x00000000 0x00000000 0x00000000 + + +(gdb) x/128x $r4 +0x402b54 : 0x80003000 0x00000019 0x80003048 0x00000ffb +0x402b64 : 0x80003000 0x00000018 0x80003048 0x00000f04 +0x402b74 : 0x00000000 0x000161a8 0x80003048 0x00000ffc +0x402b84 : 0x80009000 0x80050100 0x80009400 0x00020017 +0x402b94 : 0x80009a04 0x8185a0a4 0x80009a00 0x8c900025 +0x402ba4 : 0x00000000 0x00011194 0x80009a00 0x8c900021 +0x402bb4 : 0x80009a00 0x8c900027 0x00000000 0x00011194 +0x402bc4 : 0x80009a00 0x8c90002b 0x80009a00 0x8c90002f +0x402bd4 : 0x00000000 0x00011194 0x80009a00 0x8c900000 +0x402be4 : 0x80009000 0x80050300 0x80004118 0x00180012 +0x402bf4 : 0x80009204 0x00000605 0x80009208 0x00000504 +0x402c04 : 0x8000920c 0x00001111 ---Type to continue, or q to quit--- +0x80009210 0x0fc40000 +0x402c14 : 0x80009300 0x20046000 0x80009304 0x4005580c +0x402c24 : 0x80009308 0x40075801 0x8000930c 0x4005d801 +0x402c34 : 0x80009310 0x5a45d800 0x80009314 0x4a45d800 +0x402c44 : 0x80009318 0x40044000 0x80009380 0x00106000 +0x402c54 : 0x80009384 0x00083806 0x80009388 0x00093807 +0x402c64 : 0x8000938c 0x0009b804 0x80009390 0x000db800 +0x402c74 : 0x80009394 0x00093802 0x8000a008 0x00000015 +0x402c84 : 0x8000a018 0x00000002 0x8000a01c 0x0000000f +0x402c94 : 0x80009424 0x0000aaa0 0x80009434 0x01002020 +0x402ca4 : 0x80009438 0x016800fe 0x8000943c 0x8e578248 +0x402cb4 : 0x80009440 0x000000dd 0x80009444 0x00000946 +---Type to continue, or q to quit--- +0x402cc4 : 0x80009448 0x0000035a 0x8000944c 0x00100010 +0x402cd4 : 0x80009450 0x00000515 0x80009460 0x00397feb +0x402ce4 : 0x80009464 0x00180358 0x8000947c 0x00000455 +0x402cf4 : 0x800094e0 0x00000001 0x800094e4 0x00020003 +0x402d04 : 0x800094e8 0x00040014 0x800094ec 0x00240034 +0x402d14 : 0x800094f0 0x00440144 0x800094f4 0x02440344 +0x402d24 : 0x800094f8 0x04440544 0x80009470 0x0ee7fc00 +0x402d34 : 0x8000981c 0x00000082 0x80009828 0x0000002a +0x402d44 : 0x0006b5f8 0x0015000c 0x21fa4f39 0xf7fd0089 + + +(gdb) x/128x $r5 +0x405210 : 0x00000000 0x00000000 0x00000000 0x00000000 +0x405220 : 0x00000000 0x00000000 0x80009400 0x00000017 +0x405230 : 0x8000a050 0x00000000 0x8000a054 0x00000000 +0x405240 : 0x80003048 0x00000f00 0x00000000 0x00000000 +0x405250 : 0x10000108 0x03180002 0x00042000 0x30000528 +0x405260 : 0x07380006 0x0000fd01 0xc60081ff 0xb90f0000 +0x405270: 0xc51e0000 0x00901200 0x05030080 0x00900480 +0x405280: 0x00010180 0x00900800 0x0300fc80 0x8000900c +0x405290: 0x200400fc 0x0c800090 0x901500fc 0x03008000 +0x4052a0: 0x3048c005 0x0f788000 0x304c0000 0x77078000 +0x4052b0: 0x1000fb60 0x000161a8 0x8000a050 0x0000047b +0x4052c0: 0x8000a054 0x0300e07b 0x17800094 0x500300fd +0x4052d0: 0xfc8000a0 0xa0540300 0x00fc8000 0x00304805 +0x4052e0: 0xf60f0080 0x01081400 0x00021000 0x20000318 +0x4052f0: 0x05280004 0x00063000 0x00010738 0x00000000 +0x405300: 0x00000000 0x00000000 0x00000000 0x00000000 +0x405310: 0x00000000 0x00000000 0x00000000 0x00000000 diff --git a/doc/radioinit b/doc/radioinit index ae5f31c9c..881fe288c 100644 --- a/doc/radioinit +++ b/doc/radioinit @@ -35,22 +35,79 @@ then it seems like the emulator dies on the stack munging they do at the end of InitFromMemory... but I think I've decoded the entry enough to figure out the rest. -but it looks like they then redo the first entry in cal1 +then they do one entry of r4 base + 48 (gRadioTOCCal2_24MHz_c[0]) -0x80003048 -0x00000f78 +0x80009000 +0x80050100 -then they do 11 entries in cal3 (need dump) +then they do 11 entries in cal3 and reg replacment (first two have delays) -then 4 entries from r5+24 (need to check what r5 has... 0x4051e4 -should dump this) +0x402b8c : 0x80009400 0x00020017 0x80009a04 0x8185a0a4 +0x402b9c : 0x80009a00 0x8c900025 0x00000000 0x00011194 +0x402bac : 0x80009a00 0x8c900021 0x80009a00 0x8c900027 +0x402bbc : 0x00000000 0x00011194 0x80009a00 0x8c90002b +0x402bcc : 0x80009a00 0x8c90002f 0x00000000 0x00011194 +0x402bdc : 0x80009a00 0x8c900000 0x80009000 0x80050300 +0x402bec : 0x80004118 0x00180012 0x80009204 0x00000605 +0x402bfc : 0x80009208 0x00000504 0x8000920c 0x00001111 +0x402c0c : 0x80009210 0x0fc40000 0x80009300 0x20046000 +0x402c1c : 0x80009304 0x4005580c 0x80009308 0x40075801 +0x402c2c : 0x8000930c 0x4005d801 0x80009310 0x5a45d800 +0x402c3c : 0x80009314 0x4a45d800 0x80009318 0x40044000 +---Type to continue, or q to quit--- +0x402c4c : 0x80009380 0x00106000 0x80009384 0x00083806 +0x402c5c : 0x80009388 0x00093807 0x8000938c 0x0009b804 +0x402c6c : 0x80009390 0x000db800 0x80009394 0x00093802 +0x402c7c : 0x8000a008 0x00000015 0x8000a018 0x00000002 +0x402c8c : 0x8000a01c 0x0000000f 0x80009424 0x0000aaa0 +0x402c9c : 0x80009434 0x01002020 0x80009438 0x016800fe +0x402cac : 0x8000943c 0x8e578248 0x80009440 0x000000dd +0x402cbc : 0x80009444 0x00000946 0x80009448 0x0000035a +0x402ccc : 0x8000944c 0x00100010 0x80009450 0x00000515 +0x402cdc : 0x80009460 0x00397feb 0x80009464 0x00180358 -then 44 regreplacment entries + +then 4 entries from r5+24 (buffer_radio_init and cal5) + +0x80009400 0x00000017 +0x405230 : 0x8000a050 0x00000000 0x8000a054 0x00000000 +0x405240 : 0x80003048 0x00000f00 + +then 43 entries from r4+152 (reg replacement) + +0x402bec : 0x80004118 0x00180012 0x80009204 0x00000605 +0x402bfc : 0x80009208 0x00000504 0x8000920c 0x00001111 +0x402c0c : 0x80009210 0x0fc40000 0x80009300 0x20046000 +0x402c1c : 0x80009304 0x4005580c 0x80009308 0x40075801 +0x402c2c : 0x8000930c 0x4005d801 0x80009310 0x5a45d800 +0x402c3c : 0x80009314 0x4a45d800 0x80009318 0x40044000 +0x402c4c : 0x80009380 0x00106000 0x80009384 0x00083806 +0x402c5c : 0x80009388 0x00093807 0x8000938c 0x0009b804 +0x402c6c : 0x80009390 0x000db800 0x80009394 0x00093802 +0x402c7c : 0x8000a008 0x00000015 0x8000a018 0x00000002 +0x402c8c : 0x8000a01c 0x0000000f 0x80009424 0x0000aaa0 +0x402c9c : 0x80009434 0x01002020 0x80009438 0x016800fe +0x402cac : 0x8000943c 0x8e578248 0x80009440 0x000000dd +0x402cbc : 0x80009444 0x00000946 0x80009448 0x0000035a +0x402ccc : 0x8000944c 0x00100010 0x80009450 0x00000515 +0x402cdc : 0x80009460 0x00397feb 0x80009464 0x00180358 +0x402cec : 0x8000947c 0x00000455 0x800094e0 0x00000001 +0x402cfc : 0x800094e4 0x00020003 0x800094e8 0x00040014 +0x402d0c : 0x800094ec 0x00240034 0x800094f0 0x00440144 +0x402d1c : 0x800094f4 0x02440344 0x800094f8 0x04440544 +0x402d2c : 0x80009470 0x0ee7fc00 0x8000981c 0x00000082 +0x402d3c : 0x80009828 0x0000002a then flash init. (hrmm.. this might be important) then flyback init. -then some other stuff. (need to check this out closley) +then maybe buckbypass sequence... 4 entries from r4+16 + +0x402b64 : 0x80003000 0x00000018 0x80003048 0x00000f04 +0x402b74 : 0x00000000 0x000161a8 0x80003048 0x00000ffc + + + diff --git a/doc/ws.dis b/doc/ws.dis index 5a38c5cdd..e62444f34 100644 --- a/doc/ws.dis +++ b/doc/ws.dis @@ -5186,13 +5186,13 @@ Disassembly of section P2: 402fce: 65b8 str r0, [r7, #88] // gRadioTOCCal2_N[88] 0x58 402fd0: 4837 ldr r0, [pc, #220] (4030b0 ) // r0 gets 4030b0: 016e3600 .word 0x016e3600 = 240000000 402fd2: 4286 cmp r6, r0 - 402fd4: d001 beq.n 402fda // if 24 MHz test for 24MHZ + 402fd4: d001 beq.n 402fda // if 24 MHz test for 24MHZ skips to endif 402fd6: 617c str r4, [r7, #20] // gRadioTOCCal2_N[20] 0x14 402fd8: 61fd str r5, [r7, #28] // gRadioTOCCal2_N[28] 0x1c 402fda: 4c36 ldr r4, [pc, #216] (4030b4 ) // else endif 4030b4: .word 0x00402dcc buck_enable 402fdc: 4d70 ldr r5, [pc, #448] (4031a0 ) // 0x0040544c ram_init_val 402fde: 7928 ldrb r0, [r5, #4] // load low byte - 402fe0: 2801 cmp r0, #1 // check if its 1 (it's not) + 402fe0: 2801 cmp r0, #1 // check if its 1 (it's not, it's 0) 402fe2: d106 bne.n 402ff2 // and skip stuff (to 2ff2,HERE) assume skip we have 24MHz 402fe4: 4834 ldr r0, [pc, #208] (4030b8 ) // 4030b8: .word 0x00000f7b 402fe6: 6378 str r0, [r7, #52] // what's r7? put f7b into gRadioTOCCal2_None24Mhz_c[52] 0x34 @@ -5201,9 +5201,9 @@ Disassembly of section P2: 402fec: 2110 movs r1, #16 402fee: 0020 lsls r0, r4, #0 402ff0: e009 b.n 403006 - 402ff2: 7968 ldrb r0, [r5, #5] // HERE: what's r5? looks like ram_init_val[5] 0x05 - 402ff4: 2801 cmp r0, #1 // another test. not one. (it's 0x1e) - 402ff6: d108 bne.n 40300a // maybe skip to THERE + 402ff2: 7968 ldrb r0, [r5, #5] // HERE: what's r5? looks like ram_init_val[5] i + 402ff4: 2801 cmp r0, #1 // another test. not one. (it's 0) skip to THERE + 402ff6: d108 bne.n 40300a // skip to THERE 402ff8: 4830 ldr r0, [pc, #192] (4030bc ) // 4030bc: 00000f7c .word 0x00000f7c 402ffa: 6378 str r0, [r7, #52] // put f7c into gRadioTOCCal2_None24Mhz_c[52] 0x34 402ffc: 3878 subs r0, #120 @@ -5213,33 +5213,33 @@ Disassembly of section P2: 403004: 3010 adds r0, #16 403006: f000 f96d bl 4032e4 // call InitFromMemory with setup vals? 32 bytes of buck_enable+16? 40300a: 2128 movs r1, #40 // THERE: chould have come from a skip r1 gets 40 - 40300c: 0038 lsls r0, r7, #0 // r0 is r7 (cal2) + 40300c: 0038 lsls r0, r7, #0 // r0 is r7 (cal2) r7 base 40300e: 3030 adds r0, #48 // now its cal2+48 which is 0x405420 (increment by sizeof?) 403010: f000 f968 bl 4032e4 // 40 entries of gRadioTOCCal2_None24Mhz+48?//i think this bombs b/c zero... 403014: 4826 ldr r0, [pc, #152] (4030b0 ) // 4030b0: 016e3600 .word 0x016e3600 403016: 4286 cmp r6, r0 - 403018: d103 bne.n 403022 // another test for 24MHz - 40301a: 2108 movs r1, #8 - 40301c: 0020 lsls r0, r4, #0 - 40301e: 3030 adds r0, #48 + 403018: d103 bne.n 403022 // another test for 24MHz branch to NEXT: if !=, but they are + 40301a: 2108 movs r1, #8 // 8 bytes = 1 entry + 40301c: 0020 lsls r0, r4, #0 // r4 base + 40301e: 3030 adds r0, #48 // r4 base+48 403020: e001 b.n 403026 // goto endif - 403022: 2130 movs r1, #48 // else, guissing else is for not 24MHz since r7 is involved - 403024: 0038 lsls r0, r7, #0 - 403026: f000 f95d bl 4032e4 // endif, do InitFromMemory, 8 entries from 00402dfc : - 40302a: 2158 movs r1, #88 - 40302c: 0020 lsls r0, r4, #0 + 403022: 2130 movs r1, #48 // NEXT: + 403024: 0038 lsls r0, r7, #0 // 48 bytes = 6 entries of r7+0 + 403026: f000 f95d bl 4032e4 // endif do the init + 40302a: 2158 movs r1, #88 // do 11 entries + 40302c: 0020 lsls r0, r4, #0 // of r4 base + 56 40302e: 3038 adds r0, #56 - 403030: f000 f958 bl 4032e4 // do another then do 88 entries from r4+56 0x2e14 (in cal 3) + 403030: f000 f958 bl 4032e4 // do another then do 11 entries from r4+56 0x2e14 (in cal 3) 403034: 481e ldr r0, [pc, #120] (4030b0 ) 403036: 4286 cmp r6, r0 // check for 24MHZ 403038: d004 beq.n 403044 // goto endif - 40303a: 2108 movs r1, #8 - 40303c: 0020 lsls r0, r4, #0 - 40303e: 3090 adds r0, #144 - 403040: f000 f950 bl 4032e4 - 403044: 2120 movs r1, #32 // endif + 40303a: 2108 movs r1, #8 // skip + 40303c: 0020 lsls r0, r4, #0 // skip + 40303e: 3090 adds r0, #144 // skip + 403040: f000 f950 bl 4032e4 // skip + 403044: 2120 movs r1, #32 // endif: four entries of 403046: 0028 lsls r0, r5, #0 - 403048: 3018 adds r0, #24 + 403048: 3018 adds r0, #24 // r5+24 40304a: f000 f94b bl 4032e4 // do 32 entries in r5+24 this might be zero... 40304e: 21ac movs r1, #172 403050: 0049 lsls r1, r1, #1 // r1 gets 344 @@ -5250,20 +5250,20 @@ Disassembly of section P2: 40305c: 0240 lsls r0, r0, #9 // r0 is now 0x1F000 40305e: f000 f8db bl 403218 // from flash --- this might be the regreplacment since that's in codespace... 403062: f000 f82f bl 4030c4 // looks like this happens... - 403066: 7928 ldrb r0, [r5, #4] + 403066: 7928 ldrb r0, [r5, #4] // 0 unless initfromflash does something to it 403068: 2801 cmp r0, #1 - 40306a: d101 bne.n 403070 - 40306c: 2110 movs r1, #16 - 40306e: e004 b.n 40307a + 40306a: d101 bne.n 403070 // say it doesn't branch, + 40306c: 2110 movs r1, #16 // r1 gets 16 + 40306e: e004 b.n 40307a // branch to 5 403070: 7968 ldrb r0, [r5, #5] 403072: 2801 cmp r0, #1 - 403074: d104 bne.n 403080 + 403074: d104 bne.n 403080 // skips an init from memory 403076: 2120 movs r1, #32 403078: 3410 adds r4, #16 - 40307a: 0020 lsls r0, r4, #0 - 40307c: f000 f932 bl 4032e4 // do 32 entries but now from 0x2e74 + 16 0x2e84 + 40307a: 0020 lsls r0, r4, #0 // 5: + 40307c: f000 f932 bl 4032e4 // do 4 entries but now from r4 + 16 of buck bypass 403080: 480f ldr r0, [pc, #60] (4030c0 ) - 403082: f000 f881 bl 403188 + 403082: f000 f881 bl 403188 // and a call to fill ram struct --- maybe important to the program? 403086: 2400 movs r4, #0 403088: 78e9 ldrb r1, [r5, #3] 40308a: 0620 lsls r0, r4, #24