Nikon Emulator

All things embedded.
*NO FEATURE REQUESTS*

Re: Nikon Emulator [was: Fujitsu Fr Emulator]

Postby coderat » Mon Dec 09, 2013 6:00 pm

leegong wrote:For example , shutter half press and full press are two bits inside stru_0xFFFF587C , but i have no idea where and how FW A
deals with them , there is no direct access to byte inside stru_0xFFFF587C , always indirect accessing with base address 0xFFFF587C.

I see the problem. I found 180 places, just two of them:
BFC1C506 F9A1 bclr 0x01(r30), 5
...
BFC1E456 F9A3 bclr 0x03(r30), 5

I am wondering why you do not see this easy in IDA ? IDA follows recursively code flow, so why it doesn't work ?

Well, there can be 2 ways to do it. Easiest is to make a script. Using current disassembler output it can search for FFFF587C offset 1 and 3 bit 5. The second way is to modify disassembler to follow natural code flow in functions. Then it gets automatically correct registers at place with "bclr" and generate a comment. Newly generated comment could be then easily found in text editor with usual search. But I am not sure about implementation of last one, must think more. Because it turns disassembler complete upside-down. May be add a new disassembler option and a new mode.
Unfortunately Vicne has no time to discuss this problem :(

@leegong: are you still interested in places setting shutter bit ?

Best regards,
coderat
coderat
Core Developer
 
Posts: 2283
Joined: Fri Apr 26, 2013 10:21 am
Been thanked: 450 times

Re: Nikon Emulator [was: Fujitsu Fr Emulator]

Postby leegong » Mon Dec 09, 2013 8:33 pm

coderat wrote:I am wondering why you do not see this easy in IDA ? IDA follows recursively code flow, so why it doesn't work ?

IDA XREF can list all indirect accessing to base address 0xFFFF587C , but no specific bit .
coderat wrote:@leegong: are you still interested in places setting shutter bit ?

Shutter state is sent to FR , stru_0xFFFF587C is an internal data structure on TX19 side,
i'm interested in the consequent action on Tx19 side and how they are linked to mirror , curtain , aperture , lens ...
Attachments
FFFF587C.JPG
FFFF587C.JPG (54.06 KiB) Viewed 7950 times
leegong
Core Developer
 
Posts: 2137
Joined: Mon Mar 19, 2012 12:21 am
Location: Hangzhou , China
Been thanked: 550 times

Re: Nikon Emulator [was: Fujitsu Fr Emulator]

Postby coderat » Tue Dec 10, 2013 8:04 am

leegong wrote:
coderat wrote:I am wondering why you do not see this easy in IDA ? IDA follows recursively code flow, so why it doesn't work ?

IDA XREF can list all indirect accessing to base address 0xFFFF587C , but no specific bit .

Ahh, I understand. IDA can only evaluate LD instructions.
In fact in IDA you must search for any use of 0xFFFF587C. What does it show then ? I can see 180 places in our disassembler, using address 0xFFFF587C and you ?

Best regards,
coderat
coderat
Core Developer
 
Posts: 2283
Joined: Fri Apr 26, 2013 10:21 am
Been thanked: 450 times

Re: Nikon Emulator [was: Fujitsu Fr Emulator]

Postby leegong » Tue Dec 10, 2013 8:16 am

coderat wrote:What does it show then ? I can see 180 places in our disassembler, using address 0xFFFF587C and you ?

It shows all locations in firmware which "XREF" 0xFFFF587C , some of them are specific field inside structure , but no specific
bit.
Lots of "XREF" are listed , i didn't count them , maybe 180 , maybe less , maybe more .
coderat wrote:In fact in IDA you must search for any use of 0xFFFF587C.

Yes , in fact the situation is more worse , after 0xFFFF587C is loaded into a register , sometimes
the register might be added by an offset and stored to another register ,
then FW use new register for accessing .

Best regards,
Leegong
leegong
Core Developer
 
Posts: 2137
Joined: Mon Mar 19, 2012 12:21 am
Location: Hangzhou , China
Been thanked: 550 times

Re: Nikon Emulator

Postby coderat » Thu Apr 10, 2014 5:31 am

Emulator 2.51 released

Edit Aug. 17th: link changed by Vicne

New
  • Change CPU registers positioning on TX "CPU State"
  • Remove update of "CPU state" window on timer for performance
  • Add mITRON "Return Stack" window
  • Added output of .funcrefs.txt file on -wfuncreferences disassembler option
  • Added -wmemory option to FR80 disassembler
  • Improved jump table detection for FR
  • Added -e disassembler option for entry point

Bugfixes
  • TX19A disassembler SB 16-bit instruction output negative offset
  • viewfinder LCD wrong data transfer and console warning
  • viewfinder "values" in text box incorrectly printed
  • SLLV instruction was cutting result to 5-bit number
  • wrong last function address output with -wfuncreferences
  • no error on duplicated symbol names
  • in FR disassembler STM0/STM1 instruction register list was incorrect
  • do not resolve system call function (INT 0x40) parameters if its address has bit 31 set
  • crash if overlapped memory regions must be loaded in disassembler
  • Catch errors in standalone disassembler
  • incorrect specified file filter in memory Save/Load dialog
  • issue #18 Update frequency number from preferences used now instead of 100ms

Best regards,
coderat
coderat
Core Developer
 
Posts: 2283
Joined: Fri Apr 26, 2013 10:21 am
Been thanked: 450 times

Re: Nikon Emulator [was: Fujitsu Fr Emulator]

Postby coderat » Sun Apr 13, 2014 3:49 pm

leegong wrote:For example , shutter half press and full press are two bits inside stru_0xFFFF587C , but i have no idea where and how FW A
deals with them , there is no direct access to byte inside stru_0xFFFF587C , always indirect accessing with base address 0xFFFF587C.
Some time i want to find where one specific bit inside a large structure is set , but always got code which reads it instead of set it

These bits are accessed by load byte (LBU instruction), calculations and then save byte (SB). Tracing them in disassembler is very hard task, because disassembler must understand complex calculation and bit changing code.

My solution at the moment is to add TX19 breakpoint -> Memory conditions -> @(0xFFFF587C) & 0x00FF00FF "changes" and trace it in emulator. BTW only offset +1 bit0 and offset +3 bit0 in struFFFF587C are changed by pushing "shutter" in emulator at 0xBFC335B8 and 0xBFC33656, others stay zero.

Unfortunately, these "Memory conditions" for breakpoint will work correctly only in Emulator 2.52 (I already fixed code in repository).

Best regards,
coderat
coderat
Core Developer
 
Posts: 2283
Joined: Fri Apr 26, 2013 10:21 am
Been thanked: 450 times

Re: Nikon Emulator

Postby BlindWanderer » Mon Jul 07, 2014 7:57 am

coderat wrote:Emulator 2.51 released


Ummm... that link isn't working. SF says the file doesn't exist. Is the download limited to only certain people?
BlindWanderer
 
Posts: 3
Joined: Sun Jul 06, 2014 8:12 pm
Been thanked: 0 time

Re: Nikon Emulator

Postby coderat » Mon Jul 07, 2014 8:42 am

BlindWanderer wrote:Ummm... that link isn't working. SF says the file doesn't exist.

The release zip wasn't uploaded to SourceForge yet, as we can't upload binaries to googlecode anymore. You can grab a source and build yourself: for 2.51 you need revision 6da2a7a50117.
Regards,
coderat
coderat
Core Developer
 
Posts: 2283
Joined: Fri Apr 26, 2013 10:21 am
Been thanked: 450 times

Re: Nikon Emulator

Postby Vicne » Sat Aug 16, 2014 4:02 pm

Hi,

I wanted to indicate that I just uploaded to Bintray the version 2.51 as described above.
All those fixes and new features have been fully developed by coderat.

Please note that yet other patches and changes have since been added by coderat to the source tree, and will be integrated in the next release.

Best regards,

Vicne
Vicne
Core Developer
 
Posts: 1730
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 167 times

Re: Nikon Emulator

Postby Vicne » Mon Sep 01, 2014 2:38 pm

Hi, all,

I just built Emulator version 2.52 from the current sources. All the latest numerous changes by coderat are included.

According to the commit log, they are:

Fixes:
- Bugfix: breakpoint on memory change happened on every instruction after first match
- Implemented coupling of input "port" and "key" functions, as they get pin signals together
- Bugfix: mode dial values mapping
- Fixed issue #25: FPU exceptions implemented if not in delayed slot
- Bugfix: TX DMA Error: BCR=0x00000003 is not a multiple of 4bytes
- Fix: allow writing TBnST 16-bit TX timer register
- Bugfix TX "Return stack" for big frames
- Bugfix: wrong TX timer interrupt number for channels 0x10, 0x11
- Bugfix: TX 16-bit timers have 16-bit registers
- Bugfix: "-" button was not removing custom logger range in some cases
- FR I/O port mode depends on configuration bit
- Corrected NKLD fields
- Bugfix: wrong FR LCD power on pin
- Bugfix: sometimes missing TX timer events
- Bugfix: crash in custom memory logger on wrong number format
- Bugfix: forbid open/close spying windows during play
- Fixed FR serial interface timing in CSIO master mode
- Bugfix: EEPROM window paint on open was depending on refresh time. Now using prefs setting.

Changes:
- Initial code for ARM processor
- TX "Return stack" information on last instruction of function
- Card LED
- TX I/O ports: show pullups
- TX I/O ports: allow setting state for KEY, INT functions manually
- Fixed issue #74 : Improve handling of attempt to load not existing firmware file
- Added "Copy to clipboard" in "mITRON Return Stack" window
- Added 0x5000010B.bit3 configuration (Override PortB.pin3 as external interrupt trigger channel 13 (interrupt 0x23))
- Added decoding model 1 firmware files
- Call table warning now contains more information
- Improved call table address detection
- Regex are now supported for finding symbols in source or structure frames
- Positive error codes now returned when exiting to be supported in windows batch files
- Added handler for uncaught exceptions in AWT (UI) thread
- TFT status is now in window title for readability
- Right-clicking in breaktrigger list now shows source code
- Implemented load/save state
- Added mirror box (with movement for LiveView)
- Added image sensor and sensor bridge
- Implemented FR80 int 0x11 and int 0x15 functionality
- Improved performance with FR80 proxy memory listener

Best regards,

Vicne
Vicne
Core Developer
 
Posts: 1730
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 167 times

PreviousNext

Return to Firmware

Who is online

Users browsing this forum: No registered users and 4 guests