Address 0x40060000 activity

All things embedded.
*NO FEATURE REQUESTS*

Address 0x40060000 activity

Postby Vicne » Thu Jan 05, 2012 5:12 pm

Hi, all,

I'm trying to understand is happening at the area starting at 0x40060000

As I said in the Emulator thread, upon boot, the firmware ends up in an infinite loop that expects value 0x1000 to be found at 0x40060010.

I tried to satisfy that condition and let the code go on. It then writes many values in the same area, but after a while, it ends up back in the same infinite loop.

Here is the trace of the activity in this area :

Edit : trace in a post below is closer to actual read-writes (16-bit words at a time)

Code: Select all
  1.  

  2.     read from 0x40060000 : 00

  3.     read from 0x40060001 : 00

  4. 00 written to 0x40060000

  5. 00 written to 0x40060001

  6.     read from 0x40060010 : 00

  7.     read from 0x40060011 : 00

  8.        

  9.         ... first infinite loop, expecting 0x1000. Writing that value ...

  10.    

  11. 10 written to 0x40060010

  12. 00 written to 0x40060011

  13.     read from 0x40060010 : 10

  14.     read from 0x40060011 : 00

  15. 00 written to 0x40060008

  16. 00 written to 0x40060009

  17.     read from 0x40060012 : 00

  18.     read from 0x40060013 : 00

  19. 00 written to 0x40060012

  20. 01 written to 0x40060013

  21. 00 written to 0x40060100

  22. 00 written to 0x40060101

  23. 01 written to 0x40060102

  24. 01 written to 0x40060103

  25. 01 written to 0x40060104

  26. 01 written to 0x40060105

  27. 03 written to 0x40060400

  28. 08 written to 0x40060401

  29. 00 written to 0x40060402

  30. 00 written to 0x40060403

  31. 00 written to 0x40060404

  32. 00 written to 0x40060405

  33. 00 written to 0x40060406

  34. 00 written to 0x40060407

  35. 14 written to 0x40060410

  36. 0A written to 0x40060411

  37. 00 written to 0x40060412

  38. 00 written to 0x40060413

  39. 00 written to 0x40060414

  40. 00 written to 0x40060415

  41. 00 written to 0x40060416

  42. 00 written to 0x40060417

  43. 11 written to 0x40060420

  44. 15 written to 0x40060421

  45. 0B written to 0x40060422

  46. 0D written to 0x40060423

  47. 00 written to 0x40060424

  48. 00 written to 0x40060425

  49. 00 written to 0x40060426

  50. 00 written to 0x40060427

  51. 00 written to 0x40060110

  52. 00 written to 0x40060111

  53. 01 written to 0x40060112

  54. 01 written to 0x40060113

  55. 01 written to 0x40060114

  56. 01 written to 0x40060115

  57. 04 written to 0x40060440

  58. 05 written to 0x40060441

  59. 09 written to 0x40060442

  60. 12 written to 0x40060443

  61. 00 written to 0x40060444

  62. 00 written to 0x40060445

  63. 00 written to 0x40060446

  64. 00 written to 0x40060447

  65. 0F written to 0x40060450

  66. 0E written to 0x40060451

  67. 10 written to 0x40060452

  68. 13 written to 0x40060453

  69. 00 written to 0x40060454

  70. 00 written to 0x40060455

  71. 00 written to 0x40060456

  72. 00 written to 0x40060457

  73. 18 written to 0x40060460

  74. 16 written to 0x40060461

  75. 0C written to 0x40060462

  76. 00 written to 0x40060463

  77. 00 written to 0x40060464

  78. 00 written to 0x40060465

  79. 00 written to 0x40060466

  80. 00 written to 0x40060467

  81. 00 written to 0x40060120

  82. 00 written to 0x40060121

  83. 01 written to 0x40060122

  84. 01 written to 0x40060123

  85. 01 written to 0x40060124

  86. 01 written to 0x40060125

  87. 01 written to 0x40060480

  88. 07 written to 0x40060481

  89. 00 written to 0x40060482

  90. 00 written to 0x40060483

  91. 00 written to 0x40060484

  92. 00 written to 0x40060485

  93. 00 written to 0x40060486

  94. 00 written to 0x40060487

  95. 17 written to 0x40060490

  96. 00 written to 0x40060491

  97. 00 written to 0x40060492

  98. 00 written to 0x40060493

  99. 00 written to 0x40060494

  100. 00 written to 0x40060495

  101. 00 written to 0x40060496

  102. 00 written to 0x40060497

  103. 00 written to 0x400604A0

  104. 00 written to 0x400604A1

  105. 00 written to 0x400604A2

  106. 00 written to 0x400604A3

  107. 00 written to 0x400604A4

  108. 00 written to 0x400604A5

  109. 00 written to 0x400604A6

  110. 00 written to 0x400604A7

  111. 00 written to 0x40060130

  112. 00 written to 0x40060131

  113. 01 written to 0x40060132

  114. 01 written to 0x40060133

  115. 01 written to 0x40060134

  116. 01 written to 0x40060135

  117. 02 written to 0x400604C0

  118. 06 written to 0x400604C1

  119. 00 written to 0x400604C2

  120. 00 written to 0x400604C3

  121. 00 written to 0x400604C4

  122. 00 written to 0x400604C5

  123. 00 written to 0x400604C6

  124. 00 written to 0x400604C7

  125. 00 written to 0x400604D0

  126. 00 written to 0x400604D1

  127. 00 written to 0x400604D2

  128. 00 written to 0x400604D3

  129. 00 written to 0x400604D4

  130. 00 written to 0x400604D5

  131. 00 written to 0x400604D6

  132. 00 written to 0x400604D7

  133. 00 written to 0x400604E0

  134. 00 written to 0x400604E1

  135. 00 written to 0x400604E2

  136. 00 written to 0x400604E3

  137. 00 written to 0x400604E4

  138. 00 written to 0x400604E5

  139. 00 written to 0x400604E6

  140. 00 written to 0x400604E7

  141. 00 written to 0x40060140

  142. 00 written to 0x40060141

  143. 01 written to 0x40060142

  144. 01 written to 0x40060143

  145. 01 written to 0x40060144

  146. 01 written to 0x40060145

  147. 06 written to 0x40060500

  148. 07 written to 0x40060501

  149. 0B written to 0x40060502

  150. 0D written to 0x40060503

  151. 13 written to 0x40060504

  152. 00 written to 0x40060505

  153. 00 written to 0x40060506

  154. 00 written to 0x40060507

  155. 16 written to 0x40060510

  156. 02 written to 0x40060511

  157. 18 written to 0x40060512

  158. 00 written to 0x40060513

  159. 00 written to 0x40060514

  160. 00 written to 0x40060515

  161. 00 written to 0x40060516

  162. 00 written to 0x40060517

  163. 12 written to 0x40060520

  164. 03 written to 0x40060521

  165. 05 written to 0x40060522

  166. 00 written to 0x40060523

  167. 00 written to 0x40060524

  168. 00 written to 0x40060525

  169. 00 written to 0x40060526

  170. 00 written to 0x40060527

  171. 00 written to 0x40060150

  172. 00 written to 0x40060151

  173. 01 written to 0x40060152

  174. 01 written to 0x40060153

  175. 01 written to 0x40060154

  176. 01 written to 0x40060155

  177. 08 written to 0x40060540

  178. 09 written to 0x40060541

  179. 0A written to 0x40060542

  180. 0C written to 0x40060543

  181. 0E written to 0x40060544

  182. 14 written to 0x40060545

  183. 00 written to 0x40060546

  184. 00 written to 0x40060547

  185. 17 written to 0x40060550

  186. 19 written to 0x40060551

  187. 10 written to 0x40060552

  188. 15 written to 0x40060553

  189. 00 written to 0x40060554

  190. 00 written to 0x40060555

  191. 00 written to 0x40060556

  192. 00 written to 0x40060557

  193. 1D written to 0x40060560

  194. 04 written to 0x40060561

  195. 00 written to 0x40060562

  196. 00 written to 0x40060563

  197. 00 written to 0x40060564

  198. 00 written to 0x40060565

  199. 00 written to 0x40060566

  200. 00 written to 0x40060567

  201. 00 written to 0x40060160

  202. 00 written to 0x40060161

  203. 01 written to 0x40060162

  204. 01 written to 0x40060163

  205. 01 written to 0x40060164

  206. 01 written to 0x40060165

  207. 01 written to 0x40060580

  208. 00 written to 0x40060581

  209. 00 written to 0x40060582

  210. 00 written to 0x40060583

  211. 00 written to 0x40060584

  212. 00 written to 0x40060585

  213. 00 written to 0x40060586

  214. 00 written to 0x40060587

  215. 1A written to 0x40060590

  216. 1C written to 0x40060591

  217. 00 written to 0x40060592

  218. 00 written to 0x40060593

  219. 00 written to 0x40060594

  220. 00 written to 0x40060595

  221. 00 written to 0x40060596

  222. 00 written to 0x40060597

  223. 0F written to 0x400605A0

  224. 00 written to 0x400605A1

  225. 00 written to 0x400605A2

  226. 00 written to 0x400605A3

  227. 00 written to 0x400605A4

  228. 00 written to 0x400605A5

  229. 00 written to 0x400605A6

  230. 00 written to 0x400605A7

  231. 00 written to 0x40060170

  232. 00 written to 0x40060171

  233. 01 written to 0x40060172

  234. 01 written to 0x40060173

  235. 01 written to 0x40060174

  236. 01 written to 0x40060175

  237. 1E written to 0x400605C0

  238. 1F written to 0x400605C1

  239. 00 written to 0x400605C2

  240. 00 written to 0x400605C3

  241. 00 written to 0x400605C4

  242. 00 written to 0x400605C5

  243. 00 written to 0x400605C6

  244. 00 written to 0x400605C7

  245. 1B written to 0x400605D0

  246. 11 written to 0x400605D1

  247. 00 written to 0x400605D2

  248. 00 written to 0x400605D3

  249. 00 written to 0x400605D4

  250. 00 written to 0x400605D5

  251. 00 written to 0x400605D6

  252. 00 written to 0x400605D7

  253. 00 written to 0x400605E0

  254. 00 written to 0x400605E1

  255. 00 written to 0x400605E2

  256. 00 written to 0x400605E3

  257. 00 written to 0x400605E4

  258. 00 written to 0x400605E5

  259. 00 written to 0x400605E6

  260. 00 written to 0x400605E7

  261.     read from 0x40060012 : 00

  262.     read from 0x40060013 : 01

  263. 00 written to 0x40060012

  264. 00 written to 0x40060013

  265. 20 written to 0x40060010

  266. FF written to 0x40060011

  267.     read from 0x40060010 : 20

  268.     read from 0x40060011 : FF

  269.        

  270.         ... falling back again in the infinite loop...

  271.  

  272.  



so 2-byte words are written back and forth between 0x40060000 and 0x400605E7 in a seemingly random manner.

Taking a look at the memory layout (see attached image), it is clear that values are written based on 16-bytes boundaries, and there is a pattern of 01 at the beginning, but I have no idea what it can be.

Edit : colored image in a post below is much easier to read

Does anybody have an idea ?

Best regards,

Vicne
Attachments
0x40060000.png
Vicne
Core Developer
 
Posts: 1703
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 155 times

Re: Address 0x40060000 activity

Postby Vicne » Fri Jan 06, 2012 6:49 am

After a bit of thought :
One protocol pattern could be that offsets 10-11 and 12-13 are basically a RTS/CTS-like flow control :
- 10-11 is set to 0x1000 by an unknown device/function to indicate that the FR CPU can write data
- 12-13 is set to 0x0001 by the FR CPU to indicate that it is currently writing data

- when it's the FR CPU's turn to speak (0x1000 detected at 10-11), it "locks" the area by writing 0x0001 to 12-13 (after writing 0x0000 to 08-09, no idea why)
- it then writes constant(*) data to the 0x4006---- area, repeating the following pattern 8 times :
a) 6 bytes (always the same : 0x000101) are written in the 0x0100+ area : first time at offset 100 (then 110, 120, 130, 140, 150, 160, 170)
b) 3 times 8 bytes (aligned on a 16-bytes boundary) are written in the 0x400+ area : first time at offset 400 (then 440, 480, 4C0, 500, 540, 580, 5C0). These values don't seem to mean anything to me but all the bytes are in the range 0x00 - 0x1F, and they are padded with zeroes on the right. For example, at 0x40060500, the following 8 bytes get written : 06 07 0B 0D 13 00 00 00

- it then checks that it still had the lock (12-13 are still at 0x0001) and then releases it (writes 0x0000 at 12-13)
- finally, it writes 0x20FF at 10-11 and starts waiting for the other party to do its stuff and indicate when it's done by writing 1000 again at 10-11

Looks a bit less random, but still no clue what it is about...

Vicne

(*) values are hardcoded in the fw, not computed nor copied from some other place.
Vicne
Core Developer
 
Posts: 1703
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 155 times

Re: Address 0x40060000 activity

Postby Simeon » Fri Jan 06, 2012 1:35 pm

What firmware are you seeing this on (7000 or 5100 (or other)?). As I don't see some of those addresses in the D5100 code.

I did see references to DMA code, and to I2C ("eye-squared-see") in debug comments. Or it could be some priority thing...
Simeon
Core Developer
 
Posts: 2101
Joined: Wed Nov 30, 2011 6:12 am
Location: Christchurch, New Zealand
Been thanked: 398 times

Re: Address 0x40060000 activity

Postby Simeon » Fri Jan 06, 2012 2:19 pm

Ah solved the missing addresses, the code is doing WORD read/writes, and thus only refers to even addresses.
Simeon
Core Developer
 
Posts: 2101
Joined: Wed Nov 30, 2011 6:12 am
Location: Christchurch, New Zealand
Been thanked: 398 times

Re: Address 0x40060000 activity

Postby Vicne » Fri Jan 06, 2012 3:08 pm

Simeon wrote:Ah solved the missing addresses, the code is doing WORD read/writes, and thus only refers to even addresses.


Yes, my dump logs writes at the byte level, so it doesn't reflect actual instructions
The writing routine starts at 0x001FA802 in the 5100 fw as you have seen.

I see it more as DMA than i2C indeed. But the patterns look so simple they look like "instructions"

Vicne
Vicne
Core Developer
 
Posts: 1703
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 155 times

Re: Address 0x40060000 activity

Postby Vicne » Sat Jan 07, 2012 9:30 am

Here is a much more readable version of the memory area, using the new activity coloring feature of the emulator.

BR,
Attachments
0x40060000_color.png
Vicne
Core Developer
 
Posts: 1703
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 155 times

Re: Address 0x40060000 activity

Postby Vicne » Sat Jan 07, 2012 12:46 pm

Here is a reformated memory access log.
Now using new memory access logging, the log is conform to data width of read/writes.
In the case of page 0x4006 studied here, all accesses are 16-bits wide.

Code: Select all
  1.             read from 0x40060010 : 0x0000

  2. 0x1000     written to 0x40060010                  -------------> This was manually set

  3.             read from 0x40060010 : 0x1000

  4. 0x0000     written to 0x40060008

  5.             read from 0x40060012 : 0x0000

  6. 0x0001     written to 0x40060012

  7. 0x0000     written to 0x40060100

  8. 0x0101     written to 0x40060102

  9. 0x0101     written to 0x40060104

  10. 0x0308     written to 0x40060400

  11. 0x0000     written to 0x40060402

  12. 0x0000     written to 0x40060404

  13. 0x0000     written to 0x40060406

  14. 0x140A     written to 0x40060410

  15. 0x0000     written to 0x40060412

  16. 0x0000     written to 0x40060414

  17. 0x0000     written to 0x40060416

  18. 0x1115     written to 0x40060420

  19. 0x0B0D     written to 0x40060422

  20. 0x0000     written to 0x40060424

  21. 0x0000     written to 0x40060426

  22. 0x0000     written to 0x40060110

  23. 0x0101     written to 0x40060112

  24. 0x0101     written to 0x40060114

  25. 0x0405     written to 0x40060440

  26. 0x0912     written to 0x40060442

  27. 0x0000     written to 0x40060444

  28. 0x0000     written to 0x40060446

  29. 0x0F0E     written to 0x40060450

  30. 0x1013     written to 0x40060452

  31. 0x0000     written to 0x40060454

  32. 0x0000     written to 0x40060456

  33. 0x1816     written to 0x40060460

  34. 0x0C00     written to 0x40060462

  35. 0x0000     written to 0x40060464

  36. 0x0000     written to 0x40060466

  37. 0x0000     written to 0x40060120

  38. 0x0101     written to 0x40060122

  39. 0x0101     written to 0x40060124

  40. 0x0107     written to 0x40060480

  41. 0x0000     written to 0x40060482

  42. 0x0000     written to 0x40060484

  43. 0x0000     written to 0x40060486

  44. 0x1700     written to 0x40060490

  45. 0x0000     written to 0x40060492

  46. 0x0000     written to 0x40060494

  47. 0x0000     written to 0x40060496

  48. 0x0000     written to 0x400604A0

  49. 0x0000     written to 0x400604A2

  50. 0x0000     written to 0x400604A4

  51. 0x0000     written to 0x400604A6

  52. 0x0000     written to 0x40060130

  53. 0x0101     written to 0x40060132

  54. 0x0101     written to 0x40060134

  55. 0x0206     written to 0x400604C0

  56. 0x0000     written to 0x400604C2

  57. 0x0000     written to 0x400604C4

  58. 0x0000     written to 0x400604C6

  59. 0x0000     written to 0x400604D0

  60. 0x0000     written to 0x400604D2

  61. 0x0000     written to 0x400604D4

  62. 0x0000     written to 0x400604D6

  63. 0x0000     written to 0x400604E0

  64. 0x0000     written to 0x400604E2

  65. 0x0000     written to 0x400604E4

  66. 0x0000     written to 0x400604E6

  67. 0x0000     written to 0x40060140

  68. 0x0101     written to 0x40060142

  69. 0x0101     written to 0x40060144

  70. 0x0607     written to 0x40060500

  71. 0x0B0D     written to 0x40060502

  72. 0x1300     written to 0x40060504

  73. 0x0000     written to 0x40060506

  74. 0x1602     written to 0x40060510

  75. 0x1800     written to 0x40060512

  76. 0x0000     written to 0x40060514

  77. 0x0000     written to 0x40060516

  78. 0x1203     written to 0x40060520

  79. 0x0500     written to 0x40060522

  80. 0x0000     written to 0x40060524

  81. 0x0000     written to 0x40060526

  82. 0x0000     written to 0x40060150

  83. 0x0101     written to 0x40060152

  84. 0x0101     written to 0x40060154

  85. 0x0809     written to 0x40060540

  86. 0x0A0C     written to 0x40060542

  87. 0x0E14     written to 0x40060544

  88. 0x0000     written to 0x40060546

  89. 0x1719     written to 0x40060550

  90. 0x1015     written to 0x40060552

  91. 0x0000     written to 0x40060554

  92. 0x0000     written to 0x40060556

  93. 0x1D04     written to 0x40060560

  94. 0x0000     written to 0x40060562

  95. 0x0000     written to 0x40060564

  96. 0x0000     written to 0x40060566

  97. 0x0000     written to 0x40060160

  98. 0x0101     written to 0x40060162

  99. 0x0101     written to 0x40060164

  100. 0x0100     written to 0x40060580

  101. 0x0000     written to 0x40060582

  102. 0x0000     written to 0x40060584

  103. 0x0000     written to 0x40060586

  104. 0x1A1C     written to 0x40060590

  105. 0x0000     written to 0x40060592

  106. 0x0000     written to 0x40060594

  107. 0x0000     written to 0x40060596

  108. 0x0F00     written to 0x400605A0

  109. 0x0000     written to 0x400605A2

  110. 0x0000     written to 0x400605A4

  111. 0x0000     written to 0x400605A6

  112. 0x0000     written to 0x40060170

  113. 0x0101     written to 0x40060172

  114. 0x0101     written to 0x40060174

  115. 0x1E1F     written to 0x400605C0

  116. 0x0000     written to 0x400605C2

  117. 0x0000     written to 0x400605C4

  118. 0x0000     written to 0x400605C6

  119. 0x1B11     written to 0x400605D0

  120. 0x0000     written to 0x400605D2

  121. 0x0000     written to 0x400605D4

  122. 0x0000     written to 0x400605D6

  123. 0x0000     written to 0x400605E0

  124. 0x0000     written to 0x400605E2

  125. 0x0000     written to 0x400605E4

  126. 0x0000     written to 0x400605E6

  127.             read from 0x40060012 : 0x0001

  128. 0x0000     written to 0x40060012

  129. 0x20FF     written to 0x40060010

  130.             read from 0x40060010 : 0x20FF

  131.             read from 0x40060010 : 0x20FF

  132.  



Best regards,
Vicne
Core Developer
 
Posts: 1703
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 155 times

Re: Address 0x40060000 activity

Postby armitatz » Sun Feb 05, 2012 1:28 am

The camera never sleeps
I believe that interupt 40 is called when you press the on button and when you put a card inside the camera.

When the battery is in the camera starts and shows the number of photos you can take. Then it goes into a sleep/loop mode but is actually on. When you put a card in you have activity since the card light goes on the card is read and the display updated even if the camera seems ike it is off. When you press the on button the button controller? sets the correct value in the memory and interupt 40 wakes up the camera who was in the sleep/loop mode and you have this activity in the 40060000 area.
armitatz
 
Posts: 28
Joined: Thu Jan 19, 2012 8:36 am
Been thanked: 0 time

Re: Address 0x40060000 activity

Postby Vicne » Tue Mar 13, 2012 3:13 pm

Contrary to what I wrote in the first post of this thread, once the writing in that area is done, the code falls in another polling loop. If the "exit value" is written a second time, the function returns and control is given back the calling function

Here is the full activity log in the 4006 area in that case :
Code: Select all
  1.             read from 0x40060010 : 0x0000

  2.             read from 0x40060010 : 0x0000

  3.             read from 0x40060010 : 0x0000

  4. (first loop)

  5.             read from 0x40060010 : 0x0000

  6.             read from 0x40060010 : 0x0000

  7. 0x1000     written to 0x40060010                <<<< First click

  8.             read from 0x40060010 : 0x1000

  9. 0x0000     written to 0x40060008

  10.             read from 0x40060012 : 0x0000

  11. 0x0001     written to 0x40060012

  12. 0x0000     written to 0x40060100

  13. 0x0101     written to 0x40060102

  14. 0x0101     written to 0x40060104

  15. 0x0308     written to 0x40060400

  16. 0x0000     written to 0x40060402

  17. 0x0000     written to 0x40060404

  18. 0x0000     written to 0x40060406

  19. 0x140A     written to 0x40060410

  20. 0x0000     written to 0x40060412

  21. 0x0000     written to 0x40060414

  22. 0x0000     written to 0x40060416

  23. 0x1115     written to 0x40060420

  24. 0x0B0D     written to 0x40060422

  25. 0x0000     written to 0x40060424

  26. 0x0000     written to 0x40060426

  27. 0x0000     written to 0x40060110

  28. 0x0101     written to 0x40060112

  29. 0x0101     written to 0x40060114

  30. 0x0405     written to 0x40060440

  31. 0x0912     written to 0x40060442

  32. 0x0000     written to 0x40060444

  33. 0x0000     written to 0x40060446

  34. 0x0F0E     written to 0x40060450

  35. 0x1013     written to 0x40060452

  36. 0x0000     written to 0x40060454

  37. 0x0000     written to 0x40060456

  38. 0x1816     written to 0x40060460

  39. 0x0C00     written to 0x40060462

  40. 0x0000     written to 0x40060464

  41. 0x0000     written to 0x40060466

  42. 0x0000     written to 0x40060120

  43. 0x0101     written to 0x40060122

  44. 0x0101     written to 0x40060124

  45. 0x0107     written to 0x40060480

  46. 0x0000     written to 0x40060482

  47. 0x0000     written to 0x40060484

  48. 0x0000     written to 0x40060486

  49. 0x1700     written to 0x40060490

  50. 0x0000     written to 0x40060492

  51. 0x0000     written to 0x40060494

  52. 0x0000     written to 0x40060496

  53. 0x0000     written to 0x400604A0

  54. 0x0000     written to 0x400604A2

  55. 0x0000     written to 0x400604A4

  56. 0x0000     written to 0x400604A6

  57. 0x0000     written to 0x40060130

  58. 0x0101     written to 0x40060132

  59. 0x0101     written to 0x40060134

  60. 0x0206     written to 0x400604C0

  61. 0x0000     written to 0x400604C2

  62. 0x0000     written to 0x400604C4

  63. 0x0000     written to 0x400604C6

  64. 0x0000     written to 0x400604D0

  65. 0x0000     written to 0x400604D2

  66. 0x0000     written to 0x400604D4

  67. 0x0000     written to 0x400604D6

  68. 0x0000     written to 0x400604E0

  69. 0x0000     written to 0x400604E2

  70. 0x0000     written to 0x400604E4

  71. 0x0000     written to 0x400604E6

  72. 0x0000     written to 0x40060140

  73. 0x0101     written to 0x40060142

  74. 0x0101     written to 0x40060144

  75. 0x0607     written to 0x40060500

  76. 0x0B0D     written to 0x40060502

  77. 0x1300     written to 0x40060504

  78. 0x0000     written to 0x40060506

  79. 0x1602     written to 0x40060510

  80. 0x1800     written to 0x40060512

  81. 0x0000     written to 0x40060514

  82. 0x0000     written to 0x40060516

  83. 0x1203     written to 0x40060520

  84. 0x0500     written to 0x40060522

  85. 0x0000     written to 0x40060524

  86. 0x0000     written to 0x40060526

  87. 0x0000     written to 0x40060150

  88. 0x0101     written to 0x40060152

  89. 0x0101     written to 0x40060154

  90. 0x0809     written to 0x40060540

  91. 0x0A0C     written to 0x40060542

  92. 0x0E14     written to 0x40060544

  93. 0x0000     written to 0x40060546

  94. 0x1719     written to 0x40060550

  95. 0x1015     written to 0x40060552

  96. 0x0000     written to 0x40060554

  97. 0x0000     written to 0x40060556

  98. 0x1D04     written to 0x40060560

  99. 0x0000     written to 0x40060562

  100. 0x0000     written to 0x40060564

  101. 0x0000     written to 0x40060566

  102. 0x0000     written to 0x40060160

  103. 0x0101     written to 0x40060162

  104. 0x0101     written to 0x40060164

  105. 0x0100     written to 0x40060580

  106. 0x0000     written to 0x40060582

  107. 0x0000     written to 0x40060584

  108. 0x0000     written to 0x40060586

  109. 0x1A1C     written to 0x40060590

  110. 0x0000     written to 0x40060592

  111. 0x0000     written to 0x40060594

  112. 0x0000     written to 0x40060596

  113. 0x0F00     written to 0x400605A0

  114. 0x0000     written to 0x400605A2

  115. 0x0000     written to 0x400605A4

  116. 0x0000     written to 0x400605A6

  117. 0x0000     written to 0x40060170

  118. 0x0101     written to 0x40060172

  119. 0x0101     written to 0x40060174

  120. 0x1E1F     written to 0x400605C0

  121. 0x0000     written to 0x400605C2

  122. 0x0000     written to 0x400605C4

  123. 0x0000     written to 0x400605C6

  124. 0x1B11     written to 0x400605D0

  125. 0x0000     written to 0x400605D2

  126. 0x0000     written to 0x400605D4

  127. 0x0000     written to 0x400605D6

  128. 0x0000     written to 0x400605E0

  129. 0x0000     written to 0x400605E2

  130. 0x0000     written to 0x400605E4

  131. 0x0000     written to 0x400605E6

  132.             read from 0x40060012 : 0x0001

  133. 0x0000     written to 0x40060012

  134. 0x1000     written to 0x40060010

  135. 0x20FF     written to 0x40060010

  136.             read from 0x40060010 : 0x20FF

  137.             read from 0x40060010 : 0x20FF

  138. (second loop)

  139.             read from 0x40060010 : 0x20FF

  140.             read from 0x40060010 : 0x20FF

  141. 0x1000     written to 0x40060010                <<<< Second click

  142.             read from 0x40060010 : 0x1000

  143.             read from 0x4006000A : 0x0000

  144. 0x8000     written to 0x4006000A

  145.  



This really looks like a message sent to another device (possibly the I/O CPU) to initialize it.

Vicne
Vicne
Core Developer
 
Posts: 1703
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 155 times

Re: Address 0x40060000 activity

Postby Simeon » Tue Mar 13, 2012 7:02 pm

Well 0x400600A is read in @1FA4D4 XXX00_1FA4D4, and if 0x8000 is set, 0x40060000 has 0x8000 and another function 0x1D9692 is called.

1FA4D4 id called by:
1D9AF8 which is part of call table
8F9D6FD0 (copied from 38DF3C) (index 0x23) which is call from
1D994A CallsLongCallTab which is called from lots of interrupt handlers.

(10, 11, 12, 13, 14, 15, 17, 0x42930, 19, 1a, int_call_flags ( 0x ), 1f, 20, 21, 22, 23, 24, 27, 28, 29, 2q, 2b, 2c, 2e, 2f, 30, 21, 23, 33, 36, 37, 38, 39, 3a, 3b)

but r4 is loaded with 0x23 in only int_27, this int_27 I'd assume is what's fired when there is more "input from 0x4006"
Simeon
Core Developer
 
Posts: 2101
Joined: Wed Nov 30, 2011 6:12 am
Location: Christchurch, New Zealand
Been thanked: 398 times

Next

Return to Firmware

Who is online

Users browsing this forum: No registered users and 10 guests