I am trying to disassemble a code from a old radio containing a 68xx (68hc12 like) microcontroller. The problem is, I dont have the access to the interrupt vector of the micro in the top of the ROM, so I don't know where start to look. I only have the code below the top. There is some suggestion of where or how can I find meaningful routines in the code data?
Dissasemble 68xx code without entry point vector
164 views Asked by Hernandi F. Krammes F. At
1
There are 1 answers
Related Questions in 68HC12
- 8 bit led counter on assembly. How do I increment the counter value, x within this loop?
- Assembler HCS12 how does register with index work with TST-instruction?
- CMake with an embedded C compiler that doesn't support "-o"
- What is the code to print text into a new line on assembly code, on HCS12 microcontroller using CodeWarrior?
- Difference between decrement and subtraction in 68HC12
- need help debugging assembly code (HCS 12)
- GNU as doesn't accept flag when called from makefile, but OK when manually typed
- why does my loop stop at 3, and reports an incorrect order
- how to multiply 2 24 bit numbers in assembly
- Which Codewarrior version is needed for HCS08 and HCS12X under Windows 10?
- Assembly Language: Result in accumulator
- Interrupt service routine to measure a phase difference
- Preventing torn reads with an HCS12 microcontroller
- Sprintf not working with dragon12-light board(C)
- HCS12 embedded: counter timer and calculated output compare values
Related Questions in 68HC11
- Assembly code in Motorola 68HC11 not working for a value
- Can I execute an Assembly code in Motorola 68HC11 and other processors like ARM or x86?
- ANSI C90 68hc11 Assembly Language, Opcode Error Trapping
- Is there a way to prevent a looping illegal opcode interrupt in the 68HC11?
- How can I find and change a variable in an embedded Forth controller?
- Interrupts IQR and XIRQ - assembly
- Simple loop (reading temperature - MC68HC)
- Positive, negative and zero (assembly)
- Counting number (HC11)
- Swapping positions (HC11)
- 68hc11 assembly (first steps) - sorting
- Copy memory with 2 instructions?
- How to fix 68HC11 Compiler from making invalid JMP/BRA codes
- How 32-bit word would be stored in 16-bit architecture that does not detect overflow?
- Reading memory address's in c using user inputted hex values
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
You can't really disassemble reliably without knowing where the reset vector points. What you can do, however, is try to narrow down the possible reset addresses by eliminating all those other addresses that cannot possibly be a starting point.
So, given that any address in the memory map that contains a valid opcode is a potential reset point, you need to either eliminate it, or keep it for further analysis.
For the 68HC11 case, you could try to guess somewhat the entry point by looking for LDS instructions with legitimate operand value (i.e., pointing at or near the top of available RAM -- if multiple RAM banks, then to any of them).
It may help a bit if you know the device's full memory map, i.e., if external memory is used, its mapping and possible mapped peripherals (e.g., LCD). Do you also know CONFIG register contents?
The LDS instruction is usually either the very first instruction, or close thereafter (so look back a few instructions when you feel you have finally singled out your reset address). The problem here is some data may, by chance, appear as LDS instructions so you could end up with multiple potentially valid entry points. Only one of them is valid, of course.
You can eliminate further by disassembling a few instructions starting from each of these LDS instructions until you either hit an illegal opcode (i.e. obviously not a valid code sequence but an accidental data arrangement that looks like opcodes), or you see a series of instructions that are commonly used in 68HC11 initialization. These involve (usually) initialization of any one or more of the registers BPROT, OPTION, SCI, INIT ($103D in most parts, but for some $3D), etc.
You could write a relatively small script (e.g., in Lua) to do the basic scanning of the memory map and produce a (hopefully small) set of potential reset points to be examined further with a true disassembler for hints like the ones I mentioned.
Now, once you have the reset vector figured out the job becomes somewhat easier but you still need to figure out where any interrupt handlers are located. For this your hint is an RTI instruction and whatever preceding code that normally should acknowledge the specific interrupt it handles.
Hope this helps.