A little PASM puzzle
jazzed
Posts: 11,803
Anyone (other than kuroneko [noparse]:)[/noparse] care to reverse engineer the purpose of this PASM code?
Hope some of the young ones or newbies give this a shot. I know the answer since I wrote it.
Just consider this a friendly challenge.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
--Steve
Propalyzer: Propeller PC Logic Analyzer
http://forums.parallax.com/showthread.php?p=788230
long $a0bfee07, $a4bc0e07, $08bc0df7, $e87c0c02 long $08bc0df7, $ec7c0c04, $00000000, $a3837ffe
Hope some of the young ones or newbies give this a shot. I know the answer since I wrote it.
Just consider this a friendly challenge.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
--Steve
Propalyzer: Propeller PC Logic Analyzer
http://forums.parallax.com/showthread.php?p=788230
Comments
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Visit some of my articles at Propeller Wiki:
MATH on the propeller propeller.wikispaces.com/MATH
pPropQL: propeller.wikispaces.com/pPropQL
pPropQL020: propeller.wikispaces.com/pPropQL020
OMU for the pPropQL/020 propeller.wikispaces.com/OMU
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
--Steve
Propalyzer: Propeller PC Logic Analyzer
http://forums.parallax.com/showthread.php?p=788230
opcod ZCRI CON DEST SRC 1: mov reg(503)[noparse][[/noparse]dirb],reg(7) WR 101000 0010 1111 111110111 000000111 // write 0 to dirb 2: neg reg(7),reg(7) WR 101001 0010 1111 000000111 000000111 // reg(7) becames -1 3: rdlong reg(6),reg(503) WR 000010 0010 1111 000000110 111110111 // copy current System clock frequency (hub long 0) to reg(6) 4: tjnz reg(6),jmp:#2 NR 111010 0001 1111 000000110 000000010 // tests reg(6) and jumps line 2 if not 0 5: rdlong reg(6),reg(503) WR 000010 0010 1111 000000110 111110111 // copy again first long from hub to reg(6) first 6: tjz reg(6),jmp:#4 NR 111011 0001 1111 000000110 000000100 // changed by lines 3 and 5 (perhaps 80_000_000) new 6: wrword reg(90),#0 WR 000001 0011 0001 001011010 000000000 // copy loword from reg(90) to hub word(0) first 7: wrbyte reg(0),reg(0) NR 000000 0000 0000 000000000 000000000 // changed by line 2 new 7: waitvid reg(511),#511 wz,wc 111111 1111 1111 111111111 111111111 // froze the cog because video/counters not configured 8: mov reg(447),reg(510)[noparse][[/noparse]VCFG]wz,wc 101000 1110 0000 110111111 111111110 503:DIRB // after line 1 is 0PS. I am already teasing of me (because is acomplete non sense what I have written) so, please, you gurus, be polite
BTW: What are CON bits for?
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
· Propeller Object Exchange (last Publications / Updates)
Post Edited (dMajo) : 8/22/2009 11:51:08 AM GMT
label rdlong target, source tjnz target, #labelis equivalent (except for timing) to
label rdlong target, source wz if_nz jmp #labelAs for your disassembly, addressing starts at cog address 0 which means dirb isn't loaded with $00000000 but $A3837FFE. As it's used as a hub address in a rdlong the effective (long) address value is $7FFC ...
Post Edited (kuroneko) : 8/22/2009 12:46:34 PM GMT
Too bad I need 2 more registers anyway and only dirb/outb are available besides the normal registers.
@dMajo,
Excellent attempt. No laughing allowed. The neg instruction is a little difficult to know at first.
There is a tool (or two) to do the disassembly. Ale's emulator will do it ... it is a good tool.
Here's the original source with comments.
'---------------------------------------------------------------------- ' 8 instructios + dirb + outb ' usr1/2 can be anything after startup ... :usr1 mov dirb, :insa ' 0 save :insa to dirb :usr2 neg :insa, :insa ' 1 convert :insa to a "jmp #2" :wait rdlong :inst, dirb ' 2 wait for instruction to be non-zero tjnz :inst, #:wait ' 3 wait while inst still set :geti rdlong :inst, dirb ' 4 get instruction tjz :inst, #:geti ' 5 wait while inst is zero - delay slot for SMC :inst nop ' 6 the instruction to execute :insa long $a3837ffe ' 7 Changes to "jmp #2" by the neg :insa, :insaThe stub is a PASM "stepper" which can be used to make a COG "do anything" that COGs can do
without regular PASM. This would be good for debugging PASM code with read, write, flag check, etc....
One could also use it as something of an in-line PASM engine. The LMM approach would be faster.
Here's an example of using the stub to get the COG's Carry flag state.
pub getc | n '' the getc method changes and executes stub register 0 & 1 instructions to get the COG's C flag state repeat n from 0 to (@gclast-@gccode)/4 run(long[noparse][[/noparse]@gccode+(n*4)]) return long[noparse][[/noparse]DATA] dat org 0 ' build a get carry flag instruction gccode mov USR1, #0 ' clear flag variable muxc USR1, #1 ' get carry bit movd USR2, #USR1 ' set destination movs USR2, #outb ' src location is in outb movi USR2, #MWRLONG ' wrlong - write to hub long[noparse][[/noparse]data] for caller to read gclast long JMPUSR2 ' run instruction var long INSA long DATA con MRDLONG = %000_010_001 MWRLONG = %000_010_000 USR1 = 0 USR2 = 1 JMPUSR2 = $5c7c0001 pub run(minst) long[noparse][[/noparse]INSA]~ ' tell stub we're ready long[noparse][[/noparse]INSA] := minst ' set instructionSome initialization like setting INSA/DATA, etc... is done before one can call getc.
This example will change to make it possible to get rid of the first stub instruction.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
--Steve
Propalyzer: Propeller PC Logic Analyzer
http://forums.parallax.com/showthread.php?p=788230
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Please use mikronauts _at_ gmail _dot_ com to contact me off-forum, my PM is almost totally full
Morpheus & Mem+dual Prop SBC w/ 512KB kit $119.95, 2MB memory IO board kit $89.95, both kits $189.95
www.mikronauts.com - my site 6.250MHz custom Crystals for running Propellers at 100MHz
Las - Large model assembler for the Propeller Largos - a feature full nano operating system for the Propeller
I'm happy that I at least guessed the direction to go in trying to figure it out your puzzle - but was way over my PASM decompiler (the neural on that is).
In case you don't notice, please look at this:
http://forums.parallax.com/showthread.php?p=833731
thanks
- H
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Post Edited (CounterRotatingProps) : 8/22/2009 5:36:16 PM GMT