Disassembly of section .data: 00000000 <.data>: 0: ea0002ff b 0xc04 4: 08000c04 stmeqda r0, {r2, r10, r11} 8: 0800156c stmeqda r0, {r2, r3, r5, r6, r8, r10, r12} c: 08001994 stmeqda r0, {r2, r4, r7, r8, r11, r12} 10: 080019dc stmeqda r0, {r2, r3, r4, r6, r7, r8, r11, r12} 14: 08001b00 stmeqda r0, {r8, r9, r11, r12} 18: 08001b48 stmeqda r0, {r3, r6, r8, r9, r11, r12} 1c: 08001af4 stmeqda r0, {r2, r4, r5, r6, r7, r9, r11, r12} 20: 08001b80 stmeqda r0, {r7, r8, r9, r11, r12} 24: 08001588 stmeqda r0, {r3, r7, r8, r10, r12} 28: 08001a3c stmeqda r0, {r2, r3, r4, r5, r9, r11, r12} 2c: 00000000 andeq r0, r0, r0 30: 08001778 stmeqda r0, {r3, r4, r5, r6, r8, r9, r10, r12} 34: 08001728 stmeqda r0, {r3, r5, r8, r9, r10, r12} 38: 08001218 stmeqda r0, {r3, r4, r9, r12} 3c: cafebabe bgt 0xfffaeb3c 40: e51ff004 ldr pc, [pc, #fffffffc] ; 0x44 44: 080016f4 stmeqda r0, {r2, r4, r5, r6, r7, r9, r10, r12} 48: e51ff004 ldr pc, [pc, #fffffffc] ; 0x4c 4c: 08001700 stmeqda r0, {r8, r9, r10, r12} 50: 08000800 stmeqda r0, {r11} 54: 08000000 stmeqda r0, {} 58: feedb0ba mcrnv 0, 7, r11, cr13, cr10, {5} 5c: 08000900 stmeqda r0, {r8, r11} 60: 08000920 stmeqda r0, {r5, r8, r11} 64: 08000940 stmeqda r0, {r6, r8, r11} 68: 08000960 stmeqda r0, {r5, r6, r8, r11} 6c: 08000980 stmeqda r0, {r7, r8, r11} 70: 080009a0 stmeqda r0, {r5, r7, r8, r11} 74: 080009c0 stmeqda r0, {r6, r7, r8, r11} 78: 080009e0 stmeqda r0, {r5, r6, r7, r8, r11} 7c: 00000000 andeq r0, r0, r0 80: 08000a00 stmeqda r0, {r9, r11} ... 400: de34b007 cdple 0, 3, cr11, cr4, cr7, {0} 404: 00000d01 andeq r0, r0, r1, lsl #26 ... 410: c001babe strgth r11, [r1], -lr 414: 00003e00 andeq r3, r0, r0, lsl #28 418: 00000200 andeq r0, r0, r0, lsl #4 ... 424: 00008000 andeq r8, r0, r0 428: 0000c000 andeq r12, r0, r0 42c: 0000c000 andeq r12, r0, r0 ... 800: 00000001 andeq r0, r0, r1 804: 08003750 stmeqda r0, {r4, r6, r8, r9, r10, r12, sp} 808: 00000010 andeq r0, r0, r0, lsl r0 80c: 00610d01 rsbeq r0, r1, r1, lsl #26 810: 00000000 andeq r0, r0, r0 # DATA - CPU speed 814: 00000003 andeq r0, r0, r3 818: 06270000 streqt r0, [r7], -r0 81c: 00000000 andeq r0, r0, r0 820: 08000000 stmeqda r0, {} ... # DATA 900-914 - memory configuration 0 (for 9 row) 900: 064c990f streqb r9, [r12], -pc, lsl #18 904: cccccccf stcgtl 12, cr12, [r12], #828 908: fffffffc swinv 0x00fffffc 90c: ffffffff swinv 0x00ffffff 910: 42304230 eormis r4, r0, #3 ; 0x3 914: 20182018 andcss r2, r8, r8, lsl r0 ... # DATA 920-934 - memory configuration 1 (for 10 row) 920: 0326991f teqeq r6, #507904 ; 0x7c000 924: cccccccf stcgtl 12, cr12, [r12], #828 928: fffffffc swinv 0x00fffffc 92c: ffffffff swinv 0x00ffffff 930: 42304230 eormis r4, r0, #3 ; 0x3 934: 20182018 andcss r2, r8, r8, lsl r0 ... # DATA 940-954 - memory configuration 2 (for 11 row) 940: 0192992f orreqs r9, r2, pc, lsr #18 944: cccccccf stcgtl 12, cr12, [r12], #828 948: fffffffc swinv 0x00fffffc 94c: ffffffff swinv 0x00ffffff 950: 42304230 eormis r4, r0, #3 ; 0x3 954: 20182018 andcss r2, r8, r8, lsl r0 ... # DATA 960-974 - memory configuration 3 (for 12 row) 960: 00c8993f sbceq r9, r8, pc, lsr r9 964: cccccccf stcgtl 12, cr12, [r12], #828 968: fffffffc swinv 0x00fffffc 96c: ffffffff swinv 0x00ffffff 970: 42304230 eormis r4, r0, #3 ; 0x3 974: 20182018 andcss r2, r8, r8, lsl r0 ... a04: 08000000 stmeqda r0, {} a08: c0000000 andgt r0, r0, r0 a0c: 80000c1e andhi r0, r0, lr, lsl r12 a10: 08000000 stmeqda r0, {} a14: 02000000 andeq r0, r0, #0 ; 0x0 a18: 00000000 andeq r0, r0, r0 a1c: 00000c12 andeq r0, r0, r2, lsl r12 a20: 0a000000 beq 0xa28 a24: 02000000 andeq r0, r0, #0 ; 0x0 a28: 08000000 stmeqda r0, {} a2c: 00000c12 andeq r0, r0, r2, lsl r12 a30: 0c000000 stceq 0, cr0, [r0] a34: 02000000 andeq r0, r0, #0 ; 0x0 a38: 10000000 andne r0, r0, r0 a3c: 00000c12 andeq r0, r0, r2, lsl r12 a40: 0e000000 cdpeq 0, 0, cr0, cr0, cr0, {0} a44: 02000000 andeq r0, r0, #0 ; 0x0 a48: 18000000 stmneda r0, {} a4c: 00000c12 andeq r0, r0, r2, lsl r12 a50: 10000000 andne r0, r0, r0 a54: 08000000 stmeqda r0, {} a58: c0000000 andgt r0, r0, r0 a5c: 80000c1a andhi r0, r0, r10, lsl r12 a60: 18000000 stmneda r0, {} a64: 08000000 stmeqda r0, {} a68: c0000000 andgt r0, r0, r0 a6c: 80000c16 andhi r0, r0, r6, lsl r12 a70: 20000000 andcs r0, r0, r0 a74: c0000000 andgt r0, r0, r0 a78: 20000000 andcs r0, r0, r0 a7c: 00000c12 andeq r0, r0, r2, lsl r12 a80: e0000000 and r0, r0, r0 a84: 04000000 streq r0, [r0] a88: e0000000 and r0, r0, r0 a8c: 00000c1e andeq r0, r0, lr, lsl r12 a90: e4000000 str r0, [r0] a94: 04000000 streq r0, [r0] a98: e0000000 and r0, r0, r0 a9c: 00000c1a andeq r0, r0, r10, lsl r12 aa0: e8000000 stmda r0, {} aa4: 18000000 stmneda r0, {} aa8: 00000000 andeq r0, r0, r0 aac: 00000002 andeq r0, r0, r2 ... c00: 00000001 andeq r0, r0, r1 # some kind of PC logic on an assumed external condition associated # with DMA buffer A stat address c04: e3a0220b mov r2, #-1342177280 ; 0xb0000000 c08: e5920000 ldr r0, [r2] c0c: e59f1618 ldr r1, [pc, #618] ; 0x122c c10: e1500001 cmp r0, r1 c14: 1a000002 bne 0xc24 c18: e35f0a01 cmp pc, #4096 ; 0x1000 c1c: aa000000 bge 0xc24 c20: e592f010 ldr pc, [r2, #16] # test to see if we are in an invalid mode # if we are, reinitiallize (clear MMU, caching, buffering, etc) c24: e10f0000 mrs r0, cpsr c28: e3100010 tst r0, #16 ; 0x10 c2c: 03a00030 moveq r0, #48 ; 0x30 c30: 0e010f10 mcreq 15, 0, r0, cr1, cr0, {0} # set mode to SVC and disable irq and fiq interupts c34: e10f0000 mrs r0, cpsr c38: e3c0001f bic r0, r0, #31 ; 0x1f c3c: e38000d3 orr r0, r0, #211 ; 0xd3 c40: e129f000 msr cpsr_all, r0 # set PPCR to 3 c44: e59f05e4 ldr r0, [pc, #5e4] ; 0x1230 c48: e59f15e4 ldr r1, [pc, #5e4] ; 0x1234 c4c: e081100f add r1, r1, pc c50: e5911000 ldr r1, [r1] c54: e5801000 str r1, [r0] # flush I&D Cache c58: e3a00a01 mov r0, #4096 ; 0x1000 c5c: ee070f17 mcr 15, 0, r0, cr7, cr7, {0} # enable I Cache c60: ee010f10 mcr 15, 0, r0, cr1, cr0, {0} # enable clock switching c64: ee0f0f51 mcr 15, 0, r0, cr15, cr1, {2} # ?????? (lr is r14_svc) maybe skip to 0xce0 c68: e35e0c0a cmp lr, #2560 ; 0xa00 c6c: 0a00001b beq 0xce0 # get r14_svc,r13_svc,r12,r11 c70: e1a0700e mov r7, lr c74: e1a0600d mov r6, sp c78: e1a0500c mov r5, r12 c7c: e1a0400b mov r4, r11 # get spsr_svc c80: e14f0000 mrs r0, spsr # set mode to irq and disable irq and fiq interupts c84: e10f8000 mrs r8, cpsr c88: e3c8801f bic r8, r8, #31 ; 0x1f c8c: e38880d2 orr r8, r8, #210 ; 0xd2 c90: e129f008 msr cpsr_all, r8 # get spsr_irq, r14_irq, r13_irq c94: e14f3000 mrs r3, spsr c98: e1a0200e mov r2, lr c9c: e1a0100d mov r1, sp # set mode to fiq and disable irq and fiq interupts ca0: e10f8000 mrs r8, cpsr ca4: e3c8801f bic r8, r8, #31 ; 0x1f ca8: e38880d1 orr r8, r8, #209 ; 0xd1 cac: e129f008 msr cpsr_all, r8 # set r14_fiq to value from r14_svc cb0: e1a0e007 mov lr, r7 # set r13_fiq to value from r13_svc cb4: e1a0d006 mov sp, r6 # set r12_fiq to value from r12 cb8: e1a0c005 mov r12, r5 # set r11_fiq to value from r11 cbc: e1a0b004 mov r11, r4 # set r10_fiq to value from spsr_irq cc0: e1a0a003 mov r10, r3 # set r9_fiq to value from r14_irq cc4: e1a09002 mov r9, r2 # set r8_fiq to value from r13_irq cc8: e1a08001 mov r8, r1 # set spsr_fiq to value from spsr_svc ccc: e169f000 msr spsr_all, r0 # set mode to SVC and disable irq and fiq interupts cd0: e10f0000 mrs r0, cpsr cd4: e3c0001f bic r0, r0, #31 ; 0x1f cd8: e38000d3 orr r0, r0, #211 ; 0xd3 cdc: e129f000 msr cpsr_all, r0 # r13_svc(sp) = fffff36c + cec = 58 ce0: e59fb550 ldr r11, [pc, #550] ; 0x1238 ce4: e08fd00b add sp, pc, r11 # clear r11, r12 ce8: e3a0b000 mov r11, #0 ; 0x0 cec: e3a0c000 mov r12, #0 ; 0x0 # loop and test memory configurations # r9 = [5C] = 0x08000900 on first iteration # sp = 0x5C + 4 = 0x60 on first iteration cf0: e5bd9004 ldr r9, [sp, #4]! cf4: e3590000 cmp r9, #0 ; 0x0 cf8: 0a00000a beq 0xd28 # r9 = 0x900 on first iteration cfc: e289933e add r9, r9, #-134217728 ; 0xf8000000 d00: eb00000c bl 0xd38 # if the regs were not set goto 0xcf0 d04: e3510000 cmp r1, #0 ; 0x0 d08: 0afffff8 beq 0xcf0 # clear r5 and test memory configuration d0c: e3a05000 mov r5, #0 ; 0x0 d10: eb0003a3 bl 0x1ba4 # if ( prev max memory size > current memory size) move on d14: e159000b cmp r9, r11 d18: dafffff4 ble 0xcf0 # save r13 (memory configuration pointer) and r9 ( # of 0x100000 memory units) d1c: e1a0b009 mov r11, r9 d20: e59dc000 ldr r12, [sp] d24: eafffff1 b 0xcf0 # restore memory configuration pointer and configure memory d28: e1a0900c mov r9, r12 d2c: e289933e add r9, r9, #-134217728 ; 0xf8000000 d30: eb000000 bl 0xd38 # ok memory is configured, move on d34: ea00000c b 0xd6c # configure memory # r0 = 0xa0000000 d38: e3a0020a mov r0, #-1610612736 ; 0xa0000000 # load r2-r7 = (cccccccf, fffffffc, ffffffff, 42304230, 20182018, 0) # load r1 = 064c990f, 0326991f, 0192992f, 00c8993f depending on interation d3c: e89900fe ldmia r9, {r1, r2, r3, r4, r5, r6, r7} # r7 = r11 (zero initially, then max # of 0x100000 memory units found thereafter) d40: e1a0700b mov r7, r11 d44: e3510000 cmp r1, #0 ; 0x0 d48: 0a000006 beq 0xd68 # r8 = rom bus width (value of 0 or 4) d4c: e5908010 ldr r8, [r0, #16] d50: e2088004 and r8, r8, #4 ; 0x4 # r5 = 42304234 or 42304230 d54: e1855008 orr r5, r5, r8 # store the register values d58: e88000fe stmia r0, {r1, r2, r3, r4, r5, r6, r7} # loop 512 times d5c: e3a00c02 mov r0, #512 ; 0x200 d60: e2500001 subs r0, r0, #1 ; 0x1 d64: 1afffffd bne 0xd60 # return d68: e1a0f00e mov pc, lr # memory is now configured # r1 = 0x90050000 d6c: e3a00000 mov r0, #0 ; 0x0 d70: e59f14c4 ldr r1, [pc, #4c4] ; 0x123c # mask **ALL** interrupts d74: e5810004 str r0, [r1, #4] # now test memory (setting r5 to 1 selects what seems to be a detailed test) d78: e3a05001 mov r5, #1 ; 0x1 d7c: eb000388 bl 0x1ba4 # check to see if any memory passed (if any memory succeeded goto 0xd98) d80: e3590000 cmp r9, #0 ; 0x0 d84: 1a000003 bne 0xd98 # try testing again (setting r5 to 0 selects what seems to be a lighter test) d88: e3a05000 mov r5, #0 ; 0x0 d8c: eb000384 bl 0x1ba4 # r1 = 0x00021530 # since some memory failed reduce amount known d90: e59f14a8 ldr r1, [pc, #4a8] ; 0x1240 d94: e0499001 sub r9, r9, r1 # r8 =0x3a0 d98: e24f8e3a sub r8, pc, #928 ; 0x3a0 d9c: eb0003d5 bl 0x1cf8 # set translation table base da0: e1a01006 mov r1, r6 da4: ee021f12 mcr 15, 0, r1, cr2, cr2, {0} # set domain access control da8: e3a01001 mov r1, #1 ; 0x1 dac: ee031f13 mcr 15, 0, r1, cr3, cr3, {0} # Flush I&D TLB and Cache db0: ee080f17 mcr 15, 0, r0, cr8, cr7, {0} db4: ee070f17 mcr 15, 0, r0, cr7, cr7, {0} db8: e3a00001 mov r0, #1 ; 0x1 # set r1 to proper virtual memory address (ie 0xddc=0x08000dcc) dbc: e59f1480 ldr r1, [pc, #480] ; 0x1244 dc0: e1a01001 mov r1, r1 # enable mmu dc4: ee010f10 mcr 15, 0, r0, cr1, cr0, {0} # jump to virtual memory address for the next instruction dc8: e1a0f001 mov pc, r1 # Flush I&D TLB and Cache dcc: ee080f17 mcr 15, 0, r0, cr8, cr7, {0} dd0: ee070f17 mcr 15, 0, r0, cr7, cr7, {0} dd4: e3a00000 mov r0, #0 ; 0x0 dd8: e3a01c0a mov r1, #2560 ; 0xa00 ddc: e5819074 str r9, [r1, #116] de0: e59fa460 ldr r10, [pc, #460] ; 0x1248 de4: e59a0000 ldr r0, [r10] de8: e5810100 str r0, [r1, #256] dec: e59a0004 ldr r0, [r10, #4] df0: e5810104 str r0, [r1, #260] df4: e59a001c ldr r0, [r10, #28] df8: e5810108 str r0, [r1, #264] dfc: e59a0018 ldr r0, [r10, #24] e00: e581010c str r0, [r1, #268] e04: e59fa430 ldr r10, [pc, #430] ; 0x123c e08: e59a0000 ldr r0, [r10] e0c: e5810110 str r0, [r1, #272] e10: e59a0004 ldr r0, [r10, #4] e14: e5810114 str r0, [r1, #276] e18: e59a0008 ldr r0, [r10, #8] e1c: e5810118 str r0, [r1, #280] e20: e59a0010 ldr r0, [r10, #16] e24: e581011c str r0, [r1, #284] e28: e59a0020 ldr r0, [r10, #32] e2c: e5810120 str r0, [r1, #288] e30: e59f1414 ldr r1, [pc, #414] ; 0x124c e34: e10f0000 mrs r0, cpsr e38: e3c0001f bic r0, r0, #31 ; 0x1f e3c: e38000d1 orr r0, r0, #209 ; 0xd1 e40: e129f000 msr cpsr_all, r0 e44: e8a17800 stmia r1!, {r11, r12, sp, lr} e48: e14f7000 mrs r7, spsr e4c: e8a10780 stmia r1!, {r7, r8, r9, r10} e50: e10f0000 mrs r0, cpsr e54: e3c0001f bic r0, r0, #31 ; 0x1f e58: e38000d7 orr r0, r0, #215 ; 0xd7 e5c: e129f000 msr cpsr_all, r0 e60: e8a16000 stmia r1!, {sp, lr} e64: e14f7000 mrs r7, spsr e68: e8a10080 stmia r1!, {r7} e6c: e10f0000 mrs r0, cpsr e70: e3c0001f bic r0, r0, #31 ; 0x1f e74: e38000db orr r0, r0, #219 ; 0xdb e78: e129f000 msr cpsr_all, r0 e7c: e8a16000 stmia r1!, {sp, lr} e80: e14f7000 mrs r7, spsr e84: e8a10080 stmia r1!, {r7} e88: e10f0000 mrs r0, cpsr e8c: e3c0001f bic r0, r0, #31 ; 0x1f e90: e38000d3 orr r0, r0, #211 ; 0xd3 e94: e129f000 msr cpsr_all, r0 e98: e70ee00e str lr, [lr, -lr] e9c: e3a0ec0a mov lr, #2560 ; 0xa00 ea0: e8ae3fff stmia lr!, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, sp} ea4: e3a00000 mov r0, #0 ; 0x0 ea8: e5901000 ldr r1, [r0] eac: e58e1000 str r1, [lr] eb0: e28f1fd6 add r1, pc, #856 ; 0x358 eb4: e891000c ldmia r1, {r2, r3} eb8: e3a00004 mov r0, #4 ; 0x4 ebc: e880000c stmia r0, {r2, r3} ec0: ee100f10 mrc 15, 0, r0, cr0, cr0, {0} ec4: e3a01c0a mov r1, #2560 ; 0xa00 ec8: e5810078 str r0, [r1, #120] ecc: e3a00000 mov r0, #0 ; 0x0 ed0: e5810084 str r0, [r1, #132] ed4: e59f2374 ldr r2, [pc, #374] ; 0x1250 ed8: e5922000 ldr r2, [r2] edc: e5920428 ldr r0, [r2, #1064] ee0: e3500000 cmp r0, #0 ; 0x0 ee4: 0a00000f beq 0xf28 ee8: e5920410 ldr r0, [r2, #1040] eec: e59f2360 ldr r2, [pc, #360] ; 0x1254 ef0: e1500002 cmp r0, r2 ef4: 1a00000b bne 0xf28 ef8: e3a0220b mov r2, #-1342177280 ; 0xb0000000 efc: e5920000 ldr r0, [r2] f00: e59f2350 ldr r2, [pc, #350] ; 0x1258 f04: e1500002 cmp r0, r2 f08: 0a000006 beq 0xf28 f0c: e59f2334 ldr r2, [pc, #334] ; 0x1248 f10: e5920000 ldr r0, [r2] f14: e2000602 and r0, r0, #2097152 ; 0x200000 f18: e3500602 cmp r0, #2097152 ; 0x200000 f1c: 0a000001 beq 0xf28 f20: e3a00000 mov r0, #0 ; 0x0 f24: ea000000 b 0xf2c f28: e3a00001 mov r0, #1 ; 0x1 f2c: e5810090 str r0, [r1, #144] f30: e59f0324 ldr r0, [pc, #324] ; 0x125c f34: e5900000 ldr r0, [r0] f38: e5810094 str r0, [r1, #148] f3c: e10f0000 mrs r0, cpsr f40: e3c000df bic r0, r0, #223 ; 0xdf f44: e38010d1 orr r1, r0, #209 ; 0xd1 f48: e129f001 msr cpsr_all, r1 f4c: e3802010 orr r2, r0, #16 ; 0x10 f50: e169f002 msr spsr_all, r2 f54: e3a0db01 mov sp, #1024 ; 0x400 f58: e38010d2 orr r1, r0, #210 ; 0xd2 f5c: e129f001 msr cpsr_all, r1 f60: e169f002 msr spsr_all, r2 f64: e3a0dc05 mov sp, #1280 ; 0x500 f68: e38010db orr r1, r0, #219 ; 0xdb f6c: e129f001 msr cpsr_all, r1 f70: e169f002 msr spsr_all, r2 f74: e3a0dc07 mov sp, #1792 ; 0x700 f78: e38010d7 orr r1, r0, #215 ; 0xd7 f7c: e129f001 msr cpsr_all, r1 f80: e169f002 msr spsr_all, r2 f84: e3a0db02 mov sp, #2048 ; 0x800 f88: e38010d3 orr r1, r0, #211 ; 0xd3 f8c: e129f001 msr cpsr_all, r1 f90: e169f002 msr spsr_all, r2 f94: e3a0dc0a mov sp, #2560 ; 0xa00 f98: e3a00000 mov r0, #0 ; 0x0 f9c: e59f1298 ldr r1, [pc, #298] ; 0x123c fa0: e5810004 str r0, [r1, #4] fa4: e5810008 str r0, [r1, #8] fa8: e3a00c0a mov r0, #2560 ; 0xa00 fac: e5900090 ldr r0, [r0, #144] fb0: e3500000 cmp r0, #0 ; 0x0 fb4: 0a000000 beq 0xfbc fb8: eb000275 bl 0x1994 fbc: e3a00802 mov r0, #131072 ; 0x20000 fc0: e59f1274 ldr r1, [pc, #274] ; 0x123c fc4: e5810004 str r0, [r1, #4] fc8: e3a00001 mov r0, #1 ; 0x1 fcc: e3a0a000 mov r10, #0 ; 0x0 fd0: e3a0b000 mov r11, #0 ; 0x0 fd4: e51f03dc ldr r0, [pc, #fffffc24] ; 0xc00 fd8: e3500000 cmp r0, #0 ; 0x0 fdc: e3a00d29 mov r0, #2624 ; 0xa40 fe0: e2400008 sub r0, r0, #8 ; 0x8 fe4: e38004e5 orr r0, r0, #-452984832 ; 0xe5000000 fe8: e3800609 orr r0, r0, #9437184 ; 0x900000 fec: e3800aff orr r0, r0, #1044480 ; 0xff000 ff0: e70e000e str r0, [lr, -lr] ff4: e59f1264 ldr r1, [pc, #264] ; 0x1260 ff8: e5810000 str r0, [r1] ffc: e59f1260 ldr r1, [pc, #260] ; 0x1264