On Sat 04 Feb 2012 at 22:20:27 +0100, "André Fachat" wrote: > I don't know much about the 6809, I'm basically seeing 6809 ASM for > the first time... But I'll try to make out something. I've been "forced" to read up on it, especially the adressing modes, so I'll try to give some quick hints. There is lots of info at http://koti.mbnet.fi/~atjs/mc6809. > * It looks like those ",S" addressing modes are stack-relative, which > would allow us to identify local variables Yes, the addressing modes with a comma in them are "indexed" modes, where various things are added to form the effective address. Read the comma as a plus, basically. There is an indirection implied, I think in all cases, (unlike 6502 syntax which writes () around the address). If there is another pair of  around it, there's another indirection. So the instructions with [6,S] take the value 6 positions into the stack, which is the address of the dongle, and use that as the final effective address. (That's why I included the hexdump from 09dd: it's the initial stack) If there is just ",S" or so, a value of 0 is implied (not even present in the instruction); it is just (S) in more familiar notation. "LEAS 14,S" is a Load Effective Address to S, in other words it adds 14 to the stack pointer, presumably cleaning up the local stack frame. Register "D" is the combination of A and B (big-endian). "LDD <$20" is "direct page" addressing (not low-byte-of), which is like zero-page but the page it concerns is given in the DP (direct page) register. "PSHS D" pushes 1 register on the S (system) stack. "PULU Y,B" pulls 2 registers (Y and B) from the U (user) stack. > * Unfortunately on 98b8 it branches back to the beginning, so it looks > like a loop > * on 9895 it does a branch subroutine (BSR) to 989f, but the code > (data) from 9897 to 989f is not deassembled. disassembled it looks like nonsense. > * If I interpret the ",S++" opcodes e.g. at 989f correctly, the pull > some values from the stack, so the subroutine may not be a subroutine > but a jump I think it is a call with inline data. The return address is used as an auto-incremented pointer to the data. Apparently it loops over that data and combines it with the data read from the dongle, which is in the A register, and on the stack (STA ,S). > * S,06 seems to be a pointer somewhere into memory - according to the > DONGLE traces pointing to the dongle > * you could make a stack dump on every cycle, as there is so much > stack-relative addressing... I'll try that later, sounds like a good idea. I also wonder what X and Y pount to. > André -Olaf. -- ___ Olaf 'Rhialto' Seibert -- There's no point being grown-up if you \X/ rhialto/at/xs4all.nl -- can't be childish sometimes. -The 4th Doctor Message was sent through the cbm-hackers mailing listReceived on 2012-02-05 01:00:03
Archive generated by hypermail 2.2.0.