*** This file is copyright Ian Molton (c) 2003. *** DO NOT redistribuute without permission *** You may not remove this header under any circumstance. 49c4: e92d4800 stmdb sp!, {fp, lr} 49c8: e24dd020 sub sp, sp, #32 ; 0x20 49cc: ebffff61 bl 4758 <__data_start+0x4758> 4758: e59f3004 ldr r3, [pc, #4] ; 90002238 475c: e5930000 ldr r0, [r3] ; 90023038 4760: e1a0f00e mov pc, lr 49d0: e58d0014 str r0, [sp, #20] 49d4: e59d3014 ldr r3, [sp, #20] 49d8: e3e02000 mvn r2, #0 ; 0x0 49dc: e1530002 cmp r3, r2 (02000000 != 0) 49e0: 1a000003 bne 49f4 <__data_start+0x49f4> ... 49f4: e59f0310 ldr r0, [pc, #310] ; pTOC: 49f8: ebfff29b bl 146c ***NO OP*** 49fc: e59d0014 ldr r0, [sp, #20] 4a00: ebffff58 bl 4768 4a04: e59f02fc ldr r0, [pc, #2fc] ; (90002828) load r0 with message, print it. load r3 from sp+20 load r0 from r3+offset call 4768 8 90000000 beginning of bootloader 12 900230d8 end of bootloader 20 00000001 24 90048000 ram start? 28 9004a000 ram free? 60 80808080 64 80808080??? (00000000???) pTOC->physfirst: pTOC->physlast: pTOC->ulRAMStart: pTOC->ulRAMFree: pTOC->ulRAMEnd: pTOC->ulDrivglobStart: pTOC->ulDrivglobLen: Relocating flash kernel writeable data sections 4aa0: ebffff5e bl 4820 4820: e92d4000 stmdb sp!, {lr} 4824: e24dd008 sub sp, sp, #8 4828: e59f3024 ldr r3, [pc, #24] (90023038) 482c: e5933000 ldr r3, [r3] (0x02000000) 4830: e3e02000 mvn r2, #0 ; 0x0 4834: e1530002 cmp r3, r2 4838: 1a000006 bne 4858 483c: e59f000c ldr r0, [pc, #c] ; ERROR: Kernel must be part of ROM image! 4840: ebfff309 bl 146c 4844: ebfff490 bl 1a8c 4848: ebfff30a bl 1478 484c: eafffffc b 4844 4850: 90002344 andls r2, r0, r4, asr #6 4854: 90002238 andls r2, r0, r8, lsr r2 4858: e3a03000 mov r3, #0 ; 0x0 485c: e58d3000 str r3, [sp] !sp=0 4860: ea000002 b 4870 4864: e59d3000 ldr r3, [sp] (00000000) 4868: e2833001 add r3, r3, #1 ; 0x1 486c: e58d3000 str r3, [sp] !sp = 1 4870: e51f3024 ldr r3, [pc, #ffffffdc] 4874: e5933000 ldr r3, [r3] (90023038) 4878: e59d2000 ldr r2, [sp] (00000001) 487c: e5933020 ldr r3, [r3, #32] (00000001) 4880: e1520003 cmp r2, r3 4884: 2a00004c bcs 49bc *return 4888: e51f303c ldr r3, [pc, #ffffffc4] 488c: e5933000 ldr r3, [r3] (90023038) 4890: e59d2000 ldr r2, [sp] (00000001) 4894: e1a02202 mov r2, r2, lsl #4 (00000010) 4898: e5933024 ldr r3, [r3, #36] (900230c8) 489c: e0833002 add r3, r3, r2 (900230d8) 48a0: e58d3004 str r3, [sp, #4] !sp+4=900230d8 48a4: e59d3004 ldr r3, [sp, #4] 48a8: e5933008 ldr r3, [r3, #8] r3= just off end 48ac: e3530000 cmp r3, #0 ; 0x0 48b0: 0a000017 beq 4914 **if r3 = 0 then skip memcpy() 48b4: e59f00fc ldr r0, [pc, #fc] ; Copying writeable data: memcpy( 48b8: ebfff2eb bl 146c 48bc: e59d3004 ldr r3, [sp, #4] 48c0: e5930004 ldr r0, [r3, #4] 48c4: ebffffa7 bl 4768 48c8: e59f00e4 ldr r0, [pc, #e4] ; ", " 48cc: ebfff2e6 bl 146c 48d0: e59d3004 ldr r3, [sp, #4] 48d4: e5930000 ldr r0, [r3] 48d8: ebffffa2 bl 4768 48dc: e59f00d0 ldr r0, [pc, #d0] ; ", " 48e0: ebfff2e1 bl 146c 48e4: e59d3004 ldr r3, [sp, #4] 48e8: e5930008 ldr r0, [r3, #8] 48ec: ebffff9d bl 4768 48f0: e59f00b0 ldr r0, [pc, #b0] ; "\t)\n" 48f4: ebfff2dc bl 146c 48f8: e59d3004 ldr r3, [sp, #4] 48fc: e5932008 ldr r2, [r3, #8] end + 8 4900: e59d3004 ldr r3, [sp, #4] 4904: e5931000 ldr r1, [r3] end + 0 4908: e59d3004 ldr r3, [sp, #4] 490c: e5930004 ldr r0, [r3, #4] end + 4 4910: eb00068a bl 6340 4914: e59d3004 ldr r3, [sp, #4] 4918: e59d2004 ldr r2, [sp, #4] 491c: e5933008 ldr r3, [r3, #8] 4920: e592200c ldr r2, [r2, #12] 4924: e1530002 cmp r3, r2 4928: 2a00001d bcs 49a4 492c: e59f007c ldr r0, [pc, #7c] ; Zeroing BSS: memset( 4930: ebfff2cd bl 146c 4934: e59d3004 ldr r3, [sp, #4] 4938: e59d2004 ldr r2, [sp, #4] 493c: e5933004 ldr r3, [r3, #4] 4940: e5922008 ldr r2, [r2, #8] 4944: e0830002 add r0, r3, r2 4948: ebffff86 bl 4768 494c: e59f0058 ldr r0, [pc, #58] ; , 0, 4950: ebfff2c5 bl 146c 4954: e59d3004 ldr r3, [sp, #4] 4958: e59d2004 ldr r2, [sp, #4] 495c: e593300c ldr r3, [r3, #12] 4960: e5922008 ldr r2, [r2, #8] 4964: e0430002 sub r0, r3, r2 4968: ebffff7e bl 4768 496c: e59f0034 ldr r0, [pc, #34] ; "\t)\n" 4970: ebfff2bd bl 146c 4974: e59d3004 ldr r3, [sp, #4] 4978: e59d2004 ldr r2, [sp, #4] 497c: e593300c ldr r3, [r3, #12] 4980: e5922008 ldr r2, [r2, #8] 4984: e0432002 sub r2, r3, r2 4988: e3a01000 mov r1, #0 ; 0x0 498c: e59d3004 ldr r3, [sp, #4] 4990: e59d0004 ldr r0, [sp, #4] 4994: e5933004 ldr r3, [r3, #4] 4998: e5900008 ldr r0, [r0, #8] 499c: e0830000 add r0, r3, r0 49a0: eb000644 bl 62b8 49a4: eaffffae b 4864 49a8: 9000231c andls r2, r0, ip, lsl r3 49ac: 900022fc strlsd r2, [r0], -ip 49b0: 90002304 andls r2, r0, r4, lsl #6 49b4: 90002320 andls r2, r0, r0, lsr #6 49b8: 90002324 andls r2, r0, r4, lsr #6 49bc: e28dd008 add sp, sp, #8 ; 0x8 49c0: e8bd8000 ldmia sp!, {pc} Bootloader C Run Time Initialization Done. 4aac: ebfff3f6 bl 1a8c <__data_start+0x1a8c> Debug Port Initialized 4abc: eb001156 bl 901c <__data_start+0x901c> 4ac0: e58d000c str r0, [sp, #12] *store CPUid in sp+12 4b70: ebfffef8 bl 4758 4b74: e5903014 ldr r3, [r0, #20] ; 90048000 4b78: e3a02209 mov r2, #-1879048192 ; 0x90000000 4b7c: e3822912 orr r2, r2, #294912 ; 0x48000 4b80: e1530002 cmp r3, r2 4b84: 0a000005 beq 4ba0 ... 4ba0: ebfffeec bl 4758 4ba4: e1a0b000 mov fp, r0 4ba8: ebfffeea bl 4758 4bac: e59b301c ldr r3, [fp, #28] ; 90068000 4bb0: e5902014 ldr r2, [r0, #20] ; 90048000 4bb4: e0433002 sub r3, r3, r2 ; 00020000 4bb8: e3a02802 mov r2, #131072 ; 0x20000 4bbc: e1530002 cmp r3, r2 4bc0: 0a000008 beq 4be8 ... 4be8: e59f00a0 ldr r0, [pc, #a0] ; =================== 4bec: eb000a50 bl 7534 <__data_start+0x7534> 4bf0: ebfffed8 bl 4758 <__data_start+0x4758> 4bf4: e590301c ldr r3, [r0, #28] ; 90068000 4bf8: e3a02209 mov r2, #-1879048192 ; 0x90000000 4bfc: e3822605 orr r2, r2, #5242880 ; 0x500000 4c00: e1530002 cmp r3, r2 4c04: 9a00000d bls 4c40 ... 4c40: eb001092 bl 8e90 (get PM scratch reg.) 4c44: e58d0010 str r0, [sp, #16] ; store at sp+16 4c48: e59d3010 ldr r3, [sp, #16] ; prob. == 0 4c4c: e2133001 ands r3, r3, #1 ; 0x1 4c50: 1a000038 bne 4d38 4c54: e3a03000 mov r3, #0 ; 0x0 4c58: e58d3018 str r3, [sp, #24] 4c5c: e3a034a9 mov r3, #-1459617792 ; 0xa9000000 4c60: e3833602 orr r3, r3, #2097152 ; 0x200000 4c64: e5933000 ldr r3, [r3] r3 = GPLR0 4c68: e2033001 and r3, r3, #1 ; 0x1 4c6c: e58d301c str r3, [sp, #28] store GPIO st. & 1 @ sp+28 4c70: e59d301c ldr r3, [sp, #28] 4c74: e3530000 cmp r3, #0 ; 0x0 4c78: 1a000024 bne 4d10 sp+24 = 0 else 4c7c: e3a03001 mov r3, #1 ; 0x1 4c80: e58d3018 str r3, [sp, #24] sp+24 = 1 4c84: ea000023 b 4d18 <__data_start+0x4d18> ... 4d10: e3a03000 mov r3, #0 ; 0x0 4d14: e58d3018 str r3, [sp, #24] 4d18: e59d3018 ldr r3, [sp, #24] 4d1c: e3530000 cmp r3, #0 ; 0x0 4d20: 0a000004 beq 4d38 4d24: e59d3010 ldr r3, [sp, #16] 4d28: e3833001 orr r3, r3, #1 ; 0x1 4d2c: e58d3010 str r3, [sp, #16] 4d30: e59d0010 ldr r0, [sp, #16] 4d34: eb00108a bl 8f64 4d38: e59d3010 ldr r3, [sp, #16] 4d3c: e2133001 ands r3, r3, #1 ; 0x1 4d40: 0a000004 beq 4d58 4d44: e59f3368 ldr r3, [pc, #368] ; (9004883c) 4d48: e3a02001 mov r2, #1 ; 0x1 4d4c: e5832000 str r2, [r3] 4d50: e3a00000 mov r0, #0 ; 0x0 4d54: eb001089 bl 8f80 *set RTC 4d58: e59f335c ldr r3, [pc, #35c] ; 50bc <__data_start+0x50bc> 4d5c: e5933000 ldr r3, [r3] 4d60: e59f2350 ldr r2, [pc, #350] ; 50b8 <__data_start+0x50b8> 4d64: e5823000 str r3, [r2] 4d68: e3a03010 mov r3, #16 ; 0x10 4d6c: e58d3008 str r3, [sp, #8] 4d70: e3a03008 mov r3, #8 ; 0x8 4d74: e58d3004 str r3, [sp, #4] 4d78: e3a03004 mov r3, #4 ; 0x4 4d7c: e58d3000 str r3, [sp] 4d80: e3a03002 mov r3, #2 ; 0x2 4d84: e3a02001 mov r2, #1 ; 0x1 4d88: e59f1328 ldr r1, [pc, #328] ; 50b8 <__data_start+0x50b8> 4d8c: e5911000 ldr r1, [r1] 4d90: e59f0334 ldr r0, [pc, #334] ; 50cc <__data_start+0x50cc> 4d94: eb0009e6 bl 7534 <__data_start+0x7534> 4d98: eb001040 bl 8ea0 8ea0: e59f1054 ldr r1, [pc, #54] ; 8efc 8ea4: e5913000 ldr r3, [r1] 8ea8: e5933000 ldr r3, [r3] 8eac: e203001f and r0, r3, #31 ; 0x1f 8eb0: e5913000 ldr r3, [r1] 8eb4: e3500001 cmp r0, #1 ; 0x1 8eb8: e5933000 ldr r3, [r3] 8ebc: e1a032a3 mov r3, r3, lsr #5 8ec0: e2032003 and r2, r3, #3 ; 0x3 8ec4: 0a000015 beq 8f20 ; nReset 8ec8: e3500002 cmp r0, #2 ; 0x2 8ecc: 0a000011 beq 8f18 ; soft reset 8ed0: e3500003 cmp r0, #3 ; 0x3 8ed4: 0a00000d beq 8f10 ; nReset+soft reset 8ed8: e3500004 cmp r0, #4 ; 0x4 8edc: 0a000009 beq 8f08 ; watchdog 8ee0: e3500005 cmp r0, #5 ; 0x5 8ee4: 0a000005 beq 8f00 ; watchdog+nReset 8ee8: e350000f cmp r0, #15 ; 0xf 8eec: 13a01000 movne r1, #0 ; 0x0 8ef0: 1a00000b bne 8f24 ; nRst+soft+wdog+batt+cdd 8ef4: e3a01009 mov r1, #9 ; 0x9 8ef8: ea000009 b 8f24 (.out) 8efc: 90003338 andls r3, r0, r8, lsr r3 8f00: e3a0102d mov r1, #45 ; 0x2d watchdog + nReset 8f04: ea000006 b 8f24 8f08: e3a01028 mov r1, #40 ; 0x28 watchdog 8f0c: ea000004 b 8f24 8f10: e3a01024 mov r1, #36 ; 0x24 nReset+soft 8f14: ea000002 b 8f24 8f18: e3a01020 mov r1, #32 ; 0x20 soft reset 8f1c: ea000000 b 8f24 8f20: e3a0101b mov r1, #27 ; 0x1b nReset 8f24: .out cmp r2, #1 ; 0x1 8f28: 0a000008 beq 8f50 8f2c: e3520002 cmp r2, #2 ; 0x2 8f30: 0a000004 beq 8f48 8f34: e3520003 cmp r2, #3 ; 0x3 8f38: 13a00000 movne r0, #0 ; 0x0 8f3c: 1a000004 bne 8f54 8f40: e3a00004 mov r0, #4 ; 0x4 8f44: ea000002 b 8f54 8f48: e3a00002 mov r0, #2 ; 0x2 8f4c: ea000000 b 8f54 8f50: e3a00001 mov r0, #1 ; 0x1 r0 = 4 r1 = ?? 8f54: e0030190 mul r3, r0, r1 8f58: e3a029e1 mov r2, #3686400 ; 0x384000 8f5c: e0000293 mul r0, r3, r2 8f60: e1a0f00e mov pc, lr 4d9c: e1a01000 mov r1, r0 4da0: e59f0320 ldr r0, [pc, #320] ; 50c8 Current CPU speed= 4da4: eb0009e2 bl 7534 <__data_start+0x7534> 4da8: e59f3304 ldr r3, [pc, #304] ; (9004883c) 4dac: e5933000 ldr r3, [r3] 4db0: e3530000 cmp r3, #0 ; 0x0 if reset reason == 0 4db4: 1a000049 bne 4ee0 4db8: e59f0304 ldr r0, [pc, #304] ; Not clearing object store, preserving some Driver Globals entries 4dbc: eb0009dc bl 7534 <__data_start+0x7534> ... 4ee0: e59f01d8 ldr r0, [pc, #1d8] ; Clearing Driver Globals Area 4ee4: eb000992 bl 7534 <__data_start+0x7534> 4ee8: e3a02b02 mov r2, #2048 ; 0x800 4eec: e3a01000 mov r1, #0 ; 0x0 4ef0: e3a0320b mov r3, #-1342177280 ; 0xb0000000 4ef4: e3830701 orr r0, r3, #262144 ; 0x40000 4ef8: eb0004ee bl 62b8 memset(0xb0040000, 0, 2048); 4efc: e59f31b8 ldr r3, [pc, #1b8] ; (b0040300) 4f00: e59f21b0 ldr r2, [pc, #1b0] ; (90048838) 4f04: e5922000 ldr r2, [r2] get reset status 4f08: e5832000 str r2, [r3] store it. 4f0c: e59f31a0 ldr r3, [pc, #1a0] ; (9004883c) 4f10: e5933000 ldr r3, [r3] 4f14: e3530000 cmp r3, #0 ; 0x0 4f18: 1a00006c bne 50d0 <__data_start+0x50d0> ... 50d0: e59f30b8 ldr r3, [pc, #b8] ; (b00403a0) 50d4: e3a02001 mov r2, #1 ; 0x1 50d8: e5832000 str r2, [r3] 50dc: e3a02c01 mov r2, #256 ; 0x100 50e0: e3a01000 mov r1, #0 ; 0x0 50e4: e59f00a0 ldr r0, [pc, #a0] ; b0040910 50e8: eb000472 bl 62b8 memset(40910, 0, 256) 50ec: e59f3094 ldr r3, [pc, #94] ; 5188 50f0: e59f208c ldr r2, [pc, #8c] ; 5184 50f4: e5832000 str r2, [r3] 50f8: e59f3080 ldr r3, [pc, #80] ; 5180 50fc: e59f2078 ldr r2, [pc, #78] ; 517c 5100: e5832000 str r2, [r3] 5104: e59f306c ldr r3, [pc, #6c] ; 5178 5108: e3a02001 mov r2, #1 ; 0x1 510c: e5832000 str r2, [r3] 5110: e59f305c ldr r3, [pc, #5c] ; 5174 5114: e3a02001 mov r2, #1 ; 0x1 5118: e5832000 str r2, [r3] 511c: eb000f1a bl 8d8c Cotulla CPU init fn. 8d8c: e92d4000 stmdb sp!, {lr} 8d90: e59f00a0 ldr r0, [pc, #a0] ; 8e38 8d94: ebfff9e6 bl 7534 Cotulla CPU Init 8d98: e59f3094 ldr r3, [pc, #94] ; (a8200014) 48000014 PCMCIA/CF bus config reg. 8d9c: e3a02003 mov r2, #3 ; 0x3 8da0: e59f0088 ldr r0, [pc, #88] ; (a920001c) 40e0001c GPIO pin output set reg GPIO 63:32 8da4: e5832000 str r2, [r3] 8da8: e3a024ff mov r2, #-16777216 ; 0xff000000 8dac: e5903000 ldr r3, [r0] 8db0: e382260f orr r2, r2, #15728640 ; 0xf00000 8db4: e38338ff orr r3, r3, #16711680 ; 0xff0000 8db8: e5803000 str r3, [r0] 8dbc: e59f0068 ldr r0, [pc, #68] ; (a9200010) 40e00010 GPIO pin direction reg. GPIO 63:32 8dc0: e5903000 ldr r3, [r0] 8dc4: e38338ff orr r3, r3, #16711680 ; 0xff0000 8dc8: e5803000 str r3, [r0] 8dcc: e5903000 ldr r3, [r0] 8dd0: e3c33403 bic r3, r3, #50331648 ; 0x3000000 8dd4: e5803000 str r3, [r0] 8dd8: e59f0048 ldr r0, [pc, #48] ; (a9200060) 40e00060 GPIO Alt Fn select GPIO 63:48 8ddc: e5903000 ldr r3, [r0] 8de0: e0033002 and r3, r3, r2 8de4: e59f2038 ldr r2, [pc, #38] ; (0005aaaa) ?5aaaa 8de8: e5803000 str r3, [r0] 8dec: e5903000 ldr r3, [r0] 8df0: e1833002 orr r3, r3, r2 8df4: e5803000 str r3, [r0] 8df8: ebfff4f4 bl 61d0 AC97 (ACUNIT) init code. 8dfc: e1b03000 movs r3, r0 8e00: 159f0018 ldrne r0, [pc, #18] ; ACUNIT Init Done!! 8e04: 059f0010 ldreq r0, [pc, #10] ; ACUNIT Init Failure!! 8e08: ebfff9c9 bl 7534 8e0c: e59f0004 ldr r0, [pc, #4] ; Cotulla CPU Init Exiting 8e10: e8bd4000 ldmia sp!, {lr} 8e14: eafff9c6 b 7534 5120: eb000df3 bl 88f4 Print CPU status info. 5124: e59f0044 ldr r0, [pc, #44] ; 5170 Calling PlatformInit() 5128: eb000901 bl 7534 512c: eb00033d bl 5e28 ; PlatformInit() 5130: e59f0034 ldr r0, [pc, #34] ; 516c (90002240) =00000084 5134: eb000113 bl 5588 ; 5588: e3a03102 mov r3, #-2147483648 ; 0x80000000 558c: e59f1018 ldr r1, [pc, #18] ; (9000541c) 5590: e1500003 cmp r0, r3 5594: 3a00000f bcc 55d8 5598: e3e03101 mvn r3, #1073741824 ; 0x40000000 559c: e1500003 cmp r0, r3 55a0: 8a00000c bhi 55d8 55a4: e3c02202 bic r2, r0, #536870912 ; 0x20000000 55a8: ea000007 b 55cc 55ac: 9000541c andls r5, r0, ip, lsl r4 55b0: e1520000 cmp r2, r0 55b4: 3a000003 bcc 55c8 55b8: e5913008 ldr r3, [r1, #8] 55bc: e0803a03 add r3, r0, r3, lsl #20 <<20+r0 55c0: e1520003 cmp r2, r3 55c4: 3a000005 bcc 55e0 55c8: e281100c add r1, r1, #12 ; 0xc 55cc: e5910000 ldr r0, [r1] 55d0: e3500000 cmp r0, #0 ; 0x0 55d4: 1afffff5 bne 55b0 55d8: e3e00000 mvn r0, #0 ; 0x0 55dc: e1a0f00e mov pc, lr 55e0: e5913000 ldr r3, [r1] 55e4: e0423003 sub r3, r2, r3 55e8: e5912004 ldr r2, [r1, #4] 55ec: e0830002 add r0, r3, r2 55f0: eafffff9 b 55dc 5138: e59f3028 ldr r3, [pc, #28] ; 5168 513c: e5830000 str r0, [r3] 5140: ebfffd6a bl 46f0 5144: ebfffd78 bl 472c 5148: ebfffd0b bl 457c 514c: ebfffd65 bl 46e8 run tests? loops to here from 51a0 5150: e1b03000 movs r3, r0 5154: 1a00000e bne 5194 Diagnostics passed! 5158: e59f0004 ldr r0, [pc, #4] ; (Diagnostics Failed!) 515c: eb0008f4 bl 7534 5160: ea00000f b 51a4 5164: 9000239c mulls r0, ip, r3 5168: b0040344 andlt r0, r4, r4, asr #6 516c: 90002240 andls r2, r0, r0, asr #4 5170: 900023b4 strlsh r2, [r0], -r4 5174: 90049c20 andls r9, r4, r0, lsr #24 5178: b0040378 andlt r0, r4, r8, ror r3 517c: 27182818 undefined 5180: b0040374 andlt r0, r4, r4, ror r3 5184: 90048078 andls r8, r4, r8, ror r0 5188: b004037c andlt r0, r4, ip, ror r3 518c: b0040910 andlt r0, r4, r0, lsl r9 5190: b00403a0 andlt r0, r4, r0, lsr #7 5194: eb000069 bl 5340 arrive here when passed diag. 5340: e92d4070 stmdb sp!, {r4, r5, r6, lr} 5344: e24dd020 sub sp, sp, #32 ; 0x20 5348: e59f30a8 ldr r3, [pc, #a8] ; (9000520c) 534c: e3a06000 mov r6, #0 ; 0x0 5350: e58d3000 str r3, [sp] 5354: e59f30b0 ldr r3, [pc, #b0] ; (900051d4) 5358: e58d3004 str r3, [sp, #4] 535c: e59f30a4 ldr r3, [pc, #a4] ; (900051cc) 5360: e58d3008 str r3, [sp, #8] 5364: e59f3098 ldr r3, [pc, #98] ; (90005234) 5368: e58d300c str r3, [sp, #12] 536c: e59f308c ldr r3, [pc, #8c] ; (9000523c) 5370: e58d3010 str r3, [sp, #16] 5374: e59f3080 ldr r3, [pc, #80] ; (90005244) 5378: e58d3014 str r3, [sp, #20] 537c: e3a03000 mov r3, #0 ; 0x0 5380: e58d3018 str r3, [sp, #24] 5384: eb000219 bl 5bf0 5388: e1b03000 movs r3, r0 538c: 0a000014 beq 53e4 5390: e59f3060 ldr r3, [pc, #60] ; 9000520c 5394: e3530000 cmp r3, #0 ; 0x0 5398: 0a000011 beq 53e4 539c: e28d5000 add r5, sp, #0 ; 0x0 53a0: e5954000 ldr r4, [r5] 53a4: e1a01006 mov r1, r6 53a8: e59f0044 ldr r0, [pc, #44] ; (Update.c: i %d, boot_function %x) 53ac: e1a02004 mov r2, r4 53b0: eb00085f bl 7534 53b4: e1a0e00f mov lr, pc 53b8: e1a0f004 mov pc, r4 53bc: e3500003 cmp r0, #3 ; 0x3 53c0: 02866001 addeq r6, r6, #1 ; 0x1 53c4: 02855004 addeq r5, r5, #4 ; 0x4 53c8: e3500001 cmp r0, #1 ; 0x1 53cc: 0a000010 beq 5414 53d0: e3500002 cmp r0, #2 ; 0x2 53d4: 0a00000d beq 5410 53d8: e5953000 ldr r3, [r5] 53dc: e3530000 cmp r3, #0 ; 0x0 53e0: 1affffee bne 53a0 53e4: ebffffa2 bl 5274 5274: e92d4000 stmdb sp!, {lr} 5278: e24dd008 sub sp, sp, #8 ; 0x8 527c: e3a0320b mov r3, #-1342177280 ; 0xb0000000 5280: e59f00b4 ldr r0, [pc, #b4] ; Mirroring %dMB flash in RAM 5284: e3833601 orr r3, r3, #1048576 ; 0x100000 5288: e58d3004 str r3, [sp, #4] 528c: e3a0320a mov r3, #-1610612736 ; 0xa0000000 5290: e3a01004 mov r1, #4 ; 0x4 5294: e58d3000 str r3, [sp] 5298: eb0008a5 bl 7534 529c: e59d1000 ldr r1, [sp] 52a0: e59f0090 ldr r0, [pc, #90] ; Mirror flash virt address = 0x%x 52a4: eb0008a2 bl 7534 52a8: e59d1004 ldr r1, [sp, #4] 52ac: e59f0080 ldr r0, [pc, #80] ; Original flash virt address = 0x%x 52b0: eb00089f bl 7534 52b4: e3a00601 mov r0, #1048576 ; 0x100000 52b8: e59d3000 ldr r3, [sp] 52bc: e2400001 sub r0, r0, #1 ; 0x1 52c0: e59d2004 ldr r2, [sp, #4] 52c4: e3500000 cmp r0, #0 ; 0x0 52c8: e5922000 ldr r2, [r2] 52cc: e5832000 str r2, [r3] 52d0: e59d3000 ldr r3, [sp] 52d4: e2833004 add r3, r3, #4 ; 0x4 52d8: e58d3000 str r3, [sp] 52dc: e59d3004 ldr r3, [sp, #4] 52e0: e2833004 add r3, r3, #4 ; 0x4 52e4: e58d3004 str r3, [sp, #4] 52e8: 8afffff2 bhi 52b8 52ec: e59f303c ldr r3, [pc, #3c] ; 5330 52f0: e3a02001 mov r2, #1 ; 0x1 52f4: e59f0030 ldr r0, [pc, #30] ; Jumping to existing image at %Xh... 52f8: e3a01701 mov r1, #262144 ; 0x40000 52fc: e5832000 str r2, [r3] 5300: eb00088b bl 7534 5304: eb0003a7 bl 61a8 5308: e59f3018 ldr r3, [pc, #18] ; (b0040364) 530c: e3a02701 mov r2, #262144 ; 0x40000 5310: e3a00701 mov r0, #262144 ; 0x40000 5314: e5832000 str r2, [r3] 5318: eb000f1c bl 8f90 8f90: e1a07000 mov r7, r0 = 0x40000 8f94: e59f0100 ldr r0, [pc, #100] ; (9000541c) 8f98: ebfff17a bl 5588 <__data_start+0x5588> 8f9c: e1a05000 mov r5, r0 =phys addr. of mmu table 8fa0: e59f00f8 ldr r0, [pc, #f8] ; (a003bffc) 8fa4: e1a08000 mov r8, r0 =stack pointer? 8fa8: e59f010c ldr r0, [pc, #10c] ; (90008fb4) 8fac: ebfff175 bl 5588 r0 = a0008fb4, r1 = ??, r2 = ??, r3 = ??, r5 = a000541c, r7 = 0x40000, r8 = a003bffc 8fb0: e1a0f000 mov pc, r0 jump to 0xa0008fb4 GRR. stupid red herring. bastards. 8fb4: ebfff4b2 bl 6284 6284: e3a00b01 mov r0, #1024 ; 0x400 6288: e3a01322 mov r1, #-2013265920 ; 0x88000000 628c: ee071fb2 mcr 15, 0, r1, cr7, cr2, {5} 6290: e2811020 add r1, r1, #32 ; 0x20 6294: ee071fb2 mcr 15, 0, r1, cr7, cr2, {5} 6298: e2811020 add r1, r1, #32 ; 0x20 629c: ee071fb2 mcr 15, 0, r1, cr7, cr2, {5} 62a0: e2811020 add r1, r1, #32 ; 0x20 62a4: ee071fb2 mcr 15, 0, r1, cr7, cr2, {5} 62a8: e2811020 add r1, r1, #32 ; 0x20 62ac: e2500004 subs r0, r0, #4 ; 0x4 62b0: 1afffff5 bne 628c <__data_start+0x628c> 62b4: e1a0f00e mov pc, lr 8fb8: e3a00000 mov r0, #0 ; 0x0 8fbc: ee070f9a mcr 15, 0, r0, cr7, cr10, {4} 8fc0: e59f00dc ldr r0, [pc, #dc] ; (b0040400) 8fc4: e5900000 ldr r0, [r0] 8fc8: e3a00000 mov r0, #0 ; 0x0 8fcc: ee070f17 mcr 15, 0, r0, cr7, cr7, {0} 8fd0: ee080f17 mcr 15, 0, r0, cr8, cr7, {0} 8fd4: e3a000d3 mov r0, #211 ; 0xd3 8fd8: e121f000 msr CPSR_c, r0 8fdc: e59f10c4 ldr r1, [pc, #c4] ; (00001079) 8fe0: ee011f10 mcr 15, 0, r1, cr1, cr0, {0} 8fe4: e1a00005 mov r0, r5 8fe8: e1a0d008 mov sp, r8 8fec: e59f30b8 ldr r3, [pc, #b8] ; (a0040000) 8ff0: e3a040c8 mov r4, #200 ; 0xc8 8ff4: e59f50b4 ldr r5, [pc, #b4] ; (a0040400) 8ff8: e0844005 add r4, r4, r5 8ffc: e3570000 cmp r7, #0 ; 0x0 9000: e3a01079 mov r1, #121 ; 0x79 9004: e3a02078 mov r2, #120 ; 0x78 9008: ee011f10 mcr 15, 0, r1, cr1, cr0, {0} 900c: ee012f10 mcr 15, 0, r2, cr1, cr0, {0} 9010: e1a0f007 mov pc, r7 The JUMP TO LIGHTSPEED!!! 531c: e3a00000 mov r0, #0 ; 0x0 5320: e28dd008 add sp, sp, #8 ; 0x8 5324: e8bd8000 ldmia sp!, {pc} 53e8: e3a00000 mov r0, #0 ; 0x0 53ec: e28dd020 add sp, sp, #32 ; 0x20 53f0: e8bd8070 ldmia sp!, {r4, r5, r6, pc} 5198: e3500001 cmp r0, #1 ; 0x1 519c: 1a000000 bne 51a4 51a0: eaffffe9 b 514c 51a4: e59f001c ldr r0, [pc, #1c] ; (Fatal error, looping!) 51a8: eb0008e1 bl 7534 51ac: e59f1010 ldr r1, [pc, #10] ; (90002370) 51b0: e59f3008 ldr r3, [pc, #8] ; (90049cc0) 51b4: e5930020 ldr r0, [r3, #32] 51b8: eb000854 bl 7310 51bc: eafffffe b 51bc (*infinite loop*) 51c0: 90049cc0 andls r9, r4, r0, asr #25 51c4: 90002370 andls r2, r0, r0, ror r3 51c8: 90002384 andls r2, r0, r4, lsl #7 51cc: e3a00003 mov r0, #3 ; 0x3 51d0: e1a0f00e mov pc, lr =========================================================================== 520c: e92d4000 stmdb sp!, {lr} 5210: e59f0018 ldr r0, [pc, #18] ; (90049cc0) 5214: e59f1010 ldr r1, [pc, #10] ; Checking PCMCIA 5218: e5900020 ldr r0, [r0, #32] 521c: eb00083b bl 7310 5220: eb001540 bl a728 5224: e3a00003 mov r0, #3 ; 0x3 5228: e8bd8000 ldmia sp!, {pc} =========================================================================== 51d4: e92d4000 stmdb sp!, {lr} 51d8: e59f0028 ldr r0, [pc, #28] ; (90049c0c) 51dc: e3a01001 mov r1, #1 ; 0x1 51e0: e5801000 str r1, [r0] 51e4: e59f0018 ldr r0, [pc, #18] ; (90049cc0) 51e8: e59f1010 ldr r1, [pc, #10] ; Image Download via PPFS 51ec: e5900020 ldr r0, [r0, #32] 51f0: eb000846 bl 7310 51f4: eb00101d bl 9270 51f8: e3a00003 mov r0, #3 ; 0x3 51fc: e8bd8000 ldmia sp!, {pc} =========================================================================== 51cc: e3a00003 mov r0, #3 ; 0x3 51d0: e1a0f00e mov pc, lr =========================================================================== 5234: e3a00003 mov r0, #3 ; 0x3 5238: e1a0f00e mov pc, lr =========================================================================== 5234: e3a00003 mov r0, #3 ; 0x3 5238: e1a0f00e mov pc, lr =========================================================================== 5244: e92d4000 stmdb sp!, {lr} 5248: e59f0020 ldr r0, [pc, #20] ; (90049cc0) 524c: e59f1018 ldr r1, [pc, #18] ; (Check BIN in ROM) 5250: e5900020 ldr r0, [r0, #32] 5254: eb00082d bl 7310 5258: e3a00102 mov r0, #-2147483648 ; 0x80000000 525c: e3800701 orr r0, r0, #262144 ; 0x40000 5260: eb0015a1 bl a8ec a8ec: e92d4030 stmdb sp!, {r4, r5, lr} a8f0: e1a05000 mov r5, r0 a8f4: e59f4050 ldr r4, [pc, #50] ; (90049c80) a8f8: e59f0048 ldr r0, [pc, #48] ; (9000a8ac) a8fc: e1a01005 mov r1, r5 a900: e5840000 str r0, [r4] a904: e3a00000 mov r0, #0 ; 0x0 a908: e5840004 str r0, [r4, #4] a90c: e59f0030 ldr r0, [pc, #30] ; BOOTLOADER (ROM): Looking for .BIN image in ROM at %Xh a910: ebfff307 bl 7534 a914: e59f0024 ldr r0, [pc, #24] ; a940 a918: e5805000 str r5, [r0] a91c: e1a00004 mov r0, r4 a920: eb0004d7 bl bc84 find .BIN image? a924: e1b03000 movs r3, r0 a928: 0a000008 beq a950 if found, goto a950 a92c: e59f0008 ldr r0, [pc, #8] ; BOOTLOADER (ROM): No .BIN image found in ROM a930: ebfff2ff bl 7534 a934: e3a00008 mov r0, #8 ; 0x8 a938: ea000012 b a988 return(8) a93c: 90003df4 strlsd r3, [r0], -r4 a940: 900498a4 andls r9, r4, r4, lsr #17 a944: 90003e24 andls r3, r0, r4, lsr #28 a948: 9000a8ac andls sl, r0, ip, lsr #17 a94c: 90049c80 andls r9, r4, r0, lsl #25 a950: e59f003c ldr r0, [pc, #3c] ; (90048048) a954: e5900000 ldr r0, [r0] a958: e3500000 cmp r0, #0 ; 0x0 a95c: 159f002c ldrne r0, [pc, #2c] ; (90048020) a960: 15901000 ldrne r1, [r0] a964: 159f0020 ldrne r0, [pc, #20] ; (90049cc0) a968: 15900020 ldrne r0, [r0, #32] a96c: 1bfff267 blne 7310 a970: e1a00004 mov r0, r4 a974: eb0004d6 bl bcd4 a978: e1b05000 movs r5, r0 a97c: 05940010 ldreq r0, [r4, #16] a980: 0b0005a8 bleq c028 c028: e92d4030 stmdb sp!, {r4, r5, lr} c02c: e1a04000 mov r4, r0 c030: ebffe554 bl 5588 virt_to_phys() c034: e1a05000 mov r5, r0 c038: e59f0054 ldr r0, [pc, #54] ; BOOTLOADER: Download to RAM successful! c03c: ebffed3c bl 7534 c040: e59f0048 ldr r0, [pc, #48] ; Jumping to ram image at %Xh (Phys: %X)... c044: e1a02005 mov r2, r5 phys_addr c048: e1a01004 mov r1, r4 virt_addr c04c: ebffed38 bl 7534 <__data_start+0x7534> c050: e5943008 ldr r3, [r4, #8] c054: e5942004 ldr r2, [r4, #4] c058: e5941000 ldr r1, [r4] c05c: e59f0028 ldr r0, [pc, #28] ; Instruction 0=%Xh, 1=%Xh, 2=%Xh c060: ebffed33 bl 7534 <__data_start+0x7534> c064: e3a00cea mov r0, #59904 ; 0xea00 c068: e3800060 orr r0, r0, #96 ; 0x60 r0 = 0xea60, r1 = *r4, r2 = *r4+4, r3 = *r4+8, r4 = virt, r5 = phys c06c: ebfffa49 bl a998 a998: e24dd004 sub sp, sp, #4 ; 0x4 a99c: e3a0332a mov r3, #-1476395008 ; 0xa8000000 a9a0: e383360e orr r3, r3, #14680064 ; 0xe00000 a9a4: e58d3000 str r3, [sp] a9a8: e59d3000 ldr r3, [sp] a9ac: e5931010 ldr r1, [r3, #16] a9b0: e3a03c75 mov r3, #29952 ; 0x7500 a9b4: e38330f6 orr r3, r3, #246 ; 0xf6 a9b8: e0030390 mul r3, r0, r3 a9bc: e08106a3 add r0, r1, r3, lsr #13 a9c0: e1500001 cmp r0, r1 a9c4: 2a000003 bcs a9d8 <__data_start+0xa9d8> a9c8: e59d3000 ldr r3, [sp] a9cc: e5933010 ldr r3, [r3, #16] a9d0: e1530001 cmp r3, r1 a9d4: 8afffffb bhi a9c8 <__data_start+0xa9c8> a9d8: e59d3000 ldr r3, [sp] a9dc: e5933010 ldr r3, [r3, #16] a9e0: e1530000 cmp r3, r0 a9e4: 3afffffb bcc a9d8 <__data_start+0xa9d8> a9e8: e28dd004 add sp, sp, #4 ; 0x4 a9ec: e1a0f00e mov pc, lr c070: ebffe84c bl 61a8 61a8: e92d4000 stmdb sp!, {lr} 61ac: e59f0018 ldr r0, [pc, #18] ; OEMhooks: PlatformPreLaunch... 61b0: eb0004df bl 7534 <__data_start+0x7534> 61b4: e59f000c ldr r0, [pc, #c] ; (a9200018) 61b8: e5903000 ldr r3, [r0] 61bc: e3833008 orr r3, r3, #8 ; 0x8 61c0: e5803000 str r3, [r0] 61c4: e8bd8000 ldmia sp!, {pc} c074: e59f300c ldr r3, [pc, #c] ; (b0040364) c078: e1a00005 mov r0, r5 c07c: e5835000 str r5, [r3] c080: e8bd4030 ldmia sp!, {r4, r5, lr} a984: e1a00005 mov r0, r5 a988: e8bd8030 ldmia sp!, {r4, r5, pc} 5264: e3a00003 mov r0, #3 ; 0x3 5268: e8bd8000 ldmia sp!, {pc} ===========================================================================