@tabsize 4 @subject TT @node "Digger V8" Digger v8.1 ====== ==== august 2013 v8.1 History MagiC & MiNT quick-tips Features Mark Naming Bookmarks Comment Configuration in a non modal dialogue menu Window-menu Journal-menu volatile-journal clock mouse keys Errors M68K processors Werken met de disassembler Achtergronden In this manual TTD stands for all incarnations of Digger. (c) 1985 - 2011 by Han Driesen & Henk Robbers The Netherlands. (Some more talkative sections are still in Dutch. But this will change.) @endnode @node History @alias "august 2013" "v8.1" august 2013 v8.1 Extended 'Output preamble' to 5 lines (all optional via button). NB! a * is no longer added in front. Fixed a strcpy error in the 'minmiconsole'. (destination pointer vs array). Window dialogues; On some environments the mouse could disappear when clicking a button. Not fixed, but a workarond (v_hide_c(hl, 1) added. New config keyword (and field in configure window): copr= comment prefix. Fixed a bug where Digger crashed on long labels and not 'labels on separate lines' configured. In operands: a scale factor of 1 is silently accepted and ognored for all CPU types. june 2011 v8 Coldfire support. ================= Name abreviated to "Digger". Fixed a bug in fmove.l #data, FPcr. Fixed a bug with int set to size 4. New menu entry in menu title Goto 'dc.w in text ' Go to the next dc.w in the text segement. It is about a dc.w due to disassembly failure, not the result of a 'data' mark. dc.w in text due to disassembly failure are displayed in bold red. august 2006 v7 ù Machines: Implementation of MC68020 & MC68851 Machine menu choices are now complete and behave like radio buttons. 68020 is special, because it is the only machine that can be combined with a 68851. ù Configuration: Completely changed and massively improved. The improvements justified the choice of not trying to keep compatability with pre 7 config files. It is now very easy to recreate configurations. So remove any existing configuration files from your system. If you have FILE= entries in .IDX files, use a editor for removing those entries keeping the other sections alive. TTD has been completed with a configuration window dialogue. No need anymore for handcrafting the configuration-file. Configuration is also localized. A local configuration covers everything configurable. The local configuration is saved for each object open at close down or at each closed object in the .IDX file, or separate in the .IDF file when 'sidf' option is active. ù Supported formats: The DRI format produced by the GFA compiler is now supported. It uses a shorter form of relocation information. ù Some bugfixes v6.4 ù Fixed the rare case where a Pure C fixup step is larger than 0x01000000 bytes. Fixed a bug in handling DRI objects involving PC.W relative external names. october 2002 v6.3 ù Read a TOS image from a file. New main menu entry "Tos .IMG ..." ù Improved (and repaired) detection of TOS 1.x lineF abuse. april 2001 v6.2 ù TOS's > v4 are 512Kb ù The calcuated PC for addressing modes containing PC relative base displacement were 2 bytes too far. (N.B.!! PASM does it wrong!!) ù tst can have all addressing modes for the whole 68000 family. (The '*' line for tst in mc68K.txt) ù If machine is 68000, no PC relative labels are generated for instructions not available. february 2000 v6.1 Thanks to Ronald Andersson, who is able to stress TT-Digger to its limits. :-) ù Some bug fixes. ù Bookmarks. ù R List of all references to a certain location. ù New config keyword: 'lbnl' every label on a seperate line It is connected to a new window options menu entry (F11) 'sidf' save cfg info per file at closure. 'kpre' specify bookmark prefix. ù If one tries to give a name or comment to a location that is already occupied, you can edit or erase it. ù When you put a spurious '*' or ';' in front of a comment, it is written to a seperate line before the location for which it is meant. ù If you do the same for a bookmark text, it is not displayed as a label, but as a comment, although it is still a bookmark. ù Removed the 'want to see' dialogue for extra bytes debug information. Instead there is a entry in the 'goto' menu, so you can go to this info anytime you want. july 1999 v6 ù At last! full MC68040 and MC68060 support. Didnt change name to HADES-Digger nor MILAN-Digger though. :-) ù Small adaption to absolute word addressing mode: for DevPac users. ù Some innocent bugs killed. ù New config keywords 'wabx' sign extend 16 bit absolute operands to 32 bit on output 'dirw' seperate .w control for data statements 'equa' actual text for the equ statement 'namA' file with globally available names for absolute operands 'incA' specify a include file name for the above 'inct' specify a template for the include statement 'gnco' specify lines of comment or other around the 'gnce' global include cq. equates. 'lnco' As above, but for the local one. 'lnce' 'dblf' fpx vs fpx,fpx if the same register ù Dangerous bug killed. ù Generalization of "Absolute word" names to both absolute word and long. (Addressing modes 70 & 71). Thanks go to Ronald Andersson for his suggestions, and his helping me with DevPac support. ù Automatic loading of index file, when present. No more asking. ù In addition: new menu entry 'Unload Index' :-) februari 1999 v5.4 Reactions on the publication of this program on the net inspired me to implement a feature that I was missing myself for a long time: ù Marking program counter relative jump tables. If these displacements are not part of a instruction but are standing alone there is no easy way to recognize them. Switch statement implementation is very very implementor defined. TTD needs help from the user. ù In addition: Menu option to find indirect 'jmp's and 'jsr's Further: ù A minor rearrangement of the window menu. ù Giving names to "Absolute word" references. Ronald Andersson already did 'sysvars.ra' :-) ù Give names to standard labels. See Naming. ù Add a short comment to an address. ù After a console action the actioned window is topped again. ù Removed restriction to label field of mouse placement for selecting. These made a totally new format of the indexfile necessary. Old format indexfiles can be read, but not written. november 1998 v5.3 - Translate the manual into sort of English. Because my native language is Dutch I will gracefully accept criticism on my English. - Probloms with Find alleviated. - Some minor corrections. april 1997 v5.1 To preserve TTD for future generations it was necessary to rewrite it in C. It now becomes in essence portable to other systems and, more important, it was becoming real big. I myself hate Basic dialects. If a Basic program gets larger than a A4 page you better switch to a proper programming language before it is too late. - Option to get rid of the epidemic use of hexadecimal - Structured data make it easier to program for more than 1 window - User interaction via a journal/console - Full usability in a multitasking environment - Use of a resource file makes it multilingual (English for now) - Standard menu shortcuts for standard menu actions (non standard shortcuts for specific actions :-) ) - Thanks to Harald Siegmund's NKCC the keyboard is now automaticly language independant - Small menu bar and menu's in window's - Flexible memory management. Everything is dynamic, not a single fixed length table. Makes use of PPU2O possible. The only restriction is the total amount of memory in the machine. (for those who dont use OUTSIDE or VRAM). The program is now "state of the art". It has been tested on a TT030 with TTM194 as well as NOVA 16M VME videocard in all possible resolution. It even runs on a 1040 via scart cable connected to a television set. !!!!!!!!!!!!!!! If used to debunk the TOS of an emulator on a non M68K machine all kinds of unpredictable things may happen. !!!!!!!!!!!!!!! versions 4 november 1996 - Still in GFA & single window. - Window movable & sizeble. - MC68030 instructions & addressing modes. - MC68881/2 instructions (line F) - optional window attributes. - hardware independant screen handling. - change name to TT-Digger TTD is a superset of ST-Digger. It still runs on a 1040 but will use some 25% more memory than versions < 4. versions < 4 - The program was called "ST-Digger" and was written in GFA basic by Han Driesen. It didnt run in resolutions > 640 and used only 1 window of fixed size. It did only M68000 instructions and addressing modes. This version dates back from 520ST & GFA basic version 1. The very fast methods the program uses are all credit to the original author Han Driesen. Henk Robbers Amsterdam. @endnode @node quick-tips ù Jump to a address by a click on a address, label, or operand. ù Use CNTRL click on a label or operand to find references to that label. ù Use selection to mark large chunks as code, byte, word or long without stopping at labels. (which the other marking methods do). ù Dont hesiatate to press F5 or F6 after marking data. Spurious labels will disappear. ù If in a small object a label 'LEA' occurs use decimal (F19). ù You can erase a name or comment by just pressing ESC follwed by ENTER/RETURN. ù NEW v6: Use selection and to mark pc relative jump tables. (often produced by a 'switch' statement or alike). Use ALT J to find indirect JMP or JSR instructions. ù Use ALT N to give names to absolute operands. Use to give names to standard labels. ù NEW v6.1: Use or K to create a bookmark at mouse position. You can quick go to bookmarked location: press F10 which lists the bookmarks in the journal, then click on one of them in the journal. @endnode @node Features ù Reliable universal interactive disassembler. ù Full M68K range of processors. ù Fully menu and mouse controlled. ù Fully GEM conform. ù Output to screen and file. ù Exhaustive check on validity of addressing modes. ù Superfast label generation. ù Label generation works for very large programs. ù Label generation uses fixup and relocation info. ù Interactive (with the mouse) tracking of jumps and references. ù Backtracking of pages (UNDO) to a depth of 256. ù Disassembly "on the fly" per page of screen. ù Fast searching methods for hex patterns, text and references. ù Commented header information at the start of the listing. ù Distinction between labels in TEXT, DATA and BSS segments. ù Recognition of GEMDOS, BIOS, XBIOS and line_A calls. ù Access to TOS in ROM or RAM. Recognition of line_F abuse by TOS 1.0 ù Access to the Cartridge port. ù Access to disc sectors (Floppy, harddisc as well as RAM disc's). ù Recognition of executable boot sectors (virus checking). ù Recognition of incorrect program or object file format (link virus). ù Output adaptable to different assemblers (GST, HISOFT, GFA, MCC, MAS, PASM, DevPac etc.). ù Labels in the BSS segment. ù Mark data in the TEXT segment. ù Distinctive marking of .B, .W en .L data. ù Distinctive marking of 16 bit pc relative jump tables. ù Quickly go to references via a click in the journal. ù Quick find indirect jmp's and jsr's. ù Marking as data and jump table is recognized by the label generator. ù Attaching a short comment to the address of a line. ù Permanently store data markings, new names, bookmarks and comments in an index file. ù Naming unrelocated absolute operands. ù Naming standard labels. ù Bookmarking interesting places. ù Fully incorporating symbol tables if present. ù Both DRI and Pure C object files implemented. ù Long names in DRI symbol tables recognized ($48 in low byte of symbol type). ù Smoothly call PPU2O for Pure Pascal units. ù Locality by using menu's in windows. ù Interaction with the user via a journal/console. ù Resume mode. Restart opens previous opened files. @endnode @node "non modal dialogue" @alias localized The configure dialogue window can be kept open all the time. The window remembers the last topped window and if this is a disassembly window, its name is put in the info line. Always check this line when you try to configure a disassembly. If no disassembly window could be detected, the info line displays "on Defaults". The default configuration is the one that is used for every newly opened object having no .IDX or .IDF file. !! So the info line always tells you what you are actually configuring. !! @endnode @node menu @alias menu-items THE MENU BAR ù TTD_6 The usual entries such as copyright information and accessories if present. ù File (main) ù Window See Window-menu. @endnode @node "File (main)" File title in main menu. ======================== The choices are: Open, Disc, RAM, ROM, Tos image, Cartridge, Use-PPU2O, Quit. @endnode @node Open Open entry in the File title of the main menu. ============================================== ù Open.ext ... Asks the user to denominate a file by displaying the current file selector. Reads a complete file in memory. Executable or object files are recognized from content. If inconsistencies are found, special action is abandoned and the file is treated as a data file as a whole, especially symboltables, fixup and relocation info become part of the data. Independant of content the display is started in assembly mode. So you can almost immediately see if it is intended as code or not. if not, just apply F2. If there exists a file with the same name as the input in the same directory but with extension .IDX the user is asked if this file should be loaded (The IDX file is supposed to be produced by TTD in previous runs and contains the data markings of that run). Pure_C files may contain debug info, this is recognized. If a program file contains extro bytes after relocation and debug info, this is recognized too and can be displayed seperately. (link virus?). @endnode @node Disc Other entries in the File title of the main menu. ================================================= ù Disc ... Reads consecutive sectors from disc. TTD asks for drive, offset and first & last sector numbers. Offset is used as a address origin for addressing. If the range starts with sector 0 (the boot sector), its checked for executability. @alias RAM ù RAM ... Reads normal memory. TTD asks for a start and a end address. The start address is also address origin. If one of the addresses specified are below abbsolute address $800, TTD makes a copy of the complete area $0 to $800 and uses that copy. This area is otherwise only available in supervisor mode, and TTD doesnt want to run in supervisor mode for more then the time to make that copy, @alias ROM ù ROM Reads the ROM's. More specifically: read the operating system that is normally placed in ROM. TTD knows what can be expected in the ROM's by inspecting the OS_header information and acts accordingly. Especially the addressing space of the OS, so no parameters are needed. @alias "Tos image" ù Tos .IMG Read a TOS image from a file. It must be a simple image, no binary program format. The base address is determined from file size. <= 192*1024: 0xfc0000 > 192*1024: 0xe00000 @alias Cartridge ù Cartridge TTD reads memory from $FA0000 upto $FC0000 (The cartridge address space) If no cartridge is present you'll get rubbish. @alias Use-PPU2O ù Use PPU2O Via the file selector TTD asks you to locate the program PPU2O.TTP. If location is successfull the program is automaticly executed each time a Pure Pascal unit (.PPU) is opened. @alias Quit ù Quit All windows are closed and TTD is terminated. see also Close. @endnode @node Window Various general options. ======================== ù font -> small/large 8 If the system font is 10 or more points switches to half height and back again. (This should really be in the window menu: so there are some remember difficulties. But it is still usable.) ù Tile T Distributes all the window over the dektop such that no windows overlap. ù Overlap V The opposite of tile. Puts all the windows at near maximum size on the desktop each 8 horizontal and 8 vertical pixels displaced. ù Cycle windows ^W Viz. ù Configure ^X The configure non modal dialogue is opned in a window ready for adjustment. ù Config with object When checked, the configuration is written with the object file in a file with name of objectfile but extension .IDF Unless a indexfile is saved, in which case the configuration is prepended to the index file. (config keyword 'sidf') ù Auto save config When checked, writes .CFG file at quit. ù ST-GUIDE HELP When ST-GUIDE.ACC loaded: this manual. @endnode @node Window-menu De window menu bar exists only in a disassembly window and is active only if on top. Because it is easy to touch them be accident, menu's are dynamically popped if the mouse leaves them. The choices are: File (window), Goto, Find, Mark, Do, Look, Options @endnode @node "File (window)" File title in de Window-menu bar ================================ ù Save as ... Writes the whole file to disc in the mode indicated by the function keys. (F1 - F19) To save space, tab's are used where possible. If a selection is made (mouse is a cross!) only selected lines are written. When options F3 and F5/F6 the Hex+ASCII part is preceded by a semicolon thus making it comment. In the fileselector a extension is suggested: .S if the ouput will be suitable for assembly. .DMP if the output is Hex+ASCII only (F2). .ASX in all other cases. If all is agreed output is started. You can interrupt the output (it may take megabytes!) by pressing simultaneously CNTR/LSHFT/ALT. ù Load index ... Read and apply index file. A index file (.IDX) contains previously data markings. This must be a file previously saved for the same input file by Save Index. V 5.4: A index file saved by a previous version can be read, but not made. ù Save index ... Save all marking information to disc. ù Unload Index Remove all markings from memory, and redraw the page. ù Close Close the file and window and delete all of it from memory. If data markings have been made that are not yet saved TTD will ask you if that has to be done. if you answer 'y' its done. @endnode @node Goto Self explanatory are: ù Home HOME ù End HOME ù Extra info Z ù Last page UNDO ù PC-2 <> ù PC+2 <> ù Start sel. ^ ù End sel. ^ ù Next Page <> ù Same Page <=> ù Prev. Page <> ù dc.w in text Because TTD disassembles each page on the fly (that's why it is fast), it does not know where the previous page started (variable length instructions!), so it goes back a number of bytes roughly derived from the window's height. It is possible that the new top line starts in the middle of a instruction (indicated by nonsense insts or dc.w). Use <> to align it. It is also possible to use UNDO. When options 'labels' or 'symbols' (F5/F6) are on, TTD will often find a label thats in the neighbourhood of the calculated position. @endnode @node Find ù Address ... Advance to a given address. The miniconsole asks for the address. You can give the address in the following ways: - name if option 'symbols' (F6) is on. - label if option 'labels' (F5) is on. (symbols imply labels) allways: - hexadecimal by preceding it by a '$' or the prefix you have put in the configuration with keyword 'hexa'. p.e. hexa=0x - decimal Clicking on a name, label or address has the same effect. ù " back Go back to address which you entered last ù Hex code ... Find (absolute) hex pattern. Input via miniconsole. (no hex prefix need be input) ù " next ^H Find the next occurrence of the hex pattern. ù Text ... Find ASCII string. Input via miniconsole. ù " next ^T Find the next occurrence of the string. ù Reference ... Search for a reference to a given name, label or address. Input via miniconsole: see above (Address ...). The action is the same as CNTRL click The search starts at the beginning of the current page and is cyclic. ù " next ^R Find next reference. This works of course also after CNTRL click. ù " list R Make a list in the journal of all the occurrences of a reference which you specified by pressing or by CNTRL click. click in the journal and TTD will show you the ref in its context. ù JMP/JSR (...) J From the top of the page onwards, find the next indirect JMP or JSR instruction. Indirect means: addressing modes 2r,5r,6r and 73. or (An), d(An), d(An,Xn) and d(PC,Xn) ù Bookmarks F10 List all the bookmarks in the journal. click in the journal on the bookmark mesaage and TTD will go to the page of the bookmark. @endnode @node "jump table" @alias "jump tables" Marking of jump tables ====================== This menu entry cannot be used in the normal way, the mouse would allways be in the wrong place. You first place the mouse and than use the key. Marking is only possible if options 'Labels' or Symbols' (F5/F6) are used. The jump table marking works only on a selection. You will notice stuff within the text segment that does not look like good instructions. This stuff often follows the instruction sequence: (Pure C) move lnnnn(pc,d0),d0 jmp lnnnn(pc,d0) select and mark as 'w' until you are satisfied. There is no general rule for this (at least not easy). If you are going to use this part of TTD, I suppose you have insight in M68K assembler and compilers. If you think you have got all of the 16 bit displacements selected, than just press and lo and behold: all entries are changed in the folowing: Xiiii: dc Lnnnn-Xiiii dc Lmmmm-Xiiii ..... etcetera where nnnn, mmmm ... are the labels at which the displacements are supposed to point to, and iiii is the start label of the table, that is the first line of a particular selection. pressing again will erase the marking, so you can change the selection and try a better one. Then press F5 or F6 to make it permanent. You will notice that quite a few loose entries in the program or object have now got a decent label attached to it. :-) And that's what this is all for. If you know a compiler that generates 32 bit pc relative tables, please let me know. Henk Robbers. @endnode @node Do @alias selection Naming comment Selecting ========= Place the mouse on a line and press or . at least this line is selected, the mouse changes to a cross. Place the mouse on another line (possibly after scrolling or finding or whatever) and press or . Everything between those lines will be selected. The program will exchange the and addresses if the latter is lower. To just deselect press . Naming ====== Absolute operands: /* 70 and 71 */ press ALT + N The console responds with "absolute name: enter address=sequence" followed by a previous entered address=sequence enter what is required and press ENTER/RETURN or cancel by pressing UNDO. sequence is a mere character string that may contain () + - _ letters and digits NO syntax check is made; TTD leaves it to you. suffix .w sign extends the value from 16bits to full 32 bits. exemples: 44=line_F_vec $8606.w=DMA_fifo $8900.w=Snd_dma_contrl $8901.w=(Snd_dma_contrl+1) $fa40.w=fpu_CIR $ff8606=crippled_DMA_fifo $fa0000=cartridge $fffa0000=Cartridge $1000000=TT_ram N.B. These names CAN NOT override names defined in the object itself. Standard label: Place the mouse on a label and press . The console responds with "Name that label!!" followed by nnnn= where nnnn is the address of the label. Enter the name and press ENTER/RETURN or cancel by pressing UNDO. You can erase a name by just pressing ESC follwed by ENTER/RETURN. This is the same as sending a empty reply. Note: A name for a label to which no references exist will disappear from the display after a label generation. It will however not disappear from the index. So after subsequent marking it is possible that the name will reappear again. Comment ======= Place the mouse on the line to which you want to attach a comment and press . The console responds with "enter a comment" folowed by nnnn: where nnnn is the address of the line. Enter a small text and press ENTER/RETURN or cancel by pressing UNDO. You can erase a comment by just pressing ESC follwed by ENTER/RETURN. This is the same as sending a empty reply. A comment or name is truncated to 31 characters. You can configure a comment prefix in the configuration dialogue. The default prefix is ; There is no need anymore for having a comment prefix in the comment dialogue (miniconsole). However, if you have ';' or '*' as first character in your comment, no prefix is prepended by Digger. If no or never a comment prefix is configured, Digger assumes ';'. @endnode @node Mark @alias marking marked "data markings" fixup relocation Marking of data areas ===================== This menu title cannot be used in the normal way, the mouse would allways be in the wrong place. You first place the mouse and than use the keys. Marking is only possible if options 'Labels' or Symbols' (F5/F6) are used. TTD knows 4 kinds of data representation. - executable machinecode at least 2 bytes. - byte data: 8 bits dc.b - word data: 16 bits dc or dc.w - long data: 32 bits dc.l To mark a specific representation, place the mouse in the label or operation field and press: Lower case for 2 resp 4 bytes: : for 2 bytes of code (if 2 bytes are not enough repeat this for subsequent lines until you are satisfied) : for 2 seperate bytes : for 1 word : for 1 long A region that is marked as 'w', can be marked as jump table in addition. If fixup or relocation information indicates that on a certain position a long address is defined, marking cannot disguise that. Lines will always be split up such that a dc.l can be maintained. Upper case: Act the same as above for all bytes up to the next label. with ALTERNATE: the above keys can be combined wit ALT. In that case the marking is repeated until a already existing mark is detected that is different from the one applied. A selection is on: You dont need ALT or SHIFT, all selected bytes get the new marking with respect to what is mentioned for fixup and relocation info. Selection offers you the best of ALT & SHIFT. When a selection is scrolled out of sight you can detect the fact by looking at the mouse pointer, its a cross. Use ^ or ^ to get the selection in sight again. N.B. The selection is kept if you switch to F2 (Hex+ASCII), especially the start and end addresses, although a whole line is inverted. Selecting in F2 selects the whole line. If that is too much you can switch to F1/F3 and use and to correct it. You cannot mark code in the data segment. However if that code is held from the start of the data segment onward, you can move the start of the data segment (temporarily) up or down with the menu option "DATA range". @endnode @node Bookmarks @alias bookmark Bookmarking Bookmarking =========== Place the mouse on the line for which you want to create a bookmark. Then press This will register the chosen address as 'bookmarked' You can combine a bookmark with a comment by pressing K Enter the comment in the journal. Preceding a bookmark comment by a ';' or a '*' will leave the bookmark label format out, but it will still be a bookmark. You can specify a bookmark prefix in the configuration. A bookmark label looks the same as all labels, except for the prefix. Press F10 to get a list of all the bookmarks in the journal, ready for clicking. @endnode @node Look How do you want the information look like. Selected options are 'ed. @alias Opcodes F1 ù Opcodes F1 Show assembly only. @alias "Hex+ASCII" F2 ù Hex+ASCII F2 Show HEX & ASCII only. You can denominate a character to represent hex(00). see 'invi'. @alias "Opcodes+Hex+ASCII" F3 ù Opcodes+Hex+ASCII F3 Show assembly together with ASCII & HEX representation. You can denominate a character to represent hex(00). see 'invi'. @alias Standard F4 ù Standard F4 Show only addresses (no labels or symbols). Each line has an address in the label field. This form is not suitable for assembly. No label generation is executed at first; you decide. @alias Labels F5 ù Labels F5 Scan the object for possible labels en remember them. Redisplay. Scanning is only performed at first time and when marking has changed. On a TT030, cache on and TTD running in TT-ram, generating labels for TOS 3.06 with full MC68030 and MC68882 set takes a fraction more than 1 whole second. :-) In this mode the resulting output is fully suited for assembly (if you didnt mess up the configuration). If you do not let your assembler perform optimizations the resulting object file should be bit by bit the same. Labels consist of a letter followed by the address in the current number representation (hex or decimal). The letter is - 'L' for labels in the TEXT segment. - 'T' for labels in the DATA segment. - 'U' for labels in the BSS segment. - 'X' for labels marked as data in the TEXT segment. Hex labels are all the same length. This length is determined by highest address. If in a small object a label 'LEA' occurs, use decimal. (Originally 'R' was used in stead of 'L', but this clashed heavily with PASM where R0 to R15 meant registers D0-D7,A0-A7). Object files and program files have all a lowest address (the origin) of zero. Other files or RAM need a origin, which is asked for. When a operand points below the origin its displayed as L0-disp. When a operand points above the BSS segment its displayed as L0+disp. In case of ROM, RAM, executables without symbol table, or files not recognized as code, all longs are checked against origin and limit. If they fall within they are marked as reference and hence produce a label. @alias Symbols F6 ù Symbols F6 Only when there is symbol table or name information. TTD is shipped with a symbol table for global names. Try and see. All linkable objects have one. Wherever possible a label or reference is replaced by its name. At what information do you want to look. @alias "File Info" F7 ù File Info F7 Writes information about the loaded object to the journal. @alias "Symbol Table" F8 ù Symbol Table F8 Writes symbol table information to the journal. (The journal can be saved to a file). @alias "DATA Range" F9 ù DATA Range... F9 Unfortunately some compilers put all the data in the text segment. Use this to (temporarily) fix this. Use it for saving assembly. It is not kept in the configuration. @endnode @node Options @alias F10 F11 F12 F13 F14 F15 F16 F17 F18 F19 ù Coldfire V4e F10 Recognize Coldfire V4e instructions and addressing modes. When changed: regenerate labels and redraw the page. ù MC68000 F10 Recognize MC68000 instructions and addressing modes. When changed: regenerate labels and redraw the page. ù MC68020 F12 Recognize MC68020 instructions and addressing modes. When changed: regenerate labels and redraw the page. ù MC68030 F13 Recognize MC68020 instructions and addressing modes. Recognize instructions specific for MC68030. When changed: regenerate labels and redraw the page. ù MC68040 F14 Recognize MC68020 instructions and addressing modes. Recognize instructions specific for MC68040. When changed: regenerate labels and redraw the page. ù MC68060 F16 Recognize MC68020 instructions and addressing modes. Recognize instructions specific for MC68060. When changed: regenerate labels and redraw the page. ù MC68851 F15 Recognize paged memory management coprocessor instructions specific for the MC68851 (line F coprocessor id 0). When changed: regenerate labels and redraw the page. The choice of MC68851 can only be combined with MC68020 ù MC68881/2 F18 Recognize floating point coprocessor instructions (line F coprocessor id 1). When changed: regenerate labels and redraw the page. For 68040 and 68060 this refers not to a real coprocessor, but to the floating point instructions supported by either on chip code and extracode. ù Labels + nl F11 Put all labels on a seperate line. ù opword Xoooo F17 This is nice. All teachers think that computers work in "hexadecimal". Nothing is less true. (I love this idiom :-) If you want to know why a certain instruction is not disassembled, switch F3 and this option on. A Motorola opcode almost always consists of the following: B15 - B12 group: 4 bits, so in hex. B11 - B0 4 fields each 3 bits (hence octal). Now its easy to find the opcode in the books or in M68K. ù decimal F19 Change number representation, when changed: redraw the page. If it is evident that hexadecimal makes more sense, decimal is overruled. This happens for: - negative absolute word, (almost allways a IO memory mapping, because not relocatable) - highest 16M mapping on lowest 16M { (address&0xFF800000) == 0x00800000 or (address&0xFF800000) == 0xFF800000 } @alias "Use sysvars" ù Use sysvars The names read via the namA config option need not be of interest to the current loaded object. This menu entry controls the actual use of these names. If unchecked, the names are not used. If inhibited, no such names were invoked. ù 'include' sysvars This option is only applicable when a output file is being written. If checked, a 'include' statement is written according to the template given by the 'inct=' config statement, otherwise all the names are written in the output text as 'equ' statements according to the 'equa=' config statement. Both cases are surrounded by the lines of text given in the 'gnco=' & 'gnce=' config statements. @endnode @node "Configuration window" @alias Configuration ".CFG" ".IDF" config The configuration of TTD has been highly improved in version 7 It is handled by a non modal dialogue in a window. You dont anymore have to remember such extreme trivialities like keywords :-) The improvements justified the choice of not trying to keep compatability with pre 7 config files. You can start a new default configuration by deleting the existing .CFG and .CFF files, start TT-Digger and choose Configure from the main options menu or press CTRL+X. A fully moveable, sizable and scrollable window appears and you can start clicking buttons and typing texts. Make sure 'autosave config' is active. Subsequently: At start TTD tries to read the file TTDIGGER.CFG in the same directory it is loaded from. If this file is not there, sensible default values are used. When TTD is closed down, a default configuration is saved, appended by the local configurations of each object that was still open. If option 'sidf' or, in menu 'config with object' is active, the local configuration of the object is saved either in the .IDX or in a separate .IDF file. Via the configuration you can tailor the output of TTD to different assemblers. Below is a list of all config entries in the form of the older config file. Most of the keywords are stated in the dialogue as a reminder. Configuring should now be completely self explanatory. keyw=default brief description Global entries: ============== asve=true autosave: Save information on windows on files that are open when you Quit TT-digger. (TTDIGGER.CFG) sidf=true Write local configuration to separate file when a object is closed. A file is created with the name of the object file, but with extension .IDF. You can change this extension with a resource editor, because it is in the resource file. When false this information is written to the .IDX file, not automaticly though, but only when you do 'Save index'. ppuu=1 Use the program PPU2O to convert Pure Pascal units to Pure C format. ppup=filename Specify the filename of PPU2O jvol=true Journal is volatile. size=0 implement sizer fuller & mover in window vsli=0 implement vertical slider in window hsli=0 implement horizontal slider in window When you specify both sliders, you get sizer, fuller & mover as well. Before MC68020 times everything fitted in 80 bytes. But now, with full extended addressing formats and Pure C long names a line can take (in theory) more than 1K bytes. move ([xyz,a0,d0],abc),([def,a1,d1],uvw) (memory indirect preindexed with outer displacement in source & destination operand, see MC68030 2.4.10). If hslider is false and a line is too long, TTD beeps at you and puts a messege in the journal once. The line is ended with 2 arrows (as in GFA) to indicate the fact. Output to a file however will be correct. The no slider option is kept mainly for use on the original 640X400 resolution. widt=79 initial width in ch's of a window's work area; 0 = max heig=0 initial height " " " 0 = max Local or default entries: ======================== tit0= 1st preamble line written at beginning of output tit1= 2nd preamble line written at beginning of output tit2= 3th preamble line written at beginning of output tit3= 4th preamble line written at beginning of output tit4= 5th preamble line written at beginning of output tbt0=1 write 1st preamble line tbt1=0 tbt2=0 tbt3=0 tbt4=0 machines: -------- mc00=true Default 68000 addressing modes en instructions mc20=false Recognize MC68020 addressing modes en instructions mc30=false Recognize MC68030 addressing modes en instructions mc40=false Recognize MC68040 addressing modes en instructions mc60=false Recognize MC68060 addressing modes en instructions mc51=false Recognize MC68851 instructions (Line_F coprocessor id 0) mc81=false Recognize MC68881/2 instructions (Line_F coprocessor id 1) dblf=false if destination and source are the same floating point registers, display only once if dblf=false. pe: fmul fp5 in stead of fmul fp5,fp5 fsin fp7 " fsin fp7,fp7 representation: -------------- opco=1 opcodes (F1) hasc=0 hex/ascii (F2) oasc=0 opcodes + hex/ascii (F3) stnd=1 standard (F4) lbls=0 labels (F5) syms=0 symbols (F6) lbnl=true if true: every label on a seperate line xooo=true See Options deci=true Decimal <=> hexadecimal lsep=: seperation character after label kpre=BM_ Bookmark prefix; bookmarks are written like standard labels. This prefix makes them different. ille=illegal opcode voor illegal instructie (nil: use Motorola default). hexa=$ Favourite token sequence for hexadecimal representation Character visibility: -------------------- @alias invi invi=~ Favourite sign voor the invisible character 8 choices of standard character sets of which only one is set to 1 v95 =0 vger=0 vfra=0 vlat=0 vsca=0 vmat=0 vall=0 vnon=0 1 of the sets can be customized by clicking on a grid of characters. Visibility is flipflopped when clicked. vcus=1 256 flags telling which characters must be considered invisible (or unprintable) 0 = invisible, 1 = visible for convenience split into 8 * 32 example of german copied to custom: cvi0=00000000000000000000000000000000 cvi1=11111111111111111111111111111111 cvi2=11111111111111111111111111111111 cvi3=11111111111111111111111111111110 cvi4=01001000010100100000100001101010 cvi5=00000000000000000000000000000000 cvi6=00000000000000000000000000000000 cvi7=00000000000000000000000000000000 Size denominators: ----------------- sbra=.b extension for 8 bit branches (.b orf .s) wbra= extensie voor 16 bit branches (.w) lbra=.l extension for 32 bit branches (.l) NEW!! see books on MC68030 wabs=.w extension for "absolute word" (p.e. .w) wabx=0 Special for DevPac users expend absolute word ($8606 --> $ffff8606) labs=nil extension for "absolute long" (p.e. .l) word=.w extension for word operations & Xn.w register dirw=0 seperate .w control for data statements For DevPac; if true, force .w on wordsize datastatements (dc --> dc.w) Assembler directives: -------------------- text=.TEXT directive for the text segment data=.DATA directive for the data segment bss =.BSS directive for the bss segment xdef=.XDEF directive for exported symbols (globals) xref=.XREF directive for imported symbols (externals) empty: suppress listing of externals in header display comm=.COMM directive for common modu=.MODULE module directive empty: suppress 'module' mode=.ENDMOD end module directive empty: suppress 'endmod' equa=equ text of equ statement (equate== for DevPac users) Output file extensions: ---------------------- exts=.S file extension for assembly output exth=.DMP file extension for output with Hex+ASCII only extx=.ASX file extension for standard output System variables: ---------------- usys=0 1 if menu option Use sysvars is checked isys=0 1 if menu option Include sysvars is checked namA=filename Here one can specify a file containing names for absolute word operands that are then globally available (and used). Look in 'SYSVARS.RA' and you will see what it is. see also Naming. Names that are specified interactively will override names as defined in this global file. incA=sysvars specify a include file name for the above inct=include@!N specify a template for the include statement !N is replaced by the name given in 'incA' gnco=*sys_vars specify lines of comment or other around the gnce=*end include cq. equates for the global names. lnco=*loc_vars Idem for the local names, lnce=*end @endnode @node Errors Most common errors (Out of memory, Drive full) are given in form_alert boxes or in the journal. All these messages are self explanatory. Use M68K to check if a bitpattern is not disassembled for good reason. Anyone who finds an error in TT-Digger or a cryptic message please contact me. Just supply the file which you tried to disassemble. Henk Robbers. or Stichting ST. @endnode @node volatile-journal A volatile journal is closed and removed from the screen each time or or is keyed, even if no task is active. If you keep the journal window small it looks just like a dialogue box in a window. That's what everybody wants nowadays. Moreover this is the fastest way to get the subject window on top again. If you want to keep the journal what it says: a permanent record of what you have done, switch 'Volatile' option off. It is also in the config: jvol=boolean value @endnode @node journal @alias Journal-menu miniconsole task About the journal and the miniconsole ===================================== There was not much dialogue interaction. Mostly it consisted of getting rid of alert boxes with just 1 button, or just asking for 1 or 2 numbers or just answering yes or no. So I devised a simple text window with a teenytiny line editor. Gone were all the alert_boxes and dialogue panels. By nature a window is some kind of modal. (In Dutch 'modaal' or 'modal' is a very cryptic word. If you cant remember what a certain word means, it helps if you remember the opposite, so I hope that YOU know what 'non modal' means). Now the program is as modern as can be. The miniconsole is activated by selecting a appropriate menu entry or key or when the program needs interaction. If the window is not on the screen it is opened. A prompt is displayed on the last but one line, optionally followed by a line with default information or the last text keyed in. A normal flashing cursor is displayed. The title bar now shows "console". A "console task" is started. All normal edit keys can be used, the only restriction is that you cannot leave the line. The task will stay active whatever you do, topping other windows and scrolling in them, whatever you want as long as the action does not produce output to the journal, (opening another file produces console output!) in which case the task is cancelled. If a task is completed or interrupted the title changes back to "journal", so you can always see what is going on. Dont forget to top the console if you want to go on with the input. The program has only 1 single event_loop for true multi_threading operation. c.q. complete console input. The entire line is processed independant of cursor position. cancels a console task, no processing will take place. You can determine the effect of cancelling from the prompt, its default answer and the context in which you started the task. For instance: TTD asks you "Load index file ? y/n". The next line displays "yes" with the cursor on the 'y'. The window of the loaded object is already on the screen with all its content. If you key in it is obvious that no further action needs to be taken. You also can key . All questions that needs a yes or a no are satisfied by simply keying a single , , or followed by because TTD places the cursor on the first character and will look to only the first character. I let the journal menu speak for itself apart from the entry 'Volatile': See volatile-journal Keep in mind that when the journal is closed its content are lost. keys for the miniconsole: mouse for the miniconsole: @endnode @node mouse @alias click clicking "CNTRL click" Mouse for the miniconsole ========================= Use the mouse to put the cursor anywhere in the input line if a console task is active. Mouse for the digger ==================== Use the mouse in the usual way for the menu choices and activation of window attributes. With the mouse it is possible to jump to labels and find references: ù You can click on a label, name or address. If the resulting address falls within the address space of the object, lines from that address onwards are displayed. This also works in the header info lines that read: ... segment starts at ........ If it does not work for a name, the name is probably an external. ù You can move a line to the window's top by clicking in the label field of that line. ù If the display is in Hex+ASCII mode you can click anywhere in the content field. The even byte lowest to the click becomes the top of the window thereby displaying its address. You never need to count bytes anymore. ù CNTRL click on a label, name or address starts a search to the next reference to that address. It does not matter if you click a label or an operand. This is easier than the menu entry 'Find/Reference'. The search is cyclic. If a reference is found its lines is placed in a box and put in the middle of the window. This shows the reference in its context. This is a very fast way to find all the calls to a routine or whether a label is jumped to more than once. ù Many keys use the field to which the mouse points. @endnode @node keys Keys for the miniconsole: =========================  cursor 1 to the left  cursor 1 to the right shift  cursor to start of line shift  cursor to end of line DEL delete char under cursor Backspace delete char left of cursor and move cursor 1 to the left Escape clear entire line Keys for the digger: ==================== Because the program is not an editor, the keyboard need not be set free as an input device. Only a subset of the keys have significance and are used as mere buttons. All the keys that have significance are without exception in the menu as shortcut. The program uses a extended generalized routine to search the menu tree for shortcuts; there is no separate keyboard handler. This means that with a resource editor you can tailor the keyboard usage for the assembly window to your own taste. The menu must be considered as a help if the position of the mouse pointer is of significance. Keys between <> are those that do NOT belong to the catagory 'Control'. In all other case shift is indicated by  as a prefix. Prefixes ^ and  have the well established standard meaning. Now follows a summary; for the descriptions see menu. F1-F9 F11-F19 Display options.  Next Page <=> Same Page  Prev. Page (Find) Address (Find) Hex Code (Find) Reference ^R (Find) Next reference Set start of selection Set end of selection Deselect. Goto next dc.w in text segment  One or two bytes back (to a even address)  One or two bytes forward (to a even address) ClrHome To beginning of file. Shift-ClrHome To end of file. UNDO Backtrack pages. HELP When ST-GUIDE loaded as ACC, read this manual. ^ display start of selection ^ display end of selection @endnode @node Control @alias generations wizzkids Control means: All keys that were not present on the good old typewriters. That is CNTRL, ALT, UNDU, RETURN etc. etc. and combinations. R_SHIFT & L_SHIFT if not in the original meaning of 'upper case', or used to access the upper characters on keys that have 2 different characters printed on it. For those too young to be acquainted with the good old typewriters: On those machines 'shift' was a key that actuated a lever that moved the bar up such that the upper part of the hammers would slam the bar in stead of the lower part. @endnode @node "TT-Digger" @alias book books TTD INTRODUCTION to TT-Digger v 5 and higher (This manual uses tab size 4) TT-Digger is a program designed for digging in existing software, for instance: TOS-ROM. Input can be disassembled, displayed as Hexadecimal or as ASCII text in any combination. Assembly (Standard Motorola) makes it possible to change an existing program and to reassemble it. The ROM is an interesting subject of study. This manual doesnt explain about M68K assembly itself. TT-Digger is based on the following books: MC68000 8-/16-/32-Bit Microprocessors Programmer's Reference Manual fifth edition Prentice Hall ISBN 0-13-541475-x MC68030 Enhanced 32-bit Microprocessors Manual 3d edition Prentice Hall ISBN 0-13-566423-3 MC68000 family Programmers reference maunal Mororola ISBN 1-13-723289-6 M68060 Users Manual Electronically from Motorola's Webpage. MC68881/MC68882 Floating-point Coprocessor User's Manual Prentice Hall ISBN 0-13-566936-7 Coldfire Family Programmer's Reference Manual Document Number: CFPRM Rev 3 03/2005. Freescale. @endnode @node MagiC @alias MiNT TTD knows the drop part of the drag&drop protocol. You can move a name from a drive window into any window of TTD. TTD than tries to open a file with that name. In the case TTD doesnt have a window open, there is always a small window titled "drop" that contains the program name. @endnode @node clock The friendly timer in the journal is very old. It dates back from 1972. I than was designing the very first real time application for my employer. We needed a small interactive application for doing a very save thing with the control program. Because it was fun we kept it in the full operational system. Later I heard that in the first few weeks it has been the most often used application. It was invoked by the login sequence In english: We came up with the idee during a discussion on the desirability of the use of natural language in programming languages (COBOL??). Computers did not have ears in those times. It is possible that someone else has ever invented it, but I have not seen it anywhere yet. If somebody wants it in english, well, it is not too difficult, just do it and send it to me, probably I can put a 'language' statement in the config file. :-) Or send me the English idiom. @endnode @node "hexadecimal notation" @alias hexadecimal decimal octal binary In TTD you can choose between decimal and hexadecimal notation. I have been raised on a "octal" computer (The ICL 1900 series, 24-bits). It is a form of insanity to display addresses which are natural numbers in hexadecimal. The disassembler KNOWS whether a number is an address. Octal and hexadecimal are usefull in 2 cases: 1: You have not the remotest idea what's laying before you. 2: You know what it is, but your computer system does not know and cant show it to you in a appropriate form. (Tom Lehrer 1965: base eight is the same as base ten if you're missing 2 fingers.) @endnode @node PPU2O A program which is part of the Pure Pascal package. It magically turns Pascal units into Pure C object files. @endnode @node "Werken met de disassembler" Werken met de disassembler: =========================== Algemeen Het disassembleren gaat het beste bij programma's waarin de machinecode instructies en de gegevens niet door elkaar staan. Sprongtabellen zijn echter een bekend voorbeeld van gegevens tussen de instructies in. Sprongtabellen met relocateerbare absolute adressen worden altijd correct behandeld door TT-Digger. Sprongtabellen met relatieve adressen geven op twee manieren problemen: - De adressen waar naartoe wordt gesprongen worden niet herkend. - De sprongtabel kan schijnbare machinecode instructies bevatten. Gegevens die ten onrechte worden gedisassembleerd als machinecode instructies moeten met de hand worden gewijzigd in "DC directives". Dit is zeker noodzakelijk als deze machinecode instructies naar labels verwijzen Zie het hoofdstuk over markeren van data-gebieden). Reeksen gegevens zijn vaak makkelijk te herkennen door "DC directives" en merkwaardige instructies zoals "ORI.B #$0000,D0". Een ander probleem is de adressering van het type "$xxxx(An)", waarbij "An" door het programma op een vaste waarde wordt gezet. Dit gebeurt onder andere in gecompileerde GFA-Basic programma's. Ook adressering van het type xxx(PC,Dn) kan soms zorgen voor problemen. Bij wijiging van een programma (of bij toepassing van optimaliserende assemblers) zullen dan (met de hand) extra labels moeten worden toegevoegd. In vele gevallen is het nodig om te beschikken over een goed edit-programma met uitgebreide zoekfaciliteiten. Opnieuw assembleren De uitvoer van TT-Digger kan rechtstreeks dienen als invoer voor een assembler, als een optie "Labels" of "Symbols" wordt gekozen. Als de machinecode-instructies en gegevens door elkaar worden gebruikt, dan kan de disassembler dit niet altijd goed uit elkaar houden. Gebieden met gegevens zijn dikwijls wel te herkennen door het optreden van DC.W en DC.W "directives" (define constant) tussen (veelal vreemde) instructie-reeksen. Als deze instructie- reeksen geen labels bevatten, dan geeft dit meestal geen problemen (zie echter het volgende punt). Het wordt aangeraden alle instructies die in feite gegevens zijn te vervangen door DC.W en DC.L "directives". (zie het hoofdstuk over markeren van data-gebieden). Labels op merkwaardige plaatsen (soms middenin instructies, aangegeven met EQU *-xxx) kunnen aanwijzingen zijn voor het optreden van gegevens tussen de instructies in. Gebruik om de bron te vinden. Labels middenin instructies kunnen ook het gevolg zijn van zichzelf wijzigende programma's (een uiterst dubieuze program- meertechniek!). "Slimme" assemblers De assembler-codes zoals deze door TT-Digger worden afgegeven zijn volledig eenduidig. In theorie zou na het assembleren weer precies hetzelfde programma moeten ontstaan. In de praktijk blijkt dat een aantal assemblers tracht de code te optimaliseren (absolute adressering vervangen door "program-counter"-relatieve adressering, MOVE.L #0,Dn vervangen door MOVEQ #0,Dn etc.). Dit heeft als gevolg dat niet hetzelfde programma ontstaat. Als de programma-sectie uitsluitend instructies bevat en geen adres- sering via sprongtabellen o.i.d. plaatsvindt, is dit geen enkel probleem. Anders is een (flinke) hoeveelheid "handwerk" nodig om een en ander correct te laten verlopen. "Domme" assemblers Andere assemblers kennen soms niet alle nuances van de volledige instructieset van de MC68000. Een van bekendste voorbeelden is het niet herkennen van MOVEA. Dit vergt dus de nodige aanpas- singen met de editor. Overigens blijkt ook een van de superslimme assemblers sommige instructies, zoals "BTST Dn,dd(PC)" etc., niet te kennen?! Patchen Een van de mogelijkheden voor het aanbrengen van kleine correc- ties in een programma bestaat uit het (met een file-editor o.i.d) wijzigen van een aantal bytes (patchen). Door gebruik van ST- Digger is precies bekend via welke punten een stuk programma wordt bereikt. Ook kan worden nagegaan waar vandaan er naartoe wordt gesprongen. "Patchen" is dus zeer eenvoudig en betrouwbaar mogelijk. Alleen als er in het te patchen gebied relocateerbare verwijzingen voorkomen (duidelijk zichtbaar met TT-Digger) die worden verschoven, want dan moet de relocatie-tabel worden aangepast. Dit is verre van eenvoudig, maar de resultaten kunnen achteraf wel simpel worden gecontroleerd. Vergeet niet bij programma-files (.PRG .ACC .TOS etc.) rekening te houden met de lengte van de program-header (28 bytes)! DRI-OBJECTFILES Veel compilers en assemblers leveren een module in object-formaat af. Deze modules moeten nog met behulp van een "linker" worden omgezet in een werkend programma. Bij deze omzetting worden ook meestal nog modules uit bibliotheken "meegelinkt2. Voor de structuur van de object- files bestaan (helaas) diverse mogelijjheden (DRI, GST, TDI). Het DRI- formaat lijkt toch de overhand te krijgen. ST Digger v3 kan het DRI- formaat (.O) herkennen en decoderen. Files in object-formaat zijn bijzonder interessant omdat diverse externe verwijzingen met naam en al worden getoond (Optie Symbols). TT-Digger kan ook Pure_C object files verwerken. Modules uit de bibliotheken van de diverse compilers kunnen op eenvoudige wijze worden onderzocht. De modules moeten dan wel afzonderlijk uit bibliotheken worden gehaald. Bij de meeste compilers wordt een programma geleverd waarmee dit mogelijk is. Een dergelijk programma (AR.TTP) is ook op de Sozobon-diskette (PD B 63) te vinden. Er is geen verschil tussen Pure_C objectfiles en Pure_C libraries. Wie heeft ooit niet eens een belangrijke functienaam verkeerd gespeld, verbazingwekkend klein werd het programma plotseling. Ook de GfA-Basic-compiler levert modules in eensoort DRI-object- formaat af. Deze (gecomprimeerde) files moeten echter eerst met behulp van het programma UNPACK.GA worden omgezet in het standaardformaat. De versies tot en met 3.50 van de GfA-Basic-compiler vertonen een klein foutje waardoor een ongecomprimeerde file een overschot van nul-bytes aan het eind vertoont. Hopelijk wordt dit in latere versies gecorrigeerd. De DRI-objectfiles bevatten gewoonlijk een symbooltabel. Programma's kunnen soms ook een symbooltabel bevatten. In dat geval kan de optie "Symbols" worden gekozen. Labels waarvan de naam bekend is worden dan weergegeven met deze naam. Het kan zelfs voorkomen dat diverse namen naar een zelfde label verwijzen. Deze namen worden zoveel mogelijk op het scherm getoond. Onder aan het scherm kunnen soms namen wegvallen. Bij het schrijven naar een file worden altijd alle namen opgenomen. N.B.: De extensie .O is geen absolute garantie dat het om een DRI- objectfile gaat. Bijvoorbeeld Turbo C (versie 2) & Pure C genereren normaal objectfiles met de extensie .O met een afwijkend formaat. Turbo C & Pure C kunnen echterwel DRI-objectmodules afleveren. TT-Digger kan nu ook het Pure_C formaat verwerken. @endnode @node Achtergronden Achtergronden: ============== Adresseringsmogelijkheden en variabele lengte van instructies De MC68000 family microprocessors heeft een gigantische set basisinstructies en veel van deze instructies hebben een De MC68000 microprocessor heeft een betrekkelijk kleine set basisinstructies, maar veel van deze basisinstructies hebben een uitgebreid scala aan variaties van adresseringsmogelijkheden. Bij deze adresseringsmogelijheden geldt een aantal beperkingen, waarvan de meeste gebaseerd zijn het principe van scheiding van programma en gegevens. Zo is het nooit toegestaan rechtstreeks via "program-counter" relatieve adressering (dd(PC), d(PC,Rn) en "immediate") gegevens in het geheugen te wijzigen. Verder mag in een aantal gevallen alleen naar even adressen worden verwezen (sprongen, woord (.W) en langwoord (.L) instructies. TT-Digger voert een rigoreuze controle uit van al deze beperkingen, zodat uitsluitend geldige instructies worden gegenereerd. De diverse adresseringsmogelijheden hebben ook tot gevolg dat niet alle instructies evenlang zijn (2 tot 22 bytes per instructie). Als het disassembleren op een willekeurig adres begint, dan is er een grote kans dat midden in een instructie wordt gestart. Door de rigoreuze controles door TT-Digger zal dit effect meestal niet doorwerken in volgende instructies. Ook wordt door deze controles de kans verminderd dat gegevens ten onrechte voor instructies worden aangezien. Methodes voor Label-herkenning Een van de methodes voor het genereren van labels bestaat uit het volledig disassembleren van een programma en het bijhouden van adressen waar naar wordt verwezen. Dit is een trage methode met het risico dat labels worden gemist als sommige instructies worden gemaskeerd doordat instructies en gegevens door elkaar heen staan. Een andere methode bestaat uit het woord voor woord (16 bit) nagaan of dit een mogelijk begin is van een instructie met "program-counter" relatieve verwijzing. Als dit het geval is dan wordt verder gecontroleerd of het een geldige verwijzing is (toelaatbare adres-mode voor de instructie, even adres bij programmasprong of bij woord (.W) en langwoord (.L) instructies). Deze methode kan zeer snel werken. Soms worden valse labels gevonden, maar dat is ook met de eerste methode niet te vermijden. TT-Digger past de tweede methode toe. Bij relocateerbare programma's geven ook de veranderbare absolute verwijzingen aanleiding tot labels. In de andere gevallen (bijv. ROM of RAM) leveren absolute verwijzingen die in de opgegeven programma-range vallen, labels op. Dit laatste geeft wel kans op het ten onrechte gebruiken van een label. @endnode @node Epilogue This program is born out of practice. The primordeal form (on a Sinclair QL) saw the light in times that good disassemblers for the MC68000 microprocessors were not commonly available. During development miscellaneous choices were made on facilities, layout, et cetera. These choices were made on behalf of the personal insights of the author (At least 1 satisfied user). In all versions is gracefully made use of suggestions by all sorts of users. september 1996 : In the mean time the program is put in the Public Domain. The authors of TT-Digger are convinced that this is a usefull program that conforms to high standards of the profession. The use of this program however is for the risk of the user completely. WARNING: It is often forbidden by law of copyright to disassemble and/or modify software of third parties. @endnode @node Motorola @alias Coldfire M68K M68000 MC68000 MC68010 MC68020 MC68030 MC68040 MC68060 MC68851 MC68881 family (c) 1996-2011 by H. Robbers @ Amsterdam the Netherlands For those familiar with MC68000 family processors who desparately want to go around any other way but cant. SZ=00:B, 01:W, 10:L defenitely NOT 11 column 1: ' ' = 68000 family * = higher than 68000 - = Coldfire v4e ISA_C as extension or restriction C = Coldfire v4e ISA_C ONLY # = NOT Coldfire if otherwise family 1=68010/12, 2=68020, 3=68030, 4=68040, 6=68060, 5=68551, 8=68881, S=privileged A Coldfire instruction can never be longer than 6 bytes. Any combination of operands resulting in more than 2 extension words are invalid. This occurs mostly with the move instruction and floating point instructions. Coldfire does NOT implement base and outer displacement. Coldfire DOES implement scale facter for Xn. <.....> = effective address: ..... = restrictions on addressing mode: x: one octal digit for a register number cntr control 2x 5x 6x 70 71 72 73 c_alt control alterable 2x 5x 6x 70 71 c_add control addressable 2x 5x 6x 70 71 72 73 74 m_alt memory alterable 2x 3x 4x 5x 6x 70 71 d_alt data alterable 0x 2x 3x 4x 5x 6x 70 71 d_add data addressable 0x 2x 3x 4x 5x 6x 70 71 72 73 74 m_add memory addresing 2x 3x 4x 5x 6x 70 71 72 73 74 alter all alterable 0x 1xWL 2x 3x 4x 5x 6x 70 71 all 0x 1xWL 2x 3x 4x 5x 6x 70 71 72 73 74 + includes (An)+ - includes -(An) D includes Dn direct addressing modes for <.....> m0/m1 r0/r1 0 x Dn 1 x An 2 x (An) 3 x (An)+ 4 x -(An)+ 5 x d(An) 6 x d(An,Xn) 7 0 nnnnn.W 1 nnnnn.L 2 d(PC) 3 d(PC,Xn) 4 #data --- line 0 -------------------------------------------------------------------- 1 0 1 0 5432 109 876 543 210 54321098 76543210 r1 m1 m0 r0 # ori -> ccr 0000 000 000 111 100 00000000 ######## B #S ori -> sr 0000 000 001 111 100 ######## ######## W ori 0000 000 0SZ #data B,W,L - ori.l 0000 000 010 000 ddd #data L C bitrev 0000 000 011 000 ddd #data L # andi -> ccr 0000 001 000 111 100 00000000 ######## B #S andi -> sr 0000 001 001 111 100 ######## ######## W andi 0000 001 0SZ #data B,W,L - andi.l 0000 001 010 000 ddd #data L C byterev 0000 001 011 000 ddd #data L * cmp2 0000 0SZ 011 Txxx0000 00000000 * chk2 0000 0SZ 011 Txxx1000 00000000 subi 0000 010 0SZ #data B,W,L - subi.l 0000 010 010 000 ddd #data L C ff1 0000 010 011 000 ddd #data L addi 0000 011 0SZ #data B,W,L - addi.l 0000 011 010 000 ddd #data L 2 callm 0000 011 011 00000000 ######## btst #n,ea 0000 100 000 00000000 ######## bchg #n,ea 0000 100 001 00000000 ######## bclr #n,ea 0000 100 010 00000000 ######## bset #n,ea 0000 100 011 00000000 ######## # eori -> ccr 0000 101 000 111 100 00000000 ######## B #S eori -> sr 0000 101 001 111 100 ######## ######## W eori 0000 101 0SZ #data B,W,L - eori.l 0000 101 010 000 ddd #data L cmpi 0000 110 0SZ #data B,W,L - cmpi 0000 110 0SZ 000 ddd #data B,W,L *S moves 0000 111 0SZ txxxr000 00000000 * cas 0000 1ss 011 0000000u uu000ccc ss=01:B, 10:W, 11:L * cas2 0000 1ss 011 111 100 zie boek ss= 10:W, 11:L # movep 0000 xxx 1rm 001 aaa btst Dn,ea 0000 xxx 100 bchg Dn,ea 0000 xxx 101 bclr Dn,ea 0000 xxx 110 bset Dn,ea 0000 xxx 111 --- line 1,2,3----------------------------------------------------------------- 1 0 1 0 5432 109 876 543 210 54321098 76543210 r1 m1 m0 r0 move 00ss < all > ss=01: B, 11:W, 10:L movea 00ss aaa 001 < all > ss= 11:W, 10:L --- line 4 -------------------------------------------------------------------- 1 0 1 0 5432 109 876 543 210 54321098 76543210 r1 m1 m0 r0 negx 0100 000 0SZ - negx.l 0100 000 010 000 ddd S move <- sr 0100 000 011 -S move <- sr 0100 000 011 000 ddd C stldsr 0100 000 011 100 111 0100 011 011 111 100 ######## ######## clr 0100 001 0SZ * move <- ccr 0100 001 011 - move <- ccr 0100 001 011 000 ddd neg 0100 010 0SZ - neg.l 0100 010 010 000 ddd move -> ccr 0100 010 011 not 0100 011 0SZ - not.l 0100 011 010 000 ddd S move -> sr 0100 011 011 * link.l 0100 100 000 001 aaa 32 bit displ nbcd 0100 100 000 swap 0100 100 001 000 ddd * bkpt 0100 100 001 001 ### pea 0100 100 001 ext 0100 100 0ss 000 ddd ss=10:W, 11:L movem ->mem 0100 100 01s <-c_alt> mmmmmmmm mmmmmmmm s=0:W,1:L - movem ->mem 0100 100 01s mmmmmmmm mmmmmmmm -* extb.l 0100 100 111 000 ddd (lea Dn,A4 :-) tst 0100 101 0SZ * tst 0100 101 0SZ < all > C halt 0100 101 011 001 000 C pulse 0100 101 011 001 100 tas 0100 101 011 illegal 0100 101 011 111 100 D D - mulu.l 0100 110 000 0lll0000 00000000 32bit to lll * mulu.l 0100 110 000 0lll0s00 00000hhh s=0:32bit to lll, s=1:64bit to hhh:lll - muls.l 0100 110 000 0lll1000 00000000 * muls.l 0100 110 000 0lll1s00 00000hhh - divu.l 0100 110 001 0qqq0000 00000qqq * divul.l 0100 110 001 0qqq0000 00000rrr C remu.l 0100 110 001 0qqq0000 00000rrr * divu.l 0100 110 001 0qqq0100 00000rrr - divs.l 0100 110 001 0qqq1000 00000qqq * divsl.l 0100 110 001 0qqq1000 00000rrr C rems.l 0100 110 001 0qqq1000 00000rrr * divs.l 0100 110 001 0qqq1100 00000rrr C sats 0100 110 010 000 ddd movem ->reg 0100 110 01s mmmmmmmm mmmmmmmm s=0:W,1:L - movem ->reg 0100 110 01s mmmmmmmm mmmmmmmm trap 0100 111 001 00# ### link 0100 111 001 010 aaa dddddddd dddddddd unlk 0100 111 001 011 aaa S move An,usp 0100 111 001 100 aaa S move usp,An 0100 111 001 101 aaa S reset 0100 111 001 110 000 nop 0100 111 001 110 001 S stop 0100 111 001 110 010 ######## ######## S rte 0100 111 001 110 011 * rtd 0100 111 001 110 100 dddddddd dddddddd rts 0100 111 001 110 101 # trapv 0100 111 001 110 110 # rtr 0100 111 001 110 111 2 rtm Dn 0100 111 001 110 ddd *S movec Rc,Rn 0100 111 001 111 010 txxxcccc cccccccc -*S movec Rn,Rc 0100 111 001 111 011 txxxcccc cccccccc 2 rtm An 0100 111 001 111 aaa jsr 0100 111 010 jmp 0100 111 011 * chk.l 0100 xxx 100 # chk.w 0100 xxx 110 lea 0100 aaa 111 --- line 5 -------------------------------------------------------------------- 1 0 1 0 5432 109 876 543 210 54321098 76543210 r1 m1 m0 r0 addq 0101 ### 0SZ - addq.l 0101 ### 010 subq 0101 ### 1SZ - subq.l 0101 ### 110 # dbcc 0101 cccc 11 001 ddd dddddddd dddddddd scc 0101 cccc 11 - scc 0101 cccc 11 000 ddd C tpf 0101 0001 11 111 mmm #data B?,W,L * trapcc.w # 0101 cccc 11 111 010 ######## ######## * trapcc.l # 0101 cccc 11 111 011 32 bit data * trapcc 0101 cccc 11 111 100 1 0 1 0 --- line 6 -------------------------------------------------------------------- 5432 1098 7654 3210 54321098 76543210 bra.b 0110 0000 dddd dddd bra.w 0110 0000 0000 0000 dddddddd dddddddd -* bra.l 0110 0000 1111 1111 32 bits displ bsr.b 0110 0001 dddd dddd bsr.w 0110 0001 0000 0000 dddddddd dddddddd -* bsr.l 0110 0001 1111 1111 32 bits displ bcc.b 0110 cccc dddd dddd bcc.w 0110 cccc 0000 0000 dddddddd dddddddd -* bcc.l 0110 cccc 1111 1111 32 bits displ --- line 7 -------------------------------------------------------------------- moveq 0111 ddd0 #### #### C mvs 0111 ddd 10s s= word, s= long C mvz 0111 ddd 11s s= word, s= long --- line 8 -------------------------------------------------------------------- 1 0 1 0 5432 109 876 543 210 54321098 76543210 r1 m1 m0 r0 or ea,Dn 1000 ddd 0SZ - or.l ea,Dn 1000 ddd 010 divu 1000 ddd 011 # sbcd Dx,Dy 1000 yyy 100 000 ddd # sbcd -(Ax),-(Ay)1000 yyy 100 001 aaa * pack Dx,Dy 1000 yyy 101 000 ddd jjjjjjjj jjjjjjjj * pack -(Ax),-(Ay)1000 yyy 101 001 aaa jjjjjjjj jjjjjjjj * unpk Dx,Dy 1000 yyy 110 000 ddd jjjjjjjj jjjjjjjj * unpk -(Ax),-(Ay)1000 yyy 110 001 aaa jjjjjjjj jjjjjjjj or Dn,ea 1000 ddd 1SZ - or.l Dn,ea 1000 ddd 110 divs 1000 ddd 111 --- line 9 -------------------------------------------------------------------- r1 m1 m0 r0 sub ea,Dn 1001 ddd 0SZ < all > - sub.l ea,Dn 1001 ddd 010 < all > # suba.w 1001 aaa 011 < all > subx Dx,Dy 1001 yyy 1SZ 000 ddd - subx.l Dx,Dy 1001 yyy 110 000 ddd # subx -(Ax),-(Ay)1001 yyy 1SZ 001 aaa sub Dn,ea 1001 ddd 1SZ - sub.l Dn,ea 1001 ddd 110 suba.l 1001 aaa 111 < all > --- line A -------------------------------------------------------------------- r1 m1 m0 r0 # Linea 1010 ### ### ### ### Line_a emulator C move3q #d,ea 1010 ### 101 C MAC... beyond the scope of this document --- line B -------------------------------------------------------------------- 1 0 1 0 5432 109 876 543 210 54321098 76543210 r1 m1 m0 r0 cmp ea,Dn 1011 ddd 0SZ < all > cmpa.w 1011 aaa 011 < all > cmpm 1011 xxx 1SZ 001 yyy eor Dn,ea 1011 ddd 1SZ (cmp Dn,ea misused) - eor.l Dn,ea 1011 ddd 110 cmpa.l 1011 aaa 111 < all > --- line C -------------------------------------------------------------------- and ea,Dn 1100 ddd 0SZ - and.l ea,Dn 1100 ddd 010 mulu 1100 ddd 011 # abcd Dx,Dy 1100 yyy 100 000 ddd # abcd -(Ax),-(Ay)1100 yyy 100 001 aaa and Dn,ea 1100 ddd 1SZ and.l Dn,ea 1100 ddd 110 muls 1100 ddd 111 # exg Dx,Dy 1100 xxx 101 000 yyy # exg Ax,Ay 1100 xxx 101 001 yyy # exg Dx,Ay 1100 xxx 110 001 yyy --- line D -------------------------------------------------------------------- add ea,Dn 1101 ddd 0SZ < all > - add.l ea,Dn 1101 ddd 010 < all > # adda.w 1101 aaa 011 < all > addx Dx,Dy 1101 yyy 1SZ 000 ddd - addx.l Dx,Dy 1101 yyy 110 000 ddd # addx -(Ax),-(Ay)1101 yyy 1SZ 001 aaa add Dn,ea 1101 ddd 1SZ - add.l Dn,ea 1101 ddd 110 adda.l 1101 aaa 111 < all > --- line E -------------------------------------------------------------------- asl,asr #,Dn 1110 ### rSZ 000 ddd shifts: r=0:right,1=left lsl,lsr 1110 ### rSZ 001 ddd - asl,asr #,Dn 1110 ### r10 000 ddd - lsl,lsr 1110 ### r10 001 ddd # roxl,roxr 1110 ### rSZ 010 ddd # rol,ror 1110 ### rSZ 011 ddd asl,asr Dx,Dy 1110 xxx rSZ 100 yyy lsl,lsr 1110 xxx rSZ 101 yyy - asl,asr Dx,Dy 1110 xxx r10 100 yyy - lsl,lsr 1110 xxx r10 101 yyy # roxl,roxr 1110 xxx rSZ 110 yyy # rol,ror 1110 xxx rSZ 111 yyy # asl,asr 1110 000 r11 B # lsl,lsr 1110 001 r11 B # roxl,roxr 1110 010 r11 B # rol,ror 1110 011 r11 B * bftst 1110 100 011 0000dooo ooDwwwww * bfextu 1110 100 111 0xxxdooo ooDwwwww * bfchg 1110 101 011 0000dooo ooDwwwww * bfexts 1110 101 111 0xxxdooo ooDwwwww * bfclr 1110 110 011 0000dooo ooDwwwww * bfffo 1110 110 111 0xxxdooo ooDwwwww * bfset 1110 111 011 0000dooo ooDwwwww * bfins 1110 111 111 0xxxdooo ooDwwwww --- line F -------------------------------------------------------------------- The Coldfire only knows coprocessor 1, the floating point set. Coldfire floating point doesnt implement size x (12 bytes) 1 0 1 0 5432 109 876 543 210 54321098 76543210 r1 m1 m0 r0 35S ploadr 1111 000 000 00100010 000FFFFF zie boek 35S ploadw 1111 000 000 00100000 000FFFFF zie boek 5 pvalid VAL,ea 1111 000 000 00101000 00000000 " 5 pvalid (An),ea 1111 000 000 00101100 00000rrr " 3S pflush 1111 000 000 001mmm00 MMMFFFFF " 5S pflush 1111 000 000 001mmm0M MMMFFFFF " 3S pmove ea,MRn 1111 000 000 010ppp00 00000000 for srp,crp&tc 3S pmove.. MRn,ea 1111 000 000 010ppp1f 00000000 " 011000r0 00000000 for mmusr 000010rf 00000000 for TT0 000011rf 00000000 for TT1 f = 1: .. = fd 5S pmove 1111 000 000 < ') > 010pppr0 00000000 for tc,drp,srp, crp,cal,val,scc, ac 011pppr0 000num00 for bad,bac 011pppr0 00000000 for psr,pcsr ') r=1: alter, r=0: all 35S ptest 1111 000 000 100lllra xxxFFFFF 5S pflushr 1111 000 000 10100000 00000000 " 5S pdbcc 1111 000 001 001 ddd 00000000 00cccccc 5S pscc 1111 000 001 00000000 00cccccc 5S ptrapcc 1111 000 001 111 ooo 00000000 00cccccc 5S pbcc.w 1111 000 010 ccc ccc dddddddd dddddddd 5S pbcc.l 1111 000 011 ccc ccc 32 bit displ 5S psave 1111 000 100 <-c_alt> 5S prestore 1111 000 101 *8S fsave 1111 001 100 <-c_alt> *8S frestore 1111 001 101 very special are: *8 fmovem ea,m 1111 001 000 110-0000 mmmmmmmm *8 fmovem ea,Dn 1111 001 000 110-1000 0ddd0000 *8 fmovem m,ea 1111 001 000 <-c_alt> 111+0000 mmmmmmmm *8 fmovem Dn,ea 1111 001 000 <-c_alt> 111+1000 0ddd0000 1 0 1 0 5432 109 876 543 210 54321098 76543210 r1 m1 m0 r0 CS intouch 1111 010 000 101 aaa zie book 46S cinv 1111 010 0cc 0sc aaa " 46S cpush 1111 010 0cc 1sc aaa " 3S pflusha 1111 000 000 0010 010 000 000 000 3S pflush 1111 000 000 001m mm0 0xx xff fff 46S pflush 1111 010 100 0oo aaa zie book 4S ptestw 1111 010 101 001 aaa " 4S ptestr 1111 010 101 101 aaa " 6S plpa 1111 010 11r 001 aaa " 46 move16 (Ay)+,L 1111 011 000 000 yyy 32 bit address 46 move16 L,(Ay)+ 1111 011 000 001 yyy 32 bit address 46 move16 (Ay),L 1111 011 000 010 yyy 32 bit address 46 move16 L,(Ay) 1111 011 000 011 yyy 32 bit address 46 move16 Ax+,Ay+ 1111 011 000 100 xxx 1yyy0000 00000000 6S lpstop 1111 100 000 000 000 00000001 11000000 #### #### #### #### General coprocessor instructions: 23 cpGEN 1111 cpi 000 <.....> command&extensions 23 cpDBcc 1111 cpi 001 001 ddd 00000000 00cccccc 23 cpScc 1111 cpi 001 00000000 00cccccc 23 cpTRAPcc 1111 cpi 001 111 ooo 00000000 00cccccc + word|long 23 cpBcc.w 1111 cpi 010 ccc ccc 23 cpBcc.l 1111 cpi 011 ccc ccc 23S cpSAVE 1111 cpi 100 <-c_alt> 23S cpRESTORE 1111 cpi 101 On the 68040, 68060 and Coldfire the following floating point opcodes have the fs.... and fd.... variants: s d fabs 0x18 0x58 0x5c fadd 0x22 0x62 0x66 fdiv 0x20 0x60 0x64 fmove 0x00 0x40 0x44 fmul 0x23 0x63 0x67 fneg 0x1a 0x5a 0x5e fsqrt 0x04 0x41 0x45 fsub 0x28 0x68 0x6c @endnode @pnode "Henk Robbers" Henk Robbers. te Amsterdam tlf: 020 4182901 mailto:h.robbers@chello.nl http://members.ams.chello.nl/h.robbers/Home.html @endnode @pnode "Han Driesen" Han Driesen. Oorspronkelijke auteur. Kerndredacteur blad ST van de stichting ST. Postbus 11129 2301 EC Leiden @endnode @pnode "Stichting ST" Stichting ST Thuishaven van Atari in Nederland. Postbus 11129 2301 EC Leiden mailto:atarist@xs4all.nl http://www.xs4all.nl/~atarist @endnode