hello,
I am trying to understand IOP hardware reset. so i take a look at rom0:RESET and it is all ok but at the end there is a jal instruction to 0x0fc02600. please tell me what is going on here. what is 0x0fc02600, it should be invalid, no?
good day,
superfrog12
IOP Reset
When you are reversing code for which there is no documentation, you are pretty much on your own. Unless you get help from someone who has already reversed it, which I think is unlikely, as most people I've come across keep their reversed code for themselves. In short, I think its unlikely you will get much help here :-)
However, this is not a dead end. What you should do is write a small IOP module which dumps like 1 KB of memory at 0x0fc02600 and see whats there. You could then compare the 1 KB chunk to your dumped BIOS and I'm pretty confident you will find a match somewhere :-)
However, this is not a dead end. What you should do is write a small IOP module which dumps like 1 KB of memory at 0x0fc02600 and see whats there. You could then compare the 1 KB chunk to your dumped BIOS and I'm pretty confident you will find a match somewhere :-)
-
superfrog12
- Posts: 14
- Joined: Sun Jun 22, 2008 11:20 pm
Hello Lukasz,
thank you for reply, yes that is what I tried of course too, but it will just stall if I try to read from that memory address. I think I must be overseeing something obvious...oh well if I figure it out eventually I will let you know. I agree with you, it is very unfortunate most people do not share their discoveries, i ask why?
thank you for reply, yes that is what I tried of course too, but it will just stall if I try to read from that memory address. I think I must be overseeing something obvious...oh well if I figure it out eventually I will let you know. I agree with you, it is very unfortunate most people do not share their discoveries, i ask why?
...actually RESET module contains initialization sequence for both EE and IOP. It is executed during reset/bootstrap and excecution starts at 0xBFC00000. If you use 'ps2dis' disassembler then you can try to put this value in "Address from" field and everything will become more clear (your 0x0fc02600 will probably turn into 0xbfc02600)...
I had a quick look at RESET and EEUG is right, the function call (jal) you are refering to calls a function within RESET. The parameters for the function are
Based on these parameters and the fact that the code jumps to the return value of this function, I'd say this function looks for IOPBOOT in the BIOS and then jumps to the entrypoint of IOPBOOT (mine is located at 0xbfc4a000).
I'm surprised you even got this far without having set the correct base address for RESET, as it jumps to the static address 0xbfc02000 at the very beginning of the module, when loaded on the IOP :-)
Code: Select all
func_bfc02600(0xbfc00000, 0xbfc80000, "IOPBOOT")I'm surprised you even got this far without having set the correct base address for RESET, as it jumps to the static address 0xbfc02000 at the very beginning of the module, when loaded on the IOP :-)
Last edited by Lukasz on Thu Jul 10, 2008 4:28 am, edited 1 time in total.
-
superfrog12
- Posts: 14
- Joined: Sun Jun 22, 2008 11:20 pm