Rockbox mail archiveSubject: Re: MPeye HTS-150
Re: MPeye HTS-150
From: Tim Schmidt <timschmidt_at_gmail.com>
Date: Wed, 14 Dec 2005 13:07:10 -0500
> That is truely revealing. I played a little with it and I would say that it is
> likely that the addresses spaces in use are at 0x10000000 and 0x30c0000.
> Possibly one of them are the flash and the other the ram.
> (using 'm68k-elf-objdump -mm68k -D -b binary HTS_100.frg' of course to
> dissassemble it)
> The most used subroutines (by grepping for 'jsr'):
> 199 0x30c45424
> 172 0x100002cc
> 82 0x30c71370
> 81 0x30c557ac
> 63 0x10000340
> 61 0x30c4fa10
> 61 0x30c4f7bc
> 60 0x30c70efc
> Perhaps the start of the .frg file can be what should be at address 0x10000000
> since at index 340 (the fifth most commonly called jsr) there seems to be a
> tiny function that moves data from d0 to the stack and then it calls
> 0x30c4f7bc. It looks like some kind of function dispatcher that could be
> actual code.
> I'm not sure this is actually usable for anything, but here it is! ;-)
Based on the descriptions of the player's function that I've found
on-line, while playing, it supposedly spins up the disk, copies
several megabytes of data to it's ram as a buffer, and then spins down
the disk. In other words, the ram is there as a buffer and not much
else. Assuming the software executes in place on the flash (without
needing to be copied to ram) that would make 0x10000000 likely the
beginning of ram and 0x30c0000 the beginning of flash. Of course, I
could be all wrong.
Received on 2005-12-14