Sub-routine Structure
Thanks guys. The SUB400 and SUB41E stuff makes sense to me from the "black box" perspective. I just wanted to know what it was doing as it is called a lot.
Roadspike, most of it is making sense and I appreciate the offer. I can't read it like a book, but I can eventually make some sense out of it. MRFred's ROM with a ton of the RAM variables listed REALLY helped make sense out of everything. Although, if there is an EVO VIII ROM out there that is similarly notated, I'd love to see it.
The extra MIVEC stuff does break up the flow quiet a bit.
Roadspike, most of it is making sense and I appreciate the offer. I can't read it like a book, but I can eventually make some sense out of it. MRFred's ROM with a ton of the RAM variables listed REALLY helped make sense out of everything. Although, if there is an EVO VIII ROM out there that is similarly notated, I'd love to see it.
The extra MIVEC stuff does break up the flow quiet a bit.
Maybe its a good idea to make a list with these library subs.
I have collected some from other disassemblies. Most of them can be seen as blackbox.
You are welcome adding names.
0x0400 status_store
0x041E status_restore
0x0430 do_something_with_SR
0x0500 R0isR5plusR4
0x051C R4plusR5_maxFFFFFFFF
0x052C Clear_ram_formR4toR5
0x053E between_r4_r5_ram_decrement1
0x0562 between_r4_r5_ram_increment1
0x0590 Byte_Extend_R4_Greater_Than_Minus_One
0x0598 Word_Extend_R4_Greater_Than_Minus_One
0x05A8 Get_Max_Of_R4_R5_R6_Into_R0
0x05B0 sub_5B0
0x05D0 sub_5D0
0x05E8 r4_mult_r5_div_r6_to_r0
0x068A multr4r5divr6
0x06A2 sub_6A2
0x0752 sub_752
0x0762 r0_is_r4_x_r5
0x0780 R4xR5_Strange
0x07D0 R4XR5
0x07E6 sub_7E6
0x0804 R4_Mult_R5_Div_64_Add_1_Etc2_Into_R0
0x0864 R0_is_Shiftright8_R4
0x086A r4_shift_right_16_to_r0
0x0870 R4_MULTIPLY_256_ZERO_EXTEND_WORD_INTO_R0
0x0876 R0_R4
0x087C sub_87C
0x0898 R4_Complex_Into_R0
0x08B4 sub_8B4
0x08B8 NOT_SHLL8_OR_R4_INTO_R0
0x08C4 R5_Div_R4_Into_R0
0x0902 R5divR4
0x09B0 sub_9B0
0x09F2 R4_DIV_R5_Into_R0_0
0x09FA sub_9FA
0x0AB8 R5x_R0minusR6_plusR6xR4
0x0AE0 sub_AE0
0x0B16 BETWEEN_R4_R5byR6
0x0B68 sub_B68
0x0C28 Table_lookup_2D
0x0CC6 table_lookup_axis
0x0D7A sub_D7A
0x0DC6 DIM_MASS_GET
0x0DD2 DIM_MASS_GET1
0x0DE0 query_3D_Table
0x0DF6 GET_LOC_DIM
0x0E02 getfromtable
0x0ED8 R4_Mult_R5_Into_R0_0
0x0EEE R4_Mult_R5_Into_R0
0x0EF8 sub_EF8
0x0F0C R4_Minus_R5_Into_R0
0x0F0C R0_is_R4_Minus_R5
0x0F12 sub_F12
I have collected some from other disassemblies. Most of them can be seen as blackbox.
You are welcome adding names.
0x0400 status_store
0x041E status_restore
0x0430 do_something_with_SR
0x0500 R0isR5plusR4
0x051C R4plusR5_maxFFFFFFFF
0x052C Clear_ram_formR4toR5
0x053E between_r4_r5_ram_decrement1
0x0562 between_r4_r5_ram_increment1
0x0590 Byte_Extend_R4_Greater_Than_Minus_One
0x0598 Word_Extend_R4_Greater_Than_Minus_One
0x05A8 Get_Max_Of_R4_R5_R6_Into_R0
0x05B0 sub_5B0
0x05D0 sub_5D0
0x05E8 r4_mult_r5_div_r6_to_r0
0x068A multr4r5divr6
0x06A2 sub_6A2
0x0752 sub_752
0x0762 r0_is_r4_x_r5
0x0780 R4xR5_Strange
0x07D0 R4XR5
0x07E6 sub_7E6
0x0804 R4_Mult_R5_Div_64_Add_1_Etc2_Into_R0
0x0864 R0_is_Shiftright8_R4
0x086A r4_shift_right_16_to_r0
0x0870 R4_MULTIPLY_256_ZERO_EXTEND_WORD_INTO_R0
0x0876 R0_R4
0x087C sub_87C
0x0898 R4_Complex_Into_R0
0x08B4 sub_8B4
0x08B8 NOT_SHLL8_OR_R4_INTO_R0
0x08C4 R5_Div_R4_Into_R0
0x0902 R5divR4
0x09B0 sub_9B0
0x09F2 R4_DIV_R5_Into_R0_0
0x09FA sub_9FA
0x0AB8 R5x_R0minusR6_plusR6xR4
0x0AE0 sub_AE0
0x0B16 BETWEEN_R4_R5byR6
0x0B68 sub_B68
0x0C28 Table_lookup_2D
0x0CC6 table_lookup_axis
0x0D7A sub_D7A
0x0DC6 DIM_MASS_GET
0x0DD2 DIM_MASS_GET1
0x0DE0 query_3D_Table
0x0DF6 GET_LOC_DIM
0x0E02 getfromtable
0x0ED8 R4_Mult_R5_Into_R0_0
0x0EEE R4_Mult_R5_Into_R0
0x0EF8 sub_EF8
0x0F0C R4_Minus_R5_Into_R0
0x0F0C R0_is_R4_Minus_R5
0x0F12 sub_F12
This was taken from MrFred's annotated ROM:
Math_500_Sub !lesser of (r4+r5) and 0xFFFF -> r0
Math_514_Sub !(r4 + r5) -> r0
Math_51C_Sub !lesser of (r4 + r5) and 0xFFFF -> r0
Math_52C_Sub !When r4 < r5, #0 gets written to RAM Address @r4 and r4 is incremented 2, Else rts
Math_53E_Sub !Decrement value in each RAM address from r4 to (r5-2) by #1. Exit subroutine with r4 >= r5. Min value is #0.
Math_562_Sub !Increment value in each RAM address from r4 to (r5-2) by #1. Exit subroutine with r4 >= r5. Ceiling value is #65535.
Math_590_Sub !Constrain r4 to within 0xFF
Math_598_Sub !Constrain r4 to within 0xFFFF
Math_5A8_Sub !Constrain r4 to within lower/upper values of r5/r6 and r6/r5
Math_5D0_Sub !Lesser of [(r4*r5)/r6] and 0xFFFF -> r0
Math_5E8_Sub !Lesser of [(r4 * r5) / r6] and 0xFFFFFFFF -> r0
Math_68A_Sub !([(r4 * r5) / r6] + 1/2) -> r0
Math_6A2_Sub !([(r4 * r5) / r6] + 1/2) -> r0
Math_752_Sub !Lesser of [(r4 * r5) / 128] and 0xFFFF
Math_762_Sub !Lesser of ([(r4 * r5) / 128] + 1/2) and 0xFFFF -> r0
Math_780_Sub !Lesser of [(r4 * r5) / 128] and 0xFFFFFFFF -> r0, r5 is word length, r4 can be long word
Math_7A6_Sub !Lesser of [(r4 * r5) / 128] and 0xFFFFFFFF -> r0
Math_7D0_Sub !Lesser of [(r4 * r5) / 256] and 0xFFFF -> r0
Math_7E6_Sub !Lesser of [(r4 * r5) / 256] and 0xFFFFFFFF -> r0
Math_804_Sub !Lesser of ([(r4 * r5) / 256] +1/2) and 0xFFFF -> r0
Math_864_Sub !(r4 / 256) -> r0
Math_86A_Sub !(r4 / 65536) -> r0
Math_870_Sub !(r4 * 256) -> r0
Math_87C_Sub
Math_898_Sub !Lesser of (MSW of r4) and (0xFFFF) -> r0
Math_8B8_Sub !inv(byte(r4))|byte(r4) -> r0 (word length value is result)
Math_8C4_Sub !Lesser of (r4 / r5) and 0xFFFF -> r0
Math_902_Sub !Lesser of (r4 / r5) and 0xFFFF -> r0
Math_9B0_Sub !Lesser of [(r4 / r5) + 1/2] and 0xFFFF -> r0
Math_9F2_Sub !lesser of [(r4 / r5) + 1/2] and 0xFFFF -> r0
Math_9FA_Sub !Lesser of [(r4 / r5) + 1/2) and 0xFFFF -> r0
Math_AB8_Sub !Lesser of ([(r4*r6) + [r5*(256-r6)]]/256) and 0xFFFF -> r0
Math_AE0_Sub !Lesser of [(r4*r6) + [r5*(256-r6)]]/256 and 0xFFFFFFFF -> r0
Math_B16_Sub ! Lesser of [r4*r6 + r5*(255-r6)]/255 and 0x???? -> r0, This is a sub to interpolate between r4 and r5 using r6
Math_C28_Sub !Table Interpolation Sub
Math_CC6_Sub !Axis Interpolation Sub
Math_D7A_Sub !Linear Interpolation of r4 and r5 using r6 as the scalar, results -> r0
Math_DC6_Sub !byte [@{(lowest 3 bits of FFFF6BC0) + r4}] -> r0
Math_DE0_Sub ! Interpolation using MAP Index Sub, sub_C28 of [(shll2 of lowest 3 bits in MAPIndex_MUT34) + (r4)] -> r0
Math_DF6_Sub !map switch subroutine for long length values, determines which map is used from MAPIndex_MUT34, r4 is base address for map switch address array, r0 output is looked up address of the map to use
Math_ED8_Sub !Lesser of r4*r5 and 0xFFFF -> r0
Math_EEE_Sub !Lesser of r4*r5 and 0xFFFF -> r0
Math_EF7_Sub !Lesser of r4*r5 and 0xFFFFFFFF -> r0
Math_F0C_Sub !if r4>r5, then r0=r4-r5 else r0=0
Math_F12_Sub !greater of r4-r5 and #0 -> r0
Math_500_Sub !lesser of (r4+r5) and 0xFFFF -> r0
Math_514_Sub !(r4 + r5) -> r0
Math_51C_Sub !lesser of (r4 + r5) and 0xFFFF -> r0
Math_52C_Sub !When r4 < r5, #0 gets written to RAM Address @r4 and r4 is incremented 2, Else rts
Math_53E_Sub !Decrement value in each RAM address from r4 to (r5-2) by #1. Exit subroutine with r4 >= r5. Min value is #0.
Math_562_Sub !Increment value in each RAM address from r4 to (r5-2) by #1. Exit subroutine with r4 >= r5. Ceiling value is #65535.
Math_590_Sub !Constrain r4 to within 0xFF
Math_598_Sub !Constrain r4 to within 0xFFFF
Math_5A8_Sub !Constrain r4 to within lower/upper values of r5/r6 and r6/r5
Math_5D0_Sub !Lesser of [(r4*r5)/r6] and 0xFFFF -> r0
Math_5E8_Sub !Lesser of [(r4 * r5) / r6] and 0xFFFFFFFF -> r0
Math_68A_Sub !([(r4 * r5) / r6] + 1/2) -> r0
Math_6A2_Sub !([(r4 * r5) / r6] + 1/2) -> r0
Math_752_Sub !Lesser of [(r4 * r5) / 128] and 0xFFFF
Math_762_Sub !Lesser of ([(r4 * r5) / 128] + 1/2) and 0xFFFF -> r0
Math_780_Sub !Lesser of [(r4 * r5) / 128] and 0xFFFFFFFF -> r0, r5 is word length, r4 can be long word
Math_7A6_Sub !Lesser of [(r4 * r5) / 128] and 0xFFFFFFFF -> r0
Math_7D0_Sub !Lesser of [(r4 * r5) / 256] and 0xFFFF -> r0
Math_7E6_Sub !Lesser of [(r4 * r5) / 256] and 0xFFFFFFFF -> r0
Math_804_Sub !Lesser of ([(r4 * r5) / 256] +1/2) and 0xFFFF -> r0
Math_864_Sub !(r4 / 256) -> r0
Math_86A_Sub !(r4 / 65536) -> r0
Math_870_Sub !(r4 * 256) -> r0
Math_87C_Sub
Math_898_Sub !Lesser of (MSW of r4) and (0xFFFF) -> r0
Math_8B8_Sub !inv(byte(r4))|byte(r4) -> r0 (word length value is result)
Math_8C4_Sub !Lesser of (r4 / r5) and 0xFFFF -> r0
Math_902_Sub !Lesser of (r4 / r5) and 0xFFFF -> r0
Math_9B0_Sub !Lesser of [(r4 / r5) + 1/2] and 0xFFFF -> r0
Math_9F2_Sub !lesser of [(r4 / r5) + 1/2] and 0xFFFF -> r0
Math_9FA_Sub !Lesser of [(r4 / r5) + 1/2) and 0xFFFF -> r0
Math_AB8_Sub !Lesser of ([(r4*r6) + [r5*(256-r6)]]/256) and 0xFFFF -> r0
Math_AE0_Sub !Lesser of [(r4*r6) + [r5*(256-r6)]]/256 and 0xFFFFFFFF -> r0
Math_B16_Sub ! Lesser of [r4*r6 + r5*(255-r6)]/255 and 0x???? -> r0, This is a sub to interpolate between r4 and r5 using r6
Math_C28_Sub !Table Interpolation Sub
Math_CC6_Sub !Axis Interpolation Sub
Math_D7A_Sub !Linear Interpolation of r4 and r5 using r6 as the scalar, results -> r0
Math_DC6_Sub !byte [@{(lowest 3 bits of FFFF6BC0) + r4}] -> r0
Math_DE0_Sub ! Interpolation using MAP Index Sub, sub_C28 of [(shll2 of lowest 3 bits in MAPIndex_MUT34) + (r4)] -> r0
Math_DF6_Sub !map switch subroutine for long length values, determines which map is used from MAPIndex_MUT34, r4 is base address for map switch address array, r0 output is looked up address of the map to use
Math_ED8_Sub !Lesser of r4*r5 and 0xFFFF -> r0
Math_EEE_Sub !Lesser of r4*r5 and 0xFFFF -> r0
Math_EF7_Sub !Lesser of r4*r5 and 0xFFFFFFFF -> r0
Math_F0C_Sub !if r4>r5, then r0=r4-r5 else r0=0
Math_F12_Sub !greater of r4-r5 and #0 -> r0
Your break down has helped a ton on this steep learning curve. I appreciate you letting me get it from you.
Something else that would be killer for us beginners is the names of the known RAM variables. MRFred has done it on the IX ROM, but I don't know if there is one out there for the VIII. I've got a pretty heavily labeled 96530006. I don't have anything with them listed individually, but if some others interested in learning would be interested in it, I could build one up over then next week or two. Being able to see a variable name instead of 0xFFFFXXXX every where makes things a LOT easier to understand.
The bit arrays (or flags) are little bastards since a single RAM address can control 16 different things.
Something else that would be killer for us beginners is the names of the known RAM variables. MRFred has done it on the IX ROM, but I don't know if there is one out there for the VIII. I've got a pretty heavily labeled 96530006. I don't have anything with them listed individually, but if some others interested in learning would be interested in it, I could build one up over then next week or two. Being able to see a variable name instead of 0xFFFFXXXX every where makes things a LOT easier to understand.
The bit arrays (or flags) are little bastards since a single RAM address can control 16 different things.
Newbie
Joined: Mar 2008
Posts: 3
Likes: 0
From: Seattle, WA
If there's an open-source (or just well-documented) logger for the Evo, you may be able to figure out quite a few RAM variables that way. It certainly gave me a big head-start in reverse-engineering my Subaru's ROM. After finding the code that produces logger parameters, it's usually pretty straightforward to see where the underlying variables live in RAM, and then follow references around to where they get used. But of course this only works if you have logger information to start from. Do you?
<== Evo-curious Subaru owner
<== Evo-curious Subaru owner
EvoM Guru
iTrader: (50)
Joined: Mar 2006
Posts: 9,675
Likes: 132
From: Tri-Cities, WA // Portland, OR
Thread
Thread Starter
Forum
Replies
Last Post
jcsbanks
ECU Flash
9
Apr 23, 2009 07:25 AM
