- Mon Oct 06, 2014 6:22 am
#1285
I have a question that maybe jcmvbkbc (or someone else) can shed some light on. Last night i was poking around with directly accessing the registers that set/read the GPIO pins. As you may have noticed, there is an IDA plugin linked to at
viewtopic.php?f=13&t=214#p1247 that allows to load Xtensa binary files for that core into IDA Pro.
Now, in the eagle_soc.h include file, the base address to the GPIO registers is given as 0x6000.0300, and indeed, using the registers in that range (0x6000.0304, 0x6000.0308, 0x6000.0310 and 0x6000.0314) that allows direct access. However, putting the dump of the internal ROM into IDA, and looking at the disassembly for the "gpio_output_set" function, gives this code:
Code: Select allROM:40004CD0 gpio_output_set: ; CODE XREF: gpio_init+26p
ROM:40004CD0 ; gpio_intr_test+17p ...
ROM:40004CD0 l32r a6, dword_40000FC4
ROM:40004CD3 memw
ROM:40004CD6 s32i a2, a6, 4
ROM:40004CD9 memw
ROM:40004CDC s32i a3, a6, 8
ROM:40004CDF memw
ROM:40004CE2 s32i a4, a6, 0x10
ROM:40004CE5 memw
ROM:40004CE8 s32i a5, a6, 0x14
ROM:40004CEB ret.n
ROM:40004CEB ; End of function gpio_output_set
The value at dword_40000FC4 is 0x6000.0200. Strange thing is that calling this function works as expected, while accessing the registers in that range (which would end up as 0x6000.0204, 0x6000.0208, 0x6000.0210 and 0x6000.0214, if i am reading the code right) causes an exception.
What am i missing here? Is there something else going on that will add an offset of 0x100 to end up at the right address? Or does the plugin interpret a few things wrongly? The stored dword in the ROM for the base is really 0x6000.0200, i double cheecked.
Greetings,
Chris