Reset Vector and program start location

I was PM'ed with a question about this, so I thought it might make a good post.

The intital reset vector for the 68332 is at 0x004
From there you will find the processor setup routine and other various checks. After that, there will be and indexed JSR to the main program.

All of this information is in the support PDF's from Motorola. You can find all of the CPU's setup registers.
But if you are like me, who want's to read all of that boring stuff ;D

Here is a sample from the 0937557 Bin.


Reset Vector

Code:

---


ROM:00000000        dc.l $FFB000      ; Intitial Stack Pointer
ROM:00000004 dword_4:    dc.l $500        ; DATA XREF: ROM:0004CE60o
ROM:00000004                    ; ROM:0004CECCo ...
ROM:00000004                    ; Reset Vector

---

Code:

---

ROM:00000500 ResetStart_500:            ; CODE XREF: Stop_6EC+6j
ROM:00000500        suba.l a6,a6
ROM:00000502        move.l #-$6000,d0
ROM:00000508        move.l d0,d1
ROM:0000050A        move.l d0,(dword_FFFFFB84).w
ROM:0000050E        move.l #$200,d0
ROM:00000514        move.w d0,(word_FFFFFB80).w
ROM:00000518        movea.l #0,a0
ROM:0000051E        movec  a0,vbr
ROM:00000522        move.b (byte_3C2F).w,(d1.l)
ROM:00000528        move.b (byte_3C30).w,(d1.l)
ROM:0000052E        jsr  (ProcessorSetup_1410).l
ROM:00000534        jsr  (sub_F1A).l
ROM:0000053A        jsr  sub_10854
ROM:00000540        tst.w  (word_3240).l
ROM:00000546        beq.s  loc_54E
ROM:00000548        jsr  sub_678E4
ROM:0000054E
ROM:0000054E loc_54E:                ; CODE XREF: ResetStart_500+46j
ROM:0000054E        movea.l (Start_Of_Routine_323C).l,a2
ROM:00000554        jsr  (a2)
ROM:00000556        stop  #$2700
ROM:00000556 ; End of function ResetStart_500

---

Line 0x54E tell the CPU to load the address from
0x323C into Address register A2.

0x323C Dc.l $120A2 (longword)

From there it's just a jump subroutine away to the
major loops at $120A2.

The only glitch with IDA is it call addresses FFFFFB84 instead of FFFB84. I have no idea why. Ida thinks we are in extended ram, not the TPU Ram.

So when it comes time to create the Regbase, or Ram, it's going to be a LOT further away than it should be.

You can still determine the correct address. Just leave off a few FF's when you try to find something in BDM mode.


I have tried every possible combination to get it to display the correct range without any luck.

If you know, please tell me.


Happy hunting!

okay so i've abandoned the idea of my own disassembler now (i think i've lost at least 6 months off my life expectancy >:(

I have IDA now and started on a couple of bins.

I too was confused about the extra $FF IDA seems to throw in on those addresses. Searching thru the indexed calls is very tedious work.

what is IDA where can a i get a copy and how do i use it. also what sort of buffer and speed requirements does the odb2 flash interface need hardware wise ? i was thinking about using a 68332 MCU as a rs232 to vpw interface. i know it can handle the 4x communications.

Wow, I don't even remember this post. I will have to look into this more later.

IDA is Interactive Disassembler.
http://www.datarescue.com/idabase/

download the demo here:
http://www.datarescue.com/idabase/ida4down.htm

IDA standard costs $400.

So you find the loc at x004 and go to that loc and start to disassemble.

Then you find the:
movea.l (Start_Of_Routine_323C).l,a2
location and go there do diassemble.

Are there any more branches where you must go manually to disassemble?

Quote:

---

Originally Posted by Magnus

So you find the loc at x004 and go to that loc and start to disassemble.

Then you find the:
movea.l (Start_Of_Routine_323C).l,a2
location and go there do diassemble.

Are there any more branches where you must go manually to disassemble?

---

many, many many, many :o

just do a search for jmp (a2) and you'll see what i mean. indexed jumps within subs and also to long code locs. at the end of the bin 7Cxxx'ish there are heaps of jump vector tables.

Quote:

---

Originally Posted by Magnus

So you find the loc at x004 and go to that loc and start to disassemble.

Then you find the:
movea.l (Start_Of_Routine_323C).l,a2
location and go there do diassemble.

Are there any more branches where you must go manually to disassemble?

---

Tons of them. IDA stops disassembling anything after an RTS (return from sub).

A lot of the subroutines are indexed and called by the loop counter x the base address. Thats what a lot of the jump tables are.

The rest of the index tables belong to things like "table Vs Mode, Gear, Event etc.