Reset Vector and program start location

**Casey** · 05-19-2003

I was PM'ed with a question about this, so I thought it might make a good post.

The intital reset vector for the 68332 is at 0x004
From there you will find the processor setup routine and other various checks. After that, there will be and indexed JSR to the main program.

All of this information is in the support PDF's from Motorola. You can find all of the CPU's setup registers.
But if you are like me, who want's to read all of that boring stuff ;D

Here is a sample from the 0937557 Bin.

Reset Vector

Code:

ROM:00000000         dc.l $FFB000      ; Intitial Stack Pointer
ROM:00000004 dword_4:    dc.l $500        ; DATA XREF: ROM:0004CE60o
ROM:00000004                     ; ROM:0004CECCo ...
ROM:00000004                     ; Reset Vector

Code:

ROM:00000500 ResetStart_500:             ; CODE XREF: Stop_6EC+6j
ROM:00000500         suba.l a6,a6
ROM:00000502         move.l #-$6000,d0
ROM:00000508         move.l d0,d1
ROM:0000050A         move.l d0,(dword_FFFFFB84).w
ROM:0000050E         move.l #$200,d0
ROM:00000514         move.w d0,(word_FFFFFB80).w
ROM:00000518         movea.l #0,a0
ROM:0000051E         movec  a0,vbr
ROM:00000522         move.b (byte_3C2F).w,(d1.l)
ROM:00000528         move.b (byte_3C30).w,(d1.l)
ROM:0000052E         jsr   (ProcessorSetup_1410).l
ROM:00000534         jsr   (sub_F1A).l
ROM:0000053A         jsr   sub_10854
ROM:00000540         tst.w  (word_3240).l
ROM:00000546         beq.s  loc_54E
ROM:00000548         jsr   sub_678E4
ROM:0000054E 
ROM:0000054E loc_54E:                ; CODE XREF: ResetStart_500+46j
ROM:0000054E         movea.l (Start_Of_Routine_323C).l,a2
ROM:00000554         jsr   (a2)
ROM:00000556         stop  #$2700
ROM:00000556 ; End of function ResetStart_500

Line 0x54E tell the CPU to load the address from
0x323C into Address register A2.

0x323C Dc.l $120A2 (longword)

From there it's just a jump subroutine away to the
major loops at $120A2.

The only glitch with IDA is it call addresses FFFFFB84 instead of FFFB84. I have no idea why. Ida thinks we are in extended ram, not the TPU Ram.

So when it comes time to create the Regbase, or Ram, it's going to be a LOT further away than it should be.

You can still determine the correct address. Just leave off a few FF's when you try to find something in BDM mode.

I have tried every possible combination to get it to display the correct range without any luck.

If you know, please tell me.

Happy hunting!

**Chris@HPTuners** · 07-03-2003

okay so i've abandoned the idea of my own disassembler now (i think i've lost at least 6 months off my life expectancy >

I have IDA now and started on a couple of bins.

I too was confused about the extra $FF IDA seems to throw in on those addresses. Searching thru the indexed calls is very tedious work.

**sean** · 07-04-2003

what is IDA where can a i get a copy and how do i use it. also what sort of buffer and speed requirements does the odb2 flash interface need hardware wise ? i was thinking about using a 68332 MCU as a rs232 to vpw interface. i know it can handle the 4x communications.

**Keith@HPTuners** · 07-04-2003

Wow, I don't even remember this post. I will have to look into this more later.

IDA is Interactive Disassembler.
http://www.datarescue.com/idabase/

download the demo here:
http://www.datarescue.com/idabase/ida4down.htm

IDA standard costs $400.

**Keith@HPTuners** · 08-06-2003

So you find the loc at x004 and go to that loc and start to disassemble.

Then you find the:
movea.l (Start_Of_Routine_323C).l,a2
location and go there do diassemble.

Are there any more branches where you must go manually to disassemble?

**Chris@HPTuners** · 08-07-2003

Originally Posted by Magnus

So you find the loc at x004 and go to that loc and start to disassemble.

Then you find the:
movea.l (Start_Of_Routine_323C).l,a2
location and go there do diassemble.

Are there any more branches where you must go manually to disassemble?

many, many many, many

just do a search for jmp (a2) and you'll see what i mean. indexed jumps within subs and also to long code locs. at the end of the bin 7Cxxx'ish there are heaps of jump vector tables.

**Casey** · 08-09-2003

Originally Posted by Magnus

So you find the loc at x004 and go to that loc and start to disassemble.

Then you find the:
movea.l (Start_Of_Routine_323C).l,a2
location and go there do diassemble.

Are there any more branches where you must go manually to disassemble?

Tons of them. IDA stops disassembling anything after an RTS (return from sub).

A lot of the subroutines are indexed and called by the loop counter x the base address. Thats what a lot of the jump tables are.

The rest of the index tables belong to things like "table Vs Mode, Gear, Event etc.

Thread: Reset Vector and program start location

Thread Tools

Reset Vector and program start location

Re: Reset Vector and program start location

Re: Reset Vector and program start location

Re: Reset Vector and program start location

Re: Reset Vector and program start location

Re: Reset Vector and program start location

Re: Reset Vector and program start location