Missasembler

The inbuilt disassembler runs in two modes, either “onepass” mode where it starts at the top of the component and tries to disassemble the code sequentially and “smart” (the default) where it uses the library header information to identify entry points, code data and library structures.

OnePass

One pass mode (add “onepass” to the command) is dumb, but will attempt to disassemble everything, this is useful to find entry points or where you have mostly code and very little data, the “findopcode” command uses this method to search for opcodes, but as you may expect, it will think data is code and give false results.

CapCLI> missassemble 19 onepass
MissAssembling misc 37.1 (8.1.91)
ROMBase 00f80000
Current allocation (0xFBFE88-0xfbff38) potential maximum allocation (0xFBFE88-0xfbff38)
FBFE88 ROMTAG $FBFE88 ENDSKIP:$FBFF38 FLAGS:01 VERSION:25 TYPE:08 PRI:46 NAME:$FBFEA2 IDSTRING:$FBFEB0 INIT:$FBFEC8
NAME:
FBFEA2 "misc.resource\0"
IDSTRING:
FBFEB0 "misc 37.1 (8.1.91)\r\n\0\0"
FBFEC6 ORI.B #$2F0A,D0
Missassember miss, reseting position:
INIT:
FBFEC8 MOVE.L A2,-(SP)
FBFECA LEA FBFF30(PC),A0
FBFECE LEA FBFEE8(PC),A1
FBFED2 SUBA.L A2,A2
FBFED4 MOVEQ #32,D0
FBFED6 JSR FFAC(A6)
FBFEDA TST.L D0
FBFEDC BEQ FBFEE4
FBFEDE MOVEA.L D0,A1
FBFEE0 JSR FE1A(A6)
FBFEE4 MOVEA.L (SP)+,A2
FBFEE6 RTS
FBFEE8 (unknown a008)
FBFEEA BTST #800A,D0
FBFEEE ORI.? #$?,62ABE936([X:FEA2]A7)
FBFEF2 (unknown a00e)
FBFEF4 ADDI.B #$9014,D0
FBFEF8 ORI.B #$9016,-(A5)
FBFEFC ORI.B #$0,D1
FBFF00 MOVEA.L 4,A0
FBFF04 EXG A6,A0
FBFF06 LSL.W #2,D0
FBFF08 MOVE.W D0,D1
FBFF0A ADDQ.B #1,127(A6)
FBFF0E MOVE.L [X:1022]0022(A0,[X:1022]D1),D0
FBFF12 BNE FBFF18
FBFF14 MOVE.L A1,[X:1022]0022(A1,[X:1022]D1)
FBFF18 MOVE.L A6,-(SP)
FBFF1A MOVEA.L 4,A6
FBFF1E JSR FF76(A6)
FBFF22 MOVEA.L (SP)+,A6
FBFF24 EXG A6,A0
FBFF26 RTS
FBFF28 LSL.W #2,D0
FBFF2A CLR.L [X:0022]0022(A6,[X:0022]D0)
FBFF2E RTS
FBFF30 (unknown ffffFFD0) 68881/68882?
FBFF34 (unknown fff8FFFF) 68881/68882?

Smart Mode

Smart mode (the default) is really clean but depends on finding all the code from the identified entry points, so if the code sets up jump tables or jumps into code from calculated positions then it can miss vast chunks of code that it thinks is data – you can change this behavior using hints to get more complete output at a ROM or library level.

CapCLI> missassemble 19
ROM 0 ROMBase F80000
Missassembling misc 37.1 (8.1.91)
Found 1 initial entry points
No misassembler hints for ROM with CRC32 0x1483a091
FBFE88 0x4AFC ;RT_MATCHWORD
FBFE8A 0xFBFE88 ;RT_MATCHTAG
FBFE8E 0xFBFF38 ;RT_ENDSKIP
FBFE92 0x01 ;RT_FLAGS COLDSTART
FBFE93 0x25 ;RT_VERSION
FBFE94 0x08 ;RT_TYPE
FBFE95 0x46 ;RT_PRI
FBFE96 0xFBFEA2 ;RT_NAME
FBFE9A 0xFBFEB0 ;RT_IDSTRING
FBFE9E 0xFBFEC8 ;RT_INIT
RT_NAME
FBFEA2 "misc.resource\0"
RT_IDSTRING
FBFEB0 "misc 37.1 (8.1.91)\r\n\0"
FBFEC5 00 00 00 …
RT_INIT
FBFEC8 MOVE.L A2,-(SP)
FBFECA LEA FBFF30(PC),A0
FBFECE LEA FBFEE8(PC),A1
FBFED2 SUBA.L A2,A2
FBFED4 MOVEQ #32,D0
FBFED6 JSR FFAC(A6) ; Complex relative branch or jump
FBFEDA TST.L D0
FBFEDC BEQ FBFEE4
FBFEDE MOVEA.L D0,A1
FBFEE0 JSR FE1A(A6) ; Complex relative branch or jump
FBFEE4 MOVEA.L (SP)+,A2
FBFEE6 RTS
FBFEE8 A0 08 08 00 80 0A 00 FB FE A2 A0 0E 06 00 90 14 ................
FBFEF8 00 25 90 16 00 01 00 00 20 78 00 04 C1 4E E5 48 .%...... x...N.H
FBFF08 32 00 52 2E 01 27 20 30 10 22 66 04 21 89 10 22 2.R..' 0."f.!.."
FBFF18 2F 0E 2C 78 00 04 4E AE FF 76 2C 5F C1 4E 4E 75 /.,x..N..v,_.NNu
FBFF28 E5 48 42 B6 00 22 4E 75 FF FF FF D0 FF F8 FF FF .HB.."Nu........
Scanned 176 bytes, 32 code 144 data

Missassembler Hints

If you want to tweak the smart missasembler with some “hints” these can be put in two places, the ROM based hints (absolute ROM addresses) and permanent component based ones (relative to the library, no matter where they are loaded).

# ROM based hints under "Capitoline Hashes/misshints.ini"
# Create a section with the CRC32 of the target ROM, e.g. [0x1f6187e3]
# Add an ENTRYPOINT= line where you have code that hasn't been disassembled and is an entrypoint for the code
# If the code has JSR/JMP commands, these will also be added automatically as entrypoints
# If there's a list of addresses that are also entrypoints, i.e. a jumptable, then use JUMPTABLE=

[0x1f6187e3]
ENTRYPOINT=0xE5A94C
JUMPTABLE=0xE59222
JUMPTABLE=0xE5A010

# Component based hints are stored in the hash file of the components, these allow you to add entrypoints and comments
# For a complete worked example, have a look at the component hash for 0x34efa5ff.exec_33.192_(8_Oct_1986)
# I added lots of entrypoints and comments (using Markus Wandel's page)

ENTRYPOINT=<offset in the library>[,Comment]
LABEL=<offset in the library>,0,0,Comment before code
LABEL=<offset in the library>,B,1,Comment on the code (one single byte)
LABEL=<offset in the library>,W,8,Comment on the code (eight two byte words)
LABEL=<offset in the library>,L,2,Comment on the code (two four byte long word)
LABEL=<offset in the library>,W,1,Comment on the code (one four byte word)
LABEL=<offset in the library>,T,1,Comment on the code (text, read as a string)

[missassembler]
LABEL=0,0,0,Most label, comment and entrypoint information taken from http://wandel.ca/homepage/execdis/exec_disassembly.txt
LABEL=0,W,1,;256k ROMHEADER
ENTRYPOINT=2
LABEL=2,0,0,;ROM Boot address
LABEL=12,W,1,;Major version 33
LABEL=14,W,1,;Minor version 180
ENTRYPOINT=490
ENTRYPOINT=538
LABEL=722,W,2,;MemList
LABEL=726,W,2,;ResourceList
LABEL=730,W,2,;DeviceList
LABEL=734,W,2,;LibList
LABEL=738,W,2,;PortList
LABEL=742,W,2,;TaskReady
LABEL=746,W,2,;TaskWait
LABEL=750,W,2,;IntrList
LABEL=754,W,2,;SoftInts[0]
LABEL=758,W,2,;SoftInts[1]
...
LABEL=1252,0,0,SCANTABLE
LABEL=1252,A,2,;Scan normal Kickstart
LABEL=1260,A,2,;Scan normal Kickstart
LABEL=1268,A,2,;Scan expansion Kickstart
LABEL=1276,A,1,;End of table

...
ENTRYPOINT=11880,AttemptSemaphore()
ENTRYPOINT=11928,ObtainSemaphoreList()
ENTRYPOINT=12046,ReleaseSemaphoreList()
ENTRYPOINT=12068,AddSemaphore()
ENTRYPOINT=12080,RemSemaphore()
ENTRYPOINT=12084,FindSemaphore()
ENTRYPOINT=12096,CopyMemQuick()
ENTRYPOINT=12100,CopyMem()
ENTRYPOINT=12246,Alert()


# The output will look something like this;

 Most label, comment and entrypoint information taken from http://wandel.ca/homepage/execdis/exec_disassembly.txt
FC0000  0x1111 ;256k ROMHEADER
FC0002 JMP FC00D2               ;ROM Boot address
FC0008 00 00 FF FF                                        ....
FC000C  0x0021 ;Major version 33
FC000E  0x00B4 ;Minor version 180
FC0010 00 21 00 C0 FF FF FF FF                            .!......
 RT_IDSTRING
FC0018  "exec 33.192 (8 Oct 1986)\r\n\0"
FC0033 00 FF FF FF FF 0D 0A 0A 41 4D 49 47 41 20 52 4F    ........AMIGA RO
FC0043 4D 20 4F 70 65 72 61 74 69 6E 67 20 53 79 73 74    M Operating Syst
FC0053 65 6D 20 61 6E 64 20 4C 69 62 72 61 72 69 65 73    em and Libraries
FC0063 0D 0A 43 6F 70 79 72 69 67 68 74 20 28 43 29 20    ..Copyright (C)
FC0073 31 39 38 35 2C 20 43 6F 6D 6D 6F 64 6F 72 65 2D    1985, Commodore-
FC0083 41 6D 69 67 61 2C 20 49 6E 63 2E 0D 0A 41 6C 6C    Amiga, Inc...All
FC0093 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64     Rights Reserved
FC00A3 2E 0D 0A 00 00                                     .....
 RT_NAME
FC00A8  "exec.library\0"
FC00B5 00                                                 .
FC00B6  0x4AFC ;RT_MATCHWORD
FC00B8  0xFC00B6 ;RT_MATCHTAG
FC00BC  0xFC323A ;RT_ENDSKIP
...
 SCANTABLE
FC04E4  0xFC0000 0x1000000 ;Scan normal Kickstart
FC04EC  0xFC0000 0x1000000 ;Scan normal Kickstart
FC04F4  0xF00000 0xF80000 ;Scan expansion Kickstart
FC04FC  0xFFFFFFFF ;End of table

...
AttemptSemaphore()
FC2E68 MOVEA.L 114(A6),A1
FC2E6C ADDQ.B #1,127(A6)
FC2E70 ADDQ.W #1,2C(A0)
FC2E74 BEQ FC2E88
FC2E76 CMPA.L 28(A0),A1
FC2E7A BEQ FC2E8C
FC2E7C SUBQ.W #1,2C(A0)
FC2E80 JSR FF76(A6)             ; Complex relative branch or jump
FC2E84 MOVEQ #0,D0
FC2E86 BRA FC2E96
FC2E88 MOVE.L A1,28(A0)
FC2E8C ADDQ.W #1,E(A0)
FC2E90 JSR FF76(A6)             ; Complex relative branch or jump
FC2E94 MOVEQ #1,D0
FC2E96 RTS
ObtainSemaphoreList()
FC2E98 MOVEM.L D2/A2/A3,-(SP)
FC2E9C MOVEQ #0,D1
Scroll to Top