The inbuilt disassembler runs in two modes, either “onepass” mode where it starts at the top of the component and tries to disassemble the code sequentially and “smart” (the default) where it uses the library header information to identify entry points, code data and library structures.<\/p>\n\n\n\n
One pass mode (add “onepass” to the command) is dumb, but will attempt to disassemble everything, this is useful to find entry points or where you have mostly code and very little data, the “findopcode” command uses this method to search for opcodes, but as you may expect, it will think data is code and give false results.<\/p>\n\n\n\n
CapCLI> missassemble 19 onepass<\/strong>\nMissAssembling misc 37.1 (8.1.91)\nROMBase 00f80000\nCurrent allocation (0xFBFE88-0xfbff38) potential maximum allocation (0xFBFE88-0xfbff38)\nFBFE88 ROMTAG $FBFE88 ENDSKIP:$FBFF38 FLAGS:01 VERSION:25 TYPE:08 PRI:46 NAME:$FBFEA2 IDSTRING:$FBFEB0 INIT:$FBFEC8\nNAME:\nFBFEA2 \"misc.resource\\0\"\nIDSTRING:\nFBFEB0 \"misc 37.1 (8.1.91)\\r\\n\\0\\0\"\nFBFEC6 ORI.B #$2F0A,D0\nMissassember miss, reseting position:\nINIT:\nFBFEC8 MOVE.L A2,-(SP)\nFBFECA LEA FBFF30(PC),A0\nFBFECE LEA FBFEE8(PC),A1\nFBFED2 SUBA.L A2,A2\nFBFED4 MOVEQ #32,D0\nFBFED6 JSR FFAC(A6)\nFBFEDA TST.L D0\nFBFEDC BEQ FBFEE4\nFBFEDE MOVEA.L D0,A1\nFBFEE0 JSR FE1A(A6)\nFBFEE4 MOVEA.L (SP)+,A2\nFBFEE6 RTS\nFBFEE8 (unknown a008)\nFBFEEA BTST #800A,D0\nFBFEEE ORI.? #$?,62ABE936([X:FEA2]A7)\nFBFEF2 (unknown a00e)\nFBFEF4 ADDI.B #$9014,D0\nFBFEF8 ORI.B #$9016,-(A5)\nFBFEFC ORI.B #$0,D1\nFBFF00 MOVEA.L 4,A0\nFBFF04 EXG A6,A0\nFBFF06 LSL.W #2,D0\nFBFF08 MOVE.W D0,D1\nFBFF0A ADDQ.B #1,127(A6)\nFBFF0E MOVE.L [X:1022]0022(A0,[X:1022]D1),D0\nFBFF12 BNE FBFF18\nFBFF14 MOVE.L A1,[X:1022]0022(A1,[X:1022]D1)\nFBFF18 MOVE.L A6,-(SP)\nFBFF1A MOVEA.L 4,A6\nFBFF1E JSR FF76(A6)\nFBFF22 MOVEA.L (SP)+,A6\nFBFF24 EXG A6,A0\nFBFF26 RTS\nFBFF28 LSL.W #2,D0\nFBFF2A CLR.L [X:0022]0022(A6,[X:0022]D0)\nFBFF2E RTS\nFBFF30 (unknown ffffFFD0) 68881\/68882?\nFBFF34 (unknown fff8FFFF) 68881\/68882?<\/code><\/pre>\n\n\n\nSmart Mode<\/h2>\n\n\n\n
Smart mode (the default) is really clean but depends on finding all the code from the identified entry points, so if the code sets up jump tables or jumps into code from calculated positions then it can miss vast chunks of code that it thinks is data – you can change this behavior using hints to get more complete output at a ROM or library level.<\/p>\n\n\n\n
CapCLI> missassemble 19\nROM 0 ROMBase F80000\nMissassembling misc 37.1 (8.1.91)\nFound 1 initial entry points\nNo misassembler hints for ROM with CRC32 0x1483a091\nFBFE88 0x4AFC ;RT_MATCHWORD\nFBFE8A 0xFBFE88 ;RT_MATCHTAG\nFBFE8E 0xFBFF38 ;RT_ENDSKIP\nFBFE92 0x01 ;RT_FLAGS COLDSTART\nFBFE93 0x25 ;RT_VERSION\nFBFE94 0x08 ;RT_TYPE\nFBFE95 0x46 ;RT_PRI\nFBFE96 0xFBFEA2 ;RT_NAME\nFBFE9A 0xFBFEB0 ;RT_IDSTRING\nFBFE9E 0xFBFEC8 ;RT_INIT\nRT_NAME\nFBFEA2 \"misc.resource\\0\"\nRT_IDSTRING\nFBFEB0 \"misc 37.1 (8.1.91)\\r\\n\\0\"\nFBFEC5 00 00 00 \u2026\nRT_INIT\nFBFEC8 MOVE.L A2,-(SP)\nFBFECA LEA FBFF30(PC),A0\nFBFECE LEA FBFEE8(PC),A1\nFBFED2 SUBA.L A2,A2\nFBFED4 MOVEQ #32,D0\nFBFED6 JSR FFAC(A6) ; Complex relative branch or jump\nFBFEDA TST.L D0\nFBFEDC BEQ FBFEE4\nFBFEDE MOVEA.L D0,A1\nFBFEE0 JSR FE1A(A6) ; Complex relative branch or jump\nFBFEE4 MOVEA.L (SP)+,A2\nFBFEE6 RTS\nFBFEE8 A0 08 08 00 80 0A 00 FB FE A2 A0 0E 06 00 90 14 ................\nFBFEF8 00 25 90 16 00 01 00 00 20 78 00 04 C1 4E E5 48 .%...... x...N.H\nFBFF08 32 00 52 2E 01 27 20 30 10 22 66 04 21 89 10 22 2.R..' 0.\"f.!..\"\nFBFF18 2F 0E 2C 78 00 04 4E AE FF 76 2C 5F C1 4E 4E 75 \/.,x..N..v,_.NNu\nFBFF28 E5 48 42 B6 00 22 4E 75 FF FF FF D0 FF F8 FF FF .HB..\"Nu........\nScanned 176 bytes, 32 code 144 data<\/code><\/pre>\n\n\n\nMissassembler Hints<\/h2>\n\n\n\n
If you want to tweak the smart missasembler with some “hints” these can be put in two places, the ROM based hints (absolute ROM addresses) and permanent component based ones (relative to the library, no matter where they are loaded).<\/p>\n\n\n\n
# ROM based hints under \"Capitoline Hashes\/misshints.ini\"\n# Create a section with the CRC32 of the target ROM, e.g. [0x1f6187e3]\n# Add an ENTRYPOINT= line where you have code that hasn't been disassembled and is an entrypoint for the code\n# If the code has JSR\/JMP commands, these will also be added automatically as entrypoints\n# If there's a list of addresses that are also entrypoints, i.e. a jumptable, then use JUMPTABLE=<\/strong>\n\n[0x1f6187e3]\nENTRYPOINT=0xE5A94C\nJUMPTABLE=0xE59222\nJUMPTABLE=0xE5A010<\/code><\/pre>\n\n\n\n<\/p>\n\n\n\n
# Component based hints are stored in the hash file of the components, these allow you to add entrypoints and comments\n# For a complete worked example, have a look at the component hash for 0x34efa5ff.exec_33.192_(8_Oct_1986)\n# I added lots of entrypoints and comments (using Markus Wandel's page<\/a>)<\/strong>\n\nENTRYPOINT=<offset in the library>[,Comment]\nLABEL=<offset in the library>,0,0,Comment before code\nLABEL=<offset in the library>,B,1,Comment on the code (one single byte)\nLABEL=<offset in the library>,W,8,Comment on the code (eight two byte words)\nLABEL=<offset in the library>,L,2,Comment on the code (two four byte long word)\nLABEL=<offset in the library>,W,1,Comment on the code (one four byte word)\nLABEL=<offset in the library>,T,1,Comment on the code (text, read as a string)\n\n[missassembler]\nLABEL=0,0,0,Most label, comment and entrypoint information taken from http:\/\/wandel.ca\/homepage\/execdis\/exec_disassembly.txt\nLABEL=0,W,1,;256k ROMHEADER\nENTRYPOINT=2\nLABEL=2,0,0,;ROM Boot address\nLABEL=12,W,1,;Major version 33\nLABEL=14,W,1,;Minor version 180\nENTRYPOINT=490\nENTRYPOINT=538\nLABEL=722,W,2,;MemList\nLABEL=726,W,2,;ResourceList\nLABEL=730,W,2,;DeviceList\nLABEL=734,W,2,;LibList\nLABEL=738,W,2,;PortList\nLABEL=742,W,2,;TaskReady\nLABEL=746,W,2,;TaskWait\nLABEL=750,W,2,;IntrList\nLABEL=754,W,2,;SoftInts[0]\nLABEL=758,W,2,;SoftInts[1]\n...\nLABEL=1252,0,0,SCANTABLE\nLABEL=1252,A,2,;Scan normal Kickstart\nLABEL=1260,A,2,;Scan normal Kickstart\nLABEL=1268,A,2,;Scan expansion Kickstart\nLABEL=1276,A,1,;End of table\n\n...\nENTRYPOINT=11880,AttemptSemaphore()\nENTRYPOINT=11928,ObtainSemaphoreList()\nENTRYPOINT=12046,ReleaseSemaphoreList()\nENTRYPOINT=12068,AddSemaphore()\nENTRYPOINT=12080,RemSemaphore()\nENTRYPOINT=12084,FindSemaphore()\nENTRYPOINT=12096,CopyMemQuick()\nENTRYPOINT=12100,CopyMem()\nENTRYPOINT=12246,Alert()\n\n\n# The output will look something like this;<\/strong>\n\n Most label, comment and entrypoint information taken from http:\/\/wandel.ca\/homepage\/execdis\/exec_disassembly.txt\nFC0000 0x1111 ;256k ROMHEADER\nFC0002 JMP FC00D2 ;ROM Boot address\nFC0008 00 00 FF FF ....\nFC000C 0x0021 ;Major version 33\nFC000E 0x00B4 ;Minor version 180\nFC0010 00 21 00 C0 FF FF FF FF .!......\n RT_IDSTRING\nFC0018 \"exec 33.192 (8 Oct 1986)\\r\\n\\0\"\nFC0033 00 FF FF FF FF 0D 0A 0A 41 4D 49 47 41 20 52 4F ........AMIGA RO\nFC0043 4D 20 4F 70 65 72 61 74 69 6E 67 20 53 79 73 74 M Operating Syst\nFC0053 65 6D 20 61 6E 64 20 4C 69 62 72 61 72 69 65 73 em and Libraries\nFC0063 0D 0A 43 6F 70 79 72 69 67 68 74 20 28 43 29 20 ..Copyright (C)\nFC0073 31 39 38 35 2C 20 43 6F 6D 6D 6F 64 6F 72 65 2D 1985, Commodore-\nFC0083 41 6D 69 67 61 2C 20 49 6E 63 2E 0D 0A 41 6C 6C Amiga, Inc...All\nFC0093 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 Rights Reserved\nFC00A3 2E 0D 0A 00 00 .....\n RT_NAME\nFC00A8 \"exec.library\\0\"\nFC00B5 00 .\nFC00B6 0x4AFC ;RT_MATCHWORD\nFC00B8 0xFC00B6 ;RT_MATCHTAG\nFC00BC 0xFC323A ;RT_ENDSKIP\n...\n SCANTABLE\nFC04E4 0xFC0000 0x1000000 ;Scan normal Kickstart\nFC04EC 0xFC0000 0x1000000 ;Scan normal Kickstart\nFC04F4 0xF00000 0xF80000 ;Scan expansion Kickstart\nFC04FC 0xFFFFFFFF ;End of table\n\n...\nAttemptSemaphore()\nFC2E68 MOVEA.L 114(A6),A1\nFC2E6C ADDQ.B #1,127(A6)\nFC2E70 ADDQ.W #1,2C(A0)\nFC2E74 BEQ FC2E88\nFC2E76 CMPA.L 28(A0),A1\nFC2E7A BEQ FC2E8C\nFC2E7C SUBQ.W #1,2C(A0)\nFC2E80 JSR FF76(A6) ; Complex relative branch or jump\nFC2E84 MOVEQ #0,D0\nFC2E86 BRA FC2E96\nFC2E88 MOVE.L A1,28(A0)\nFC2E8C ADDQ.W #1,E(A0)\nFC2E90 JSR FF76(A6) ; Complex relative branch or jump\nFC2E94 MOVEQ #1,D0\nFC2E96 RTS\nObtainSemaphoreList()\nFC2E98 MOVEM.L D2\/A2\/A3,-(SP)\nFC2E9C MOVEQ #0,D1<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"The inbuilt disassembler runs in two modes, either “onepass” mode where it starts at the top of the component and tries to disassemble the code sequentially and “smart” (the default) where it uses the library header information to identify entry points, code data and library structures. OnePass One pass mode (add “onepass” to the command) …<\/p>\n