Firmware disassembly - how much can we share?
Guys, I'm making fairly good progress going through the firmware, and have been creating a new firmware.comments for the 6550/2B version I have. I'd like to post some questions about my discoveries, but I'm not sure how much detail I can put in, and stay within the guidelines. Any guidance from the moderators?

Well, I'm not a moderator, but how about you tell us all EVERYTHING you know, and then we'll tell you whether it was okay for you to have told us or not. :twisted: Ooops! Gotta run...I see Brite_eye coming this way... :)

I don't see any problem sharing the comments file. Also, I think more people have access to cameras with the 6550 firmware so this is great.

Sharing a file in the FIRMWARE.COMMENTS format is fine, but do so in it's own aptly-labeled thread so you don't spam any ongoing conversations. If you're planning on sharing raw disassembly with comments, don't do it. There's no hard and fast rule that says, for example, that 7 instructions are copyrightable, but 6 aren't. Love to see your progress - if you want my la-*test*-('") comments file mail me. It's basically the last posted one plus comments on the "flash-cap charging" routines. Oh yeah, I also cleaned up the "intro" comments a bit more.

I also added the RAW header offsets - I can add that to a thread. That info should get added to comments for most firmwares. Also, I can check FIRMWARE.COMMENTS files into SourceForge CVS. That way people can add comments when they check in their changes...

I'm about halfway through identifying entry points into the code right now (bank 3) It's a bit painstaking, as practically every bleepin' address is different from the 6410 FW. I'm following a few simple rules, and things are going smoothly, but it's still slow. Rule 1: Most boundaries are smooth (except, in this case, for the first one). Assemblers generally start at 0 and go from there. Rule 2: Variables are always at the top (before the code segment) You can generally tell a variable when the exact same numbers are used in the code segment somewhere (for example, $0234; STA R4, $0234 - odds are good that $0234 is NOT code, but instead a variable) Rule 3: Functions terminate at RTS or the last external JMP. (disv8 handles this for me.) RTS for sure, JMP's sometimes. If you see an RTS (e9), you can almost always rest assured that the next address (or next address + 2) is a new function. Rule 4: Try to eliminate unnecessary entry points - I try to let disv8 handle this, but there are a lot of computed goto's in this code. As such, there is a lot of apparently "dead" code that the disassembler never finds. Once you hit the primary entry points, the rest of the code just falls into place. It's finding those primary entry points that is nerve wracking... ;) I'm fairly confident in the method so far, as I am finding either identical, or very nearly identical code between the 6410 and 6550 FW.

Where exactly on SourceForge is the FIRMWARE.COMMENTS file?

Uh... nowhere. I never got around to checking it in there. So, download the disassembler from Morcheeba's site - it's there.

I was hoping for the updated one. Preferably one for the 6550.

Someone (radarman?) is working on that now. I don't believe he has made it available anywhere yet...

I'll post them on my website when I get a chance. I had to go back and redo the "core" and bank1 after a foulup with some FF2 firmware. I'm also working on my "ready to assemble" version of the 6550 FW. (I got further with the FF2). Right now, I can assemble my S records for the core and bank1, and the resulting file is bit for bit identical to the original. I'm not sure I can post this work, though.