I was running an older version of REC (1.6a) in batch mode and only looking at the decompiled C code. Anyhow, in intereactive mode, I now see it disassembling almost identically to objdump-mips. I originally thought it was garbage, because the below C routine didn't make sense to me. /* Procedure: 0x800035A0 - 0x800035DB * Argument size: 0 * Local size: 0 * Save regs size: 0 */ L800035A0() { /* unknown */ void Vfffffff0; /* unknown */ void Vfffffff4; /* unknown */ void Vfffffff8; r29 = r29 + -32; Vfffffff8 = r31; Vfffffff0 = 0x140; Vfffffff4 = 0xf0; r5 = 0x80118404; r4 = 0; r6 = 0; r7 = 0; r2 = L800261CC(); r31 = Vfffffff8; r29 = r29 + 0x20; } If you're going to get the compiler, might as well get ThreadX and FileX, too. Could playing with latter help understand the partition issues? Express Logic's downloadable tx_api.h has the "tx_" function signatures and structures, which is somewhat helpful. P.S. Here's a MIPS R3000 Instruction Set Summary. Too bad this isn't 80x86 or MC680x0.

I know I can just comment out the #warning in sections.c and simmip.c, or ignore the warning when compiling, but I'm not really happy with that solution. I've tried searching google and a few other search engines, but havn't been able to get any answers there either. Is #warning proper syntax for a Mac, or does it also give a compile error?

#warning statements are just that ... a warning instructing "builders" of a potential problem. In this case the #warning were added by morcheeba as a reminder to look at this later on. You can safely ignore them.

Nope, #warning handled by the C-preprocessor. Others include #error, #pragma and the usual #ifdef, #if, #else, #endif, et.al.

Looking at the output from dismipper (compiled on Fedora), I see this at the start : dismipper -- a MIPS re-disassembler Copyright (C)2005 John Maushammer - http://www.maushammer.com/ Headers read: 12 sections, 15637 kB allocated. (firmware size 0x145c9c, 1303 kB) Pass zero: Reading data... done. (bytes read = 0x12e20c) Pass one: tracing program execution Attempted to trace execution to address 7fffffff - not a multiple of 4 Warning - bad entry point in firmware.comments: entry=0x80000180,".exception" // .exception Attempted to trace execution to address 7fffffff - not a multiple of 4 Warning - bad entry point in firmware.comments: entry=0x80000600,".boot" // .boot <... lots more where that come from, finally getting to :> Warning - bad function address in firmware.comments: function=0x800311d0, "set lsb of status-word-1 to register a0" Warning - bad function address in firmware.comments: function=0x800311f0, "OR msb of status-word-1 with register a0" Warning - bad function address in firmware.comments: function=0x80031214, "if (a1 != 1) {status-word-2 |= ~a0} else {status-word-2 &= a0}"Pass two: dumping output " "firmware.o: file format elf32-littlemips " "Sections: "Idx Name Size VMA LMA File off Algn " 0 .spc0 00000210 bfc08000 bfc08000 00138fec 2**2 " CONTENTS, ALLOC, LOAD, CODE " 1 .spc1 00000000 bfc09000 bfc09000 001391fc 2**0 " CONTENTS " 2 .spc2 00000000 bfc09400 bfc09400 001391fc 2**0 " CONTENTS " 3 .spc3 00000000 bfc09800 bfc09800 001391fc 2**0 " CONTENTS " 4 .spd0 00000000 90008000 90008000 001391fc 2**0 " CONTENTS " 5 .spd1 00000000 90009000 90009000 001391fc 2**0 " CONTENTS " 6 .spd2 00000000 90009400 90009400 001391fc 2**0 " CONTENTS " 7 .spd3 00000400 90009800 90009800 00138bec 2**2 " CONTENTS, ALLOC, LOAD, DATA " 8 .exception 0000013c 80000180 80000180 000000d4 2**0 " CONTENTS, ALLOC, LOAD, READONLY, CODE " 9 .boot 00000040 80000600 80000600 00000220 2**2 " CONTENTS, ALLOC, LOAD, READONLY, CODE " 10 .text 0012dfc0 80000640 80000640 00000260 2**5 " CONTENTS, ALLOC, LOAD, READONLY, CODE " 11 __ex_table 00000010 8012e600 8012e600 0012e220 2**2 " CONTENTS, ALLOC, LOAD, READONLY, DATA " 12 .scratch 0000011c 8012e610 8012e610 0012e230 2**2 " CONTENTS, ALLOC, LOAD, READONLY, CODE " 13 .scratchpad3 00000070 8012e72c 8012e72c 0012e34c 2**0 " CONTENTS, ALLOC, LOAD, READONLY, CODE " 14 .data 0000a808 8012e7a0 8012e7a0 0012e3c0 2**3 " CONTENTS, ALLOC, LOAD, DATA " 15 .data1 00000018 80138fa8 80138fa8 00138bc8 2**2 " CONTENTS, ALLOC, LOAD, DATA " 16 .sbss 000005c4 80138fc0 80138fc0 00138be0 2**2 " ALLOC " 17 .bss 0000c5d0 80139590 80139590 00138bec 2**4 " ALLOC "Disassembly of section .spc0: " "bfc08000 <.spc0>: " ... bfc08028 ac850000 sw a1,0(a0) "...." " ... bfc08050 03e00008 jr ra "...." bfc08054 00000000 nop "...." bfc08058 27bdffd8 addiu sp,sp,-40 "...'" My question is : from looking at this, can anyone with "good" dissassemblies tell me if I've got things goofed up somewhere (e.g. a compiler directive) or that this actually makes sense? (I suspect the former ...) TIA Editted : this firmware image came via the OPS download memory command, run on a Windows version and then pulled over a network as firmware.o

Hmm, would appear that the sscanf function is busted or it's having trouble with the %i in Fedora. Here's the first part of mine: dismipper -- a MIPS re-disassembler Copyright (C)2005 John Maushammer - http://www.maushammer.com/ Headers read: 12 sections, 15637 kB allocated. (firmware size 0x145c9c, 1303 kB) Pass zero: Reading data... done. (bytes read = 0x1363d0) Pass one: tracing program execution Warning - bad var address in firmware.comments: var=0xb0010170,"UART write register?" exploring 874 entry points (0 instructions disassembled, 0% of code).

Did you make changes to the sscanf or %i lines and if so, can you pm/post what you did? Or any other advice!

Nope. Look at a couple of posts above; the one from zapped quoted what I did and the two files I had to change to work under cygwin.

That's what I thought, so those were the steps and files I used, albeit under Fedora (so no -mno-cygwin).

FWIW, I got dismipper to compile on Windows using the free Borland compiler. After adding the following defines #define strtoll(a,b,c) strtoul(a,b,c) #define strncasecmp(a,b,c) strnicmp(a,b,c) in the relevant places, the following has seemed to work bcc32 -WC -edismipper *.c (The firmware.hd file had been processed on a Linux box and transferred over ) Now to get the same output on Fedora ...