DR_SHIFT = 0x81
RESETTAP = 0x82
RESETTARGET = 0x83
-GET_REGISTER = 0x87
-SET_REGISTER = 0x88
-DEBUG_INSTR = 0x89
+DR_SHIFT_MORE = 0x87
+GET_REGISTER = 0x8d
+SET_REGISTER = 0x8e
+DEBUG_INSTR = 0x8f
# Really ARM specific stuff
WAIT_DBG = 0x91
CHAIN0 = 0x93
ARM_READ_MEM = ARM_INSTR_LDR_R1_r0_4
ARM_INSTR_STR_R1_r0_4 = 0xe4801004L
ARM_WRITE_MEM = ARM_INSTR_STR_R1_r0_4
+ARM_INSTR_STRB_R1_r0_1 = 0xe4c01001L
+ARM_WRITE_MEM_BYTE = ARM_INSTR_STRB_R1_r0_1
ARM_INSTR_MRS_R0_CPSR = 0xe10f0000L
ARM_INSTR_MSR_cpsr_cxsf_R0 =0xe12ff000L
ARM_INSTR_STMIA_R14_r0_rx = 0xE88e0000L # add up to 65k to indicate which registers...
"""Move the FET into the JTAG ARM application."""
#print "Initializing ARM."
self.writecmd(0x13,SETUP,0,self.data)
- def getpc(self):
- return self.ARMgetPC()
def flash(self,file):
"""Flash an intel hex file to code memory."""
print "Flash not implemented.";
- def dump(self,file,start=0,stop=0xffff):
+ def dump(self,fn,start=0,stop=0xffffffff):
"""Dump an intel hex file from code memory."""
+
+ print "Dumping from %04x to %04x as %s." % (start,stop,f);
+ # FIXME: get mcu state and return it to that state
+ self.halt()
+
+ h = IntelHex(None);
+ i=start;
+ while i<=stop:
+ data=self.ARMreadChunk(i, 48, verbose=0);
+ print "Dumped %06x."%i;
+ for dword in data:
+ if i<=stop and dword != 0xdeadbeef:
+ h.puts( i, struct.pack("<I", dword) )
+ i+=4;
+ # FIXME: get mcu state and return it to that state
+ self.resume()
+ h.write_hex_file(fn);
+
print "Dump not implemented.";
def ARMshift_IR(self, IR, noretidle=0):
self.writecmd(0x13,IR_SHIFT,2, [IR, LSB|noretidle])
return self.data
def ARMshift_DR(self, data, bits, flags):
- self.writecmd(0x13,DR_SHIFT,8,[bits&0xff, flags&0xff, 0, 0, data&0xff,(data>>8)&0xff,(data>>16)&0xff,(data>>24)&0xff])
+ self.writecmd(0x13,DR_SHIFT,14,[bits&0xff, flags&0xff, 0, 0, data&0xff,(data>>8)&0xff,(data>>16)&0xff,(data>>24)&0xff, (data>>32)&0xff,(data>>40)&0xff,(data>>48)&0xff,(data>>56)&0xff,(data>>64)&0xff,(data>>72)&0xff])
+ return self.data
+ def ARMshift_DR_more(self, data, bits, flags):
+ self.writecmd(0x13,DR_SHIFT_MORE,14,[bits&0xff, flags&0xff, 0, 0, data&0xff,(data>>8)&0xff,(data>>16)&0xff,(data>>24)&0xff, (data>>32)&0xff,(data>>40)&0xff,(data>>48)&0xff,(data>>56)&0xff,(data>>64)&0xff,(data>>72)&0xff])
return self.data
def ARMwaitDBG(self, timeout=0xff):
self.current_dbgstate = self.ARMget_dbgstate()
def ARMgetPC(self):
"""Get an ARM's PC. Note: real PC gets all wonky in debug mode, this is the "saved" PC"""
return self.storedPC
+ getpc = ARMgetPC
def ARMsetPC(self, val):
"""Set an ARM's PC. Note: real PC gets all wonky in debug mode, this changes the "saved" PC which is used when exiting debug mode"""
self.storedPC = val
self.ARMset_register(15,self.storedPC&0xfffffffc)
print "CPSR: (%s) %s"%(self.ARMget_regCPSRstr())
halt = ARMhaltcpu
+
def ARMreleasecpu(self):
"""Resume the CPU."""
# restore registers FIXME: DO THIS
self.ARMsetModeARM()
# branch to the right address
self.ARMset_register(15, self.storedPC)
- print hex(self.storedPC)
- print hex(self.ARMget_register(15))
- print hex(self.ARMchain0(self.storedPC,self.flags)[0])
+ #print hex(self.storedPC)
+ #print hex(self.ARMget_register(15))
+ #print hex(self.ARMchain0(self.storedPC,self.flags)[0])
+ self.ARMchain0(self.storedPC,self.flags)
self.ARM_nop(0)
self.ARM_nop(1)
self.ARMdebuginstr(ARM_INSTR_B_IMM | 0xfffff0,0)
self.ARMdebuginstr(THUMB_INSTR_MOV_PC_R0,0)
self.ARM_nop(0)
self.ARM_nop(1)
- print hex(self.storedPC)
- print hex(self.ARMget_register(15))
+ #print hex(self.storedPC)
+ #print hex(self.ARMget_register(15))
print hex(self.ARMchain0(self.storedPC,self.flags)[0])
self.ARMdebuginstr(THUMB_INSTR_B_IMM | (0x7fc07fc),0)
self.ARM_nop(0)
self.ARMrestart()
-
resume = ARMreleasecpu
+
def resettap(self):
self.writecmd(0x13, RESETTAP, 0,[])
+
def ARMsetModeARM(self):
r0 = None
if ((self.current_dbgstate & DBG_TBIT)):
self.resettap()
self.current_dbgstate = self.ARMget_dbgstate();
return self.current_dbgstate
+
def ARMsetModeThumb(self): # needs serious work and truing
self.resettap()
debugstr("=== Switching to THUMB mode ===")
self.ARMset_register(0,r0)
self.current_dbgstate = self.ARMget_dbgstate();
return self.current_dbgstate
+
def ARMget_regCPSRstr(self):
psr = self.ARMget_regCPSR()
return hex(psr), PSRdecode(psr)
+
def ARMget_regCPSR(self):
"""Get an ARM's Register"""
r0 = self.ARMget_register(0)
retval = self.ARMget_register(0)
self.ARMset_register(0, r0)
return retval
+
def ARMset_regCPSR(self, val):
"""Get an ARM's Register"""
r0 = self.ARMget_register(0)
self.ARM_nop( 0) # push nop into pipeline - execute
self.ARMset_register(0, r0)
return(val)
+
def ARMreadMem(self, adr, wrdcount=1):
retval = []
r0 = self.ARMget_register(0); # store R0 and R1
self.ARM_nop(0)
self.ARMrestart()
self.ARMwaitDBG()
- print hex(self.ARMget_register(1))
+ #print hex(self.ARMget_register(1))
# FIXME: this may end up changing te current debug-state. should we compare to current_dbgstate?
#print repr(self.data[4])
self.ARMset_register(1, r1); # restore R0 and R1
self.ARMset_register(0, r0);
return retval
- def ARMreadChunk(self, adr, wordcount):
+
+ def ARMreadStream(self, addr, bytecount):
+ baseaddr = addr & 0xfffffffc
+ endaddr = ((addr + bytecount + 3) & 0xfffffffc)
+ diffstart = 4 - (addr - baseaddr)
+ diffend = 4 - (endaddr - (addr + bytecount ))
+
+
+ out = []
+ data = self.ARMreadChunk( baseaddr, ((endaddr-baseaddr) / 4) )
+ #print data, hex(baseaddr), hex(diffstart), hex(endaddr), hex(diffend)
+ if len(data) == 1:
+ #print "single dword"
+ out.append( struct.pack("<I", data.pop(0)) [4-diffstart:diffend] )
+ else:
+ #print "%d dwords" % len(data)
+ if diffstart:
+ out.append( struct.pack("<I", data.pop(0)) [4-diffstart:] )
+ bytecount -= (diffstart)
+ #print out
+
+ for ent in data[:-1]:
+ out.append( struct.pack("<I", data.pop(0) ) )
+ bytecount -= 4
+ #print out
+
+ if diffend and bytecount>0:
+ out.append( struct.pack("<I", data.pop(0)) [:diffend] )
+ #print out
+ return ''.join(out)
+ peek = ARMreadMem
+
+ def ARMreadChunk(self, adr, wordcount, verbose=True):
""" Only works in ARM mode currently
WARNING: Addresses must be word-aligned!
"""
output = []
count = wordcount
while (wordcount > 0):
- if (wordcount%64 == 0): sys.stderr.write(".")
+ if (verbose and wordcount%64 == 0): sys.stderr.write(".")
count = (wordcount, 0xe)[wordcount>0xd]
bitmask = LDM_BITMASKS[count]
self.ARMset_register(14,adr)
# FIXME: handle the rest of the wordcount here.
self.ARMset_registers(regs,0xe)
return output
- def ARMreadStream(self, adr, bytecount):
+
+ '''def ARMreadStream(self, adr, bytecount):
data = [struct.unpack("<L", x) for x in self.ARMreadChunk(adr, (bytecount-1/4)+1)]
return "".join(data)[:bytecount]
-
+ '''
def ARMwriteChunk(self, adr, wordarray):
""" Only works in ARM mode currently
WARNING: Addresses must be word-aligned!
adr += count*4
#print hex(adr)
# FIXME: handle the rest of the wordcount here.
- def ARMwriteMem(self, adr, wordarray):
+
+ def ARMwriteMem(self, adr, wordarray, instr=ARM_WRITE_MEM):
r0 = self.ARMget_register(0); # store R0 and R1
r1 = self.ARMget_register(1);
#print >>sys.stderr,("CPSR:\t%x"%self.ARMget_regCPSR())
self.ARMset_register(1, word); # write address into R0
self.ARM_nop(0)
self.ARM_nop(1)
- self.ARMdebuginstr(ARM_WRITE_MEM, 0); # push STR R1, [R0], #4 into instruction pipeline (autoincrements for consecutive writes)
+ self.ARMdebuginstr(instr, 0); # push STR R1, [R0], #4 into instruction pipeline (autoincrements for consecutive writes)
self.ARM_nop(0)
self.ARMrestart()
self.ARMwaitDBG()
- print >>sys.stderr,hex(self.ARMget_register(1))
+ #print >>sys.stderr,hex(self.ARMget_register(1))
self.ARMset_register(1, r1); # restore R0 and R1
self.ARMset_register(0, r0);
+
+ def ARMwriteStream(self, addr, datastr):
+ #bytecount = len(datastr)
+ #baseaddr = addr & 0xfffffffc
+ #diffstart = addr - baseaddr
+ #endaddr = ((addr + bytecount) & 0xfffffffc) + 4
+ #diffend = 4 - (endaddr - (addr+bytecount))
+ bytecount = len(datastr)
+ baseaddr = addr & 0xfffffffc
+ endaddr = ((addr + bytecount + 3) & 0xfffffffc)
+ diffstart = 4 - (addr - baseaddr)
+ diffend = 4 - (endaddr - (addr + bytecount ))
+
+ print hex(baseaddr), hex(diffstart), hex(endaddr), hex(diffend)
+ out = []
+ if diffstart:
+ dword = self.ARMreadChunk(baseaddr, 1)[0] & (0xffffffff>>(8*diffstart))
+ dst = "\x00" * (4-diffstart) + datastr[:diffstart]; print hex(dword), repr(dst)
+ datachk = struct.unpack("<I", dst)[0]
+ out.append( dword+datachk )
+ datastr = datastr[diffstart:]
+ bytecount -= diffstart
+ for ent in xrange(baseaddr+4, endaddr-4, 4):
+ print repr(datastr)
+ dword = struct.unpack("<I", datastr[:4])[0]
+ out.append( dword )
+ datastr = datastr[4:]
+ bytecount -= 4
+ if diffend and bytecount:
+ dword = self.ARMreadChunk(endaddr-4, 1)[0] & (0xffffffff<<(8*diffend))
+ dst = datastr + "\x00" * (4-diffend); print hex(dword), repr(dst)
+ datachk = struct.unpack("<I", dst)[0]
+ out.append( dword+datachk )
+ print repr([hex(x) for x in out])
+ return self.ARMwriteChunk(baseaddr, out)
+
+
+ def writeMemByte(self, adr, byte):
+ self.ARMwriteMem(adr, byte, ARM_WRITE_MEM_BYTE)
+
ARMstatusbits={
0x10 : "TBIT",
0x02 : "force dbgrq",
0x01 : "force dbgack"
}
- def ARMresettarget(self, delay=10):
+ def ARMresettarget(self, delay=1000):
return self.writecmd(0x13,RESETTARGET,2, [ delay&0xff, (delay>>8)&0xff ] )
+
def ARMchain0(self, address, bits=0x819684c054, data=0):
bulk = chop(address,4)
bulk.extend(chop(bits,8))
bulk.extend(chop(data,4))
- print >>sys.stderr,(repr(bulk))
+ #print >>sys.stderr,(repr(bulk))
self.writecmd(0x13,CHAIN0,16,bulk)
d1,b1,a1 = struct.unpack("<LQL",self.data)
return (a1,b1,d1)
+
def start(self):
"""Start debugging."""
self.writecmd(0x13,START,0,self.data)