+ return (self.data)
+ def ARM_nop(self, bkpt):
+ return self.ARMdebuginstr(ARM_INSTR_NOP, bkpt)
+ def ARMset_IR(self, IR, noretidle=0):
+ self.writecmd(0x13,SET_IR,2, [IR, LSB|noretidle])
+ return self.data
+ def ARMshiftDR(self, data, bits, flags):
+ self.writecmd(0x13,SHIFT_DR,8,[bits&0xff, flags&0xff, 0, 0, data&0xff,(data>>8)&0xff,(data>>16)&0xff,(data>>24)&0xff])
+ return self.data
+ def ARMwaitDBG(self, timeout=0xff):
+ self.writecmd(0x13,WAIT_DBG,2,[timeout&0xf,timeout>>8])
+ return self.data
+ def ARMrestart(self):
+ #self.ARMset_IR(ARM7TDMI_IR_BYPASS)
+ self.ARMset_IR(ARM7TDMI_IR_RESTART)
+ def ARMset_watchpoint0(self, addr, addrmask, data, datamask, ctrl, ctrlmask):
+ self.data = []
+ self.data.extend(chop(addr,4))
+ self.data.extend(chop(addrmask,4))
+ self.data.extend(chop(data,4))
+ self.data.extend(chop(datamask,4))
+ self.data.extend(chop(ctrl,4))
+ self.data.extend(chop(ctrlmask,4))
+ self.writecmd(0x13,SETWATCH0,24,self.data)
+ return self.data
+ def ARMset_watchpoint1(self, addr, addrmask, data, datamask, ctrl, ctrlmask):
+ self.data = []
+ self.data.extend(chop(addr,4))
+ self.data.extend(chop(addrmask,4))
+ self.data.extend(chop(data,4))
+ self.data.extend(chop(datamask,4))
+ self.data.extend(chop(ctrl,4))
+ self.data.extend(chop(ctrlmask,4))
+ self.writecmd(0x13,SETWATCH1,24,self.data)
+ return self.data
+ def ARMreadMem(self, adr, wrdcount):
+ retval = []
+ r0 = self.ARMget_register(0); # store R0 and R1
+ r1 = self.ARMget_register(1);
+ #print >>sys.stderr,("CPSR:\t%x"%self.ARMget_regCPSR())
+ for word in range(adr, adr+(wrdcount*4), 4):
+ sys.stdin.readline()
+ self.ARMset_register(0, word); # write address into R0
+ #time.sleep(1)
+ self.ARMset_register(1, 0xdeadbeef)
+ #time.sleep(1)
+ self.ARM_nop(0)
+ #time.sleep(1)
+ self.ARM_nop(1)
+ #time.sleep(1)
+ self.ARMdebuginstr(ARM_READ_MEM, 0); # push LDR R1, [R0], #4 into instruction pipeline (autoincrements for consecutive reads)
+ #time.sleep(1)
+ self.ARM_nop(0)
+ #time.sleep(1)
+ self.ARMrestart()
+ #time.sleep(1)
+ self.ARMwaitDBG()
+ #time.sleep(1)
+ print hex(self.ARMget_register(1))
+
+
+ # FIXME: this may end up changing te current debug-state. should we compare to current_dbgstate?
+ #print repr(self.data[4])
+ if (len(self.data)>4 and self.data[4] == '\x00'):
+ print >>sys.stderr,("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE")
+ raise Exception("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE")
+ return (-1);
+ else:
+ retval.append( self.ARMget_register(1) ) # read memory value from R1 register
+ #print >>sys.stderr,("CPSR: %x\t\tR0: %x\t\tR1: %x"%(self.ARMget_regCPSR(),self.ARMget_register(0),self.ARMget_register(1)))
+ self.ARMset_register(1, r1); # restore R0 and R1
+ self.ARMset_register(0, r0);
+ return retval
+
+ def ARMwriteMem(self, adr, wordarray):
+ r0 = self.ARMget_register(0); # store R0 and R1
+ r1 = self.ARMget_register(1);
+ #print >>sys.stderr,("CPSR:\t%x"%self.ARMget_regCPSR())
+ for word in xrange(adr, adr+len(string), 4):
+ self.ARMset_register(0, word); # write address into R0
+ self.ARM_nop(0)
+ self.ARM_nop(1)
+ self.ARMdebuginstr(ARM_WRITE_MEM, 0); # push STR R1, [R0], #4 into instruction pipeline (autoincrements for consecutive writes)
+ self.ARM_nop(0)
+ self.ARMrestart()
+ self.ARMwaitDBG()
+ print hex(self.ARMget_register(1))
+
+
+ # FIXME: this may end up changing te current debug-state. should we compare to current_dbgstate?
+ #print repr(self.data[4])
+ if (len(self.data)>4 and self.data[4] == '\x00'):
+ print >>sys.stderr,("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE")
+ raise Exception("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE")
+ return (-1);
+ else:
+ retval.append( self.ARMget_register(1) ) # read memory value from R1 register
+ #print >>sys.stderr,("CPSR: %x\t\tR0: %x\t\tR1: %x"%(self.ARMget_regCPSR(),self.ARMget_register(0),self.ARMget_register(1)))
+ self.ARMset_register(1, r1); # restore R0 and R1
+ self.ARMset_register(0, r0);
+ return retval
+
+ def ARMpeekcodewords(self,adr,words):