Skip to content

Latest commit

 

History

History
245 lines (187 loc) · 7.62 KB

README.md

File metadata and controls

245 lines (187 loc) · 7.62 KB

ST20Emu

ST20 Emulator, an arm-based mcu used in some 90's Set Top Box, this is an old project and now i think it's completely useless, but i've decided to put here the code that maybe can be useful to someone who wanna write a simple emulator. The code can be useful in writing virtual machines too. Feel free to grab, use and misuse anything you want from this source code. The Project was compiled under Win (Visual Studio Professional 2013) and Linux, and run without efforts. In the repo there is also a file called '6300.bin', the firmware of a very very very old STB i bought so many years ago that i don't exactly remember when. This emu came back directly from the dust of my archive, as you can see i wrote the last version in january 2012, after that the project was abandoned due to lack of time to dedicate to it. The instructions set manual is present too.

ST20 emulator V3.0

V2.0 March 15, 2002 V3.0 December 20, 2011 V3.1 December 31, 2011 V3.2 January 04, 2012

How to use

To start, type 'st20emu' in a DOS command window. At the '>' prompt, type

l 7ff80000 <filename>

where is the name of a file with ST20 instructions in it (e.g. a TSOP dump). If you forget to do this, you'll get lots of errors since the emulator won't have any ST20 instructions to emulate. Some settings are read from 'st20emu.ini' file, that must be in the same directory of the emulator. The content of this file is easily understandable and the commands are self-explanatory.

Now you can start issuing commands to the emulator

Emulator commands

Before going into the commands, here is a list of the parameters that the commands use.

refers to a 32 bit octal word.

refers to a 32 bit octal address refers to a TSOP dump filename is either a (A register) b (B register) c (C register) i (Iptr) is an octal number representing a valid Wptr index

Here are the commands...

The ENTER key executes next instruction

a Sets the A register to the specified value

b Sets the B register to the specified value

c Sets the C register to the specified value

db Search in the internal DB some info's about the specified register passed as arguments (hex number).

g Tells the emulator to run the emulation from the current address. The prompting for commands is shut off. Prompts will appear when a watch condition is met (see the 's' command) or when 1,000,000 instructions were executed without encountering a watch condition. You can't execute a 'g' command if no watches are set. During execution you can press the 'g' key to stop'em all :)

i Sets the Iptr register to the specified value

l

Loads the specified file into memory at starting at the specified address

load Loads a presaved ST20 state that was saved by the save command

omr show the contents of the 'Other Machine Registers', clock, some status registers, trap, interrupts and others.

q quits the emulator

s sets a watch condition. When the specified register is set to the specified value, a watch condition is triggered.

save Creates a directory with the specified name that contains a dump of the memory contents and the CPU state. The memory contents are dumped in 8K chunks. The .bin files are the memory contents. These can be loaded into a hex editor or into IDA for further processing. The .use files are flags indicating if a particular byte in memory has been defined or not. The cpu.bin file contains the CPU state.

v

views the word at the specified memory address

va

set the word at the specified address with the specified value.

vaa

views the number of words specified by the range parameter, starting from the specified address

ver show the content of the 'Enables' register, with descriptive labels for every bit set to 1.

vra "V"erbose "R"egister "A"ccess, set the correspondent flag for a verbose output when a devlb/sb devlw/sb instruction is executed. (only STi5518 regs are supported at moment).

w sets the workspace word at index to the specified value.

After a command is executed, the emulator will show

  • the contents of the A, B, C and Iptr registers
  • all of the allocated workspace words will also be shown
  • next, the address of the next command, the octal values of the bytes that comprise the command and the mnemonic of the next command will be displayed
  • finally, the command prompt ('>') will be displayed.

Here's an example of what you might see:

A=0x7fff0014 B=0xaaaaaaaa C=0xaaaaaaaa Iptr=0x7fff0038 Wptr 0=0x7fff0014 1=0x7ffffff0 2=0xaaaaaaaa 3=0xaaaaaaaa 4=0x7ffffff0

7fff0038 60 bd ajw fffffffd

And this with the 'vra' mode ON (if an entry is found in the internal DB)

7fff01a4 2f f1 devsb

NOTE: At 0x7fff01a4 Write to device at address 00000e00, value=0x00000007 REGN: MPEG_CONTROL_7_0 bits:8 access:R/W DESC: MPEG Audio/Video buffer control register A=0x7fff01d2 B=0xaaaaaaaa C=0xaaaaaaaa Iptr=0x7fff01a6 Wptr 0=0x7fff01d2 1=0xaaaaaaaa 2=0xaaaaaaaa 3=0xaaaaaaaa 4=0x7ffffff0 5=0xaaaaaaaa 6=0xaaaaaaaa

7fff01a6 27 40 ldc 70


Where:

NOTE is the usual field put there by st20emu REGN stand for (REG)ister (N)ame bits: is the register extension in bit access: is the access allowed for this register (R)ead (W)rite etc. DESC: stand for (DESC)ription, when available.

This is the output of the 'omr' command...

omr OTHER MACHINE REGISTERS


Enables=0xffffc000 ClockRegHP=0x20000000 ClockRegLP=0x20000000 ClockEnables=0x03 HP_ErrFlag=0x00 LP_ErrFlag=0x00 HaltOnError=0x00


...and this for 'ver'

ver Enables Register Value=0xffffc000 LP_PROCESS_INT_ENB is set LP_TIMESLICE_ENB is set LP_EXTERNALEVENT_ENB is set LP_TIMER_ALRM_ENB is set HP_PROCESS_INT_ENB is set HP_TIMESLICE_ENB is set HP_EXTERNALEVENT_ENB is set HP_TIMER_ALRM_ENB is set


devls/lb/lw and devss/sb/sw can be used for memory access too, so if a specific address isn't found in the internal DB, a more generic description is returned based over the Datasheet memory map description. Example:

NOTE: At 0xc0402804 Write to device at address c042a5e8, value=0x00000002 DESCR: Address is into Shared SDRAM (Region 1)

The ajw command has not been executed yet. If you hit the ENTER key, it will be executed and the results of its execution will be displayed.

Notes

Unused words are given the bit pattern 0xAAAAAAAA

The workspace has been assigned to the memory addresses from 0x1FFFF000 to 0x1FFFFFFF. The first workspace word is stored at 0x1FFFFFFC. The workspace words are stored at consecutively lower words.

Only the most common ST20 instructions have been implemented. The emulator will warn you when an unimplemented instruction has been encountered.

I still have lots of things to add to this emulator

  • implement the complete set of instructions
  • allow people to give names to addresses
  • add a command to step over subroutines
  • etc. I'm willing to accept other suggestions but there's no guarantee that I'll get any of the work done very quickly.

Troubleshooting

*Mar 2002 This is a WIN32 app. I don't think it will run in a 16 bit environment (does anyone actually use these any more?). I wrote this for Win98. I have no idea whether it works in NT/2000/XP.

*Dec 2011 Can be compiled with VC++ Express, work fine in 2K/XP/Win7.