Unknown 8085 opcodes
Hayden Kroepfl
perlpowers at gmail.com
Wed Jan 11 11:38:22 CST 2017
Well unless the code is running a disassembler has no real clue, because as
you can see ASCII corresponds mostly to completely valid instructions,
mainly the MOV reg,reg instructions. Depending on how the code's written it
could be basically impossible for a disassembler to tell.
For example you could have code that calls a function that takes inline
arguments, as such you'd have a JSR (or whatever the 8085 equiv is)
followed by data, not instructions. In that subroutine it would change the
return pointer on the stack to jump over those instructions.
The other way a disassembler could do it would be to actually run the code
and see where the code path goes. But then there's no guarantee that it
actually reaches all code points. A smart disassembler can guess based off
jumps and a starting point, but it still doesn't help it the case I
mentioned above.
Disassembly always requires some human element as it can't possibly handle
all cases. Tools like IDA and such typically don't disassemble until you
manually pick and entry point, then it disassembles as far as it can safely
assume from there. You then have to find other code paths yourself. For a
static disassembler you may have to hand hold it, especially if there's
self modifying code which could mess up the disassembly of multi-byte
instructions for a few instructions past the invalid one.
Hayden
On Wed, Jan 11, 2017 at 10:31 AM, Adrian Graham <binarydinosaurs at gmail.com>
wrote:
> Hi all,
>
> Well, this is ROM dumps of a telephone system so that would make sense for
> some of it, but surely a disassembler should also recognise that it's ASCII
> string data and treat it accordingly? I can imagine a freeware disassembler
> maybe making that mistake but the second one is commercial.
>
> I'll have a closer look at DASMx's parameters when I get home, that's the
> freeware one but it seems to make a better job of it than the commercial
> version, though both the D8741A and ROM dumps produce the same unknown
> opcodes.
>
> If anyone knows of others please shout up.
>
> Cheers!
>
> On 11 January 2017 at 17:21, Hayden Kroepfl <perlpowers at gmail.com> wrote:
>
> > Sorry for the double reply.
> > It's definitely ASCII data and not code. There's also seems to be some
> > other constant data in the middle, but translating the byte values as
> ASCII
> > gives:
> > "Telephone Details [few odd bytes]Select "
> >
> > Where [few odd bytes] is 01 04 05 08 which is presumable some other
> > constant data, or some delimiters related to the strings.
> >
> > Hayden
> >
> > On Wed, Jan 11, 2017 at 10:16 AM, Hayden Kroepfl <perlpowers at gmail.com>
> > wrote:
> >
> > > Another possibility could be self-modifying mode, something somewhere
> > else
> > > could be writing over this code once it's running. Though that would be
> > > assuming it's in RAM. Though the code around these instructions seems
> > > confusing. Looking at the values it almost looks like it's ASCII text
> and
> > > not actual code data. I see numbers in the 0x40 and 0x60 range which
> are
> > > the ASCII lowercase and uppercase letters. Along with 0x20 which is a
> > > space. Perhaps try interpreting the data as data instead of code?
> > >
> > > On Wed, Jan 11, 2017 at 10:10 AM, Adrian Graham <
> > binarydinosaurs at gmail.com
> > > > wrote:
> > >
> > >> Hi folks,
> > >>
> > >> Any 8085 assembler geeks in the house?
> > >>
> > >> Official Intel docs don't seem to be helping with this one, I have
> 8085
> > >> and
> > >> D8741A peripheral controller dumps both containing several opcodes
> that
> > >> two
> > >> disassemblers aren't recognising and any docs I've been looking
> through
> > >> for
> > >> either 8085 instructions or the UPI instruction set don't seem to
> > feature
> > >> them either.
> > >>
> > >> The codes are 0x08, 0x10, 0x18, 0x28, 0x38,0xD9, 0xDD and 0xED.
> > >>
> > >> 0x08 nearly always follows a 0x01 LXI B instruction, the others don't
> > seem
> > >> to have an obvious pattern.
> > >>
> > >> I've pondered if 0x10 is INC @R0 because the binary for that is 0001
> > 000x
> > >> where x is either 0 or 1.
> > >> By the same reasoning 0xD9 could be XRL A,R1 (opcode 11011xxx) and
> 0xDD
> > >> could be XRL A,R5 but can't match the others. Also the surrounding
> code
> > >> doesn't mention those registers.
> > >>
> > >> Example 8085 code fragment:
> > >>
> > >> 3440 1792 09 DAD B
> > >> 3441 1793 01 01 08 LXI B,0801H
> > >> 3442 1796 08 UNRECOGNIZED
> > >> 3443 1797 12 STAX D
> > >> 3444 1798 0D DCR C
> > >> 3445 1799 54 MOV D,H
> > >> 3446 179A 65 MOV H,L
> > >> 3447 179B 6C MOV L,H
> > >> 3448 179C 65 MOV H,L
> > >> 3449 179D 70 MOV M,B
> > >> 3450 179E 68 MOV L,B
> > >> 3451 179F 6F MOV L,A
> > >> 3452 17A0 6E MOV L,M
> > >> 3453 17A1 65 MOV H,L
> > >> 3454 17A2 20 RIM
> > >> 3455 17A3 44 MOV B,H
> > >> 3456 17A4 65 MOV H,L
> > >> 3457 17A5 74 MOV M,H
> > >> 3458 17A6 61 MOV H,C
> > >> 3459 17A7 69 MOV L,C
> > >> 3460 17A8 6C MOV L,H
> > >> 3461 17A9 73 MOV M,E
> > >> 3462 17AA 01 04 05 LXI B,0504H
> > >> 3463 17AD 08 UNRECOGNIZED
> > >> 3464 17AE 17 RAL
> > >> 3465 17AF 53 MOV D,E
> > >> 3466 17B0 65 MOV H,L
> > >> 3467 17B1 6C MOV L,H
> > >> 3468 17B2 65 MOV H,L
> > >> 3469 17B3 63 MOV H,E
> > >> 3470 17B4 74 MOV M,H
> > >> 3471 17B5 20 RIM
> > >>
> > >> Cheers!
> > >>
> > >> --
> > >> adrian/witchy
> > >> Owner of Binary Dinosaurs, the UK's biggest home computer collection?
> > >> www.binarydinosaurs.co.uk
> > >>
> > >
> > >
> >
>
>
>
> --
> adrian/witchy
> Owner of Binary Dinosaurs, the UK's biggest home computer collection?
> www.binarydinosaurs.co.uk
>
More information about the cctech
mailing list