Header種類
ILI93xx.DL
Header種類
CCDL, IMPT, EXPT, RAW, [ERPT], [NULL]
每個Header的長度為32Bytes:
char name[4]; uint32_t ident; uint32_t offset; uint32_t size;
經由上面的格式,可以知道RAW Offset是0x2b0(size=0x2788),因此可以使用如下指令取出Binary並且反組譯:
$ dd if=ILI9338.DL of=ILI9338.bin bs=1 skip=696 $ mipsel-linux-objdump -b binary -m mips -D ILI9338.bin > ILI9338.dis
根據Dingux的驅動程式(drivers/video/jz4740_slcd.h),ILI9338的LCD初使化片段指令如下:
Mcupanel_Command(0x11); mdelay(100); Mcupanel_Command(0xCB); Mcupanel_Data(0x01); Mcupanel_Command(0xC0); Mcupanel_Data(0x26); Mcupanel_Data(0x01);
反組譯位置
ROM:0000199Cg li $gp, 0xFFFFE664 ROM:000019A4g addu $gp, $t9 ROM:000019A8g addiu $sp, -0x20 ROM:000019ACg sw $gp, 0x10($sp) ROM:000019B0g li $a0, 0x11 ROM:000019B4g sw $ra, 0x1C($sp) ROM:000019B8g sw $gp, 0x18($sp) ROM:000019BCg lw $t9, 0x2360($gp) ROM:000019C0g jalr $t9 ROM:000019C4g nop ROM:000019C8g lw $gp, 0x10($sp) ROM:000019CCg li $a0, 0x64 # 'd' ROM:000019D0g lw $t9, 0x238C($gp) ROM:000019D4g jalr $t9 ROM:000019D8g nop ROM:000019DCg lw $gp, 0x10($sp) ROM:000019E0g li $a0, 0xCB # ' ROM:000019E4g lw $t9, 0x2360($gp) ROM:000019E8g jalr $t9 ROM:000019ECg nop ROM:000019F0g lw $gp, 0x10($sp) ROM:000019F4g li $a0, 1 ROM:000019F8g lw $t9, 0x2400($gp) ROM:000019FCg jalr $t9 ROM:00001A00g nop ROM:00001A04g lw $gp, 0x10($sp) ROM:00001A08g li $a0, 0xC0 # ' ROM:00001A0Cg lw $t9, 0x2360($gp) ROM:00001A10g jalr $t9 ROM:00001A14g nop ROM:00001A18g lw $gp, 0x10($sp) ROM:00001A1Cg li $a0, 0x27 # ''' ROM:00001A20g lw $t9, 0x2400($gp) ROM:00001A24g jalr $t9 ROM:00001A28g nop ROM:00001A2Cg lw $gp, 0x10($sp) ROM:00001A30g li $a0, 9 ROM:00001A34g lw $t9, 0x2400($gp) ROM:00001A38g jalr $t9 ROM:00001A3Cg nop ROM:00001A40g lw $gp, 0x10($sp) ROM:00001A44g li $a0, 0xC1 # ' ROM:00001A48g lw $t9, 0x2360($gp) ROM:00001A4Cg jalr $t9 ROM:00001A50g nop ROM:00001A54g lw $gp, 0x10($sp) ROM:00001A58g li $a0, 0x10 ROM:00001A5Cg lw $t9, 0x2400($gp) ROM:00001A60g jalr $t9 ROM:00001A64g nop ROM:00001A68g lw $gp, 0x10($sp) ROM:00001A6Cg li $a0, 0xB6 # ' ROM:00001A70g lw $t9, 0x2360($gp) ROM:00001A74g jalr $t9 ROM:00001A78g nop ROM:00001A7Cg lw $gp, 0x10($sp) ROM:00001A80g li $a0, 0xA ROM:00001A84g lw $t9, 0x2400($gp) ROM:00001A88g jalr $t9 ROM:00001A8Cg nop ROM:00001A90g lw $gp, 0x10($sp) ROM:00001A94g li $a0, 2 ROM:00001A98g lw $t9, 0x2400($gp) ROM:00001A9Cg jalr $t9 ROM:00001AA0g nop ROM:00001AA4g lw $gp, 0x10($sp) ROM:00001AA8g li $a0, 0x26 # '&' ROM:00001AACg lw $t9, 0x2360($gp) ROM:00001AB0g jalr $t9 ROM:00001AB4g nop ROM:00001AB8g lw $gp, 0x10($sp) ROM:00001ABCg li $a0, 1 ROM:00001AC0g lw $t9, 0x2400($gp) ROM:00001AC4g jalr $t9 ROM:00001AC8g nop ROM:00001ACCg lw $gp, 0x10($sp) ROM:00001AD0g li $a0, 0xE0 # ' ROM:00001AD4g lw $t9, 0x2360($gp) ROM:00001AD8g jalr $t9 ROM:00001ADCg nop ROM:00001AE0g lw $gp, 0x10($sp) ROM:00001AE4g li $a0, 0xF ROM:00001AE8g lw $t9, 0x2400($gp) ROM:00001AECg jalr $t9 ROM:00001AF0g nop ROM:00001AF4g lw $gp, 0x10($sp) ROM:00001AF8g li $a0, 0x3F # '?' ROM:00001AFCg lw $t9, 0x2400($gp) ROM:00001B00g jalr $t9 ROM:00001B04g nop ROM:00001B08g lw $gp, 0x10($sp) ROM:00001B0Cg li $a0, 0x3F # '?' ROM:00001B10g lw $t9, 0x2400($gp) ROM:00001B14g jalr $t9 ROM:00001B18g nop ROM:00001B1Cg lw $gp, 0x10($sp) ROM:00001B20g li $a0, 2 ROM:00001B24g lw $t9, 0x2400($gp) ROM:00001B28g jalr $t9 ROM:00001B2Cg nop ROM:00001B30g lw $gp, 0x10($sp) ROM:00001B34g li $a0, 4 ROM:00001B38g lw $t9, 0x2400($gp) ROM:00001B3Cg jalr $t9 ROM:00001B40g nop ROM:00001B44g lw $gp, 0x10($sp) ROM:00001B48g li $a0, 5 ROM:00001B4Cg lw $t9, 0x2400($gp) ROM:00001B50g jalr $t9 ROM:00001B54g nop ROM:00001B58g lw $gp, 0x10($sp) ROM:00001B5Cg li $a0, 0x49 # 'I' ROM:00001B60g lw $t9, 0x2400($gp) ROM:00001B64g jalr $t9 ROM:00001B68g nop ROM:00001B6Cg lw $gp, 0x10($sp) ROM:00001B70g li $a0, 0x75 # 'u' ROM:00001B74g lw $t9, 0x2400($gp) ROM:00001B78g jalr $t9 ROM:00001B7Cg nop ROM:00001B80g lw $gp, 0x10($sp) ROM:00001B84g li $a0, 0x20 # ' ' ROM:00001B88g lw $t9, 0x2400($gp) ROM:00001B8Cg jalr $t9 ROM:00001B90g nop ROM:00001B94g lw $gp, 0x10($sp) ROM:00001B98g li $a0, 8 ROM:00001B9Cg lw $t9, 0x2400($gp) ROM:00001BA0g jalr $t9 ROM:00001BA4g nop ROM:00001BA8g lw $gp, 0x10($sp) ROM:00001BACg li $a0, 0x14 ROM:00001BB0g lw $t9, 0x2400($gp) ROM:00001BB4g jalr $t9 ROM:00001BB8g nop ROM:00001BBCg lw $gp, 0x10($sp) ROM:00001BC0g li $a0, 0xC ROM:00001BC4g lw $t9, 0x2400($gp) ROM:00001BC8g jalr $t9 ROM:00001BCCg nop ROM:00001BD0g lw $gp, 0x10($sp) ROM:00001BD4g li $a0, 0x15 ROM:00001BD8g lw $t9, 0x2400($gp) ROM:00001BDCg jalr $t9 ROM:00001BE0g nop ROM:00001BE4g lw $gp, 0x10($sp) ROM:00001BE8g li $a0, 0xE ROM:00001BECg lw $t9, 0x2400($gp) ROM:00001BF0g jalr $t9 ROM:00001BF4g nop ROM:00001BF8g lw $gp, 0x10($sp) ROM:00001BFCg li $a0, 0 ROM:00001C00g lw $t9, 0x2400($gp) ROM:00001C04g jalr $t9 ROM:00001C08g nop ROM:00001C0Cg lw $gp, 0x10($sp) ROM:00001C10g li $a0, 0xE1 # ' ROM:00001C14g lw $t9, 0x2360($gp) ROM:00001C18g jalr $t9 ROM:00001C1Cg nop ROM:00001C20g lw $gp, 0x10($sp) ROM:00001C24g li $a0, 0 ROM:00001C28g lw $t9, 0x2400($gp) ROM:00001C2Cg jalr $t9 ROM:00001C30g nop ROM:00001C34g lw $gp, 0x10($sp) ROM:00001C38g li $a0, 0 ROM:00001C3Cg lw $t9, 0x2400($gp) ROM:00001C40g jalr $t9 ROM:00001C44g nop ROM:00001C48g lw $gp, 0x10($sp) ROM:00001C4Cg li $a0, 0 ROM:00001C50g lw $t9, 0x2400($gp) ROM:00001C54g jalr $t9 ROM:00001C58g nop ROM:00001C5Cg lw $gp, 0x10($sp) ROM:00001C60g li $a0, 0xC ROM:00001C64g lw $t9, 0x2400($gp) ROM:00001C68g jalr $t9 ROM:00001C6Cg nop ROM:00001C70g lw $gp, 0x10($sp) ROM:00001C74g li $a0, 0x1A ROM:00001C78g lw $t9, 0x2400($gp) ROM:00001C7Cg jalr $t9 ROM:00001C80g nop ROM:00001C84g lw $gp, 0x10($sp) ROM:00001C88g li $a0, 0xD ROM:00001C8Cg lw $t9, 0x2400($gp) ROM:00001C90g jalr $t9 ROM:00001C94g nop ROM:00001C98g lw $gp, 0x10($sp) ROM:00001C9Cg li $a0, 0x3A # ':' ROM:00001CA0g lw $t9, 0x2400($gp) ROM:00001CA4g jalr $t9 ROM:00001CA8g nop ROM:00001CACg lw $gp, 0x10($sp) ROM:00001CB0g li $a0, 0x8A # ' ROM:00001CB4g lw $t9, 0x2400($gp) ROM:00001CB8g jalr $t9 ROM:00001CBCg nop ROM:00001CC0g lw $gp, 0x10($sp) ROM:00001CC4g li $a0, 0x40 # '@' ROM:00001CC8g lw $t9, 0x2400($gp) ROM:00001CCCg jalr $t9 ROM:00001CD0g nop ROM:00001CD4g lw $gp, 0x10($sp) ROM:00001CD8g li $a0, 8 ROM:00001CDCg lw $t9, 0x2400($gp) ROM:00001CE0g jalr $t9 ROM:00001CE4g nop ROM:00001CE8g lw $gp, 0x10($sp) ROM:00001CECg li $a0, 0x11 ROM:00001CF0g lw $t9, 0x2400($gp) ROM:00001CF4g jalr $t9 ROM:00001CF8g nop ROM:00001CFCg lw $gp, 0x10($sp) ROM:00001D00g li $a0, 0xF ROM:00001D04g lw $t9, 0x2400($gp) ROM:00001D08g jalr $t9 ROM:00001D0Cg nop ROM:00001D10g lw $gp, 0x10($sp) ROM:00001D14g li $a0, 0x3F # '?' ROM:00001D18g lw $t9, 0x2400($gp) ROM:00001D1Cg jalr $t9 ROM:00001D20g nop ROM:00001D24g lw $gp, 0x10($sp) ROM:00001D28g li $a0, 0x3F # '?' ROM:00001D2Cg lw $t9, 0x2400($gp) ROM:00001D30g jalr $t9 ROM:00001D34g nop ROM:00001D38g lw $gp, 0x10($sp) ROM:00001D3Cg li $a0, 0xF ROM:00001D40g lw $t9, 0x2400($gp) ROM:00001D44g jalr $t9 ROM:00001D48g nop ROM:00001D4Cg lw $gp, 0x10($sp) ROM:00001D50g li $a0, 0x2A # '*' ROM:00001D54g lw $t9, 0x2360($gp) ROM:00001D58g jalr $t9 ROM:00001D5Cg nop ROM:00001D60g lw $gp, 0x10($sp) ROM:00001D64g move $a0, $zero ROM:00001D68g lw $t9, 0x2400($gp) ROM:00001D6Cg jalr $t9 ROM:00001D70g nop ROM:00001D74g lw $gp, 0x10($sp) ROM:00001D78g move $a0, $zero ROM:00001D7Cg lw $t9, 0x2400($gp) ROM:00001D80g jalr $t9 ROM:00001D84g nop ROM:00001D88g lw $gp, 0x10($sp) ROM:00001D8Cg li $a0, 1 ROM:00001D90g lw $t9, 0x2400($gp) ROM:00001D94g jalr $t9 ROM:00001D98g nop ROM:00001D9Cg lw $gp, 0x10($sp) ROM:00001DA0g li $a0, 0x3F # '?' ROM:00001DA4g lw $t9, 0x2400($gp) ROM:00001DA8g jalr $t9 ROM:00001DACg nop ROM:00001DB0g lw $gp, 0x10($sp) ROM:00001DB4g li $a0, 0x2B # '+' ROM:00001DB8g lw $t9, 0x2360($gp) ROM:00001DBCg jalr $t9 ROM:00001DC0g nop ROM:00001DC4g lw $gp, 0x10($sp) ROM:00001DC8g move $a0, $zero ROM:00001DCCg lw $t9, 0x2400($gp) ROM:00001DD0g jalr $t9 ROM:00001DD4g nop ROM:00001DD8g lw $gp, 0x10($sp) ROM:00001DDCg move $a0, $zero ROM:00001DE0g lw $t9, 0x2400($gp) ROM:00001DE4g jalr $t9 ROM:00001DE8g nop ROM:00001DECg lw $gp, 0x10($sp) ROM:00001DF0g move $a0, $zero ROM:00001DF4g lw $t9, 0x2400($gp) ROM:00001DF8g jalr $t9 ROM:00001DFCg nop ROM:00001E00g lw $gp, 0x10($sp) ROM:00001E04g li $a0, 0xEF # ' ROM:00001E08g lw $t9, 0x2400($gp) ROM:00001E0Cg jalr $t9 ROM:00001E10g nop ROM:00001E14g lw $gp, 0x10($sp) ROM:00001E18g li $a0, 0x36 # '6' ROM:00001E1Cg lw $t9, 0x2360($gp) ROM:00001E20g jalr $t9 ROM:00001E24g nop ROM:00001E28g lw $gp, 0x10($sp) ROM:00001E2Cg li $a0, 0xE8 # ' ROM:00001E30g lw $t9, 0x2400($gp) ROM:00001E34g jalr $t9 ROM:00001E38g nop ROM:00001E3Cg lw $gp, 0x10($sp) ROM:00001E40g li $a0, 0x3A # ':' ROM:00001E44g lw $t9, 0x2360($gp) ROM:00001E48g jalr $t9 ROM:00001E4Cg nop ROM:00001E50g lw $gp, 0x10($sp) ROM:00001E54g li $a0, 5 ROM:00001E58g lw $t9, 0x2400($gp) ROM:00001E5Cg jalr $t9 ROM:00001E60g nop ROM:00001E64g lw $gp, 0x10($sp) ROM:00001E68g li $a0, 0x29 # ')' ROM:00001E6Cg lw $t9, 0x2360($gp) ROM:00001E70g jalr $t9 ROM:00001E74g nop ROM:00001E78g lw $gp, 0x10($sp) ROM:00001E7Cg li $a0, 0x2C # ',' ROM:00001E80g lw $t9, 0x2360($gp) ROM:00001E84g jalr $t9 ROM:00001E88g nop ROM:00001E8Cg lw $gp, 0x10($sp) ROM:00001E90g lw $ra, 0x1C($sp) ROM:00001E94g jr $ra ROM:00001E98g addiu $sp, 0x20
LCD初始化程式
mdelay(120); Mcupanel_Command(0x0001); Mcupanel_Command(0x00f0); Mcupanel_Data(0x005a); Mcupanel_Data(0x005a); Mcupanel_Command(0x00f3); Mcupanel_Data(0x0000); Mcupanel_Command(0x00ff); Mcupanel_Data(0x0030); Mcupanel_Data(0x0000); Mcupanel_Data(0x0000); Mcupanel_Data(0x0040); Mcupanel_Command(0x0011); Mcupanel_Command(0x00f3); Mcupanel_Data(0x0001); Mcupanel_Data(0x0026); Mcupanel_Data(0x0026); Mcupanel_Data(0x0007); Mcupanel_Data(0x0011); Mcupanel_Data(0x0057); Mcupanel_Data(0x0057); Mcupanel_Data(0x002c); Mcupanel_Command(0x00f4); Mcupanel_Data(0x0060); Mcupanel_Data(0x0060); Mcupanel_Data(0x006F); Mcupanel_Data(0x006F); Mcupanel_Data(0x0044); Mcupanel_Command(0x00f5); Mcupanel_Data(0x0012); Mcupanel_Data(0x0011); Mcupanel_Data(0x0003); Mcupanel_Data(0x00f0); Mcupanel_Data(0x0030); Mcupanel_Data(0x001f); Mcupanel_Command(0x00f3); Mcupanel_Data(0x0003); Mcupanel_Command(0x00ff); Mcupanel_Data(0x0030); Mcupanel_Data(0x0000); Mcupanel_Data(0x0000); Mcupanel_Data(0x0070); Mcupanel_Command(0x00f3); Mcupanel_Data(0x000f); Mcupanel_Command(0x00ff); Mcupanel_Data(0x0030); Mcupanel_Data(0x0000); Mcupanel_Data(0x0000); Mcupanel_Data(0x0078); Mcupanel_Command(0x00f3); Mcupanel_Data(0x001f); Mcupanel_Command(0x00ff); Mcupanel_Data(0x0000); Mcupanel_Data(0x0000); Mcupanel_Data(0x0000); Mcupanel_Data(0x0078); Mcupanel_Command(0x00f3); Mcupanel_Data(0x001f); Mcupanel_Command(0x00f3); Mcupanel_Data(0x00ff); Mcupanel_Data(0x0026); Mcupanel_Data(0x0026); Mcupanel_Data(0x0007); Mcupanel_Data(0x0055); Mcupanel_Data(0x0057); Mcupanel_Data(0x0057); Mcupanel_Data(0x002c); Mcupanel_Command(0x0011); Mcupanel_Command(0x00f2); Mcupanel_Data(0x0013); Mcupanel_Data(0x0013); Mcupanel_Data(0x0001); Mcupanel_Data(0x0008); Mcupanel_Data(0x0008); Mcupanel_Data(0x0008); Mcupanel_Data(0x0008); Mcupanel_Data(0x0010); Mcupanel_Data(0x0000); Mcupanel_Data(0x0010); Mcupanel_Data(0x0010); Mcupanel_Command(0x00fd); Mcupanel_Data(0x0055); Mcupanel_Command(0x0035); Mcupanel_Data(0x0000); Mcupanel_Command(0x0036); Mcupanel_Data(0x0028); Mcupanel_Command(0x003a); Mcupanel_Data(0x0055); Mcupanel_Command(0x00fe); Mcupanel_Data(0x0016); Mcupanel_Data(0x0016); Mcupanel_Data(0x0028); Mcupanel_Data(0x0000); Mcupanel_Data(0x0000); Mcupanel_Data(0x0006); Mcupanel_Command(0x00f6); Mcupanel_Data(0x0010); Mcupanel_Data(0x0080); Mcupanel_Data(0x0000); Mcupanel_Data(0x0010); Mcupanel_Command(0x0051); Mcupanel_Data(0x00ff); Mcupanel_Command(0x0053); Mcupanel_Data(0x0000); Mcupanel_Command(0x0055); Mcupanel_Data(0x0000); Mcupanel_Command(0x005e); Mcupanel_Data(0x0000); Mcupanel_Command(0x00ca); Mcupanel_Data(0x0080); Mcupanel_Data(0x0080); Mcupanel_Data(0x0020); Mcupanel_Command(0x00cb); Mcupanel_Data(0x0001); Mcupanel_Command(0x00f7); Mcupanel_Data(0x0092); Mcupanel_Data(0x001a); Mcupanel_Data(0x001e); Mcupanel_Data(0x001a); Mcupanel_Data(0x001d); Mcupanel_Data(0x001d); Mcupanel_Data(0x001e); Mcupanel_Data(0x0026); Mcupanel_Data(0x001c); Mcupanel_Data(0x001c); Mcupanel_Data(0x0024); Mcupanel_Data(0x001b); Mcupanel_Data(0x0009); Mcupanel_Data(0x0011); Mcupanel_Data(0x0018); Mcupanel_Command(0x00f8); Mcupanel_Data(0x001a); Mcupanel_Data(0x0000); Mcupanel_Data(0x001e); Mcupanel_Data(0x001a); Mcupanel_Data(0x001d); Mcupanel_Data(0x001a); Mcupanel_Data(0x001d); Mcupanel_Data(0x0024); Mcupanel_Data(0x001e); Mcupanel_Data(0x001f); Mcupanel_Data(0x0027); Mcupanel_Data(0x001e); Mcupanel_Data(0x000a); Mcupanel_Data(0x0011); Mcupanel_Data(0x0011); Mcupanel_Command(0x00f9); Mcupanel_Data(0x0086); Mcupanel_Data(0x001a); Mcupanel_Data(0x0010); Mcupanel_Data(0x0010); Mcupanel_Data(0x001d); Mcupanel_Data(0x001b); Mcupanel_Data(0x001f); Mcupanel_Data(0x0027); Mcupanel_Data(0x001b); Mcupanel_Data(0x001f); Mcupanel_Data(0x0027); Mcupanel_Data(0x001e); Mcupanel_Data(0x000a); Mcupanel_Data(0x0011); Mcupanel_Data(0x0018); Mcupanel_Command(0x00fa); Mcupanel_Data(0x001a); Mcupanel_Data(0x0000); Mcupanel_Data(0x001e); Mcupanel_Data(0x001a); Mcupanel_Data(0x001d); Mcupanel_Data(0x001a); Mcupanel_Data(0x001d); Mcupanel_Data(0x0024); Mcupanel_Data(0x001e); Mcupanel_Data(0x001f); Mcupanel_Data(0x0027); Mcupanel_Data(0x001e); Mcupanel_Data(0x000a); Mcupanel_Data(0x0011); Mcupanel_Data(0x0011); Mcupanel_Command(0x00fb); Mcupanel_Data(0x0080); Mcupanel_Data(0x001a); Mcupanel_Data(0x001e); Mcupanel_Data(0x001a); Mcupanel_Data(0x001d); Mcupanel_Data(0x001b); Mcupanel_Data(0x001e); Mcupanel_Data(0x0026); Mcupanel_Data(0x0017); Mcupanel_Data(0x001a); Mcupanel_Data(0x001d); Mcupanel_Data(0x0014); Mcupanel_Data(0x0000); Mcupanel_Data(0x0011); Mcupanel_Data(0x0018); Mcupanel_Command(0x00fc); Mcupanel_Data(0x001a); Mcupanel_Data(0x0000); Mcupanel_Data(0x001e); Mcupanel_Data(0x001a); Mcupanel_Data(0x001d); Mcupanel_Data(0x001a); Mcupanel_Data(0x001d); Mcupanel_Data(0x0024); Mcupanel_Data(0x001e); Mcupanel_Data(0x001f); Mcupanel_Data(0x0027); Mcupanel_Data(0x001e); Mcupanel_Data(0x000a); Mcupanel_Data(0x0011); Mcupanel_Data(0x0011); Mcupanel_Command(0x002a); Mcupanel_Data(0x0000); Mcupanel_Data(0x0000); Mcupanel_Data(0x0001); Mcupanel_Data(0x003f); Mcupanel_Command(0x002b); Mcupanel_Data(0x0000); Mcupanel_Data(0x0000); Mcupanel_Data(0x0000); Mcupanel_Data(0x00ef); Mcupanel_Command(0x0029); Mcupanel_Command(0x002c);
接著是最難的地方,因為這個屏需要更多的指令,所以沒有足夠的空間做Binary Patch,因此,司徒必須找尋其它沒有使用到的空間來填充需要的指令,加上A320掌機沒有比較方便的除錯方式,因此,司徒花了相當多的時間測試,最終完成Binary Patch,Patch後的Assembly內容如下:
ROM:0000199Cg li $gp, 0xFFFFE664 ROM:000019A4g addu $gp, $t9 ROM:000019A8g addiu $sp, -0x24 ROM:000019ACg sw $gp, 0x10($sp) ROM:000019B0g li $a0, 0xA0 # ' ROM:000019B4g sw $ra, 0x1C($sp) ROM:000019B8g sw $gp, 0x18($sp) ROM:000019BCg lw $t9, 0x238C($gp) ROM:000019C0g jalr $t9 ROM:000019C4g nop ROM:000019C8g li $t0, 0x1A20 ROM:000019CC ROM:000019CC loc_19CC:g # CODE XREF: ROM:00001A10j ROM:000019CCg lw $gp, 0x10($sp) ROM:000019D0g add $t1, $t0, $gp ROM:000019D4g lw $t1, 0($t1) ROM:000019D8g addi $t0, 4 ROM:000019DCg sw $t0, 0x20($sp) ROM:000019E0g andi $a0, $t1, 0xFF ROM:000019E4g andi $t1, 0x8000 ROM:000019E8g bnez $t1, loc_19FC ROM:000019ECg lw $t9, 0x2400($gp) ROM:000019F0g jalr $t9 ROM:000019F4g nop ROM:000019F8g b loc_1A08 ROM:000019FC ROM:000019FC loc_19FC:g # CODE XREF: ROM:000019E8j ROM:000019FCg lw $t9, 0x2360($gp) ROM:00001A00g jalr $t9 ROM:00001A04g nop ROM:00001A08 ROM:00001A08 loc_1A08:g # CODE XREF: ROM:000019F8j ROM:00001A08g lw $t0, 0x20($sp) ROM:00001A0Cg slti $t1, $t0, 0x1D94 ROM:00001A10g bnez $t1, loc_19CC ROM:00001A14g nop ROM:00001A18g b loc_1E88 ROM:00001A1Cg nop ROM:00001A1C # --------------------------------------------------------------------------- ROM:00001A20g .word 0x8001 ROM:00001A24g .word 0x80F0 ROM:00001A28g .word 0x5A ROM:00001A2Cg .word 0x5A ROM:00001A30g .word 0x80F3 ROM:00001A34g .word 0 ROM:00001A38g .word 0x80FF ROM:00001A3Cg .word 0x30 ROM:00001A40g .word 0 ROM:00001A44g .word 0 ROM:00001A48g .word 0x40 ROM:00001A4Cg .word 0x8011 ROM:00001A50g .word 0x80F3 ROM:00001A54g .word 1 ROM:00001A58g .word 0x26 ROM:00001A5Cg .word 0x26 ROM:00001A60g .word 7 ROM:00001A64g .word 0x11 ROM:00001A68g .word 0x57 ROM:00001A6Cg .word 0x57 ROM:00001A70g .word 0x2C ROM:00001A74g .word 0x80F4 ROM:00001A78g .word 0x60 ROM:00001A7Cg .word 0x60 ROM:00001A80g .word 0x6F ROM:00001A84g .word 0x6F ROM:00001A88g .word 0x44 ROM:00001A8Cg .word 0x80F5 ROM:00001A90g .word 0x12 ROM:00001A94g .word 0x11 ROM:00001A98g .word 3 ROM:00001A9Cg .word 0xF0 ROM:00001AA0g .word 0x30 ROM:00001AA4g .word 0x1F ROM:00001AA8g .word 0x80F3 ROM:00001AACg .word 3 ROM:00001AB0g .word 0x80FF ROM:00001AB4g .word 0x30 ROM:00001AB8g .word 0 ROM:00001ABCg .word 0 ROM:00001AC0g .word 0x70 ROM:00001AC4g .word 0x80F3 ROM:00001AC8g .word 0xF ROM:00001ACCg .word 0x80FF ROM:00001AD0g .word 0x30 ROM:00001AD4g .word 0 ROM:00001AD8g .word 0 ROM:00001ADCg .word 0x78 ROM:00001AE0g .word 0x80F3 ROM:00001AE4g .word 0x1F ROM:00001AE8g .word 0x80FF ROM:00001AECg .word 0 ROM:00001AF0g .word 0 ROM:00001AF4g .word 0 ROM:00001AF8g .word 0x78 ROM:00001AFCg .word 0x80F3 ROM:00001B00g .word 0x1F ROM:00001B04g .word 0x80F3 ROM:00001B08g .word 0xFF ROM:00001B0Cg .word 0x26 ROM:00001B10g .word 0x26 ROM:00001B14g .word 7 ROM:00001B18g .word 0x55 ROM:00001B1Cg .word 0x57 ROM:00001B20g .word 0x57 ROM:00001B24g .word 0x2C ROM:00001B28g .word 0x8011 ROM:00001B2Cg .word 0x80F2 ROM:00001B30g .word 0x13 ROM:00001B34g .word 0x13 ROM:00001B38g .word 1 ROM:00001B3Cg .word 8 ROM:00001B40g .word 8 ROM:00001B44g .word 8 ROM:00001B48g .word 8 ROM:00001B4Cg .word 0x10 ROM:00001B50g .word 0 ROM:00001B54g .word 0x10 ROM:00001B58g .word 0x10 ROM:00001B5Cg .word 0x80FD ROM:00001B60g .word 0x55 ROM:00001B64g .word 0x8035 ROM:00001B68g .word 0 ROM:00001B6Cg .word 0x8036 ROM:00001B70g .word 0x28 ROM:00001B74g .word 0x803A ROM:00001B78g .word 0x55 ROM:00001B7Cg .word 0x80FE ROM:00001B80g .word 0x16 ROM:00001B84g .word 0x16 ROM:00001B88g .word 0x28 ROM:00001B8Cg .word 0 ROM:00001B90g .word 0 ROM:00001B94g .word 6 ROM:00001B98g .word 0x80F6 ROM:00001B9Cg .word 0x10 ROM:00001BA0g .word 0x80 ROM:00001BA4g .word 0 ROM:00001BA8g .word 0x10 ROM:00001BACg .word 0x8051 ROM:00001BB0g .word 0xFF ROM:00001BB4g .word 0x8053 ROM:00001BB8g .word 0 ROM:00001BBCg .word 0x8055 ROM:00001BC0g .word 0 ROM:00001BC4g .word 0x805E ROM:00001BC8g .word 0 ROM:00001BCCg .word 0x80CA ROM:00001BD0g .word 0x80 ROM:00001BD4g .word 0x80 ROM:00001BD8g .word 0x20 ROM:00001BDCg .word 0x80CB ROM:00001BE0g .word 1 ROM:00001BE4g .word 0x80F7 ROM:00001BE8g .word 0x92 ROM:00001BECg .word 0x1A ROM:00001BF0g .word 0x1E ROM:00001BF4g .word 0x1A ROM:00001BF8g .word 0x1D ROM:00001BFCg .word 0x1D ROM:00001C00g .word 0x1E ROM:00001C04g .word 0x26 ROM:00001C08g .word 0x1C ROM:00001C0Cg .word 0x1C ROM:00001C10g .word 0x24 ROM:00001C14g .word 0x1B ROM:00001C18g .word 9 ROM:00001C1Cg .word 0x11 ROM:00001C20g .word 0x18 ROM:00001C24g .word 0x80F8 ROM:00001C28g .word 0x1A ROM:00001C2Cg .word 0 ROM:00001C30g .word 0x1E ROM:00001C34g .word 0x1A ROM:00001C38g .word 0x1D ROM:00001C3Cg .word 0x1A ROM:00001C40g .word 0x1D ROM:00001C44g .word 0x24 ROM:00001C48g .word 0x1E ROM:00001C4Cg .word 0x1F ROM:00001C50g .word 0x27 ROM:00001C54g .word 0x1E ROM:00001C58g .word 0xA ROM:00001C5Cg .word 0x11 ROM:00001C60g .word 0x11 ROM:00001C64g .word 0x80F9 ROM:00001C68g .word 0x86 ROM:00001C6Cg .word 0x1A ROM:00001C70g .word 0x10 ROM:00001C74g .word 0x10 ROM:00001C78g .word 0x1D ROM:00001C7Cg .word 0x1B ROM:00001C80g .word 0x1F ROM:00001C84g .word 0x27 ROM:00001C88g .word 0x1B ROM:00001C8Cg .word 0x1F ROM:00001C90g .word 0x27 ROM:00001C94g .word 0x1E ROM:00001C98g .word 0xA ROM:00001C9Cg .word 0x11 ROM:00001CA0g .word 0x18 ROM:00001CA4g .word 0x80FA ROM:00001CA8g .word 0x1A ROM:00001CACg .word 0 ROM:00001CB0g .word 0x1E ROM:00001CB4g .word 0x1A ROM:00001CB8g .word 0x1D ROM:00001CBCg .word 0x1A ROM:00001CC0g .word 0x1D ROM:00001CC4g .word 0x24 ROM:00001CC8g .word 0x1E ROM:00001CCCg .word 0x1F ROM:00001CD0g .word 0x27 ROM:00001CD4g .word 0x1E ROM:00001CD8g .word 0xA ROM:00001CDCg .word 0x11 ROM:00001CE0g .word 0x11 ROM:00001CE4g .word 0x80FB ROM:00001CE8g .word 0x80 ROM:00001CECg .word 0x1A ROM:00001CF0g .word 0x1E ROM:00001CF4g .word 0x1A ROM:00001CF8g .word 0x1D ROM:00001CFCg .word 0x1B ROM:00001D00g .word 0x1E ROM:00001D04g .word 0x26 ROM:00001D08g .word 0x17 ROM:00001D0Cg .word 0x1A ROM:00001D10g .word 0x1D ROM:00001D14g .word 0x14 ROM:00001D18g .word 0 ROM:00001D1Cg .word 0x11 ROM:00001D20g .word 0x18 ROM:00001D24g .word 0x80FC ROM:00001D28g .word 0x1A ROM:00001D2Cg .word 0 ROM:00001D30g .word 0x1E ROM:00001D34g .word 0x1A ROM:00001D38g .word 0x1D ROM:00001D3Cg .word 0x1A ROM:00001D40g .word 0x1D ROM:00001D44g .word 0x24 ROM:00001D48g .word 0x1E ROM:00001D4Cg .word 0x1F ROM:00001D50g .word 0x27 ROM:00001D54g .word 0x1E ROM:00001D58g .word 0xA ROM:00001D5Cg .word 0x11 ROM:00001D60g .word 0x11 ROM:00001D64g .word 0x802A ROM:00001D68g .word 0 ROM:00001D6Cg .word 0 ROM:00001D70g .word 1 ROM:00001D74g .word 0x3F ROM:00001D78g .word 0x802B ROM:00001D7Cg .word 0 ROM:00001D80g .word 0 ROM:00001D84g .word 0 ROM:00001D88g .word 0xEF ROM:00001D8Cg .word 0x8029 ROM:00001D90g .word 0x802C ROM:00001D94g .word 0 ROM:00001D98g .word 0 ROM:00001D9Cg .word 0 ROM:00001DA0g .word 0 ROM:00001DA4g .word 0 ROM:00001DA8g .word 0 ROM:00001DACg .word 0 ROM:00001DB0g .word 0 ROM:00001DB4g .word 0 ROM:00001DB8g .word 0 ROM:00001DBCg .word 0 ROM:00001DC0g .word 0 ROM:00001DC4g .word 0 ROM:00001DC8g .word 0 ROM:00001DCCg .word 0 ROM:00001DD0g .word 0 ROM:00001DD4g .word 0 ROM:00001DD8g .word 0 ROM:00001DDCg .word 0 ROM:00001DE0g .word 0 ROM:00001DE4g .word 0 ROM:00001DE8g .word 0 ROM:00001DECg .word 0 ROM:00001DF0g .word 0 ROM:00001DF4g .word 0 ROM:00001DF8g .word 0 ROM:00001DFCg .word 0 ROM:00001E00g .word 0 ROM:00001E04g .word 0 ROM:00001E08g .word 0 ROM:00001E0Cg .word 0 ROM:00001E10g .word 0 ROM:00001E14g .word 0 ROM:00001E18g .word 0 ROM:00001E1Cg .word 0 ROM:00001E20g .word 0 ROM:00001E24g .word 0 ROM:00001E28g .word 0 ROM:00001E2Cg .word 0 ROM:00001E30g .word 0 ROM:00001E34g .word 0 ROM:00001E38g .word 0 ROM:00001E3Cg .word 0 ROM:00001E40g .word 0 ROM:00001E44g .word 0 ROM:00001E48g .word 0 ROM:00001E4Cg .word 0 ROM:00001E50g .word 0 ROM:00001E54g .word 0 ROM:00001E58g .word 0 ROM:00001E5Cg .word 0 ROM:00001E60g .word 0 ROM:00001E64g .word 0 ROM:00001E68g .word 0 ROM:00001E6Cg .word 0 ROM:00001E70g .word 0 ROM:00001E74g .word 0 ROM:00001E78g .word 0 ROM:00001E7Cg .word 0 ROM:00001E80g .word 0 ROM:00001E84g .word 0 ROM:00001E88 # --------------------------------------------------------------------------- ROM:00001E88 loc_1E88:g # CODE XREF: ROM:00001A18j ROM:00001E88g nop ROM:00001E8Cg lw $gp, 0x10($sp) ROM:00001E90g lw $ra, 0x1C($sp) ROM:00001E94g jr $ra ROM:00001E98g addiu $sp, 0x24
Patch後的Binary內容
0001c50: 01000224 00001c3c 64e69c27 21e09903 ...$...<d..'!... 0001c60: dcffbd27 1000bcaf a0000424 1c00bfaf ...'.......$.... 0001c70: 1800bcaf 8c23998f 09f82003 00000000 .....#.... ..... 0001c80: 201a0824 1000bc8f 20481c01 0000298d ..$.... H....). 0001c90: 04000821 2000a8af ff002431 00802931 ...! .....$1..)1 0001ca0: 04002015 0024998f 09f92003 00000000 .. ..$.... ..... 0001cb0: 03000010 6023998f 09f82003 00000000 ....`#.... ..... 0001cc0: 2000a88f 941d0929 eeff2015 00000000 ......).. ..... 0001cd0: 1b010010 00000000 01800000 f0800000 ................ 0001ce0: 5a000000 5a000000 f3800000 00000000 Z...Z........... 0001cf0: ff800000 30000000 00000000 00000000 ....0........... 0001d00: 40000000 11800000 f3800000 01000000 @............... 0001d10: 26000000 26000000 07000000 11000000 &...&........... 0001d20: 57000000 57000000 2c000000 f4800000 W...W...,....... 0001d30: 60000000 60000000 6f000000 6f000000 `...`...o...o... 0001d40: 44000000 f5800000 12000000 11000000 D............... 0001d50: 03000000 f0000000 30000000 1f000000 ........0....... 0001d60: f3800000 03000000 ff800000 30000000 ............0... 0001d70: 00000000 00000000 70000000 f3800000 ........p....... 0001d80: 0f000000 ff800000 30000000 00000000 ........0....... 0001d90: 00000000 78000000 f3800000 1f000000 ....x........... 0001da0: ff800000 00000000 00000000 00000000 ................ 0001db0: 78000000 f3800000 1f000000 f3800000 x............... 0001dc0: ff000000 26000000 26000000 07000000 ....&...&....... 0001dd0: 55000000 57000000 57000000 2c000000 U...W...W...,... 0001de0: 11800000 f2800000 13000000 13000000 ................ 0001df0: 01000000 08000000 08000000 08000000 ................ 0001e00: 08000000 10000000 00000000 10000000 ................ 0001e10: 10000000 fd800000 55000000 35800000 ........U...5... 0001e20: 00000000 36800000 e8000000 3a800000 ....6...(...:... 0001e30: 55000000 fe800000 16000000 16000000 U............... 0001e40: 28000000 00000000 00000000 06000000 (............... 0001e50: f6800000 10000000 80000000 00000000 ................ 0001e60: 10000000 51800000 ff000000 53800000 ....Q.......S... 0001e70: 00000000 55800000 00000000 5e800000 ....U.......^... 0001e80: 00000000 ca800000 80000000 80000000 ................ 0001e90: 20000000 cb800000 01000000 f7800000 ............... 0001ea0: 92000000 1a000000 1e000000 1a000000 ................ 0001eb0: 1d000000 1d000000 1e000000 26000000 ............&... 0001ec0: 1c000000 1c000000 24000000 1b000000 ........$....... 0001ed0: 09000000 11000000 18000000 f8800000 ................ 0001ee0: 1a000000 00000000 1e000000 1a000000 ................ 0001ef0: 1d000000 1a000000 1d000000 24000000 ............$... 0001f00: 1e000000 1f000000 27000000 1e000000 ........'....... 0001f10: 0a000000 11000000 11000000 f9800000 ................ 0001f20: 86000000 1a000000 10000000 10000000 ................ 0001f30: 1d000000 1b000000 1f000000 27000000 ............'... 0001f40: 1b000000 1f000000 27000000 1e000000 ........'....... 0001f50: 0a000000 11000000 18000000 fa800000 ................ 0001f60: 1a000000 00000000 1e000000 1a000000 ................ 0001f70: 1d000000 1a000000 1d000000 24000000 ............$... 0001f80: 1e000000 1f000000 27000000 1e000000 ........'....... 0001f90: 0a000000 11000000 11000000 fb800000 ................ 0001fa0: 80000000 1a000000 1e000000 1a000000 ................ 0001fb0: 1d000000 1b000000 1e000000 26000000 ............&... 0001fc0: 17000000 1a000000 1d000000 14000000 ................ 0001fd0: 00000000 11000000 18000000 fc800000 ................ 0001fe0: 1a000000 00000000 1e000000 1a000000 ................ 0001ff0: 1d000000 1a000000 1d000000 24000000 ............$... 0002000: 1e000000 1f000000 27000000 1e000000 ........'....... 0002010: 0a000000 11000000 11000000 2a800000 ............*... 0002020: 00000000 00000000 01000000 3f000000 ............?... 0002030: 2b800000 00000000 00000000 00000000 +............... 0002040: ef000000 29800000 2c800000 00000000 ....)...,....... 0002050: 00000000 00000000 00000000 00000000 ................ 0002060: 00000000 00000000 00000000 00000000 ................ 0002070: 00000000 00000000 00000000 00000000 ................ 0002080: 00000000 00000000 00000000 00000000 ................ 0002090: 00000000 00000000 00000000 00000000 ................ 00020a0: 00000000 00000000 00000000 00000000 ................ 00020b0: 00000000 00000000 00000000 00000000 ................ 00020c0: 00000000 00000000 00000000 00000000 ................ 00020d0: 00000000 00000000 00000000 00000000 ................ 00020e0: 00000000 00000000 00000000 00000000 ................ 00020f0: 00000000 00000000 00000000 00000000 ................ 0002100: 00000000 00000000 00000000 00000000 ................ 0002110: 00000000 00000000 00000000 00000000 ................ 0002120: 00000000 00000000 00000000 00000000 ................ 0002130: 00000000 00000000 00000000 00000000 ................ 0002140: 00000000 1000bc8f 1c00bf8f 0800e003 ................ 0002150: 2400bd27 00000000 f8ffbd27 0000bcaf $..'.......'.... ... 00023c0: 00000000 00000000 4c43445f 53364430 ........LCD_S6D0 00023d0: 344d3058 32312020 20200000 41333230 4M0X21 ..A320
完成
