• Please review our updated Terms and Rules here

Help disassembling ROM image

N

new_castle_j

Experienced Member
Joined
Dec 3, 2011
Messages
361
Location
Texas, USA
I've got an S-100 board with a Z8 Super-8 processor on it. I've attached the ROM image, can anyone run this thru a disassembler for me? I have not been able to find a disassembler for the Z8, any help is appreciated!
Thank You!!
 

Attachments

  • Poppy II Z8 boot.zip
    2.4 KB · Views: 3
I've got IDA that supports Z8, but it doesn't make much sense of the ROM. We are talking about the Zilog Z8, aren't we?

Code: 
ROM:0000 ; File Name   : F:\TEMP\Z8.BIN\Poppy II Z8 boot.BIN
ROM:0000 ; Format      : Binary file
ROM:0000 ; Base Address: 0000h Range: 0000h - 1000h Loaded length: 1000h
ROM:0000
ROM:0000 ; Processor:        Z8
ROM:0000 ; Target assembler: Zilog Z8 assembler
ROM:0000 ; Byte sex        : Big endian
ROM:0000
ROM:0000 ; ===========================================================================
ROM:0000
ROM:0000 ; Segment type: Pure code
ROM:0000 ; segment ROM
ROM:0000 irq0:           .word nullsub_1         ; T0, Serial out
ROM:0002 irq1:           .word nullsub_1         ; T0, Serial out
ROM:0004 irq2:           .word loc_8EF           ; DAV2, IRQ2, TIN, Comparator
ROM:0006 irq3:           .word nullsub_1         ; T0, Serial out
ROM:0008 irq4:           .word nullsub_1         ; T0, Serial out
ROM:000A irq5:           .word sub_954           ; T1
ROM:000C ; ---------------------------------------------------------------------------
ROM:000C
ROM:000C                 ; public start
ROM:000C start:
ROM:000C                 ld      R0, byte_10A6
ROM:000E                 ld      byte_106F, R0
ROM:0010                 dec     @R12
ROM:0012                 dec     @R12
ROM:0014                 ld      byte_1085, R0
ROM:0016                 dec     @R12
ROM:0018                 dec     @R12
ROM:001A                 ld      byte_10DA, R0
ROM:001C                 dec     @byte_1094
ROM:001E                 ld      R0, byte_10AD
ROM:001E ; ---------------------------------------------------------------------------
ROM:0020 unk_20:         .byte  4Fh ; O          ; CODE XREF: ROM:0926j
ROM:0021                 .byte 0E6h ; µ
ROM:0022                 .byte 0D0h ; -
ROM:0023                 .byte 0A0h ; á
ROM:0024                 .byte 0E6h ; µ
ROM:0025                 .byte 0D1h ; -
 
Thank You Chuck!

Yes, we are talking about the Zilog Z8. However, it is not the main processor on this board, it is referred to as a peripheral processor and supports communication with the main 80188. The board is supposed to accept a PC keyboard and the Z8 we believe is there to support that function. Trying to figure out how they did it.
 
Unfortunately the manual contains no schematic, we've been having to reverse engineer by probing around with a scope and tracing the connections. Also made a custom Monitor program that lets us poke around. It looks like only a small fraction of the disassembly you made was posted, do you have more?
 
I can give you the whole thing, but a lot of the ROM data is "unknown"--doesn't disassemble to code. IDA does flow analysis and doesn't disassemble anything that it can't make sense of.

I'll peek at the whole thing and see if I can make more sense of it.
 
What's the Z8 chip part number? There were various incarnations--on the Z8611, for example, the external ROM merely extends the 2K on-chip ROM. Whereas, the Z8681 uses only the first 12 bytes of internal ROM and the external ROM starts at location 12.

It matters in how the ROM is interpreted.
 
Ah, that helps. The Super8 starts execution at 32, not 12 (like a "regular" Z8). I'll see if I can make sense of the ROM. I don't know if I have a Super8-specific disassembler.
 
I'm posting an attempt to disassemble the ROM. I found a Z8 disassembler online that came with source code, and we modified it by adding support for Super8 specific opcodes. The very first instruction in the ROM is Super8 specific, so that explains why a Z8 disassembler would choke after just getting through the interrupt vectors. If anyone else can come up with a better disassembly, please let me know!
Thank You!
 

Attachments

  • Super8asm.zip
    10.1 KB · Views: 6
I think I can do just as well or better (thanks to IDA's flow analysis). I can probably just declare the new opcode bytes as data. Do you have a quick summary of the new ones and their encodings? It would save me a bit of trouble looking them up.
 
new_castle_j said:
I found a Z8 disassembler online that came with source code, and we modified it by adding support for Super8 specific opcodes.
Click to expand...

Do you have the URL for the dissassembler? I have a Z8613-12RS (Z8 4K XROM) which is the protopack version with a piggy back 2732 EPROM. I'd like to disassemble the contents of the EPROM.
 
You must log in or register to reply here.
Back
Top