PDA

View Full Version : Help disassembling ROM image



new_castle_j
June 25th, 2017, 08:22 PM
I've got an S-100 board with a Z8 Super-8 processor on it. I've attached the ROM image, can anyone run this thru a disassembler for me? I have not been able to find a disassembler for the Z8, any help is appreciated!
Thank You!!

Chuck(G)
June 25th, 2017, 09:17 PM
I've got IDA that supports Z8, but it doesn't make much sense of the ROM. We are talking about the Zilog Z8, aren't we?


ROM:0000 ; File Name : F:\TEMP\Z8.BIN\Poppy II Z8 boot.BIN
ROM:0000 ; Format : Binary file
ROM:0000 ; Base Address: 0000h Range: 0000h - 1000h Loaded length: 1000h
ROM:0000
ROM:0000 ; Processor: Z8
ROM:0000 ; Target assembler: Zilog Z8 assembler
ROM:0000 ; Byte sex : Big endian
ROM:0000
ROM:0000 ; ================================================== =========================
ROM:0000
ROM:0000 ; Segment type: Pure code
ROM:0000 ; segment ROM
ROM:0000 irq0: .word nullsub_1 ; T0, Serial out
ROM:0002 irq1: .word nullsub_1 ; T0, Serial out
ROM:0004 irq2: .word loc_8EF ; DAV2, IRQ2, TIN, Comparator
ROM:0006 irq3: .word nullsub_1 ; T0, Serial out
ROM:0008 irq4: .word nullsub_1 ; T0, Serial out
ROM:000A irq5: .word sub_954 ; T1
ROM:000C ; ---------------------------------------------------------------------------
ROM:000C
ROM:000C ; public start
ROM:000C start:
ROM:000C ld R0, byte_10A6
ROM:000E ld byte_106F, R0
ROM:0010 dec @R12
ROM:0012 dec @R12
ROM:0014 ld byte_1085, R0
ROM:0016 dec @R12
ROM:0018 dec @R12
ROM:001A ld byte_10DA, R0
ROM:001C dec @byte_1094
ROM:001E ld R0, byte_10AD
ROM:001E ; ---------------------------------------------------------------------------
ROM:0020 unk_20: .byte 4Fh ; O ; CODE XREF: ROM:0926j
ROM:0021 .byte 0E6h ;
ROM:0022 .byte 0D0h ; -
ROM:0023 .byte 0A0h ;
ROM:0024 .byte 0E6h ;
ROM:0025 .byte 0D1h ; -

new_castle_j
June 25th, 2017, 09:59 PM
Thank You Chuck!

Yes, we are talking about the Zilog Z8. However, it is not the main processor on this board, it is referred to as a peripheral processor and supports communication with the main 80188. The board is supposed to accept a PC keyboard and the Z8 we believe is there to support that function. Trying to figure out how they did it.

Chuck(G)
June 25th, 2017, 10:23 PM
Do you have a schematic for the board so we can see how the Z8 is used?

new_castle_j
June 25th, 2017, 10:33 PM
Unfortunately the manual contains no schematic, we've been having to reverse engineer by probing around with a scope and tracing the connections. Also made a custom Monitor program that lets us poke around. It looks like only a small fraction of the disassembly you made was posted, do you have more?

Chuck(G)
June 25th, 2017, 10:44 PM
I can give you the whole thing, but a lot of the ROM data is "unknown"--doesn't disassemble to code. IDA does flow analysis and doesn't disassemble anything that it can't make sense of.

I'll peek at the whole thing and see if I can make more sense of it.

Chuck(G)
June 26th, 2017, 08:40 AM
What's the Z8 chip part number? There were various incarnations--on the Z8611, for example, the external ROM merely extends the 2K on-chip ROM. Whereas, the Z8681 uses only the first 12 bytes of internal ROM and the external ROM starts at location 12.

It matters in how the ROM is interpreted.

new_castle_j
June 26th, 2017, 09:50 AM
I think the question is best answered with a picture:
39344

Chuck(G)
June 26th, 2017, 10:38 AM
Ah, that helps. The Super8 starts execution at 32, not 12 (like a "regular" Z8). I'll see if I can make sense of the ROM. I don't know if I have a Super8-specific disassembler.

new_castle_j
June 27th, 2017, 12:54 PM
I'm posting an attempt to disassemble the ROM. I found a Z8 disassembler online that came with source code, and we modified it by adding support for Super8 specific opcodes. The very first instruction in the ROM is Super8 specific, so that explains why a Z8 disassembler would choke after just getting through the interrupt vectors. If anyone else can come up with a better disassembly, please let me know!
Thank You!

Chuck(G)
June 27th, 2017, 01:00 PM
I think I can do just as well or better (thanks to IDA's flow analysis). I can probably just declare the new opcode bytes as data. Do you have a quick summary of the new ones and their encodings? It would save me a bit of trouble looking them up.

crazybrit
January 15th, 2018, 08:41 PM
I found a Z8 disassembler online that came with source code, and we modified it by adding support for Super8 specific opcodes.

Do you have the URL for the dissassembler? I have a Z8613-12RS (Z8 4K XROM) which is the protopack version with a piggy back 2732 EPROM. I'd like to disassemble the contents of the EPROM.