ARM7 Registers: Difference between revisions
AuroraWright (talk | contribs) No edit summary |
No edit summary |
||
| (5 intermediate revisions by 3 users not shown) | |||
| Line 30: | Line 30: | ||
| <code>u16</code> | | <code>u16</code> | ||
| <code>0x10018104</code> | | <code>0x10018104</code> | ||
| <code> | | <code>ARM7_SAVE_MEMORY_CNT</code> | ||
| 2 | | 2 | ||
|- | |- | ||
| <code>u16</code> | | <code>u16</code> | ||
| <code>0x10018108</code> | | <code>0x10018108</code> | ||
| <code>ARM7_RTC_CNT | | <code>ARM7_RTC_CNT</code> | ||
| 2 | | 2 | ||
|- | |- | ||
| <code>u32</code> | | <code>u32</code> | ||
| <code>0x10018110</code> | | <code>0x10018110</code> | ||
| <code> | | <code>ARM7_RTC_VAL_DATE</code> | ||
| 4 | | 4 | ||
|- | |- | ||
| <code>u32</code> | | <code>u32</code> | ||
| <code>0x10018114</code> | | <code>0x10018114</code> | ||
| <code> | | <code>ARM7_RTC_VAL_TIME</code> | ||
| 4 | | 4 | ||
|- | |- | ||
| <code>u32</code> | | <code>u32</code> | ||
| <code>0x10018118</code> | | <code>0x10018118</code> | ||
| <code> | | <code>ARM7_RTC_VAL_SETTINGS</code> | ||
| 4 | | 4 | ||
|- | |- | ||
| <code>u32</code> | | <code>u32</code> | ||
| <code>0x1001811C</code> | | <code>0x1001811C</code> | ||
| <code> | | <code>ARM7_RTC_VAL_ADJUST</code> | ||
| 4 | | 4 | ||
|- | |- | ||
| <code> | | <code>u32</code> | ||
| <code>0x10018120</code> | | <code>0x10018120</code> | ||
| <code> | | <code>ARM7_SAVE_FLASH_CHIP_ERASE_CYCLES</code> | ||
| | | 4 | ||
|- | |||
| <code>u32</code> | |||
| <code>0x10018124</code> | |||
| <code>ARM7_SAVE_FLASH_SECTOR_ERASE_CYCLES</code> | |||
| 4 | |||
|- | |||
| <code>u32</code> | |||
| <code>0x10018128</code> | |||
| <code>ARM7_SAVE_FLASH_PROGRAM_CYCLES</code> | |||
| 4 | |||
|- | |||
| <code>u32</code> | |||
| <code>0x1001812C</code> | |||
| <code>ARM7_SAVE_EEPROM_WRITE_CYCLES</code> | |||
| 4 | |||
|} | |} | ||
| Line 68: | Line 83: | ||
===ARM7_CODE=== | ===ARM7_CODE=== | ||
This is the | This region is an arm7 bootrom overlay, over the vector table at address 0. Once the ARM7 is taken out of reset by <code>TwlProcess9</code>, the reset vector will be jumped to, beginning execution. <code>TwlProcess9</code> uses this to put ARM7 in a loop (TWL), and to set the <code>POSTFLG</code> and branch to more copied code (GBA). Execution is started by writing <code>0x8001</code> to [[PDN_Registers#LGY_MODE|LGY_MODE]] after setting the mode via <code>ARM7_CNT</code>. Later, this overlay is disabled by the ARM7 via the "biosprot" register (0x04000308). | ||
Reading uninitialized data in this 32-byte region leads to both screens displaying solid green (exception), and the CPU locking up. | Reading uninitialized data in this 32-byte region leads to both screens displaying solid green (exception), and the CPU locking up. | ||
===ARM7_SAVE_MODE=== | ===ARM7_SAVE_MODE=== | ||
This tells the save storage emulation hardware which device type to emulate (64k EEPROM, a 512k Flash chip model, and SRAM are all that have been used officially; several other 512k Flash chip models, two 1 Mbit Flash chip models and | This tells the save storage emulation hardware which device type to emulate (64k EEPROM, a 512k Flash chip model, and SRAM are all that have been used officially; several other 512k Flash chip models, two 1 Mbit Flash chip models and 4k EEPROM are also supported). This comes directly from the [[3DS_Virtual_Console#Footer|ROM footer]]. | ||
===ARM7_SAVE_MEMORY_CNT=== | |||
This register controls whether the GBA save memory region located at <code>0x08080000</code> is accessible to ARM9 or to the ARM7 (via the emulated save chip). When it's set to 0x0 ARM7 has access, while ARM9 has access when it's set to 0x1. | |||
===ARM7_RTC_CNT=== | |||
This register controls the emulated RTC hardware and access to some of its registers. | |||
To set or read the data from ARM7_RTC_VAL_SETTINGS or ARM7_RTC_VAL_ADJUST, first <code>ARM7_RTC_CNT</code>'s bit 15 is waited on. Next <code>ARM7_RTC_CNT</code> is set to zero. | |||
For a write: the two registers are written, a 1 is written to <code>ARM7_RTC_CNT</code>, and it is waited on the same as before. Afterwards if bit 14 is not set in <code>ARM7_RTC_CNT</code>, the value was set successfully. This also starts the emulated RTC. | |||
For a read: a 2 is written to <code>ARM7_RTC_CNT</code>, it's waited on again. Afterwards, if bit 14 is not set, the aforementioned registers can be read. Presumably the hardware can be re-enabled by writing a zero to <code>ARM7_RTC_CNT</code> at this point, but <code>AGB_FIRM</code> does not. | |||
===ARM7_RTC_VAL_DATE / ARM7_RTC_VAL_TIME=== | |||
These registers are set to the current LgyP9 date+time before the other RTC-related registers are used. | |||
They contain the following structure, set up on the stack then both u32 registers are written one after the other: | |||
s8 year_since_2000_bcd; | |||
s8 month_bcd; | |||
s8 day_bcd; | |||
s8 day_of_week; | |||
s8 hour_bcd; | |||
s8 minute_bcd; | |||
s8 second_bcd; | |||
===ARM7_RTC_VAL_SETTINGS=== | |||
This register appears to contain the emulated RTC chip's configuration (accessible via the "control" register on real hardware), containing settings like 12/24-hour mode. Access is controlled by <code>ARM7_RTC_CNT</code> (see above). | |||
===ARM7_RTC_VAL_ADJUST=== | |||
This register appears to contain the emulated RTC chip's time difference, relative to <code>ARM7_RTC_VAL_DATE</code> / <code>ARM7_RTC_VAL TIME</code>, in seconds. Access is controlled by <code>ARM7_RTC_CNT</code> (see above). | |||
=== | ===ARM7_SAVE_FLASH_CHIP_ERASE_CYCLES=== | ||
This register seems to configure the emulated Flash chip to take a specified amount of time to complete a chip erase operation (relative to the DS' ARM7/bus speed). Two variations exist in officially released games, one meant for 512k Flash chips and one for 1 Mbit Flash chips. It is copied from from rom footer + <code>0x10</code>. | |||
===ARM7_SAVE_FLASH_SECTOR_ERASE_CYCLES=== | |||
This register seems to configure the emulated Flash chip to take a specified amount of time to complete a sector erase operation (relative to the DS' ARM7/bus speed). Two variations exist in officially released games, one meant for 512k Flash chips and one for 1 Mbit Flash chips. It is copied from from rom footer + <code>0x14</code>. | |||
===ARM7_SAVE_FLASH_PROGRAM_CYCLES=== | |||
This register seems to configure the emulated Flash chip to take a specified amount of time to complete a program operation (relative to the DS' ARM7/bus speed). Two variations exist in officially released games, one meant for 512k Flash chips and one for 1 Mbit Flash chips. It is copied from from rom footer + <code>0x18</code>. | |||
=== | ===ARM7_SAVE_EEPROM_WRITE_CYCLES=== | ||
This is copied from rom footer + <code> | This register seems to configure the emulated EEPROM chip to take a specified amount of time to complete a write operation (relative to the DS' ARM7/bus speed). Two variations exist in officially released games, one meant for 64k EEPROM chips and one for 4k EEPROM chips. It is copied from from rom footer + <code>0x1C</code>. | ||
==Memory map== | ==Memory map== | ||
| Line 90: | Line 136: | ||
* <code>0x08060000</code> → <code>0x03800000</code>, ARM7 WRAM (64KiB) | * <code>0x08060000</code> → <code>0x03800000</code>, ARM7 WRAM (64KiB) | ||
* <code>0x080B0000</code> → <code>0x03000000</code>, GBA IWRAM (32KiB) | * <code>0x080B0000</code> → <code>0x03000000</code>, GBA IWRAM (32KiB) | ||
* <code>0x08080000</code> → EEPROM/SRAM/Flash 512k/Flash 1Mbit (the 2 512k banks are contiguous in memory). <code> | * <code>0x08080000</code> → EEPROM/SRAM/Flash 512k/Flash 1Mbit (the 2 512k banks are contiguous in memory). Access is controlled by <code>ARM7_SAVE_MEMORY_CNT</code> (see above). <code>0x080C0000</code> holds a mirror which is used by LgyP9 on boot to read the SD savedata before the mode switch, the data is then copied. | ||
* <code>0x01FFC000</code> → <code>0x01000000</code>, ARM9 ITCM under TWL (16KiB) | * <code>0x01FFC000</code> → <code>0x01000000</code>, ARM9 ITCM under TWL (16KiB) | ||