GFA Debugger - Trap#6 exception

All 680x0 related coding posts in this section please.

Moderators: exxos, simonsunnyboy, Mug UK, Zorro 2, Moderator Team

tcat
Atari freak
Atari freak
Posts: 73
Joined: Fri May 03, 2013 6:00 am

GFA Debugger - Trap#6 exception

Postby tcat » Sun Nov 27, 2016 3:33 pm

Hi,

I have GFA Assembler disk, it has assembler and I also got GFA debugger to go along with it.
It works just fine, except debugger raises an exception.

I started this post here in `Application' section,
viewtopic.php?f=14&t=30764&p=306199#p306147

I have never debugged anything on ATARI, but I wish to find out the problem, I may be close as it seems the debugger fails over user defined Trap #6.

Any ideas much appreciated.
Many thanks
Tomas

tcat
Atari freak
Atari freak
Posts: 73
Joined: Fri May 03, 2013 6:00 am

Re: GFA Debugger - Trap#6 exception

Postby tcat » Tue Nov 29, 2016 8:58 am

Hi,

Now I see why `GFA-DBG.PRG' bombs on start with an exeception. It simply does not have Trap#6 handler installed. I do not understand, as in the manual it declares it uses Trap#6 for internal memory access.

I coded this little routine to install a "hook" on Trap#6 to aid debugging. It is far from perfect, as it does not return in User mode, also return address is not exactly right.

However, `GFA-DBG.PRG' with this handler installed does not bomb on start any longer. I can even run "L" and "D" commands, also "QUIT". Other commands will not work as the handler provides no memory access, it only returns to the caller.

Code: Select all

* program to install a helper for debugging:
* simply provide a ram "hook" on trap 6.
*
* TODO: return in User mode with USP reset
* as currently returns in Super mode
* Deduce memory access routine for `GFA-DBG.PRG'
*
* compiled with Atari MADMAC macro assembler
* linked with Atari ALN linker
*

        .include atari

        .text
        Super                   ; Macro enter Super mode
        move.l  #ntrap6,$98     ; Install Trap#6 handler
        User                    ; Macro enter User mode
        Ptermres #$180,#0       ; Macro terminate to GEM

ntrap6:                         ; Handler for Trap#6
        move.l  usp,a0          ; Save
        move.l  a0,tr6ret       ;   USP for future use
        lea     4(a0),sp        ; Fetch return address
        nop
        nop                     ; TODO some processing to happen here
        nop
        rts                     ; Return from Trap

        .bss
tr6ret: ds.l    1               ; Saved USP

        end


How can I return in User mode with correct return address?

Many thanks
Tomas

tcat
Atari freak
Atari freak
Posts: 73
Joined: Fri May 03, 2013 6:00 am

Re: GFA Debugger - Trap#6 exception

Postby tcat » Tue Nov 29, 2016 6:03 pm

Hi,

I have a revised version of the Trap#6 handler routine.

I realised that `RTE' instruction should generaly be used in Trap/Exception routines, to return back, as it seems caring for switching to User mode, also resumes at address after the call.

However I needed to fetch a return address that is explicitly pushed onto the stack by `GFA-DBG.PRG'.
Code excerpt, calling to Trap#6>>>

Code: Select all

74cb2    pea $74ccc          ; push return address
...
74cc6    jmp $716c8          ; calling to Trap#6 hapens here
74ccc    ...                 ; code from trap handler should return here
74cd2    rts


EDIT: comment `Ptermres'

Revised Trap#6 handler>>>

Code: Select all

* `RAMTRAP6.S'  - Trap#6 memory handler
*  assemble & install before running `GFA-DBG.PRG'
*
* TODO:
* Deduce memory access routine for `GFA-DBG.PRG'
*
* assemble with Atari MADMAC macro assembler
* link with Atari ALN linker
*

        .include atari

        .text
        Super                   ; Macro enter Super mode
        move.l  #ntrap6,$98     ; Install Trap#6 handler
        User                    ; Macro enter User mode
        Ptermres #$180,#0       ; Macro terminate and stay resident, $180 bytes reserved

ntrap6:                         ; Handler for Trap#6
        move.l  usp,a0          ; Save user stack
        move.l  a0,tr6ret       ;  for future use
        clr.l   -(sp)           ; 0=OK result
        move.w  #$20,-(sp)      ; Enter
        trap    #1              ;  User mode
        addq.l  #6,sp           ; Correct stack, l+w=6bytes

                                ; TODO: some memory processing here

        move.l  tr6ret,sp       ; Restore user stack
        rts                     ; Return from trap


        .bss
tr6ret: ds.l    1               ; Saved USP user stack

        end


GFA Debugger can now support "D", "L", "QUIT" commands.
I wish to disassemble `GFA-DBG.PRG' to a file.

Can anynone suggest a good disassembler outputting to a file, ideally anotating GEM/DOS calls?

Many thanks in advance.
Tomas
Last edited by tcat on Wed Nov 30, 2016 11:01 am, edited 4 times in total.

User avatar
simonsunnyboy
Moderator
Moderator
Posts: 4844
Joined: Wed Oct 23, 2002 4:36 pm
Location: Friedrichshafen, Germany
Contact:

Re: GFA Debugger - Trap#6 exception

Postby simonsunnyboy » Tue Nov 29, 2016 6:05 pm

EasyRider was once recommended as a decent disassembler on the ST to me. It works quite well.
Simon Sunnyboy/Paradize - http://paradize.atari.org/ - STOT: http://www.npoi.de/stot/

Stay cool, stay Atari!

1x2600jr, 1x1040STFm, 1x1040STE 4MB+TOS2.06+SatanDisk, 1xF030 14MB+FPU+NetUS-Bee

Jabber: simonsunnyboy@atari-jabber.org

tcat
Atari freak
Atari freak
Posts: 73
Joined: Fri May 03, 2013 6:00 am

Re: GFA Debugger - Trap#6 exception

Postby tcat » Thu Dec 01, 2016 12:03 pm

Hi Simone,

Many thanks.
`EasyRider' is excellent. I have disassembled GFA-Debugger with it. Just looking into the code, I do not see the logic yet as Trap#6 seems never installed.

The code makes calls to Malloc/Mfree at various places. At start it requests $2000 bytes, then it smashes register D0, that has the memory base just allocated, with a flag $3F. Than it calls Trap#6 and stores D0=$3F as a reference to this memory block.

Based on this, updated Trap#6 handler here>>>

Code: Select all

* `RAMTRAP6.S'  - Trap#6 memory handler
*  assemble & install before running `GFA-DBG.PRG'
*
* TODO:
* Deduce memory access routine for `GFA-DBG.PRG'
*
* assembled with Atari MADMAC macro assembler
* linked with Atari ALN linker
*

        .include atari

        .text
        Super                   ; Macro enter Super mode
        move.l  #ntrap6,$98     ; Install Trap#6 handler
        User                    ; Macro enter User mode
        Ptermres #$180,#0       ; Macro terminate and stay resident
                                ;  $180 bytes reserved
                                ;  0=OK result

ntrap6:                         ; Handler for Trap#6
        move.l  a0,-(sp)        ; Save A0
        move.l  usp,a0          ;  user stack
        move.l  a0,tr6ret

        cmp.l   #$3f,d0         ; Flag 3F?
        beq.b   flag3f 
        bra.b   usr             ; No, Goto user mode
flag3f: move.l  d1,d0           ; Yes, Restore D0 Malloc/Mfree base

usr:    clr.l   -(sp)           ; 0=Keep D0
        move.w  #$20,-(sp)      ; Enter
        trap    #1              ;  user mode
        addq.l  #6,sp           ; Correct stack, l+w=6bytes

                                ; TODO: some memory processing here

        movea.l (sp)+,a0        ; Restore A0
        movea.l tr6ret,sp       ; Restore user stack
        rts                     ; Return from trap


        .bss
tr6ret: ds.l    1

        end


I also attach GFA-Debugger disassembly, so anyone can follow what I am up to. Any tips are greatly appreciated.

With `RAMTRAP6' installed, GFA-Debugger can intercept all commands as per the user manual, however does not recognise parameters.

gfa-dbg.q.zip


Could it be that the code is obfuscated as part of some s/w protection?
Many thanks in advance.

Tomas
You do not have the required permissions to view the files attached to this post.

tcat
Atari freak
Atari freak
Posts: 73
Joined: Fri May 03, 2013 6:00 am

Re: GFA Debugger - Trap#6 exception

Postby tcat » Fri Dec 02, 2016 3:10 pm

Hi,

I am not able to make much progress, but I have a new observation. I tried to also debug `GFA-DBGA.PRG' which is a companion resident debugger version. And I was surprised to see a TRAP#6 handler installed.

GFA-DBGA.PRG - resident version.png

This gave me a new hope, so I also disassembled `GFA-DBGA.PRG', now trying to compare the results.
I am lead to beleive the codes should be almost identical except a few initial branches, in fact they differ a lot more.

Conclusion>>>
`GFA-DBG.PRG' - transient version does not install TRAP#6
`GFA-DBGA.PRG' - resident version DOES install trap handler

Tomas
You do not have the required permissions to view the files attached to this post.

tcat
Atari freak
Atari freak
Posts: 73
Joined: Fri May 03, 2013 6:00 am

Re: GFA Debugger - Trap#6 exception

Postby tcat » Sat Dec 03, 2016 8:58 pm

Hi,

Comparing both disassemblies further, proved that binaries are corrupt. Furtunately each binary seems corrupt at different place, as the codes are almost identical I can try to patch good parts between them.

Resident debugger version seems corrupt only in one part, while transient one quite many.
I enclose disassembly of `GFA-DBGA.PRG' too, so anyone can follow.
gfa-dbga.q.zip


I will then try to re-assemble modified source, what could also come in handy, some kind of monitor program that would allow modifing code while debuging it.

Any good monitor programs to recommend?

BTW, this seems TRAP#6 handler>>>

Code: Select all

L00D6:DC.B      ' O\',$88,'#',$C8
      DC.L      L097E
      DC.B      'Ns'
      DC.L      L00ED
      DC.B      'Debugger'
L00D7:JMP       (A0)
L00D8:BSR.S     L00DF
L00D9:BSR.S     L00DF
L00DA:BSR.S     L00DF
L00DB:BSR.S     L00DF
L00DC:BSR.S     L00DF
L00DD:BSR.S     L00DF
L00DE:BSR.S     L00DF
      NOP
L00DF:MOVEM.L   A0-A6/D0-D7,L08D2
      MOVE.L    (A7)+,D6
      SUBI.L    #L00D9,D6
      MOVE.W    L08D8,L08DA
      MOVE.W    (A7)+,L08D8
      ...
      ...
      RTE


Many thanks.
Tomas
You do not have the required permissions to view the files attached to this post.

tcat
Atari freak
Atari freak
Posts: 73
Joined: Fri May 03, 2013 6:00 am

Re: GFA Debugger - Trap#6 exception

Postby tcat » Fri Dec 09, 2016 8:48 pm

Hi,

I have patched by hand a portion of `gfa-dbga.q' disassembly, that required some 352 label relocations.
That is just a first try, and now I wish to re-assemble back to the executable, so I can test further.
I use ER Macro Assembler found on the `EasyRider' disk, altough assembly gives no errors, I am not getting any program generated.

Perhaps I am just missing some command line option?
Can anyone please help, perhaps if there is a `handbuch' available somewhere?
Many thanks.

Tomas
EasyRider Assembler.png
You do not have the required permissions to view the files attached to this post.

tcat
Atari freak
Atari freak
Posts: 73
Joined: Fri May 03, 2013 6:00 am

Re: GFA Debugger - Trap#6 exception

Postby tcat » Wed Dec 14, 2016 10:49 am

Hi,

I discovered that my copy of ER Assembler is also corrupt, what a bad luck. Although it does assemble example code provided on the disk, it does not generate executable either.

The advantage of ER Assembler probably is, it can process output from ER Disassembler directly without need of any code reformatting.

So I took `CONVERT.PRG' tool recommended here at the forum, reformatted assembly listing, and assembled using GFA-Assembler.

The binary has the size of 66750 bytes, exactly same as the corrupt original, a promissing indication, that I may be close.

Indeed, resident debugger now seems to process all commands as per manual.
gfa-dbga.prg - resident debugger version.png


Although it does things, it may not be perfect, as I did not relocate symbols around some vectors, I believe might be jump tables. Simply I do not know what to do about them, they look like this.

Code: Select all

L0824:DC.L      L052A
      DC.L      L052C
      DC.L      L0528
      DC.L      L052D
      DC.L      L0544
      DC.L      L0535
      DC.L      L0537
      DC.L      L0486
L0825:DC.L      L0580
      DC.L      L056E
      DC.L      L056F
      DC.L      L0570
      DC.L      L0571
      DC.L      L0572
      DC.L      L0573
      DC.L      L0574
      DC.L      L0580
      DC.L      L0580


EDIT Jan-12'17, as of today all pathed references reclocated in jump tables as well

Tomas
You do not have the required permissions to view the files attached to this post.
Last edited by tcat on Thu Jan 12, 2017 10:37 am, edited 1 time in total.

tcat
Atari freak
Atari freak
Posts: 73
Joined: Fri May 03, 2013 6:00 am

Re: GFA Debugger - Trap#6 exception

Postby tcat » Mon Dec 19, 2016 11:18 am

Hi,

I am attaching GFA-Assembler updated image.
gfa_assembleur2.st

Code: Select all

image 724K contains:
assemble.ec*   contenu.txt*  gfa-asm.inf*   kompat.mon*    printer.hex*
assemble.key*  convert.prg*  gfa-asm.prg*   make_hex.is*
atari.is*      demo.txt*     gfa-dbga.prg*  make_hex.ttp*
call_deb.prg*  desktop.inf*  gfa-dbg.prg*   printer.cfg*
329K used


Updated contents:
`gfa-dbga.prg' - patched, tested, TODO relocate a few jumps in a table
`call_deb.prg' - reassembled, recoded, corrected
`convert.prg' - reassembled, recoded, corrected
`contentu.txt' - updated

EDIT Jan-12'17, as of today all pathed references reclocated in jump tables as well

NOTE
`gfa-dbg.prg' - remains as is from the original, has more problems, needs more work to do

Original (corrupt) image can be found here:
http://atariforce.free.fr/stapps1u.htm

Manuals:
http://dev-docs.atariforge.org/files/GFA_Assembler.pdf
http://dev-docs.atariforge.org/files/GFA_Debugger.pdf

You may test and help to improve further.

Tomas
You do not have the required permissions to view the files attached to this post.
Last edited by tcat on Fri Jan 13, 2017 10:43 am, edited 1 time in total.

tcat
Atari freak
Atari freak
Posts: 73
Joined: Fri May 03, 2013 6:00 am

Re: GFA Debugger - Trap#6 exception

Postby tcat » Sun Jan 08, 2017 9:54 am

Hi,

I have now patched `gfa-dbg.prg', transient debugger version, resutling in the binary size same as corrupt original.
This is possibly best I could do just by patching between two code variants, and without any reengineering skills.

EDIT image update Jan-12'17
Please find updated image, which is almost restored to the original version.
gfa_assembleur2.st

NOTE
`gfa-dbga.prg' - 1 patch with relocations
`gfa-dbg.prg' - 3 patches with relocations

Both variants tested, generally supporting all commands.
Inline assembly works, (nice feature to modify just debugged code), trap catching and monitoring works.

Direct assembly execution using `!' e.g. "! moveq #1,d0", works so far only in `gfa-dbga.prg', as `!' is not recognised in `gfa-dbg.prg'. (perhaps easy to fix)

Command `is' does not work properly, is difficult for me to fix. It dumps code and convert into `'tokenised' GFA .is format.

I will try to also share commented disassembly, so anyone with more skills than me may follow, and possibly help.
EDIT sharing now
gfa-dbga-1.zip

gfa-dbg-2.zip


NOTE it seems that debugger can now debug itself :-)

Tomas
You do not have the required permissions to view the files attached to this post.


Social Media

     

Return to “680x0”

Who is online

Users browsing this forum: No registered users and 2 guests