Decoding my way through filewrite.c for ixus160, looking at what code_gen.txt is doing. Dumped the start of filewrite the way code_gen does;
tools/capdis -v -s='0xffab8cf0' -c=42 -stubs=platform/ixus160_elph160/sub/100a/ -d ../ixus160/PRIMARY.BIN 0xff810000
then I go thru ARM instructions and operands. Match up ARM instructions to the reference manual. I think I have the PUSH decoded correctly. The next instruction is
ldr r5, =0x0000b584 ; [pc, #448] (0xffab8ebc)
I think, from instruction syntax, that it is
ldr type 3 ldr3 = 32b mem useful for ProgramCounter PC relative data
Paraphrased from the arm v5 ref manual;
# LDR <Rd>, [PC, #<immed_8> * 4]
# Rd is dest register,
# pc is program counter, used to calc mem addr;
# Bit 1 of pc val forced to 0 for this calc,
# such that addr (results?) is word-aligned.
# immed_8 is 8bit val * 4 and added to PC to form mem addr
It must be related, due to Rd = (0xffab8ebc) ... I suspect this, because loc_ffab8eac !!! It's the address written to 7 (jpg) chunk times <from hdr file>. Also suspect this because ldr3 is the only ldr instruction in the ref mentioning PC.
So, what's r5, =blah ? Destination register's position.. we know 0xffab8ebc is dest register's address. The instruction is represented by mix of arm and C syntax;
'#' is GNU arm assm *immediate operand prefix
';' is GNU arm assm *Statement Separator math rules apply? (left hand eval before right)
',' is C *expression to discard previous value
'=' is C *initialization -> assignment expression
'[' is C *punctuators
']' is C *punctuators
'(' C *not sure what form..
')' C *
* are used in the instruction, so it must be.
So,
Before performing [PC, #<immed_8> * 4], we eval r5, =0x0000b584
Meaning, discard what's in r5 and assign 0x0000b584 to it.
Then, discard what's in PC (by comma), and uhh,
0x0000b584 * 4 = 2D610, PC becomes this ?