The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Image load
iPhone 3GS 8920x from iBoot-636.66
Disassembly
N88AP_iBoot:4FF1D4E0 ; =============== S U B R O U T I N E ======================================= N88AP_iBoot:4FF1D4E0 N88AP_iBoot:4FF1D4E0 ; Attributes: bp-based frame N88AP_iBoot:4FF1D4E0 N88AP_iBoot:4FF1D4E0 ; int __fastcall n88ap__iBoot__image_load(struct MEMZ_STRUCT *mem_info, char *TAG_TYPE, int unknown1, int unknown2) N88AP_iBoot:4FF1D4E0 n88ap__iBoot__image_load ; CODE XREF: n88ap__iBoot__diag_function+8A�p N88AP_iBoot:4FF1D4E0 ; sub_4FF009CC+22�p N88AP_iBoot:4FF1D4E0 ; n88ap__iBoot__go_command+66�p N88AP_iBoot:4FF1D4E0 ; n88ap__iBoot__ramdisk_command_function+7E�p N88AP_iBoot:4FF1D4E0 ; n88ap__iBoot__devicetree_function+7C�p ... N88AP_iBoot:4FF1D4E0 N88AP_iBoot:4FF1D4E0 var_18 = -0x18 N88AP_iBoot:4FF1D4E0 var_14 = -0x14 N88AP_iBoot:4FF1D4E0 oldR4 = -0x10 N88AP_iBoot:4FF1D4E0 oldR5 = -0xC N88AP_iBoot:4FF1D4E0 oldR7 = -8 N88AP_iBoot:4FF1D4E0 oldLR = -4 N88AP_iBoot:4FF1D4E0 N88AP_iBoot:4FF1D4E0 000 PUSH {R4,R5,R7,LR} ; Push registers N88AP_iBoot:4FF1D4E2 010 ADD R7, SP, #8 ; Rd = Op1 + Op2 N88AP_iBoot:4FF1D4E4 010 SUB SP, SP, #8 ; Rd = Op1 - Op2 N88AP_iBoot:4FF1D4E6 018 MOV R5, R3 ; Rd = Op2 N88AP_iBoot:4FF1D4E8 018 LDR R3, [R2] ; Load from Memory N88AP_iBoot:4FF1D4EA 018 MOV R4, R2 ; Rd = Op2 N88AP_iBoot:4FF1D4EC 018 STR R3, [SP,#0x18+var_14] ; Store to Memory N88AP_iBoot:4FF1D4EE 018 LDR R3, [R5] ; param_R3 N88AP_iBoot:4FF1D4F0 018 STR R3, [SP,#0x18+var_18] ; Store to Memory N88AP_iBoot:4FF1D4F2 018 CBZ R0, end_of_error ; Compare and Branch on Zero N88AP_iBoot:4FF1D4F4 018 LDR R2, [R0,#MEMZ_STRUCT.tag.full_size] ; param_R2 N88AP_iBoot:4FF1D4F6 018 CMP R3, R2 ; Set cond. codes on Op1 - Op2 N88AP_iBoot:4FF1D4F8 018 BCS loc_4FF1D502 ; Branch N88AP_iBoot:4FF1D4FA 018 LDR R0, =aImage_loadImageTooLarge_0 ; "image_load: image too large\n" N88AP_iBoot:4FF1D4FC 018 BL N88AP__iBOOT__console_printf ; Branch with Link N88AP_iBoot:4FF1D500 018 B end_of_error ; Branch N88AP_iBoot:4FF1D502 ; --------------------------------------------------------------------------- N88AP_iBoot:4FF1D502 N88AP_iBoot:4FF1D502 loc_4FF1D502 ; CODE XREF: n88ap__iBoot__image_load+18�j N88AP_iBoot:4FF1D502 018 LDR R2, [R0,#MEMZ_STRUCT.id_memz] ; Load from Memory N88AP_iBoot:4FF1D504 018 LDR R3, ='Memz' ; Load from Memory N88AP_iBoot:4FF1D506 018 CMP R2, R3 ; Set cond. codes on Op1 - Op2 N88AP_iBoot:4FF1D508 018 BEQ MemZ_Operation ; Branch N88AP_iBoot:4FF1D50A 018 LDR R3, ='img3' ; Load from Memory N88AP_iBoot:4FF1D50C 018 CMP R2, R3 ; Set cond. codes on Op1 - Op2 N88AP_iBoot:4FF1D50E 018 BNE end_of_error ; Branch N88AP_iBoot:4FF1D510 018 B img3_Operation ; Branch N88AP_iBoot:4FF1D512 ; --------------------------------------------------------------------------- N88AP_iBoot:4FF1D512 N88AP_iBoot:4FF1D512 MemZ_Operation ; CODE XREF: n88ap__iBoot__image_load+28�j N88AP_iBoot:4FF1D512 018 ADD R2, SP, #0x18+var_14 ; Rd = Op1 + Op2 N88AP_iBoot:4FF1D514 018 MOV R3, SP ; Rd = Op2 N88AP_iBoot:4FF1D516 018 BL n88ap__iBoot__blockdev ; Branch with Link N88AP_iBoot:4FF1D51A 018 CBZ R0, loc_4FF1D534 ; Compare and Branch on Zero N88AP_iBoot:4FF1D51C 018 CMP R0, #0x16 ; Set cond. codes on Op1 - Op2 N88AP_iBoot:4FF1D51E 018 BNE end_of_error ; Branch N88AP_iBoot:4FF1D520 018 LDR R3, [R4] ; Load from Memory N88AP_iBoot:4FF1D522 018 STR R3, [SP,#0x18+var_14] ; Store to Memory N88AP_iBoot:4FF1D524 018 LDR R3, [R5] ; Load from Memory N88AP_iBoot:4FF1D526 018 STR R3, [SP,#0x18+var_18] ; Store to Memory N88AP_iBoot:4FF1D528 018 B end_of_error ; Branch N88AP_iBoot:4FF1D52A ; --------------------------------------------------------------------------- N88AP_iBoot:4FF1D52A N88AP_iBoot:4FF1D52A img3_Operation ; CODE XREF: n88ap__iBoot__image_load+30�j N88AP_iBoot:4FF1D52A 018 ADD R2, SP, #0x18+var_14 ; Rd = Op1 + Op2 N88AP_iBoot:4FF1D52C 018 MOV R3, SP ; Rd = Op2 N88AP_iBoot:4FF1D52E 018 BL n88ap__iBoot__blockdev ; Branch with Link N88AP_iBoot:4FF1D532 018 CBNZ R0, end_of_error ; Compare and Branch on Non-Zero N88AP_iBoot:4FF1D534 N88AP_iBoot:4FF1D534 loc_4FF1D534 ; CODE XREF: n88ap__iBoot__image_load+3A�j N88AP_iBoot:4FF1D534 018 LDR R3, [SP,#0x18+var_14] ; Load from Memory N88AP_iBoot:4FF1D536 018 MOVS R0, #0 ; Rd = Op2 N88AP_iBoot:4FF1D538 018 STR R3, [R4] ; Store to Memory N88AP_iBoot:4FF1D53A 018 LDR R3, [SP,#0x18+var_18] ; Load from Memory N88AP_iBoot:4FF1D53C 018 STR R3, [R5] ; Store to Memory N88AP_iBoot:4FF1D53E 018 B loc_4FF1D54A ; Branch N88AP_iBoot:4FF1D540 ; --------------------------------------------------------------------------- N88AP_iBoot:4FF1D540 N88AP_iBoot:4FF1D540 end_of_error ; CODE XREF: n88ap__iBoot__image_load+12�j N88AP_iBoot:4FF1D540 ; n88ap__iBoot__image_load+20�j N88AP_iBoot:4FF1D540 ; n88ap__iBoot__image_load+2E�j N88AP_iBoot:4FF1D540 ; n88ap__iBoot__image_load+3E�j N88AP_iBoot:4FF1D540 ; n88ap__iBoot__image_load+48�j ... N88AP_iBoot:4FF1D540 018 MOV.W R0, #0xFFFFFFFF ; Rd = Op2 N88AP_iBoot:4FF1D544 018 MOVS R3, #0 ; Rd = Op2 N88AP_iBoot:4FF1D546 018 STR R3, [R4] ; Store to Memory N88AP_iBoot:4FF1D548 018 STR R3, [R5] ; Store to Memory N88AP_iBoot:4FF1D54A N88AP_iBoot:4FF1D54A loc_4FF1D54A ; CODE XREF: n88ap__iBoot__image_load+5E�j N88AP_iBoot:4FF1D54A 018 SUB.W SP, R7, #8 ; Rd = Op1 - Op2 N88AP_iBoot:4FF1D54E 018 POP {R4,R5,R7,PC} ; Pop registers N88AP_iBoot:4FF1D54E ; End of function n88ap__iBoot__image_load N88AP_iBoot:4FF1D54E N88AP_iBoot:4FF1D54E ; --------------------------------------------------------------------------- N88AP_iBoot:4FF1D550 ; int off_4FF1D550 N88AP_iBoot:4FF1D550 off_4FF1D550 DCD aImage_loadImageTooLarge_0 N88AP_iBoot:4FF1D550 ; DATA XREF: n88ap__iBoot__image_load+1A�r N88AP_iBoot:4FF1D550 ; "image_load: image too large\n" N88AP_iBoot:4FF1D554 dword_4FF1D554 DCD 'Memz' ; DATA XREF: n88ap__iBoot__image_load+24�r N88AP_iBoot:4FF1D558 dword_4FF1D558 DCD 'img3' ; DATA XREF: n88ap__iBoot__image_load+2A�r N88AP_iBoot:4FF1D55C