On Fri, Mar 30, 2018 at 04:14:48AM -0400, Jd Lyons wrote:
FF8906CD: b(:) \ [0x0b7] 0x1cf2 load FF8906D8: 967E FFFC stwu r19,-4(r30) FF8906DC: 7E68 02A6 mflr r19 FF8906E0: 4BFB 68B1 FF846F90 bl b<"> FF8906E4: 05 ... dc.b " load " FF8906EC: 4BFF FEDD FF8905C8 bl boot|load FF8906F0: 4BFF FA19 FF890108 bl (init-program) FF8906F4: 4BFB 5DAC FF8464A0 b exit
FF890865: b(:) \ [0x0b7] 0x1cf8 boot FF890870: 967E FFFC stwu r19,-4(r30) FF890874: 7E68 02A6 mflr r19 FF890878: 4BFB 6719 FF846F90 bl b<"> FF89087C: 05 ... dc.b " boot " FF890884: 4BFF FD45 FF8905C8 bl boot|load FF890888: 4BFF F881 FF890108 bl (init-program) FF89088C: 4BFF FEA5 FF890730 bl go FF890890: 4BFB 5C10 FF8464A0 b exit
It should be possible to decompile the compiled fcode in the same way that the Open Firmware "see" command does.
It is possible (I have done it).
Earlier Mac's (Old World Macs) may have tokenized fcode in their ROM that you can more easily detokenize but some of the words may be unnamed (headerless). I guess the G5 (and other New World Macs) has tokenized fcode somewhere but I don't know where it is - maybe it's compressed?
Yes, many sections are compressed (with LZ77 iirc). Not *all* code is tokenised, but most is. And Apple uses some non-standard FCodes, too (for local variables, most prominently). And their drivers can use anything defined in the "main" OF (so you cannot transplant them to a different machine or a different FW version even).
What jumps out at me, is both ‘load' and ‘boot’ one the G5 call ‘boatload’, would this be the reason that it is trying to execute the Option ROM when I try and ‘load’ it?
"load" does not do "go" (or at least it should not!)
Segher