• State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 21 subscribers
  • Views 2112 views
  • Users 0 members are here
2025 survey

We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.

Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MON51 hack

Chris Ford

First let me describe a little bit about our system:

It is not von-neuman, and the main code executes from OTP (One Time Programable) memory. there is also a small amount of XRAM, and code can also be executed from there too.

When executing from OTP, we are unable to use MOVX to read or write CODE. We can use MOVC read CODE.

When executing from XRAM, we are unable to use MOVX to read or write XDATA. We can use both MOVC and MOVX to read CODE.

Despite being OTP, we do have the ability to dynamically patch an small number of quads of OTP code at any address to whatever value we choose.

My belief is that all the elements that are needed to execute a MON51 stub from OTP are present. We can patch code to jump to the stub on a break point, and code can be read through the MOVC to keep adjacent instructions coherent in the patch?

My question is, does anyone have any experience or deep working knowledege of the MON51 that can point me to section that inserts the jumps that set and clear break points? Are there any thoughts about how to modify this with minimum impact on the stub?

Thanks in advance,

Chris.

Parents
  • 0

    All you need to do for implementing MON51 is providing the functions that are described at the end of INSTALL.A51:

    ;********************************************************************
;*  Interface via standard 8051 UART                                *
;********************************************************************
SER_INT_ADR     EQU     23H             ; ADDRESS OF SERIAL INTERRUPT VECTOR
SER_INT_ADR_OFF EQU (INT_ADR_OFF + SER_INT_ADR)

INSTAT:         MOV     C,RI            ; INPUT STATUS OF SERIAL INTERFACE
                RET

OUTSTAT:        MOV     C,TI            ; OUTPUT STATUS OF SERIAL INTERFACE
                RET

INCHAR:         MOV     A,SBUF          ; CHARACTER INPUT-ROUTINE
                RET

OUTCHAR:        MOV     SBUF,A          ; CHARACTER OUTPUT-ROUTINE
                RET

CLR_TI:         CLR     TI              ; CLEAR SERIAL TRANSMIT INTERRUPT FLAG
                RET

SET_TI:         SETB    TI              ; SET SERIAL TRANSMIT INTERRUPT FLAG
                RET

CLR_RI:         CLR     RI              ; CLEAR SERIAL RECEIVE INTERRUPT FLAG
                RET

CLR_SER_IE:     CLR     ES              ; CLEAR SERIAL INTERRUPT ENABLE FLAG
                RET

SET_SER_IE:     SETB    ES              ; SET SERIAL INTERRUPT ENABLE FLAG
                RET

BEFORE_GO:                              ; this code is executed before a
                RET                     ; a go or proc step is executed

AFTER_GO:                               ; this code is executed after a go
                RET                     ; command (when a breakpoint was set)

WR_CODE:        MOVX    @DPTR,A         ; insert different code here, but
                RET                     ; do not change any other register
                                        ; without saving it

    So you are correct, MON51 is very flexible (and the variant of it FlashMON51 is maybe even more flexible).

Reply
  • 0

    All you need to do for implementing MON51 is providing the functions that are described at the end of INSTALL.A51:

    ;********************************************************************
;*  Interface via standard 8051 UART                                *
;********************************************************************
SER_INT_ADR     EQU     23H             ; ADDRESS OF SERIAL INTERRUPT VECTOR
SER_INT_ADR_OFF EQU (INT_ADR_OFF + SER_INT_ADR)

INSTAT:         MOV     C,RI            ; INPUT STATUS OF SERIAL INTERFACE
                RET

OUTSTAT:        MOV     C,TI            ; OUTPUT STATUS OF SERIAL INTERFACE
                RET

INCHAR:         MOV     A,SBUF          ; CHARACTER INPUT-ROUTINE
                RET

OUTCHAR:        MOV     SBUF,A          ; CHARACTER OUTPUT-ROUTINE
                RET

CLR_TI:         CLR     TI              ; CLEAR SERIAL TRANSMIT INTERRUPT FLAG
                RET

SET_TI:         SETB    TI              ; SET SERIAL TRANSMIT INTERRUPT FLAG
                RET

CLR_RI:         CLR     RI              ; CLEAR SERIAL RECEIVE INTERRUPT FLAG
                RET

CLR_SER_IE:     CLR     ES              ; CLEAR SERIAL INTERRUPT ENABLE FLAG
                RET

SET_SER_IE:     SETB    ES              ; SET SERIAL INTERRUPT ENABLE FLAG
                RET

BEFORE_GO:                              ; this code is executed before a
                RET                     ; a go or proc step is executed

AFTER_GO:                               ; this code is executed after a go
                RET                     ; command (when a breakpoint was set)

WR_CODE:        MOVX    @DPTR,A         ; insert different code here, but
                RET                     ; do not change any other register
                                        ; without saving it

    So you are correct, MON51 is very flexible (and the variant of it FlashMON51 is maybe even more flexible).

Children
No data