Memory layout

219,586pages on
this wiki
Add New Page
Discuss this page2 Share

Segment 0x00000000

Image offset Length Mapped address Description
N/A 0x3FF 0x0 Hardware defined direct address area. Used by DMOV(B,H) instructions. The low 0xFF is byte, the low 0x1FF is half-word sized addressing, and the full 0x3FF is used for full-words. See the Fujitsu docs p.23 for more details. It is used frequently in the CPU firmware, less in the main portion.
0x008155BA n/a 0x000D55BA Origin of the initial pointer to Int 00, the first code that should be executed when the camera is powered on if Fujitsu's specs are followed.
0x00800000 0x40000 0x0(?), 0x000C0000 The CPU firmware is located in the last 0x40000 bytes of the file. (Thanks kpsch...) It appears to be loaded in memory at two locations, with the higher locations being executed and the lower used for various data functions. The portions at 0x0 are partially overwritten by the direct address area, and other data. It is possible that only portions are copied from 0x000C0000 to 0x0.
0x0083FC00 0x400 0x000FFC00 This is the default location pointed to by tbr at startup, the default interrupt vector table. Handles a very limited number of vectors, but Int 00 should be the root entry point when the camera is powered on...

Segment 0x10000000

Image offset Length Mapped address Description
0x00000000 0x840000 0x10000000 Set at firmware flash (?)
0x00003C00 0x400 0x10003C00 Another vector table (?) [kps]
0x00008000 n/a 0x10008000 Address of the first piece of code to be found in the file, and is also the function in the main firmware which sets the TBR.
0x000F0000 n/a 0x100F0000 Int00 from the vector table used by the main firmware. This may be the entry point of the program by logic, but the Fujitsu specs indicate that Int 00 will always be the value from the vector table in lower memory @(0xFFFFC), so this needs to be looked into... more.
0x00400000 N/A 0x10400000 The routine at 0x1046A27A indicates that the CPU firmware starts at 0x10400000 and possibly ends 0x40000 before EOF. The routine also indicates the DSP firmware starts at offset 0x00800000.
0x005A39D0 0x228 0x105A39D0 Table of full stop interval shutter speed values from 30s to 1/4000s, expressed as ordered pairs of half-word values in numerator, denominator order.
0x005A3BF8 0x228 0x105A3BF8 Table of half stop interval shutter speeds organized as above.
0x005A3E20 0xA2 0x105A3E20 Table of third stop ISO values containing only one of each possible value. Used for reverse lookup to the 0-82 format used as input for the functions found thus far which use the ISO tables.
0x005A3EC2 0xA2 0x105A3EC2 Table of full stop interval half-word sized ISO values from 6-6400, followed by a table for third stop values then a table for half stop values.
0x0045A63E - 0x1045A63E Three subroutines which look up numerical ISO values from the tables above. (Rule 34)
0x0045AD4C - 0x1045AD4C A subroutine to match an ISO value to a table. (Rule 34)
0x004A4D7E - 0x104A4D7E Three more ISO lookup subroutines. (Rule 34)
0x004F0288 - 0x104F0288 Subroutines for yet more lookup of various ISOs and strings. These look up values from 50-3200 (and AUTO) rather than 6-6400. (Rule 34)
0x004F0EEE - 0x104F0EEE Subroutine to print color temperature strings
0x004F1742 - 0x104F1742 Subroutine to print EV compensation strings
0x004F48CA - 0x104F48CA Subroutine to print a decimal string
0x004F4962 - 0x104F4962 Subroutine to print a hexadecimal string
0x005248E0 - 0x105248E0 Subroutine to print debugging information
0x005C2EBC - 0x105C2EBC ISO value strings
0x005C2F48 - 0x105C2F48 Color temperature value strings
0x005C3210 - 0x105C3210 Exposure compensation value strings

Segment 0x80000000

Image offset Length Mapped address Description
0x000F03C0 0x000448 0x80000000 At PC 0x100F0066, a block of code (0x100F03C0-0x100F0807) is copied at runtime to address 0x80000000. At PC 0x100F0894, there is a jump to 0x80000002 (0x100F03C2) where some genuine code resides indeed.
0x00008154 0x000234 0x80000448 Found some more copying code to segment 0x80000000 (Klak).
0x00008388 0x00137E 0x8000067C Found some more copying code to segment 0x80000000 (Klak).
0x00009708 0x0028C3 0x800019FC Unconfirmed (Klak).

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Also on Fandom

Random wikia