Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
13th October 2008, 19:59 | #221 | Link |
Guest
Posts: n/a
|
This happens about 20 times:
Code:
#002843 TRAP_AddWithCarry (001EBC60, 001EDC60, 0000000F); Register error at trap number 2843: post_reg_snapshot: 00000000 00000000 001EBC60 001EFC60 001EFC60 0002282C 0000000F 00000190 00000190 001EFAD0 0000001F 000079E0 001EBAD0 001EDAD0 00000020 00000080 00000200 000088B8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000994B0 001EBA64 001EFAD8 00059488 post_reg_execute: 00000000 00000001 001EBC60 001EFC60 001EFC60 0002282C 0000000F 00000190 00000190 001EFAD0 0000001F 000079E0 001EBAD0 001EDAD0 00000020 00000080 00000200 000088B8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000994B0 001EBA64 001EFAD8 00059488 Memory Error at trap 2843 Also: Code:
#002963 TRAP_MultiplyWithRipple(001EDBE4, 001EEB5C, 0000002F, E9DE141D); java.lang.ArrayIndexOutOfBoundsException at java.lang.System.arraycopy(Native Method) at bdvm.bdsvm_player_traps.MultiplyWithRipple(bdsvm_player_traps.java:688) at bdvm.bdsvm_player_interface.TRAP_handler(bdsvm_player_interface.java:669) |
13th October 2008, 20:53 | #222 | Link |
Guest
Posts: n/a
|
Could you please post the values at src and dst so i can verify it? TRAP_AddWithCarry returns only '1' if the resulting number is one byte longer than both input numbers which can only happen if an overflow occurred.
You obviously have a modified version of the debugger (a branch). Why don't you upload your changes to the repository? Edit: i found the problem. It's again the inability of java to tread unsigned numbers correctly. I have uploaded a workaround. Please report back if there are still issues with those traps. All our values are unsigned and java only knows signed numbers Last edited by Oopho2ei; 13th October 2008 at 22:08. |
13th October 2008, 23:53 | #223 | Link |
Guest
Posts: n/a
|
I only re-added the automatic loading of post-break-snapshots so that I could let it run past the first TRAP_Finish again (otherwise there's no way to get to all those trap-tests). Since you did not like the way it was implemented, I did not want to add it to the repository again. Anyway, apart from that small change, I always use the newest version from the repository, especially I do not interfere with the implementation of traps or parameter checks.
TRAP_AddWithCarry and TRAP_MultiplyWithRipple are fine now. Next problematic one is this: Code:
#003895 TRAP_Aes (001EE288, 001EE298, 00000000, 001EE238, FFF10000); Register error at trap number 3895: post_reg_snapshot: 00000000 00000000 00000000 00000000 0002282C 001EE298 001EE288 001EE238 001EE1D8 001EE248 001EE228 0003EC44 001EE198 001EE218 001EE158 00000200 00000200 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000994B0 001EE0DC 001EFAD8 00062764 post_reg_execute: 00000000 80000001 00000000 00000000 0002282C 001EE298 001EE288 001EE238 001EE1D8 001EE248 001EE228 0003EC44 001EE198 001EE218 001EE158 00000200 00000200 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000994B0 001EE0DC 001EFAD8 00062764 another example: Code:
#003899 TRAP_Aes (001EE288, 001EE248, 00000004, 001EE238, FFF10000); Register error at trap number 3899: post_reg_snapshot: 00000000 00000000 00000000 00000000 0002282C 001EE298 001EE288 001EE238 001EE1D8 001EE248 001EE228 00000000 001EE198 001EE218 001EE158 00000200 00000200 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000994B0 001EE0DC 001EFAD8 00062978 post_reg_execute: 00000000 80000001 00000000 00000000 0002282C 001EE298 001EE288 001EE238 001EE1D8 001EE248 001EE228 00000000 001EE198 001EE218 001EE158 00000200 00000200 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000994B0 001EE0DC 001EFAD8 00062978 Byte 1EE288: snapshot: 3A execute: 00 Byte 1EE289: snapshot: D7 execute: 00 Byte 1EE28A: snapshot: 7B execute: 00 Byte 1EE28B: snapshot: B4 execute: 00 ... Byte 1EE2C4: snapshot: 04 execute: 00 Byte 1EE2C5: snapshot: 72 execute: 00 Byte 1EE2C6: snapshot: 5D execute: 00 Byte 1EE2C7: snapshot: D4 execute: 00 Memory Error at trap 3899 Code:
#004006 TRAP_DeviceDiscovery (00000002, 00000000, 001EE854, 001EE7D0); Register error at trap number 4006: post_reg_snapshot: 00000000 00000000 001EF850 0000000F 0002282C 001EE854 00000009 00000000 001EE854 00000000 00000080 00000027 07D6060D 00000000 00000000 FFFFFFC4 07D6060D 00000000 001EE7D0 0005CC60 001EF814 001EFAD0 00000000 00000000 001EE854 00000000 00000000 00000000 000994B0 001EE760 001EFAD8 0006CBB4 post_reg_execute: 00000000 80000001 001EF850 0000000F 0002282C 001EE854 00000009 00000000 001EE854 00000000 00000080 00000027 07D6060D 00000000 00000000 FFFFFFC4 07D6060D 00000000 001EE7D0 0005CC60 001EF814 001EFAD0 00000000 00000000 001EE854 00000000 00000000 00000000 000994B0 001EE760 001EFAD8 0006CBB4 Byte 1EE854: snapshot: 00 execute: 5C Byte 1EE855: snapshot: 00 execute: AA Byte 1EE856: snapshot: 00 execute: 14 Byte 1EE857: snapshot: 52 execute: 80 ... Byte 1EE8D0: snapshot: 00 execute: E6 Byte 1EE8D1: snapshot: 00 execute: 3C Byte 1EE8D2: snapshot: 00 execute: D8 Byte 1EE8D3: snapshot: 00 execute: 27 Memory Error at trap 4006 Code:
#004007 TRAP_DeviceDiscovery (00000002, 00000001, 001EE8D4, 001EE7D0); Byte 1EE8D4: snapshot: 00 execute: 2A Byte 1EE8D7: snapshot: 2A execute: 00 Byte 1EE8DC: snapshot: 00 execute: 02 Byte 1EE8DD: snapshot: 2C execute: 08 Byte 1EE8DE: snapshot: 08 execute: 2C Byte 1EE8DF: snapshot: 02 execute: 00 Byte 1EE8E0: snapshot: 00 execute: 03 Byte 1EE8E3: snapshot: 03 execute: 00 Byte 1EE8E4: snapshot: 00 execute: 01 Byte 1EE8E7: snapshot: 01 execute: 00 Memory Error at trap 4007 Code:
#004436 TRAP_DeviceDiscovery (00000001, 00000001, 001EF814, 001EF810); Register error at trap number 4436: post_reg_snapshot: 00000000 80000001 80000001 001EF7E8 001EF7E8 0002282C 001EF810 001EF814 00000005 0006DD30 00000000 0003EC54 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000994B0 001EF7E8 001EFAD8 0006D7E0 post_reg_execute: 00000000 00000000 80000001 001EF7E8 001EF7E8 0002282C 001EF810 001EF814 00000005 0006DD30 00000000 0003EC54 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000994B0 001EF7E8 001EFAD8 0006D7E0 Byte 1EF812: snapshot: 00 execute: 01 Byte 1EF813: snapshot: 2A execute: 1C Byte 1EF814: snapshot: 07 execute: 00 Byte 1EF815: snapshot: D8 execute: 00 ... Byte 1EF92C: snapshot: 75 execute: FA Byte 1EF92D: snapshot: F2 execute: F3 Byte 1EF92E: snapshot: 13 execute: 72 Byte 1EF92F: snapshot: 8A execute: 6F Code:
IC: 37177656 Trap #2037: trap_0x420(1efd08,ffffffff)= TRAP-SlotRead |
14th October 2008, 02:18 | #224 | Link | |
Guest
Posts: n/a
|
Two mistakes were in the parameter check documentation/implementation of TRAP_Aes and TRAP_DeviceDiscovery. I have already committed the patch to fix those issues. The big endian issue is fixed too (not committed yet).
Code:
#004436 TRAP_DeviceDiscovery (00000001, 00000001, 001EF814, 001EF810); Quote:
|
|
14th October 2008, 02:43 | #225 | Link |
Guest
Posts: n/a
|
Referring to posting #220: Of course the hashing for slots still needs to be done. I have no information about how the slot-traps work on the inside, so I could only do what the snapshots showed, the 'security code' treatment hence is rudimentary. Never meant to create any other impression.
Apart from that, I noticed one more bug in TRAP_Aes: Code:
#003977 TRAP_Aes (001EFA90, 001EFA91, 00000002, 001EFAC0, FFF10000); Register error at trap number 3977: post_reg_snapshot: 00000000 80000001 80000001 0002282C 001EFA90 001EFAC0 0002282C 10010000 00000002 00063B24 00000000 0003EC44 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000994B0 001EFA6C 001EFAD8 00061B60 post_reg_execute: 00000000 00000000 80000001 0002282C 001EFA90 001EFAC0 0002282C 10010000 00000002 00063B24 00000000 0003EC44 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000994B0 001EFA6C 001EFAD8 00061B60 Byte 1EFA90: snapshot: 00 execute: D1 Byte 1EFA91: snapshot: 00 execute: 08 Byte 1EFA92: snapshot: 00 execute: 6A Byte 1EFA93: snapshot: 00 execute: 97 ... Byte 1EFAAC: snapshot: 00 execute: 2B Byte 1EFAAD: snapshot: 02 execute: 4A Byte 1EFAAE: snapshot: 29 execute: 48 Byte 1EFAAF: snapshot: DC execute: 48 Memory Error at trap 3977 Code:
#003978 TRAP_Aes (001EFA90, 001EFA9F, 00000002, 001EFAC0, FFF10000); Register error at trap number 3978: post_reg_snapshot: 00000000 80000001 80000001 0002282C 001EFA90 001EFAC0 0002282C 10010000 00000002 00063B24 00000000 0003EC44 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000994B0 001EFA6C 001EFAD8 00061BB4 post_reg_execute: 00000000 00000000 80000001 0002282C 001EFA90 001EFAC0 0002282C 10010000 00000002 00063B24 00000000 0003EC44 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000994B0 001EFA6C 001EFAD8 00061BB4 Byte 1EFA90: snapshot: 00 execute: 8E Byte 1EFA91: snapshot: 00 execute: 59 Byte 1EFA92: snapshot: 00 execute: 9F Byte 1EFA93: snapshot: 00 execute: B9 ... Byte 1EFAAC: snapshot: 00 execute: 0C Byte 1EFAAD: snapshot: 02 execute: 1F Byte 1EFAAE: snapshot: 29 execute: 51 Byte 1EFAAF: snapshot: DC execute: D3 Memory Error at trap 3978 Last edited by schluppo; 14th October 2008 at 03:14. |
14th October 2008, 22:13 | #226 | Link |
Guest
Posts: n/a
|
The TRAP_Aes parameter checking should be fine now. I had forgotten to copy an important check from my notes
I am still not able to fix the checks for TRAP_SlotRead and TRAP_DeviceDiscovery though i made some observations. It's an illegal internal state which causes the failure of both calls. For TRAP_DeviceDiscovery i suggest we add a rule which lets the call fail if the "number of bytes written" pointer <len> points to a dword inside the output (which is written to <buf>). This has to be done on the trap implementation side because the interface (which does all the parameter checks) doesn't know the length of the output. Regarding the slots i couldn't find any call of TRAP_SlotWrite which actually reads the data from <newContents>. Either all those calls i've checked have failed internally or the trap implementation of my player is wrong. I could see that slot 0 is read from non-volatile memory and that all 256 bytes are subsequently copied to the specified vm memory address. Finally i suggest a command line interface for the debugger. The idea is to provide some basic commands to: - set some environment variables (like where is the BDSVM or the snapshot directory) - set/clear breakpoints (execution or data) - execute n instructions or trap calls - load a snapshot - compare memory or register content with a snapshot - dump or change parts of memory or registers - record a instruction trace - ... All the snapshot stuff should be removed from the code. The user can run a script (maybe Tcl?) which does all the work. Last edited by Oopho2ei; 15th October 2008 at 09:11. |
15th October 2008, 11:56 | #227 | Link | |
Guest
Posts: n/a
|
Quote:
The implementation consists of 3 basic steps: 1. implement the instruction processing (description of the instructions can be found here and search the web for the Hennessy and Patterson's DLX architecture) 2. trap processing (description of the traps can be found here, in the patent and in this thread) 3. event handling (still under research) 4. debugging (we use snapshots and traces from a licensed player which can be found here) If you have any questions first look at this document and the patent. If you can't find an answer there post your question here. Last edited by Oopho2ei; 15th October 2008 at 12:07. |
|
15th October 2008, 23:33 | #228 | Link |
Guest
Posts: n/a
|
There seems to be a new variant of BD+ out: http://forum.slysoft.com/showthread.php?t=21177
This is a nice oppurtunity for me to list the previous 'versions' (currently there are at least 65 titles which employ BD+):
On another note, I am currently idle but willing to do more trap-analyzing whenever any snapshots or similar are handed to me The debugger may currently not run with correct memory contents to the first TRAP_Finished on it's own (because of the well known TRAP-SlotRead(*,ffffffff) problem). Otherwise, it would be possible to really start treating the event handling, since we could try and just feed any event to the VM (after it has initialized itself on it's own in the first ~2600 trap-calls) and see what happens. Last edited by schluppo; 15th October 2008 at 23:41. |
16th October 2008, 13:53 | #229 | Link |
Guest
Posts: n/a
|
It's really amazing how you and gioowe can read the hidden messages in those slysoft forum postings. When i look through my crystal ball at the posting i only see that he had chocolate cakes this morning and that his grandma is turning 80 next week. Maybe i need to look at the least significant bits of the fox image in the top left corner
Seriously we should focus on the correct implementation of all traps before we start anything new. When i started looking at events i was under the impression that the trap implementation is almost complete (e.g. with the details from the patent) and the code is in a good condition but i was really wrong. There is still a lot to be done. I am currently looking at TRAP_SlotAttach and TRAP_SlotWrite will be next. In the meantime you should review the code and correct the short trap descriptions you can find in bdsvm_player_traps.java. I will upload new snapshots when i think it is appropriate. |
16th October 2008, 15:25 | #230 | Link |
Guest
Posts: n/a
|
This is a description of how TRAP_SlotAttach works. The example below is for the first call of TRAP_SlotAttach in "The Day After Tomorrow":
call: TRAP_SlotAttach( slot = ?, codeLen = 0x0000000C ) PC = 0001AC70h (already incremented) That's the data which is hashed with SHA-1: Code:
00 01 ac 6c 00 00 00 00 ; PC-4 ( & 0x3FFFFC ) and instruction filter (IF) 6f bd 00 1c e0 3d 00 08 e3 fd 00 04 d4 20 00 00 ; 16 bytes from 0x1000 e4 00 04 10 58 1f 00 00 e4 00 04 20 58 1f 00 00 ; #codeLen dwords from PC-4 e4 00 04 30 58 1f 00 00 e4 00 02 30 58 1f 00 00 e4 00 80 10 58 1f 00 00 e4 00 80 20 58 1f 00 00 Code:
h = 78f623b22178c6150c420a3bff949c85ae7f75bd Code:
h' = 3ac6e39ffddc1c66429aae0600c61bf0ec340d8a Edit: the unknown dword is the instruction filter (IF) Last edited by Oopho2ei; 16th October 2008 at 16:45. |
16th October 2008, 15:57 | #231 | Link | |
Registered User
Join Date: Jul 2004
Posts: 40
|
Quote:
|
|
16th October 2008, 19:07 | #232 | Link | |
Guest
Posts: n/a
|
Quote:
Some details about TRAP_SlotWrite: TRAP_SlotWrite(UINT8 *newContents); p = some address inside the player (volatile) memory Code:
- copy 0x10 bytes from newContents+0x20 to p - copy 0x14 bytes from newContents+0x30 to p+0x10 - copy 0xB4 bytes from newContents+0x4C to p+0x2C Code:
newContents+0x00 ... newContents+0x1F and newContents+0x44 ... newContents+0x4B |
|
16th October 2008, 21:48 | #233 | Link |
Guest
Posts: n/a
|
This is what i assume is the structure of a slot. The example data is from slot 0 (DAT).
Code:
Addr : Data - Description ----------------------------------------------------------------------------------- 0000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - Creator Media ID ? 0010 : 1d 2f c6 74 62 fd f9 86 35 7a 8f 80 8f a1 29 8b - Last Update Media ID ? 0020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - Slot Private Data ? 0030 : a9 78 8b 0b b2 8d e0 e1 3f 40 af de e9 a3 31 6b 25 3c fa 21 - Attach Authentication Hash 0044 : 00 00 00 00 - ? 0048 : 00 00 00 8e - Last Update Sequence Counter ? 004C : d4 8e 75 57 c6 e6 0b 46 a7 14 60 99 46 ff 65 0d \ 005C : fe e5 48 8a ee dd 48 ad dd 47 8d 1d 87 53 d7 04 | 006C : 59 5b 6d b1 57 b6 04 d9 aa 32 da c6 ff 9b fe 02 | 007C : 1f b2 1b 8e 5b 61 88 0d 85 8e 72 d1 5c c7 6f f2 | 008C : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | 009C : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff } Data Payload (180 bytes) 00AC : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | 00BC : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | 00CC : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00DC : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00EC : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00FC : 00 00 00 00 / Last edited by Oopho2ei; 16th October 2008 at 22:01. |
17th October 2008, 00:12 | #234 | Link |
Guest
Posts: n/a
|
I changed TRAP-SlotAttach according to posting #230. For the first call in "DAT v1.02", this gives the same h' as in the posting, so it seems to be fine. Then the new code compares the 20 bytes that are h' with the 20 bytes starting at 0x30 in slot number <slot> (where <slot> is the first parameter of the trap). If they are equal, the global variable AttachedSlot is set to <slot> and STATUS_OK is returned, otherwise AttachedSlot is set to 0 and STATUS_INVALID_PARAMETER is returned.
About TRAP-SlotWrite: What does the trap do if there is no slot attached? And since you changed the default-value of AttachedSlot (meaning 'no slot attached') to 0, what happens, if slot 0 is supposed to be attached? |
17th October 2008, 13:33 | #235 | Link |
Registered User
Join Date: Jul 2004
Posts: 40
|
I found an interesting patent which explains a bit how the different .svm files are used: http://www.freepatentsonline.com/EP1841120.html
00000.svm seems to contain code common to all players, and is supposed to select a different (player dependent) xxxxx.svm for known players, or a common file for all unknown players. The selected file contains security checks and content scrambling code. Last edited by tteich; 17th October 2008 at 14:05. Reason: typo |
17th October 2008, 15:25 | #236 | Link | |||
Guest
Posts: n/a
|
Quote:
Quote:
Quote:
Edit: From this patent i can also tell that the 'S' in BDSVM stands for "Secure" (and not "Secret" like i thought). Edit: FIG.5 (p.34) and FIG.6 (p.35) illustrate the event handling and the final correction of broken segments in the decrypted video and audio stream. The process is described starting with page 13. To see the differences in the output for "The Day After Tomorrow" look at posting #13. Last edited by Oopho2ei; 17th October 2008 at 16:54. |
|||
17th October 2008, 19:04 | #238 | Link |
Guest
Posts: n/a
|
Good!
Some scenarios which should give you an idea how the AttachedSlot mechanism works. Code:
- the first trap which is executed is TRAP_SlotWrite: -> writes to slot 0 - slot 0 is attached ( TRAP_SlotAttach( 0, 4 ) finished successfully ): -> the following TRAP_SlotWrite writes to slot 0 - TRAP_SlotAttach( 0x1F3, 0c0C ) succeeded and the following trap "TRAP_SlotAttach( 0x1F3, 0c0C )" failed ( hash missmatch ): -> the following TRAP_SlotWrite writes to slot 0 - TRAP_SlotAttach( 0x1F3, 0c0C ) succeeded: -> TRAP_SlotWrite writes to slot 0x1F3 -> another TRAP_SlotWrite does not write to slot 0 (so probably writes to slot 0x1F3 as well) -> the following TRAP_SlotRead calls read the contents of slots 0 (unchanged) and 0x1F3 correctly Edit: As you might have noticed the (Creator/Last Update) Media ID in the Slot is the Volume ID. For "The Day After Tomorrow" it is 1D2FC67462FDF986357A8F808FA1298B. Edit: i've added a new class to handle the slots. All changes can be viewed here as usual. Last edited by Oopho2ei; 17th October 2008 at 22:11. |
18th October 2008, 01:36 | #240 | Link | |
Guest
Posts: n/a
|
Quote:
Some news about TRAP_SlotAttach and TRAP_SlotRead with parameter slot=0xFFFFFFFF. When TRAP_SlotRead is called with slot=0xFFFFFFFF it writes 3 dwords (DW0 DW1 DW2) to dst. DW1 and DW2 are two bytes B1 and B2 which were expanded to UINT32 and DW0 seems to be originally a 16 or 32 bit value. TRAP_SlotRead only seems to read and expand those values but TRAP_SlotAttach really changes them if called with slot = 0xFFFFFFFF which is supposed to be the way a new slot is allocated. The output of TRAP_SlotRead before TRAP_SlotAttach (both with slot = 0xFFFFFFFF): Code:
00000000 00000000 00000007 Code:
if ( B2 > 2 ) { B2 = B2 - 1; } B1 = B2; Code:
000001F2 00000006 00000006 Code:
0000:0010 1d 2f c6 74 62 fd f9 86 35 7a 8f 80 8f a1 29 8b 0000:0010 1d 2f c6 74 62 fd f9 86 35 7a 8f 80 8f a1 29 8b 0000:0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000:0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000:0040 00 00 00 00 00 00 00 00 00 00 01 15 00 00 00 00 0000:0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000:0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000:0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000:0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000:0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000:00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000:00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000:00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000:00d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000:00e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000:00f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Now when i again call TRAP_SlotAttach followed by a call of TRAP_SlotRead (both with slot=0xFFFFFFFF) i get the result: Code:
000001F1 0000005 00000005 Edit: If attached successfully with TRAP_SlotAttach( 0x1F3, 4 ) then the output if TRAP_SlotRead( 0x100, 0xFFFFFFFF ) is: Code:
000001F3 0000000 00000007 Last edited by Oopho2ei; 18th October 2008 at 02:03. |
|
|
|