Go (iBoot command)

iPad from iBoot-1219.62.8 (5.1b3)
ROM:5FF010E4 _go_command                            ; DATA XREF: ROM:5FF2A878�o ROM:5FF010E4 ROM:5FF010E4 var_10         = -0x10 ROM:5FF010E4 var_C          = -0xC ROM:5FF010E4 ROM:5FF010E4                PUSH            {R7,LR}                ; Save return address on stack. Save R7 ROM:5FF010E6                MOV             R7, SP                 ; R7 holds current stack pointer ROM:5FF010E8                SUB             SP, SP, #0x10          ; And stack reserves 16 bytes ROM:5FF010EA                MOV.W           R0, #0x44000000 ROM:5FF010EE                MOV.W           R1, #0x3F00000 ROM:5FF010F2                STR             R0, [SP,#0x18+var_C] ROM:5FF010F4                MOV.W           R0, #0x40000000 ROM:5FF010F8                STR             R1, [SP,#0x18+var_10] ROM:5FF010FA                BL              sub_5FF163D4           ; Check if this is allowed ROM:5FF010FE                CBNZ            R0, allowed ROM:5FF01100                LDR             R0, =aPermissionDenied ; "Permission Denied\n" ; 0x5FF233C4, in case you're interested ROM:5FF01102                B               exit ROM:5FF01104 ; --- ROM:5FF01104 ROM:5FF01104 allowed:                           ; CODE XREF: _go_command+1A�j ROM:5FF01104                MOVW            R2, #0x6563   ; "ec" ROM:5FF01108                MOVS            R3, #1 ROM:5FF0110A                MOVT.W          R2, #0x6962   ; "bi" ROM:5FF0110E                LDR             R1, [SP,#0x18+var_10] ROM:5FF01110                STRD.W          R2, R3, [SP] ROM:5FF01114                ADD             R2, SP, #0x18+var_C ROM:5FF01116                MOV.W           R0, #0x40000000 ROM:5FF0111A                ADD             R3, SP, #0x18+var_10 ROM:5FF0111C                BL              sub_5FF19AB8           ; Check if can jump ROM:5FF01120                CBZ             R0, can_jump            ; if previous function returned 0, goto ROM:5FF01122                LDR             R0, =aMemoryImageNotVa ; "Memory image not valid\n" ROM:5FF01124 ROM:5FF01124 exit:                           ; CODE XREF: _go_command+1E�j ROM:5FF01124                BL              _console_printf_probably ROM:5FF01128                MOV.W           R0, #0xFFFFFFFF ROM:5FF0112C                ADD             SP, SP, #0x10 ROM:5FF0112E                POP             {R7,PC} ROM:5FF01130 ; --- ROM:5FF01130 ROM:5FF01130 can_jump                           ; CODE XREF: _go_command+3C�j ROM:5FF01130                LDR             R1, [SP,#0x18+var_C] ROM:5FF01132                LDR             R0, =aJumpingIntoImage ; "jumping into image at 0x%08x\n" ROM:5FF01134                BL              _console_printf_probably ROM:5FF01138                MOVS            R0, #0 ROM:5FF0113A                LDR             R1, [SP,#0x18+var_C] ROM:5FF0113C                MOV             R2, R0 ROM:5FF0113E                 BL              do_jump ROM:5FF0113E ; End of function _go_command ROM:5FF0113E ROM:5FF01142                NOP ROM:5FF01142 ; --- ROM:5FF01144 off_5FF01144   DCD aMemoryImageNotVa   ; DATA XREF: _go_command+3E�r ROM:5FF01144                                        ; "Memory image not valid\n" ROM:5FF01148 off_5FF01148   DCD aJumpingIntoImage   ; DATA XREF: _go_command+4E�r ROM:5FF01148                                        ; "jumping into image at 0x%08x\n" ROM:5FF0114C off_5FF0114C   DCD aPermissionDenied   ; DATA XREF: _go_command+1C�r ROM:5FF0114C                                        ; "Permission Denied\n" ROM:5FF01150

Disassembly
N88AP_iBoot:4FF0103C    ; =============== S U B R O U T I N E ======================================= N88AP_iBoot:4FF0103C N88AP_iBoot:4FF0103C    ; Attributes: bp-based frame N88AP_iBoot:4FF0103C N88AP_iBoot:4FF0103C    n88ap__iBoot__go_command                ; DATA XREF: N88AP_iBoot:n88ap__iBoot__go�o N88AP_iBoot:4FF0103C N88AP_iBoot:4FF0103C    var_18          = -0x18 N88AP_iBoot:4FF0103C    MemoryPoint     = -0x14 N88AP_iBoot:4FF0103C N88AP_iBoot:4FF0103C 000                PUSH    {R4,R5,R7,LR}   ; Push registers N88AP_iBoot:4FF0103E 010                ADD     R7, SP, #8      ; Rd = Op1 + Op2 N88AP_iBoot:4FF01040 010                SUB     SP, SP, #8      ; Rd = Op1 - Op2 N88AP_iBoot:4FF01042 018                CMP     R0, #1          ; Set cond. codes on Op1 - Op2 N88AP_iBoot:4FF01044 018                MOV     R4, R1          ; Rd = Op2 N88AP_iBoot:4FF01046 018                BLE     loc_4FF01062    ; Branch N88AP_iBoot:4FF01048 018                ADD.W   R5, R1, #0x14   ; Rd = Op1 + Op2 N88AP_iBoot:4FF0104C 018                LDR     R0, =aHelp      ; "help" N88AP_iBoot:4FF0104E 018                LDR     R1, [R1,#0x24]  ; Load from Memory N88AP_iBoot:4FF01050 018                BL      sub_4FF1ECA0    ; Branch with Link N88AP_iBoot:4FF01054 018                CMP     R0, #0          ; Set cond. codes on Op1 - Op2 N88AP_iBoot:4FF01056 018                BNE     loc_4FF010C4    ; Branch N88AP_iBoot:4FF01058 018                LDR     R1, [R4,#0x10]  ; param_R1 N88AP_iBoot:4FF0105A 018                LDR     R0, =aSAddress  ; "%s [ ]\n" N88AP_iBoot:4FF0105C 018                BL      N88AP__iBOOT__console_printf ; Branch with Link N88AP_iBoot:4FF01060 018                B       loc_4FF010D4    ; Branch N88AP_iBoot:4FF01062    ; --- N88AP_iBoot:4FF01062 N88AP_iBoot:4FF01062    loc_4FF01062                            ; CODE XREF: n88ap__iBoot__go_command+A�j N88AP_iBoot:4FF01062 018                LDR     R0, =aLoadaddr  ; "loadaddr" N88AP_iBoot:4FF01064 018                MOV.W   R1, #0x41000000 ; Rd = Op2 N88AP_iBoot:4FF01068 018                BL      sub_4FF1CD88    ; Branch with Link N88AP_iBoot:4FF0106C 018                STR     R0, [SP,#0x18+MemoryPoint] ; Store to Memory N88AP_iBoot:4FF0106E N88AP_iBoot:4FF0106E    loc_4FF0106E                            ; CODE XREF: n88ap__iBoot__go_command+96�j N88AP_iBoot:4FF0106E 018                LDR     R0, [SP,#0x18+MemoryPoint] ; Load from Memory N88AP_iBoot:4FF01070 018                MOV.W   R1, #0xF00000   ; Rd = Op2 N88AP_iBoot:4FF01074 018                BL      sub_4FF1A038    ; Branch with Link N88AP_iBoot:4FF01078 018                CBNZ    R0, loc_4FF0107E ; Compare and Branch on Non-Zero N88AP_iBoot:4FF0107A 018                LDR     R0, =aPermissionDenied ; "Permission Denied\n" N88AP_iBoot:4FF0107C 018                B       loc_4FF010AC    ; Branch N88AP_iBoot:4FF0107E    ; --- N88AP_iBoot:4FF0107E N88AP_iBoot:4FF0107E    loc_4FF0107E                            ; CODE XREF: n88ap__iBoot__go_command+3C�j N88AP_iBoot:4FF0107E 018                LDR     R0, [SP,#0x18+MemoryPoint] ; StartAddress N88AP_iBoot:4FF01080 018                MOV.W   R1, #0xF00000   ; dataSize N88AP_iBoot:4FF01084 018                MOVS    R2, #1          ; Type N88AP_iBoot:4FF01086 018                BL      n88ap__iBoot__MEMZ_STRUCT_INIT ; Branch with Link N88AP_iBoot:4FF0108A 018                CBNZ    R0, loc_4FF01090 ; Compare and Branch on Non-Zero N88AP_iBoot:4FF0108C 018                LDR     R0, =aMemoryImageCorrupt ; "Memory image corrupt\n" N88AP_iBoot:4FF0108E 018                B       loc_4FF010AC    ; Branch N88AP_iBoot:4FF01090    ; --- N88AP_iBoot:4FF01090 N88AP_iBoot:4FF01090    loc_4FF01090                            ; CODE XREF: n88ap__iBoot__go_command+4E�j N88AP_iBoot:4FF01090 018                MOV.W   R3, #0x43000000 ; Rd = Op2 N88AP_iBoot:4FF01094 018                LDR     R1, ='ibec'     ; TAG_TYPE N88AP_iBoot:4FF01096 018                STR     R3, [SP,#0x18+MemoryPoint] ; Store to Memory N88AP_iBoot:4FF01098 018                ADD     R2, SP, #0x18+MemoryPoint ; unknown1 N88AP_iBoot:4FF0109A 018                MOV.W   R3, #0xF00000   ; Rd = Op2 N88AP_iBoot:4FF0109E 018                STR     R3, [SP,#0x18+var_18] ; Store to Memory N88AP_iBoot:4FF010A0 018                MOV     R3, SP          ; unknown2 N88AP_iBoot:4FF010A2 018                BL      n88ap__iBoot__image_load ; Branch with Link N88AP_iBoot:4FF010A6 018                CMP     R0, #0          ; Set cond. codes on Op1 - Op2 N88AP_iBoot:4FF010A8 018                BGE     loc_4FF010B2    ; Branch N88AP_iBoot:4FF010AA 018                LDR     R0, =aMemoryImageNotValid ; "Memory image not valid\n" N88AP_iBoot:4FF010AC N88AP_iBoot:4FF010AC    loc_4FF010AC                            ; CODE XREF: n88ap__iBoot__go_command+40�j N88AP_iBoot:4FF010AC                                            ; n88ap__iBoot__go_command+52�j N88AP_iBoot:4FF010AC 018                BL      N88AP__iBOOT__console_printf ; Branch with Link N88AP_iBoot:4FF010B0 018                B       loc_4FF010D4    ; Branch N88AP_iBoot:4FF010B2    ; --- N88AP_iBoot:4FF010B2 N88AP_iBoot:4FF010B2    loc_4FF010B2                            ; CODE XREF: n88ap__iBoot__go_command+6C�j N88AP_iBoot:4FF010B2 018                LDR     R1, [SP,#0x18+MemoryPoint] ; param_R1 N88AP_iBoot:4FF010B4 018                LDR     R0, =aJumpingIntoImageAt0x08x ; "jumping into image at 0x%08x\n" N88AP_iBoot:4FF010B6 018                BL      N88AP__iBOOT__console_printf ; Branch with Link N88AP_iBoot:4FF010BA 018                MOVS    R0, #0          ; Rd = Op2 N88AP_iBoot:4FF010BC 018                LDR     R1, [SP,#0x18+MemoryPoint] ; Load from Memory N88AP_iBoot:4FF010BE 018                MOV     R2, R0          ; Rd = Op2 N88AP_iBoot:4FF010C0 018                BL      sub_4FF19264    ; Branch with Link N88AP_iBoot:4FF010C4 N88AP_iBoot:4FF010C4    loc_4FF010C4                            ; CODE XREF: n88ap__iBoot__go_command+1A�j N88AP_iBoot:4FF010C4 018                LDR     R0, =aLoadaddr  ; "loadaddr" N88AP_iBoot:4FF010C6 018                MOV.W   R1, #0x41000000 ; Rd = Op2 N88AP_iBoot:4FF010CA 018                BL      sub_4FF1CD88    ; Branch with Link N88AP_iBoot:4FF010CE 018                LDR     R3, [R5,#4]     ; Load from Memory N88AP_iBoot:4FF010D0 018                STR     R3, [SP,#0x18+MemoryPoint] ; Store to Memory N88AP_iBoot:4FF010D2 018                B       loc_4FF0106E    ; Branch N88AP_iBoot:4FF010D4    ; --- N88AP_iBoot:4FF010D4 N88AP_iBoot:4FF010D4    loc_4FF010D4                            ; CODE XREF: n88ap__iBoot__go_command+24�j N88AP_iBoot:4FF010D4                                            ; n88ap__iBoot__go_command+74�j N88AP_iBoot:4FF010D4 018                MOV.W   R0, #0xFFFFFFFF ; Rd = Op2 N88AP_iBoot:4FF010D8 018                SUB.W   SP, R7, #8      ; Rd = Op1 - Op2 N88AP_iBoot:4FF010DC 018                POP     {R4,R5,R7,PC}   ; Pop registers N88AP_iBoot:4FF010DC    ; End of function n88ap__iBoot__go_command N88AP_iBoot:4FF010DC N88AP_iBoot:4FF010DE    ; --- N88AP_iBoot:4FF010DE                    NOP                     ; No Operation N88AP_iBoot:4FF010DE    ; --- N88AP_iBoot:4FF010E0    off_4FF010E0    DCD aHelp               ; DATA XREF: n88ap__iBoot__go_command+10�r N88AP_iBoot:4FF010E0                                            ; "help" N88AP_iBoot:4FF010E4    ; int off_4FF010E4 N88AP_iBoot:4FF010E4    off_4FF010E4    DCD aSAddress           ; DATA XREF: n88ap__iBoot__go_command+1E�r N88AP_iBoot:4FF010E4                                            ; "%s [ ]\n" N88AP_iBoot:4FF010E8    off_4FF010E8    DCD aLoadaddr           ; DATA XREF: n88ap__iBoot__go_command:loc_4FF01062�r N88AP_iBoot:4FF010E8                                            ; n88ap__iBoot__go_command:loc_4FF010C4�r N88AP_iBoot:4FF010E8                                            ; "loadaddr" N88AP_iBoot:4FF010EC    off_4FF010EC    DCD aPermissionDenied   ; DATA XREF: n88ap__iBoot__go_command+3E�r N88AP_iBoot:4FF010EC                                            ; "Permission Denied\n" N88AP_iBoot:4FF010F0    ; struct MEMZ_STRUCT *off_4FF010F0 N88AP_iBoot:4FF010F0    off_4FF010F0    DCD aMemoryImageCorrupt ; DATA XREF: n88ap__iBoot__go_command+50�r N88AP_iBoot:4FF010F0                                            ; "Memory image corrupt\n" N88AP_iBoot:4FF010F4    ; char *dword_4FF010F4 N88AP_iBoot:4FF010F4    dword_4FF010F4  DCD 'ibec'              ; DATA XREF: n88ap__iBoot__go_command+58�r N88AP_iBoot:4FF010F8    ; int off_4FF010F8 N88AP_iBoot:4FF010F8    off_4FF010F8    DCD aMemoryImageNotValid N88AP_iBoot:4FF010F8                                            ; DATA XREF: n88ap__iBoot__go_command+6E�r N88AP_iBoot:4FF010F8                                            ; "Memory image not valid\n" N88AP_iBoot:4FF010FC    ; int off_4FF010FC N88AP_iBoot:4FF010FC    off_4FF010FC    DCD aJumpingIntoImageAt0x08x N88AP_iBoot:4FF010FC                                            ; DATA XREF: n88ap__iBoot__go_command+78�r N88AP_iBoot:4FF010FC                                            ; "jumping into image at 0x%08x\n" N88AP_iBoot:4FF01100