GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Moderators: Cat_7, Ronald P. Regensburg
-
adespoton
- Forum All-Star
- Posts: 4285
- Joined: Fri Nov 27, 2009 5:11 am
- Location: Emaculation.com
- Contact:
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
You can replace OpenTransport with MacTCP up until 8.1 I believe; IIRC, parts of OT are built right into the system for 8.5+, meaning you'd have to replace the resources with ones that MacTCP could hook. System 7.5 - MacOS 8.1 had a switching tool I think, that did a bit more than just swapping out the extensions.
-
sentient06
- Mac Mechanic
- Posts: 188
- Joined: Tue Mar 29, 2011 8:57 pm
- Location: London, UK
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Do you gentlemen know if the most recent Mac OS 9 changes are in any of these QEMU GIT repositories?
And do you know what is the difference between them?
http://git.qemu.org/?p=qemu.git;a=summary
https://github.com/qemu/qemu
https://github.com/agraf/qemu
The top two look pretty much the same to me.
Agraf's fork I got from here:
http://c-obrien.org/qemu-os9/testing/
And then there is the OpenBIOS. Is the elf file enough?
I'll give it a go in a couple of different systems and if everything goes fine I'll write a small yet detailed guide.
Thanks!
And do you know what is the difference between them?
http://git.qemu.org/?p=qemu.git;a=summary
https://github.com/qemu/qemu
https://github.com/agraf/qemu
The top two look pretty much the same to me.
Agraf's fork I got from here:
http://c-obrien.org/qemu-os9/testing/
And then there is the OpenBIOS. Is the elf file enough?
I'll give it a go in a couple of different systems and if everything goes fine I'll write a small yet detailed guide.
Thanks!
-
adespoton
- Forum All-Star
- Posts: 4285
- Joined: Fri Nov 27, 2009 5:11 am
- Location: Emaculation.com
- Contact:
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
All of Cormac and Alex's changes have been rolled into the main branch now. The top two reference the same repo, I think. The last one is where Alex puts stuff he's testing before it gets rolled into the trunk.
The main thing we were waiting for was the OpenBIOS changes to get accepted and rolled in, and those have been refactored and rolled in by Mark (not sure if they're in the official release yet, but we've got a working copy to use). So with the OS 9 aware OpenBIOS, the official QEMU source, and a modified System that has the OpenTransport resources modified, you get a functional 9.2.2.
The main thing we were waiting for was the OpenBIOS changes to get accepted and rolled in, and those have been refactored and rolled in by Mark (not sure if they're in the official release yet, but we've got a working copy to use). So with the OS 9 aware OpenBIOS, the official QEMU source, and a modified System that has the OpenTransport resources modified, you get a functional 9.2.2.
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Hi,
This the MacsBug stdlog file on the moment of the crash when OT is loaded:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 005DFEC0 LibraryManagerEntry+FEFA0
15-Dec-2015 8:31:47 PM (since boot = 20 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is on; paging is currently safe (and it probably isn't VM's fault)
NIL^ = $FFC10000
Stack space used = +217984964
Address 005DFEC0 is in the System heap at 00002800 at LibraryManagerEntry+FEFA0
It is 00000C30 bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 005DF290 00002000+04 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 005DFEC0 CR 0010 0100 0010 0010 0000 0100 0100 1000
LR = 005DFEC0 <>=O XEVO
CTR = 00000000
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 0067A5F4 R8 = 00000000 R16 = 70777063 R24 = 000501E0
SP = 0CBF1470 R9 = 00000000 R17 = 00000001 R25 = 005E7618
TOC = 00646574 R10 = 005CCBE8 R18 = 00000000 R26 = 00000FF1
R3 = 00000000 R11 = 00000000 R19 = 00000000 R27 = 00000001
R4 = 005DFD60 R12 = 42220448 R20 = 00000000 R28 = 0CBF14A8
R5 = 005DFEC0 R13 = 0059BEB0 R21 = 00000001 R29 = 00002800
R6 = 005DFEC0 R14 = 00004D24 R22 = 0CBF2EA8 R30 = 0CBF14AC
R7 = 005CCC20 R15 = 0CBFB38E R23 = 00000003 R31 = 00000000
Disassembling PowerPC code from 005DFE98
LibraryManagerEntry
005DFE98 dc.l 0x005CCBE8 | 005CCBE8
005DFE9C dc.l 0x005DFEA4 | 005DFEA4
005DFEA0 dc.l 0x00000000 | 00000000
005DFEA4 dc.l 0x005CCC20 | 005CCC20
005DFEA8 dc.l 0x00000000 | 00000000
005DFEAC dc.l 0x00000000 | 00000000
005DFEB0 dc.l 0x00000000 | 00000000
005DFEB4 dc.l 0x00000000 | 00000000
005DFEB8 dc.l 0x00087930 | 00087930
005DFEBC dc.l 0x00000038 | 00000038
005DFEC0 *dc.l 0x00000000 | 00000000
005DFEC4 dc.l 0x00000000 | 00000000
005DFEC8 dc.l 0x00000001 | 00000001
005DFECC dc.l 0x00000000 | 00000000
005DFED0 dc.l 0x00000001 | 00000001
005DFED4 dc.l 0x000001B1 | 000001B1
005DFED8 dc.l 0x00030003 | 00030003
005DFEDC dc.l 0x00002800 | 00002800
005DFEE0 dc.l 0x005CCC20 | 005CCC20
005DFEE4 dc.l 0x005CCC20 | 005CCC20
Heap zones
#1 Mod 10240K 00002800 to 00A027FF SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 6K 00A02800 to 00A03FFF
#4 Mod 6K 00A02800 to 00A03FFF
#5 Mod 9215K 11000000 to 118FFFDF
#6 Mod 216K 111413D0 to 111773CF
#7 Mod 94K 11217450 to 1122F02F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 00A02800 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001A #26 002FF620 #3143200 (#3069K)
Nonrelocatable 0928 #2344 0049A16C #4825452 (#4712K)
Relocatable 030F #783 00266830 #2517040 (#2458K)
Locked 00D4 #212 001B2070 #1777776 (#1736K)
Purgeable and not locked 0043 #67 0001B4E0 #111840 (#109K)
Heap size 0C51 #3153 009FFFBC #10485692 (#9M)
The target heap is the heap at 00A02800
Totaling the heap at 00A02800
Total Blocks Total of Block Sizes
Free 0001 #1 00001650 #5712
Nonrelocatable 0003 #3 0000016C #364
Relocatable 0000 #0 00000000 #0
Locked 0000 #0 00000000 #0
Purgeable and not locked 0000 #0 00000000 #0
Heap size 0004 #4 000017BC #6076
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001A #26 002FF620 #3143200 (#3069K)
Nonrelocatable 0928 #2344 0049A16C #4825452 (#4712K)
Relocatable 030F #783 00266830 #2517040 (#2458K)
Locked 00D4 #212 001B2070 #1777776 (#1736K)
Purgeable and not locked 0043 #67 0001B4E0 #111840 (#109K)
Heap size 0C51 #3153 009FFFBC #10485692 (#9M)
Displaying File Control Blocks
FRef Name VRef Type Fl ForkID LogEOF
0002 System FFFF zsys mW rsrc 006BCB73
0006 **** EXTENTS B-TREE FFFF •••• mw data 00400000
000A **** CATALOG B-TREE FFFF •••• mw data 00400000
000E **** VOLUME BITMAP FFFF •••• mw data 00010000
00C2 USB Device Extension FFFF ndrv mw data 00060B86
00C6 HID Library FFFF shlb mw data 000054B8
00D2 USB Software Locator FFFF ndrv mw data 00004672
010A Open Transport FFFF otsl mw data 0019D7D2
010E Open Transport FFFF otsl mw rsrc 00041F5E
0136 Shared Library Manager PPC FFFF INIT mw rsrc 0004A851
014A Open Transport ASLM Modules FFFF libr mw rsrc 000E5125
0202 Mac OS ROM FFFF tbxi mW rsrc 000960FF
02AA Apple Enet DLPI Support FFFF shlb mw data 00013E38
02AE EnetShimLib FFFF shlb mw data 00001C3C
02B2 Shared Library Manager PPC FFFF INIT mw rsrc 0004A851
02B6 Open Transport ASLM Modules FFFF libr mw rsrc 000E5125
02BA StdLog FFFF TEXT mW data 00001AB1
0352 VM Storage FFFF ZSYS mW data 11900000
036A System Resources FFFF zsyr mw rsrc 000FFC67
03F6 System FFFF zsys mw data 006DC2C0
041A Mac OS ROM FFFF tbxi mw data 002AAB86
0422 Type 1 Scaler FFFF sclr mw data 000875A7
044A FontAnnexFile FFFF xfnt mW data 000002DC
0496 Language Kit Preferences FFFF pref mW rsrc 000001E4
#384 FCBs, #54 in use (including #30 fonts not listed), #330 free
Displaying Volume Control Blocks
vRef VolName Flg dRef Drv# FSID NumBlks BlkSiz FilCnt DirCnt BlsdDir VCBPtr
FFFF qemu os922 dsh FFCA 0008 0000 0007FF38 001000 000BB2 0001DB 0000001B 00159C50
#1 VCBs
Displaying Drive Queue
Drive Volume Flags dRef Driver Name FSID Size QElem at
0008 qemu os922 leiS FFCA .ATADisk 0000 003FFB36 00188B56
#1 drive
Displaying Driver Control Entries
dRef dNum Driver Flg Ver qHead Stor/Ver Dely Drvr at DCE at
FFFA 0005 .AIn bPC #9 00000000 00000000 0000 005A7424 0059B8D0
FFF9 0006 .AOut bPC #9 00000000 00000000 0000 005A74E4 0059B920
FFF8 0007 .BIn bPC #9 00000000 00000000 0000 005A75A4 0059B970
FFF7 0008 .BOut bPC #9 00000000 00000000 0000 005A7664 0059B9C0
FFCF 0030 .EDisk bPC #0 00000000 00000000 003C FFCB6350 000DC780
FFCE 0031 .LANDisk bPC #1 00000000 00000000 0000 000DCA20 000EEE50
FFCD 0032 .Display_Video_Apple_COFB bPO #0 00000000 00.00d00 0000 000F0C48 000F0C10
FFCC 0033 .ATALoad bPO #0 00000000 00183970 0001 FFD9CAF0 00183920
FFCB 0034 .swmdrvr bPO #0 00000000 0000510C 0001 00562730 001E7DC0
FFCA 0035 .ATADisk bPO #0 00000000 001889D2 0065 0018C82E 001883E0
FFC9 0036 .HDI bPO #0 00000000 00592840 0000 005AB5C0 00188F70
FFC8 0037 .Display_Video_Apple_Offsc… bPO #0 00000000 01.00f00 0000 0059F608 0059F5D0
FFC7 0038 .ASLM bPO #2 00000000 00000000 0000 005F2890 000C91A0
#96 Unit Table entries, #13 in use, #83 free
Displaying resource information:
Map $00004B58, flags $0000, file $0136 = Shared Library Manager PPC
> Map $00005A4C, flags $0000, file $014A = Open Transport ASLM Modules
+ Map $000058F4, flags $FF9A, file $0202 = Mac OS ROM
+ Map $0000587C, flags $FF9E, file $0003 = •ROM resources that override System•
S Map $00005A44, flags $FF8D, file $0002 = System
Map $000042DC, flags $001C, file $010E = Open Transport
Map $00004ECC, flags $FF9C, file $0496 = Language Kit Preferences
Map $00005828, flags $FF94, file $036A = System Resources
[Skipped $001E maps belonging to font files]
Calling chain using A6/R1 links
Back chain ISA Caller
0CBF2FBC 68K 0CBFF3A0
0CBF2E79 PPC FFCECE1C EmToNatEndMoveParams+00014
0CBF2E00 PPC FFCDFCC0 GetSharedLibrary+000D0
0CBF2D90 PPC FFCDD280 FragPrepare+003AC
0CBF2B30 PPC FFCE2AEC GetIndSymbol+02A34
0CBF2AC0 PPC FFCE233C GetIndSymbol+02284
0CBF2A60 PPC FFCE20EC GetIndSymbol+02034
0CBF29E0 PPC 3F26F6A4 BootOpenTransport+000D4
0CBF29A0 68K 005E220C 'lmgr 0000 010E'+0008C
0CBF28FA 68K 005E2C1C 'lmgr 0000 010E'+00A9C
0CBF28E6 68K 005E2B76 'lmgr 0000 010E'+009F6
0CBF28C6 68K 005E6DCE 'AINI 8042 010E Startup ASLM PPC'+000DE
0CBF2862 68K 005E742A LoadLibraryManagerEntry+0012C
0CBF25AB PPC FFCECE1C EmToNatEndMoveParams+00014
0CBF2540 PPC 005F78E4
0CBF2438 PPC 00612DC8
0CBF2398 PPC 0061E2F8
0CBF2350 PPC 00620020
0CBF22F0 PPC 0061611C
0CBF20C8 PPC 0061F300
0CBF1F18 PPC 0063E418
0CBF1EE0 PPC 0063AF3C
0CBF1EA0 PPC 0063C880 ResidentOpenTransport+00C40
0CBF1CF0 PPC 0063BB90 DoLoadUnload()+0006C
0CBF1CA0 PPC 3F2D86A0 OTRunPortScanners+00278
0CBF1C00 PPC 0061C240
0CBF1BB0 PPC 0061BF3C
0CBF1B60 PPC 0061C114
0CBF1B20 PPC 0061E314
0CBF1AD8 PPC 00620020
0CBF1A78 PPC 00616104
0CBF1850 PPC 0061EA70
0CBF1640 PPC 0067A478
0CBF1608 PPC 0067A660
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
0CBF1858 PPC 00616104
0CBF1808 0CBF1800 PPC 00620618
0CBF17E8 PPC 005FF99C
0CBF17C8 PPC 00618500
0CBF17C0 0CBF17B8 PPC 0060D44C
0CBF1748 0CBF1740 PPC 006251DC
0CBF16A8 PPC 00615784
0CBF16A0 0CBF1698 PPC 3F8B5B84 __UseResFile+000A0
0CBF1668 PPC FFD09900 GetHandleSize+00024
0CBF1648 0CBF1640 PPC 0061EA70
0CBF1644 0CBF1640 68K 005E7616 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0CBF1624 68K 000013FE
0CBF1610 0CBF1608 PPC 0067A478
0CBF15D0 0CBF15C8 PPC 0067A660
0CBF1590 0CBF1588 PPC 005FF99C
0CBF1500 0CBF14F8 PPC 00609420
0CBF14D0 0CBF14CC 68K FFCDFB5E FragRegisterLocalAllocator+0051A
0CBF14C8 0CBF14C0 PPC 00609B3C
0CBF1490 0CBF1488 PPC FFD09D74 GetZone+0001C
0CBF1480 PPC FFCDEA8C FragGetContextInfo+00028
0CBF1478 0CBF1470 PPC 0067A5F0
Displaying memory from sp
0CBF1470 0CBF 15C8 0CBF 1500 0067 A5F4 000C 0654 •ø•»•ø•••g•Ù•••T
0CBF1480 FFCD EA90 0064 6574 0CBF 14C8 2222 0428 ˇÕÍê•det•ø•»""•(
0CBF1490 FFD0 9D78 0000 0050 0CBF 14D8 0008 DEC4 ˇ–ùx•••P•ø•ÿ••fiƒ
0CBF14A0 0CBF 15E0 0000 0000 005C CC20 0000 01F4 •ø•‡•••••\à •••Ù
0CBF14B0 005C CC20 0000 4D24 0CBF 14F8 0064 7307 •\à ••M$•ø•¯•ds•
0CBF14C0 0CBF 14F8 0000 2800 0060 9B40 0CBF 14F0 •ø•¯••(••`õ@•ø•
0CBF14D0 FFCD FB60 0000 5A4C 0CBF 1500 0062 F210 ˇÕ˚`••ZL•ø•••bÚ•
0CBF14E0 3637 3930 4630 0028 0067 90E0 0000 2800 6790F0•(•gꇕ•(•
Displaying memory from 0
00000000 FFC1 0000 FFC1 0000 FFC0 49B0 FFC0 49B2 ˇ¡••ˇ¡••ˇ¿I∞ˇ¿I≤
00000010 FFC0 49B4 FFC0 49B6 FFC0 49B8 FFC0 49BA ˇ¿I¥ˇ¿I∂ˇ¿I∏ˇ¿I∫
Closing log
This the MacsBug stdlog file on the moment of the crash when OT is loaded:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 005DFEC0 LibraryManagerEntry+FEFA0
15-Dec-2015 8:31:47 PM (since boot = 20 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is on; paging is currently safe (and it probably isn't VM's fault)
NIL^ = $FFC10000
Stack space used = +217984964
Address 005DFEC0 is in the System heap at 00002800 at LibraryManagerEntry+FEFA0
It is 00000C30 bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 005DF290 00002000+04 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 005DFEC0 CR 0010 0100 0010 0010 0000 0100 0100 1000
LR = 005DFEC0 <>=O XEVO
CTR = 00000000
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 0067A5F4 R8 = 00000000 R16 = 70777063 R24 = 000501E0
SP = 0CBF1470 R9 = 00000000 R17 = 00000001 R25 = 005E7618
TOC = 00646574 R10 = 005CCBE8 R18 = 00000000 R26 = 00000FF1
R3 = 00000000 R11 = 00000000 R19 = 00000000 R27 = 00000001
R4 = 005DFD60 R12 = 42220448 R20 = 00000000 R28 = 0CBF14A8
R5 = 005DFEC0 R13 = 0059BEB0 R21 = 00000001 R29 = 00002800
R6 = 005DFEC0 R14 = 00004D24 R22 = 0CBF2EA8 R30 = 0CBF14AC
R7 = 005CCC20 R15 = 0CBFB38E R23 = 00000003 R31 = 00000000
Disassembling PowerPC code from 005DFE98
LibraryManagerEntry
005DFE98 dc.l 0x005CCBE8 | 005CCBE8
005DFE9C dc.l 0x005DFEA4 | 005DFEA4
005DFEA0 dc.l 0x00000000 | 00000000
005DFEA4 dc.l 0x005CCC20 | 005CCC20
005DFEA8 dc.l 0x00000000 | 00000000
005DFEAC dc.l 0x00000000 | 00000000
005DFEB0 dc.l 0x00000000 | 00000000
005DFEB4 dc.l 0x00000000 | 00000000
005DFEB8 dc.l 0x00087930 | 00087930
005DFEBC dc.l 0x00000038 | 00000038
005DFEC0 *dc.l 0x00000000 | 00000000
005DFEC4 dc.l 0x00000000 | 00000000
005DFEC8 dc.l 0x00000001 | 00000001
005DFECC dc.l 0x00000000 | 00000000
005DFED0 dc.l 0x00000001 | 00000001
005DFED4 dc.l 0x000001B1 | 000001B1
005DFED8 dc.l 0x00030003 | 00030003
005DFEDC dc.l 0x00002800 | 00002800
005DFEE0 dc.l 0x005CCC20 | 005CCC20
005DFEE4 dc.l 0x005CCC20 | 005CCC20
Heap zones
#1 Mod 10240K 00002800 to 00A027FF SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 6K 00A02800 to 00A03FFF
#4 Mod 6K 00A02800 to 00A03FFF
#5 Mod 9215K 11000000 to 118FFFDF
#6 Mod 216K 111413D0 to 111773CF
#7 Mod 94K 11217450 to 1122F02F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 00A02800 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001A #26 002FF620 #3143200 (#3069K)
Nonrelocatable 0928 #2344 0049A16C #4825452 (#4712K)
Relocatable 030F #783 00266830 #2517040 (#2458K)
Locked 00D4 #212 001B2070 #1777776 (#1736K)
Purgeable and not locked 0043 #67 0001B4E0 #111840 (#109K)
Heap size 0C51 #3153 009FFFBC #10485692 (#9M)
The target heap is the heap at 00A02800
Totaling the heap at 00A02800
Total Blocks Total of Block Sizes
Free 0001 #1 00001650 #5712
Nonrelocatable 0003 #3 0000016C #364
Relocatable 0000 #0 00000000 #0
Locked 0000 #0 00000000 #0
Purgeable and not locked 0000 #0 00000000 #0
Heap size 0004 #4 000017BC #6076
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001A #26 002FF620 #3143200 (#3069K)
Nonrelocatable 0928 #2344 0049A16C #4825452 (#4712K)
Relocatable 030F #783 00266830 #2517040 (#2458K)
Locked 00D4 #212 001B2070 #1777776 (#1736K)
Purgeable and not locked 0043 #67 0001B4E0 #111840 (#109K)
Heap size 0C51 #3153 009FFFBC #10485692 (#9M)
Displaying File Control Blocks
FRef Name VRef Type Fl ForkID LogEOF
0002 System FFFF zsys mW rsrc 006BCB73
0006 **** EXTENTS B-TREE FFFF •••• mw data 00400000
000A **** CATALOG B-TREE FFFF •••• mw data 00400000
000E **** VOLUME BITMAP FFFF •••• mw data 00010000
00C2 USB Device Extension FFFF ndrv mw data 00060B86
00C6 HID Library FFFF shlb mw data 000054B8
00D2 USB Software Locator FFFF ndrv mw data 00004672
010A Open Transport FFFF otsl mw data 0019D7D2
010E Open Transport FFFF otsl mw rsrc 00041F5E
0136 Shared Library Manager PPC FFFF INIT mw rsrc 0004A851
014A Open Transport ASLM Modules FFFF libr mw rsrc 000E5125
0202 Mac OS ROM FFFF tbxi mW rsrc 000960FF
02AA Apple Enet DLPI Support FFFF shlb mw data 00013E38
02AE EnetShimLib FFFF shlb mw data 00001C3C
02B2 Shared Library Manager PPC FFFF INIT mw rsrc 0004A851
02B6 Open Transport ASLM Modules FFFF libr mw rsrc 000E5125
02BA StdLog FFFF TEXT mW data 00001AB1
0352 VM Storage FFFF ZSYS mW data 11900000
036A System Resources FFFF zsyr mw rsrc 000FFC67
03F6 System FFFF zsys mw data 006DC2C0
041A Mac OS ROM FFFF tbxi mw data 002AAB86
0422 Type 1 Scaler FFFF sclr mw data 000875A7
044A FontAnnexFile FFFF xfnt mW data 000002DC
0496 Language Kit Preferences FFFF pref mW rsrc 000001E4
#384 FCBs, #54 in use (including #30 fonts not listed), #330 free
Displaying Volume Control Blocks
vRef VolName Flg dRef Drv# FSID NumBlks BlkSiz FilCnt DirCnt BlsdDir VCBPtr
FFFF qemu os922 dsh FFCA 0008 0000 0007FF38 001000 000BB2 0001DB 0000001B 00159C50
#1 VCBs
Displaying Drive Queue
Drive Volume Flags dRef Driver Name FSID Size QElem at
0008 qemu os922 leiS FFCA .ATADisk 0000 003FFB36 00188B56
#1 drive
Displaying Driver Control Entries
dRef dNum Driver Flg Ver qHead Stor/Ver Dely Drvr at DCE at
FFFA 0005 .AIn bPC #9 00000000 00000000 0000 005A7424 0059B8D0
FFF9 0006 .AOut bPC #9 00000000 00000000 0000 005A74E4 0059B920
FFF8 0007 .BIn bPC #9 00000000 00000000 0000 005A75A4 0059B970
FFF7 0008 .BOut bPC #9 00000000 00000000 0000 005A7664 0059B9C0
FFCF 0030 .EDisk bPC #0 00000000 00000000 003C FFCB6350 000DC780
FFCE 0031 .LANDisk bPC #1 00000000 00000000 0000 000DCA20 000EEE50
FFCD 0032 .Display_Video_Apple_COFB bPO #0 00000000 00.00d00 0000 000F0C48 000F0C10
FFCC 0033 .ATALoad bPO #0 00000000 00183970 0001 FFD9CAF0 00183920
FFCB 0034 .swmdrvr bPO #0 00000000 0000510C 0001 00562730 001E7DC0
FFCA 0035 .ATADisk bPO #0 00000000 001889D2 0065 0018C82E 001883E0
FFC9 0036 .HDI bPO #0 00000000 00592840 0000 005AB5C0 00188F70
FFC8 0037 .Display_Video_Apple_Offsc… bPO #0 00000000 01.00f00 0000 0059F608 0059F5D0
FFC7 0038 .ASLM bPO #2 00000000 00000000 0000 005F2890 000C91A0
#96 Unit Table entries, #13 in use, #83 free
Displaying resource information:
Map $00004B58, flags $0000, file $0136 = Shared Library Manager PPC
> Map $00005A4C, flags $0000, file $014A = Open Transport ASLM Modules
+ Map $000058F4, flags $FF9A, file $0202 = Mac OS ROM
+ Map $0000587C, flags $FF9E, file $0003 = •ROM resources that override System•
S Map $00005A44, flags $FF8D, file $0002 = System
Map $000042DC, flags $001C, file $010E = Open Transport
Map $00004ECC, flags $FF9C, file $0496 = Language Kit Preferences
Map $00005828, flags $FF94, file $036A = System Resources
[Skipped $001E maps belonging to font files]
Calling chain using A6/R1 links
Back chain ISA Caller
0CBF2FBC 68K 0CBFF3A0
0CBF2E79 PPC FFCECE1C EmToNatEndMoveParams+00014
0CBF2E00 PPC FFCDFCC0 GetSharedLibrary+000D0
0CBF2D90 PPC FFCDD280 FragPrepare+003AC
0CBF2B30 PPC FFCE2AEC GetIndSymbol+02A34
0CBF2AC0 PPC FFCE233C GetIndSymbol+02284
0CBF2A60 PPC FFCE20EC GetIndSymbol+02034
0CBF29E0 PPC 3F26F6A4 BootOpenTransport+000D4
0CBF29A0 68K 005E220C 'lmgr 0000 010E'+0008C
0CBF28FA 68K 005E2C1C 'lmgr 0000 010E'+00A9C
0CBF28E6 68K 005E2B76 'lmgr 0000 010E'+009F6
0CBF28C6 68K 005E6DCE 'AINI 8042 010E Startup ASLM PPC'+000DE
0CBF2862 68K 005E742A LoadLibraryManagerEntry+0012C
0CBF25AB PPC FFCECE1C EmToNatEndMoveParams+00014
0CBF2540 PPC 005F78E4
0CBF2438 PPC 00612DC8
0CBF2398 PPC 0061E2F8
0CBF2350 PPC 00620020
0CBF22F0 PPC 0061611C
0CBF20C8 PPC 0061F300
0CBF1F18 PPC 0063E418
0CBF1EE0 PPC 0063AF3C
0CBF1EA0 PPC 0063C880 ResidentOpenTransport+00C40
0CBF1CF0 PPC 0063BB90 DoLoadUnload()+0006C
0CBF1CA0 PPC 3F2D86A0 OTRunPortScanners+00278
0CBF1C00 PPC 0061C240
0CBF1BB0 PPC 0061BF3C
0CBF1B60 PPC 0061C114
0CBF1B20 PPC 0061E314
0CBF1AD8 PPC 00620020
0CBF1A78 PPC 00616104
0CBF1850 PPC 0061EA70
0CBF1640 PPC 0067A478
0CBF1608 PPC 0067A660
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
0CBF1858 PPC 00616104
0CBF1808 0CBF1800 PPC 00620618
0CBF17E8 PPC 005FF99C
0CBF17C8 PPC 00618500
0CBF17C0 0CBF17B8 PPC 0060D44C
0CBF1748 0CBF1740 PPC 006251DC
0CBF16A8 PPC 00615784
0CBF16A0 0CBF1698 PPC 3F8B5B84 __UseResFile+000A0
0CBF1668 PPC FFD09900 GetHandleSize+00024
0CBF1648 0CBF1640 PPC 0061EA70
0CBF1644 0CBF1640 68K 005E7616 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0CBF1624 68K 000013FE
0CBF1610 0CBF1608 PPC 0067A478
0CBF15D0 0CBF15C8 PPC 0067A660
0CBF1590 0CBF1588 PPC 005FF99C
0CBF1500 0CBF14F8 PPC 00609420
0CBF14D0 0CBF14CC 68K FFCDFB5E FragRegisterLocalAllocator+0051A
0CBF14C8 0CBF14C0 PPC 00609B3C
0CBF1490 0CBF1488 PPC FFD09D74 GetZone+0001C
0CBF1480 PPC FFCDEA8C FragGetContextInfo+00028
0CBF1478 0CBF1470 PPC 0067A5F0
Displaying memory from sp
0CBF1470 0CBF 15C8 0CBF 1500 0067 A5F4 000C 0654 •ø•»•ø•••g•Ù•••T
0CBF1480 FFCD EA90 0064 6574 0CBF 14C8 2222 0428 ˇÕÍê•det•ø•»""•(
0CBF1490 FFD0 9D78 0000 0050 0CBF 14D8 0008 DEC4 ˇ–ùx•••P•ø•ÿ••fiƒ
0CBF14A0 0CBF 15E0 0000 0000 005C CC20 0000 01F4 •ø•‡•••••\à •••Ù
0CBF14B0 005C CC20 0000 4D24 0CBF 14F8 0064 7307 •\à ••M$•ø•¯•ds•
0CBF14C0 0CBF 14F8 0000 2800 0060 9B40 0CBF 14F0 •ø•¯••(••`õ@•ø•
0CBF14D0 FFCD FB60 0000 5A4C 0CBF 1500 0062 F210 ˇÕ˚`••ZL•ø•••bÚ•
0CBF14E0 3637 3930 4630 0028 0067 90E0 0000 2800 6790F0•(•gꇕ•(•
Displaying memory from 0
00000000 FFC1 0000 FFC1 0000 FFC0 49B0 FFC0 49B2 ˇ¡••ˇ¡••ˇ¿I∞ˇ¿I≤
00000010 FFC0 49B4 FFC0 49B6 FFC0 49B8 FFC0 49BA ˇ¿I¥ˇ¿I∂ˇ¿I∏ˇ¿I∫
Closing log
-
adespoton
- Forum All-Star
- Posts: 4285
- Joined: Fri Nov 27, 2009 5:11 am
- Location: Emaculation.com
- Contact:
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Excellent! It looks like the problem is indeed shortly after OTRunPortScanners, which would line up with the guesses about getting unexpected results from the serial driver. Maybe we can tweak QEMU to just return dummy serial values?
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Can't seem to find these OTRunPortScanners anywhere in the documentation, nor on the internet.
The debugger has a nasty habit: you need to click the mouse to get Mac OS to boot with it, and then when you have booted with it (and nothing triggers it to automatically show), you have no mouse in the OS.
Best,
Cat_7
The debugger has a nasty habit: you need to click the mouse to get Mac OS to boot with it, and then when you have booted with it (and nothing triggers it to automatically show), you have no mouse in the OS.
Best,
Cat_7
-
adespoton
- Forum All-Star
- Posts: 4285
- Joined: Fri Nov 27, 2009 5:11 am
- Location: Emaculation.com
- Contact:
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
I'm currently having that same problem with debuggers off on that build, attempting to boot 10.4. I'm trying to see what happens if I install 9.2.2 as Classic inside 10.4.11, but due to the mouse vanishing, I'm not getting all that far 
I don't recall having this issue on previous QEMU builds.
IIRC from debugging OT on actual hardware back in the day, OTRUnPortScanners is the subroutine that polls attached hardware for available communications ports. This gets handed off to ADB/ethernet/etc. by the next routine down, which doesn't appear to have shown up in the dump. But the fact that it crashes AFTER this, and before the results are returned points to something going wrong when it queries ADB (as we know ethernet works fine with QEMU when enabled, and isn't enabled in your config anyway).
I don't recall having this issue on previous QEMU builds.IIRC from debugging OT on actual hardware back in the day, OTRUnPortScanners is the subroutine that polls attached hardware for available communications ports. This gets handed off to ADB/ethernet/etc. by the next routine down, which doesn't appear to have shown up in the dump. But the fact that it crashes AFTER this, and before the results are returned points to something going wrong when it queries ADB (as we know ethernet works fine with QEMU when enabled, and isn't enabled in your config anyway).
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
OT probes ADB, or serial? or both?
ref:
"Open Transport Module Developer Note PRELIMINARY Revision 1.5d2"
http://bebop.gtxent.com/OT_Module_Dev_Note.pdf
ref:
"Open Transport Module Developer Note PRELIMINARY Revision 1.5d2"
http://bebop.gtxent.com/OT_Module_Dev_Note.pdf
-
adespoton
- Forum All-Star
- Posts: 4285
- Joined: Fri Nov 27, 2009 5:11 am
- Location: Emaculation.com
- Contact:
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Depends on you look at it; in that document, see kOTPortIsPrivate and kOTPortIsAlias -- 'serial' is an alias that generally points to ADB ports A and B. However, I seem to recall OTRunPortScanners is actually scanning the pseudo-ports, which includes AppleTalk virtual ports. By extension, it is probing the ADB devices.
I think the documentation for OT 1.2 is clearer on this than the 1.5 documentation, which offloads a lot to the OT APIs that the hardware devices can use. OT 1.5 was still backwards compatible with the OT 1.2 spec though.
I think the documentation for OT 1.2 is clearer on this than the 1.5 documentation, which offloads a lot to the OT APIs that the hardware devices can use. OT 1.5 was still backwards compatible with the OT 1.2 spec though.
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
perhaps I am just sleepy, but are you referring to ADB, as in Apple Desktop Bus, or legacy serial like the Printer and geoports, aka SerialA and SerialB?
Currently serial emulation is provided by an emulated escc (some posts up mark asked to check the escc as well as dbdma) perhaps we need to check if the emulator properly emulates these ports. check Marks Cave-Ayland's post above.
Currently serial emulation is provided by an emulated escc (some posts up mark asked to check the escc as well as dbdma) perhaps we need to check if the emulator properly emulates these ports. check Marks Cave-Ayland's post above.
-
adespoton
- Forum All-Star
- Posts: 4285
- Joined: Fri Nov 27, 2009 5:11 am
- Location: Emaculation.com
- Contact:
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Sorry; I think it was me being sleepy. It's polling SerialA and SerialB; it can also poll things on ADB, but only if they've got a pseudo-port entry already. So the main focus is SerialA and SerialB. ADB communications dongles shouldn't be an issue.
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
In my local test images any ADB input is enough to get MacOS to boot with Macsbugs - my guess is that the extension is trying to determine whether an ADB or USB keyboard is connected. I normally hit a few keys or wiggle the mouse somewhere around the happy mac icon to allow boot to continue, although once the mouse has been moved it always seems to work fine within the OS.Cat_7 wrote:Can't seem to find these OTRunPortScanners anywhere in the documentation, nor on the internet.
The debugger has a nasty habit: you need to click the mouse to get Mac OS to boot with it, and then when you have booted with it (and nothing triggers it to automatically show), you have no mouse in the OS.
Best,
Cat_7
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Thank you so much for this link - this is a very useful document! Page 27 indicates that OT tries to register drivers on SCCA and SCCB automatically on boot which as you indicate seems to point in the direction of the serial port so that's where I'm looking at the moment.gtxaspec wrote:OT probes ADB, or serial? or both?
ref:
"Open Transport Module Developer Note PRELIMINARY Revision 1.5d2"
http://bebop.gtxent.com/OT_Module_Dev_Note.pdf
With this in mind, I've experimented with adding various extra properties to the ESCC devices in the OpenBIOS device tree and produced some new test binaries below:
https://www.ilande.co.uk/tmp/openbios/o ... -ppc-test1
https://www.ilande.co.uk/tmp/openbios/o ... -ppc-test2
https://www.ilande.co.uk/tmp/openbios/o ... -ppc-test3
https://www.ilande.co.uk/tmp/openbios/o ... -ppc-test4
I'd be interested if people can experiment with the 4 binaries above and report back whether they make any difference with OT on boot. QEMU doesn't currently emulate serial DBDMA (which is what most of the properties added above represent) so it might be that these binaries cause a different type of crash rather than fix the actual problem. However even this is a help as it tells us that we are looking in the right place
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Hi,
I have 4 log files from the early crash using the 4 openbios binaries, booting Test1.raw, with the OT debug extensions and the debugger installed.
Booting is OK from all binaries, but the mouse issue remains when invoking the debugger.
Please let me know if there is anything else I can do from the debugger.
I also experimented with the OT files from a SheepShaver 9.0.4 installation. Boot is OK to the desktop, but starting e.g., the TCP/IP control panel results in an error message about OTUtilities that can't load.
StdLog from test1:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009F7F68
20-Dec-2015 12:10:53 AM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009F7F68 is in the System heap at 00002800
It is 000000D8 bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009F7E90 000001AC+08 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009F7F68 CR 0010 0010 0010 0010 0000 0100 0100 1000
LR = 009F7F68 <>=O XEVO
CTR = FFCEF3A0
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009F7F68 R8 = 0BB8B840 R16 = 70777063 R24 = 00050130
SP = 0BB8B928 R9 = 6806DE08 R17 = 00000001 R25 = 0097C418
TOC = 0008DEC4 R10 = 00000008 R18 = 00000000 R26 = 00000FF1
R3 = 00000000 R11 = FFCECB3C R19 = 00000000 R27 = 0BB8B928
R4 = 00023932 R12 = 22220448 R20 = 00000000 R28 = 009F84CC
R5 = 0000A346 R13 = 0094E270 R21 = 00000001 R29 = 0094E35C
R6 = 00000000 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0BB8B92C
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 00000000
Disassembling PowerPC code from 009F7F40
No procedure name
009F7F40 dc.l 0x4F545363 | 4F545363
009F7F44 ori r14,r11,0x506F | 616E506F
009F7F48 andi. r20,r19,0x7300 | 72747300
009F7F4C dc.l 0x00000000 | 00000000
009F7F50 dc.l 0x009F7F40 | 009F7F40
009F7F54 dc.l 0x00000000 | 00000000
009F7F58 dc.l 0x009DF430 | 009DF430
009F7F5C dc.l 0x009F7EF8 | 009F7EF8
009F7F60 dc.l 0x00000000 | 00000000
009F7F64 dc.l 0x00000000 | 00000000
009F7F68 *dc.l 0x4F54506F | 4F54506F
009F7F6C andi. r20,r19,0x4366 | 72744366
009F7F70 oris r4,r25,0x4352 | 67244352
009F7F74 dc.l 0x4D506174 | 4D506174
009F7F78 ori r8,r27,0x002E | 6368002E
009F7F7C sc 0x0813 | 4642204F
009F7F80 rlwinm. r19,RTOC,0x0C,0x0D,0x10 | 54536361
009F7F84 xoris r16,r18,0x6F72 | 6E506F72
009F7F88 andis. r19,r3,0x3A20 | 74733A20
009F7F8C xoris r15,r3,0x6164 | 6C6F6164
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E9720 to 0061F71F
#4 Mod 94K 006BF7A0 to 006D737F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E9720 is ok
The heap at 006BF7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001E #30 00031480 #201856 (#197K)
Nonrelocatable 0923 #2339 0082E4AC #8578220 (#8377K)
Relocatable 02D3 #723 00259DD0 #2465232 (#2407K)
Locked 00C1 #193 001D18B0 #1906864 (#1862K)
Purgeable and not locked 0031 #49 0000CD20 #52512 (#51K)
Heap size 0C14 #3092 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
Zone pointer, bkLim, or length of trailer block is bad
Memory set starting at 0000012D
PowerPC illegal instruction at 009F7F68
Step (over)
PowerPC illegal instruction at 009F7F68
Memory set starting at 0000012D
Memory set starting at 0000012D
PowerPC illegal instruction at 009F7F68
Step (over)
PowerPC illegal instruction at 009F7F68
Memory set starting at 0000012D
PowerPC illegal instruction at 009F7F68
StdLog from test2:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009F7F68
20-Dec-2015 12:13:27 AM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009F7F68 is in the System heap at 00002800
It is 000000D8 bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009F7E90 000001AC+08 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009F7F68 CR 0010 0010 0010 0010 0000 0100 0100 1000
LR = 009F7F68 <>=O XEVO
CTR = FFCEF3A0
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009F7F68 R8 = 0BB8B840 R16 = 70777063 R24 = 00050130
SP = 0BB8B928 R9 = 6806DE08 R17 = 00000001 R25 = 0097C418
TOC = 0008DEC4 R10 = 00000008 R18 = 00000000 R26 = 00000FF1
R3 = 00000000 R11 = FFCECB3C R19 = 00000000 R27 = 0BB8B928
R4 = 00023932 R12 = 22220448 R20 = 00000000 R28 = 009F84CC
R5 = 0000A346 R13 = 0094E270 R21 = 00000001 R29 = 0094E35C
R6 = 00000000 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0BB8B92C
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 00000000
Disassembling PowerPC code from 009F7F40
No procedure name
009F7F40 dc.l 0x4F545363 | 4F545363
009F7F44 ori r14,r11,0x506F | 616E506F
009F7F48 andi. r20,r19,0x7300 | 72747300
009F7F4C dc.l 0x00000000 | 00000000
009F7F50 dc.l 0x009F7F40 | 009F7F40
009F7F54 dc.l 0x00000000 | 00000000
009F7F58 dc.l 0x009DF430 | 009DF430
009F7F5C dc.l 0x009F7EF8 | 009F7EF8
009F7F60 dc.l 0x00000000 | 00000000
009F7F64 dc.l 0x00000000 | 00000000
009F7F68 *dc.l 0x4F54506F | 4F54506F
009F7F6C andi. r20,r19,0x4366 | 72744366
009F7F70 oris r4,r25,0x4352 | 67244352
009F7F74 dc.l 0x4D506174 | 4D506174
009F7F78 ori r8,r27,0x002E | 6368002E
009F7F7C sc 0x0813 | 4642204F
009F7F80 rlwinm. r19,RTOC,0x0C,0x0D,0x10 | 54536361
009F7F84 xoris r16,r18,0x6F72 | 6E506F72
009F7F88 andis. r19,r3,0x3A20 | 74733A20
009F7F8C xoris r15,r3,0x6164 | 6C6F6164
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E9720 to 0061F71F
#4 Mod 94K 006BF7A0 to 006D737F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E9720 is ok
The heap at 006BF7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001E #30 00031480 #201856 (#197K)
Nonrelocatable 0923 #2339 0082E4AC #8578220 (#8377K)
Relocatable 02D3 #723 00259DD0 #2465232 (#2407K)
Locked 00C1 #193 001D18B0 #1906864 (#1862K)
Purgeable and not locked 0031 #49 0000CD20 #52512 (#51K)
Heap size 0C14 #3092 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
Zone pointer, bkLim, or length of trailer block is bad
PowerPC illegal instruction at 009F7F68
Memory set starting at 0000012D
PowerPC illegal instruction at 009F7F68
Step (over)
PowerPC illegal instruction at 009F7F68
Memory set starting at 0000012D
Memory set starting at 0000012D
PowerPC illegal instruction at 009F7F68
Step (over)
PowerPC illegal instruction at 009F7F68
Memory set starting at 0000012D
StdLog from test3:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009BBBAC
20-Dec-2015 12:07:06 AM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009BBBAC is in the System heap at 00002800
It is 000009DC bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009BB1D0 00006E64+10 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009BBBAC CR 0100 0100 0010 0010 0000 0100 0010 0010
LR = 009FB658 <>=O XEVO
CTR = 009BBBAC
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009BBBAC R8 = 00001400 R16 = 70777063 R24 = 000501B0
SP = 0BB8BF20 R9 = 00000000 R17 = 00000001 R25 = 0097A458
TOC = 009BD364 R10 = 009BDE50 R18 = 00000000 R26 = 00000FF1
R3 = 0BB8C764 R11 = 009BBAA4 R19 = 00000000 R27 = 00000001
R4 = 00000001 R12 = 009C14E0 R20 = 00000000 R28 = 0BB8C9FE
R5 = 009BB714 R13 = 0094C0C0 R21 = 00000001 R29 = 0094D97C
R6 = 0BB8C768 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0094D970
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 0BB8BF9C
Disassembling PowerPC code from 009BBB84
No procedure name
009BBB84 dc.l 0x00000000 | 00000000
009BBB88 dc.l 0x0098D728 | 0098D728
009BBB8C dc.l 0x009BB714 | 009BB714
009BBB90 dc.l 0x00000000 | 00000000
009BBB94 dc.l 0x0098D730 | 0098D730
009BBB98 dc.l 0x009BB714 | 009BB714
009BBB9C dc.l 0x00000000 | 00000000
009BBBA0 dc.l 0x0098D740 | 0098D740
009BBBA4 dc.l 0x009BB714 | 009BB714
009BBBA8 dc.l 0x00000000 | 00000000
009BBBAC *dc.l 0x0098FA18 | 0098FA18
009BBBB0 dc.l 0x009BB714 | 009BB714
009BBBB4 dc.l 0x00000000 | 00000000
009BBBB8 dc.l 0x0098FA20 | 0098FA20
009BBBBC dc.l 0x009BB714 | 009BB714
009BBBC0 dc.l 0x00000000 | 00000000
009BBBC4 dc.l 0x0098FA28 | 0098FA28
009BBBC8 dc.l 0x009BB714 | 009BB714
009BBBCC dc.l 0x00000000 | 00000000
009BBBD0 dc.l 0x0098FA30 | 0098FA30
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E7720 to 0061D71F
#4 Mod 94K 006BD7A0 to 006D537F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E7720 is ok
The heap at 006BD7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001E #30 00036150 #221520 (#216K)
Nonrelocatable 091E #2334 0082BEAC #8568492 (#8367K)
Relocatable 02D0 #720 00257700 #2455296 (#2397K)
Locked 00BE #190 001CEFA0 #1896352 (#1851K)
Purgeable and not locked 0031 #49 0000CD10 #52496 (#51K)
Heap size 0C0C #3084 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
StdLog from test4:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009A20BC
20-Dec-2015 12:15:37 AM (since boot = 12 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009A20BC is in the System heap at 00002800
It is 000009DC bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009A16E0 00006E64+10 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009A20BC CR 0100 0100 0010 0010 0000 0100 0010 0010
LR = 009FAC28 <>=O XEVO
CTR = 009A20BC
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009A20BC R8 = 00001400 R16 = 70777063 R24 = 00050220
SP = 0BB8BF20 R9 = 00000000 R17 = 00000001 R25 = 00960968
TOC = 009A3874 R10 = 009A4360 R18 = 00000000 R26 = 00000FF1
R3 = 0BB8C764 R11 = 009A1FB4 R19 = 00000000 R27 = 00000001
R4 = 00000001 R12 = 009A79F0 R20 = 00000000 R28 = 0BB8C9FE
R5 = 009A1C24 R13 = 0094C0C0 R21 = 00000001 R29 = 0094D9AC
R6 = 0BB8C768 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0094D9A0
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 0BB8BF9C
Disassembling PowerPC code from 009A2094
No procedure name
009A2094 dc.l 0x00000000 | 00000000
009A2098 dc.l 0x00973C38 | 00973C38
009A209C dc.l 0x009A1C24 | 009A1C24
009A20A0 dc.l 0x00000000 | 00000000
009A20A4 dc.l 0x00973C40 | 00973C40
009A20A8 dc.l 0x009A1C24 | 009A1C24
009A20AC dc.l 0x00000000 | 00000000
009A20B0 dc.l 0x00973C50 | 00973C50
009A20B4 dc.l 0x009A1C24 | 009A1C24
009A20B8 dc.l 0x00000000 | 00000000
009A20BC *dc.l 0x00975F28 | 00975F28
009A20C0 dc.l 0x009A1C24 | 009A1C24
009A20C4 dc.l 0x00000000 | 00000000
009A20C8 dc.l 0x00975F30 | 00975F30
009A20CC dc.l 0x009A1C24 | 009A1C24
009A20D0 dc.l 0x00000000 | 00000000
009A20D4 dc.l 0x00975F38 | 00975F38
009A20D8 dc.l 0x009A1C24 | 009A1C24
009A20DC dc.l 0x00000000 | 00000000
009A20E0 dc.l 0x00975F40 | 00975F40
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E7720 to 0061D71F
#4 Mod 94K 006BD7A0 to 006D537F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E7720 is ok
The heap at 006BD7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 0014 #20 000360D0 #221392 (#216K)
Nonrelocatable 091E #2334 0082BEDC #8568540 (#8367K)
Relocatable 02D0 #720 00257750 #2455376 (#2397K)
Locked 00BE #190 001CEFD0 #1896400 (#1851K)
Purgeable and not locked 0031 #49 0000CD10 #52496 (#51K)
Heap size 0C02 #3074 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
Zone pointer, bkLim, or length of trailer block is bad
Memory set starting at 0000012D
PowerPC illegal instruction at 009A20BC
Step (over)
PowerPC illegal instruction at 009A20BC
Memory set starting at 0000012D
I have 4 log files from the early crash using the 4 openbios binaries, booting Test1.raw, with the OT debug extensions and the debugger installed.
Booting is OK from all binaries, but the mouse issue remains when invoking the debugger.
Please let me know if there is anything else I can do from the debugger.
I also experimented with the OT files from a SheepShaver 9.0.4 installation. Boot is OK to the desktop, but starting e.g., the TCP/IP control panel results in an error message about OTUtilities that can't load.
StdLog from test1:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009F7F68
20-Dec-2015 12:10:53 AM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009F7F68 is in the System heap at 00002800
It is 000000D8 bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009F7E90 000001AC+08 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009F7F68 CR 0010 0010 0010 0010 0000 0100 0100 1000
LR = 009F7F68 <>=O XEVO
CTR = FFCEF3A0
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009F7F68 R8 = 0BB8B840 R16 = 70777063 R24 = 00050130
SP = 0BB8B928 R9 = 6806DE08 R17 = 00000001 R25 = 0097C418
TOC = 0008DEC4 R10 = 00000008 R18 = 00000000 R26 = 00000FF1
R3 = 00000000 R11 = FFCECB3C R19 = 00000000 R27 = 0BB8B928
R4 = 00023932 R12 = 22220448 R20 = 00000000 R28 = 009F84CC
R5 = 0000A346 R13 = 0094E270 R21 = 00000001 R29 = 0094E35C
R6 = 00000000 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0BB8B92C
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 00000000
Disassembling PowerPC code from 009F7F40
No procedure name
009F7F40 dc.l 0x4F545363 | 4F545363
009F7F44 ori r14,r11,0x506F | 616E506F
009F7F48 andi. r20,r19,0x7300 | 72747300
009F7F4C dc.l 0x00000000 | 00000000
009F7F50 dc.l 0x009F7F40 | 009F7F40
009F7F54 dc.l 0x00000000 | 00000000
009F7F58 dc.l 0x009DF430 | 009DF430
009F7F5C dc.l 0x009F7EF8 | 009F7EF8
009F7F60 dc.l 0x00000000 | 00000000
009F7F64 dc.l 0x00000000 | 00000000
009F7F68 *dc.l 0x4F54506F | 4F54506F
009F7F6C andi. r20,r19,0x4366 | 72744366
009F7F70 oris r4,r25,0x4352 | 67244352
009F7F74 dc.l 0x4D506174 | 4D506174
009F7F78 ori r8,r27,0x002E | 6368002E
009F7F7C sc 0x0813 | 4642204F
009F7F80 rlwinm. r19,RTOC,0x0C,0x0D,0x10 | 54536361
009F7F84 xoris r16,r18,0x6F72 | 6E506F72
009F7F88 andis. r19,r3,0x3A20 | 74733A20
009F7F8C xoris r15,r3,0x6164 | 6C6F6164
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E9720 to 0061F71F
#4 Mod 94K 006BF7A0 to 006D737F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E9720 is ok
The heap at 006BF7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001E #30 00031480 #201856 (#197K)
Nonrelocatable 0923 #2339 0082E4AC #8578220 (#8377K)
Relocatable 02D3 #723 00259DD0 #2465232 (#2407K)
Locked 00C1 #193 001D18B0 #1906864 (#1862K)
Purgeable and not locked 0031 #49 0000CD20 #52512 (#51K)
Heap size 0C14 #3092 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
Zone pointer, bkLim, or length of trailer block is bad
Memory set starting at 0000012D
PowerPC illegal instruction at 009F7F68
Step (over)
PowerPC illegal instruction at 009F7F68
Memory set starting at 0000012D
Memory set starting at 0000012D
PowerPC illegal instruction at 009F7F68
Step (over)
PowerPC illegal instruction at 009F7F68
Memory set starting at 0000012D
PowerPC illegal instruction at 009F7F68
StdLog from test2:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009F7F68
20-Dec-2015 12:13:27 AM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009F7F68 is in the System heap at 00002800
It is 000000D8 bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009F7E90 000001AC+08 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009F7F68 CR 0010 0010 0010 0010 0000 0100 0100 1000
LR = 009F7F68 <>=O XEVO
CTR = FFCEF3A0
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009F7F68 R8 = 0BB8B840 R16 = 70777063 R24 = 00050130
SP = 0BB8B928 R9 = 6806DE08 R17 = 00000001 R25 = 0097C418
TOC = 0008DEC4 R10 = 00000008 R18 = 00000000 R26 = 00000FF1
R3 = 00000000 R11 = FFCECB3C R19 = 00000000 R27 = 0BB8B928
R4 = 00023932 R12 = 22220448 R20 = 00000000 R28 = 009F84CC
R5 = 0000A346 R13 = 0094E270 R21 = 00000001 R29 = 0094E35C
R6 = 00000000 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0BB8B92C
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 00000000
Disassembling PowerPC code from 009F7F40
No procedure name
009F7F40 dc.l 0x4F545363 | 4F545363
009F7F44 ori r14,r11,0x506F | 616E506F
009F7F48 andi. r20,r19,0x7300 | 72747300
009F7F4C dc.l 0x00000000 | 00000000
009F7F50 dc.l 0x009F7F40 | 009F7F40
009F7F54 dc.l 0x00000000 | 00000000
009F7F58 dc.l 0x009DF430 | 009DF430
009F7F5C dc.l 0x009F7EF8 | 009F7EF8
009F7F60 dc.l 0x00000000 | 00000000
009F7F64 dc.l 0x00000000 | 00000000
009F7F68 *dc.l 0x4F54506F | 4F54506F
009F7F6C andi. r20,r19,0x4366 | 72744366
009F7F70 oris r4,r25,0x4352 | 67244352
009F7F74 dc.l 0x4D506174 | 4D506174
009F7F78 ori r8,r27,0x002E | 6368002E
009F7F7C sc 0x0813 | 4642204F
009F7F80 rlwinm. r19,RTOC,0x0C,0x0D,0x10 | 54536361
009F7F84 xoris r16,r18,0x6F72 | 6E506F72
009F7F88 andis. r19,r3,0x3A20 | 74733A20
009F7F8C xoris r15,r3,0x6164 | 6C6F6164
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E9720 to 0061F71F
#4 Mod 94K 006BF7A0 to 006D737F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E9720 is ok
The heap at 006BF7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001E #30 00031480 #201856 (#197K)
Nonrelocatable 0923 #2339 0082E4AC #8578220 (#8377K)
Relocatable 02D3 #723 00259DD0 #2465232 (#2407K)
Locked 00C1 #193 001D18B0 #1906864 (#1862K)
Purgeable and not locked 0031 #49 0000CD20 #52512 (#51K)
Heap size 0C14 #3092 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
Zone pointer, bkLim, or length of trailer block is bad
PowerPC illegal instruction at 009F7F68
Memory set starting at 0000012D
PowerPC illegal instruction at 009F7F68
Step (over)
PowerPC illegal instruction at 009F7F68
Memory set starting at 0000012D
Memory set starting at 0000012D
PowerPC illegal instruction at 009F7F68
Step (over)
PowerPC illegal instruction at 009F7F68
Memory set starting at 0000012D
StdLog from test3:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009BBBAC
20-Dec-2015 12:07:06 AM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009BBBAC is in the System heap at 00002800
It is 000009DC bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009BB1D0 00006E64+10 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009BBBAC CR 0100 0100 0010 0010 0000 0100 0010 0010
LR = 009FB658 <>=O XEVO
CTR = 009BBBAC
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009BBBAC R8 = 00001400 R16 = 70777063 R24 = 000501B0
SP = 0BB8BF20 R9 = 00000000 R17 = 00000001 R25 = 0097A458
TOC = 009BD364 R10 = 009BDE50 R18 = 00000000 R26 = 00000FF1
R3 = 0BB8C764 R11 = 009BBAA4 R19 = 00000000 R27 = 00000001
R4 = 00000001 R12 = 009C14E0 R20 = 00000000 R28 = 0BB8C9FE
R5 = 009BB714 R13 = 0094C0C0 R21 = 00000001 R29 = 0094D97C
R6 = 0BB8C768 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0094D970
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 0BB8BF9C
Disassembling PowerPC code from 009BBB84
No procedure name
009BBB84 dc.l 0x00000000 | 00000000
009BBB88 dc.l 0x0098D728 | 0098D728
009BBB8C dc.l 0x009BB714 | 009BB714
009BBB90 dc.l 0x00000000 | 00000000
009BBB94 dc.l 0x0098D730 | 0098D730
009BBB98 dc.l 0x009BB714 | 009BB714
009BBB9C dc.l 0x00000000 | 00000000
009BBBA0 dc.l 0x0098D740 | 0098D740
009BBBA4 dc.l 0x009BB714 | 009BB714
009BBBA8 dc.l 0x00000000 | 00000000
009BBBAC *dc.l 0x0098FA18 | 0098FA18
009BBBB0 dc.l 0x009BB714 | 009BB714
009BBBB4 dc.l 0x00000000 | 00000000
009BBBB8 dc.l 0x0098FA20 | 0098FA20
009BBBBC dc.l 0x009BB714 | 009BB714
009BBBC0 dc.l 0x00000000 | 00000000
009BBBC4 dc.l 0x0098FA28 | 0098FA28
009BBBC8 dc.l 0x009BB714 | 009BB714
009BBBCC dc.l 0x00000000 | 00000000
009BBBD0 dc.l 0x0098FA30 | 0098FA30
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E7720 to 0061D71F
#4 Mod 94K 006BD7A0 to 006D537F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E7720 is ok
The heap at 006BD7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001E #30 00036150 #221520 (#216K)
Nonrelocatable 091E #2334 0082BEAC #8568492 (#8367K)
Relocatable 02D0 #720 00257700 #2455296 (#2397K)
Locked 00BE #190 001CEFA0 #1896352 (#1851K)
Purgeable and not locked 0031 #49 0000CD10 #52496 (#51K)
Heap size 0C0C #3084 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
StdLog from test4:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009A20BC
20-Dec-2015 12:15:37 AM (since boot = 12 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009A20BC is in the System heap at 00002800
It is 000009DC bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009A16E0 00006E64+10 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009A20BC CR 0100 0100 0010 0010 0000 0100 0010 0010
LR = 009FAC28 <>=O XEVO
CTR = 009A20BC
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009A20BC R8 = 00001400 R16 = 70777063 R24 = 00050220
SP = 0BB8BF20 R9 = 00000000 R17 = 00000001 R25 = 00960968
TOC = 009A3874 R10 = 009A4360 R18 = 00000000 R26 = 00000FF1
R3 = 0BB8C764 R11 = 009A1FB4 R19 = 00000000 R27 = 00000001
R4 = 00000001 R12 = 009A79F0 R20 = 00000000 R28 = 0BB8C9FE
R5 = 009A1C24 R13 = 0094C0C0 R21 = 00000001 R29 = 0094D9AC
R6 = 0BB8C768 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0094D9A0
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 0BB8BF9C
Disassembling PowerPC code from 009A2094
No procedure name
009A2094 dc.l 0x00000000 | 00000000
009A2098 dc.l 0x00973C38 | 00973C38
009A209C dc.l 0x009A1C24 | 009A1C24
009A20A0 dc.l 0x00000000 | 00000000
009A20A4 dc.l 0x00973C40 | 00973C40
009A20A8 dc.l 0x009A1C24 | 009A1C24
009A20AC dc.l 0x00000000 | 00000000
009A20B0 dc.l 0x00973C50 | 00973C50
009A20B4 dc.l 0x009A1C24 | 009A1C24
009A20B8 dc.l 0x00000000 | 00000000
009A20BC *dc.l 0x00975F28 | 00975F28
009A20C0 dc.l 0x009A1C24 | 009A1C24
009A20C4 dc.l 0x00000000 | 00000000
009A20C8 dc.l 0x00975F30 | 00975F30
009A20CC dc.l 0x009A1C24 | 009A1C24
009A20D0 dc.l 0x00000000 | 00000000
009A20D4 dc.l 0x00975F38 | 00975F38
009A20D8 dc.l 0x009A1C24 | 009A1C24
009A20DC dc.l 0x00000000 | 00000000
009A20E0 dc.l 0x00975F40 | 00975F40
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E7720 to 0061D71F
#4 Mod 94K 006BD7A0 to 006D537F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E7720 is ok
The heap at 006BD7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 0014 #20 000360D0 #221392 (#216K)
Nonrelocatable 091E #2334 0082BEDC #8568540 (#8367K)
Relocatable 02D0 #720 00257750 #2455376 (#2397K)
Locked 00BE #190 001CEFD0 #1896400 (#1851K)
Purgeable and not locked 0031 #49 0000CD10 #52496 (#51K)
Heap size 0C02 #3074 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
Zone pointer, bkLim, or length of trailer block is bad
Memory set starting at 0000012D
PowerPC illegal instruction at 009A20BC
Step (over)
PowerPC illegal instruction at 009A20BC
Memory set starting at 0000012D
-
kataetheweirdo
- Master Emulator
- Posts: 313
- Joined: Sun Feb 01, 2009 4:55 pm
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
I've upgraded to QEMU 2.5.0 recently (for Windows), but I don't have an awful lot of luck.
I'm closer now, as I can reach the desktop, but it doesn't load the actual Finder. On Windows, the mouse now is more responsive. Using the test ISO (os92_test.iso) and the four OpenBIOS test binaries mcayland made, here are my results:
OpenBIOS Test 1 - Reaches desktop, no further progress (no Finder), mouse acts odd
OpenBIOS Test 2 - Reaches desktop, no further progress (no Finder), mouse acts fine
OpenBIOS Test 3 - Illegal instruction, crashes, mouse acts crazy; Restarting crashes QEMU
OpenBIOS Test 4 - Reaches desktop, no further progress (no Finder), mouse acts fine
The monitor acts funky under Windows. I'm trying to print out log files, but alas not much luck yet. I can print out the memory addresses though. I'll be checking this out with Macsbug soon, but I doubt this is going to be any easy fix.
I'm closer now, as I can reach the desktop, but it doesn't load the actual Finder. On Windows, the mouse now is more responsive. Using the test ISO (os92_test.iso) and the four OpenBIOS test binaries mcayland made, here are my results:
OpenBIOS Test 1 - Reaches desktop, no further progress (no Finder), mouse acts odd
OpenBIOS Test 2 - Reaches desktop, no further progress (no Finder), mouse acts fine
OpenBIOS Test 3 - Illegal instruction, crashes, mouse acts crazy; Restarting crashes QEMU
OpenBIOS Test 4 - Reaches desktop, no further progress (no Finder), mouse acts fine
The monitor acts funky under Windows. I'm trying to print out log files, but alas not much luck yet. I can print out the memory addresses though. I'll be checking this out with Macsbug soon, but I doubt this is going to be any easy fix.
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
@Cat_7: Thanks for testing this! Possibly something in test3/test4 gets them a bit further as the crash occurs in a different address space, but trying to guess progress from these logs is tricky. Is there any way of getting the output of SC7 included in the Macsbug log to find out for sure?
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
@kataetheweirdo: sorry to hear that the Windows builds are causing you problems. Are you using 64-bit Windows? If so there is a known issue due to TLS (see http://wiki.qemu.org/ChangeLog/2.5#Known_issues) which is under investigation. I can only encourage you to report any issues you find upstream, as most developers use Linux day-to-day. Even worse is that some of the distros use old versions of mingw which contain bugs which exacerbates the problem even more...kataetheweirdo wrote:I've upgraded to QEMU 2.5.0 recently (for Windows), but I don't have an awful lot of luck.
I'm closer now, as I can reach the desktop, but it doesn't load the actual Finder. On Windows, the mouse now is more responsive. Using the test ISO (os92_test.iso) and the four OpenBIOS test binaries mcayland made, here are my results:
OpenBIOS Test 1 - Reaches desktop, no further progress (no Finder), mouse acts odd
OpenBIOS Test 2 - Reaches desktop, no further progress (no Finder), mouse acts fine
OpenBIOS Test 3 - Illegal instruction, crashes, mouse acts crazy; Restarting crashes QEMU
OpenBIOS Test 4 - Reaches desktop, no further progress (no Finder), mouse acts fine
The monitor acts funky under Windows. I'm trying to print out log files, but alas not much luck yet. I can print out the memory addresses though. I'll be checking this out with Macsbug soon, but I doubt this is going to be any easy fix.
Thanks for taking the time to test though. While I know QEMU reasonably well, I'm completely new to any form of MacOS/Macsbug and knowledge of the toolbox - and debugging from the QEMU side is extremely tricky due to the "emulator within an emulator" environment that the nanokernel creates, intertwined 68K/PPC stace traces etc.
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Hi,
5 new log files (4 times test, and one from the old binary) from the same configuration as above, but with output from SC7 command in the debugger.
Test1:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009F7F68
20-Dec-2015 12:12:26 PM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009F7F68 is in the System heap at 00002800
It is 000000D8 bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009F7E90 000001AC+08 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009F7F68 CR 0010 0010 0010 0010 0000 0100 0100 1000
LR = 009F7F68 <>=O XEVO
CTR = FFCEF3A0
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009F7F68 R8 = 0BB8B840 R16 = 70777063 R24 = 00050130
SP = 0BB8B928 R9 = 6806DE08 R17 = 00000001 R25 = 0097C418
TOC = 0008DEC4 R10 = 00000008 R18 = 00000000 R26 = 00000FF1
R3 = 00000000 R11 = FFCECB3C R19 = 00000000 R27 = 0BB8B928
R4 = 00023932 R12 = 22220448 R20 = 00000000 R28 = 009F84CC
R5 = 0000A346 R13 = 0094E270 R21 = 00000001 R29 = 0094E35C
R6 = 00000000 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0BB8B92C
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 00000000
Disassembling PowerPC code from 009F7F40
No procedure name
009F7F40 dc.l 0x4F545363 | 4F545363
009F7F44 ori r14,r11,0x506F | 616E506F
009F7F48 andi. r20,r19,0x7300 | 72747300
009F7F4C dc.l 0x00000000 | 00000000
009F7F50 dc.l 0x009F7F40 | 009F7F40
009F7F54 dc.l 0x00000000 | 00000000
009F7F58 dc.l 0x009DF430 | 009DF430
009F7F5C dc.l 0x009F7EF8 | 009F7EF8
009F7F60 dc.l 0x00000000 | 00000000
009F7F64 dc.l 0x00000000 | 00000000
009F7F68 *dc.l 0x4F54506F | 4F54506F
009F7F6C andi. r20,r19,0x4366 | 72744366
009F7F70 oris r4,r25,0x4352 | 67244352
009F7F74 dc.l 0x4D506174 | 4D506174
009F7F78 ori r8,r27,0x002E | 6368002E
009F7F7C sc 0x0813 | 4642204F
009F7F80 rlwinm. r19,RTOC,0x0C,0x0D,0x10 | 54536361
009F7F84 xoris r16,r18,0x6F72 | 6E506F72
009F7F88 andis. r19,r3,0x3A20 | 74733A20
009F7F8C xoris r15,r3,0x6164 | 6C6F6164
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E9720 to 0061F71F
#4 Mod 94K 006BF7A0 to 006D737F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E9720 is ok
The heap at 006BF7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001E #30 00031480 #201856 (#197K)
Nonrelocatable 0923 #2339 0082E4AC #8578220 (#8377K)
Relocatable 02D3 #723 00259DD0 #2465232 (#2407K)
Locked 00C1 #193 001D18B0 #1906864 (#1862K)
Purgeable and not locked 0031 #49 0000CD20 #52512 (#51K)
Heap size 0C14 #3092 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
Zone pointer, bkLim, or length of trailer block is bad
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
0BB8D3EA 68K 0BB8DF62
0BB8D3E2 68K 0BB8DF48
0BB8D3DA 0BB8D3D6 68K 0BB997A0
0BB8D394 0BB8D390 68K 0BB90624
0BB8D38C 0BB8D388 68K 0BB9061C
0BB8D36C 0BB8D368 68K 0BB91078
0BB8D348 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D338 68K 004A768E
0BB8D32E 0BB8D32A 68K 0BB91CF2
0BB8D308 0BB8D300 PPC 003C2BDC NQDSetPort+00038
0BB8D2F8 0BB8D2F0 PPC 003AA93C NQDRGBBackColor+00088
0BB8D2A6 0BB8D2A2 68K 0BB99762
0BB8D248 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D224 68K 0BB99762
0BB8D1E4 68K 0004FDB2
0BB8D1D8 68K FFCDF942 GetSharedLibrary+000D2
0BB8D1AE PPC 000621FC CalcPowerSummary+0020C
0BB8D1A4 68K 0BB9A58E
0BB8D174 68K 0004FDB2
0BB8D168 68K FFCDF7DE FragRegisterLocalAllocator+004DA
0BB8D14A 68K 0019AEC0
0BB8D128 0BB8D120 PPC FFD099F4 GetZone+0001C
0BB8D118 0BB8D110 PPC FFCDE74C FragGetContextInfo+00028
0BB8D0D8 68K 0019DA40
0BB8D0C8 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D0B8 68K 004A7646
0BB8D088 0BB8D080 PPC 003C0B6C NQDCloseCPort+00154
0BB8D068 PPC 007C1100 _eUnregisterIconRef+0008C
0BB8D048 0BB8D040 PPC 003C09FC NQDClipRect+00228
0BB8D028 0BB8D020 PPC FFD13558 UseResFile+00018
0BB8D008 0BB8D000 PPC FFD0A2E8 DisposeHandle+00024
0BB8CFF8 0BB8CFF0 PPC 003C0FC0 NQDDisposePixMap+0009C
0BB8CF84 68K 0004FDB2
0BB8CF78 0BB8CF70 PPC FFCDCF40 FragPrepare+003AC
0BB8CF28 0BB8CF20 PPC FFD0A2E8 DisposeHandle+00024
0BB8CF14 0BB8CF10 68K 0004FDB2
0BB8CF08 0BB8CF00 PPC FFCE276C GetIndSymbol+02A34
0BB8CEC4 68K 0004FDB2
0BB8CEB8 0BB8CEB0 PPC FFCE1C0C GetIndSymbol+01ED4
0BB8CEA8 0BB8CEA0 PPC FFCE1FBC GetIndSymbol+02284
0BB8CE84 68K 0004FDB2
0BB8CE34 68K 0004FDB2
0BB8CE28 0BB8CE20 PPC FFCE1D6C GetIndSymbol+02034
0BB8CDE8 0BB8CDE0 PPC 0094F794 BootOpenTransport+000D4
0BB8CD98 68K 0BB957B0
0BB8CD68 0BB8CD60 PPC 0030BAEC __HLock+00010
0BB8CD58 0BB8CD50 PPC 006F44E0 __OpenResFileUnderSystemMap+00050
0BB8CD3E 0BB8CD3A 68K 00976FFC 'lmgr 0000 0016'+0008C
0BB8CD2A 0BB8CD26 68K 00977A0C 'lmgr 0000 0016'+00A9C
0BB8CD0A 0BB8CD06 68K 00977966 'lmgr 0000 0016'+009F6
0BB8CCDA 68K 00977DA4 'lmgr 0000 0016'+00E34
0BB8CCB6 68K 0097703C 'lmgr 0000 0016'+000CC
0BB8CCA6 0BB8CCA2 68K 0097BBCE 'AINI 8042 0016 Startup ASLM PPC'+000DE
0BB8CC88 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CC78 68K 000C2382
0BB8CC3C 0BB8CC38 68K 0097C22A LoadLibraryManagerEntry+0012C
0BB8CBE0 0BB8CBDC 68K 0097C06C OpenLibraryManagerFile(short*, long*)+00052
0BB8CB9E 0BB8CB9A 68K 0097CB4E HOPENRESFILEGLUE+0004A
0BB8CB92 0BB8CB8E 68K 0094DB64
0BB8CB72 0BB8CB6E 68K 0094C4DE
0BB8CB64 PPC FFCEBAD0 NewRoutineDescriptor+000A0
0BB8CB42 0BB8CB3E 68K 0094C0AA
0BB8CB08 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CAF8 68K 000C296A
0BB8CAE4 68K 0094DB4C
0BB8CAC8 0BB8CAC0 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CAA8 0BB8CAA0 PPC 006F1B5C __HOpenResFile+00068
0BB8CA68 68K 0019D680
0BB8CA40 68K 0097BFCC LocateFile(unsigned long, unsigned long, unsigned l
ong, FSSpec*)+00084
0BB8CA2C 68K 0019AD8E
0BB8C9EE 0BB8C9EA 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C9C8 0BB8C9C0 PPC 006F163C __RsrcMapEntry+0091C
0BB8C9B8 0BB8C9B0 PPC 006F173C __RsrcMapEntry+00A1C
0BB8C988 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8C938 PPC FFCEBA60 NewRoutineDescriptor+00030
0BB8C8E0 68K 0BB9A58E
0BB8C880 0BB8C878 PPC 00989074
0BB8C7E0 0BB8C7D8 PPC 009A4558
0BB8C798 0BB8C790 PPC 009AFA88
0BB8C738 0BB8C730 PPC 009B17B0
0BB8C6F0 0BB8C6E8 PPC 009A9928
0BB8C6B8 0BB8C6B0 PPC 009A9994
0BB8C6A0 PPC 009AA5A4
0BB8C698 0BB8C690 PPC 009A9BE4
0BB8C660 PPC FFD09FD8 SetZone+00024
0BB8C658 0BB8C650 PPC FFD13558 UseResFile+00018
0BB8C5DC PPC 009A7494
0BB8C5C0 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C598 68K 0BB957B0
0BB8C55C PPC 009A7488
0BB8C538 68K 000C26E2
0BB8C518 68K 004A808A
0BB8C510 0BB8C508 PPC 009A78AC
0BB8C50C 0BB8C508 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C4F0 PPC 009B0A6C
0BB8C4D4 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C4AC 68K 0BB957B0
0BB8C470 PPC 009B0A60
0BB8C42C PPC 009B06F0
0BB8C410 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C3E8 68K 0BB957B0
0BB8C3AC PPC 009B06E4
0BB8C360 0BB8C358 PPC 009B0A90
0BB8C328 0BB8C320 PPC 009FC658
0BB8C300 0BB8C2F8 PPC 009B0478
0BB8C2FC 0BB8C2F8 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C2E8 0BB8C2E0 PPC 009F917C
0BB8C2C0 0BB8C2B8 PPC 009F90E0
0BB8C2A0 0BB8C298 PPC FFD0CB6C NGetTrapAddress+00030
0BB8C268 PPC 009B2834
0BB8C260 0BB8C258 PPC FFD0DF34 GetToolboxTrapAddress+00028
0BB8C208 68K 0019D680
0BB8C1F8 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C1A0 68K 009CAD46
0BB8C19C 68K 009CAD36
0BB8C184 68K 0BB8C1A6
0BB8C144 0BB8C140 68K 009C9E5A
0BB8C138 0BB8C130 PPC 009FAAC0 ResidentOpenTransport+00C40
0BB8C0F4 0BB8C0F0 68K 009C9E5A
0BB8C0E8 0BB8C0E0 PPC 009F9DD0 DoLoadUnload()+0006C
0BB8C048 0BB8C040 PPC 009F4AD8 OTRunPortScanners+002F0
0BB8C010 PPC 009AE420
0BB8C008 0BB8C000 PPC 00A01498 OTScanPorts+00020
0BB8BFCC 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BFB8 0BB8BFB0 PPC 00A01528 OTLoadASLMLibrary+00040
0BB8BF80 PPC 00A018AC
0BB8BF78 0BB8BF70 PPC 00A018F4
0BB8BF28 0BB8BF20 PPC 009AD9D0
0BB8BED8 0BB8BED0 PPC 009AD6CC
0BB8BE98 0BB8BE90 PPC 009AD8A4
0BB8BE50 0BB8BE48 PPC 009AFAA4
0BB8BDF0 0BB8BDE8 PPC 009B17B0
0BB8BDB0 PPC 009B6A4C
0BB8BDA8 0BB8BDA0 PPC 009A9928
0BB8BD70 0BB8BD68 PPC 009A9994
0BB8BD58 PPC 009AA3DC
0BB8BD50 0BB8BD48 PPC 009A9BE4
0BB8BD38 PPC 009A29A0
0BB8BD30 0BB8BD28 PPC 009B67D0
0BB8BD18 PPC 009B5410
0BB8BD10 0BB8BD08 PPC FFD13558 UseResFile+00018
0BB8BC98 68K 0BB957B0
0BB8BC94 PPC 009A7494
0BB8BC78 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BC50 68K 0BB957B0
0BB8BC3E PPC 00040008 SetSelectedStartupDeviceByFileType+00028
0BB8BC14 0BB8BC0C PPC 009A7488
0BB8BBC8 0BB8BBC0 PPC 009A78AC
0BB8BB78 0BB8BB70 PPC 009B1DA8
0BB8BB58 PPC 0099112C
0BB8BB38 PPC 009A9C90
0BB8BB30 0BB8BB28 PPC 0099EBDC
0BB8BAE4 PPC 009B06F0
0BB8BAC8 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BAA0 68K 0BB957B0
0BB8BA64 PPC 009B06E4
0BB8BA18 0BB8BA10 PPC 009B0708
0BB8B9E0 0BB8B9D8 PPC 00A03268
0BB8B9B8 0BB8B9B0 PPC 009B02EC
0BB8B9B4 0BB8B9B0 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8B998 0BB8B990 PPC 0099F834
0BB8B958 0BB8B950 PPC FFD0CB6C NGetTrapAddress+00030
0BB8B928 PPC FFCFBF80 GetKeys+00018
Test2:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009F7F68
20-Dec-2015 12:14:44 PM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009F7F68 is in the System heap at 00002800
It is 000000D8 bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009F7E90 000001AC+08 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009F7F68 CR 0010 0010 0010 0010 0000 0100 0100 1000
LR = 009F7F68 <>=O XEVO
CTR = FFCEF3A0
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009F7F68 R8 = 0BB8B840 R16 = 70777063 R24 = 00050130
SP = 0BB8B928 R9 = 6806DE08 R17 = 00000001 R25 = 0097C418
TOC = 0008DEC4 R10 = 00000008 R18 = 00000000 R26 = 00000FF1
R3 = 00000000 R11 = FFCECB3C R19 = 00000000 R27 = 0BB8B928
R4 = 00023932 R12 = 22220448 R20 = 00000000 R28 = 009F84CC
R5 = 0000A346 R13 = 0094E270 R21 = 00000001 R29 = 0094E35C
R6 = 00000000 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0BB8B92C
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 00000000
Disassembling PowerPC code from 009F7F40
No procedure name
009F7F40 dc.l 0x4F545363 | 4F545363
009F7F44 ori r14,r11,0x506F | 616E506F
009F7F48 andi. r20,r19,0x7300 | 72747300
009F7F4C dc.l 0x00000000 | 00000000
009F7F50 dc.l 0x009F7F40 | 009F7F40
009F7F54 dc.l 0x00000000 | 00000000
009F7F58 dc.l 0x009DF430 | 009DF430
009F7F5C dc.l 0x009F7EF8 | 009F7EF8
009F7F60 dc.l 0x00000000 | 00000000
009F7F64 dc.l 0x00000000 | 00000000
009F7F68 *dc.l 0x4F54506F | 4F54506F
009F7F6C andi. r20,r19,0x4366 | 72744366
009F7F70 oris r4,r25,0x4352 | 67244352
009F7F74 dc.l 0x4D506174 | 4D506174
009F7F78 ori r8,r27,0x002E | 6368002E
009F7F7C sc 0x0813 | 4642204F
009F7F80 rlwinm. r19,RTOC,0x0C,0x0D,0x10 | 54536361
009F7F84 xoris r16,r18,0x6F72 | 6E506F72
009F7F88 andis. r19,r3,0x3A20 | 74733A20
009F7F8C xoris r15,r3,0x6164 | 6C6F6164
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E9720 to 0061F71F
#4 Mod 94K 006BF7A0 to 006D737F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E9720 is ok
The heap at 006BF7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001E #30 00031480 #201856 (#197K)
Nonrelocatable 0923 #2339 0082E4AC #8578220 (#8377K)
Relocatable 02D3 #723 00259DD0 #2465232 (#2407K)
Locked 00C1 #193 001D18B0 #1906864 (#1862K)
Purgeable and not locked 0031 #49 0000CD20 #52512 (#51K)
Heap size 0C14 #3092 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
Zone pointer, bkLim, or length of trailer block is bad
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
0BB8D3EA 68K 0BB8DF62
0BB8D3E2 68K 0BB8DF48
0BB8D3DA 0BB8D3D6 68K 0BB997A0
0BB8D394 0BB8D390 68K 0BB90624
0BB8D38C 0BB8D388 68K 0BB9061C
0BB8D36C 0BB8D368 68K 0BB91078
0BB8D348 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D338 68K 004A768E
0BB8D32E 0BB8D32A 68K 0BB91CF2
0BB8D308 0BB8D300 PPC 003C2BDC NQDSetPort+00038
0BB8D2F8 0BB8D2F0 PPC 003AA93C NQDRGBBackColor+00088
0BB8D2A6 0BB8D2A2 68K 0BB99762
0BB8D248 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D224 68K 0BB99762
0BB8D1E4 68K 0004FDB2
0BB8D1D8 68K FFCDF942 GetSharedLibrary+000D2
0BB8D1AE PPC 000621FC CalcPowerSummary+0020C
0BB8D1A4 68K 0BB9A58E
0BB8D174 68K 0004FDB2
0BB8D168 68K FFCDF7DE FragRegisterLocalAllocator+004DA
0BB8D14A 68K 0019AEC0
0BB8D128 0BB8D120 PPC FFD099F4 GetZone+0001C
0BB8D118 0BB8D110 PPC FFCDE74C FragGetContextInfo+00028
0BB8D0D8 68K 0019DA40
0BB8D0C8 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D0B8 68K 004A7646
0BB8D088 0BB8D080 PPC 003C0B6C NQDCloseCPort+00154
0BB8D068 PPC 007C1100 _eUnregisterIconRef+0008C
0BB8D048 0BB8D040 PPC 003C09FC NQDClipRect+00228
0BB8D028 0BB8D020 PPC FFD13558 UseResFile+00018
0BB8D008 0BB8D000 PPC FFD0A2E8 DisposeHandle+00024
0BB8CFF8 0BB8CFF0 PPC 003C0FC0 NQDDisposePixMap+0009C
0BB8CF84 68K 0004FDB2
0BB8CF78 0BB8CF70 PPC FFCDCF40 FragPrepare+003AC
0BB8CF28 0BB8CF20 PPC FFD0A2E8 DisposeHandle+00024
0BB8CF14 0BB8CF10 68K 0004FDB2
0BB8CF08 0BB8CF00 PPC FFCE276C GetIndSymbol+02A34
0BB8CEC4 68K 0004FDB2
0BB8CEB8 0BB8CEB0 PPC FFCE1C0C GetIndSymbol+01ED4
0BB8CEA8 0BB8CEA0 PPC FFCE1FBC GetIndSymbol+02284
0BB8CE84 68K 0004FDB2
0BB8CE34 68K 0004FDB2
0BB8CE28 0BB8CE20 PPC FFCE1D6C GetIndSymbol+02034
0BB8CDE8 0BB8CDE0 PPC 0094F794 BootOpenTransport+000D4
0BB8CD98 68K 0BB957B0
0BB8CD68 0BB8CD60 PPC 0030BAEC __HLock+00010
0BB8CD58 0BB8CD50 PPC 006F44E0 __OpenResFileUnderSystemMap+00050
0BB8CD3E 0BB8CD3A 68K 00976FFC 'lmgr 0000 0016'+0008C
0BB8CD2A 0BB8CD26 68K 00977A0C 'lmgr 0000 0016'+00A9C
0BB8CD0A 0BB8CD06 68K 00977966 'lmgr 0000 0016'+009F6
0BB8CCDA 68K 00977DA4 'lmgr 0000 0016'+00E34
0BB8CCB6 68K 0097703C 'lmgr 0000 0016'+000CC
0BB8CCA6 0BB8CCA2 68K 0097BBCE 'AINI 8042 0016 Startup ASLM PPC'+000DE
0BB8CC88 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CC78 68K 000C2382
0BB8CC3C 0BB8CC38 68K 0097C22A LoadLibraryManagerEntry+0012C
0BB8CBE0 0BB8CBDC 68K 0097C06C OpenLibraryManagerFile(short*, long*)+00052
0BB8CB9E 0BB8CB9A 68K 0097CB4E HOPENRESFILEGLUE+0004A
0BB8CB92 0BB8CB8E 68K 0094DB64
0BB8CB72 0BB8CB6E 68K 0094C4DE
0BB8CB64 PPC FFCEBAD0 NewRoutineDescriptor+000A0
0BB8CB42 0BB8CB3E 68K 0094C0AA
0BB8CB08 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CAF8 68K 000C296A
0BB8CAE4 68K 0094DB4C
0BB8CAC8 0BB8CAC0 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CAA8 0BB8CAA0 PPC 006F1B5C __HOpenResFile+00068
0BB8CA68 68K 0019D680
0BB8CA40 68K 0097BFCC LocateFile(unsigned long, unsigned long, unsigned l
ong, FSSpec*)+00084
0BB8CA2C 68K 0019AD8E
0BB8C9EE 0BB8C9EA 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C9C8 0BB8C9C0 PPC 006F163C __RsrcMapEntry+0091C
0BB8C9B8 0BB8C9B0 PPC 006F173C __RsrcMapEntry+00A1C
0BB8C988 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8C938 PPC FFCEBA60 NewRoutineDescriptor+00030
0BB8C8E0 68K 0BB9A58E
0BB8C880 0BB8C878 PPC 00989074
0BB8C7E0 0BB8C7D8 PPC 009A4558
0BB8C798 0BB8C790 PPC 009AFA88
0BB8C738 0BB8C730 PPC 009B17B0
0BB8C6F0 0BB8C6E8 PPC 009A9928
0BB8C6B8 0BB8C6B0 PPC 009A9994
0BB8C6A0 PPC 009AA5A4
0BB8C698 0BB8C690 PPC 009A9BE4
0BB8C660 PPC FFD09FD8 SetZone+00024
0BB8C658 0BB8C650 PPC FFD13558 UseResFile+00018
0BB8C5DC PPC 009A7494
0BB8C5C0 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C598 68K 0BB957B0
0BB8C55C PPC 009A7488
0BB8C538 68K 000C26E2
0BB8C518 68K 004A808A
0BB8C510 0BB8C508 PPC 009A78AC
0BB8C50C 0BB8C508 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C4F0 PPC 009B0A6C
0BB8C4D4 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C4AC 68K 0BB957B0
0BB8C470 PPC 009B0A60
0BB8C42C PPC 009B06F0
0BB8C410 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C3E8 68K 0BB957B0
0BB8C3AC PPC 009B06E4
0BB8C360 0BB8C358 PPC 009B0A90
0BB8C328 0BB8C320 PPC 009FC658
0BB8C300 0BB8C2F8 PPC 009B0478
0BB8C2FC 0BB8C2F8 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C2E8 0BB8C2E0 PPC 009F917C
0BB8C2C0 0BB8C2B8 PPC 009F90E0
0BB8C2A0 0BB8C298 PPC FFD0CB6C NGetTrapAddress+00030
0BB8C268 PPC 009B2834
0BB8C260 0BB8C258 PPC FFD0DF34 GetToolboxTrapAddress+00028
0BB8C208 68K 0019D680
0BB8C1F8 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C1A0 68K 009CAD46
0BB8C19C 68K 009CAD36
0BB8C184 68K 0BB8C1A6
0BB8C144 0BB8C140 68K 009C9E5A
0BB8C138 0BB8C130 PPC 009FAAC0 ResidentOpenTransport+00C40
0BB8C0F4 0BB8C0F0 68K 009C9E5A
0BB8C0E8 0BB8C0E0 PPC 009F9DD0 DoLoadUnload()+0006C
0BB8C048 0BB8C040 PPC 009F4AD8 OTRunPortScanners+002F0
0BB8C010 PPC 009AE420
0BB8C008 0BB8C000 PPC 00A01498 OTScanPorts+00020
0BB8BFCC 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BFB8 0BB8BFB0 PPC 00A01528 OTLoadASLMLibrary+00040
0BB8BF80 PPC 00A018AC
0BB8BF78 0BB8BF70 PPC 00A018F4
0BB8BF28 0BB8BF20 PPC 009AD9D0
0BB8BED8 0BB8BED0 PPC 009AD6CC
0BB8BE98 0BB8BE90 PPC 009AD8A4
0BB8BE50 0BB8BE48 PPC 009AFAA4
0BB8BDF0 0BB8BDE8 PPC 009B17B0
0BB8BDB0 PPC 009B6A4C
0BB8BDA8 0BB8BDA0 PPC 009A9928
0BB8BD70 0BB8BD68 PPC 009A9994
0BB8BD58 PPC 009AA3DC
0BB8BD50 0BB8BD48 PPC 009A9BE4
0BB8BD38 PPC 009A29A0
0BB8BD30 0BB8BD28 PPC 009B67D0
0BB8BD18 PPC 009B5410
0BB8BD10 0BB8BD08 PPC FFD13558 UseResFile+00018
0BB8BC98 68K 0BB957B0
0BB8BC94 PPC 009A7494
0BB8BC78 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BC50 68K 0BB957B0
0BB8BC3E PPC 00040008 SetSelectedStartupDeviceByFileType+00028
0BB8BC14 0BB8BC0C PPC 009A7488
0BB8BBC8 0BB8BBC0 PPC 009A78AC
0BB8BB78 0BB8BB70 PPC 009B1DA8
0BB8BB58 PPC 0099112C
0BB8BB38 PPC 009A9C90
0BB8BB30 0BB8BB28 PPC 0099EBDC
0BB8BAE4 PPC 009B06F0
0BB8BAC8 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BAA0 68K 0BB957B0
0BB8BA64 PPC 009B06E4
0BB8BA18 0BB8BA10 PPC 009B0708
0BB8B9E0 0BB8B9D8 PPC 00A03268
0BB8B9B8 0BB8B9B0 PPC 009B02EC
0BB8B9B4 0BB8B9B0 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8B998 0BB8B990 PPC 0099F834
0BB8B958 0BB8B950 PPC FFD0CB6C NGetTrapAddress+00030
0BB8B928 PPC FFCFBF80 GetKeys+00018
5 new log files (4 times test, and one from the old binary) from the same configuration as above, but with output from SC7 command in the debugger.
Test1:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009F7F68
20-Dec-2015 12:12:26 PM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009F7F68 is in the System heap at 00002800
It is 000000D8 bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009F7E90 000001AC+08 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009F7F68 CR 0010 0010 0010 0010 0000 0100 0100 1000
LR = 009F7F68 <>=O XEVO
CTR = FFCEF3A0
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009F7F68 R8 = 0BB8B840 R16 = 70777063 R24 = 00050130
SP = 0BB8B928 R9 = 6806DE08 R17 = 00000001 R25 = 0097C418
TOC = 0008DEC4 R10 = 00000008 R18 = 00000000 R26 = 00000FF1
R3 = 00000000 R11 = FFCECB3C R19 = 00000000 R27 = 0BB8B928
R4 = 00023932 R12 = 22220448 R20 = 00000000 R28 = 009F84CC
R5 = 0000A346 R13 = 0094E270 R21 = 00000001 R29 = 0094E35C
R6 = 00000000 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0BB8B92C
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 00000000
Disassembling PowerPC code from 009F7F40
No procedure name
009F7F40 dc.l 0x4F545363 | 4F545363
009F7F44 ori r14,r11,0x506F | 616E506F
009F7F48 andi. r20,r19,0x7300 | 72747300
009F7F4C dc.l 0x00000000 | 00000000
009F7F50 dc.l 0x009F7F40 | 009F7F40
009F7F54 dc.l 0x00000000 | 00000000
009F7F58 dc.l 0x009DF430 | 009DF430
009F7F5C dc.l 0x009F7EF8 | 009F7EF8
009F7F60 dc.l 0x00000000 | 00000000
009F7F64 dc.l 0x00000000 | 00000000
009F7F68 *dc.l 0x4F54506F | 4F54506F
009F7F6C andi. r20,r19,0x4366 | 72744366
009F7F70 oris r4,r25,0x4352 | 67244352
009F7F74 dc.l 0x4D506174 | 4D506174
009F7F78 ori r8,r27,0x002E | 6368002E
009F7F7C sc 0x0813 | 4642204F
009F7F80 rlwinm. r19,RTOC,0x0C,0x0D,0x10 | 54536361
009F7F84 xoris r16,r18,0x6F72 | 6E506F72
009F7F88 andis. r19,r3,0x3A20 | 74733A20
009F7F8C xoris r15,r3,0x6164 | 6C6F6164
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E9720 to 0061F71F
#4 Mod 94K 006BF7A0 to 006D737F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E9720 is ok
The heap at 006BF7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001E #30 00031480 #201856 (#197K)
Nonrelocatable 0923 #2339 0082E4AC #8578220 (#8377K)
Relocatable 02D3 #723 00259DD0 #2465232 (#2407K)
Locked 00C1 #193 001D18B0 #1906864 (#1862K)
Purgeable and not locked 0031 #49 0000CD20 #52512 (#51K)
Heap size 0C14 #3092 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
Zone pointer, bkLim, or length of trailer block is bad
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
0BB8D3EA 68K 0BB8DF62
0BB8D3E2 68K 0BB8DF48
0BB8D3DA 0BB8D3D6 68K 0BB997A0
0BB8D394 0BB8D390 68K 0BB90624
0BB8D38C 0BB8D388 68K 0BB9061C
0BB8D36C 0BB8D368 68K 0BB91078
0BB8D348 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D338 68K 004A768E
0BB8D32E 0BB8D32A 68K 0BB91CF2
0BB8D308 0BB8D300 PPC 003C2BDC NQDSetPort+00038
0BB8D2F8 0BB8D2F0 PPC 003AA93C NQDRGBBackColor+00088
0BB8D2A6 0BB8D2A2 68K 0BB99762
0BB8D248 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D224 68K 0BB99762
0BB8D1E4 68K 0004FDB2
0BB8D1D8 68K FFCDF942 GetSharedLibrary+000D2
0BB8D1AE PPC 000621FC CalcPowerSummary+0020C
0BB8D1A4 68K 0BB9A58E
0BB8D174 68K 0004FDB2
0BB8D168 68K FFCDF7DE FragRegisterLocalAllocator+004DA
0BB8D14A 68K 0019AEC0
0BB8D128 0BB8D120 PPC FFD099F4 GetZone+0001C
0BB8D118 0BB8D110 PPC FFCDE74C FragGetContextInfo+00028
0BB8D0D8 68K 0019DA40
0BB8D0C8 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D0B8 68K 004A7646
0BB8D088 0BB8D080 PPC 003C0B6C NQDCloseCPort+00154
0BB8D068 PPC 007C1100 _eUnregisterIconRef+0008C
0BB8D048 0BB8D040 PPC 003C09FC NQDClipRect+00228
0BB8D028 0BB8D020 PPC FFD13558 UseResFile+00018
0BB8D008 0BB8D000 PPC FFD0A2E8 DisposeHandle+00024
0BB8CFF8 0BB8CFF0 PPC 003C0FC0 NQDDisposePixMap+0009C
0BB8CF84 68K 0004FDB2
0BB8CF78 0BB8CF70 PPC FFCDCF40 FragPrepare+003AC
0BB8CF28 0BB8CF20 PPC FFD0A2E8 DisposeHandle+00024
0BB8CF14 0BB8CF10 68K 0004FDB2
0BB8CF08 0BB8CF00 PPC FFCE276C GetIndSymbol+02A34
0BB8CEC4 68K 0004FDB2
0BB8CEB8 0BB8CEB0 PPC FFCE1C0C GetIndSymbol+01ED4
0BB8CEA8 0BB8CEA0 PPC FFCE1FBC GetIndSymbol+02284
0BB8CE84 68K 0004FDB2
0BB8CE34 68K 0004FDB2
0BB8CE28 0BB8CE20 PPC FFCE1D6C GetIndSymbol+02034
0BB8CDE8 0BB8CDE0 PPC 0094F794 BootOpenTransport+000D4
0BB8CD98 68K 0BB957B0
0BB8CD68 0BB8CD60 PPC 0030BAEC __HLock+00010
0BB8CD58 0BB8CD50 PPC 006F44E0 __OpenResFileUnderSystemMap+00050
0BB8CD3E 0BB8CD3A 68K 00976FFC 'lmgr 0000 0016'+0008C
0BB8CD2A 0BB8CD26 68K 00977A0C 'lmgr 0000 0016'+00A9C
0BB8CD0A 0BB8CD06 68K 00977966 'lmgr 0000 0016'+009F6
0BB8CCDA 68K 00977DA4 'lmgr 0000 0016'+00E34
0BB8CCB6 68K 0097703C 'lmgr 0000 0016'+000CC
0BB8CCA6 0BB8CCA2 68K 0097BBCE 'AINI 8042 0016 Startup ASLM PPC'+000DE
0BB8CC88 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CC78 68K 000C2382
0BB8CC3C 0BB8CC38 68K 0097C22A LoadLibraryManagerEntry+0012C
0BB8CBE0 0BB8CBDC 68K 0097C06C OpenLibraryManagerFile(short*, long*)+00052
0BB8CB9E 0BB8CB9A 68K 0097CB4E HOPENRESFILEGLUE+0004A
0BB8CB92 0BB8CB8E 68K 0094DB64
0BB8CB72 0BB8CB6E 68K 0094C4DE
0BB8CB64 PPC FFCEBAD0 NewRoutineDescriptor+000A0
0BB8CB42 0BB8CB3E 68K 0094C0AA
0BB8CB08 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CAF8 68K 000C296A
0BB8CAE4 68K 0094DB4C
0BB8CAC8 0BB8CAC0 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CAA8 0BB8CAA0 PPC 006F1B5C __HOpenResFile+00068
0BB8CA68 68K 0019D680
0BB8CA40 68K 0097BFCC LocateFile(unsigned long, unsigned long, unsigned l
ong, FSSpec*)+00084
0BB8CA2C 68K 0019AD8E
0BB8C9EE 0BB8C9EA 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C9C8 0BB8C9C0 PPC 006F163C __RsrcMapEntry+0091C
0BB8C9B8 0BB8C9B0 PPC 006F173C __RsrcMapEntry+00A1C
0BB8C988 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8C938 PPC FFCEBA60 NewRoutineDescriptor+00030
0BB8C8E0 68K 0BB9A58E
0BB8C880 0BB8C878 PPC 00989074
0BB8C7E0 0BB8C7D8 PPC 009A4558
0BB8C798 0BB8C790 PPC 009AFA88
0BB8C738 0BB8C730 PPC 009B17B0
0BB8C6F0 0BB8C6E8 PPC 009A9928
0BB8C6B8 0BB8C6B0 PPC 009A9994
0BB8C6A0 PPC 009AA5A4
0BB8C698 0BB8C690 PPC 009A9BE4
0BB8C660 PPC FFD09FD8 SetZone+00024
0BB8C658 0BB8C650 PPC FFD13558 UseResFile+00018
0BB8C5DC PPC 009A7494
0BB8C5C0 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C598 68K 0BB957B0
0BB8C55C PPC 009A7488
0BB8C538 68K 000C26E2
0BB8C518 68K 004A808A
0BB8C510 0BB8C508 PPC 009A78AC
0BB8C50C 0BB8C508 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C4F0 PPC 009B0A6C
0BB8C4D4 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C4AC 68K 0BB957B0
0BB8C470 PPC 009B0A60
0BB8C42C PPC 009B06F0
0BB8C410 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C3E8 68K 0BB957B0
0BB8C3AC PPC 009B06E4
0BB8C360 0BB8C358 PPC 009B0A90
0BB8C328 0BB8C320 PPC 009FC658
0BB8C300 0BB8C2F8 PPC 009B0478
0BB8C2FC 0BB8C2F8 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C2E8 0BB8C2E0 PPC 009F917C
0BB8C2C0 0BB8C2B8 PPC 009F90E0
0BB8C2A0 0BB8C298 PPC FFD0CB6C NGetTrapAddress+00030
0BB8C268 PPC 009B2834
0BB8C260 0BB8C258 PPC FFD0DF34 GetToolboxTrapAddress+00028
0BB8C208 68K 0019D680
0BB8C1F8 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C1A0 68K 009CAD46
0BB8C19C 68K 009CAD36
0BB8C184 68K 0BB8C1A6
0BB8C144 0BB8C140 68K 009C9E5A
0BB8C138 0BB8C130 PPC 009FAAC0 ResidentOpenTransport+00C40
0BB8C0F4 0BB8C0F0 68K 009C9E5A
0BB8C0E8 0BB8C0E0 PPC 009F9DD0 DoLoadUnload()+0006C
0BB8C048 0BB8C040 PPC 009F4AD8 OTRunPortScanners+002F0
0BB8C010 PPC 009AE420
0BB8C008 0BB8C000 PPC 00A01498 OTScanPorts+00020
0BB8BFCC 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BFB8 0BB8BFB0 PPC 00A01528 OTLoadASLMLibrary+00040
0BB8BF80 PPC 00A018AC
0BB8BF78 0BB8BF70 PPC 00A018F4
0BB8BF28 0BB8BF20 PPC 009AD9D0
0BB8BED8 0BB8BED0 PPC 009AD6CC
0BB8BE98 0BB8BE90 PPC 009AD8A4
0BB8BE50 0BB8BE48 PPC 009AFAA4
0BB8BDF0 0BB8BDE8 PPC 009B17B0
0BB8BDB0 PPC 009B6A4C
0BB8BDA8 0BB8BDA0 PPC 009A9928
0BB8BD70 0BB8BD68 PPC 009A9994
0BB8BD58 PPC 009AA3DC
0BB8BD50 0BB8BD48 PPC 009A9BE4
0BB8BD38 PPC 009A29A0
0BB8BD30 0BB8BD28 PPC 009B67D0
0BB8BD18 PPC 009B5410
0BB8BD10 0BB8BD08 PPC FFD13558 UseResFile+00018
0BB8BC98 68K 0BB957B0
0BB8BC94 PPC 009A7494
0BB8BC78 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BC50 68K 0BB957B0
0BB8BC3E PPC 00040008 SetSelectedStartupDeviceByFileType+00028
0BB8BC14 0BB8BC0C PPC 009A7488
0BB8BBC8 0BB8BBC0 PPC 009A78AC
0BB8BB78 0BB8BB70 PPC 009B1DA8
0BB8BB58 PPC 0099112C
0BB8BB38 PPC 009A9C90
0BB8BB30 0BB8BB28 PPC 0099EBDC
0BB8BAE4 PPC 009B06F0
0BB8BAC8 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BAA0 68K 0BB957B0
0BB8BA64 PPC 009B06E4
0BB8BA18 0BB8BA10 PPC 009B0708
0BB8B9E0 0BB8B9D8 PPC 00A03268
0BB8B9B8 0BB8B9B0 PPC 009B02EC
0BB8B9B4 0BB8B9B0 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8B998 0BB8B990 PPC 0099F834
0BB8B958 0BB8B950 PPC FFD0CB6C NGetTrapAddress+00030
0BB8B928 PPC FFCFBF80 GetKeys+00018
Test2:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009F7F68
20-Dec-2015 12:14:44 PM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009F7F68 is in the System heap at 00002800
It is 000000D8 bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009F7E90 000001AC+08 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009F7F68 CR 0010 0010 0010 0010 0000 0100 0100 1000
LR = 009F7F68 <>=O XEVO
CTR = FFCEF3A0
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009F7F68 R8 = 0BB8B840 R16 = 70777063 R24 = 00050130
SP = 0BB8B928 R9 = 6806DE08 R17 = 00000001 R25 = 0097C418
TOC = 0008DEC4 R10 = 00000008 R18 = 00000000 R26 = 00000FF1
R3 = 00000000 R11 = FFCECB3C R19 = 00000000 R27 = 0BB8B928
R4 = 00023932 R12 = 22220448 R20 = 00000000 R28 = 009F84CC
R5 = 0000A346 R13 = 0094E270 R21 = 00000001 R29 = 0094E35C
R6 = 00000000 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0BB8B92C
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 00000000
Disassembling PowerPC code from 009F7F40
No procedure name
009F7F40 dc.l 0x4F545363 | 4F545363
009F7F44 ori r14,r11,0x506F | 616E506F
009F7F48 andi. r20,r19,0x7300 | 72747300
009F7F4C dc.l 0x00000000 | 00000000
009F7F50 dc.l 0x009F7F40 | 009F7F40
009F7F54 dc.l 0x00000000 | 00000000
009F7F58 dc.l 0x009DF430 | 009DF430
009F7F5C dc.l 0x009F7EF8 | 009F7EF8
009F7F60 dc.l 0x00000000 | 00000000
009F7F64 dc.l 0x00000000 | 00000000
009F7F68 *dc.l 0x4F54506F | 4F54506F
009F7F6C andi. r20,r19,0x4366 | 72744366
009F7F70 oris r4,r25,0x4352 | 67244352
009F7F74 dc.l 0x4D506174 | 4D506174
009F7F78 ori r8,r27,0x002E | 6368002E
009F7F7C sc 0x0813 | 4642204F
009F7F80 rlwinm. r19,RTOC,0x0C,0x0D,0x10 | 54536361
009F7F84 xoris r16,r18,0x6F72 | 6E506F72
009F7F88 andis. r19,r3,0x3A20 | 74733A20
009F7F8C xoris r15,r3,0x6164 | 6C6F6164
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E9720 to 0061F71F
#4 Mod 94K 006BF7A0 to 006D737F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E9720 is ok
The heap at 006BF7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001E #30 00031480 #201856 (#197K)
Nonrelocatable 0923 #2339 0082E4AC #8578220 (#8377K)
Relocatable 02D3 #723 00259DD0 #2465232 (#2407K)
Locked 00C1 #193 001D18B0 #1906864 (#1862K)
Purgeable and not locked 0031 #49 0000CD20 #52512 (#51K)
Heap size 0C14 #3092 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
Zone pointer, bkLim, or length of trailer block is bad
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
0BB8D3EA 68K 0BB8DF62
0BB8D3E2 68K 0BB8DF48
0BB8D3DA 0BB8D3D6 68K 0BB997A0
0BB8D394 0BB8D390 68K 0BB90624
0BB8D38C 0BB8D388 68K 0BB9061C
0BB8D36C 0BB8D368 68K 0BB91078
0BB8D348 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D338 68K 004A768E
0BB8D32E 0BB8D32A 68K 0BB91CF2
0BB8D308 0BB8D300 PPC 003C2BDC NQDSetPort+00038
0BB8D2F8 0BB8D2F0 PPC 003AA93C NQDRGBBackColor+00088
0BB8D2A6 0BB8D2A2 68K 0BB99762
0BB8D248 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D224 68K 0BB99762
0BB8D1E4 68K 0004FDB2
0BB8D1D8 68K FFCDF942 GetSharedLibrary+000D2
0BB8D1AE PPC 000621FC CalcPowerSummary+0020C
0BB8D1A4 68K 0BB9A58E
0BB8D174 68K 0004FDB2
0BB8D168 68K FFCDF7DE FragRegisterLocalAllocator+004DA
0BB8D14A 68K 0019AEC0
0BB8D128 0BB8D120 PPC FFD099F4 GetZone+0001C
0BB8D118 0BB8D110 PPC FFCDE74C FragGetContextInfo+00028
0BB8D0D8 68K 0019DA40
0BB8D0C8 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D0B8 68K 004A7646
0BB8D088 0BB8D080 PPC 003C0B6C NQDCloseCPort+00154
0BB8D068 PPC 007C1100 _eUnregisterIconRef+0008C
0BB8D048 0BB8D040 PPC 003C09FC NQDClipRect+00228
0BB8D028 0BB8D020 PPC FFD13558 UseResFile+00018
0BB8D008 0BB8D000 PPC FFD0A2E8 DisposeHandle+00024
0BB8CFF8 0BB8CFF0 PPC 003C0FC0 NQDDisposePixMap+0009C
0BB8CF84 68K 0004FDB2
0BB8CF78 0BB8CF70 PPC FFCDCF40 FragPrepare+003AC
0BB8CF28 0BB8CF20 PPC FFD0A2E8 DisposeHandle+00024
0BB8CF14 0BB8CF10 68K 0004FDB2
0BB8CF08 0BB8CF00 PPC FFCE276C GetIndSymbol+02A34
0BB8CEC4 68K 0004FDB2
0BB8CEB8 0BB8CEB0 PPC FFCE1C0C GetIndSymbol+01ED4
0BB8CEA8 0BB8CEA0 PPC FFCE1FBC GetIndSymbol+02284
0BB8CE84 68K 0004FDB2
0BB8CE34 68K 0004FDB2
0BB8CE28 0BB8CE20 PPC FFCE1D6C GetIndSymbol+02034
0BB8CDE8 0BB8CDE0 PPC 0094F794 BootOpenTransport+000D4
0BB8CD98 68K 0BB957B0
0BB8CD68 0BB8CD60 PPC 0030BAEC __HLock+00010
0BB8CD58 0BB8CD50 PPC 006F44E0 __OpenResFileUnderSystemMap+00050
0BB8CD3E 0BB8CD3A 68K 00976FFC 'lmgr 0000 0016'+0008C
0BB8CD2A 0BB8CD26 68K 00977A0C 'lmgr 0000 0016'+00A9C
0BB8CD0A 0BB8CD06 68K 00977966 'lmgr 0000 0016'+009F6
0BB8CCDA 68K 00977DA4 'lmgr 0000 0016'+00E34
0BB8CCB6 68K 0097703C 'lmgr 0000 0016'+000CC
0BB8CCA6 0BB8CCA2 68K 0097BBCE 'AINI 8042 0016 Startup ASLM PPC'+000DE
0BB8CC88 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CC78 68K 000C2382
0BB8CC3C 0BB8CC38 68K 0097C22A LoadLibraryManagerEntry+0012C
0BB8CBE0 0BB8CBDC 68K 0097C06C OpenLibraryManagerFile(short*, long*)+00052
0BB8CB9E 0BB8CB9A 68K 0097CB4E HOPENRESFILEGLUE+0004A
0BB8CB92 0BB8CB8E 68K 0094DB64
0BB8CB72 0BB8CB6E 68K 0094C4DE
0BB8CB64 PPC FFCEBAD0 NewRoutineDescriptor+000A0
0BB8CB42 0BB8CB3E 68K 0094C0AA
0BB8CB08 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CAF8 68K 000C296A
0BB8CAE4 68K 0094DB4C
0BB8CAC8 0BB8CAC0 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CAA8 0BB8CAA0 PPC 006F1B5C __HOpenResFile+00068
0BB8CA68 68K 0019D680
0BB8CA40 68K 0097BFCC LocateFile(unsigned long, unsigned long, unsigned l
ong, FSSpec*)+00084
0BB8CA2C 68K 0019AD8E
0BB8C9EE 0BB8C9EA 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C9C8 0BB8C9C0 PPC 006F163C __RsrcMapEntry+0091C
0BB8C9B8 0BB8C9B0 PPC 006F173C __RsrcMapEntry+00A1C
0BB8C988 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8C938 PPC FFCEBA60 NewRoutineDescriptor+00030
0BB8C8E0 68K 0BB9A58E
0BB8C880 0BB8C878 PPC 00989074
0BB8C7E0 0BB8C7D8 PPC 009A4558
0BB8C798 0BB8C790 PPC 009AFA88
0BB8C738 0BB8C730 PPC 009B17B0
0BB8C6F0 0BB8C6E8 PPC 009A9928
0BB8C6B8 0BB8C6B0 PPC 009A9994
0BB8C6A0 PPC 009AA5A4
0BB8C698 0BB8C690 PPC 009A9BE4
0BB8C660 PPC FFD09FD8 SetZone+00024
0BB8C658 0BB8C650 PPC FFD13558 UseResFile+00018
0BB8C5DC PPC 009A7494
0BB8C5C0 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C598 68K 0BB957B0
0BB8C55C PPC 009A7488
0BB8C538 68K 000C26E2
0BB8C518 68K 004A808A
0BB8C510 0BB8C508 PPC 009A78AC
0BB8C50C 0BB8C508 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C4F0 PPC 009B0A6C
0BB8C4D4 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C4AC 68K 0BB957B0
0BB8C470 PPC 009B0A60
0BB8C42C PPC 009B06F0
0BB8C410 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C3E8 68K 0BB957B0
0BB8C3AC PPC 009B06E4
0BB8C360 0BB8C358 PPC 009B0A90
0BB8C328 0BB8C320 PPC 009FC658
0BB8C300 0BB8C2F8 PPC 009B0478
0BB8C2FC 0BB8C2F8 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C2E8 0BB8C2E0 PPC 009F917C
0BB8C2C0 0BB8C2B8 PPC 009F90E0
0BB8C2A0 0BB8C298 PPC FFD0CB6C NGetTrapAddress+00030
0BB8C268 PPC 009B2834
0BB8C260 0BB8C258 PPC FFD0DF34 GetToolboxTrapAddress+00028
0BB8C208 68K 0019D680
0BB8C1F8 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C1A0 68K 009CAD46
0BB8C19C 68K 009CAD36
0BB8C184 68K 0BB8C1A6
0BB8C144 0BB8C140 68K 009C9E5A
0BB8C138 0BB8C130 PPC 009FAAC0 ResidentOpenTransport+00C40
0BB8C0F4 0BB8C0F0 68K 009C9E5A
0BB8C0E8 0BB8C0E0 PPC 009F9DD0 DoLoadUnload()+0006C
0BB8C048 0BB8C040 PPC 009F4AD8 OTRunPortScanners+002F0
0BB8C010 PPC 009AE420
0BB8C008 0BB8C000 PPC 00A01498 OTScanPorts+00020
0BB8BFCC 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BFB8 0BB8BFB0 PPC 00A01528 OTLoadASLMLibrary+00040
0BB8BF80 PPC 00A018AC
0BB8BF78 0BB8BF70 PPC 00A018F4
0BB8BF28 0BB8BF20 PPC 009AD9D0
0BB8BED8 0BB8BED0 PPC 009AD6CC
0BB8BE98 0BB8BE90 PPC 009AD8A4
0BB8BE50 0BB8BE48 PPC 009AFAA4
0BB8BDF0 0BB8BDE8 PPC 009B17B0
0BB8BDB0 PPC 009B6A4C
0BB8BDA8 0BB8BDA0 PPC 009A9928
0BB8BD70 0BB8BD68 PPC 009A9994
0BB8BD58 PPC 009AA3DC
0BB8BD50 0BB8BD48 PPC 009A9BE4
0BB8BD38 PPC 009A29A0
0BB8BD30 0BB8BD28 PPC 009B67D0
0BB8BD18 PPC 009B5410
0BB8BD10 0BB8BD08 PPC FFD13558 UseResFile+00018
0BB8BC98 68K 0BB957B0
0BB8BC94 PPC 009A7494
0BB8BC78 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BC50 68K 0BB957B0
0BB8BC3E PPC 00040008 SetSelectedStartupDeviceByFileType+00028
0BB8BC14 0BB8BC0C PPC 009A7488
0BB8BBC8 0BB8BBC0 PPC 009A78AC
0BB8BB78 0BB8BB70 PPC 009B1DA8
0BB8BB58 PPC 0099112C
0BB8BB38 PPC 009A9C90
0BB8BB30 0BB8BB28 PPC 0099EBDC
0BB8BAE4 PPC 009B06F0
0BB8BAC8 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BAA0 68K 0BB957B0
0BB8BA64 PPC 009B06E4
0BB8BA18 0BB8BA10 PPC 009B0708
0BB8B9E0 0BB8B9D8 PPC 00A03268
0BB8B9B8 0BB8B9B0 PPC 009B02EC
0BB8B9B4 0BB8B9B0 68K 0097C416 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8B998 0BB8B990 PPC 0099F834
0BB8B958 0BB8B950 PPC FFD0CB6C NGetTrapAddress+00030
0BB8B928 PPC FFCFBF80 GetKeys+00018
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Logs continued
Test3:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 00000000
20-Dec-2015 11:55:56 AM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +400249838
Address 00000000 is in low memory
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 00000000 CR 1000 0010 0010 0010 0000 0100 0100 0010
LR = 00A1A158 <>=O XEVO
CTR = 00000000
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 00000000 R8 = 009C4260 R16 = 70777063 R24 = 0006FCF0
SP = 179C37E8 R9 = 00000000 R17 = 00000001 R25 = 009808D8
TOC = 00A1DB20 R10 = 00000000 R18 = 00000000 R26 = 00000FF1
R3 = 179C402C R11 = 00000001 R19 = 00000000 R27 = 00000001
R4 = 00000001 R12 = 00A1DB48 R20 = 00000000 R28 = 179C49FE
R5 = 009C54F0 R13 = 0096BFA0 R21 = 00000001 R29 = 0096D8EC
R6 = 179C4030 R14 = 00004E9C R22 = 179C52D2 R30 = 0096D8E0
R7 = 00A1D798 R15 = 179CD7B2 R23 = 00000003 R31 = 179C39B0
Disassembling PowerPC code from FFFFFFD8
_PmgrOp
+676DE FFFFFFD8 lwz r5,0x0808(r31) | 80BF0808
+676E2 FFFFFFDC b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D784
+676E6 FFFFFFE0 lwz r5,0x0808(r31) | 80BF0808
+676EA FFFFFFE4 b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D77C
+676EE FFFFFFE8 lwz r5,0x0808(r31) | 80BF0808
+676F2 FFFFFFEC b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D774
+676F6 FFFFFFF0 lwz r5,0x0808(r31) | 80BF0808
+676FA FFFFFFF4 b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D76C
+676FE FFFFFFF8 lwz r5,0x0808(r31) | 80BF0808
+67702 FFFFFFFC b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D764
No procedure name
00000000 *fcmpu cr7,fp1,fp0 | FFC10000
00000004 fcmpu cr7,fp1,fp0 | FFC10000
00000008 dc.l 0xFFC049B0 | FFC049B0
0000000C fmul fp30,fp0,fp6 | FFC049B2
00000010 dc.l 0xFFC049B4 | FFC049B4
00000014 dc.l 0xFFC049B6 | FFC049B6
00000018 fmsub fp30,fp0,fp6,fp9 | FFC049B8
0000001C fmadd fp30,fp0,fp6,fp9 | FFC049BA
00000020 fnmsub fp30,fp0,fp6,fp9 | FFC049BC
Heap zones
#1 Mod 11116K 00002800 to 00ADDA4F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0004AD70 to 0004C75F ROM read-only zone
#3 Mod 216K 00607720 to 0063D71F
#4 Mod 94K 006DD7A0 to 006F537F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0004AD70 is ok
The heap at 00607720 is ok
The heap at 006DD7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 000D #13 00037E30 #228912 (#223K)
Nonrelocatable 091E #2334 0084BF0C #8699660 (#8495K)
Relocatable 02D0 #720 002574D0 #2454736 (#2397K)
Locked 00BE #190 001CEFA0 #1896352 (#1851K)
Purgeable and not locked 0031 #49 0000CD10 #52496 (#51K)
Heap size 0BFB #3067 00ADB20C #11383308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ADDA50 is bad
Zone pointer, bkLim, or length of trailer block is bad
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
179C53EA 68K 179C5F62
179C53E2 68K 179C5F48
179C53DA 179C53D6 68K 179D17A0
179C5394 179C5390 68K 179C8624
179C538C 179C5388 68K 179C861C
179C536C 179C5368 68K 179C9078
179C5348 PPC FFCECA9C EmToNatEndMoveParams+00014
179C5338 68K 004C568E
179C532E 179C532A 68K 179C9CF2
179C5308 179C5300 PPC 003E0BDC NQDSetPort+00038
179C52F8 179C52F0 PPC 003C893C NQDRGBBackColor+00088
179C52A6 179C52A2 68K 179D1762
179C5248 PPC FFCECA9C EmToNatEndMoveParams+00014
179C5224 68K 179D1762
179C51E4 68K 0006F972
179C51D8 68K FFCDF942 GetSharedLibrary+000D2
179C5174 68K 0006F972
179C5168 68K FFCDF7DE FragRegisterLocalAllocator+004DA
179C514A 68K 001B8EC0
179C513E 68K 0020179A
179C5128 179C5120 PPC FFD099F4 GetZone+0001C
179C5118 179C5110 PPC FFCDE74C FragGetContextInfo+00028
179C50D8 68K 001BBA40
179C50C8 PPC FFCECA9C EmToNatEndMoveParams+00014
179C50B8 68K 004C5646
179C5088 179C5080 PPC 003DEB6C NQDCloseCPort+00154
179C5068 PPC 007E0020 _eUnregisterIconRef+0008C
179C5048 179C5040 PPC 003DE9FC NQDClipRect+00228
179C5028 179C5020 PPC FFD13558 UseResFile+00018
179C501C 68K 00824B0A
179C5008 179C5000 PPC FFD0A2E8 DisposeHandle+00024
179C4FF8 179C4FF0 PPC 003DEFC0 NQDDisposePixMap+0009C
179C4F9C 68K 008EAA6E
179C4F84 68K 0006F972
179C4F78 179C4F70 PPC FFCDCF40 FragPrepare+003AC
179C4F32 68K 00200006 HRSTFLOCK+00024
179C4F28 179C4F20 PPC FFD0A2E8 DisposeHandle+00024
179C4F14 179C4F10 68K 0006F972
179C4F08 179C4F00 PPC FFCE276C GetIndSymbol+02A34
179C4EC4 68K 0006F972
179C4EB8 179C4EB0 PPC FFCE1C0C GetIndSymbol+01ED4
179C4EA8 179C4EA0 PPC FFCE1FBC GetIndSymbol+02284
179C4E84 68K 0006F972
179C4E34 68K 0006F972
179C4E28 179C4E20 PPC FFCE1D6C GetIndSymbol+02034
179C4DE8 179C4DE0 PPC 0096D4F4 BootOpenTransport+000D4
179C4D98 68K 179CD7B0
179C4D68 179C4D60 PPC 00329AEC __HLock+00010
179C4D58 179C4D50 PPC 007124E0 __OpenResFileUnderSystemMap+00050
179C4D3E 179C4D3A 68K 0097B4CC 'lmgr 0000 0016'+0008C
179C4D2A 179C4D26 68K 0097BEDC 'lmgr 0000 0016'+00A9C
179C4D0A 179C4D06 68K 0097BE36 'lmgr 0000 0016'+009F6
179C4CDA 68K 0097C274 'lmgr 0000 0016'+00E34
179C4CB6 68K 0097B50C 'lmgr 0000 0016'+000CC
179C4CA6 179C4CA2 68K 0098008E 'AINI 8042 0016 Startup ASLM PPC'+000DE
179C4C88 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4C78 68K 000E1EB2
179C4C3C 179C4C38 68K 009806EA LoadLibraryManagerEntry+0012C
179C4BE0 179C4BDC 68K 0098052C OpenLibraryManagerFile(short*, long*)+00052
179C4B9E 179C4B9A 68K 0098100E HOPENRESFILEGLUE+0004A
179C4B92 179C4B8E 68K 0096B894
179C4B72 179C4B6E 68K 0096A20E
179C4B64 PPC FFCEBAD0 NewRoutineDescriptor+000A0
179C4B42 179C4B3E 68K 00969DDA
179C4B08 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4AF8 68K 000E249A
179C4AE4 68K 0096B87C
179C4AC8 179C4AC0 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4AA8 179C4AA0 PPC 0070FB5C __HOpenResFile+00068
179C4A68 68K 001BB680
179C4A40 68K 0098048C LocateFile(unsigned long, unsigned long, unsigned l
ong, FSSpec*)+00084
179C4A2C 68K 001B8D8E
179C49EE 179C49EA 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C49C8 179C49C0 PPC 0070F63C __RsrcMapEntry+0091C
179C49B8 179C49B0 PPC 0070F73C __RsrcMapEntry+00A1C
179C4988 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4938 PPC FFCEBA60 NewRoutineDescriptor+00030
179C489A 68K 0032179A
179C4880 179C4878 PPC 0098D534
179C47E0 179C47D8 PPC 009A8A18
179C4798 179C4790 PPC 009B3F48
179C4738 179C4730 PPC 009B5C70
179C46F0 179C46E8 PPC 009ADDE8
179C46B8 179C46B0 PPC 009ADE54
179C46A0 PPC 009AEA64
179C4698 179C4690 PPC 009AE0A4
179C4660 PPC FFD09FD8 SetZone+00024
179C4658 179C4650 PPC FFD13558 UseResFile+00018
179C45DC PPC 009AB954
179C45C0 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C4598 68K 179CD7B0
179C455C PPC 009AB948
179C4538 68K 000E2212
179C4518 68K 004C608A
179C4510 179C4508 PPC 009ABD6C
179C450C 179C4508 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C44F0 PPC 009B4F2C
179C44D4 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C44AC 68K 179CD7B0
179C4470 PPC 009B4F20
179C444C 68K 00001B92
179C442C PPC 009B4BB0
179C4410 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C43E8 68K 179CD7B0
179C43AC PPC 009B4BA4
179C4360 179C4358 PPC 009B4F50
179C4328 179C4320 PPC 009D3EF8
179C4300 179C42F8 PPC 009B4938
179C42FC 179C42F8 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C42E8 179C42E0 PPC 009D0A1C
179C42C0 179C42B8 PPC 009D0980
179C42A0 179C4298 PPC FFD0CB6C NGetTrapAddress+00030
179C4268 PPC 009B6CF4
179C4260 179C4258 PPC FFD0DF34 GetToolboxTrapAddress+00028
179C4208 68K 001BB680
179C41F8 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C4138 179C4130 PPC 009D2360 ResidentOpenTransport+00C40
179C40E8 179C40E0 PPC 009D1670 DoLoadUnload()+0006C
179C4048 179C4040 PPC 00A17310 OTRunPortScanners+001D8
179C4024 PPC 009B1110
179C4008 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3FE0 68K 179CD7B0
179C3FA4 179C3F9C PPC 009B1104
179C3F60 179C3F58 PPC 009B1144
179C3F28 PPC 009AF8D0
179C3F20 179C3F18 PPC 009BB42C
179C3F08 179C3F00 PPC 009A6CEC
179C3ED0 179C3EC8 PPC 009A57C8
179C3E60 179C3E58 PPC 0099F528
179C3E28 PPC 0099F78C
179C3E20 179C3E18 PPC 0099AAA8
179C3DF8 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3DD0 68K 179CD7B0
179C3D68 179C3D60 PPC 009A5E84
179C3D64 179C3D60 68K 0006F972
179C3D28 179C3D20 PPC 009B7B10
179C3CE0 179C3CD8 PPC 009B3F48
179C3C80 179C3C78 PPC 009B5C70
179C3C38 179C3C30 PPC 009ADDE8
179C3C00 179C3BF8 PPC 009ADE54
179C3BE8 PPC 009AEA64
179C3BE0 179C3BD8 PPC 009AE0A4
179C3BA8 PPC FFD09FD8 SetZone+00024
179C3BA0 179C3B98 PPC FFD13558 UseResFile+00018
179C3B24 PPC 009AB954
179C3B08 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3AE0 68K 179CD7B0
179C3AA4 179C3A9C PPC 009AB948
179C3A60 68K 004C608A
179C3A58 179C3A50 PPC 009ABD54
179C3A38 PPC 009B48C0
179C3A1C 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C39F4 68K 179CD7B0
179C39B8 179C39B0 PPC 009B48B4
179C3994 68K 00001B92
179C3948 179C3940 PPC 009BAE2C
179C38B0 68K FFC0E062 _GetTrapAddress
179C38A8 PPC 009AB3D4
179C38A0 179C3898 PPC 00708DB4 __UseResFile+000A0
179C3868 PPC FFD09580 GetHandleSize+00024
179C3848 179C3840 PPC 009B48E0
179C3844 179C3840 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3810 PPC 009B34F4
179C37F0 179C37E8 PPC 00A1A0F8
Test4:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 00000000
20-Dec-2015 12:01:40 PM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +400249838
Address 00000000 is in low memory
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 00000000 CR 1000 0010 0010 0010 0000 0100 0100 0010
LR = 00A1A288 <>=O XEVO
CTR = 00000000
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 00000000 R8 = 009DDDE0 R16 = 70777063 R24 = 0006FD60
SP = 179C37E8 R9 = 00000000 R17 = 00000001 R25 = 0099A448
TOC = 00A1DC50 R10 = 00000000 R18 = 00000000 R26 = 00000FF1
R3 = 179C402C R11 = 00000001 R19 = 00000000 R27 = 00000001
R4 = 00000001 R12 = 00A1DC78 R20 = 00000000 R28 = 179C49FE
R5 = 009DF070 R13 = 0096C0C0 R21 = 00000001 R29 = 0096D98C
R6 = 179C4030 R14 = 00004E9C R22 = 179C52D2 R30 = 0096D980
R7 = 00A1D8C8 R15 = 179CD7B2 R23 = 00000003 R31 = 179C39B0
Disassembling PowerPC code from FFFFFFD8
_PmgrOp
+676DE FFFFFFD8 lwz r5,0x0808(r31) | 80BF0808
+676E2 FFFFFFDC b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D784
+676E6 FFFFFFE0 lwz r5,0x0808(r31) | 80BF0808
+676EA FFFFFFE4 b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D77C
+676EE FFFFFFE8 lwz r5,0x0808(r31) | 80BF0808
+676F2 FFFFFFEC b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D774
+676F6 FFFFFFF0 lwz r5,0x0808(r31) | 80BF0808
+676FA FFFFFFF4 b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D76C
+676FE FFFFFFF8 lwz r5,0x0808(r31) | 80BF0808
+67702 FFFFFFFC b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D764
No procedure name
00000000 *fcmpu cr7,fp1,fp0 | FFC10000
00000004 fcmpu cr7,fp1,fp0 | FFC10000
00000008 dc.l 0xFFC049B0 | FFC049B0
0000000C fmul fp30,fp0,fp6 | FFC049B2
00000010 dc.l 0xFFC049B4 | FFC049B4
00000014 dc.l 0xFFC049B6 | FFC049B6
00000018 fmsub fp30,fp0,fp6,fp9 | FFC049B8
0000001C fmadd fp30,fp0,fp6,fp9 | FFC049BA
00000020 fnmsub fp30,fp0,fp6,fp9 | FFC049BC
Heap zones
#1 Mod 11116K 00002800 to 00ADDA4F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0004AD70 to 0004C75F ROM read-only zone
#3 Mod 216K 00607720 to 0063D71F
#4 Mod 94K 006DD7A0 to 006F537F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0004AD70 is ok
The heap at 00607720 is ok
The heap at 006DD7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 0014 #20 00037DD0 #228816 (#223K)
Nonrelocatable 091D #2333 0084BF2C #8699692 (#8495K)
Relocatable 02D0 #720 00257510 #2454800 (#2397K)
Locked 00BE #190 001CEFB0 #1896368 (#1851K)
Purgeable and not locked 0031 #49 0000CD20 #52512 (#51K)
Heap size 0C01 #3073 00ADB20C #11383308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ADDA50 is bad
Zone pointer, bkLim, or length of trailer block is bad
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
179C53EA 68K 179C5F62
179C53E2 68K 179C5F48
179C53DA 179C53D6 68K 179D17A0
179C5394 179C5390 68K 179C8624
179C538C 179C5388 68K 179C861C
179C536C 179C5368 68K 179C9078
179C5348 PPC FFCECA9C EmToNatEndMoveParams+00014
179C5338 68K 004C568E
179C532E 179C532A 68K 179C9CF2
179C5308 179C5300 PPC 003E0BDC NQDSetPort+00038
179C52F8 179C52F0 PPC 003C893C NQDRGBBackColor+00088
179C52A6 179C52A2 68K 179D1762
179C5248 PPC FFCECA9C EmToNatEndMoveParams+00014
179C5224 68K 179D1762
179C51E4 68K 0006F9E2
179C51D8 68K FFCDF942 GetSharedLibrary+000D2
179C5174 68K 0006F9E2
179C5168 68K FFCDF7DE FragRegisterLocalAllocator+004DA
179C514A 68K 001B8EC0
179C513E 68K 0020179A
179C5128 179C5120 PPC FFD099F4 GetZone+0001C
179C5118 179C5110 PPC FFCDE74C FragGetContextInfo+00028
179C50D8 68K 001BBA40
179C50C8 PPC FFCECA9C EmToNatEndMoveParams+00014
179C50B8 68K 004C5646
179C50A4 PPC 007EAFE8 GetIconRefFromFolderInfo+0003C
179C5088 179C5080 PPC 003DEB6C NQDCloseCPort+00154
179C5068 PPC 007DF100 _eUnregisterIconRef+0008C
179C5048 179C5040 PPC 003DE9FC NQDClipRect+00228
179C5028 179C5020 PPC FFD13558 UseResFile+00018
179C501C 68K 00824BAA
179C5008 179C5000 PPC FFD0A2E8 DisposeHandle+00024
179C4FF8 179C4FF0 PPC 003DEFC0 NQDDisposePixMap+0009C
179C4FA8 68K 009974CE 'otlm 0009 0002 .MPP'+002EE
179C4F9C 68K 008EAAFE
179C4F84 68K 0006F9E2
179C4F78 179C4F70 PPC FFCDCF40 FragPrepare+003AC
179C4F28 179C4F20 PPC FFD0A2E8 DisposeHandle+00024
179C4F14 179C4F10 68K 0006F9E2
179C4F08 179C4F00 PPC FFCE276C GetIndSymbol+02A34
179C4EC4 68K 0006F9E2
179C4EB8 179C4EB0 PPC FFCE1C0C GetIndSymbol+01ED4
179C4EA8 179C4EA0 PPC FFCE1FBC GetIndSymbol+02284
179C4E84 68K 0006F9E2
179C4E34 68K 0006F9E2
179C4E28 179C4E20 PPC FFCE1D6C GetIndSymbol+02034
179C4DE8 179C4DE0 PPC 0096D5E4 BootOpenTransport+000D4
179C4D98 68K 179CD7B0
179C4D68 179C4D60 PPC 00329AEC __HLock+00010
179C4D58 179C4D50 PPC 007124E0 __OpenResFileUnderSystemMap+00050
179C4D3E 179C4D3A 68K 0099503C 'lmgr 0000 0016'+0008C
179C4D2A 179C4D26 68K 00995A4C 'lmgr 0000 0016'+00A9C
179C4D0A 179C4D06 68K 009959A6 'lmgr 0000 0016'+009F6
179C4CDA 68K 00995DE4 'lmgr 0000 0016'+00E34
179C4CB6 68K 0099507C 'lmgr 0000 0016'+000CC
179C4CA6 179C4CA2 68K 00999BFE 'AINI 8042 0016 Startup ASLM PPC'+000DE
179C4C88 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4C78 68K 000E1EE2
179C4C3C 179C4C38 68K 0099A25A LoadLibraryManagerEntry+0012C
179C4BE0 179C4BDC 68K 0099A09C OpenLibraryManagerFile(short*, long*)+00052
179C4BDC 68K 179C4C3E
179C4B9E 179C4B9A 68K 0099AB7E HOPENRESFILEGLUE+0004A
179C4B92 179C4B8E 68K 0096B9B4
179C4B72 179C4B6E 68K 0096A32E
179C4B64 PPC FFCEBAD0 NewRoutineDescriptor+000A0
179C4B42 179C4B3E 68K 00969EFA
179C4B08 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4AF8 68K 000E24CA
179C4AE4 68K 0096B99C
179C4AC8 179C4AC0 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4AA8 179C4AA0 PPC 0070FB5C __HOpenResFile+00068
179C4A68 68K 001BB680
179C4A5C 68K 000058F2
179C4A50 68K 000058F2
179C4A40 68K 00999FFC LocateFile(unsigned long, unsigned long, unsigned l
ong, FSSpec*)+00084
179C4A2C 68K 001B8D8E
179C49EE 179C49EA 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C49C8 179C49C0 PPC 0070F63C __RsrcMapEntry+0091C
179C49B8 179C49B0 PPC 0070F73C __RsrcMapEntry+00A1C
179C4988 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4938 PPC FFCEBA60 NewRoutineDescriptor+00030
179C4910 68K 00004FFE
179C489A 68K 0032179A
179C4880 179C4878 PPC 009A70B4
179C47E0 179C47D8 PPC 009C2598
179C4798 179C4790 PPC 009CDAC8
179C4738 179C4730 PPC 009CF7F0
179C46F0 179C46E8 PPC 009C7968
179C46DC 68K 000058F2
179C46D8 68K 000058F2
179C46B8 179C46B0 PPC 009C79D4
179C46A0 PPC 009C85E4
179C4698 179C4690 PPC 009C7C24
179C4660 PPC FFD09FD8 SetZone+00024
179C4658 179C4650 PPC FFD13558 UseResFile+00018
179C45DC PPC 009C54D4
179C45C0 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C4598 68K 179CD7B0
179C455C PPC 009C54C8
179C4538 68K 000E2242
179C4518 68K 004C608A
179C4510 179C4508 PPC 009C58EC
179C450C 179C4508 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C44F0 PPC 009CEAAC
179C44D4 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C44AC 68K 179CD7B0
179C4470 PPC 009CEAA0
179C442C PPC 009CE730
179C4410 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C43E8 68K 179CD7B0
179C43AC PPC 009CE724
179C4360 179C4358 PPC 009CEAD0
179C4328 179C4320 PPC 009ED778
179C4300 179C42F8 PPC 009CE4B8
179C42FC 179C42F8 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C42E8 179C42E0 PPC 009EA29C
179C42C0 179C42B8 PPC 009EA200
179C42A0 179C4298 PPC FFD0CB6C NGetTrapAddress+00030
179C4268 PPC 009D0874
179C4260 179C4258 PPC FFD0DF34 GetToolboxTrapAddress+00028
179C4208 68K 001BB680
179C41F8 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C4138 179C4130 PPC 009EBBE0 ResidentOpenTransport+00C40
179C40E8 179C40E0 PPC 009EAEF0 DoLoadUnload()+0006C
179C4048 179C4040 PPC 00A16F20 OTRunPortScanners+001D8
179C4024 PPC 009CAC90
179C4008 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3FE0 68K 179CD7B0
179C3FA4 179C3F9C PPC 009CAC84
179C3F60 179C3F58 PPC 009CACC4
179C3F28 PPC 009C9450
179C3F20 179C3F18 PPC 009D4FAC
179C3F08 179C3F00 PPC 009C086C
179C3ED0 179C3EC8 PPC 009BF348
179C3E60 179C3E58 PPC 009B90A8
179C3E28 PPC 009B930C
179C3E20 179C3E18 PPC 009B4628
179C3DF8 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3DD0 68K 179CD7B0
179C3D68 179C3D60 PPC 009BFA04
179C3D64 179C3D60 68K 0006F9E2
179C3D28 179C3D20 PPC 009D1690
179C3CE0 179C3CD8 PPC 009CDAC8
179C3C80 179C3C78 PPC 009CF7F0
179C3C38 179C3C30 PPC 009C7968
179C3C24 68K 000058F2
179C3C20 68K 000058F2
179C3C00 179C3BF8 PPC 009C79D4
179C3BE8 PPC 009C85E4
179C3BE0 179C3BD8 PPC 009C7C24
179C3BA8 PPC FFD09FD8 SetZone+00024
179C3BA0 179C3B98 PPC FFD13558 UseResFile+00018
179C3B24 PPC 009C54D4
179C3B08 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3AE0 68K 179CD7B0
179C3AA4 179C3A9C PPC 009C54C8
179C3A60 68K 004C608A
179C3A58 179C3A50 PPC 009C58D4
179C3A38 PPC 009CE440
179C3A1C 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C39F4 68K 179CD7B0
179C39B8 179C39B0 PPC 009CE434
179C3948 179C3940 PPC 009D49AC
179C38B0 68K FFC0E062 _GetTrapAddress
179C38A8 PPC 009C4F54
179C38A0 179C3898 PPC 00708DB4 __UseResFile+000A0
179C3868 PPC FFD09580 GetHandleSize+00024
179C3848 179C3840 PPC 009CE460
179C3844 179C3840 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3810 PPC 009CD074
179C37F0 179C37E8 PPC 00A1A228
OB August build:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009BBDCC
20-Dec-2015 12:07:09 PM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009BBDCC is in the System heap at 00002800
It is 000009DC bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009BB3F0 00006E64+10 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009BBDCC CR 0100 0100 0010 0010 0000 0100 0010 0010
LR = 009FAE38 <>=O XEVO
CTR = 009BBDCC
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009BBDCC R8 = 00001400 R16 = 70777063 R24 = 000500F0
SP = 0BB8BF20 R9 = 00000000 R17 = 00000001 R25 = 0097A678
TOC = 009BD584 R10 = 009BE070 R18 = 00000000 R26 = 00000FF1
R3 = 0BB8C764 R11 = 009BBCC4 R19 = 00000000 R27 = 00000001
R4 = 00000001 R12 = 009C1700 R20 = 00000000 R28 = 0BB8C9FE
R5 = 009BB934 R13 = 0094C1E0 R21 = 00000001 R29 = 0094C2CC
R6 = 0BB8C768 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0094C2C0
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 0BB8BF9C
Disassembling PowerPC code from 009BBDA4
No procedure name
009BBDA4 dc.l 0x00000000 | 00000000
009BBDA8 dc.l 0x0098D948 | 0098D948
009BBDAC dc.l 0x009BB934 | 009BB934
009BBDB0 dc.l 0x00000000 | 00000000
009BBDB4 dc.l 0x0098D950 | 0098D950
009BBDB8 dc.l 0x009BB934 | 009BB934
009BBDBC dc.l 0x00000000 | 00000000
009BBDC0 dc.l 0x0098D960 | 0098D960
009BBDC4 dc.l 0x009BB934 | 009BB934
009BBDC8 dc.l 0x00000000 | 00000000
009BBDCC *dc.l 0x0098FC38 | 0098FC38
009BBDD0 dc.l 0x009BB934 | 009BB934
009BBDD4 dc.l 0x00000000 | 00000000
009BBDD8 dc.l 0x0098FC40 | 0098FC40
009BBDDC dc.l 0x009BB934 | 009BB934
009BBDE0 dc.l 0x00000000 | 00000000
009BBDE4 dc.l 0x0098FC48 | 0098FC48
009BBDE8 dc.l 0x009BB934 | 009BB934
009BBDEC dc.l 0x00000000 | 00000000
009BBDF0 dc.l 0x0098FC50 | 0098FC50
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E7AD0 to 0061DACF
#4 Mod 94K 006BDB50 to 006D572F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E7AD0 is ok
The heap at 006BDB50 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 0018 #24 000363E0 #222176 (#216K)
Nonrelocatable 091D #2333 0082BE7C #8568444 (#8367K)
Relocatable 02D0 #720 002574A0 #2454688 (#2397K)
Locked 00BE #190 001CEFA0 #1896352 (#1851K)
Purgeable and not locked 0031 #49 0000CD00 #52480 (#51K)
Heap size 0C05 #3077 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
Zone pointer, bkLim, or length of trailer block is bad
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
0BB8D3EA 68K 0BB8DF62
0BB8D3E2 68K 0BB8DF48
0BB8D3DA 0BB8D3D6 68K 0BB997A0
0BB8D394 0BB8D390 68K 0BB90624
0BB8D38C 0BB8D388 68K 0BB9061C
0BB8D36C 0BB8D368 68K 0BB91078
0BB8D34C 68K 00005BE2
0BB8D348 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D338 68K 004A5A3E
0BB8D32E 0BB8D32A 68K 0BB91CF2
0BB8D308 0BB8D300 PPC 003C27DC NQDSetPort+00038
0BB8D2F8 0BB8D2F0 PPC 003AA53C NQDRGBBackColor+00088
0BB8D2A6 0BB8D2A2 68K 0BB99762
0BB8D248 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D224 68K 0BB99762
0BB8D1E4 68K 0004FD72
0BB8D1D8 68K FFCDF942 GetSharedLibrary+000D2
0BB8D1AE PPC 000621FC CalcPowerSummary+0020C
0BB8D1A4 68K 0BB9A58E
0BB8D174 68K 0004FD72
0BB8D168 68K FFCDF7DE FragRegisterLocalAllocator+004DA
0BB8D14A 68K 00198EC0
0BB8D128 0BB8D120 PPC FFD099F4 GetZone+0001C
0BB8D118 0BB8D110 PPC FFCDE74C FragGetContextInfo+00028
0BB8D0D8 68K 0019BA40
0BB8D0C8 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D0B8 68K 004A59F6
0BB8D088 0BB8D080 PPC 003C076C NQDCloseCPort+00154
0BB8D068 PPC 007BF4B0 _eUnregisterIconRef+0008C
0BB8D064 0BB8D060 68K 00005BE2
0BB8D048 0BB8D040 PPC 003C05FC NQDClipRect+00228
0BB8D028 0BB8D020 PPC FFD13558 UseResFile+00018
0BB8D008 0BB8D000 PPC FFD0A2E8 DisposeHandle+00024
0BB8CFF8 0BB8CFF0 PPC 003C0BC0 NQDDisposePixMap+0009C
0BB8CF9C 68K 008CAA8E
0BB8CF84 68K 0004FD72
0BB8CF78 0BB8CF70 PPC FFCDCF40 FragPrepare+003AC
0BB8CF56 PPC 00800BB4 __StringToExtended+00A90
0BB8CF28 0BB8CF20 PPC FFD0A2E8 DisposeHandle+00024
0BB8CF14 0BB8CF10 68K 0004FD72
0BB8CF08 0BB8CF00 PPC FFCE276C GetIndSymbol+02A34
0BB8CEC4 68K 0004FD72
0BB8CEB8 0BB8CEB0 PPC FFCE1C0C GetIndSymbol+01ED4
0BB8CEA8 0BB8CEA0 PPC FFCE1FBC GetIndSymbol+02284
0BB8CE84 68K 0004FD72
0BB8CE34 68K 0004FD72
0BB8CE28 0BB8CE20 PPC FFCE1D6C GetIndSymbol+02034
0BB8CDE8 0BB8CDE0 PPC 0094D704 BootOpenTransport+000D4
0BB8CD98 68K 0BB957B0
0BB8CD68 0BB8CD60 PPC 00309AEC __HLock+00010
0BB8CD58 0BB8CD50 PPC 006F2890 __OpenResFileUnderSystemMap+00050
0BB8CD3E 0BB8CD3A 68K 0097526C 'lmgr 0000 0016'+0008C
0BB8CD2A 0BB8CD26 68K 00975C7C 'lmgr 0000 0016'+00A9C
0BB8CD0A 0BB8CD06 68K 00975BD6 'lmgr 0000 0016'+009F6
0BB8CCDA 68K 00976014 'lmgr 0000 0016'+00E34
0BB8CCD6 68K 00004E4A
0BB8CCB6 68K 009752AC 'lmgr 0000 0016'+000CC
0BB8CCA6 0BB8CCA2 68K 00979E2E 'AINI 8042 0016 Startup ASLM PPC'+000DE
0BB8CC88 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CC78 68K 000C2332
0BB8CC60 68K 00004E4A
0BB8CC3C 0BB8CC38 68K 0097A48A LoadLibraryManagerEntry+0012C
0BB8CBE0 0BB8CBDC 68K 0097A2CC OpenLibraryManagerFile(short*, long*)+00052
0BB8CBDC 68K 0BB8CC3E
0BB8CB9E 0BB8CB9A 68K 0097ADAE HOPENRESFILEGLUE+0004A
0BB8CB92 0BB8CB8E 68K 00917B34
0BB8CB72 0BB8CB6E 68K 009164AE
0BB8CB64 PPC FFCEBAD0 NewRoutineDescriptor+000A0
0BB8CB42 0BB8CB3E 68K 0091607A
0BB8CB08 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CAF8 68K 000C291A
0BB8CAE4 68K 00917B1C
0BB8CAC8 0BB8CAC0 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CAA8 0BB8CAA0 PPC 006EFF0C __HOpenResFile+00068
0BB8CA7C 68K 001C01FC
0BB8CA68 68K 0019B680
0BB8CA5C 68K 000058F2
0BB8CA58 68K 00005A42
0BB8CA50 68K 000058F2
0BB8CA40 68K 0097A22C LocateFile(unsigned long, unsigned long, unsigned l
ong, FSSpec*)+00084
0BB8CA2C 68K 00198D8E
0BB8C9EE 0BB8C9EA 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C9C8 0BB8C9C0 PPC 006EF9EC __RsrcMapEntry+0091C
0BB8C9B8 0BB8C9B0 PPC 006EFAEC __RsrcMapEntry+00A1C
0BB8C988 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8C938 PPC FFCEBA60 NewRoutineDescriptor+00030
0BB8C8E0 68K 0BB9A58E
0BB8C880 0BB8C878 PPC 009872D4
0BB8C7E0 0BB8C7D8 PPC 009A27B8
0BB8C798 0BB8C790 PPC 009ADCE8
0BB8C738 0BB8C730 PPC 009AFA10
0BB8C6F0 0BB8C6E8 PPC 009A7B88
0BB8C6DC 68K 000058F2
0BB8C6D8 68K 000058F2
0BB8C6B8 0BB8C6B0 PPC 009A7BF4
0BB8C6B4 0BB8C6B0 68K 009C003C
0BB8C6A0 PPC 009A8804
0BB8C698 0BB8C690 PPC 009A7E44
0BB8C660 PPC FFD09FD8 SetZone+00024
0BB8C658 0BB8C650 PPC FFD13558 UseResFile+00018
0BB8C5DC PPC 009A56F4
0BB8C5C0 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C598 68K 0BB957B0
0BB8C55C PPC 009A56E8
0BB8C538 68K 000C2692
0BB8C518 68K 004A643A
0BB8C510 0BB8C508 PPC 009A5B0C
0BB8C50C 0BB8C508 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C4F0 PPC 009AECCC
0BB8C4D4 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C4AC 68K 0BB957B0
0BB8C470 PPC 009AECC0
0BB8C42C PPC 009AE950
0BB8C410 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C3E8 68K 0BB957B0
0BB8C3AC PPC 009AE944
0BB8C360 0BB8C358 PPC 009AECF0
0BB8C328 0BB8C320 PPC 009E9EB8
0BB8C300 0BB8C2F8 PPC 009AE6D8
0BB8C2FC 0BB8C2F8 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C2E8 0BB8C2E0 PPC 009E69DC
0BB8C2C0 0BB8C2B8 PPC 009E6940
0BB8C2A0 0BB8C298 PPC FFD0CB6C NGetTrapAddress+00030
0BB8C268 PPC 009B0A94
0BB8C260 0BB8C258 PPC FFD0DF34 GetToolboxTrapAddress+00028
0BB8C208 68K 0019B680
0BB8C1F8 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C138 0BB8C130 PPC 009E8320 ResidentOpenTransport+00C40
0BB8C110 68K 009CA34E
0BB8C0E8 0BB8C0E0 PPC 009E7630 DoLoadUnload()+0006C
0BB8C048 0BB8C040 PPC 009F7FF0 OTRunPortScanners+001D8
0BB8C024 PPC 009AAEB0
0BB8C008 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BFE0 68K 0BB957B0
0BB8BFA4 0BB8BF9C PPC 009AAEA4
0BB8BF60 0BB8BF58 PPC 009AAEE4
0BB8BF28 0BB8BF20 PPC 009FADE4
Test3:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 00000000
20-Dec-2015 11:55:56 AM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +400249838
Address 00000000 is in low memory
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 00000000 CR 1000 0010 0010 0010 0000 0100 0100 0010
LR = 00A1A158 <>=O XEVO
CTR = 00000000
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 00000000 R8 = 009C4260 R16 = 70777063 R24 = 0006FCF0
SP = 179C37E8 R9 = 00000000 R17 = 00000001 R25 = 009808D8
TOC = 00A1DB20 R10 = 00000000 R18 = 00000000 R26 = 00000FF1
R3 = 179C402C R11 = 00000001 R19 = 00000000 R27 = 00000001
R4 = 00000001 R12 = 00A1DB48 R20 = 00000000 R28 = 179C49FE
R5 = 009C54F0 R13 = 0096BFA0 R21 = 00000001 R29 = 0096D8EC
R6 = 179C4030 R14 = 00004E9C R22 = 179C52D2 R30 = 0096D8E0
R7 = 00A1D798 R15 = 179CD7B2 R23 = 00000003 R31 = 179C39B0
Disassembling PowerPC code from FFFFFFD8
_PmgrOp
+676DE FFFFFFD8 lwz r5,0x0808(r31) | 80BF0808
+676E2 FFFFFFDC b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D784
+676E6 FFFFFFE0 lwz r5,0x0808(r31) | 80BF0808
+676EA FFFFFFE4 b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D77C
+676EE FFFFFFE8 lwz r5,0x0808(r31) | 80BF0808
+676F2 FFFFFFEC b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D774
+676F6 FFFFFFF0 lwz r5,0x0808(r31) | 80BF0808
+676FA FFFFFFF4 b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D76C
+676FE FFFFFFF8 lwz r5,0x0808(r31) | 80BF0808
+67702 FFFFFFFC b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D764
No procedure name
00000000 *fcmpu cr7,fp1,fp0 | FFC10000
00000004 fcmpu cr7,fp1,fp0 | FFC10000
00000008 dc.l 0xFFC049B0 | FFC049B0
0000000C fmul fp30,fp0,fp6 | FFC049B2
00000010 dc.l 0xFFC049B4 | FFC049B4
00000014 dc.l 0xFFC049B6 | FFC049B6
00000018 fmsub fp30,fp0,fp6,fp9 | FFC049B8
0000001C fmadd fp30,fp0,fp6,fp9 | FFC049BA
00000020 fnmsub fp30,fp0,fp6,fp9 | FFC049BC
Heap zones
#1 Mod 11116K 00002800 to 00ADDA4F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0004AD70 to 0004C75F ROM read-only zone
#3 Mod 216K 00607720 to 0063D71F
#4 Mod 94K 006DD7A0 to 006F537F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0004AD70 is ok
The heap at 00607720 is ok
The heap at 006DD7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 000D #13 00037E30 #228912 (#223K)
Nonrelocatable 091E #2334 0084BF0C #8699660 (#8495K)
Relocatable 02D0 #720 002574D0 #2454736 (#2397K)
Locked 00BE #190 001CEFA0 #1896352 (#1851K)
Purgeable and not locked 0031 #49 0000CD10 #52496 (#51K)
Heap size 0BFB #3067 00ADB20C #11383308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ADDA50 is bad
Zone pointer, bkLim, or length of trailer block is bad
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
179C53EA 68K 179C5F62
179C53E2 68K 179C5F48
179C53DA 179C53D6 68K 179D17A0
179C5394 179C5390 68K 179C8624
179C538C 179C5388 68K 179C861C
179C536C 179C5368 68K 179C9078
179C5348 PPC FFCECA9C EmToNatEndMoveParams+00014
179C5338 68K 004C568E
179C532E 179C532A 68K 179C9CF2
179C5308 179C5300 PPC 003E0BDC NQDSetPort+00038
179C52F8 179C52F0 PPC 003C893C NQDRGBBackColor+00088
179C52A6 179C52A2 68K 179D1762
179C5248 PPC FFCECA9C EmToNatEndMoveParams+00014
179C5224 68K 179D1762
179C51E4 68K 0006F972
179C51D8 68K FFCDF942 GetSharedLibrary+000D2
179C5174 68K 0006F972
179C5168 68K FFCDF7DE FragRegisterLocalAllocator+004DA
179C514A 68K 001B8EC0
179C513E 68K 0020179A
179C5128 179C5120 PPC FFD099F4 GetZone+0001C
179C5118 179C5110 PPC FFCDE74C FragGetContextInfo+00028
179C50D8 68K 001BBA40
179C50C8 PPC FFCECA9C EmToNatEndMoveParams+00014
179C50B8 68K 004C5646
179C5088 179C5080 PPC 003DEB6C NQDCloseCPort+00154
179C5068 PPC 007E0020 _eUnregisterIconRef+0008C
179C5048 179C5040 PPC 003DE9FC NQDClipRect+00228
179C5028 179C5020 PPC FFD13558 UseResFile+00018
179C501C 68K 00824B0A
179C5008 179C5000 PPC FFD0A2E8 DisposeHandle+00024
179C4FF8 179C4FF0 PPC 003DEFC0 NQDDisposePixMap+0009C
179C4F9C 68K 008EAA6E
179C4F84 68K 0006F972
179C4F78 179C4F70 PPC FFCDCF40 FragPrepare+003AC
179C4F32 68K 00200006 HRSTFLOCK+00024
179C4F28 179C4F20 PPC FFD0A2E8 DisposeHandle+00024
179C4F14 179C4F10 68K 0006F972
179C4F08 179C4F00 PPC FFCE276C GetIndSymbol+02A34
179C4EC4 68K 0006F972
179C4EB8 179C4EB0 PPC FFCE1C0C GetIndSymbol+01ED4
179C4EA8 179C4EA0 PPC FFCE1FBC GetIndSymbol+02284
179C4E84 68K 0006F972
179C4E34 68K 0006F972
179C4E28 179C4E20 PPC FFCE1D6C GetIndSymbol+02034
179C4DE8 179C4DE0 PPC 0096D4F4 BootOpenTransport+000D4
179C4D98 68K 179CD7B0
179C4D68 179C4D60 PPC 00329AEC __HLock+00010
179C4D58 179C4D50 PPC 007124E0 __OpenResFileUnderSystemMap+00050
179C4D3E 179C4D3A 68K 0097B4CC 'lmgr 0000 0016'+0008C
179C4D2A 179C4D26 68K 0097BEDC 'lmgr 0000 0016'+00A9C
179C4D0A 179C4D06 68K 0097BE36 'lmgr 0000 0016'+009F6
179C4CDA 68K 0097C274 'lmgr 0000 0016'+00E34
179C4CB6 68K 0097B50C 'lmgr 0000 0016'+000CC
179C4CA6 179C4CA2 68K 0098008E 'AINI 8042 0016 Startup ASLM PPC'+000DE
179C4C88 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4C78 68K 000E1EB2
179C4C3C 179C4C38 68K 009806EA LoadLibraryManagerEntry+0012C
179C4BE0 179C4BDC 68K 0098052C OpenLibraryManagerFile(short*, long*)+00052
179C4B9E 179C4B9A 68K 0098100E HOPENRESFILEGLUE+0004A
179C4B92 179C4B8E 68K 0096B894
179C4B72 179C4B6E 68K 0096A20E
179C4B64 PPC FFCEBAD0 NewRoutineDescriptor+000A0
179C4B42 179C4B3E 68K 00969DDA
179C4B08 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4AF8 68K 000E249A
179C4AE4 68K 0096B87C
179C4AC8 179C4AC0 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4AA8 179C4AA0 PPC 0070FB5C __HOpenResFile+00068
179C4A68 68K 001BB680
179C4A40 68K 0098048C LocateFile(unsigned long, unsigned long, unsigned l
ong, FSSpec*)+00084
179C4A2C 68K 001B8D8E
179C49EE 179C49EA 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C49C8 179C49C0 PPC 0070F63C __RsrcMapEntry+0091C
179C49B8 179C49B0 PPC 0070F73C __RsrcMapEntry+00A1C
179C4988 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4938 PPC FFCEBA60 NewRoutineDescriptor+00030
179C489A 68K 0032179A
179C4880 179C4878 PPC 0098D534
179C47E0 179C47D8 PPC 009A8A18
179C4798 179C4790 PPC 009B3F48
179C4738 179C4730 PPC 009B5C70
179C46F0 179C46E8 PPC 009ADDE8
179C46B8 179C46B0 PPC 009ADE54
179C46A0 PPC 009AEA64
179C4698 179C4690 PPC 009AE0A4
179C4660 PPC FFD09FD8 SetZone+00024
179C4658 179C4650 PPC FFD13558 UseResFile+00018
179C45DC PPC 009AB954
179C45C0 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C4598 68K 179CD7B0
179C455C PPC 009AB948
179C4538 68K 000E2212
179C4518 68K 004C608A
179C4510 179C4508 PPC 009ABD6C
179C450C 179C4508 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C44F0 PPC 009B4F2C
179C44D4 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C44AC 68K 179CD7B0
179C4470 PPC 009B4F20
179C444C 68K 00001B92
179C442C PPC 009B4BB0
179C4410 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C43E8 68K 179CD7B0
179C43AC PPC 009B4BA4
179C4360 179C4358 PPC 009B4F50
179C4328 179C4320 PPC 009D3EF8
179C4300 179C42F8 PPC 009B4938
179C42FC 179C42F8 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C42E8 179C42E0 PPC 009D0A1C
179C42C0 179C42B8 PPC 009D0980
179C42A0 179C4298 PPC FFD0CB6C NGetTrapAddress+00030
179C4268 PPC 009B6CF4
179C4260 179C4258 PPC FFD0DF34 GetToolboxTrapAddress+00028
179C4208 68K 001BB680
179C41F8 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C4138 179C4130 PPC 009D2360 ResidentOpenTransport+00C40
179C40E8 179C40E0 PPC 009D1670 DoLoadUnload()+0006C
179C4048 179C4040 PPC 00A17310 OTRunPortScanners+001D8
179C4024 PPC 009B1110
179C4008 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3FE0 68K 179CD7B0
179C3FA4 179C3F9C PPC 009B1104
179C3F60 179C3F58 PPC 009B1144
179C3F28 PPC 009AF8D0
179C3F20 179C3F18 PPC 009BB42C
179C3F08 179C3F00 PPC 009A6CEC
179C3ED0 179C3EC8 PPC 009A57C8
179C3E60 179C3E58 PPC 0099F528
179C3E28 PPC 0099F78C
179C3E20 179C3E18 PPC 0099AAA8
179C3DF8 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3DD0 68K 179CD7B0
179C3D68 179C3D60 PPC 009A5E84
179C3D64 179C3D60 68K 0006F972
179C3D28 179C3D20 PPC 009B7B10
179C3CE0 179C3CD8 PPC 009B3F48
179C3C80 179C3C78 PPC 009B5C70
179C3C38 179C3C30 PPC 009ADDE8
179C3C00 179C3BF8 PPC 009ADE54
179C3BE8 PPC 009AEA64
179C3BE0 179C3BD8 PPC 009AE0A4
179C3BA8 PPC FFD09FD8 SetZone+00024
179C3BA0 179C3B98 PPC FFD13558 UseResFile+00018
179C3B24 PPC 009AB954
179C3B08 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3AE0 68K 179CD7B0
179C3AA4 179C3A9C PPC 009AB948
179C3A60 68K 004C608A
179C3A58 179C3A50 PPC 009ABD54
179C3A38 PPC 009B48C0
179C3A1C 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C39F4 68K 179CD7B0
179C39B8 179C39B0 PPC 009B48B4
179C3994 68K 00001B92
179C3948 179C3940 PPC 009BAE2C
179C38B0 68K FFC0E062 _GetTrapAddress
179C38A8 PPC 009AB3D4
179C38A0 179C3898 PPC 00708DB4 __UseResFile+000A0
179C3868 PPC FFD09580 GetHandleSize+00024
179C3848 179C3840 PPC 009B48E0
179C3844 179C3840 68K 009808D6 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3810 PPC 009B34F4
179C37F0 179C37E8 PPC 00A1A0F8
Test4:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 00000000
20-Dec-2015 12:01:40 PM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +400249838
Address 00000000 is in low memory
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 00000000 CR 1000 0010 0010 0010 0000 0100 0100 0010
LR = 00A1A288 <>=O XEVO
CTR = 00000000
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 00000000 R8 = 009DDDE0 R16 = 70777063 R24 = 0006FD60
SP = 179C37E8 R9 = 00000000 R17 = 00000001 R25 = 0099A448
TOC = 00A1DC50 R10 = 00000000 R18 = 00000000 R26 = 00000FF1
R3 = 179C402C R11 = 00000001 R19 = 00000000 R27 = 00000001
R4 = 00000001 R12 = 00A1DC78 R20 = 00000000 R28 = 179C49FE
R5 = 009DF070 R13 = 0096C0C0 R21 = 00000001 R29 = 0096D98C
R6 = 179C4030 R14 = 00004E9C R22 = 179C52D2 R30 = 0096D980
R7 = 00A1D8C8 R15 = 179CD7B2 R23 = 00000003 R31 = 179C39B0
Disassembling PowerPC code from FFFFFFD8
_PmgrOp
+676DE FFFFFFD8 lwz r5,0x0808(r31) | 80BF0808
+676E2 FFFFFFDC b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D784
+676E6 FFFFFFE0 lwz r5,0x0808(r31) | 80BF0808
+676EA FFFFFFE4 b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D77C
+676EE FFFFFFE8 lwz r5,0x0808(r31) | 80BF0808
+676F2 FFFFFFEC b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D774
+676F6 FFFFFFF0 lwz r5,0x0808(r31) | 80BF0808
+676FA FFFFFFF4 b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D76C
+676FE FFFFFFF8 lwz r5,0x0808(r31) | 80BF0808
+67702 FFFFFFFC b _PmgrOp+D4E66 ; 0xFFF6D760 | 4BF6D764
No procedure name
00000000 *fcmpu cr7,fp1,fp0 | FFC10000
00000004 fcmpu cr7,fp1,fp0 | FFC10000
00000008 dc.l 0xFFC049B0 | FFC049B0
0000000C fmul fp30,fp0,fp6 | FFC049B2
00000010 dc.l 0xFFC049B4 | FFC049B4
00000014 dc.l 0xFFC049B6 | FFC049B6
00000018 fmsub fp30,fp0,fp6,fp9 | FFC049B8
0000001C fmadd fp30,fp0,fp6,fp9 | FFC049BA
00000020 fnmsub fp30,fp0,fp6,fp9 | FFC049BC
Heap zones
#1 Mod 11116K 00002800 to 00ADDA4F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0004AD70 to 0004C75F ROM read-only zone
#3 Mod 216K 00607720 to 0063D71F
#4 Mod 94K 006DD7A0 to 006F537F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0004AD70 is ok
The heap at 00607720 is ok
The heap at 006DD7A0 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 0014 #20 00037DD0 #228816 (#223K)
Nonrelocatable 091D #2333 0084BF2C #8699692 (#8495K)
Relocatable 02D0 #720 00257510 #2454800 (#2397K)
Locked 00BE #190 001CEFB0 #1896368 (#1851K)
Purgeable and not locked 0031 #49 0000CD20 #52512 (#51K)
Heap size 0C01 #3073 00ADB20C #11383308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ADDA50 is bad
Zone pointer, bkLim, or length of trailer block is bad
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
179C53EA 68K 179C5F62
179C53E2 68K 179C5F48
179C53DA 179C53D6 68K 179D17A0
179C5394 179C5390 68K 179C8624
179C538C 179C5388 68K 179C861C
179C536C 179C5368 68K 179C9078
179C5348 PPC FFCECA9C EmToNatEndMoveParams+00014
179C5338 68K 004C568E
179C532E 179C532A 68K 179C9CF2
179C5308 179C5300 PPC 003E0BDC NQDSetPort+00038
179C52F8 179C52F0 PPC 003C893C NQDRGBBackColor+00088
179C52A6 179C52A2 68K 179D1762
179C5248 PPC FFCECA9C EmToNatEndMoveParams+00014
179C5224 68K 179D1762
179C51E4 68K 0006F9E2
179C51D8 68K FFCDF942 GetSharedLibrary+000D2
179C5174 68K 0006F9E2
179C5168 68K FFCDF7DE FragRegisterLocalAllocator+004DA
179C514A 68K 001B8EC0
179C513E 68K 0020179A
179C5128 179C5120 PPC FFD099F4 GetZone+0001C
179C5118 179C5110 PPC FFCDE74C FragGetContextInfo+00028
179C50D8 68K 001BBA40
179C50C8 PPC FFCECA9C EmToNatEndMoveParams+00014
179C50B8 68K 004C5646
179C50A4 PPC 007EAFE8 GetIconRefFromFolderInfo+0003C
179C5088 179C5080 PPC 003DEB6C NQDCloseCPort+00154
179C5068 PPC 007DF100 _eUnregisterIconRef+0008C
179C5048 179C5040 PPC 003DE9FC NQDClipRect+00228
179C5028 179C5020 PPC FFD13558 UseResFile+00018
179C501C 68K 00824BAA
179C5008 179C5000 PPC FFD0A2E8 DisposeHandle+00024
179C4FF8 179C4FF0 PPC 003DEFC0 NQDDisposePixMap+0009C
179C4FA8 68K 009974CE 'otlm 0009 0002 .MPP'+002EE
179C4F9C 68K 008EAAFE
179C4F84 68K 0006F9E2
179C4F78 179C4F70 PPC FFCDCF40 FragPrepare+003AC
179C4F28 179C4F20 PPC FFD0A2E8 DisposeHandle+00024
179C4F14 179C4F10 68K 0006F9E2
179C4F08 179C4F00 PPC FFCE276C GetIndSymbol+02A34
179C4EC4 68K 0006F9E2
179C4EB8 179C4EB0 PPC FFCE1C0C GetIndSymbol+01ED4
179C4EA8 179C4EA0 PPC FFCE1FBC GetIndSymbol+02284
179C4E84 68K 0006F9E2
179C4E34 68K 0006F9E2
179C4E28 179C4E20 PPC FFCE1D6C GetIndSymbol+02034
179C4DE8 179C4DE0 PPC 0096D5E4 BootOpenTransport+000D4
179C4D98 68K 179CD7B0
179C4D68 179C4D60 PPC 00329AEC __HLock+00010
179C4D58 179C4D50 PPC 007124E0 __OpenResFileUnderSystemMap+00050
179C4D3E 179C4D3A 68K 0099503C 'lmgr 0000 0016'+0008C
179C4D2A 179C4D26 68K 00995A4C 'lmgr 0000 0016'+00A9C
179C4D0A 179C4D06 68K 009959A6 'lmgr 0000 0016'+009F6
179C4CDA 68K 00995DE4 'lmgr 0000 0016'+00E34
179C4CB6 68K 0099507C 'lmgr 0000 0016'+000CC
179C4CA6 179C4CA2 68K 00999BFE 'AINI 8042 0016 Startup ASLM PPC'+000DE
179C4C88 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4C78 68K 000E1EE2
179C4C3C 179C4C38 68K 0099A25A LoadLibraryManagerEntry+0012C
179C4BE0 179C4BDC 68K 0099A09C OpenLibraryManagerFile(short*, long*)+00052
179C4BDC 68K 179C4C3E
179C4B9E 179C4B9A 68K 0099AB7E HOPENRESFILEGLUE+0004A
179C4B92 179C4B8E 68K 0096B9B4
179C4B72 179C4B6E 68K 0096A32E
179C4B64 PPC FFCEBAD0 NewRoutineDescriptor+000A0
179C4B42 179C4B3E 68K 00969EFA
179C4B08 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4AF8 68K 000E24CA
179C4AE4 68K 0096B99C
179C4AC8 179C4AC0 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4AA8 179C4AA0 PPC 0070FB5C __HOpenResFile+00068
179C4A68 68K 001BB680
179C4A5C 68K 000058F2
179C4A50 68K 000058F2
179C4A40 68K 00999FFC LocateFile(unsigned long, unsigned long, unsigned l
ong, FSSpec*)+00084
179C4A2C 68K 001B8D8E
179C49EE 179C49EA 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C49C8 179C49C0 PPC 0070F63C __RsrcMapEntry+0091C
179C49B8 179C49B0 PPC 0070F73C __RsrcMapEntry+00A1C
179C4988 PPC FFCECA9C EmToNatEndMoveParams+00014
179C4938 PPC FFCEBA60 NewRoutineDescriptor+00030
179C4910 68K 00004FFE
179C489A 68K 0032179A
179C4880 179C4878 PPC 009A70B4
179C47E0 179C47D8 PPC 009C2598
179C4798 179C4790 PPC 009CDAC8
179C4738 179C4730 PPC 009CF7F0
179C46F0 179C46E8 PPC 009C7968
179C46DC 68K 000058F2
179C46D8 68K 000058F2
179C46B8 179C46B0 PPC 009C79D4
179C46A0 PPC 009C85E4
179C4698 179C4690 PPC 009C7C24
179C4660 PPC FFD09FD8 SetZone+00024
179C4658 179C4650 PPC FFD13558 UseResFile+00018
179C45DC PPC 009C54D4
179C45C0 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C4598 68K 179CD7B0
179C455C PPC 009C54C8
179C4538 68K 000E2242
179C4518 68K 004C608A
179C4510 179C4508 PPC 009C58EC
179C450C 179C4508 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C44F0 PPC 009CEAAC
179C44D4 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C44AC 68K 179CD7B0
179C4470 PPC 009CEAA0
179C442C PPC 009CE730
179C4410 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C43E8 68K 179CD7B0
179C43AC PPC 009CE724
179C4360 179C4358 PPC 009CEAD0
179C4328 179C4320 PPC 009ED778
179C4300 179C42F8 PPC 009CE4B8
179C42FC 179C42F8 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C42E8 179C42E0 PPC 009EA29C
179C42C0 179C42B8 PPC 009EA200
179C42A0 179C4298 PPC FFD0CB6C NGetTrapAddress+00030
179C4268 PPC 009D0874
179C4260 179C4258 PPC FFD0DF34 GetToolboxTrapAddress+00028
179C4208 68K 001BB680
179C41F8 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C4138 179C4130 PPC 009EBBE0 ResidentOpenTransport+00C40
179C40E8 179C40E0 PPC 009EAEF0 DoLoadUnload()+0006C
179C4048 179C4040 PPC 00A16F20 OTRunPortScanners+001D8
179C4024 PPC 009CAC90
179C4008 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3FE0 68K 179CD7B0
179C3FA4 179C3F9C PPC 009CAC84
179C3F60 179C3F58 PPC 009CACC4
179C3F28 PPC 009C9450
179C3F20 179C3F18 PPC 009D4FAC
179C3F08 179C3F00 PPC 009C086C
179C3ED0 179C3EC8 PPC 009BF348
179C3E60 179C3E58 PPC 009B90A8
179C3E28 PPC 009B930C
179C3E20 179C3E18 PPC 009B4628
179C3DF8 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3DD0 68K 179CD7B0
179C3D68 179C3D60 PPC 009BFA04
179C3D64 179C3D60 68K 0006F9E2
179C3D28 179C3D20 PPC 009D1690
179C3CE0 179C3CD8 PPC 009CDAC8
179C3C80 179C3C78 PPC 009CF7F0
179C3C38 179C3C30 PPC 009C7968
179C3C24 68K 000058F2
179C3C20 68K 000058F2
179C3C00 179C3BF8 PPC 009C79D4
179C3BE8 PPC 009C85E4
179C3BE0 179C3BD8 PPC 009C7C24
179C3BA8 PPC FFD09FD8 SetZone+00024
179C3BA0 179C3B98 PPC FFD13558 UseResFile+00018
179C3B24 PPC 009C54D4
179C3B08 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3AE0 68K 179CD7B0
179C3AA4 179C3A9C PPC 009C54C8
179C3A60 68K 004C608A
179C3A58 179C3A50 PPC 009C58D4
179C3A38 PPC 009CE440
179C3A1C 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C39F4 68K 179CD7B0
179C39B8 179C39B0 PPC 009CE434
179C3948 179C3940 PPC 009D49AC
179C38B0 68K FFC0E062 _GetTrapAddress
179C38A8 PPC 009C4F54
179C38A0 179C3898 PPC 00708DB4 __UseResFile+000A0
179C3868 PPC FFD09580 GetHandleSize+00024
179C3848 179C3840 PPC 009CE460
179C3844 179C3840 68K 0099A446 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
179C3810 PPC 009CD074
179C37F0 179C37E8 PPC 00A1A228
OB August build:
MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000
PowerPC illegal instruction at 009BBDCC
20-Dec-2015 12:07:09 PM (since boot = 11 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is off
NIL^ = $FFC10000
Stack space used = +200791022
Address 009BBDCC is in the System heap at 00002800
It is 000009DC bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 009BB3F0 00006E64+10 N
PowerPC 7400 (G4) Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 009BBDCC CR 0100 0100 0010 0010 0000 0100 0010 0010
LR = 009FAE38 <>=O XEVO
CTR = 009BBDCC
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000
R0 = 009BBDCC R8 = 00001400 R16 = 70777063 R24 = 000500F0
SP = 0BB8BF20 R9 = 00000000 R17 = 00000001 R25 = 0097A678
TOC = 009BD584 R10 = 009BE070 R18 = 00000000 R26 = 00000FF1
R3 = 0BB8C764 R11 = 009BBCC4 R19 = 00000000 R27 = 00000001
R4 = 00000001 R12 = 009C1700 R20 = 00000000 R28 = 0BB8C9FE
R5 = 009BB934 R13 = 0094C1E0 R21 = 00000001 R29 = 0094C2CC
R6 = 0BB8C768 R14 = 00004E9C R22 = 0BB8D2D2 R30 = 0094C2C0
R7 = 00000000 R15 = 0BB957B2 R23 = 00000003 R31 = 0BB8BF9C
Disassembling PowerPC code from 009BBDA4
No procedure name
009BBDA4 dc.l 0x00000000 | 00000000
009BBDA8 dc.l 0x0098D948 | 0098D948
009BBDAC dc.l 0x009BB934 | 009BB934
009BBDB0 dc.l 0x00000000 | 00000000
009BBDB4 dc.l 0x0098D950 | 0098D950
009BBDB8 dc.l 0x009BB934 | 009BB934
009BBDBC dc.l 0x00000000 | 00000000
009BBDC0 dc.l 0x0098D960 | 0098D960
009BBDC4 dc.l 0x009BB934 | 009BB934
009BBDC8 dc.l 0x00000000 | 00000000
009BBDCC *dc.l 0x0098FC38 | 0098FC38
009BBDD0 dc.l 0x009BB934 | 009BB934
009BBDD4 dc.l 0x00000000 | 00000000
009BBDD8 dc.l 0x0098FC40 | 0098FC40
009BBDDC dc.l 0x009BB934 | 009BB934
009BBDE0 dc.l 0x00000000 | 00000000
009BBDE4 dc.l 0x0098FC48 | 0098FC48
009BBDE8 dc.l 0x009BB934 | 009BB934
009BBDEC dc.l 0x00000000 | 00000000
009BBDF0 dc.l 0x0098FC50 | 0098FC50
Heap zones
#1 Mod 10981K 00002800 to 00ABBF3F SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 0002B230 to 0002CC1F ROM read-only zone
#3 Mod 216K 005E7AD0 to 0061DACF
#4 Mod 94K 006BDB50 to 006D572F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0002B230 is ok
The heap at 005E7AD0 is ok
The heap at 006BDB50 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 0018 #24 000363E0 #222176 (#216K)
Nonrelocatable 091D #2333 0082BE7C #8568444 (#8367K)
Relocatable 02D0 #720 002574A0 #2454688 (#2397K)
Locked 00BE #190 001CEFA0 #1896352 (#1851K)
Purgeable and not locked 0031 #49 0000CD00 #52480 (#51K)
Heap size 0C05 #3077 00AB96FC #11245308 (#10M)
>>> With all macros expanded, your command line was:
log "StdLog";set suspendprompt on;dv v;stat;wh;td;ip;hz;hc all;hx 02A6^ ;ht;hx 02A6^^+10
;ht;hx 02AA^ ;ht;file 0;vol;drive;drvr -v;rd -s;sc6;sc7 sp 1k;dm sp 80;dm 0 20;log
The heap at 00ABBF40 is bad
Zone pointer, bkLim, or length of trailer block is bad
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
0BB8D3EA 68K 0BB8DF62
0BB8D3E2 68K 0BB8DF48
0BB8D3DA 0BB8D3D6 68K 0BB997A0
0BB8D394 0BB8D390 68K 0BB90624
0BB8D38C 0BB8D388 68K 0BB9061C
0BB8D36C 0BB8D368 68K 0BB91078
0BB8D34C 68K 00005BE2
0BB8D348 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D338 68K 004A5A3E
0BB8D32E 0BB8D32A 68K 0BB91CF2
0BB8D308 0BB8D300 PPC 003C27DC NQDSetPort+00038
0BB8D2F8 0BB8D2F0 PPC 003AA53C NQDRGBBackColor+00088
0BB8D2A6 0BB8D2A2 68K 0BB99762
0BB8D248 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D224 68K 0BB99762
0BB8D1E4 68K 0004FD72
0BB8D1D8 68K FFCDF942 GetSharedLibrary+000D2
0BB8D1AE PPC 000621FC CalcPowerSummary+0020C
0BB8D1A4 68K 0BB9A58E
0BB8D174 68K 0004FD72
0BB8D168 68K FFCDF7DE FragRegisterLocalAllocator+004DA
0BB8D14A 68K 00198EC0
0BB8D128 0BB8D120 PPC FFD099F4 GetZone+0001C
0BB8D118 0BB8D110 PPC FFCDE74C FragGetContextInfo+00028
0BB8D0D8 68K 0019BA40
0BB8D0C8 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8D0B8 68K 004A59F6
0BB8D088 0BB8D080 PPC 003C076C NQDCloseCPort+00154
0BB8D068 PPC 007BF4B0 _eUnregisterIconRef+0008C
0BB8D064 0BB8D060 68K 00005BE2
0BB8D048 0BB8D040 PPC 003C05FC NQDClipRect+00228
0BB8D028 0BB8D020 PPC FFD13558 UseResFile+00018
0BB8D008 0BB8D000 PPC FFD0A2E8 DisposeHandle+00024
0BB8CFF8 0BB8CFF0 PPC 003C0BC0 NQDDisposePixMap+0009C
0BB8CF9C 68K 008CAA8E
0BB8CF84 68K 0004FD72
0BB8CF78 0BB8CF70 PPC FFCDCF40 FragPrepare+003AC
0BB8CF56 PPC 00800BB4 __StringToExtended+00A90
0BB8CF28 0BB8CF20 PPC FFD0A2E8 DisposeHandle+00024
0BB8CF14 0BB8CF10 68K 0004FD72
0BB8CF08 0BB8CF00 PPC FFCE276C GetIndSymbol+02A34
0BB8CEC4 68K 0004FD72
0BB8CEB8 0BB8CEB0 PPC FFCE1C0C GetIndSymbol+01ED4
0BB8CEA8 0BB8CEA0 PPC FFCE1FBC GetIndSymbol+02284
0BB8CE84 68K 0004FD72
0BB8CE34 68K 0004FD72
0BB8CE28 0BB8CE20 PPC FFCE1D6C GetIndSymbol+02034
0BB8CDE8 0BB8CDE0 PPC 0094D704 BootOpenTransport+000D4
0BB8CD98 68K 0BB957B0
0BB8CD68 0BB8CD60 PPC 00309AEC __HLock+00010
0BB8CD58 0BB8CD50 PPC 006F2890 __OpenResFileUnderSystemMap+00050
0BB8CD3E 0BB8CD3A 68K 0097526C 'lmgr 0000 0016'+0008C
0BB8CD2A 0BB8CD26 68K 00975C7C 'lmgr 0000 0016'+00A9C
0BB8CD0A 0BB8CD06 68K 00975BD6 'lmgr 0000 0016'+009F6
0BB8CCDA 68K 00976014 'lmgr 0000 0016'+00E34
0BB8CCD6 68K 00004E4A
0BB8CCB6 68K 009752AC 'lmgr 0000 0016'+000CC
0BB8CCA6 0BB8CCA2 68K 00979E2E 'AINI 8042 0016 Startup ASLM PPC'+000DE
0BB8CC88 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CC78 68K 000C2332
0BB8CC60 68K 00004E4A
0BB8CC3C 0BB8CC38 68K 0097A48A LoadLibraryManagerEntry+0012C
0BB8CBE0 0BB8CBDC 68K 0097A2CC OpenLibraryManagerFile(short*, long*)+00052
0BB8CBDC 68K 0BB8CC3E
0BB8CB9E 0BB8CB9A 68K 0097ADAE HOPENRESFILEGLUE+0004A
0BB8CB92 0BB8CB8E 68K 00917B34
0BB8CB72 0BB8CB6E 68K 009164AE
0BB8CB64 PPC FFCEBAD0 NewRoutineDescriptor+000A0
0BB8CB42 0BB8CB3E 68K 0091607A
0BB8CB08 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CAF8 68K 000C291A
0BB8CAE4 68K 00917B1C
0BB8CAC8 0BB8CAC0 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8CAA8 0BB8CAA0 PPC 006EFF0C __HOpenResFile+00068
0BB8CA7C 68K 001C01FC
0BB8CA68 68K 0019B680
0BB8CA5C 68K 000058F2
0BB8CA58 68K 00005A42
0BB8CA50 68K 000058F2
0BB8CA40 68K 0097A22C LocateFile(unsigned long, unsigned long, unsigned l
ong, FSSpec*)+00084
0BB8CA2C 68K 00198D8E
0BB8C9EE 0BB8C9EA 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C9C8 0BB8C9C0 PPC 006EF9EC __RsrcMapEntry+0091C
0BB8C9B8 0BB8C9B0 PPC 006EFAEC __RsrcMapEntry+00A1C
0BB8C988 PPC FFCECA9C EmToNatEndMoveParams+00014
0BB8C938 PPC FFCEBA60 NewRoutineDescriptor+00030
0BB8C8E0 68K 0BB9A58E
0BB8C880 0BB8C878 PPC 009872D4
0BB8C7E0 0BB8C7D8 PPC 009A27B8
0BB8C798 0BB8C790 PPC 009ADCE8
0BB8C738 0BB8C730 PPC 009AFA10
0BB8C6F0 0BB8C6E8 PPC 009A7B88
0BB8C6DC 68K 000058F2
0BB8C6D8 68K 000058F2
0BB8C6B8 0BB8C6B0 PPC 009A7BF4
0BB8C6B4 0BB8C6B0 68K 009C003C
0BB8C6A0 PPC 009A8804
0BB8C698 0BB8C690 PPC 009A7E44
0BB8C660 PPC FFD09FD8 SetZone+00024
0BB8C658 0BB8C650 PPC FFD13558 UseResFile+00018
0BB8C5DC PPC 009A56F4
0BB8C5C0 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C598 68K 0BB957B0
0BB8C55C PPC 009A56E8
0BB8C538 68K 000C2692
0BB8C518 68K 004A643A
0BB8C510 0BB8C508 PPC 009A5B0C
0BB8C50C 0BB8C508 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C4F0 PPC 009AECCC
0BB8C4D4 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C4AC 68K 0BB957B0
0BB8C470 PPC 009AECC0
0BB8C42C PPC 009AE950
0BB8C410 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C3E8 68K 0BB957B0
0BB8C3AC PPC 009AE944
0BB8C360 0BB8C358 PPC 009AECF0
0BB8C328 0BB8C320 PPC 009E9EB8
0BB8C300 0BB8C2F8 PPC 009AE6D8
0BB8C2FC 0BB8C2F8 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C2E8 0BB8C2E0 PPC 009E69DC
0BB8C2C0 0BB8C2B8 PPC 009E6940
0BB8C2A0 0BB8C298 PPC FFD0CB6C NGetTrapAddress+00030
0BB8C268 PPC 009B0A94
0BB8C260 0BB8C258 PPC FFD0DF34 GetToolboxTrapAddress+00028
0BB8C208 68K 0019B680
0BB8C1F8 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8C138 0BB8C130 PPC 009E8320 ResidentOpenTransport+00C40
0BB8C110 68K 009CA34E
0BB8C0E8 0BB8C0E0 PPC 009E7630 DoLoadUnload()+0006C
0BB8C048 0BB8C040 PPC 009F7FF0 OTRunPortScanners+001D8
0BB8C024 PPC 009AAEB0
0BB8C008 68K 0097A676 LoadPowerPCLibraryManagerEntry(long (*)(), unsigned
char, short, long)+0019C
0BB8BFE0 68K 0BB957B0
0BB8BFA4 0BB8BF9C PPC 009AAEA4
0BB8BF60 0BB8BF58 PPC 009AAEE4
0BB8BF28 0BB8BF20 PPC 009FADE4
-
adespoton
- Forum All-Star
- Posts: 4285
- Joined: Fri Nov 27, 2009 5:11 am
- Location: Emaculation.com
- Contact:
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Interesting... so what's the 5th library loaded after the port scan? Test 2 would appear to indicate that the first library is ASLM related. The changes in Test 3 and 4 appear to keep going until unexpected values are presented to the 5th loaded library if I'm reading that correctly.
-
kataetheweirdo
- Master Emulator
- Posts: 313
- Joined: Sun Feb 01, 2009 4:55 pm
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Alas, I am indeed using 64-bit Windows 7. As a result, I am not having the best luck in booting Mac OS 9.x on my end. I'll be checking it out in Linux, but this will likely mean installing a VirtualBox system.mcayland wrote:
@kataetheweirdo: sorry to hear that the Windows builds are causing you problems. Are you using 64-bit Windows? If so there is a known issue due to TLS (see http://wiki.qemu.org/ChangeLog/2.5#Known_issues) which is under investigation. I can only encourage you to report any issues you find upstream, as most developers use Linux day-to-day. Even worse is that some of the distros use old versions of mingw which contain bugs which exacerbates the problem even more...
Thanks for taking the time to test though. While I know QEMU reasonably well, I'm completely new to any form of MacOS/Macsbug and knowledge of the toolbox - and debugging from the QEMU side is extremely tricky due to the "emulator within an emulator" environment that the nanokernel creates, intertwined 68K/PPC stace traces etc.
-
adespoton
- Forum All-Star
- Posts: 4285
- Joined: Fri Nov 27, 2009 5:11 am
- Location: Emaculation.com
- Contact:
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
This reminds me... I've been thinking for a while that it would be neat to take the qemu core in VirtualBox and replace it with a full, modern qemu with all platforms supported. This is as a replacement for KVM on OS X, which doesn't have a virtual machine interface to the kernel (but Sun/Oracle have helpfully designed the kext that could do the job).
Does anyone know if the code bases are still close enough to do this without heavy refactoring and regression fixes?
Does anyone know if the code bases are still close enough to do this without heavy refactoring and regression fixes?
-
LightBulbFun
- Tinkerer
- Posts: 50
- Joined: Mon Jul 13, 2015 11:32 am
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
Just figured id drop by again and report some of my findings... first off the bat is the OS9 openBIOS does not boot OS9 when you have QEMU PPC setup as a KVM VM on a real PowerPC machine (in my case a 970 PowerMac 7,3) secondly Mac99 now boots OS X (YAY) (OS X can now find the ATA HDD although -cdrom is not working you can manually specify a CD ROM at a different drive number if that makes sense and it works) and thirdly the PowerPC G4 CPU option kind of got broken again in QEMU 2.5 when in emulation mode (but not in KVM mode) this was a bug that got fixed a few versions ago and it seems to of come back, when booting OS X with a G4 CPU specified it will make it to the desktop (in tiger) but your mouse will flicker in and out of existence if you try to open the apple menu/click on about this mac finder will crash and restart same if you try and open system profiler I hope this bug gets fixed again... also I would think related to this Leopard 10.5 stopped booting on both g3beige and Mac99. otherwise Great work guys its very cool to see Mac OS 9.2.2 boot in QEMU heh
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
@cat_7: thanks again for the more detailed debugging info!
Hmmm I agree with @adespoton that something does appear different in the last couple of images. I did some testing with some USB patches yesterday at https://lists.gnu.org/archive/html/qemu ... 03669.html and finally I can now get a consistent crash into Macsbugs at a similar place to above with a custom .iso with just OT installed.
So my next issue: from the crash point I want to switch stack frame to view the GetSharedLibrary frame to try and get either a handle or pointer to a string from the registers in an attempt to work out which library is trying to load - but I can't figure out how to get Macsbugs to navigate down the stack chain (i.e. equivalent of gdb's "frame" command). Any pointers?
Hmmm I agree with @adespoton that something does appear different in the last couple of images. I did some testing with some USB patches yesterday at https://lists.gnu.org/archive/html/qemu ... 03669.html and finally I can now get a consistent crash into Macsbugs at a similar place to above with a custom .iso with just OT installed.
So my next issue: from the crash point I want to switch stack frame to view the GetSharedLibrary frame to try and get either a handle or pointer to a string from the registers in an attempt to work out which library is trying to load - but I can't figure out how to get Macsbugs to navigate down the stack chain (i.e. equivalent of gdb's "frame" command). Any pointers?
Re: GSOC qemu Boot Mac OS >= 8.5 on PowerPC system
@LightBulbFun: thank you for the detailed information! Just to clarify some of these points:
Is what you're saying here is that the same OS 9 image works with TCG (non-native emulation) but fails with KVM enabled? If so, can you explain further what the differences are?LightBulbFun wrote:first off the bat is the OS9 openBIOS does not boot OS9 when you have QEMU PPC setup as a KVM VM on a real PowerPC machine (in my case a 970 PowerMac 7,3)
Yes, -cdrom under mac99 does have detection issues under Darwin and I haven't been able to figure out exactly why (yet). Can you explain how you get this to work? My guess is you're passing in a different boot-args and/or boot-file into OpenBIOS but if you can give more information I'd be very interested to get this bug fixed.LightBulbFun wrote:secondly Mac99 now boots OS X (YAY) (OS X can now find the ATA HDD although -cdrom is not working you can manually specify a CD ROM at a different drive number if that makes sense and it works)
Can you explain more about your setup here? Host, command line options for QEMU etc. A lot of the console stuff has been rewritten over the past couple of releases. When was the last known-good release? Does it change if you switch console type, e.g. using VNC instead of the built-in native viewer?LightBulbFun wrote:and thirdly the PowerPC G4 CPU option kind of got broken again in QEMU 2.5 when in emulation mode (but not in KVM mode) this was a bug that got fixed a few versions ago and it seems to of come back, when booting OS X with a G4 CPU specified it will make it to the desktop (in tiger) but your mouse will flicker in and out of existence if you try to open the apple menu/click on about this mac finder will crash and restart same if you try and open system profiler I hope this bug gets fixed again... also I would think related to this Leopard 10.5 stopped booting on both g3beige and Mac99. otherwise Great work guys its very cool to see Mac OS 9.2.2 boot in QEMU heh