(Answer) (Category) Linux on PowerPC FAQ-O-Matic : (Category) PowerPC Linux : (Category) Open Firmware :
How to dissasemble Forth under OF.
an "excellent" tutorial from Mark Abene:

Ein Klein Forthmusik...

Here's how you read forth code by example:
Say you wanted to know everything about what the forth method "ls" did...
(hitting enter is shown as )

0 > ' ls  ok
1 > .  -7E2EE0 ok

-7E2EE0 is the forth execution token for "ls".  The execution token is actually
a 32-bit signed address of where in memory the fcode/machine-code lives.  It is
actually 0x100000000-7E2EE0 or FF81D120.  This is very reminiscent of AppleSoft
Basic, where you would memorize signed decimal 16-bit "CALL" ROM routines (like
the infamous CALL -151), only in hex, because the negative number is shorter,
since the ROM is towards the end of memory.  Get it?

OK.  Now, if you wanted to "see" the forth code for "ls", you'd do:

0 > see ls 

And you would see the forth code.
This is the equivalent of saying:
0 > -7e2ee0 (see)

or

0 > ff81d120 (see)

It's all the same thing.  Now, many methods are themselves made up of other
compiled fcode routines, which are indicated by a ^ followed by the negative
hex address.  You can use (see) to traverse nested fcode routines in this
manner.  If you are following a particular execution token (address), to 
another, to another, and end up simply with "code ^-12345678" (or whatever
address), this means that a machine code routine is being called at that
address.  Fcode routines are frequently combined with machine code routines
that handle the lower level device oriented stuff.

Given this, we have two problems:
1)  We don't appear to have a disassembler in OF!  Attempting to use the
"dis" method to disassemble a ppc machine code routine just lists it out
in HEX!  I'm assuming this unfortunate circumstance is what prompted the
creation of xmon.  We really got the short end of the stick with OF.
OK, you say, I know the address of a routine in ROM now, and I want to
boot up some OS and use my favorite debugger to disassemble the machine code
(let's say linux and xmon).  This leads to the second problem...

2) The OF PROM appears to be remapped after you boot!  It's probably just
a matter of figuring out TO WHERE, since the contents of a given address in
OF PROM doesn't match what you see when you look in linux or macos.  This is
what leads me to believe it's getting switched out or remapped.

I hope this sheds some info on the OF enigma.
Comments/insight welcome!

-Mark
-----
i added this on behalf of Mark - matesch@students.wisc.edu

oh, and OF is unmapped after boot in both MacOS and Linux, fortunetly we
have the source to Linux, so if we need to look at it we can just leave 
it mapped.
matesch@students.wisc.edu
I ported Ira Ruben's standard Apple PowerPC disassembler to OF. It's called Dis Dave. Get it at http://homepage.mac.com/potswa/source .
potswa@mac.nospam.com
[Append to This Answer]
Previous: (Answer) Open Firmware! Whats dat...
Next: (Answer) What are some useful options for Boot Variables?
This document is: http://www.jonh.net/cgi-bin/lppcfom/fom?file=220
[Search] [Appearance]
This is a Faq-O-Matic 2.718d.
Hosted by anduin.org and SourceForge Logo