To disassemble a hc11 bin file you must first get a disassembler.
There are two kinds you can get. The first is a straight disassembler. This kind looks at the next byte determines the op code; writes the op code and cursory bytes, and then goes to the next byte. This type of diassembler is not worried about the program only the next byte. It will diassembler anything but it may look like total nonsense. Tunercat is an example of this type of disassembler.
The second type of disassembler is code seeking. It follows the code through the bin and disassembles the program that will be run. This type of disassembler will error if it gets an illegal op code mostly because it gets confused. Examples of these are the Dewtronics Disassembler and DHC11.
Personally I use DHC11. It has a few issues but for the most part it works as it should.
Code seeking disassemblers require control files. A control file is a text file that tells the disassembler what to do. In its simpliest form the control file is just an input and output statement. It may look like this:
; This control file is called tpi
;
input 8d_1.bin ;this is the binary input file
output 8d_1.DIS ;this is the disassembly source/listing file
The attached file 8d_1 dis was created with this file.
If you look at the very end of the file 8d_1.dis you find the following:
F171 fill $00, 3709
FFEE db $88, $CD, $60, $00, $B2, $04, $E3, $F5, $60, $00
FFF8 db $B0, $00, $B0, $00, $B0, $00
FFFE LFFFE: dw LB000
This can be rearranged to look like this:
F171 fill $00, 3709
FFEE dw $88CD
$6000
$B204
$E3F5
$6000
FFF8 dw $B000
$B000
$B000
FFFE LFFFE: dw LB000
We can tell from this that there are no more than 9 reset vectors. If we run the program with 9 vectors we will find that it does not disassemble correctly. Next we run it with 8. It will disassemble correctly with 8. The new cotrol file will look like this:
; This control file is called tpi
;
input 8d_1.bin ;this is the binary input file
output 8d_2.DIS ;this is the disassembly source/listing file
vectors $fff0 8 hc11vec hc11vector
The attached file 8d_2 dis was created with this file.
At this point we find that the disassembler is telling us that it found an indexed call at $B6BB. Going to $B6BB we find:
LB6B0 ldaB L0000
andB #%00001111
ldX #$B6D8
lslB
aBX
ldX 0, X
call 0, X
bclr L0039, #%00000100
LB6C0 ei
From this piece of code we can see that L0000 (a RAM value) is loaded. Then it is trimmed to be 0-15. Next we load X (our pointer) with the table location (LB6D8). Then we convert B (our 0 - 15 counter) to 0-15 words (double bytes). Next we choose the vector by adding 0-15 words to the pointer. Finally we load the vector from the table and call the subroutine (minor vector).
If we look at the table location we find:
LB6D3 ldX #$01C2
jr LB6C8
;
;
db $CE, $64, $CE, $C5, $D1, $29, $D2, $78, $D1, $69
db $D2, $85, $E4, $C0, $D5, $14, $D5, $64, $D5, $CE
db $D6, $C9, $D8, $1A, $D8, $85, $DA, $04, $DE, $51
db $E1, $CE, $39
;
LB6F9 ldaA L0038
andA #%00000100
This area can be rearranged to look like this:
dw $CE64
$CEC5
$D129
$D278
$D169
dw $D285
$E4C0
$D514
$D564
$D5CE
dw $D6C9
$D81A
$D885
$DA04
$DE51
dw $E1CE
db $39
This area contains 16 vectors that correspond with the minor loops of the program. The bin is disassembled again using this control file:
; This control file is called tpi
;
input 8d_1.bin ;this is the binary input file
output 8d_1.DIS ;this is the disassembly source/listing file
vectors $fff0 8 hc11vec hc11vector
vectors $b6d8 16 minorloop minorloop
The attached file 8d_3 dis was created with this file.
At this point we have all of the code disassembled. I will post more as I get a bit more time.
HTH
John