ARM7 Registers

Revision as of 04:13, 27 October 2015 by WulfyStylez (talk | contribs) (more registers)

The 3DS utilizes an onboard ARM7 core to handle TWL_FIRM and AGB_FIRM's ARM7 requirements. This is due to the fact that much of the hardware used by both ARM7 and ARM9 is (evidently) not physically hooked up to ARM11. Thus, ARM11 cannot simply emulate ARM7.

ARM7 has the AGB BIOS implemented in hardware. The BIOS is completely identical to the original AGB BIOS. The system is booted silently by calling SWI 0x1 (RegisterRamReset), followed by jumping to the code that does SWI 0x0 (SoftReset) to finish booting. The boot splash is still in BIOS, however, and can be seen by calling (or replacing one of the previous interrupts with) SWI 0x26 (HardReset).

Registers

ARM9 interfaces with the ARM7 through the following registers:

Name Address Width
ARM7_CNT 0x10018000 0x1
ARM7_CODE 0x10018080 ?
ARM7_?_CNT 0x10018104 0x2
ARM7_?_STATUS 0x10018108 0x2
ARM7_?_WRITE_1 0x10018110 0x4
ARM7_?_WRITE_2 0x10018114 0x4
ARM7_?_READ_1 0x10018118 0x4
ARM7_?_READ_2 0x1001811C 0x4

ARM7_CNT

This indicates (controls?) the mode of the ARM7. 1 = TWL, 2 = AGB.

ARM7_CODE

This is the first code that will be run after execution begins. TwlProcess9 uses this to put ARM7 in a loop (TWL), and to set the POSTFLG and branch to more copied code (AGB).This doesn't seem to start execution by itself.

ARM7_?_READ/WRITE

The values here are read from, stored in the AGB_FIRM savegame, and then written to the respective registers upon save loading. These registers are read after waiting for bit 15 of ARM7_?_STATUS to be set, writing 0x0 and then 0x2 to that register, and then waiting for bit 15 to be set again. If bit 14 is not set afterward, these registers are read from and stored in the save. Otherwise, these values are saved (and restored) as 0x0.

Memory map

The virtual memory mapping for the ARM7 is the same as for the other core. However, it has additional internal memory mapped to it. Interestingly enough, much of this memory seems to lie within ARM9's own "internal memory."

  • 0x08060000 -> 0x03800000, ARM7-WRAM (64KB)
  • 0x080B0000 -> 0x03000000, GBA on-chip WRAM (32KB)
  • 0x080C0000 -> ? (0x10018104 is set to 1 before changing memory here, and 0 afterwards, save-related?)
  • 0x01FFC000 -> 0x01000000, ARM9 ITCM (16KB)