Notice: MediaWiki has been updated. Report any rough edges to marcan@marcan.st
Camera DSP
This page serves to document information about the NUI Camera DSP, its architecture, instruction set, firmware, and capabilities.
Getting firmware
As discussed on the mailinglist, the firmware package can be downloaded from Microsoft here. Rene Ladan has written a python script that unpacks Xbox360 files, linked here (BSD 2-clause license).
With these, you can extract the NuiCam.bin file from the archives and use segher's dis-nui (below) to start understanding the camera firmware.
Disassembler
Segher figured out the instruction set, and wrote a disassembler: http://git.infradead.org/users/segher/dis-nui.git
< segher> http://git.infradead.org/users/segher/dis-nui.git < segher> have fun :-) < segher> the code in that NuiCam.bin starts at 2*0f14 < segher> so cut it, and then run it through the disassembler < segher> it should start: < segher> 0000: 25d7 mov r5l,#d7 < segher> 0001: 35a6 mov r5h,#a6 < segher> 0002: bb05 mov pc,r5 < segher> (which jumps to a6d7, this is the reset vector)
Registers
There are 16 general purpose registers, denoted r0 through r15. Each is 16 bits wide.
There are also 16 "s" registers and 16 "t" registers. A few of these have special usages, noted below.
Register | Other names | Description |
---|---|---|
r0 | ||
r1 | ||
r2 | ||
r3 | ||
r4 | ||
r5 | ||
r6 | ||
r7 | ||
r8 | ||
r9 | ||
r10 | ||
r11 | ||
r12 | stack pointer (nothing in hardware, just the ABI) | |
r13 | temp register (gets used for calls a lot) | |
r14 | ||
r15 |
Register | Other names | Description |
---|---|---|
s0 | pc | Program counter |
s1 | lr | link register |
s2 | ilr | interrupt link register |
s3 | ||
s4 | ||
s5 | ||
s6 | ||
s7 | ||
s8 | ||
s9 | ||
s10 | ||
s11 | ||
s12 | ||
s13 | ||
s14 | ||
s15 |
Register | Other names | Description |
---|---|---|
t0 | ||
t1 | ||
t2 | ||
t3 | ||
t4 | ||
t5 | ctr | Counter, used for loops |
t6 | ||
t7 | ||
t8 | ||
t9 | ||
t10 | ||
t11 | ||
t12 | ||
t13 | ||
t14 | ||
t15 |
|
Questions
Put outstanding questions here.
Random disorganized notes/quotes
Feel free to merge these into above sections where appropriate, they're written down so they won't be forgotten.
On 32-bit handling:
04:03 < zarvox> segher: the std r4, (r12)- syntax - does that mean "load r4 with the data pointed to by r12, then decrement r12"? # wow, that was a dumb question <_< 04:04 < segher> it means "store r5 to where r12 points to ; decrement r12 ; store r4 where r12 points to ; decrement r12 04:05 < zarvox> okay, so that's done with implied register pairs? 04:05 < zarvox> that's the 32-bit handling? 04:05 < segher> yeah 04:05 < segher> that's the "d" thing