Methods for Reconstructing Finished Single-Chip Microcomputer System

Through the development of a monitoring system, the principles and basic methods that should be followed when modifying an unfamiliar microcomputer system are explained, and the usage of the dual-port memory IDT7132 and the watchdog WDT are introduced. Keywords: monitoring system, single-chip microcomputer, dual-port memory, WDT When making a microcomputer monitoring system, if the monitored object itself is also a microcomputer system, and there is no circuit diagram, program and other information, how to collect the internal data of the object (such as CPU status, etc.), how to modify the program of the object so as not to make the original system unstable and crash, and how to make full use of the resources of the monitored object are universal problems. The "digital experiment monitoring system" developed by the author has the main function of collecting the status and process information of 30 student experimental machines and sending it to the central host for display. The monitored object is a digital circuit experimental machine model DLES, which is a product of a certain company. There is no other information except a simple instruction manual. The core of the machine is a single-chip microcomputer 8031, with a 6-digit keyboard and digital tube display, parallel port 8155, etc., and the CPU working mode can be selected to generate various experimental signals. 1. Collect data with dual-port RAM The primary task of the monitoring system is to obtain various status information of the controlled object. Only external information can be obtained with IO lines, and it is easy to miss when the frequency is high. To obtain important internal information, it is necessary to try to make the CPU of the monitored object automatically send out information, that is, to use dual CPU communication. Whether parallel communication or serial communication is used, the original machine program must be greatly modified, and the original machine CPU must take up a lot of time to wait and detect the communication port, which can easily destroy the inherent timing of the original machine. A better method is to use a shared memory method. Just insert a program at the appropriate position of the original machine program to make it send its important information (such as the 256-byte content of the on-chip RAM) to the shared memory at a fixed time. This system uses the dual-port memory IDT7132 to realize the communication between the two CPUs. The dual-port memory has two independent IO circuits, which can be used by two CPUs to read and write each storage unit at different times. However, accessing the same storage unit at the same time will cause conflicts. IDT7132 has a set of conflict arbitration circuits, which enables the first party to obtain priority to implement read and write operations, and sends a conflict signal BUSY to the other party. When a conflict occurs, the party that fails to access the memory must re-execute the instruction that just failed. This system connects the BUSY line to the interrupt line INT0 of the single-chip microcomputer. The circuit is shown in Figure 1. However, the program pointer PC of the single-chip microcomputer cannot be read and written directly, and the occurrence of interrupts is random, and it is impossible to grasp the time of its occurrence. It is not easy to repeat the instruction before the interrupt. To achieve this function, a little trick is used: because the PC value must be automatically pushed into the stack before the interrupt service program is executed, the PC value can be popped out of the stack in the interrupt service program, decremented by 3, and then pushed back into the stack. When the interrupt ends, the popped PC value has returned to point to the instruction before the interrupt.

The original experimental machine has used 5 high-order address lines. If you want to add a 2KB IDT7132, it will exceed the maximum 64K storage space limit of the 8031 ​​microcontroller. For this reason, a suspended interrupt pin INT1 of the microcontroller is used as the chip select control line of the IDT7132. If the CPU wants to access the IDT7132, it cannot only use the conventional MOVX instruction, but must add an instruction to make INT1 low and then high before and after the read and write memory. The instruction is as follows:
CLRINT1MOVXA, @DPTR SETBINT1
2 Searching for resources used by the original system
To modify someone else's system, one of the difficulties is to understand the original system's use of various resources. The internal read-write memory RAM of the microcontroller is only 128 bytes, and to add or modify the original machine program, these on-chip RAMs must be used, which may cause resource conflicts. In order to understand the original system's use of on-chip RAM, the search function of the text editing software was borrowed. Because the single-chip microcomputer has only two ways to address the on-chip RAM: (1) direct addressing. In this case, the direct address of the RAM can be used as the search keyword, and the search function of the editing software can be called to display the places where the address appears in the original experimental machine program one by one; (2) indirect addressing with R0 and R1 as pointers. In this case, the original program can be searched with @R0 and @R1 as keywords respectively, and the changes and ranges of R0 and R1 can be analyzed where they appear.
If the above two methods do not find the RAM unit of interest, it can be confirmed that the original system does not use this resource. If the unit is also bit-addressable, and the bit address can only be directly addressed, the above method (1) must be used to search once, and the conclusion is also very clear.
3 Methods for modifying and inserting programs
If the signal of the monitored object is generated by software (this is the case with this experimental machine), be very careful about the time cost when modifying and adding programs, otherwise it will cause errors in the original machine timing. The following are two commonly used feasible methods:
(1) During the delay process of the original program, delete its delay instruction and insert a new program with an execution time roughly equivalent to its original delay time. For example, the delay subroutine set for the digital tube display of the original experimental machine is used to transfer the appropriate number of bytes of information to the dual-port memory.
(2) Insert a new program in the process of waiting for certain events to occur in the original program. For example, when waiting for a keyboard key to be pressed, the program can be controlled to jump to a new functional module, execute for an appropriate time, and then return.
4 Processing of monitoring timer WDT
In most microcomputer control systems, WDT (watchdog, COP in the 6800 series) is one of the preferred anti-interference measures. Its function is to set a timer in software and hardware to force the system to reset at a fixed time to prevent the program from running out of control.
When modifying an old program, you must pay attention to whether the original system has WDT, otherwise it may cause the system to crash. If so, you must first find the timing of WDT. The time value of the hardware WDT is generally fixed and can be obtained by looking up information. For example, the 8096 series has 64K state
cycles To find the timer used by the software WDT, there are two ways: (1) The chip's own timer. This can be found in the timer interrupt service program. For example, the entry addresses of the interrupt service programs of the two timers of the 8051 series are 000BH and 0001BH respectively. By looking at these two programs, you can know which one is used for WDT. Then, you can further check the settings of the timer in the initialization settings of the main program to find the timing time; (2) The timer of the peripheral chip (such as 8155). To use it for WDT, the timer overflow line must be connected to an external interrupt line of the microcontroller. You can find the corresponding timer by looking at these external interrupt service programs. Then, you can find the timing value by looking at the settings of the timer in the main program.
After knowing the overflow time of the WDT, you can insert a section of instructions to clear the timer at a specified time in the modified or added program so that the WDT does not reset the system. For example, for the 8096 system, if the multiplication and division instructions are not used, the following two instructions can be inserted for every 4K instructions executed:
MOV0AH, #1EH
MOV0AH, #E1H
5 Borrowing the resources of the monitored object
Making full use of the resources of the monitored object can reduce costs, and most importantly, it can save students from spending time learning how to use an additional instrument. This monitoring system borrows the keyboard and digital tube display on the original experimental machine.
The original experimental machine expanded the 6-bit keyboard by scanning the IO port. Each keyboard was assigned a fixed key value and key function, as well as a fixed key processing program segment. In order to use the keyboard of the original experimental machine to execute new key functions without destroying the original functions, the following method is adopted: rewrite the keyboard scanning program segment of the original machine, and define that when two keys (not used in the original machine) are pressed at the same time, the original program will be jumped out and transferred to a newly written program module. In this new module, all key functions can be redefined arbitrarily, and after processing the new key, it will be transferred back to the original machine program for execution.
There are two ways to use the original machine's digital tube display:
(1) write a new display program; (2) use the display function of the original program to embed the content to be displayed into the original program. The latter is selected because it is well compatible with the original machine program and is not likely to cause system errors or crashes. Through research and testing, it is known that the display mechanism of the original machine is to send the display data to the buffer, and convert it into an eight-segment digital tube display value by a dedicated display module. However, its conversion algorithm is very complicated and cumbersome. In order not to occupy too much CPU time of the original machine and not to make mistakes, all possible data are sent to the buffer one by one, and a comparison table of data and display style is measured. In the added new program, the display data is converted by looking up the table and sent to the buffer.