On 12 January 2015 at 17:56, Peter Maydell <peter.mayd...@linaro.org> wrote: > ...but I don't see why that "call 0xf106f" takes > us to f1064, which the trace says it does
I think the trace is just confusing. Attaching in gdb we see: => 0xf1133: test %ebp,%ebp 0xf1135: jle 0xf1144 0xf1137: mov (%esp),%edx 0xf113a: mov %esi,%eax 0xf113c: call 0xf106f => 0xf106f: mov %eax,%ecx 0xf1071: movsbl %dl,%edx 0xf1074: call *(%ecx) => 0xf1064: mov %edx,%eax 0xf1066: mov 0xf68fc,%dx 0xf106d: out %al,(%dx) 0xf106e: ret => 0xf1076: ret => 0xf1141: dec %ebp 0xf1142: jmp 0xf1133 So we're just sat in a loop which never finishes. This seems to be because the first time in to it we set the loop counter EBP to 0x5b207801. -- PMM
