[sane-devel] 610p protocol Info.. My first cut.

[Richard A. Smith]

Ok... I've spent the better part of wed night with the 610p, the
logic analyser and SoftICE and VistaScan from the UMAX webpage.

This looks like this may be a tricky RE job as I haven't found the
magic. Pieces of the puzzle that make everything make sense.

Here's what I've learned:

First in order to get valid data under VistaScan I have to have my
parallel port set to _either_ SPP or ECP+EPP.  Strictly EPP does
_not_ work.  If set to EPP the scanner performs all scan functions
but the data that shows up in the preview windows is scrambled.

Perhaps its using the compression feature built into the ECP?  Dunno
how it works in SPP mode though.  

Attempting to start out simple I tried to log the IO from a simple
application called powersave which just turn on and off the scanner
light.  This app works regardless of what mode the parallel port is
in.  My thought was that I would set up the LA to trigger on the
various transfer modes and find the one that matches.

I ran into the problem though that the data I see on the logic
analyser dosen't seem to match any of the timeing diagrams I have for
any of the modes.  At least not for any of the modes listed in Jan
Axelson's Parallel Port Complete.

I can't seem to figure out the exact clocking scheme that will let me
grab the data on the wire.  Of course it could have just been that it
was 3am... 

So I began useing SoftICE to try and get a better understanding of
what it was doing.

SoftICE isn't the greatest thing for logging port IO.  It (at least
my version) won't let me breakpoint on a rage of IO so I have to
specifically choose a port address to watch for.  The powersave app
though appears to have 2 subroutines that do all the IO so I was able
to break on thier addresses and extract the port address and data
from each transfer.  But its really tedious.   And I think that since
I breakpoint on every IO attempt that the transfer is timeing out
causing it to repeat as the code appeared to get stuck in a loop that
would drop out after 10 attempts.   I quit about that time. 

See the end of the message for the listing.

So I got some data but by the time I was done it was really late and
I have not had a chance to study it.  Hopefully somebody can make
some sense of this and give me a boost.

I think my next step is to set up a windows NT machine and use
portmon from sysinternals to grab the IO.  Portmon's webpage claims
to be able to log all parallel IO under NT.  Vistascan is listed to
run under NT.  On w98 portmon dosen't see any parallel activity I'm
guessing because the app is doing direct reads and writes rather than
calling an api call.

Heres the log:

Key:

-> means write to port.
<- means input from port.
side text describes what the next instructions did with the input
data at least up until it jumped away.

Program boots.. Then it does lots of IO's to various parallel port
base IO addresses... You don't have to set the IO base in the app
anywhere so this must be how it finds the scanner.  My base address
is 0x378.  All number are in hex.

40 -> 378
06 <- 37a
3f <- 379	Mask with 78 look for 38
07 -> 37a
3f <- 379	Mask 78 look for f8
04 -> 37a
ff <- 379 	Mask f8 look for f8
05 -> 379
c5 <- 37a 	Mask 0f look for 05
04 -> 37a
cf <- 379	Look for bit 5 to be 0
c4 <- 37a	Mask 5f assign result to V1. V1 = 44
V1 (44) -> 37a
55 -> 37c
cf <- 379	Look for bit 5 to be 0
c4 <- 37a	Mask with 5f assign to V2 V2 = 44
V2 (44) -> 37a
aa -> 37c
c4 <- 37a 	OR with a0 assign to V3  V3=e4
V3 (e4) -> 37a
cf <- 379	Look for bit 3 to be 0

The last test fails and it looks like it will attempt to try this 10
times before jumping ou t of the loop.

Thats it for now... I'll try to get the NT logs this weekend.

--
Richard A. Smith                         Bitworks, Inc.               
rsmith@bitworks.com               479.846.5777 x104                        
Sr. Design Engineer        http://www.bitworks.com