NefMoto

Let me first ask when scanning DTC I might see P1103 008 vs P1103 035.
How do I follow the disassembly to determine how the 008 is set vs the 035?

And logic to set DTCs in general:

I can find WHERE (in which func) P1103 is set:

But I don't understand WHY it's set solely based on the disassembled code.

I get that the setDTC func uses the r12 and [r0+2]:

(http://creativeion.com/rey/vw/help/ida_setDTC_1.gif)

And that r12 is set right before calling the setDTC func, but the [r0xxx] statements confuse me. They're different before each setDTC func call:

(http://creativeion.com/rey/vw/help/ida_setDTC_2.gif)

And I get how to follow the decision tree to get to where [r0xxx] are set, but I can't match when/where/which [r0xxxx] is set to which [r0xxxx] is used for each setDTC func call. And what are the


calls doing exactly?

(http://creativeion.com/rey/vw/help/ida_setDTC_4.gif)

(http://creativeion.com/rey/vw/help/ida_setDTC_3.gif)


Where #45h Error Class is used, what do I look for to find what is being passed into the setDTC func as [r0+2] ?

snippet from first img:



Thanks in advance. I know I'm asking for a lot.

Rey

I just realized I've forgotten r0 and [r0] are not the same thing. I'll try looking it over again with that in mind.

Follow the stack and look at the bitfield masks in hex

Also %DFPM breaks down the DTC bits

Thank you phila_dot. Reading that section now.

As for following the stack, easier said than done for those of us not having a background computer science ;)

FWIW it isn't easy for anyone.

Ask any specific questions that you have, it's alot to try and do a whole writeup on your OP.

It's a top down stack.

[-r0] pushes onto the bottom (adds underneath)
[r0] accesses the current (bottom)
[r0+n] accesses n from the bottom
[r0+] pops off the bottom

That is great info in and of itself! Thanks.

What's the difference between r0 and [r0]?

Or are all your examples indirect references using stack and same could be done as direct access to stack values without square brackets?

It's a stack pointer, so [r0] is accessing the data stored and r0 is the stack pointer (memory address) itself.



As seen at the end of the function, this is resetting the stack pointer.

Ok, in your previous example if a added a line between [r0 + n]
And [r0+] as such:

[-r0] pushes onto the bottom (adds underneath)
[r0] accesses the current (bottom) <- is it bottom because of previous line?
[r0+n] accesses n from the bottom
[r0] accesses the current (n from bottom?)
[r0+] pops off the bottom

When does the pointer change? Any time there's - or + or func r0, xxx ?

mov r4, #1h
mov [-r0], r4

Stack
1
----------------

mov r4, #2h
mov [-r0], r4

Stack
1
2
------------------

mov r4, #3h
mov [-r0], r4

Stack
1
2
3
-----------------

mov r4, [r0]

Stack
1
2
3

r4 == 3
-----------------

mov r4, #4h
mov [r0], r4

Stack
1
2
4
-------------------

mov r4, [r0+4]

Stack
1
2
4

r4 == 1
------------------

mov r4, #5h
mov [r0+4], r4

Stack
5
2
4
-------------------

mov r4, [r0+2]

Stack
5
2
4

r4 == 2
-----------------

mov r4, [r0+]

Stack
5
2

r4 == 4
----------------

add r0, #2h

stack
5

Edit: Corrected

Golden. Thank you so much for taking the time to do that!!!!

i think phila_dot forgot about word and byte in his writeup

Good catch, posting quickly from my phone and trying to use simple examples.

I used all words and then byte offsets.

I will correct them when I get a minute.

pointers

nice, you tried tricore yet, they like the stack lol