Title: edc16 bmw reverse engineering ida
Post by: browny23 on October 26, 2021, 10:35:09 AM
hey guys so ive loaded my bin and used a script from here to import my .a2l i believe the (r13) sda address is 7ffff0 not sure how to work out TOC address i would like some help to work out how it addresses maps here is a piece of code sth r3, 0x14(r1)
ROM:0040AF40 lha r3, unk_7F9346
ROM:0040AF44 lha r4, unk_7F9362
ROM:0040AF48 addi r5, r30, 0xA12
ROM:0040AF4C addi r6, r13, -0x466
ROM:0040AF50 bl sub_457794
ROM:0040AF54 addi r28, r3, 0
ROM:0040AF58 lha r3, unk_7F9346
ROM:0040AF5C lha r4, unk_7F9362
ROM:0040AF60 addi r5, r30, 0xC56
ROM:0040AF64 addi r6, r13, -0x464
ROM:0040AF68 bl sub_457794
ROM:0040AF6C addi r29, r3, 0
ROM:0040AF70 lha r3, unk_7F9346
ROM:0040AF74 lha r4, unk_7F9362
ROM:0040AF78 addi r5, r30, 0x100
ROM:0040AF7C addi r6, r13, -0x45E
ROM:0040AF80 bl sub_457794
ROM:0040AF84 lis r26, 0x70 # 0x6F839C
ROM:0040AF88 addi r26, r26, -0x7C64 # 0x6F839C
ROM:0040AF8C lbz r11, 0x2A(r26)
ROM:0040AF90 lha r4, 0x14(r1)
ROM:0040AF94 clrlwi r11, r11, 31
ROM:0040AF98 cntlzw r11, r11
ROM:0040AF9C srwi r11, r11, 5
ROM:0040AFA0 addi r31, r3, 0
ROM:0040AFA4 clrlwi r5, r11, 24
ROM:0040AFA8 addi r6, r30, 0x58
ROM:0040AFAC addi r7, r13, -0x44A
ROM:0040AFB0 addi r8, r13, -0x448
ROM:0040AFB4 li r9, 0x4E20
ROM:0040AFB8 bl sub_457CDC
ROM:0040AFBC sth r3, AirCtl_mDesBas
ROM:0040AFC0 lis r9, 0x90
ROM:0040AFC4 sth r28, -0x1D02(r9)
ROM:0040AFC8 lis r11, 0x90
ROM:0040AFCC sth r29, -0x1CFC(r11)
Title: Re: edc16 bmw reverse engineering ida
Post by: browny23 on October 26, 2021, 03:13:43 PM
It's a BMW edc16 c35 ECU from a 535d E60
Title: Re: edc16 bmw reverse engineering ida
Post by: browny23 on October 28, 2021, 11:16:46 PM
Little bump could really do with a little help her thanks in advance
|