Hi everybody,

For example I have ECU (http://nefariousmotorsports.com/forum/index.php/topic,744.msg6306.html#msg6306) and XDF (http://nefariousmotorsports.com/forum/index.php/topic,430.msg2912.html#msg2912) files that look like match each other, but when I load the binary to IDA it doesn't show me any references to maps defined in the XDF file. Can anybody make at leasst a hint of where to start looking at to track a reference from a known map to a code that uses it?

Thanks in advance.

DPP addressing mechanism is only a programmatic way to refer to some data, there are other way of doing so as well, e.g. using EXTP, EXTS etc, in fact you can just change a DPP register need, access data, then restore DPP.

I have found some info here http://motronic.ws/maptable3.htm, but not sure it is applicable to mored ECUs, I just couldn't replicate it. If at least someone could say if this is true for modern ECUs or note, that would be a huge help.

Thanks.

so, you calculate: map_page as (MAP_ADDRESS / PAGE_SIZE) and map_offset as (MAP_ADDRESS % PAGE_SIZE), rigth? If map_page equals 204h or 205h then dpp0 or dpp1 is used respectively. When the page isn't dpp0 or dpp1, indirect addressing is used?

You named a function Map2D_16bit, is there a function for every type of map? like single_8, single_16, ... , Map2D_8bit, Map2D_16bit.

Who say that knowing all is easy as 1,2,3.... ??