Pages: [1]
Author Topic: Find Value in Code (Tricore Arch)  (Read 3633 times)
unicornux
Full Member
***

Karma: +2/-6
Offline Offline

Posts: 83


« on: November 11, 2020, 01:59:34 AM »

I want to find a value(4 byte) in my algorithm that implemented in a tricore processor.

The line of code that load this value shown below:

ld32.w          d4, [a0]-0x68D4


Recently some guys(thanks to them) help me find 'a0' value in code in this topic  =⇒ http://nefariousmotorsports.com/forum/index.php?topic=18673.msg141137#msg141137
So, a0 = 0xD00032E0
Then =⇒  0xD00032E0 - 0x68D4 = 0xCFFFCA0C  (it seems incorrect)
But, According to this thread ⇒ http://nefariousmotorsports.com/forum/index.php?topic=6990.msg87488#msg87488
I guess there are a struct that help me find the correct value but I couldn't make or find this struct.
Is there any way that I can find the correct value of d4?




Logged
nyet
Administrator
Hero Member
*****

Karma: +607/-168
Online Online

Posts: 12270


WWW
« Reply #1 on: November 11, 2020, 02:05:01 AM »

I'd make sure unk_d00032e0 is actually 0xd00032e0

looks like you need to find the equivalent copy_block that tells you where d000032e0 was copied to.
« Last Edit: November 11, 2020, 02:08:24 AM by nyet » Logged

ME7.1 tuning guide
ECUx Plot
ME7Sum checksum
Trim heatmap tool

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your ex
unicornux
Full Member
***

Karma: +2/-6
Offline Offline

Posts: 83


« Reply #2 on: November 11, 2020, 02:27:00 AM »


looks like you need to find the equivalent copy_block that tells you where d000032e0 was copied to.

Yes Yes. Exactly.
But how I can find copy_block?
I have no idea about that.
Logged
unicornux
Full Member
***

Karma: +2/-6
Offline Offline

Posts: 83


« Reply #3 on: November 11, 2020, 11:02:53 PM »

I think I could find something but it's different with data that other people found before.
Like:

Code:

PFLASH:80047B30                 .word byte_D0000000
PFLASH:80047B34                 .word 0xD001CFFF
PFLASH:80047B38                 .word 0
PFLASH:80047B3C                 .word unk_D4000000     ===> this
PFLASH:80047B40                 .word unk_D4003FFF
PFLASH:80047B44                 .word 0
PFLASH:80047B48                 .word dword_80020000 ===> with this
PFLASH:80047B4C                 .word unk_8003FF03
PFLASH:80047B50                 .word 1
PFLASH:80047B54                 .word 0xFFFFFFFF
PFLASH:80047B58                 .word 0xFFFFFFFF
PFLASH:80047B5C                 .word 3
PFLASH:80047B60                 .word sub_800D594A
PFLASH:80047B64                 .word 0x18000900
PFLASH:80047B68                 .word 0
PFLASH:80047B6C                 .word unk_D0007394
PFLASH:80047B70                 .word unk_D0007390
PFLASH:80047B74                 .word unk_D000739C
PFLASH:80047B78                 .word unk_D000721C
PFLASH:80047B7C                 .word dword_80045BEC+0x4C
PFLASH:80047B80                 .word off_800458F4
PFLASH:80047B84                 .word unk_800458F8
PFLASH:80047B88                 .word unk_80045C70
PFLASH:80047B8C                 .word unk_80045C5C
PFLASH:80047B90                 .word dword_80045900+0xC



It seems incorrect data but because I want to sure about that I calculated all of the data with this lineup:

<unk_D4000000, dword_80020000>

Finally, as I expected data was incorrect.
So I attach my ECU dump and I would be so happy if you help me due to my file.

File uploaded here ==> https://gofile.io/d/peZ812
Thanks in andvance.
« Last Edit: November 11, 2020, 11:08:01 PM by unicornux » Logged
unicornux
Full Member
***

Karma: +2/-6
Offline Offline

Posts: 83


« Reply #4 on: November 13, 2020, 08:00:04 AM »

I'm pretty sure there is not any Copy_Block in my ECU file.
I explored the whole of the file and I did not find anything. for example :
I search 00 D0 ** ** ** 80 (stars can be anythings) in file but it was nothing.
I am one step away from success.
« Last Edit: November 13, 2020, 10:05:00 PM by unicornux » Logged
unicornux
Full Member
***

Karma: +2/-6
Offline Offline

Posts: 83


« Reply #5 on: November 17, 2020, 10:21:13 PM »

Related concept about copy_block:

https://reverseengineering.stackexchange.com/questions/26289/what-is-copy-block-struct-in-tricore-arch/26315#26315
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.025 seconds with 17 queries. (Pretty URLs adds 0s, 0q)