Hey all, for a project I have been trying to relocate the KFZW maps to the end of the file (mapswitching alternative tables).
One problem that I encountered was, that while most lookup routines in the ecu use an offset-multiplier lookup routine (that allows you to put the maps everywhere you like without further modifications), KFZW is using a different lookup routine that only takes the offset and therefore limits your locations to 810000 through 81FFFF. In some ecu's, I have found enough space in this area to put 4 extra tables, but in others it is not possible.
For this example, the KFZW map starting adress is put in r12
Here is what I did last night to solve this:
- I have copied the whole lookup routine first.
- I added extp r11, #1 (insert custom multiplier in this register of choice somewhere in the code) in every line BEFORE anything that is related to "[r12]"
- fix relative jumps accordingly
- produce binary and insert in free space. I chose to keep the offset the same, but at the end of the file (example: from original ROM adress 0078B8 I located this new routine at 8F78B8 in the flash.
This is a very small change in the original code call, to keep things clean.
the result I intended with this is:
You can add switching conditions in the new subroutine, to have the correct multiplier inside of r11 that suits your map location. (or when you use switched ram like me, just insert ram adress and include the multiplier in your switch code)
You can therefore relocate your KFZW maps at the same offset but different multiplier to have minimal code changes.
Example: KFZW1 is at 812850. This is multiplier 204h offset 2850. Alternative multipliers are 228h (KFZW1_2 @ 8A2850) and 229h (KFZW1_3 @ 8A6850)
Any thoughts, comments or feedback on this approach is welcome. I have tested this on the bench and it worked, will test in my car later.
KFZW MODIFIED lookup routine // Add r11 multiplier in code.
>>>> extp #0E1h, 1
>>>> mov r11, "SWITCHED MULTIPLIER IN RAM" (add this in your switch routine)
ROM:78B8 movb rl2, [r13]
ROM:78BA movbz r13, rl2
ROM:78BC mov r1, r14
ROM:78BE movbz r1, rh1
ROM:78C0 mulu r1, r13
ROM:78C2 mov r1, word_FE0E
ROM:78C6 add r12, r1
ROM:78C8 mov r1, r15
ROM:78CA movbz r1, rh1
ROM:78CC add r12, r1
>>>> extp r11, #1
ROM:78CE movb rl2, [r12]
ROM:78D0 movbs r2, rl2
ROM:78D2 shl r15, #8
ROM:78D4 shr r15, #1
ROM:78D6 jmpr cc_Z, loc_78EA
>>>> extp r11, #1
ROM:78D8 movb rl3, [r12+1]
ROM:78DC movbs r3, rl3
ROM:78DE sub r3, r2
ROM:78E0 shl r3, #1
ROM:78E2 mul r3, r15
ROM:78E4 mov r3, word_FE0C
ROM:78E8 add r2, r3
ROM:78EA mov r4, r2
ROM:78EC shl r14, #8
ROM:78EE shr r14, #1
ROM:78F0 jmpr cc_Z, locret_7918
ROM:78F2 add r12, r13
>>>> extp r11, #1
ROM:78F4 movb rl2, [r12+]
ROM:78F6 movbs r2, rl2
ROM:78F8 or r15, #0
ROM:78FA jmpr cc_Z, loc_790C
>>>> extp r11, #1
ROM:78FC movb rl3, [r12]
ROM:78FE movbs r3, rl3
ROM:7900 sub r3, r2
ROM:7902 shl r3, #1
ROM:7904 mul r3, r15
ROM:7906 mov r3, word_FE0C
ROM:790A add r2, r3
ROM:790C sub r2, r4
ROM:790E shl r2, #1
ROM:7910 mul r2, r14
ROM:7912 mov r2, word_FE0C
ROM:7916 add r4, r2
ROM:7918 rets
