Hi everyone, I'm just getting started in IDA disassembly and I'm having some issues with ensuring I'm looking at the correct memory locations during my investigations on the Bosch ME7.8 / 7.8.1 platform.

For instance, in this code section here:

FLASH:00823A6E                     extp    #23Ch, #1       ; Begin Extended Page Sequence
FLASH:00823A72                     movb    rl4, byte_8F2497 ; Move Byte
FLASH:00823A76                     movb    byte_3804DB, rl4 ; Move Byte
FLASH:00823A7A                     movb    byte_3804DA, rl4 ; Move Byte
FLASH:00823A7E                     movb    byte_3804D9, rl4 ; Move Byte
FLASH:00823A82                     movb    byte_3804D8, rl4 ; Move Byte
FLASH:00823A86                     movb    byte_3804D7, rl4 ; Move Byte
FLASH:00823A8A                     rets                    ; Return from Inter-Segment Subroutine

The names that IDA gave are correct for the 3804XX addresses, but how can I tell IDA that extp changes the DPP values?

I am currently looking through the code for the 997, and am trying to understand how the CAN code works. I have a ASAP2 file, and that's been extremely helpful. However there's still some 'magic' to me as to certain memory addresses, and where the data actually is that is going to be pushed onto the bus.

I have found the 'mailbox' setup sections that set up EF10->EFF0 with direction bits and CAN IDs. I notice that there's similar code
for EE10->EEF0. Are there actually 2 CAN chips on the Porsche devices? Also, lots of memory access in the F2FX area in these subroutines.

If someone has the answer to the following --- this would save me a lot of time, but, even some pointers would be great..

Byte 7 (starting from 0) of ARBID 0x246 is a generated 'check' value, and I'm trying to find how to calculate it.

So any pointers when dealing with IDA (6.8, costly but worth it), and the C166 would be greatly appreciated.

Thanks.

-Matt

Thanks, that's good to know. That does explain some minor differences in similar code blocks.

I started tracing things like ambient pressure, which I know are in one of the IDs I'm interested in, but I still have some mental disconnects...

So, the answer is, IDA *does* figure it out most of the time.
If you do the math, it does grab the correct byte with 23C as the DPP. You should still set the correct default segment registers.

Also, turns out byte 7 is not a check value. It's multiplexed data.

Lots of work to get it done..I ended up tracing bytes that I knew were there (like ambient pressure) and then using the ASAP file to find what the bytes around it were...and then found out not all of the models have the same data there, and had to do it again.

While I know this isn't a super helpful post, I wanted to at least provide the answer to the question I had.

-Matt