|
armageddon
|
 |
« on: May 16, 2017, 03:17:47 PM »
|
|
|
To not to mess with others topics.... I'm still "learning" assembly language, IDAPRO and so,... I would like to get rid of knock retard during nls, and and as this is a issue that affects more people, maybe we can together try to get a solution . reading this posts from prj, it should be enough to disable kr by setting cwkr to 0 during nls and back to 1 after If you have issues with knock after LC/NLS you need to modify the LC/NLS code to disable knock control when LC/NLS is active and re-enable knock control after LC/NLS has deactivated.
That way you will not have the problem with knock retard during flatshift.............Knock control on/off is a single bit on ME7. Same goes for misfires. Toggling this on or off is hardly rocket science, I know this because I've done this. does the following code makes any sense? at the begining of nls function mov r4, word_81999A(cwkr on k-box) mov byte_Fxxx, r4(unused ram) bclr word_Fxxx.0 and before exit nls function bset word_Fxxx.0 feel free to help  |
|
|
|
|
Logged
|
|
|
|
fknbrkn
Hero Member
Karma: +177/-18
 Offline
Posts: 1401
mk4 1.8T AUM
|
|
« Reply #1 on: May 17, 2017, 03:35:14 AM »
|
|
|
the problem is not in your asm code
problem is logic
what the purpose of reading flash value of cwkr, moving it to unused ram location and then immediately clear this byte?
|
|
|
|
|
Logged
|
|
|
|
|
armageddon
|
|
« Reply #2 on: May 17, 2017, 04:14:27 AM »
|
|
|
Thanks for the input,
so what will be the correct way to set cwkr to 0 and then back to 1?
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #3 on: May 17, 2017, 04:35:39 AM »
|
|
|
Threads like this are good. It gives a lesson in humility.
|
|
|
|
|
Logged
|
|
|
|
TijnCU
Hero Member
Karma: +60/-4
Offline
Posts: 690
flying brick
|
|
« Reply #4 on: May 17, 2017, 09:26:25 AM »
|
|
|
you need to look at the FR and then you see: CWKR > BIT You do not need to alter CWKR. But you need to study more code first |
|
|
|
|
Logged
|
|
|
|
|
nyet
|
|
« Reply #5 on: May 17, 2017, 10:02:15 AM »
|
|
|
If CWKR is in flash you can't modify it on the fly. Certainly making a copy of it, then modifying the copy isn't going to accomplish anything, unless you change the ASM that reads CWKR such that it reads your copy instead. Alternately, modify some of the resulting RAM variables instead. Some obvious (RAM) candidates: lkrnew, lkrold, B_drlkrdy, drlkrdy, drlkrra I could be wrong about all of this, of course. But I don't think CWKR does what you think it does, so all of the above is useless (although hopefully it addresses a major misconception you have about ASM hacking..) Threads like this are good. It gives a lesson in humility.
Lack of humility isn't the problem in this case, IMO  I think forcing B_kr to 0 is all you need. I could be wrong of course. |
|
|
|
« Last Edit: May 17, 2017, 10:25:06 AM by nyet »
|
Logged
|
|
|
|
|
armageddon
|
|
« Reply #6 on: May 17, 2017, 12:42:22 PM »
|
|
|
I think forcing B_kr to 0 is all you need.
I could be wrong of course. thanks, I have already tried it with b_kr, but as said previously by TijnCU, it did not work |
|
|
|
|
Logged
|
|
|
|
|
nyet
|
|
« Reply #7 on: May 17, 2017, 12:45:50 PM »
|
|
|
thanks,
I have already tried it with b_kr, but as said previously by TijnCU, it did not work
You have to modify where it is calculated. If you just overwrite it randomly from elsewhere, it isn't going to work, since whatever you do will be overwritten by existing ASM where B_kr is calculated by the stock ASM. I didn't read what TijnCU did, so I don't know if that is what he was trying to do or not. |
|
|
|
|
Logged
|
|
|
|
contrast
Full Member
Karma: +20/-2
Offline
Posts: 215
|
|
« Reply #8 on: May 17, 2017, 01:27:34 PM »
|
|
|
I had a problem with b_kr not working during NLS, but similarly the problem was wrong place.
If you change in the correct place, it will disable KR.
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #9 on: May 17, 2017, 02:01:54 PM »
|
|
|
b_kr is crank-sync. tsrldyn is 20ms scheduler iirc.
So yeah changing it in tsrldyn routine will accomplish nothing.
|
|
|
|
|
Logged
|
|
|
|
|
gt-innovation
|
|
« Reply #10 on: May 17, 2017, 03:15:12 PM »
|
|
|
thanks,
I have already tried it with b_kr, but as said previously by TijnCU, it did not work
Logic is simple. 1.Find where the codeword is checked on the original code. 2.Hijack it to your code(somewhere between lc and nls code) 3.make byte 0 while running 4.make byte 1 before exit |
|
|
|
|
Logged
|
|
|
|
|
armageddon
|
|
« Reply #11 on: May 18, 2017, 04:07:15 AM »
|
|
|
You have to modify where it is calculated. If you just overwrite it randomly from elsewhere, it isn't going to work, since whatever you do will be overwritten by existing ASM where B_kr is calculated by the stock ASM. ok, I think I am understanding what you are saying, but ASM it's still a little(alot Smiley ) confusing to me found this, is this the right place? loc_875E06: ; CODE XREF: ROM:loc_875DF8�j
ROM:875E06 jnb word_FDB4.0, loc_875E1C
ROM:875E0A jnb word_FD92.9, loc_875E1C
ROM:875E0E movbz r4, byte_A50E
ROM:875E12 and r4, #10h
ROM:875E16 jmpr cc_Z, loc_875E1C
ROM:875E18 bset word_FD90.10 (b_kr)
ROM:875E1A jmpr cc_UC, loc_875E1E
ROM:875E1C ; ---------------------------------------------------------------------------
ROM:875E1C
ROM:875E1C loc_875E1C: ; CODE XREF: ROM:875E04�j
ROM:875E1C ; ROM:loc_875E06�j ...
ROM:875E1C bclr word_FD90.10 (b_kr)
ROM:875E1E |
|
|
|
|
Logged
|
|
|
|
|
SB_GLI
|
|
« Reply #12 on: May 18, 2017, 07:43:39 AM »
|
|
|
Logic is simple.
1.Find where the codeword is checked on the original code.
2.Hijack it to your code(somewhere between lc and nls code)
3. Store original value
4. make byte 0 while running
5. restore original value
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #13 on: May 19, 2017, 10:35:07 AM »
|
|
|
Just jump to 0 if LC active and do nothing if it is not, let the original logic run - really not so hard...
No need to save store or restore anything.
|
|
|
|
|
Logged
|
|
|
|
|
armageddon
|
|
« Reply #14 on: May 20, 2017, 03:21:31 PM »
|
|
|
Assuming that the location above is the right place to clear b_kr.... what's the meaning of #10h ? ROM:875E0E movbz r4, byte_A50E
ROM:875E12 and r4, #10h and another noob question, how to jump to there from nls routine? do I have to modify the original ASM code to call nls routine? |
|
|
|
|
Logged
|
|
|
|
|
