Hello folks, first post on this awesome forum to ask a question and, if my work is on the right direction, give a small contribution to the community.
So, I am trying to disable Knock Recognition when NLS/LC is active. I am doing this by forcing B_kr=0 if the NLS/LC routine is active. In my file B_kr is at FD72.
I have implemented an extra step on the NLS/LC routine that is available here on the forum that sets FDE8.3 if the routine is activate and clears it if it’s inactive. That was the easy part.
Next, I disassembled my binary and found where B_kr is set/cleared. (I think) I found the routine and B_kr is set at 873E14. At this point, I changed the bset and the subsequent jmpr (its an unconditional (cc_UC) jump) to a jmps pointing to an empty space in my file (8A1A00). I have attached two screenshots, one of the original file and one of the modified one.
At this addresses I have these instructions:
jb FDE8.3, 8A1A0A
bset FD72.3
jmps 873E1A
jmps 873E18
What I am willing to do is: check if FDE8.3 is set, if so,the routine will return to the address 873E18 and will continue with the normal execution (It will clear B_kr with the bclear from the original routine). If it is clear, it will set B_kr and return to the address 873E1A.
The big question: Is this going to work? If not, am I at least at the right direction?
I have found another instruction that sets B_kr at address 874AE4, but I didn’t had time to see what this routine is doing before this.
The car is a 2001 S3 8L 1.8T with AMK engine and 8N0906018AH ECU. I have attached my original bin.
English is not my primary language, so excuse any mistakes