NefMoto > Technical > Tuning > LC/NLS ASM help
Pages: [1] 2 3 ... 6
« previous next »
Author Topic: LC/NLS ASM help  (Read 33140 times)
mutzicu
Full Member
***

Karma: +5/-1
Offline Offline

Posts: 66
« on: August 10, 2019, 09:56:03 AM »
Yes, I did... and another 2 40 pages threads...
It's just that this ASM and hex is a bit over my head. To be honest, I program c#, asp, asp.net, c#.net, .net core, php... Took me years to master them, it feels weird now to start assembly not that I couldn't do it, but mostly it's the time that lately seems not to be enogh to catch a breath even.... As I was quite passionate about electronics, years ago, I started playing around with atmega controllers and that wa sthe first time I got into ASM. However, I don't know exactly why I stopped, probably family, job, I don't even remember....
However, getting back to my current issue - I figured out that the launch php script doesn't properly do the movb to calls conversion - that part of the code remains intact as you can see in the attached difference.jpg. So I've modified it from the original F3 F8 E8 18 to DA 87 C0 4F considering that DA changes to calls and the address where I asked the script to put the function is 0x74fc0
The script places the function at the proper address and also places the variables starting 0x7a000 as you can see attached. I've tried with FTOMN 00, 01 and 02 with same result - LC not working. I had the impression during first tries that it starts to cut injection but that was just a false positive generated by my pops and bangs settings.
Now, there can be only 2 issues - either the variables are not correctly addressed in the function, which I kind of doubt, either reading through some of the posts there might be a problem in the function with the engine temp readings - which I could only test by using a function without the temperature factor, which I don't have and which for the moment is beyond my capabilities to create. Or maybe there's more that I can't even figure out now....
« Last Edit: August 10, 2019, 09:58:18 AM by mutzicu » Logged
mutzicu
Full Member
***

Karma: +5/-1
Offline Offline

Posts: 66
« Reply #1 on: August 10, 2019, 11:31:41 AM »
LE:
I've tried a manual implementation using Masterj LCmodder which doesn't seem to implement the temperature check... still no success with both FTOMN 00 01 or 02... Am I doing something wrong with addressing?
Logged
nyet
Administrator
Hero Member
*****

Karma: +607/-168
Offline Offline

Posts: 12268


WWW
« Reply #2 on: August 10, 2019, 01:45:05 PM »
Split and moved to tuning since it looks like you are serious about doing actual ASM coding Smiley

It looks right to me at first glance, but unfortunately I don't have the time to really dig into it since I don't have an IDA project for that ECU. I do know there are a lot of assumptions in the launch.php that make it inappropriate as a general tool.

Hopefully others can chime in.

In general, though, you really want to be doing this work with IDA, and not soley rely on automated tools.
« Last Edit: August 10, 2019, 01:46:43 PM by nyet » Logged
ME7.1 tuning guide
ECUx Plot
ME7Sum checksum
Trim heatmap tool

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your ex
_nameless
Hero Member
*****

Karma: +342/-466
Offline Offline

Posts: 2800
« Reply #3 on: August 10, 2019, 02:32:41 PM »
What file are you having issues with?
Logged
Giving your mom a tuneup
vwaudiguy
Hero Member
*****

Karma: +53/-37
Offline Offline

Posts: 2024
« Reply #4 on: August 10, 2019, 03:48:31 PM »
Remember hearing/reading about people having issues with the 512 binaries, and implementing LC. This was using the patcher that works fine on the 1028 bins.
Logged
"If you have a chinese turbo, that you are worried is going to blow up when you floor it, then LOL."
mutzicu
Full Member
***

Karma: +5/-1
Offline Offline

Posts: 66
« Reply #5 on: August 11, 2019, 02:03:46 AM »
Here is the clean bin and the modded bin

Thanks,
Logged
SQT
Full Member
***

Karma: +2/-4
Offline Offline

Posts: 57


Respectfully SQT ;)
« Reply #6 on: August 12, 2019, 04:56:41 AM »
Quote from: mutzicu on August 10, 2019, 11:31:41 AM
LE:
I've tried a manual implementation using Masterj LCmodder which doesn't seem to implement the temperature check... still no success with both FTOMN 00 01 or 02... Am I doing something wrong with addressing?
Hi, if you understand how to change the code, try making a light (check engine) indication of conditions
Logged
a6 2.7
sorry for my English
fknbrkn
Hero Member
*****

Karma: +185/-23
Online Online

Posts: 1454


mk4 1.8T AUM
« Reply #7 on: August 12, 2019, 06:42:38 AM »
this code has many probs

1. why youre called it 2 times? 0x6EA0A looking weird for me.. 

2.
sub_874FC0:                             ; CODE XREF: sub_86E8BC+14EP
seg087:4FC0                                         ; sub_873E80:loc_873F6EP
seg087:4FC0                 movbz   r4, byte_C881
seg087:4FC4                 exts    #81h, #1 ;
seg087:4FC8                 movbz   r9, word_81A009
seg087:4FCC                 cmp     r4, r9
seg087:4FCE                 jmpr    cc_ULE, loc_875050

what is the byte_C881 here in begining of the func? if its tmot, it should be 0x380AB9 or 0x8AB9 in your code or B98A in hex
C2 F4 81 C8 -> C2 F4 B9 8A

3. exts of all your params are 81 but you placed them in seg 87
so you should change exts to 87 ( D7 81 00 00 -> D7 87 00 00 everywhere)  or place your params to somewhere in 0x1xxxx section

4. word param was placed in A009 wtf.. you should change it to A00A
C2 F9 09 A0 -> C2 F9 0A A0


Code:
 FF FF FF FF FF FF FF FF  C2 F4 B9 8A D7 00 87 00
 C2 F9 0A A0 40 49 FD 40  9A 21 13 20 F2 F4 AA 8C
 D7 00 87 00 F2 F9 00 A0  40 49 9D 0B F2 F4 74 F8
 D7 00 87 00 F2 F9 02 A0  40 49 FD 03 F7 8E 2C 8C
 0D 2F 9A 21 29 20 8A 20  22 E0 F2 F4 74 F8 D7 00
 87 00 F2 F9 06 A0 40 49  FD 1A C2 F4 56 8A D7 00
 87 00 C2 F9 08 A0 40 49  FD 12 D7 00 38 00 F2 F4
 F0 4F D7 00 87 00 F2 F9  04 A0 40 49 9D 11 F7 8E
 2C 8C 08 41 D7 00 38 00  F7 F8 F0 4F 0D 09 D7 00
 38 00 F6 8F F0 4F 0D 04  D7 00 38 00 F6 8E F0 4F
 F3 F8 4E 8A DB 00 FF FF  FF FF FF FF FF FF FF FF
Logged
mutzicu
Full Member
***

Karma: +5/-1
Offline Offline

Posts: 66
« Reply #8 on: August 12, 2019, 09:07:02 AM »
Hi,

Thank you very much for your time looking into this.
I guess the problem lays with the scripts generating the function....
I've tried to implement the changes you suggested, but it didn't seem to work.
Can I ask you about point:
1. Now that you mentioned, it seems the function is called twice...  I think the script places the call wrongly at 0x073f6e while it should be at 0x6ea0a... Isnt's this the correct location? I know it should be the 4 bytes before last D7 40 06 02 03 F8 which in my file is position 0x6ea0a.
2. I think the script was set to use tmotlin (0x384881) instead of tmot - I guess both should work....
3. variables are set starting 0x7A000 - LaunchSpeedT 2 bytes; 0x7A002 - LaunchRPM - 2 bytes; 0x7A004 - IginitionCutDuration - 2 bytes; 0x7A006 - RPM Threshold - 2 bytes; 0x7A008 - AccPedalThreshold - 1 byte and 0x7A009 - Water Temp Thershold - 1 byte.
I am not sure what D7 00 81 00 stands for as it occurs several times in both scripts, but both seem to be static in the scripts, thus not depending on the variable addresses or whichever custom addresses used by the script.
4. sorry, this one I do not understand.

I've followed your advice and generated this code:
Code:
c2 f4 81 c8 d7 00 87 00 c2 f9 0a a0 40 49 fd 40
9a 21 13 20 f2 f4 aa 8c d7 00 87 00 f2 f9 00 a0
40 49 9d 0b f2 f4 74 f8 d7 00 87 00 f2 f9 02 a0
40 49 fd 03 f7 8e 2c 8c 0d 2f 9a 21 29 20 8a 20
22 e0 f2 f4 74 f8 d7 00 87 00 f2 f9 06 a0 40 49
fd 1a c2 f4 56 8a d7 00 87 00 c2 f9 08 a0 40 49
fd 12 d7 00 38 00 f2 f4 f0 4f d7 00 87 00 f2 f9
04 a0 40 49 9d 11 f7 8e 2c 8c 08 41 d7 00 38 00
f7 f8 f0 4f 0d 09 d7 00 38 00 f6 8f f0 4f 0d 04
d7 00 38 00 f6 8e f0 4f f3 f8 4e 8a db 00 ff ff
I've called it at 0x6EA0A as that seems OK to me (please correct me if I'm wrong)
.... and still no luck
Attached the test bin
Logged
nyet
Administrator
Hero Member
*****

Karma: +607/-168
Offline Offline

Posts: 12268


WWW
« Reply #9 on: August 12, 2019, 09:30:34 AM »
Please post the appropriate IDA code disassembly...
Logged
ME7.1 tuning guide
ECUx Plot
ME7Sum checksum
Trim heatmap tool

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your ex
fknbrkn
Hero Member
*****

Karma: +185/-23
Online Online

Posts: 1454


mk4 1.8T AUM
« Reply #10 on: August 12, 2019, 09:56:24 AM »
1 should be called @73f6e only
3 as i said water temp should be @7A00A check it in your xdf
4 long story short - word param takes 16bit and byte is 8bit, this script uses words and you should place them with 16bit step. A006 A008 A00A etc

change FD 40 to CC 00 @74FCE to avoid this tmotlin check for test
Logged
mutzicu
Full Member
***

Karma: +5/-1
Offline Offline

Posts: 66
« Reply #11 on: August 12, 2019, 10:43:49 AM »
Success Smiley
Thank you for this one! I've grabbed IDA and will try again to learn to properly dissasemble it. Maybe I'll get back with a few questions about this  if any of you won't mind.
Logged
BlackT
Hero Member
*****

Karma: +79/-40
Offline Offline

Posts: 1425
« Reply #12 on: November 02, 2019, 09:42:59 AM »
can someone dissamble for me this fuction
Code:
9A 80 13 90 F2 F4 00 9E D7 00 81 00 F2 F9 D0 7E
40 49 9D 0B F2 F4 9E F8 D7 00 81 00 F2 F9 D2 7E 
40 49 FD 03 F7 8E EC 8B 0D 2F 9A 80 29 90 8A 26
 22 20 F2 F4 9E F8 D7 00 81 00 F2 F9 D6 7E 40 49
 FD 1A C2 F4 C7 89 D7 00 81 00 C2 F9 D8 7E 40 49
 FD 12 D7 00 38 00 F2 F4 F0 4F D7 00 81 00 F2 F9
 D4 7E 40 49 9D 11 F7 8E EC 8B 08 41 D7 00 38 00
 F7 F8 F0 4F 0D 09 D7 00 38 00 F6 8F F0 4F 0D 04 
D7 00 38 00 F6 8E F0 4F F3 F8 B3 89 DB 00

Is is posible to do it without IDA pro, let's say some freware software. Or even do it maunaly?
« Last Edit: November 02, 2019, 09:44:41 AM by BlackT » Logged
armageddon
Sr. Member
****

Karma: +20/-3
Offline Offline

Posts: 348
« Reply #13 on: November 02, 2019, 02:32:29 PM »
I had used Keil compiler in the past for small sections
Logged
BlackT
Hero Member
*****

Karma: +79/-40
Offline Offline

Posts: 1425
« Reply #14 on: November 03, 2019, 02:38:45 AM »
Quote from: armageddon on November 02, 2019, 02:32:29 PM
I had used Keil compiler in the past for small sections
Can you tell me small notes how to start using it?
Logged
Pages: [1] 2 3 ... 6
  Print  
« previous next »
 
Jump to:  

Navigation
Personal Tools
  • November 22, 2024, 11:58:29 AM
  • Welcome, Guest. Please login or register.
    Did you miss your activation email?

    Login with username, password and session length
Search
 
Advanced Search
About Disclaimer
All Rights Reserved 2010 Nefarious Motosports
Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.025 seconds with 16 queries. (Pretty URLs adds 0.001s, 0q)