|
terminator
|
 |
« Reply #60 on: October 11, 2014, 04:03:22 PM »
|
|
|
Thank you very much as usual) Your help is always useful.
|
|
|
|
|
Logged
|
|
|
|
|
terminator
|
|
« Reply #61 on: October 17, 2014, 04:38:55 PM »
|
|
|
Solved
|
|
|
|
« Last Edit: October 18, 2014, 03:51:57 PM by terminator »
|
Logged
|
|
|
|
|
elRey
|
|
« Reply #62 on: January 07, 2015, 10:36:02 AM »
|
|
|
mov r4, #1Eh
mov r5, #120h
extp r5, #1
movb rl3, [r4]
movb byte_3809B2, rl3
mov r4, #20h ; ' '
mov r5, #120h
extp r5, #1
movb rl2, [r4]
movb byte_3809B3, rl2
How can I find out what is being moved into the RAM locations? what are: mov r4, #1Ehand mov r4, #20hAlso, what's the purpose of the mov r5, #120h lines? I'm guess #120h together with #1Eh point to somewhere. How can I decipher to where? From the context I would guess an IRAM address like F71E or F61E. Thanks, Rey |
|
|
|
« Last Edit: January 07, 2015, 10:43:06 AM by elRey »
|
Logged
|
|
|
|
|
terminator
|
|
« Reply #63 on: January 07, 2015, 11:59:52 AM »
|
|
|
mov r4, #1Eh
mov r5, #120h
extp r5, #1
movb rl3, [r4];
movb byte_3809B2, rl3; move byte from 48001E to 3809B2
|
|
|
|
|
Logged
|
|
|
|
|
elRey
|
|
« Reply #64 on: January 08, 2015, 12:07:13 PM »
|
|
|
48001E ?
where that ?
|
|
|
|
|
Logged
|
|
|
|
|
terminator
|
|
« Reply #65 on: January 08, 2015, 01:05:55 PM »
|
|
|
48001E ?
where that ?
I don't know, but its according to this part of code. Its Bosch or Siemens? In my opinion the code could be much shorter also. |
|
|
|
« Last Edit: January 08, 2015, 01:14:20 PM by terminator »
|
Logged
|
|
|
|
MIL_on
Full Member
Karma: +12/-2
 Offline
Posts: 119
|
|
« Reply #66 on: January 21, 2015, 02:22:29 PM »
|
|
|
i found this several times, but i dont get what it is good for to double the high and low byte of mul? I'm sure its kind of a standard structure and someone can give me a useful hint  mov r5, word_FE0E
add r5, r5
mov r5, word_FE0C
addc r5, r5 ; Warum 2*r5?
jmpr cc_NC, loc_8064CA6
|
|
|
|
|
Logged
|
|
|
|
|
elRey
|
|
« Reply #67 on: February 17, 2015, 01:47:42 PM »
|
|
|
extp #120h, #1
I get when it's #204h - #208h, etc but where is #120h ?
Thanks,
Rey
|
|
|
|
|
Logged
|
|
|
|
|
terminator
|
|
« Reply #68 on: February 18, 2015, 11:09:42 AM »
|
|
|
480000
|
|
|
|
|
Logged
|
|
|
|
|
elRey
|
|
« Reply #69 on: February 21, 2015, 08:03:59 PM »
|
|
|
|
|
|
|
|
Logged
|
|
|
|
Cloudforce
Full Member
Karma: +5/-13
Offline
Posts: 106
|
|
« Reply #70 on: March 13, 2015, 02:07:34 AM »
|
|
|
(edit)
got it
|
|
|
|
« Last Edit: March 13, 2015, 03:34:49 AM by Cloudforce »
|
Logged
|
|
|
|
A4Rich
Full Member
Karma: +10/-0
Offline
Posts: 116
|
|
« Reply #71 on: May 20, 2015, 08:32:58 PM »
|
|
|
Trying my hand at IDA again... I am looking for the axes for KFZKLAMFAW (@26B04) in the 518AK 003 bin. I located the following code, am I heading in the right direction.  sub_1BF574:
mov [-r0], r6
mov r12, #2B20h
movbz r13, nmot
mov r14, loc_AE62
calls 0, loc_2862
mov loc_AE62, r4
movbz r5, 2B04h ; 812B04h
and r5, #1
jmpr cc_NZ, loc_1BF596
bset USR0
jmpr cc_UC, loc_1BF598
|
|
|
|
|
Logged
|
|
|
|
TijnCU
Hero Member
Karma: +60/-4
Offline
Posts: 690
flying brick
|
|
« Reply #72 on: April 01, 2016, 02:13:11 AM »
|
|
|
Bump. I thought this was a usefull topic! I'm disassembling Phila_dot's map switching routine by first just naming every operation in the funtion. I am very unfamiliar with assembly code, so I feel I learn the operations better this way. As I move further through the code, I begin to get a tiny bit of understanding about how this code works, but now I have arrived at a section where hex code gets moved into adresses. Am I right to say that for example mov r6, #****h
mov word_012345, r6
means move #****h as code into r6? **=BSET bitoff.6 **=CMPD2 Rw, #data4 according to the C166 instruction set manual. Or is it supposed to be just a hex value? Or an adress? I have not looked at word_012345 yet because I just copied the code section of the function into a txt file to get some basic understanding by "translating" it. Any hints? Thanks! |
|
|
|
« Last Edit: April 01, 2016, 10:07:17 AM by TijnCU »
|
Logged
|
|
|
|
DT
Full Member
Karma: +20/-1
Offline
Posts: 184
|
|
« Reply #73 on: April 01, 2016, 03:30:29 AM »
|
|
|
I think you should ask phila if he wants to release the code to public instead of discussing his code which he also protected slightly from beeing stolen without giving him credit.
You really need to learn more before working with this. The 2 lines simply place #6fb0h at 383f54.
|
|
|
|
|
Logged
|
|
|
|
TijnCU
Hero Member
Karma: +60/-4
Offline
Posts: 690
flying brick
|
|
« Reply #74 on: April 01, 2016, 10:05:03 AM »
|
|
|
DT was right, I needed to learn more about this. To make up for my stupid question I will try to help A4Rich. Trying my hand at IDA again... I am looking for the axes for KFZKLAMFAW (@26B04) in the 518AK 003 bin. I located the following code, am I heading in the right direction. To me it looks like your nmot axis could possibly be at 2B20h, but its hard to know from just this little section of code.. what size is the axis? In my binary I dont have KF-ZKLAMFAW but there is ZKLAMFAW (time constant). It is a word and it is moved in r12 right after lamrlmn_w is moved in r8. I have an older ecu (4B), but maybe it is worth to check in your idb if your ecu uses similar code. extp #0E1h, #1
cmp r8, lamrlmn_w
jmpr cc_ULE, loc_zklamfaw
extp #0E1h, #1
mov r8, lamrlmn_w
loc_zklamfaw:
extp #207h, #1
mov r12, word_81xxxx ; this is zklamfaw
mov r13, r8
mov r14, word_38xxxx
mov r15, word_38xxxx
calls 0, sub_xxxx |
|
|
|
« Last Edit: December 09, 2016, 03:35:14 AM by TijnCU »
|
Logged
|
|
|
|
|
