krazydbiker
Full Member
Karma: +4/-1
 Offline
Posts: 202
|
 |
« on: July 04, 2012, 07:54:31 AM »
|
|
|
hello everyone, ive been recently tweaking my 2004 volvo s60r, im not sure exactly what version of me7 it runs, but its very similar to audi's using the 800BB chip, my question is i saw people working on adding some sort of launch control, seems volvo had to change alot with their files, im not asking anyone to do it for me, but maybe throw me a bone? i saw people patching some sort of code in using IDA pro? is this even possible considering the differences?
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #1 on: July 04, 2012, 08:29:49 AM »
|
|
|
Find tsrldyn in memory, load the file to IDA, push "X" (cross reference), you will see where it is accessed.
The first hit will be the place to add a call to your custom routine.
In that routine just set tsrldyn to 0 based on some parameters. You will also need to zero FTOMN.
The code that is floating around on this forum is not the only way or the best way to do things, but it is a start.
|
|
|
|
|
Logged
|
|
|
|
krazydbiker
Full Member
Karma: +4/-1
Offline
Posts: 202
|
|
« Reply #2 on: July 04, 2012, 08:36:45 AM »
|
|
|
ill see what i can come up with, thanks for the response, im still working on understanding IDA properly, i heard some part about splitting the file? is that necessary?, also im probably going to have the port the code thats floating around over?
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #3 on: July 04, 2012, 09:22:38 AM »
|
|
|
There's no porting of the code, you just need to sub in the correct variable addresses and insert it at the right spot.
Probably a good idea to have knowledge of programming before you attempt this.
Or you can pay someone to do it.
As for loading the binary into IDA, just search, all the info has been posted on this forum.
IDA is not a magic tool or anything though.
|
|
|
|
|
Logged
|
|
|
|
krazydbiker
Full Member
Karma: +4/-1
Offline
Posts: 202
|
|
« Reply #4 on: July 04, 2012, 09:29:47 AM »
|
|
|
well thanks for the help, i have been playing around with it some, i could probably pay someone to do it, but will probably only use it as a last resort, no fun if you cant do it yourself  , or try  , ive correctly loaded the binary into ida pro now, had to split it up, and load two segments, still having some trouble finding tsrldyn, but im going to keep cracking at it edit: atleast if i mess it up and brick it, it can be easily revived |
|
|
|
« Last Edit: July 04, 2012, 09:35:26 AM by krazydbiker »
|
Logged
|
|
|
|
|
prj
|
|
« Reply #5 on: July 04, 2012, 09:37:44 AM »
|
|
|
Yes, as long as you can rewrite in boot mode or pull the chip, you're usually safe.
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #6 on: July 04, 2012, 09:45:55 AM »
|
|
|
Btw, maybe this will help you. Some constant addresses you can reference (TSMX, DUBZS):
|
|
|
|
|
Logged
|
|
|
|
krazydbiker
Full Member
Karma: +4/-1
Offline
Posts: 202
|
|
« Reply #7 on: July 04, 2012, 09:50:23 AM »
|
|
|
thanks again, i have to run out for now ill post my findings when i get back, maybe it can be useful for someone? not much of a volvo crowd out there  |
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #8 on: July 04, 2012, 09:52:37 AM »
|
|
|
I haven't touched the Volvo ME7, but I'd imagine something as basic as calculating dwell time should be the same on all ME7...
Good luck.
|
|
|
|
|
Logged
|
|
|
|
krazydbiker
Full Member
Karma: +4/-1
Offline
Posts: 202
|
|
« Reply #9 on: July 04, 2012, 04:37:57 PM »
|
|
|
well i got through about 4 hours worth of functions, havent quite found the right spot, i see that there is a plugin that may help this? do you possibly have it?, the downloads broken from the wiki
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #10 on: July 05, 2012, 12:57:57 AM »
|
|
|
It should not be taking you so much time.
Even without the plugin, just press ctrl+u then p.
Takes about 10 minutes per file this way.
Also, IDA has binary search. You can see some of the bytes on my screenshot, try searching for their combinations.
Obviously without addresses, as those are going to be different.
|
|
|
|
|
Logged
|
|
|
|
krazydbiker
Full Member
Karma: +4/-1
Offline
Posts: 202
|
|
« Reply #11 on: July 05, 2012, 06:03:07 AM »
|
|
|
hmm maybe i still have something loaded wrong, even when searching for similar byte's nothing ever comes up in regular text like TSMX, DUBZS, i have a feeling im getting warmer though edit : 33376: Can't find name (hint: use manual arg) |
|
|
|
« Last Edit: July 05, 2012, 06:05:24 AM by krazydbiker »
|
Logged
|
|
|
|
|
prj
|
|
« Reply #12 on: July 05, 2012, 07:05:03 AM »
|
|
|
You will never find any text...
TSMX etc was defined by me manually.
|
|
|
|
|
Logged
|
|
|
|
krazydbiker
Full Member
Karma: +4/-1
Offline
Posts: 202
|
|
« Reply #13 on: July 05, 2012, 07:47:37 AM »
|
|
|
thats why i was getting confused :-P, ill start fiddling through it soon, do you think it would be easier to dis-assemble a file with the code already added to get used to it?, i really appreciate the help
edit : im gonna try a new method tonight, im pretty good at figuring things out, i really want to
|
|
|
|
« Last Edit: July 05, 2012, 08:06:01 AM by krazydbiker »
|
Logged
|
|
|
|
krazydbiker
Full Member
Karma: +4/-1
Offline
Posts: 202
|
|
« Reply #14 on: July 05, 2012, 10:37:44 AM »
|
|
|
hmm, you mind if i pm you? i dont want to clog up the forums with unrelated stuff |
|
|
|
|
Logged
|
|
|
|
|
