You can parse the signal table like ME7Info parses.
I have never really looked into the inner working of ME7Info, although I have done some research based on this suggestion. Feel free to let me know if I got it right or if I am overcomplicating things
To parse the variables directly from the signal table (that would be the RAM table in %TKMWL if I understand correctly), I find the function that is responsible for creating that table by looking up for the code snippet that contains TKMWLNA, TKMWLNW, TKMWLMW:
From this, I gather the function is at 82AADE, and I can lookup for every call to that function in order. Then based on F0B9C, F0B9D, F0B9E and when 82AADE is called, I can determine what variable that is and its address
0: empty (first call to 82AADE)
1: nmot (second call)
2: rl (third call)
etc.
Example of second call to determine nmot
To be honest, I think this might be it, but I tend to overcomplicate thing and I feel you have a simpler / better approach up your sleeve. Fun part about that approach is that everything is on the flash, mpc readout wouldn't be needed anymore
The better approach is the one I am using which is via automated disassembly and matching all variables. Doing it via manual signatures is ... time consuming and inefficient, because you can just generate those on the fly.
Then if you have any somewhat similar a2l you can find the majority of the variables. It's also pretty much ECU agnostic.
The same algorithm works for any ECU, but you have to write a module for each processor type that translates instructions into an intermediate language/logic layer.
All in all huge job to get right/improve.
This is what I would do if I were to entertain commercial ventures for multiples ECU, but as you said, this requires a lot of work and I couldn't afford to spend that time on developing something like this. At this point, I am not looking to re-invent the wheel and it just makes more sense to support you. I am really appreciative of VehiCAL and I praise you for that, sincerely, impressive work prj!
I did it with manual signatures as it was something I could do over the weekend
If you need to do it manually just for a couple softwares you can get pretty good results using bindiff and loading stuff into Ghidra or IDA manually.
I have a bit larger scale so I have coded my own disassemblers for each ECU architecture...
For the moment, I load it into IDA and run a script that find and creates the signatures. Most of the time, it works well on C167/ST10 and I can get going. Not the same results on Tricore though. In all honesty, I am a bit lazy, I should definitely try out bindiff instead of doing everything manually