Pages: 1 ... 4 5 [6] 7
Author Topic: First disassemble - questions  (Read 75000 times)
masterj
Hero Member
*****

Karma: +61/-5
Offline Offline

Posts: 1049



WWW
« Reply #75 on: December 11, 2012, 08:18:24 PM »

Hi, fellow nefmotoers!
Is there on nefmoto definition file for ME7.5 binary that has defined ESKONF bytes ? I mean full definition like:
Code:
0. ZUE4 ZUE3 ZUE2 ZUE1
1. NC NC NC NC
2. EV4 EV3 EV2 EV1
3. LSHHK EFLA SU/LDR TEV
4. BKV NC AAV MIL
5. NC NC EKP SLP
6. ULT EAGR SLV NWS

I have found ESKONF on my file (4B...DC) @ 10D34, but without example file I can't compare bytes to know their order (IIRC Phila_dot said that it is different on each binary). I suspect that first 4 bytes are actually these:
Code:
0. ZUE4 ZUE3 ZUE2 ZUE1
1. NC NC NC NC
2. EV4 EV3 EV2 EV1
3. LSHHK EFLA SU/LDR TEV

but the other bytes doesn't look like they're same as in FR
Logged

phila_dot
Hero Member
*****

Karma: +170/-11
Offline Offline

Posts: 1709


« Reply #76 on: December 12, 2012, 04:16:47 PM »

The bit pairs are laid out the same in all of the 2.7t S4 binaries that I have looked at.

The other files that I have looked at are definitely not.

I have concluded that ESKONF in the S4 files is actually 13 bytes starting at 10C75.
« Last Edit: December 12, 2012, 08:34:59 PM by phila_dot » Logged
masterj
Hero Member
*****

Karma: +61/-5
Offline Offline

Posts: 1049



WWW
« Reply #77 on: December 14, 2012, 02:19:03 AM »

The bit pairs are laid out the same in all of the 2.7t S4 binaries that I have looked at.

The other files that I have looked at are definitely not.

I have concluded that ESKONF in the S4 files is actually 13 bytes starting at 10C75.

Are you sure about 10C75? :O I have S4 file (8D0907551G 360855) and it is fully defined. @ 10C75 it is GAFGRO map... Anyway, in my file where I think ESKONF is:
Code:
10D34: AA FF 00 30 FF F8 30
but just after this there's:
Code:
10D3B: AA FF 00 30 3F F8 30
. Both portions of hex looks like ESKONF, no? Shocked And If it is normally bigger that FR 7 bytes, then in my file it should be 14bytes... OR maybe there are two ESKONF versions? like ESKONF_0_A & ESKONF_1_A both in 7byte sizes?
Logged

phila_dot
Hero Member
*****

Karma: +170/-11
Offline Offline

Posts: 1709


« Reply #78 on: December 14, 2012, 06:15:47 AM »

Are you sure about 10C75? :O I have S4 file (8D0907551G 360855) and it is fully defined. @ 10C75 it is GAFGRO map... Anyway, in my file where I think ESKONF is:
Code:
10D34: AA FF 00 30 FF F8 30
but just after this there's:
Code:
10D3B: AA FF 00 30 3F F8 30
. Both portions of hex looks like ESKONF, no? Shocked And If it is normally bigger that FR 7 bytes, then in my file it should be 14bytes... OR maybe there are two ESKONF versions? like ESKONF_0_A & ESKONF_1_A both in 7byte sizes?

Ok...I wrote that post like an idiot. They are laid out the same, not all at the same location. M box is 10C75.

What do you see in IDA?
The AA FF's in yours are likely ZUE and EV.
Logged
masterj
Hero Member
*****

Karma: +61/-5
Offline Offline

Posts: 1049



WWW
« Reply #79 on: December 18, 2012, 06:13:30 PM »

Ok...I wrote that post like an idiot. They are laid out the same, not all at the same location. M box is 10C75.

What do you see in IDA?
The AA FF's in yours are likely ZUE and EV.

Hi, philla!
Yes I think that AA FF are first two bytes as in FR, but what about the other ones?

Here's all I see in IDA:
Code:
seg003:10D34                 db 0AAh ; ¬
seg003:10D35                 db 0FFh
seg003:10D36                 db    0
seg003:10D37                 db  30h ; 0
seg003:10D38                 db 0FFh
seg003:10D39                 db 0F8h ; °
seg003:10D3A                 db  30h ; 0
seg003:10D3B                 db 0AAh ; ¬
seg003:10D3C                 db 0FFh
seg003:10D3D                 db    0
seg003:10D3E                 db  30h ; 0
seg003:10D3F                 db  3Fh ; ?
seg003:10D40                 db 0F8h ; °
seg003:10D41                 db  30h ; 0

No direct references and also no indirect references with the method I know (810D35h - 204h * 4000h). Searched for D35h in text mode and no results either.... Please advise... Thanks
Logged

Bische
Sr. Member
****

Karma: +25/-4
Offline Offline

Posts: 396



WWW
« Reply #80 on: February 07, 2013, 04:28:30 AM »

Just wanted to take 10min to make a reply here and thank everyone for the info, I have begun to invest time in IDA pro now and I have now aquired enough understanding to find desired RAM variables for logging. Smiley

The more I stare at the code the better "feel" I get, also gaining alot of speed at the same time. I found the graph view really good also for getting a better/faster understanding of code flow. I have also bought the IDA pro unofficial guide book by Chris Eagle.

Here is a screenshot of my disassembly virgin taken, rkukg_w Smiley

Logged
masterj
Hero Member
*****

Karma: +61/-5
Offline Offline

Posts: 1049



WWW
« Reply #81 on: February 11, 2013, 11:31:43 AM »

Peeps, I started getting B1S1 malfunction dtc... Can someone tell me which functions is responsible for this? Also readiness is not passed for oxygen sensors and evap. Any ideas? Oxygen sensor is brand new
Logged

ddillenger
Hero Member
*****

Karma: +637/-21
Offline Offline

Posts: 5640


« Reply #82 on: February 11, 2013, 11:34:57 AM »

(kind of unrelated)

How are you checking readiness? It's been my experience that vcds reports PASSED for unsupported monitors. I've verified this with several scanners.

(end of OT)
Logged

Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your experience!

Email/Google chat:
DDillenger84(at)gmail(dot)com

Email>PM
phila_dot
Hero Member
*****

Karma: +170/-11
Offline Offline

Posts: 1709


« Reply #83 on: February 11, 2013, 12:17:40 PM »

(kind of unrelated)

How are you checking readiness? It's been my experience that vcds reports PASSED for unsupported monitors. I've verified this with several scanners.

(end of OT)

Ready bit is automatically set for unsupported functions. You have to check evsup1 for supported/unsupported.
Logged
catbed
Sr. Member
****

Karma: +8/-1
Offline Offline

Posts: 300


« Reply #84 on: February 11, 2013, 03:13:37 PM »

Hi, fellow nefmotoers!
Is there on nefmoto definition file for ME7.5 binary that has defined ESKONF bytes ? I mean full definition like:
Code:
0. ZUE4 ZUE3 ZUE2 ZUE1
1. NC NC NC NC
2. EV4 EV3 EV2 EV1
3. LSHHK EFLA SU/LDR TEV
4. BKV NC AAV MIL
5. NC NC EKP SLP
6. ULT EAGR SLV NWS

I have found ESKONF on my file (4B...DC) @ 10D34, but without example file I can't compare bytes to know their order (IIRC Phila_dot said that it is different on each binary). I suspect that first 4 bytes are actually these:
Code:
0. ZUE4 ZUE3 ZUE2 ZUE1
1. NC NC NC NC
2. EV4 EV3 EV2 EV1
3. LSHHK EFLA SU/LDR TEV

but the other bytes doesn't look like they're same as in FR

My 018CH file follows the FR for bit pair locations, just not the same factory values. I know this because I have an OTS 630 bin with SLS and SLV changed in ESKONF. The bit pairs changed match the FR diagrams.
Logged
catbed
Sr. Member
****

Karma: +8/-1
Offline Offline

Posts: 300


« Reply #85 on: February 11, 2013, 03:15:46 PM »

Peeps, I started getting B1S1 malfunction dtc... Can someone tell me which functions is responsible for this? Also readiness is not passed for oxygen sensors and evap. Any ideas? Oxygen sensor is brand new

I also have this B1S1 Malfunction. I reverted ESKONF to before I removed post-cat o2 but the B1S1 malfunction DTC is still there. Sorry I am not much help with disassembly, baby steps lol.
Logged
fever
Newbie
*

Karma: +2/-0
Offline Offline

Posts: 23


« Reply #86 on: March 15, 2013, 06:19:01 AM »

Hi ! maybe someone could explain this a little please.
I am looking at AL/NLS posted on this forum and can't figure out something.
There is for example.

seg018:E808                 exts    #81h, #1 ; 'ь'
seg018:E80C                 mov     r9, 7E00h ; 817E00h

(817E00h-7E00h)/4000h=204h

Why we set exts to #81h ? (so calculation will be 81h*10000h instead of 4000h)
How to calculate address right in this situation.

Many thanks!
Logged
fever
Newbie
*

Karma: +2/-0
Offline Offline

Posts: 23


« Reply #87 on: March 18, 2013, 04:51:13 AM »

Think i got it. Page and segment.
But why used exts vs extp?
Logged
phila_dot
Hero Member
*****

Karma: +170/-11
Offline Offline

Posts: 1709


« Reply #88 on: March 18, 2013, 05:11:06 AM »

Just a different way to do it.

Doesn't make a difference, one way or the other.
Logged
fever
Newbie
*

Karma: +2/-0
Offline Offline

Posts: 23


« Reply #89 on: March 18, 2013, 06:17:27 AM »

Just a different way to do it.

Doesn't make a difference, one way or the other.

As i thought, thank you for clarify. =)
Logged
Pages: 1 ... 4 5 [6] 7
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.028 seconds with 17 queries. (Pretty URLs adds 0.001s, 0q)