Pages: 1 ... 3 4 [5] 6 7
Author Topic: First disassemble - questions  (Read 81427 times)
nyet
Administrator
Hero Member
*****

Karma: +607/-168
Offline Offline

Posts: 12268


WWW
« Reply #60 on: November 27, 2012, 05:42:38 PM »


Now we look for r14, which holds address to the map (r13 I think holds first cell of axis, dunno why it is needed) Smiley

How else would the map lookup function know where the axis is?
Logged

ME7.1 tuning guide
ECUx Plot
ME7Sum checksum
Trim heatmap tool

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your ex
masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #61 on: November 27, 2012, 05:49:34 PM »

How else would the map lookup function know where the axis is?

ah well maybe you're right...

I think i need to learn one more thing: all these subs can operate only on input rxx variables? there are no "global" variables in asm like in higher programming languages?
Logged

masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #62 on: November 27, 2012, 06:02:04 PM »

Just attached to this topic c166ism.pdf - very good resource on instructions of assembly!
Logged

masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #63 on: November 27, 2012, 06:12:22 PM »

Ok, I'm stuck on trying to get the factor and offset of axis values (that we put into winols to properly display numbers)...

Let's take TVUB again:
Code:
seg003:65EDC                 extp    #0E1h, #1 ; 'ß'
seg003:65EE0                 mov     word_384A92, r4
seg003:65EE4                 movbz   r12, unk_813EB0
seg003:65EE8                 mov     r13, #3EB1h
seg003:65EEC                 mov     r14, #3EB6h
seg003:65EF0                 movbz   r15, byte_38099C
seg003:65EF4                 calls   0, sub_7B42

Axis factor: 0,070400
Axis offset: 0

r4? r15? orther r? or should I just dive into sub_7B42 to look for it? How to get these numbers?

Logged

nyet
Administrator
Hero Member
*****

Karma: +607/-168
Offline Offline

Posts: 12268


WWW
« Reply #64 on: November 27, 2012, 08:34:53 PM »

ah well maybe you're right...

I think i need to learn one more thing: all these subs can operate only on input rxx variables? there are no "global" variables in asm like in higher programming languages?

Again, you should review what a compiler does Smiley

For example, the c compiler/linker:

Global variables (including static "globals") are placed in either the BSS or DATA section during the link stage, and a symbol is generated for each global variable.

All references to that global variable are replaced by a reference to that memory location.

When the program is first run, the BSS section is zeroed out (for globals that are initialized to zero). Initialized globals are in the DATA section. When the program is run, the DATA section is memcpy'd from the INITDATA subsection (typcally located in the read only TEXT section)

Local variables are generally located in the stack. When a function is called, stack area is reserved for all local variables, and they are either initialized to zero or their "initial" value by direct asm instructions.

Parameters are generally passed in registers (as you discovered)

If there are too many parameters to pass by registers, typically the compiler will put them on the stack.

Finally, if the function being called uses registers that it knows are in use by the caller, it typically saves those registers on the stack, does its thing with them, then restores those values from the stack before returning.

BTW, those ME7 variables we log? They are ALL globals. They all exist in memory. If they were in registers we couldn't log them.
« Last Edit: November 27, 2012, 08:36:43 PM by nyet » Logged

ME7.1 tuning guide
ECUx Plot
ME7Sum checksum
Trim heatmap tool

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your ex
masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #65 on: November 28, 2012, 05:51:15 AM »

Again, you should review what a compiler does Smiley

For example, the c compiler/linker:

Global variables (including static "globals") are placed in either the BSS or DATA section during the link stage, and a symbol is generated for each global variable.

All references to that global variable are replaced by a reference to that memory location.

When the program is first run, the BSS section is zeroed out (for globals that are initialized to zero). Initialized globals are in the DATA section. When the program is run, the DATA section is memcpy'd from the INITDATA subsection (typcally located in the read only TEXT section)

Local variables are generally located in the stack. When a function is called, stack area is reserved for all local variables, and they are either initialized to zero or their "initial" value by direct asm instructions.

Parameters are generally passed in registers (as you discovered)

If there are too many parameters to pass by registers, typically the compiler will put them on the stack.

Finally, if the function being called uses registers that it knows are in use by the caller, it typically saves those registers on the stack, does its thing with them, then restores those values from the stack before returning.

BTW, those ME7 variables we log? They are ALL globals. They all exist in memory. If they were in registers we couldn't log them.

Thanks for the info Smiley
Logged

masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #66 on: November 28, 2012, 08:15:25 AM »

Added 4Z7907551R__ME7.1.1_Bosch__Audi_2.7T_-_(Original)-v00.idb

Need info on this specific file KFFWL_0_A map (@19093)... Since there is no XREF I've tried usual approach: 819093h - 206h * 4000h = 1093h and search for it. No results found whatsoever. What should be my next step here to find axes connected to this map?  Smiley
Logged

phila_dot
Hero Member
*****

Karma: +173/-11
Offline Offline

Posts: 1709


« Reply #67 on: November 28, 2012, 08:52:59 AM »

Added 4Z7907551R__ME7.1.1_Bosch__Audi_2.7T_-_(Original)-v00.idb

Need info on this specific file KFFWL_0_A map (@19093)... Since there is no XREF I've tried usual approach: 819093h - 206h * 4000h = 1093h and search for it. No results found whatsoever. What should be my next step here to find axes connected to this map?  Smiley

You can try searching 093h.

Is there anything unique around the map reference in the FR that you could reference?

Is the map preceeded by the axis? Look in the data section for a direct reference to the axis or axis size maybe.

Have you looked at the C167 user manual? Lots of good info there.
Logged
matchew
Hero Member
*****

Karma: +47/-22
Offline Offline

Posts: 503


« Reply #68 on: November 28, 2012, 09:09:21 AM »

There is no direct call for this map in code.

Logged
rajivc666
Full Member
***

Karma: +23/-2
Offline Offline

Posts: 127



« Reply #69 on: November 28, 2012, 09:19:17 AM »

Ya these are one of those maps which are referenced to with register offsets.  You can search for the axis of the map and  if you are lucky you will find the map  Smiley
Logged
masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #70 on: November 28, 2012, 06:51:03 PM »

Ya these are one of those maps which are referenced to with register offsets.  You can search for the axis of the map and  if you are lucky you will find the map  Smiley

What procedure do you normally go through to accomplish this task on these types of maps? Could you write for this specific file and this specific map, what would you do?
Logged

phila_dot
Hero Member
*****

Karma: +173/-11
Offline Offline

Posts: 1709


« Reply #71 on: November 28, 2012, 07:09:33 PM »

What procedure do you normally go through to accomplish this task on these types of maps? Could you write for this specific file and this specific map, what would you do?

This map is referenced by a pointer.

If you find the Stutzstellen then you can xref them to the map reference.

If you search 093h like I stated earlier than you should find that hex directly referenced in the data section.
Logged
masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #72 on: November 28, 2012, 08:05:49 PM »

This map is referenced by a pointer.

If you find the Stutzstellen then you can xref them to the map reference.

If you search 093h like I stated earlier than you should find that hex directly referenced in the data section.

Thanks, Philla_dot, can you elaborate on what is Stutzstellen? And how to find it?
Logged

matchew
Hero Member
*****

Karma: +47/-22
Offline Offline

Posts: 503


« Reply #73 on: November 28, 2012, 08:10:24 PM »

Thanks, Philla_dot, can you elaborate on what is Stutzstellen? And how to find it?

Google translate  Roll Eyes how much bigger of a spoon do you need?
« Last Edit: November 28, 2012, 08:11:55 PM by matchew » Logged
masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #74 on: December 03, 2012, 08:07:21 PM »

Can someone tell me address of CLRSKA in 4.....DC bin? Shocked I've tried comparing XREFS with OLS I have but was unable to find similar subroutine...

Also, how do you search regex in multiline?
for example: mov(.)+\n(.)+add?
« Last Edit: December 04, 2012, 04:50:09 AM by masterj » Logged

Pages: 1 ... 3 4 [5] 6 7
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.031 seconds with 17 queries. (Pretty URLs adds 0.001s, 0q)