ejg3855
Full Member
Karma: +6/-0
Offline
Posts: 123
|
|
« Reply #135 on: February 10, 2020, 09:17:26 AM »
|
|
|
I understand that aspect, i also didn't say anything about blindly copying.
How would one apply the map switching routines to other .bins, I guess would be a more appropriate question.
|
|
|
Logged
|
|
|
|
BWF
Jr. Member
Karma: +3/-0
Offline
Posts: 25
|
|
« Reply #136 on: April 12, 2020, 12:07:51 PM »
|
|
|
Good afternoon, thank this forum for the great information that there is reverse engineering.
I am doing my map switching, I can find several maps well, but problems to find the KFZW in the address 812120.
Searching and comparing several projects I found the code that refers to the KFZW, but I don't understand the "mov r13, # 311Ah" For me it would have to be "mov r13, # 204h"
204 * 4000 = 810000 810000 + (r12 value) = 812120
|
|
« Last Edit: April 12, 2020, 12:10:06 PM by BWF »
|
Logged
|
|
|
|
fknbrkn
Hero Member
Karma: +185/-23
Offline
Posts: 1454
mk4 1.8T AUM
|
|
« Reply #137 on: April 12, 2020, 01:45:58 PM »
|
|
|
311Ah is the rl_w axis of the kfzw 0x1311A obviously its the short addressing method for the maps stored in 204 205 segs and thats why you cannot simply create a new kfzw maps outside
math routine (0x78B8) should be also moved and changed to respect new segment addressing
|
|
« Last Edit: April 12, 2020, 01:47:35 PM by fukenbroken »
|
Logged
|
|
|
|
BWF
Jr. Member
Karma: +3/-0
Offline
Posts: 25
|
|
« Reply #138 on: April 13, 2020, 08:01:59 AM »
|
|
|
Is there a way to move the map to the end of the file? I understand that R12 is the beginning of the map, r13 is axis, r14 and 15 are the variables of each axis.
If I just modify r12 to the new address, will it work?
|
|
|
Logged
|
|
|
|
fknbrkn
Hero Member
Karma: +185/-23
Offline
Posts: 1454
mk4 1.8T AUM
|
|
« Reply #139 on: April 13, 2020, 09:53:54 AM »
|
|
|
Is there a way to move the map to the end of the file? yes math routine (0x78B8) should be also moved and changed to respect new segment addressing If I just modify r12 to the new address, will it work?
only if you place new map(s) in 204 205 segments (if you can find a free space there ) OR in the ram area 380000-384000 iirc i didnt try the second option imo its a more complex way to solve this
|
|
|
Logged
|
|
|
|
BWF
Jr. Member
Karma: +3/-0
Offline
Posts: 25
|
|
« Reply #140 on: April 13, 2020, 10:32:39 AM »
|
|
|
yesonly if you place new map(s) in 204 205 segments (if you can find a free space there ) OR in the ram area 380000-384000 iirc i didnt try the second option imo its a more complex way to solve this Thank you, I will look for a place in 204 205 segmens Enviado desde mi MI 9 mediante Tapatalk
|
|
|
Logged
|
|
|
|
Slizu
Newbie
Karma: +0/-0
Offline
Posts: 1
|
|
« Reply #141 on: October 03, 2020, 08:38:59 AM »
|
|
|
hi guys! Can anyone give me some advices or links to help me with transfering this to the 1.8T AMK? Don't do this for me, just let me read smth.
|
|
|
Logged
|
|
|
|
Dejw0089
Full Member
Karma: +2/-6
Offline
Posts: 100
|
|
« Reply #142 on: May 14, 2021, 02:15:08 AM »
|
|
|
hi guys! Can anyone give me some advices or links to help me with transfering this to the 1.8T AMK? Don't do this for me, just let me read smth. I want to do this in AMK too but its a long way and I didnt have Ida pro for now. Unfortunately there isnt a description of function in bin file so hard to find what we need change directly in bin file.
|
|
|
Logged
|
|
|
|
Dejw0089
Full Member
Karma: +2/-6
Offline
Posts: 100
|
|
« Reply #143 on: July 03, 2021, 08:50:16 AM »
|
|
|
I start to diassemble code from m box ori and with map change and compare. Please tell me what mean if in ori we have for ex. : mov r12, #0F28h mov r13, #206h
and in mod file is changed for :
mov r12, word_BF62 mov r13, word_BF6A
I want to understand how it work and how to read this.
|
|
|
Logged
|
|
|
|
morgano
Jr. Member
Karma: +0/-0
Offline
Posts: 26
|
|
« Reply #144 on: February 21, 2022, 06:59:24 AM »
|
|
|
I start to diassemble code from m box ori and with map change and compare. Please tell me what mean if in ori we have for ex. : mov r12, #0F28h mov r13, #206h
and in mod file is changed for :
mov r12, word_BF62 mov r13, word_BF6A
I want to understand how it work and how to read this.
It seems ORI code point to a fixed address (in flash) and MOD code point to a ram address whose content can be modified dinamically elsewhere so you get an effective address switching method. IMHO. Haven't really thrown a single second looking at it on IDA, but from the snippet you posted... this is my assumption. Regards,
|
|
|
Logged
|
|
|
|
trichard3000
Full Member
Karma: +6/-1
Offline
Posts: 57
|
|
« Reply #145 on: November 12, 2022, 11:52:21 AM »
|
|
|
Did anyone ever patch this multi-map routine into the 002 version of the M-Box bin? Looking to combine these features with the 5120 hacked bin and I'm worried about potential differences between 001 and 002.
Thanks!
|
|
|
Logged
|
|
|
|
|