Pages: [1] 2
Author Topic: First attempt at finding a few things with IDA Pro..  (Read 21905 times)
nyet
Administrator
Hero Member
*****

Karma: +608/-168
Offline Offline

Posts: 12271


WWW
« on: May 12, 2013, 12:34:02 AM »

I finally got some time to twiddle with IDA PRO...

I'm trying to figure out this

http://nefariousmotorsports.com/forum/index.php?topic=3562.0title=

Here are the first few RAM locations (trying to trace bgmszs) I didn't have that I found.

Can some of the pros take a look and see if i got them right? (2.7t mbox of course)

 0000:F9EE       mste?
 0000:380C77       pspvdsmx?
 0000:38215C       mlhfmf_w?
 0000:3821A6       fwrldk_w?
 0000:3821AE       msdkalm_w?
 0000:3821CA       rlfdkroh_w?
 0000:3821D2       umsrln_w?

 0000:FD66.5 or .6 B_ehfm? (DHFM is at 0x851560?)

how am I doing?
Logged

ME7.1 tuning guide
ECUx Plot
ME7Sum checksum
Trim heatmap tool

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your ex
phila_dot
Hero Member
*****

Karma: +173/-11
Offline Offline

Posts: 1709


« Reply #1 on: May 12, 2013, 07:23:14 PM »

Bout time Nye! Good shit Cool

Addresses confirmed.

0xFD66.5 is B_ehfm
0xFD66.6 is B_ehfs

0x851560 is part of BGMSZS
Logged
nyet
Administrator
Hero Member
*****

Karma: +608/-168
Offline Offline

Posts: 12271


WWW
« Reply #2 on: May 12, 2013, 10:13:17 PM »

a few stupid noob idapro questions:

Is there a way to set up bitfields in IDA Pro?

How do you tag map locations? Just add a comment? The constants that are set up before map lookup are rarely the location itself.

If I use comments, i can't figure out how to search for them.

Also, what kind of function naming convention do you use?

Finally, would it be worth it to start some sort of shared db of ram and function locations?

Logged

ME7.1 tuning guide
ECUx Plot
ME7Sum checksum
Trim heatmap tool

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your ex
nyet
Administrator
Hero Member
*****

Karma: +608/-168
Offline Offline

Posts: 12271


WWW
« Reply #3 on: May 12, 2013, 10:27:12 PM »

0xFD66.6 is B_ehfs

hmm according to ME7L,

B_ehfs          , {}                                , 0x00FD66,  2,  0x0080, {}        , 0, 0,            1,      0, {Bedingung Ersatzwert Hauptfüllungssensor}

which is .7?
Logged

ME7.1 tuning guide
ECUx Plot
ME7Sum checksum
Trim heatmap tool

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your ex
phila_dot
Hero Member
*****

Karma: +173/-11
Offline Offline

Posts: 1709


« Reply #4 on: May 12, 2013, 10:39:36 PM »

You can enumerate bitfields, but commenting is better for x-refing.

For maps, I usually manually adjust the address to accurately represent the DPP and comment the name.

Text search will find comments, but there isn't a need really. When do you find the need to search for comments?

I label functions in the flash per the FR.

What kind of shared DB did you have in mind?
Logged
phila_dot
Hero Member
*****

Karma: +173/-11
Offline Offline

Posts: 1709


« Reply #5 on: May 12, 2013, 10:44:46 PM »

hmm according to ME7L,

B_ehfs          , {}                                , 0x00FD66,  2,  0x0080, {}        , 0, 0,            1,      0, {Bedingung Ersatzwert Hauptfüllungssensor}

which is .7?

Check it out...you tell me.

That's what I got when I looked briefly earlier.
Logged
nyet
Administrator
Hero Member
*****

Karma: +608/-168
Offline Offline

Posts: 12271


WWW
« Reply #6 on: May 12, 2013, 10:56:18 PM »

OK, i am a TOTAL noob, so be gentle Smiley

You can enumerate bitfields, but commenting is better for x-refing.

I'm not sure how comments interact with x-refs.. i'll have to play with that more. especially dont undersand the difference between ":" and ";"

Quote
For maps, I usually manually adjust the address to accurately represent the DPP and comment the name.

So. I totally don't get what you are saying... can you cut and paste an example? Keep in mind that while i understand the c166 pretty well at this point, IDA pro still baffles me.

 
Quote
Text search will find comments, but there isn't a need really. When do you find the need to search for comments?

e.g. say it says "jb 0xFD66.5 blah" and i want to comment it as '; B_ehfm' because i can't name "0xfd66.5" B_ehfm...

how do i search for B_ehfm? or are you saying if i do it right, B_ehfm will show up somehow as a x-ref?

Quote
What kind of shared DB did you have in mind?

Basically, some sort of editable/import/exportable db of function and ram locations.. I know IDAPro can export symbol tables... not sure about importing, but I know i can probably write some sort of plugin for it (once i figure out how plugins work etc). Also, would need some sort of metadata format so we can include conversions...

Altho we should really do it ASAP2 style, and have some sort of DB of "types" rather than repeat conversions for every damn item... then i could write a script to convert that to an .ecu file (and back) for ME7L, etc.

Not sure how to handle merging etc. but if i can do it all with a git repo with text files, i think it can work. I could also write a website/sql type of thing for it, but that would be a lot of work and probably beyond what i'm willing to work on solo.

This all depends, of course, if there is enough interest in some sort of shared effort.
Logged

ME7.1 tuning guide
ECUx Plot
ME7Sum checksum
Trim heatmap tool

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your ex
Axis
Full Member
***

Karma: +4/-4
Offline Offline

Posts: 91


« Reply #7 on: May 13, 2013, 12:54:40 PM »

7 is correct, and if you figured that out by looking at the line in the me7l ecu file you are on the right track

I like to add the comment to bits in the following style.  ; B_sl, {Bedingung Servo-Lenkung}
Sometimes the name of the bit is not good enough and the description nice to have.

Do you have a problem with text search for comments?
Logged
nyet
Administrator
Hero Member
*****

Karma: +608/-168
Offline Offline

Posts: 12271


WWW
« Reply #8 on: May 13, 2013, 01:07:04 PM »

Do you have a problem with text search for comments?

yea, its super slow (and doesn't work?) and i like the "xref" thing (where you highlight something then hit x).. does that work with comments? actually, don't answer that, I think i just need to experiment more..

if you say it works, i must just not be doing it right.
Logged

ME7.1 tuning guide
ECUx Plot
ME7Sum checksum
Trim heatmap tool

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your ex
phila_dot
Hero Member
*****

Karma: +173/-11
Offline Offline

Posts: 1709


« Reply #9 on: May 13, 2013, 01:12:54 PM »

hmm according to ME7L,

B_ehfs          , {}                                , 0x00FD66,  2,  0x0080, {}        , 0, 0,            1,      0, {Bedingung Ersatzwert Hauptfüllungssensor}

which is .7?

Ahh...I should have been more diligent.

0xFD66.6 is B_ehfm1
0xFD66.7 is B_ehfs

I searched the x-ref and mistakenly went off the repeatable comment from the jump. The repeatable comment from bset B_ehfs was displayed next to jb B_ehfm1.
Logged
Axis
Full Member
***

Karma: +4/-4
Offline Offline

Posts: 91


« Reply #10 on: May 13, 2013, 01:41:32 PM »

yea, its super slow (and doesn't work?)
"super slow" is very subjective. Can you put that in context, compare to something else. But sure, in my "car laptop" it takes 10sec to search from top to bottom of a 512mb flash idb. But it works well to find comments (no search parameters set).
Logged
airtite
Hero Member
*****

Karma: +13/-3
Offline Offline

Posts: 741


« Reply #11 on: May 20, 2013, 11:26:28 PM »

nyet is there no linux assembler we can use or are we only able to use ida pro?
Logged
nyet
Administrator
Hero Member
*****

Karma: +608/-168
Offline Offline

Posts: 12271


WWW
« Reply #12 on: May 21, 2013, 09:22:42 AM »

There is a native linux version of IDA Pro... have not tried it yet though.
Logged

ME7.1 tuning guide
ECUx Plot
ME7Sum checksum
Trim heatmap tool

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your ex
hackish
Full Member
***

Karma: +1/-1
Offline Offline

Posts: 56


« Reply #13 on: June 25, 2013, 08:36:59 PM »

There is a native linux version of IDA Pro... have not tried it yet though.

There is a native linux version but they split the licenses last year so my license no longer includes both Windows and Linux Sad
Logged
dream3R
Hero Member
*****

Karma: +18/-8
Offline Offline

Posts: 1194


« Reply #14 on: July 24, 2013, 03:22:46 PM »

Does anyone have a commented (or especially) commented IDA file they can share?

I'd like something to compare with whilst trying to IDA my Volvo ME7 file.

Smiley
Logged



How to work out values from an A2L Smiley

http://nefariousmotorsports.com/forum/index.php?topic=5525.msg52371#msg52371


Starting Rev's http://nefariousmotorsports.com/forum/index.php?topic=5397.msg51169#msg51169

noobs read this before asking http://nefariousmotorsports.com/forum/index.php?topic=9014.0title=


ORGORIGINAL 05 5120 creator for Volvo
ORIGINAL Datalogger (Freeware) Author
ORGINAL finder of the 'extra' torque' limits
I don't have ME7.01 A2L I just use ID
Pages: [1] 2
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.024 seconds with 17 queries. (Pretty URLs adds 0.001s, 0q)