Hi guys,

I started to work on injection my code into ECU. Beginings were quite hard, but i successfully tested few functions/instructions C167 (ME7.5 518AL) on the bench. I used some variables located at 0x387006 and 0x387004, succesfully changed it. But when i loaded ECU to the car on original software i noticed that data on those addressess are changing in some special conditions during drive, so i decided to log ram space using me7logger on driving and when ignition is on. I figured out 20 possible locations always nulled. So i exchanged my 387006/4 to new one, but with those my program (working properly on previous vars) is not changing values on those adressess.

Is it possible that new found vars are somehow protected by ori bosch software??

I know that full dissasembly is great way to determine which parts of memory can be used without any doubts.
But for example Antliag php script (shared here) uses easy search algoritm by pattern 0xFF


{
      echo "Finding a good space for launch control configuration variables..\r\n";
      // OLD Function $launchvars = strpos($bin,"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF",97700)+17;
      $launchvars=findHole($bin, 32, hexdec("17000"), hexdec("18000"));
      
      // Wurde kein Platz gefunden?
      if(!$launchvars)
         {
            echo "cannot find space for configuration variables, please input offset by argument!\n";
            die();
         }
   }

Successfully i've found some space and used it.

btw. Is there anybody who knows why ECU on bench does not notify (me7logg) changes on pines for clutch and cruise?

I checked by shortcutting to ground those pins:

T39 cluch
T38 cruise
T57 cruise
T75  cruise
T76  cruise

thanks.
Working perfectly.

Guys, i am looking for any information about me7.5 startup / init procedure especially conditions which have to be meet to start engine.

I've already tried view those:
- evz_austot
- b_bevab
- b_evabu
..but not sufficient.

i want to find some variable responsible for blocking startup engine.

8E0909518AQ

at this addres i have setting of 9bit =>> bset    word_FD44.9


; =============== S U B R O U T I N E ====================================
Seg0x218@860000:25AA
Seg0x218@860000:25AA
Seg0x218@860000:25AA             sub_8625AA:                             ; CODE XREF: sub_8623B6+144P
Seg0x218@860000:25AA                                                     ; sub_8623B6+1D2P ...
Seg0x218@860000:25AA 9F 22                       bset    word_FD44.9
Seg0x218@860000:25AC DB 00                       rets
Seg0x218@860000:25AC             ; End of function sub_8625AA
Seg0x218@860000:25AC
Seg0x218@860000:25AE
Seg0x218@860000:25AE           
  ; =============== S U B R O U T I N E =======================================

bset    word_FD44.10   did not work for you?