Difference between revisions of "Reverse Engineering Information"
Jump to navigation
Jump to search
(Created page with "= Purpose of this section = =Quick Reference= ==Memory address lookup== Registers a0, a1, a8, and a9 are used as offsets when the code needs to reference different memory...") |
(No difference)
|
Revision as of 02:26, 15 November 2020
Purpose of this section
Quick Reference
Memory address lookup
Registers a0, a1, a8, and a9 are used as offsets when the code needs to reference different memory locations. There's a table in the ECU that sets up those offsets at boot:
0000:808835CC movh.a a0, #0xD002 0000:808835D0 lea a0, [a0]-0x8000 0000:808835D4 movh.a a1, #0xA081 0000:808835D8 lea a1, [a1]-0x8000 0000:808835DC movh.a a8, #0x8005 0000:808835E0 lea a8, [a8]-0x7800 0000:808835E4 movh.a a9, #0xD001 0000:808835E8 lea a9, [a9]-0x4000
What that means, is that at any point in the code, these registers always have the following values:
a0: 0xD0018000 a1: 0xA0808000 a8: 0x80048800 a9: 0xD000C000
A quick example of how this is implemented in code:
8019044a c9 00 de c9 ld.h d0,[a0]-0x60e2
This takes the value of a0 (0xD0018000), subtracts 0x60e2 (=0xD0011F1E), and pulls the value of that memory address into d0. In the case of one common software version, that's:
/begin MEASUREMENT tia_cha_up "Air Temperature upstream the Charger" SWORD _CNV_A_R_CHRG_LINEA_171_CM 1 100. -48. 335.994140625 DISPLAY_IDENTIFIER TIA_CHA_UP ECU_ADDRESS 0xd0011f1e FORMAT "%7.3" /begin IF_DATA ETK KP_BLOB 0xd0011f1e INTERN 2 RASTER 30 /end IF_DATA /end MEASUREMENT