Difference between revisions of "Reverse Engineering Information"
(2 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
=Helpful links= | =Helpful links= | ||
+ | https://www.infineon.com/dgdl/tc_v131_instructionset_v138.pdf?fileId=db3a304412b407950112b409b6dd0352 | ||
+ | |||
https://www.infineon.com/dgdl/Infineon-SAK-TC1796-256F150E%20BE-DS-v01_00-EN.pdf?fileId=5546d46249a28d750149a34e1f28045d | https://www.infineon.com/dgdl/Infineon-SAK-TC1796-256F150E%20BE-DS-v01_00-EN.pdf?fileId=5546d46249a28d750149a34e1f28045d | ||
Line 27: | Line 29: | ||
a1: 0xA0808000 | a1: 0xA0808000 | ||
a8: 0x80048800 | a8: 0x80048800 | ||
+ | a9: 0xD000C000 | ||
+ | </pre> | ||
+ | |||
+ | 18.10: | ||
+ | <pre> | ||
+ | a0: 0xD0018000 | ||
+ | a1: 0x80828000 | ||
+ | a8: 0x80028800 | ||
a9: 0xD000C000 | a9: 0xD000C000 | ||
</pre> | </pre> | ||
Line 58: | Line 68: | ||
/end MEASUREMENT | /end MEASUREMENT | ||
</pre> | </pre> | ||
+ | |||
+ | == Table address lookup == | ||
+ | Table lookup in the calibration isn't as straightforward. | ||
+ | Occasionally you'll see reference in code to something like "0x8083DF8C". 0x8------- is the same as 0xA-------. So "0x8083DF8C" in the ASM is actually reference to 0xA083DF8C |
Latest revision as of 20:14, 24 February 2022
Contents
Purpose of this section
Helpful links
https://www.infineon.com/dgdl/TriCore_EABI_v2_3.pdf?fileId=db3a304412b407950112b40f8d7a142b
Quick Reference
Memory address lookup
Registers a0, a1, a8, and a9 are used as offsets when the code needs to reference different memory locations. There's a table in the ECU that sets up those offsets at boot:
0000:808835CC movh.a a0, #0xD002 0000:808835D0 lea a0, [a0]-0x8000 0000:808835D4 movh.a a1, #0xA081 0000:808835D8 lea a1, [a1]-0x8000 0000:808835DC movh.a a8, #0x8005 0000:808835E0 lea a8, [a8]-0x7800 0000:808835E4 movh.a a9, #0xD001 0000:808835E8 lea a9, [a9]-0x4000
What that means, is that at any point in the code, these registers always have the following values:
a0: 0xD0018000 a1: 0xA0808000 a8: 0x80048800 a9: 0xD000C000
18.10:
a0: 0xD0018000 a1: 0x80828000 a8: 0x80028800 a9: 0xD000C000
A quick example of how this is implemented in code:
8019044a c9 00 de c9 ld.h d0,[a0]-0x60e2
This takes the value of a0 (0xD0018000), subtracts 0x60e2 (=0xD0011F1E), and pulls the value of that memory address into d0. In the case of one common software version, that's:
/begin MEASUREMENT tia_cha_up "Air Temperature upstream the Charger" SWORD _CNV_A_R_CHRG_LINEA_171_CM 1 100. -48. 335.994140625 DISPLAY_IDENTIFIER TIA_CHA_UP ECU_ADDRESS 0xd0011f1e FORMAT "%7.3" /begin IF_DATA ETK KP_BLOB 0xd0011f1e INTERN 2 RASTER 30 /end IF_DATA /end MEASUREMENT
Table address lookup
Table lookup in the calibration isn't as straightforward. Occasionally you'll see reference in code to something like "0x8083DF8C". 0x8------- is the same as 0xA-------. So "0x8083DF8C" in the ASM is actually reference to 0xA083DF8C