07-2013 GM BCM

gmtech825 · Post by **gmtech825** » Thu Apr 07, 2022 6:31 am

Let me lay out what I see and maybe someone will have some insight. the system byte that is enabled to allow the remote start to work gets referenced by a single function. In that function if the byte is not x01 then uVar2 = 0

Code: Select all

undefined4 rem_strt_uVAR2_SET_function(void)

{
  int iVar1;
  undefined4 uVar2;
  
  if (((((rem_srt_enable != '\x01') || ((DAT_0003e483 & 0x40) != 0)) || ((DAT_0003e428 & 2) != 0 ))
      || ((((DAT_0003e442 & 0x20) != 0 || ((DAT_0003e441 & 0x80) != 0)) ||
          (((DAT_0003e441 & 0x20) != 0 ||
           (((DAT_0003e440 & 0x20) != 0 || ((DAT_0003e440 & 4) != 0)))))))) ||
     ((DAT_0003e485 != '\0' ||
      ((((((DAT_0003e440 & 0x10) != 0 || (Poss_rem_START_COUNTDOWN2 == '\0')) ||
         (Poss_REM_START_COUNTDOWN == '\0')) ||
        ((iVar1 = FUN_000c4eb6(), iVar1 != 0 || (iVar1 = FUN_000c4e16(), iVar1 != 1)))) ||
       (uVar2 = 1, (DAT_0003e440 & 1) == 0)))))) {
    uVar2 = 0;
  }
  return uVar2;
}

that function is referenced by another function that does throw an error:

Code: Select all

/* WARNING: Removing unreachable block (ram,0x000c4f18) */

bool FUN_000c4efa(void)

{
  int iVar1;
  
  REM_UVAR2_SET_FROM_FUNCTION = REM_UVAR2_SET_FROM_FUNCTION | 0x10;
  DAT_0003e483 = DAT_0003e483 & 0xef;
  DAT_0003e977 = DAT_0003e977 & 0xe7;
  FUN_000d0784(0);
  iVar1 = rem_strt_uVAR2_SET_function();
  if (iVar1 != 0) {
    REM_UVAR2_SET_FROM_FUNCTION = REM_UVAR2_SET_FROM_FUNCTION | 0x10;
  }
  return iVar1 == 0;
}

That function then gets referenced by 2 other functions but I'll stop there for now.

EDIT: tried to colorize some of the important variables but that didn't seem to work

Post by **Tazzi** » Thu Apr 07, 2022 10:19 am

hmm theres alot of bit checks on various bytes. If any of those conditions are not met, it sets it as 0.

Maybe reference what those bytes are that its calling to for checking, make a list of them.

gmtech825 · Post by **gmtech825** » Thu Apr 07, 2022 9:34 pm

Tazzi wrote:hmm theres alot of bit checks on various bytes. If any of those conditions are not met, it sets it as 0.

Maybe reference what those bytes are that its calling to for checking, make a list of them.

theres a whole list of things that will prevent remote start from funtioning. I assume that's what all the rest of the OR statements are about.

gmtech825 · Post by **gmtech825** » Thu Apr 07, 2022 10:19 pm

can someone clarify what is happening here:

iVar1 = FUN_000ef0de((uint)DAT_000f0104 * 100,0x14);
DAT_0003e444 = (short)iVar1;

Post by **Gampy** » Fri Apr 08, 2022 12:19 am

gmtech825 wrote:can someone clarify what is happening here:

iVar1 = FUN_000ef0de((uint)DAT_000f0104 * 100,0x14);
DAT_0003e444 = (short)iVar1;

FUN_000ef0de(...) is returning a value in iVar1 (looks like size int, I suspect 32b)
Then assigning the first 16 bits of iVar1 (short) to DAT_0003e444.

Is that helpful ??

gmtech825 · Post by **gmtech825** » Fri Apr 08, 2022 3:00 am

Gampy wrote:
gmtech825 wrote:can someone clarify what is happening here:

iVar1 = FUN_000ef0de((uint)DAT_000f0104 * 100,0x14);
DAT_0003e444 = (short)iVar1;
FUN_000ef0de(...) is returning a value in iVar1 (looks like size int, I suspect 32b)
Then assigning the first 16 bits of iVar1 (short) to DAT_0003e444.

Is that helpful ??

I guess my confusion is more to do with : FUN_000ef0de((uint)DAT_000f0104 * 100,0x14);

dat_000f0104 is 0x32, so 0x32 is 50. That would be 50*100. but what happens with 0x14? and FUN_000ef0de is just

Code: Select all

int FUN_000ef0de(int param_1,int param_2)
{
  return param_1 / param_2;
}

what value does iVar1 get assigned

thanks

Post by **Gampy** » Fri Apr 08, 2022 4:04 am

Oh boy, now you're asking me math ...

I'll try ...

gmtech825 wrote: dat_000f0104 is 0x32, so 0x32 is 50. That would be 50*100. but what happens with 0x14? and FUN_000ef0de is just

Using your numbers,

Code: Select all

int FUN_000ef0de(50 * 100, 20)
{
  return (50 * 100) / 20;
}

iVal1 should be 250 ...

gmtech825 · Post by **gmtech825** » Fri Apr 08, 2022 4:14 am

Gampy wrote:iVal1 should be 250 ...

ok I was thinking thats how it worked but was only guessing. thanks for confirming, much appreciated.

ironduke · Post by **ironduke** » Fri Apr 08, 2022 4:59 am

So is this possible some sort of scaler that was mentioned earlier??

Btw, loving this discussion, showing me how much I am lacking... lol..

gmtech825 · Post by **gmtech825** » Fri Apr 08, 2022 6:27 am

ironduke wrote:So is this possible some sort of scaler that was mentioned earlier??

Btw, loving this discussion, showing me how much I am lacking... lol..

yeah exactly. I found one value that looks very interesting. It is 0x0A in the calibration, then is multiplied by 0x14, then divided by 0x14...so essentially it is still 0x0A = 10.

that value (10) gets moved to a ram location, then compared to see if it is <= to another ram value which is incremented by 1 (engine run timer maybe) and seems to trace back to my original function that checks the remote start enable byte.

it requires way more investigation...or maybe I'll change that value and see what happens when I finally get some time.

07-2013 GM BCM

Re: 07-2013 GM BCM

Re: 07-2013 GM BCM

Re: 07-2013 GM BCM

Re: 07-2013 GM BCM

Re: 07-2013 GM BCM

Re: 07-2013 GM BCM

Re: 07-2013 GM BCM

Re: 07-2013 GM BCM

Re: 07-2013 GM BCM

Re: 07-2013 GM BCM