1st disassembly Code $3E from US 1227730

Posts: 7
Joined: Sun Oct 18, 2009 7:29 am

1st disassembly Code $3E from US 1227730

Postby dimedriver » Sun Oct 18, 2009 10:02 am

This is my 1st attempt at disassembly every and I think Im at a point where I need someone that has been looking at this type of code for a while.


I found the bin on the moates site. Im going to be using it in a 1227727 ECM with ESC(distributor) ignition and TBI on a four cylinder Datsun engine.
"attd1644 E3.bin" File name on the Moates site.

Im having trouble uploading the file right now. I will try again when I get home.

I used the techedge disassembler.
http://www.techedge.com.au/utils/dhc11.htm

and a config file only containing this.
"
input ADDT.BIN
output ADDT.DIS

vectors $FFF0 8 hc11vec hc11vector
vectors $CDA6 16 loop timevectors
"

It seemed to only leave a few small spots alone I'm guessing pretty close to fully disassembled.


Thats for any input you can give me.


-Avery

Posts: 7
Joined: Sun Oct 18, 2009 7:29 am

Re: 1st disassembly Code $3E from US 1227730

Postby dimedriver » Mon Oct 19, 2009 3:13 am

Well it looks like the extensions .bin, .dis, and .hex are not allowed.

You can now see what I have so far though.

Looks like there is a set of maps stating at $C036. Then another set at $C299.

I think there is code at $C1FA, but im unsure as to how to get the assembler to see it.


-Avery
Attachments
ADDT.txt
addressed disassembly of the ADDT bin found on moates site.
(142.54 KiB) Downloaded 328 times

User avatar
Posts: 4991
Joined: Sun Mar 01, 2009 2:54 pm
Location: Perth, WA

Re: 1st disassembly Code $3E from US 1227730

Postby VL400 » Mon Oct 19, 2009 1:05 pm

Welcome dimedriver. To upload a files its easier if you zip the file, you will be able to zip and upload any type of file that way.


Here is a control file i used to disassemble a holden bin file...

; ***********************************************************************************************************
; This control file is called BLCF.txt
;


input BLCF\BLCF.bin ;this is the binary input file
output BLCF\BLCF.asm ;this is the disassembly source/listing file

;addresses

load 8000

label fff0 rtivect
label fff2 irqvect
label fff4 xirqvect
label fff6 swivect
label fff8 ilopvect
label fffa copvect
label fffc cmonvect
label fffe rstvect


indirect fff0 rtirtn
indirect fff2 irqrtn
indirect fff4 xirqrtn
indirect fff6 swirtn
indirect fff8 iloprtn
indirect fffa coprtn
indirect fffc cmonrtn
indirect fffe reset


; From 1st Undetermined Branch (0x94bb)
indirect 94db JT1R0
indirect 94dd JT1R1
indirect 94df JT1R2
indirect 94e1 JT1R3
indirect 94e3 JT1R4
indirect 94e5 JT1R5
indirect 94e7 JT1R6
indirect 94e9 JT1R7
indirect 94eb JT1R8
indirect 94ed JT1R9
indirect 94ef JT1RA
indirect 94f1 JT1RB
indirect 94f3 JT1RC
indirect 94f5 JT1RD
indirect 94f7 JT1RE
indirect 94f9 JT1RF

; From 2nd Undetermined Branch (0xd21c)
indirect d25b JT2R0
indirect d25d JT2R1
indirect d25f JT2R2
indirect d261 JT2R3
indirect d263 JT2R4
indirect d265 JT2R5
indirect d267 JT2R6
indirect d269 JT2R7
indirect d26b JT2R8
indirect d26d JT2R9
indirect d26f JT2RA

; Others
entry c76e ;
entry c90d ;
entry c91d ;
entry c929 ;
entry c939 ;
entry c992 ;
entry c99d ;
entry c9aa ;
entry ca56 ;
entry cab3 ;
entry cadd ;


; ** Lookup Tables **
; CBD5 - 3840ohm CTS Lookup Table
; CBE6 - 384ohm CTS Lookup Table
; CBF7 - ACSP 3840 ohm COOLANT Table
; CCF7 - ACSP 384 ohm Coolant Table
; CDF7 - MAT Sensor Lookup Table
; CE08 - MALF Number Table for Blink Out
; D456 - Factory Test Info

; ***********************************************************************************************************



It has the vector tables named and addressed. The two undetermined branch lists are to define the minor loop code that got missed by the disassembler. The next list of entry points are for code that is not called so also got missed. At the bottom i have made some comments of some tables that are not code and what address they are at.

Posts: 33
Joined: Tue Oct 13, 2009 6:01 pm

Re: 1st disassembly Code $3E from US 1227730

Postby miloman » Mon Oct 19, 2009 10:25 pm

once you have disassembled the bin how do you know what each table is for?

Posts: 33
Joined: Tue Oct 13, 2009 6:01 pm

Re: 1st disassembly Code $3E from US 1227730

Postby miloman » Mon Oct 19, 2009 10:45 pm

Oh! nvm i think i get it now you look in the bua file for a table that looks like the one your looking at ie

the table you have noted as (CBD5 - 3840ohm CTS Lookup Table at ) goes 255, 208, 153... which im guessing is almost the same as the bua 3840 ohm table that goes 255, 215,155 ...
so good enough to be considered as?

Site Admin
Online
User avatar
Posts: 6394
Joined: Sat Feb 28, 2009 8:34 pm

Re: 1st disassembly Code $3E from US 1227730

Postby antus » Tue Oct 20, 2009 2:57 am

its a bit of a black art, sort of any kind of puzzle game... there isnt really a 'correct' way to do it. you need to figure it out which can be difficult and can take a potentially an enormous amount of time. the more you understand the easyer it becomes as you keep going. you can compare sizes of tables, data in tables, or the code that references a table and begin to make assumptions from there. i would think comparing the code that references the table between a known bin and an unknown bin is probably the most certain way, but i know some people around here and just look at a table and take an educated guess with a reasonably high success rate too.

it sounds to me you may be on to something, but im more the kind of person to take the code approach as i have assembler expereince on x86 and firmware written for hc11 on tait radios before i got in to delcos which keeps me occupied these days :) i hear delcowizzid is good at finding tables just by looking.... :)
Have you read the FAQ? For lots of information and links to significant threads see here: viewtopic.php?f=7&t=1396

Posts: 7
Joined: Sun Oct 18, 2009 7:29 am

Re: 1st disassembly Code $3E from US 1227730

Postby dimedriver » Tue Oct 20, 2009 7:18 am

VL400, What disassembly are you using? I was making good progress with the techedge one. I think most people like the dewtronics one but I was not having good luck with it.


This will hopefully get me heading it the right direction on this project. My major goal for it is TBI + distrubutor/ESC on the 1227730/7727 running a four cylinder engine. There are only 2 code masks for the 7730/7727 that do TBI the $3E and the $89 I think the $89 is for a V8 and distributor based, while the $3E is Wasted spark(DIS) based. I will start disassembling the $89 soon as well. Which ever turns out to be easiest to hack up into what I want will be used.


Thanks for the pointers.

-Dime

User avatar
Posts: 4991
Joined: Sun Mar 01, 2009 2:54 pm
Location: Perth, WA

Re: 1st disassembly Code $3E from US 1227730

Postby VL400 » Tue Oct 20, 2009 10:29 am

I am using the dewtronics one. Some more helpful instructions can be found here if you havnt read it already .. http://www.thirdgen.org/techboard/diy-p ... s-ask.html

Posts: 33
Joined: Tue Oct 13, 2009 6:01 pm

Re: 1st disassembly Code $3E from US 1227730

Postby miloman » Tue Oct 20, 2009 12:26 pm

I was using the dewtronics one but IDApro was a walk in the park by compairson not that theres much to the dewtronics one it worked ok too.
But idapro does most of the work for you and even gives you maps of the whole program flow with all the branching.

Posts: 55
Joined: Sun Mar 01, 2009 8:53 pm

Re: 1st disassembly Code $3E from US 1227730

Postby GONZO » Tue Oct 20, 2009 7:54 pm

I am using the drewtronics one. Have sucessfully disassembled many bins. Have you thought about using the $8D code? Well documented and easy to find. Here is a good site I found for 4 cyl stuff using the ANHT bin. http://www.furyworld.fsnet.co.uk/GMECM.html

Next

Return to Disassembly and Reassembly

Who is online

Users browsing this forum: No registered users and 1 guest