If a custom kernel was made to read the flash and then write back to it, then it could be added to a flashing application.
Biggest part is making the kernel.
Its usually best to look at what the GM one does, then create from that. These usually have the complex needed parts done for you (unlock flash, erase ect), the actual writing and reading memory is the easy part.
MPC56xx / PowerPC table lookup examples?
Re: MPC56xx / PowerPC table lookup examples?
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
-
- Posts: 81
- Joined: Sun May 11, 2014 6:36 pm
- cars: Z06
Re: MPC56xx / PowerPC table lookup examples?
Are these: =>DAT_00089100 your annotations?Gatecrasher wrote:I may have fixed it.
You can change the processor language for an existing project. It's irreversible, so they recommend you back up your project file before you do it. I switched from "PPC big endian 32 bit" to "PPC big endian 64 bit VLE with 32 bit addressing". The code block disassembles now.
EFSCMPGT is apparently Floating-Point Single-Precision Compare Greater Than.Code: Select all
LAB_0015fc90 XREF[1]: 0015fc78(j) 0015fc90 81 8e 31 ac lwz r12,DAT_000031ac(r14) 0015fc94 3d 60 00 09 lis r11,0x9 0015fc98 81 6b 91 00 lwz r11,-0x6f00(r11)[b][u]=>DAT_00089100[/u][/b] = 41800000h 0015fc9c 10 8c 5a cc efscmpgt cr1,r12,r11 0015fca0 40 85 00 18 ble cr1,LAB_0015fcb8 0015fca4 39 80 00 00 li r12,0x0 0015fca8 b1 8e 32 84 sth r12,0x3284(r14[b][i][u])=>DAT_4000b274[/u][/i][/b] 0015fcac 38 60 18 05 li r3=>DAT_00001805,0x1805 0015fcb0 48 00 4a b1 bl FUN_00164760 undefined FUN_00164760() 0015fcb4 48 00 00 38 b LAB_0015fcec
- antus
- Site Admin
- Posts: 8253
- Joined: Sat Feb 28, 2009 8:34 pm
- cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B - Contact:
Re: MPC56xx / PowerPC table lookup examples?
It looks to me like Ghidras built in default naming convention, eg for a function its FUN_address and for a data address reference its DAT_address, similar to IDA using subroutine SUB_address, and you have the option to rename them to something more meaningful as you figure it out.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
- Tre-Cool
- Posts: 284
- Joined: Tue Oct 16, 2012 12:17 pm
- cars: VY SS UTE, VX Drag Car
- Location: Perth
- Contact:
Re: MPC56xx / PowerPC table lookup examples?
coz im kinda retarded at this sort of stuff, but can bumble/half ass my way through. I'd like to do a similar thing for the T43 trans controller bin. I'm trying to find a limiter preventing the use of 6th gear past an input shaft speed of 3757rpm.
Anyone able help out? ive got ghidra installed but lost from there
Anyone able help out? ive got ghidra installed but lost from there
- Tre-Cool
- Posts: 284
- Joined: Tue Oct 16, 2012 12:17 pm
- cars: VY SS UTE, VX Drag Car
- Location: Perth
- Contact:
Re: MPC56xx / PowerPC table lookup examples?
I managed to find the limiter tables a few months ago. There is what i suspect a High RPM that when triggered forces the downshift, then a lower re-engage rpm limiter. Similar to how engine rpm limiter works in the E38.Tre-Cool wrote:coz im kinda retarded at this sort of stuff, but can bumble/half ass my way through. I'd like to do a similar thing for the T43 trans controller bin. I'm trying to find a limiter preventing the use of 6th gear past an input shaft speed of 3757rpm.
Anyone able help out? ive got ghidra installed but lost from there
I've now added a bunch of different os locations to some efilive cax files for them (rpm does vary calibration to calibration).
Worked it all out just by logging the trans & seeing what rpm the trans downshifted at, then went looking, surprisingly didn't take that long.
Then today checked that ghidra showed the particular locations linked to function blocks.
- Gatecrasher
- Posts: 273
- Joined: Sat Apr 25, 2020 6:09 am
Re: MPC56xx / PowerPC table lookup examples?
That's cool. Nice job.