P12 Disassembly

Disassembly, Reassembly, Tools and devleopment. Going deep with Hardware and Software.
Post Reply
bubba2533
Posts: 498
Joined: Wed Apr 11, 2018 8:50 am
cars: 03 Chevy S10 Turbo V6

P12 Disassembly

Post by bubba2533 »

Wanted to start a thread to document disassembly of the P12 PCM.

The attached bin is from here: viewtopic.php?f=42&t=7742&start=210#p114718
Moderator edit: Please see the notes there about this file.
2006 Trailblazer.bin
(1 MiB) Downloaded 115 times
The only thing I have been able to find so far is the PID jump table. This is a good start because it's a set of documented values like Engine Speed, Coolant Temperature, etc.

It looks like the table starts at 0x631CE and has a format as:
PID #
Address for subroutine to get PID Data
Bytes Returned (1,2,4) Followed by an empty byte (00)

Code: Select all

ROM:000631CE                 dc.w 0
ROM:000631D0                 dc.l sub_62C80
ROM:000631D4                 dc.w $400
ROM:000631D6                 dc.w 1
ROM:000631D8                 dc.l sub_A0522
ROM:000631DC                 dc.w $400
ROM:000631DE                 dc.w 2
ROM:000631E0                 dc.l sub_19C50
ROM:000631E4                 dc.w $200
ROM:000631E6                 dc.w 3
ROM:000631E8                 dc.l sub_1C110
ROM:000631EC                 dc.w $200
ROM:000631EE                 dc.w 4
ROM:000631F0                 dc.l sub_57586
ROM:000631F4                 dc.w $100
ROM:000631F6                 dc.w 5
ROM:000631F8                 dc.l GetPid_0005_EngineCoolantTemperature
ROM:000631FC                 dc.w $100
That all makes sense and is similar to P01/P59, but the routine itself is quite different.
LS1 Boost OS V3 Here. For feature suggestions post in here Development Thread. Support future development ->Patreon.
darkman5001
Posts: 212
Joined: Sat Dec 18, 2021 8:15 am
cars: 2004 Suburban, 2001 Tahoe, 2002 Envoy, 2006 Envoy, 2003 Lincoln LS
Location: New Jersey, USA

Re: P12 Disassembly

Post by darkman5001 »

Nice.
bubba2533
Posts: 498
Joined: Wed Apr 11, 2018 8:50 am
cars: 03 Chevy S10 Turbo V6

Re: P12 Disassembly

Post by bubba2533 »

Ok, so someone posted some rather valuable information for reverse engineering!! viewtopic.php?f=42&t=7742&start=490#p115896

They said that the P12 PCM uses a MC68377 MCU and so I've been looking at the datasheet for it and found the ADC array location, which will help confirm the RAW ADC inputs.

I went looking at the Manifold Absolute Pressure PID (0xB from https://en.wikipedia.org/wiki/OBD-II_PIDs) in the above PID table array.

That PID Subroutine is at 0x58116:

Code: Select all

                move.l  a5,-(sp)
                movea.l 8(sp),a5
                moveq   #8,d0
                move.l  d0,-(sp)
                moveq   #8,d0
                move.l  d0,-(sp)
                moveq   #0,d1
                move.w   (word_FF3E2A).l,d1
                moveq   #0,d0
                jsr     sub_981C
                move.b  d0,(a5)
                moveq   #1,d0
                addq.l  #8,sp
                movea.l (sp)+,a5
                rts
Edit: I made a mistake....will keep looking at this and post what I find.
LS1 Boost OS V3 Here. For feature suggestions post in here Development Thread. Support future development ->Patreon.
bubba2533
Posts: 498
Joined: Wed Apr 11, 2018 8:50 am
cars: 03 Chevy S10 Turbo V6

Re: P12 Disassembly

Post by bubba2533 »

Upon further review there looks to be some functions between the RAW ADC Array and the RAM variables that are used for the PID's.

I'll try and get a better understanding of this code when I have some time, but it is quite different compared to the P01/P59.
LS1 Boost OS V3 Here. For feature suggestions post in here Development Thread. Support future development ->Patreon.
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: P12 Disassembly

Post by antus »

keep in mind that it has 2 CPUs and some of the raw functions might be offloaded to the slave, so you might find code reading some shared memory to pass data between the two, like we found in the flash kernels.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
bubba2533
Posts: 498
Joined: Wed Apr 11, 2018 8:50 am
cars: 03 Chevy S10 Turbo V6

Re: P12 Disassembly

Post by bubba2533 »

Yeah good point.

I didn’t see much in the way of describing the master/slave CPU in the data sheet. I might have to do some more to understand that, but I just avoid trying to understand it at this point to try and simplify things.

I also may have to buy one of these PCMs to try data logging RAM addresses if I really want to figure things out. Better yet would be having a project vehicle, but I don’t need another project lol.
LS1 Boost OS V3 Here. For feature suggestions post in here Development Thread. Support future development ->Patreon.
Post Reply