Alfa bin files

Bosch Motronic etc ECUs and PCMs
User avatar
DieselBob
Posts: 164
Joined: Sun Mar 28, 2010 5:43 pm
cars: Vr SII Ute
Location: Brisbane QLD

Re: Alfa bin files

Post by DieselBob »

Ok back to the grind....
Looking for advice the IDA disassembly converts the RESET vector at 0000h for 3 bytes and has a jump to line 52.
Line 52 is an unassembled byte?? the user guide says that the jump is the address 52 with the PC added I'm assuming that with a 3 byte instruction/cycle count of 2
the PC has been incremented by at least 2 possibly 3 so that gives a new address of 54/55 - 54 drops it into the middle of an instruction set. 55 - is the IADC routine..
This i can work out :) ..... The problem i have is that Line 52 and a group of others are not disassmbled???
Any help on how to disassemble these lines or an explaination...
User avatar
charlay86
Posts: 584
Joined: Thu Sep 17, 2009 2:00 pm
cars: VT S1 SS (L67)
Location: Perth, WA

Re: Alfa bin files

Post by charlay86 »

try pressing "c" to convert the data at 52 into an instruction?
User avatar
DieselBob
Posts: 164
Joined: Sun Mar 28, 2010 5:43 pm
cars: Vr SII Ute
Location: Brisbane QLD

Re: Alfa bin files

Post by DieselBob »

Done that all it does is mess up the interupt vectors stacked around it.....
Not a biggy still plenty to work on just something I'm having trouble getting a grip on..
User avatar
festy
Posts: 1039
Joined: Sat Apr 30, 2011 6:27 pm
cars: Alfa Romeos
Location: Narellan, NSW

Re: Alfa bin files

Post by festy »

The d52 disassembler has no trouble with your bin, see the output below.
jb increments PC by 3 before testing, then conditionally jumps to (PC+reladdr).
The first instruction is 20 91 4f, so PC=(0+3), then conditionally jumps to (3+4f) which is 52.
What processor are you specifying for disassembling?

Code: Select all

X0000:  jb      p1.1,X0052      ; 0000   20 91 4f    .O
        push    psw             ; 0003   c0 d0      @P
        push    acc             ; 0005   c0 e0      @`
        mov     a,r1            ; 0007   e9         i
        push    acc             ; 0008   c0 e0      @`
        mov     a,rb2r4         ; 000a   e5 14      e.
        add     a,0c2h          ; 000c   25 c2      %B
        mov     0c2h,a          ; 000e   f5 c2      uB
        mov     a,rb2r5         ; 0010   e5 15      e.
        addc    a,0c3h          ; 0012   35 c3      5C
        mov     0c3h,a          ; 0014   f5 c3      uC
        nop                     ; 0016   00         .
        clr     0c0h.3          ; 0017   c2 c3      BC
        clr     2ch.3           ; 0019   c2 63      Bc
        mov     a,rb2r1         ; 001b   e5 11      e.
        mov     7ah,a           ; 001d   f5 7a      uz
        cjne    a,#1,X0032      ; 001f   b4 01 10   4..
        push    dph             ; 0022   c0 83      @.
        push    dpl             ; 0024   c0 82      @.
        ljmp    X21ae           ; 0026   02 21 ae   .!.
;
        mov     a,#6            ; 0029   74 06      t.
        movc    a,@a+dptr       ; 002b   93         .
        pop     dpl             ; 002c   d0 82      P.
        pop     dph             ; 002e   d0 83      P.
        mov     7bh,a           ; 0030   f5 7b      u{
X0032:  jb      2ch.0,X003f     ; 0032   20 60 0a    `.
        mov     r1,#8dh         ; 0035   79 8d      y.
        dec     @r1             ; 0037   17         .
        mov     a,@r1           ; 0038   e7         g
        jnz     X003f           ; 0039   70 04      p.
X003b:  setb    i2sta.7         ; 003b   d2 ff      R.
        mov     @r1,#0fdh       ; 003d   77 fd      w}
X003f:  jnb     2dh.6,X0046     ; 003f   30 6e 04   0n.
        clr     ibf             ; 0042   c2 e8      Bh
        clr     obf             ; 0044   c2 e9      Bi
X0046:  setb    xstr            ; 0046   d2 f9      Ry
        setb    p1.1            ; 0048   d2 91      R.
        pop     acc             ; 004a   d0 e0      P`
        mov     r1,a            ; 004c   f9         y
        pop     acc             ; 004d   d0 e0      P`
        pop     psw             ; 004f   d0 d0      PP
        reti                    ; 0051   32         2
;
X0052:  push    psw             ; 0052   c0 d0      @P
        push    acc             ; 0054   c0 e0      @`
        clr     pt1             ; 0056   c2 bb      B;
        clr     25h.2           ; 0058   c2 2a      B*
        anl     i2cfg,#0f8h     ; 005a   53 d8 f8   SXx
        orl     i2cfg,#7        ; 005d   43 d8 07   CX.
        mov     s1dat,#0        ; 0060   75 da 00   uZ.
User avatar
DieselBob
Posts: 164
Joined: Sun Mar 28, 2010 5:43 pm
cars: Vr SII Ute
Location: Brisbane QLD

Re: Alfa bin files

Post by DieselBob »

Probibly a problem with IDA........
Going to try the d52 option and see what comes out....
User avatar
DieselBob
Posts: 164
Joined: Sun Mar 28, 2010 5:43 pm
cars: Vr SII Ute
Location: Brisbane QLD

Re: Alfa bin files

Post by DieselBob »

Looks a lot better with d52 thanks festy :) ..
Now to do it all again..
Oh well if nothing else I'm getting better at reading mnemonics.
User avatar
DieselBob
Posts: 164
Joined: Sun Mar 28, 2010 5:43 pm
cars: Vr SII Ute
Location: Brisbane QLD

Re: Alfa bin files

Post by DieselBob »

Thanks Festy having fun now....
Working on the ADC....
Getting better at reading the mnemonics too
User avatar
festy
Posts: 1039
Joined: Sat Apr 30, 2011 6:27 pm
cars: Alfa Romeos
Location: Narellan, NSW

Re: Alfa bin files

Post by festy »

I ran my (half-written) bosch bin ID tool over your bin and it reckoned that the AFM was memory mapped to 0xBC00 so there's a good chance most of the external ADC stuff is at the locations I posted for the 4.1 earlier in the thread.
User avatar
DieselBob
Posts: 164
Joined: Sun Mar 28, 2010 5:43 pm
cars: Vr SII Ute
Location: Brisbane QLD

Re: Alfa bin files

Post by DieselBob »

Cool I'll have a look over the weekend.
User avatar
DieselBob
Posts: 164
Joined: Sun Mar 28, 2010 5:43 pm
cars: Vr SII Ute
Location: Brisbane QLD

Re: Alfa bin files

Post by DieselBob »

Thanks Festy info has given me direction found the TPS Conversion MAP same as the sample :)


Been busy :)
Got a question for anyone that can help.

X009f: mov 7bh,a ; 009f f5 7b u{
push dph ; 00a1 c0 83 @.
push dpl ; 00a3 c0 82 @.
mov dptr,#X0420 ; 00a5 90 04 20 ..
mov a,7ah ; 00a8 e5 7a ez
add a,dpl ; 00aa 25 82 %.
mov dpl,a ; 00ac f5 82 u.
mov a,77h ; 00ae e5 77 ew
movx @dptr,a ; 00b0 f0 p
pop dpl ; 00b1 d0 82 P.
pop dph ; 00b3 d0 83 P.
pop accum ; 00b5 d0 e0 P`
pop psw ; 00b7 d0 d0 PP
reti ; 00b9 32 2
;
This jump
ljmp X21b4 ; 00ba 02 21 b4 .!4
;
mov a,#15h ; 00bd 74 15 t.
movc a,@a+dptr ; 00bf 93 .
clr c ; 00c0 c3 C
subb a,3bh ; 00c1 95 3b .;
jnc X00c9 ; 00c3 50 04 P.
mov r3,#38h ; 00c5 7b 38 {8
sjmp X0113 ; 00c7 80 4a .J
;
X00c9: mov a,#16h ; 00c9 74 16 t.



;
To here
Then this jump to here
X21b4: lcall X7b78 ; 21b4 12 7b 78 .{x
Return then jumps out of ROM area????
ljmp X80bd ; 21b7 02 80 bd ..=
;


;
Load DPTR then return to 21b4
X7b78: mov dptr,#X4460 ; 7b78 90 44 60 .D`
ret ; 7b7b 22 "
;

Having trouble working out the DPTR - Data Pointer load value on startup.
Been working through the functions.....
Getting an understanding of the code....
Can read most... Now need values to start trying out the math conversions.
Know where the MAPS are but the DPTR values are indexed :( making it hard to figure what MAP does what????
Any help - suggestions appreciated
Post Reply