Segment Swap utility
-
- Posts: 583
- Joined: Thu Feb 13, 2020 11:32 pm
- cars: Mainly GM trucks, a Cruze and an Equinox for dailys..
Re: Segment Swap utility
If we’re ready for spark tables I think I have the high and low octane tables figured out for the e38’s.. when I’m at the computer with my notes I’ll post up what I have.. These are like the dtc tables, manual search for the tables but it’s been working.. kind of useless unless your converting to an xdf or updating the editing power of universal patcher, lol..
I'm just editing this post.. Not sure how much this will help, but it got the ball rolling the last time I posted up something I found, lol..
21 21 02 -high octane and low octane
33 rows and columns..
RPM X Air Per Cyl Grams/Cyl
11 21 02 high octane and low octane dod
33 rows and 17 columns..
RPM X Air Per Cyl Grams/Cyl
RPM is in steps of 200 starting at 0
Air per cyl starts at .08 and is in steps of .04
I hit some other tables but the first tables I find always seem to be the high and low octane then dod High and low..
Formula I need help with.. it's divide by 2 but not always... lol..
I'm just editing this post.. Not sure how much this will help, but it got the ball rolling the last time I posted up something I found, lol..
21 21 02 -high octane and low octane
33 rows and columns..
RPM X Air Per Cyl Grams/Cyl
11 21 02 high octane and low octane dod
33 rows and 17 columns..
RPM X Air Per Cyl Grams/Cyl
RPM is in steps of 200 starting at 0
Air per cyl starts at .08 and is in steps of .04
I hit some other tables but the first tables I find always seem to be the high and low octane then dod High and low..
Formula I need help with.. it's divide by 2 but not always... lol..
Last edited by ironduke on Sat Nov 14, 2020 11:04 am, edited 1 time in total.
Re: Segment Swap utility
These powerPC e38 files are bitch to search.
The processor sees only 16 bit addresses and some frankenstein conversion are done to load the 32bit addresses.
It is usually xxxx * * xxxxx * *
combining the ** ** gives the address of the table.
Some times there is some registers stored usually r2 and r13 and addresses are offset from them +- 32k.
I guess hardcoded search will gives good results for the basic tables. For some other xxxx * * xxxxx * * might work good, but for r2,r13 offset forget about it
The processor sees only 16 bit addresses and some frankenstein conversion are done to load the 32bit addresses.
It is usually xxxx * * xxxxx * *
combining the ** ** gives the address of the table.
Some times there is some registers stored usually r2 and r13 and addresses are offset from them +- 32k.
I guess hardcoded search will gives good results for the basic tables. For some other xxxx * * xxxxx * * might work good, but for r2,r13 offset forget about it
Re: Segment Swap utility
yeah,kur4o wrote:These powerPC e38 files are bitch to search.
The processor sees only 16 bit addresses and some frankenstein conversion are done to load the 32bit addresses.
It is usually xxxx * * xxxxx * *
combining the ** ** gives the address of the table.
Some times there is some registers stored usually r2 and r13 and addresses are offset from them +- 32k.
I guess hardcoded search will gives good results for the basic tables. For some other xxxx * * xxxxx * * might work good, but for r2,r13 offset forget about it
thatlll be the op codes doing something like:
lis 0x30, r5 -> r5 = 0x0030 0000
li 0x1122, r5 -> r5= 0x0030 1122
Hoping thats correct, havent had to look over ASM a heap recently, only just refreshing myself again
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Re: Segment Swap utility
It is definitely something like this. Do you know lis , li meaning. I am trying all kind of abbreviations and still haven`t figure it out.thatlll be the op codes doing something like:
lis 0x30, r5 -> r5 = 0x0030 0000
li 0x1122, r5 -> r5= 0x0030 1122
Found some string for MBT spark
74 14 20 7c @addr:4:hex 4e b9 * * * * 36
I think we need new search config for table search that will be exported to xdf.
A new fields that can be configured for xdf, like conversion factor, size, and all other needed stuff to configure the xdf.
We can always scrap the xdf export and add some editing for tables, I don`t think it will be hard enough. Something like the dtc display but with rows and length matching the table size and naming according to scaling.
Can we make dtc search with a button or checkbox. Now when I get info from multiple files, it gets really slow.
Re: Segment Swap utility
Finally some breakthrough with e38 search.
For DTC status
3C A0 * * 38 A5 * * 7D 85 50 - Checked on 06-13 bins I have
For DTC table is alittle more complicated
3D 80 * * 39 8C * * 7D 7B DA 14 7C 8C 5A 2E 80 BD
The table is offset by 10000 if the found address is < or > than 5000
Some examples
found address 89bf8
DTC address is 00 09 c3 0a
At found address you need to check last 4 bytes , if xxxx>5000 or xxxxx<5000
If >5000 DTC address is ofset by -10000 so in this case 00 09 c3 0a -10000 = 00 08 c3 0a
If <5000 DTC address is ofset by 0
Another example
found address 84ba0
DTC table at 00 08 79 8c
4ba0<5000 Dtc table address 00 08 79 8c - 0 = 0008798c
;
found address 85208
DTC table at 00 09 80 1a
5208>5000 Dtc table address 00 09 80 1a -10000= 0008801a
This is the best pattern I have, some exceptions migth be possible.
For DTC status
3C A0 * * 38 A5 * * 7D 85 50 - Checked on 06-13 bins I have
For DTC table is alittle more complicated
3D 80 * * 39 8C * * 7D 7B DA 14 7C 8C 5A 2E 80 BD
The table is offset by 10000 if the found address is < or > than 5000
Some examples
found address 89bf8
DTC address is 00 09 c3 0a
At found address you need to check last 4 bytes , if xxxx>5000 or xxxxx<5000
If >5000 DTC address is ofset by -10000 so in this case 00 09 c3 0a -10000 = 00 08 c3 0a
If <5000 DTC address is ofset by 0
Another example
found address 84ba0
DTC table at 00 08 79 8c
4ba0<5000 Dtc table address 00 08 79 8c - 0 = 0008798c
;
found address 85208
DTC table at 00 09 80 1a
5208>5000 Dtc table address 00 09 80 1a -10000= 0008801a
This is the best pattern I have, some exceptions migth be possible.
Re: Segment Swap utility
I don't understand this part.kur4o wrote:
At found address you need to check last 4 bytes , if xxxx>5000 or xxxxx<5000
What bytes I should check?
Re: Segment Swap utility
Search string is found at address 00086870
Take the last 2 bytes[4 digits] of the found address. In this case 6870 and compare them with 5000
6870><5000
If it is less than 5000 than the offset of DTC table is minus 0
If it is greater than 5000 than the offset of DTC table is minus 10000
I think this lookup patterns is valid for other tables in e38 code but need to confirm it. There are lots of table that are ofset by 10000. It is really unknown wat is the threshold, but this pattern seems to match.
Take the last 2 bytes[4 digits] of the found address. In this case 6870 and compare them with 5000
6870><5000
If it is less than 5000 than the offset of DTC table is minus 0
If it is greater than 5000 than the offset of DTC table is minus 10000
I think this lookup patterns is valid for other tables in e38 code but need to confirm it. There are lots of table that are ofset by 10000. It is really unknown wat is the threshold, but this pattern seems to match.
Re: Segment Swap utility
Now this makes sense: 2 bytes, not 4 bytes.kur4o wrote:Search string is found at address 00086870
Take the last 2 bytes[4 digits] of the found address. In this case 6870 and compare them with 5000
6870><5000
If it is less than 5000 than the offset of DTC table is minus 0
If it is greater than 5000 than the offset of DTC table is minus 10000
I think this lookup patterns is valid for other tables in e38 code but need to confirm it. There are lots of table that are ofset by 10000. It is really unknown wat is the threshold, but this pattern seems to match.
5000 and 10000 as decimal or hex?
Re: Segment Swap utility
both in hex
Re: Segment Swap utility
0.15.10
e38 DTC search by opcode.
Checkbox for DTC search in File info tab
e38 DTC search by opcode.
Checkbox for DTC search in File info tab