I am thinking for some pid search that will need to be hardcoded.
Code: Select all
00 01 02 00 [00 04 9E BC] 00 03 01 00 [00 04 9E 82]
00 04 00 00 [00 04 9E 2C] 00 05 00 00 [00 04 9E 1A]
..........................
FC 46 00 00 00 04 4E 84 FC 47 00 00 00 04 4E 7E
FC 48 00 00 00 04 4E 78 FC 4A 02 00 00 04 4E 70
SO a search for something like this can be done
00 01 02 00 * * * * 00 03 01 00 * * * *
00 04 00 00 * * * * 00 05 00 00
When the start address is found a list can be generated.
The pid is the first 2 bytes
[00 01] 02 00 [00 04 9E BC] [00 03]
So it is pid number skip 6 bytes pid number > from the previous pid number skip 6 bytes.
The pids are in numerical order so next must be higher than previous until.
The search should be broke until FFFF pid number is reached or next is lower than previous.
For example you reach pid fc12 and next one is 1269. SO the last one should be fc12.
____________
second 2 bytes are the bytes the pid return
0000= 1 byte response
0100= 2 bytes response [word]
0200= 4 bytes response [dword]
Next 4 bytes are the address for the subroutine the value is taken for the pid.
Here is interesting part. You can jump to that address and search for the RAM value that is streamed.
SO the search should look like this jump to pid start address and search area will be till [4e 75][opcode for return] is hit.
The search should be for 10 38 * * for a byte pid and 30 38 * * for word pid. [* *] is the ram address being streamed.
Not all pid should have it but it will be something like that.