Looking for anything like these posts. For myself and others to refence. I know people have already done some of what I want, but if they've shared the answer, I haven't seen it.
Quotes, links to other sites, Ghidra projectfiles,whatever. The more pieces, the less unknowns and guess work.
SharingGhidra projects https://www.youtube.com/watch?v=i_vZP15RtaY
vwnut8392 wrote: ↑Sun Jun 30, 2024 7:38 am Ive been looking at 12587603 disassembly some more and i cant seem to figure out how the axis's are referenced. I can see where the variables for the axis's are pulled from RAM but how the axis's are actually read are still a mystery to me. anyone have any insight on this?
im studying how the main high octane ignition table is read.Code: Select all
OS1:00039FAC 3038 AEDA move.w (RAM_RPM_2).w,d0 ; move RPM from RAM to register D0 OS1:00039FB0 3238 AEDC move.w (RAM_MAF).w,d1 ; move MAF from RAM to register D1 OS1:00039FB4 7419 moveq #$19,d2 ; Move Quick OS1:00039FB6 207C 0001 0E3A movea.l #SPARK_ADVANCE_KA_MAIN_OT_LOW_OCTANE,a0 ; This calibration determines base spark 'bad fuel' contribution to spark advance. OS1:00039FB6 ; Degrees OS1:00039FBC 4EB9 0002 6994 jsr INTERPOLATE_TABLE ; Jump to Subroutine OS1:00039FC2 3240 movea.w d0,a1 ; Move Address
antus wrote: ↑Mon Jul 01, 2024 6:53 pm INTERPOLATE_TABLE is the 3D lookup routine. A0 is the address of the table, D0 (word) value searched on the X axis, D1 (word) is the value searched on the Y axis. d2 is the size of the of X axis, and the result comes back in D0 as word. So in the above, 19 hex is 25 cells of the table in the X direction which is the only dimension it needs to lookup the value.
If you look at the table, 25 cells in the X direction (400->8000).
The values are scaled before going in to the routine to take into account the axis so the lookup function does not need to know the axis beyond the X size.
So RAM_RPM2 is really RAM_RPM_SCALED and RAM_MAF is RAM_AIR_GPC_SCALED (or something like that). Where GPC=Grams Per Cylinder.
You'll find the scaling code between the ADC read and what writes it to that location in RAM. And all the rest of high and low octane scaling code, just to really keep you on your toes.
A similar idea I've had myself. GPC/KPA numbers would mean nothing anymore, but you could give such an ECU to somebody, instruct them to do typical HPtuners datalogging with no modifications, and just "paste special" or whatever, and it would work out.
And unless I'm missing a lot (which is likely), looks like forcing speed density is as simple as replacing one RAM address at ROM address 0x7a8e4.
Replace aedc with f2bc. Apparently, I don't know.
Code: Select all
LAB_0007a8e4 XREF[3]: 0007a8bc(j), 0007a8da(j),
0007a8de(j)
0007a8e4 31 c3 ae dc move.w D3w,(RAM-GramsPerCylinder).w = ??
EDIT: to add good stuff Might cover most of what I hoped to get.
https://github.com/LegacyNsfw/12587603/tree/master
