Reverse Engineering 12587603

[mattbta]

12587603 and 12592425 are exact match

12606960 and 12612114 are exact match

7603 and 6960 differ only for the first 2 segments which are engine and engine diag, which will mean all other segments should interchange between the 4 OS numbers on theory. An xdf can confirm the segment match if the tables data is viable.

I am sure there are other pairs too but it is a hard work to discover.

Sorry for bringing up an old thread, but I know you are active here.

What do you mean by "exact match" above? I have both stock bins for my vehicle - 7603 and then used SPS to update to 6960. What is the correlation between 7603/2425 and 6960/2114 that you say are exact match? Sorry, I'm new. Thank you!

[AngelMarc]

Ghidra updates?
Can IDA text be copy pasted into notepad and uploaded as a text file for cross referencing in notepadd++ maybe.
Being able to see comments/labels from other people's successful changes could be very useful. Could really narrow down the guess work.

[AngelMarc]

Anybody have understanding of these 2 shift commands (lsr and asl)? Is it just part of the grams per cylinder math, something else?

Code: Select all

        000809fa 36 38 f2 bc     move.w     (MAP_ADC_Output).w,D3w                           = ??
        000809fe e4 4b           lsr.w      #0x2,D3w
        00080a00 e1 43           asl.w      #0x8,D3w
        00080a02 31 c3 b2 90     move.w     D3w,(DAT_ffffb290).w                             = ??

EDIT: Code shortly after references MAP scale and offset directly from calibration data; so I assume it has to do with just making that work out.
Seeing nearly the same sequence 3 times for whatever reason. Wondering if the previous MAP readings (for the delta measurement for disabling steady state) get recorded before scaling, then individually get scaled later for whatever reason.

[AngelMarc]

Can anybody help me understand this enough for me to have a clue what to click in Ghidra?

Code: Select all

		unlk	a6
		rts
; End of function sub_2178

; ---------------------------------------------------------------------------
PID_jump_table:	struct_0 <1, $200, GetPid_0001_NumberofEmissionRelatedDTC>
		struct_0 <3, $100, GetPid_0003_FuelSystemStatus>
		struct_0 <4, 0,	GetPid_0004_CalculatedLoad>
		struct_0 <5, 0,	GetPid_0005_EngineCoolantTemperature>
		struct_0 <6, 0,	GetPid_0006_ShortTermFuelTrimBank>
		struct_0 <7, 0,	GetPid_0007_LongTermFuelTrimBank>
		struct_0 <8, 0,	GetPid_0008_ShortTermFuelTrimBank>
		struct_0 <9, 0,	GetPid_0009_LongTermFuelTrimBank>
		struct_0 <$B, 0, GetPid_000B_ManifoldAbsolutePressure>
		struct_0 <$C, $100, GetPid_000C_EngineRPMHighResolutionRPMx>
		struct_0 <$D, 0, GetPid_000D_SpeedinKPH>
		struct_0 <$E, 0, GetPid_000E_IgnitionTimingAdvance>
		struct_0 <$F, 0, GetPid_000F_IntakeAirTemperature>
		struct_0 <$10, $100, GetPid_0010_MassAirFlow>
		struct_0 <$11, 0, GetPid_0011_ThrottlePositionSensor>
		struct_0 <$12, 0, GetPid_0012_CommandedSecondaryAir>
		struct_0 <$13, 0, GetPid_0013_ReportOSensorConfiguration>
		struct_0 <$14, $100, GetPid_0014_OBS>
		struct_0 <$15, $100, GetPid_0015_OBS>
		struct_0 <$18, $100, GetPid_0018_OBS>
		struct_0 <$19, $100, GetPid_0019_OBS>
		struct_0 <$1C, 0, GetPid_001C_OBDRequirements>
		struct_0 <$1E, 0, GetPid_001E>
		struct_0 <$21, $100, GetPid_0021>
		struct_0 <$1100, 0, GetPid_1100>
		struct_0 <$1101, 0, GetPid_1101>
		struct_0 <$1102, 0, GetPid_1102>
		struct_0 <$1103, 0, GetPid_1103>
		struct_0 <$1104, 0, GetPid_1104>
		struct_0 <$1105, 0, GetPid_1105>
		struct_0 <$1106, 0, GetPid_1106_VTDFuelDisable>
		struct_0 <$1107, 0, GetPid_1107_ThrottleAtIdle>
		struct_0 <$1108, 0, GetPid_1108>
		struct_0 <$110C, 0, GetPid_110C>
		struct_0 <$110D, 0, GetPid_110D>
		struct_0 <$110E, 0, GetPid_110E>
		struct_0 <$110F, 0, GetPid_110F_RearOCurrentNonVolatile>
		struct_0 <$1110, 0, GetPid_1110>
		struct_0 <$1111, 0, GetPid_1111>
		struct_0 <$1112, 0, GetPid_1112>
		struct_0 <$1113, 0, GetPid_1113>
		struct_0 <$1114, 0, GetPid_1114>
		struct_0 <$1115, 0, GetPid_1115>
		struct_0 <$1116, 0, GetPid_1116>
		struct_0 <$1117, 0, GetPid_1117>
		struct_0 <$1118, 0, GetPid_1118>
		struct_0 <$1119, 0, GetPid_1119>
		struct_0 <$1120, 0, GetPid_1120>
		struct_0 <$1140, $100, GetPid_1140_MassAirFlowSensor>
		struct_0 <$1141, 0, GetPid_1141_IgnitionVoltage>
		struct_0 <$1142, 0, GetPid_1142>
		struct_0 <$1143, 0, GetPid_1143_ThrottlePositionSensor>
		struct_0 <$1144, 0, GetPid_1144_AirConditionerPressure>
		struct_0 <$1145, 0, GetPid_1145>
		struct_0 <$1146, 0, GetPid_1146_OSensorBankSensormv>
		struct_0 <$1148, 0, GetPid_1148_OSensorBankSensormv>
		struct_0 <$1149, 0, GetPid_1149_OSensorBankSensormv>
		struct_0 <$114B, 0, GetPid_114B>
		struct_0 <$114C, 0, GetPid_114C>
		struct_0 <$114D, 0, GetPid_114D>
		struct_0 <$114E, 0, GetPid_114E_FuelTankPressure>
		struct_0 <$1151, 0, \
			  GetPid_1151_ThrottlePositionSensorNormalizedinDegreesPercent>
		struct_0 <$1152, 0, GetPid_1152>
		struct_0 <$1155, 0, GetPid_1155>
		struct_0 <$115C, 0, GetPid_115C>
		struct_0 <$116F, 0, GetPid_116F_StartUpEngineCoolantTemperature>
		struct_0 <$1170, 0, GetPid_1170_ControlledCanisterPurgeSolenoid>
		struct_0 <$1172, $100, GetPid_1172>
		struct_0 <$1177, 0, GetPid_1177>
		struct_0 <$1186, $100, GetPid_1186>
		struct_0 <$1187, $100, GetPid_1187>
		struct_0 <$1190, 0, GetPid_1190_FuelTrimCell>
		struct_0 <$1192, 0, GetPid_1192_DesiredIdleSpeed>
		struct_0 <$119B, 0, GetPid_119B>
		struct_0 <$119D, 0, GetPid_119D_BarometricPressure>
		struct_0 <$119E, 0, GetPid_119E_AirFuelRatio>
		struct_0 <$119F, 0, GetPid_119F>
		struct_0 <$11A1, $100, GetPid_11A1_EngineRunTime>
		struct_0 <$11A6, 0, GetPid_11A6>
		struct_0 <$11BB, 0, GetPid_11BB_EGRClosedPositionVolts>
		struct_0 <$11BD, 0, GetPid_11BD_EGRTestCount>
		struct_0 <$11C1, 0, GetPid_11C1_EGRPositionError>
		struct_0 <$11D7, $100, \
			  GetPid_11D7_OResponseLeantoRichSwitchesBankSensor>
		struct_0 <$11E4, $100, GetPid_11E4_CylinderModeMisfireIndex>
		struct_0 <$11E5, $100, GetPid_11E5>
		struct_0 <$11E6, $100, \
			  GetPid_11E6_RevolutionModeMisfireIndexBalanceTime>
		struct_0 <$11E7, 0, GetPid_11E7>
		struct_0 <$11E8, $100, GetPid_11E8>
		struct_0 <$11E9, 0, GetPid_11E9>
		struct_0 <$11EA, 0, GetPid_11EA_MisfireCurrentCylinder>
		struct_0 <$11EB, 0, GetPid_11EB_MisfireCurrentCylinder>
		struct_0 <$11EC, 0, GetPid_11EC_MisfireCurrentCylinder>
		struct_0 <$11ED, 0, GetPid_11ED_MisfireCurrentCylinder>
		struct_0 <$11F2, 0, GetPid_11F2>
		struct_0 <$11F3, 0, GetPid_11F3_TotalMisfiresperTestSpecial>
		struct_0 <$11F4, 0, GetPid_11F4>
		struct_0 <$11F5, 0, GetPid_11F5>
		struct_0 <$11F6, 0, GetPid_11F6>
		struct_0 <$11F7, 0, GetPid_11F7>
		struct_0 <$11F8, $100, GetPid_11F8_MisfireHistoryCylinder>
		struct_0 <$11F9, $100, GetPid_11F9_MisfireHistoryCylinder>
		struct_0 <$11FA, $100, GetPid_11FA_MisfireHistoryCylinder>
		struct_0 <$11FB, $100, GetPid_11FB_MisfireHistoryCylinder>
		struct_0 <$1200, 0, GetPid_1200_TotalMisfireCurrentCount>
		struct_0 <$1201, $100, GetPid_1201_MisfireHistoryCylinder>
		struct_0 <$1202, $100, GetPid_1202_MisfireHistoryCylinder>
		struct_0 <$1203, $100, GetPid_1203_MisfireHistoryCylinder>
		struct_0 <$1204, $100, GetPid_1204_MisfireHistoryCylinder>
		struct_0 <$1205, 0, GetPid_1205_MisfireCurrentCylinder>
		struct_0 <$1206, 0, GetPid_1206_MisfireCurrentCylinder>
		struct_0 <$1207, 0, GetPid_1207_MisfireCurrentCylinder>
		struct_0 <$1208, 0, GetPid_1208_MisfireCurrentCylinder>
		struct_0 <$120A, 0, GetPid_120A_ShortTermFuelTrimBank>
		struct_0 <$120B, 0, GetPid_120B_LongTermFuelTrimBank>
		struct_0 <$120C, 0, GetPid_120C_ShortTermFuelTrimBank>
		struct_0 <$1212, 0, GetPid_1212_RichLeantoLeanRichRatioSen>
		struct_0 <$1216, $100, \
			  GetPid_1216_OResponseRichtoLeanSwitchesBankSensor>
		struct_0 <$1217, $100, \
			  GetPid_1217_OResponseLeantoRichSwitchesBankSensor>
		struct_0 <$121A, $100, \
			  GetPid_121A_OResponseRichtoLeanSwitchesBankSensor>
		struct_0 <$1221, $100, GetPid_1221>
		struct_0 <$1227, $100, GetPid_1227_TotalMisfireFailuresSinceFirstFail>
		struct_0 <$1228, $100, GetPid_1228_TotalMisfirePassesSinceFirstFail>
		struct_0 <$1229, $100, GetPid_1229>
		struct_0 <$122A, 0, GetPid_122A_CyclesofMisfireData>
		struct_0 <$1232, 0, GetPid_1232_Warmupcycleswithoutanemissionfault>
		struct_0 <$1233, 0, GetPid_1233_Warmupcycleswithoutanonemissionfault>
		struct_0 <$1234, $100, GetPid_1234_MileageSinceLastCodeClear>
		struct_0 <$1235, $100, GetPid_1235_MileageSinceFirstFail>
		struct_0 <$1236, $100, GetPid_1236_MileageSinceLastFail>
		struct_0 <$1237, 0, GetPid_1237_FailCounter>
		struct_0 <$1238, 0, GetPid_1238_PassCounter>
		struct_0 <$1239, 0, GetPid_1239_NoResultsCounter>
		struct_0 <$123A, 0, GetPid_123A_LongTermFuelTrimBank>
		struct_0 <$1243, $100, GetPid_1243>
		struct_0 <$1244, $100, GetPid_1244>
		struct_0 <$1245, $100, GetPid_1245>
		struct_0 <$1246, $100, \
			  GetPid_1246_OResponseRichtoLeanAverageTimeBankSensor>
		struct_0 <$1247, 0, GetPid_1247>
		struct_0 <$1250, $100, GetPid_1250_MAFFrequencyHz>
		struct_0 <$1255, $100, GetPid_1255>
		struct_0 <$125A, $100, GetPid_125A_InjectorPulseWidthAverageBank>
		struct_0 <$125B, $100, GetPid_125B_InjectorPulseWidthAverageBank>
		struct_0 <$1296, $100, GetPid_1296>
		struct_0 <$12B0, 0, GetPid_12B0>
		struct_0 <$12B1, $100, GetPid_12B1>
		struct_0 <$12B2, 0, GetPid_1324>
		struct_0 <$12B3, 0, GetPid_1324>
		struct_0 <$12B4, 0, GetPid_12B6>
		struct_0 <$12B5, 0, GetPid_12B6>
		struct_0 <$12B6, 0, GetPid_12B6>
		struct_0 <$12B7, 0, GetPid_12B8>
		struct_0 <$12B8, 0, GetPid_12B8>
		struct_0 <$12B9, 0, GetPid_12BD>
		struct_0 <$12BA, 0, GetPid_12BD>
		struct_0 <$12BB, 0, GetPid_12BD>
		struct_0 <$12BC, 0, GetPid_12BD>
		struct_0 <$12BD, 0, GetPid_12BD>
		struct_0 <$12C5, 0, GetPid_12C5_FuelLevelPercentage>
		struct_0 <$12E2, 0, GetPid_12E2>
		struct_0 <$12E3, 0, GetPid_12E3>
		struct_0 <$12EA, 0, GetPid_12EA>
		struct_0 <$12EB, 0, GetPid_12EB>
		struct_0 <$12EE, 0, GetPid_12EE>
		struct_0 <$12EF, 0, GetPid_12EF>
		struct_0 <$12F0, 0, GetPid_12F0>
		struct_0 <$12F3, 0, GetPid_12F3>
		struct_0 <$12F5, $100, GetPid_12F5>
		struct_0 <$12F7, 0, GetPid_12F7>
		struct_0 <$12FF, $100, GetPid_12FF>
		struct_0 <$1300, $100, GetPid_1300>
		struct_0 <$1301, $100, GetPid_1301>
		struct_0 <$130E, $100, GetPid_130E>
		struct_0 <$130F, 0, GetPid_130F>
		struct_0 <$1310, 0, GetPid_1310>
		struct_0 <$1311, 0, GetPid_1311>
		struct_0 <$1312, 0, GetPid_1312>
		struct_0 <$1315, 0, GetPid_1315>
		struct_0 <$1316, 0, GetPid_1316>
		struct_0 <$1317, 0, GetPid_1317>
		struct_0 <$1318, 0, GetPid_1318>
		struct_0 <$1319, 0, GetPid_1319>
		struct_0 <$131A, 0, GetPid_131A>
		struct_0 <$131B, 0, GetPid_131B>
		struct_0 <$131C, 0, GetPid_131C>
		struct_0 <$131D, $100, GetPid_131D>
		struct_0 <$131E, $100, GetPid_131E>
		struct_0 <$131F, $100, GetPid_131F>
		struct_0 <$1321, 0, GetPid_1324>
		struct_0 <$1322, 0, GetPid_1324>
		struct_0 <$1323, 0, GetPid_1324>
		struct_0 <$1324, 0, GetPid_1324>
		struct_0 <$132A, $100, GetPid_132A>
		struct_0 <$132B, $100, GetPid_132B>
		struct_0 <$132C, $100, GetPid_132C>
		struct_0 <$1336, $100, GetPid_1336>
		struct_0 <$1337, $100, GetPid_1337>
		struct_0 <$1338, 0, GetPid_1338>
		struct_0 <$139C, 0, GetPid_139C>
		struct_0 <$139D, $100, GetPid_139D>
		struct_0 <$1481, $100, GetPid_1481>
		struct_0 <$1482, $100, GetPid_1482>
		struct_0 <$1484, $100, GetPid_1484>
		struct_0 <$1485, $100, GetPid_1485>
		struct_0 <$1617, $100, GetPid_1617>
		struct_0 <$1627, $100, GetPid_1627>
		struct_0 <$1628, $100, GetPid_1628>
		struct_0 <$162B, 0, GetPid_162B>
		struct_0 <$163F, 0, GetPid_163F>
		struct_0 <$1900, 0, GetPid_1900>
		struct_0 <$1901, 0, GetPid_1901>
		struct_0 <$1921, 0, GetPid_1921>
		struct_0 <$1922, 0, GetPid_1922>
		struct_0 <$1923, 0, GetPid_1923>
		struct_0 <$1924, 0, GetPid_1924>
		struct_0 <$1925, 0, GetPid_1925>
		struct_0 <$1927, 0, GetPid_1927>
		struct_0 <$1928, 0, GetPid_1928>
		struct_0 <$1929, 0, GetPid_1929>
		struct_0 <$192A, 0, GetPid_192A>
		struct_0 <$192B, $200, GetPid_192B>
		struct_0 <$192D, 0, GetPid_192D>
		struct_0 <$1940, 0, GetPid_1940_TransmissionOilTemperature>
		struct_0 <$1941, $100, GetPid_1941_TransmissionInputShaftSpeed>
		struct_0 <$1942, $100, GetPid_1942_TransmissionOutputShaftSpeed>
		struct_0 <$195D, $100, GetPid_195D>
		struct_0 <$1970, 0, GetPid_1970_TCCPWMDutyCycle>
		struct_0 <$1971, 0, GetPid_1971>
		struct_0 <$1972, 0, GetPid_1972_PCPressureControlSolenoidDutyCycle>
		struct_0 <$1973, 0, GetPid_1973>
		struct_0 <$1975, 0, GetPid_1975>
		struct_0 <$1976, 0, GetPid_1976>
		struct_0 <$1991, $100, GetPid_1991_TCCSlipSpeed>
		struct_0 <$1992, 0, GetPid_1992_TimeofLatestShift>
		struct_0 <$1993, 0, GetPid_1993_TimeofLatestShift>
		struct_0 <$1994, 0, GetPid_1994_TimeofLatestShift>
		struct_0 <$1995, 0, GetPid_1995_TimeofLatestShift>
		struct_0 <$1996, 0, GetPid_1996_ShiftTimeErrorforLatestShift>
		struct_0 <$1997, 0, GetPid_1997_ShiftTimeErrorforShift>
		struct_0 <$1998, 0, GetPid_1998_ShiftTimeErrorforShift>
		struct_0 <$1999, 0, GetPid_1999_ShiftTimeErrorforShift>
		struct_0 <$199A, 0, GetPid_199A>
		struct_0 <$199B, 0, GetPid_199B>
		struct_0 <$199C, 0, \
			  GetPid_199C_CurrentTAPTransmissionAdaptivePressureCell>
		struct_0 <$199D, 0, GetPid_199D_TransmissionPressure>
		struct_0 <$199E, 0, GetPid_199E_PressureControlActualCurrent>
		struct_0 <$199F, 0, GetPid_199F_PressureControlReferenceCircuit>
		struct_0 <$19A0, 0, GetPid_19A0_ShiftDelay>
		struct_0 <$19A1, 0, GetPid_19A1>
		struct_0 <$19AD, 0, GetPid_19AD_TransmissionTempSensor>
		struct_0 <$19D4, $100, GetPid_19D4>
		struct_0 <$19DE, $100, GetPid_19DE>
		struct_0 <$19FF, 0, GetPid_19FF>
		struct_0 <$1A02, $100, GetPid_1A02>
		struct_0 <$1A13, 0, GetPid_1A13>
		struct_0 <$1A88, $100, GetPid_1A88>
		struct_0 <$FC00, 0, GetPid_FC39>
		struct_0 <$FC01, 0, GetPid_FC39>
		struct_0 <$FC02, 0, GetPid_FC39>
		struct_0 <$FC03, 0, GetPid_FC39>
		struct_0 <$FC04, 0, GetPid_FC39>
		struct_0 <$FC05, 0, GetPid_FC39>
		struct_0 <$FC06, 0, GetPid_FC39>
		struct_0 <$FC07, 0, GetPid_FC39>
		struct_0 <$FC08, 0, GetPid_FC39>
		struct_0 <$FC09, 0, GetPid_FC39>
		struct_0 <$FC0A, 0, GetPid_FC39>
		struct_0 <$FC0B, 0, GetPid_FC39>
		struct_0 <$FC0C, 0, GetPid_FC39>
		struct_0 <$FC0D, 0, GetPid_FC39>
		struct_0 <$FC0E, 0, GetPid_FC39>
		struct_0 <$FC0F, 0, GetPid_FC39>
		struct_0 <$FC10, 0, GetPid_FC39>
		struct_0 <$FC11, 0, GetPid_FC39>
		struct_0 <$FC12, $100, GetPid_FC12>
		struct_0 <$FC1C, $100, GetPid_FC1C>
		struct_0 <$FC1E, $100, GetPid_FC1E>
		struct_0 <$FC22, $100, GetPid_FC22>
		struct_0 <$FC24, $100, GetPid_FC24>
		struct_0 <$FC25, $100, GetPid_FC25>
		struct_0 <$FC26, 0, GetPid_FC39>
		struct_0 <$FC27, 0, GetPid_FC39>
		struct_0 <$FC28, 0, GetPid_FC39>
		struct_0 <$FC29, 0, GetPid_FC39>
		struct_0 <$FC2A, 0, GetPid_FC39>
		struct_0 <$FC2B, 0, GetPid_FC39>
		struct_0 <$FC2C, $100, GetPid_FC2C>
		struct_0 <$FC2D, 0, GetPid_FC39>
		struct_0 <$FC2E, 0, GetPid_FC39>
		struct_0 <$FC2F, 0, GetPid_FC39>
		struct_0 <$FC30, $100, GetPid_FC30>
		struct_0 <$FC31, 0, GetPid_FC39>
		struct_0 <$FC32, 0, GetPid_FC39>
		struct_0 <$FC33, 0, GetPid_FC39>
		struct_0 <$FC34, 0, GetPid_FC39>
		struct_0 <$FC35, 0, GetPid_FC39>
		struct_0 <$FC36, 0, GetPid_FC39>
		struct_0 <$FC37, 0, GetPid_FC39>
		struct_0 <$FC38, 0, GetPid_FC39>
		struct_0 <$FC39, 0, GetPid_FC39>
		struct_0 <$FC40, $100, GetPid_FC40>
		struct_0 <$FC41, $100, GetPid_FC41>
		struct_0 <$FC43, $100, GetPid_FC43>
		struct_0 <$FC45, 0, GetPid_FC45>
		struct_0 <$FC46, 0, GetPid_FC46>
		struct_0 <$FC47, 0, GetPid_FC47>
		struct_0 <$FC48, 0, GetPid_FC48>
		struct_0 <$FC4A, $200, GetPid_FC4A>
dword_2C3C:	dc.l $12B20000
		dc.l $12B30100
		

Source: https://github.com/LegacyNsfw/12587603/ ... itized.asm

[antus]

Thats just data in a table form so the code that references it will be have the first address then either walk the list looking for the pid it needs (probably in the handler on the dala link controller DLC receive code) then when its got the right pid the caller will use the function address to jump there for it to do what it needs to gather the response. Then without seeing the code I recon it'll populate a shared response buffer and return for the caller to send the reply.

Its also possible its not a jump table, but a list of RAM locations with the data. Have a look at the addresses the values in the 3rd field point to, and see if its RAM or Code area, as well as at the caller to see if it reads it or jumps to it.

[AngelMarc]

I must have been tired to not think ctrl + F.
Looks like an example of RAM getting put in a register then being referenced elsewhere.

[AngelMarc]

Any comments on hex sequence F82E?
I have at least 4 references to that immediately surrounded by seemingly properly decompiled code.
Example

Code: Select all

        00079c70 67 1e           beq.b      LAB_00079c90
        00079c72 3d 78 a1        move.w     (DAT_ffffa104).w,(local_e,A6)                    = ??
                 04 ff f6
        00079c78 3d 78 a0        move.w     (DAT_ffffa0ca).w,(local_c,A6)                    = ??
                 ca ff f8
        00079c7e 36 39 00        move.w     (DAT_0000875e).l,D3w                             = 001Ah
                 00 87 5e
        00079c84 f8              ??         F8h
        00079c85 2e              ??         2Eh    .
        00079c86 31 40 ff f6     move.w     D0w,(-0xa,A0)
        00079c8a 31 c3 a1 04     move.w     D3w,(DAT_ffffa104).w                             = ??
        00079c8e 60 06           bra.b      LAB_00079c96
                             LAB_00079c90                                    XREF[1]:     00079c70(j)  
        00079c90 31 f8 a0        move.w     (DAT_ffffa0ca).w,(DAT_ffffa104).w                = ??
                 ca a1 04
                             LAB_00079c96                                    XREF[1]:     00079c8e(j)  
        00079c96 34 78 a1 04     movea.w    (DAT_ffffa104).w,A2                              = ??
        00079c9a 31 ca a0 c6     move.w     A2w,(DAT_ffffa0c6).w                             = ??
        00079c9e 31 ca a0 e4     move.w     A2w,(DAT_ffffa0e4).w                             = ??
        00079ca2 31 ca a0 c8     move.w     A2w,(DAT_ffffa0c8).w                             = ??
        00079ca6 31 ca a0 c4     move.w     A2w,(DAT_ffffa0c4).w                             = ??
        00079caa 31 ca a0 c2     move.w     A2w,(DAT_ffffa0c2).w                             = ??
        00079cae 11 fc 00        move.b     #0x1,(DAT_ffffa123).w                            = ??
                 01 a1 23
        00079cb4 60 00 05 7a     bra.w      LAB_0007a230

[antus]

not exactly sure of this answer but I tried ida with the 688332 we normally use and got the same results. So I tried some other similar processors and eventually used the ida MC68xxx universal emulator that includes all opcodes from all variants of the CPU32 and it gave me this:

Code: Select all

ROM:00079C6C                                         loc_79C6C:                              ; CODE XREF: ROM:00079C0A↑j
ROM:00079C6C                                                                                 ; ROM:00079C12↑j ...
ROM:00079C6C 4A38 A123                                               tst.b   ($FFFFA123).w
ROM:00079C70 671E                                                    beq.s   loc_79C90
ROM:00079C72 3D78 A104 FFF6                                          move.w  ($FFFFA104).w,-$A(a6)
ROM:00079C78 3D78 A0CA FFF8                                          move.w  ($FFFFA0CA).w,-8(a6)
ROM:00079C7E 3639 0000 875E                                          move.w  (word_875E).l,d3
ROM:00079C84 F82E 3140 FFF6                                          tblu.w  -$A(a6),d3
ROM:00079C8A 31C3 A104                                               move.w  d3,($FFFFA104).w
ROM:00079C8E 6006                                                    bra.s   loc_79C96

From https://support.dce.felk.cvut.cz/nms/fi ... /c4cpu.pdf (which then goes on to describe the opcodes if you were to look in to defining them in ghidra).
I am going to guess either these are put in this CPU as GM customizations for their version of the chip, or the P59 has a slightly newer processor than the P01 which adds the extra instructions we know that NSFW helped define in ghira as well as these.

Code: Select all

The CPU32 instruction set is summarized in Table 4-2. The instruction set of the
CPU32 is very similar to that of the MC68020. Two new instructions have been added
to facilitate controller applications: low-power stop (LPSTOP) and table lookup and
interpolate (TBLS, TBLSN, TBLU, TBLUN). 

[AngelMarc]

I assume when turbo_v6 instructed to replace certain files, it was to add the tblu and/or other instructions, and I could swear some lines have tblu already.
I'll check for such lines and maybe try a different CPU or something.
EDIT: Hmm, tried 3 other included CPU options. Maybe I need to double check the CP32 file replacement or something.

[antus]

The source for Dzidav8/NSFW's work for the TBLU is here: viewtopic.php?p=104736#p104736
It seems its not working properly or completely even though it is working partially, so needs someone else to improve it and ideally get a patch in to ghidra. Perhaps it's because it's using a linked reference to a6 instead of a direct register. I don't know.