1st disassembly Code $3E from US 1227730

Disassembly, Reassembly, Tools and devleopment. Going deep with Hardware and Software.
miloman
Posts: 33
Joined: Tue Oct 13, 2009 6:01 pm
cars: vn holden

Re: 1st disassembly Code $3E from US 1227730

Post by miloman »

I was trying my hand at one of the 128k bin files but dhc11 didnt seem to like it, said it was too big.
ida didnt seem to have any problem with it i attached the disassembled bin , is this done properly?
Attachments
CDWA 3957full.rar
(109.62 KiB) Downloaded 421 times
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: 1st disassembly Code $3E from US 1227730

Post by antus »

nah, thats not right... use ram size 400, load offset of 400, load length FFC0 for the lower bank, and the same for the high bank, but file offset of 10400.

if you want it to find the code properly (or better) copy the lowest 32k in to the high bank first, so it is disassembled twice, as that is the context the processor sees when it bank swaps (common lower 32k, different high 32k) in a 64k address space.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
miloman
Posts: 33
Joined: Tue Oct 13, 2009 6:01 pm
cars: vn holden

Re: 1st disassembly Code $3E from US 1227730

Post by miloman »

Ok tried what you said if i understood about the copying part then these should be right?
Attachments
CDWA 3957(high,low).rar
(147.86 KiB) Downloaded 454 times
Last edited by miloman on Thu Oct 22, 2009 12:31 pm, edited 1 time in total.
dimedriver
Posts: 7
Joined: Sun Oct 18, 2009 7:29 am
cars: 71' Datsun 510
74' Datsun 620

Re: 1st disassembly Code $3E from US 1227730

Post by dimedriver »

VL400, thanks for the 3rd gen link it should be very helpful.


Gonzo, I have read that post on furyworld it was what lead me to look into the GM ecu's. I usually play around with Nissan ecu's with which there are only a hand full of hardware versions and most of the time only the tables changes for each engine. Most of this work is already done and people are just starting to mod the code for real time type stuff. The $8d was my 1st choice and If I was building a new intake I would run that with TPI. But it seems that I can get this all bolted on this old nissan engine faster if I do TBI.

It simple really, for TBI I just make a carb/tbi adapter plate(really easy).
For TPI I need to make an entire Manifold.

I realize that the 1227727/7730 is only capable of batch fire and the $8d might be made to work with TBI, but where is the fun in that?

-dime
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: 1st disassembly Code $3E from US 1227730

Post by antus »

yeah that looks right. if you want to take it a step further as far as editing and assembling goes then you can split it up by hand in to multiple source files and have a common include file with the memory location definitions for both banks. This way if you move anything around and reassemble both banks will see the change. i havnt found a quick way to do this yet, i took the memory section from the bank that was the most populated and inserted the other location tags by hand. Thats only really usefull if you intend to hack the code and not just find and edit tables anyway.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
miloman
Posts: 33
Joined: Tue Oct 13, 2009 6:01 pm
cars: vn holden

Re: 1st disassembly Code $3E from US 1227730

Post by miloman »

think i will just look for tables and things atm till ive got a bit more of an idea of what i am doing
dimedriver
Posts: 7
Joined: Sun Oct 18, 2009 7:29 am
cars: 71' Datsun 510
74' Datsun 620

Re: 1st disassembly Code $3E from US 1227730

Post by dimedriver »

I think im making good progress. Im at the point now where Im pretty sure I have found all the code and will start attempting to re-assemble to double check my work.

I also want to get some ALDL streams from the code to help with commenting after I get the assembly working. I do not have a memcal that goes with this mask. If burn it to a prom chip and plug that into the memcal that I have in my 7730 will it freak out or possible act normal? I will be doing this on a Bench set up. Not in a car or on a running engine. Just a bench with some potentiometers and stuff to simulate inputs.

Please remember this is my 1st experience with GM ECM stuff. My understanding of the memcal is that as long as you don't trigger limp home mode while running a different code mask the ECU will function normally. Is this true?


-Dime
User avatar
VL400
Posts: 4991
Joined: Sun Mar 01, 2009 2:54 pm
cars: VL Calais and Toyota Landcruiser. Plus some toys :)
Location: Perth, WA
Contact:

Re: 1st disassembly Code $3E from US 1227730

Post by VL400 »

dimedriver wrote:I also want to get some ALDL streams from the code to help with commenting after I get the assembly working.
Def a good starting point, it really helps if you can decode the data stream first.
dimedriver wrote: I do not have a memcal that goes with this mask. If burn it to a prom chip and plug that into the memcal that I have in my 7730 will it freak out or possible act normal? I will be doing this on a Bench set up. Not in a car or on a running engine. Just a bench with some potentiometers and stuff to simulate inputs.
Yeah that should be fine, if you have a memcal with the 7730 ECM that you dont need (but has a different mask) just erase it and burn the $3E bin to it.


When simulating inputs on the bench beware of things doing weird stuff, its easy to generate stuck or open inputs which may effect the output thats in the data stream. The TPS for instance may default to using a table of known values if the ECM detects an error.
dimedriver
Posts: 7
Joined: Sun Oct 18, 2009 7:29 am
cars: 71' Datsun 510
74' Datsun 620

Re: 1st disassembly Code $3E from US 1227730

Post by dimedriver »

I got the disassembly assembling! :punk:

bigscreen dewADDT # md5sum STARTADD.BIN MyADDT.bin
3a70c95c77d176878e9224d76c539f4d STARTADD.BIN
3a70c95c77d176878e9224d76c539f4d MyADDT.bin

I also found a link that lists some addresses used for the I/O routines in $8D. This should lead me to build a list of I/O register addresses.
http://www.thirdgen.org/techboard/diy-p ... ssing.html

I booted the ECU on the bench today and Got TunerPro to connect to it. Using one of the V8 ADS files. Mask it currently has is "ATSP". I pulled it from a "W" Body car. I think it was the 3.1 or 2.8 I can't remember. What is the best software to use to just capture dumps. Most/all of the commands from TunerPro RT didn't work, but I could see things like battery voltage and such. I guess after looking at the dumps I can start building ADS files for TunerPro.

I will probably buy the MegaSqirt stimulator or what ever they call it to make a better test bed.
http://www.diyautotune.com/catalog/jims ... p-174.html
Looks like it simulate the ignition signal needed for the ECU. This should make testing quite fun.

-Dime
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: 1st disassembly Code $3E from US 1227730

Post by antus »

good to hear you got it going! a couple of things to watch out for if you start modifying the code:

1) data disassembled as code. it re-assembles fine, but might be using a memory location instead of raw data. then when you move something else the 'code' might update to follow the change, and corrupt the data.

2) lots of places use address lookups, which the disassembler cant follow. If you move stuff around these address tables might not be updated to match. you can fix this by hand and replace the address with a label, but all of them will need to be found (in addition to getting all the code/data types right) before you can make big modifications like moving data out of the way to extend tables.

Im thinking some of this labeling could probably be achieved with ida scripts. if you find or create any that help automate the process be sure to post them here :)
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
Post Reply