how is disassembly done?

[gibbo]

Howdy,
Just wondering what the deal is with disassembly, is this reverse engineering the memcal chip code?
Once you get the the files is this where the definition files come from?

[VL400]

Yep, reverse engineering the code. The bin file that you burn to the memcal is compiled machine code, the disassembly or decompiling takes it back to assembly language so its readable by humans. The original code was written in assembly. Disassembly is the easy bit, figuring out what the code does to make a definition is the hard task. But, its also possible to then make the code relocatable and add in new routines and functions that the factory did not include - such as writing to the NVRAM using ALDL. Attached is a tutorial on how to disassemble and compile a bin, i am unsure of the original author but it was one of the guys from http://www.thirdgen.org



Sorry for the formatting, but here is an example of what you get after disassembly...

Code: Select all

JT2R4:	ldaa	L01B0
	beq	LD29F
	bset	*L005E,#0x40
	ldx	#0x01BE
LD297:	ldab	0x00,x
	stab	0x0D,x
	inx	
	deca	
	bne	LD297
LD29F:	rts	

Then figure out what the code does and add some comments...

Code: Select all

	;**********************************************
	;
	;	    Mode 4 - Controller Mode
	;
	;     Moves Rx'd Bytes To Mode 4 Controller 
	;              Address Locations
	;
	;**********************************************
JT2R4:	ldaa	L01B0			; Serial Data Message Length
	beq	LD29F			; If Message Length = 0 then Branch
					; Else...
	bset	*L005E,#0x40		; Set Mode 4 Flag
	ldx	#L01BE			; Rx Buffer
					; 
	; ---------------------------------------------------
	; -- Move Data From Buffer To Mode 4 Control Words --
	; ---------------------------------------------------
LD297:	ldab	0x00,x			; Load AccB With Byte From Rx Buffer [0x01BE to ]
	stab	0x0D,x			; Save It In Mode 4 ALDL Control Word [0x01CB to ]
	inx				; Increment Buffer Address
	deca				; Decrement Number Of Bytes
	bne	LD297			; If Not == 0 Then Branch And Do Next Byte
					; Else...
LD29F:	rts				; Return To Caller
					; 
	;**********************************************

Do that for 30000 lines and you have commented source code

[Holden202T]

[delcowizzid]

unless you live breath and are powered by a delco like VL400 is its pretty much gobble de gook i did once get a bin to dissasemble with his help but thats as far as i ever got with it

[yoda69]

I agree with delcowizzid, does my head in entirely.
I normally try looking through the data section of the bin looking for anything obvious that appears to be a repetitive pattern.
Currently trying to use Excel to graph 2 calibrations to visually see differences between calibrations, while a compare with Tunerpro gives a list, without an xdf it doesn't identify what the changes are likely to be.
Comparing HSV and standard V8 typically shows differences to spark maps and fuelling, unless off course the HSV ones are offset.
Have been having bit of a look at the VT V6 N/A and S/C files, surprisingly not as different as I would have expected.
Once I get the macro sorted for Charting in Excel I will post up here if anybody is interested.

[delcowizzid]

most of the xdf's ive ever made have been with 2d or 3d data veiwer in tunerpro its easy to find the tables for spark etc harder finding constants and flags.least once a file is dissasembled you can spot tables in the dissasembly pretty easy assembler is definitly not something you learn in a few months thats for sure took me a week to get one to dissasemble i have done heaps of and its still a huge learning curve it is one thing ide love to be able to do thats for sure

[gibbo]

I agree with you !