Page 1 of 1
how is disassembly done?
Posted: Sat Aug 15, 2009 2:29 pm
by gibbo
Howdy,
Just wondering what the deal is with disassembly, is this reverse engineering the memcal chip code?
Once you get the the files is this where the definition files come from?
Re: how is disassembly done?
Posted: Sat Aug 15, 2009 3:03 pm
by VL400
Yep, reverse engineering the code. The bin file that you burn to the memcal is compiled machine code, the disassembly or decompiling takes it back to assembly language so its readable by humans. The original code was written in assembly. Disassembly is the easy bit, figuring out what the code does to make a definition is the hard task. But, its also possible to then make the code relocatable and add in new routines and functions that the factory did not include - such as writing to the NVRAM using ALDL. Attached is a tutorial on how to disassemble and compile a bin, i am unsure of the original author but it was one of the guys from
http://www.thirdgen.org
Sorry for the formatting, but here is an example of what you get after disassembly...
Code: Select all
JT2R4: ldaa L01B0
beq LD29F
bset *L005E,#0x40
ldx #0x01BE
LD297: ldab 0x00,x
stab 0x0D,x
inx
deca
bne LD297
LD29F: rts
Then figure out what the code does and add some comments...
Code: Select all
;**********************************************
;
; Mode 4 - Controller Mode
;
; Moves Rx'd Bytes To Mode 4 Controller
; Address Locations
;
;**********************************************
JT2R4: ldaa L01B0 ; Serial Data Message Length
beq LD29F ; If Message Length = 0 then Branch
; Else...
bset *L005E,#0x40 ; Set Mode 4 Flag
ldx #L01BE ; Rx Buffer
;
; ---------------------------------------------------
; -- Move Data From Buffer To Mode 4 Control Words --
; ---------------------------------------------------
LD297: ldab 0x00,x ; Load AccB With Byte From Rx Buffer [0x01BE to ]
stab 0x0D,x ; Save It In Mode 4 ALDL Control Word [0x01CB to ]
inx ; Increment Buffer Address
deca ; Decrement Number Of Bytes
bne LD297 ; If Not == 0 Then Branch And Do Next Byte
; Else...
LD29F: rts ; Return To Caller
;
;**********************************************
Do that for 30000 lines and you have commented source code
Re: how is disassembly done?
Posted: Sat Aug 15, 2009 11:19 pm
by Holden202T
Re: how is disassembly done?
Posted: Sun Aug 16, 2009 11:54 am
by delcowizzid
unless you live breath and are powered by a delco like VL400 is its pretty much gobble de gook i did once get a bin to dissasemble with his help but thats as far as i ever got with it
Re: how is disassembly done?
Posted: Sun Aug 16, 2009 12:46 pm
by yoda69
I agree with delcowizzid, does my head in entirely.
I normally try looking through the data section of the bin looking for anything obvious that appears to be a repetitive pattern.
Currently trying to use Excel to graph 2 calibrations to visually see differences between calibrations, while a compare with Tunerpro gives a list, without an xdf it doesn't identify what the changes are likely to be.
Comparing HSV and standard V8 typically shows differences to spark maps and fuelling, unless off course the HSV ones are offset.
Have been having bit of a look at the VT V6 N/A and S/C files, surprisingly not as different as I would have expected.
Once I get the macro sorted for Charting in Excel I will post up here if anybody is interested.
Re: how is disassembly done?
Posted: Sun Aug 16, 2009 12:58 pm
by delcowizzid
most of the xdf's ive ever made have been with 2d or 3d data veiwer in tunerpro its easy to find the tables for spark etc harder finding constants and flags.least once a file is dissasembled you can spot tables in the dissasembly pretty easy assembler is definitly not something you learn in a few months thats for sure took me a week to get one to dissasemble i have done heaps of
and its still a huge learning curve it is one thing ide love to be able to do thats for sure
Re: how is disassembly done?
Posted: Sun Aug 16, 2009 2:15 pm
by gibbo
