EvolutionM - Mitsubishi Lancer and Lancer Evolution Community

Notices
ECU Flash

Write new code?

   
Old Mar 12, 2009, 09:53 PM
  #1  
Evolving Member
Thread Starter
iTrader: (4)
 
Deepnine's Avatar
 
Join Date: Apr 2008
Location: Germany
Posts: 186
Likes: 0
Received 0 Likes on 0 Posts
Write new code?
Hi,

my changes on the ecu were just small. I compiled them by myself with the controller manual and writing bits on paper. It was just a few bytes.

But how can i write lager sections of code and compile it? eg. complete new subroutines. Is there a assembler tool out there?

for windows, but if linux is needed, i will figure it out.

thx Jan
Deepnine is offline  
Reply Like
Old Mar 12, 2009, 11:10 PM
  #2  
Evolved Member
 
acamus's Avatar
 
Join Date: Mar 2008
Location: Lattitude 48.38°, Longitude 17.58°, Altitude 146m = Slovakia, for common dude
Posts: 730
Likes: 0
Received 2 Likes on 2 Posts
Hey Jan,

I think you are searching for this thread ...
Last edited by acamus; Mar 12, 2009 at 11:13 PM.
acamus is offline  
Reply Like
Old Mar 12, 2009, 11:43 PM
  #3  
EvoM Guru
iTrader: (6)
 
tephra's Avatar
 
Join Date: Feb 2007
Location: Melbourne, Australia
Posts: 9,486
Received 66 Likes on 42 Posts
GNU-as

get binutils and compile it so you can assemble sh2e code

then have a script to RIP the "code" from the .hex file and patch it into your ROM...

pretty complicated for the first time, but once you "get" it its easy
tephra is offline  
Reply Like
Old Mar 13, 2009, 05:49 AM
  #4  
Evolved Member
iTrader: (2)
 
logic's Avatar
 
Join Date: Apr 2003
Location: Berkeley, CA
Posts: 1,022
Likes: 0
Received 5 Likes on 4 Posts
This is pretty Linux-specific (although should work for Windows guys with Cygwin), but I slapped a quick script (wiki page, see pcrel_filter.sh) that can usually convert IDA's output into something that "just compiles". with the GNU assembler. On the wiki page, I've got a couple of suggestions for streamlining the process of hex->IDA->assembly->hex a bit.

That being said, I don't do this stuff on a regular basis like mrfred and tephra, so consider that a starting point. Updates to that wiki page are very welcome if you have any workflow suggestions!

(Edit: whoops, I didn't see that acamus had already linked to my old thread on getting started with this stuff. I'll hush up now. )
logic is offline  
Reply Like
Old Mar 13, 2009, 05:57 AM
  #5  
Evolved Member
 
jcsbanks's Avatar
 
Join Date: May 2006
Location: UK
Posts: 2,399
Likes: 0
Received 5 Likes on 4 Posts
I use KPIT Cummins binutils to produce a hex file. I have a batch file I run that assembles and links to produce the hex file. Then I use a hex editor to copy and paste the code. Then I reload the altered ROM into IDA to check for problems before testing on the car or in Lauterbach simsh. Renesas also have a simulator you can download if you register, but it isn't like IDA in terms of the disassembly. However, you can make a panel of switches and LEDs on the screen that can reflect memory contents as you run the simulated code. Not tried this though.
jcsbanks is offline  
Reply Like
Old Mar 13, 2009, 10:26 AM
  #6  
Evolving Member
iTrader: (7)
 
evoredy's Avatar
 
Join Date: Apr 2008
Location: San Jose, CA
Posts: 341
Received 3 Likes on 2 Posts
Originally Posted by jcsbanks
I use KPIT Cummins binutils to produce a hex file. I have a batch file I run that assembles and links to produce the hex file. Then I use a hex editor to copy and paste the code. Then I reload the altered ROM into IDA to check for problems before testing on the car or in Lauterbach simsh. Renesas also have a simulator you can download if you register, but it isn't like IDA in terms of the disassembly. However, you can make a panel of switches and LEDs on the screen that can reflect memory contents as you run the simulated code. Not tried this though.
+10000

i use the KPIT stuff too. its great and free. you just have to rip some assembler related header info and end-of-file info to get the rom the right size--with a hex editor. i'm a little lazy, but you may be able to disable that stuff with the switches/not sure.

i use ida to export the ASM code in GNU SH mode after have created my markers or disassembled what i need. then i use notepad or any text editor to add in my code/mods/etc. i think KPIT now supports SHASM/but not sure.

its good to explore the rom with all the information thats available to "find your way around." i am looking for a good simulator/i will have time to think about it for a while in a month or so heh.

lol it becomes second nature after a few times like tephra said.

always check your work in IDA or whatever. you will find errors/misalignments/etc due to overlooking as i have many times in the beginning.

most of all have fun.
evoredy is offline  
Reply Like
Old Mar 13, 2009, 10:57 AM
  #7  
Evolved Member
iTrader: (9)
 
derekste's Avatar
 
Join Date: Nov 2006
Location: Aurora, IL
Posts: 818
Likes: 0
Received 0 Likes on 0 Posts
been meaning to get into this for a while... put my comp sci degree to use, etc, etc. subscribed for further motivation!
derekste is offline  
Reply Like

Trending Topics

Old Mar 13, 2009, 12:46 PM
  #8  
Evolved Member
iTrader: (2)
 
logic's Avatar
 
Join Date: Apr 2003
Location: Berkeley, CA
Posts: 1,022
Likes: 0
Received 5 Likes on 4 Posts
My biggest complaint (that I brought up at the end of that other thread) is that I've never been able to get gas to deal properly with the PC-relative references that IDA spits out in it's gas-compatible mode; it either gets the offset length wrong by one or two bytes, or just chokes entirely thinking the offset is too far (which is just a symptom of the offset being wrong). I'm convinced gas is tracking the program counter correctly (as evidenced by the non-relative form generating the correct code), but it's getting the offset wrong when dealing with pc-relative addresses.

Arguably, instead of outputting pc-relative references (with labels in the comments), IDA should probably just output label-based address references directly. It's just more sane to work with; relative references all have to be changed as soon as you change the code. And those comments IDA sprinkles everywhere are obsolete almost immediately upon being written to disk.

That silly little awk script I whipped up to filter out pcrel addressing works (and does some necessary other stuff as well), but I'd love to figure out what the real problem is. I'm obviously missing something.

(evoredy: I've never spent any time with getting gas to recognize shasm-formatted code; any pointers to concrete information on that would be greatly appreciated.)
logic is offline  
Reply Like
Old Mar 13, 2009, 01:54 PM
  #9  
Evolved Member
 
jcsbanks's Avatar
 
Join Date: May 2006
Location: UK
Posts: 2,399
Likes: 0
Received 5 Likes on 4 Posts
I have recently combined my four assembly files into one. The code is too big to put all the variables in one place, so I've split them. Maybe with some elegant section naming I could avoid the _ and __ in front of duplicate labels, but it works like this and is easier to put together. Apart from a few nops to stop the DMA being killed and the vectors being set, this is my entire code that runs three interrupt vectors, intercepting MUT E0, E1 or E2 from the serial port interrupt and feeding them to my routines, or else returning to the usual serial port interrupt. There is also a DMA end interrupt serviced here, and a transmit end. Plus my own logic/variables to keep track of the seqeuence for my new protocols - an initial DMA transfer of a long address and a word length, followed by the receive or transmit DMA sequences for map data or logging the MUT table. Does quite a bit in not too much code. The main bugs I had to kill were keeping track of when I'd moved variables between versions. Enjoy or weep as per your preference ...

I also show the code as hex in Ecuflash.

Code:
RXI0:
  add     #-4, r15
  sts.l   pr, @-r15
  mov.l   r14, @-r15
  mov     r15, r14
  sts.l   macl, @-r15
  sts.l   mach, @-r15
  mov.l   r10, @-r15
  mov.l   r11, @-r15
  mov.l   r12, @-r15
  mov.l   r13, @-r15
  mov.l   r3, @-r15
  mov.l   r4, @-r15
  mov.l   r5, @-r15
  mov.l   r6, @-r15
  mov.l   r7, @-r15
  mov.l   r0, @-r15

  mov.l (int_disable),r10
  jsr @r10
  nop             

mov.l (RDR0),r10
mov.b @r10,r10
extu.b r10,r10
mov.w (E0),r3
cmp/hs r3,r10
bf exitformut
mov.w (E2),r3
cmp/hi r3,r10
bt exitformut
mov.l   (bit7allowslogging), r0
mov.w   @r0, r0
tst     #0x80, r0
bt      exitformut
mov.l   (mutorobd), r0
mov.w   @r0, r0
tst     #0x80, r0
bt      exitformut
mov.l   (receive_transmit_status_bits), r0
mov.w   @r0, r0
tst     #0x80, r0
bf      exitformut

brE012:
mov.l (DMAOPFLAG2),r11
mov.l r10,@r11
mov #0,r0
mov.l (counter1),r10
mov.w r0,@r10
mov #0xfffffffc,r0
mov.l (CHCR3),r10
mov.l @r10,r10
and r0,r10
mov.l (CHCR3),r11
mov.l r10,@r11
mov.l (RDR0),r0
mov.l (SAR3),r11
mov.l r0,@r11
mov.l (DMAread),r0
mov.l (DAR3),r11
mov.l r0,@r11
mov #6,r0
mov.l (DMATCR3),r11
mov.l r0,@r11
mov #0x37,r0
mov.l (DMAOPFLAG),r10
mov.l r0,@r10
mov.l (SSR0),r10
mov.b @r10,r0
and #0x87,r0
mov.b r0,@r10
mov.l (DMA3CONFIGread),r0
mov.l (CHCR3),r10
mov.l r0,@r10
  mov.l (int_enable),r10
  jsr @r10
  nop
bra exit
nop

exitformut:
  mov.l (int_enable),r10
  jsr @r10
  nop
mov.l (serialreceivewithoutdma),r10
jsr @r10
nop

exit:
  mov.l   @r15+, r0
  mov.l   @r15+, r7
  mov.l   @r15+, r6
  mov.l   @r15+, r5
  mov.l   @r15+, r4
  mov.l   @r15+, r3
  mov.l   @r15+, r13
  mov.l   @r15+, r12
  mov.l   @r15+, r11
  mov.l   @r15+, r10
  lds.l   @r15+, mach
  lds.l   @r15+, macl
  mov.l   @r15+, r14
  lds.l   @r15+, pr
  add     #4, r15
  rte
  nop


.align 2
int_disable:
.long 0x400
int_enable:
.long 0x41e
serialreceivewithoutdma:
.long 0xe32a /*TO BE CHANGED FOR EACH ROM*/
bit7allowslogging:
.long 0xffff6fea /*TO BE CHANGED FOR EACH ROM*/
mutorobd:
.long 0xffff6fb2 /*TO BE CHANGED FOR EACH ROM*/
receive_transmit_status_bits:
.long 0xffff6fe6 /*TO BE CHANGED FOR EACH ROM*/
counter1:
.long 0xffff7054 /*TO BE CHANGED FOR EACH ROM*/
SAR3:
.long 0xffffecf0
DAR3:
.long 0xffffecf4
DMATCR3:
.long 0xffffecf8
CHCR3:
.long 0xffffecfc
DMA3CONFIGread:
.long 0x20105
SSR0:
.long 0xfffff004
RDR0:
.long 0xfffff005
DMAOPFLAG:
.long 0xffff8480
DMAOPFLAG2:
.long 0xffff8484
DMAread:
.long 0xffff8488
E0:
.word 0xE0
E2:
.word 0xE2

/*--------------------------------*/
.align 4
DMAEND:
sts.l pr,@-r15
mov.l r0,@-r15
mov.l r10,@-r15
mov.l (_int_disable),r10
jsr @r10
nop

mov #0xfffffffc,r0
mov.l (_CHCR3),r10
mov.l @r10,r10
and r10,r0
mov.l (_CHCR3),r10
mov.l r0,@r10

mov.l (_DMAOPFLAG2),r0
mov.l @r0,r0
mov #1,r10
cmp/eq r10,r0
bt brwrite
nop
mov.w (_E0),r10
cmp/eq r10,r0
bt brE0
nop
mov.w (_E1),r10
cmp/eq r10,r0
bt brE1
nop
mov.w (_E2),r10
cmp/eq r10,r0
bt brE2
nop
bra TEIEinvade
nop

brwrite:
mov.l (_SSR0),r10
mov.b @r10,r0
tst #4,r0
bf TEIEinvade
nop

mov.w (_SCR0_CLRTIE_SETTEIE),r0
mov.l (_SCR0),r10
mov.b r0,@r10

mov.l (_int_enable),r10
jsr @r10
nop
mov.l @r15+,r10
mov.l @r15+,r0
lds.l @r15+,pr
rte
nop

brE0:
mov #1,r0
mov.l (_DMAOPFLAG2),r10
mov.l r0,@r10
mov.l (_DMAaddress),r0
mov.l @r0,r0
mov.l (_SAR3),r10
mov.l r0,@r10
mov.l (_TDR0),r0
mov.l (_DAR3),r10
mov.l r0,@r10
mov.l (_DMAlength),r0
mov.w @r0,r0
mov.l (_DMATCR3),r10
mov.l r0,@r10
mov #0x37,r0
mov.l (_DMAOPFLAG),r10
mov.l r0,@r10
mov.w (_SCR0_CLRRE_SETTIE),r0
mov.l (_SCR0),r10
mov.b r0,@r10
mov.l (_DMA3CONFIGwriteindirect),r0
mov.l (_CHCR3),r10
mov.l r0,@r10
mov.l (_int_enable),r10
jsr @r10
nop
mov.l @r15+,r10
mov.l @r15+,r0
lds.l @r15+,pr
rte
nop

brE1:
mov #1,r0
mov.l (_DMAOPFLAG2),r10
mov.l r0,@r10
mov.l (_DMAaddress),r0
mov.l @r0,r0
mov.l (_SAR3),r10
mov.l r0,@r10
mov.l (_TDR0),r0
mov.l (_DAR3),r10
mov.l r0,@r10
mov.l (_DMAlength),r0
mov.w @r0,r0
mov.l (_DMATCR3),r10
mov.l r0,@r10
mov #0x37,r0
mov.l (_DMAOPFLAG),r10
mov.l r0,@r10
mov.w (_SCR0_CLRRE_SETTIE),r0
mov.l (_SCR0),r10
mov.b r0,@r10
mov.l (_DMA3CONFIGwritedirect),r0
mov.l (_CHCR3),r10
mov.l r0,@r10
mov.l (_int_enable),r10
jsr @r10
nop
mov.l @r15+,r10
mov.l @r15+,r0
lds.l @r15+,pr
rte
nop

brE2:
mov #2,r0
mov.l (_DMAOPFLAG2),r10
mov.l r0,@r10
mov.l (_RDR0),r0
mov.l (_SAR3),r10
mov.l r0,@r10
mov.l (_DMAaddress),r0
mov.l @r0,r0
mov.l (_DAR3),r10
mov.l r0,@r10
mov.l (_DMAlength),r0
mov.w @r0,r0
mov.l (_DMATCR3),r10
mov.l r0,@r10
mov #0x37,r0
mov.l (_DMAOPFLAG),r10
mov.l r0,@r10
mov.l (_SSR0),r10
mov.b @r10,r0
and #0x87,r0
mov.b r0,@r10
mov.l (_DMA3CONFIGread),r0
mov.l (_CHCR3),r10
mov.l r0,@r10
mov.l r0,@r10
mov.l (_int_enable),r10
jsr @r10
nop
mov.l @r15+,r10
mov.l @r15+,r0
lds.l @r15+,pr
rte
nop

.align 4
TEIE:
sts.l pr,@-r15
mov.l r0,@-r15
mov.l r10,@-r15
mov.l (_int_disable),r10
jsr @r10
nop
TEIEinvade:
mov #0,r0
mov.l (_DMAOPFLAG),r10
mov.l r0,@r10
mov.w (_SCR0_SETRE_CLRTEIE),r0
mov.l (_SCR0),r10
mov.b r0,@r10

mov.l (_SSR0),r10
mov.b @r10,r0
and #0x87,r0
mov.b r0,@r10

mov.l (_int_enable),r10
jsr @r10
nop
mov.l @r15+,r10
mov.l @r15+,r0
lds.l @r15+,pr
rte
nop

.align 2

_SAR3:
.long 0xffffecf0
_DAR3:
.long 0xffffecf4
_DMATCR3:
.long 0xffffecf8
_CHCR3:
.long 0xffffecfc

_SCR0:
.long 0xfffff002
_TDR0:
.long 0xfffff003
_SSR0:
.long 0xfffff004
_RDR0:
.long 0xfffff005

_DMA3CONFIGwriteindirect:
.long 0x10011005
_DMA3CONFIGwritedirect:
.long 0x11005
_DMA3CONFIGread:
.long 0x20105

_DMAOPFLAG:
.long 0xffff8480
_DMAOPFLAG2:
.long 0xffff8484
_DMAaddress:
.long 0xffff8488
_DMAlength:
.long 0xffff848c

_int_disable:
.long 0x400
_int_enable:
.long 0x41e

_E0:
.word 0xE0
_E1:
.word 0xE1
_E2:
.word 0xE2

_SCR0_CLRTIE_SETTEIE:
.word 0x24
_SCR0_SETRE_CLRTEIE:
.word 0x70
_SCR0_CLRRE_SETTIE:
.word 0xa0

/*--------------------------------*/
.align 4
COPY:
sts.l pr,@-r15
mov.l r0,@-r15
mov.l r1,@-r15
mov.l r2,@-r15
mov.l r10,@-r15
mov.l r11,@-r15

mov.w (DEADval),r0
mov.l (DEADloc),r1
mov.w @r1,r1
cmp/eq r1,r0
bt TIMEOUT
nop

mov.l (ROM),r10
mov.l (RAM),r11
mov.l (LENGTH),r1
mov #0,r0
loop:
mov.l @(r0,r10),r2
mov.l r2,@(r0,r11)
add #4,r0
cmp/hs r1,r0
bf loop
nop

TIMEOUT:
mov.l (__int_disable),r10
jsr @r10
nop

mov.l (__bit7allowslogging),r10
mov.w @r10,r0
tst #0x80,r0
bf __exit
nop

mov #0xfffffffc,r0
mov.l (__CHCR3),r10
mov.l @r10,r10
and r10,r0
mov.l (__CHCR3),r10
mov.l r0,@r10

mov #0,r0
mov.l (__DMAOPFLAG),r10
mov.l r0,@r10

__exit:
mov.l (__int_enable),r10
jsr @r10
nop
mov.l @r15+,r11
mov.l @r15+,r10
mov.l @r15+,r2
mov.l @r15+,r1
mov.l @r15+,r0
lds.l @r15+,pr

mov.l (tephra),r10
jmp @r10
nop

.align 2
DEADloc:
.long 0xffff841c
__CHCR3:
.long 0xffffecfc
__DMAOPFLAG:
.long 0xffff8480
__bit7allowslogging: /*CHANGE FOR EACH ROM*/
.long 0xffff6fea
__int_disable:
.long 0x400
__int_enable:
.long 0x41e
tephra: /*CHANGE FOR 256K ECUS*/
.long 0x48000
ROM:
.long 0x37b00
RAM:
.long 0xFFFF8500
LENGTH:
.long 0x800
DEADval:
.word 0xDEAD
Attached Thumbnails Write new code?-hex.png  
Last edited by jcsbanks; Mar 13, 2009 at 01:58 PM.
jcsbanks is offline  
Reply Like
Old Mar 13, 2009, 10:26 PM
  #10  
Evolved Member
iTrader: (22)
 
codgi's Avatar
 
Join Date: Aug 2004
Location: Seattle, WA
Posts: 2,491
Received 41 Likes on 37 Posts
Originally Posted by derekste
been meaning to get into this for a while... put my comp sci degree to use, etc, etc. subscribed for further motivation!
Sounds like work to me . I've been slacking for a while on this stuff but i guess i don't want to do similiar things at work and at home.
codgi is offline  
Reply Like
Old Mar 19, 2009, 04:46 AM
  #11  
Evolving Member
Thread Starter
iTrader: (4)
 
Deepnine's Avatar
 
Join Date: Apr 2008
Location: Germany
Posts: 186
Likes: 0
Received 0 Likes on 0 Posts
I downloaded the Kpit stuff, but i am total lost.

its so different than any other coding i have done before.

Can someone describe the steps (not in detail, but what tools to use), how to get from ida disassembly to a new hex file.
Deepnine is offline  
Reply Like
Old Mar 19, 2009, 04:47 AM
  #12  
EvoM Guru
iTrader: (6)
 
tephra's Avatar
 
Join Date: Feb 2007
Location: Melbourne, Australia
Posts: 9,486
Received 66 Likes on 42 Posts
i could help you out with gnu-as but not kpit
tephra is offline  
Reply Like
Old Mar 19, 2009, 04:48 AM
  #13  
Evolving Member
Thread Starter
iTrader: (4)
 
Deepnine's Avatar
 
Join Date: Apr 2008
Location: Germany
Posts: 186
Likes: 0
Received 0 Likes on 0 Posts
I take what i get. :-)
Deepnine is offline  
Reply Like
Old Mar 19, 2009, 03:59 PM
  #14  
Evolving Member
Thread Starter
iTrader: (4)
 
Deepnine's Avatar
 
Join Date: Apr 2008
Location: Germany
Posts: 186
Likes: 0
Received 0 Likes on 0 Posts
I still don't understand it, but when thinking about it, two problems came across my mind:

1.) When your write new assembler code, do you have to write the whole relative adressing stuff by yourself? Do i have to count all things relative to programm counter?
e.g. mov.l @(8,pc), r0 ! [000197AC] = sub_1A29A
the @(8,pc), is there a mechanism to automate it?

2.) what tool do i use (gnu-as or kpit) to assemble from source code to the bin file? i even can't find the program. next problem how to use it, i thing i can fugure it out.
Deepnine is offline  
Reply Like
Old Mar 19, 2009, 04:04 PM
  #15  
Evolving Member
Thread Starter
iTrader: (4)
 
Deepnine's Avatar
 
Join Date: Apr 2008
Location: Germany
Posts: 186
Likes: 0
Received 0 Likes on 0 Posts
problem #2 is solved, after i read my post. gnu-as = gnu assembler.
I should have thought what as meant.

Can someone give me a hint about the command line syntax?
Deepnine is offline  
Reply Like

Thread Tools
Search this Thread
Search this Thread:

Advanced Search

Advanced Search
Quick Reply: Write new code?


Reply Closed Thread Share

All times are GMT -7. The time now is 10:27 AM.