For 52680018 ROM:

The RPM calc subroutine is at 0x12E00. Its very similar to the rpm calc subroutine in the Evo 8/9 ROM. There's some additional stuff towards the end of the subroutine that is not in the Evo 8/9 subroutine.

2-byte RPM RAM addr: 0x808746
2-byte RPM/2 RAM addr: 0x80874C
1-byte RPM RAM addr: 0x80874E

 

Sorry for my ignorance, but did someone pull the program from the rom using something like a jtag programmer? I'd like a copy of the program code if anyone is willing to provide it

 

2nd

 

Thanks for this part .. that means 0x808D76 / 78 are also 1 byte RPM addresses ?

Or for that matter everything referenced in that subroutine is RPM specific ??

Good to have you working on this finally !! .. I've been in front of the brick wall for a while now ..

 

76/78 are time per revolution. There are some RAM flags and probably other stuff as well. Sort of skimming through things right now. :-)

Hope I can make some useful contributions.

 

Found the MUT table!

0x3EA64 (52680018 ROM)

The 1-byte and 2-byte RPM values line up at the exact same MUT addresses as in the Evo 8/9 ROM. I'll bet that most other things line up the same as well. Should be very helpful in finding key variables.

Working on a definition for ECUFlash now...

Woot Woot. Now we're cookin'.

EDIT: Here are ECUFlash defs for the MUT table

** For the XXXXXXXX.xml file:

<table name="MUT Table" address="3ea64">
<table name="X"/>
<table name="Y"/>
</table>


** For the evo10base.xml file:

<scaling name="MUT32" units="hex" toexpr="x" frexpr="x" format="%06X" min="0" max="1e+08" inc="1" storagetype="uint32" endian="big"/>

<table name="MUT Table" category="MUT" type="3D" level="2" scaling="MUT32">
<table name="X" type="Static X Axis" elements="16" scaling="Hex32">
<data>0</data>
<data>1</data>
<data>2</data>
<data>3</data>
<data>4</data>
<data>5</data>
<data>6</data>
<data>7</data>
<data>8</data>
<data>9</data>
<data>A</data>
<data>B</data>
<data>C</data>
<data>D</data>
<data>E</data>
<data>F</data>
</table>
<table name="Y" type="Static Y Axis" elements="30">
<data>MUT0X</data>
<data>MUT1X</data>
<data>MUT2X</data>
<data>MUT3X</data>
<data>MUT4X</data>
<data>MUT5X</data>
<data>MUT6X</data>
<data>MUT7X</data>
<data>MUT8X</data>
<data>MUT9X</data>
<data>MUTAX</data>
<data>MUTBX</data>
<data>MUTCX</data>
<data>MUTDX</data>
<data>MUTEX</data>
<data>MUTFX</data>
<data>MUT10X</data>
<data>MUT11X</data>
<data>MUT12X</data>
<data>MUT13X</data>
<data>MUT14X</data>
<data>MUT15X</data>
<data>MUT16X</data>
<data>MUT17X</data>
<data>MUT18X</data>
<data>MUT19X</data>
<data>MUT1AX</data>
<data>MUT1BX</data>
<data>MUT1CX</data>
<data>MUT1DX</data>
</table>
</table>

 

Very nice mrfred!

Where do I ship the beers to?

 

Do you think the Evo X ROM will also contain the tables for the SAWC (ACD + AYC)?

 

wuts a mut table ???

 

I'll drink them whenever I get down to the Bay Area. :-)

Probably not. It likely that a separate computer controls them.

 

Pretty much everything I'm checking in the MUT table is lining up exactly with the Evo 8/9 MUT table, so this will be a good landmark to find key variables in each of the Evo X variants.

 

coolant temp scaled: 0x80863E
IAT scaled: 0x808658
MAT scaled(?): 0x80865E

Working on MAP sensor, load, and TPS. These seem to be handled differently than in the Evo 8/9 ROM.

 

An updated copy of the 2008 USDM Evo X GSR ECU pinout is attached. There were a few errors in the copy someone posted in another thread.

 

Sweet!

Some questions:

MAT sensor? Manifold Absolute Temp?

Also, where is the EGR control?
What is the "rail switch"?

Any idea what info is sent via the data link, and what across CAN?

 

Manifold air temperature.

Interesting question about EGR control. In looking at the FSM, it appears that there is no EGR system. Cool.

Rail switch: don't know yet.

CAN data: All communications data, e.g., diagnostics, read/write ROM.