status of 2 byte load?
I have been trying to patch the 2byte load into my rom, I am a newb at this type of stuff. I was looking at jcsbanks instructions for the 94170008 rom and tried to apply them to my rom using comparisons of the dumps. My ecu id is 94170014 and the one in beginning of thread shows an example of 94170008
I dumped both roms to compare them based on the address that jcsbanks said to alter in the rom and tried to find the equivalent in my rom. Cant say I am not trying at least lol.
I see this for 94170008
0x00008062: 0xE001 mov #0x01, r0
0x00008064: 0x81E6 mov.w r0, @(0x00C, r14)
0x00008066: 0xEA14 mov #0x14, r10
and I see this for 94170014
0x00008062: 0xE001 mov #0x01, r0
0x00008064: 0x81E6 mov.w r0, @(0x00C, r14)
0x00008066: 0xEA14 mov #0x14, r10
So does this mean the address locations are the same for 2byte load for these roms. I have never done anything like this before(IT admin for comcast lol) so excuse my noobiness when it comes to this stuff. If someone with knowledge on this can give me a small push in the right direction please
I dumped both roms to compare them based on the address that jcsbanks said to alter in the rom and tried to find the equivalent in my rom. Cant say I am not trying at least lol.
I see this for 94170008
0x00008062: 0xE001 mov #0x01, r0
0x00008064: 0x81E6 mov.w r0, @(0x00C, r14)
0x00008066: 0xEA14 mov #0x14, r10
and I see this for 94170014
0x00008062: 0xE001 mov #0x01, r0
0x00008064: 0x81E6 mov.w r0, @(0x00C, r14)
0x00008066: 0xEA14 mov #0x14, r10
So does this mean the address locations are the same for 2byte load for these roms. I have never done anything like this before(IT admin for comcast lol) so excuse my noobiness when it comes to this stuff. If someone with knowledge on this can give me a small push in the right direction please
Posted by JCSBANKS
What I did on my IX was to change request ID 00 and 01 to point to the high and low bytes of load, and then log them in Evoscan - scaling is the same as load is on the fuel and timing maps. Below I list a how-to for 94170008:
Using ECUflash you can make a 1D table that alters addresses &H38062 and &H38066. The data type is UINT16. The memory address of load in 94170008 is FFFF895C. So we need to make &H38062 to be &H895C (DECIMAL 35164) and &H38066 to be &H895D (DECIMAL 35165). UINT16 is decimal in ECUflash, so we make &H38062 to be decimal 35164 and &H38066 to be 35165.
88590013/885900014:
&H3EE66=decimal 27458
&H3EE6A=decimal 27459
88590015:
&H3EE86=decimal 27458
&H3EE8A=decimal 27459
What I did on my IX was to change request ID 00 and 01 to point to the high and low bytes of load, and then log them in Evoscan - scaling is the same as load is on the fuel and timing maps. Below I list a how-to for 94170008:
Using ECUflash you can make a 1D table that alters addresses &H38062 and &H38066. The data type is UINT16. The memory address of load in 94170008 is FFFF895C. So we need to make &H38062 to be &H895C (DECIMAL 35164) and &H38066 to be &H895D (DECIMAL 35165). UINT16 is decimal in ECUflash, so we make &H38062 to be decimal 35164 and &H38066 to be 35165.
88590013/885900014:
&H3EE66=decimal 27458
&H3EE6A=decimal 27459
88590015:
&H3EE86=decimal 27458
&H3EE8A=decimal 27459
0x38062 and 0x38066 not 0x8062 and 0x8066.
Don't worry about what "code" is there, these are just pointers into memory, they should be something like 0xXXYY (and the previous 2 bytes will be 0xFFFF)
Just compare your 2 bytes @ 0x38062 and 0x38066 in your ROM to the 2 bytes in the 94170008 ROM, if they are the same then there is a good chance you can just change them to what jcs has done...
Don't worry about what "code" is there, these are just pointers into memory, they should be something like 0xXXYY (and the previous 2 bytes will be 0xFFFF)
Just compare your 2 bytes @ 0x38062 and 0x38066 in your ROM to the 2 bytes in the 94170008 ROM, if they are the same then there is a good chance you can just change them to what jcs has done...
OK this is what i have for my rom which is 94170014
0x00038062: 0x68F6 mov.l @r15+, r8
0x00038064: 0x62F6 mov.l @r15+, r2
0x00038066: 0x61F6 mov.l @r15+, r1
and versus 94170008
0x00038062: 0x8BAA bf 0x00037FBA
0x00038064: 0xFFFF unrecognized
0x00038066: 0x895C bt 0x00038122
should I just look for something in my rom with previous 2 bytes of 0xffff?
0x00038062: 0x68F6 mov.l @r15+, r8
0x00038064: 0x62F6 mov.l @r15+, r2
0x00038066: 0x61F6 mov.l @r15+, r1
and versus 94170008
0x00038062: 0x8BAA bf 0x00037FBA
0x00038064: 0xFFFF unrecognized
0x00038066: 0x895C bt 0x00038122
should I just look for something in my rom with previous 2 bytes of 0xffff?
Ok this is the only thing I could find in my rom that had 0xffff as previous 2 bytes did a search thru entire rom dump so I would assume this is it.
0x00038156: 0xFFFF unrecognized
0x00038158: 0xFFFF unrecognized
0x0003815A: 0x888F cmp/eq #0x8F, r0
0x0003815C: 0xFFFF unrecognized
0x0003815E: 0x888E cmp/eq #0x8E, r0
0x00038156: 0xFFFF unrecognized
0x00038158: 0xFFFF unrecognized
0x0003815A: 0x888F cmp/eq #0x8F, r0
0x0003815C: 0xFFFF unrecognized
0x0003815E: 0x888E cmp/eq #0x8E, r0
What your looking for is a matching string of data, not the same location.. As revisions are made, some of the code and data gets shifted around.
So if you can match a string of hex digits between two different Roms, if its a perfect match for a huge block of digits, the odds are the location has been offset. I frequently have to do this to find maps in new roms.
Its like finding a landmark such as McDonalds in an unfamiliar town, once you find the Landmark, you can order the same Big Mac..
So if you can match a string of hex digits between two different Roms, if its a perfect match for a huge block of digits, the odds are the location has been offset. I frequently have to do this to find maps in new roms.
Its like finding a landmark such as McDonalds in an unfamiliar town, once you find the Landmark, you can order the same Big Mac..
What your looking for is a matching string of data, not the same location.. As revisions are made, some of the code and data gets shifted around.
So if you can match a string of hex digits between two different Roms, if its a perfect match for a huge block of digits, the odds are the location has been offset. I frequently have to do this to find maps in new roms.
Its like finding a landmark such as McDonalds in an unfamiliar town, once you find the Landmark, you can order the same Big Mac..
So if you can match a string of hex digits between two different Roms, if its a perfect match for a huge block of digits, the odds are the location has been offset. I frequently have to do this to find maps in new roms.
Its like finding a landmark such as McDonalds in an unfamiliar town, once you find the Landmark, you can order the same Big Mac..
Thread Starter
EvoM Guru
iTrader: (50)
Joined: Mar 2006
Posts: 9,675
Likes: 132
From: Tri-Cities, WA // Portland, OR
