Ive just been going through the How to tune an evo tutorial and it is a very informative thread, well done again,
but my request is for one of the people who are able to read and understand the rom code to write if possible a similar tutorial for IDA pro and give individuals the know how to find things like 2 byte load or rpm in their rom and not be relying on others all the time to put so much work into disassembling so many roms,
I dont need the know how to be able to write or patch a rom but just the basics of what to look for,
for things like the high baud rate, I have a JDM rom 93660005 and not much work has been carried out with it so I am at a bit of a disadvantage as I dont have 2 byte load or the high baud rate,
If someone could share the know how I would find the addresses myself,

 

1) get idapro/install/load
2) cancel the wizard
3) drag your ROM into IDA
4) in the instruction set drop down choose SH4B (about 3 pageup's from the default)
5) hit OK
6) say you want to create a memory segment, I use 0xffff0000 and 0xffff as the start and length respectivley (thats incorrect but works fine)
7) hit OK - you should be presented with lots of lines of HEX
8) goto 0000 (keyboard G and then 0000)
9) press keyboard D 3 times, should convert that into a long number
10) double click on that new reference - should jump you to the location
11) press C
12) wait
13) wait
14) code has been converted from machine binary into assembly
15) knock yourself out!
16) use your XML as a reference to define things, I use keyboard X a lot to bring up references to the current selected object..

ps I'll post up RPM/2byte load for you tommorow!

 

fair play nice one Tephra cheers

 

i hope thats right - it was from memory lol

 

Awesome.

I am guessing that you need the full version of IDA pro and not the freeware version?

 

After that, open ECUflash, locate the address of a map, say Hi Octane Fuel, then use the G key in IDA to jump to that location in IDA, you'll have to scroll up a couple of lines to find the start of the map header, it'll say something like unk_4369 Rename it by right click rename to something readable, I tend to keep the address in as well, HioctFuel_4369.

MB

 

well I followed the instructions and was able to disassemble the rom,
but now it trying to figure out whats what in there,
its not easy,

 

no - you can use other peoples disassmblies as a start, most of the code "looks" the same - same flow etc etc...

 

I dont understand step 6.

Why not just use the defaults?

 

because IDA doesn't automatically create a memory segment - it just doesn't know what the memory locations are... so you need to tell it

 

Good god, $500 bucks for the full version!? damn, any way around this? My next goal is baby steps with disassembly but I am not gonna drop 500 big ones on that.

 

^^ its a "pro" tool so you have to pay "pro" prices. There are other nefarious ways get the software if you know where to look...but obviously since my livelihood comes from software i don't condone it .

 

Been searching, not having the best of luck finding a full version so far

 

Sadly, I cant get past this. I got the 5.0.0.879 version and I dragged my rom into IDA but have no idea what to do next to start breaking it down. Where the heck do I find the SH4B??

 

When you drag it in it should pop up with a box called "Load new file".

In there there is a field called "Processor type" and it defaults to "Intel 80x86 processors: metapc" - change that to "Hitachi: SH4B"