EFIDynoTuning Forum

jsa

BOOSTEDEVERYTHING wrote: ↑2024 Mar 27, 20:48 The other thing that confuses me is that there doesnt seem to be anything to start the next subroutine....
Code: Select all
8f8d6: ad,08              word    8ad
8f8d8: ad,08              word    8ad
8f8da: 5a,11              word   115a
8f8dc: b8,22              word   22b8
8f8de: 5a,11              word   115a
       5a,11,
       00,00        sb3b  R0,R0,[R10++]    R0 = [HSO_IntPend1];
Sorry, This is after adding a word command to the dir file for 8f8d6 8f8de

Not sure what you are referring to as the next subroutine.
No worries adding the word command to visualise what is going on.
To me, the part that is still commanded with a scan as code stands out like a sore thumb as part of the word/structure.

Looking at that part without any commands, a pattern is evident.
Find the code referencing the word 8f8d6 and paste it up here.

Code: Select all

8f8d6: ad,08              word    8ad

8f8d8: ad,08,5a,11        ???   

8f8dc: b8,22              word   22b8

8f8de: 5a,11,5a,11,00,00,5a,11  ???

>>>>>>>> Seems like ther should be a push command or other Subroutine "starter" command, seems to start mid-routine

There can be code stubs, but treating them with great suspicion is the correct approach. More likely to be something else.

jsa

Code: Select all

##SCA 8f951   DID NOT PRODUCE ANY RESULT
##SCA 8f956   DID NOT PRODUCE ANY RESULT

Code: Select all

8f951: ff                 ???   

8f952: 00,00              word      0
8f954: 00,00              word      0

8f956: 00,00,00           ???

What do you think of this?

jsa

Paste the code that references the word at 8f8d6.

Paste the code that show sjmp to 8FB39 is a valid destination.

Cross post with yours, but still valid.
Suss, sorry aussie slang.

jsa

You have noted in DIR that this is suss, but left the command SCA 8f8d8 in place.

Code: Select all

8f8d6: ad,08              word    8ad

8f8d8: ad,08,5a           ldzbw R5a,8            wR5a = 8;
8f8db: 11,b8              clrb  Rb8              Rb8 = 0;
8f8dd: 22,5a              sjmp  8fb39            goto 8fb39;

8f8df: 11                 ???

Why do you think it more likely to be code than more words?

Have you searched for 8f8d6 and f8d6 to find the code referencing the word and determine if it might reference subsequent words?

jsa

Thanks.

Love your enthusiasm, jumping at structures before the code is even sorted. Don't put it in your DIR at this point.
Why do you want to define a 1 byte structure?

Radix is number system base.

RTFM wrote: X <D> 2,10,16 Print radix = bin, decimal, hex X <D>.<D> for decimal places

Now for the minority part of Bank 1, what do you make of this and why?

Code: Select all

1db53: f2,98,74,00,d7,16,a0,ed,48,64,48,48,d3,03,bd,ff  ???  
1db63: 48,88,93,48,d1,06,c0,93,48,91,10,5b,f3,f0  ???

jsa

Thanks for the latest.

DO NOT;
* Command scan on the DATA in bank 1. Bank 1 is primarily data. Scan is for code.
* Command code on the DATA in bank 1. Bank 1 is primarily data. Code is for code.
* Leave latent scan and code commands in your DIR. Delete them if they do not produce valid code.
* Copy and paste duplicates into your DIR.

Put aside your current DIR's and start from a blank empty DIR.txt file. Too many errors added.

Search the LST for ??? to find undisassembled binary.
Add the LU subs outlined below. See if they work before proceeding.
Add scan commands for Banks 0, 8 & 9. Confirm they all work, giving valid code.
Post that DIR, don't add anything else yet.

Lots of scan commands required, do you think it would be easier if you could scan a range that automatically restarted the scan after each return?

This is the first lookup from MSG, SAD has overlooked a number of them.

Code: Select all

sub  82895  "UUYFuncLU_82895"   $ F uuyflu 36

I referred you to the RZASA DIR posted in this thread previously, these are the lookups you can match up with OMAE2.
You can also look at what I did for your EQE3 DIR VS RZASA.

Code: Select all

##### Function Lookup Subroutines: R36 Fn_Addr Reg, R38 Input Reg, R3C output Reg
SUB 92A2E "SLU92A2E_SUYFn"   $ F suyflu 36      # Undiscovered by SAD4.07.16
SUB 92A6C "SLU92A6C_SSYFn"   $ F ssyflu 36      # Undiscovered by SAD4.07.16
SUB 92AAA "SLU92AAA_USYFn"   $ F usyflu 36      # Undiscovered by SAD4.07.16
SUB 92AE8 "SLU92AE8_UUYFn"   $ F uuyflu 36      # Undiscovered by SAD4.07.16
#
SUB 92B26 "SLU92B26_SUWFn"   $ F suwflu 36      # Undiscovered by SAD4.07.16
SUB 92B62 "SLU92B62_SSWFn"   $ F sswflu 36      # Undiscovered by SAD4.07.16
SUB 92B9E "SLU92B9E_USWFn"   $ F uswflu 36      # Undiscovered by SAD4.07.16
SUB 92BDA "SLU92BDA_UUWFn"   $ F uuwflu 36      # Undiscovered by SAD4.07.16
#
SUB 92C16 "SLU92C16_**YFn"   $ F uuyflu 36      # Un/Signed In, Un/Signed Out
#
SUB 92C62 "SLU92C62_**WFn"   $ F uuwflu 36      # Un/Signed In, Un/Signed Out


###### Byte Table Lookup Subroutines: R3C Tb_Addr Reg, R34 Column Input Reg, R36 Row Input Reg
######    R38 Column Quantity Input Reg, R3C Unrounded Output Reg, R3E Rounded Output Reg
SUB 92D8E "SLU92D8E_Y16SYTb"   $F sytlu 3C 38              # Byte Inputs *16, Signed Word Out
SUB 92D93 "SLU92D93_Y16UYTb"   $F uytlu 3C 38              # Byte Inputs *16, Unsigned Word Out
SUB 92DA0 "SLU92DA0_WSYTb"     $F sytlu 3C 38              # Word Inputs, Signed Word Out
SUB 92DA5 "SLU92DA5_WUYTb"     $F uytlu 3C 38              # Word Inputs, Unsigned Word Out
#
SUB 92DF3 "SLU92DF3_yTb.Interpolate"          # Interpolate 4 byte cells to find Control Value Pass 1 & 2
SUB 92DF7 "SLU92DF7_yTb.Interpolate"          # Interpolate 4 byte cells to find Control Value Pass 3


###### Word Table Lookup Subroutines: R3C Tb_Addr Reg, R34 Column Input Reg, R36 Row Input Reg
######    R38 Column Quantity Input Reg, R3E Output Reg
SUB 92E33 "SLU92E33_Y16SWTb"   $F swtlu 3C 38              # Byte Inputs *16, Signed Word Out
SUB 92E38 "SLU92E38_Y16UWTb"   $F uwtlu 3C 38              # Byte Inputs *16, Unsigned Word Out
SUB 92E45 "SLU92E45_WSWTb"     $F swtlu 3C 38              # Word Inputs, Signed Word Out
SUB 92E4A "SLU92E4A_WUWTb"     $F uwtlu 3C 38              # Word Inputs, Unsigned Word Out
#
SUB 92E8E "SLU92E8E_wTb.Interpolate"           # Interpolate 4 word cells to find Control Value

From this screen grab, you can see they match off RZASA 92a2e <> OMAE2 826AD.
Put the lookup subs in OMAE2 dir and change/rename the addresses.

Looking at your previous example and the comments from the rzasa LU dir commands above;

Code: Select all

07bc2: a1,ae,54,36        ldw   R36,54ae         TMP2L = FN070C;                  # Function address R36
07bc6: a0,95,38           ldw   R38,R194         TMP3L = N_RPM;                   # Input Reg R38
07bc9: 10,08              rombk 8
07bcb: ef,8b,ac           call  82859            Sub_82859 ();                    # Fn Lookup Subroutine
07bce: a0,3c,34           ldw   R34,R3c          TMP1L = TMP5L;                   # Table column input R34 = Function Out R3C
07bd1: af,e8,60,2a        ldzbw R2a,[Re8+60]     TEMP3L = ACPRES;
07bd5: a1,20,94,36        ldw   R36,9420         TMP2L = 9420;                    # Function address R36
07bd9: a0,2a,38           ldw   R38,R2a          TMP3L = TEMP3L;                  # Input Reg R38 = ACPRES
07bdc: 10,08              rombk 8
07bde: ef,78,ac           call  82859            Sub_82859 ();                    # Fn Lookup Subroutine
07be1: c0,36,3c           stw   R3c,R36          TMP2L = TMP5L;                   # Table row input R36 = Function Out R3C
07be4: ad,06,38           ldzbw R38,6            TMP3L = 6;                       # Table column count
07be7: 45,b4,10,fe,3c     ad3w  R3c,Rfe,10b4     TMP5L = Table_193fc;             # Table address
07bec: 10,08              rombk 8
07bee: ef,31,ae           call  82a22            UYTabLU_82a22 ();                # Tb Lookup Subroutine
07bf1: 08,02,3c           shrw  R3c,2            TMP5L >>= 2; }                   # Unrounded table output R3C>>=2
07bf4: c3,e2,64,3c        stw   R3c,[Re2+64]     [112e4] = TMP5L;                 # Store result to RAM

Ponder the above, we can get deeper into how Fn and Tb sizes can be worked out after you do the scan and LU DIR.

jsa

BOOSTEDEVERYTHING wrote: ↑2024 Mar 26, 10:06 Ok. No problem. I will drop down to the next line with my SCA command and see how that goes first.

Scan stops when it hits a return. So yes another scan command is needed to start it off again. Request, of tvrfan, the scan command works over a range if you think that would help. That way scan starts anew after the return.

Another question I have is determining Table and func sizes.....How exactly would I do that? LOL

Make sure all the lookup subs are being captured by SAD. If not add the lot to DIR. Quite likely to be similar to RZASA.

Start with the function sizes first.

I have a bunch of sections like this, and I am not sure how to determine where the start and end would be

.
Functions start with ff / ff,ff / 7f / 7f,ff input column top value and descend to 00 / 00,00 / 80 / 80,00. Can you identify which of those are un/signed? Pretty easy to eyeball the pattern with out knowing much else.

I found a nice chart posted in the writeups section for how to add hex to a start address to find end address, but would there be an easier way to do this?

Get lookups defined in dir. Make sure all code is disassembled. Then SAD will get more for you automatically.

Manually, use a Hex calculator.

And also how do I know which size to apply to the func or table?

The code will tell. More on that later.
Where you at with scan and code?
What about lookups?

Rough eyeball disassembly...

Code: Select all

Table_193fc:
193fc: 06,06,07,07,09,09  table   6,   6,   7,   7,   9,   9
19402: 06,06,07,07,09,09  table   6,   6,   7,   7,   9,   9
19408: 06,06,07,07,09,09  table   6,   6,   7,   7,   9,   9
1940e: 06,06,07,07,09,09  table   6,   6,   7,   7,   9,   9
19414: 06,06,07,07,09,09  table   6,   6,   7,   7,   9,   9
1941a: 06,06,07,07,09,09  table   6,   6,   7,   7,   9,   9

Function

Code: Select all

19420: ff,ff,00,00,00,00  table 255, 255,   0,   0,   0,   0
19426: 00,00,00,00,00,00  table   0,   0,   0,   0,   0,   0
1942c: 00,00,00,00,00,00  table   0,   0,   0,   0,   0,   0
19432: 00,00,00,00,00,00  table   0,   0,   0,   0,   0,   0
19438: 00,00,00,00,

May/not be a function. Need the bin at hand to confirm.

Code: Select all
ff,ff  table   0,   0,   0,   0,

Could be a table or could be a structure or could be scalars or...

Code: Select all

255, 255
1943e: fe,b4,00,02,fe,b4  table 254, 180,   0,   2, 254, 180
19444: 80,01,ee,9c,40,01  table 128,   1, 238, 156,  64,   1
1944a: 3b,8f,00,01,00,80  table  59, 143,   0,   1,   0, 128
19450: c0,00,1b,6f,80,00  table 192,   0,  27, 111, 128,   0
19456: c1,5a,00,00,00,00  table 193,  90,   0,   0,   0,   0
1945c: 66,66,28,50,20,20  table 102, 102,  40,  80,  32,  32
19462: 10,10,20,20,10,ff  table  16,  16,  32,  32,  16, 255
19468: f2,de,43,d9,c0,1b  table 242, 222,  67, 217, 192,  27
1946e: f9,80,3e,f8,9f,c6  table 249, 128,  62, 248, 159, 198
19474: ec,33,b5,33,4b,0a  table 236,  51, 181,  51,  75,  10
1947a: 0a,01,cd,00,00,ff  table  10,   1, 205,   0,   0, 255
19480: 00,64,64,00,01,ff  table   0, 100, 100,   0,   1, 255
19486: 40,01,00,03,01,ff  table  64,   1,   0,   3,   1, 255
1948c: 33,13,5f,5f,09,ff  table  51,  19,  95,  95,   9, 255
19492: 00,ff,01,ff,ec,0e  table   0, 255,   1, 255, 236,  14
19498: f4,01,e8,03,00,0a  table 244,   1, 232,   3,   0,  10
1949e: 00,1e,3d,0c,71,10  table   0,  30,  61,  12, 113,  16
194a4: f4,01,e8,03,3d,0c  table 244,   1, 232,   3,  61,  12
194aa: 00,0f,bf,02,01,ff  table   0,  15, 191,   2,   1, 255
194b0: 6d,5a,6d,57,64,45  table 109,  90, 109,  87, 100,  69
194b6: 52,41,46,00,46,00  table  82,  65,  70,   0,  70,   0
194bc: 46,00,46,ff,01,ff  table  70,   0,  70, 255,   1, 255
194c2: 00,80,ff,fb,ff,ff  table   0, 128, 255, 251, 255, 255
194c8: 00,14,00,14,00,14  table   0,  20,   0,  20,   0,  20
194ce: a2,a2,a2,ff,00,f5  table 162, 162, 162, 255,   0, 245
194d4: 80,0c,00,0f,00,64  table 128,  12,   0,  15,   0, 100
194da: c0,12,60,3b,96,00  table 192,  18,  96,  59, 150,   0
194e0: 00,14,00,14,a2,a2  table   0,  20,   0,  20, 162, 162
194e6: 7f,70,5a,60,3c,50  table 127, 112,  90,  96,  60,  80
194ec: 00,10,f6,00,80,00  table   0,  16, 246,   0, 128,   0
194f2: 80,00,80,00,ff,7f  table 128,   0, 128,   0, 255, 127
194f8: 00,07,00,19,00,07  table   0,   7,   0,  25,   0,   7
194fe: 88,ff,00,05,e0,fc  table 136, 255,   0,   5, 224, 252
19504: 00,03,c0,f9,00,02  table   0,   3, 192, 249,   0,   2
1950a: 00,e7,00,01,00,ce  table   0, 231,   0,   1,   0, 206
19510: 00,00,00,80,00,00  table   0,   0,   0, 128,   0,   0

Here is the table I found. Would be awesome if I had a tool where I could select the table or func and the size and enter the start address and it figured the end address for me, Is there a way to make something in a spreadsheet or something to do that?

You could do something in excel. I'd get SAD to do a better job then use a hex calculator where needed.

jsa

Use code as a last resort.

There can be good reasons for scan deciding not to decode. Valid code may not be generated. Branches might jump to an operand.

jsa

Yes first step is to get all the code disassembled.

Yes SAD can miss a lot of code.

Decipha's dir reflects what was required for the version of SAD used at the time. Change it or start afresh as you wish, both ways get to the same result.

jsa

Really old SAD did not have scan IIRC or error checking, so not surprising for an old DIR.

EFIDynoTuning Forum

Search found 274 matches

Re: EEC V file conversion

Re: EEC V file conversion

Re: EEC V file conversion

Re: EEC V file conversion

Re: EEC V file conversion

Re: EEC V file conversion

Re: EEC V file conversion

Re: EEC V file conversion

Re: EEC V file conversion

Re: EEC V file conversion