EEC V file conversion

All hardware related, disassembly / programming and code discussions belong here.
jsa
Posts: 437
Joined: 2021 Feb 16, 15:46
Location: Australia
Vehicle Information: 95 Escort RS Cosworth
2.0 YBP
CARD / QUIK / COSY / ANTI
GHAJ0
SMD-190 / SMD-490 EEC-IV

Binary Editor
ForDiag

Re: EEC V file conversion

Unread post by jsa »

Thanks for the updated files.

You could try Ghidra for digging around exe and dll.
https://ghidra-sre.org/

Usb sniffer or packet capture would allow looking at usb traffic.

The QH gives access to all of the ECU, so what is to be gained from the diagnostic subset??
jsa
Posts: 437
Joined: 2021 Feb 16, 15:46
Location: Australia
Vehicle Information: 95 Escort RS Cosworth
2.0 YBP
CARD / QUIK / COSY / ANTI
GHAJ0
SMD-190 / SMD-490 EEC-IV

Binary Editor
ForDiag

Re: EEC V file conversion

Unread post by jsa »

Rfe is an rbase, you can likely find the value it holds in your msg file or you could look in lst for where Rfe is loaded with a value.

Look at code preceding your pasted snippet for where r26 is loaded with a value. An rbase could be set over a range but the jump bit will foil the plan due to +8 vs +8+2.
BOOSTEDEVERYTHING
Posts: 427
Joined: 2023 Sep 06, 13:11
Location: Charlotte NC , USA
Vehicle Information: 1999 Ford Ranger with 2000 Explorer v8 swap, FLN0
2003 Ford F150 Harley Davidson, Built 5.4L SOHC with 3.4L Whipple and Built 4R100

Re: EEC V file conversion

Unread post by BOOSTEDEVERYTHING »

The QH gives access to all of the ECU, so what is to be gained from the diagnostic subset??
I guess nothing really there. I was just thinking about the active commands section to activate outputs from tunerpro maybe for diagnostic purposes I guess. I think that the addressing may be in the vehicle build file possibly. Not sure. A lot of the xml files seem to point to a vbf file.
Look at code preceding your pasted snippet for where r26 is loaded with a value. An rbase could be set over a range but the jump bit will foil the plan due to +8 vs +8+2.
I will see what I can track down here. I do have Rfe defined in my lst file, not sure why SAD is not applying the value in this SUB. May be a bug I guess.
BOOSTEDEVERYTHING
Posts: 427
Joined: 2023 Sep 06, 13:11
Location: Charlotte NC , USA
Vehicle Information: 1999 Ford Ranger with 2000 Explorer v8 swap, FLN0
2003 Ford F150 Harley Davidson, Built 5.4L SOHC with 3.4L Whipple and Built 4R100

Re: EEC V file conversion

Unread post by BOOSTEDEVERYTHING »

Looks like it loads word 12a7, which is also GR_DS_TV, should I be looking at this subroutine without the label on the 12a7 address and as a value instead?


Code: Select all

 Sxx92128_RZA082DA:
92128: f2                 pushp                  push(PSW);
92129: a1,a7,12,26        ldw   R26,12a7         TEMP1L = GR_DS_TV;
9212d: a1,2a,00,28        ldw   R28,2a           TEMP2L = 2a;
92131: 10,08              rombk 8
92133: ef,4f,b9           call  8da85            Sxx8DA85_RZA8E908 ();
92136: 11,3c              clrb  R3c              TMP5L = 0;
92138: 01,26              clrw  R26              TEMP1L = 0;
9213a: b3,01,21,01,30     ldb   R30,[R0+121]     TEMP6L = TP_REL_H;
9213f: b3,e4,10,31        ldb   R31,[Re4+10]     TEMP6H = VSBART_RT;
92143: 37,b0,18           jnb   B7,Rb0,9215e     if (FLG_SFT_IN = 1)  {
92146: b3,fd,80,10,46     ldb   R46,[Rfc+1080]   TMP0L = [16db2];
9214b: 30,46,04           jnb   B0,R46,92152     if (B0_TMP0L = 1)  {
9214e: b3,e4,32,30        ldb   R30,[Re4+32]     TEMP6L = [112b2]; }
92152: b3,fd,81,10,46     ldb   R46,[Rfc+1081]   TMP0L = [16db3];
92157: 30,46,04           jnb   B0,R46,9215e     if (B0_TMP0L = 1)  {
9215a: b3,e4,15,31        ldb   R31,[Re4+15]     TEMP6H = [11295]; } }
9215e: 39,2a,11           jb    B1,R2a,92172     if (B1_TEMP3L = 0)  {
92161: 3a,2a,10           jb    B2,R2a,92174     if (B2_TEMP3L = 1) goto 92174;
92164: 3b,2a,30           jb    B3,R2a,92197     if (B3_TEMP3L = 1) goto 92197;
92167: 3c,2a,02           jb    B4,R2a,9216c     if (B4_TEMP3L = 0)  {
9216a: 22,56              sjmp  923c2            goto 923c2; }
More like this? But instead of 12a7 add 8 to it to equal 12af?

Code: Select all

92197: 65,08,00,26        ad2w  R26,8            TEMP1L += 8;
9219b: 3d,ad,04           jb    B5,Rad,921a2     if (FLG_SFT_UP = 0)  {
9219e: 65,02,00,26        ad2w  R26,2            TEMP1L += 2; } } } }
921a2: 45,6e,92,26,32     ad3w  R32,R26,926e     TEMP7L = 12a7 + 926e;
921a7: 46,32,fe,36        ad3w  R36,Rfe,[R32]    TMP2L = 1723e + [TEMP7L];
921ab: b0,30,38           ldb   R38,R30          TMP3L = TEMP6L;
921ae: 91,10,a5           orb   Ra5,10           SIGNDY = 1;
921b1: ef,a9,26           call  9485d            SLU9485D_92C16_**YFn ();
921b4: c7,e4,2a,3c        stb   R3c,[Re4+2a]     TV_RAMP = TMP5L;
jsa
Posts: 437
Joined: 2021 Feb 16, 15:46
Location: Australia
Vehicle Information: 95 Escort RS Cosworth
2.0 YBP
CARD / QUIK / COSY / ANTI
GHAJ0
SMD-190 / SMD-490 EEC-IV

Binary Editor
ForDiag

Re: EEC V file conversion

Unread post by jsa »

From your pasted example, it could be 12af or 12b1, depends on B5_Rad.

Add a couple lines to your comment file for the sum results of both.

Questioning your example, R26 is loaded with 0.

Code: Select all

92138: 01,26              clrw  R26              TEMP1L = 0;
In this case it's 8 or a.
BOOSTEDEVERYTHING
Posts: 427
Joined: 2023 Sep 06, 13:11
Location: Charlotte NC , USA
Vehicle Information: 1999 Ford Ranger with 2000 Explorer v8 swap, FLN0
2003 Ford F150 Harley Davidson, Built 5.4L SOHC with 3.4L Whipple and Built 4R100

Re: EEC V file conversion

Unread post by BOOSTEDEVERYTHING »

Missed when it cleared the word value, sorry about that. So it should be 8 or a depending on the result in b5_Rad then? Just to clear it up. So then I would add 8 to 926e to equal 9276 or a to 926e to equal 124ee than add the RBase value of 1723e to either of those results to find what is loaded into Tmp2l?

like this?

Code: Select all

92197: 65,08,00,26        ad2w  R26,8            TEMP1L(0) += 8;     =8
9219b: 3d,ad,04           jb    B5,Rad,921a2     if (FLG_SFT_UP = 0)  {
9219e: 65,02,00,26        ad2w  R26,2            TEMP1L (0)+= 2; } } } }    =2
921a2: 45,6e,92,26,32     ad3w  R32,R26,926e     TEMP7L = 8 + 926e;  = s.0x09276   or   a + 926e  =  s.0x09280
921a7: 46,32,fe,36        ad3w  R36,Rfe,[R32]    TMP2L = 1723e + [TEMP7L];  s.0x09276 + 1723e = s.0x204b4  or  s.0x09280 + 1723e = s.0x204be 
But I feel like that would be incorrect, because of the results? Because there is no s.0x204be? So what am I doing wrong? Sorry if these are stupid questions. Or maybe the RBase value in Rfe is not correct?
jsa
Posts: 437
Joined: 2021 Feb 16, 15:46
Location: Australia
Vehicle Information: 95 Escort RS Cosworth
2.0 YBP
CARD / QUIK / COSY / ANTI
GHAJ0
SMD-190 / SMD-490 EEC-IV

Binary Editor
ForDiag

Re: EEC V file conversion

Unread post by jsa »

Two things appear to be tripping you up.
Address mode for line 921a7, what do you make of that?
Data bank, once memory expansion is enabled and the data bank is set, which commands automatically get data from which bank?
BOOSTEDEVERYTHING
Posts: 427
Joined: 2023 Sep 06, 13:11
Location: Charlotte NC , USA
Vehicle Information: 1999 Ford Ranger with 2000 Explorer v8 swap, FLN0
2003 Ford F150 Harley Davidson, Built 5.4L SOHC with 3.4L Whipple and Built 4R100

Re: EEC V file conversion

Unread post by BOOSTEDEVERYTHING »

The address mode is indirect. But I need to read up on what that means in this case. Also need to read up on memory expansion a bit more.
jsa
Posts: 437
Joined: 2021 Feb 16, 15:46
Location: Australia
Vehicle Information: 95 Escort RS Cosworth
2.0 YBP
CARD / QUIK / COSY / ANTI
GHAJ0
SMD-190 / SMD-490 EEC-IV

Binary Editor
ForDiag

Re: EEC V file conversion

Unread post by jsa »

Ok, read up, post back if it still doesn't make sense.
jsa
Posts: 437
Joined: 2021 Feb 16, 15:46
Location: Australia
Vehicle Information: 95 Escort RS Cosworth
2.0 YBP
CARD / QUIK / COSY / ANTI
GHAJ0
SMD-190 / SMD-490 EEC-IV

Binary Editor
ForDiag

Re: EEC V file conversion

Unread post by jsa »

Did you get this?

Code: Select all

926e + 8 = [9276]

19276: c8,13              word  

1723e + 13c8 = 18606


926e + 2 = [9270]

19270: a4,13              word  

1723e + 13a4 = 185e2

Something like this could go in CMT

Code: Select all

92197 # 0x08
9219E # 0x02
921A2 # [19276] \s19276\n
921A2 # [19270] \s19270
921A7 # [18606] \s18606\n
921A7 # [185E2] \s185E2
Post Reply