SAD 806x Disassembler

Disassembly, Programming, Coding, Assembly, Binary information and all hacking discussions belong here.

Re: SAD 806x Disassembler

Unread postby Pym » Wed Mar 28, 2018 3:33 pm

decipha wrote:the vid block is pretty useless for disaasembly, what info do u need about the vid block?

For disassembly, it permits to show decoded values for the related places, but main thing is to get whole information on related binary in one click, before disassembling.
An example of text output header :
Code: Select all
║                   Binary File :                                   S6x file :                                         ║
║                   EECV MLF 4G7 USES KHAI8AU 0 3FFFF.bin    EECV MLF 4G7 USES KHAI8AU 0 3FFFF.s6x                     ║
║                             262144 (40000) bytes                                                                     ║
║                               KHAI8(AU) Strategy                             Part Number 98BBAAE                     ║
║                                      VIN XK89772                                         PATS 00                     ║
║                                     Rev/Mile 853                                       Rt Axle 1                     ║
║                                      VID Enabled                                                                     ║

and the related code :
Code: Select all
Strategy:
9 ff06: 4b,48,41,49,38,41,55                           
KHAI8AU

9 ff0d: 2e,48,45,58,2a,ff                             Unknown Operation/Structure

PATS Code:
9 ff13: 00                                             
00

Part Number:
9 ff14: 39,38,42,42,41,41,45                           
98BBAAE

9 ff1b: 2a,ff,01,cc,46,35,e2,1f                       Unknown Operation/Structure
9 ff23: 2a,1a,4d,e6,f8,be,9e,01                       Unknown Operation/Structure

9 ff2b -> ff62                     fill               ff

Copyright:
9 ff63: 43,6f,70,79,72,69,67,68,74,20,46,6f,72,64,20,4d,6f,74,6f,72,20,43,6f,2e,20,31,39,39,38
Copyright Ford Motor Co. 1998

VIN Code:
9 ff80: 58,4b,38,39,37,37,32,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
XK89772

9 ff91: ff,ff,ff,ff                                   Unknown Operation/Structure

9 ff95: 2a                      1                     VID Block Enabled

9 ff96: 30,52,30,ff                                   Unknown Operation/Structure

9 ff9a: 55,03                 355                     Tyre Revolutions per Mile
9 ff9c: 00,04                   1                     Rear End Gear Ratio

9 ff9e -> fffb                     fill               ff

9 fffc: 89,2f,ff,91                                   Unknown Operation/Structure


Disassembly would be better with everything identified and I have a huge doubt on PATS Code size (1 byte), which is often at 0.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby decipha » Wed Mar 28, 2018 10:00 pm

the vid block is useless and doesnt help disassembly in any way

the pata code is always 26 bytes except for pats type e iirc which is 13 bytes static with identifier off chip

i dont see how any of that will be helpful
User avatar
decipha
Tooner
 
Posts: 14990
Joined: Mon Jul 15, 2013 5:29 pm
Location: New Orleans, LA
Name: Michael Ponthieux
Vehicle Information: Supercoupin' x10
90 (4x 5spds) - Dante, Ruby, Daja, Ava
91 4r70w - Skarlett
92 (2x) 5spd & auto - Bianqa, Andrea
93 auto - Danika
94 5spd Rionda
95 auto Aisha
Vehicle 2 Information: Others:
00 Lincoln LS - Luanda
98 Camaro SS - Bounquisha
02 Harley F-150 - Sasasha
03 Marauder - DyShyKy
00 Explorer 5L - Bernyce

Re: SAD 806x Disassembler

Unread postby Pym » Thu Mar 29, 2018 12:06 am

This is what, I was thinking, PATS code identification is totally wrong.
It is not at ff13 on 1 byte, the only place I see is ff1d to ff36.

I was talking some months ago, about moates F3 vs F3v2 chips hiding the VID block or not.
I the case we want to force VID block in chips (especially when changing ECU), we need to know what it contains especially for PATS.
Some strategies have PATS learning activated and it can be done simply through OBD, this is the case for KHAI8.
But others do not and require specific Ford interface to do it, this is in this case that F3V2 without VID Block hiding is useful, with well duplicated VID Block.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby rocks08 » Wed Apr 04, 2018 9:42 am

Hi Pym nice job

if i read the bin with a kess, your sad800x can disassemble it?
rocks08
General Poster
 
Posts: 4
Joined: Mon Jul 31, 2017 2:24 pm
Name: Anthony
Vehicle Information: ford puma 1.7 eecv DUDE

Re: SAD 806x Disassembler

Unread postby Pym » Wed Apr 04, 2018 11:30 pm

rocks08 wrote:if i read the bin with a kess, your sad800x can disassemble it?

Yes it should, but the main thing is to make a Kess work properly. If you are able to read/write binaries with your Kess, please just give me its reference, I am interested.
Personally, for Puma ECU I use Moates tools and your ECU should use a AXPDA or AXPDC strategy which is well disassembled.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby rocks08 » Thu Apr 05, 2018 1:20 am

yes work properly, with i can read, write without problem
it's a kess v2 hw: 4.036 & sw: 2.12 or 2.32 working

i'ts mine with just the rev limit change:
WinOLS (Ford puma (ford puma anthony rev limit 7100) - ).bin


and that files it's the frp puma map foun on web and read with kess
frp puma map internet.bin


my ecm is a dude and can write with the kess the frp map on it

but for me is not a good chiptuning, i prefer to understand how the ecm work for better tuning.
You do not have the required permissions to view the files attached to this post.
rocks08
General Poster
 
Posts: 4
Joined: Mon Jul 31, 2017 2:24 pm
Name: Anthony
Vehicle Information: ford puma 1.7 eecv DUDE

Re: SAD 806x Disassembler

Unread postby Pym » Thu Apr 05, 2018 4:09 am

I should try this Kess too, not so easy to find the right tool for cars before 2000.

I use FRP binary on my Puma, which works really well, nothing changes under 4000rpm, but over it is a different car.
It seems to be the best thing for this car, even if changes are not really big, but well done.
Yes MAF transfer function should give leaner results, but MAF is probably not the same part, I have not checked.
You can open a topic on it on Ford Euro & Aussie Tuning if you want.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby rocks08 » Thu Apr 05, 2018 4:46 am

For me the kess with this version is the best work fine with obd on a lot of car.
Frp works fine, but i use e85 with modified fuel pressure regulator.
I want down the pressure and up injection timing.

I have try sad800x 1.2 can't find the function (16 for other car) for the MAF. I will open topic later i continu little search before
rocks08
General Poster
 
Posts: 4
Joined: Mon Jul 31, 2017 2:24 pm
Name: Anthony
Vehicle Information: ford puma 1.7 eecv DUDE

Re: SAD 806x Disassembler

Unread postby ranga83 » Thu Apr 05, 2018 6:09 am

thanks PYM, the new version seems to work ok with the 4TAD, it misses some code, but a tweek to the .dir should sort that out.
I think ive found a bug tho, when I click on "text output" the program crashes. it does however save the .txt
ranga83
Power Poster
 
Posts: 240
Joined: Sat May 24, 2014 10:40 pm
Location: melbourne, victoria, australia
Name: kendall
Vehicle Information: 1996 EF Falcon 4.0 inline 6, 4TAD ecu, tunerpro, and moates q/h

Re: SAD 806x Disassembler

Unread postby Pym » Thu Apr 05, 2018 6:15 am

rocks08 wrote:I have try sad800x 1.2 can't find the function (16 for other car) for the MAF. I will open topic later i continu little search before

Yes, this is normal, on AXPD* MAF transfer function is not used through a word function routine, but is used like a structure.
SAD806x detects its start as a structure, but structure are not for now automatically identified.
So you have 2 choices (address is 1 2154) :
- Update detected Structure like this (Structure = "Word:2" or "Word,Word" and Number = 30), but you will not be able to scale values.
- Create a 30 rows Word function at the related address.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby jsa » Fri Apr 06, 2018 5:07 pm

Pym wrote:- Advanced routine and signatures added


To help understand how to fill in signature details, do you have an s6x with signatures you could share, please?
Cheers
John
jsa
Power Poster
 
Posts: 380
Joined: Thu Jan 16, 2014 1:44 am
Location: In the shed or On the Computer, 'straya
Name: John
Vehicle Information: Escort RS Cosworth
EEC-IV GHAJ0 ANTI or COSY

Re: SAD 806x Disassembler

Unread postby Pym » Sat Apr 07, 2018 1:59 am

jsa wrote:To help understand how to fill in signature details, do you have an s6x with signatures you could share, please?

No, I have not started to prepare a good Signature S6x, I have just done tests with specific routines.
The principle will probably to have S6x Signatures files for each period.
To begin, just use option "Copy (signature)" on a detected routine, then past it, to create a signature, it will create the related Signature, with the code at the beginning of the routine.
After this, remove code that is 100% specific to your strategy and replace parts that are addresses or registers related with "." or with #38#,... if you want to reuse them in advanced properties.

I will try to provide you some good samples.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby jsa » Sat Apr 07, 2018 6:45 am

Thanks I will have a go at copy and paste.
Cheers
John
jsa
Power Poster
 
Posts: 380
Joined: Thu Jan 16, 2014 1:44 am
Location: In the shed or On the Computer, 'straya
Name: John
Vehicle Information: Escort RS Cosworth
EEC-IV GHAJ0 ANTI or COSY

Re: SAD 806x Disassembler

Unread postby Pym » Tue Apr 10, 2018 2:45 am

jsa wrote:Thanks I will have a go at copy and paste.

I will give you a first example on ANTI :
One routine starts like this and I want to force it like a Unsigned Table Routine, for better recognition, with fixed Cols & Rows input registers and fixed Columns number :
Code: Select all
8 2654: f8                   clc                      CY = 0;             
8 2655: af,72,b4,30          ldzbw R30,[R72+b4]       R30 = (uns)[534];   
8 2659: af,72,b5,32          ldzbw R32,[R72+b5]       R32 = (uns)[535];   
8 265d: ad,06,34             ldzbw R34,6              R34 = (uns)6;       
8 2660: db,03                jc    2665               if (CY == 1) goto 2665;
8 2662: e7,3c,52             jump  78a1               goto UTabLU;         
8 2665: e7,36,52             jump  789e               goto STabLU;


Signature definition and result Routine are in attachment.

Parameters (#XX#) should always be distinct and XX should always be a decimal number (00 => 99). I have used #73# in example to prevent having duplicated parameters.
If parameter is a RBase or RConst (R72 in this case) to be added, parameter reuse should start with #72#+#XX#, #XX#+#72# will just add 2 values XX+72.
Fields of type Register / Address can contains a dot, to separate Register from an Address.

On resulted Routine, I have R30.[534] for Columns input register / address. R30 is just for information, but [534] will be reused to detect existing scaling function and would not be detected inside a table routine, if not set.

If you try this signature on ANTI binary, you will see that a mistake will be created on some Table signs.
This is normal, because, the routine is now recognized as a unsigned table routine, previous routine with CY=1 (or any code) calling it which is for signed tables is badly affected.
To manage it, you have 2 possibilities, update previous routine to force it as a signed routine or create another signature like this one for previous routine, but signed in this case.

Yes, it is not so simple, but it permits to manage everything.

New examples will come.
You do not have the required permissions to view the files attached to this post.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby jsa » Tue Apr 10, 2018 3:13 am

Thanks Pym, I will have a play with that.

I have not had a chance to try C & P yet.

You said you had tested, would it be worthwhile to put the test s6x files here?
At least it would populate the fields on the various tabs, but of course the results may be um, 'interesting'.
Cheers
John
jsa
Power Poster
 
Posts: 380
Joined: Thu Jan 16, 2014 1:44 am
Location: In the shed or On the Computer, 'straya
Name: John
Vehicle Information: Escort RS Cosworth
EEC-IV GHAJ0 ANTI or COSY

Re: SAD 806x Disassembler

Unread postby Pym » Wed Apr 18, 2018 1:55 pm

Another more simple example, for Mass Air Flow transfer curve signature. No advanced thing, just for naming routine.
It should works well on modern EEC V binaries.
Code: Select all
af,..,..,..
08,01,..
b1,01,..
*
b0,15
*
fa
b0,19,..
b0,17,..
b0,15,..
fb


If you have understood how it works, you should be able to complete signature to use 2 Parameters to find MAF transfer function address (if address is not encoded).
These parameters can be reused to create an "Internal Function" (Word with 30 rows) to generate automatically MAF transfer function, if it was not already detected.

Please find attached a real 1.2 version, which is really working on multi banks for signatures.
You do not have the required permissions to view the files attached to this post.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby jsa » Thu Apr 19, 2018 6:22 am

Thanks Pym. I have not had a chance to try yet. Hopefully on the weekend.
Cheers
John
jsa
Power Poster
 
Posts: 380
Joined: Thu Jan 16, 2014 1:44 am
Location: In the shed or On the Computer, 'straya
Name: John
Vehicle Information: Escort RS Cosworth
EEC-IV GHAJ0 ANTI or COSY

Re: SAD 806x Disassembler

Unread postby decipha » Thu Apr 19, 2018 4:27 pm

it doesn't work for me, i tried importing my rzasa xdf cmt and dir file and it keeps erroring out

attached the files to see if you can help out with it
You do not have the required permissions to view the files attached to this post.
User avatar
decipha
Tooner
 
Posts: 14990
Joined: Mon Jul 15, 2013 5:29 pm
Location: New Orleans, LA
Name: Michael Ponthieux
Vehicle Information: Supercoupin' x10
90 (4x 5spds) - Dante, Ruby, Daja, Ava
91 4r70w - Skarlett
92 (2x) 5spd & auto - Bianqa, Andrea
93 auto - Danika
94 5spd Rionda
95 auto Aisha
Vehicle 2 Information: Others:
00 Lincoln LS - Luanda
98 Camaro SS - Bounquisha
02 Harley F-150 - Sasasha
03 Marauder - DyShyKy
00 Explorer 5L - Bernyce

Re: SAD 806x Disassembler

Unread postby Pym » Sat Apr 21, 2018 1:51 am

I will have a look at it.
...
Ok, really good cases, related with imports and generated conflicts. It was probably the same thing on previous version.
First, it was required to modify Xdf file to make it compatible with Xml format (I do not know how TunerPro is able to read it or write it).
=> FNRPM_LIM - TQ Ratio Desired : Description was containing invalid Xml characters.
Now let me a bit time to analyse conflicts or errors and propose something.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby Pym » Sat Apr 28, 2018 11:42 am

I have found a way to read Xdf files containing invalid Xml characters.
I have corrected main part of import conflicts, now starting on the principle that a given directive is not totally proper or filled in at 100%
and I have reviewed other conflicts between auto detected elements and provided directives, especially temporary registers.
Way of working of other addresses has been updated too, to be better managed and more easy to use.
To be clear, I had in my to do list, the need to add a search function. I have not done it before, because I had doubts about its interest.
But to review everything, it was required to implement it and yes, finally it is a huge improvement which changes the way you use the tool.
I continue trying to understand last errors, essentially related with provided directives, ex :
Code: Select all
SUBR 2FFF 0 "__CLK_CAP_KNK3"
SUBR 3000 0 "__IXFRPR"
SUBR 3001 0 "__SPI2_CLR"

Not sure it is what you were wanted to write.
But as result it tries to disassemble instructions at these addresses, thinking directive is right and it generates conflicts with already detected instructions.

So thank you, this set of files is a really good textbook case to finish to test related functionalities.
I have never been able or I have never wanted to write such a huge SAD directive file.

New version will come soon, still on 1.2, now with its release date.
I prefer to reserve 1.3 version for next step, the structures resolving.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby decipha » Sat Apr 28, 2018 2:34 pm

np glad i could help

now whats the chance of the disassembler using my xdf as a template and all identified parameters in other strategy used to xreate xdf ? I need a way to automate the xdf creation and updating process.
User avatar
decipha
Tooner
 
Posts: 14990
Joined: Mon Jul 15, 2013 5:29 pm
Location: New Orleans, LA
Name: Michael Ponthieux
Vehicle Information: Supercoupin' x10
90 (4x 5spds) - Dante, Ruby, Daja, Ava
91 4r70w - Skarlett
92 (2x) 5spd & auto - Bianqa, Andrea
93 auto - Danika
94 5spd Rionda
95 auto Aisha
Vehicle 2 Information: Others:
00 Lincoln LS - Luanda
98 Camaro SS - Bounquisha
02 Harley F-150 - Sasasha
03 Marauder - DyShyKy
00 Explorer 5L - Bernyce

Re: SAD 806x Disassembler

Unread postby jsa » Sat Apr 28, 2018 4:00 pm

Pym wrote:I have found a way to read Xdf files containing invalid Xml characters.


Are the characters invalid for xdf though?

Evidently xdf is a format distinct from xml.

Google xdf file format and NASA.
Cheers
John
jsa
Power Poster
 
Posts: 380
Joined: Thu Jan 16, 2014 1:44 am
Location: In the shed or On the Computer, 'straya
Name: John
Vehicle Information: Escort RS Cosworth
EEC-IV GHAJ0 ANTI or COSY

Re: SAD 806x Disassembler

Unread postby Pym » Sat Apr 28, 2018 5:03 pm

decipha wrote:now whats the chance of the disassembler using my xdf as a template and all identified parameters in other strategy used to xreate xdf ? I need a way to automate the xdf creation and updating process.

None, directly from xdf file. We will have to create an unique signature for each known routine and then put information on called scalars, functions and tables in them to generate them properly and finally to be exported to TunerPro.
We could talk about this later on.

jsa wrote:Evidently xdf is a format distinct from xml.

No xdf files (not encrypted with password) are pure xml files, like s6x ones and like data stored in clipboard when you do a copy in TunerPro.
It is a chance, that it is not using a proprietary format, otherwise, without the right provided library, it would be really hard to communicate with it.
But in this case file was containing invalid xml characters (< 0x020), do not ask me why, I do not know, it is not possible to fill in them in TunerPro.
But it seems that TunerPro does not validate its xml format before saving, letting this kind of mistakes being possible.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby jsa » Sat Apr 28, 2018 7:51 pm

Out of interest,there are libraries available for xdf.

I have tried import of SAD DIR and CMT files today with a view to building a signature file.
First off I opened a bin then imported the DIR and CMT. I then selected disassemble and SAD806x V1.2 crashed out.
Second off I opened a bin, disassembled then imported DIR and CMT. Largely it seems the DIR and CMT information has not been transferred into the tree and assigned to the various SFT.

Courtesy of TVRfan
EEC-IV_A9L-master.zip

From Motorhead1991's github project
https://github.com/OpenEEC-Project/EEC-IV_A9L
You do not have the required permissions to view the files attached to this post.
Cheers
John
jsa
Power Poster
 
Posts: 380
Joined: Thu Jan 16, 2014 1:44 am
Location: In the shed or On the Computer, 'straya
Name: John
Vehicle Information: Escort RS Cosworth
EEC-IV GHAJ0 ANTI or COSY

Re: SAD 806x Disassembler

Unread postby Pym » Sun Apr 29, 2018 1:00 pm

You can now try this new version 1.2 2018-04-29.
It should resolve main part of the issues.
Imports (Dir, Xdf) have been reviewed, with huge improvement on performances and corrections on conflicts.
Disassembly after imports becomes what I was expecting.
Search functionality is added.
PATS code has moved, but I am still not convinced. A complete review of VID block addresses would be a good thing.

Tests with Rsaza files, provide good results, but is is required to skip some elements after Dir import or to cleanup Dir file.
I have kept a trace on it, if you need details (essentially subr directives which should be sym directives or scalars not defined at the right place).
If you need information on Dir=>S6x conversion, because it is not fully compatible, it will be the right moment.
You do not have the required permissions to view the files attached to this post.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby decipha » Sun Apr 29, 2018 8:21 pm

subr is to identify a subroutine and name it

i have the complete vid block broken out in rzasa its the same for all US eec's

the scalars are defined in the correct place, in later eec-5 the scalars are in the code there is no pointer+offset lookup for numerous scalars

any chance you can have it spit out a log of the directive and comment and xdf file errors your disassembler picks up?
User avatar
decipha
Tooner
 
Posts: 14990
Joined: Mon Jul 15, 2013 5:29 pm
Location: New Orleans, LA
Name: Michael Ponthieux
Vehicle Information: Supercoupin' x10
90 (4x 5spds) - Dante, Ruby, Daja, Ava
91 4r70w - Skarlett
92 (2x) 5spd & auto - Bianqa, Andrea
93 auto - Danika
94 5spd Rionda
95 auto Aisha
Vehicle 2 Information: Others:
00 Lincoln LS - Luanda
98 Camaro SS - Bounquisha
02 Harley F-150 - Sasasha
03 Marauder - DyShyKy
00 Explorer 5L - Bernyce

Re: SAD 806x Disassembler

Unread postby Pym » Mon Apr 30, 2018 1:09 am

decipha wrote:any chance you can have it spit out a log of the directive and comment and xdf file errors your disassembler picks up?

To access error details, just click on message on bottom right after disassembly, when you have the message "Disassembly done with errors". Same principle after text output.
You have the same option to access binary information with VID block details when clicking on top right at any time.
I will send you by PM the word file I have done to correct errors on rsaza.

decipha wrote:i have the complete vid block broken out in rzasa its the same for all US eec's

Mercury (Ford in EU) cougar was assembled in the US and it seems to be accurate for VID block, but for pure EU cars it seems different, I will continue on this in another place.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby jsa » Mon Apr 30, 2018 3:29 am

Pym wrote:You can now try this new version 1.2 2018-04-29.


Thanks Pym. certainly is much better.

Strangely some Scalars were kept in the tree under Structures.
Cheers
John
jsa
Power Poster
 
Posts: 380
Joined: Thu Jan 16, 2014 1:44 am
Location: In the shed or On the Computer, 'straya
Name: John
Vehicle Information: Escort RS Cosworth
EEC-IV GHAJ0 ANTI or COSY

Re: SAD 806x Disassembler

Unread postby Pym » Mon Apr 30, 2018 5:26 am

jsa wrote:Strangely some Scalars were kept in the tree under Structures.

Yes on 1.2, when a calibration element (table, function, scalar or structure) is not identified at use level, a 1 byte structure is created,
which in 99% of cases is true and will be the base in next version for structure format detection.
On previous versions, a 1 byte scalar was created.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby decipha » Mon Apr 30, 2018 12:21 pm

i went over that error log u sent me

8 2438 was my mistake i put an 8 instead of A, i do that often as i repeat the address in my head i often mix those up

8 602a is correct, 6029 was the error

8 f676 is no error, the code jumps back in to the middle of code to reuse it as a different operand that's common on eec-v
User avatar
decipha
Tooner
 
Posts: 14990
Joined: Mon Jul 15, 2013 5:29 pm
Location: New Orleans, LA
Name: Michael Ponthieux
Vehicle Information: Supercoupin' x10
90 (4x 5spds) - Dante, Ruby, Daja, Ava
91 4r70w - Skarlett
92 (2x) 5spd & auto - Bianqa, Andrea
93 auto - Danika
94 5spd Rionda
95 auto Aisha
Vehicle 2 Information: Others:
00 Lincoln LS - Luanda
98 Camaro SS - Bounquisha
02 Harley F-150 - Sasasha
03 Marauder - DyShyKy
00 Explorer 5L - Bernyce

Re: SAD 806x Disassembler

Unread postby Pym » Mon Apr 30, 2018 3:53 pm

decipha wrote:8 f676 is no error, the code jumps back in to the middle of code to reuse it as a different operand that's common on eec-v

I have seen it often for fe/not fe operation, which I have already managed with a dedicated output in these cases.
But nothing for other operations, anyway, an error is indicated, without real consequence, because output shall be done properly.
Same thing for calibration elements, code can read a word scalar in a place and top byte of it in another place, error is indicated, with no consequence at all. But when it is its low byte with same address, it is another story.
Disassembly errors are indicated when instructions or calibration elements share the same addresses.
Output errors are generated when 2 identified objects have exactly the same address, in these cases output ignores one of them.
Everything could be a real error or a code choice, no other way than studying code deeper.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby Pym » Sat May 12, 2018 9:37 am

Another thing, existing since the first version :
the DIVW operation does not output the fact that register is a double word, which gives a text output a bit more difficult to read.
Is it always the case for 8c, 8d, 8e and 8f or only for some of them ?
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby jsa » Sun May 13, 2018 12:21 am

Any of the temporary registers used for DIVW are missing the L annotation. So L8C for your example.

GHAJ0 uses quite a few different addresses with DIVW.
Cheers
John
jsa
Power Poster
 
Posts: 380
Joined: Thu Jan 16, 2014 1:44 am
Location: In the shed or On the Computer, 'straya
Name: John
Vehicle Information: Escort RS Cosworth
EEC-IV GHAJ0 ANTI or COSY

Re: SAD 806x Disassembler

Unread postby Pym » Sun May 13, 2018 7:30 am

Ok, so DIVW always operates on double word (even with single byte divider).
No real choice for output, adding 2 on register (R58 = R58 / R30 => R5a = R5a / R30) is a bad idea, especially for named registers ([244] = [244] / R30 <=> [MAF] = [MAF] / R30 => [246] = [246] / R30).
So I will always add L to the register.
Same thing for DIVB, I have to think about a solution.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby jsa » Sat May 19, 2018 4:25 pm

Divb is two bytes divide one byte.

LR58 for a divw

WR58 for a divb
Cheers
John
jsa
Power Poster
 
Posts: 380
Joined: Thu Jan 16, 2014 1:44 am
Location: In the shed or On the Computer, 'straya
Name: John
Vehicle Information: Escort RS Cosworth
EEC-IV GHAJ0 ANTI or COSY

Re: SAD 806x Disassembler

Unread postby Pym » Sun May 20, 2018 1:23 am

jsa wrote:Divb is two bytes divide one byte.
LR58 for a divw
WR58 for a divb

Yes, I have updated it like this.
DIVW : R58 = R58 / R30 will now be R58 = R58L / R30
DIVB : R58 = R58 / R30 will now be R58 = R58W / R30
SHRDW : R58L = R58L / 10 will now be R58 = R58L / 10 => Finally, this one stays like it is.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby Pym » Tue May 22, 2018 10:03 am

New version is released.
Still on 1.2 but with today date.
No real change, but some corrections.
DIVB and DIVW outputs have changed.
Xdf import now generates Short Labels which is more than required for outputting or exporting something.
Reserved addresses and elements created at load can not be overridden anymore by imports and conflicts are better managed on import too.

How much time lost on these import/export things ...
You do not have the required permissions to view the files attached to this post.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby Pym » Fri Jul 06, 2018 9:17 am

New version is released.
Still on 1.2 but with today date.
It is some kind of pre-release for 1.3 version, including first structures analysis algorithm.
This is globally the most stable release, but structures analysis could provide some surprises and could slow dissassembly.
Many other changes are included :
- Structure definition has evolved (Multiple conditional levels, Vect8, Vect1, Vect0, Vect9 commands added, !00, !01 to !FF are managed, except !B0 to !B7, which are reserved for bit flags)
- Structure text output is better when using labels in definition
- Different output for included elements (inside another one)
- Vector List concept is added, directly as header for Additional Vectors.
- Register appears better in tree and have now their own option in properties, to output them in result header
- Drag and Drop is now managed on user interface (for .bin, .s6x, .xdf, _dir.txt and _cmt.txt files)
- Hex reader, now permits to copy values.
- Batch mode is now managed (for disassembling, outputting one binary a a complete folder), I will detail it later, because it is for tests essentially.
- Other corrections essentially on user interface.

I provide sources too, based on Visual Studio 2008 (don't be afraid about the amount of code).
You do not have the required permissions to view the files attached to this post.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Re: SAD 806x Disassembler

Unread postby decipha » Fri Jul 06, 2018 9:38 am

can it recognize code and automatically assign the correct PID names?
User avatar
decipha
Tooner
 
Posts: 14990
Joined: Mon Jul 15, 2013 5:29 pm
Location: New Orleans, LA
Name: Michael Ponthieux
Vehicle Information: Supercoupin' x10
90 (4x 5spds) - Dante, Ruby, Daja, Ava
91 4r70w - Skarlett
92 (2x) 5spd & auto - Bianqa, Andrea
93 auto - Danika
94 5spd Rionda
95 auto Aisha
Vehicle 2 Information: Others:
00 Lincoln LS - Luanda
98 Camaro SS - Bounquisha
02 Harley F-150 - Sasasha
03 Marauder - DyShyKy
00 Explorer 5L - Bernyce

Re: SAD 806x Disassembler

Unread postby Pym » Fri Jul 06, 2018 2:32 pm

decipha wrote:can it recognize code and automatically assign the correct PID names?

Not for this version.
Pym
Hacker
 
Posts: 162
Joined: Sat Mar 04, 2017 4:29 am
Name: Pierre-Yves
Vehicle Information: Ford(EU) 91 Fiesta RS Turbo / EEC IV VM120 0FAB
TunerPro on Moates chips
Vehicle 2 Information: Ford(EU) 97 Puma 1.7 VCT / EEC V LP2-110 MUFF AXPDCB4
Vehicle 3 Information: Ford(EU) 97 Mondeo V / EEC V MLP-427 REED ATAFHE3
Additional Vehicles: Ford(EU) 91 Fiesta XR2i / EEC IV SD111 1AFA
Ford(EU) 98 Cougar V6 / EEC V ?

Previous

Return to Programming & Coding

Who is online

Users browsing this forum: No registered users and 4 guests