Cadaver Puncher

iTrader: (1)

ok damn, long read and what I got out of it is...... if I do an ls swap, I want you hacking my computer.

junkcltr

iTrader: (1)

Old thread. Looks like these tools may be worth a try.

Disassembler:
Updated IRA
http://aminet.net/package/dev/asm/ira

Assembler:
VASM
http://sun.hasenbraten.de/vasm/

james_adams2006

Thanks for posting those up junkcltr. Have you tried that disassembler yet? I've been looking for one as well to decompile a later green/blue connector pcm .bin file, but have had trouble locating a disassembly and can't splurge currently on IDA Pro.

04colyZQ8

This is very difficult, I wish it was explained more? Why the need to pull the flash chip off the board? Can't you use a known good bin file? I have bins from the GM SPS, they are the same as what hpt uses, or efi live.


If I load these into ida I setup the Processor as moto 68330 there isn't a 68332, so is 68330 normal, there is lots of setting and options, no clue what to set them all for? am I creating ram or rom? I get a error message saying it doesn't know ere the start address of the code is? How do I find that, what exact settings do I input into IDA?


Also IRA, and dsm68 do not work just a black screen opens for half a sec, then tis gone?? Very frustrated!

04colyZQ8

IDA keeps telling me to define the Entry point? Were is the entry point, and how do I define it?

04colyZQ8

Here is a 99 vortec file 4.3L V6 automatic is this all I need to dissemble?


Looking at it in hex, Id guess 0x400 to be the start of the machine code, and 0x668co to be the end? But how do I implement this into IDA to read the disassembly?

04colyZQ8

OK figured it out? press C at 0x04 and it starts decompiling, but I don't see any text to the right like you have, just move, push and numbers


Why don't I see anything like this construct idle rpm error, and all those actual numbers that make more sense?


;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
; Construct idle RPM error term
;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
;
LAB_2197:
CLR.L D3 ;Preclear D3
MOVE EXT_1460.W,D3 ;Load D3 with desired idle speed

04colyZQ8

Do I need some sort of add on to IDA, to view text?


How did you view the OBD 2 data? is that in a separate file?

04colyZQ8

Do need hex-rays add in?

04colyZQ8

Ok I got Tos and St emulator running TTdigger, can figure out how to opne a file with ttdigger? Do I have to rename my bin file to .st, or .idx? I tired that, still cant seem to get it to work?


I get error stop and cant find OSVARS.RA whenever I try to to open anything with TTdigger?

04colyZQ8

So frustrating that I cant get a IDA, 68asm, ttdigger to work!!

Fast355

iTrader: (2)

I would look at Adam's dissasembly really closely. According to my Tunercats the definition file for 1998-2000 blackbox is the same. GM has a habit of using the same ECM code for numerous years and applications.

I used Tunercats to segment swap a 4L80E transmission segment from a 2000 5.7 Experess van into a 2000 C1500 4.3 truck PCM that the owner had swapped a 4L80E into and tried to use the 4L60E tuning with a relay added to the system. Long story short it did not work out correctly with the relay, but worked well after the segment swap.

scorp508

Sorry for the thread necropsy, but what an awesome thread.

Does a full assembly dump of any $6E bin exist?

A few years ago I went through a ABTB_HAC.SRC dump I have of a $32B to expand the TunerCat (and TunerPro) definition file for my '87 Corvette. I'd kind of like to look at maybe moving to $6E, but my car still has the Doug Nash 4+3 so I'd lose some functionality. I'm a bit curious if some of the same tables that control the OD on the transmission still exist in the 6E BINs even though they'd probably be purposed only for Automatics.

dzida

There's 6E disassembly attached. Also, have a look at the XDF I did for 6E, it's quite complete, but it's missing some parameters in transmission section of calibration.

I remember that there were some strange manual trans parameters in hac, probably for 4+3 OD, but not defined clearly. If you add the 4+3 parameters, please share your findings.

scorp508

Thank you! I don't know if I'll get around to it quickly, but will be sure to follow-up if I find anything interesting.

GTPLover

Hello all fellow hackers I'm trying to find a 4.3L auto bin file for a 98 black box does anyone have one plz trying to tune my 97 but need a bin as my 98 black box has a 5.7 file on it know Thx

Dominic Sorresso

Following.

ColPaul

Sorry to resurrect an old thread, but I'm hoping that @dimented24x7 or someone else can help me reverse a P59 OS (). I posted the text output of Ghidra disassembler at https://github.com/ColPaulR/GM-Gen-3..._4L60E.bin.txt. Looking at the vector table, INT3 appears to be the IRQ that is different than the rest. I assume that the MC68HC58 IRQ is tied to IRQ3. If so, the interrupt routine starts at 0x0005c4. Using the above and some comments from another commented disassembled OS at https://github.com/LegacyNsfw/125933....annotated.asm, I have been adding comments. Can anyone help me better understand what the code I'm calling void LVL3_FUNCTION(void) does? That is address space 0x0005C4 through RTE at 0x0006A0.

Bill Hagan

ColPaul did you pm him directly about this or on http://www.gearhead-efi.com/ a guy LTR he is also very good at this

ColPaul

I didn't but I will now, and PM LTR. Thanks for the suggestion.