Realtime Tuning Progress

Jon [in CT] · **Posted:** Thu Sep 21, 2006 10:17 am

ev8siv3 wrote:

Do you have an alternate suggestion on how to implement realtime maps without changing code to look for it?

Of course you have to change some instructions, but you don't need a compiler or assembler to do it. You just hook into the existing code and jump to a little routine which can check for and load realtime values.

Let's say you've identified an instruction, or series of instructions, which access a table which also has a realtime version. Let's call the address of this instruction the hook point. Replace the first instruction at the hook point with a jump/branch/goto instruction that points to a previously unused area of the ROM where you've placed the following code, which I'll call the hook routine.

The hook routine examines an address in RAM looking for a string which indicates that realtime maps are present. If that string isn't found then it executes the instruction that used to be at the hook point and then jumps back to the instruction following the hook point. Otherwise, you duplicate the instruction(s) which reference ROM table addresses with one's which reference RAM table addresses and then jump back to the instruction following the one(s) you duplicated in the hook routine.

You don't need an assembler or compiler to implement hooks and hook routines.

You also need to understand how RAM memory is allocated and released. You don't want your realtime maps overwritten by OBD freeze frame data.

ev8siv3 · **Joined:** Fri Mar 24, 2006 3:14 pm **Posts:** 768

Jon [in CT] wrote:

ev8siv3 wrote:

Do you have an alternate suggestion on how to implement realtime maps without changing code to look for it?

Of course you have to change some instructions, but you don't need a compiler or assembler to do it. You just hook into the existing code and jump to a little routine which can check for and load realtime values.

Let's say you've identified an instruction, or series of instructions, which access a table which also has a realtime version. Let's call the address of this instruction the hook point. Replace the first instruction at the hook point with a jump/branch/goto instruction that points to a previously unused area of the ROM where you've placed the following code, which I'll call the hook routine.

The hook routine examines an address in RAM looking for a string which indicates that realtime maps are present. If that string isn't found then it executes the instruction that used to be at the hook point and then jumps back to the instruction following the hook point. Otherwise, you duplicate the instruction(s) which reference ROM table addresses with one's which reference RAM table addresses and then jump back to the instruction following the one(s) you duplicated in the hook routine.

You don't need an assembler or compiler to implement hooks and hook routines.

You also need to understand how RAM memory is allocated and released. You don't want your realtime maps overwritten by OBD freeze frame data.

You do know that there are multiple references to locations and sub-routines inside the assembly right? There are chunks of code that need to be completely removed in order to allow "hooking". Then placing the failsafe codes for defaulting back to a base value in the event of no lookup data has to be added. In theory yes it sounds simple, but there's a lot behind it.

Our first necessity is the RAM writer. We can go off a c0bb image and test that the RAM areas modified are taking the changes and go from there.

Tgui · **Joined:** Tue Jul 11, 2006 9:25 pm **Posts:** 1025

I'd guess the cobb realtime has a set of static addresses, each of which tied to a particular table of data? Hence the recent xml def that allows one to see realtime cobb data on different cars. My question should have been, references to realtime data aren't dynamically generated, they're defined before hand?

Just a question. I used to be pretty good with 8086 assembler.

Any yeah, new subroutines would be needed to conditionally reference realtime data.

Jon [in CT] · **Posted:** Thu Sep 21, 2006 2:03 pm

ev8siv3 wrote:

You do know that there are multiple references to locations and sub-routines inside the assembly right?

And that implies what? Obviously multiple hooks are needed.

ev8siv3 wrote:

There are chunks of code that need to be completely removed in order to allow "hooking".

Not true. Each hook requires that one instruction at the hook point be relocated into the associated hook routine. No instructions are deleted.

ev8siv3 wrote:

Then placing the failsafe codes for defaulting back to a base value in the event of no lookup data has to be added.

When a hook routine determines that realtime maps don't exist, it executes the relocated instruction mentioned above and then passes control back to the instruction after the hook point. This means the ECU is then executing its original code again, which loads table values from ROM (i.e. 'basemap') locations.

ev8siv3 wrote:

In theory yes it sounds simple, but there's a lot behind it.

It is simple, but it's tedious. I suspect this is basically what Cobb has done and it's the reason why they don't bother to switch to higher calibration IDs as they become available, unless it's absolutely necessary.

ev8siv3 · **Joined:** Fri Mar 24, 2006 3:14 pm **Posts:** 768

Yes, the Addresses for the RT data are stored in the code and are static. The values are block copied when loaded and will revert to the base map when ecu is reset. I can send some ASM code over to you if you'd like to see how it functions.

Tgui · **Joined:** Tue Jul 11, 2006 9:25 pm **Posts:** 1025

ev8siv3 wrote:

Yes, the Addresses for the RT data are stored in the code and are static. The values are block copied when loaded and will revert to the base map when ecu is reset. I can send some ASM code over to you if you'd like to see how it functions.

Would you? Zip something in a PM? Thanks bro.

Tgui · **Joined:** Tue Jul 11, 2006 9:25 pm **Posts:** 1025

Jon [in CT] wrote:

ev8siv3 wrote:

You do know that there are multiple references to locations and sub-routines inside the assembly right?

And that implies what? Obviously multiple hooks are needed.

ev8siv3 wrote:

There are chunks of code that need to be completely removed in order to allow "hooking".

Not true. Each hook requires that one instruction at the hook point be relocated into the associated hook routine. No instructions are deleted.

ev8siv3 wrote:

Then placing the failsafe codes for defaulting back to a base value in the event of no lookup data has to be added.

When a hook routine determines that realtime maps don't exist, it executes the relocated instruction mentioned above and then passes control back to the instruction after the hook point. This means the ECU is then executing its original code again, which loads table values from ROM (i.e. 'basemap') locations.

ev8siv3 wrote:

In theory yes it sounds simple, but there's a lot behind it.

It is simple, but it's tedious. I suspect this is basically what Cobb has done and it's the reason why they don't bother to switch to higher calibration IDs as they become available, unless it's absolutely necessary.

I think you're assuming we're basing this work off of Cobb derived roms. I think there are legal issues with that.

Since we're starting with stock ROMs, entry points to table data are going to have code replaced to conditionally look in ram for table data. Thats code replacement and addition. Thats why we need proper tools. Thats why its not a simple hack.

moose · **Joined:** Sat Aug 05, 2006 4:30 pm **Posts:** 37

How much RAM is available? Would it be possible to have more than one map stored (I guess that depends on the # of tables you want to make real time), and have the hooks look at an address that might contain all zeroes for no realtime data available, or an offset for the start of the realtime map tables?

For example:
Timing table offset 0x0100
Fuel table offset 0x0200

Realtime offset value:
0x0000 no realtime map
0x1000 realtime map 1
0x2000 realtime map 2

Then have timing table at 0x1100 for map 1, 0x2100 for map 2 etc...

Not familiar with the stock ECU capabilities, just wanted to throw this out there.

Jon [in CT] · **Posted:** Thu Sep 21, 2006 2:29 pm

ev8siv3 wrote:

Yes, the Addresses for the RT data are stored in the code and are static. The values are block copied when loaded and will revert to the base map when ecu is reset.

Not quite sure what you mean. Is there an additional routine that runs when the ignition key is turned to ON which guarantees there are always realtime maps present, even if it has to copy the maps from ROM to RAM in order to make it so? If true, then all the ECU instructions for accessing those maps could be changed to unconditionally load values from the RAM version and never worry about loading them from ROM.

I still don't see how a C compiler is going to help you, though.

ev8siv3 · **Joined:** Fri Mar 24, 2006 3:14 pm **Posts:** 768

Heres a small example of a re-route, tell me if you can see it.

Stock Code:

Code:

ROM:0000E668 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
ROM:0000E668
ROM:0000E668
ROM:0000E668 sub_E668:                               ; CODE XREF: sub_E4F0+32p
ROM:0000E668                 ais     #-4             ; Add Immediate Data to SP
ROM:0000E66A                 pshm    Z               ; Push Multiple Registers
ROM:0000E66C                 tsz                     ; Transfer SP to IZ
ROM:0000E66E                 ldd     word_20E1E      ; Load D
ROM:0000E672                 clre                    ; Clear E
ROM:0000E674                 subd    word_200EC      ; Subtract from D
ROM:0000E678                 sbce    #0              ; Subtract with Carry from E
ROM:0000E67C                 addd    #-8000h         ; Add to D
ROM:0000E680                 adce    #0              ; Add with Carry to E
ROM:0000E684                 std     4, Z            ; Store D
ROM:0000E686                 ste     2, Z            ; Store E
ROM:0000E68A                 bmi     loc_E6A0        ; Branch If Minus
ROM:0000E68C                 bgt     loc_E69A        ; Branch If Greater than Zero
ROM:0000E68E                 blt     loc_E696        ; Branch If Less than Zero
ROM:0000E690                 cpd     #0FFFFh         ; Compare D to Memory
ROM:0000E694                 bhi     loc_E69A        ; Branch If Higher
ROM:0000E696
ROM:0000E696 loc_E696:                               ; CODE XREF: sub_E668+26j
ROM:0000E696                 ldd     4, Z            ; Load D
ROM:0000E698                 bra     loc_E6A2        ; Branch Always
ROM:0000E69A ; ---------------------------------------------------------------------------
ROM:0000E69A
ROM:0000E69A loc_E69A:                               ; CODE XREF: sub_E668+24j
ROM:0000E69A                                         ; sub_E668+2Cj
ROM:0000E69A                 ldd     #0FFFFh         ; Load D
ROM:0000E69E                 bra     loc_E6A2        ; Branch Always
ROM:0000E6A0 ; ---------------------------------------------------------------------------
ROM:0000E6A0
ROM:0000E6A0 loc_E6A0:                               ; CODE XREF: sub_E668+22j
ROM:0000E6A0                 clrd                    ; Clear D
ROM:0000E6A2
ROM:0000E6A2 loc_E6A2:                               ; CODE XREF: sub_E668+30j
ROM:0000E6A2                                         ; sub_E668+36j
ROM:0000E6A2                 std     word_20E1A      ; Store D
ROM:0000E6A6                 cpd     word_2A7E5      ; Compare D to Memory
ROM:0000E6AA                 bcc     loc_E6C2        ; Branch If Carry Clear
ROM:0000E6AC                 brset   byte_20E03, #20h, loc_E6B8 ; Branch if Bits Set
ROM:0000E6B2                 bclr    byte_20E03, #10h ; Clear Bit(s)
ROM:0000E6B6                 bra     loc_E6BC        ; Branch Always
ROM:0000E6B8 ; ---------------------------------------------------------------------------
ROM:0000E6B8
ROM:0000E6B8 loc_E6B8:                               ; CODE XREF: sub_E668+44j
ROM:0000E6B8                 bset    byte_20E03, #10h ; Set Bit(s)
ROM:0000E6BC
ROM:0000E6BC loc_E6BC:                               ; CODE XREF: sub_E668+4Ej
ROM:0000E6BC                 bclr    byte_20E03, #20h ; Clear Bit(s)
ROM:0000E6C0                 bra     loc_E6E0        ; Branch Always
ROM:0000E6C2 ; ---------------------------------------------------------------------------
ROM:0000E6C2
ROM:0000E6C2 loc_E6C2:                               ; CODE XREF: sub_E668+42j
ROM:0000E6C2                 ldd     word_20E1A      ; Load D
ROM:0000E6C6                 cpd     word_2A7E7      ; Compare D to Memory
ROM:0000E6CA                 bcs     loc_E6E0        ; Branch If Carry Set
ROM:0000E6CC                 brset   byte_20E03, #20h, loc_E6D8 ; Branch if Bits Set
ROM:0000E6D2                 bclr    byte_20E03, #10h ; Clear Bit(s)
ROM:0000E6D6                 bra     loc_E6DC        ; Branch Always
ROM:0000E6D8 ; ---------------------------------------------------------------------------
ROM:0000E6D8
ROM:0000E6D8 loc_E6D8:                               ; CODE XREF: sub_E668+64j
ROM:0000E6D8                 bset    byte_20E03, #10h ; Set Bit(s)
ROM:0000E6DC
ROM:0000E6DC loc_E6DC:                               ; CODE XREF: sub_E668+6Ej
ROM:0000E6DC                 bset    byte_20E03, #20h ; Set Bit(s)
ROM:0000E6E0
ROM:0000E6E0 loc_E6E0:                               ; CODE XREF: sub_E668+58j
ROM:0000E6E0                                         ; sub_E668+62j
ROM:0000E6E0                 brset   byte_20E03, #4, loc_E6F0 ; Branch if Bits Set
ROM:0000E6E6                 ldd     #3200h          ; Load D
ROM:0000E6EA                 std     word_20E16      ; Store D
ROM:0000E6EE                 bra     loc_E73A        ; Branch Always
ROM:0000E6F0 ; ---------------------------------------------------------------------------
ROM:0000E6F0
ROM:0000E6F0 loc_E6F0:                               ; CODE XREF: sub_E668:loc_E6E0j
ROM:0000E6F0                 ldd     word_20E1A      ; Load D
ROM:0000E6F4                 cpd     word_2A7E5      ; Compare D to Memory
ROM:0000E6F8                 bcc     loc_E706        ; Branch If Carry Clear
ROM:0000E6FA                 brclr   byte_20E03, #10h, loc_E706 ; Branch if Bits Clear
ROM:0000E700                 brclr   byte_20E03, #20h, loc_E71C ; Branch if Bits Clear
ROM:0000E706
ROM:0000E706 loc_E706:                               ; CODE XREF: sub_E668+90j
ROM:0000E706                                         ; sub_E668+92j
ROM:0000E706                 ldd     word_20E1A      ; Load D
ROM:0000E70A                 cpd     word_2A7E7      ; Compare D to Memory
ROM:0000E70E                 bcs     loc_E732        ; Branch If Carry Set
ROM:0000E710                 brset   byte_20E03, #10h, loc_E732 ; Branch if Bits Set
ROM:0000E716                 brclr   byte_20E03, #20h, loc_E732 ; Branch if Bits Clear
ROM:0000E71C
ROM:0000E71C loc_E71C:                               ; CODE XREF: sub_E668+98j
ROM:0000E71C                 ldd     word_20E1A      ; Load D
ROM:0000E720                 ldy     #0A7C8h         ; Load IY
ROM:0000E724                 pshm    D               ; Push Multiple Registers
ROM:0000E726                 jsr     sub_1A722       ; Jump to Subroutine
ROM:0000E72A                 ais     #2              ; Add Immediate Data to SP
ROM:0000E72C                 std     word_20E16      ; Store D
ROM:0000E730                 bra     loc_E73A        ; Branch Always
ROM:0000E732 ; ---------------------------------------------------------------------------
ROM:0000E732
ROM:0000E732 loc_E732:                               ; CODE XREF: sub_E668+A6j
ROM:0000E732                                         ; sub_E668+A8j ...
ROM:0000E732                 ldd     #3200h          ; Load D
ROM:0000E736                 std     word_20E16      ; Store D
ROM:0000E73A
ROM:0000E73A loc_E73A:                               ; CODE XREF: sub_E668+86j
ROM:0000E73A                                         ; sub_E668+C8j
ROM:0000E73A                 brclr   byte_20E03, #4, loc_E750 ; Branch if Bits Clear
ROM:0000E740                 ldd     word_20E1A      ; Load D
ROM:0000E744                 cpd     word_2A7E9      ; Compare D to Memory
ROM:0000E748                 bcs     loc_E75A        ; Branch If Carry Set
ROM:0000E74A                 cpd     word_2A7EB      ; Compare D to Memory
ROM:0000E74E                 bcc     loc_E75A        ; Branch If Carry Clear
ROM:0000E750
ROM:0000E750 loc_E750:                               ; CODE XREF: sub_E668:loc_E73Aj
ROM:0000E750                 ldd     #3200h          ; Load D
ROM:0000E754                 std     word_20E14      ; Store D
ROM:0000E758                 bra     loc_E76E        ; Branch Always
ROM:0000E75A ; ---------------------------------------------------------------------------
ROM:0000E75A
ROM:0000E75A loc_E75A:                               ; CODE XREF: sub_E668+E0j
ROM:0000E75A                                         ; sub_E668+E6j
ROM:0000E75A                 ldd     word_20E1A      ; Load D
ROM:0000E75E                 ldy     #0A7A2h         ; Load IY
ROM:0000E762                 pshm    D               ; Push Multiple Registers
ROM:0000E764                 jsr     sub_1A722       ; Jump to Subroutine
ROM:0000E768                 ais     #2              ; Add Immediate Data to SP
ROM:0000E76A                 std     word_20E14      ; Store D
ROM:0000E76E
ROM:0000E76E loc_E76E:                               ; CODE XREF: sub_E668+F0j
ROM:0000E76E                 ldz     0, Z            ; Load IZ
ROM:0000E770                 ais     #6              ; Add Immediate Data to SP
ROM:0000E772                 rts                     ; Return From Subroutine
ROM:0000E772 ; End of function sub_E668
ROM:0000E772

Modified Code:

Code:

ROM:0000E668 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
ROM:0000E668
ROM:0000E668
ROM:0000E668 sub_E668:                               ; CODE XREF: sub_E4F0+32p
ROM:0000E668                 ais     #-4             ; Add Immediate Data to SP
ROM:0000E66A                 pshm    Z               ; Push Multiple Registers
ROM:0000E66C                 tsz                     ; Transfer SP to IZ
ROM:0000E66E                 ldd     word_20E1E      ; Load D
ROM:0000E672                 clre                    ; Clear E
ROM:0000E674                 subd    word_200EC      ; Subtract from D
ROM:0000E678                 sbce    #0              ; Subtract with Carry from E
ROM:0000E67C                 addd    #-8000h         ; Add to D
ROM:0000E680                 adce    #0              ; Add with Carry to E
ROM:0000E684                 std     4, Z            ; Store D
ROM:0000E686                 ste     2, Z            ; Store E
ROM:0000E68A                 bmi     loc_E6A0        ; Branch If Minus
ROM:0000E68C                 bgt     loc_E69A        ; Branch If Greater than Zero
ROM:0000E68E                 blt     loc_E696        ; Branch If Less than Zero
ROM:0000E690                 cpd     #0FFFFh         ; Compare D to Memory
ROM:0000E694                 bhi     loc_E69A        ; Branch If Higher
ROM:0000E696
ROM:0000E696 loc_E696:                               ; CODE XREF: sub_E668+26j
ROM:0000E696                 ldd     4, Z            ; Load D
ROM:0000E698                 bra     loc_E6A2        ; Branch Always
ROM:0000E69A ; ---------------------------------------------------------------------------
ROM:0000E69A
ROM:0000E69A loc_E69A:                               ; CODE XREF: sub_E668+24j
ROM:0000E69A                                         ; sub_E668+2Cj
ROM:0000E69A                 ldd     #0FFFFh         ; Load D
ROM:0000E69E                 bra     loc_E6A2        ; Branch Always
ROM:0000E6A0 ; ---------------------------------------------------------------------------
ROM:0000E6A0
ROM:0000E6A0 loc_E6A0:                               ; CODE XREF: sub_E668+22j
ROM:0000E6A0                 clrd                    ; Clear D
ROM:0000E6A2
ROM:0000E6A2 loc_E6A2:                               ; CODE XREF: sub_E668+30j
ROM:0000E6A2                                         ; sub_E668+36j
ROM:0000E6A2                 std     word_20E1A      ; Store D
ROM:0000E6A6                 cpd     word_2A7E5      ; Compare D to Memory
ROM:0000E6AA                 bcc     loc_E6C2        ; Branch If Carry Clear
ROM:0000E6AC                 brset   byte_20E03, #20h, loc_E6B8 ; Branch if Bits Set
ROM:0000E6B2                 bclr    byte_20E03, #10h ; Clear Bit(s)
ROM:0000E6B6                 bra     loc_E6BC        ; Branch Always
ROM:0000E6B8 ; ---------------------------------------------------------------------------
ROM:0000E6B8
ROM:0000E6B8 loc_E6B8:                               ; CODE XREF: sub_E668+44j
ROM:0000E6B8                 bset    byte_20E03, #10h ; Set Bit(s)
ROM:0000E6BC
ROM:0000E6BC loc_E6BC:                               ; CODE XREF: sub_E668+4Ej
ROM:0000E6BC                 bclr    byte_20E03, #20h ; Clear Bit(s)
ROM:0000E6C0                 bra     loc_E6E0        ; Branch Always
ROM:0000E6C2 ; ---------------------------------------------------------------------------
ROM:0000E6C2
ROM:0000E6C2 loc_E6C2:                               ; CODE XREF: sub_E668+42j
ROM:0000E6C2                 ldd     word_20E1A      ; Load D
ROM:0000E6C6                 cpd     word_2A7E7      ; Compare D to Memory
ROM:0000E6CA                 bcs     loc_E6E0        ; Branch If Carry Set
ROM:0000E6CC                 brset   byte_20E03, #20h, loc_E6D8 ; Branch if Bits Set
ROM:0000E6D2                 bclr    byte_20E03, #10h ; Clear Bit(s)
ROM:0000E6D6                 bra     loc_E6DC        ; Branch Always
ROM:0000E6D8 ; ---------------------------------------------------------------------------
ROM:0000E6D8
ROM:0000E6D8 loc_E6D8:                               ; CODE XREF: sub_E668+64j
ROM:0000E6D8                 bset    byte_20E03, #10h ; Set Bit(s)
ROM:0000E6DC
ROM:0000E6DC loc_E6DC:                               ; CODE XREF: sub_E668+6Ej
ROM:0000E6DC                 bset    byte_20E03, #20h ; Set Bit(s)
ROM:0000E6E0
ROM:0000E6E0 loc_E6E0:                               ; CODE XREF: sub_E668+58j
ROM:0000E6E0                                         ; sub_E668+62j
ROM:0000E6E0                 brset   byte_20E03, #4, loc_E6F0 ; Branch if Bits Set
ROM:0000E6E6                 ldd     #3200h          ; Load D
ROM:0000E6EA                 std     word_20E16      ; Store D
ROM:0000E6EE                 bra     loc_E73A        ; Branch Always
ROM:0000E6F0 ; ---------------------------------------------------------------------------
ROM:0000E6F0
ROM:0000E6F0 loc_E6F0:                               ; CODE XREF: sub_E668:loc_E6E0j
ROM:0000E6F0                 ldd     word_20E1A      ; Load D
ROM:0000E6F4                 cpd     word_2A7E5      ; Compare D to Memory
ROM:0000E6F8                 bcc     loc_E706        ; Branch If Carry Clear
ROM:0000E6FA                 brclr   byte_20E03, #10h, loc_E706 ; Branch if Bits Clear
ROM:0000E700                 brclr   byte_20E03, #20h, loc_E71C ; Branch if Bits Clear
ROM:0000E706
ROM:0000E706 loc_E706:                               ; CODE XREF: sub_E668+90j
ROM:0000E706                                         ; sub_E668+92j
ROM:0000E706                 ldd     word_20E1A      ; Load D
ROM:0000E70A                 cpd     word_2A7E7      ; Compare D to Memory
ROM:0000E70E                 bcs     loc_E732        ; Branch If Carry Set
ROM:0000E710                 brset   byte_20E03, #10h, loc_E732 ; Branch if Bits Set
ROM:0000E716                 brclr   byte_20E03, #20h, loc_E732 ; Branch if Bits Clear
ROM:0000E71C
ROM:0000E71C loc_E71C:                               ; CODE XREF: sub_E668+98j
ROM:0000E71C                 ldd     word_20E1A      ; Load D
ROM:0000E720                 ldy     #6E5h           ; Load IY
ROM:0000E724                 pshm    D               ; Push Multiple Registers
ROM:0000E726                 jsr     sub_1A722       ; Jump to Subroutine
ROM:0000E72A                 ais     #2              ; Add Immediate Data to SP
ROM:0000E72C                 std     word_20E16      ; Store D
ROM:0000E730                 bra     loc_E73A        ; Branch Always
ROM:0000E732 ; ---------------------------------------------------------------------------
ROM:0000E732
ROM:0000E732 loc_E732:                               ; CODE XREF: sub_E668+A6j
ROM:0000E732                                         ; sub_E668+A8j ...
ROM:0000E732                 ldd     #3200h          ; Load D
ROM:0000E736                 std     word_20E16      ; Store D
ROM:0000E73A
ROM:0000E73A loc_E73A:                               ; CODE XREF: sub_E668+86j
ROM:0000E73A                                         ; sub_E668+C8j
ROM:0000E73A                 brclr   byte_20E03, #4, loc_E750 ; Branch if Bits Clear
ROM:0000E740                 ldd     word_20E1A      ; Load D
ROM:0000E744                 cpd     word_2A7E9      ; Compare D to Memory
ROM:0000E748                 bcs     loc_E75A        ; Branch If Carry Set
ROM:0000E74A                 cpd     word_2A7EB      ; Compare D to Memory
ROM:0000E74E                 bcc     loc_E75A        ; Branch If Carry Clear
ROM:0000E750
ROM:0000E750 loc_E750:                               ; CODE XREF: sub_E668:loc_E73Aj
ROM:0000E750                 ldd     #3200h          ; Load D
ROM:0000E754                 std     word_20E14      ; Store D
ROM:0000E758                 bra     loc_E76E        ; Branch Always
ROM:0000E75A ; ---------------------------------------------------------------------------
ROM:0000E75A
ROM:0000E75A loc_E75A:                               ; CODE XREF: sub_E668+E0j
ROM:0000E75A                                         ; sub_E668+E6j
ROM:0000E75A                 ldd     word_20E1A      ; Load D
ROM:0000E75E                 ldy     #70Bh           ; Load IY
ROM:0000E762                 pshm    D               ; Push Multiple Registers
ROM:0000E764                 jsr     sub_1A722       ; Jump to Subroutine
ROM:0000E768                 ais     #2              ; Add Immediate Data to SP
ROM:0000E76A                 std     word_20E14      ; Store D
ROM:0000E76E
ROM:0000E76E loc_E76E:                               ; CODE XREF: sub_E668+F0j
ROM:0000E76E                 ldz     0, Z            ; Load IZ
ROM:0000E770                 ais     #6              ; Add Immediate Data to SP
ROM:0000E772                 rts                     ; Return From Subroutine
ROM:0000E772 ; End of function sub_E668
ROM:0000E772

Tgui · **Joined:** Tue Jul 11, 2006 9:25 pm **Posts:** 1025

lol, nice

I need to get a hold of a manual describing the branch types and conditions for this instruction set.

qoncept · **Posted:** Thu Sep 21, 2006 3:05 pm

moose wrote:

How much RAM is available? Would it be possible to have more than one map stored (I guess that depends on the # of tables you want to make real time), and have the hooks look at an address that might contain all zeroes for no realtime data available, or an offset for the start of the realtime map tables?

I'm not sure how Cobb does it' but I'd assume they have all of the switchable maps loaded in to memory and you change a single byte or whatever to switch them. This could be way off, having a single realtime map loaded in to RAM at a time and replacing it when you switch. But either way, since the only method we'll have to switch maps is to hook a laptop up with it, there isn't a whole lot of advantage to storing multiple tunes in RAM -- just keep them on your laptop and write them to RAM as you switch.

ev8siv3 · **Joined:** Fri Mar 24, 2006 3:14 pm **Posts:** 768

Jon [in CT] wrote:

ev8siv3 wrote:

Yes, the Addresses for the RT data are stored in the code and are static. The values are block copied when loaded and will revert to the base map when ecu is reset.

Not quite sure what you mean. Is there an additional routine that runs when the ignition key is turned to ON which guarantees there are always realtime maps present, even if it has to copy the maps from ROM to RAM in order to make it so? If true, then all the ECU instructions for accessing those maps could be changed to unconditionally load values from the RAM version and never worry about loading them from ROM.

I still don't see how a C compiler is going to help you, though.

We need a C compiler and a HC16 Assembler for better custom coding. There are C compilers that do the job right, and converting to a more known language can help in development of more options and features. I know it's not necessary for RT tuning, but things like launch control, boost switching, etc.. will come in handy.

Tgui · **Joined:** Tue Jul 11, 2006 9:25 pm **Posts:** 1025

qoncept wrote:

moose wrote:

How much RAM is available? Would it be possible to have more than one map stored (I guess that depends on the # of tables you want to make real time), and have the hooks look at an address that might contain all zeroes for no realtime data available, or an offset for the start of the realtime map tables?

I'm not sure how Cobb does it' but I'd assume they have all of the switchable maps loaded in to memory and you change a single byte or whatever to switch them. This could be way off, having a single realtime map loaded in to RAM at a time and replacing it when you switch. But either way, since the only method we'll have to switch maps is to hook a laptop up with it, there isn't a whole lot of advantage to storing multiple tunes in RAM -- just keep them on your laptop and write them to RAM as you switch.

I'd agree, since you need the accessPort attached to OBD2 to switch maps. Would there be a way to detect a combination of events to trigger a map switch. Defroster on plus left door unlocked means map1 is used? Half joke.

qoncept · **Posted:** Thu Sep 21, 2006 3:13 pm

Tgui wrote:

I'd agree, since you need the accessPort attached to OBD2 to switch maps. Would there be a way to detect a combination of events to trigger a map switch. Defroster on plus left door unlocked means map1 is used? Half joke.

I don't see why not.. doesn't Ecuschtek do something like that? Brake + defrost or something. Just need to add some code to the ECU.. And Braden is right, if we could write code in C for the ECU it would open up a whole new world. I know the Honda guys use Javascript. We might want to look at pgmfi.org for some more help on that..

RomRaider

Forum rules

Realtime Tuning Progress

Who is online