I've been futzing with IDA for a few days now and I'm slowly starting to get the hang of it. The addresses from the logger and ECU xml files were
tremendously helpful, I have to thank Merchgod and everyone else who contributed to those. I probably would not have gotten anywhere at all without the head start those files provided.
I found the fuel cut / resume logic, and I have a plan in mind for a launch control / FFS hack. However, I need some help with a couple issues. Here's a overview of what I want to do...
1) Find an available area in RAM to store 9 values:
"active" fuel cut and resume RPM settings
fuel cut and resume RPM for redline (clutch out) (in RAM just for testing purposes really)
fuel cut and resume RPM for launch (clutch in, vehicle speed below threshold)
fuel cut and resume RPM for shifting (clutch in, vehicle speed above threshold)
vehicle speed threshold for switching between launch and shift modes
2) Write some PC software that can read and write those values. This is the only part that I actually have full confidence that I could do right now on my own.
3) At boot time, initialize all 8 RPM values with the redline cut/resume values in the ROM, and set the speed threshold to something sane.
4) Change the existing fuel cut / resume logic to look at the "active" cut and resume values in RAM, instead of the values in ROM.
5) Find an available area in ROM and enter some code to copy cut/resume RPM values from one of the 3 pairs (depending on clutch switch and vehicle speed) into the "active" settings.
6) Insert a hook in the existing fuel cut / resume logic to jump into that code, which will of course jump back when it's done.
Here's what I need help with:
a) How can I find a safe place in RAM to store those 9 values? There are at least 3 fairly large ranges with no labels/xrefs defined, but I worry that there might be referenced by code that just hasn't been analyzed yet (there's still a fair amount of that). I can try reading from those ranges right after a reset, and after driving around for a while, but if anyone has better ideas I'd love to hear them.
b) How can I find a safe place in ROM to put the code that I want to add? I don't have enough of the ROM defined to really have much confidence in my guesses so far.
c) Where's a good place to insert a hook to do step 3 above? (Copy default rev limits to the RAM locations.) I want this code to run once, after each reset. There's probably some existing code to initialize RAM values but I haven't found it yet.
If anyone can lend a hand I'd really appreciate it.
Thanks!
