RomRaider

The last thing I do before flashing my changes is open a patched ROM in the HEW debugger, and start debugging from a couple instructions prior to where it jumps into my code. Then step through my code and confirm that it returns to the original code and keeps executing. I do this for each place where I've hooked into the original code.

If that works, I flash my ECU and hope for the best. I haven't bricked an ECU yet.

Thanks for the idea,

I did that, works great for the WGDC hook, I can't however verify the initializer function fully with that approach. I see the code calling my function which then call the system function but that one never returns (same problem with the un patched rom I tried). It barfs at some point where it tries to read some pointer from a memory address and jump to it. (My interpretation could be wrong).



There is no code at the 0x5AA5A... address

Hummm

Ok, looks like R15 is the HW stack pointer. Once I initialize it with something proper the code seem to be happier, it still doesn't return but it blocks on an IO test I think.

Ok cool,

Got it to fully execute and return by tricking the IO test. Looks like my patch is working okay ! I'll flash in on a night where I don't have to bring my daughter to school the next day ...

Pretty excited

No problem at all with making things easier while you learn, I completely understand The lack of good docs and ready-to-open HEW files doesn't make things easy..

I recall having some issues with simulating the initializer when I added it, and I believe I had to change the location of the resethandler linker section. I'll confirm this the next time I fire up my windows machine.

After making any big changes to the codebase or adding a new rom, I also follow NSFW's procedure and step through each hook manually. Also, I clear the output window before that and check for any errors that may not throw an exception or stop the simulator.

I've committed a set of ready-to-open HEW files to the repo, and updated the readme for basic docs. Basic Sharptune patching API docs are up also.

Hi Merp,

Cool, I will take a look. So I finally got it to work tonight ! My initial try didn't work because I forgot to replace the call to the OEM cel ram variable in my patch metadata file. Did it tonight and inserted some triggers based on defogger and cruise control and I can get it to work flawlessly.

Thanks to you guys for all the documentation and code. I wouldn't have had enough knowledge to start this for scratch but this provided me enough beta to walk through the process, learn how to debug etc.

It's hugely satisfying !

Quick question, in the metadata file that gives the patcher its instruction. I had to use hard coded addresses because I didn't know how to make the tool accept the pointers to the C variable.


Anyway I can do this ?



Thanks

Most definitely, congrats!



It's been some time since I used ASM to do the metadata, I migrated it over to C because there was some hard limitation that I could not find a workaround for. I think this was it.

I don't see a way to do the pointer-to-structure-member thing in ASM, either.

Metadata in C sounds like a great idea.

Ok thanks guys, I'll move this over to sharp tune then. I'll check your doc and see if I can figure it out

Hi guys,

Spent some time looking at HEW the last couple of days... I want to see if I can get any further with the flex-fuel patch. My ROM - AZ1G900C, I see has some patches defined in the Merpmod repository, but not everything is there.

I was hoping to start by just mucking around with some of the already built patches and simulating them, to try and learn by "doing"... I see there is already some map switching stuff, but it doesn't appear to be available for my ROM...

Any ideas on how to actually update the header file for my ROM so that I can compile some of the Flash and Switch patches ?

Short of working backwards from another ROM that has a more complete header file... ?

I have some code in SharpTune that can convert the .h file to a IDC script. From there you can do more analysis and export a .map file which is converted to .h by SharpTune during MerpMod building.

Use a rom with existing defines as a template is a good idea, or poke around the forums, or ask here. I recommend looking at A8DH202X. It is my testing platform and has the most stuff defined. Just keep in mind there have been many changes to the structures since 2006.

Also, I pushed some updates to both MerpMod and SharpTune a couple weeks ago. There were some issues getting it to build/open after cloning the repo, but it should work much better now!

Hi guys,

I have been working a bit more with this. Right now I am reverse engineering how the ECU uses the knock correction additive tables. I have a quick usage question for hew, has anyone been able to use ram location in the variable watch ? I tried changing the scope to global, putting an address, de-referencing the address as a pointer. It always "Not available Now".

It would be handy to have all the variable I am interested in in one pane instead of having to browse through the memory view

Thanks for the help

I'm trying to get Renesas development tools (old HEW) for a SH2E ECU (SH7058)
in my 2006 WRX Impreza. Does anyone know which target OS one needs to pick.

Thanks in advance.

It's defined in the first post of this thread.