EvolutionM - Mitsubishi Lancer and Lancer Evolution Community

Notices
Evo X Engine Management / Tuning Forums Discuss the major engine management systems.

How to find that MUT table & others

Thread Tools
 
Search this Thread
 
Old Oct 7, 2009 | 10:24 AM
  #1  
hackish's Avatar
hackish
Thread Starter
Evolved Member
 
Joined: Aug 2004
Posts: 528
Likes: 0
From: Canada
How to find that MUT table & others
I know it's a ralliart not an EVO but I've been having a lot of trouble finding the MUT table in this rom. I'm wondering if anyone experienced with the EVO rom disassembly might have insight into the pointer tables one finds in the rom...

Code:
ROM_:0003D324     unknown_ram_pointers:.word unk_80B300   ; DATA XREF: sub_57938+4o
ROM_:0003D328             .word unk_80B301
ROM_:0003D32C             .word unk_80B302
ROM_:0003D330             .word unk_80B303
ROM_:0003D334             .word unk_80B307
ROM_:0003D338             .word 0

-SNIP-

ROM_:0003D35C             .word 0
ROM_:0003D360             .word 0
ROM_:0003D364             .word unk_80B100
ROM_:0003D368             .word unk_80B101
ROM_:0003D36C             .word unk_80B102
ROM_:0003D370             .word unk_80B103
ROM_:0003D374             .word unk_80B104
This does not look like a MUT table to me - also the fact that the pointers seem to be sorted. I haven't finished the processor module for IDA so it still needs a little extra code so I can complete the references in the code to each RAM pointer.

Then there is another list that's just straight un-interrupted pointers and they are not sorted and there are no gaps in the list. Perhaps but I haven't found many references in the code to these items. This tells me the same pointer list is used to read and to write the values. Doesn't strike me as mut like.

Code:
ROM_:0000B7D4             .short 264
ROM_:0000B7D6             .short 0xFFFF
ROM_:0000B7D8             .word sub_250F8
ROM_:0000B7DC             .short 320
ROM_:0000B7DE             .short 0xFFFF
ROM_:0000B7E0             .word sub_25158
ROM_:0000B7E4             .short 384
ROM_:0000B7E6             .short 0xFFFF
ROM_:0000B7E8             .word sub_25190
ROM_:0000B7EC             .short 513
ROM_:0000B7EE             .short 0xFFFF
ROM_:0000B7F0             .word sub_25194
ROM_:0000B7F4             .short 32
ROM_:0000B7F6             .short 0xFFFF
ROM_:0000B7F8             .word sub_25198
I'm pretty sure this is a list of OBD2 tests since the pointers are to functions.

Code:
ROM_:0000D2AC             .word unk_8052AA
ROM_:0000D2B0             .word unk_80A0EE
ROM_:0000D2B4             .short 0x1D
ROM_:0000D2B6             .short 1
ROM_:0000D2B8             .short 0xFFFF
ROM_:0000D2BA             .short 1
ROM_:0000D2BC             .word 0
ROM_:0000D2C0             .word unk_80B2E8
ROM_:0000D2C4             .word unk_80A0F4
ROM_:0000D2C8             .short 0x1E
ROM_:0000D2CA             .short 1
ROM_:0000D2CC             .short 0xFFFF
ROM_:0000D2CE             .short 1
ROM_:0000D2D0             .word 0
ROM_:0000D2D4             .word unk_806114
ROM_:0000D2D8             .word unk_80A0FA
ROM_:0000D2DC             .short 0x21
ROM_:0000D2DE             .short 1
ROM_:0000D2E0             .short 0x3E8
ROM_:0000D2E2             .short 9
ROM_:0000D2E4             .word 1
This is an interesting one. Clearly it follows the same structure.

The last record is here:
Code:
ROM_:0000D86C             .short 0x64
ROM_:0000D86E             .short 0x51
ROM_:0000D870             .word 0xA
ROM_:0000D874             .word unk_805EE4
ROM_:0000D878             .word unk_80AE5E
ROM_:0000D87C             .short 0xFFFF
ROM_:0000D87E             .short 0xFFFF
This leads me to believe the last 2 words are for the next itemid or similar since 0xffff is obviously as high as you can go... It contains 90-95 of these records depending on where you believe it starts.

Do any of these structures ring bells with anyone who has worked on the evo stuff? Sometimes Mitsubishi uses the same things on completely different ECUs.

-Michael
Reply Like
Old Oct 7, 2009 | 11:08 AM
  #2  
acamus's Avatar
acamus
Evolved Member
 
Joined: Mar 2008
Posts: 730
Likes: 3
From: Lattitude 48.38°, Longitude 17.58°, Altitude 146m = Slovakia, for common dude
Search for #0xBF

You will find something similar to this code:
Code:
000293C8                 ld24    R0, #MUT_TABLE ; 00
000293CC                 add     R7, R0
000293CE                 ld      R2, @R7
000293D0                 ldi16   R7, #0xBF ; '+'
000293D4                 cmpu    R7, R1
Now you have MUT table
Last edited by acamus; Nov 4, 2009 at 10:49 PM.
Reply Like
Old Oct 7, 2009 | 11:31 AM
  #3  
hackish's Avatar
hackish
Thread Starter
Evolved Member
 
Joined: Aug 2004
Posts: 528
Likes: 0
From: Canada
Hmmm. Really good idea. I never thought about approaching it that way. I assume anything larger than BF goes to the control MUT commands and anything less is for variable lookup.

-Michael
Reply Like
Related Topics
Thread
Thread Starter
Forum
Replies
Last Post
The DTC Disable thread (P1235, P1241, P1238, etc)
tephra
ECU Flash
556
Mar 7, 2024 08:31 AM
need Evo 9 owner to test rear O2 *heater* sim patch
mrfred
ECU Flash
316
Apr 24, 2016 11:24 AM
rrstlevo's dd project...
rrstlevo
Project Cars / Build Threads
109
Mar 25, 2016 01:06 PM
96940011 rear O2 sim patch
l2r99gst
ECU Flash
80
Sep 19, 2012 09:03 AM
does the Evo 1-9 adjust timing to fractions of a degree?
mrfred
ECU Flash
44
Dec 11, 2011 07:01 PM
Tags
Back to Subforum
Evo X Engine Management / Tuning Forums
View Next Unread
Boost Gauge q.




Advanced Search
Quick Reply: How to find that MUT table & others


Reply Closed Thread Share

All times are GMT -7. The time now is 08:29 PM.