Now what?
Mike Pitts
mpitts at netspeak.com
Tue May 25 21:19:27 GMT 1999
Visually finding the ALDL transmit table usually isn't too hard.
Just look for a sequence of 16-bit numbers which appear to be a
combination of RAM and a ROM addresses. The chip id will be the
ROM address and the RAM addresses will be the variables. Usually
looks something like this:
Assuming the EPROM starts at 0x4000:
XXXX: 00 0C 00 0D 40 00 40 02 01 1D 00 E0 00 01
The above data could be reformatted to read:
000C <- A RAM address
000D <- A RAM address
4000 <- A ROM address
4001 <- A ROM address
011D <- A RAM address
00E0 <- A RAM address
0001 <- A RAM address
Then, if you know what the scan tool format is for the
particular application, you can reverse it as follows:
If the scan tool receives (FLAGS, FLAGS, CHIP ID, MAP, TPS, FLAGS, ...)
Your table would be:
000C <- FLAGS
000D <- FLAGS
4000 <- CHIPID HI
4001 <- CHIPID LO
011D <- MAP
00E0 <- TPS
0001 <- FLAGS
.
.
.
Some values (like the chip ID) are 16-bit, so they take
two bytes. Others common 16-bit values are O2 volts,
battery volts and injector pulse width.
You won't need to look at any asm code to do this kind
of reversing work.
-Mike
-----Original Message-----
From: owner-gmecm at esl.eng.ohio-state.edu
[mailto:owner-gmecm at esl.eng.ohio-state.edu]On Behalf Of Bruce Plecan
Sent: Tuesday, May 25, 1999 5:01 PM
To: gmecm at efi332.eng.ohio-state.edu
Subject: Re: Now what?
Which brings me right back to how to I read the code to see where the ALDL
starts??.
What two pieces of hardware are you taking about?. the output to the "LorM
pin of the ALDL connector?"
Bruce
More information about the Gmecm
mailing list