[Gmecm] disassembly 101 / writing a commented hack

William Lucke william.lucke
Wed Dec 13 04:24:25 UTC 2006 

Ok, I downloaded ALDLStuff.zip, opened it up, read the index file and 
figured out that I want A210.DS to work with OBDI Northstar code. 
Looking through A210, I see bit-by-bit definitions for the data that the 
computer spews out the ALDL datastream, but don't see how that tells me 
where in the PROM to look. The first item in the ALDL stream is the PROM 
ID, which is the first byte (two bytes?) of the .bin, so I can search 
for that, but I'm not sure what to do when I get there.

Also, isn't the operating data stored in RAM? How does that bear on 
disassembling the contents of the PROM?



Will


> From: Ryan Hess <rgmecm at yahoo.com>
> Subject: Re: [Gmecm] disassembly 101 / writing a commented hack
> 
> Disappear for 2 days, and I've got 3 pages of new emails from this list.  Cripes!
> 
> Will,
> 
> The P4 is what I'm running.  It's the generic OBDI computer with the 68hc11 variant... 7730, 7727, 9396, 7749 and probably 50 others.  Yours may be a P6, although that may be the OBDI northstar computer.  There's also a P66, which is probably the OBDII computer... maybe.  I'm not entirely sure where the lines are drawn, but it has to do with the processor(s) used.  I wanna say the P6 is a dual hc11 ECM, but again, not sure.  If someone could clarify that, that would be great.
> 
> I use tunercat's disassembler just because it's so simple to use.  I tried using IDA pro, but got nowhere fast.  Maybe with a week long session on how to work it...
> 
> You *need* the ALDL definition, what gets sent in what byte.  With that you can take educated guesses as to what things are and what they do.  For instance, if you know what byte is VSS, you can backtrack into the code for that RAM location, and find everything that looks up the VSS.  Same for EGR, etc, then you can start saying "okay, this block of code has to do with the EGR"...
> 
> You mentioned wanting to use an IAC vs an ISM on yours, but that will require new hardware in addition to the code.  Cadillac is in their own little world as far as their engines and engine management goes.  The 4.9 ISM likely carried over onto the early northstar engine.
> 
> The OBDII ECM was done by Siemens... I think we discussed earlier that they used some nasty compiled code, so disassembly won't help you much there.  Source code would be what you want, and Siemens won't play nice.
> 
> Ryan
> 
> 
> William Lucke <william.lucke at highspeedlink.net> wrote: 
> No I do not have that disassmbler. Is this the correct page to get it: 
> http://dewhisna.home.netcom.com/download.html ?
> 
> I've heard of IDA... I guess I need to get Tunercat's as well and see 
> which one I like.
> 
> I don't know if there is a data definition for the ALDL stream. I would 
> assume so... I don't know about the stock chips, but my modified 
> engine-management-only program refuses to talk to a tech1. It ONLY talks 
> to the Cadillac IPC.
> 
> What's the definition of a P4 ECM? What are the other types? What 
> distinguishes them from each other?
> 
> Thanks
> 
> 
> Will
> 
> 
> 
>> From: davesnothereman at netscape.net
>> Subject: Re: [Gmecm] disassembly 101 / writing a commented hack
>>
>> I use Donald Whisnant's (spelling?) code seeking disassembler.  It's 
>> freeware written to disassemble code from GMECM's.  Tunercat also has 
>> one, but I'm not as familiar with it.  IDA Pro is also good, but not so 
>> free.
>>
>> Is there a data definition file for the norstar ALDL stream?  That 
>> would at least provide the correct order to the ALDL data words if you 
>> can find the ALDL xmit table.
>>
>> Most of the ALDL tables I've looked at begin with the prom id byte 
>> located in the beginning of the calibration.  If you know or can work 
>> out the calibration address then you might be able to make a guess at 
>> the beginning of the ALDL table.
>>
>> You're famaliar with the reset vectors located at the end of Motorola 
>> code... use those to separate code from cal. data.
>>
>> If you're working with a P4 ecm, look for hardware addresses in the 
>> 3XXX range and attempt to use those with known calibrations from other 
>> P4's to locate specific portions of code.  Use pattern matching to 
>> attempt to locate and  identify some common routines such as spark 
>> timing calculation.
>>
>> There's probably people much better at this than I am who can offer 
>> better clues.  But will they?
>>
>> Zaphod
>>
>> -----Original Message-----
>> From: William Lucke 
>> To: gmecm at diy-efi.org
>> Sent: Sun, 14 May 2006 14:53:22 -0400
>> Subject: [Gmecm] disassembly 101 / writing a commented hack
>>
>>    I'd like to get started hacking the OBDI Cadillac Northstar computer 
>> (). I have a couple of different BCC's, as well as a dyno program that 
>> only has engine management turned on.
>>
>>   I'm familiar with assembly and have worked with commercial 68HC11's in 
>> development boards. I'm familiar with the concepts of disassembly and 
>> I'm ready to devote the time necessary to reverse engineer this 
>> program.
>>
>>  What I'm not sure of, however, is where to start.
>>  What's the best disassembler to use on GM chip images?
>>
>>   Is there a listing of the memory locations of the data for the ALDL 
>> stream? Other than starting at the beginning, I'm not entirely sure how 
>> to enter the program and know what's what.
>>
>>
>>  Will

More information about the Gmecm mailing list