Explain Registers to me

Disassembly, Programming, Coding, Assembly, Binary information and all hacking discussions belong here.

Explain Registers to me

Unread postby ironmanisanemic » Mon Jul 13, 2015 6:47 pm

Hello,

I'm sure this is a very basic question, and i am not a coder by any means, but i am trying to teach myself how to at least read Ford ASM so I can write my own defs. I'm having a bit of a hard time understanding registers. Looking over the code i find the same register called all over the place, but dont know what its actually referencing, what its actually pointing to, so reading the code doesn't seem to make much sense. Right now im looking at the MAF code, because thats all i have looked up right know because of your writeup. Could someone give me a basic rundown of whats going on in the code so i have an idea how to interpret it?

Code: Select all
 
 subr_MAF:
8 74d1: f2                pushp                push(PSW);
8 74d2: af,f0,02,3a       ldzbw R3a,[Rf0+2]    R3a = (uns)[2062];
8 74d6: 08,01,3a          shrw  R3a,1          R3a = R3a / 2;
8 74d9: b1,01,38          ldb   R38,1          R38 = 1;
8 74dc: c4,39,38          stb   R38,R39        R39 = R38;
8 74df: 93,3b,3d,9a,38    orb   R38,[R3a+9a3d] R38 |= [R3a+9a3d];
8 74e4: ef,4c,b2          call  2733           Sub290();
8 74e7: b1,03,42          ldb   R42,3          R42 = 3;
8 74ea: e0,42,fd          djnz  R42,74ea       R42--;
                                               if (R42 !=  0) goto 74ea;
8 74ed: b0,15,36          ldb   R36,R15        R36 = LSSI_A;
8 74f0: 73,3b,3f,9a,36    an2b  R36,[R3a+9a3f] R36 &= [R3a+9a3f];
8 74f5: 9b,3b,41,9a,36    cmpb  R36,[R3a+9a41]
8 74fa: df,f1             je    74ed           if (R36 == [R3a+9a41]) goto 74ed;
8 74fc: fa                di                   disable ints;
8 74fd: b0,19,47          ldb   R47,R19        R47 = LSSI_C;
8 7500: b0,17,46          ldb   R46,R17        R46 = LSSI_B;
8 7503: b0,15,36          ldb   R36,R15        R36 = LSSI_A;
8 7506: fb                ei                   enable ints;
8 7507: 93,3b,43,9a,39    orb   R39,[R3a+9a43] R39 |= [R3a+9a43];
8 750c: 98,39,36          cmpb  R36,R39       
8 750f: d7,c8             jne   74d9           if (R36 != R39) goto 74d9;
8 7511: c3,68,32,46       stw   R46,[R68+32]   [R68+32] = R46;
8 7515: a1,62,22,36       ldw   R36,2262       R36 = func_MAF_Transfer;       // MAF Transfer Function
8 7519: a0,46,38          ldw   R38,R46        R38 = R46;
8 751c: ef,24,b4          call  2943           Sub211();
8 751f: c0,29,3c          stw   R3c,R29        R29 = R3c;
8 7522: f3                popp                 pop(PSW);
8 7523: f0                ret                  return;


Thank you
ironmanisanemic
A+ Contributor
 
Posts: 164
Joined: Sat Nov 09, 2013 10:50 am
Location: Vandenberg AFB, CA
Name: Miles
Vehicle Information: 89 Ford Bronco - 393W, Professional Products 190cc heads, Custom Comp Cams hyd roller cam, Edelbrock EFI Mustang intake, 10:1 compression, 30lb TrickFlow injectors, ProM 80mm Mass Air Meter, 2-1/2" into 3" y pipe, no cat, and hooker aerochamber muffler. U4P0 computer with Quarterhorse and BE, EA. AOD with all of the goodies.

Re: Explain Registers to me

Unread postby decipha » Mon Jul 13, 2015 8:33 pm

Rxx is the register, its just a byte of ram

in most strats, most registers from 30 through 50 are scratch registers, that means they are unimportant registers that the ecu uses as scratch paper, you can do your math with those memory addresses and you wont affect anything important

anytime you see a value in brackets [xxxx] the ecu is loading the value inside that register to ram and not that actual address

so the first thing happening in the maf routine is the ecu pushing the routine to the stack, thats that f2 opcode, the stack is an array of addresses, when the ecu hits a return opcode "f0" is jumps to the next address on the stack, think of the stack as a que listing of where to go next

the first arithmetic the ecu is doing in that routine is loading the contents of 2062 into scratch register 3a
lets say for this example its 2

next its dividing by 2 so 1 = 2 / 2 3a is now 1

38 is set to 1

then 39 is set to 38 which is 1 so they're both 1 now
38=1
39=1

next its doing an OR compare, so if any of the bits are 1 the output bit is 1

we know 38 = 1 which in bits is 00000001
3a=1 so [9a4d] is being OR compared

the ecu defaults to bank 1 go look up 1 9a4d and do an or compare

next it calls the routine at 8 2733, chances are its doing something with r38 since it was modified right before calling it

most likely youll see something like 0/200 or so in that function, the ecu is setting up the ad channel to read the mafv
User avatar
decipha
Tooner
 
Posts: 15787
Joined: Mon Jul 15, 2013 5:29 pm
Location: New Orleans, LA
Name: Michael Ponthieux
Vehicle Information: Supercoupin' x10
90 (4x 5spds) - Dante, Ruby, Daja, Ava
91 4r70w - Skarlett
92 (2x) 5spd & auto - Bianqa, Andrea
93 auto - Danika
94 5spd Rionda
95 auto Aisha
Vehicle 2 Information: Others:
00 Lincoln LS - Luanda
98 Camaro SS - Bounquisha
02 Harley F-150 - Sasasha
03 Marauder - DyShyKy
00 Explorer 5L - Bernyce

Re: Explain Registers to me

Unread postby ironmanisanemic » Mon Jul 13, 2015 10:21 pm

decipha wrote:Rxx is the register, its just a byte of ram

in most strats, most registers from 30 through 50 are scratch registers, that means they are unimportant registers that the ecu uses as scratch paper, you can do your math with those registers and you wont affect anything important

What are the registers before and after those for? are they generally unimportant for the purposes of dissasembly at this level?

anytime you see a value in brackets [xxxx] the ecu is loading the value inside that register to ram and not that actual address

So this isnt referencing a specific memory address? this is the value it determined after it added Rf0 and 2? Or is it taking the value in that location and loading it to ram in that register?
Code: Select all
8 74d2: af,f0,02,3a       ldzbw R3a,[Rf0+2]    R3a = (uns)[2062];

What about when i see something like this?
Code: Select all
8 74f0: 73,3b,3f,9a,36    an2b  R36,[R3a+9a3f] R36 &= [R3a+9a3f]


so the first thing happening in the maf routine is the ecu pushing the routine to the stack, thats that f2 opcode, the stack is an array of addresses, when the ecu hits a return opcode "f0" is jumps to the next address on the stack, think of the stack as a que listing of where to go next

the first arithmetic the ecu is doing in that routine is loading the contents of 2062 into scratch register 3a
lets say for this example its 2

How do i determine what bank it is referencing? do i assume bank 1 since that is where all of the tables appear to be stored? If we are referring to memory location 2062 in bank 1, then the value is in fact 2 at that address

next its dividing by 2 so 1 = 2 / 2 3a is now 1

38 is set to 1

then 39 is set to 38 which is 1 so they're both 1 now
38=1
39=1

next its doing an OR compare, so if any of the bits are 1 the output bit is 1

we know 38 = 1 which in bits is 00000001
3a=1 so [9a4d] is being OR compared

Im assuming you did a typo and meant 9a3d in this example. the value for this is 60.

the ecu defaults to bank 1 go look up 1 9a4d and do an or compare

So what does it do after it compares the value? Does it store a new value in the register?

next it calls the routine at 8 2733, chances are its doing something with r38 since it was modified right before calling it

This routine was stored in bank 8 and not bank 1. Is there any way to tell for sure what bank its referencing?

most likely youll see something like 0/200 or so in that function, the ecu is setting up the ad channel to read the mafv

So in that routine is exactly what you described.
Code: Select all
Sub290:
8 2733: f2                pushp                push(PSW);
8 2734: fa                di                   disable ints;
8 2735: c4,15,38          stb   R38,R15        LSSO_A = R38;
8 2738: 08,09,00          shrw  0,9            0 = 0 / 200;
8 273b: 08,09,00          shrw  0,9            0 = 0 / 200;
8 273e: f3                popp                 pop(PSW);
8 273f: f0                ret                  return;

So from what i can gather, it stores R38 in LSSO_A then divides it by 200. It does this a second time, then pops back to the stack and returns to the previous routine?

ironmanisanemic
A+ Contributor
 
Posts: 164
Joined: Sat Nov 09, 2013 10:50 am
Location: Vandenberg AFB, CA
Name: Miles
Vehicle Information: 89 Ford Bronco - 393W, Professional Products 190cc heads, Custom Comp Cams hyd roller cam, Edelbrock EFI Mustang intake, 10:1 compression, 30lb TrickFlow injectors, ProM 80mm Mass Air Meter, 2-1/2" into 3" y pipe, no cat, and hooker aerochamber muffler. U4P0 computer with Quarterhorse and BE, EA. AOD with all of the goodies.

Re: Explain Registers to me

Unread postby decipha » Mon Jul 13, 2015 11:10 pm

all registers are important typically 30-50 are scratch, usually somewhere in the 6 range say 6e or 6f are the BIO Direction ports to actuate the PINS

except eec-iv, gufb for example controls pins on register 47, and some may be used for bit flags in there

[1+9a3d] is [9a4d] so the value in rom location 9a4d is being OR compared

f0 is a pointer to 2060, 2060+2 = 2062, since its in brackets, the value at that address is loaded into 3a

for the bit compare, it stores the result of the OR compare in register 36

the current bank is the default for all jumps or calls, unless you see an rbank being made or a bunch of funky code messing with the stack before a lookup, the current bank is referenced for calls and jumps, however for any rom address in brackets [xxxx], bank 1 is the default bank being referenced
User avatar
decipha
Tooner
 
Posts: 15787
Joined: Mon Jul 15, 2013 5:29 pm
Location: New Orleans, LA
Name: Michael Ponthieux
Vehicle Information: Supercoupin' x10
90 (4x 5spds) - Dante, Ruby, Daja, Ava
91 4r70w - Skarlett
92 (2x) 5spd & auto - Bianqa, Andrea
93 auto - Danika
94 5spd Rionda
95 auto Aisha
Vehicle 2 Information: Others:
00 Lincoln LS - Luanda
98 Camaro SS - Bounquisha
02 Harley F-150 - Sasasha
03 Marauder - DyShyKy
00 Explorer 5L - Bernyce

Re: Explain Registers to me

Unread postby ironmanisanemic » Mon Jul 13, 2015 11:36 pm

That makes sense. So are pointers finite or do they change like registers?

If bank 1 is the default for lookups, is that also true for routine calls? Or do they call from the same bank unless a bank call was made?

Do registers carry over from routine to routine? or are they cleared once the routine is done? If they are carried over do you just have to keep a log of the values as you run through the routines?
ironmanisanemic
A+ Contributor
 
Posts: 164
Joined: Sat Nov 09, 2013 10:50 am
Location: Vandenberg AFB, CA
Name: Miles
Vehicle Information: 89 Ford Bronco - 393W, Professional Products 190cc heads, Custom Comp Cams hyd roller cam, Edelbrock EFI Mustang intake, 10:1 compression, 30lb TrickFlow injectors, ProM 80mm Mass Air Meter, 2-1/2" into 3" y pipe, no cat, and hooker aerochamber muffler. U4P0 computer with Quarterhorse and BE, EA. AOD with all of the goodies.

Re: Explain Registers to me

Unread postby decipha » Mon Jul 13, 2015 11:45 pm

pointers are usually set in the console routine, its usually the first routine in the primary vector list, if you search your listing for

Rf0 =

you should find where the pointers are being set and to what address they are referencing
those ram pointers will usually only be set in that one routine and not anywhere else in the code

bank 1 is the default for [xxxx] variable lookups not jumps or calls, when a routine is being called it will call to the current bank unless a reference bank is being set right before the call, thats the rbank opcode

the registers are carried over, if a routine needs to clear a register for any reason then youll see that register set to 0 in the code to clear it

I usually keep a mental note of whats being used within a routine when it calls another, I find it easier if you open up the listing again in a second window so you can follow the call without having to scroll and loose the place where your at
User avatar
decipha
Tooner
 
Posts: 15787
Joined: Mon Jul 15, 2013 5:29 pm
Location: New Orleans, LA
Name: Michael Ponthieux
Vehicle Information: Supercoupin' x10
90 (4x 5spds) - Dante, Ruby, Daja, Ava
91 4r70w - Skarlett
92 (2x) 5spd & auto - Bianqa, Andrea
93 auto - Danika
94 5spd Rionda
95 auto Aisha
Vehicle 2 Information: Others:
00 Lincoln LS - Luanda
98 Camaro SS - Bounquisha
02 Harley F-150 - Sasasha
03 Marauder - DyShyKy
00 Explorer 5L - Bernyce

Re: Explain Registers to me

Unread postby ironmanisanemic » Wed Jul 15, 2015 10:10 pm

So ive done a search for Rf0 = and i come up with no results. i cant find where its being defined to an address. Any ideas what could be going on?
ironmanisanemic
A+ Contributor
 
Posts: 164
Joined: Sat Nov 09, 2013 10:50 am
Location: Vandenberg AFB, CA
Name: Miles
Vehicle Information: 89 Ford Bronco - 393W, Professional Products 190cc heads, Custom Comp Cams hyd roller cam, Edelbrock EFI Mustang intake, 10:1 compression, 30lb TrickFlow injectors, ProM 80mm Mass Air Meter, 2-1/2" into 3" y pipe, no cat, and hooker aerochamber muffler. U4P0 computer with Quarterhorse and BE, EA. AOD with all of the goodies.

Re: Explain Registers to me

Unread postby ironmanisanemic » Wed Jul 15, 2015 10:15 pm

I attached my disassembly files if you get the time to look at them. Maybe you can see something im missing.
You do not have the required permissions to view the files attached to this post.
ironmanisanemic
A+ Contributor
 
Posts: 164
Joined: Sat Nov 09, 2013 10:50 am
Location: Vandenberg AFB, CA
Name: Miles
Vehicle Information: 89 Ford Bronco - 393W, Professional Products 190cc heads, Custom Comp Cams hyd roller cam, Edelbrock EFI Mustang intake, 10:1 compression, 30lb TrickFlow injectors, ProM 80mm Mass Air Meter, 2-1/2" into 3" y pipe, no cat, and hooker aerochamber muffler. U4P0 computer with Quarterhorse and BE, EA. AOD with all of the goodies.

Re: Explain Registers to me

Unread postby ranga83 » Fri May 27, 2016 4:17 am

all registers are important typically 30-50 are scratch
I've been working off this, assuming R38 was just a scratch register. however I have just found R38 also being used a pointer.
Code: Select all
stb   R42,[R38+836]  [R38+836] = R42;
, but I cant find a base address for it. I did read something in a reply to one of mpatons posts on eectuning the other night and was just wondering if its true for all bins/strats.
R38 means Register 38 located at address x0038 which is RAM
ranga83
Power Poster
 
Posts: 241
Joined: Sat May 24, 2014 10:40 pm
Location: melbourne, victoria, australia
Name: kendall
Vehicle Information: 1996 EF Falcon 4.0 inline 6, 4TAD ecu, tunerpro, and moates q/h

Re: Explain Registers to me

Unread postby decipha » Fri May 27, 2016 6:06 am

scratch registers are very often used as pointers but its only temporary, to find out where its pointing to you need to work the code back and see what it was last assigned to or how it was used last

generally, in most strats, registers in the 20,30,40, and even the lower 50s are often temporary scratch registers
User avatar
decipha
Tooner
 
Posts: 15787
Joined: Mon Jul 15, 2013 5:29 pm
Location: New Orleans, LA
Name: Michael Ponthieux
Vehicle Information: Supercoupin' x10
90 (4x 5spds) - Dante, Ruby, Daja, Ava
91 4r70w - Skarlett
92 (2x) 5spd & auto - Bianqa, Andrea
93 auto - Danika
94 5spd Rionda
95 auto Aisha
Vehicle 2 Information: Others:
00 Lincoln LS - Luanda
98 Camaro SS - Bounquisha
02 Harley F-150 - Sasasha
03 Marauder - DyShyKy
00 Explorer 5L - Bernyce

Re: Explain Registers to me

Unread postby ranga83 » Fri May 27, 2016 6:28 am

so I wasnt going nuts nut being able to find a base addy for it haha. that also explains why I cant find the base addys for R2a etc.
thanks
ranga83
Power Poster
 
Posts: 241
Joined: Sat May 24, 2014 10:40 pm
Location: melbourne, victoria, australia
Name: kendall
Vehicle Information: 1996 EF Falcon 4.0 inline 6, 4TAD ecu, tunerpro, and moates q/h


Return to Programming & Coding

Who is online

Users browsing this forum: No registered users and 1 guest