PDA

View Full Version : How to monitor RAM memory - OBD II


turbo_bu
04-27-2017, 07:32 PM
As I've been trying to figure out a LS1 disassembly, one thing I have noticed is that most of the math/calls/comparisons are being done the memory above the flash section. (e.g. - the stuff above $FFFF8000). Is there a way to monitor the values in these memory addresses? I have found some general OBDII scan type software which you can type in your own request, but I was wondering if these would work.

Would any of these modes be better than the rest to try?
Mode $12, $2A, $3C, ????
1project2many
04-28-2017, 02:01 AM
Questions about this newer processor and pcm are often beyond what I know but I'll try if no one else is. With the C3 and P4 code it was possible to alter the ALDL code so it sent values from memory. A common one I used was the ScanID as there was no math performed on that value.
turbo_bu
04-28-2017, 02:07 AM
Do you have a copy of the message string that you used? I'm hoping that it might be close enough to try.
1project2many
04-28-2017, 02:41 PM
It's not a message string sent by the scantool. The OBDI ecm sends repeating strings of bytes depending on the mode selected. When the ALDL is active the code sends values from addresses that are hardware or code locations. I would alter one of the addresses to point to a memory location that I wanted to see.

This is code from AYBN $58:

;--------------------------------------------------
; SERIAL DATA ADDRESSES
; ALDL
; F95
;--------------------------------------------------
LC770 FCB $C000 ; 1, EPROM ID WD, MSB
LC772 FCB $C001 ; 2, EPROM ID WD, LSB
;--------------------------------------
LC774 FCB $0003 ; 3 error WORD 1

The code will read the values at address $C000 and $C001 (the first two addresses of the .bin file) and send them to the ALDL. We can look at this section of code:


D40D: ADDD L3FDC ; SPK PW, (DWELL)


Then alter the ALDL section as such:

LC770 FCB $3FDC ;
LC772 FCB $3FDD ;


Causing the scan tool to report the hex value for the current dwell period used by the ignition control hardware.

You would likely have to locate the portion of the code that handles messaging and see if the same strategy will work. Maybe the portion that reads back the VIN would work?