I know it's a ralliart not an EVO but I've been having a lot of trouble finding the MUT table in this rom. I'm wondering if anyone experienced with the EVO rom disassembly might have insight into the pointer tables one finds in the rom...
Code:
ROM_:0003D324 unknown_ram_pointers:.word unk_80B300 ; DATA XREF: sub_57938+4�o
ROM_:0003D328 .word unk_80B301
ROM_:0003D32C .word unk_80B302
ROM_:0003D330 .word unk_80B303
ROM_:0003D334 .word unk_80B307
ROM_:0003D338 .word 0
-SNIP-
ROM_:0003D35C .word 0
ROM_:0003D360 .word 0
ROM_:0003D364 .word unk_80B100
ROM_:0003D368 .word unk_80B101
ROM_:0003D36C .word unk_80B102
ROM_:0003D370 .word unk_80B103
ROM_:0003D374 .word unk_80B104
This does not look like a MUT table to me - also the fact that the pointers seem to be sorted. I haven't finished the processor module for IDA so it still needs a little extra code so I can complete the references in the code to each RAM pointer.
Then there is another list that's just straight un-interrupted pointers and they are not sorted and there are no gaps in the list. Perhaps but I haven't found many references in the code to these items. This tells me the same pointer list is used to read and to write the values. Doesn't strike me as mut like.
Code:
ROM_:0000B7D4 .short 264
ROM_:0000B7D6 .short 0xFFFF
ROM_:0000B7D8 .word sub_250F8
ROM_:0000B7DC .short 320
ROM_:0000B7DE .short 0xFFFF
ROM_:0000B7E0 .word sub_25158
ROM_:0000B7E4 .short 384
ROM_:0000B7E6 .short 0xFFFF
ROM_:0000B7E8 .word sub_25190
ROM_:0000B7EC .short 513
ROM_:0000B7EE .short 0xFFFF
ROM_:0000B7F0 .word sub_25194
ROM_:0000B7F4 .short 32
ROM_:0000B7F6 .short 0xFFFF
ROM_:0000B7F8 .word sub_25198
I'm pretty sure this is a list of OBD2 tests since the pointers are to functions.
Code:
ROM_:0000D2AC .word unk_8052AA
ROM_:0000D2B0 .word unk_80A0EE
ROM_:0000D2B4 .short 0x1D
ROM_:0000D2B6 .short 1
ROM_:0000D2B8 .short 0xFFFF
ROM_:0000D2BA .short 1
ROM_:0000D2BC .word 0
ROM_:0000D2C0 .word unk_80B2E8
ROM_:0000D2C4 .word unk_80A0F4
ROM_:0000D2C8 .short 0x1E
ROM_:0000D2CA .short 1
ROM_:0000D2CC .short 0xFFFF
ROM_:0000D2CE .short 1
ROM_:0000D2D0 .word 0
ROM_:0000D2D4 .word unk_806114
ROM_:0000D2D8 .word unk_80A0FA
ROM_:0000D2DC .short 0x21
ROM_:0000D2DE .short 1
ROM_:0000D2E0 .short 0x3E8
ROM_:0000D2E2 .short 9
ROM_:0000D2E4 .word 1
This is an interesting one. Clearly it follows the same structure.
The last record is here:
Code:
ROM_:0000D86C .short 0x64
ROM_:0000D86E .short 0x51
ROM_:0000D870 .word 0xA
ROM_:0000D874 .word unk_805EE4
ROM_:0000D878 .word unk_80AE5E
ROM_:0000D87C .short 0xFFFF
ROM_:0000D87E .short 0xFFFF
This leads me to believe the last 2 words are for the next itemid or similar since 0xffff is obviously as high as you can go... It contains 90-95 of these records depending on where you believe it starts.
Do any of these structures ring bells with anyone who has worked on the evo stuff? Sometimes Mitsubishi uses the same things on completely different ECUs.
-Michael
