This is a stream-of-consciousness document right now; edits (or comments in the Discussion tab above) are very welcome, if they can help to turn this into something a new developer can use to bootstrap. Windows-related commentary would be especially appreciated.
Most developers working on Evo ECU disassembly use some version of IDA Pro Advanced (the Standard and Freeware editions do not contain processor support for the SH processors in Evo ECUs).
Since most people aren't superhuman geeks, they tend to rely on an assembler for writing new code. KPIT Cummins provides a pre-built version of GNU binutils on their website, and on Windows, it integrates with their HEW environment nicely.
The KPIT tools also come with a program called sh-elf-objdump, which you may be able to use to do some VERY rudimentary disassembly.
Good reading on using IDA Pro would be The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler, ISBN 1593271786.
For those just getting started with IDA, these tools may be useful (please note: they were developed on Linux, and assume a UNIX-like command line is available; on Windows, you will need something like Cygwin):
- Following the instructions at the beginning of the file should result in an IDA database that can be used to produce a .ASM file that GNU as can use, once you run it through pcrel_filter.sh.
- An sh/awk script that reads in an IDC-produced .ASM file, and produces (hopefully) output that GNU binutils can parse and re-assemble.
Once you have a workable .ASM output from pcrel_filter.sh, simply running sh-elf-as -o rom.o (filename.asm) (where (filename.asm) is your produced assembly output) will create a file named rom.o.
Then, run the linker: sh-elf-ld -o rom rom.o.
Finally, you'll need to use a command like dd if=rom of=rom.hex bs=1 skip=132 count=262144 to extract the ROM image you'll want for writing to your ECU.
To ensure that your resulting output is the same as the original input, you can run the command cmp rom.hex (original ROM image), where (original ROM image) is the filename of your original source data that you imported into IDA.
Other useful UNIX commands are hexdump (a flexible program for displaying binary data in a more useful format) and hexedit (a binary file editor).
For looking up additional information about the platform used in the Evo ECUs, both the Evo VIII and IX processors are based on SH-2, with the IX processor being a SH-2E variant; specifically, VIIIs use the SH7052F platform, and IXs use SH7055F. The primary difference is that the Evo VIII ECU (SH7052F) has a 256KB ROM image and 12KB of RAM, while the IX ECU (SH7055F) has a 512KB ROM image and 32KB of RAM; otherwise, the hardware is essentially the same.
- SH-2 Software Manual
- SH7052F Hardware Manual
- SH7055SF Hardware Manual
In addition to the GNU binutils build they provide, KPIT Cummins also provides a simulator as part of their HEW (High-performance Embedded Workshop) tool. Also, Lauterbach also makes a Super-H simulator called "simsh" available as a demo for free download. Both tools are Windows-only.