Author Topic: Automating Tektronix Field Adjustment Software for TDS oscilloscopes  (Read 11314 times)

0 Members and 1 Guest are viewing this topic.

Offline jozefch

  • Newbie
  • Posts: 5
  • Country: cz
Re: Automating Tektronix Field Adjustment Software for TDS oscilloscopes
« Reply #25 on: December 29, 2022, 01:54:56 pm »
Hello,

As i need to calibrate my newly acquired TDS744 after input relays replacement, I was hoping to get FAS working.
I was trying to get qemu gpib layer compiled and working, so far without any success.
Older (2021) branch will not compile anymore, trying to apply changes to the new qemu branch will fail to compile. Patching it requires more knowledge than i have.  :-[
Anyone have up to date qemu with gpib patch or at least working branch?

I have also built an PII computer with ISA hoping it will run with CEC PC-488 8bit ISA card. This card have different IO port mapping, which i realized shortly after reading available documentation and ofc., ebay parcel arrival  :palm:

fenugrec
could you please share your patched TDS700 executable for GPIB-AT (i'll buy this card if it will work, PCII/PCIIA are just too expensive) or even better, if possible publish the patching procedure so i can try to patch executable for CEC PC-488 card?

Thanks!
« Last Edit: December 29, 2022, 01:56:45 pm by jozefch »
 

Offline fenugrec

  • Regular Contributor
  • *
  • Posts: 215
  • Country: ca
Re: Automating Tektronix Field Adjustment Software for TDS oscilloscopes
« Reply #26 on: December 29, 2022, 07:17:29 pm »
or even better, if possible publish the patching procedure so i can try to patch executable for CEC PC-488 card?

You have seen this post ? : https://www.eevblog.com/forum/testgear/automating-tektronix-field-adjustment-software-for-tds-oscilloscopes/msg1388658/#msg1388658

Granted the details are bit vague if you're not used to reversing software. You need to

- find the docs for your ISA card and find the addresses of the control registers. See the table in the post I linked above
- is your address map more similar to a PC2 or PC2A ? i.e. a  xxx8, xxx9, xxxA sequence vs 02xx,04xx,06xx ? pick one. I used PC2A; PC2 will require slightly different modifications
- Optional, if yours is going to be based on the PC2A : near file offset 0x6dcd1, modify two occurences of "PC2A" to an arbitrary string that you will use in the config file. I used just "AT".
Remember, you can't change the length of the .exe file, and string needs to be 0-terminated.

- tweak the code near file offset 0x346D1 . Any hex editor will do but it helps to look at disassembly to validate. See screenshot below; patched version is on the right.

Maybe this decompiled code will help understand what happens there :

Code: [Select]
  iVar6 = strcmp_0d84(..., "PC2A");
  if (iVar6 == 0) {
                    /* PC2A addresses */
    p_bigstruct = (big_struct *)(iVar3 * 2);
    iVar6 = p_bigstruct->GPIB_DIPswitch << 0x0d;
    p_bigstruct->gpib_CDOR = iVar6 + 0x2e1;
    p_bigstruct->gpib_IMR1 = iVar6 + 0x6e1;
    p_bigstruct->gpib_IMR2 = iVar6 + 0xae1;
    p_bigstruct->gpib_SPMR = iVar6 + 0xee1;
    p_bigstruct->gpib_ADMR = iVar6 + 0x12e1;
    p_bigstruct->gpib_AUXMR = iVar6 + 0x16e1;
    p_bigstruct->gpib_ADR = iVar6 + 0x1ae1;
    iVar6 = iVar6 + 0x1ee1;
  }
  else {
                    /* PC2 addresses */
    tmp2 = (big_struct *)(iVar3 * 2);
    uVar5 = *(undefined2 *)0x2e78;
    tmp2->gpib_CDOR = tmp2->GPIB_DIPswitch << 3;
    tmp2->gpib_IMR1 = *(int *)(iVar3 * 2 + 0x4a) + 1;
    tmp2->gpib_IMR2 = *(int *)(iVar3 * 2 + 0x4a) + 2;
    tmp2->gpib_SPMR = *(int *)(iVar3 * 2 + 0x4a) + 3;
    tmp2->gpib_ADMR = *(int *)(iVar3 * 2 + 0x4a) + 4;
    tmp2->gpib_AUXMR = *(int *)(iVar3 * 2 + 0x4a) + 5;
    tmp2->gpib_ADR = *(int *)(iVar3 * 2 + 0x4a) + 6;
    iVar6 = *(int *)(iVar3 * 2 + 0x4a) + 7;
  }
  }

[EDIT - typo in addresses]
« Last Edit: December 31, 2022, 04:41:26 pm by fenugrec »
 

Offline jozefch

  • Newbie
  • Posts: 5
  • Country: cz
Re: Automating Tektronix Field Adjustment Software for TDS oscilloscopes
« Reply #27 on: December 31, 2022, 12:11:04 pm »
I have seen that post, however never worked with disassembler in any way, nor patched an DOS MZ executable. Your reply was more clear now, thanks for explanation.

What can go possibly wrong to at least try, right?

CEC PC-488 have factory default starting address 0x2B8, used range is 2B8-2BF according to manual.
After watching some tutorials, managed to patch exe in RAW mode using ghidra. Executable must be opened in RAW mode so it can be exported back to DOS MZ executable correctly.

After a few HW configuration trials, some patches/exports, finally managed to get instrument detected  :-+

Btw, couln't find PC2A refference around offset 0x346b2, is the offset correct??

Few notes:
  • PC2A card is selected in startup batch
  • CEC PC-488 *MUST* have IRQ enabled in my case (IRQ7)
  • I'm getting "Spurious SQR error" which so far have no impact to functionality

I'm not sure if it's allowed to attach TEK FAS executables, so I'll share it upon request :-/O
« Last Edit: December 31, 2022, 12:14:21 pm by jozefch »
 

Offline fenugrec

  • Regular Contributor
  • *
  • Posts: 215
  • Country: ca
Re: Automating Tektronix Field Adjustment Software for TDS oscilloscopes
« Reply #28 on: December 31, 2022, 04:40:42 pm »
After watching some tutorials, managed to patch exe in RAW mode using ghidra.

Excellent work !

Quote
Btw, couln't find PC2A refference around offset 0x346b2, is the offset correct??
Oops, copypaste error; 2 occurences are at 6dcd1 and 6dce1. But it's purely cosmetic.


SRQ error : that's weird. I don't remember it being a problem, but the error message looks vaguely familiar. Also I don't remember if I had to do anything for IRQ settings; I'd have to reconnect + boot the temporary DOS machine I built just for this.


Re sharing patches : I want to try https://github.com/pR0Ps/pycrk to generate / apply human-readable binary patch files. Not a fan of python venv stuff which is why I haven't tried yet, but I'm not aware of many tools for this kind of thing.
 

Offline fenugrec

  • Regular Contributor
  • *
  • Posts: 215
  • Country: ca
Re: Automating Tektronix Field Adjustment Software for TDS oscilloscopes
« Reply #29 on: January 08, 2023, 12:04:24 am »
I'm not sure if it's allowed to attach TEK FAS executables, so I'll share it upon request :-/O

I uploaded my patch for GPIB-AT and instructions for creating / applying similar patches here :
https://github.com/fenugrec/tdsutils/tree/master/tds700adj_patches

If you want, grab xdelta3 (a brilliant tool) to produce a delta-diff - smaller and not problematic to share , and I could also add it to my repo.
 

Offline jozefch

  • Newbie
  • Posts: 5
  • Country: cz
Re: Automating Tektronix Field Adjustment Software for TDS oscilloscopes
« Reply #30 on: January 08, 2023, 08:35:34 am »
Nice!

Patch for CEC PC-488 attached, uses "PC2A" for card type configuration in batch.
 

Offline jozefch

  • Newbie
  • Posts: 5
  • Country: cz
Re: Automating Tektronix Field Adjustment Software for TDS oscilloscopes
« Reply #31 on: January 08, 2023, 09:07:51 am »
7z file was missing for some reason...  :wtf:
 

Offline fenugrec

  • Regular Contributor
  • *
  • Posts: 215
  • Country: ca
Re: Automating Tektronix Field Adjustment Software for TDS oscilloscopes
« Reply #32 on: January 08, 2023, 02:07:08 pm »
Cool, will add to my repo.

Looks like your card uses the same addresses as PC2, did it not work as-is with the unpatched exe ? Oh I see you also tweaked the GPIB_DIPswitch << X  line too..
 

Offline jozefch

  • Newbie
  • Posts: 5
  • Country: cz
Re: Automating Tektronix Field Adjustment Software for TDS oscilloscopes
« Reply #33 on: January 08, 2023, 07:13:43 pm »
I tried to use PC2 settings for PC488 but without any success, afterwards i decided to patch exe.
It seems there is something different for PC2, maybe different DIP mask value would work :-//
 

Offline DC1MC

  • Super Contributor
  • ***
  • Posts: 1882
  • Country: de
Re: Automating Tektronix Field Adjustment Software for TDS oscilloscopes
« Reply #34 on: February 19, 2023, 03:58:01 pm »
Dear participants of this thread, a group of incurable optimists has started the effort of fully reversing the Tek FAS  and redo it for a more modern and affordable infrastructure in this thread:

https://www.eevblog.com/forum/testgear/tektronix-tds-scope-field-adjustment-software-reverse-engineering/

If your available time and interests allows, kindly please have a look and contribute, your expertise is invaluable in putting the project on the road.

Also, is this FAS sw (DOS version) available somewhere and did anybody confirm if the FAS software uses the CEC library ?

 Thanks and cheers,
 DC1MC

 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf