Products > Test Equipment

Automating Tektronix Field Adjustment Software for TDS oscilloscopes

<< < (6/7) > >>

jozefch:
Hello,

As i need to calibrate my newly acquired TDS744 after input relays replacement, I was hoping to get FAS working.
I was trying to get qemu gpib layer compiled and working, so far without any success.
Older (2021) branch will not compile anymore, trying to apply changes to the new qemu branch will fail to compile. Patching it requires more knowledge than i have.  :-[
Anyone have up to date qemu with gpib patch or at least working branch?

I have also built an PII computer with ISA hoping it will run with CEC PC-488 8bit ISA card. This card have different IO port mapping, which i realized shortly after reading available documentation and ofc., ebay parcel arrival  :palm:

fenugrec
could you please share your patched TDS700 executable for GPIB-AT (i'll buy this card if it will work, PCII/PCIIA are just too expensive) or even better, if possible publish the patching procedure so i can try to patch executable for CEC PC-488 card?

Thanks!

fenugrec:

--- Quote from: jozefch on December 29, 2022, 01:54:56 pm ---or even better, if possible publish the patching procedure so i can try to patch executable for CEC PC-488 card?
--- End quote ---

You have seen this post ? : https://www.eevblog.com/forum/testgear/automating-tektronix-field-adjustment-software-for-tds-oscilloscopes/msg1388658/#msg1388658

Granted the details are bit vague if you're not used to reversing software. You need to

- find the docs for your ISA card and find the addresses of the control registers. See the table in the post I linked above
- is your address map more similar to a PC2 or PC2A ? i.e. a  xxx8, xxx9, xxxA sequence vs 02xx,04xx,06xx ? pick one. I used PC2A; PC2 will require slightly different modifications
- Optional, if yours is going to be based on the PC2A : near file offset 0x6dcd1, modify two occurences of "PC2A" to an arbitrary string that you will use in the config file. I used just "AT".
Remember, you can't change the length of the .exe file, and string needs to be 0-terminated.

- tweak the code near file offset 0x346D1 . Any hex editor will do but it helps to look at disassembly to validate. See screenshot below; patched version is on the right.

Maybe this decompiled code will help understand what happens there :


--- Code: ---  iVar6 = strcmp_0d84(..., "PC2A");
  if (iVar6 == 0) {
                    /* PC2A addresses */
    p_bigstruct = (big_struct *)(iVar3 * 2);
    iVar6 = p_bigstruct->GPIB_DIPswitch << 0x0d;
    p_bigstruct->gpib_CDOR = iVar6 + 0x2e1;
    p_bigstruct->gpib_IMR1 = iVar6 + 0x6e1;
    p_bigstruct->gpib_IMR2 = iVar6 + 0xae1;
    p_bigstruct->gpib_SPMR = iVar6 + 0xee1;
    p_bigstruct->gpib_ADMR = iVar6 + 0x12e1;
    p_bigstruct->gpib_AUXMR = iVar6 + 0x16e1;
    p_bigstruct->gpib_ADR = iVar6 + 0x1ae1;
    iVar6 = iVar6 + 0x1ee1;
  }
  else {
                    /* PC2 addresses */
    tmp2 = (big_struct *)(iVar3 * 2);
    uVar5 = *(undefined2 *)0x2e78;
    tmp2->gpib_CDOR = tmp2->GPIB_DIPswitch << 3;
    tmp2->gpib_IMR1 = *(int *)(iVar3 * 2 + 0x4a) + 1;
    tmp2->gpib_IMR2 = *(int *)(iVar3 * 2 + 0x4a) + 2;
    tmp2->gpib_SPMR = *(int *)(iVar3 * 2 + 0x4a) + 3;
    tmp2->gpib_ADMR = *(int *)(iVar3 * 2 + 0x4a) + 4;
    tmp2->gpib_AUXMR = *(int *)(iVar3 * 2 + 0x4a) + 5;
    tmp2->gpib_ADR = *(int *)(iVar3 * 2 + 0x4a) + 6;
    iVar6 = *(int *)(iVar3 * 2 + 0x4a) + 7;
  }
  }
--- End code ---

[EDIT - typo in addresses]

jozefch:
I have seen that post, however never worked with disassembler in any way, nor patched an DOS MZ executable. Your reply was more clear now, thanks for explanation.

What can go possibly wrong to at least try, right?

CEC PC-488 have factory default starting address 0x2B8, used range is 2B8-2BF according to manual.
After watching some tutorials, managed to patch exe in RAW mode using ghidra. Executable must be opened in RAW mode so it can be exported back to DOS MZ executable correctly.

After a few HW configuration trials, some patches/exports, finally managed to get instrument detected  :-+

Btw, couln't find PC2A refference around offset 0x346b2, is the offset correct??

Few notes:

* PC2A card is selected in startup batch
* CEC PC-488 *MUST* have IRQ enabled in my case (IRQ7)
* I'm getting "Spurious SQR error" which so far have no impact to functionality
I'm not sure if it's allowed to attach TEK FAS executables, so I'll share it upon request :-/O

fenugrec:

--- Quote from: jozefch on December 31, 2022, 12:11:04 pm ---After watching some tutorials, managed to patch exe in RAW mode using ghidra.
--- End quote ---

Excellent work !


--- Quote ---Btw, couln't find PC2A refference around offset 0x346b2, is the offset correct??
--- End quote ---
Oops, copypaste error; 2 occurences are at 6dcd1 and 6dce1. But it's purely cosmetic.


SRQ error : that's weird. I don't remember it being a problem, but the error message looks vaguely familiar. Also I don't remember if I had to do anything for IRQ settings; I'd have to reconnect + boot the temporary DOS machine I built just for this.


Re sharing patches : I want to try https://github.com/pR0Ps/pycrk to generate / apply human-readable binary patch files. Not a fan of python venv stuff which is why I haven't tried yet, but I'm not aware of many tools for this kind of thing.

fenugrec:

--- Quote from: jozefch on December 31, 2022, 12:11:04 pm ---I'm not sure if it's allowed to attach TEK FAS executables, so I'll share it upon request :-/O

--- End quote ---

I uploaded my patch for GPIB-AT and instructions for creating / applying similar patches here :
https://github.com/fenugrec/tdsutils/tree/master/tds700adj_patches

If you want, grab xdelta3 (a brilliant tool) to produce a delta-diff - smaller and not problematic to share , and I could also add it to my repo.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod