How can I found adress of function in firmware if I have ID from 5e0 table ?

The easiest way is to set the 5E0 to a menu and see what it does if it says done then it is a function but it could be hard to tell what it is

The other way is using winARM

but don't ask me how

regards,
Danny

Hi,

Here's a reply from some earlier thread.

In case U know some bout hexediting, it will help U.

To find the 05E0 table, U can search for 0000000001000000

If next value after the last 00 is > 00200000 and less as Ur mcu size + 200000, U possibly just hit the 1st record.

This table exist of max 256 (FF) records of 8 bytes.

First four mean the address of the function to run. (+1)

The record nr indicates the 05E0_xx subcall value.

So making the 1st one 05E0_00, the next 05E0_01 etc...

NokDoc

Thanks NokDoc