Hi Jim,
Sorry for taking so long to get back to you on this.
So I have attached the logs from both radios in the hope that a few might be able to assist me (or at least guide me) with getting started. Thanks in advance.
Here are some ideas based on patterns I see in the logs. Hopefully it will help you get your bearings on things. At the end of the day, it takes a *lot* of study and experimentation. Trying to replicate the behaviors you see the program taking and verifying that you get the same result is an important step, and then you can start guessing what the messages mean.
From the UV920 log:
17 0.00767192 KG-UV920P.exe IOCTL_SERIAL_PURGE Silabser0 SUCCESS Purge: TXCLEAR RXCLEAR 18 0.00097331 KG-UV920P.exe IRP_MJ_WRITE Silabser0 SUCCESS Length 5: 7E 80 FF 00 0F 19 0.53000758 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 10: 7E 80 00 1A 1B 17 5D 25 26 09 20 0.00000726 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 10: 02 00 22 42 00 51 90 13 60 17 21 0.00000251 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 11: 40 42 00 51 90 13 60 17 40 01 0C 22 0.00284142 KG-UV920P.exe IOCTL_SERIAL_PURGE Silabser0 SUCCESS Purge: TXCLEAR RXCLEAR
23 0.00097582 KG-UV920P.exe IRP_MJ_WRITE Silabser0 SUCCESS Length 8: 7E 82 FF 03 00 64 03 0B
I think 7E is a start-of-block, 82 is a bus address. It looks like 82 is the radio, 80 is the PC. So when the PC says "hey 82 here is a message", it is saying "hey radio, here is a message". This looks a lot like Icom's CIV protocol and 80/82 are common addresses.
I think 03 is the length, but I'm not sure if the three bytes are "00 64 03" or "64 03 0B". I would think maybe the last byte would be a checksum, but 0+64+3 != 0B, so I'm not sure.
So, I think the above is broken down as:
7E 82: Message to address 82 FF: ? 03: Three bytes 00: Maybe nothing? Maybe a message type? 64 03 0B: The data
26 0.00098141 KG-UV920P.exe IRP_MJ_WRITE Silabser0 SUCCESS Length 8: 7E 82 FF 03 02 50 20 06 27 0.02699421 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 39: 7E 82 00 22 02 50 14 50 25 00 00 00 00 00 00 00 00 00 08 3B 00
Line 26 is the PC asking the radio something, perhaps for model identification.
29 0.00098057 KG-UV920P.exe IRP_MJ_WRITE Silabser0 SUCCESS Length 8: 7E 82 FF 03 02 70 58 0E 30 0.05701646 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 38: 7E 82 00 5A 02 70 00 02 02 05 00 03 01 01 03 00 00 01 00 00 00 31 0.00000335 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 34: 01 00 10 01 00 20 00 00 01 00 00 10 E7 03 03 01 00 00 00 00 00 32 0.00000251 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 23: CC 00 00 00 00 00 00 00 00 00 00 0C CC 00 E1 23 FF FF E4 56 FF
This looks like a data block. 5A is the length (90 bytes). Nothing in the request looks like an early address, so maybe this is pulling out some config from somewhere in the middle of the memory.
64 0.00097163 KG-UV920P.exe IRP_MJ_WRITE Silabser0 SUCCESS Length 8: 7E 84 FF 03 08 00 60 0E 65 0.06203749 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 11: 7E 84 00 62 08 00 14 50 25 00 14 66 0.00000643 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 11: 50 25 00 00 00 00 00 08 7B 00 00 67 0.00000251 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 16: 44 00 25 00 44 00 25 00 00 00 00 00 08 7B 00 00 68 0.00000251 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 69 0.00000223 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 70 0.00000223 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 71 0.00000223 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 08 72 0.00273610 KG-UV920P.exe IOCTL_SERIAL_PURGE Silabser0 SUCCESS Purge: TXCLEAR RXCLEAR 73 0.00096269 KG-UV920P.exe IRP_MJ_WRITE Silabser0 SUCCESS Length 8: 7E 84 FF 03 08 40 60 0E 74 0.06201431 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 11: 7E 84 00 62 08 40 FF FF FF FF FF 75 0.00000335 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 11: FF FF FF FF FF FF FF FF FF FF FF 76 0.00000251 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 77 0.00000223 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 78 0.00000251 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 79 0.00000223 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 80 0.00000251 KG-UV920P.exe IRP_MJ_READ Silabser0 SUCCESS Length 17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0E 81 0.00279142 KG-UV920P.exe IOCTL_SERIAL_PURGE Silabser0 SUCCESS Purge: TXCLEAR RXCLEAR 82 0.00097917 KG-UV920P.exe IRP_MJ_WRITE Silabser0 SUCCESS Length 8: 7E 84 FF 03 08 80 60 0E
This looks like it's starting to pull data from the memory sequentially. If you look at each subsequent request, it's asking for an increasing memory address: 00, 40, 80, or maybe it's 0800, 0840, 0880? Anyway, this is the program sucking the memory out of the radio 0x40 bytes at a time (0x0800 + 0x0040 = 0x0840, etc).
This is definitely the less-fun part of writing a radio driver, and the harder part for sure as you try to figure out what is going on before you can get consistent dumps of memory out of the radio. Not for the faint of heart! :)
--Dan