Daniel,
Now we know that your Current Error flags are at 102D-102F. Lets try and find the TPS parameter.
The TPS error flags is bit 4 of 102E (0x10). So we look for subroutines that set (seb) or clear (clb) that bit.
The command below finds all subroutines containing "102e" then sends the output to a second findstr command which filters through it looking for "seb". This gives us a little less output to read.
findstr 102e Sub-* | findstr seb
Sub-9FC8.txt:009FE5 0C2E1010 seb #0x10, 0x102e
Sub-9FF7.txt:00A07D 0C2E1020 seb #0x20, 0x102e
Sub-A42A.txt:00A4E9 0C2E1080 seb #0x80, 0x102e
Sub-A3BD.txt:00A419 0C2E1008 seb #0x08, 0x102e
Sub-A082.txt:00A0A6 0C2E1002 seb #0x02, 0x102e
Sub-A0AB.txt:00A126 0C2E1040 seb #0x40, 0x102e
Sub-9F0F.txt:009F4C 0C2E1004 seb #0x04, 0x102e
Sub-9F5A.txt:009FBE 0C2E1001 seb #0x01, 0x102e
somewhere in the list we see:
Sub-9FC8.txt:009FE5 0C2E1010 seb #0x10, 0x102e
So the TPS test subroutine is Sub-9FC8. I've added some comments to help you understand what it is doing. It's easier than Brett's because it doesn't have that bizarre "subtract from 400" thing.
009FC8 AE3C10 ldx 0x103c ; Load X with TPS reading
009FCB E01400 cpx #0x0014 ; Compare X to TPS lower limit
009FCE F007 beq 0x9fd7 ; If equal goto 9fd7
009FD0 9005 bcc 0x9fd7 ; If less goto 9fd7
009FD2 E0D803 cpx #0x03d8 ; Compare X to TPS upper limit
009FD5 9013 bcc 0x9fea ; If less goto 9fea
009FD7 0C381120 seb #0x20, 0x1138
009FDB A28711 ldx #0x1187 ; Load X with address of TPS error counter
009FDE 206296 jsr 0x9662 ; Add 1 to value at address in X
009FE1 C904 cmp al, #0x04 ; Compare to TPS error trigger level
009FE3 9004 bcc 0x9fe9 ; If less goto 9fe9
009FE5 0C2E1010 seb #0x10, 0x102e ; Set TPS error flag
009FE9 60 rts ; exit
009FEA 9C871100 ldm #0x00, 0x1187 ; Set TPS error counter to zero
009FEE 1C2E1010 clb #0x10, 0x102e ; Clear TPS error flag
009FF2 1C381120 clb #0x20, 0x1138
009FF6 60 rts ; exit
So we have found the TPS reading at 103C but it is a 16bit value so we need to find an 8bit equivalent.
findstr 103c Sub-*Sub-9FC8.txt:009FC8 AE3C10 ldx 0x103c
Sub-EFE4.txt:00F01E 42AD3C10 lda bx, 0x103c
Sub-9662.txt:0098C7 8D3C10 sta ax, 0x103c
Sub-DF66.txt:00DF66 AE3C10 ldx 0x103c
Sub-DF66.txt:00DFB9 8D3C10 sta ax, 0x103c
Sub-DF66.txt:00E055 8E3C10 stx 0x103c
Sub-F228.txt:00F251 AE3C10 ldx 0x103c
Subroutine DF66 looks promising:
00DF6C 342008FC bbc #0x08, dp + 0x20, 0xdf6c ; Read from A/D control register
00DF70 A622 ldx dp + 0x22 ; Read from A/D successive approximation register
00DF72 8E6412 stx 0x1264
00DF75 642004 ldm #0x04, dp + 0x20 ; Write to A/D control register
00DF78 8622 stx dp + 0x22 ; Write to A/D successive approximation register
00DF7A 342008FC bbc #0x08, dp + 0x20, 0xdf7a ; Read from A/D control register
00DF7E D8 clm ; m:0 x:0
00DF7F A522 lda ax, dp + 0x22 ; Read from A/D successive approximation register
00DF81 8D6612 sta ax, 0x1266
.....
00DFAD 48 pha ; Push value of AX register onto the stack
00DFAE 4A lsr ax ; Divide AX by 2
00DFAF 4A lsr ax ; Divide AX by 2
00DFB0 F8 sem
00DFB1 8D2913 sta al, 0x1329 ; Store low 8 bits of AX at address 0x1329
00DFB4 8D0202 sta al, 0x0202 ; Store low 8 bits of AX at address 0x0202
00DFB7 D8 clm
00DFB8 68 pla ; Pull value from stack to AX
00DFB9 8D3C10 sta ax, 0x103c ; Store 16 bits of AX at address 0x103C
We can see that it does something with an A/D converter. An A/D converter is a hardware device that reads a voltage and converts it to a number. So there is a good chance that the program is reading the TPS voltage.
It pushes the raw number from the A/D converter onto the stack. The stack is an area of memory where the CPU keeps the return addresses when it calls a subroutine. However, the stack can also be used within a subroutine as a sort of scratch pad, provided you remove whatever you put on it before the end of the subroutine.
The number in AX gets divided by 2 twice (ie. divided by 4) and then written as an 8 bit value to addresses 1329 and 0202. We know the RAM runs from address 1000 to 14FF, so I don't know what the 0202 is for. But we have found the address 1329 for the select monitor to use for datalogging.
Next, the program pulls the raw number back from the stack where it stuck it earlier. It writes this number as 16bits to 103C. Our 16bit TPS reading.
I hope you can see that 1329 and 103C are both derived from the A/D converter that reads the TPS voltage and that 1329 is effectively 103C divided by 4.
