Patching: Technical Discussion ...

[Seklth]

run http://gasbag.wz.cz/mon/3rd_way.zip (maybe need openbfb)

i find in netmonitor - add menus in SAT commands
maybe it add more?

[lalo.lerry]

@Seklth:
I've tried the program you posted above, thaty I found also long time ago in Mamaich site, but either it doesn't work with S45i or I cannot use it.
Can you please explain me more exactly what is it and how to use it?
Thanks

[Seklth]

@lalo.lerry
I addressed to author - only test at commands=) nothing serious

[Seklth]

Code:

struct MSG
{
        void far *SenderPid;    // process which sent this MSG
        int Msg;
        int Param[6];
};

// kbd msg:
#define key_down        0xE9
#define key_up          0xEA 
#define long_press      0xEB
// EC - sent 1 second after last key release, but not always?
// ED - ? unknown kbd msg
// EE - ? unknown kbd msg

// For kbd msg:
// P0 - scan Code:
#define LEFT_SOFT       0x01
#define RIGHT_SOFT      0x04
#define RECORD_BUTTON   0x06
#define GREEN_BUTTON    0x0B
#define RED_BUTTON      0x0C
#define VOL_UP_BUTTON   0x0D
#define VOL_DOWN_BUTTON 0x0E
#define UP_BUTTON       0x3B
#define DOWN_BUTTON     0x3C
#define LEFT_BUTTON     0x3D
#define RIGHT_BUTTON    0x3E
#define PLAY_BUTTON     0x3F
// '*', '#', '0'-'9'
// P1 - 0 or garbage
// P2 - scan code (if >80h, the key is releeased, if 7B - long press)
// P3 - 
// P4 - scan code with high byte == ??? or FF
// P5 - unknown



typedef void huge p_DlgOnKey(void far* Unk, struct MSG far* msg);

struct DlgHndl
{
        p_DlgOnKey* pOnKey;
        void huge* pInit;
        void huge* pExit1;
        void huge* pExit2;
        void huge* pRun;
        int Flag1; //0x10
        int Flag2; //0xC4
};


typedef void huge p_ShowDialog( struct DlgHndl far* Struct, struct DlgBuff far* Buff);
p_ShowDialog *const far ShowDialog = (p_ShowDialog *)0xD60340;
//----------------------------------------------------
        SUB     R0,#010h
        MOV     R12,#POF _Main_Hndl
        MOV     R13,#PAG _Main_Hndl
        MOV     R14,R0
        MOV     R15,DPP1
        AND     R14,#03FFFh
        CALLS   _ShowDialog
        ADD     R0,#010h

[truhlik]

is there any flag which is set/clear when is active/inactive appointment?
talking about sl45.

[jash]

I have done a lot of testing with my JTAG debugging system, quite interesting results so far. if you have a questtion, shoot

Jash

[trustkill]

Quote:

Originally Posted by jash

I have done a lot of testing with my JTAG debugging system, quite interesting results so far. if you have a questtion, shoot

Bang !

OK, I still have no idea WHAT you are doing with the JTAG, but I think it might be good !

What about debugging the routine used in "Easteregg" (D631D2) ? I think about a patch for a vertical scrolling line with "Date/Time/my Text/whatever" in Mainscreen (in one row)...

[jash]

Quote:

Originally Posted by trustkill

Bang !

OK, I still have no idea WHAT you are doing with the JTAG, but I think it might be good !

with JTAG you can fully debug the c166, stop it, make single steps, read memory and registers etc. At the moment I have a s35 and a c35 with Jtag since I have to desolder the gold chip on a 45 to gain access to the jtag pins (those SXXMXXS bastards did not connect them to the pcb.

I'm almost done with finding out all Interrupts/traps amongst other things

JASH

[abomin]

Can you find control codes, data and address of subroutine that controls ringing and other sounds volume?

[jash]

Quote:

Originally Posted by abomin

Can you find control codes, data and address of subroutine that controls ringing and other sounds volume?

I will give it a go when I have hooked up my sl45 to my jtag (have some soldering to do first.

Does anybody know a good entry point for starting a timer routine, i have been searching the threads and I´m somewhat confused. I would like to send some data to the serial port say every second (or two). My routine works, but I hooked it to the * log press for now.... (SLIK56) which is not very helpfull for me

[rizapn]

You can try to insert your code in the drawTopScreen() routines (which is used in the HBP, LOL, SOL, and any other Main Screen patch).

[abomin]

This funny subroutine is calling every 3-4 sec. (two times per sec. in conversation/dialing mode) :

Code:

csegE5:4A22                   sub_E54A22: 

csegE5:4A22 E6 00 36 00             mov DPP0, #36h ; '6'
csegE5:4A26 CC 00                   nop
csegE5:4A28 F2 FC E2 38             mov r12, w_TikTak 
csegE5:4A2C 08 C1                   add r12, #1
csegE5:4A2E F6 FC E2 38             mov w_TikTak, r12 
csegE5:4A32 DB 00                   rets

[jash]

hmm.

looks like this is a preparation for a dsp command (not sure though)
Where the hell did the text w_TikTak come from?

JASH

[abomin]

I just think it up for myself. Renaming (in IDA) subrs or data byte/word makes me easy to understand/analize program code.
BTW that subr is used for blinking icons on a top of the screen (charging icon etc).

[jash]

Well OK,

I have used the AT+CGSN patch and a shell in visual basic (I wrote since I got tired by recalculating segffs to pageffset) to dig into the SLIK in realtime (as far as that goes).

By now I have a complete view of everything which is going on in the memory up to 10000h, I must say mamaich did a great job, but I have changed my IDA db with the information I found out (spending more than 16 hours adding information), Please feel free to ask anything as I do not have the possibility to share the complete IDA db yet.

I have a complete overview of ALL registers, Interrupts, XADR(1..6) usage etc, etc. At the moment I´m getting more into CPU <-> DSP communications which is very interesting!

Jash