Patching: Technical Discussion ...

[rc-flitzer]

@jash: Maybe you can use the newest CGSN-Debugger? There's a patch for and a good software, somewhere in Flash Patches Thread (either in March or April 2005).

I don't know fully, what you're doing, but it sounds very effective and brings much information about SL45 to the world. Fine job! :-) What do you mean with "overview of all registers,..."? Can you give some advices what that is good for? Because (in my eyes) an important thing for patching is to know how the routines are working (parameters, return values) and where they are. For example "SendMessage(PDU)" would be quite a useful routine. If you find some of those very interesting things...
Can you give us a list for the content and its meaning you found in memory? If you need webspace or similar I could help.

I appreciate your work. Perhaps in the future we'll have an even better SL45 because of your help.

[lalo.lerry]

@jash:
If you want a confortable shell for SL45 Debugging by patches, you can use:

Riza's (and others) AT+CGSN patch + ACiD's AT+CGSN Debugger or KonstanT's CGSN Debugger

Sinclair's Open BFB patch + ACiD's Siemens Debugger

I prefer the second one.

BTW, you work looks very interesting!
Waiting for your new IDA db (hoping it work also with my IDA v4.5), when you will be ready to pubbish it

Lalo

[jash]

All,

Thanks guy for the positive responce, Ill have a look at the debug shells you pointed out.

With Registers I mean memory locations used for controlling hardware and Shared memory for intra-hardware communications, HF control etc.

Just ask if you need info OK? but do remember I do not anything yet about the menustructures, and all the other Firmware options. I´m approaching this issue bottum up.
In the mean time I´ll keep entering info in my IDA DB, which is a lot of work, believe me. For the same reason I started the documentation thread

Jash


Joke of the day : paper cannot be uploaded to anything else than a shredder or, more usefull, my brain

[abomin]

@ Riza:
Does it possible to playback voice dialing record from EPROM? If yes then we can play different records for different calling people in the headset (when connected) and don`t use MMC.

[rizapn]

@abomin:
- as I know, the standard (firmware) playVMO() function takes a VMO filename as a parameter. Unless we modify it (or somebody found the playRawVMO or playVMOBuff functions), then it is NOT possible to use THAT known routines to play VMO data from EEPROM area.

[rizapn]

About File Access: (sc0ty's question)

I'm sorry for any "I don't know" answer, because there are many thing which is not discovered yet...

Code:

	mov	r14, #010Ah
	mov	r13, #pag(cdr_filename)
	mov	r12, #pof(cdr_filename)
	mov	r15, #0100h
	calls	fileOpen

r14 is file open mode: 0100=normal (read?) mode, 0102=rewrite, 010A=append.
r15 is dunno, but most fileopen in the firmware use 0100 for this register.
The output is r4=fileHandle, 0FFFF for error, otherwise = fileHandle (need for othe file access funcs, such as fileRead, fileWrite and fileClose).

rizapn

[charlielao]

@Master:
How will i know the #pag and #pof of a filename in mmc?
EDIT
Thanks for the answer below Master. Looking into your CDR and the mini gps patch, do we "assign" the RAM loc for the txt file we want to use in an unused area?

[rizapn]

@charlie:
- maybe this can give you more info ...

Code:

	mov	r14, #010Ah
	mov	r13, #pag(stfilename1)
	mov	r12, #pof(stfilename1)
	mov	r15, #0100h
	calls	fileOpen

stfilename1:
	db	'a:/misc/mydata.txt',0

[redkin]

Quote:

Originally Posted by rizapn

About File Access: (sc0ty's question)

I'm sorry for any "I don't know" answer, because there are many thing which is not discovered yet...

Here is an excerpt from doc for standard C _open function:

Code:

int _open( const char *filename, int oflag [, int pmode] );


oflag is an Integer constant combinations defined in FCNTL.H:

#define _O_RDONLY       0x0000  /* open for reading only */
#define _O_WRONLY       0x0001  /* open for writing only */
#define _O_RDWR         0x0002  /* open for reading and writing */
#define _O_APPEND       0x0008  /* writes done at eof */

#define _O_CREAT        0x0100  /* create and open file */
#define _O_TRUNC        0x0200  /* open and truncate */
#define _O_EXCL         0x0400  /* open only if file doesn't already exist */

#define _O_TEXT         0x4000  /* file mode is text (translated) */
#define _O_BINARY       0x8000  /* file mode is binary (untranslated) */

#define _O_NOINHERIT    0x0080  /* child process doesn't inherit file */
#define _O_TEMPORARY    0x0040  /* temporary file bit */
#define _O_SHORT_LIVED  0x1000  /* temporary storage file, try not to flush */
#define _O_SEQUENTIAL   0x0020  /* file access is primarily sequential */
#define _O_RANDOM       0x0010  /* file access is primarily random */

The pmode argument is required only when _O_CREAT is specified.
If the file already exists, pmode is ignored.
Otherwise, pmode specifies the file permission settings,
which are set when the new file is closed the first time.

#define _S_IREAD        0000400         /* read permission, owner */
#define _S_IWRITE       0000200         /* write permission, owner */
#define _S_IEXEC        0000100         /* execute/search permission, owner */

[sc0ty]

@riza:
Thanks master, but why i cant read/write any file after I create a menu? It turns phone off

[rizapn]

@sc0ty:
- contact me via Yahoo!Messanger, or drop your trial code into my yahoo mail (rizapn), if you don't mind. Hope I can help ...

[Seklth]

@lalo
you know about LBA_FS?
In SLIN fw84 it include

[lalo.lerry]

@Seklth:
No, I didn't ever study LBA_FS.
Really know nothing about it, sorry

[DeadManS]

any body know, how found place in RM where incoming SMS are placed? i found only this info:
SMS placed in pag 35h and started from marker 04E4h, his in unicode format. but i not found how know lenght of incoming SMS.

[charlielao]

@Deadman:
Maybe this will help:
0C8305-0A <- sms center number
0C8320-21 <- DATE
0C8322-23 <- TIME
0C8326 <- NUMBER OF CHARACTERS OF SMS
0C8327 <- 1ST CHARACTER OF MESSAGE