Profil Logo Patch selectable Help - Page 2 - GSM-Forum

lalo.lerry · 02-09-2005, 17:37

- sorry, double posted -

lalo.lerry · 02-09-2005, 17:38

@Student Charlie:

"mov r12, mem_3BA42"
As I told you, this is a EXTP command sequence and needs the Page (and number of affected instruction) to be specified by extp command.
You need two commands, and the correct writing mode is:

extp #0Eh, #1 ;0E=Page 1=following 1 instruction affected
mov r12, 3A42h ;3A42=Offset ;where P:Off=unread SMS RAM location

"jnb r9.7, loc_12345"
here the error is that SFE don't know where you will put your patch, so you cannot insert a absolute address.
You have to create a subroutine label and point to that.
E.G.:

try:
jnb r4.11, exit1
exit1:
rets

Errors:
88 C0 : mov [-r0], r12
88 D0 : mov [-r0], r13
88 90 : mov [-r0], r9
D7 40 0E 00 : extp #0Eh, #1
F2 F9 42 3A : mov r9, mem_3A42
9A F9 10 70 : jnb r9.7, loc_xxxxx ;already explained you this error
D7 40 36 00 : extp #36h, #1
F2 FC 6C 09 : mov r12, mem_D896C <=store word value of RAM loc 0036:096C; APP Profile 2
D7 40 0D 00 : extp #0Dh, #1 ;Extp command needed!
F2 FD DE 25 : mov r13, mem_25DE ;0D:25DE= RAM time hours
46 FD 11 00 : cmp r13, #11h ; compare r13=hours, with #11h=17:00
8D 07 : jmpr cc_C, loc_xxxxx ;if hour < or = 17:00 jump to loc_xxxxx (i dont know how to type this in sfe assembler) ;already explained you this error
2F 00 : bset r12.2 <= to set flag of APP Profile2 Function 3 Error: correct is 2F FC
D7 40 0D 00 : extp #36h, #1
F6 FC 6C 09 : mem_D896C, mov r12 ;Needed to store back the modfied NAM profile 2 word
98 90 : mov r9, [r0+] ; this is located at loc_xxxxx ;already explained you this error
98 D0 : mov r13, [r0+]
98 C0 : mov r12, [r0+]
;CB 00 : ret ; need rets(DB00): it's a return from intersegment routine!

Note: each one of these error make phone to crash (or at least patch not to work)

I applied trustkill's moving and changing operator name location which is this:
18E692: 09 f8; y-pos of operator name string (normal mode)
If i use Winhex, 18E692: F8 and 18E672: F8. But if i use sfe disasm this comes up:
18E690: 01 00 : addb rl0, rl0
18E694: 00 00 : add r0, r0
18E696: 00 00 : add r0, r0
How come 18E692 isnt shown?
???
Anyway, those are datas, not asm commands.
It's useless disasm them (as menus datas, pictures datas, ringtones etc...)!
You need "just" to understand how it works

There are some patches i didn't use on my sl45, but i want to disassemble them. How can i do that without having to patch them on my phone?

Apply them on a free (BIG) Fubu, with V-klay offline mode.
Than disasm them!

I saw this on S45 patches. Can you do it for sl45v56 Professor?
HFI. 12AM-PM Hours Format in Idle screen
AGGGGGGHH... really no time now.
Maybe in future (or you can do it

)

END OF LESSION N°6!
Bye

Lalo

rizapn · 02-10-2005, 01:03

About sfe :

- we can try sfe a "jnb r9.7, 10" which mean : jump to the address 10 (inline assembler is always use starting address 0) if bit r9.7 is not set
- we can disassembly patch file directly from the file using "sfe d" command, for example : sfe d patchfile.vkp,3b0000,100 ... disasm patchfile.vkp starting from address 3b0000 for the next 100 bytes. No need to apply it anywhere ...

Also,
sfe has a simple debugger which is usefull to test some C166 command impact and result. Check the last part of sfe_help.txt file to get more info ...

Example debugger usage : sfe r sl45v56.bin ,ri

sl45v56.bin is an SL45 FUBU file...

rizapn

lalo.lerry · 02-10-2005, 02:20

@MASTER:
It's always a pleasure to read your post.

About SFE capabilities:
ALWAYS MORE AMAZING!

Even if I'm using it every day, I didn't know it has also these features (and I read the help file!)
Can you please write some more info about sfe interactive assembler usage?

Thanks

Lalo

charlielao · 02-10-2005, 02:53

@Prof Lalo:
On my previous post ( 1st exam) i failed hehehe. more than 50% was wrong.
Please have a look at this and recheck my 1st exam Professor.

5FFB80: 88 C0 : mov [-r0], r12
5FFB82: 88 D0 : mov [-r0], r13
5FFB84: 88 90 : mov [-r0], r9
5FFB86: D7 40 0E 00 : extp #0Eh, #1
5FFB8A: F2 F9 42 3A : mov r9, mem_3A42
5FFB8E: 9A F9 10 70 : jnb r9.7, loc_5FFBB2
5FFB92: D7 40 36 00 : extp #36h, #1
5FFB96: F2 FC 6C 09 : mov r12, mem_D896C <=store word value of RAM loc 0036:096C; APP Profile 2
5FFB9A: D7 40 0D 00 : extp #0Dh, #1 ;Extp command needed!
5FFB9E: F2 FD DE 25 : mov r13, mem_25DE ;0D:25DE= RAM time hours
5FFBA2: 46 FD 11 00 : cmp r13, #11h ; compare r13=hours, with #11h=17:00
5FFBA6: 8D 01 : jmpr cc_C, 5 (i did what Master Rizapn said

)
5FFBA8: 2F FC : bset r12.2 <= to set flag of APP Profile2 Function 3
5FFBAA: D7 40 0D 00 : EXTP #36H, #1
5FFBAE: F6 FC 6C 09 : mem_D896C, mov r12
5FFBB2: 98 90 : mov r9, [r0+]
5FFBB4: 98 D0 : mov r13, [r0+]
5FFBB6: 98 C0 : mov r12, [r0+]
5FFBB8: DB 00 : ret

@ Master Rizapn:
Belated Happy Islamic Lunar New Year

Thank you for your post also.

lalo.lerry · 02-10-2005, 03:03

- sorry, deleted because double posted -

lalo.lerry · 02-10-2005, 03:05

- sorry, deleted because double posted -

lalo.lerry · 02-10-2005, 03:06

@Stud Charlie:

5FFB80: 88 C0 : mov [-r0], r12
5FFB82: 88 D0 : mov [-r0], r13
5FFB84: 88 90 : mov [-r0], r9
5FFB86: D7 40 0E 00 : extp #0Eh, #1
5FFB8A: F2 F9 42 3A : mov r9, mem_3A42
5FFB8E: 9A F9 10 70 : jnb r9.7, loc_5FFBB2
5FFB92: D7 40 36 00 : extp #36h, #1
5FFB96: F2 FC 6C 09 : mov r12, mem_D896C <=store word value of RAM loc 0036:096C; APP Profile 2
5FFB9A: D7 40 0D 00 : extp #0Dh, #1 ;Extp command needed!
5FFB9E: F2 FD DE 25 : mov r13, mem_25DE ;0D:25DE= RAM time hours
5FFBA2: 46 FD 11 00 : cmp r13, #11h ; compare r13=hours, with #11h=17:00
5FFBA6: 8D 01 : jmpr cc_C, 5 (i did what Master Rizapn said

) ;I prefer 8D 05
5FFBA8: 2F FC : bset r12.2 <= to set flag of APP Profile2 Function 3
5FFBAA: D7 40 0D 00 : EXTP #36H, #1
5FFBAE: F6 FC 6C 09 : mem_D896C, mov r12
5FFBB2: 98 90 : mov r9, [r0+]
5FFBB4: 98 D0 : mov r13, [r0+]
5FFBB6: 98 C0 : mov r12, [r0+]
5FFBB8: DB 00 : ret

Right, but I prefer a longer jump.

BTW, I'm online on ICQ now (and for more 10 min), but where are you?

charlielao · 02-10-2005, 03:12

Quote:

5FFBA6: 8D 01 : jmpr cc_C, 5 (i did what Master Rizapn said ) ; maybe you did it wrong Correct is 8D 05

I made it jump to 5FFBAA to reset the NAM word value. I typed sfe a "jmpr cc_C, 5" . Is it supposed to be jump to 5FFBB2?

Im on MSN Prof. I uninstalled my ICQ

lalo.lerry · 02-10-2005, 03:28

- sorry, deleted because double posted -

charlielao · 02-10-2005, 09:00

@Prof Lalo:
I patched my phone with the one posted on #23 but the Profile2,Function3 still isnt SET at 17:00. Also, when i try to call my phone, it automatically asnwers but doesnt start tne ANM message. Then when i UNDO the patch, the phone detects some hex values where previously the old data before patching was FF FF .. ..
I also tried this other version i made and result was the same.
5FFB80: FFFF 88C0
5FFB82: FFFF 88D0
5FFB84: FFFF 8890
5FFB86: FFFFFFFF D7403600
5FFB8A: FFFFFFFF F2F96C09
5FFB8E: FFFFFFFF 9AF91210
5FFB92: FFFFFFFF D7403600
5FFB96: FFFFFFFF F2FC6C09
5FFB9A: FFFF 2EFC
5FFB9C: FFFFFFFF D7400D00
5FFBA0: FFFFFFFF F2FDDE25
5FFBA4: FFFFFFFF 46FD1100
5FFBA8: FFFF 8D06
5FFBAA: FFFF 9D05
5FFBAC: FFFF 2FFC
5FFBAE: FFFFFFFF D7400D00
5FFBB2: FFFFFFFF F6FC6C09
5FFBB6: FFFF 9890
5FFBB8: FFFF 98D0
5FFBBA: FFFF 98C0
5FFBBC: FFFF DB00

Help sir

If i have a patch and want to test if it has an error, how do i do it aside from patching my phone and testing it? I dont understand how to use the assembler functions of sfe. The only thing i know how to use is the inline assembler.

rizapn · 02-10-2005, 11:51

About sfe interractive debugger:

Just an example ...

Turn on the engine : sfe r sl45v56.bin ,ri

A00000> a 37:3700
Inline assembler ...

0x0DF700: mov r12, #7Bh
0x0DF704: mov r13, #100
0x0DF708: add r13, r12
0x0DF70A: cmp r13, #200
0x0DF70E: jmpr cc_NZ, 6
0x0DF710: add r12, #100
0x0DF714: add r12, #100
0x0DF718: rets
0x0DF71A:

0DF71A> g 37:3700

0DF700> r
0DF704> r
0DF708> r
0DF70A> d r
0DF70A>

...

r : run 1 command
d r : display/dump registers value
g : goto address
a : inline assembler

rizapn

lalo.lerry · 02-10-2005, 16:55

@Student:

Possible motivation not working for v. in post #23:
1.you forgot to patch a starting point (where to call patch routine) in fw
2.you forgot to flag profile 1 item 8 (ex autoswap profile)
3. ANM isn't controlled by profile 2 item 3

Possible motivation not working for v. in post #26:
Above motivation +

5FFBA8: FFFF 8D06
5FFBAA: FFFF 9D05

1. You cannot use 2 CC one after the other in this way, you have to repeat the cmp
2. These two CC complement each others: in both situatione only possibility is to jump to exit

@MASTER:
Thanks for explanation, I used Acid's Debugger for these tasks since now, but I'll certainly try SFE

charlielao · 02-11-2005, 00:45

@Prof:

Quote:

1.you forgot to patch a starting point (where to call patch routine) in fw
2.you forgot to flag profile 1 item 8 (ex autoswap profile)
3. ANM isn't controlled by profile 2 item 3

number 1. i will try to insert it in BLR patch. will it be ok?
number 2 and 3 im sure they are OK.

Quote:

5FFBA8: FFFF 8D06
5FFBAA: FFFF 9D05

I made the above cc so that within 17:00 to 7:00 the ANM will be flagged. so before i do the 2nd cc, i have to make a cmp again with RAM time?

lalo.lerry · 02-11-2005, 01:30

@Student:

Quote:

number 1. i will try to insert it in BLR patch. will it be ok?

NO.
You have to insert it on a fw routine that is called costantly...

Quote:

I made the above cc so that within 17:00 to 7:00 the ANM will be flagged. so before i do the 2nd cc, i have to make a cmp again with RAM time?

If time is in r12, a cmp r12,#07 is enought...

02-09-2005, 17:37	#16 (permalink)
lalo.lerry No Life Poster Join Date: Jan 2004 Location: Italy Age: 49 Posts: 1,018 Member: 50673 Status: Offline Thanks Meter: 2	- sorry, double posted - Last edited by lalo.lerry; 02-09-2005 at 18:06.

02-09-2005, 17:38	#17 (permalink)
lalo.lerry No Life Poster Join Date: Jan 2004 Location: Italy Age: 49 Posts: 1,018 Member: 50673 Status: Offline Thanks Meter: 2	@Student Charlie: "mov r12, mem_3BA42" As I told you, this is a EXTP command sequence and needs the Page (and number of affected instruction) to be specified by extp command. You need two commands, and the correct writing mode is: extp #0Eh, #1 ;0E=Page 1=following 1 instruction affected mov r12, 3A42h ;3A42=Offset ;where P:Off=unread SMS RAM location "jnb r9.7, loc_12345" here the error is that SFE don't know where you will put your patch, so you cannot insert a absolute address. You have to create a subroutine label and point to that. E.G.: try: jnb r4.11, exit1 exit1: rets Errors: 88 C0 : mov [-r0], r12 88 D0 : mov [-r0], r13 88 90 : mov [-r0], r9 D7 40 0E 00 : extp #0Eh, #1 F2 F9 42 3A : mov r9, mem_3A42 9A F9 10 70 : jnb r9.7, loc_xxxxx ;already explained you this error D7 40 36 00 : extp #36h, #1 F2 FC 6C 09 : mov r12, mem_D896C <=store word value of RAM loc 0036:096C; APP Profile 2 D7 40 0D 00 : extp #0Dh, #1 ;Extp command needed! F2 FD DE 25 : mov r13, mem_25DE ;0D:25DE= RAM time hours 46 FD 11 00 : cmp r13, #11h ; compare r13=hours, with #11h=17:00 8D 07 : jmpr cc_C, loc_xxxxx ;if hour < or = 17:00 jump to loc_xxxxx (i dont know how to type this in sfe assembler) ;already explained you this error 2F 00 : bset r12.2 <= to set flag of APP Profile2 Function 3 Error: correct is 2F FC D7 40 0D 00 : extp #36h, #1 F6 FC 6C 09 : mem_D896C, mov r12 ;Needed to store back the modfied NAM profile 2 word 98 90 : mov r9, [r0+] ; this is located at loc_xxxxx ;already explained you this error 98 D0 : mov r13, [r0+] 98 C0 : mov r12, [r0+] ;CB 00 : ret ; need rets(DB00): it's a return from intersegment routine! Note: each one of these error make phone to crash (or at least patch not to work) I applied trustkill's moving and changing operator name location which is this: 18E692: 09 f8; y-pos of operator name string (normal mode) If i use Winhex, 18E692: F8 and 18E672: F8. But if i use sfe disasm this comes up: 18E690: 01 00 : addb rl0, rl0 18E694: 00 00 : add r0, r0 18E696: 00 00 : add r0, r0 How come 18E692 isnt shown? ??? Anyway, those are datas, not asm commands. It's useless disasm them (as menus datas, pictures datas, ringtones etc...)! You need "just" to understand how it works There are some patches i didn't use on my sl45, but i want to disassemble them. How can i do that without having to patch them on my phone? Apply them on a free (BIG) Fubu, with V-klay offline mode. Than disasm them! I saw this on S45 patches. Can you do it for sl45v56 Professor? HFI. 12AM-PM Hours Format in Idle screen AGGGGGGHH... really no time now. Maybe in future (or you can do it ) END OF LESSION N°6! Bye Lalo Last edited by lalo.lerry; 02-09-2005 at 21:21.

02-10-2005, 02:20	#19 (permalink)
lalo.lerry No Life Poster Join Date: Jan 2004 Location: Italy Age: 49 Posts: 1,018 Member: 50673 Status: Offline Thanks Meter: 2	@MASTER: It's always a pleasure to read your post. About SFE capabilities: ALWAYS MORE AMAZING! Even if I'm using it every day, I didn't know it has also these features (and I read the help file!) Can you please write some more info about sfe interactive assembler usage? Thanks Lalo Last edited by lalo.lerry; 02-10-2005 at 02:34.

02-10-2005, 03:03	#21 (permalink)
lalo.lerry No Life Poster Join Date: Jan 2004 Location: Italy Age: 49 Posts: 1,018 Member: 50673 Status: Offline Thanks Meter: 2	- sorry, deleted because double posted - Last edited by lalo.lerry; 02-10-2005 at 03:31.

02-10-2005, 03:05	#22 (permalink)
lalo.lerry No Life Poster Join Date: Jan 2004 Location: Italy Age: 49 Posts: 1,018 Member: 50673 Status: Offline Thanks Meter: 2	- sorry, deleted because double posted - Last edited by lalo.lerry; 02-10-2005 at 03:26.

02-10-2005, 01:03	#18 (permalink)
rizapn No Life Poster Join Date: Mar 2002 Location: -[r0]- Age: 53 Posts: 834 Member: 9891 Status: Offline Thanks Meter: 2	About sfe : - we can try sfe a "jnb r9.7, 10" which mean : jump to the address 10 (inline assembler is always use starting address 0) if bit r9.7 is not set - we can disassembly patch file directly from the file using "sfe d" command, for example : sfe d patchfile.vkp,3b0000,100 ... disasm patchfile.vkp starting from address 3b0000 for the next 100 bytes. No need to apply it anywhere ... Also, sfe has a simple debugger which is usefull to test some C166 command impact and result. Check the last part of sfe_help.txt file to get more info ... Example debugger usage : sfe r sl45v56.bin ,ri sl45v56.bin is an SL45 FUBU file... rizapn

02-10-2005, 02:53	#20 (permalink)
charlielao No Life Poster Join Date: May 2004 Posts: 501 Member: 66040 Status: Offline Thanks Meter: 14	@Prof Lalo: On my previous post ( 1st exam) i failed hehehe. more than 50% was wrong. Please have a look at this and recheck my 1st exam Professor. 5FFB80: 88 C0 : mov [-r0], r12 5FFB82: 88 D0 : mov [-r0], r13 5FFB84: 88 90 : mov [-r0], r9 5FFB86: D7 40 0E 00 : extp #0Eh, #1 5FFB8A: F2 F9 42 3A : mov r9, mem_3A42 5FFB8E: 9A F9 10 70 : jnb r9.7, loc_5FFBB2 5FFB92: D7 40 36 00 : extp #36h, #1 5FFB96: F2 FC 6C 09 : mov r12, mem_D896C <=store word value of RAM loc 0036:096C; APP Profile 2 5FFB9A: D7 40 0D 00 : extp #0Dh, #1 ;Extp command needed! 5FFB9E: F2 FD DE 25 : mov r13, mem_25DE ;0D:25DE= RAM time hours 5FFBA2: 46 FD 11 00 : cmp r13, #11h ; compare r13=hours, with #11h=17:00 5FFBA6: 8D 01 : jmpr cc_C, 5 (i did what Master Rizapn said ) 5FFBA8: 2F FC : bset r12.2 <= to set flag of APP Profile2 Function 3 5FFBAA: D7 40 0D 00 : EXTP #36H, #1 5FFBAE: F6 FC 6C 09 : mem_D896C, mov r12 5FFBB2: 98 90 : mov r9, [r0+] 5FFBB4: 98 D0 : mov r13, [r0+] 5FFBB6: 98 C0 : mov r12, [r0+] 5FFBB8: DB 00 : ret @ Master Rizapn: Belated Happy Islamic Lunar New Year Thank you for your post also.

02-10-2005, 03:06	#23 (permalink)
lalo.lerry No Life Poster Join Date: Jan 2004 Location: Italy Age: 49 Posts: 1,018 Member: 50673 Status: Offline Thanks Meter: 2	@Stud Charlie: 5FFB80: 88 C0 : mov [-r0], r12 5FFB82: 88 D0 : mov [-r0], r13 5FFB84: 88 90 : mov [-r0], r9 5FFB86: D7 40 0E 00 : extp #0Eh, #1 5FFB8A: F2 F9 42 3A : mov r9, mem_3A42 5FFB8E: 9A F9 10 70 : jnb r9.7, loc_5FFBB2 5FFB92: D7 40 36 00 : extp #36h, #1 5FFB96: F2 FC 6C 09 : mov r12, mem_D896C <=store word value of RAM loc 0036:096C; APP Profile 2 5FFB9A: D7 40 0D 00 : extp #0Dh, #1 ;Extp command needed! 5FFB9E: F2 FD DE 25 : mov r13, mem_25DE ;0D:25DE= RAM time hours 5FFBA2: 46 FD 11 00 : cmp r13, #11h ; compare r13=hours, with #11h=17:00 5FFBA6: 8D 01 : jmpr cc_C, 5 (i did what Master Rizapn said ) ;I prefer 8D 05 5FFBA8: 2F FC : bset r12.2 <= to set flag of APP Profile2 Function 3 5FFBAA: D7 40 0D 00 : EXTP #36H, #1 5FFBAE: F6 FC 6C 09 : mem_D896C, mov r12 5FFBB2: 98 90 : mov r9, [r0+] 5FFBB4: 98 D0 : mov r13, [r0+] 5FFBB6: 98 C0 : mov r12, [r0+] 5FFBB8: DB 00 : ret Right, but I prefer a longer jump. BTW, I'm online on ICQ now (and for more 10 min), but where are you? Last edited by lalo.lerry; 02-10-2005 at 03:44.

02-10-2005, 03:28	#25 (permalink)
lalo.lerry No Life Poster Join Date: Jan 2004 Location: Italy Age: 49 Posts: 1,018 Member: 50673 Status: Offline Thanks Meter: 2	- sorry, deleted because double posted -

02-10-2005, 09:00	#26 (permalink)
charlielao No Life Poster Join Date: May 2004 Posts: 501 Member: 66040 Status: Offline Thanks Meter: 14	@Prof Lalo: I patched my phone with the one posted on #23 but the Profile2,Function3 still isnt SET at 17:00. Also, when i try to call my phone, it automatically asnwers but doesnt start tne ANM message. Then when i UNDO the patch, the phone detects some hex values where previously the old data before patching was FF FF .. .. I also tried this other version i made and result was the same. 5FFB80: FFFF 88C0 5FFB82: FFFF 88D0 5FFB84: FFFF 8890 5FFB86: FFFFFFFF D7403600 5FFB8A: FFFFFFFF F2F96C09 5FFB8E: FFFFFFFF 9AF91210 5FFB92: FFFFFFFF D7403600 5FFB96: FFFFFFFF F2FC6C09 5FFB9A: FFFF 2EFC 5FFB9C: FFFFFFFF D7400D00 5FFBA0: FFFFFFFF F2FDDE25 5FFBA4: FFFFFFFF 46FD1100 5FFBA8: FFFF 8D06 5FFBAA: FFFF 9D05 5FFBAC: FFFF 2FFC 5FFBAE: FFFFFFFF D7400D00 5FFBB2: FFFFFFFF F6FC6C09 5FFBB6: FFFF 9890 5FFBB8: FFFF 98D0 5FFBBA: FFFF 98C0 5FFBBC: FFFF DB00 Help sir If i have a patch and want to test if it has an error, how do i do it aside from patching my phone and testing it? I dont understand how to use the assembler functions of sfe. The only thing i know how to use is the inline assembler. Last edited by charlielao; 02-10-2005 at 09:50.

02-10-2005, 11:51	#27 (permalink)
rizapn No Life Poster Join Date: Mar 2002 Location: -[r0]- Age: 53 Posts: 834 Member: 9891 Status: Offline Thanks Meter: 2	About sfe interractive debugger: Just an example ... Turn on the engine : sfe r sl45v56.bin ,ri A00000> a 37:3700 Inline assembler ... 0x0DF700: mov r12, #7Bh 0x0DF704: mov r13, #100 0x0DF708: add r13, r12 0x0DF70A: cmp r13, #200 0x0DF70E: jmpr cc_NZ, 6 0x0DF710: add r12, #100 0x0DF714: add r12, #100 0x0DF718: rets 0x0DF71A: 0DF71A> g 37:3700 0DF700> r 0DF704> r 0DF708> r 0DF70A> d r 0DF70A> ... r : run 1 command d r : display/dump registers value g : goto address a : inline assembler rizapn

02-10-2005, 16:55	#28 (permalink)
lalo.lerry No Life Poster Join Date: Jan 2004 Location: Italy Age: 49 Posts: 1,018 Member: 50673 Status: Offline Thanks Meter: 2	@Student: Possible motivation not working for v. in post #23: 1.you forgot to patch a starting point (where to call patch routine) in fw 2.you forgot to flag profile 1 item 8 (ex autoswap profile) 3. ANM isn't controlled by profile 2 item 3 Possible motivation not working for v. in post #26: Above motivation + 5FFBA8: FFFF 8D06 5FFBAA: FFFF 9D05 1. You cannot use 2 CC one after the other in this way, you have to repeat the cmp 2. These two CC complement each others: in both situatione only possibility is to jump to exit @MASTER: Thanks for explanation, I used Acid's Debugger for these tasks since now, but I'll certainly try SFE

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
how to Add profile logo font like this picture ?	blazefr	Siemens-Benq Flash Patching	12	06-05-2005 09:01
NEWEST profile logo patch - SME45iv04	genetic1	Siemens-Benq Flash Patching	0	11-01-2004 23:19
SOL Selectable Operator Logo Patch	Kromonos	Siemens-Benq Flash Patching	8	12-24-2003 11:30
selectable operator logo patch	Shibby86	Siemens-Benq Flash Patching	4	06-18-2003 16:06
Selectable Operator Logo patch problem	wong	Siemens-Benq Flash Patching	0	06-17-2003 16:57