S55 flash patching(Thread for discussing) - Page 21 - GSM-Forum

MagicOl · 07-07-2005, 13:49

lalo.lerry: Yes, I have found the problem it is patch conflict with the patch:
v_view_sms_and_missed_calls_while_keys_locked.vkp which is as I say verry usefull. Could you do something with this? Maybe some changes in this patch or in your patch will allow to have this two patches.
I anclosed the patch which is making problems.

Quote:

;CUSTOMIZATION:
;Change long pressing unlocking button:
;3B90C8: 14 xx ;14=#
;change xx with any button code value

Where can I find the key's codes of keyboard?

And another ask, I have found the patch witch is removing provider name totaly and everywhere, but as I can see it only remove the first line of the provider name, we have in Poland provider call IDEA and its provider name is "Idea Milego Dnia". The last two words are in the second line, and this patch is not removing them, Misko903 maybe you can correct it.
I also anclose this patch to this post.

misko903 · 07-09-2005, 18:47

@magicol:
lalo is right, there is conflict with patch v_view_sms_and_missed_calls_while_keys_locked.vkp
lalo is right.

@lalo: thx for your great patches and ideas. my borrowed S45i phone is now STEALED. f***ing stealers!

and as u2 sings: and i still havent found what i am looking for: differences in YAPL. still not adapted. maybe first settings of conditions?:
21A000: E6 FF 86 01 : mov r15, #186h ;move #186h to r15

because in your patch for S45i there are another values for mov.

lalo.lerry · 07-10-2005, 08:28

@MagicOl:
Yes, I can.
There are many ways to obtain what you are asking, but the easiest is:
First apply v_view_sms_and_missed_calls_while_keys_locked, than apply

6B022E: DC49D4C8 FA7BC090

3B90C0: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF DC49D478020046F714003D0FF0C8F0D9
3B90D0: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 08C4DC5DD49C0200A88CDC49D4780400
3B90E0: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 46F793012D05E01CDACF70A9DA64EA4F
3B90F0: FFFFFFFF FA72A44E

that is my Eliminate Keylock Screen routine, with a different starting point.

For deleting second line operator name in stand-by, use this:
3252AA: D460 0D42

BTW,
another method less "brutal" for deleting first line operator name instead that patch, deleting it only if in standby and if phone is is normal mode (not netserching, not GPRS mode....), is to use:
32526E: D4C0 0D15

@Misko:
Really? I'm very sorry for you... you MUST have a S-ME45 in your phone collection...

About YAPL, are you sure there isn't yet the S55 version?
Anyway, post here more didasmed patch because I cannot find that point

Bye

Lalo

misko903 · 07-10-2005, 18:05

there was only version for fw 20, i want to adapt it for v91

Code:

21A000: E6 FF 86 01 : 	mov	r15, #186h	;move #186h to r15
21A004: D7 40 0D 00 : 	extp	#0Dh, #1	;begin extended page selection (change of adressing)
21A008: F3 FC 4C 03 : 	movb	rl6, mem_3434C	; (000D:034C) ;move value from 3434C to lower bit of r6
21A00C: 48 60       : 	cmp	r6, #0		;if r6 NOT #0, 
21A00E: 3D 03       : 	jmpr	cc_NZ, loc_21A016 ;jump to loc 21A016
21A010: E6 FE 60 20 : 	mov	r14, #2060h	;Normal = profile name at adress 0021A060... ;else move Normal to r14
21A014: DB 00       : 	rets
;------------------------------------------------------------
21A016: 48 61       : loc_21A016:
21A016: 48 61       : 	cmp	r6, #1
21A018: 3D 03       : 	jmpr	cc_NZ, loc_21A020
21A01A: E6 FE 74 20 : 	mov	r14, #2074h	;Ticho
21A01E: DB 00       : 	rets
;------------------------------------------------------------
21A020: 48 62       : loc_21A020:
21A020: 48 62       : 	cmp	r6, #2
21A022: 3D 03       : 	jmpr	cc_NZ, loc_21A02A
21A024: E6 FE 88 20 : 	mov	r14, #2088h	;Hluk
21A028: DB 00       : 	rets
;------------------------------------------------------------
21A02A: 48 63       : loc_21A02A:
21A02A: 48 63       : 	cmp	r6, #3
21A02C: 3D 03       : 	jmpr	cc_NZ, loc_21A034
21A02E: E6 FE 9C 20 : 	mov	r14, #209Ch	;Carkit
21A032: DB 00       : 	rets
;------------------------------------------------------------
21A034: 48 64       : loc_21A034:
21A034: 48 64       : 	cmp	r6, #4
21A036: 3D 03       : 	jmpr	cc_NZ, loc_21A03E
21A038: E6 FE B0 20 : 	mov	r14, #20B0h	;Headset
21A03C: DB 00       : 	rets
;------------------------------------------------------------
21A03E: 48 65       : loc_21A03E:
21A03E: 48 65       : 	cmp	r6, #5
21A040: 3D 03       : 	jmpr	cc_NZ, loc_21A048
21A042: E6 FE C4 20 : 	mov	r14, #20C4h	;Profil Jedna
21A046: DB 00       : 	rets
;------------------------------------------------------------
21A048: E6 FE D8 20 : loc_21A048:
21A048: E6 FE D8 20 : 	mov	r14, #20D8h	;Profil Dva
21A04C: DB 00       : 	rets
;------------------------------------------------------------

thanx for help

lalo.lerry · 07-11-2005, 06:17

@misko:
please post also always the patch in "patch format".
Some patch parts is missing, anyway:

r15:r14 is used here as pointer to Profile Name string address in Page:Offest format.
(while r13:r12 is pointer to RAM text buffer in unicode format, ready to output)

So, if you store profile name at address 0x21A060, that is 0x61A060 in big FuBu ("normal"):
address 0x61A060 = Page: Offset 186:2060
so
r14 should be setted to 2060h
r15 should be setted to 186h

So, set these registers according to where you are going to place the names strings.
Easy, isn't it?

NOTE:
1. 000D:034C=mem_3434C= RAM location where is stored profile in use (permamently - there is also one temporary): byte

2.Why are you adapting that YAPL version?
I like much more mine v3, this one.
It's shaper, cleverer and much more byte saving than that one
Bye

Lalo

misko903 · 07-11-2005, 20:48

thanx for explaining

note: your first link "here" doesnt work.

Yes, it is done. but it doesnt work. there is nothing on the screen, like "remove operator name..."

original code:

Code:

; Yet another Profil Logo
; Provider Name -> Profil Logo

; Firmware : S55 v20
; Author : ACiD [mrp]
; Homepage: www.gsm-dev.com


0021A000: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF E6FF8601D7400D00F3FC4C0348603D03
0021A010: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF E6FE6020DB0048613D03E6FE7420DB00
0021A020: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 48623D03E6FE8820DB0048633D03E6FE
0021A030: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 9C20DB0048643D03E6FEB020DB004865
0021A040: FFFFFFFFFFFFFFFFFFFFFFFFFFFF 3D03E6FEC420DB00E6FED820DB00

0021A060: FFFFFFFFFFFFFF 4E6F726D616C00 ; Normal
0021A074: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 4C6569736520556D676562756E6700 ; Leise Umgebung
0021A088: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 4C6175746520556D676562756E6700 ; Laute Umgebung
0021A09C: FFFFFFFFFFFFFFFF 436172204B697400 ; Car Kit
0021A0B0: FFFFFFFFFFFFFFFF 4865616473657400 ; Headset
0021A0C4: FFFFFFFFFFFFFFFFFFFFFFFFFFFF 546F74616C65205374696C6C6500 ; Totale Stille
0021A0D8: FFFFFFFFFFFFFF 5765636B657200 ; Wecker
          
31AAF4: DA9E1A09 CC00CC00
31AAA0: 66FEFF3FF2FF02FE DA6100A0CC00CC00

im going to try adapt your PNI3 patch. you re right, its nicer and smaller

btw can you see my corrected provider7 patch?

thx!

lalo.lerry · 07-12-2005, 06:31

@misko:
Ahahahah... here wasn't a link, but I underlayment... I wanted to point to focus that in this case r15:r14 is a pointer to RAM buffer, but not in every case.

Please post your not working YAPL patch, I'll get a look.
BTW, are you sure that the version for v20 didn't work?
I've seen that it SHOULD work with no problem in v91, adaptation is needed only if you place names strings in another offsets

About checking your corrected provider7 patch... why should I check it out, when it's "corrected"?!

Anyway, sorry not before August, I'm going to holidays...

misko903 · 07-12-2005, 21:19

okay, my misunderstood

i am proud to corrected provider7, you may only admire it, not correct it

- your misunderstood

the problem is, that i dont know if it works in v20, ive tryed to apply it on v91, it doesnt work. so i was trying to dissasm it, but there isnt any difference to correct. the patch, which is posted, is the same, which is not working on v91.
wishing you NICE HOLIDAYS (in august

MagicOl · 07-13-2005, 11:45

lalo.lerry: I know you don't want to make any patches, but your corrected version of EKS is working verry good, and the Eliminate Provider Name also works good (sometimes in Screensaver mode it shows provider name, but after pressing something it disapears). I dont have now much time to make adaptation form S45 to S55 v91, cause I need to make some research in Power Electronic for my work, for you it is easy to make patch whitch will eliminate the text in screensaver mode after pressing any key. Will you adopt this patch? I won't ask for any other patch I prommise ;-).

belwer · 07-21-2005, 13:42

I'm trying to adapt patch from M55
that shows type and icon of incoming calls

Code:

01B6AC: FA216AB8 FA2164B7
01B8C4: DA2164B7 DA21A0B6
0DA9F6: DA9AF2C7 DA7510DD
#pragma enable old_equal_ff
55DD10: D7400700F2FBBA3C88B048B02D0B48B1
55DD20: 2D0F48B22D1348B32D1748B42D1B48B5
55DD30: 2D1FDB00E6FEA311DA9AF2C7FA757CDD
55DD40: E6FEAE11DA9AF2C7FA757CDDE6FEB411
55DD50: DA9AF2C7FA757CDDE6FEB611DA9AF2C7
55DD60: FA757CDDE6FEAA11DA9AF2C7FA757CDD
55DD70: E6FEAB11DA9AF2C7FA757CDD98E006FE
55DD80: 2A00E6FC2B00E6FD4400DA2DB2D2DB00
#pragma disable old_equal_ff

could anybody explain one instant in code:

Code:

ROM:0061A580      extp    #7, #1
ROM:0061A584      mov     r11, word_1FCBA
ROM:0061A588      mov     [-r0], r11
ROM:0061A58A      cmp     r11, #0
ROM:0061A58C      jmpr    cc_Z, loc_61A5A4
ROM:0061A58E      cmp     r11, #1
ROM:0061A590      jmpr    cc_Z, loc_61A5AA
ROM:0061A592      cmp     r11, #2
ROM:0061A594      jmpr    cc_Z, loc_61A5B0
ROM:0061A596      cmp     r11, #3
ROM:0061A598      jmpr    cc_Z, loc_61A5B6
ROM:0061A59A      cmp     r11, #4
ROM:0061A59C      jmpr    cc_Z, loc_61A5BC
ROM:0061A59E      cmp     r11, #5
ROM:0061A5A0      jmpr    cc_Z, loc_61A5C2
ROM:0061A5A2      rets
ROM:0061A5A4 ; ───────────────────────────────────────────────────────────────────────────
ROM:0061A5A4
ROM:0061A5A4 loc_61A5A4:      ; CODE XREF: ROM:0061A58Cj
ROM:0061A5A4      mov     r14, #11A3h
ROM:0061A5A8      jmpr    cc_UC, loc_61A5C6
ROM:0061A5AA ; ───────────────────────────────────────────────────────────────────────────
ROM:0061A5AA
ROM:0061A5AA loc_61A5AA:      ; CODE XREF: ROM:0061A590j
ROM:0061A5AA      mov     r14, #11AEh
ROM:0061A5AE      jmpr    cc_UC, loc_61A5C6
ROM:0061A5B0 ; ───────────────────────────────────────────────────────────────────────────
ROM:0061A5B0
ROM:0061A5B0 loc_61A5B0:      ; CODE XREF: ROM:0061A594j
ROM:0061A5B0      mov     r14, #11B4h
ROM:0061A5B4      jmpr    cc_UC, loc_61A5C6
ROM:0061A5B6 ; ───────────────────────────────────────────────────────────────────────────
ROM:0061A5B6
ROM:0061A5B6 loc_61A5B6:      ; CODE XREF: ROM:0061A598j
ROM:0061A5B6      mov     r14, #11B6h
ROM:0061A5BA      jmpr    cc_UC, loc_61A5C6
ROM:0061A5BC ; ───────────────────────────────────────────────────────────────────────────
ROM:0061A5BC
ROM:0061A5BC loc_61A5BC:      ; CODE XREF: ROM:0061A59Cj
ROM:0061A5BC      mov     r14, #11AAh
ROM:0061A5C0      jmpr    cc_UC, loc_61A5C6
ROM:0061A5C2 ; ───────────────────────────────────────────────────────────────────────────
ROM:0061A5C2
ROM:0061A5C2 loc_61A5C2:      ; CODE XREF: ROM:0061A5A0j
ROM:0061A5C2      mov     r14, #10ABh
ROM:0061A5C6
ROM:0061A5C6 loc_61A5C6:      ; CODE XREF: ROM:0061A5A8j
ROM:0061A5C6      ; ROM:0061A5AEj ...
ROM:0061A5C6      calls   0CFh, unk_CFDDB2
ROM:0061A5CA      mov     r14, [r0+]
ROM:0061A5CC      add     r14, #2Ah ; '*'
ROM:0061A5D0      add     r12, #2Bh ; '+'
ROM:0061A5D4      mov     r13, #44h ; 'D'
ROM:0061A5D8      calls   72h, unk_72C316
ROM:0061A5DC      rets

value from RAM (07:3CBA) is moving to R11, but what contents it while incoming call? how could I find the similar address for S55? ???
I think I found all points to procedures correctly.
thanx

belwer · 07-21-2005, 14:13

hi,
does anybody know how to disable vibra while incoming cell broadcast message and only in this case? .g. play sound but without vibra.
thanx

misko903 · 07-30-2005, 13:06

hi belwer, trying to solve the same problem 10 days ago. maybe should help RAM backup from M55. i haven't it...

lalo.lerry · 07-30-2005, 23:57

Quote:

Originally Posted by belwer

I'm trying to adapt patch from M55
that shows type and icon of incoming calls

Code:

01B6AC: FA216AB8 FA2164B7
01B8C4: DA2164B7 DA21A0B6
0DA9F6: DA9AF2C7 DA7510DD
#pragma enable old_equal_ff
55DD10: D7400700F2FBBA3C88B048B02D0B48B1
55DD20: 2D0F48B22D1348B32D1748B42D1B48B5
55DD30: 2D1FDB00E6FEA311DA9AF2C7FA757CDD
55DD40: E6FEAE11DA9AF2C7FA757CDDE6FEB411
55DD50: DA9AF2C7FA757CDDE6FEB611DA9AF2C7
55DD60: FA757CDDE6FEAA11DA9AF2C7FA757CDD
55DD70: E6FEAB11DA9AF2C7FA757CDD98E006FE
55DD80: 2A00E6FC2B00E6FD4400DA2DB2D2DB00
#pragma disable old_equal_ff

could anybody explain one instant in code:

Code:

ROM:0061A580      extp    #7, #1
ROM:0061A584      mov     r11, word_1FCBA
ROM:0061A588      mov     [-r0], r11
ROM:0061A58A      cmp     r11, #0
ROM:0061A58C      jmpr    cc_Z, loc_61A5A4
ROM:0061A58E      cmp     r11, #1
ROM:0061A590      jmpr    cc_Z, loc_61A5AA
ROM:0061A592      cmp     r11, #2
ROM:0061A594      jmpr    cc_Z, loc_61A5B0
ROM:0061A596      cmp     r11, #3
ROM:0061A598      jmpr    cc_Z, loc_61A5B6
ROM:0061A59A      cmp     r11, #4
ROM:0061A59C      jmpr    cc_Z, loc_61A5BC
ROM:0061A59E      cmp     r11, #5
ROM:0061A5A0      jmpr    cc_Z, loc_61A5C2
ROM:0061A5A2      rets
ROM:0061A5A4 ; ───────────────────────────────────────────────────────────────────────────
ROM:0061A5A4
ROM:0061A5A4 loc_61A5A4:      ; CODE XREF: ROM:0061A58Cj
ROM:0061A5A4      mov     r14, #11A3h
ROM:0061A5A8      jmpr    cc_UC, loc_61A5C6
ROM:0061A5AA ; ───────────────────────────────────────────────────────────────────────────
ROM:0061A5AA
ROM:0061A5AA loc_61A5AA:      ; CODE XREF: ROM:0061A590j
ROM:0061A5AA      mov     r14, #11AEh
ROM:0061A5AE      jmpr    cc_UC, loc_61A5C6
ROM:0061A5B0 ; ───────────────────────────────────────────────────────────────────────────
ROM:0061A5B0
ROM:0061A5B0 loc_61A5B0:      ; CODE XREF: ROM:0061A594j
ROM:0061A5B0      mov     r14, #11B4h
ROM:0061A5B4      jmpr    cc_UC, loc_61A5C6
ROM:0061A5B6 ; ───────────────────────────────────────────────────────────────────────────
ROM:0061A5B6
ROM:0061A5B6 loc_61A5B6:      ; CODE XREF: ROM:0061A598j
ROM:0061A5B6      mov     r14, #11B6h
ROM:0061A5BA      jmpr    cc_UC, loc_61A5C6
ROM:0061A5BC ; ───────────────────────────────────────────────────────────────────────────
ROM:0061A5BC
ROM:0061A5BC loc_61A5BC:      ; CODE XREF: ROM:0061A59Cj
ROM:0061A5BC      mov     r14, #11AAh
ROM:0061A5C0      jmpr    cc_UC, loc_61A5C6
ROM:0061A5C2 ; ───────────────────────────────────────────────────────────────────────────
ROM:0061A5C2
ROM:0061A5C2 loc_61A5C2:      ; CODE XREF: ROM:0061A5A0j
ROM:0061A5C2      mov     r14, #10ABh
ROM:0061A5C6
ROM:0061A5C6 loc_61A5C6:      ; CODE XREF: ROM:0061A5A8j
ROM:0061A5C6      ; ROM:0061A5AEj ...
ROM:0061A5C6      calls   0CFh, unk_CFDDB2
ROM:0061A5CA      mov     r14, [r0+]
ROM:0061A5CC      add     r14, #2Ah ; '*'
ROM:0061A5D0      add     r12, #2Bh ; '+'
ROM:0061A5D4      mov     r13, #44h ; 'D'
ROM:0061A5D8      calls   72h, unk_72C316
ROM:0061A5DC      rets

value from RAM (07:3CBA) is moving to R11, but what contents it while incoming call? how could I find the similar address for S55? ???
I think I found all points to procedures correctly.
thanx

IMHO, RAM location 07:3CBA contains values 0-5 (and probably others) that corrispond to association between caller number and if is stored in phone and in which entry (phone, mobile, etc..) this number is stored in addressbook

You can try to find this RAM location in S55 by:
1.studing firmware, as author did for M55 (very long)
2.studing RAM (very long too)
3.searching it by byte pattern comparization in 2 fws (quick but could be unsuccesfull)

Using the 3th method I found that that RAM location SHOULD be 07:14B2 in S55v91.
You can check if I'm right and it's values using Acid debugger
Bye

Lalo

belwer · 08-02-2005, 05:42

Quote:

Originally Posted by lalo.lerry

You can try to find this RAM location in S55 by:
1.studing firmware, as author did for M55 (very long)
2.studing RAM (very long too)
3.searching it by byte pattern comparization in 2 fws (quick but could be unsuccesfull)

Using the 3th method I found that that RAM location SHOULD be 07:14B2 in S55v91.
You can check if I'm right and it's values using Acid debugger

thanx to you lalo.lerry!
but this RAM location is not correct pointer, it contents always value = 1 while incoming call :-(
I tried to find a place in M55 firmware where there is a record to this address (07:3CBA) in RAM to the purpose to find the similar instructions in S55 firmware, but has not found.
Could I use SiemensDebugger (I have it on my harddisk) to studying RAM or it is better to use other tool like mentioned by you Acid debugger? Do it works by BFB protocol or it required CGSN_Debugger patch?

lalo.lerry · 08-02-2005, 06:08

Uhmm... yes, I found it also in S45i and also here it's value is always 1.
Certainly is related to a flag (related to caller/calling ID?) but I don't know which.
So, this is not the right RAM location.
Probably byte pattern searching isn't usable (or I made an error) this time, try to search it more accurately.

Ehm... I writed Acid Debugger but intended Siemens Debugger, I use this latter one for RAM exploring. You can use both programs, but Siemens Debugger is certainly more user friendly.

Please post the original M55 patch in patch format, I want to check it by my own
Bye

Lalo

07-21-2005, 14:13	#311 (permalink)
belwer Junior Member Join Date: Sep 2004 Age: 51 Posts: 20 Member: 81025 Status: Offline Thanks Meter: 0	Disable vibra on CB messages hi, does anybody know how to disable vibra while incoming cell broadcast message and only in this case? .g. play sound but without vibra. thanx

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
M55 flash patching(Thread for discussing)	zdob	x4x, x5x Flashpatching	880	01-25-2010 05:37
X6x Flash patching(THE Thread for discussing) :	zdob	x6x and x7x Flashpatching	196	09-04-2006 19:12
SL55 flash patching (Thread for discussing)	3aTmr	x4x, x5x Flashpatching	29	03-21-2006 20:40
S55 flash with wrong flash file.	WillGsm	E-Gold Based Phones	2	01-29-2005 13:58

07-09-2005, 18:47	#302 (permalink)
misko903 Freak Poster Join Date: Oct 2004 Location: Slovakia Age: 41 Posts: 219 Member: 89407 Status: Offline Thanks Meter: 0	@magicol: lalo is right, there is conflict with patch v_view_sms_and_missed_calls_while_keys_locked.vkp lalo is right. @lalo: thx for your great patches and ideas. my borrowed S45i phone is now STEALED. f***ing stealers! and as u2 sings: and i still havent found what i am looking for: differences in YAPL. still not adapted. maybe first settings of conditions?: 21A000: E6 FF 86 01 : mov r15, #186h ;move #186h to r15 because in your patch for S45i there are another values for mov.

07-10-2005, 08:28	#303 (permalink)
lalo.lerry No Life Poster Join Date: Jan 2004 Location: Italy Age: 49 Posts: 1,018 Member: 50673 Status: Offline Thanks Meter: 2	@MagicOl: Yes, I can. There are many ways to obtain what you are asking, but the easiest is: First apply v_view_sms_and_missed_calls_while_keys_locked, than apply 6B022E: DC49D4C8 FA7BC090 3B90C0: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF DC49D478020046F714003D0FF0C8F0D9 3B90D0: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 08C4DC5DD49C0200A88CDC49D4780400 3B90E0: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 46F793012D05E01CDACF70A9DA64EA4F 3B90F0: FFFFFFFF FA72A44E that is my Eliminate Keylock Screen routine, with a different starting point. For deleting second line operator name in stand-by, use this: 3252AA: D460 0D42 BTW, another method less "brutal" for deleting first line operator name instead that patch, deleting it only if in standby and if phone is is normal mode (not netserching, not GPRS mode....), is to use: 32526E: D4C0 0D15 @Misko: Really? I'm very sorry for you... you MUST have a S-ME45 in your phone collection... About YAPL, are you sure there isn't yet the S55 version? Anyway, post here more didasmed patch because I cannot find that point Bye Lalo

07-11-2005, 06:17	#305 (permalink)
lalo.lerry No Life Poster Join Date: Jan 2004 Location: Italy Age: 49 Posts: 1,018 Member: 50673 Status: Offline Thanks Meter: 2	@misko: please post also always the patch in "patch format". Some patch parts is missing, anyway: r15:r14 is used here as pointer to Profile Name string address in Page:Offest format. (while r13:r12 is pointer to RAM text buffer in unicode format, ready to output) So, if you store profile name at address 0x21A060, that is 0x61A060 in big FuBu ("normal"): address 0x61A060 = Page: Offset 186:2060 so r14 should be setted to 2060h r15 should be setted to 186h So, set these registers according to where you are going to place the names strings. Easy, isn't it? NOTE: 1. 000D:034C=mem_3434C= RAM location where is stored profile in use (permamently - there is also one temporary): byte 2.Why are you adapting that YAPL version? I like much more mine v3, this one. It's shaper, cleverer and much more byte saving than that one Bye Lalo

07-12-2005, 06:31	#307 (permalink)
lalo.lerry No Life Poster Join Date: Jan 2004 Location: Italy Age: 49 Posts: 1,018 Member: 50673 Status: Offline Thanks Meter: 2	@misko: Ahahahah... here wasn't a link, but I underlayment... I wanted to point to focus that in this case r15:r14 is a pointer to RAM buffer, but not in every case. Please post your not working YAPL patch, I'll get a look. BTW, are you sure that the version for v20 didn't work? I've seen that it SHOULD work with no problem in v91, adaptation is needed only if you place names strings in another offsets About checking your corrected provider7 patch... why should I check it out, when it's "corrected"?! Anyway, sorry not before August, I'm going to holidays...

07-12-2005, 21:19	#308 (permalink)
misko903 Freak Poster Join Date: Oct 2004 Location: Slovakia Age: 41 Posts: 219 Member: 89407 Status: Offline Thanks Meter: 0	okay, my misunderstood i am proud to corrected provider7, you may only admire it, not correct it - your misunderstood the problem is, that i dont know if it works in v20, ive tryed to apply it on v91, it doesnt work. so i was trying to dissasm it, but there isnt any difference to correct. the patch, which is posted, is the same, which is not working on v91. wishing you NICE HOLIDAYS (in august

07-13-2005, 11:45	#309 (permalink)
MagicOl Junior Member Join Date: Aug 2004 Age: 47 Posts: 18 Member: 78176 Status: Offline Thanks Meter: 0	lalo.lerry: I know you don't want to make any patches, but your corrected version of EKS is working verry good, and the Eliminate Provider Name also works good (sometimes in Screensaver mode it shows provider name, but after pressing something it disapears). I dont have now much time to make adaptation form S45 to S55 v91, cause I need to make some research in Power Electronic for my work, for you it is easy to make patch whitch will eliminate the text in screensaver mode after pressing any key. Will you adopt this patch? I won't ask for any other patch I prommise ;-).

07-30-2005, 13:06	#312 (permalink)
misko903 Freak Poster Join Date: Oct 2004 Location: Slovakia Age: 41 Posts: 219 Member: 89407 Status: Offline Thanks Meter: 0	hi belwer, trying to solve the same problem 10 days ago. maybe should help RAM backup from M55. i haven't it...

08-02-2005, 06:08	#315 (permalink)
lalo.lerry No Life Poster Join Date: Jan 2004 Location: Italy Age: 49 Posts: 1,018 Member: 50673 Status: Offline Thanks Meter: 2	Uhmm... yes, I found it also in S45i and also here it's value is always 1. Certainly is related to a flag (related to caller/calling ID?) but I don't know which. So, this is not the right RAM location. Probably byte pattern searching isn't usable (or I made an error) this time, try to search it more accurately. Ehm... I writed Acid Debugger but intended Siemens Debugger, I use this latter one for RAM exploring. You can use both programs, but Siemens Debugger is certainly more user friendly. Please post the original M55 patch in patch format, I want to check it by my own Bye Lalo