N70 ROM disassembly - GSM-Forum

E32Dll · 08-11-2006, 11:36

Hi all
The group THC published a file with the memory dump from Nokia N70 phones, which I could not find.
Nevertheless I extracted it and used IDA to dissasemble the file
Z:/System/Libs/ekern.exe
The interesting part is that I found names for the routines.
Note that this is only a reduced list. There are about 1900 routines.
I have names for almost all of them, but didn't include in this listing.
If you find this interesting, just contact me at
E32Dll-at-yahoo-dot-com
Thanks
50009020 = start
5000A6A0 = ImpHal__StartupReason_TMachineStartupType_ref_
5000A6B8 = ImpHal__RamSize_void_
5000A6C4 = ImpHal__DebugMask_void_
5000A6D0 = ImpHal__SetDebugMask_ulong_
5000A73C = ImpHal__TickPeriod_TTimeIntervalMicroSeconds32_ref _
5000A818 = ImpHal__Init1_void_
5000A98C = ImpHal__Init3_void_
5000ACC8 = ImpHal__DisableIrqsToLevel2_void_
5000ACDC = ImpHal__RestoreIrqs_int_
5000ACF4 = ImpHal__Init4_void_
5000AE44 = THelen__SetI2CController_TI2C_p__
5000AE54 = THelen__TheI2CController_void_
5000B598 = THelen__Register32_uint_
5000B5A0 = THelen__SetRegister16_uint_ushort_
5000B5A8 = THelen__ModifyRegister8_uint_unsigned_char_unsigne d_char_
5000B8D0 = THelen__GetDPLLFrequency_uint_
5000B94C = THelen__IrqPending_uint_
5000B954 = THelen__FiqPending_uint_
5000B95C = THelen__SetIntLevel_uint_uint_
5000B96C = THelen__ModifyIntMask_uint_uint_uint_
5000B998 = THelen__ReadIntMask_uint_
5000B9A0 = THelen__AcknowledgeInt_uint_uint_
5000B9B0 = THelen__AcknowledgeInt_2_uint_uint_
5000B9C0 = THelen__GetInthReg_uint_uint_
5000B9D4 = THelen__SetCLKMReg_uint_uint_
5000B9E0 = THelen__GetCLKMReg_uint_
5000B9E4 = THelen__ClearCLKMReg_uint_uint_
5000B9EC = THelen__UpdateCLKMReg_uint_uint_
5000C32C = THelen__GetTCIFRegister_uint_
5000C33C = THelen__SetSDRAMState_THelen__TSDRAMState_
5000CCAC = TTickInt__TickComplete_void_p__
5000CF68 = ImpPic__Init1_void_
5000D098 = ImpPic__Init3_void_
5000D178 = ImpPic__GetID_TDesC8_const_ref_
5000D5FC = Arm__IrqDispatch_void_
5000DE44 = global_constructors_keyed_to_namesOMAP1509
5000F140 = ImpPsu__ExternalPowerPresent_void_
5000F148 = ImpPsu__MainBatteryMaxMilliVolts_void_
5000F168 = ImpPsu__BackupBatteryMaxMilliVolts_void_
5000F188 = ImpPsu__MainBatteryStatus_void_
5000F190 = ImpPsu__MainBatteryMilliVolts_void_
5000F198 = ImpPsu__BackupBatteryStatus_void_
5000F1A0 = ImpPsu__BackupBatteryMilliVolts_void_
5000F1A8 = ImpPsu__CheckPowerSupplies_void_
5000F320 = P__MicroSecondsToTicks_int_
5000F7B4 = ImpAsic__Panic_THelenPanic_
5000F7E8 = Asic__LowBattery_void_
5000F800 = Asic__HandleLowBattery_void_
5000F8EC = ImpHal__InitSystemTime_TTime_const_ref_
500105A8 = ImpExc__CheckCritical_int_TExcInfo_const_ref_void_ p__int_
50010630 = ImpExc__AdjustRegisters_void_p__
50010B98 = _ArmVectorSwi_void_
50010DD8 = _ArmVectorIrq_void_
5001101C = _ArmVectorFiq_void_
500112F4 = dispatchDfcAndReschedule_void_
500113A4 = _ArmVectorReset_void_
500113AC = _ArmVectorReserved_void_
500113D4 = _ArmVectorAbortPrefetch_void_
500116AC = ImpHal__GetPartnerOSVectors_TPartnerOS_ref_
500119C4 = drainWriteBuffer_void_
50011A30 = ImpMmu__RoundToChunkSize_ulong_
50011A44 = ImpMmu__RoundToPageSize_ulong_
50011A58 = ImpMmu__PagesToEndOfPageTable_ulong_
50011A68 = ImpMmu__LinearToPhysical_ulong_
50011AF8 = ImpMmu__Init1_void_
50011BE4 = ImpMmu__Init2_void_
50012900 = ImpMmu__ClearRamDrive_void_
50012924 = ImpMmu__FlushShadow_void_
50012DF0 = ImpHal__NewChunkL_int_TChunkType_DProcess_p__
50013D50 = ImpHal__NewThreadL_void_p__int_
500140C4 = ExecHandler__TrapHandler_void_
500140D4 = ExecHandler__SetTrapHandler_TTrapHandler_p__
500157EC = Debug__WriteMemory_DThread_p__void_p__void_const_p __int_
5001612C = Exc__Dispatch_int_TExcInfo_const_ref_void_p__int_
500162D4 = Exc__Fault_int_TExcInfo_const_ref_void_p__int_
500165A4 = Plat__DebugMask_void_
500165A8 = P__SetDebugMask_ulong_
500169AC = Hal__MachineInfo_TMachineInfoV2_ref_
500169C8 = Hal__MemoryInfo_TMemoryInfoV1_ref_
50016A08 = Hal__SupplyInfo_TSupplyInfoV1_ref_
5001706C = Hal__TotalRamInBytes_void_
50017078 = Hal__TotalRomInBytes_void_
50017084 = Hal__MaxFreeRamInBytes_void_
50017090 = Hal__FreeRamInBytes_void_
500170A8 = Hal__RomVersion_void_
500170BC = Hal__XYInputType_void_
500170C0 = Hal__DisplaySizeInPixels_void_
500170D4 = Hal__MachineUniqueId_void_
500170EC = Hal__MainBatteryMilliVolts_void_
500170F0 = Hal__MainBatteryMaxMilliVolts_void_
500170F4 = Hal__BackupBatteryMaxMilliVolts_void_
500170F8 = Hal__BackupBatteryStatus_void_
500170FC = Hal__BackupBatteryMilliVolts_void_
50017100 = Hal__ExternalPowerPresent_void_
50017104 = Hal__Flags_void_
5001710C = Hal__TickPeriod_TTimeIntervalMicroSeconds32_ref_
50017124 = Hal__Init1_void_
50017208 = Hal__ColdStart_void_
50017218 = Hal__AddProtected_int_ref_int_
500172B0 = j_ImpPic__Init1_void_
500172B4 = j_ImpPic__Init3_void_
500172B8 = Pic__Dispatch_int_
5001732C = Pic__Bind_TInterrupt_ref_TDesC8_const_ref_
500173C4 = Pic__UnBind_TInterrupt_ref_
500174BC = Pic__CheckedEnable_int_
5001751C = Pic__Disable_int_
50017548 = Pic__Enable_int_
500179A4 = Psu__Init1_void_
500179AC = j_ImpMmu__Init1_void_
50018110 = Mmu__FreeRamInBytes_void_
50018138 = Mmu__MapRomL_ulong_ulong_int_
5001813C = Mmu__ReMap_ulong_ulong_
50018140 = P__NewChunkL_int_TChunkType_DProcess_p__
500181C8 = DPlatChunk__DPlatChunk_void_
500181F0 = DPlatChunk__Dest_DPlatChunk_void_
50018200 = DPlatChunk__Destruct_void_
500182C0 = DPlatChunk__DoCreate_int_TChunkType_
500189BC = DPlatChunk__Read_int_void_p__int__const
500189D0 = DPlatChunk__Write_int_void_const_p__int_
50019080 = DLibrary__DataInfo_int_TModuleInfo_ref_
50019130 = DLibrary__InitialiseData_int_DProcess_p__
50019530 = DPlatLibrary__CreateGenericDataChunkL_TLoaderInfo_ ref_
5001A3F4 = P__FindRomRootDirectory_void_
5001A4B4 = ExecHandler__RomRootDirectoryAddress_void_
5001A4C4 = ExecHandler__RomHeaderAddress_void_
5001A4CC = j_ImpHal__Init4_void_
5001A5B0 = P__Initialise_void_
5001AB28 = TInterrupt__Enable_void_
5001AB38 = TInterrupt__Disable_void_
5001AB5C = TInterrupt__Bind_TDesC8_const_ref_
5001D1D8 = PP__Panic_PP__TPlatPanic_
5001D37C = Plat__CurrentThread_void_
5001D3A4 = Plat__Fault_TDesC16_const_ref_int_
5001D468 = RPlatHeapK__FixedHeap_void_p__int_
5001D880 = j_ImpHal__DisableIrqsToLevel2_void_
5001D884 = j_ImpHal__RestoreIrqs_int_
5001D888 = j_Hal__ExternalPowerPresent_void_
5001D894 = Plat__SetDebugger_DDebugger_p__
5001DA94 = DChunk__DChunk_void_
5001DABC = DChunk__Create_CObject_p__DProcess_p__TDesC16_cons t_p__int_TChunkType_
50020A80 = ExecHandler__At_TTime_const_ref_TRequestStatus_ref _
50020AA0 = ExecHandler__Language_void_
50020B58 = ExecHandler__CurrencySymbol_TDes16_ref_
50020B64 = ExecHandler__SetCurrencySymbol_TDesC16_const_ref_
50020FD0 = ExecHandler__SetDebugMask_ulong_
50020FD4 = ExecHandler__DebugMask_void_
5002CFDC = DThread__System_void__const
5002E5FC = DThread__IsExceptionHandled_TExcType_
5002FBB8 = Kern__HomeTimeOffset_void_
50031C84 = stub_TPtrC16__TPtrC16_ushort_const_p__
50031C90 = stub_TPtrC8__TPtrC8_unsigned_char_const_p__
50031C9C = stub_TInt64__TInt64_int_
50031CC0 = stub_TBufBase16__TBufBase16_int_
50031CCC = stub_TDes16__Copy_TDesC16_const_ref_
50031D08 = stub_Mem__FillZ_void_p__int_
50031DB0 = stub_TDesC8__Compare_TDesC8_const_ref__const
50031ED0 = stub_TDblQueIterBase__TDblQueIterBase_TDblQueBase_ ref_
50031F54 = stub_TDesC16__Ptr_void__const
50032014 = stub_User__HandleException_void__p___TExcType__TEx cType_
50032020 = stub_TInt64__operatorequal_int_
5003202C = stub_TInt64__operator_p__TInt64_const_ref__const
50032050 = stub_TInt64__operator__TInt64_const_ref__const
5003205C = stub_TInt64__GetTInt_void__const
5003208C = stub_TTime__operatorplus_TTimeIntervalSeconds__con st
500321A0 = stub_CObjectCon__AddL_CObject_p__
500321AC = stub_TBufBase16__TBufBase16_TDesC16_const_ref_int_
500321B8 = stub_TUidType__operatorarrayint__const
500321C4 = stub_TUid__operatorequalequal_TUid_const_ref__cons t

Zaihtam · 08-11-2006, 16:29

It was from the symbian images. it might be usefull to crack some program, or write a MMC password bruteforce...

08-11-2006, 11:36	#1 (permalink)
E32Dll Junior Member Join Date: Jul 2006 Posts: 2 Member: 318677 Status: Offline Thanks Meter: 0	N70 ROM disassembly Hi all The group THC published a file with the memory dump from Nokia N70 phones, which I could not find. Nevertheless I extracted it and used IDA to dissasemble the file Z:/System/Libs/ekern.exe The interesting part is that I found names for the routines. Note that this is only a reduced list. There are about 1900 routines. I have names for almost all of them, but didn't include in this listing. If you find this interesting, just contact me at E32Dll-at-yahoo-dot-com Thanks 50009020 = start 5000A6A0 = ImpHal__StartupReason_TMachineStartupType_ref_ 5000A6B8 = ImpHal__RamSize_void_ 5000A6C4 = ImpHal__DebugMask_void_ 5000A6D0 = ImpHal__SetDebugMask_ulong_ 5000A73C = ImpHal__TickPeriod_TTimeIntervalMicroSeconds32_ref _ 5000A818 = ImpHal__Init1_void_ 5000A98C = ImpHal__Init3_void_ 5000ACC8 = ImpHal__DisableIrqsToLevel2_void_ 5000ACDC = ImpHal__RestoreIrqs_int_ 5000ACF4 = ImpHal__Init4_void_ 5000AE44 = THelen__SetI2CController_TI2C_p__ 5000AE54 = THelen__TheI2CController_void_ 5000B598 = THelen__Register32_uint_ 5000B5A0 = THelen__SetRegister16_uint_ushort_ 5000B5A8 = THelen__ModifyRegister8_uint_unsigned_char_unsigne d_char_ 5000B8D0 = THelen__GetDPLLFrequency_uint_ 5000B94C = THelen__IrqPending_uint_ 5000B954 = THelen__FiqPending_uint_ 5000B95C = THelen__SetIntLevel_uint_uint_ 5000B96C = THelen__ModifyIntMask_uint_uint_uint_ 5000B998 = THelen__ReadIntMask_uint_ 5000B9A0 = THelen__AcknowledgeInt_uint_uint_ 5000B9B0 = THelen__AcknowledgeInt_2_uint_uint_ 5000B9C0 = THelen__GetInthReg_uint_uint_ 5000B9D4 = THelen__SetCLKMReg_uint_uint_ 5000B9E0 = THelen__GetCLKMReg_uint_ 5000B9E4 = THelen__ClearCLKMReg_uint_uint_ 5000B9EC = THelen__UpdateCLKMReg_uint_uint_ 5000C32C = THelen__GetTCIFRegister_uint_ 5000C33C = THelen__SetSDRAMState_THelen__TSDRAMState_ 5000CCAC = TTickInt__TickComplete_void_p__ 5000CF68 = ImpPic__Init1_void_ 5000D098 = ImpPic__Init3_void_ 5000D178 = ImpPic__GetID_TDesC8_const_ref_ 5000D5FC = Arm__IrqDispatch_void_ 5000DE44 = global_constructors_keyed_to_namesOMAP1509 5000F140 = ImpPsu__ExternalPowerPresent_void_ 5000F148 = ImpPsu__MainBatteryMaxMilliVolts_void_ 5000F168 = ImpPsu__BackupBatteryMaxMilliVolts_void_ 5000F188 = ImpPsu__MainBatteryStatus_void_ 5000F190 = ImpPsu__MainBatteryMilliVolts_void_ 5000F198 = ImpPsu__BackupBatteryStatus_void_ 5000F1A0 = ImpPsu__BackupBatteryMilliVolts_void_ 5000F1A8 = ImpPsu__CheckPowerSupplies_void_ 5000F320 = P__MicroSecondsToTicks_int_ 5000F7B4 = ImpAsic__Panic_THelenPanic_ 5000F7E8 = Asic__LowBattery_void_ 5000F800 = Asic__HandleLowBattery_void_ 5000F8EC = ImpHal__InitSystemTime_TTime_const_ref_ 500105A8 = ImpExc__CheckCritical_int_TExcInfo_const_ref_void_ p__int_ 50010630 = ImpExc__AdjustRegisters_void_p__ 50010B98 = _ArmVectorSwi_void_ 50010DD8 = _ArmVectorIrq_void_ 5001101C = _ArmVectorFiq_void_ 500112F4 = dispatchDfcAndReschedule_void_ 500113A4 = _ArmVectorReset_void_ 500113AC = _ArmVectorReserved_void_ 500113D4 = _ArmVectorAbortPrefetch_void_ 500116AC = ImpHal__GetPartnerOSVectors_TPartnerOS_ref_ 500119C4 = drainWriteBuffer_void_ 50011A30 = ImpMmu__RoundToChunkSize_ulong_ 50011A44 = ImpMmu__RoundToPageSize_ulong_ 50011A58 = ImpMmu__PagesToEndOfPageTable_ulong_ 50011A68 = ImpMmu__LinearToPhysical_ulong_ 50011AF8 = ImpMmu__Init1_void_ 50011BE4 = ImpMmu__Init2_void_ 50012900 = ImpMmu__ClearRamDrive_void_ 50012924 = ImpMmu__FlushShadow_void_ 50012DF0 = ImpHal__NewChunkL_int_TChunkType_DProcess_p__ 50013D50 = ImpHal__NewThreadL_void_p__int_ 500140C4 = ExecHandler__TrapHandler_void_ 500140D4 = ExecHandler__SetTrapHandler_TTrapHandler_p__ 500157EC = Debug__WriteMemory_DThread_p__void_p__void_const_p __int_ 5001612C = Exc__Dispatch_int_TExcInfo_const_ref_void_p__int_ 500162D4 = Exc__Fault_int_TExcInfo_const_ref_void_p__int_ 500165A4 = Plat__DebugMask_void_ 500165A8 = P__SetDebugMask_ulong_ 500169AC = Hal__MachineInfo_TMachineInfoV2_ref_ 500169C8 = Hal__MemoryInfo_TMemoryInfoV1_ref_ 50016A08 = Hal__SupplyInfo_TSupplyInfoV1_ref_ 5001706C = Hal__TotalRamInBytes_void_ 50017078 = Hal__TotalRomInBytes_void_ 50017084 = Hal__MaxFreeRamInBytes_void_ 50017090 = Hal__FreeRamInBytes_void_ 500170A8 = Hal__RomVersion_void_ 500170BC = Hal__XYInputType_void_ 500170C0 = Hal__DisplaySizeInPixels_void_ 500170D4 = Hal__MachineUniqueId_void_ 500170EC = Hal__MainBatteryMilliVolts_void_ 500170F0 = Hal__MainBatteryMaxMilliVolts_void_ 500170F4 = Hal__BackupBatteryMaxMilliVolts_void_ 500170F8 = Hal__BackupBatteryStatus_void_ 500170FC = Hal__BackupBatteryMilliVolts_void_ 50017100 = Hal__ExternalPowerPresent_void_ 50017104 = Hal__Flags_void_ 5001710C = Hal__TickPeriod_TTimeIntervalMicroSeconds32_ref_ 50017124 = Hal__Init1_void_ 50017208 = Hal__ColdStart_void_ 50017218 = Hal__AddProtected_int_ref_int_ 500172B0 = j_ImpPic__Init1_void_ 500172B4 = j_ImpPic__Init3_void_ 500172B8 = Pic__Dispatch_int_ 5001732C = Pic__Bind_TInterrupt_ref_TDesC8_const_ref_ 500173C4 = Pic__UnBind_TInterrupt_ref_ 500174BC = Pic__CheckedEnable_int_ 5001751C = Pic__Disable_int_ 50017548 = Pic__Enable_int_ 500179A4 = Psu__Init1_void_ 500179AC = j_ImpMmu__Init1_void_ 50018110 = Mmu__FreeRamInBytes_void_ 50018138 = Mmu__MapRomL_ulong_ulong_int_ 5001813C = Mmu__ReMap_ulong_ulong_ 50018140 = P__NewChunkL_int_TChunkType_DProcess_p__ 500181C8 = DPlatChunk__DPlatChunk_void_ 500181F0 = DPlatChunk__Dest_DPlatChunk_void_ 50018200 = DPlatChunk__Destruct_void_ 500182C0 = DPlatChunk__DoCreate_int_TChunkType_ 500189BC = DPlatChunk__Read_int_void_p__int__const 500189D0 = DPlatChunk__Write_int_void_const_p__int_ 50019080 = DLibrary__DataInfo_int_TModuleInfo_ref_ 50019130 = DLibrary__InitialiseData_int_DProcess_p__ 50019530 = DPlatLibrary__CreateGenericDataChunkL_TLoaderInfo_ ref_ 5001A3F4 = P__FindRomRootDirectory_void_ 5001A4B4 = ExecHandler__RomRootDirectoryAddress_void_ 5001A4C4 = ExecHandler__RomHeaderAddress_void_ 5001A4CC = j_ImpHal__Init4_void_ 5001A5B0 = P__Initialise_void_ 5001AB28 = TInterrupt__Enable_void_ 5001AB38 = TInterrupt__Disable_void_ 5001AB5C = TInterrupt__Bind_TDesC8_const_ref_ 5001D1D8 = PP__Panic_PP__TPlatPanic_ 5001D37C = Plat__CurrentThread_void_ 5001D3A4 = Plat__Fault_TDesC16_const_ref_int_ 5001D468 = RPlatHeapK__FixedHeap_void_p__int_ 5001D880 = j_ImpHal__DisableIrqsToLevel2_void_ 5001D884 = j_ImpHal__RestoreIrqs_int_ 5001D888 = j_Hal__ExternalPowerPresent_void_ 5001D894 = Plat__SetDebugger_DDebugger_p__ 5001DA94 = DChunk__DChunk_void_ 5001DABC = DChunk__Create_CObject_p__DProcess_p__TDesC16_cons t_p__int_TChunkType_ 50020A80 = ExecHandler__At_TTime_const_ref_TRequestStatus_ref _ 50020AA0 = ExecHandler__Language_void_ 50020B58 = ExecHandler__CurrencySymbol_TDes16_ref_ 50020B64 = ExecHandler__SetCurrencySymbol_TDesC16_const_ref_ 50020FD0 = ExecHandler__SetDebugMask_ulong_ 50020FD4 = ExecHandler__DebugMask_void_ 5002CFDC = DThread__System_void__const 5002E5FC = DThread__IsExceptionHandled_TExcType_ 5002FBB8 = Kern__HomeTimeOffset_void_ 50031C84 = stub_TPtrC16__TPtrC16_ushort_const_p__ 50031C90 = stub_TPtrC8__TPtrC8_unsigned_char_const_p__ 50031C9C = stub_TInt64__TInt64_int_ 50031CC0 = stub_TBufBase16__TBufBase16_int_ 50031CCC = stub_TDes16__Copy_TDesC16_const_ref_ 50031D08 = stub_Mem__FillZ_void_p__int_ 50031DB0 = stub_TDesC8__Compare_TDesC8_const_ref__const 50031ED0 = stub_TDblQueIterBase__TDblQueIterBase_TDblQueBase_ ref_ 50031F54 = stub_TDesC16__Ptr_void__const 50032014 = stub_User__HandleException_void__p___TExcType__TEx cType_ 50032020 = stub_TInt64__operatorequal_int_ 5003202C = stub_TInt64__operator_p__TInt64_const_ref__const 50032050 = stub_TInt64__operator__TInt64_const_ref__const 5003205C = stub_TInt64__GetTInt_void__const 5003208C = stub_TTime__operatorplus_TTimeIntervalSeconds__con st 500321A0 = stub_CObjectCon__AddL_CObject_p__ 500321AC = stub_TBufBase16__TBufBase16_TDesC16_const_ref_int_ 500321B8 = stub_TUidType__operatorarrayint__const 500321C4 = stub_TUid__operatorequalequal_TUid_const_ref__cons t

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
USB ROM driver for UB	jemmycell	Universalbox	1	03-29-2010 14:13
disassembling of 3250, 6270, 6280,N90 and N70.	singapore	Nokia Hardware & Hardware Repair	10	05-18-2009 16:42
N70 ROM help	hauzer	Nokia Base Band 5 ( BB-5 )	1	09-16-2008 02:32
N70 rom	shehan_nnn	Nokia Hardware & Hardware Repair	0	09-13-2008 15:46

08-11-2006, 16:29	#2 (permalink)
Zaihtam No Life Poster Join Date: Dec 2004 Location: 0x001FD00 Posts: 1,285 Member: 98572 Status: Offline Thanks Meter: 36	It was from the symbian images. it might be usefull to crack some program, or write a MMC password bruteforce...