GSM Shop GSM Shop
GSM-Forum  

Welcome to the GSM-Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features.
Only registered members may post questions, contact other members or search our database of over 8 million posts.

Registration is fast, simple and absolutely free so please - Click to REGISTER!

If you have any problems with the registration process or your account login, please contact contact us .

Go Back   GSM-Forum > GSM & CDMA Phones / Tablets Software & Hardware Area > Various > Siemens-Benq > Siemens-Benq Flash Patching > x4x, x5x Flashpatching

Reply
 
LinkBack Thread Tools Display Modes
Old 07-26-2004, 11:30   #31 (permalink)
Freak Poster
 
Join Date: May 2003
Location: Russia, Ekaterinburg
Age: 44
Posts: 184
Member: 29316
Status: Offline
Thanks Meter: 0

2RizaPN: If you want use this ram area for you patch C400h-C500h. this ram is not used by phone
  Reply With Quote
Old 07-26-2004, 11:47   #32 (permalink)
No Life Poster
 
Join Date: Mar 2002
Location: -[r0]-
Age: 52
Posts: 834
Member: 9891
Status: Offline
Thanks Meter: 2
@DeadManS: Thank's. Do you know other location with more than 0x100 free bytes which is not used anytime by the phone?
  Reply With Quote
Old 07-26-2004, 12:13   #33 (permalink)
Freak Poster
 
Join Date: May 2003
Location: Russia, Ekaterinburg
Age: 44
Posts: 184
Member: 29316
Status: Offline
Thanks Meter: 0
ram area i use c500h+320 for my patch translit SMS and rc-flitzers use this area for compress sms. thisram can be used for buffer like in compress sms. also see the other address from C640 with ATGSNDebugger in realtime
  Reply With Quote
Old 07-28-2004, 13:45   #34 (permalink)
Insane Poster
 
Join Date: May 2002
Age: 39
Posts: 76
Member: 12407
Status: Offline
Thanks Meter: 0
Hi,

@izapn: i got some questions about binary files:
1. are binarys loaded from mmc to RAM and then executed or are they directly executed from mmc (i suggest the first idea).
2. what RAM area is used for binarys? do you use the java memory?
3. how big can a binary be? (at DOS it was 640k)
4. is it possible to load images from b.s with the drawimg function (not the idx one)? if so, how?
5. can you explain some function witch draws strings on the screen and how to get data input...

maybe we can write binarys thar can customize the patches taht are in flash. or i can write a supernet binary version that refreshes more often than it doaes on the mainscreen *g* (just dreaming)

thx a lot for this patch.
arsh0r
  Reply With Quote
Old 07-28-2004, 13:56   #35 (permalink)
Freak Poster
 
Join Date: May 2003
Location: Russia, Ekaterinburg
Age: 44
Posts: 184
Member: 29316
Status: Offline
Thanks Meter: 0
i use ATGSNDebugger and find very intresting futures VideoRam a started at 960Ch and 1 byte = 8dots on screen try to load at this adress any byte
  Reply With Quote
Old 07-28-2004, 14:16   #36 (permalink)
No Life Poster
 
Join Date: Mar 2002
Location: -[r0]-
Age: 52
Posts: 834
Member: 9891
Status: Offline
Thanks Meter: 2
Binary File:
1. The file is loaded from MMC to RAM all bytes, and then executed from the RAM area.
2. I use RAM 0020:0000 until the end. It is not used by dictaphone, and MP3Player. But, I think yes, it is used by the java midlet.
3. I did check some pages, starting from 20 until 29 and all are filled by 00. There are something again in the page 2A. If 20-29 is really free, then binary file up to 10x16KB (160KB) will give no problem.

4. Yes, of course possible. The drawImage() function is 0xD6A45C. There are some clear example usage starting from address 0xD6B4B8, and some other location ...
5. Hehehe actually, this is the function which I really want from the beginning, but rather hard to cover, and finally. I use it in my unpublished : "Display both name + number" and "Show signal level + battery voltage" patches with the very small number font type. I will publish it soon ...

I still have no idea how to modify the firmware area byte by byte on the fly. And I think, binary file is not for fixed patching, but for additional function, just like a midlet, but in a low-level. I also mention about using language file as a patch file in another topic in this forum. Using language file, we can load bytecode in the firmware area, so it can be as a patch or a collection of add-on. I plan to use this method for building a big text reader (up to 2 x 64KB) which is possible to combine with MP3.

VideoRAM:
Hmmm, interesting information. Let's explore it ...

rizapn

Last edited by rizapn; 07-28-2004 at 15:17.
  Reply With Quote
Old 07-28-2004, 14:29   #37 (permalink)
Freak Poster
 
Join Date: May 2003
Location: Russia, Ekaterinburg
Age: 44
Posts: 184
Member: 29316
Status: Offline
Thanks Meter: 0
also check this address AC0Ch is java screen videoram
  Reply With Quote
Old 07-28-2004, 22:11   #38 (permalink)
Insane Poster
 
Join Date: May 2002
Age: 39
Posts: 76
Member: 12407
Status: Offline
Thanks Meter: 0
drawimg test

i tried to test the drawimg function in a binary, but it showed nothing. just the waiting animation in endless loop (ahh, sweet endless loop). does someody know what i did wrong?

here is my code:
Code:
test:
	mov     r12, image 
	mov     r13, #20h
	mov     [-r0], r13 ;page if image
	mov     [-r0], r12 ;address of image
	mov	r12, #0h ;x
	mov	r13, #0h ;y
	mov     r14, #1Eh ;width?
	mov     r15, #14h ;height?
	calls    0D6h, 0D6A45Ch
	add     r0, #4
endlessloop:
	jmpr	cc_UC, endlessloop
	rets
image:
dw 00000h, 00300h, 01000h, 00300h, 00900h, 00300h, 00A00h, 00300h
dw 00E00h, 00300h, 03500h, 00380h, 04600h, 00340h, 08A00h, 00320h
dw 08900h, 00320h, 01101h, 00310h, 02301h, 003FEh, 0FC07h, 003A0h
dw 000C0h, 00360h, 04000h, 00340h, 0B100h, 003A0h, 08E00h, 00320h
dw 00001h, 00310h, 00000h, 00300h, 00000h, 00300h, 00000h, 00300h
@rizapn: i'd be cool if you put some binary output mode to sfe

edit: i also tried some other stuff, but it didn't work, it was just loaded into ram and i can execute it with at+cgsn debug. also mmc access ****ed up, if i use my precious endlessloop...

cya
arsh0r

Last edited by arsh0r; 07-29-2004 at 21:45.
  Reply With Quote
Old 07-30-2004, 04:21   #39 (permalink)
No Life Poster
 
Join Date: Mar 2002
Location: -[r0]-
Age: 52
Posts: 834
Member: 9891
Status: Offline
Thanks Meter: 2
drawImage() function :

The usage is like this :
Code:
#define drawImage 0D6A45Ch

  mov  r12, #pof(imgHeader)    ; use sfe 2.27 or later, otherwise use q and p
  mov  r13, #pag(imgHeader)    ; q=pof, p=pag
  mov  [-r0], r13
  mov  [-r0], r12
  mov  r12, #0     ; X
  mov  r13, #0     ; Y
  mov  r14, #101  ; drawArea_width
  mov  r15, #80    ; drawArea_height
  calls  drawImage
  add  r0, #4
  rets

#define imgData  0eb4222h       ; just example, this is an easter-egg image data
;if you want to supply own data, just put it as a define bytes (db) here...

imgHeader:
  db 101,80        ; img_width & img_height
  db 1,0             ; leave like this
  dw pof(imgData), pag(imgData)
drawString() function:

I did publish the modified SNN: Show both Name and Number patch using drawString function. It can be used to eliminate the needed of changing (and more) images just to draw text and numbers in the screen (using well-known drawImgIdx) ... also it has a built-in centered function (so it is drawStringCentered, not drawString actually). I did not found the drawString() function yet ...

Here is the syntax:
Code:
#define drawString 0d6a358h

  mov [-r0], #fontStyle
  mov [-r0], #pag(TextBuff)
  mov [-r0], #pof(TextBuff)
  mov r12, #X  ; relatif position to r14
  mov r13, #Y
  mov r14, #drawAreaWidth
  mov r15, #drawAreaHeight
  calls drawString
  add  r0, #6
  rets
rizapn
  Reply With Quote
Old 07-30-2004, 07:58   #40 (permalink)
No Life Poster
 
trustkill's Avatar
 
Join Date: May 2003
Location: GERMANY
Age: 48
Posts: 980
Member: 27745
Status: Offline
Thanks Meter: 0
Code:
Siemens Flash Explorer v2.28 (c)Dec.03 by RizaPN <[email protected]>

File drawimage.txt (pos=0x0,sz=0x28A,rd=0x28A) buffered

Error 'Bad recheck process'
Line 3: "mov r12, #pof(imgHeader)"
0x000000: E6FC1C00
  Reply With Quote
Old 07-30-2004, 14:06   #41 (permalink)
No Life Poster
 
Join Date: Mar 2002
Location: -[r0]-
Age: 52
Posts: 834
Member: 9891
Status: Offline
Thanks Meter: 2
NEW sfe v2.30

sfe

strange Error 'Bad recheck process' ...

Most of the time, if your code has no problem, it caused by ZERO offset used to compile the file.

So, add something like this :

base 0a00000h
org 0c7e000h

if you plan to put the code in the firmware address 0c7e000h.

BTW, it is a bug in my sfe, sorry ... I just forget to solve it because I never use the zero offset for all of my patches ... I will try to correct it in the next sfe version ...

;--------- EDITED --------

OK, that sfe bug had been corrected. Download the new sfe 2.30 from http://www.geocities.com/rizapn

rizapn

Last edited by rizapn; 07-30-2004 at 15:45.
  Reply With Quote
Old 08-10-2004, 13:57   #42 (permalink)
Freak Poster
 
Join Date: May 2003
Location: Russia, Ekaterinburg
Age: 44
Posts: 184
Member: 29316
Status: Offline
Thanks Meter: 0
RizaPN please tech me how load file from MMC ? and do you know how load ringtone file to individual memory ?
  Reply With Quote
Old 08-10-2004, 15:26   #43 (permalink)
No Life Poster
 
Join Date: Mar 2002
Location: -[r0]-
Age: 52
Posts: 834
Member: 9891
Status: Offline
Thanks Meter: 2
Loading file from MMC

I don't know how to do it with the original firmware. There are fileOpen, fileRead, fileWrite, and fileClose built-in functions. But, it could turn the phone off if we call it directly.

That's why I modify some function to get access to the file function more savely.

If you already install FAM patch, the file access will be like this :
Code:
#define FACBuff  36h:3FF8h
#define BFABuff  20h:0
#define BMPString	2e2h:2285h

myReadFile_start:
	mov	r14, #pof(FACBuff)+8
	mov	r13, #pag(BFABuff)
	mov	r12, #pof(BFABuff)
	mov	r5, #seg(after_loading_func)
	mov	r4, #ofs(after_loading_func)
	extp	#pag(FACBuff), #4
	mov	[-r14], r5
	mov	[-r14], r4
	mov	[-r14], r13
	mov	[-r14], r12
	mov	r12, #0
	mov	r13, #0
	mov	[-r0], r13
	mov	[-r0], r12
	mov	r12, #pof(filename)
	mov	r13, #pag(filename)
	mov	r14, #pof(BMPString)
	mov	r15, #pag(BMPString)
	calls	0d7d912h
	add	r0, #4
	rets

after_loading_func:
;type something here to be executed after the file is loaded
	rets

filename:
	db 'A:\Misc\MyTest.txt',0
FACBuff is a temporary buffer used by FAM to distinguish between a normal fileOpen and our fileOpen (I use 36h:3FF8h in FAM, you can not modify this unless you modify the FAM patch also).

BFABuff is the buffer for fileRead content. You can select any "free" RAM, usually, I use 20:0 until 29:3FFF (used by Java midlet).

after_loading_func is the function which will be executed after the fileRead is finished, just after the original fileClose is executed. Put all your instruction which need to be executed after the file is loaded here ...

I know how to load any file (including midi ones) into the memory, but I need to search the convertMID2Tones() and playTonesMemory() function to be able to play the file after it is loaded.

Hope it is helpfull,

rizapn
  Reply With Quote
Old 08-11-2004, 05:42   #44 (permalink)
Freak Poster
 
Join Date: May 2003
Location: Russia, Ekaterinburg
Age: 44
Posts: 184
Member: 29316
Status: Offline
Thanks Meter: 0
Thanks is very helpfull
Quote:
I know how to load any file (including midi ones) into the memory, but I need to search the convertMID2Tones() and playTonesMemory() function to be able to play the file after it is loaded.
i think we try to make the one standart melody address change to address in ram, and put in this address melody from MMC and if ring melody set to this melody phone play tones loding from mmc like Calling Images patch from Chaos. for convert melody we write a function.
  Reply With Quote
Old 08-11-2004, 10:30   #45 (permalink)
Freak Poster
 
Join Date: Jun 2004
Location: Russia, Zelenograd
Age: 34
Posts: 336
Member: 70080
Status: Offline
Thanks Meter: 2
Can i on\off illumination?
I want use in java midlet.
  Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
thread Thread Starter Forum Replies Last Post
BB5 - Technical Discussion adihack Nokia Base Band 5 ( BB-5 ) 220 10-14-2011 05:31
x65 patching technical discussion Acidmrp x6x and x7x Flashpatching 42 10-10-2009 07:06
Iphone 3G Technical Discussion and SP Unlocking theory GraveSlayer iPhone 2 / iPhone 3G / iPhone 3GS 8 11-15-2008 06:04
Technical discussion sharp705sh celluniversal Sharp 0 05-17-2007 17:26
Technical discussion BB5 unlocking twisterfan Nokia Base Band 5 ( BB-5 ) 0 05-16-2007 19:36

 



All times are GMT +1. The time now is 12:48.



Powered by Searchlight © 2024 Axivo Inc.
vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
- GSM Hosting Ltd. - 1999-2023 -
Page generated in 0.21891 seconds with 10 queries

SEO by vBSEO