|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source | Search | Today's Posts | Mark Forums Read |
| LinkBack | Thread Tools | Display Modes |
07-26-2004, 12:13 | #33 (permalink) |
Freak Poster Join Date: May 2003 Location: Russia, Ekaterinburg Age: 44
Posts: 184
Member: 29316 Status: Offline Thanks Meter: 0 | ram area i use c500h+320 for my patch translit SMS and rc-flitzers use this area for compress sms. thisram can be used for buffer like in compress sms. also see the other address from C640 with ATGSNDebugger in realtime |
07-28-2004, 13:45 | #34 (permalink) |
Insane Poster Join Date: May 2002 Age: 39
Posts: 76
Member: 12407 Status: Offline Thanks Meter: 0 | Hi, @izapn: i got some questions about binary files: 1. are binarys loaded from mmc to RAM and then executed or are they directly executed from mmc (i suggest the first idea). 2. what RAM area is used for binarys? do you use the java memory? 3. how big can a binary be? (at DOS it was 640k) 4. is it possible to load images from b.s with the drawimg function (not the idx one)? if so, how? 5. can you explain some function witch draws strings on the screen and how to get data input... maybe we can write binarys thar can customize the patches taht are in flash. or i can write a supernet binary version that refreshes more often than it doaes on the mainscreen *g* (just dreaming) thx a lot for this patch. arsh0r |
07-28-2004, 13:56 | #35 (permalink) |
Freak Poster Join Date: May 2003 Location: Russia, Ekaterinburg Age: 44
Posts: 184
Member: 29316 Status: Offline Thanks Meter: 0 | i use ATGSNDebugger and find very intresting futures VideoRam a started at 960Ch and 1 byte = 8dots on screen try to load at this adress any byte |
07-28-2004, 14:16 | #36 (permalink) |
No Life Poster Join Date: Mar 2002 Location: -[r0]- Age: 52
Posts: 834
Member: 9891 Status: Offline Thanks Meter: 2 | Binary File: 1. The file is loaded from MMC to RAM all bytes, and then executed from the RAM area. 2. I use RAM 0020:0000 until the end. It is not used by dictaphone, and MP3Player. But, I think yes, it is used by the java midlet. 3. I did check some pages, starting from 20 until 29 and all are filled by 00. There are something again in the page 2A. If 20-29 is really free, then binary file up to 10x16KB (160KB) will give no problem. 4. Yes, of course possible. The drawImage() function is 0xD6A45C. There are some clear example usage starting from address 0xD6B4B8, and some other location ... 5. Hehehe actually, this is the function which I really want from the beginning, but rather hard to cover, and finally. I use it in my unpublished : "Display both name + number" and "Show signal level + battery voltage" patches with the very small number font type. I will publish it soon ... I still have no idea how to modify the firmware area byte by byte on the fly. And I think, binary file is not for fixed patching, but for additional function, just like a midlet, but in a low-level. I also mention about using language file as a patch file in another topic in this forum. Using language file, we can load bytecode in the firmware area, so it can be as a patch or a collection of add-on. I plan to use this method for building a big text reader (up to 2 x 64KB) which is possible to combine with MP3. VideoRAM: Hmmm, interesting information. Let's explore it ... rizapn Last edited by rizapn; 07-28-2004 at 15:17. |
07-28-2004, 22:11 | #38 (permalink) |
Insane Poster Join Date: May 2002 Age: 39
Posts: 76
Member: 12407 Status: Offline Thanks Meter: 0 | drawimg test i tried to test the drawimg function in a binary, but it showed nothing. just the waiting animation in endless loop (ahh, sweet endless loop). does someody know what i did wrong? here is my code: Code: test: mov r12, image mov r13, #20h mov [-r0], r13 ;page if image mov [-r0], r12 ;address of image mov r12, #0h ;x mov r13, #0h ;y mov r14, #1Eh ;width? mov r15, #14h ;height? calls 0D6h, 0D6A45Ch add r0, #4 endlessloop: jmpr cc_UC, endlessloop rets image: dw 00000h, 00300h, 01000h, 00300h, 00900h, 00300h, 00A00h, 00300h dw 00E00h, 00300h, 03500h, 00380h, 04600h, 00340h, 08A00h, 00320h dw 08900h, 00320h, 01101h, 00310h, 02301h, 003FEh, 0FC07h, 003A0h dw 000C0h, 00360h, 04000h, 00340h, 0B100h, 003A0h, 08E00h, 00320h dw 00001h, 00310h, 00000h, 00300h, 00000h, 00300h, 00000h, 00300h edit: i also tried some other stuff, but it didn't work, it was just loaded into ram and i can execute it with at+cgsn debug. also mmc access ****ed up, if i use my precious endlessloop... cya arsh0r Last edited by arsh0r; 07-29-2004 at 21:45. |
07-30-2004, 04:21 | #39 (permalink) |
No Life Poster Join Date: Mar 2002 Location: -[r0]- Age: 52
Posts: 834
Member: 9891 Status: Offline Thanks Meter: 2 | drawImage() function : The usage is like this : Code: #define drawImage 0D6A45Ch mov r12, #pof(imgHeader) ; use sfe 2.27 or later, otherwise use q and p mov r13, #pag(imgHeader) ; q=pof, p=pag mov [-r0], r13 mov [-r0], r12 mov r12, #0 ; X mov r13, #0 ; Y mov r14, #101 ; drawArea_width mov r15, #80 ; drawArea_height calls drawImage add r0, #4 rets #define imgData 0eb4222h ; just example, this is an easter-egg image data ;if you want to supply own data, just put it as a define bytes (db) here... imgHeader: db 101,80 ; img_width & img_height db 1,0 ; leave like this dw pof(imgData), pag(imgData) I did publish the modified SNN: Show both Name and Number patch using drawString function. It can be used to eliminate the needed of changing (and more) images just to draw text and numbers in the screen (using well-known drawImgIdx) ... also it has a built-in centered function (so it is drawStringCentered, not drawString actually). I did not found the drawString() function yet ... Here is the syntax: Code: #define drawString 0d6a358h mov [-r0], #fontStyle mov [-r0], #pag(TextBuff) mov [-r0], #pof(TextBuff) mov r12, #X ; relatif position to r14 mov r13, #Y mov r14, #drawAreaWidth mov r15, #drawAreaHeight calls drawString add r0, #6 rets |
07-30-2004, 07:58 | #40 (permalink) |
No Life Poster Join Date: May 2003 Location: GERMANY Age: 48
Posts: 980
Member: 27745 Status: Offline Thanks Meter: 0 | Code: Siemens Flash Explorer v2.28 (c)Dec.03 by RizaPN <[email protected]> File drawimage.txt (pos=0x0,sz=0x28A,rd=0x28A) buffered Error 'Bad recheck process' Line 3: "mov r12, #pof(imgHeader)" 0x000000: E6FC1C00 |
07-30-2004, 14:06 | #41 (permalink) |
No Life Poster Join Date: Mar 2002 Location: -[r0]- Age: 52
Posts: 834
Member: 9891 Status: Offline Thanks Meter: 2 | NEW sfe v2.30 sfe strange Error 'Bad recheck process' ... Most of the time, if your code has no problem, it caused by ZERO offset used to compile the file. So, add something like this : base 0a00000h org 0c7e000h if you plan to put the code in the firmware address 0c7e000h. BTW, it is a bug in my sfe, sorry ... I just forget to solve it because I never use the zero offset for all of my patches ... I will try to correct it in the next sfe version ... ;--------- EDITED -------- OK, that sfe bug had been corrected. Download the new sfe 2.30 from http://www.geocities.com/rizapn rizapn Last edited by rizapn; 07-30-2004 at 15:45. |
08-10-2004, 15:26 | #43 (permalink) |
No Life Poster Join Date: Mar 2002 Location: -[r0]- Age: 52
Posts: 834
Member: 9891 Status: Offline Thanks Meter: 2 | Loading file from MMC I don't know how to do it with the original firmware. There are fileOpen, fileRead, fileWrite, and fileClose built-in functions. But, it could turn the phone off if we call it directly. That's why I modify some function to get access to the file function more savely. If you already install FAM patch, the file access will be like this : Code: #define FACBuff 36h:3FF8h #define BFABuff 20h:0 #define BMPString 2e2h:2285h myReadFile_start: mov r14, #pof(FACBuff)+8 mov r13, #pag(BFABuff) mov r12, #pof(BFABuff) mov r5, #seg(after_loading_func) mov r4, #ofs(after_loading_func) extp #pag(FACBuff), #4 mov [-r14], r5 mov [-r14], r4 mov [-r14], r13 mov [-r14], r12 mov r12, #0 mov r13, #0 mov [-r0], r13 mov [-r0], r12 mov r12, #pof(filename) mov r13, #pag(filename) mov r14, #pof(BMPString) mov r15, #pag(BMPString) calls 0d7d912h add r0, #4 rets after_loading_func: ;type something here to be executed after the file is loaded rets filename: db 'A:\Misc\MyTest.txt',0 BFABuff is the buffer for fileRead content. You can select any "free" RAM, usually, I use 20:0 until 29:3FFF (used by Java midlet). after_loading_func is the function which will be executed after the fileRead is finished, just after the original fileClose is executed. Put all your instruction which need to be executed after the file is loaded here ... I know how to load any file (including midi ones) into the memory, but I need to search the convertMID2Tones() and playTonesMemory() function to be able to play the file after it is loaded. Hope it is helpfull, rizapn |
08-11-2004, 05:42 | #44 (permalink) | |
Freak Poster Join Date: May 2003 Location: Russia, Ekaterinburg Age: 44
Posts: 184
Member: 29316 Status: Offline Thanks Meter: 0 | Thanks is very helpfull Quote:
| |
Bookmarks |
Thread Tools | |
Display Modes | |
| |
Similar Threads | ||||
thread | Thread Starter | Forum | Replies | Last Post |
BB5 - Technical Discussion | adihack | Nokia Base Band 5 ( BB-5 ) | 220 | 10-14-2011 05:31 |
x65 patching technical discussion | Acidmrp | x6x and x7x Flashpatching | 42 | 10-10-2009 07:06 |
Iphone 3G Technical Discussion and SP Unlocking theory | GraveSlayer | iPhone 2 / iPhone 3G / iPhone 3GS | 8 | 11-15-2008 06:04 |
Technical discussion sharp705sh | celluniversal | Sharp | 0 | 05-17-2007 17:26 |
Technical discussion BB5 unlocking | twisterfan | Nokia Base Band 5 ( BB-5 ) | 0 | 05-16-2007 19:36 |
|