nb: try it at your own risk,.
Okay, here i'll describe how to port XIP and SYS folder to build your fresh new ROM,.
- for a newbie, why do we need to port this? "its necessary to make a new OS and build"
ex: CE OS 5.2.2000 Build 20000.1.0.0
Then lets start working out,.
What do you need?
Atom WM6 Kitchen (see the usage and how to use HERE)
Hypercore Kitchen (see the usage and how to use HERE)
M'reloc (see the usage and how to use HERE)
Already have it all?
continue this step by step then,.
You have to extract the XIP from the source that usually came from OS.nb file (downloaded ROM that have a newer OS and build), here is the step by step,.
nb: The safest way, is to change the coredll.dll only, if you wish to change all of it, its up to you,.
1. Extract XIP.BIN from the source, by using XIP_Extract found in hypercore\tools\convert\XIP_extract,.
Code:
RomMaster.exe OS.nb. -w 5 -b 0x00310000 -x -o xip.bin
---------> There, you'll see a "command program", run it, then write like above,.
2. Run "XIPPort" then select "dump xip.bin", there, you'll have a new folder named "OUT" that contains with 2 folders inside, "FILES" and "MODULES",.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
---------> What's inside the FILES folder? it is the XIP that needed for building imgfs, to create diskimage_Ver.nb0, and make your device booting,.
---------> What's inside the MODULES folder? it is the module, that your device performance and works, depend on, so becareful okay,.
3. Open M'reloc, choose module coredll.dll inside "MODULES" folder,.
---------> there, you have to change the V and D base, become atom V and D base (For Atom, V=03F4E000 , D=01FFC000)
---------> and, you have to change the V and D base, in the imageinfo.txt (inside the modules folder)
4. Copy coredll.dll and coredll.dll.txt and do the next step,.
Then, its time for you to change your diskimage_Ver.nb0 XIP, here's the step by step,.
1. Extract XIP.BIN from your diskimage_Ver.nb0, by run program "romtoolz" inside the TOOLS folder (Atom WM6 Kitchen),.
---------> Choose the source (diskimage_Ver.nb0),.
---------> Then choose where do you wan the xip.bin to be extracted,.
2. Run XIPPort (you could find it in the same folder), then select "Dump Xip.bin" , you'll see new folder created, named "OUT" that contains with 2 folders inside ("FILES" and "MODULES")
------------------- its just like step number 2 above ----------------
3. Copy the file that have been M'reloced (coredll.dll and coredll.dll.txt) into MODULES folder, then, select "Realloc P" then, select "Write Maps",.
---------> Open MAP Physical.txt, try to find, is there any "!!!!", if you have it, try to check, have you m'reloc the module correctly? and try to select "Realloc P" then "Write Maps" again,.
4. Select "build xip_out.bin" , you will have a new files named "xip.out.bin",.
------------------- Screenshot above (right) ----------------
5. Select "write xip_out.bin to:" then write like this,.
------------------- Screenshot above (right) ----------------
---------> 0018000C ----------> This is the default xip address for XDA ATOM
---------> diskimage_Ver.nb0 --> Means that the xip.out.bin will be written to the file named diskimage_Ver.nb0
nb: All this stuff must be located in one folder (diskimage, xipport, etc) or it wont work,.
----- finally, now you have a new OS ready to update your device ROM,. -----
GOOD LUCK,.
Happy ROM Cooking to all of you,.
- Kumara -
reserved,.
reserved too,.
Garmin said:
---------> 0018000C ----------> This is the default xip address for XDA ATOM
Click to expand...
Click to collapse
It's the same thing for Kaiser ?
Thanks Garmin , another STICKY! ,waiting for you to complete this btw i need the link to build 2000 too , PM me hehe
Many thx for this, looking forward to read the complete version Please upload the necessary apps or link to where to find aswell
regards
yass
MickyMax said:
It's the same thing for Kaiser ?
Click to expand...
Click to collapse
no no no no,.
its not the same,.
try to ask someone expeienced on it, try to ask the addres of OS.nb for kaiser,. is not that actually,.
but, the procedure was just same,.
thanks,.
Garmin said:
no no no no,.
its not the same,.
try to ask someone expeienced on it, try to ask the addres of OS.nb for kaiser,. is not that actually,.
but, the procedure was just same,.
thanks,.
Click to expand...
Click to collapse
Thank you
It's so nice to see this.
May I ask how to deal with in cooking the xip part of Atom XDA LIFE?
Thanks!
Thank you for the nice screenshots
Any one got a link to Jiggs's kitchen ?
Garmin, can you please upload Jigg's Kitchen?
regards
yass
lnks said:
It's so nice to see this.
May I ask how to deal with in cooking the xip part of Atom XDA LIFE?
Thanks!
Click to expand...
Click to collapse
I have posted this in the Atom Wiki: Disassembly of Other Device ROMs
http://wiki.xda-developers.com/index.php?pagename=Other_Device_ROM
BUT, as far as assembly is concerned, you have to ask an Atom Life user because there have been reports that assembly doesn't quite work.
JIGGS KITCHEN???
How many time i have reviewed that jiggs never release a kitchen in a public,.
be patient please,.
i'll upload it,.
thanks,.
ThanX bud , can you come on yahoo?
tjlabais said:
BUT, as far as assembly is concerned, you have to ask an Atom Life user because there have been reports that assembly doesn't quite work.
Click to expand...
Click to collapse
Oh no, it semms to work.
See the attached pictures. Both pictures are from Atom Life. The 1908 is from ferryboat's chinese ROM. The 1978 is the XIP from an other build by ferryboat, cooked in the original WWE build but with 4 MB PP.
scorpio16v said:
Oh no, it semms to work.
See the attached pictures. Both pictures are from Atom Life. The 1908 is from ferryboat's chinese ROM. The 1978 is the XIP from an other build by ferryboat, cooked in the original WWE build but with 4 MB PP.
Click to expand...
Click to collapse
Great job scorpio,.
New map for atom exec
Hi, bro... as we know on both atom/ exec rom we used some module from original wm5. like cecompr.dll
and i have using cecompr.dll from original wm6 hermes to my rom N-Touch. See my new map
Code:
00000000 - 01f901fd L01f901fd NUL
01f901fd - 01f901fd L00000000 Start: first DLL address
01f901fd - 01fd1000 L00040e03 NUL
01fd1000 - 01fd2000 L00001000 initialized data of region_1 ceddk.dll
01fd2000 - 01fe1000 L0000f000 initialized data of region_1 TrueFFS.dll
01fe1000 - 01fe2000 L00001000 initialized data of region_1 cecompr.dll
01fe2000 - 01fef000 L0000d000 initialized data of region_1 stratad_intel_l.dll
01fef000 - 01ff0000 L00001000 initialized data of region_1 regenum.dll
01ff0000 - 01ff1000 L00001000 initialized data of region_1 pm.dll
01ff1000 - 01ff2000 L00001000 initialized data of region_1 mspart.dll
01ff2000 - 01ff3000 L00001000 initialized data of region_1 imgfs.dll
01ff3000 - 01ff4000 L00001000 initialized data of region_1 fsreplxfilt.dll
01ff4000 - 01ff5000 L00001000 initialized data of region_1 fsdmgr.dll
01ff5000 - 01ff6000 L00001000 initialized data of region_1 fatutil.dll
01ff6000 - 01ff7000 L00001000 initialized data of region_1 fatfsd.dll
01ff7000 - 01ff8000 L00001000 initialized data of region_1 encfilt.dll
01ff8000 - 01ff9000 L00001000 initialized data of region_1 diskcache.dll
01ff9000 - 01ffa000 L00001000 initialized data of region_1 devmgr.dll
01ffa000 - 01ffc000 L00002000 initialized data of region_1 crypt32.dll
01ffc000 - 01ffd000 L00001000 initialized data of region_1 coredll.dll
01ffd000 - 01ffe000 L00001000 initialized data of region_1 certmod.dll
01ffe000 - 01fff000 L00001000 initialized data of region_1 cachefilt.dll
01fff000 - 02000000 L00001000 initialized data of region_1 busenum.dll
02000000 - 02000000 L00000000 End: last DLL address
02000000 - 03df2000 L01df2000 NUL
03df2000 - 03df8000 L00006000 Virtual base address of ceddk.dll
03df8000 - 03e44000 L0004c000 Virtual base address of TrueFFS.dll
03e44000 - 03e5a000 L00016000 Virtual base address of stratad_intel_l.dll
03e5a000 - 03e5e000 L00004000 Virtual base address of cecompr.dll
03e5e000 - 03e62000 L00004000 Virtual base address of regenum.dll
03e62000 - 03e71000 L0000f000 Virtual base address of pm.dll
03e71000 - 03e79000 L00008000 Virtual base address of mspart.dll
03e79000 - 03e83000 L0000a000 Virtual base address of imgfs.dll
03e83000 - 03e8d000 L0000a000 Virtual base address of fsreplxfilt.dll
03e8d000 - 03ea2000 L00015000 Virtual base address of fsdmgr.dll
03ea2000 - 03eab000 L00009000 Virtual base address of fatutil.dll
03eab000 - 03ebe000 L00013000 Virtual base address of fatfsd.dll
03ebe000 - 03eca000 L0000c000 Virtual base address of encfilt.dll
03eca000 - 03ed0000 L00006000 Virtual base address of diskcache.dll
03ed0000 - 03edc000 L0000c000 Virtual base address of devmgr.dll
03edc000 - 03f4e000 L00072000 Virtual base address of crypt32.dll
03f4e000 - 03fe4000 L00096000 Virtual base address of coredll.dll
03fe4000 - 03ff0000 L0000c000 Virtual base address of certmod.dll
03ff0000 - 03ffa000 L0000a000 Virtual base address of cachefilt.dll
03ffa000 - 04000000 L00006000 Virtual base address of busenum.dll
04000000 - 80580000 L7c580000 NUL
good point indeed since our ATOM imgfs only use XPR compression and no need to hanle LZX Decompress method, can save 8192 bytes for imgfs modules.
File struct error,
I try to "rommaster.exe os.nb ... from Hermes
but it have an error
[Error] File struct error, xip end offset is 0x7c90ee19, but file length
is 0x043aa800.
Please someone help
Related
One man has successfully integrated WM6 modules into XIP of hx4700. The result: working WM5 with WM6 modules from "msxipkernel" package (taken from Universal)
Maybe his method can help us to port WM6 on Himalaya?
(Original thread: http://4pda.ru/forum/index.php?showtopic=44886)
Here is what he did (translate from russian):
1. Take "xipport". Modified one is attached.
2. dump xip & build maps for hx4700. Save "map.txt"
3. dump xip & build maps from wm6 xip (HTC Universal or any other device)
4. Just copy all modules and those ".txt" files from msxipkernel (wm6) except "cachefilt", "encfilt", "filesys".
5. "realloc P" & write maps (it works for hx4700). If not enough mem for realloc - then increase "physlast" in "romhdr.txt"
6. In new "map.txt" addresses of regions in section "first Dll... last Dll" for 4 files in "oemxipkernel" must stay unchanged, for example:
---
01fe1000 - 01fe2000 L00001000 actual of region_1 Fsdspy.dll
01fe2000 - 01fef000 L0000d000 actual of region_1 msflash.dll
01fef000 - 01ff0000 L00001000 actual of region_2 cecompr.dll
01ff0000 - 01ff1000 L00001000 actual of region_1 ceddk.dll
---
If they are not then fix in corresponding "imageinfo.txt" value of o32[1(2)].o32_realaddr
7. Repeat the same for all files in "msxipkernel". We need that "actual of region_1" correspond with "map.txt" (wm6). For files "pm.dll" and "regenum.dll" will be "!!!!!!!!!!!!!" symbols.
8. Edit "o32[1].o32_realaddr" for "pm.dll" and "regenum.dll" to make there regions exactly concur with regions of excepted "cachefilt", "encfilt". Such a replacement. After all this section must be:
---
01fa01fe - 01fa01fe L00000000 Start: first DLL address
01fa01fe - 01fe1000 L00040e02 NUL
01fe1000 - 01fe2000 L00001000 actual of region_1 Fsdspy.dll
01fe2000 - 01fef000 L0000d000 actual of region_1 msflash.dll
01fef000 - 01ff0000 L00001000 actual of region_2 cecompr.dll
01ff0000 - 01ff1000 L00001000 actual of region_1 ceddk.dll
01ff1000 - 01ff2000 L00001000 actual of region_1 mspart.dll
01ff2000 - 01ff3000 L00001000 actual of region_1 imgfs.dll
01ff3000 - 01ff4000 L00001000 actual of region_1 fsreplxfilt.dll
01ff4000 - 01ff5000 L00001000 actual of region_1 fsdmgr.dll
01ff5000 - 01ff6000 L00001000 actual of region_1 fatutil.dll
01ff6000 - 01ff7000 L00001000 actual of region_1 fatfsd.dll
01ff7000 - 01ff8000 L00001000 actual of region_1 regenum.dll
01ff8000 - 01ff9000 L00001000 actual of region_1 diskcache.dll
01ff9000 - 01ffa000 L00001000 actual of region_1 devmgr.dll
01ffa000 - 01ffc000 L00002000 actual of region_1 crypt32.dll
01ffc000 - 01ffd000 L00001000 actual of region_1 coredll.dll
01ffd000 - 01ffe000 L00001000 actual of region_1 certmod.dll
01ffe000 - 01fff000 L00001000 actual of region_1 pm.dll
01fff000 - 02000000 L00001000 actual of region_1 busenum.dll
02000000 - 02000000 L00000000 End: last DLL address
---
9. Look into "map.txt" (Universal) to find where was the first region of "regenum"
---
01fef000 - 01ff0000 L00001000 actual of region_1 regenum.dll
---
If it was "0x1FEF000", and we changed it to "01ff7000". So we have to patch file. Edit "S000" of "regenum.dll" and fix all dword-aligned values that looks like: XX XF FE 01 to XX X7 FF 01 (so we see them in "winhex"). It can be automated with a simple script
10. Do the same for "S000" in "pm.dll"
11. Set in all "imageinfo.txt" cvalue of "e32_subsysminor" to 1.
12. Write new placement of "ROMHDR" into "S000" of "nk.exe"
13. Make ROM, flash and Try!
hx4700 wm6
hx4700 wm6, frankinstein style. interesting development anyone upto trying it?
hey Avis. He did not mention in his steps when to introduce cachefilt, etc.
could you possibly ask him to post the original XIP.bin and the WM6 XIP.bin; so, we could study further. (sorry, I don't speak Russian)
This is promising...
Jiggs
Oh, I get it. He didn't include cachefilt and stuff because he's still using WM5 system files...
step 12 is vague. write new placement of "ROMHDR" into S000 of "NK.EXE" BUT I couldn't locate any instance of the address of ROMHDR in S000!
hx4700 wm6
jiggs, sounds like you got skillz. can anyone help develop this solution? need to get more people aware of this..
jiggs said:
step 12 is vague. write new placement of "ROMHDR" into S000 of "NK.EXE" BUT I couldn't locate any instance of the address of ROMHDR in S000!
Click to expand...
Click to collapse
okay I got it. there is rom_00 hdr in map.txt those addresses are the ones I can locate in S000 nk.exe. However, I have flashed my deviced three (3) times already, but it won't boot nor even show the boot screen.
What is not clear to me is step 6. what is my reference map.txt: hima? or uni?
lyger said:
jiggs, sounds like you got skillz. can anyone help develop this solution? need to get more people aware of this..
Click to expand...
Click to collapse
tell bepe and tofclock, they're more experienced in porting...
did you use a hx4700 or a different device? Shame it didn't start-up.. anyone provide any insight on how this works?
Avis,
Could you please request for sample xip.bin's so we can study further?
Thanks in advance.
Jiggs
This method will not work in our Himalaya because we need nk.exe that is compatible with the new CORE. Unfortunately, our very old nk.exe is not compatible with WM6 CORE.
I realize this is about the Himalaya,
But does this mean we might have a working WM6 for the hx4700?
There are like thousands of people waiting on that. we've even signed petitions to try and get hp to do it :/
well if anyone needs help in porting wm6 to a wm5 device that has no wm6 kernel, i can try and help.
i've already contributed to some such projects which have been successful.
i suspect that you and Avis are the only ones working on it
http://forum.xda-developers.com/showthread.php?t=293352&page=3
Rudegar said:
i suspect that you and Avis are the only ones working on it
http://forum.xda-developers.com/showthread.php?t=293352&page=3
Click to expand...
Click to collapse
i was on holiday....how is the hx4700 port right now?
edit: ok i checked it out
For ATOM EXEC Only!
UPDATED DECEMBER 19, 2007
NEVER ATTEMPT TO UPDATE YOUR DEVICE USING SD CARD FLASHING!!!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
ROM: WM6.0 20071216A3WWE
DOWNLOAD 6MB PP (51.95 program memory) : rapidshare|mediafire
ROM: WM6.1 B19209 AKU 1.0.2 20080417A5WWE
DOWNLOAD 6MB PP (51.95 program memory) : see my signature
NOTE: IF YOU DON'T WANT TO DOWNLOAD AGAIN, YOU CAN CHANGE THE PAGEPOOL YOURSELF. INSTRUCTIONS HERE
BUG FIXES: OS 5.2.1938 (Build 18508.0.7b.0)
Features: WM6 Clean Edition
Camera Working Back.
Headset Working Back.
NETCF 3.5
New Device Software Update Utility - now you can choose what you want to update!! on this case mostly you only need either OS Only or OS + Extended ROM.
XIP Core Upgrade
Memory Boost Up to 20480 bytes.
Speed Improvement!!
Built-in SRS WOW HD
Built-in Power Management
Windows Live 10.6.33.0600
Extended ROM:
1. Fann Capture Screen Utility
2. Helmi Touch Dialer 2G
Bugs: A2DP is not 100% compatible. (some device working, some not)
Steps:
1. Uncompress the 7z file into C:\Windows\Temp
2. Verify the files, should be 6 files
3. Execute Device Software Update Utility.exe
4. Follow the rest steps.
Please charge your device after upgrade to 100% full before you comment the drain batteries on your device!!.
This UNOFFICIAL ROM is still under development and you can't expect support from it. If you can't afford to have a buggy phone, this is not for you. By flashing this TEST ROM, it means you are willing to take the risks, solve any bugs encountered yourself and report problems to this forum.
Like I had mentioned before in one of the ATOM thread, ATOM EXEC device can boost more memory. In order to do that we need to re adjust the memory address on nk.exe and giisr.dll like below (of course need to change S00x)
Code:
04000000 - 80500000 L7c500000 NUL
80500000 - 80500000 L00000000 Start: start of RAM
80500000 - 80506000 L00006000 uninitialized data of region_2 nk.exe
80506000 - 80561000 L0005b000 initialized data of region_3 nk.exe
80561000 - 80562000 L00001000 initialized data of region_1 giisr.dll
80562000 - 80562000 L00000000 ------ start of RAM free space
80562000 - 84000000 L03a9e000 NUL
84000000 - 84000000 L00000000 End: end of RAM
84000000 - 9ac00000 L16c00000 NUL
For ATOM EXEC WM6 Cooker, you may used my XIP as a reference. you may take nk.exe and giisr.dll and port into your own XIP (increase about 500 KB)
For ATOM WM6 Cooker, you also will still able to gain more memory (about 20480 byte) by using my giisr.dll
please note: don't forget credit to me when you used my nk.exe and giisr.dll
so never less, I saw quite many people know how to cook WM6 on ATOM device, well I'm happy to see that. keep working boys!!
reserved for 3rd party standard applications
Hi mate, very nice, cant wait to try it out!
homer285 said:
Hi mate, very nice, cant wait to try it out!
Click to expand...
Click to collapse
it's up now
you can update into your own xip
sad to hear that until now you wasn't able to fix the A2DP...
vickoy said:
sad to hear that until now you wasn't able to fix the A2DP...
Click to expand...
Click to collapse
I'm afraid so, till someone build/crack the new A2DP WM6 driver for ATOM/EXEC Device.
vickoy said:
sad to hear that until now you wasn't able to fix the A2DP...
Click to expand...
Click to collapse
I think someone is working on this, out of interest what's your headset brand and model #, thanks.
Woa... Nice Updated, bro! Very interesting. Will try, now!
i think the links are backwards i.e the 8mb pagepool link directs to the 6mb pagepool download and vice versa
homer285 said:
I think someone is working on this, out of interest what's your headset brand and model #, thanks.
Click to expand...
Click to collapse
I am currently using sony ericsson HBH-DS220. So far, I can still use the current driver with my headset, I just need to do some trick... like for example if I need to used it to listen to music I just need to turn it off, run iplay and then turn it back on... quite irritating but no choice.
btw, having a value of 0 in A2DP settings of JointStereo is a lot more better and giving true stereo compare to value of 1, that was being suggested from the other thread.
yung_vu said:
i think the links are backwards i.e the 8mb pagepool link directs to the 6mb pagepool download and vice versa
Click to expand...
Click to collapse
yeah right! I just downloaded the 8MB pagepool but I've got here 6MB...LoL
chartreux said:
Like I had mentioned before in one of the ATOM thread, ATOM EXEC device can boost more memory. In order to do that we need to re adjust the memory address on nk.exe and giisr.dll like below (of course need to change S00x)
Code:
04000000 - 80500000 L7c500000 NUL
80500000 - 80500000 L00000000 Start: start of RAM
80500000 - 80506000 L00006000 uninitialized data of region_2 nk.exe
80506000 - 80561000 L0005b000 initialized data of region_3 nk.exe
80561000 - 80562000 L00001000 initialized data of region_1 giisr.dll
80562000 - 80562000 L00000000 ------ start of RAM free space
80562000 - 84000000 L03a9e000 NUL
84000000 - 84000000 L00000000 End: end of RAM
84000000 - 9ac00000 L16c00000 NUL
For ATOM EXEC WM6 Cooker, you may used my XIP as a reference. you may take nk.exe and giisr.dll and port into your own XIP (increase about 500 KB)
For ATOM WM6 Cooker, you also will still able to gain more memory (about 20480 byte) by using my giisr.dll
please note: don't forget credit to me when you used my nk.exe and giisr.dll
so never less, I saw quite many people know how to cook WM6 on ATOM device, well I'm happy to see that. keep working boys!!
Click to expand...
Click to collapse
Thank you so much, downloading.......................
But it's better if you tell us how to do that ourself.
I replace my giisrd.dll by yours to my Atom, but nothing happens. what's the matter ? Do I need to change the nk.exe too ?
medkid said:
I replace my giisrd.dll by yours to my Atom, but nothing happens. what's the matter ? Do I need to change the nk.exe too ?
Click to expand...
Click to collapse
use xipport and click write map button.
chartreux said:
use xipport and click write map button.
Click to expand...
Click to collapse
I do write map but see that nothing changes
80500000 - 80500000 L00000000 Start: start of RAM
80500000 - 80506000 L00006000 uninitialized data of region_2 nk.exe
80506000 - 80561000 L0005b000 initialized data of region_3 nk.exe
80561000 - 80562000 L00001000 initialized data of region_1 giisr.dll
80562000 - 80567000 L00005000 NUL
80567000 - 80567000 L00000000 ------ start of RAM free space
80567000 - 84000000 L03a99000 NUL
84000000 - 84000000 L00000000 End: end of RAM
medkid said:
I do write map but see that nothing changes
80500000 - 80500000 L00000000 Start: start of RAM
80500000 - 80506000 L00006000 uninitialized data of region_2 nk.exe
80506000 - 80561000 L0005b000 initialized data of region_3 nk.exe
80561000 - 80562000 L00001000 initialized data of region_1 giisr.dll
80562000 - 80567000 L00005000 NUL
80567000 - 80567000 L00000000 ------ start of RAM free space
80567000 - 84000000 L03a99000 NUL
84000000 - 84000000 L00000000 End: end of RAM
Click to expand...
Click to collapse
your original XIP
Code:
04000000 - 80500000 L7c500000 NUL
80500000 - 80500000 L00000000 Start: start of RAM
80500000 - 80506000 L00006000 uninitialized data of region_2 nk.exe
80506000 - 80561000 L0005b000 initialized data of region_3 nk.exe
80561000 - 80566000 L00005000 NUL
80566000 - 80567000 L00001000 initialized data of region_1 giisr.dll
80567000 - 80567000 L00000000 ------ start of RAM free space
80567000 - 84000000 L03a99000 NUL
84000000 - 84000000 L00000000 End: end of RAM
84000000 - 9ac00000 L16c00000 NUL
and now after copy my giisr.dll, your giisr.dll address already re-adjust to 80561000 from 80566000. (save 20480 bytes)
the next step you will need to adjust start of RAM free space to 80562000 (inside ROMHDR.txt)
chartreux said:
your original XIP
Code:
04000000 - 80500000 L7c500000 NUL
80500000 - 80500000 L00000000 Start: start of RAM
80500000 - 80506000 L00006000 uninitialized data of region_2 nk.exe
80506000 - 80561000 L0005b000 initialized data of region_3 nk.exe
80561000 - 80566000 L00005000 NUL
80566000 - 80567000 L00001000 initialized data of region_1 giisr.dll
80567000 - 80567000 L00000000 ------ start of RAM free space
80567000 - 84000000 L03a99000 NUL
84000000 - 84000000 L00000000 End: end of RAM
84000000 - 9ac00000 L16c00000 NUL
and now after copy my giisr.dll, your giisr.dll address already re-adjust to 80561000 from 80566000. (save 20480 bytes)
the next step you will need to adjust start of RAM free space to 80562000 (inside ROMHDR.txt)
Click to expand...
Click to collapse
Thanks for enlightening me.
I do it and now flashing my Atom again
after flashed:it seems that I don't see any difference, although MAP.txt has changed:
80500000 - 80500000 L00000000 Start: start of RAM
80500000 - 80506000 L00006000 uninitialized data of region_2 nk.exe
80506000 - 80561000 L0005b000 initialized data of region_3 nk.exe
80561000 - 80562000 L00001000 initialized data of region_1 giisr.dll
80562000 - 80562000 L00000000 ------ start of RAM free space
80562000 - 84000000 L03a9e000 NUL
and the ROMHDR.txt:
Code:
dllfirst: D=01F901FD
dlllast: 02000000
physfirst: P=9AC00000
physlast: 9AFE2990
nummods: (00000018)
ulRAMStart: R=80500000
ulRAMFree: 80562000
ulRAMEnd: 84000000
ulCopyEntries: (00000002)
ulCopyOffset: P+00117FDC
ulProfileLen: 00000000
ulProfileOffset: 00000000
numfiles: (00000008)
ulKernelFlags: 00000002
ulFSRamPercent: 00000004
ulDrivglobStart: 00000000
ulDrivglobLen: 00000000
usCPUType: 000001C2
usMiscFlags: 00000002
pExtensions: P+0000271C
ulTrackingStart: 00000000
ulTrackingLen: 00000000
84000000 - 84000000 L00000000 End: end of RAM
downloading the 6mb pagepool and gonna try it a bit.
thnx for ur hard work chartreaux
hey man
Thanks!!!!BUT
why my camara doestn't work after the updated
When manually porting a XIP, is it safe to change the VM location without changing the physical location of a module? Also, if the answer is yes, is it safe (maybe recommended) to remove the NULs and reallocate the module's to fill the NUL's?
a) yes
b) its safe but unnecessary. if you collapse the modules between physlast and ramfree (and then move up ramfree) that space will be allocated to free ram. however it has no other effect on performance.
the nul space between physfirst and physlast is only to fill out the block size and cant be collapsed.
Ok, thanks. Porting makes a lot more sense now. Now, on to b.) I was just referring to the NUL spaces between modules, I don't think I'm ready for the freeing RAM part yet. But let me ask you this, I ported a Titan from device xip 20931 and Donor of 21232. Can you look at my MAP.txt and tell me if it looks good to you? (I went ahead and removed the NUL's just in case, I thought they might have been bad). I know this is in the Rapheal thread, but apparently, I was porting my Touch Pro's without issue (except for the NUL's that I thought might need to go) because they weren't getting overlaps.
I really appreciate your feedback.
View attachment MAP.zip
in what address spaces are you collapsing nul ?
there are no overlaps in your map
Yeah, there aren't any more. I re allocated to fill in the NUL's between modules in both the virtual and physical. I also had to make enough space (0xc000) for imgfs.dll since I couldn't even get XIPport to make a map.txt with it in there originally due to either the physical or virtual overlaps from that module. It caused XIPPortto error out. I removed the imgfs.dll from the folder, ran realloc P and finally got my map.txt. Then, I "Jimmy'd" it in there manually by using some of the NUL spaces and reallocating other modules.
For reference, here are the NUL's I am referring to. This is part of the map.txt from a Vogue Donor 21501 and a Herman 20771 test xip I made:
02000000 - 03db2000 L01db2000 NUL
03db2000 - 03dbb000 L00009000 Virtual base address of wce_rex.DLL
03dbb000 - 03dc2000 L00007000 Virtual base address of smem.dll
03dc2000 - 03dc9000 L00007000 Virtual base address of relfsd.dll
03dc9000 - 03dce000 L00005000 Virtual base address of MMMAP.dll
03dce000 - 03dd5000 L00007000 Virtual base address of htcfsfilter.DLL
03dd5000 - 03dda000 L00005000 Virtual base address of GxDMA.dll
03dda000 - 03df9000 L0001f000 Virtual base address of FLASHDRV.DLL
03df9000 - 03e49000 L00050000 Virtual base address of DDI.dll
03e49000 - 03e4f000 L00006000 Virtual base address of ceddk.dll
03e4f000 - 03e53000 L00004000 Virtual base address of cecompr.dll
03e53000 - 03e57000 L00004000 Virtual base address of regenum.dll
03e57000 - 03e66000 L0000f000 Virtual base address of pm.dll
03e66000 - 03e6e000 L00008000 Virtual base address of mspart.dll
03e6e000 - 03e7e000 L00010000 NUL
03e7e000 - 03e8a000 L0000c000 Virtual base address of imgfs.dll
03e8a000 - 03e94000 L0000a000 Virtual base address of fsreplxfilt.dll
03e94000 - 03eaa000 L00016000 Virtual base address of fsdmgr.dll
03eaa000 - 03eb3000 L00009000 Virtual base address of fatutil.dll
03eb3000 - 03ec6000 L00013000 Virtual base address of fatfsd.dll
03ec6000 - 03ecc000 L00006000 Virtual base address of diskcache.dll
03ecc000 - 03ed8000 L0000c000 Virtual base address of devmgr.dll
03ed8000 - 03f4a000 L00072000 Virtual base address of crypt32.dll
03f4a000 - 03fe1000 L00097000 Virtual base address of coredll.dll
03fe1000 - 03fef000 L0000e000 Virtual base address of certmod.dll
03fef000 - 03ffa000 L0000b000 Virtual base address of cachefilt.dll
03ffa000 - 04000000 L00006000 Virtual base address of busenum.dll
04000000 - 80000000 L7c000000 NUL
There is a 64KB dead space there (red). Do I gain anything by bothering to reallocate all the modules above the NUL at 03e7e000 up (or down the list) another 0x10000, thereby pushing that 64KB dead space into the top NUL (blue) ?
Same goes for physical.
Update:
Actually, after doing some further reading, I would only gain 24KB of space by collapsing the NUL between physlast and RAM free. It currently is at 802da000 - 802e0000 with a length of L00006000 on the Titan port I made.
New Visual Kitchen PRB project for Iolite(T4242)
This is a new tool based on bepes PRB(platformrebuilder.exe), simpler and more suitable for novice to use.
Is a function of PRB expansion, OEM package can be selected.Easier to use than the EVK,
Use the steps:
1. Download this Iolite_Kitchen.rar, unzip it to your disk,
2. Refer to EXT, OEM, ROM, SYS folder structure to EXT, OEM, ROM, SYS replaced by the new version.
3. Alternative RELEASE brush machine tools, it would be renamed as Ruu.exe.
4. Open the DIY ROM Utility.exe, to set the screen, SET paths and patterns \ Ext TYPE = Ext \ * \ *.
5. To change the menu SYS or XIP, began to compile (build).
Note:
The default setting is applied to Iolite,You can change the LZX support or SET XIP PP size, others you can not set the.For more information, please see HELP.
Download:
http://hotfile.com/dl/17155390/c2da454/Iolite_RK.rar.html
Update:
http://forum.xda-developers.com/showthread.php?t=573778
Thanks to:
bepe for his platformrebuilder.exe
Ervius for his implantxip.exe
Donate:
If you think this tool is good, you can donate this project.thanks.
https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=9003653
Contact me:
MSN: [email protected]
E-mail: [email protected]
XIP inserts settings (recommended)
1.PRB default: (..\TOOLS\implantxip xip.bin OS.nb.payload)
A: Set Nb type=os.nb.payload ; set extra=NBMerge ; set NBMerge=Kaiser ; set tool=Imgfs_xxx
B: Set Nb type=os.nb ; set extra=osnbtool ; NBMerge not set ; set tool=osnbtool
2.EVK mode:
A: Nb type is os.nb.payload ; set extra=NBMerge ; set NBMerge=Kaiser ; set tool=Imgfs_xxx
3.osnbtool: (..\TOOLS\osnbtool -c OS.nb.payload 1 xip.bin)
A: Set Nb type=os.nb ; set extra=osnbtool ; NBMerge not set ; set tool=osnbtool
I recommend using OSNBTOOL, it can automatically adjust NB partition size, free up space.
Nice work. I am watching your kitchen for some time and it is becoming better and better. Looks more tidy than ervius'es one.
What is MTYPE for GSmart S1205 .
(I need becouse i`m trying install Android, if anybody can give me some tips please reply it too)
Based on htt p:/ /ww w.arm.linux.org.uk/developer/machines/ the GSmart S1205 processor mach type is 2754 (the phone has a Mediatek MT6516 / 416MHz processor).
MTYPE = Mach Type = 2754 Meditek 65XX Series mt65xx Howard Chen
But it still hangs.
Code:
[B]This is my Haret default.txt:[/B]
# Display some greeting message
print "Welcome to Handheld Reverse Engineering Tool!"
print "Some basic info about your PDA:"
print "Processor Mach Type is %d" MTYPE
print "MMU L1 descriptor table address is %08x" MMU
# MMU L1 descriptor table address is 02650000
print "Video RAM address is %08x" VRAM
# Video RAM address is 0174b000
print "Current Process ID is %d" PID
# Current Process ID is 16
#print "CPU identification register (p15 r0) is %08x" CP(15,0)
# CPU identification register (p15 r0) is 00000075
# Fill top ten scan lines (the run bar) with some color
#vfh VRAM 240*10 0x0099
# EXCEPTION while writing 00000099 to address 0174B000
set RAMADDR 0xa0000000
set MTYPE 2754
set KERNEL zImage
set initrd initrd.gz
#
# The following kernel parameters are useful
# ppp.nostart - Set ppp.nostart=1 to disable starting the ppp connection on boot
# msm_sdcc.msmsdcc_fmax - The maximum frequency (in Hz) used by the SD controller
# pm.sleep_mode - The mode used when the phone is off
# 0=Power Collapse Suspend, 1=Power Collapse, 2=Apps Sleep,
# 3=Slow Clock and Wait for Interrupt 4=Wait for Interrupt
# Default is 3, use 0 for best power savings
# board-htcvogue.panel_type - Panel type used to power the panel off and on
# 1=Hitachi 2=Topoly 3=Samsung
# clock-7x00.mddi - MDDI clock (try 0xa51 or 0xe2c)
# clock-7x00.ahb_div - Advanced Host Bus divider, default is 4
# 2 is faster but uses more power
# clock-7x00.a11 - ARM11 clock speed in MHz, best to leave this alone
# lcd.density - Defaults to 160, 128 shows more on screen
# vogue-ts.XMIN - xmin value for the touchscreen calibration. Also YMIN, XMAX, YMAX, PMIN, PMAX.
#
# Probably the only one of these you will need to change is the panel type, NZ Vogues seem to all have type 1
# US Sprint vogues usually have type 2 or 3 I think.
# Make sure you add these between the quotes on the following line and that your editor hasn't split the line up.
set cmdline "ppp.nostart=0 mddi.width=240 mddi.height=400 pm.sleep_mode=0 no_console_suspend"
boot
This is my Haret log:
Code:
Running WSAStartup
Starting gui
In initdialog
Found machine Generic ARM 926
executing startup.txt
HaRET(2)# print "Welcome to Handheld Reverse Engineering Tool!"
Welcome to Handheld Reverse Engineering Tool!
HaRET(3)# print "Some basic info about your PDA:"
Some basic info about your PDA:
HaRET(4)# print "MMU L1 descriptor table address is %08x" MMU
MMU L1 descriptor table address is 02650000
HaRET(5)# print "Video RAM address is %08x" VRAM
Video RAM address is 0174b000
HaRET(6)# print "Current Process ID is %d" PID
Current Process ID is 16
HaRET(11)# set RAMADDR 0xa0000000
HaRET(12)# set MTYPE 2754
HaRET(13)# set KERNEL zImage
HaRET(14)# set initrd initrd.gz
HaRET(35)# set cmdline "ppp.nostart=0 mddi.width=240 mddi.height=400 pm.sleep_mode=0 no_console_suspend"
HaRET(36)# boot
boot KERNEL=zImage INITRD=initrd.gz
Opening file zImage
Opening file initrd.gz
boot params: RAMADDR=a0000000 RAMSIZE=06000000 MTYPE=2754 CMDLINE='ppp.nostart=0 mddi.width=240 mddi.height=400 pm.sleep_mode=0 no_console_suspend'
Boot FB feedback: 1
Built virtual to physical page mapping
Allocated 663 pages (tags=54000000/053ce000 kernel=54001000/053cd000 initrd=54168000/05630000 index=54293000/0575b000)
Built kernel tags area
Built page index
Video buffer at 4C600000 sx=240 sy=400 mx=60 my=66
Video Phys FB=0174b000 Fonts=0575d064
[email protected]/0575e000 sj=54296000 stack=54294000/0575c000 data=54295000/0575d000 exec=0575e128
Reading 1469884 bytes...
Read complete
Reading 1222150 bytes...
Read complete
Launching to physical address 0575e010
Trampoline setup ([email protected]/200255f4/034465f4)
MMU setup: mmu=A6650000/02650000
Go Go Go...
You using Gsmart S1205?
I used your default.txt and nothing happens . its wirting "Booting Linux" and when bar is filled it just "freezed" . So i need to Soft Reset phone
Like i said "But it still hangs.", mine isn't working too. I think i need to recompile e newer kernel to the zImage.
For Gigabyte GSmart S1205 we need to compile the android-2.6.36 version, because in arch/arm/tools/mach-types file the MT65xx with the MTYPE 2754 is only there, i will try to compile it this week, hope that will work.
And not only a newer kernel is necessary, but a new HaRET compiled from source that will recognise the machine (trying to make one now).
This is not yet implemented, help needing information about MT6516 processor (GPIO table, ecc.). I will work on it.
Here i founded info
pdadb*.*net/index*.*php?m=cpu&id=a6516&c=mediatek_mt6516
remove * and paste in URL bar
Thanks, found that page a while ago, too. But would be nice to find the MT6156 processors datasheet.
For now i managed to make a patch for Haret to recognize the machine, but still it freezes:
========================================================================
Code:
diff -Naur haret/include/arch-arm.h haret-new/include/arch-arm.h
--- haret/include/arch-arm.h 2010-11-23 18:23:03.000000000 +0200
+++ haret-new/include/arch-arm.h 2011-03-02 12:05:02.936418632 +0200
@@ -37,4 +37,7 @@
int detect();
};
+// Aliases
+class MachineMT6516 : public Machine926 {
+};
#endif // arch-arm.h
diff -Naur haret/Makefile haret-new/Makefile
--- haret/Makefile 2010-11-23 18:23:03.000000000 +0200
+++ haret-new/Makefile 2011-03-02 12:38:27.628418500 +0200
@@ -45,7 +45,7 @@
RC = $(BASE)/bin/arm-mingw32ce-windres
RCFLAGS = -r -l 0x409 -Iinclude
-CXX = $(BASE)/bin/arm-mingw32ce-g++
+CXX = $(BASE)/bin/arm-mingw32ce-gcc
STRIP = $(BASE)/bin/arm-mingw32ce-strip
DLLTOOL = $(BASE)/bin/arm-mingw32ce-dlltool
diff -Naur haret/src/l1trace.cpp haret-new/src/l1trace.cpp
--- haret/src/l1trace.cpp 2010-11-23 18:23:03.000000000 +0200
+++ haret-new/src/l1trace.cpp 2011-03-02 12:06:09.529418186 +0200
@@ -212,12 +212,12 @@
if (Bbit(insn)) {
addrsize = 1;
asm("swpb %0, %1, [%2]"
- : "=r" (readval)
+ : "=&r" (readval)
: "r" (writeval), "r" (newaddr));
} else {
addrsize = 4;
asm("swp %0, %1, [%2]"
- : "=r" (readval)
+ : "=&r" (readval)
: "r" (writeval), "r" (newaddr));
}
setReg(regs, mask_Rd(insn), readval);
diff -Naur haret/src/mach/arch-arm.cpp haret-new/src/mach/arch-arm.cpp
--- haret/src/mach/arch-arm.cpp 2010-11-23 18:23:03.000000000 +0200
+++ haret-new/src/mach/arch-arm.cpp 2011-03-02 11:59:31.285419224 +0200
@@ -35,6 +35,10 @@
{
name = "Generic ARM 926";
flushCache = cpuFlushCache_arm926;
+ arm6mmu = 0;
+ archname = "MT65XX";
+ CPUInfo[0] = L"MT6516";
+ //customStartFunc = ????;
}
int
diff -Naur haret/src/mach/arch-s3.cpp haret-new/src/mach/arch-s3.cpp
--- haret/src/mach/arch-s3.cpp 2010-11-23 18:23:03.000000000 +0200
+++ haret-new/src/mach/arch-s3.cpp 2011-03-02 12:18:06.349418721 +0200
@@ -307,7 +307,7 @@
if (SDMA_SEL) {
sdma_sel = SDMA_SEL[0];
fb_printf(fbi,"%s: SDMA_SEL=%x", __func__, sdma_sel);
- if (sdma_sel == 0xcfffffff)
+ if ((uint32)sdma_sel == 0xcfffffff)
//SDMA disabled
ctrl_count = 2;
diff -Naur haret/src/mach/machlist.txt haret-new/src/mach/machlist.txt
--- haret/src/mach/machlist.txt 2010-11-23 18:23:03.000000000 +0200
+++ haret-new/src/mach/machlist.txt 2011-03-02 12:32:53.729419070 +0200
@@ -108,6 +108,7 @@
DX900, S3c6400 ,DX900V040, DX900
X900, S3c6400 ,V900V050, ACER_ETEN_X900
M900, S3c6410 ,M900V030;GT-I8000, ACER_TEMPO_M900
+Cougar, MT6516 ,GIGABYTE gSmart, MT65XX
PLATFORM=Jupiter
Jornada820, SA ,"HP, Jornada 820", JORNADA820
diff -Naur haret/src/memcmds.cpp haret-new/src/memcmds.cpp
--- haret/src/memcmds.cpp 2010-11-23 18:23:03.000000000 +0200
+++ haret-new/src/memcmds.cpp 2011-03-02 12:39:37.785419504 +0200
@@ -241,11 +241,11 @@
TRY_EXCEPTION_HANDLER {
if (bitval)
{
- *(uint32*)vaddr |= (1 << bitnr - 1);
+ *(uint32*)vaddr |= ((1 << bitnr) - 1);
}
else
{
- *(uint32*)vaddr &= ~(1 << bitnr - 1);
+ *(uint32*)vaddr &= ~((1 << bitnr) - 1);
}
} CATCH_EXCEPTION_HANDLER {
Output(C_ERROR "EXCEPTION while writing bit %d at address %p",
diff -Naur haret/tools/buildmachs.py haret-new/tools/buildmachs.py
--- haret/tools/buildmachs.py 2010-11-23 18:23:03.000000000 +0200
+++ haret-new/tools/buildmachs.py 2011-03-02 12:04:38.641418478 +0200
@@ -58,6 +58,7 @@
#include "arch-imx.h"
#include "arch-sa.h"
#include "arch-msm.h"
+#include "arch-arm.h"
#include "mach-types.h"
#include "script.h" // runMemScript
========================================================================
And here is the Haret log:
Code:
===== HaRET pre-0.5.3-20110302_124009 =====
Setting KMode to true.
Old KMode was 0
Finished initializing output
Loading dynamically bound functions
Function 'AllocPhysMem' in library 'coredll' at 0x3f62364
Function 'FreePhysMem' in library 'coredll' at 0x3f623d0
Function '[email protected]@[email protected]@[email protected]' in library 'gx' at 0x2023a38
Function '[email protected]@YAHXZ' in library 'gx' at 0x2023e78
Function '[email protected]@YAPAXXZ' in library 'gx' at 0x20232f4
Function '[email protected]@YAHXZ' in library 'gx' at 0x20233b8
Function 'LoadLibraryExW' in library 'coredll' at 0x3f6250c
Function 'NLedSetDevice' in library 'coredll' at 0x3f89b2c
Function 'GetSystemPowerStatusEx2' in library 'coredll' at 0x3f68e90
Function 'SleepTillTick' in library 'coredll' at 0x3f6242c
Function 'CreateToolhelp32Snapshot' in library 'toolhelp' at 0x262605c
Function 'CloseToolhelp32Snapshot' in library 'toolhelp' at 0x262607c
Function 'Process32First' in library 'toolhelp' at 0x2626148
Function 'Process32Next' in library 'toolhelp' at 0x26261b4
Function 'Module32First' in library 'toolhelp' at 0x2626348
Function 'Module32Next' in library 'toolhelp' at 0x26263b8
Function 'Heap32ListFirst' in library 'toolhelp' at 0x2626454
Function 'Heap32ListNext' in library 'toolhelp' at 0x26264dc
Function 'Heap32First' in library 'toolhelp' at 0x2626574
Function 'Heap32Next' in library 'toolhelp' at 0x2626628
Unable to load library 'ace_ddi'
Unable to load library 'ace_ddi'
Unable to load library 'ace_ddi'
Unable to load library 'ace_ddi'
Unable to load library 'ace_ddi'
Unable to load library 'ace_ddi'
Unable to load library 'ace_ddi'
Unable to load library 'ace_ddi'
Unable to load library 'clkregim'
Detecting current machine
Trying to detect machine (Plat='PocketPC' OEM='GIGABYTE gSmart')
Wince reports processor: core=MediaTek name=MT6516 cat= vend=MediaTek Inc
Looking at machine Alpine
Looking at machine Apache
Looking at machine AximX50
Looking at machine AximX5
Looking at machine Beetles
Looking at machine Blueangel
Looking at machine Himalaya
Looking at machine Magician
Looking at machine Universal
Looking at machine H1910
Looking at machine H1940
Looking at machine RX1950
Looking at machine H2200
Looking at machine H3600b
Looking at machine H3700
Looking at machine H3800
Looking at machine H3900
Looking at machine H4000
Looking at machine H4300
Looking at machine H5000
Looking at machine H6340
Looking at machine HX2000
Looking at machine HX4700
Looking at machine Sable
Looking at machine Wizard
Looking at machine Hermes
Looking at machine Trinity
Looking at machine Athena
Looking at machine G500
Looking at machine Artemis
Looking at machine Herald
Looking at machine Prophet
Looking at machine RX3000
Looking at machine Treo700wx
Looking at machine Treo850w
Looking at machine Treo850e
Looking at machine e310
Looking at machine e740
Looking at machine Acer_n30
Looking at machine Mio_P550
Looking at machine Kaiser
Looking at machine Loox5xx
Looking at machine Loox400
Looking at machine MioA701
Looking at machine Wallaby
Looking at machine Raphael
Looking at machine SGH_i900
Looking at machine Leo
Looking at machine Topaz
Looking at machine Rhodium
Looking at machine Jornada9xx0
Looking at machine Acer_S200
Looking at machine M800
Looking at machine X800
Looking at machine DX900
Looking at machine X900
Looking at machine M900
Looking at machine Cougar
Detecting ram size
WinCE reports memory size 100663296 (phys=77144064 store=130306048)
Mapping mmu table
Build L1 reverse map
Found 397 uncached and 397 cached L1 mappings (ignored 1).
Not registering command IGPIO
Not registering command WG|PIO
Not registering command GPLR
Not registering command GPDR
Not registering command GAFR
Not registering command GPIO
Not registering command GPIOST
Registering command LOADLIBRARYEX
Registering command NLEDSET
Not registering command TRACE
Not registering command TRACEMASK
Not registering command TRACE2
Not registering command TRACETYPE
Not registering command TRACE2TYPE
Not registering command TRACEFORWATCH
Not registering command INSN
Not registering command INSNREENABLE
Not registering command INSNREG1
Not registering command INSNREG2
Not registering command INSN2
Not registering command INSN2REENABLE
Not registering command INSN2REG1
Not registering command INSN2REG2
Registering command KILL
Registering command PS
Registering command LSMOD
Registering command ADDR2MOD
Not registering command AC97
Not registering command ATIDBG
Not registering command EIM
Not registering command GPIO
Not registering command WB|ANK
Not registering command GPLR
Not registering command GPDR
Not registering command GPPUD
Not registering command GPSDR
Not registering command GPSPUD
Not registering command GPIOS
Not registering command GPIOSOUT
Not registering command GPIOST
Not registering command MSMCLKKHZ
Initializing for machine 'Cougar'
HaRET(1)# Welcome, this is HaRET pre-0.5.3-20110302_124009 running on WindowsCE v5.2
Minimal virtual address: 0x10000, maximal virtual address: 0x7fffffff
Detected machine Cougar/MT65XX (Plat='PocketPC' OEM='GIGABYTE gSmart')
CPU is ARM ARM arch 5TEJ stepping 5 running in system mode
Enter 'HELP' for a short command summary.
Running WSAStartup
Starting gui
In initdialog
Found machine Cougar
executing startup.txt
HaRET(1)# set RAMSIZE 0x08000000
HaRET(2)# set RAMADDR 0x08000000
HaRET(3)# set MTYPE 2754
HaRET(4)# set FBDURINGBOOT 0
HaRET(5)# set KERNEL zImage
HaRET(6)# set INITRD initrd.gz
HaRET(7)# set CMDLINE "debug rootdelay=10 root=/dev/ram0 console=tty0 mem=128M ppp.nostart=0 lcd.density=120 pm.sleep_mode=0 no_console_suspend"
HaRET(10)# print "Some basic info about your PDA:"
Some basic info about your PDA:
HaRET(11)# print "Processor Mach Type is %d" MTYPE
Processor Mach Type is 2754
HaRET(12)# print "MMU L1 descriptor table address is %08x" MMU
MMU L1 descriptor table address is 02650000
HaRET(13)# print "Video RAM address is %08x" VRAM
Video RAM address is 0174b000
HaRET(14)# print "Current Process ID is %d" PID
Current Process ID is 22
HaRET(18)# boot
boot KERNEL=zImage INITRD=initrd.gz
Opening file zImage
Opening file initrd.gz
boot params: RAMADDR=08000000 RAMSIZE=08000000 MTYPE=2754 CMDLINE='debug rootdelay=10 root=/dev/ram0 console=tty0 mem=128M ppp.nostart=0 lcd.density=120 pm.sleep_mode=0 no_console_suspend'
Boot FB feedback: 0
Built virtual to physical page mapping
Allocated 1109 pages (tags=0x54500000/0567d000 kernel=0x54501000/0567c000 initrd=0x54825000/05963000 index=0x54950000/05a8e000)
Built kernel tags area
Built page index
Tags will be at offset 0x00000100 (0xf00)
Kernel will be at offset 0x00008000 (0x323a48)
Initrd will be at offset 0x00508000 (0x12a606)
[email protected]/05a92000 sj=0x54954278 stack=0x54952000/05a90000 data=0x54953000/05a91000 exec=05a923b8
Reading 3291720 bytes...
Read complete
Reading 1222150 bytes...
Read complete
Launching to physical address 05a92288
Trampoline setup ([email protected]/2c02b994/02ccc994)
MMU setup: mmu=0xa6650000/02650000
Go Go Go...
So your Gsmart S1205 working propertly?
MrXLR8 said:
So your Gsmart S1205 working propertly?
Click to expand...
Click to collapse
Like I said "but still it freezes" . When it will work I will write it in bold, i put data here for other people to see and maybe help me in getting the needed data to build Haret for GSmart S1205 / MT6516/MTK6516 processor, the last Android Kernel (or at least the last Linux Kernel has drivers for this processor), but I need GPIO table and specific IRQs.
so? got anything working? its like month ago
), no, because the android kernel source code for the MT6516 processor is only in China, and I haven't found anyone that would share it (they don't care about license of the kernel), only found compiled kernel, i'm trying to create a source code from the processor's datasheet (more than 1500 pages) and from assembler code found in the compiled kernel. So, will take a long long time. Maybe it doesn't worth to run Android on this type of processor, who knows....
I managed to extract the make config of the kernel compilation and initramfs.cpio
can i help you with something , or can you leave your email or skype?
s1205 Android
Hello. I, too, on the s1205 was unable to run. If you can please let know about your successes. Thanks in advance.
I don't suppose you could point me in the direction of a copy of the datasheet? I'm trying to make some changes on a different MT6516-based device, and I reckon a look at that datasheet could help somewhat. But the only copies I've found are on chinese forums that require some kind of virtual currency to download...
jh3141 said:
I don't suppose you could point me in the direction of a copy of the datasheet? I'm trying to make some changes on a different MT6516-based device, and I reckon a look at that datasheet could help somewhat. But the only copies I've found are on chinese forums that require some kind of virtual currency to download...
Click to expand...
Click to collapse
If you need just datasheet, I've found some docs. Can send you if you need.
how about rom extraction
hi guys, how about figuring out how to extract the flash.bin for gsmart s1205? anyone?
http://forum.xda-developers.com/showthread.php?t=708746
i don't know if this can help you, but i found a PDA with MT6516 processor, and it has android, the link to the firmware/driver ht*tp://ww*w.vkam*obi.com/a5000_refresh.rar (remowe the *)
neocska said:
i don't know if this can help you, but i found a PDA with MT6516 processor, and it has android, the link to the firmware/driver ht*tp://ww*w.vkam*obi.com/a5000_refresh.rar (remowe the *)
Click to expand...
Click to collapse
Hello. I, too have s1205 but not unable to run. If you can please let know about your successes. Thanks in advance.
Rom extraction - only from spec cable:
1. Pinout special contacts under accu:
From left to right: 1- Gnd, 2- Tx, 3-Rx, next symmetric 4 - Rx, 5 - Tx, 6 - Gnd
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Connect s1205 with Serial->USB to comp.
2. Flasher:
h..p://4pda.ru/forum/dl/post/1011438/SP_Flash_Tool_v1.1110.00_new_mcp.7z
3. run flasher
2. go to tab "Read back"
3. remove all task button "remove"
4. press button "Add"
5. 2 Click on stroke - select where save dump, press "save", in textbox "Length" - write 0х10000000
6. On tab "baudrate" select speed (std 115200 b/s, can 460?)
7. See in comp manag number of com port of cable and write this number in number port in flasher.
8. Press "Read back" and get rom(1) file without ext.
Do not start memory test in flasher!!! it's destroy you s1205.