Database Users

Object Store

Recently, I took a copy of the object store in my PPC. I am trying to figure out the structure to the header:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 01 00 00 00 45 4B 49 4D 45 4B 49 4D 00 E0 0A 92 ....EKIMEKIM.à.’
00000010 00 B0 BD 03 00 40 00 00 00 00 00 00 00 00 00 00 .°½[email protected]
00000020 00 00 00 00 00 B0 CA 93 00 D0 6C 95 00 50 00 42 .....°Ê“.Ðl•.P.B
00000030 00 00 00 00 03 00 00 00 CA 00 00 00 00 00 00 00 ........Ê.......
00000040 00 09 04 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 01 00 00 00 54 EE 05 42 96 02 00 00 ........Tî.B–...
00000070 02 00 00 00 01 00 00 00 AC E8 05 42 60 0A 00 50 .........B`..P
00000080 04 00 00 00 01 00 00 00 C0 EF 5E 42 0D 00 00 00 ........Àï^B....
00000090 04 00 00 00 01 00 00 00 C4 EF 5E 42 00 00 00 00 ........Äï^B....
000000A0 04 00 00 00 01 00 00 00 E4 39 56 42 00 00 00 00 ........ä9VB....
000000B0 04 00 00 00 01 00 00 00 38 31 56 42 00 00 00 00 ........81VB....
000000C0 04 00 00 00 01 00 00 00 3C 31 56 42 77 01 C4 6E ........<1VBw.Än
000000D0 04 00 00 00 01 00 00 00 DC 39 56 42 28 02 9A 9B ........Ü9VB(.š›
000000E0 04 00 00 00 01 00 00 00 E0 39 56 42 33 31 6F 31 ........à9VB31o1
000000F0 04 00 00 00 01 00 00 00 C8 68 41 42 7D E1 55 10 ........ÈhAB}áU.
00000100 04 00 00 00 01 00 00 00 74 3E 4E 42 3D 16 00 00 ........t>NB=...
00000110 04 00 00 00 01 00 00 00 78 3E 4E 42 04 00 0C 00 ........x>NB....
As you can see, there is a structure to it and I don't know where it is defined. Please help.

Did you try comparing it to any of the structures in Platform Builder?

extract from raw rom image?

I was attempting to use dumprom on a PDA phone other than XDA... I extracted the memory address from 0x80000000 to 0x81FFFFFF using pmemdump, and ran it through dumprom. As it turns out only the bootloader and a small part of the kernel got extracted. Nothing of the OS or the application files came out. As it turns out, looking at the dumped file, the 'good part' is missing and seems to be located elsewhere in the memory.
But then I have a rom image that can be used to flash the device, so I tried to use the image with dumprom, but that gave me an error, obviously, as the image is not laid out like how it's mapped out in the memory.
So how should I go about in extracting the files? For example, what do I have to do to modify the rom image to work with dumprom? I'll upload the rom image in question or the memory dump if need be.

To dump ROM of any PocketPC, you should extract first 32 Mb of physical memory starting from 0 address. They contain bootloader and ROM image at least on PXA25x, 26x and 27x CPUs. For example you may use my program: http://mamaich.kasone.com/imate/ROMDump.rar
it comes with source code and dumps 64Mb of ROM to any directory on SD card. Later you can extract files from this dump with "dumprom.exe dump.bin -4 -d C:\dump"
I've tested this method on several devices and it worked. If device contains 32mb ROM, the second half of a dump would be identical to the first 32 mb.
The BIN/NBF files used to flash are sometimes stored in a format with unnecessary parts removed. Such files normally start with "B000FF" signature and their format is explained in PlatformBuilder documentation. You may try to write a program that would convert them to a "normal" dump that dumprom understands.

Unfortunately, that didn't go well. The CPU is PXA255 and the OS is WM2003, but whatever ROMDump pulled out, it wasn't of any relevance. The attached file is what it put out. It's 64MB, but as you can see from the size of the compressed result, there's not much useful information in it. It's just a repetitive garbage data that goes on for the whole 64MB. Maybe the program was accessing the wrong area? To be sure, I ran the file through dumprom, and the program hanged. This isn't even as good as pmemdump, sadly. What seems to be the problem?

Probably the problem is in wrong addresses to dump. You should modify my RomDump code so that it would check all 4Gb of adress space in 32-mb blocks to find a block that looks like a ROM start. Rom starts with someting like:
Code:
0000000000: FE 03 00 EA 00 00 00 00 │ 00 00 00 00 00 00 00 00  ъ
0000000010: FE 03 00 EA 00 00 00 00 │ 00 00 00 00 00 00 00 00  ъ
0000000020: 00 00 00 00 00 00 00 00 │ 00 00 00 00 00 00 00 00
0000000030: 00 00 00 00 00 00 00 00 │ 00 00 00 00 00 00 00 00
0000000040: 45 43 45 43 4C 4B 12 84 │ 00 00 00 00 00 00 00 00 ECECLKД
0000000050: 00 00 00 00 00 00 00 00 │ 00 00 00 00 00 00 00 00
I.e. XX XX XX EA bytes (it is a BL command opcode) followed with garbage (may be 00, may be FFs, may be other XX XX XX EA bytes), and "ECEC" string from offset 0x40 from the ROM start. "ECEC" is present at this offset in my device and several other. But this may be not in yours.

mamaich said:
Probably the problem is in wrong addresses to dump. You should modify my RomDump code so that it would check all 4Gb of adress space in 32-mb blocks to find a block that looks like a ROM start. Rom starts with someting like:
Code:
0000000000: FE 03 00 EA 00 00 00 00 │ 00 00 00 00 00 00 00 00  ъ
0000000010: FE 03 00 EA 00 00 00 00 │ 00 00 00 00 00 00 00 00  ъ
0000000020: 00 00 00 00 00 00 00 00 │ 00 00 00 00 00 00 00 00
0000000030: 00 00 00 00 00 00 00 00 │ 00 00 00 00 00 00 00 00
0000000040: 45 43 45 43 4C 4B 12 84 │ 00 00 00 00 00 00 00 00 ECECLKД
0000000050: 00 00 00 00 00 00 00 00 │ 00 00 00 00 00 00 00 00
I.e. XX XX XX EA bytes (it is a BL command opcode) followed with garbage (may be 00, may be FFs, may be other XX XX XX EA bytes), and "ECEC" string from offset 0x40 from the ROM start. "ECEC" is present at this offset in my device and several other. But this may be not in yours.
Click to expand...
Click to collapse
I met this problem also. In my case, the BIN code of the ROM file that I ROMDumped from my device is looked like this
and the result of "dumprom.exe dump.bin -4 -d d:\111" is shown as following.
How can I solve this problem?
Thanks a lot.

WM6 pagepool address

Does anyone know what is the address for changing BA pagepool size on WM6?
Thanks in advance.

adrress:0x2565D3
00 00 00 00 =0M
00 00 80 00 =8M
00 00 C0 00 =12M
00 00 00 01 =16M
00 00 80 01 =24M
00 00 00 02 =32M
00 00 00 03 =48M

adotan said:
adrress:0x2565D3
00 00 00 00 =0M
00 00 80 00 =8M
00 00 C0 00 =12M
00 00 00 01 =16M
00 00 80 01 =24M
00 00 00 02 =32M
00 00 00 03 =48M
Click to expand...
Click to collapse
Thanks for the answer. But I don't think this is a correct address. Look at the attached image. Address pattern is now where close to what you have mentioned in your replay.

what does the pagepool do exactly? Increasing the pagepool would do what?

Try 2555d2

That's indeed the correct one... I've done so, changed this one from 16 to 32 mb's but must honestly say tat I don't find it be different that much...

HTC Camera Counter

Good evening again peoples,
Last thing I'm sorting out on the phone after the rom upgrade it the camera. just spent the last two hours sorting out all the file names and order of my images and put them on the phone again.
However the camera's counter is set to 1. I found a tweak on the Polaris forum
schaggo said:
Ok guys, I got a tricky one: how to set the camera image counter to a custom value?
Everytime I hardreset my Polaris the damn application starts counting up from IMG0001.JPG again... HTF can I manually set that to the latest picture taken?
Edit: Was a tricky one but I solved it myself. Under [HKEY_CURRENT_USER\Software\HTC\Camera\5.04\Preferences] you'll find an entry VALUES. Change bit 0068 to the desired value in hex. Example: Mine was 06 and resulted in IMG0006.JPG, I now changed to 74 which equals 116 in hex, my next pic will be named IMG0116.JPG
Got it?
Click to expand...
Click to collapse
But there isn't 5.04 folder on my Nike. Is there anyone that could tell me what to do?!
I've managed to sort out the registry so that the phone saves to Storagecard/mydoc~/mypictures. And also has a prefix of Image_ I just need help with this one last thing!
Thanks in advance!

nowimboard said:
But there isn't 5.04 folder on my Nike.
Click to expand...
Click to collapse
The key will match the camera version in your ROM - for example, I've got a key 5.06. Just look inside whatever key you have.

Thanks!
I cant believe how dim I was! I know that I'm just starting out with flashing roms and editing registries.. but I had a "blonde" moment
"HKEY_CURRENT_USER" isn't listing on my phone, but HKCU is...
Thanks!!!!!
EDIT: Anyone know what the correct HEX for 402 is? On line calculators are telling me 192 however the phone is telling me that "192" isn't a valid string! Isn't it supposed to have letters in?

nowimboard said:
Thanks!
I cant believe how dim I was! I know that I'm just starting out with flashing roms and editing registries.. but I had a "blonde" moment
"HKEY_CURRENT_USER" isn't listing on my phone, but HKCU is...
Thanks!!!!!
EDIT: Anyone know what the correct HEX for 402 is? On line calculators are telling me 192 however the phone is telling me that "192" isn't a valid string! Isn't it supposed to have letters in?
Click to expand...
Click to collapse
I haven't looked at it but I would guess that the reg key is divided up into 2 character bits each of which will go up to a maximum of FF (255 in decimal).
So, yes 192 is hex for 402 but you can't set one bit that high.
Just what I expect to be the case.

randomelements said:
I haven't looked at it but I would guess that the reg key is divided up into 2 character bits each of which will go up to a maximum of FF (255 in decimal).
So, yes 192 is hex for 402 but you can't set one bit that high.
Just what I expect to be the case.
Click to expand...
Click to collapse
Thank you for your help RandomE,
I'll think I'll PM schaggo to see if he can offer any suggestions.
So do you think that you would split up the 192 Hex code to "FF" & "93"?

whoa guys, somebody actually called for my help, yay!
ok, I reflashed my polaris with the Syrius-ROM and didnt look at this issue any longer. I never got over like pic 200 or so, so it never really was an issue to me. But good question, what about numbers higher than 255...?
I'll recheck the registry values and see what I find out. It could very well be that itll turn FF00, ff01, ff02 and so on...

Ok, found out how it works:
Bit 68 is the pic number in hex. Once it reaches 255 eg FF, bit 69 turns one up. So bit 68 is the running number while bit 69 is the index for bit 68. Example:
Code:
Pic 68 69
220 DC 00
221 DD 00
223 DE 00
...
254 FE 00
255 FF 00
256 00 01 <--!
257 01 01
258 02 01
...
510 FF 01 (510 = 255+255 = FF+FF)
511 00 02
...

schaggo said:
Ok, found out how it works:
Bit 68 is the pic number in hex. Once it reaches 255 eg FF, bit 69 turns one up. So bit 68 is the running number while bit 69 is the index for bit 68. Example:
Code:
Pic 68 69
220 DC 00
221 DD 00
223 DE 00
...
254 FE 00
255 FF 00
256 00 01 <--!
257 01 01
258 02 01
...
510 FF 01 (510 = 255+255 = FF+FF)
511 00 02
...
Click to expand...
Click to collapse
You Genius!
So my reg value was:
00 00 00 00 05 00 00 00
05 00 00 00 05 00 00 00
03 00 00 00 03 00 00 00
03 00 00 00 01 00 00 00
03 00 00 00 05 00 00 00
03 00 00 00 03 00 00 00
03 00 00 00 01 00 00 00
03 00 00 00 00 00 00 00
03 00 00 00 03 00 00 00
03 00 00 00 00 00 00 00
90 01 00 00 40 1F 00 00
02 10 00 5A 01 02 01 01
11 00 00 00 01 00 00 00
01 00 00 00 01 00 00 00
01 00 00 00 00 00 00 00
00 02 00 02 09 11 20 00
45 46 00 00 28 00 00 00
05 20 00 00 01 00 00 00
00 00 00 00 C0 27 09 00
01 00 00 00 00 00 00 00
And for the image value to be 415 to get the Hex values I did 415-225=190 which is BE in HEX so I did this:
00 00 00 00 05 00 00 00
05 00 00 00 05 00 00 00
03 00 00 00 03 00 00 00
03 00 00 00 01 00 00 00
03 00 00 00 05 00 00 00
03 00 00 00 03 00 00 00
03 00 00 00 01 00 00 00
03 00 00 00 00 00 00 00
03 00 00 00 03 00 00 00
03 00 00 00 00 00 00 00
90 01 00 00 40 1F 00 00
02 10 00 5A 01 02 01 01
BE 01 00 00 01 00 00 00
01 00 00 00 01 00 00 00
01 00 00 00 00 00 00 00
00 02 00 02 09 11 20 00
45 46 00 00 28 00 00 00
05 20 00 00 01 00 00 00
00 00 00 00 C0 27 09 00
01 00 00 00 00 00 00 00
!!! YAY !!!
EDIT: I set the vale to BD as when the valve was BE the picture came out as 416.
Thank you so much!!!

Damit, judging by the time of posts, it took me half an hour to find something that simple out AAAARRRGH...!
Have fun guys
Hope it helps some others as well...!

schaggo said:
Damit, judging by the time of posts, it took me half an hour to find something that simple out AAAARRRGH...!
Have fun guys
Hope it helps some others as well...!
Click to expand...
Click to collapse
Thank you again!

Help Please!
I have very little knowledge of hex. I was hoping someone here could give me a hand with changing my counter to 92.
Here is my hex for [HKEY_CURRENT_USER\Software\HTC\Camera\5.04\Preferences\Values] as i see it in phm regedit.
00 00 00 00 05 00 00 00 05 00 00
00 05 00 00 00 03 00 00 00 03 00
00 00 03 00 00 00 01 00 00 00 03
00 00 00 05 00 00 00 03 00 00 00
03 00 00 00 03 00 00 00 01 00 00
00 03 00 00 00 00 00 00 00 03 00
00 00 03 00 00 00 03 00 00 00 00
00 00 00 03 00 00 00 90 01 00 00
90 01 00 00 40 1F 00 00 02 10 00
55 04 02 01 01 3C 00 00 00 01 00
00 00 01 00 00 00 01 00 00 00 01
00 00 00 00 00 00 00 00 02 00 02
49 11 20 00 05 46 00 00 28 00 00
00 07 00 00 00 01 00 00 00 01 00
00 00 C0 27 09 00 01 00 00 00 00
00 00 00 01 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 01 00 00
00 00 00 00 00
Advance THANKS

With my Touch Pro2 I found out that byte 109 and 110 are the right ones for this solution.

thanks for this tip !

Obtain Hidden APN Details from Telstra handset

Hi everyone,
A carrier in my country (Telstra) has recently started offering all-you-can-eat activesync plans, however they have placed a limitation on which handsets you can use, by way of a hidden APN in the phone's ROM, meaning you can only use their approved handsets, purchased from them.
What I am hoping is that there is a way to obtain the APN details from the handset or the ROM directly, so I can populate the APN into my 'unsupported' device and take advantage of the offering, as it would suit my needs perfectly. I believe I have located the registry entry under RASBOOK that correlates to the APN, however lack the necessary skills to decrypt it.
Does anyone here know how to, or know a better way to get the APN details from the handset so I can use it in my hardware that I already own, as I do not wish to purchase a new handset just for the sake of utilising the plan. The HEX value of the key is as follows:
00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 F8 07 F5 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7E 00 47 00 50 00 52 00 53 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F6 D1 93 01 C4 F0 91 0D 4C 14 FB 03 65 00 00 00 4C F5 91 0D 4C F5 91 0D 86 CF 93 01 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 10 00 00 00 04 00 00 00 40 32 23 00 74 21 92 4E 4C DE 01 00 20 26 04 00 F2 F0 BE 8F 00 00 90 4E 00 00 04 00 00 00 00 00 00 00 90 4E 00 00 04 00 00 00 90 4E CC BB F6 03 00 00 00 00 00 00 00 00 E8 72 70 04 00 00 07 04 00 00 6E 04 A0 00 00 00 B0 00 00 00 00 00 00 04 00 00 00 00 BC BE F6 03 00 00 00 00 A0 00 00 00 01 00 00 00 18 72 70 04 68 C1 F6 03 20 72 70 00 A8 F1 91 0D 3A 72 70 00 2A 72 70 00 40 E3 69 00 A0 F3 6F 00 F4 B3 F6 03 B0 D4 69 00 8C 1B F5 03 F0 8E 04 00 E8 72 70 04 68 C1 F6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 6D 00 6F 00 64 00 65 00 6D 00 00 00 01 00 00 00 AC F1 91 0D F0 72 70 00 00 00 00 00 00 00 00 00 02 00 43 00 65 00 6C 00 6C 00 75 00 6C 00 61 00 72 00 20 00 4C 00 69 00 6E 00 65 00 00 00 00 80 F0 40 05 00 01 00 00 00 C8 67 02 00 10 F2 91 0D 02 00 00 80 02 00 00 00 00 00 00 00 06 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 01 07 00 F0 40 05 00 F4 F2 91 0D 00 00 00 0C 02 00 00 80 15 00 00 00 40 03 00 00 43 03 00 00 43 04 00 00 44 04 00 00 7B 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F0 E1 D2 C3 F0 E1 D2 C3 64 B0 00 00 F8 F2 91 0D 00 00 00 00 F8 F2 91 0D DC 04 6A 03 00 00 00 00 00 00 00 00 78 D7 94 01 94 F7 91 0D E0 7B F9 03 35 F3 91 0D C8 01 00 00 F8 F2 91 0D 42 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 E1 F7 2B 5A 20 1F 00 C3 4D 56 9A 4D 4B EB 77 28 DE DB 0A 30 00 00 28 CA 96 D6 8F 99 03 01 00 00 00 00 00 00 F8 F2 91 0D 54 C6 F8 03 E0 C9 93 01 30 D9 94 01 E8 C1 F3 01 C0 CB F8 03 F8 F2 91 0D 24 21 6A 03 60 14 F7 03 E0 C9 93 01 E0 C9 93 01 5C 21 6A 03 63 00 65 00 6C 00 6C 00 75 00 6C 00 61 00 72 00 20 00 74 00 61 00 70 00 69 00 20 00 73 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 70 00 72 00 6F 00 76 00 69 00 64 00 65 00 72 00 00 00 6E 04 BC 00 00 00 D0 00 00 00 00 00 00 04 00 00 00 00 BC BE F6 03 00 00 00 00 BC 00 00 00 01 00 00 00 E8 72 70 04 68 C1 F6 03 F0 72 70 00 00 00 00 00 0A 73 70 00 FA 72 70 00 40 E3 69 00 A0 F3 6F 00 F4 B3 F6 03 B0 D4 69 00 8C 1B F5 03 F0 8E 04 00 01 00 00 00 30 01 07 00 00 00 00 00 03 00 00 00 30 01 07 00 00 00 00 00 88 21 92 4E 00 00 00 00 00 00 00 00 30 01 07 00 00 00 00 00 9C 95 04 00 01 00 00 00 C4 F3 91 0D 00 00 00 00 00 00 00 00 03 00 00 00 50 09 6A 03 30 01 07 00 88 21 92 4E 06 00 00 00 02 00 00 00 00 00 00 00 A0 F4 91 0D 84 42 02 00 03 00 00 00 F0 40 05 00 50 09 6A 03 00 00 00 00 10 6C 02 00 28 F4 91 0D 4E 00 00 00 02 00 00 00 00 00 00 00 06 00 00 00 F0 40 05 00 00 00 00 00 00 00 00 00 01 00 00 00 44 DB 94 0D 30 01 07 00 F0 40 05 00 00 00 00 00 00 10 00 00 02 00 00 80 15 00 00 00 40 03 00 00 43 03 00 00 43 04 00 00 44 04 00 00 7B 04 00 00 30 00 92 0D 4E 00 00 00 60 00 00 00 44 DB 94 01 00 00 00 0C CC 9D FE 8F 1A 00 00 00 00 00 00 00 74 71 D4 8E 10 CF 93 01 00 00 00 0C 4C 35 68 8F 0F 00 00 00 00 00 00 00 74 71 D4 8E 10 9D 47 80 20 DD 7E 8E 4C 35 68 8F 0F 00 00 00 38 FE 00 F0 E8 F4 91 0D 38 5A 02 80 0F 00 00 00 10 CF 93 01 C4 B3 00 F0 E8 C1 F3 01 DC 04 6A 03 00 00 00 00
When converted to ascii, it makes no sense to me. Is what I want to do possible?
Cheers

*Shameless Bump*
Can anyone shed any light on this. I have spoken to some other users who are looking for similar info.