Section XIP Porting to the appliances Himalaya

Compatible:
O2 XDA II, T-Mobile MDA II, Qtek 2020, iMate Phone Edition, TSM500, and other variants PH10

As a rule, move the XIP (kernel - kernel), is one principle
to describe below. porting principle applies to the total users and the Himalaya


Preparation:

I will not describe here how to obtain this section, assume that each of you has already been mined xip.bin.

1) Create a directory called eg Old_XIP

-> Copy to him,
- Xip.bin (From with nk.nba our device)
- XIPPort.exe
- Pkgcommon.dll
- Mreloc.exe

Run XIPPort.exe and press:

-> dump xip.bin
-> realloc P
-> write maps

By creating a folder with the name and it OUT MODULES 2 folders and files:
-Delete:

The catalog of files:

• 778fa68c-6f86-312d-7cfb-6862e7b2f41c.dsm
• 778fa68c-6f86-312d-7cfb-6862e7b2f41c.dsm.imageinfo.txt
• 723fb954-d931-4348-b672-82a188e587b5.dsm
• 723fb954-d931-4348-b672-82a188e587b5.dsm.imageinfo.txt
• 723fb954-d931-4348-b672-82a188e587b5.rgu
• 723fb954-d931-4348-b672-82a188e587b5.rgu.imageinfo.txt
• d92a4f0a-378a-4482-8fd3-bd127a05e4de.dsm
• d92a4f0a-378a-4482-8fd3-bd127a05e4de.dsm.imageinfo.txt
• boot_ms.rgu
• boot_ms.rgu.imageinfo.txt
• mxip_lang.vol
• mxip_lang.vol.imageinfo.txt
• sysroots.p7b
• sysroots.p7b.imageinfo.txt

The catalog of modules:

• busenum.dll + busenum.dll.txt
• cachefilt.dll + cachefilt.dll.txt
• certmod.dll + certmod.dll.txt
• coredll.dll + coredll.dll.txt
• crypt32.dll + crypt32.dll.txt
• device.exe + device.exe.txt
• devmgr.dll + devmgr.dll.txt
• diskcache.dll + diskcache.dll.txt
• fatfsd.dll + fatfsd.dll.txt
• fatutil.dll + fatutil.dll.txt
• filesys.exe + filesys.exe.txt
• fsdmgr.dll + fsdmgr.dll.txt
• fsreplxfilt.dll + fsreplxfilt.dll.txt
• mencfilt.dll + mencfilt.dll.txt
• mspart.dll + mspart.dll.txt
• pm.dll + pm.dll.txt
• regenum.dll + regenum.dll.txt

All modules and files and corresponding. Txt, which we removed, we must now replace these with new XIP section ... ... ... ....

2) Create a directory called eg New_ XIP

-> Copy to him,
- Xip.bin (from with another device nk.nba)
- XIPPort.exe
- Pkgcommon.dll

Run XIPPort.exe and press:

-> dump xip.bin
-> make Pkgs

Copy all files and modules, together with the corresponding. Txt, XIP to the old section, which should look like this:

The catalog of files:

Files in New XIP Section:

• 778fa68c-6f86-312d-7cfb-6862e7b2f41c.dsm
• 778fa68c-6f86-312d-7cfb-6862e7b2f41c.dsm.imageinfo.txt
• 723fb954-d931-4348-b672-82a188e587b5.dsm
• 723fb954-d931-4348-b672-82a188e587b5.dsm.imageinfo.txt
• 723fb954-d931-4348-b672-82a188e587b5.rgu
• 723fb954-d931-4348-b672-82a188e587b5.rgu.imageinfo.txt
• d92a4f0a-378a-4482-8fd3-bd127a05e4de.dsm
• d92a4f0a-378a-4482-8fd3-bd127a05e4de.dsm.imageinfo.txt
• boot_ms.rgu
• boot_ms.rgu.imageinfo.txt
• mxip_lang.vol
• mxip_lang.vol.imageinfo.txt
• sysroots.p7b
• sysroots.p7b.imageinfo.txt

Files from the old XIP Section:

• 8677e734-fc16-3610-0db1-001405fb4b9a.dsm
• 8677e734-fc16-3610-0db1-001405fb4b9a.dsm.imageinfo.txt
• boot.hv
• boot.hv.imageinfo.txt
• boot.rgu
• boot.rgu.imageinfo.txt
• e27f9da5-f2bd-6586-1098-afeef97ab52a.dsm
• e27f9da5-f2bd-6586-1098-afeef97ab52a.dsm.imageinfo.txt

The catalog of modules:

Modules from New XIP Section:

• busenum.dll + busenum.dll.txt
• cachefilt.dll + cachefilt.dll.txt
• certmod.dll + certmod.dll.txt
• coredll.dll + coredll.dll.txt
• crypt32.dll + crypt32.dll.txt
• device.exe + device.exe.txt
• devmgr.dll + devmgr.dll.txt
• diskcache.dll + diskcache.dll.txt
• fatfsd.dll + fatfsd.dll.txt
• fatutil.dll + fatutil.dll.txt
• filesys.exe + filesys.exe.txt
• fsdmgr.dll + fsdmgr.dll.txt
• fsreplxfilt.dll + fsreplxfilt.dll.txt
• mencfilt.dll + mencfilt.dll.txt
• mspart.dll + mspart.dll.txt
• pm.dll + pm.dll.txt
• regenum.dll + regenum.dll.txt

The modules from the old XIP Section:

• msflash.dll + msflash.dll.txt
• cecompr.dll + cecompr.dll.txt
• ceddk.dll + ceddk.dll.txt
• nk.exe + nk.exe.txt
• relfsd.dll + relfsd.dll.txt
• imgfs.dll + imgfs.dll.txt
• initvmmap.exe + initvmmap.exe.txt


In such a structure should look like your Out folder, we must remember that the files and modules from the Old and New XIP-a given in the catalog from the old kernel, as more than FILES folders and modules, we have 4 files. Txt Kernel-old with a . We must remember that they are playing the first violin ... ... ..

To facilitate these files are:

1. PARTHDR.txt
2. ROMHDR.txt
3. MAP.physical.txt
4. MAP.txt *

* According to the MAP.txt, we will lay the entire section based on the addresses of its virtual memory.

As a rule looks like:

01fa01fe - 01fa01fe L00000000 Start: first DLL address
01fa01fe - 01feb000 L0004ae02 NUL
01feb000 - 01fec000 L00001000 initialized data of region_1 ceddk.dll
01fec000 - 01fed000 L00001000 initialized data of region_1 msflash.dll
01fed000 - 01fee000 L00001000 initialized data of region_1 relfsd.dll
01fee000 - 01fef000 L00001000 initialized data of region_2 cecompr.dll
01fef000 - 01ff0000 L00001000 initialized data of region_1 regenum.dll
01ff0000 - 01ff1000 L00001000 initialized data of region_1 pm.dll
01ff1000 - 01ff2000 L00001000 initialized data of region_1 mspart.dll
01ff2000 - 01ff3000 L00001000 initialized data of region_1 imgfs.dll
01ff3000 - 01ff4000 L00001000 initialized data of region_1 fsreplxfilt.dll
01ff4000 - 01ff5000 L00001000 initialized data of region_1 fsdmgr.dll
01ff5000 - 01ff6000 L00001000 initialized data of region_1 fatutil.dll
01ff6000 - 01ff7000 L00001000 initialized data of region_1 fatfsd.dll
01ff7000 - 01ff8000 L00001000 initialized data of region_1 encfilt.dll
01ff8000 - 01ff9000 L00001000 initialized data of region_1 diskcache.dll
01ff9000 - 01ffa000 L00001000 initialized data of region_1 devmgr.dll
01ffa000 - 01ffc000 L00002000 initialized data of region_1 Crypt32.dll
01ffc000 - 01ffd000 L00001000 initialized data of region_1 coredll.dll
01ffd000 - 01ffe000 L00001000 initialized data of region_1 certmod.dll
01ffe000 - 01fff000 L00001000 initialized data of region_1 cachefilt.dll
01fff000 - 02000000 L00001000 initialized data of region_1 busenum.dll
02000000 - 02000000 L00000000 End: last DLL address

02000000 - 03dc0000 L01dc0000 NUL
03dc0000 - 03dc6000 L00006000 Virtual base address of ceddk.dll
03dc6000 - 03dd0000 L0000a000 NUL
03dd0000 - 03dda000 L0000a000 Virtual base address of msflash.dll
03dda000 - 03de0000 L00006000 NUL
03de0000 - 03de7000 L00007000 Virtual base address of relfsd.dll
03de7000 - 03df0000 L00009000 NUL
03df0000 - 03df7000 L00007000 Virtual base address of cecompr.dll
03df7000 - 03e5e000 L00067000 NUL
03e5e000 - 03e62000 L00004000 Virtual base address of regenum.dll
03e62000 - 03e71000 L0000f000 Virtual base address of pm.dll
03e71000 - 03e79000 L00008000 Virtual base address of mspart.dll
03e79000 - 03e83000 L0000a000 Virtual base address of imgfs.dll
03e83000 - 03e8d000 L0000a000 Virtual base address of fsreplxfilt.dll
03e8d000 - 03ea2000 L00015000 Virtual base address of fsdmgr.dll
03ea2000 - 03eab000 L00009000 Virtual base address of fatutil.dll
03eab000 - 03ebe000 L00013000 Virtual base address of fatfsd.dll
03ebe000 - 03eca000 L0000c000 Virtual base address of encfilt.dll
03eca000 - 03ed0000 L00006000 Virtual base address of diskcache.dll
03ed0000 - 03edc000 L0000c000 Virtual base address of devmgr.dll
03edc000 - 03f4e000 L00072000 Virtual base address of Crypt32.dll
03f4e000 - 03fe4000 L00096000 Virtual base address of coredll.dll
03fe4000 - 03ff0000 L0000c000 Virtual base address of certmod.dll
03ff0000 - 03ffa000 L0000a000 Virtual base address of cachefilt.dll
03ffa000 - 04000000 L00006000 Virtual base address of busenum.dll
04000000 - 801c0000 L7c1c0000 NUL

Important: remember that in the final map, on the whole relocation, there was no exclamation ... ....
The substitution Address M'reloc help us, however, the need for each module in the file imageinfo.txt of change such as address change above in the application, otherwise your OS does not stand up ... ... ... ...

amazing work, nice tutorial, Sticky! :)

Here is some more info :

to extract the Himalaya XIP :

RomMaster.exe nk.nba -w 5 -b 0x1C0040 -x -o xip.bin

To Extract nk.nba from nk.nbf :
xda2nbftool.exe -x nk.nbf nk.nba 0x20040304

Rom Master.exe and xda2nbf are attached below

Thank's to link to program's .....

Here is an AIO package of tools required, includes :

- XIPPort.exe
- Pkgcommon.dll
- Mreloc.exe
- RomMaster.exe

Very good THX

thank you. For xip port:D

very please me dear freand

amazing work, nice tutorial, Sticky! :)

Here is some more info :

to extract the Himalaya XIP :

RomMaster.exe nk.nba -w 5 -b 0x1C0040 -x -o xip.bin


i'v got error when extracting xip.bin.. when i see list command for RomMaster.exe, I did'nt see "-b" command on the list command

Is anything wrong??

Thanks for advice

I don't no,this aplikation and command is Ok.......... You one more thi's command

i'v got error when extracting xip.bin.. when i see list command for RomMaster.exe, I did'nt see "-b" command on the list command

Is anything wrong??


Yes, you have a wrong version of RomMaster.

Meybe...... I have v.2.3

the -b switch were added later, so he has an old version of this tool :)

this command -> RomMaster.exe nk.nba -w 5 -b 0x001C0040 -x -o xip.bin

If he has this old version, he could try without specifying an address:
RomMaster.exe nk.nba -w 5 -x -o xip.bin
maybe it will work, can't remember it now. If not, he should download the newer RomMaster version.

Yes, is work for old version this command

Yes.. My apologize for did'nt see version of RomMaster.exe . Now I have correct version RomMaster.exe v2.3

I just want to know, is the offset code same with other device ROM? If different how we can get the offset code address for each device ROM

Thanks for advice...

The address is different for every device - that's why you should specify it... if it were the same, there wouldn't be such option ;)

yea, the offset are diff, i'll list some offsets for some device, (let me look up my dusty HDD :p)

Hello Ather :) long time no see... congrats on becoming a moderator :cool:

Hey utak3, been missing your input too :D, and thanks :)

hmm cant find the offsets, but HyperCore can easily extract the XIP's ;)
Search the forum for Hyper Core (i liked the non-GUI one better)

Here are some XIP's and SYS's ported for Htc Wizard (from other devices) :
http://forum.xda-developers.com/showthread.php?t=430197

good........

any inputs in extracting XIP off from a BA ? :)

This is in total on the same basis as the TUT

umm i want to ask what is this for? thx :D

and more specifically:confused:

Yes, this is the port xip? following steps.
1st-ROM prepared by xip xip & sys another example of a HTC DIMOND prototypes.
2.xip be derived Folder
2.1 The catalog of files.
2.2 The catalog of modules:.
Example 2.1 The catalog of files:.
• 778fa68c-6f86-312d-7cfb-6862e7b2f41c.dsm
• 778fa68c-6f86-312d-7cfb-6862e7b2f41c.dsm.imageinfo.txt
• 723fb954-d931-4348-b672-82a188e587b5.dsm
• 723fb954-d931-4348-b672-82a188e587b5.dsm.imageinfo.txt
• 723fb954-d931-4348-b672-82a188e587b5.rgu
• 723fb954-d931-4348-b672-82a188e587b5.rgu.imageinfo.txt
• d92a4f0a-378a-4482-8fd3-bd127a05e4de.dsm
• d92a4f0a-378a-4482-8fd3-bd127a05e4de.dsm.imageinfo.txt
• boot_ms.rgu
• boot_ms.rgu.imageinfo.txt
• mxip_lang.vol
• mxip_lang.vol.imageinfo.txt
• sysroots.p7b
• sysroots.p7b.imageinfo.txt
Example 2.2 The catalog of modules:.

• busenum.dll + busenum.dll.txt
• cachefilt.dll + cachefilt.dll.txt
• certmod.dll + certmod.dll.txt
• coredll.dll + coredll.dll.txt
• crypt32.dll + crypt32.dll.txt
• device.exe + device.exe.txt
• devmgr.dll + devmgr.dll.txt
• diskcache.dll + diskcache.dll.txt
• fatfsd.dll + fatfsd.dll.txt
• fatutil.dll + fatutil.dll.txt
• filesys.exe + filesys.exe.txt
• fsdmgr.dll + fsdmgr.dll.txt
• fsreplxfilt.dll + fsreplxfilt.dll.txt
• mencfilt.dll + mencfilt.dll.txt
• mspart.dll + mspart.dll.txt
• pm.dll + pm.dll.txt
• regenum.dll + regenum.dll.txt
3 must be plotting to replace xip himaraya the frame?
The catalog of files:

Files in New XIP Section:

• 778fa68c-6f86-312d-7cfb-6862e7b2f41c.dsm
• 778fa68c-6f86-312d-7cfb-6862e7b2f41c.dsm.imageinfo.txt
• 723fb954-d931-4348-b672-82a188e587b5.dsm
• 723fb954-d931-4348-b672-82a188e587b5.dsm.imageinfo.txt
• 723fb954-d931-4348-b672-82a188e587b5.rgu
• 723fb954-d931-4348-b672-82a188e587b5.rgu.imageinfo.txt
• d92a4f0a-378a-4482-8fd3-bd127a05e4de.dsm
• d92a4f0a-378a-4482-8fd3-bd127a05e4de.dsm.imageinfo.txt
• boot_ms.rgu
• boot_ms.rgu.imageinfo.txt
• mxip_lang.vol
• mxip_lang.vol.imageinfo.txt
• sysroots.p7b
• sysroots.p7b.imageinfo.txt


The catalog of modules:

Modules from New XIP Section:

• busenum.dll + busenum.dll.txt
• cachefilt.dll + cachefilt.dll.txt
• certmod.dll + certmod.dll.txt
• coredll.dll + coredll.dll.txt
• crypt32.dll + crypt32.dll.txt
• device.exe + device.exe.txt
• devmgr.dll + devmgr.dll.txt
• diskcache.dll + diskcache.dll.txt
• fatfsd.dll + fatfsd.dll.txt
• fatutil.dll + fatutil.dll.txt
• filesys.exe + filesys.exe.txt
• fsdmgr.dll + fsdmgr.dll.txt
• fsreplxfilt.dll + fsreplxfilt.dll.txt
• mencfilt.dll + mencfilt.dll.txt
• mspart.dll + mspart.dll.txt
• pm.dll + pm.dll.txt
• regenum.dll + regenum.dll.txt

The modules from the old XIP Section:

• msflash.dll + msflash.dll.txt
• cecompr.dll + cecompr.dll.txt
• ceddk.dll + ceddk.dll.txt
• nk.exe + nk.exe.txt
• relfsd.dll + relfsd.dll.txt
• imgfs.dll + imgfs.dll.txt
• initvmmap.exe + initvmmap.exe.txt
4, the change must be done to do next.

1==> i downloaded the chinese ROM WM-6.5 build 21500...

2==> i downloaded the files from master EFSANE's links..

3==> dowloaded MASTER ATHERS kitchen tool..

4==> convert NBF to dump..

5==> deleted all the MUI files...

6==> replaced EFSANE's files.

7==>edited USER.HV and DEFAULT.HV

8==>cant find f**king :mad::mad:BOOT.RGU:mad::mad: anywhere...

9==>anyway reasambled the rom without editing boot.rgu..

10==>got NBF again ..

11==>flashed my device...

12==>IT STUCK ON BOOT SCREEN...

13===>again using build 21189 ....

anybody can help???????

Double post can happen excidentily, but posting the same in four threads is not funny.
8==>cant find f**king BOOT.RGU anywhere...
Open a window, showing C:\ather\Himalaya Kitchen\Tools and open your eyes while cooking. The one, who can read, has the advantage.

i am sorry i didnt know about the rule posting the same in different threads...that wont happen next time..:(

n i've checked one by one .. still cant find boot.rgu..its WM 6.5 build 21500..

someone said its in SECTION XIP...all i got is 5 or 6 XIP files..but not a folder:(:(

i am new at this can u plzz explain..?

Hello friends I need help in editing the language file lang_0409 which. Dll.0409.mui. The language is English but I want to change the menu in English is to display all characters have a way to modify?
I originally just changed the file to replace the old wwe but are displayed only some .. some icons and menus in English are also requested assistance to resolve a method or tool that helps it easier? Thanks for any help.

You have to at first, then download a ROM of the current version of the same build - of course, WWE