[TUT] Manual Full XIP Porting (& MANY MORE TUTORIALS) [ONLINE]

Search This thread
By:
Advanced…
Ameet

Ameet

Retired Moderator
Dec 15, 2007
1,984
10
46
Mumbai
boggsie said:
Ouch - too much like work, but it is nice to know how to do it. :)

Thanks for your effort!

Best regards,
-boggsie

So, how does one get hooked into the flow of new releases? :D :cool:
Click to expand...
Click to collapse

I know too much work :D Been on it since last 3 days. I'll test Ervius's method although sometime later. He believes since the XIPPort tool only uses the imageinfo.txt files, we can delete the .bin files all together and build the xip_out.bin directly. That way then you wont have to reloc through Mreloc
 
jcespi2005

jcespi2005

Senior Member
Feb 15, 2006
2,394
196
53
Madrid
OnePlus 9 Pro
Samsung Galaxy S23 Ultra
ababrekar said:
That is a good idea but I'll do that for posting the unedited XIP.bin files from dumped ROMs since the xip_out.bin I build would be for my device. People wont want to ruin their ROMs with someone else's ported XIP, right? :rolleyes:
Click to expand...
Click to collapse

Of course, i was talking about unported XIPs ;) Much ppl find difficults of finding good XIPs to take as base for porting, this is why i think is a good idea a repository...

Every XIP.Bin file in the list must include the origin (Device extracted from), version, and .... any other interesting info?

Thanks.
 
Noonski

Noonski

Inactive Recognized Developer / Moderator Emeritus
Apr 18, 2005
5,326
150
Amsterdam
noonski.nl
jcespi2005 said:
Of course, i was talking about unported XIPs ;) Much ppl find difficults of finding good XIPs to take as base for porting, this is why i think is a good idea a repository...

Every XIP.Bin file in the list must include the origin (Device extracted from), version, and .... any other interesting info?

Thanks.
Click to expand...
Click to collapse


Something like this:
http://xdaforums.com/showthread.php?t=430197

Over at the Wizard Forum

Yeah we can always use a bit of Sharing, a Special Peace Corps wouldn't do, no one, no harm. ;)
 
C

cmonex

Retired Recognized Developer
Jul 23, 2006
3,040
49
Budapest
some notes if it helps any :)

you can always remove osaxst0.dll, osaxst1.dll, hd.dll, kd.dll, and also bmui.nb0 - the latter is just a splashscreen saying your OS can't boot and reflash or something (I forget the exact text). I never saw it invoked :p
the other files are kernel debuggers and similar, best to remove them, because it just takes up space and can also cause problems if you somehow manage to use the wrong versions of them - they are mapped directly to the kernel memory space, and if your device uses a different range (i.e. you didn't keep your original debugger dlls), it will prevent the rom from booting.
also I found it's ok to remove (m)encfilt.dll and cachefilt (put them in IMGFS if you want them).

physlast can be changed up to ulramstart value without problems (of course not if you don't have enough space in the flash, but that's not really a real life possibility). of course that also assumes we are not talking about some older devices that have the xip mapped to a different memory range than ulramstart.

you can move ulramstart/ulramfree too if you relocate nk.exe data section (usually S002) with mreloc-nk. also relocation is needed for any other modules (such as giisr.dll, on some non HTC devices) that have mappings similar to nk.exe (so they have a data section in the map that points into ulramstart/ulramfree range). on HTC devices I didn't really see such modules so not a real problem usually :)

One way of correcting these values is as posted by Ervius somewhere that since XIPPort.exe will read only the imageinfo.txt files for rebuilding the xip_out.bin, go ahead and delete all the imageinfo.bin files and work only on the txt
Click to expand...
Click to collapse
I'm not sure what this was meant to say, but you definitely need more than this to fix the overlaps. the binaries (S000, S001...) must actually be relocated using m'reloc, it is not enough to just adjust the values in the txt files.

Although I have not found a way to calculate the difference between both regions
Click to expand...
Click to collapse
if you post the imageinfo txt for this dll then we can see, but most probably determined by the o32_xx_rva values.

i'm reminded of xipaddrtools at this point - nice idea but sometimes buggy :(

Busenum.dll must be the last entry in both tables
Click to expand...
Click to collapse
actually the values are arbitary, even though microsoft decided to place coredll.dll as the last entry, i.e. at the highest memory address, it doesn't really matter. so, the values are arbitrary, but of course only within limits: the addresses must be divisible by 0x1000 (pagesize of the platform), and they must be inside the memory range reserved for XIP. part of that is the dllfirst and dlllast values in romhdr.txt. the other part (the higher addresses, 0x03xxxxxx) are determined by the following way: IMGFS .VM tells you the limits for IMGFS memory range, and XIP is beyond that range. so, if your OS doesn't want to boot, you can check if IMGFS .VM is overlapping with XIP memory range as per your maps.txt for xip and dump_memorymap.txt (or .VM folder, etc) for imgfs.
for example if imgfs ends at 0x03DE0000, then the higher part of your XIP must start later than 0x03DE0000. you can of course modify this to make more space for XIP

btw if xipport crashes on writing maps it means you definitely have some overlaps left in.. so yes, best to work with the maps from the original xips and only use the final xip map to verify you got everything right.

BTW, xipport's insertion function was found buggy on one device once, but cannot remember the details... it wasn't my device, so just posting this as a possible warning..
oh, same applies to rommaster, it's buggy when you try to use that to extract the xip some roms.

Few mention of using the 723*.dsm for the build number, few others mention of using the coredll.dll module to have the latest build numbers
Click to expand...
Click to collapse
lol. :p btw coredll replacement only works for that pre-WM6.1

and a last tip for debugging if your OS doesn't want to boot: if you already checked that the maps are all ok and imgfs doesn't overlap, etc., etc... then if you have a new enough HTC device (for example HTC Athena and later is new enough), then go to SPL using mtty or putty or qmat and there the "task 37" command (without the quotes) will show KITL log, with lots of debug messages, that can be very helpful. (first you must issue "task 32", for "task 37" to work) - this doesn't appear to work on some raphaels.
 
!Aman!

!Aman!

Retired Moderator
Feb 18, 2008
2,962
14
Brampton
Cmonex, why the imgfs signature in diamond is at different offset than the imgfs starting offset?
 
Laurentius26

Laurentius26

Inactive Recognized Developer
Nov 22, 2005
7,970
1,151
Congratiolations my friend,

I know how hard you worked on this one. :D
Very nice work, your a Pro! :cool:
 
cruzzmz

cruzzmz

Senior Member
May 4, 2005
1,821
47
Kuala Lumpur
Xip Addr Tool a gr8 tool to be shared

1 more gr8 tool to add to do a xip porting XIPAddr Tool
DOWNLOAD HERE

this tool actually will compare the new xip with the old xip for porting and will automatically do the MReloc of each modules dll just by clicking the spacebar.
Then u can compare each modules at respective tabs to see any conflicts or not (shown by red lines)

I usually use this tool 1st to recalculate the modules between port xip & old xip. Then ill use XIPPort.exe to undo, Reloc P & write map. Then see Map.txt & as shown in the XIPAddr Tool ill do manual MReloc of each modules like suggested here.

Cool cool tools lying around here & there :D
 
Ameet

Ameet

Retired Moderator
Dec 15, 2007
1,984
10
46
Mumbai
cruzzmz said:
1 more gr8 tool to add to do a xip porting XIPAddr Tool
Click to expand...
Click to collapse
That tool is actually found to be buggy (although nothing against the author, great hard work ;)). I had major issues with this tool. After relocing the addresses in the tool and writing new MAP.txt I found that the the overlaps still remained
This was one of the PMs I had sent to Ervius and all others asking for their help in the matter
ababrekar said:
Here's the new MAP.txt . In the AddrsTools it shows matches, but in the txt file, there's an overlap :(

Code: 
03f4c000 - 03fe3000 L00097000 Virtual base address of coredll.dll
03fe2000 - 03fe3000 L00001000 [B]!!!!!!!!!!!!!!!!!![/B]
03fe2000 - 03ff0000 L0000e000 Virtual base address of certmod.dll
03ff0000 - 03ffb000 L0000b000 Virtual base address of cachefilt.dll
03ffa000 - 03ffb000 L00001000 [B]!!!!!!!!!!!!!!!!!![/B]
03ffa000 - 04000000 L00006000 Virtual base address of busenum.dll
04000000 - 80000000 L7c000000 NUL
Click to expand...
Click to collapse
 
Ameet

Ameet

Retired Moderator
Dec 15, 2007
1,984
10
46
Mumbai
cmonex said:
if you post the imageinfo txt for this dll then we can see, but most probably determined by the o32_xx_rva values
Click to expand...
Click to collapse
Hi C. Here's the imageinfo.txt from FLASHDRV.DLL module. These are the values I was talking of
o32[1].o32_realaddr: D=01FCC000
o32[3].o32_realaddr: D=01FD4000
 

Attachments

  • imageinfo.txt
    2.4 KB · Views: 20
You must log in or register to reply here.

Similar threads

xboxmod
[APP] XBmod Manila Rhodium VGA Port cfc (BETA) V1D
Replies
4K
Views
2M
G
Goshx
E
[GUIDE] How to configure VoIP/SIP client in WM6.
Replies
2K
Views
1M
Skylined
Skylined
Chainfire
  • Sticky
[26.07.2010] Turbo3D v3.0 *FINAL* (also available from Marketplace)
Replies
681
Views
779K
I
idcamper
M
MortScript examples accumulation
Replies
4K
Views
1M
reggiexp
reggiexp
azharsunny
  • Poll
[TWEAK] iTouch............Ultimate touch sensitivity !!! iTouch [ONLINE]
Replies
412
Views
276K
B
bummler

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 2
    Ameet
    Ameet
    Special Thanks

    Abusalza (for the most initial start off guide)
    Cmonex (for the “MOST” important finishing touches)
    !Aman! (for all the testing and Hex edit helping)
    Noonski (for being the inspiration to keep going :D)
    Ervius (for developing the kitchen tool to perform all the operations)

    In this forum there are many many tools from experts and likes for porting XIP, rebuilding dumped ROMs etc. This threads aims at showing or sharing what goes in the background of these automated tools and also aims at answering all the many unanswered questions about various factors of ROM cooking / editing I have come across in this forum

    Suggestions / comments always welcome to make these tutorials even better :)

    Index of Tutorials
    1. Manual XIP Porting Guide: CLICK HERE
    2. XIP Porting Updates from members: CLICK HERE
    3. XIP Porting for Himalaya devices & others (Nokser): CLICK HERE
    4. Misc XIP Updates: CLICK HERE
    5. PagePool Changing Guide (for Diamond & Raphael): CLICK HERE
    6. Gain More Storage Memory (Increase imgfs size) Guide: CLICK HERE
    7. ULDR Partition Size Reduction Guide: CLICK HERE
    8. MBR and MSFLSH50 Regions Screenshots: CLICK HERE
    9. Gain More Storage Memory (compress imgfs) with LZX algorithm: CLICK HERE
    10. Get High File System Index (!Aman!): CLICK HERE
    Ervius's GUI kitchen thread to perform all operations, Noonski's amazing RunCC & AutoRun & SDAutorun tutorial thread

    Ervius's post on patching nk.exe to change the EndRam address for more available RAM in device (original credits to cmonex :))

    Da_G's amazing new initiative to utilise the ULDR partition to upgrade ROM without re-flash :)

    All the above guides and updates are compiled in pdf file also for offline reading, attached in this post as All Guides.zip

    The imgfs Gain.zip is actually the 5th guide with pictorial seperatly put up for members who would want to refer only to that process

    The Pictorial.zip is the 7th picture reference for offline reading

    Donations for this hard work and research are much appreciated. Below are the links whom you may choose to provide those to :)
    Donation to Abusalza, Donation to Cmonex, Donation to !Aman!, Donation to Ameet


    Index of Threads (Manila related)
    1. Ameet's Mode9 script editing ideas thread
    2. l3v5y's tutorial thread for editing Manila files
    3. NisseDILLIGAF's Manila Hash tool
    View
    1
    Ameet
    Ameet
    Manual Full XIP Porting

    Tools you need: (attached the tools in this thread for easy access)
    1. HEX Calculator (recommended – HEX workshop (Not Free)), suggested Windows Calculator
    2. XIPPort.exe
    3. M’Reloc.exe
    4. NBMerge.exe
    5. Insert.exe
    6. OS.nb.payload from 19965 build (shipped ROM)
    7. Cup of nice strong Coffee (A Must) :D
    Brief:
    There are many different ways to port the XIP. Few mention of using the 723*.dsm for the build number, few others mention of using the coredll.dll module to have the latest build numbers. As my friends, Noonski and !Aman! always say “Only numbers are just eye wash, core system is what matters the most” Based on this as inspiration, I am posting this guide for manual XIP porting. A few places you may find colors in this guide, these are to visually link the data for easy understanding

    The only files removed from the ported XIP are (these are removed to keep the new XIP within the original size):
    1. osaxst0.dll + osaxst0.dll.imageinfo.txt
    2. hd.dll + hd.dll.imageinfo.txt
    3. bmui.nb0 + bmui.nb0.imageinfo.txt
    Process:
    Prepare OEMXip base
    Dump your original XIP.bin (from 19965 build) with XIPPort.exe, and click “write maps” to get MAP.txt in the OUT folder
    Open the MAP.txt and go through what you will need to achieve for a full port. I advice to keep this MAP.txt as a backup, just in case
    Click “make pkgs” to get “OEMXipKernel” and “MSXipKernel” folders inside \Files and \Modules
    Delete MSXipKernel folders from \Files and \Modules both
    Now our base OUT folder is ready with OEMXipKernel

    Prepare MSXip donor
    Dump your donor XIP.bin (from 20758 build) with XIPPort.exe, and click “make pkgs” to get “MSXipKernel” folder inside \Files and \Modules
    Delete osaxst0.dll + osaxst0.dll.imageinfo.txt, hd.dll + hd.dll.imageinfo.txt and bmui.nb0 + bmui.nb0.imageinfo.txt to get the new XIP within the original RAM size. If you don’t wish to delete these files, then you will need to increase the “physlast” in ROMHDR.txt. Process of which is not covered under this guide
    Copy the MSXipKernel folders from \Files and \Modules both to the \Files and \Modules in the base OUT folder
    Now our OUT folder is ready to be ported with the OEMXipKernel and MSXipKernel

    Now to proceed with the reallocing you need to re open the packages which have been created. Open XIPPort.exe and click "undo" then click “realloc P” to re calculate the reallocation addresses. Then click “write maps” to get the new MAP.txt file
    Open this MAP.txt and look in the o32_realaddr and e32_vbase addresses. Busenum.dll must be the last entry in both tables. Here you may find overlaps of the modules in a few or most places (seen as !!!!!!!!!!!!!!!!!!)

    These are the overlaps which need to be taken care of by reallocating the modules in Initialized Data and Virtual Base addresses
    You need to work our way up from the bottom of the list since the busenum.dll is reallocated at the last address of the memory

    For example:
    03f4c000 03fe3000 L00097000 Virtual base address of coredll.dll
    03fe2000 03fe3000 L00001000 !!!!!!!!!!!!!!!!!!
    03fe2000 03ff0000 L0000e000 Virtual base address of certmod.dll
    03ff0000 03ffb000 L0000b000 Virtual base address of cachefilt.dll
    03ffa000 03ffb000 L00001000 !!!!!!!!!!!!!!!!!!
    03ffa000 04000000 L00006000 Virtual base address of busenum.dll

    Meaning, e32_vbase address of cachefilt.dll is overlapping that of busenum.dll by 1000 (L00001000) Similarly e32_vbase address of coredll.dll is overlapping that of certmod.dll by 1000 (L00001000)

    I recommend you use M’Reloc.exe for reallocating the addresses in imageinfo.bin and Notepad to reallocate the addresses in the corresponding imageinfo.txt files. Since the binaries (S000, S001...) must actually be relocated using M'Reloc, it is not enough to just adjust the values in the imageinfo.txt files

    To calculate the revised addresses (in below example, the e32_vbase) of the overlapping module, open Hex Calculator. To do that you will need to know the e32_vsize of the overlapped module. To find that out open overlapped module (for e.g. cachefilt.dll) in M’Reloc.exe and see the e32_vsize (0000B000)
    Now to correct the e32_vbase of cachefilt.dll, follow this calculation as a base (e32_vbase busenum.dll - e32_vsize cachefilt.dll = e32_vbase cachefilt.dll)

    Meaning, (03FFA000 – B000 = 03FEF000) hence the correct e32_vbase address is 03FEF000
    03ff0000 03ffb000 L0000b000 Virtual base address of cachefilt.dll
    03ffa000 03ffb000 L00001000 !!!!!!!!!!!!!!!!!!
    03ffa000 04000000 L00006000 Virtual base address of busenum.dll

    Now since the cachefilt.dll is reallocated using the above calculation, the modules next in line above that will also have to be reallocated. Namely, certmod.dll (although not overlapping yet above the cachefilt.dll). To calculate the e32_vbase of certmod.dll you will need the revised e32_vbase address of cachefilt.dll which you got just now

    I recommend writing down the e32_vbase, e32_vsize, o32_realaddr and o32_vsize of each module so it will be easier to calculate the correct addresses for reallocation)
    Remember, you need to work our way up from the bottom of the list since the busenum.dll is reallocated at the last address of the memory

    To reallocate the addresses for o32_realaddr, follow the above calculation, only this time replace the e32_vbase busenum.dll with o32_realaddr and e32_vsize with o32_vsize

    Now open the corresponding imageinfo.txt file for each module and change the e32_vbase and o32_realaddr address values in the txt file of the values mentioned with V= and D=, seen for e.g. like this
    Module name: cachefilt.dll
    e32_vbase: V=03FEF000
    o32[1].o32_realaddr: D=01FFE000

    You will notice that the FLASHDRV.DLL module has the realaddr at 2 regions. Although I have not found a way to calculate the difference between both regions but I change the values as per Abusalza’s MAP.txt
    o32[1].o32_realaddr: D=01FCC000
    o32[3].o32_realaddr: D=01FD4000

    Since the OEMXipKernel modules never change, I only correct values of the ported MSXipKernel modules :)

    This is helpful if the MSXipKernel modules ported from donor ROMs are similar in the sizes. If not then you will need to do the calculation and correction of values

    Once through with the address reallocation, open XIPPort.exe and click “realloc P” to re calculate the addresses for writing maps. It will show you errors regarding some regions, ignore those and click “write maps”. Open the new MAP.txt and recheck for (!!!!!!!!!!!!!!!!!!) If none found that means the XIP has been ported well

    Now click “build xip_out.bin” to create the resulting XIP to be inserted into the ROM .payload file. Use this command for inserting the xip_out.bin into the .payload (presuming you already have the shipped OS.nb.payload file in the same working folder
    insert.exe -i xip_out.bin -o OS.nb.payload -d 0x00320000 -s 0x004C0000
    Check these values with your device imgfs since in Diamond the XIP starts at 0x00320000 and the imgfs starts at 0x007A0000, but for some reason the imgfs signature in Diamond is at 0x007E0000

    Build OS.nb for use in the ROM folder from the .payload you just updated with the new XIP. Please note these commands are for Diamond device. Please check with your device on the same before building
    nbmerge.exe –kaiser OS.nb

    Now put this OS.nb file in the ROM, put the boot.rgu from 19965 (shipped ROM) into the \ROM\XIP folder and do not include any of the OEMXipKernel or MSXipKernel folders in OEM & SYS folder while cooking. I observed for some reason, WinCeNls_WWE folder cannot be taken out of XIP and included in SYS. Device wont boot, so keep that in XIP (found a working solution by spocky12: Here (last quote)

    Please note the insertion of xip_out.bin can also be done through XIPPort.exe directly
    Before clicking “write xip_out.bin to:” replace the name “nk.nb” with “OS.nb.payload” and the address to “00320000” all without quotes

    IMP: There may be chances that although the XIP is working fine, but the windows are seen as QVGA versions. The solution to that is either of the below
    XIP & SYS of the same builds or
    XIP and the OS\Gwes.exe from same build

    Cook the new ROM with your favorite kitchen (whichever doesn’t do anything with the XIP) and use this OS.nb file as base template for the ROM with the new XIP

    With this note, I hope this guide will serve many as a guiding light and answer many questions on manual full XIP porting. Happy porting ;)
    View
    1
    E
    ervius
    c_shekhar said:
    Year bro! I have vc++2005 as well as VC++2008 on my PC. Still it gives error on clicking port IT!!!
    Click to expand...
    Click to collapse

    maybe one of that xip.bin is corrupted into dsms (no one or less dsm inside!)

    btw the multilang visual kitchen is ready to be downloaded here:

    http://xdaforums.com/showthread.php?p=3147148#post3147148

    and, c_shekhar, post me the xips both, so I can check what wrong in them, or in my tool!!! ;)
    bye!
    View

New posts