FORUMS
Remove All Ads from XDA

[Sticky Me] [Apr 09] Dutty's Kaiser True PagePool Hack Tutorial

10,460 posts
Thanks Meter: 947
 
By duttythroy, Retired Moderator on 8th April 2008, 08:53 PM
Post Reply Email Thread
15th April 2008, 05:51 AM |#161  
NuShrike's Avatar
Senior Recognized Developer
Thanks Meter: 69
 
More
Quote:
Originally Posted by AllTheWay

I agree that 18mb is very fast. Dutty's Hybrid from April 1 has a 18mb pp. I have tried 32, 24, 18, 16, 15 and I must say that either 18 or 16 is going to be your best bet.

Thanks for making the 16MB pp available off your site. Saves me the trouble of getting dragged into a patching project.
25th April 2008, 06:44 AM |#162  
Member
Flag Vancouver
Thanks Meter: 0
 
More
Another way to adjust the page pool.
I tried as a test to take a cooked windows.nb file and using the hex editor search for the hex strings A0 03 00 10 8E 05 03 00 00 0A. I found them twice in the file and made the adjustment to the previous two bytes on the two sets (10 16 from 03 15 for a 16mb page pool).

Checking the memory status it seemed to work this way. Also as a check I dumped the rom and reconstructed it with the kitchen. I then opened the nk.exe file and checked. Its value had been changed to the appropriate string.

I also noted that if I use that windows.nb file when building future versions of my rom it retains the 16mb (10 16 values) settings.
Can anyone verify this? It seems one step easier than the original method.
Also if anyone else has already posted this finding, congrats and sorry for the potential repost.

PS. I also tried changing the bites directly in a .nbh file and it seemed to work the same, I havent tried repeating this step to verify though.
Has anyone else done it this way? (Do all of you do it this way and I'm just behind?)
This would mean one can change the pagepool in a cooked rom file without having to extract it first.
25th April 2008, 07:09 AM |#163  
AllTheWay's Avatar
Retired Senior Moderator
Flag Folsom, California
Thanks Meter: 100
 
More
Quote:
Originally Posted by Tayton

I tried as a test to take a cooked windows.nb file and using the hex editor search for the hex strings A0 03 00 10 8E 05 03 00 00 0A. I found them twice in the file and made the adjustment to the previous two bytes on the two sets (10 16 from 03 15 for a 16mb page pool).

Checking the memory status it seemed to work this way. Also as a check I dumped the rom and reconstructed it with the kitchen. I then opened the nk.exe file and checked. Its value had been changed to the appropriate string.

I also noted that if I use that windows.nb file when building future versions of my rom it retains the 16mb (10 16 values) settings.
Can anyone verify this? It seems one step easier than the original method.
Also if anyone else has already posted this finding, congrats and sorry for the potential repost.

PS. I also tried changing the bites directly in a .nbh file and it seemed to work the same, I havent tried repeating this step to verify though.
Has anyone else done it this way? (Do all of you do it this way and I'm just behind?)
This would mean one can change the pagepool in a cooked rom file without having to extract it first.

Wow. I don't think I noticed that or maybe I am blind to. Now all we need is for somebody to change the Page Pool.exe to really change the page pool. By your theory you can easily do this also with a hex editor and the .nbh file without having to create a .nb file from it.

Now lets see if you can change the page pool on the AT&T 3.51 ROM.
26th April 2008, 01:56 AM |#164  
Member
Flag Vancouver
Thanks Meter: 0
 
More
Well if i had to muster a guess.
For my test I was using my Rogers 1.83 rom.
I took a look at alex's recent 3.51 rom att rom as a lark.

Though the strings that dutty mentioned could not be found. I searched for some hex values that preceded it. I found to patterns that may work though I may be wrong but i dont think so.
search for the pattern, you will find it twice in the rom the same as the other pattern for the 1.83 rom.

03 E5 A0 03 00 E0 84 05 03 00 00

This co-incides to the other pattern.

I found this btw by searching for this hex string which is consistently before both patterns.
**** (Edit: i had the 8th byte incorrectly listed as 8a instead of 83 for those that test the string try again)

To test this try searching for this pattern on a rom where you know the True Page Pool has been changed. This string will be found twice and the True Page Pool string pattern that Dutty listed should start 3 bytes past it.
E1 02 38 83 E1 01 3C 83 E1 80 00


On the original roms the bytes to change were defaulted as 03 15. This one seems to be 03 E5.
So perhaps changing to two sets to.
10 E6 (the first two bytes) may yield a 16 meg page pool. I will try it later.
Note: This is a guess but the patterns seem to hold true. I will try it will alexs new clean rom to test.
26th April 2008, 11:57 AM |#165  
Laurentius26's Avatar
Inactive Recognized Developer
Thanks Meter: 1,154
 
1010
Donate to Me
More
Hi there,

If I understand right, this is the offset for the pagepool in the new AT&T build (CE version: 3.51.502.0)?

03 E5 A0 03 00 E0 84 05 03 00 00

Thank you

Quote:
Originally Posted by Tayton

Well if i had to muster a guess.
For my test I was using my Rogers 1.83 rom.
I took a look at alex's recent 3.51 rom att rom as a lark.

Though the strings that dutty mentioned could not be found. I searched for some hex values that preceded it. I found to patterns that may work though I may be wrong but i dont think so.
search for the pattern, you will find it twice in the rom the same as the other pattern for the 1.83 rom.

03 E5 A0 03 00 E0 84 05 03 00 00

This co-incides to the other pattern.

I found this btw by searching for this string which is consistently before both patterns.
E1 02 38 83 E1 01 3C 8A E1 80 00

The start of the ram pattern was 3 bytes after that.
On the original roms the bytes to change we defaulted as 03 15. This one seems to be 03 E5.
So perhaps changing to two sets to
10 E6 (the first two bytes) may yield a 16 meg page pool. I will try it later.

26th April 2008, 03:08 PM |#166  
Member
Flag Vancouver
Thanks Meter: 0
 
More
Test pattern verified! Note that the method below is the way I found it to work.
Here are the following steps that should work on most roms. I am going to word it so possibly someone with program skills could make a page pool changer.

This was tested on Alex's 3.51 rom ultraclean .nbh file using a basic hex editor.

1) Searched for the first instance of the following hex string: E1 02 38 83 E1 01 3C 83 E1 80 00 (Only use this string for the first match!)
2) 3 bytes farther I found this hex string of 11 bytes: 03 E5 A0 03 00 E0 84 05 03 00 00
** (above string changes depending on what rom version you use and if its been cooked or not. In the case of the unchanged att rom I found E1 02 38 83 E1 01 3C 83 E1 80 00 ?? ?? 03 E5 A0 03 00 E0 84 05 03 00 00)
3) I copied that string 03 E5 A0 03 00 E0 84 05 03 00 00 into keyboard buffer for next search then set the second byte E5 to E6.
(Basically I added 1 to the value which maybe sets the pagepool to manual? This was based on Dutty changing his second byte from 15 to 16.
4) I changed the first byte 03 to 10 so the new string would read 10 E6 A0 03 00 E0 84 05 03 00 00
5) I searched for 03 E5 A0 03 00 E0 84 05 03 00 00 again and changed it to 10 E6 A0 03 00 E0 84 05 03 00 00 (basically repeating steps 3 and 4)
6) Saved the changes.

Here were the memory test results:
03 E5 A0 03 00 E0 84 05 03 00 00 yielded 81.30 mb ram (default)
10 E6 A0 03 00 E0 84 05 03 00 00 yielded 81.55 mb ram
11 E6 A0 03 00 E0 84 05 03 00 00 yielded 80.55 mb ram
14 E6 A0 03 00 E0 84 05 03 00 00 yielded 77.54 mb ram

I haven't performed any test benches on the different values. Feel free to test away. Just use the hex editor for now on any cooked .nbh rom or os.nb file. It doesnt really matter when you change it.

Last couple of thoughts:
- The idea worked for Polaris as well.
- If a page pool program is made the following logic should work:
-- Search for the first pattern
-- Move over 3 bytes and copy the next 11 bytes as the next search pattern.
-- Set the first byte to the desired page pool size.
-- The second byte should be set to E6 if previously E5 or 16 if original 15. If a new rom comes out that uses a different value again, perhaps the rule should be only add 1 to the second byte if the first byte is 03 (page pool set to dynamic). What do you guys think?
-- Search the new copied pattern to get to the next set.
-- change the first and second byte again as above.

I have no programming skills so someone else will have to take up the challenge of writing the page pool changing program. I noticed sakajati wrote a basic one from dutty's perhaps he could modify.

Thanks again Dutty on your hard work. Glad I could finally pitch in with this slight discovery.
28th April 2008, 12:20 PM |#167  
Member
Thanks Meter: 0
 
More
What changes does this make on the phone? increased preformance?
28th April 2008, 04:36 PM |#168  
Member
Flag Vancouver
Thanks Meter: 0
 
More
Changing the page pool value affects the phones performance as noted in the beginning of this thread.
What page pool sizes to use have been covered in the first posts and tests have been performed on different sizes throughout the thread.

Based on what Dutty has found I assume the second byte enables or disables a manually set page pool.
The first byte is the actual page pool size in Hex.
10 = 16 meg page pool.
12 = 18 meg page pool.
18 = 24 meg page pool (again this is covered by Dutty)

The ATT 3.51 rom has a different hex string to search for as noted in my comments above.

As mentioned you can edit your cooked file directly which saves some steps.

If you want to change your ATT 3.51 rom to a 24 meg page pool for example. Do the following.
You can use a hex editor on the ruu_signed.nbh file or the window.nb (or whatever your os.nb file is) directly to change the page pool size.


1) Open up the RUU_Signed.nbh with hex editor.
2) search for A0 03 00 E0 84 05 03 00 00 and move back 2 bytes.
3) The values should 03 E5 if the rom is still set to dynamic.
4) Change E5 TO E6 if not already.
5) change the first byte before the E5 to the desired page pool size (03 is is intial size) to 16. Its in hex.
6) Search again repeating steps 2 to 5.
7) save changes
28th April 2008, 05:19 PM |#169  
Laurentius26's Avatar
Inactive Recognized Developer
Thanks Meter: 1,154
 
1010
Donate to Me
More
Hi Tayton,

This one I find on the AT&T 3.51 build:

A0 03 00 E0 84 05 03 00 00

But moving 3 bites forward or backwards I can't find 03 E5

Can you help me please?

Sorry but I'm a complete nOOb in this

Thank you!








Quote:
Originally Posted by Tayton

Changing the page pool value affects the phones performance as noted in the beginning of this thread.
What page pool sizes to use have been covered in the first posts and tests have been performed on different sizes throughout the thread.

Based on what Dutty has found I assume the second byte enables or disables a manually set page pool.
The first byte is the actual page pool size in Hex.
10 = 16 meg page pool.
12 = 18 meg page pool.
18 = 24 meg page pool (again this is covered by Dutty)

The ATT 3.51 rom has a different hex string to search for as noted in my comments above.

As mentioned you can edit your cooked file directly which saves some steps.

If you want to change your ATT 3.51 rom to a 24 meg page pool for example. Do the following.
You can use a hex editor on the ruu_signed.nbh file or the window.nb (or whatever your os.nb file is) directly to change the page pool size.


1) Open up the RUU_Signed.nbh with hex editor.
2) search for A0 03 00 E0 84 05 03 00 00 and move back 2 bytes.
3) The values should 03 E5 if the rom is still set to dynamic.
4) Change E5 TO E6 if not already.
5) change the first byte before the E5 to the desired page pool size (03 is is intial size) to 16. Its in hex.
6) Search again repeating steps 2 to 5.
7) save changes

28th April 2008, 09:32 PM |#170  
Member
Flag Vancouver
Thanks Meter: 0
 
More
Hi Laurentius,
I am just not explaining well. I worked out the system that should be universal to both roms. I gave a quick 7 step method for the att 3.51 only rom above to make it easier.

Let me show you how it works on your example.

Click image for larger version

Name:	Hexdump.jpg
Views:	70
Size:	35.4 KB
ID:	83813 (Click on it to expand picture, not sure why my attachment is so small)

The string inside the black frame box is the one that is found in most roms including the att 3.51 (E1 02 38 83 E1 01 3C 83 E1 80 00 ). and you can see that 3 bytes over are the values 10 E6. This indicates that the rom is already set to manual pagepool (because of the E6) and is set to 16 meg page pool (
because 10 = 16 meg page pool in hex 1F = 31 in hex, 20 = 32 etc)

Change that 10 value to whatever size you wish. remember its hex so 0E = 14 in decimal.
Note that the string in the black box can only be used to find the initial set. When you search for the second set use the string you highlighted and then change the previous 2 bytes. In your example again it is 10 E6 just left of your black highlight. make your first change then search again for the string you have highlighted (A0 03 00 E0 84 05 03 00 00 ) and two bytes previous will be 10 E6 again. Make same change there and save it.
29th April 2008, 10:21 AM |#171  
Laurentius26's Avatar
Inactive Recognized Developer
Thanks Meter: 1,154
 
1010
Donate to Me
More
Thank you, very kind of you

Quote:
Originally Posted by Tayton

Hi Laurentius,
I am just not explaining well. I worked out the system that should be universal to both roms. I gave a quick 7 step method for the att 3.51 only rom above to make it easier.

Let me show you how it works on your example.

Attachment 83813 (Click on it to expand picture, not sure why my attachment is so small)

The string inside the black frame box is the one that is found in most roms including the att 3.51 (E1 02 38 83 E1 01 3C 83 E1 80 00 ). and you can see that 3 bytes over are the values 10 E6. This indicates that the rom is already set to manual pagepool (because of the E6) and is set to 16 meg page pool (
because 10 = 16 meg page pool in hex 1F = 31 in hex, 20 = 32 etc)

Change that 10 value to whatever size you wish. remember its hex so 0E = 14 in decimal.
Note that the string in the black box can only be used to find the initial set. When you search for the second set use the string you highlighted and then change the previous 2 bytes. In your example again it is 10 E6 just left of your black highlight. make your first change then search again for the string you have highlighted (A0 03 00 E0 84 05 03 00 00 ) and two bytes previous will be 10 E6 again. Make same change there and save it.

Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes