DumpRom: A ROM file Extraction Tool
System files in Windows CE are packed in ROM in several ways. Normally you are not able to copy files from ROM, for example all dll files. Files can be stored compressed, or uncompressed, and in some cases split into several sections, ready to be executed from ROM. DumpRom uncompresses the data, and reconstructs the original file from its parts.
To get almost usable versions of the files in ROM, the relocation information is missing, but for most it is not an issue, and most files seem to have a truncated resources section (probably due to a bug in Microsofts ROMimage Tool). I created this tool, you can find the source here
Restoring the relocation information is a tough problem, it requires reverse engineering of the code to identify what data are offsets, and what is just data.
Also exchanging modules from different ROMs is usually not possible, since modules in a specific ROM, are usually fixed to specific memory layout. A module from a different ROM will probably not fit.
- '-d dirname' will extract all files and modules to the specified directory
- use commandline option '-4' to unpack wince 4.x roms
- automatically tries to find out the loading offset of the rom
- you need the nkcompr.lib from the latest platformbuilder
- when the same file exists in 2 xip sections, dumprom only keeps the last file
- the linux version will only extract uncompressed files correctly, and producre garbage for compressed files
- WallabyFileFormats/bin files are not supported
- extracted modules can in most cases not be used in a different ROM
- to be able to extract files from a smartphone rom, you have to split the rom into several parts
How it works
DumpRom tries to figure out for each byte in the ROM what it does. If it doesn't know it says 'unknown' this is not an error, just that DumpRom could not determine the use of this byte. The 'could not find 00000000' message means that it encountered a NULL pointer somewhere in rom where it did not expect it, the other one is a pointer to RAM, which dumprom does not know exists. You can safely ignore these errors.
DumpRom was initially written to assist in figuring out what I did not know about the ROM, so it tries to figure out stuff that is unknown. Later I added the code to extract files to it. Maybe I should split DumpRom in one research tool, to do a detail examination of the rom, and one tool to only extract files.
To compile the files:
cl /Zi /Wall /wd4710 /wd4217 /wd4668 /wd4820 /wd4619 /EHsc dumprom.cpp NKCOMPR.LIB
or to compile under unix: ( with dummy compression lib )
g++ dumprom.cpp compress.cpp -o dumprom
How to use it
Here is an example (Blue Angel ROM, WIN XP, so commands can differ slightly):
- HappyGoat will complete tut tomorrow
mkrom can do the reverse (create a ROM from a set of files)
- I am working on a new version, in perl, dumpxip.pl</nowiki> - Fixed crash bug that made it difficult to extract files from smartphone rom. - Fixed issue with sections at negative RVA
- Now all files can be easily disassembled in programs such as IDA
- Now defaults to 4.x compression - added support for 5.x rom format - the msflsh format is entirely different, files cannot be extracted from it using dumprom.