time for my next new thread
i wrote a 20 lines dumper
(before someone asks, no, not in ASM
) which now can dump the rom of my MIPS ce 2.11/hpc pro and CE3/hpc2000 hpc's.
will work on ce.net too.
(at least i tested with ARM version
)
the great thing: that the dumper uses physical addresses, so no need to know CE's virtual memory map... though, later, after using this dumper i realized this virtual map doesn't vary as much as with the ARM's. so maybe isn't such a big advantage for MIPS
(unlike for ARM
), still good.
the bad thing: 1
) the reset vector is never the ROM start address. 2
) even the official
(? as in MIPS documents at mips.com
) virtual/physical memory map is switched on some cpu's.
so, the start address for the ROM is not fixed... it is cpu dependent.
so, when i get some GUI up and running for it
(to select start address, size, and destination file
) i will properly release this dumper.
right now it's just an exe that runs when you click on it and everything hard coded.
until then here is an attachment of the versions for the different cpu's, in this post.
usage:
d2_1e000000.exe: for 186Mhz vr4122
(JVC MP-C33
), 200Mhz vr4131
(Sigmarion 2
) and 129Mhz tx3922
(intermec 6651
) cpu's. probably more Mhz versions are compatible than listed here.
d2_be000000.exe: for 168Mhz vr4121
(NEC 790, 880, Sigmarion 1
)
d2_b8000000.exe: for 131Mhz vr4121
(NEC 770, 800
)
d2_BFC00000.exe: usually not needed...for any vr4121
(or anything that uses this startup address
), to dump reset vector to determine ROM start address
(some MIPS ASM required to understand the dumped code
). this will crash vr4122/vr4131 because it is not a valid physical address there - for example i had to remove the battery on my intermec to make it alive again!
the first two exe's will dump 32MB on to a \Storage Card
(for non english devices use the card rename hack at
http://www.hpcfactor.com/support/cesd/h/0011.asp ). file name dump10.nb.
the third exe will dump 24MB.
last one 32K into RAM.
oh, and 0x0 is RAM start on vr4121-168mhz/vr4122/vr4131/tx3922
(dumper not included now
)
note: i will probably try SH3 dumping soon.
another bad thing: this won't work on CE 1.0 or CE 2.0. i could try using virtual addresses to dump, but then i would still need SetKMode, and that is not available for them. i hear jlime uses a hack
(that is similar to SetKMode
) to run the jlime bootloader on CE 2.0 - will look into that!
i've dumped eight devices so far: nec 770, nec 790, nec 800, nec 880, sig1, sig2, intermec 6651, jvc mp-c33
i've been unable to dump my vodafone messagecam
(casio mc20b
). it just throws fatal error at me in every version of the dumper...
would be so cool to have that ce 2.12 rom..
WHAT IS THIS USEFUL FOR?
well, for one, i'll try extracting the hpc pro NEC 880 USB drivers from these dumped roms and try recreating them. btw, right now, i only have a hpc2000 nec 880, and a hpc pro nec 800 - if someone thinks the nec 800 usb drivers won't be good enough then please help me dump a hpc pro nec 880 rom.
(or i'll find the original rom for mine
)
or, i can try extracting hpc pro explorer.exe and removing the backup battery resources, so if a built in backup battery dies, the hpc pro device will not become too annoying to use!
or get neat apps from intermec, jvc, etc....... for one, jvc has neat usb drivers in ROM and cool apps in both intermec and JVC roms.
and so on
only two obstacles remain now: 1
) i need to extract the compressed parts better in the dumped exes/dlls, because ce 2.11's compression seems to slightly differ from ce3's. 2
) learn MIPS reloc table.
after that no more problems, we can do anything!
Edited by cmonex 2007-08-18 1:57 AM
Attachments
----------------
mipsdumpers.zip (4KB - 27 downloads)
