|
How to get parameters of a window?
|
|
| loquat | Дата: Пятница, 09.04.2010, 13:55 | Сообщение # 1 |
|
Подполковник
Имя: loquat
С нами с: 26.03.2010
Сообщений: 115
Модель телефона: S7Cv47&SK6Cv50
Статус: Offline
| I have a good idea of such a patch.
The mobile phone can warn us by such a window if we had switch two items as follows on.
1.Call records - Durat./charges - Options - Charge settings - Auto display
2.Setup - Call settings - Minute beep when we are talking,we can not be stared at the mainscreen.
if we can get the hook of this window,we can change it to a vibra display. just like this patch."Vibra instead of the window SMS sent" 
Table-tennis,volleyball,swimming
Good good study,day day up.
Lifting my head I watched the brignt moon,Lowering my head I dreamed that I'm home.
Сообщение отредактировано loquat - Пятница, 09.04.2010, 13:56 |
| |
| |
| Evgr | Дата: Пятница, 09.04.2010, 22:48 | Сообщение # 2 |
|
Волшебник
Имя: Евгений
С нами с: 07.05.2007
Сообщений: 874
Модель телефона: E71v45x2, EL71v45
Статус: Offline
| Quote (loquat) if we can get the hook of this window
it is somewhere here A03007CB (S7Cv47) but I did not manage to make working patch
E71v45, CL61v00db128@E71, EL71v45x2, S75v47, S68v52, C72v22
curious
"...нам хотя бы на излёте заглянуть за..."
|
| |
| |
| loquat | Дата: Суббота, 10.04.2010, 05:04 | Сообщение # 3 |
|
Подполковник
Имя: loquat
С нами с: 26.03.2010
Сообщений: 115
Модель телефона: S7Cv47&SK6Cv50
Статус: Offline
| To Evgr:
1.Could you teach me to find this hook?
2.And a question in addition,how can I find the Function Addresses of such items by ArmDebugger?
(1).Setup(Graphics Menu)
(2).Setup - Connectivity(FlexMenu items)
there is many items need fix in NativeMenu.If you call Connectivity by shortcut,it still call MainMenu Function.But not NativeMenu Function.
we should find these Native functions,and to replace all those MainMenu functions.
Table-tennis,volleyball,swimming
Good good study,day day up.
Lifting my head I watched the brignt moon,Lowering my head I dreamed that I'm home.
|
| |
| |
| loquat | Дата: Суббота, 10.04.2010, 07:43 | Сообщение # 4 |
|
Подполковник
Имя: loquat
С нами с: 26.03.2010
Сообщений: 115
Модель телефона: S7Cv47&SK6Cv50
Статус: Offline
| Code A03007CA 04 BE BKPT 4
A03007CC 6D 4C LDR R4, =0xA0094BB8
A03007CE 6E 4E LDR R6, =0xA0094B5C //lib 14: void *malloc(unsigned int size)
A03007D0 21 1C MOV R1, R4
A03007D2 30 1C MOV R0, R6
A03007D4 8D B0 SUB SP, #0x34
A03007D6 22 F1 BLX l_A042311C //ARM address
A03007D8 A2 EC
A03007DA 05 1C MOV R5, R0
A03007DC 21 1C MOV R1, R4
A03007DE 30 1C MOV R0, R6
A03007E0 5F 4A LDR R2, =0x4CB
l_A03007E2: F7 F6 BL l_A01F7AF0 //128: int CreateWS(void *malloc,void *mfree,int len)
A03007E4 85 F9
A03007E6 04 1C MOV R4, R0
l_A03007E8: 23 F1 BLX l_A0424620 //ARM address
Table-tennis,volleyball,swimming
Good good study,day day up.
Lifting my head I watched the brignt moon,Lowering my head I dreamed that I'm home.
|
| |
| |
| Evgr | Дата: Суббота, 10.04.2010, 10:15 | Сообщение # 5 |
|
Волшебник
Имя: Евгений
С нами с: 07.05.2007
Сообщений: 874
Модель телефона: E71v45x2, EL71v45
Статус: Offline
|
loquat, this is tested well working patch for E71v45, test it in your S7C (when install conflicts with other patch are possible)
E71v45, CL61v00db128@E71, EL71v45x2, S75v47, S68v52, C72v22
curious
"...нам хотя бы на излёте заглянуть за..."
|
| |
| |
| loquat | Дата: Суббота, 10.04.2010, 10:28 | Сообщение # 6 |
|
Подполковник
Имя: loquat
С нами с: 26.03.2010
Сообщений: 115
Модель телефона: S7Cv47&SK6Cv50
Статус: Offline
| 2.And a question in addition,how can I find the Function Addresses of such items by ArmDebugger?
(1).Setup(Graphics Menu)
(2).Setup - Connectivity(FlexMenu items)
there is many items need fix in NativeMenu.If you call Connectivity by shortcut,it still call MainMenu Function.But not NativeMenu Function.
we should find these Native functions,and to replace all those MainMenu functions.
Table-tennis,volleyball,swimming
Good good study,day day up.
Lifting my head I watched the brignt moon,Lowering my head I dreamed that I'm home.
Сообщение отредактировано loquat - Суббота, 10.04.2010, 10:56 |
| |
| |
| Evgr | Дата: Суббота, 10.04.2010, 10:42 | Сообщение # 7 |
|
Волшебник
Имя: Евгений
С нами с: 07.05.2007
Сообщений: 874
Модель телефона: E71v45x2, EL71v45
Статус: Offline
| Quote (loquat) Evgr,I can't find code above.
Code Vibra at call time
;(c) SiNgle, avkiev, (Evgr)
;Version: 1-MP
;Vibra at window <Call time x min>
;Вибра на окошке "Время разговора x мин.".
;0669E2E: 051C211C A0F11EE9 ;E71v45
03007DA: 051C211C 6FF5E9FD ;S7Cv47
#pragma enable old_equal_ff
;080A06C: 00C09FE51CFF2FE1,0xA00703B1 ;E71v45
00703B0: 00B5051C211CFFB40A48C4DF08D001B4
00703C0: 0430816803A201324DDF01BC40787CDF
00703D0: FFBC00BD00B500207CDF00BD
00703E0: 0xB1C2D3E4,0x00100410,0000000000000000,"\
{p=VibraAtCallTime id=100410}","\
{info `Vibra at window <Call time x min>`}","\
{1 b Frequency v=10}\
{12 ms Duration v=20}\
",00
#pragma disable old_equal_ff
E71v45, CL61v00db128@E71, EL71v45x2, S75v47, S68v52, C72v22
curious
"...нам хотя бы на излёте заглянуть за..."
|
| |
| |
| loquat | Дата: Суббота, 10.04.2010, 10:57 | Сообщение # 8 |
|
Подполковник
Имя: loquat
С нами с: 26.03.2010
Сообщений: 115
Модель телефона: S7Cv47&SK6Cv50
Статус: Offline
| Thank you Evgr:it works now.
Table-tennis,volleyball,swimming
Good good study,day day up.
Lifting my head I watched the brignt moon,Lowering my head I dreamed that I'm home.
|
| |
| |
| loquat | Дата: Суббота, 10.04.2010, 11:03 | Сообщение # 9 |
|
Подполковник
Имя: loquat
С нами с: 26.03.2010
Сообщений: 115
Модель телефона: S7Cv47&SK6Cv50
Статус: Offline
| Evgr,could you teach me how to find a NativeMenu Address?
Setup - Connectivity,for example
Table-tennis,volleyball,swimming
Good good study,day day up.
Lifting my head I watched the brignt moon,Lowering my head I dreamed that I'm home.
|
| |
| |
| Evgr | Дата: Суббота, 10.04.2010, 11:16 | Сообщение # 10 |
|
Волшебник
Имя: Евгений
С нами с: 07.05.2007
Сообщений: 874
Модель телефона: E71v45x2, EL71v45
Статус: Offline
| Quote (loquat) Evgr,could you teach me how to find a NativeMenu Address?
Setup - Connectivity,for example
sorry, loquat. I am not sure I know exactly, I need try to search
E71v45, CL61v00db128@E71, EL71v45x2, S75v47, S68v52, C72v22
curious
"...нам хотя бы на излёте заглянуть за..."
|
| |
| |
| loquat | Дата: Суббота, 10.04.2010, 11:22 | Сообщение # 11 |
|
Подполковник
Имя: loquat
С нами с: 26.03.2010
Сообщений: 115
Модель телефона: S7Cv47&SK6Cv50
Статус: Offline
| If I move hook to A03007D0,can it be Vibra instead of call time window?
Table-tennis,volleyball,swimming
Good good study,day day up.
Lifting my head I watched the brignt moon,Lowering my head I dreamed that I'm home.
Сообщение отредактировано loquat - Суббота, 10.04.2010, 12:31 |
| |
| |
| Evgr | Дата: Суббота, 10.04.2010, 12:42 | Сообщение # 12 |
|
Волшебник
Имя: Евгений
С нами с: 07.05.2007
Сообщений: 874
Модель телефона: E71v45x2, EL71v45
Статус: Offline
| Quote (loquat) If I move hook to A03007D0,can it be Vibra instead of call time window?
I am affraid not. Try
03007CA: F0B5 7047 or 03008A0: 21F124EF C046C046
there will not be call time window but phone will fail, cancel will not work. I do not know how to disable this window
E71v45, CL61v00db128@E71, EL71v45x2, S75v47, S68v52, C72v22
curious
"...нам хотя бы на излёте заглянуть за..."
|
| |
| |
| loquat | Дата: Суббота, 10.04.2010, 12:51 | Сообщение # 13 |
|
Подполковник
Имя: loquat
С нами с: 26.03.2010
Сообщений: 115
Модель телефона: S7Cv47&SK6Cv50
Статус: Offline
| Evgr:
Quote sorry, loquat. I am not sure I know exactly, I need try to search
How to search.
I don't know if I can use some function libs to find some function addresses.
BingK has ever taught me that,but I really forgot it.
Could you take "Setup - Connectivity" for example to teach me step by step how to search?
A few days later, I will sale all my Siemens Phones except S75,and to buy a Sony Ericsson phones.
I find Sony Ericsson's ELF is developing fast.
Table-tennis,volleyball,swimming
Good good study,day day up.
Lifting my head I watched the brignt moon,Lowering my head I dreamed that I'm home.
|
| |
| |
| loquat | Дата: Суббота, 10.04.2010, 12:53 | Сообщение # 14 |
|
Подполковник
Имя: loquat
С нами с: 26.03.2010
Сообщений: 115
Модель телефона: S7Cv47&SK6Cv50
Статус: Offline
| Evgr
Quote I am affraid not. Try
03007CA: F0B5 7047 or 03008A0: 21F124EF C046C046
there will not be call time window but phone will fail, cancel will not work. I do not know how to disable this window
It is not important at all.
Table-tennis,volleyball,swimming
Good good study,day day up.
Lifting my head I watched the brignt moon,Lowering my head I dreamed that I'm home.
|
| |
| |
| loquat | Дата: Воскресенье, 11.04.2010, 03:53 | Сообщение # 15 |
|
Подполковник
Имя: loquat
С нами с: 26.03.2010
Сообщений: 115
Модель телефона: S7Cv47&SK6Cv50
Статус: Offline
| Code RSEG MMENU_TIME_HOOK
CODE32
BL _MMENU_TIME
#ifdef S7Cv47
#define GET_DATE_TIME 0xA0962E13
#define WS_PRINTF 0xA0996A35
#define ALLOC_WS 0xA09974F9
#define FREE_WS 0xA01F73A1
#endif
#ifdef E71Cv41
#define GET_DATE_TIME 0xA08F4807
#define WS_PRINTF 0xA09653F1
#define ALLOC_WS 0xA0965EB5
#define FREE_WS 0xA0510059
#endif
RSEG MMENU_TIME_BODY
CODE32
_MMENU_TIME
STMFD SP!, {R4-R6, LR}
SUB SP, SP, #20
MOV R6, R0 //old ws
ADD R1, SP, #12
MOV R0, #0
BLX GET_DATE_TIME
LDR R0, [R6, #0]
LDRH R0, [R0, #0]
ADD R0, R0, #16
BLX ALLOC_WS
LDR R1, =_FORMAT
LDR R2, =0xE013
MOV R3, R6
LDR R4, =0xE01D
STR R4, [SP, #0]
ADD R5, SP, #12
LDRB R4, [R5, #0]
STR R4, [SP, #4]
LDRB R4, [R5, #1]
STR R4, [SP, #8]
MOV R4, R0
BLX WS_PRINTF
MOV R0, R6
BLX FREE_WS
MOV R1, R4
ADD SP, SP, #20
LDMFD SP!, {R4-R6, PC}
DATA
_FORMAT
DCB "%c%w%c%02d:%02d"
END
//S7Cv47
-carm
-Z(CODE)MMENU_TIME_HOOK=A0B35490-FFFFFFFF
-Z(CODE)MMENU_TIME_BODY=A1565000-FFFFFFFF
//E71Cv41
-carm
-Z(CODE)MMENU_TIME_HOOK=A0BB1E48-FFFFFFFF
-Z(CODE)MMENU_TIME_BODY=A1565000-FFFFFFFF
Table-tennis,volleyball,swimming
Good good study,day day up.
Lifting my head I watched the brignt moon,Lowering my head I dreamed that I'm home.
|
| |
| |
