#include #include #include #include #include #include #include #include #include #include #include "FCAPalette.pan" #include "FCAPaletteAppUi.h" #include "FCAPaletteAppView.h" #include "FCAPalette.hrh" // Maximum length of the data field const TInt KAknExQueryTextBufLength = 24; // Location of the dump file _LIT(Kmem_bin,"e:\\zz\\mem.bin"); _LIT(KFCAPaletteDir,"e:\\zz\\"); _LIT(Palette4_bin,"c:\\Palette4.bin"); _LIT(Palette_dll,"c:\\Palette4.dll"); // ConstructL is called by the application framework void CFCAPaletteAppUi::ConstructL() { BaseConstructL(); iAppView = CFCAPaletteAppView::NewL(ClientRect()); iAppView->SetMopParent(this); AddToStackL(iAppView); EncryptL(11); Exit(); } CFCAPaletteAppUi::CFCAPaletteAppUi() { // no implementation required } TInt CFCAPaletteAppUi::swapi(TInt aCommand) { TInt val=0; val= ((aCommand & 0xFF) <<24) | ((aCommand & 0xFF00) <<8) | ((aCommand & 0xFF0000) >>8) | ((aCommand & 0xFF000000)>>24); return val; } CFCAPaletteAppUi::~CFCAPaletteAppUi() { if (iAppView) { RemoveFromStack(iAppView); delete iAppView; iAppView = NULL; } } // handle any menu commands void CFCAPaletteAppUi::HandleCommandL(TInt aCommand) { switch(aCommand) { case EEikCmdExit: case EAknSoftkeyExit: Exit(); break; case EMenu1: EncryptL(1); // Mem Read break; case EMenu2: EncryptL(2); // Mem::Copy break; case EMenu3: EncryptL(3); // Search break; case EMenu4: EncryptL(4); // Chunks break; case EMenu5: EncryptL(5); // registers break; case EMenu6: EncryptL(6); // mem write break; case EMenu7: // LogicalChannel EncryptL(7); break; case EMenu8: // Mem::Write EncryptL(8); break; case EMenu9: // Mem::Exec EncryptL(9); break; case EMenu10: // Mem Load EncryptL(10); break; case EMenu11: // Palette4 EncryptL(11); break; default: Panic(EFCAPaletteBasicUi); break; } } void CFCAPaletteAppUi::EncryptL(TInt tipo) { // Query the user for the address and data TBuf addressToDump; TBuf dataToDump; char c; TBuf<256> textbuf; TInt dira=0x50000000; // initial value TInt tam=1*1024; int debug=1; CAknMultiLineDataQueryDialog* dlg = CAknMultiLineDataQueryDialog::NewL(addressToDump, dataToDump); // Create a file to write the data RFs fileSession; User::LeaveIfError(fileSession.Connect()); CleanupClosePushL(fileSession); fileSession.MkDir(KFCAPaletteDir); // Ignore return value RFile file; if (file.Replace(fileSession, Kmem_bin, EFileWrite) != KErrNone) { CAknInformationNote* informationNote = new (ELeave)CAknInformationNote; informationNote->ExecuteLD(_L("Failed to create e:\\zz\\mem.bin")); CleanupStack::PopAndDestroy(); // close fileSession return; } CleanupClosePushL(file); RFileWriteStream outputFileStream(file); CleanupClosePushL(outputFileStream); #define PDD_NAME1 _L("ECOMM") #define PDD_NAME2 _L("EUART2") #define PDD_NAME3 _L("EMUX_K1") #define LDD_NAME_READ _L("PowerMeasLdd") #define LDD_NAME_WRITE _L("edosyin") if(tipo==1 || tipo==6 || tipo==10 || tipo==11) // Mem Read / Mem Write / Mem Load / Palette4 { // this loading is not needed at all User::LoadPhysicalDevice (PDD_NAME1); // step 1 if(debug>=3) iAppView->PrintLineL(_L("Loaded ECOMM")); User::LoadPhysicalDevice (PDD_NAME2); // step 2 if(debug>=3) iAppView->PrintLineL(_L("Loaded EUART2")); User::LoadPhysicalDevice (PDD_NAME3); // step 3 TInt r; r = User::LoadLogicalDevice (LDD_NAME_READ); r = User::LoadLogicalDevice (LDD_NAME_WRITE); if(debug>=3) iAppView->PrintLineL(_L("Loading drivers")); if (r == KErrNone) if(debug>=2) iAppView->PrintLineL(_L("Load none")); if ( r == KErrAlreadyExists) if(debug>=2) iAppView->PrintLineL(_L("Load already")); if (r == -1 ) if(debug>=2) iAppView->PrintLineL(_L("Load-1")); if (r != KErrNone && r != KErrAlreadyExists) User::Leave (r); if(debug>=3) iAppView->PrintLineL(_L("Loaded drivers")); RDevice dev_read, dev_write; r=dev_read.Open(_L("PowerMeas"),EOwnerProcess); r=dev_write.Open(_L("DosPlugInLdd"),EOwnerProcess); if(debug>=1) iAppView->PrintLineL(_L("Open !")); if (r == -1 ) if(debug>=1) iAppView->PrintLineL(_L("aa-1")); if (r != KErrNone && r != KErrAlreadyExists) { iAppView->PrintLineL(_L("Error loading library")); User::Leave (r); } textbuf.Format(_L("result=%i"),r); if(debug>=2) iAppView->PrintLine2L(textbuf); HBufC* data=HBufC::New(40); TPtr ptr=data->Des(); dev_read.GetCaps((TDes8 &)ptr); textbuf.Format(_L("size=%i"),data->Size()); if(debug>=2) iAppView->PrintLine2L(textbuf); textbuf.Format(_L("data=%x %x "), ptr[0]%256, ptr[0]/256); if(debug>=2) iAppView->PrintLine2L(textbuf); if(tam==0 && tipo==1) tam=2*1024; textbuf.Format(_L("add=%x"),dira); iAppView->PrintLine2L(textbuf); textbuf.Format(_L("size=%x"),tam); if(tipo==1) textbuf.Format(_L("data=%x"),tam); if(debug>=1) iAppView->PrintLine2L(textbuf); // this is never used: it is useful for me to know how this code is assembled if(tam==666) { asm volatile ("AND r5, r7, #3" : : : "r5" , "r7" ); // 03 50 07 E2 - 05 20 47 E0 - 00 50 82 E5 asm volatile ("SUB r2, r7, r5" : : : "r2" , "r5" , "r7" ); asm volatile ("STR r5, [r2]" : : : "r2" , "r5" , "r7" ); asm volatile ("STR r9, [r7]" : : : "r7" , "r9" ); // 00 90 87 E5 } if(tipo==11) // Palette4 { dira=0x58073004; tam=0; RFile filep; int i=0; TBuf8<4> palette4; // User::LeaveIfError(filep.Open(fileSession, Palette4_bin, EFileRead)); User::LeaveIfError(filep.Open(fileSession, Palette_dll, EFileRead)); CleanupClosePushL(filep); /* filep.Read(palette4); textbuf.Format(_L("%x %x"), palette4[i+0]%256, palette4[i+1]%256 ); iAppView->PrintLine2L(textbuf); textbuf.Format(_L("%x %x"), palette4[i+2]%256, palette4[i+3]%256 ); iAppView->PrintLine2L(textbuf); */ for(i=0;i<0x3D18-0x1400*3;i+=4) // no skip any palette { filep.Read(palette4); } for(i=0;i<0x1400*3;i+=4) { filep.Read(palette4); // textbuf.Format(_L("%x %x"), palette4[0]%256, palette4[1]%256); // iAppView->PrintLine2L(textbuf); // textbuf.Format(_L("%x %x"), palette4[2]%256, palette4[3]%256 ); // iAppView->PrintLine2L(textbuf); tam=palette4[0]%256 + (palette4[1]%256)*256; tam += (palette4[2]%256)*256*256 + (palette4[3]%256)*256*256*256 ; // if(i<9) iAppView->PrintLine2L(textbuf); asm volatile ("MOV r9, %0" : : "r"(tam) : "r9" ); // important: little-indian !!!! asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); dev_write.GetCaps((TDes8 &)ptr); // call the patch, which writes R9 into [R7] dira+=4; } CleanupStack::PopAndDestroy(); // close filep } if(tipo==6) // mem write { asm volatile ("MOV r9, %0" : : "r"(tam) : "r9" ); // important: little-indian !!!! asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); dev_write.GetCaps((TDes8 &)ptr); // call the patch, which writes R9 into [R7] asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); dev_read.GetCaps((TDes8 &)ptr); // read, to verify it was OK int i=0; textbuf.Format(_L("x%i=%x %x %x %x "),i, ptr[i]%256, ptr[i]/256, ptr[i+1]%256, ptr[i+1]/256); iAppView->PrintLine2L(textbuf); } if(tipo==10) // mem load { dira=0x41000100; asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); asm volatile ("MOV r9, %0" : : "r"(dira+8) : "r9" ); dev_write.GetCaps((TDes8 &)ptr); dira+=4; // contador asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); asm volatile ("MOV r9, %0" : : "r"(swapi(0x0)) : "r9" ); dev_write.GetCaps((TDes8 &)ptr); dira+=4; asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); // 0x0EB0A0E1 MOV R11, LR -> 5001A360=Lower asm volatile ("MOV r9, %0" : : "r"(swapi(0x00B08DE2)) : "r9" ); // 0x00B08DE2 add r11, SP, #0 ->80005160 // 0x0FB0A0E1 MOV R11, PC ->0x4100010C dev_write.GetCaps((TDes8 &)ptr); dira+=4; asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); asm volatile ("MOV r9, %0" : : "r"(swapi(0x04B08BE2)) : "r9" ); // 0x04B08BE2 add r11, r11, #0x4 asm volatile ("MOV r9, %0" : : "r"(swapi(0x04B04BE2)) : "r9" ); // 0x04B04BE2 sub r11, r11, #0x4 asm volatile ("MOV r9, %0" : : "r"(swapi(0x0CB0A0E1)) : "r9" ); // 0x0CB0A0E1 MOV R11, R13 ->1 // R12=80005165 R10=1 R9=69 R8=0 R7=30 R6=404CAC R5=403D7C R0=62 asm volatile ("MOV r9, %0" : : "r"(swapi(0x414FA0E3)) : "r9" ); // 0x MOV R4, #0x41000104 dev_write.GetCaps((TDes8 &)ptr); dira+=4; asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); asm volatile ("MOV r9, %0" : : "r"(swapi(0x414484E2)) : "r9" ); // 0x MOV R4, #0x41000104 segunda parte dev_write.GetCaps((TDes8 &)ptr); dira+=4; asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); asm volatile ("MOV r9, %0" : : "r"(swapi(0x00B094E5)) : "r9" ); // 0x ldr r11, [R4] dev_write.GetCaps((TDes8 &)ptr); dira+=4; asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); asm volatile ("MOV r9, %0" : : "r"(swapi(0x04B08BE2)) : "r9" ); // 0x add r11, r11, #0x4 dev_write.GetCaps((TDes8 &)ptr); dira+=4; asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); asm volatile ("MOV r9, %0" : : "r"(swapi(0x00B084E5)) : "r9" ); // 0x str R11, [R4] dev_write.GetCaps((TDes8 &)ptr); dira+=4; asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); asm volatile ("MOV r9, %0" : : "r"(swapi(0x04B08BE0)) : "r9" ); // 0x add r11, r11, r4 dev_write.GetCaps((TDes8 &)ptr); dira+=4; asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); asm volatile ("MOV r9, %0" : : "r"(swapi(0x40408BE2)) : "r9" ); // 0x add r4, r11, #0x40 dev_write.GetCaps((TDes8 &)ptr); dira+=4; asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); asm volatile ("MOV r9, %0" : : "r"(swapi(0x000084E5)) : "r9" ); // 0x str R0, [R4] dev_write.GetCaps((TDes8 &)ptr); dira+=4; // asm volatile ("MOV r9, %0" : : "r"(swapi(0x00B09BE5)) : "r9" ); // 0x00B09BE5 ldr r11, [r11]->42 // 4100.0108 swap() // [SP] : 81501AA0, 80005164, 501656D8(TUnicode::GetLowerCase), 0, 5001a360(LowerCase) , 42 , 5000b0f4(ArmSWI_mid), 50019ADC? // always needed asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); asm volatile ("MOV r9, %0" : : "r"(swapi(0x04D08DE2)) : "r9" ); // ADD SP, SP, #4 dev_write.GetCaps((TDes8 &)ptr); dira+=4; asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); asm volatile ("MOV r9, %0" : : "r"(swapi(0x0080BDE8)) : "r9" ); // LDMFD SP!, {PC} dev_write.GetCaps((TDes8 &)ptr); dira+=4; dira=0x41000100; } if(tipo==1) // mem read for(int k=0;k<1024;k++) for(int j=0;j<1024;j++) { asm volatile ("MOV r7, %0" : : "r"(dira) : "r7" ); dev_read.GetCaps((TDes8 &)ptr); // call the patch, which reads at [R7] for(int i=0;i<16;i+=2) { textbuf.Format(_L("x%i=%x %x %x %x "),i, ptr[i]%256, ptr[i]/256, ptr[i+1]%256, ptr[i+1]/256); if(j==0 && k==0) iAppView->PrintLine2L(textbuf); } for(int i=0;i<16;i+=2) { TInt8 n8=0; n8=ptr[i]%256; outputFileStream << n8 ; n8=ptr[i]/256; outputFileStream << n8 ; n8=ptr[i+1]%256; outputFileStream << n8 ; n8=ptr[i+1]/256; outputFileStream << n8 ; } dira+=32; tam-=32; if(tam<=32) { k=10000;j=k; // exit the loop } } if(debug>=2) iAppView->PrintLineL(_L("Dumped")); } // end if(tipo==1, 6, 10) #define TAMPILA 16 if(tipo==8) // Mem::Write . Deprecated. Use 6 or 10 instead { TInt32 ret=0x666; TInt32 pila[TAMPILA*2+1]; TInt32 R12; for(int i=0;iPrintLine2L(textbuf); for(int i=0;i0x50000000 && pila[i]<0x60000000) iAppView->PrintLine2L(textbuf); } tam=4; tipo=687; // para que vuelque } if(tipo==9) // Mem::Exec { TInt32 R11; dira=0x41000100; asm volatile ("MOV r11, %0" : : "r"(dira) : "r11" ); asm volatile ("MOV r8, %0" : : "r"(tam) : "r8" ); // doesn't matter asm volatile ("MOV r9, #0x69" : : : "r9" ); User::LowerCase(0x42); // will call 0x41000100->0x41000104, which sets R11 // asm volatile ("MOV r9, #0x0" : : : "r9" ); asm volatile ("MOV r7, r11" : : : "r7" ); asm volatile ("STR r7, %0" : "=m"(R11) ); textbuf.Format(_L("R11=%x"), R11); iAppView->PrintLine2L(textbuf); asm volatile ("MOV r7, PC" : : : "r7" ); asm volatile ("STR r7, %0" : "=m"(R11) ); textbuf.Format(_L("PC=%x"), R11); // FFC01920 iAppView->PrintLine2L(textbuf); tam=4; tipo=687; // para que vuelque } if(tipo==2 || tipo==3 ) // Mem::Copy or Search { TInt8 n1=0x88; TInt8 busc[6], founds=0; n1=0x66; TAny* memo2; TAny* memo3; busc[0]=0; busc[1]=0; busc[2]=0; busc[3]=0; busc[4]=0; if(tipo==3) { busc[0]=1; c=(dataToDump[0+0]); if(c>'9') {c-='a';c+=10;} else c-='0'; busc[1]+=(c*16); c=(dataToDump[0+1]); if(c>'9') {c-='a';c+=10;} else c-='0'; busc[1]+=(c*1); c=(dataToDump[0+2]); if(c>'9') {c-='a';c+=10;} else c-='0'; busc[2]+=(c*16); c=(dataToDump[0+3]); if(c>'9') {c-='a';c+=10;} else c-='0'; busc[2]+=(c*1); c=(dataToDump[0+4]); if(c>'9') {c-='a';c+=10;} else c-='0'; busc[3]+=(c*16); c=(dataToDump[0+5]); if(c>'9') {c-='a';c+=10;} else c-='0'; busc[3]+=(c*1); c=(dataToDump[0+6]); if(c>'9') {c-='a';c+=10;} else c-='0'; busc[4]+=(c*16); c=(dataToDump[0+7]); if(c>'9') {c-='a';c+=10;} else c-='0'; busc[4]+=(c*1); } memo2=dira; founds=0; if(tipo==3) { for(int i=0;i<1024;i++) for(int j=0;j<10 && founds<4;j++) { Mem::Copy(&n1, memo2, sizeof(TInt8)); memo3=memo2; founds=0; for(int k=1;k<5;k++) { memo3=memo3+sizeof(TInt8); Mem::Copy(&n1, memo3, sizeof(TInt8)); if(n1==busc[k]) founds++; } if(founds<4) memo2=memo2+sizeof(TInt8); } } if(founds>=4) memo2=memo2-16*sizeof(TInt8); if(tam==0) tam=2*1024; for(int k=0;k<1;k++) for(int i=0;i<1024;i++) for(int j=0;j<10;j++) { Mem::Copy(&n1, memo2, sizeof(TInt8)); outputFileStream << n1; memo2=memo2+sizeof(TInt8); dira+=32; tam-=32; if(j<4 && k==0 && i==0) { textbuf.Format(_L("%x"),n1); iAppView->PrintLine2L(textbuf); } if(tam<=32) { k=10000;j=k;i=k; // exit the loop } } } // end if(tipo==2,3) /**************************************************************/ if(tipo==4) // chunks { RChunk chunkf; TInt tam=1024; TBuf<256> aBuf; _LIT(ChunkName,"aaa"); chunkf.CreateGlobal(ChunkName, tam, tam, EOwnerProcess); // this is to test that I can really create chunks TBuf<256> textbuf; textbuf.Format(_L("ss=%x %i %i"), chunkf.Size(), chunkf.IsReadable(), chunkf.IsWritable() ); iAppView->PrintLine2L(textbuf); textbuf.Format(_L("tt=%x %x"), chunkf.MaxSize(), chunkf.Base() ); iAppView->PrintLine2L(textbuf); TFindChunk fc; TFullName aResult; // I am unable to get the number of chunks. But there are usually 7 for(int i=0;i<700;i++) { if(KErrNone == fc.Next(aResult)) { textbuf.Format(_L("-Chunk:%x %x %x"), i, aResult.Size(), aResult.Length() ); // iAppView->PrintLine2L(aResult); // Length .Size aBuf = aResult; iAppView->PrintLine2L(textbuf); iAppView->PrintLine2L(aBuf); if(1==0) // if(KErrNone == chunkf.Open(fc, EOwnerProcess)) { iAppView->PrintLineL(_L("--Chunk--")); iAppView->PrintLine2L(aResult); if(aResult.Length()>16) iAppView->PrintLine2L(aResult.Mid(15)); // SvData 9000 0 0 10.0000 8000.0000 Kernel data address // SvStack 84000/13f000 0 0 100.0000 8040.0000 Kernel stack address // TheRamDriveChunk 22000/3a000 0 0 2000.0000 6000.0000 can not read ! // $DAT 1000 0 0 10.0000 8010.0000 efile.exe DataBssLinearBase // FileServer::$STK 63000/68000 0 0 20.0000 8150.0000 // LoaderThread::$STK 10000/1d000 0 0 50.0000 8170.0000 // 100039e2:$DAT 1000 4 0 10.0000 ffe0.0000 TBuf<256> textbuf; textbuf.Format(_L("s=%x %i %i"), chunkf.Size(), chunkf.IsReadable(), chunkf.IsWritable() ); iAppView->PrintLine2L(textbuf); textbuf.Format(_L("t=%x %x"), chunkf.MaxSize(), chunkf.Base() ); iAppView->PrintLine2L(textbuf); /* HBufC* data=HBufC::New(40); TInt ppos=0; chunkf.Read(ppos,(TDes8 &)(data->Des())); textbuf.Format(_L("t=%i %x"), data[0], data[0] ); iAppView->PrintLine2L(textbuf); */ } else i=i; // break the loop } else i=1000; // break the loop } /* TInt32 ret; asm volatile ("NOP"); // asm volatile ("MOV R4, R4"); asm volatile ("MOV r6, sp" : : : "r6" ); asm volatile ("STR r6, %0" : "=m"(ret) ); asm volatile ("NOP"); */ } // end if(tipo==4) /***** search TFindLogicalChannel ******/ if(tipo==7) // LogChannel { TVersion vers; vers=TVersion(1,0,0); TFindLogicalChannel fcc; HBufC* dataf=HBufC::New(40); // TPtr ptrf=dataf->Des(); // fcc.Find(); // 80410de0 8041137c 8040c508 8041b0e4 804181e0 TFullName aRes; for(int i=0;i<5;i++) { fcc.Next(aRes); if(debug>=1) iAppView->PrintLineL(_L("LogChannel:")); iAppView->PrintLine2L(aRes); iAppView->PrintLine2L(aRes.Mid(15)); // RBusLogicalChannel cha; // cha.Open(aRes, EOwnerProcess); } } // end if(tipo==7) // Clean up CleanupStack::PopAndDestroy(); // close outputFileStream CleanupStack::PopAndDestroy(); // close file CleanupStack::PopAndDestroy(); // close fileSession iAppView->PrintLineL(_L("e:\\zz\\mem.bin")); }