Thread: CDMA Touch Pro XIPs 20764 20771 20954 21015 21018 21028 21032 21109
View Single Post
  #68 (permalink)  
Old 01-25-2009, 12:33 AM
FormerPalmOS's Avatar
FormerPalmOS
Regular 'Geeker
Offline
Threadstarter
Location: Far far away...
  
Join Date: Nov 2008
Posts: 359
Reputation: 1355
FormerPalmOS is halfway to VIP status based on repFormerPalmOS is halfway to VIP status based on repFormerPalmOS is halfway to VIP status based on repFormerPalmOS is halfway to VIP status based on repFormerPalmOS is halfway to VIP status based on repFormerPalmOS is halfway to VIP status based on repFormerPalmOS is halfway to VIP status based on repFormerPalmOS is halfway to VIP status based on repFormerPalmOS is halfway to VIP status based on repFormerPalmOS is halfway to VIP status based on rep
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
New 21109 XIP with working encryption (default off), +1.5MB of program RAM, fast!!
Some good progress to report. Hope to have a new os.nb.payload uploaded tomorrow.

Here's what I've learned and some files for example.

First, due to the way offsets work in the ARM instruction set, and due to the way the flash operates, for most addresses there are page size boundaries that must be enforced or bad things will happen. For RAM offsets, this number appears to be 14 bits (in other words, the lower 14 bits of a RAM offset must be zero) - example, start of RAM for nk.exe, start of free RAM (ulRAMFree). This RAM can start at 0x8034C000 but not at 0x8034B000. For For partitions (in os.nb.payload), the number is 17 bits. This corresponds to a virtual track (64 virtual heads). Thus the IMGFS address in the os.nb.payload can start at 0x300000 but not at 0x2F0000.

In the XIP RAM, DLL offsets (and virtual base offsets) can start at 12-bit addresses (for example 0x01FCA000 but not at 0x1FC9F00).

All other addresses must be on a long-word boundary (e.g. last digit in an address is 0, 4, 8 or C - can't be anything else).

So, taking a look at map.txt and what I've changed. These changes are relative to the "floating around out there" 20954-based XIP that Scott (scrosler) uses in his ROMs. This XIP has mencfilt and cachefilt removed, plus a bunch of other useless stuff removed. However it wastes a lot of RAM. I've managed to add back in these modules and still recover 1.5M.

1) First DLL address changed from 0x1F801FC to 0x1FC01FC. This number MUST end with 01FC and the upper 16 bits of the address must end with 0, 4, 8 or C (thus 0x1FC01FC is OK, but 0x1FC71FC is not). The 01FC part is used for something - not sure what, but it don't work if you change this. Moving this from 0x1F801FC to 0x1FC01FC buys a bit more "breathing" room for allocating SYS modules into virtual memory, but only if you also change the ROM imageingo.txt and run G'Reloc.exe on the SYS directory. More on that later. Might result in a marginal (few tens of K bytes) increase in program RAM. Note - last DLL address must be for busenum.dll and must end at 0x02000000 (dlllast in ROMHDR.TXT - don't change).

2) First XIP DLL virtual base increased to 0x03DC000 to align with start of wce_rex.dll entry point. This number can overlap exactly with the e32_entryrva address in your SYS .VM imageinfo.txt. Last DLL must again be busenum.dll and it must end at 0x04000000. Again, this frees up some virtual memory space for SYS modules. No increase in free RAM.

3) Looking at the physical map (starting with 0x80000000) you can see there are very few empty spaces (those that exist do so because the next module must start at a page address. With the removed modules (I moved wince_nls to SYS - it is not required at early boot), the physical memory required for the XIP code and data ends at 0x802d6CFA. I set the Phylast address in the ROMHDR.TXT equal to the next page offset -1 (0x802D7FFF). There is some growing room in this XIP, but not much. This allows me to relocate the NK.EXE data segment (and the start of XIP RAM) to 0x802D8000. The end of XIP ram is 0x8034B000 but again it must end at a 14-bit offset (0x8034C000 in this case). By changing the ROMHDR.TXT ulRAMStart and ulRAMFree values, a significant chunk of program memory is recovered.

Now - you need to make similar changes to the ROM .VM file and the numbers plugged into G'Reloc.exe in order to actually use this space. So in summary, here are the changes using the numbers before and after:

What Before After
ROMHDR.TXT dllfirst 0x01F801FC 0x01FC01FC (below + 0x000001FC)
G'Reloc.exe VM Slot 0 0x01F80000 0x01FC0000
SYS .ROM imageinfo.txt e32_stackmax 0x01F80000 0x01FC0000 (same as above)
SYS .VM imageinfo.txt e32_entryrva 0x03D70000 0x03DC0000 (same as below)
G'Reloc.exe VM Slot 1 0x03D70000 0x03DC0000
ROMHDR.TXT physlast 0x803CF9BC 0x802D7FFF (below -1)
M'Reloc_nk.exe RAM o32_realaddr 0x803D0000 0x802D8000
ROMHDR.TXT ulRAMStart 0x803D0000 0x802D8000 (same as above)
NK.EXE imageinfo.txt o32[1].o32_realaddr 0x803D0000 0x802D80000 (same as above)
NK.EXE imageinfo.txt o32[2].o32_realaddr 0x803D6000 0x802DE0000 (above plus 0x00006000 )
ROMHDR.TXT ulRAMFree 0x80448000 0x8034C000

If anyone can squeeze any more space out of this, feel free, but I think this is it without removing additional modules. If I get motivated, I may do one without mencfilt and recover that memory as well.
__________________
ROM: WM6.5 nk.exe (Da_G), sys 23518 (Da_G), VZW OEM pack (scrosler)
Apps: Manila 2.1 (yozgatag), Leo dialer (pyrorob)
Reply With Quote