Here is some of what Helmi has shared with me.
here some point...
to make ur device running Crossbow u need the xip part from other crossbow device...
tools needed:
ActivePerl (its standar tools for rom making/moding/studying)
http://downloads.activestate.com/Act...x86-274739.msi
next install necesarry repository:
1. goto command prompt then type ppm
2. from ppm> type or paste this repository add itsme
http://www.xs4all.nl/~itsme/projects/perl/ppm
3. after that, still in ppm> prompt type or paste install XdaDevelopers-NbfUtils
4. after that, still in ppm> prompt type or paste install XdaDevelopers-CompressUtils
5. finish by typing exit. now u're ready to mesh with rom.
Itsme perl script:
http://nah6.com/~itsme/cvs-xdadevtools/romtools/
http://nah6.com/~itsme/cvs-xdadevtools/dumprom/
http://nah6.com/~itsme/cvs-xdadevtools/
Xip part from other crossbow device
dumpromx.exe
RomMaster.exe/dump.exe
some start point:
Code:
RomMaster.exe -w 5 nk.nba -x -b 0x0000310000 -o xip2.bin
to extract Apache XIP2 part to xip2.bin
Code:
dumpromx.exe xip2.bin -5 -d OUT -f coredll.dll
to extract coredll.dll from the xip2.bin to OUT dir (u should create out dir manualy) that command will create coredll.dll.0,coredll.dll.1,coredll.dll.2,coredll. dll.3,coredll.dll.4,coredll.dll.eo etc..
and here the code to replace the coredll.dll in xip with other coredll.dll
Code:
dumpromx.exe xip2.bin -5 -f coredll.dll -a coredll.dll
after that the problem is how recalculate the address of the module, and how to put back if we able to recalculate the address, and relocation its free/emptied space/occupied space after we replace it xip module, and last but not least, to write back to nk.nba xip part at address
Code:
offset: 0000310000 - 0000640000 l=0000330000
(064:00:01) - (2ff:7f:01) 00003200 00014e00 25