I tried to dump a certain rom image (nk.nb0) to files for reusing. However, almost all the exe and dll seem to be malfunctioning saying "this is not a valid ce app".
Only a clue I can get is the error messeage called
ERROR: could not find pointer for ofs 00000000
The rom image is probably made by CE4.1 but when I put -4 option the more error messages are coming up. so I can't help but omit -4.
:shock:
[Full messages..]
img 00000000 : hdr=8599c46c base=84000000 commandlineoffset=84000000
ERROR: could not find pointer for ofs 00000000
84000000 - 84000000 L00000000 rom_00 start
84000000 - 84000004 L00000004 romsection id=ea000ea7
84000004 - 84000040 L0000003c NUL
84000040 - 84000048 L00000008 'ECEC' -> 8599c46c
84000048 - 84001000 L00000fb8 NUL
84001000 - 8403e0c8 L0003d0c8 o32 region_0 rva=00001000 vsize=0003d0c8 real=84001000 psize=0003d200 f=60000020 for nk.exe
....
..
.
Hi,
you CANNOT use dumped .dll or .exe files since relocation information was stripped out at ROM generation process. And since the executable code is loaded by loader into RAM (different position than in ROM) you will never be able to use it.
All you can do with dumped .exe .dll is some disassembly.
John
JohnSmith said:
Hi,
you CANNOT use dumped .dll or .exe files since relocation information was stripped out at ROM generation process. And since the executable code is loaded by loader into RAM (different position than in ROM) you will never be able to use it.
All you can do with dumped .exe .dll is some disassembly.
John
Click to expand...
Click to collapse
ummm... I have used .exe's and .dll's from one device's ROM and used them successfully on another after extracting with dumprom.
I would think the issue has to do with the compression. If you have a WinCE 4.1 ROM and use -3, the files will be corrupt. Try loading the .wav's, .bmp's and .htm's in your Windows/Linux applications and see if they run. If not, then you need to use -4 (which means you may need to hack at the offsets).
LD
Hi everybody,
I want to downgrade my bootloader from 6.22 to 5.15. But I always failed to do so....The toold is downloaded from http://xda-developers.com/XDAtools/. I am sure I did everything as the instructions.
C:\Program Files\XDAtools\binaries>pnewbootloader bootloader_v5_15.nb0
'C:\Program' is not recognized as an internal or external command,
operable program or batch file.
ERROR: ITReadProcessMemory - Unspecified error
Unable to find flash info offset, cannot disable bootloader writeprotect
in this case, pls help me. great thanks
Li
Did u try copying a cooked ROM directly to your device using XDAtools ? ... if works, it will update your boot loader to 5.15
Thanks a lot. But anyway, could you please give me more details advise how to use XDAtools in this issue? Actually, I still don't know how to do it at moment. I only know how to use SD card to upgarde.
Li
connect the xda to the cradle and make a sync ... run XDAtools and select the source to be the cooked ROM as .nbf or .nb1 file and the destination to be the Device ROM. Make sure the power is connected and press COPY.
Note: you can also right-click on the .nbf file and in the context menu you will see "Burn" option. It's the same as above.
Good luck
Great thanks fro your information. I will try it right now.
Does it support on different brand ROM, I means if it is possible to burn TMobile ROM into my XDA via this way?
dingl said:
Hi everybody,
....
C:\Program Files\XDAtools\binaries>pnewbootloader bootloader_v5_15.nb0
'C:\Program' is not recognized as an internal or external command,
operable program or batch file.
Li
Click to expand...
Click to collapse
The problem you have here is that Windows is not happy about the program being run from a directory with a space in it. Hence OS trying to load C:\Program instead of following the full file path to the pnewbootloader program. I would suggest creating another directory on your machine with no spaces in the directory and running it from there.
Good Luck,
Rob.
Please guide me to upgrade my Siemens SX-56 from Pocket PC 2002 Versions ROM Version 3.01.12039
Is it ok to upgrade it to Windows Mobile 2003 Second Edition?
I've read about boot loaders, do I need to do this first?
On an earlier thread someone mentioned using 4.01.12 ROM This appears to be for O2 Euro. Should I use something different in the US? My provider is AT&T
Thanks,
Solomon
Personally i would upgrade to WM2003 and ROM Version 4.01.12
It´s in my eyes more useable than the WM2003 Second Edition...
This version is also useable for the US and also AT&T. Only thing missing is the Autoconfiguration for the Network, but as much as i know none of the US ROMs contain this.
If you git an SD-card >= 64 MB and a card reader/writer i would suggest flashing via SD_Card. It´s more secure.....
Instrucions could be found here: http://wiki.xda-developers.com/index.php?pagename=Wallaby_HT_FlashSD
HTH
Stefan
Question about the backup
OK. I went and bought a SD card reader.
I went to "Flash Tools" on my phone and chose the "CE + Boot" option.
The backup was successful.
I pulled the card from the phone, leaving the "flash tools" screen running
I downloaded the "XDATools.zip" file.
I unzipped OSImageTool.exe and itsutils.dll to c:\program files\programme A\
I executed OSImageTool.exe
In the source field, I exlplored to I:\ which is the SD reader drive.
It tells me "The disk in drive I is not formated. Would you like to format it now?"
I said yes and tried the whole thing again but I still get "The disk in drive I is not formated. Would you like to format it now?"
I guess I need some help at this point.
Thanks!
You need to download the wm2003 rom, unzip it , then run the xdatools, choose the nbf file as source and the card in the reader as destination, choose this from drop down arrow/menu. Once this is done the tools will program the card so that it will work in your xda, put card in phone, ignore any prompts to format, hold power and push reset, when prompted push centre of 4 way toggle switch on phone, once it is finished push once in the hole beneath the headphone socket, wait 60 seconds, push once again, phone will boot with new rom.
Backing up the ROM for the ROMKitchen
Thanks for the reply. I'm trying to back up my current ROM to send to the ROMKitchen. I seem to have an oddball ROM that Stephan wanted me to backup and send to him. I think the instructions you gave would delete my old ROM. Right?
Yes. This would delete the backup.
Sorry, was my fault in the description.
You have to open a command line in the directory where osimagetool is located.
then you have to execute following command:
Code:
osimagetool -r localsdcard -w rombackup.nbf
This will read from your sdcard to the file rombackup.nbf
Zip this file and upload it please....
That should be all for backing up the file.-....
Stefan
That didn't work
I entered the command:
osimagetool -r localsdcard -w rombackup.nbf
The Source came up as:
I: 235.33M STORAGE DEVICE
The Destination came up as:
rombackup.nbf
I pressed Copy
I got an error screen saying:
error opening for reading: The system cannot find the path specified.
error opening source bootloader from
error opening target device
OK (button)
What next?
Hi all,
let me start telling that reading through this frum gives me the feeling that this is a very nice place for information around htc-devices and I thank both creators and users of this site for such a good information-base.
Reading here convinces me that I am able to fulfill my wish to change the language of my VPA-IV (HTC Universal).
I am a Dutch person working in Russia. As I was living in Germany I optained the device there, hence the German language.
For me personally all computer stuff should be English, so I'd also like this device to be so. The fact that the keyboard is German does not disturb me too much.
As a Vodafone user, who has other provider cards as well, I immediately bought the unlock code, so the device is working with other GSM cards as well.
When I asked Vodafone (before I bought the device) if I could switch to English I was told that I should buy myself another Windows Software and they were not able to provide me with it. They were not able to provide any help, nor software for this purpose though.
When reading around the site here (as well as the ftp) I understood that Windows is not provided now. So my first question would be :
-Am I really set to go if I have downloaded the following files :
Jasjar_WWW_11353_137_10301.zip
MaUpgradeUt_noID.zip
Universal_Radinly_UPgrade_1.04.02.zip
Or do I need something more ?
Further I read about extracting the .exe file (f.e. Jasjar_WWW_11353_137_10301.exe) and put some files from there at certain places. I have WinRar but this program does not recognize the .exe file. Can I really extract files from this .exe ? How do I do this.
A lot of talking is here about a bootloader. If the device is in this stage, can I still access it ? (f.e. like seeing a harddrive in my PC's Windows Explorer or something the like)
As I will be stressed like hell (who does not, when he does this first time) when I see the bootloader screen, is there something I SHOULD or should NOT do to make sure all will be OK ?
Last but certainly not least I feel very eager to backup before I do this. Is there a posibility to backup my ROM in some way, save the files on some place for eventual return to the ROM and ExtRom I have now ?
I tried the Program TotalCommander. If I enter the Extended_Rom in the "directory" field of this program I see all files included in the Extended_Rom, same if I enter simply "Rom". Is a backup simply copying these files to my PC or is there more to be done ?
thanks for answering in advance,
Ruud
Hi,
I'm searching a german ROM...
if you have a little of your time to spend on it, i would be very thankful.
but first:
- about extracting the .exe files: Run WinRAR -> Menue: Open file... -> change 'All archives' to 'All files'
- about ROMs: Jasjar_WWW_11353_137_10301.zip is the only rom I would update, not the Radio.
- about bootloader: In this state you can't access your device (only updating the ROM)
- about backup: It is not easy. (How to d2s (dump) the ROM ) but I think Vodafone will shortly relase a update. So it will be possible to restor the device.
How to help me out:
- you will need a Storage Card.
- Download TestWM5.rar
1. Extract TestWM5.exe from TestWM5.rar and place it to you device.
2. At the device, use File Explorer to execute the TestWM5.exe
3. Click "button1" to start the dump process, the file will then be save to \Storage Card\Dump\
4. Copy the Dump folder out and then RAR or Zip it
This will include all files in your windows dictionary -> this is what i need
Where to place exactly ?
Hi bepe,
do not know if You are still available (or again). First your issue.
I logon to FTP from XDA-developers as to upload.
In the upload directory there is only a HTC-Wizard directory, not a wizard. Is this directory the one to place your file on ?
Is there a rule how to name the file ?
I will be dumping in a minute, can upload as soon as I have your answer.
Ruud
Hi bepe,
further to your issue.
1) I do understand that no private information is copied ? or should I do a hard reset before I dump for You ?
2) Whilst running your testwm5.exe from the root-directory of the storage-card I am being asked to agree your program access. This is normal, I allow. But why are there additional programs being opened I never heard about ? I denied them access and let the program run further !
After a lot of files running through the screen (very fast) it looks like the program stopped or finished. Now which file has been created for You ?
Explorer on the Universal does not show it, through my PC I looked as well, but do not see any big file, please explain.
Ruud
Hi Bepe,
one more reply to You :
Even if I allow the file mentioned to run (during the time your program is running), I am being asked again and again if I allow it again. The name is GAC_System.Data_v1_0_5000_0_cneutral_1.dll
Even if allow access all of the occasions I being asked, no file is being created on my storage-card, nothing to dump to You. Not even the dump directory is made.
What do I do wrong here ?
To my issue :
First I noticed that the radio update is available here only as 1.04.02
My system tells me I have 1.04.10 delivered from origin. If I do a ROM-upgrade, do I loose my "radio", or will it not be touched ?
Connected to this, can I dump my "radio"-files seperately ?
WinRAR. Issue solved !
Backup : I was at the buzzdev.net link before. But I actually do not even understand where I can get or see the task32 language he dumped on his screen. And I understand that I will not be able to restore it without help anyway. So this is not really the kind of backup I want.
The information about Vodafone, where does it come from ? when is something expected ?
Ruud
For security sake only.
I am getting nearer to make that final step ;-)
My Winrar was too old, I could unzip the .zip file to a .exex, but I could not unzip the .exe file further. Just downloaded the latest Winrar, now I can see all files included in the provided .exe file.
1) I understood that I should delete the original upgrade-file called ROMUpgradeUt.exe.
2) When I start the MaUpgradeUt_noID.exe in a seperate directory with the rest of the files from the .exe I get to see a different HTC device. When I continue, it will not recognize any of the versions from my Universal. I felt unconfortable to continue.
Can it be done without a problem ??
2a) I renamed the ms_.nbf AND radio_.nbf and restart the Utility, it still shows a photo of the wrong device, but it now does recognize the versions of Device CD image version : 1.13.56 Device Extended image version : 1.13.163 and Device Radio image version : 1.04.10
It confirms to change to CD image version 1.13.53 and leaves the extended image version : "empty" as well as the Radio image version : "empty"
Does this mean that by taking away the ms_.nbf and radio_.nbf files I can stop the device from upgrading the extended rom and the radio ?
Why I ask ? Because if I renamed ms_.nbf back and ONLY radio_.nbf is unavailable now, it shows to change the Extended Rom too, but the Radio image is still empty.
Finally if I rename ALL back, it shows to change all, but all version numbers are older once ;-(
Main question here is, can I leave radio_.nbf away, upgrade and hope for radio to be my version 1.04.10 ?
Ruud
Hi,
I'm back.
I'll PM you Upload information...
private information are not copied.
Only if you have saved private information in your /windows/ folder!
i have never being asked to agree for program access :?
...but I started it of the root-directory of my device.
what is the name of your 'Storage Card' folder?
I not realy have the info from Vodafone, but for all devices before there have been more than one update. But I can't tell when the first update is expected.
If you are trying to make a backup: you will need a terminal program
About dumping
So I have a complete "new" device now.
Did a hard-reset, after which I did not give any new information to the device.
I placed the .exe file You gave me in the \windows\startmenue before, after which it is asking tonloads of access requests.
Now I replaced it in the root-directorym Yes, no additional questions asked anymore, perfect, well NO. As there is no directory made on the storage card. I tried it once with the async active and once with the device seperate. No result.
Any ideas ?
what is the name of your 'Storage Card' folder in your root?
As the device is German, it is called "Speicherkarte"
and renaming is not possible (allowed)
OK this is the problem, I'm trying to get the Source code to change that.
found something: this tool will change the folder name from different languages to "Storage card" which is often needed for different tools
Understood.
About my question, as I am still nervously waiting (cannot start the upgrade before You got your data, can I ;-)
Did I understand correctly, that the file MaUpgradeUt_noID.exe is made for different devices from HTC and therefore I do not get a photo of the universal when I start the software ?
If I start the JASJAR_WWE_11353_137_10301.exe I DO get to see the Universal, but of course get the country error.
Did I also correctly understood I can take away the radio_.nbf from the directory and the update will handle both ROM and ExtROM but leave the Radio untouched ?
Will I be entering this "bootloader" status at all, as I do not need any further updates then ? Are there any resets after the upgrade which I SHOULD or SHOULD NOT make to get the device working again ?
Ruud
Hi bebe,
storage.cab works (be it only after a soft-reset)
The program testwm5.exe is much slower now, so the result is taking minutes now (if not tens of).
Looks like the perfect speed of the program while the storage card (at least for his eyes) was absent, was due to "saving into space"
Will upload asap.
Ruud
I'm loading JASJAR_WWE_11353_137_10301.exe its at 60%
MaUpgradeUt_noID.exe is a hacked version, of another device.
So the photo should not be important. (Please wait until i have downladed the file, I'm not realy sure jet...)
OK, I have to wait anyway, because TestWM5 is very slow now, I can see file after file and calmly read it. Before it was running before my eyes. I am afraid this is going to take ages.
We are on the same frequency that the dump I am making is from a device WITH Extended Rom installed. I was NOT soft-resetting during installation, so all Vodafone add-ons, are to be there now.
If You need the one without ExtRom as well, please tell me.
The upload works OK, I prepared a directory there, but uploading is to be done after longer waiting time.
Are You afraid the JASJAR file is not good ? I downloaded it because this one was proposed on this forum.
Ruud
Its not about the ROM its about the MaUpgradeUt_noID.exe I'm not sure if ths is the exe file to update a Universal.
I dont have a Universal only a Himalaya and my up UpgradeUt starts with HimUpgradeUt... .
Was this file mentioned in the readme of the JASJAR exe?
my download is very slow... 70%
I only downloaded MaUpgradeUt_noID.exe because it was proposed here (for the Universal).
I have no Readme.txt inside the exe
EnterBL.exe
GetDeviceData.exe
ms_.nbf
nk.nbf
radio_.nbf
RUU.conf
RUU.dll
UI.dll
Well and of course the original upgrade file ROMUpgadeUt.exe, but I was suppose to delete it.
Only file which I can read is RUU.conf :
[PLATFORM]=857873
[RADIO_TYPE]=2
[SECURITY_FLAG]=1
[DECODER_KEY]=1
[RADIO_FLAG]=2
[GETADDR_TYPE]=1
[JUMPCODE_TYPE]=1
[FORMAT_TYPE]=2
[SCREEN_TYPE]=2
OK, TestWM5 is finally ready, will do compressing and uploading soon.
Ruud
i wrote a new tool that you can use to read the rom image, it can be found at:
http://nah6.com/~itsme/bkondisk.zip
Code:
usage:
first copy bkondisk.exe to \windows on your device, then:
prun bkondisk [targetdir]
will save all partitions on all volumes in files on [targetdir]
prun bkondisk -v0 -p1 [targetdir]
will save a specific partition on [targetdir]
prun bkondisk -v0 -b0 -n1 \firstblock.img
will save the specified blocks to \firstblock.img
prun bkondisk -i
will only list disk info in the logfile "\bkondisk.log"
-v0 or -v1 to specify the volume
-p0, -p1, etc to specify a partition
-b0 etc to specify a starting block ( ignoring partioning )
-n32 specifies to read 32 blocks starting at the above block.
note: you DON'T need to put quotes around directories with spaces in it.
when no path is specified, files will be created in the root.
Thanks! I've got a couple of questions... it extracted the following files:
bk_00_0000.img
bk_02_0005.img
bk_03_0025.img
bk_06_0001.img
bk_08_0175.img
What do these files refer to (which one is the ROM, etc). Also, is there a way to write these backups back to the phone? It would be a great way to try out test roms and get back to my original T-Mobile ROM if necessary.
bk_00_0000.img - IPL : ONBL1 + ONBL2
bk_02_0005.img - GSM + splash + gsmdata + simlock + serialnrs
bk_03_0025.img - OS
bk_06_0001.img - SPL
bk_08_0175.img - userfilesystem
Is there a way to write them back to the phone? or is that not possible...
is it possible to get a .nbh files out of these files?
My idea would be to "glue" the 4 files together (bk_00 to bk_06) in one file, rename the file to RUU_signed.nbh and exchange the RUU_signed.nbh created by the RUU.exe in \Profiles\[user]\Local Settings\Temp\pftxx.tmp with this one and then run on the RUU.exe with the modified .nbh
for example in DOS:
copy /b bk_00_0000.img+bk_02_0005.img+bk_03_0025.img+bk_06_0001.img RUU_signed.nbh
Is it that simple?
EDIT:
Ok this easy way doesn't work.
RUU says "Error 238 - File read"
Maybe some kind of checksum is missing....
Three questions for itsme
1. Could these files be used to create a nbf file to flash from the sd card as a backup?
2. Would it be possible to modify sim/cid lock?
3. Are these files in raw (dump) format that could be edited in hex editor?
P.S. Thanks to your other posts (works) that helped me figure out the whole sd card flashing thing for the Dash.
Maybe this helps a little bit to get ideas.
I have been searching here for nights - this is what I found so far:
1. I think it's similar to the Hermes - nobody found a way till now - the first step is to modify a signed .nbh, deleting works but not adding a file:
Hermes - how to dump ROM
Hermes - new custom ROMs
Hermes - ROM cooking and Bootloader MFG 1.01
aChef ROM Utils
2. This is the way Imei-Check is CID-unlocking - investigated by pof:
Reverse Engineering the Herems imei-check unlocker
Maybe there is another way like Zone-MR is doing it for the Star100/Qtek 8500
Star100 Unlock procedure but here you have still to decryt/encrypt the block in my understanding and therefore you have to find out the key
3. I didn't find anything about this so far, but I think the information is anywhere at XDA-Developers
EDIT: here (nl)itsme wrote:
.... but i am still busy, have not had the time to look at creating a tool to convert a memdump to a updater file.
Click to expand...
Click to collapse
so I hope he will find the time to create this tool
P.S: @itsme and @pof: I also want to thank you very much - you are heroes!!!
mar11974 said:
1. Could these files be used to create a nbf file to flash from the sd card as a backup?
2. Would it be possible to modify sim/cid lock?
3. Are these files in raw (dump) format that could be edited in hex editor?
P.S. Thanks to your other posts (works) that helped me figure out the whole sd card flashing thing for the Dash.
Click to expand...
Click to collapse
I got different files ...
After running the tool I got :
bk_0__0000.img (IPL? Is it same as bk_00_0000.img?)
bk_02_0005.img (GSM + splash + gsmdata + simlock + serialnrs)
bk_03_0025.img (OS)
bk_06_0001.img (SPL)
bk_08_0185.img (?????)
I did not get bk_08_0175.img, though.
Hints?
On the other hand, is it possible to extract files out of IMG files?
Thanks.