📄 flasherdlg.cpp
字号:
cli
mov al, 0EFh
mov dx, 378h
out dx, al ; ;reset BTEMP
mov dw_68b7, 800000h
call WaitFor1
mov int_rutina_timeout, 05da2h
cmp bool_timeout,1
je phone_not_resp ; phone not responding
call Delayx100
mov al, 0FFh
mov dx, 378h
out dx, al ; set BTEMP
call WaitFor0
mov int_rutina_timeout, 05da3h
cmp bool_timeout,1
je phone_not_resp ; phone not responding
mov dw_68b7, 20000h
mov ecx, 14h
loc_0_5DE0:
loop loc_0_5DE0 ;un mic delay
call ResetMBUS
call Delay
call Delay
call SetMBUS
call Delay
call Delay
call ResetMBUS
call Delay
call Delay
call Delay
call Delay
mov eax, bootbin_size_5897 ; out 2 octeti
call OutByteAH ; cu lungime
mov eax, bootbin_size_5897 ; boot bin
call OutByteAL ; MSB first
call WaitFor1
mov int_rutina_timeout, 05de0h
cmp bool_timeout,1
je phone_not_resp ; phone not responding
mov ecx, bootbin_size_5897
shr ecx, 1
mov esi, [bootbin_589b] ; pointer boot.bin
mov al, b_921b
mov [esi+9], al ; modifica boot bin
mov bx, 0 ; cu tipul de flash
push esi
push ecx
sub ecx, 2
clc
loc_0_5E4D:
lodsw
xchg al, ah ;calcul CSUM boot bin
add bx, ax
loop loc_0_5E4D ; CSUM din 2 in 2 ??????
mov ax, 0
sub ax, bx
xchg al, ah
mov [esi], ax ;modifica CSUM boot bin
pop ecx
pop esi
mov bl, 0FFh
mov ecx, bootbin_size_5897
clc
loc_0_5E66:
lodsb
;xchg al, ah ; incarca boot bin
; in telefon
call OutByteAL ; (boot bin modificat)
and bl, al ; cu flash type si CSUM
call Delay
loop loc_0_5E66
mov bh, al
call WaitFor0 ; citeste stare phone
mov int_rutina_timeout, 05e66h
cmp bool_timeout,1
je phone_not_resp ; phone not responding
call OutByte0
call WaitFor1
mov int_rutina_timeout, 05e67h
cmp bool_timeout,1
je phone_not_resp ; phone not responding
sti
mov b_msg, 0
call Status ;Msg "Boot Loader is Ready"
; incepe citire de max 146 octeti din telefon
loc_0_5EBE:
cli
mov ecx, 186A0h ; 100000
loc_0_5EC4:
loop loc_0_5EC4 ; un mic delay
call OutByte0
call WaitFor0 ; citeste stare telefon
mov int_rutina_timeout, 05ec4h
cmp bool_timeout,1
je phone_not_resp ;; 61/65 bad choice !!! phone not responding
call OutByte0
call WaitFor1 ; citeste_stare_telefon
mov int_rutina_timeout, 05ec5h
cmp bool_timeout,1
je phone_not_resp ; phone not responding
mov ecx, 24h ; '$'
mov edi, offset b_6499 ; offset buffer trebuie alocat cu _new
loc_0_5EF0:
call InpByteAL ; citeste 36 octeti din telefon
stosb
loop loc_0_5EF0
mov ecx, 65h ; 'e'
loc_0_5EFD:
call InpByteAL ; citeste maxim 101 octeti din
stosb ; telefon pana primeste 0
or al, al
loopne loc_0_5EFD
mov ecx, 9
loc_0_5F0C:
call InpByteAL ; citeste 9 octeti din telefon
stosb
loop loc_0_5F0C
call WaitFor1
mov ecx, edi ; ultima poz din buffer
mov edi, offset b_6499 ; prima pozitie din buffer
sub ecx, edi ; ecx = nr octeti primiti
sub ecx, 2 ; nr octeti -2
lea esi, [edi+1] ; pozitie 0+1 din buffer
mov ah, 0
clc
loc_0_5F2A:
lodsb
add ah, al ; calcul CSUM octeti primiti
loop loc_0_5F2A
mov al, 0FFh
sub al, ah
cmp al, [esi] ; primul octet contine csum-ul
jnz TX_data_error
mov eax, offset b_6499
mov al,[eax]
cmp al, 90h ; si trebuie sa fie 90h ?
jnz TX_data_error
sub esi, 8 ; offset bytes primiti ca flash_id
mov eax, [esi] ; eax = flash id
mov dw_flashid_68bb, eax ; valoare flashid <- octeti primiti
sti
push eax ; push flash id
mov b_msg, 1
call Status ;MSG "flash id: (68bb)"
cmp dw_flashid_68bb,0
je exit_proc
loc_0_5F71:
pop eax ; pop flash id pt afisare
mov b_msg, 14 ; aflare versiune set adresa, model, param
call StatusDecodare
cmp getver,1
je exit_proc ; iesire la getver
pusha
loc_0_5F9B:
loc_0_5FDE:
popa ; pop si eax cu flash id???
cli
mov esi, offset b_6499 ; offset bytes primiti
cmp ax, 8900h ; 2 octeti din flash id ???
sti
; open f_loader.bin, read, copy in mem la 58bc,
; completare 58b8 cu size f_loader si 58bc - pointer floader
mov b_msg, 2
call Status ;Msg "Loading flash loader"
loc_0_6044:
cli
mov eax, floader_size_58b8
add eax, 2
call OutByteAH ; trimite la phone size f_loader
mov eax, floader_size_58b8
; add eax, 1 ;????
call OutByteAL
mov ecx, floader_size_58b8
shr ecx, 1 ; ecx = f_loader size /2
mov esi, floader_58bc ; esi = pointer f_loader
pusha ; push eax = f_loader_size+2???
mov ax, [esi+0Eh] ; eax = flashid,csum of floader???
xchg al, ah
movzx ebx, ax
add ebx, esi ; offset pt modificari
mov al, b_921b
mov [ebx+1], al ; modifica f_loader
mov al, b_921c
mov [ebx+4], al ; modifica f_loader
mov eax, dw_flashid_68bb ; flash ID sau alias ID??
mov [ebx+8], eax ; modifica f_loader
mov bx, 0
sub ecx, 2 ;ecx = floader size /2 -1
clc
loc_0_608B:
lodsw
xchg al, ah
add bx, ax ; calcul CSUM f_loader pt size/2-1 octeti
loop loc_0_608B ; CSUM din 2 in 2 ??????
mov ax, 0
sub ax, bx
xchg al, ah
mov [esi], ax ; modifica CSUM f_loader la EOF
popa ;pop f_loader size in eax??? sau esi??
mov bl, 0FFh
; esi trebuie sa fie offset f_loader !!!
; ecx = size / 2 ???
mov ecx, floader_size_58b8
mov esi, floader_58bc
sub ecx,1
clc
loc_0_60A3:
lodsb
mov ah, al
call OutByteAH ; incarca f_loader in telefon
and bl, al
call Delay
loop loc_0_60A3
mov dw_68b7, 20h
call WaitFor0 ; wait cu timeout 20h
cmp bool_timeout,1
jne bad_loader_CHK ;Bad loader CHK!
mov dw_68b7, 200000h
mov ax, 0
mov int_rutina_timeout, 060a3h
call OutByteAH
call WaitFor0 ; wait cu timeout 200000h
cmp bool_timeout,1
je loader_init_error ; Loader init error!
sti
mov b_msg, 3
call Status ;Msg "Flash Loader is Ready."
; incepe Read sau Write efectiv !!!
loc_0_6112:
cli
mov int_rutina_timeout, 06112h
call OutByte0
call WaitFor1
cmp bool_timeout,1
je loader_init_error ; Loader init error!
;readwritedecode:
cmp b_read_or_write, 0 ; pt read -> jump la 61f7!
jz loc_0_61F7
; Incepe partea de WRITE !!!
sti
; open fls file, alocare, incarcare la pointer 58c0
; calcul adresa end dupa adresa start si size fls file
mov b_msg, 4
call Status ;Msg "Erasing Flash..."
loc_0_6183: ; flashing ......
cli
mov edx, adr_start_590d
mov ecx, adr_end_5911 ; pt write se calc size fls+adr_start
call sub_8db8 ; erase flash
call sub_8e3e ; verific raspuns phone!!!
sti
mov b_msg, 5
call Status ;Msg "Done! (erasing)"
add mesaj_curent,1
loc_0_61B3:
cli
call sub_8f9f ; writing to flash, verify
mov b_msg, 6
call Status ;Msg "Done! (writing)"
jmp succes_exit; ; Write flash READY !!!
; incepe partea de READ !!!
loc_0_61F7:
;mov dx, 3C06h
;mov bl, 70h ; 'p'
;mov esi, 61F5h
;mov ax, 0C0Ah
; call sub_4de2 AFISARE!!!
add mesaj_curent,1
mov b_msg, 7
call Status ;Msg "Reading Phone... Addr: "
loc_0_6239:
mov edx, adr_start_590d
mov ecx, adr_end_5911
sub ecx, edx ; ecx = nr bytes de citit
mov edi, [flsfile_58c0] ; destinatie : pointer 58c0
push ecx ; salvare nr octeti
mov ebx, ecx ; ebx = nr octeti
loc_0_6250:
push edi
push edx ; salvare adr_start
pusha ; salvare
cli
mov ecx, 1000h
call sub_8d32 ; read 4k
call sub_61de ; trimite alte coduri
add dw_adresa_curenta, 1000h
mov b_msg, 7
call Status ;Msg "Reading Phone... Addr: "
popa ; restaurare ecx, ebx, edx?
pop edx
pop edi
add edi, 1000h ; mutare offset cu 1000h (4k)
add edx, 1000h ; edx = adr start noua ?
sub ebx, 1000h ; contor octeti =0 -> outproc
ja short loc_0_6250 ; bucla citire
call sub_63b0 ; end string
loc_0_630D:
; deschidere fisier flash.out, scriere date citite
pop ecx
mov b_msg, 8
call Status ;Msg "Done! (reading)"
jmp succes_exit ; READ ready !
sub_63b0:
mov al, 7
call OutByteAL
mov al, 0FFh
call OutByteAL
mov dw_68b7,200000h
mov int_rutina_timeout, 063b0h;
call WaitFor0
cmp bool_timeout,1
je cmd_error ;"CMD error"
call OutByte0
retn
sub_61de:
pusha
mov esi, offset unk_61d6
mov ecx,4
mov edx, 200034h
call sub_8ef3
popa
retn
sub_8ef3:
push esi ;offset bloc curent
inc ecx
and cl, 0FEh
push ecx ;1000h
mov ah, 0
clc
loc_0_8EFC:
lodsb
add ah, al
loop loc_0_8EFC ;calcul csum pt blocul de 1000h
mov al, 0
sub al, ah
pop ecx ;restaurare 1000h
pop esi ;restaurare offset bloc curent
push ecx ; salvare ecx
xchg dl, dh
ror edx, 10h
xchg dl, dh
xchg cl, ch ;cat trebuie sa fie ecx?
ror ecx, 10h
xchg cl, ch
mov dw_8cce, edx
mov byte ptr dw_8cce, 0Bh
mov [dw_8cce+4], ecx
mov byte ptr [dw_8cce+4], al
push esi
mov ecx, 7
call sub_8e0b
mov int_rutina_timeout, 08efch;
call WaitFor1
cmp bool_timeout,1
je cmd_error ;CMD Error!!!
mov ecx, 150 ; original : 64h
loc_0_8F49:
call Delay ; 100 x delay
loop loc_0_8F49
pop esi
pop ecx
shr ecx, 1
inc ecx
mov dw_8f9e, 0
clc
loc_0_8F5C:
push ecx
lodsw
push eax
call sub_642e
xor dw_8f9e, 1
test dw_8f9e, 1
jnz short loc_0_8F82
mov int_rutina_timeout, 8f5ch
call WaitFor1
cmp bool_timeout,1
je flash_write_error ;WRitting to flash error!!!
jmp short loc_0_8F8D
loc_0_8F82:
mov int_rutina_timeout, 8f82h
call WaitFor0
cmp bool_timeout,1
je flash_write_error ;WRitting to flash error!!!
loc_0_8F8D:
pop eax
mov al, ah
call sub_642e
pop ecx
loop loc_0_8F5C
call Delayx100
retn
sub_8db8:
xchg dl, dh
ror edx, 10h
xchg dl, dh
xchg cl, ch
ror ecx, 10h
xchg cl, ch
shr ecx, 8
mov dw_8cce, edx
mov byte ptr dw_8cce, 0
mov [dw_8cce+4], ecx
mov ecx, 6
call sub_8e0b
mov dw_68b7, 4000000h
mov int_rutina_timeout, 8db8h
call WaitFor1
cmp bool_timeout,1
je flash_erase_error ;Flashing erase error !!!
mov dw_68b7, 200000h
call Delayx100
retn
sub_8e3e:
call sub_8e48
mov int_rutina_timeout, 8e3eh
cmp ax, 91h ; '⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -