- 积分
- 813
- 实力分
- 点
- 金钱数
- 两
- 技术分
- 分
- 贡献分
- 分
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有帐号?注册会员
x
;2128v21 - N - 04.02.24 - coollang - AT+CGSN调试
;*** AT+CGSN ***
;适用版本:2128V21
;移植:coollang[SPGC]
;版本:V1(未经测试,请SOLO测一下)
;日期:2004-02-24
;说明:用AT+CGSN进行调试,具体使用可参照AT+CGSN debug工具。
0x3EE20C: 3677BD00 9604F800
0x780400: FFFFFFFFFFFFFFFF E004BB029DFECB00
0x780408: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF DC49992827F230008D0C47F20A008D06
0x780418: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 67F2DF00292747F20F00ED035C447182
0x780428: FFFFFFFFFFFF CB001F88CB00
0x78042E: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 885088E088F088C0E00C88C088D0F182
0x78043E: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 7C44F19266F40F0F47F90A008D010997
0x78044E: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 47F80A008D01098706F430308840F0C0
0x78045E: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 66FCFF3FF2FD02FEDABF800D080698C0
0x78046E: FFFFFFFFFFFFFFFF 98F098E09850CB00
0x780476: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF F01E7C81E00DBBD8F01EE6FD2000BBD4
0x780486: FFFF CB00
0x780488: FFFFFFFF 998C7C44
0x78048C: FFFFFFFFFFFFFFFFFFFF E004BBBC8D01BBBACB00
0x780496: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF DABE60BCF084F095DC49993827F32A00
0x7804A6: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 9D02FABD3677BBA9F0F4BBA7F0E44930
0x7804B6: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 2D1729342D2127F312002D18E6FD0D0A
0x7804C6: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF BBB3E17BE1FAE6FD2000DC4F992EBBAC
0x7804D6: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF E6FD0D0A29A12DF99DF629B19DF30D25
0x7804E6: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF BBD28D23DC4FB98E08E10DFADAF83405
0x7804F6: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF BBBFF0EFBBBD0D1926F04000F020BBC3
0x780506: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 8D03B98208210DFB2020A758A7A708E1
0x780516: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 2D0AF010F0DEF0C2DC4F998D498D3DF5
0x780526: FFFFFFFFFFFFFFFFFFFFFFFFFFFF 28C13DFABBA506F04000FABED8B4
0x780534: FFFFFFFFFFFF ECFFECFEDB00
源文件(取自AT+CGSN debug工具,只修改了相应的地址):
$Segmented
$Mod167
SendStrZR13R12 EQU 0xBF0D80 ;将R13:R12指向的字串存储用于发送
AfterATCommand EQU 0xBEB4D8 ;发送先前存储的字串
OriginalATHandle EQU 0xBD7736 ;原始的AT+CGSN响应函数,返回IMEI
GetAtCMDLine EQU 0xBEBC60 ;取得AT命令(字串,存于R5:R4)
Table_Address EQU 0xBEE20C ;(3EE20C)AT命令响应函数表中AT+CGSN对应的地址
Patch_Address EQU 0xF80400 ;(780400)Free Space in FullFlash
Table Section Data Byte At Table_Address ; First we Change AT Handlers table entry
funcoff dw sof(NewATHandle2)
funcseg dw seg(NewATHandle2)
Table EndS
Patch Section Code Word At Patch_address ; And this is Patch itself
; --------------- S U B R O U T I N E ---------------------------------------
GetNextNumber proc near ;Gets next argument of AT command and returns it in R4
mov r4, #0
cmdloop:
callr GetNextDigitR4
jmpr cc_NC, cmdloop
ret
GetNextNumber endp
; --------------- S U B R O U T I N E ---------------------------------------
GetNextDigitR4 proc near ;Gets HEX digit from args and adds it to R4
extp R9, #1
movb rl1, [r8+]
subb rl1, #30h ; '0'
jmpr cc_C, locNotDigit
cmpb rl1, #10
jmpr cc_C, locDigit
andb rl1, #0DFh
subb rl1, #7
cmpb rl1, #0Fh
jmpr cc_UGT, locNotDigit
locDigit:
shl r4, #4
orb rl4, rl1
ret
locNotDigit:
bset C
ret
GetNextDigitR4 endp
; --------------- S U B R O U T I N E ---------------------------------------
DumpByteRL1ThenR13 proc near ; Adds HEX value of RL1 and char RL13 to AT responce
mov [-r0], r5
mov [-r0], r14
mov [-r0], r15
mov [-r0], r12
mov r12,#0 ; added:
mov [-r0], r12 ; added: Pushing Zero to stack
mov [-r0], r13 ; Pushing delimiter to stack
movb rl4, rl1 ; RL1- current byte
shr r4, #4
movb rh4, rl1
and r4, #0F0Fh
cmpb rh4, #0Ah
jmpr cc_C, locDigit2
addb rh4, #7
locDigit2:
cmpb rl4, #0Ah
jmpr cc_C, loc_C7D79C
addb rl4, #7
loc_C7D79C:
add r4, #3030h
mov [-r0], r4
mov r12, r0
and r12, #3FFFh
mov r13, DPP1
calls seg(SendStrZR13R12),sof(SendStrZR13R12)
add r0, #6
mov r12,[r0+]
mov r15, [r0+]
mov r14, [r0+]
mov r5, [r0+]
ret
DumpByteRL1ThenR13 endp
; --------------- S U B R O U T I N E ---------------------------------------
DumpWordR14 proc near ; Adds HEX value of R14 and then ' ' to AT responce
mov r1, r14
shr r1, #8
mov r13, #0
callr DumpByteRL1ThenR13
mov r1, r14
mov r13, #20h ; ' '
callr DumpByteRL1ThenR13
ret
DumpWordR14 endp
; ---------------------------------------------------------------------------
notaproc proc near ; Just garbage, I think... But so it was in SLIK Patch.
movb rl4, [r12+]
shr r4, #4
notaproc endp
; --------------- S U B R O U T I N E ---------------------------------------
GetHexByteR4 proc near ;Gets 2 HEX digits from args and returns it in R4
mov r4, #0
callr GetNextDigitR4
jmpr cc_C, locret
callr GetNextDigitR4
locret:
ret
GetHexByteR4 endp
; --------------- S U B R O U T I N E ---------------------------------------
NewATHandle2 proc far ; PATCH ENTRY ADDRESS
calls seg(GetAtCMDLine),sof(GetAtCMDLine)
mov R8, R4
mov R9, R5
extp R9, #1
movb rh1, [r8+]
; movb rh1, [r12+] ; RH1 = Command Letter;
subb rh1, #42
jmpr cc_NC, HandleNew
jmps seg(OriginalATHandle), sof(OriginalATHandle)
; ---------------------------------------------------------------------------
HandleNew:
callr GetNextNumber ; r15 = First Arg
mov r15, r4
callr GetNextNumber ; r14 = Second Arg
mov r14, r4
cmpb rh1, #0 ;2A "*"
jmpr cc_Z, HandleAsterisk ; write data
subb rh1, #4 ;2A+4 "."
jmpr cc_Z, HandleDot ; Search data page,offset,hexdata
subb rh1, #18 ;2A+18 =40 "@"
jmpr cc_Z, HandleAtSign ; Run Proc
mov r13, #0A0Dh ; changed CR->CR/LF: mov r13, #0Dh
; Here it should be ":" - dumping Memory
callr DumpByteRL1ThenR13 ; Dump something. What is it???
movb rh5, #07h ; We will Dump 8 lines ...
loc_C7D800:
movb rl5, #0Fh ; ... of 16 bytes each
loc_C7D802:
mov r13, #20h ; ' ' ; bytes delimiter
aLoopRL5:
extp r15, #1
movb rl1, [r14+]
callr DumpByteRL1ThenR13
mov r13, #0A0Dh ; changed CR->CR/LF: mov r13, #0Dh
subb rl5, #1
jmpr cc_Z, aLoopRL5
jmpr cc_NC, loc_C7D802
subb rh5, #1
jmpr cc_NC, loc_C7D800
jmpr EndOfThirdArg ;changed: jmpr cc_UC, EndOfThirdArg
; ---------------------------------------------------------------------------
HandleAsterisk: ; Write Bytes
call GetHexByteR4 ; Get Byte to write
jmpr cc_C, EndOfThirdArg
extp r15, #1
movb [r14], rl4 ; Write byte
add r14, #1
jmpr cc_UC, HandleAsterisk
; ---------------------------------------------------------------------------
HandleAtSign: ; Run procedure
calls seg(IndirectCallR14R15),sof(IndirectCallR14R15)
callr DumpWordR14
mov r14, r15
callr DumpWordR14
jmpr cc_UC, EndOfThirdArg
; ---------------------------------------------------------------------------
HandleDot: ; search hex data
sub r0, #40h ; search max 40h bytes
mov r2, r0 ; search data placed on stack
aLoopR2:
callr GetHexByteR4
jmpr cc_C, aanoMoreData
movb [r2], rl4
add r2, #1 ;Pushing search string to stack
jmpr cc_UC, aLoopR2
; ---------------------------------------------------------------------------
aanoMoreData:
sub r2, r0 ; R2 = length of data
aDataNotFound:
srvwdt
add r14, #1
jmpr cc_Z, FreeStackNExit ; What? if we are in the next segment???
mov r1, r0 ; r1 - data to search
mov r13, r14 ; r13 - offset
mov r12, r2 ; r12 - length
aLoopR12: ; CODE XREF: NewATHandle2+8C�j
extp r15, #1
movb rl4, [r13+]
cmpb rl4, [r1+]
jmpr cc_NZ, aDataNotFound
sub r12, #1
jmpr cc_NZ, aLoopR12
call DumpWordR14
FreeStackNExit:
add r0, #40h
EndOfThirdArg:
jmps seg(AfterATCommand), sof(AfterATCommand)
NewATHandle2 endp
; --------------- S U B R O U T I N E ---------------------------------------
IndirectCallR14R15 proc far
push r15
push r14
rets
IndirectCallR14R15 endp
Patch EndS
END
;============================================================
[此贴子已经被作者于2004-2-25 8:53:04编辑过]
|
|
IP卡
狗仔卡
发表于 2005-8-10 00:00:00
提升卡
沉默卡
喧嚣卡
变色卡
显身卡
发表于 2005-8-10 00:02:00
发表于 2005-8-10 00:03:00
楼主