Windows Mobile SMART system memory ROM and Ram

Wm6 Rom OS partition principle: 128 MB Rom includes IPL, SPL, OS (35 MB), extrom (10 MB), radio, storage (65 MB) and other partitions, the OS partition is divided into xip and imgfs. . Imgfs is like a compressed ghost file, which includes all WM system files. After the CE core is started, you can access all the files required by the OS on the imgfs file system. imgfs is in xpr or LZX compression format, and the files accessed by the system will be automatically extracted to ram. Because address relocation is required for transferring common PE files to ram for execution. To improve efficiency, files in imgfs can be relocated modules. These programs do not need to be relocated any more, directly call the pagepool stored in RAM for execution

 

WM Ram is usually 64 MB, which is less displayed in the system. It is the core part of the system, such as pagepool (default cache 6 MB), radio, DMA, and screen buffer. WM does not support virtual memory pagefile.

 

Rom MB is located on the diskonchip chip. As the name suggests, it is used to simulate the storage chip into a disk and use the FAT file system, so there is a partition. Generally, the OS partition is used (that is, the partition to be flushed) and extended_rom partitions (the OEM installation package automatically installed after the factory settings are restored ). There are also IPL (BiOS), Spl (loading OS, display 2nd screen boot screen, if the brush is broken, stop this, then you can also use three colors screen or SD card to refresh the official Rom, therefore, as long as IPL and SPL are not bad, they will not be afraid, but the general flash machine does not brush these two parts), radio module. The rest is the storage area that users can use (about 40 MB, Flash ROM can be read and written like a USB flash disk, but data is not lost without power ). Rom is divided into two types: NAND and nor. Currently, the NAND is generally used to create a memory card and a USB flash disk. Code cannot be directly run and can only be run after being transferred to ram. Nor can directly run the code.

 

In summary, Ram = program memory + high-speed cache + radio + DMA + screen buffer + ..

Rom = OS partition + extended_rom partition (OEM Program Area) + IPL (BiOS) + SPL + storage memory

 

Extended memory cards, such as tcards, all belong to NAND Rom:

 

 

 

 

The size of the flash memory is MB.

 

Therefore, you can use pdocread to read the entire OS partition into an Nb image file, and then unbind the image to the dump folder, which is all Rom files. There are two types of files: common files and xip (execinplace) modules, designed to speed up operating the OS, these files can be directly executed in the ROM without being transferred to ram. But because they are all NAND Rom, The xip module still needs to be transferred to the pagepool of RAM for execution.

 

However, because the xip module has a lot of address information, the most difficult thing to transplant OS is this. Xip is called execute in place. Xip indicates local execution. The operating system kernel runs directly in flash and does not need to be copied to ram. However, flash memory has a much larger access period than Ram, which may reduce the program running speed after xip technology is used. However, due to the CPU instruction prefetch mechanism and cache mechanism, in practice, it does not significantly reduce the running speed of applications. The principle of xip is very simple, that is, the operating system or application runs directly from non-volatile memory. For the current technology, the non-volatile memory here refers to the nor flash, because only the n0r flash can be randomly accessed. There is also a scheme to enable xip for NAND flash by adding cache, but hardware circuits need to be added, which is not a general solution.

 

In addition to hardware support, xip also requires software support. When the operating system kernel and application program are running, the image in the memory can be divided into three parts: code segment, Data Segment and stack segment. The code segment corresponds to the text section in the execution program, including the Running code and read-only data. This section is generally marked as read-only in the memory. The data segment corresponds to the data section and ikss section in the running file. It stores various data (initialized and uninitialized) and static variables, stack segments are used to save function calls and local variables. According to the above analysis, there are two types of images in the memory when the program runs: Read-only images, such as code segments, and writable images, such as data segments. Flash is writable, but it cannot be written like normal Ram. Therefore, when the program runs in flash, we still need to put some writable data segments in Ram.

 

Because the wm6 internal version is wm5.2, the file structure is the same as that of wm5. Modify dump and package the Nb image file. Then, use pdocwrite to connect the entire OS partition written into the ROM through ActiveSync. In dump, default. HV (including hkcr and HKLM) and user. HV (including hkcu) are the initial registry files, which can be converted to Reg for editing and then transferred back.

 

Of course, it is too difficult to directly operate the dump directory. For example, if you want to remove a software, you need to delete all the files and registry keys used by the software and find them one by one. So with the buildos tool, he divides each software into a folder with all the software files and registry items. The rgu file in the folder is the registry key required by the software, the DSM file is associated information, which is used to determine the files required by the software based on the DSM content when the dump is decompressed into buildos. The rgu file in the dump directory generated by buildos can be deleted, but the separate registry key will not be generated in reverse mode.

 

Hard reset is required first after the machine is flushed. The factory setting is to format the user partition in the Rom, so that the ROM file is left, clean. The Rom partition is/windows, and the files in it cannot be modified except for the flash brush. Therefore, if the OEM has installed any software in it, users cannot delete it. They can only delete the quick cut method from the outside. When you copy a file to Windows, the system places it in the user partition, and then hides the original file in windows, which looks like the file is overwritten, in fact, the file in the Rom has not changed. It is impossible for someone to copy a small file to overwrite a large file in Windows to save space. This is just a waste of user partition space. There is no saving statement for the space of the OS partition, because the remaining space of the OS partition cannot be used by the user, unless you re-partition the doc, but this is too complicated, in addition, if some radio data is broken, it cannot be used as a phone call.

 

Therefore, when dump generates an image, try to put as many things as possible for exploitation, but that is not pure. Therefore, the hard start is to format the user partition, so that there is only one Windows directory without sub-directories, and then the system executes initflashfiles. the commands in dat are used to create sub-directories and copy required Rom files (such as the registry) to user partitions, because these files may need to be modified later. Then, initflashfiles.datruns checkautorun.exe to check Windows/autorun.exe. Then, the autorun executes/extended_rom/autorun.exe to run the extrom partition program. Extrom partitions are write-protected by default. They can be unlocked by a program, and are not displayed by default. You can change the Registry to storage, or enter the/extened_rom path in the file manager directly if it is not displayed. The hard start of this partition will not be lost, so you can put the software that you want to run automatically after the hard start