Register

Addin manager: need to manipulate RAM & SMEM

Discuss issues related to Calculator Hacking/Modding.
Senior Member
User avatar
Posts: 605
Joined: Sat Sep 15, 2012 6:59 am
Location: Krautland ****
Calculators: Casio fx-7400GII, Casio fx-7400GII (SH4), Casio fx-9750GII, Casio fx-9750GII (SH4), Casio fx-9860G, Casio fx-9860G SD, Casio fx-9860G Slim, Casio fx-9860GII SD, Casio fx-9860GII SD Power Graphic 2, Casio Classpad 330 plus, Casio fx-CG20, Casio fx-CG50, Casio Classpad fx-CP400

Re: Addin manager: need to manipulate RAM & SMEM

Postby SimonLothar » Sat Jan 07, 2017 9:44 am

Zezombye wrote:I could do that securely by iterating over the OS until I match a bitmap (I could match some code that happens to match the bitmap, but is it unlikely?), however how would I know the start and size of the OS?
The OS of fx-9860 calculators starts at 0x80010000 and definitly ends at 0x80270000.

The following source shows a fairly systematic way to find the builtin-icons.
find built-in icons: Show
Code: Select all
typedef struct {
   short AppDefNo;
   short A1;
   void*NameAddr;
   int msgno;
   void*AppCodeAddr;
   void*EACT_EstripIconPtr;
} TAppDef;

typedef struct {
   void*NameAddr;
   void*AppCodeAddr;
   int unknown;
   void*IconPtr;
} TAppDef2;

#define F07_3_HandlerUSE_TEXTVIEW 1
// ************************************************
/* Find the builtin-icons
  first find the BuiltInDef-Array using 0x0471: int App_GetAppDef( short AppNo, TAppDef AppDef );
  retrieve AppDef.EACT_EstripIconPtr; f. i. use AppNo==0
  starting at AppDef.EACT_EstripIconPtr walk back in the memory, until you find the second instance of a pointer to the string, which equals the string behind AppDef.NameAddr
  this pointer point to TAppDef2 and AppDef2.IconAddr is the requiered pointer to the builtin-icon.
  Checked on OSes 1.03 and 2.09.
*/
int F07_3_Handler(){
unsigned char hb[40];
int iDefs;   
TAppDef AppDef;
#if defined F07_3_HandlerUSE_TEXTVIEW
TTextView*text;
#else
unsigned int key;
#endif
char buffer[SIZE001];
int idx, icount;
unsigned int*ip;
char*cpp;
TAppDef2 AppDef2;

   memset( buffer, 0, SIZE001 );
#if USE_TEXTVIEW == 1      
   text = new TTextView;
   (*text).SetFontsize( szMINI );
   (*text).buffer = buffer;
#endif   

   strcpy( (char*)hb, "AppDef walk" );
   strcat( buffer, (char*)hb );
   strcat( buffer, " " );

   Bdisp_AllClr_VRAM();

   iDefs = App_BuiltInDefsCount(); // 0x046C: int App_BuiltInDefsCount();

   IntToHexN( iDefs, (unsigned char*)hb, 2 );
   strcat( buffer, (char*)hb );
   strcat( buffer, "\x0D\x0A" );
//   strcat( buffer, " " );

   for ( idx=0;idx<iDefs;idx++){
      App_GetAppDef( idx, &AppDef );
   
      strcat( buffer, (char*)AppDef.NameAddr );
      LocalizeMessage1( AppDef.msgno, (char*)hb );
      strcat( buffer, (char*)hb );
      strcat( buffer, "\x0D\x0A" );
      strcat( buffer, " " );
      
      IntToHexN( (int)AppDef.AppCodeAddr, (unsigned char*)hb, 8 );
      strcat( buffer, (char*)hb );
      strcat( buffer, " " );
      IntToHexN( (int)AppDef.EACT_EstripIconPtr, (unsigned char*)hb, 8 );
      strcat( buffer, (char*)hb );
      
      strcat( buffer, "\x0D\x0A" );
   }
   
   App_GetAppDef( 3, &AppDef );
   ip = static_cast<unsigned int*>(AppDef.EACT_EstripIconPtr);
   icount = 0;
   while( 1 ){
      if ( *ip > 0x80000000 ){
         if ( *ip < 0x80270000 ){
            cpp = (char*)*ip;
            if ( strcmp( cpp, (char*)AppDef.NameAddr ) == 0 ){
               icount++;
               if ( icount == 2 ) break;
            }
         }
      }   
      ip--;
   }   
   memcpy( &AppDef2, (void*)ip, sizeof( TAppDef2 ) );
   IntToHexN( (int)AppDef2.IconPtr, (unsigned char*)hb, 8 );
   strcat( buffer, (char*)hb );
   strcat( buffer, " " );
   strcat( buffer, (char*)AppDef2.NameAddr );
   
   strcat( buffer, "\x0D\x0A" );
   
   
#if defined USE_TEXTVIEW_MCS
   (*text).Execute(0);
   delete text;
#else   
// now buffer could be written into a file.   
   GetKey( &key );
#endif   

   return 1;
}

Zezombye wrote:...but is there a way to overwrite the OS...

I know three methods to change the OS.
On-calc, off-calc (customize image) and off-calc (customize OS-update.msi).
I recommend not to use any of them.
Any OS change can brick your calculator. There is no save way.
I'll be back!

Senior Member
Posts: 100
Joined: Sun Mar 24, 2013 12:01 pm
Calculators: None

Re: Addin manager: need to manipulate RAM & SMEM

Postby TeamFX » Sat Jan 07, 2017 5:32 pm

safe... there is no safe way. :think: :shock: :o :mrgreen:

Previous

Return to Calculator Hacking/Modding Discussions

Who is online

Users browsing this forum: No registered users and 30 guests