Buzzdev.org

usage_cmd_r

Usage:

 r [[register] [[=] [hex_value]]]

 Display(r0-r15)/Set registers(r9-r11 only) value(s).

  When no register is given, all the registers' content are displayed.
  When only a register name is given, the content of that register is
    displayed.
  If the optional value is also given, the register's content is set to
    the new value.
  '=' sign is always ignored.

usage_cmd_mb = sub_9004BEB0(1)

usage_cmd_mh = sub_9004BEB0(2)

usage_cmd_mw = sub_9004BEB0(4)

sub_9004BEB0

Usage:

 m{bhw} [StartAddr [Count [Filler]]]

 Display/Set memory content.

  StartAddr can be either a hex_address or a register name
  When StartAddr is not given, memory display continues from the
    previous address.
  When Count is not given, previous Count is used for memory display
    Count is initially set to 20 (hex).
  If Filler is specified, the memory area is filled with Filler.
** Panic:  Internal error (memory display help)
  Memory will be displayed/counted as words

usage_cmd_l = sub_9004C74C(1)

sub_9004C74C

Usage:

 l [path_name [startAddr offset ["cp"]]]

 Download BIN file across from serial/USB port.
 Startaddr offset(MSB bit is a sign bit): Start address offset of every packet in bin file.
  When 'cp' is given, it will just compare data of file with ROM image.
  When path_name is not given, the file to be downloaded is determined
    by ppfs on the host.
  Otherwise, path_name on the host is downloaded regardless the ppfs setting.
  The file must be in the format of BIN (preprocessed SRE).

  The code is auto-launched once downloaded.
  Auto-launched is disabled after downloading.

usage_cmd_h

Usage:

 h [command] [full]

  Helps on command.

  When no command is given, output a list of normal commands.
  If "full" option used, display all commands(need password enable).
  But if one command is given, It will show the command usage method.

usage_cmd_s

Usage:

 s StartAddr Count Pattern...

 Search Memory for pattern.

  StartAddr can be either a hex_address or a register name
  The starting address MUST be in valid unmapped space.
  The monitor does not validate this address.

  Count and StartAddr defines a search region
  Patterns can be hex numbers or double quoted strings
  A hex number with less than three digits is considered a byte
  A hex number with less than fice digits but greater than two digits
    is consider a half-word
  Otherwise a hex number must contain less than 9 digits and is considered
    a word
  Up to 8 Patterns can be given in the command line
  They are concatenated as a single search pattern.

usage_cmd_ew

Usage:

 ew Addr
Addr:hex memory address

usage_cmd_ppdl

Usage:

 ppdl [startAddr offset["cp"]]
 Startaddr offset(MSB bit is a sign bit):: Start address offset of every packet in bin file.
 If [cp] is not given: Download the BIN file that assigned by PPSH command line.

 If [cp] is given: for comparing image difference between
 download file and data of flash ROM.
 If parameter is given but not 'cp': Show message when downloading.

 This download is via parallel port

usage_cmd_map

Usage:

 map

 Display virtual address mapping table

usage_cmd_cp

Usage:

 cp reg# OPC_2 CRm [value]

Access coprocessor(cp15 only) registers

usage_cmd_lnb

Usage:

 lnb nb-file [StartAddr [Length [SkipOffset ["cp"]]]]

Download nb file to ROM.
StartAddr : Start address for downloading(default=80000000).
Length : Length for downloading(default=FFFFFFFF).
SkipOffset : SkipOffset for downloading(default=00040000).
cp : Compare image with file data only.

usage_cmd_d2s

Usage:

 d2s [StartAddr [Len [Type [Append[SkipStartAddr SkipLen]]]]]
Backup memory to storage.
StartAddr : Start address for backup(0xA0040000).
Len : Length of memory will be backup. And if not given value, it will be
Total ROM size on board - ((StartAddress & 0x0FFFFFFF) - (ROM base address(0) & 0x0FFFFFFF)).
Type : Which storage(cf/sd) type will be selected(cf).
Append : Backup methods(a/).
SkipStartAddr : Start address of skip area(0x0).
SkipLen : Skip length(0x0).
Skip area must be less than or equal to one block size of flash.
Skip area must not over two blocks, must inside one block.
Nand flash: Skip area size need be page boundary.
Nor flash: Skip area size need be DWORD boundary.

usage_cmd_s2d

Usage:

 s2d
Restore memory from storage.

usage_cmd_stress

Usage:

 stress count(Hex)
for stress test
write six kind of patterns to flash each count
count indicates how many loop times do you want to run
count inputed is considered as heximal, not decimal.

usage_cmd_shmsg

Usage:

 shmsg [Row [Col ["String"]]]

Show texts on display.
Row(hex) : 0 - 17(11).
Col(hex) : 0 - 12(C).
Text String : The string which will be show on display.

usage_cmd_set

Usage:

 set [Type [Value]]

Set control flags.
Type(hex) : Control function types.
Value(hex) : Setting values for types.
If value is not given, default is 0.

Type 0(Echo on/off): 1(on) and 0(off).
Type 1(Operation mode): 1(auto) and 0(user).
Type 2(Back color on/off): 1(on) and 0(off).
Type 3(Inverse on/off): 1(on) and 0(off).
Type 4(Front color value): 16 bits data
Type 5(Background color value): 16 bits data
Type 6(Set color of screen): Fill color to whole screen one time.
Type 8(COMM queue flag): 0(TX_RX disable),1(RX enable),2(TX enable) and 3(TX_RX enable).

Current flag settings:

usage_cmd_task

Usage:

 task [Type [Value [Value1]]]
Type,Value and Value1 are both DWORD(hex).
Value and Value1 are ignore in some case.
Type(hex) 0: Do hardware clear boot.
Type(hex) 7: Do flash ROM lock/unlock and [value]: 1(lock) and 0(unlock).
Type(hex) 28: Format DOC.

usage_cmd_rbmc

Usage:

 rbmc [FileName [StartAddr [Len]]]

Read back the memory content from the specified address to the host
and save the data to specified file name.
FileName : Full file path for save data of memory(default=c:tempMem.nb).
StartAddr : Start address of memory(default(hex)=A0000000).
Len : How many bytes will be read. And if not given value, it will be
Total ROM size on board - ((StartAddress & 0x0FFFFFFF) - (ROM base address(0) & 0x0FFFFFFF)).

usage_cmd_erase

Usage:

 erase [StartAddr [Len]]

Erase the contain of flash ROM.
StartAddr : Start address of ROM(default(hex)=a0040000).
Len : How many bytes will be erased(default(hex)=40000).

usage_cmd_checksum

Usage:

 checksum [StartAddr [Len]]

Return CRC checksum of memory.
StartAddr : Start address of ROM(default(hex)=A0000000).
Len : How many bytes will be calculated.
default(hex) = ROM total size - ((dwStartAddress & 0x0FFFFFFF) - (ROM_BASE & 0x0FFFFFFF))
In user mode: Show 4 bytes of CRC checksum value on display of terminal.
In auto mode: Send 4 bytes of CRC checksum value to terminal with data format.

usage_cmd_wdata

Usage:

 wdata [StartAddr [Len]]

Write data to memory(if write to ROM, need erase first).
StartAddr : Start address of memory(default(hex)=B00B0000).
Len : How many bytes will be written(default(hex)=40).
Length must not more than 0x20000 bytes(buffer limitation).
Write to RAM: 4 bytes(CRC checksum limitation).
              1 byte(in user mode).
Write to ROM: 4 bytes(CRC checksum limitation).
              2(16-bit)/4(32-bit) bytes(in user mode).
Write to ROM(16-bit data bus): 32 bytes(writebuffer mode).
Write to ROM(32-bit data bus): 64 bytes(writebuffer mode).
Length must be 4 bytes boundary(CRC checksum) if not in user mode.

After command execute, then send out the data to terminal.
Data format: HTCS(4 bytes)+DATA+checksum(4 bytes, if not in user mode)+HTCE(4 bytes).

usage_cmd_info

Usage:

 info [Type [Value]]
Type(hex) 0: Get platform name(16 bytes) and [value](hex) is ignore.
Type(hex) 1: Get bootloader version(16 bytes) and [value](hex) is ignore.

usage_cmd_password

Usage:

 password [string]

Enter the password string to enable full help and command functions.

usage_cmd_prouter

Usage:

 prouter [PortID1[Baud1[PortID2[Baud2]]]]

Port Router: Construct data path between two ports.
PortID1: PortID1 number(default=6).
Baud1: Baud rate1 select(default=5).
PortID2: PortID2 number(default=0).
Baud2: Baud rate2 select(default=5).

Port ID: 0(ACTIVE_PORT),1(PPSH_CABLE),2(PPSH_SERIAL2),3(PPSH_PAR1),4(USB_CABLE),
       5(ON_BOARD_FFUART),6(ON_BOARD_BTUART),7(ON_BOARD_STUART) and 9(DPRAM_MEMORY).
Baud Rate: 1(9600),2(19200),3(38400),4(57600),5(115200),6(230400),7(460800) and 8(921600).

usage_cmd_rroute

Usage:

 rroute [UART Path1[Baud Rate1[UART Path2[Baud Rate2]]]]

UART Router: Construct data path between Radio and Terminal.
UART Path1: UART path1 number(default=1).
UART Path2: UART path2 number(default=2).
Baud Rate1: Baud rate1 select(default=5).
Baud Rate2: Baud rate2 select(default=5).

UART Path: 1(FFUART) and 2(STUART).
Baud Rate: 1(9600),2(19200),3(38400),4(57600) and 5(115200).

usage_cmd_rtask

Usage:

 rtask [Type [Value]]
Type(hex) 0: Reset radio and [value](hex) is ignore.
Type(hex) 1: Turn on radio, lease use type 3 and 4 instead.
Type(hex) 2: Turn off radio and [value](hex) is ignore.
Type(hex) 3: Run radio image and [value](hex) is ignore.
Type(hex) 4: Run radio bootloader and [value](hex) is ignore.
Type(hex) 5: GSM code Burn In (19200).
Type(hex) 6: GSM code Burn In (115200).
Type(hex) 7: Radio AT Command Debug.
Type(hex) 8: GSM trace route.

Related posts:

1. Changing Your Himalaya's BOOTLOADERDO this only for the last resort Fourth Method is...
2. Himalaya WM2k5 – two bytes of memory configurationHi all, here's how to change memory config on WM2k5....
3. WM2005: Weird way to Backup Your Data under MAGNETOAnyway Heres the Step-By-Step Procedures Backuping Kill or End Processes...
4. How to manually Restore the Original Partition of HIMALAYA DOC (DiscOnChip)?d2s 70000000 01080000 after this dont remove your Device in...
5. vCard over IP Denial of Service exploitThe source code for HTC Touch vCard DoS exploit...