I am not 100% sure about this, some things may be wrong:
our phones have: Drive C:\, D:\, E:\, F:\, G:\, J:\, Y:\ and Z:\
-
Drive C:\ is UDA.fpsx
we can completly read/write on it with Open4All patch or an app with all capabilities (incl. AllFiles and TCB)
a hardreset (via code or key combo) does wipe it completly, except the filenames which are in C:\private\100059C9\excludelist.txt
Drive C:\ and Z:\ is on one NAND flash chip, we can easily change the partion sizes via NokiaCooker
-
Drive D:\ is RAM
filebrowsers can see no files on it, except D:\system\Data\Clpboard.cbd, that's the clipboard
-
Drive E:\ is the massmemory, the default content is in eMMC.fpsx
like C:\ we can completly read/write on it with enough capabilities OR via USB massmemory mode
but we can't place any .exe files there without of installation, because it needs a hash file in C:\sys\hash (read about Symbian Platform Security)
CODeRUS developed a patch which disables this:
LINK-
Drive F:\ is memory card
it's exactly like E:\, but there is no flashing file for it on Symbian^3
-
Drive G:\ is USB-OTG memory
it has to be FAT, on FP2 it can be exFAT
I think in Symbian Internal PC build also NTFS works (read ROM part of this post)
On phones without massmemory:
- memory card if E:\, it's content is in .mcard.fpsx
- USB-OTG is F:\
thanks mihsun
-
Drive J:\ is an internal testing drive content and usage are unknown.
It's disabled in estart*.txt files.
-
Drive Y:\ Il.Socio told me, that Y:\ doesn't exist physiclly, but some files, e.g. drivers link to it. I don't know how it works.
it contains some files from ROFS and ROM and it's not visible.
How ROMPatcher works:the patched blocks of ROM files get shadowed in RAM by ROMPatcher, it hex edits them.
This files XIP (e
Xcute
In
Place) files.
What does this mean?
This files get directly lauched files from CPU, there is no loading into default RAM (drive D:\).
All imports/exports are prelinked.
XIP files work only from ROM, not from ROFS or a user drive.
We can extract ROMDumps via ROMPatcher + or Nokia Cooker to create ROM patches
How to extract a ROMDump?a) via ROMPatcher +: go to options, Advanced, Dump ROM
b) via Nokia Cooker, open CORE.fpsx, go to Advanced, Extract ROM to file ...
a Nokia Cooker dump isn's as big as a ROMPatcher dump and some files are missing.
if you have a device which runs the firmware from which you want use ROMPatcher.
Drive Z:\ isn't simply one drive, it contains:- the
uboot part (software bootloader), it's in
ROM (read under uboot).
it's a special part and hidden/compressed (I guess via deflate, because sources of it contain a deflate header)
- You can only access it via hexeditor.
I wouldn't modify it, it can brick your phone.
All NAND phones have a hardware bootloader on SoC, which searches software bootloader and runs it, it must be signed or something similar.
If you want to check it:
- open core.fpsx and delete all files
- create a romdump and compare it with your core, delete the whole area (replace it with zero)
- now only core header and uboot it left
Switching on the phone triggers the CPU and MMU to reset. This disables the MMU and causes the CPU to jump to a well-known location to execute the reset code. On ARM CPUs, this is address 0x00000000, which is usually referred to as the reset vector. Obviously there must be some code at physical address zero for this to work and hence some hardware - usually this will be some masked ROM or XIP Flash.
Symbian boots like this:
- uboot
- ekern.exe (kernel)
- estart.exe, than efile.exe (fileserver + launcher)
- domainsrv.exe (domainmanager)
domainsrv.exe is the first point for us to inject something, most should know it from ROMPatcher domainsrv autostart, maybe some use it to edit files which are always loaded (contacts database etc.) via MiniCMD.
-------
- the
ROM part (
Read
Only
Memory) which we can't edit, only patch via ROMPatcher.
It's in CORE.fpsx, to explore it, create a ROMDump (scroll down for a tutorial). You can open it via
aROMat by CODeRUS- If you edit it e.g. via a hexeditor your phone won't boot up.
it contains:
- uboot (scoll down)
- sys\bin\*.exe and *.dll files
- renamed .dll files:
- fsy, that's a file system extension, e.g. to read FAT, ROFS, ROM, exFAT (FP2 or PC port only), NTFS (PC port only): automounter.fsy, ecomp.fsy (I guess ROM), elocal.fsy (fat32), erofs.fsy (ROFS), exfat.fsy (exFAT), msfs.fsy (FAT), elffs.fsy (only for NOR flash), NTFS.fsy (NTFS)
- .csy, .tsy don't know about their usuage, maybe someone could help 
- .iby, it defines the location of the ROM image while ROM build
- .pxy, I don't know the usuage, but there is a file (usbhostms.pxy) which is related to USB-OTG
- .pdd, phsical device drivers (contain drivers for drives, e.g. NAND driver, SD driver and RAM driver)
- .ldd, logical device drivers
- .pxt, file server plug-ins
- .fxt, file server extensions
they ALL are XIP files, check ROMPatcher part the for explaination about XIP.
- sys\Data\estart*.txt, it contains partion information for estart.exe (that's a part of efile.exe a.k.a FileServer/Launcher).
nokia protected it via hashes, checksums etc., but the private key is unknown, so it's impossible to modify it without
-------
- the
ROFS -
Read
Only
File
Sytem 1-3 (a.k.a. ROFS1, ROFS2 and ROFS3)
- we can completly mod it via Nokia Cooker, but if you place a XIP file here it won't launch.
E.g. you can't copy efile.exe from Z:\ or a ROMDump to ROFS1 and enter Open4All -> your phone won't boot.
If you open CORE.fpsx via Nokia Cooker it will show ONLY ROFS1, not ROM or core header.
Partion Table allows up to 6 ROFS, but Nokia uses only 3.
-------
- the rest of
CORE.fpsx,
- that's the core header.
It contains some stuff, not everything is known.
But some parts are, e.g. the partion table
You can fully mod it via a hexeditor, but open and save it with Nokia Cooker after edit to fix checksum (crc) errors.
-------
- but why is it only ONE drive?
- sys\Data\estart*.txt, partion table and FileServer (efile.exe) define it as Z:\, so it isn't physicly one partion, it's software defined.
file server usually reads this order:
ROFS3 -> ROFS2 -> ROFS1 -> ROM
if you have a file in all ROFS it's there in all hardware partions, but in the software partion Z:\ is only ONE file.
check this links for more information:
http://www.developer.nokia.com/Community/Wiki/Symbian_OS_Internalshttp://symbian-coderus.blogspot.de/p/aromat.htmlhttp://en.wikipedia.org/wiki/Core_dumphttp://en.wikipedia.org/wiki/Executable_and_Linkable_Formatkernel sources:
via sourceforgeThanks Il.Socio for your help
Regards
