Apr 13, 2009
When divide 0 happened, GUI shows lockup, serial debug log halt;
If couldn’t replace \windows\dll, tried reflash it, then replace it.
Apr 13, 2009
Error 0xc0000409 is STATUS_STACK_BUFFER_OVERRUN refers to a stack buffer overflow;
Error 0xc00000fd is STATUS_STACK_OVERFLOW fefers to stack exhaustion
Exception code could be seen in ntstatus.h
Apr 11, 2009
Tested: the following statement will generate separate kdump indicates exception happened in system context.
RaiseException(0xffffffff,0,0,0),
ReportFault(GetExceptionInformation(),0), EXCEPTION_EXECUTE_HANDLER),
CaptureDumpOnDevice(0,0,0),
Divide 0
Apr 7, 2009
It seems while using SEH or CaptureDumpOnDevice would generate exception, it is not clear if this is correct behavior or issues
5. AKY=00040001 PC=03f62bf4(coredll.dll+0x00018bf4) RA=8001098c(NK.EXE+0x0001098c) BVA=00000000 FSR=00000000
PC: 0001:00017be4 xxx_RaiseException 10018be4 f coredll_ALL:tkfuncs.obj
RA: 0001:0000f884 PrefetchAbort 00020884 nk:armtrap.obj
6. AKY=00000041 PC=03f683bc(coredll.dll+0x0001e3bc) RA=8001098c(NK.EXE+0x0001098c) BVA=00000000 FSR=00000000
PC: 0001:0001d2e8 CaptureDumpFileOnDevice2 1001e2e8 f coredll_ALL:apis.obj
RA: 0001:0000f884 PrefetchAbort 00020884 nk:armtrap.obj
8. AKY=00200001 PC=03f8e544(coredll.dll+0x00044544) RA=8001098c(NK.EXE+0x0001098c) BVA=00000000 FSR=00000000
PC: 0001:00043500 __CxxThrowException 10044500 f coredll_ALL:throw.obj
RA: 0001:0000f884 PrefetchAbort 00020884 nk:armtrap.obj
Mar 26, 2009
Tested: if kdump is not at RELEASEDIR folder, exception and process would show same, but symbol won’t be able to show in call stack/threads etc
Tested: if the build is same but not identilcal, then it won’t show assembly code.
Mar 25, 2009
When build process got stuck, it maybe caused by copy script need prompt from UI
Feb 24, 2009
Use symmap.exe or symmap2.exe for parsing Hopper logs
Feb 10, 2009
Sometimes for some reason device couldn’t connect with activesyn, try uninstall the Windows Mobile Connect x# driver.
Jan 29, 2009
Sometimes for some reason that while you created a snapshot view, but not showing up in ClearCase Explorer views; Try use “Refresh View Shortcuts” – Alt-F5.
Jan 14, 2009
For changing EBOOT size, need to see if BIB file specified big enough size for it; if .nb1 got generated, it means that size is over designed;
As EBOOT would be changed to mbn and managed by modem side, so we will need to change size value in partition.c in AMSS side, otherwise it would get JTAG flash errors.
It also need to changed IPL’s bib file to cordinate with EBOOT bib;
It also need to change image_cfg.inc and image_cfg.c for jumping to right PA.
Jan 14, 2009
IMPORTING A CERTIFICATE TO YOUR CERTIFICATE STORE
-------------------------------------------------
1) from a cmd prompt on your image-signing machine, launch mmc.exe
2) select File > Add/Remove Snap-In...
3) click Add...
4) choose Certificates; click Add
5) choose which certificate store to manage, as appropriate
(e.g. "My user account" if you want the certificate available only to
the currently logged-in user)
6) return to the main MMC window, and expand the tree view to:
Console Root > Certificates - Current User > Personal > Certificates
[Frank] if used system, it may cause ImageHash couldn’t find certificates
7) right-click on Certificates and choose All Tasks > Import...
8) browse to your certificate file (e.g. SBL_Test_Certificate.pfx)
10) when prompted for the private key password, enter "test123" (without
the quotes) if you are importing SBL_Test_Certificate.pfx.
11) finish the wizard
Example:
ImageHash.exe flash.bin flash_signed.bin 1024
Jan 5, 2009
For adding files to clearcase, make sure container directory must be checked in as well!
Dec 19, 2008
For getting device driver name, check HKEY_LOCAL_MACHINE\Drivers\Active
Issues that call from NK OAL to Coredll
Try to call SetSystemPowerState from OAL IOCTL handler;
got linkage error while building kernel\kern, kernkitl, kernkitlprof;
found the API is at coredll.dll, then tried put $(_SYSGENSDKROOT)\lib\$(_CPUINDPATH)\coredll.lib, into source TARGETLIBS= section; build got linking success!
However in runtime, got Prefetch Abort like logs below, looks like coredll function address didn’t get shed into NK right.
INFO: OALIoCtlHalWarmBoot
INFO: SetSystemPowerState(POWER_STATE_RESET...)
Prefetch Abort: Thread=835ce000 Proc=8037ba10 'consoleTester.exe'
AKY=00002001 PC=00000000(???+0x00000000) RA=80050924(NK.EXE+0x00050924) BVA=00000000 FSR=00000005
try put different path $(_COMMONOAKLIB)\$(_CPUINDPATH)\coredll.lib, $(_COMMONSDKLIB)\$(_CPUINDPATH)\coredll.lib into source, results were the same;
Also try using another coredll function LoadKernelLibrary, result is the same: prefetch abort
seach internet and found that OAL shouldn’t link with coredll.lib.
then tried using SC_CreateFile to get one device driver handle, call SC_DeviceIoControl trap the ioctl to device driver, device driver iocontrol proxy call to SetSystemPowerState;
Success!
Dec 10, 2008
Full build:
1. Goto \fenway\AMSS\products\7200\build\ms
2. Run rvct22.bat
3. Run FDOAAPZM(amss build), FDOAAPZA(wm build), or FDOAAPZD(both)
Unit build:
4. Goto \fenway\WM\BuildScripts\WPC_QCMSM_Retail_FDOAAPAA
5. Run BaseOSEnv
6. Goto the module directory
7. Run build
Dec 09, 2008
Study the source and found under WM, only WM\platform\QCMSM is under clearcase which means all the other like WM\platform\COMMON, WM\public is generated!
Nov 17, 2008
Using JTAG ARM9,
* flashing: do mjnand
Directory: \fenway\wm\platform\qcmsm\tools\jtag
* debugging: do mjnload
Directory: \fenway\AMSS\products\7200\build\ms
While prompting elf, giving M7200JFDOAAPZM524007.elf
While prompting NK.exe, giving fenway\WM\release\WPC_QCMSM_retail_FDOAAPAA\wpc
Start ARM11 T32 as well.
Dec 1, 2008
Enabling phone functionality, flash phone with Gold_umts_fenway.qcn and it locates at \\msmlabpc4\\Dropbox\7200AQcnFile on Hugo's Desktop (hromero1)
Nov 17, 2008
Sometimes device couldn’t turn into FTM, and it would boot in normal boot, when check 453NV, value is 0 even it did get changed verified last time; changing battery sometimes seems improve the situations. So the issue may relates to power management.
Nov 6, 2008
Sometimes device couldn’t connect to PC, neither KITL or ActiveSyn works; Suspect the battery or power do effect on this issue; needs more research. Since every time after flash battery charging image shows up. Strange thing is if boot from USB, it seems work reliable. Could it be EBOOT driver is more effective?
Oct 31, 2008
JTAG flashing Fenway. Launch T32 ARM9, goto \fenway\wm\platofrm\QCMSM\tools\jtag\, then “do mjnand”->input FDOAAPA build ->select 9 (flash all)-> select 14 (flash wm)
Oct 30, 2008
When QPST try reset device in DLOAD mode, it actually would enable reset WatchDog timer, so while connect the device with the blue box, SIP 1 off would disable the WatchDog timer which makes device couldn’t reset.
windows Mobile 6’s way of encrypting files on storage cards, the extention of file is .menc;
to disable encrytion do
Go to System Control Panel and tap on the Encryption icon, unchecked every file you create on the storage card is encrypted;
Oct 29, 2008
Any text written to FSAUXIN will be executed by CESH just as if it was typed interactively, except it is not echoed on the command line.
Oct 28, 2008
In CN4 EBOOT menu, it seems KITL active would makes ActiveSyn doesn’t work;
For creating a crash app for windows mobile:
1. Tried devide 0 like,
Int iNum = 6;
iNum = iNum/0;
Got compile error for deviding zero;
2. Tried delete null like,
char* pTest = 0;
delete pTest;
It doesn’t work;
3. Tried array out of bound like
const int iNum = 10;
char test[iNum];
for (volatile int i=0; i<= 100; i++)
{
test[i] = 'a';
}
Doesn’t work, it would write out of the bound, mess up other variables, but system would not complain.
finally tried
void* pTest;
pTest = (void*)0xFFFFFFFF;
delete pTest;
works! And got data abort like:
Data Abort: Thread=83c371f8 Proc=8037bbd0 'HelloWorldSD.exe'
AKY=00008001 PC=03f6e0b8(coredll.dll+0x000220b8) RA=50616548(???+0x50616548) BVA=fffffff7 FSR=00000001
Unhandled exception at 0x03f6e0b8 in HelloWorldSD.exe: 0x80000002: Datatype misalignment.
The thread 0xc3a31eb6 has exited with code 0 (0x0).
Windows Mobile popup ‘We’re sorry’ windows.
Oct 27, 2008
\windows\cprog.exe is the dealer program running in windows mobile;
try put the same name executable at \ to do custom cprog.exe test;
use dumpbin.exe /disasm
to dump out the detail info of module;
[From: Sue Loh (MS)]
Anytime you see a TLSKERN_NOFAULT message, it's because exceptions are known to be a possible (accepted) occurrence at that time. For example as I understand it, using invalid window handles will cause these messages to be printed without breaking into the debugger. I'm the wrong person to tell you if there's anything you could do to make them go away, but I do know they're not serious.
Data Abort troubleshooting: AKY(Access Key), PC(Program Counter), RA(Return Address), BVA(Base Virtual Address), FSR(Fault Status Register)
0:22:15.181 Data Abort: Thread=829aa7c8 Proc=8037b250 'gwes.exe'
0:22:15.181 AKY=00200021 PC=00048a2c(gwes.exe+0x00038a2c) RA=00048a24(gwes.exe+0x00038a24) BVA=0c000100 FSR=00000007
· Return Address (RA) is at 0x00038a24
· Subtract 0x1000 to find the Module Offset(MO) of 0x00038a24
· We can now look up the Module Offset in gwes.map. Here is a small section of gwes.map:
Address Publics by Value Rva+Base Lib:Object0001:00037984 ??0TimerEntry_t@@QAA@PAVMsgQueue@@PAUHWND__@@IIP6AX1IIK@ZPAX_N@Z 00048984 f gwes:timer.obj
0001:00037a04 ?IsValidTimerEntry@TimerEntry_t@@QAA_NXZ 00048a04 f gwes:timer.obj
0001:00037a70 ?TimerQueuesRemoveSingleEvent@TimerEntry_t@@SAPAU1@PAUHWND__@@IPAVMsgQueue@@@Z 00048a70 f gwes:timer.obj
0001:00037b64 ?TimerQueuesRemoveAllMsgQueueOrHwnd@TimerEntry_t@@SAXPAVMsgQueue@@PAUHWND__@@@Z 00048b64 f gwes:timer.obj
Looking at the addresses we find that the MO is between 00037a04 IsValidTimerEntry and 00037a70 TimerQueuesRemoveSingleEvent. To calculate the Instruction Offset(IO) subtract the Function Offset(FO) from the Module Offset: 0x00037a24- 00037a04 = 0x20.
· we need COD file, which contains the C code as comments mixed with the assembly code that was created when the file was compiled. The COD files are in the same folder that the OBJ files are in. If you don't have the COD files, set WINCECOD=1 and rebuild.
Oct 22, 2008
For create branch, it needs VOB which under.
ClearCase connection problem. The view space ccstg_c has to be shared out from the local machine; also check if the abld service is running.
Goto [ClearCase Home Base]->[Control Panel]->[Service Startup]
Oct 20, 2008
couldn’t connect to \\msmlabpc6\, reason is Microsoft Client is not installed with the network. Same root cause to couldn’t print to network printers.
Oct 20, 2008
· If disable DHCP in EBOOT menu, it seems affected ActiveSyn connectivity with the PC, not proved it yet, just some experienmental feeling.
· Enable KITL and VMINI may caused AcitveSyn connection failiure.
· If set EBOOT IPL from network, the device would broadcast BOOTME to 255.255.255.255
Secure CRT settings to connect to device
Oct 17, 2008
Debugging on CE5.0 device without Activesync
This information ONLY applies to the Visual Studio 2005 Beta 2
Without the help of ActiveSync, VS 2005 does not automatically copy the connectivity binaries down to the device and hence debugging becomes problematic.
In order to use debugger on Windows CE 5.0 devices without active sync, you need to:
Step 1. Manually copy the following files down to the device
Clientshutdown.exeConmanClient2.exeCMaccept.exeeDbgTL.dllTcpConnectionA.dll
From the desktop folder: \Program Files\Common Files\Microsoft Shared\CoreCon\1.0\Target\wce400\, to \windows on device
Step 2. Manually launch the conmanclient2.exe
On the device side, open the command prompt and run "Conmanclient2.exe"
Step 3. Set the correct IP address
On the desktop side, open VS 2005Tools à options à device tools à devicesChoose Windows CE 5.0 device, click on “properties”.On the “Windows CE 5.0 device properties” dialog, click on “configure”.On the “Configure TCP/IP” Transport dialog, choose “use specific IP address” and type in the IP address of your windows CE 5.0 device.Click OK.
Step 4. Enable the connection (You can skip this step if the security is already disabled on the CE device by setting "HLKM\System\CoreConOverrideSecurity = 1". But disabling security may expose your device to malicious attack)
Run cMaccept.exe
Connect to the device within 3 minutes after you run cMaccept.exe. (The 3 minutes window is for the first connection. As long as you establish the first connection within 3 minutes, the following deployment/debugging sessions using the same VS instance is not limited by this 3 minutes window)
You need to perform Step 4 again when you try to connect from another instance of VS.
Now debugger is ready to go, and you should be able to deploy and debug program(s) running on Windows CE 5.0 device now.
issue: couldn't connect to device with QPST even install USB driver properly
symptons:
ActiveSyn connection is working well. QPST couldn’t detect the phone.
Solutions:
issue: couldn't use USB Keyboard and Mouse in the desktop
symptons:
Sometimes when playing with USB connection between device and desktop, desktop would show this behavior
Solutions:
Power off desktop, unplug power cord, wait for 10 minutes then power on.
Oct 16, 2008
issue: couldn't install Wince 6.0
symptons:
While in updating registry, it got problem and roll back the installation.
Showing popup:
Solutions:
1. turn off the Restrict CD-ROM access to locally logged on user only. Doesn’t work.
2. grant access right to registry. Doesn’t work.
3. unstall PB5, and try again. Works!
