EKA2L1 - Symbian OS HLE

[ghost]

• https://github.com/bentokun/EKA2L1

P.S.: @bentokun, maybe E32Explorer would be useful for you too

• https://github.com/mrRosset/E32Explorer

P.P.S.: Cast @fedor4ever

[fedor4ever]

@Symbian9, dark spirit @fedor4ever invaded in you word :-) Wow! @bentokun, Symbian Systemcall Signatures (SSS) Symbian use ARM EABI for function interworking at compile and runtime. You can obtain that documentation freely from arm cpu makers - arm.com at their dev corner

For arm6 emulator try gdb sim.

[fedor4ever]

Maybe run our startup for symbian greatness?

[pent0]

@fedor4ever thanks for info, sure to check out @mrRosset I'm suffering with the image loading, so this is great. Information i found online are more about older version, cause im trying to emulate 9.x, but still, thanks :) And im suprised that there are people that actually see my repo :o.

[pent0]

I'm using Unicorn to emulate ARM cpu using JIT, but Im lack of information on how to hook library call. I was also trying to go LLE but lacks of knowledge, so i go with HLE. There are many libs that need to be implement and i don't know if i should change to low level emulation or not.

Also, if talking at here is not suitable, i will create a discord sever to discuss this more, since there are actual people who still cares about Symbian lol :)

[fedor4ever]

Why can't see @mrRosset posts here? @bentokun , codesourcery' GCCE shipped with preconfigured quemu or another vm. Try it. Hope it helps.

There are many libs that need to be implement

What libs you want implement? Why? Do u have blog? Currently my time very limited. Try to help at weekend.

[pent0]

It's the libraries come with system (system libraries ?)

What i imagined high level emulation in EKA2L1 is something like this: When a call to a Symbian library is detected (e.g EUSER), the CPU emulator redirects it to our own implementation of that function. Example, when the app branch to function like User::AllocL, it actually executes my implementation written in C++ (like what NGEmu does).

Tambry abadoned the HLE approach, because there is lack of information I think. I am just scared that there is too much libraries that it become impossible for me to implement them all (currently in epoc32 include folder is over 2000 headers). Low level emulation instead, load the system libraries from firmware and run it (I think), although there must be tweaks to make it work. And i don't know what tweak is :P.

@fedor4ever Still, i think something like qemu is unneccessary. It's not lightweight at all. Trust me, most emulators rn don't use qemu. And this is an emulator, its not a virtual machine

But still, I do not have much knowledge on emulating this (I dive deep in emulation and Symbian just three months ago), so still if someone like @mrRosset can help me (his work is amazing), it would be cool.

Edit: @fedor4ever thanks for spending time :D

I will focus on CPU emulation after i done writing a loader for EKA2 Image. I wrote the interface already

[fedor4ever]

@bentokun, e32image has 2 variants

1. It is modified pe image(don't know how actual for 9x, used in pre 9)
2. Modified elf file, look at fixed elf2e32 tool in my repos

Well, I thought you wish to write symbian phone firmvare loader(it will be so good).

[pent0]

I am writing the image loader based on elf, ill sure to check out your repo

I am also considering to make firmware loader to avoid reimplement all library apporach (more LLE, like emu like RPCS3 does). Do you have any document on the structure of firmware file?

[fedor4ever]

I saw somewere attempts(sucessful) to dump firmware from phone from Symbian os itself. Pros: full and decrypted firmware, even hidden sectors; cons: none. About rom not many info. Main class to manipulate named TRomInfo. Try sdk help, they sometimes contains private data. seek in Symbian sources - they have a lot info.

Fiodar Stryzhniou

исходное сбщ Тема: Re: [mrRosset/Symbian-Archive] EKA2L1 - Symbian OS HLE (#13) От: Do Trong Thu notifications@github.com Дата: 05.04.2018 03.12

I am writing the image loader based on elf, ill sure to check out your repo

I am also considering to make firmware loader to avoid reimplement all library apporach (more LLE, like emu like RPCS3 does). Do you have any document on the structure of firmware file?

-- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: https://github.com/mrRosset/Symbian-Archive/issues/13#issuecomment-378783569

[mrRosset]

@bentokun Nice job that looks really promising. I will follow what you are doing.

From what I know in the EKA1 kernel the rom is a blob of data and code that is loaded at address 0 at boot time and then mapped into a fixed position (see here) I don't know if this is the same thing for EKA2 and 9.x OS.

As @fedor4ever mentionned the eka1 rom has a TROM structure at it's start I think. Among other things it has a sort of read-only file-system where it gives you the position of each file inside the rom dump. Someone made a tool to visualize this (here) but it only works on windows. And I don't know if the same principle are there in EKA2 kernel. I have gif of it working somewhere I will upload it (done it's here)

I'm trying something similar to you at https://github.com/mrRosset/Engemu. But on a kernel from 6.1. My initial idea was to only emulate system calls. But I'm currently stuck at a point where I have system calls that I can't figure out. Maybe emulating the system libraries like you want to do is a better way. I'm not really sure :P

In case you haven't seen it I highly recommend looking at parts of the "Symbian Internals book". It really has a lot of details on how they designed EKA2.

Edit: I just remembered that there are other tool to extract roms like this one: https://i.imgur.com/UCHXrkE.png

[pent0]

@mrRosset Thanks <3

I'm considering switch to LLE, since there is too many things to implement. Honestly the choice is hard. Go with HLE means that i can control the code, but many implementations is required, but gone with LLE is also hard, since you mostly have to reverse the system call yourself, and it takes a lot of work.

I still want to go with high level emulation, but it will be tough ;(

And found the tools to extract symbols on your repo, i am in need of it lol, big thanks again.

[mrRosset]

Ah the tool doesn't really extract symbol. It matches the names from ids files and the libs from an n-gage is to create file with for each lib that has a mapping like this:

5083d515: TAgnWeeklyRpt::_eq(TAgnWeeklyRpt const &)const
50840af1: CAgnTodoList::SetDisplayEntriesInOtherViews(int)
50849621: CAgnSortEvent::_nw(unsigned int, TLeave, CAgnSortEntryAllocator *)
508358a5: CAgnEntry::DeleteAttendee(int)
...

With or without function name demangled. (in case you need it the demangler is in Export_Converter, it's not perfect I made this quite quickly) I mostly used this to quickly name the functions in ida pro. (like this)

[pent0]

I create a Discord sever to chat about Symbian stuff and the emulator progress, so if you interested, you can join the sever here: https://discord.gg/5Bm5SJ9. I think asking stuffs in here is not suitable