用惠普官方提供的中文版WM2003的ROM是无法将英文的iPAQ 2210刷成中文的,因为ROM更新程序gwupgradeut会检查新旧版本的语言,如果不一致就无法继续安装下去。网上目前可以查找到的解决方案有两种:一是用UltraEdit修改英文ROM的NBF文件,把文件头上的CHS改成ENG,然后再运行GWUpgradeUt;二是用romupdate把备份到CF卡上的中文ROM回刷回去。前一种方法疑似不可行,因为修改以后gwupgradeut会报告checksum出错;后一种方法需要一个中文的ROM和CF卡,有时候一时很难找到。实在不行,就只好拿到电脑城里的PDA店里去刷,刷一刷要100块钱。
我的team有一个很geek的Dev Lead也有一个英文的2210要刷成中文的,他不愿意花那冤枉钱,就用windbg运行gwupgradeut,找到了gwupgradeut调用CompareStringA检查新旧版本的语言的地方,修改参数所在的位置的值,使检查通过,就顺利的把中文的ROM刷到了英文的2210上了。
他操作的具体步骤如下:
- download ROMUpdate from http://h18007.www1.hp.com/support/files/HandheldiPAQ/us/download/20498.html;
- extract file to a directory, say c:\ipaq;
- install windbg if you don't have it;
- run windbg gwupgradeut.exe from c:\ipaq;
- hit "f5" to start gwupgradeut.exe, follow the instruction until to the first screen which shows version info;
- break into debugger;
- search for "ENG" string in memory by s 0x350000 L100000 'E' 'N' 'G' and found the address containing 'E' 'N' 'G' '\0' '\0' '\0', likely it is 0x4185c0;
- set break point to ensure this address is used for LOCALE check: ba r4 0x4185c0 and hit "f5" to continue;
- if you hit breakpoint 0, run dc 0x4185a0 or find the first arg of strcmp() in call stack, make sure it is "CHS" if not, abort, don't continue;
- if it is, manually change "ENG" to "CHS" by: ea 0x4185c0 "CHS";
- disable "ba r4" by bd 0;
- set break on write ba w4 0x4185c0 and hit f5;
- following on screen instruction until you hit "breakpoint 1";
- hit F10 for a few times, and keep doing dc 0x4185c0 until you see it shows "ENG";
- manually change "ENG" to "CHS" again: ea 0x4185c0 "CHS";
- hit f5;
- wait until it finish.
不失为debug的一个很鲜活的案例。