Выкладываем сюда програмы и методы для ковыряния прошивок, а также описание и назначение модулей и системных библиотек и способы их замены

Кое-какую инфу нарыл, но пока времени нет этим всем серьезно заниматься.
Значится, чтобы портировать WM6 или новые AKU на наши прошивки порядок работы должен быть примерно такой:
1 - достать разбирабельную прошивку с нужной нам версией OS;
2 - разобрать свою прошивку и прошивку-донор;
3 - разобрать XIP обеих прошивок;
4 - портировать ядро оси из XIP донора в XIP целевой прошивки;
5 - портировать SYS из OS донора в целевую прошивку;
6 - пересобрать XIP и OS целевой прошивки, использую Relloc для XIP и G'Relloc для OS;
7 - вставить новый XIP в прошивку, прошиться и отлавливать глюки (IMG:http://forum.pda2u.ru/style_emoticons/default/smile.gif)

Портирование содержимого XIP, мануал на инглише:
1. Build dump.
2. Build maps
Copy this maps (at least you will need MAP.txt) to safe location for exploring later.
3. Make pkgs
Go to OUT/Modules and look for MSXIPKernel package - this thing you can replace with MSXIPKernel package from another device (also you MUST use XIPPort on another device's XIP - and MUST make it's maps and save that other device's MAPS.txt somewhere). And remember what files MSXIPKernel contains.
4. Undo (must 'unmake' pkgs so modules all will be just in out/modules folder)
OK - now just replace all modules related with MSXIPKernel as your remembered and their appropriate ....txt files ... e.g. replace folder coredll.dll and file coredll.dll.txt and so on. Just do not replace files like nk.exe, cecompr, ceddk, fsdspy, msflash because they can contain OEM's data and be tied to your device.
5. 'Relocate
Some people says that here XIPPort has some errors when trying to relocate modules to fit them in place, well, but we will try to fix them by hands (IMG:http://forum.pda2u.ru/style_emoticons/default/smile.gif)
Now look in MAP.txt ... you will need such section (in beginning):
01fa01fe - 01fa01fe L00000000 Start: first DLL address
01fa01fe - 01fe1000 L00040e02 NUL
01fe1000 - 01fe2000 L00001000 actual of region_1 Fsdspy.dll
01fe2000 - 01fef000 L0000d000 actual of region_1 msflash.dll
01fef000 - 01ff0000 L00001000 actual of region_2 cecompr.dll
...
01fff000 - 02000000 L00001000 actual of region_1 coredll.dll 
02000000 - 02000000 L00000000 End: last DLL address I
Now you must compare an old MAP.txt for your device, MAP.txt for a device from where you take aku's files and this MAP.txt - all three of them.
Idea is to fix what XIPPort done with that .dll sections which are in 'First DLL... Last DLL' region.
You must edit imageinfo.txt files by hands to get such thing: Files that you are NOT replaced from second device - must have their 'actual of region_1' addresses like in your OLD MAP.txt, files that you copied from new device - must have their 'actual of region_1' like in THEIR MAP.txt.
Main idea is to put that module's regions that WAS in 'first DLL ...... last DLL' section on their RIGHT positions. Hope you understand...
To relocate region's address - edit it's imageinfo.txt file:
e.g. - you replaced coredll.dll and after 'realloc P' it has it's 'actual of region_1' somewhere like 02300000 - but in that MAP.txt file from where your took coredll.dll - you can see that it must be 01FFF000 - go to imageinfo.txt in coredll.dll folder and look for "o32[1].o32_realaddr" line - [1] stands for 'region_1', [2] - for 'region_2' - you will understand... There can be direct address like 02300000 or relative address like D+0005EE02 - D means value that you can find in your ROMHDR.txt file - look for line "dllfirst: D=01FA01FE" - it's a D value - I used D+... to alter region_1's positions.
Tune all files and you need to get 'first DLL .... last DLL' section be right.
Then again build maps. (while you working on that section - 'build maps' can make an error - so - first edit all imageinfo.txt files only then press 'make maps').
now your new MAP.txt must look right - all .dlls must have their RIGHT addresses in section 'first DLL ... last DLL
6. Ok - then you need to patch S000 file in nk.exe module to put there your new ROMHDR offset. First - look in your old MAP.txt file for OLD ROMHDR offset, there must be a line:
8027dba4 - 8027dbf8 L00000054 rom_00 header: dlls=01fa01fe-02000000 phys=80180000-804e14f0, 21 modules, 11 files, 1 copyentries ext=80182e64 ram=900f8000-94000000 cputype=000001c2
you see - 8027DBA4 - it's your OLD offset - search for this hex value in S000 part of nk.exe - there must be only one (or else you will have to guess where you can patch, hehe)... btw - don't forget that in hex editor this value will be A4 DB 27 80 (reversed)... well - patch it to your NEW romhdr offset that you can find in your NEW MAP.txt file ...
ok ... that must be ALL ...
just don't forget that after 'realloc P' you must alter imageinfo.txt files to get region_1(2) back in their RIGHT places and to patch S000 of nk.exe to put there your new ROMHDR offset...
Then - guess - build xip_out.bin, put xip_out.bin in your xip2 and flash all that things back to your PDA...

Еще несколько очень полезных ссылок (хотел сам разобраться, но, похоже, до отпуска уже руки не дойдут):
http://www.pda4x.com/read.php?tid=40125&am...ead=&page=1 (здесь речь идет про старый xipport - новый, по идее, не должен делать этих ошибок, но это еще нужно проверить).
http://forum.xda-developers.com/showthread...6360&page=2
http://buzzdev.net/read.php?26,27196
http://wiki.xda-developers.com/index.php?p...m_Cooking_Notes