Quote (loquat)
I haven't ever use any debuggers before,so I don't quite get your meaning of "just port A09B6183"
to set a fast slappoint at A09B6183?
O no. I mean you need just port to S7C with the help of patsearch for example. When you will get this function: ROM:A09B6182 70 4B LDR R3, =0x414
ROM:A09B6184 70 49 LDR R1, =0xA8EB5E04
ROM:A09B6186 58 43 MUL R0, R3
ROM:A09B6188 40 18 ADD R0, R0, R1
ROM:A09B618A 39 21 09 01 MOVL R1, 0x390
ROM:A09B618E 40 1A SUB R0, R0, R1
ROM:A09B6190 00 78 LDRB R0, [R0]
ROM:A09B6192 70 47 BX LR
this address is here:
A09B618E 40 1A SUB R0, R0, R1
you can calculate this address or just set fast snappoint at S7C analog address of A09B6190 and call to your phone, in armdebugger at left side below will be content of R0 namely this address. You can go to this address in right side of armdebugger, press key M on PC keyboard to monitor and call again and you will see what numbers will be at this address and around.
LDRB R0, [R0,#2] returns 0 for unknown, 1 for SIM and 2 for addressbook, LDRB R0, [R0] returns number of group.