root/platform/a4000/sub/101b/capt_seq.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. capt_seq_task
  2. sub_FF96472C_my
  3. exp_drv_task
  4. sub_FF8AC7D0_my
  5. sub_FF89C418_my

   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 #include "conf.h"
   5 #include "stdlib.h"
   6 
   7 static long *nrflag = (long*)(0x8868+0x00);  // Found @ ff9e40b0 & ff9e40f8
   8 #define NR_AUTO (0)                          // have to explictly reset value back to 0 to enable auto
   9 
  10 #define PAUSE_FOR_FILE_COUNTER 300           // Enable delay in capt_seq_hook_raw_here to ensure file counter is updated
  11 #include "../../../generic/capt_seq.c"
  12 
  13 //** capt_seq_task  @ 0xFF870DB0 
  14 
  15 void __attribute__((naked,noinline)) capt_seq_task(  ) { 
  16 asm volatile (
  17       "STMFD   SP!, {R3-R9,LR}\n"
  18       "LDR     R4, =0x36D9C\n"
  19       "LDR     R7, =0x2B64\n"
  20       "MOV     R6, #0\n"
  21 "loc_FF870DC0:\n"
  22       "LDR     R0, [R7, #4]\n"
  23       "MOV     R2, #0\n"
  24       "MOV     R1, SP\n"
  25       "BL      sub_003F7218\n"
  26       "TST     R0, #1\n"
  27       "BEQ     loc_FF870DEC\n"
  28       "LDR     R1, =0x493\n"
  29       "LDR     R0, =0xFF87091C \n" // "SsShootTask.c"
  30       "BL      _DebugAssert \n"
  31       "BL      _ExitTask \n"
  32       "LDMFD   SP!, {R3-R9,PC}\n"
  33 "loc_FF870DEC:\n"
  34       "LDR     R0, [SP]\n"
  35       "LDR     R1, [R0]\n"
  36       "CMP     R1, #0x20\n"
  37       "ADDCC   PC, PC, R1, LSL #2\n"
  38       "B       loc_FF871048\n"
  39       "B       loc_FF870E80\n"
  40       "B       loc_FF870E98\n"
  41       "B       loc_FF870EFC\n"
  42       "B       loc_FF870F10\n"
  43       "B       loc_FF870F08\n"
  44       "B       loc_FF870F1C\n"
  45       "B       loc_FF870F24\n"
  46       "B       loc_FF870F2C\n"
  47       "B       loc_FF870F48\n"
  48       "B       loc_FF870F74\n"
  49       "B       loc_FF870F54\n"
  50       "B       loc_FF870F60\n"
  51       "B       loc_FF870F68\n"
  52       "B       loc_FF870F7C\n"
  53       "B       loc_FF870F84\n"
  54       "B       loc_FF870F8C\n"
  55       "B       loc_FF870F94\n"
  56       "B       loc_FF870F9C\n"
  57       "B       loc_FF870FA8\n"
  58       "B       loc_FF870FB0\n"
  59       "B       loc_FF870FB8\n"
  60       "B       loc_FF870FC0\n"
  61       "B       loc_FF870FC8\n"
  62       "B       loc_FF870FD4\n"
  63       "B       loc_FF870FDC\n"
  64       "B       loc_FF870FE4\n"
  65       "B       loc_FF870FEC\n"
  66       "B       loc_FF870FF4\n"
  67       "B       loc_FF871000\n"
  68       "B       loc_FF871008\n"
  69       "B       loc_FF871014\n"
  70       "B       loc_FF871054\n"
  71 "loc_FF870E80:\n"
  72       "    BL      shooting_expo_iso_override \n" // added
  73       "BL      sub_FF8715C8\n"
  74       "    BL      shooting_expo_param_override \n" // added
  75       "BL      sub_FF86EBBC\n"
  76 //      "LDR     R0, [R4, #0x28]\n"
  77 //      "CMP     R0, #0\n"
  78 //      "BLNE    sub_FF9647C8\n" // above 3 lines removed - redundant with added lines below
  79       "    MOV     R0, #0 \n"         // patch added
  80       "    STR     R0, [R4,#0x28] \n" //fixes overrides behavior at short shutter press
  81       "B       loc_FF871054\n"
  82 "loc_FF870E98:\n"
  83       "LDR     R5, [R0, #0x10]\n"
  84       "LDR     R0, [R4, #0x28]\n"
  85       "CMP     R0, #0\n"
  86       "BNE     loc_FF870ED4\n"
  87       "BL      sub_FF87249C\n"
  88       "MOV     R1, R5\n"
  89       "BL      sub_FF8724F4\n"
  90       "LDR     R0, =0x10F\n"
  91       "MOV     R2, #4\n"
  92       "ADD     R1, R5, #0x24\n"
  93       "BL      _SetPropertyCase \n"
  94       "MOV     R2, #4\n"
  95       "ADD     R1, R5, #0x28\n"
  96       "MOV     R0, #0x2C\n"
  97       "BL      _SetPropertyCase \n"
  98 "loc_FF870ED4:\n"
  99       "MOV     R0, R5\n"
 100 //      "BL      sub_FF96472C\n" //original
 101       "BL      sub_FF96472C_my\n" //patch
 102       "BL      capt_seq_hook_raw_here \n" // patch
 103       "MOV     R8, R0\n"
 104       "MOV     R2, R5\n"
 105       "MOV     R1, #1\n"
 106       "BL      sub_FF86F06C\n"
 107       "TST     R8, #1\n"
 108       "MOVEQ   R0, R5\n"
 109       "BLEQ    sub_FF9640A8\n"
 110       "B       loc_FF871054\n"
 111 "loc_FF870EFC:\n"
 112       "MOV     R0, #1\n"
 113       "BL      sub_FF871898\n"
 114       "B       loc_FF871054\n"
 115 "loc_FF870F08:\n"
 116       "BL      sub_FF87121C\n"
 117       "B       loc_FF870F14\n"
 118 "loc_FF870F10:\n"
 119       "BL      sub_FF8715A8\n"
 120 "loc_FF870F14:\n"
 121       "STR     R6, [R4, #0x28]\n"
 122       "B       loc_FF871054\n"
 123 "loc_FF870F1C:\n"
 124       "BL      sub_FF8715B0\n"
 125       "B       loc_FF871054\n"
 126 "loc_FF870F24:\n"
 127       "BL      sub_FF871780\n"
 128       "B       loc_FF870F4C\n"
 129 "loc_FF870F2C:\n"
 130       "LDR     R5, [R0, #0x10]\n"
 131       "MOV     R0, R5\n"
 132       "BL      sub_FF964860\n"
 133       "MOV     R2, R5\n"
 134       "MOV     R1, #9\n"
 135       "BL      sub_FF86F06C\n"
 136       "B       loc_FF871054\n"
 137 "loc_FF870F48:\n"
 138       "BL      sub_FF871800\n"
 139 "loc_FF870F4C:\n"
 140       "BL      sub_FF86EBBC\n"
 141       "B       loc_FF871054\n"
 142 "loc_FF870F54:\n"
 143       "LDR     R0, [R4, #0x58]\n"
 144       "BL      sub_FF871C88\n"
 145       "B       loc_FF871054\n"
 146 "loc_FF870F60:\n"
 147       "BL      sub_FF872038\n"
 148       "B       loc_FF871054\n"
 149 "loc_FF870F68:\n"
 150       "MOV     R0, #0\n"
 151       "BL      sub_FF87209C\n"
 152       "B       loc_FF871054\n"
 153 "loc_FF870F74:\n"
 154       "BL      sub_FF8715A8\n"
 155       "B       loc_FF871054\n"
 156 "loc_FF870F7C:\n"
 157       "BL      sub_FF963454\n"
 158       "B       loc_FF871054\n"
 159 "loc_FF870F84:\n"
 160       "BL      sub_FF9636B4\n"
 161       "B       loc_FF871054\n"
 162 "loc_FF870F8C:\n"
 163       "BL      sub_FF96376C\n"
 164       "B       loc_FF871054\n"
 165 "loc_FF870F94:\n"
 166       "BL      sub_FF963840\n"
 167       "B       loc_FF871054\n"
 168 "loc_FF870F9C:\n"
 169       "MOV     R0, #0\n"
 170       "BL      sub_FF963AA0\n"
 171       "B       loc_FF871054\n"
 172 "loc_FF870FA8:\n"
 173       "BL      sub_FF963C10\n"
 174       "B       loc_FF871054\n"
 175 "loc_FF870FB0:\n"
 176       "BL      sub_FF963CA4\n"
 177       "B       loc_FF871054\n"
 178 "loc_FF870FB8:\n"
 179       "BL      sub_FF963D60\n"
 180       "B       loc_FF871054\n"
 181 "loc_FF870FC0:\n"
 182       "BL      sub_FF871A0C\n"
 183       "B       loc_FF871054\n"
 184 "loc_FF870FC8:\n"
 185       "BL      sub_FF871A90\n"
 186       "BL      sub_FF832298\n"
 187       "B       loc_FF871054\n"
 188 "loc_FF870FD4:\n"
 189       "BL      sub_FF963910\n"
 190       "B       loc_FF871054\n"
 191 "loc_FF870FDC:\n"
 192       "BL      sub_FF963950\n"
 193       "B       loc_FF871054\n"
 194 "loc_FF870FE4:\n"
 195       "BL      sub_FF873944\n"
 196       "B       loc_FF871054\n"
 197 "loc_FF870FEC:\n"
 198       "BL      sub_FF8739B8\n"
 199       "B       loc_FF871054\n"
 200 "loc_FF870FF4:\n"
 201       "LDR     R0, [R0, #0xC]\n"
 202       "BL      sub_FF963E88\n"
 203       "B       loc_FF871054\n"
 204 "loc_FF871000:\n"
 205       "BL      sub_FF963EF8\n"
 206       "B       loc_FF871054\n"
 207 "loc_FF871008:\n"
 208       "BL      sub_FF873A20\n"
 209       "BL      sub_FF8739D8\n"
 210       "B       loc_FF871054\n"
 211 "loc_FF871014:\n"
 212       "MOV     R0, #1\n"
 213       "BL      sub_FF964F60\n"
 214       "MOV     R0, #1\n"
 215       "BL      sub_FF965088\n"
 216       "LDRH    R0, [R4, #0x9C]\n"
 217       "CMP     R0, #4\n"
 218       "LDRNEH  R0, [R4]\n"
 219       "SUBNE   R1, R0, #0x8200\n"
 220       "SUBNES  R1, R1, #0x2E\n"
 221       "BNE     loc_FF871054\n"
 222       "BL      sub_FF8739B8\n"
 223       "BL      sub_FF873E7C\n"
 224       "B       loc_FF871054\n"
 225 "loc_FF871048:\n"
 226       "LDR     R1, =0x5F4\n"
 227       "LDR     R0, =0xFF87091C \n" // "SsShootTask.c"
 228       "BL      _DebugAssert \n"
 229 "loc_FF871054:\n"
 230       "LDR     R0, [SP]\n"
 231       "LDR     R1, [R0, #4]\n"
 232       "LDR     R0, [R7]\n"
 233       "BL      sub_003FAC6C\n"
 234       "LDR     R5, [SP]\n"
 235       "LDR     R0, [R5, #8]\n"
 236       "CMP     R0, #0\n"
 237       "LDREQ   R1, =0x117\n"
 238       "LDREQ   R0, =0xFF87091C \n" // "SsShootTask.c"
 239       "BLEQ    _DebugAssert \n"
 240       "STR     R6, [R5, #8]\n"
 241       "B       loc_FF870DC0\n"
 242         );
 243 }
 244 
 245 
 246 //** sub_FF9646A0_my  @ 0xFF96472C
 247 void __attribute__((naked,noinline)) sub_FF96472C_my(  ) {
 248 asm volatile (
 249       "STMFD   SP!, {R4-R6,LR}\n"
 250       "LDR     R5, =0x36D9C\n"
 251       "MOV     R6, R0\n"
 252       "LDR     R0, [R5, #0x28]\n"
 253       "MOV     R4, #0\n"
 254       "CMP     R0, #0\n"
 255       "BNE     loc_FF96475C\n"
 256       "MOV     R0, #0xC\n"
 257       "BL      sub_FF87551C\n"
 258       "TST     R0, #1\n"
 259       "MOVNE   R0, #1\n"
 260       "LDMNEFD SP!, {R4-R6,PC}\n"
 261 "loc_FF96475C:\n"
 262       "BL      sub_FF8715B8\n"
 263       "LDR     R0, [R5, #0x28]\n"
 264       "CMP     R0, #0\n"
 265       "BNE     loc_FF9647AC\n"
 266       "MOV     R0, R6\n"
 267       "BL      sub_FF963FE8\n"
 268       "TST     R0, #1\n"
 269       "LDMNEFD SP!, {R4-R6,PC}\n"
 270       "MOV     R0, R6\n"
 271       "BL      sub_FF96437C\n"
 272       "BL      sub_FF964D40\n"
 273 //begin patch
 274       "BL      wait_until_remote_button_is_released\n"
 275       "BL      capt_seq_hook_set_nr\n"
 276 //end patch
 277       "MOV     R0, #2\n"
 278       "BL      sub_FF876C34\n"
 279       "LDR     R0, [R5, #0x8C]\n"
 280       "TST     R0, #0x10\n"
 281       "BNE     loc_FF9647BC\n"
 282       "MOV     R0, R6\n"
 283       "BL      sub_FFA72A70\n"
 284 //      "BL      sub_FFA72A70_my\n" //This function calls "SsStandardCaptureSeq.c"
 285       "MOV     R4, R0\n"
 286       "B       loc_FF9647C0\n"
 287 "loc_FF9647AC:\n"
 288       "LDR     R0, =0x684C\n"
 289       "LDR     R0, [R0]\n"
 290       "CMP     R0, #0\n"
 291       "BEQ     loc_FF9647C0\n"
 292 "loc_FF9647BC:\n"
 293       "MOV     R4, #0x1D\n"
 294 "loc_FF9647C0:\n"
 295       "MOV     R0, R4\n"
 296       "LDMFD   SP!, {R4-R6,PC}\n"
 297         );
 298 }
 299 
 300 
 301 //** exp_drv_task  @ 0xFF8AFB60 
 302 
 303 void __attribute__((naked,noinline)) exp_drv_task(  ) { 
 304 asm volatile (
 305       "STMFD   SP!, {R4-R9,LR}\n"
 306       "SUB     SP, SP, #0x2C\n"
 307       "LDR     R6, =0x3DDC\n"
 308       "LDR     R7, =0xBB8\n"
 309       "LDR     R4, =0x53D4C\n"
 310       "MOV     R0, #0\n"
 311       "ADD     R5, SP, #0x1C\n"
 312       "STR     R0, [SP, #0xC]\n"
 313 "loc_FF8AFB80:\n"
 314       "LDR     R0, [R6, #0x20]\n"
 315       "MOV     R2, #0\n"
 316       "ADD     R1, SP, #0x28\n"
 317       "BL      sub_003F7218\n"
 318       "LDR     R0, [SP, #0xC]\n"
 319       "CMP     R0, #1\n"
 320       "BNE     loc_FF8AFBCC\n"
 321       "LDR     R0, [SP, #0x28]\n"
 322       "LDR     R0, [R0]\n"
 323       "CMP     R0, #0x14\n"
 324       "CMPNE   R0, #0x15\n"
 325       "CMPNE   R0, #0x16\n"
 326       "CMPNE   R0, #0x17\n"
 327       "BEQ     loc_FF8AFD2C\n"
 328       "CMP     R0, #0x2A\n"
 329       "BEQ     loc_FF8AFCB4\n"
 330       "ADD     R1, SP, #0xC\n"
 331       "MOV     R0, #0\n"
 332       "BL      sub_FF8AFB10\n"
 333 "loc_FF8AFBCC:\n"
 334       "LDR     R0, [SP, #0x28]\n"
 335       "LDR     R1, [R0]\n"
 336       "CMP     R1, #0x30\n"
 337       "BNE     loc_FF8AFBF8\n"
 338       "BL      sub_FF8B0F40\n"
 339       "LDR     R0, [R6, #0x1C]\n"
 340       "MOV     R1, #1\n"
 341       "BL      sub_003FAC6C\n"
 342       "BL      _ExitTask \n"
 343       "ADD     SP, SP, #0x2C\n"
 344       "LDMFD   SP!, {R4-R9,PC}\n"
 345 "loc_FF8AFBF8:\n"
 346       "CMP     R1, #0x2F\n"
 347       "BNE     loc_FF8AFC14\n"
 348       "LDR     R2, [R0, #0x8C]!\n"
 349       "LDR     R1, [R0, #4]\n"
 350       "MOV     R0, R1\n"
 351       "BLX     R2\n"
 352       "B       loc_FF8B01E8\n"
 353 "loc_FF8AFC14:\n"
 354       "CMP     R1, #0x28\n"
 355       "BNE     loc_FF8AFC64\n"
 356       "LDR     R0, [R6, #0x1C]\n"
 357       "MOV     R1, #0x80\n"
 358       "BL      sub_003FACA0\n"
 359       "LDR     R0, =0xFF8AB474\n"
 360       "MOV     R1, #0x80\n"
 361       "BL      sub_FF9559C0\n"
 362       "LDR     R0, [R6, #0x1C]\n"
 363       "MOV     R2, R7\n"
 364       "MOV     R1, #0x80\n"
 365       "BL      sub_003FABAC\n"
 366       "TST     R0, #1\n"
 367       "LDRNE   R1, =0x157A\n"
 368       "BNE     loc_FF8AFD20\n"
 369 "loc_FF8AFC50:\n"
 370       "LDR     R1, [SP, #0x28]\n"
 371       "LDR     R0, [R1, #0x90]\n"
 372       "LDR     R1, [R1, #0x8C]\n"
 373       "BLX     R1\n"
 374       "B       loc_FF8B01E8\n"
 375 "loc_FF8AFC64:\n"
 376       "CMP     R1, #0x29\n"
 377       "BNE     loc_FF8AFCAC\n"
 378       "ADD     R1, SP, #0xC\n"
 379       "BL      sub_FF8AFB10\n"
 380       "LDR     R0, [R6, #0x1C]\n"
 381       "MOV     R1, #0x100\n"
 382       "BL      sub_003FACA0\n"
 383       "LDR     R0, =0xFF8AB484\n"
 384       "MOV     R1, #0x100\n"
 385       "BL      sub_FF955B60\n"
 386       "LDR     R0, [R6, #0x1C]\n"
 387       "MOV     R2, R7\n"
 388       "MOV     R1, #0x100\n"
 389       "BL      sub_003FABAC\n"
 390       "TST     R0, #1\n"
 391       "BEQ     loc_FF8AFC50\n"
 392       "LDR     R1, =0x1584\n"
 393       "B       loc_FF8AFD20\n"
 394 "loc_FF8AFCAC:\n"
 395       "CMP     R1, #0x2A\n"
 396       "BNE     loc_FF8AFCC4\n"
 397 "loc_FF8AFCB4:\n"
 398       "LDR     R0, [SP, #0x28]\n"
 399       "ADD     R1, SP, #0xC\n"
 400       "BL      sub_FF8AFB10\n"
 401       "B       loc_FF8AFC50\n"
 402 "loc_FF8AFCC4:\n"
 403       "CMP     R1, #0x2D\n"
 404       "BNE     loc_FF8AFCDC\n"
 405       "BL      sub_FF89C6CC\n"
 406       "BL      sub_FF89D3B4\n"
 407       "BL      sub_FF89CF1C\n"
 408       "B       loc_FF8AFC50\n"
 409 "loc_FF8AFCDC:\n"
 410       "CMP     R1, #0x2E\n"
 411       "BNE     loc_FF8AFD2C\n"
 412       "LDR     R0, [R6, #0x1C]\n"
 413       "MOV     R1, #4\n"
 414       "BL      sub_003FACA0\n"
 415       "LDR     R1, =0xFF8AB4A4\n"
 416       "LDR     R0, =0xFFFFF400\n"
 417       "MOV     R2, #4\n"
 418       "BL      sub_FF89C11C\n"
 419       "BL      sub_FF89C3AC\n"
 420       "LDR     R0, [R6, #0x1C]\n"
 421       "MOV     R2, R7\n"
 422       "MOV     R1, #4\n"
 423       "BL      sub_003FAAC8\n"
 424       "TST     R0, #1\n"
 425       "BEQ     loc_FF8AFC50\n"
 426       "LDR     R1, =0x15AC\n"
 427 "loc_FF8AFD20:\n"
 428       "LDR     R0, =0xFF8ABB98\n"
 429       "BL      _DebugAssert \n"
 430       "B       loc_FF8AFC50\n"
 431 "loc_FF8AFD2C:\n"
 432       "LDR     R0, [SP, #0x28]\n"
 433       "MOV     R8, #1\n"
 434       "LDR     R1, [R0]\n"
 435       "CMP     R1, #0x12\n"
 436       "CMPNE   R1, #0x13\n"
 437       "BNE     loc_FF8AFD94\n"
 438       "LDR     R1, [R0, #0x7C]\n"
 439       "ADD     R1, R1, R1, LSL #1\n"
 440       "ADD     R1, R0, R1, LSL #2\n"
 441       "SUB     R1, R1, #8\n"
 442       "LDMIA   R1, {R2,R3,R9}\n"
 443       "STMIA   R5, {R2,R3,R9}\n"
 444       "BL      sub_FF8AE0B0\n"
 445       "LDR     R0, [SP, #0x28]\n"
 446       "LDR     R1, [R0, #0x7C]\n"
 447       "LDR     R3, [R0, #0x8C]\n"
 448       "LDR     R2, [R0, #0x90]\n"
 449       "ADD     R0, R0, #4\n"
 450       "BLX     R3\n"
 451       "LDR     R0, [SP, #0x28]\n"
 452       "BL      sub_FF8B1344\n"
 453       "LDR     R0, [SP, #0x28]\n"
 454       "LDR     R1, [R0, #0x7C]\n"
 455       "LDR     R2, [R0, #0x98]\n"
 456       "LDR     R3, [R0, #0x94]\n"
 457       "B       loc_FF8B00AC\n"
 458 "loc_FF8AFD94:\n"
 459       "CMP     R1, #0x14\n"
 460       "CMPNE   R1, #0x15\n"
 461       "CMPNE   R1, #0x16\n"
 462       "CMPNE   R1, #0x17\n"
 463       "BNE     loc_FF8AFE4C\n"
 464       "ADD     R3, SP, #0xC\n"
 465       "MOV     R2, SP\n"
 466       "ADD     R1, SP, #0x1C\n"
 467       "BL      sub_FF8AE310\n"
 468       "CMP     R0, #1\n"
 469       "MOV     R9, R0\n"
 470       "CMPNE   R9, #5\n"
 471       "BNE     loc_FF8AFDE8\n"
 472       "LDR     R0, [SP, #0x28]\n"
 473       "MOV     R2, R9\n"
 474       "LDR     R1, [R0, #0x7C]!\n"
 475       "LDR     R12, [R0, #0x10]!\n"
 476       "LDR     R3, [R0, #4]\n"
 477       "MOV     R0, SP\n"
 478       "BLX     R12\n"
 479       "B       loc_FF8AFE20\n"
 480 "loc_FF8AFDE8:\n"
 481       "LDR     R0, [SP, #0x28]\n"
 482       "CMP     R9, #2\n"
 483       "LDR     R3, [R0, #0x90]\n"
 484       "CMPNE   R9, #6\n"
 485       "BNE     loc_FF8AFE34\n"
 486       "LDR     R12, [R0, #0x8C]\n"
 487       "MOV     R2, R9\n"
 488       "MOV     R1, #1\n"
 489       "MOV     R0, SP\n"
 490       "BLX     R12\n"
 491       "LDR     R0, [SP, #0x28]\n"
 492       "MOV     R2, SP\n"
 493       "ADD     R1, SP, #0x1C\n"
 494       "BL      sub_FF8AF800\n"
 495 "loc_FF8AFE20:\n"
 496       "LDR     R0, [SP, #0x28]\n"
 497       "LDR     R2, [SP, #0xC]\n"
 498       "MOV     R1, R9\n"
 499       "BL      sub_FF8AFA50\n"
 500       "B       loc_FF8B00B4\n"
 501 "loc_FF8AFE34:\n"
 502       "LDR     R1, [R0, #0x7C]\n"
 503       "LDR     R12, [R0, #0x8C]\n"
 504       "MOV     R2, R9\n"
 505       "ADD     R0, R0, #4\n"
 506       "BLX     R12\n"
 507       "B       loc_FF8B00B4\n"
 508 "loc_FF8AFE4C:\n"
 509       "CMP     R1, #0x24\n"
 510       "CMPNE   R1, #0x25\n"
 511       "BNE     loc_FF8AFE98\n"
 512       "LDR     R1, [R0, #0x7C]\n"
 513       "ADD     R1, R1, R1, LSL #1\n"
 514       "ADD     R1, R0, R1, LSL #2\n"
 515       "SUB     R1, R1, #8\n"
 516       "LDMIA   R1, {R2,R3,R9}\n"
 517       "STMIA   R5, {R2,R3,R9}\n"
 518       "BL      sub_FF8AD09C\n"
 519       "LDR     R0, [SP, #0x28]\n"
 520       "LDR     R1, [R0, #0x7C]\n"
 521       "LDR     R3, [R0, #0x8C]\n"
 522       "LDR     R2, [R0, #0x90]\n"
 523       "ADD     R0, R0, #4\n"
 524       "BLX     R3\n"
 525       "LDR     R0, [SP, #0x28]\n"
 526       "BL      sub_FF8AD4DC\n"
 527       "B       loc_FF8B00B4\n"
 528 "loc_FF8AFE98:\n"
 529       "ADD     R1, R0, #4\n"
 530       "LDMIA   R1, {R2,R3,R9}\n"
 531       "STMIA   R5, {R2,R3,R9}\n"
 532       "LDR     R1, [R0]\n"
 533       "CMP     R1, #0x28\n"
 534       "ADDCC   PC, PC, R1, LSL #2\n"
 535       "B       loc_FF8B009C\n"
 536       "B       loc_FF8AFF54\n"
 537       "B       loc_FF8AFF54\n"
 538       "B       loc_FF8AFF5C\n"
 539       "B       loc_FF8AFF64\n"
 540       "B       loc_FF8AFF64\n"
 541       "B       loc_FF8AFF64\n"
 542       "B       loc_FF8AFF54\n"
 543       "B       loc_FF8AFF5C\n"
 544       "B       loc_FF8AFF64\n"
 545       "B       loc_FF8AFF64\n"
 546       "B       loc_FF8AFF7C\n"
 547       "B       loc_FF8AFF7C\n"
 548       "B       loc_FF8B0088\n"
 549       "B       loc_FF8B0090\n"
 550       "B       loc_FF8B0090\n"
 551       "B       loc_FF8B0090\n"
 552       "B       loc_FF8B0090\n"
 553       "B       loc_FF8B0098\n"
 554       "B       loc_FF8B009C\n"
 555       "B       loc_FF8B009C\n"
 556       "B       loc_FF8B009C\n"
 557       "B       loc_FF8B009C\n"
 558       "B       loc_FF8B009C\n"
 559       "B       loc_FF8B009C\n"
 560       "B       loc_FF8AFF6C\n"
 561       "B       loc_FF8AFF74\n"
 562       "B       loc_FF8AFF74\n"
 563       "B       loc_FF8AFF74\n"
 564       "B       loc_FF8AFF88\n"
 565       "B       loc_FF8AFF88\n"
 566       "B       loc_FF8AFF90\n"
 567       "B       loc_FF8AFFC8\n"
 568       "B       loc_FF8B0000\n"
 569       "B       loc_FF8B0038\n"
 570       "B       loc_FF8B0070\n"
 571       "B       loc_FF8B0070\n"
 572       "B       loc_FF8B009C\n"
 573       "B       loc_FF8B009C\n"
 574       "B       loc_FF8B0078\n"
 575       "B       loc_FF8B0080\n"
 576 "loc_FF8AFF54:\n"
 577       "BL      sub_FF8ABA1C\n"
 578       "B       loc_FF8B009C\n"
 579 "loc_FF8AFF5C:\n"
 580       "BL      sub_FF8ABCC0\n"
 581       "B       loc_FF8B009C\n"
 582 "loc_FF8AFF64:\n"
 583       "BL      sub_FF8ABEE8\n"
 584       "B       loc_FF8B009C\n"
 585 "loc_FF8AFF6C:\n"
 586       "BL      sub_FF8AC20C\n"
 587       "B       loc_FF8B009C\n"
 588 "loc_FF8AFF74:\n"
 589       "BL      sub_FF8AC424\n"
 590       "B       loc_FF8B009C\n"
 591 "loc_FF8AFF7C:\n"
 592 //      "BL      sub_FF8AC7D0\n"  //original
 593       "BL      sub_FF8AC7D0_my\n" //patched
 594       "MOV     R8, #0\n"
 595       "B       loc_FF8B009C\n"
 596 "loc_FF8AFF88:\n"
 597       "BL      sub_FF8AC910\n"
 598       "B       loc_FF8B009C\n"
 599 "loc_FF8AFF90:\n"
 600       "LDRH    R1, [R0, #4]\n"
 601       "STRH    R1, [SP, #0x1C]\n"
 602       "LDRH    R1, [R4, #2]\n"
 603       "STRH    R1, [SP, #0x1E]\n"
 604       "LDRH    R1, [R4, #4]\n"
 605       "STRH    R1, [SP, #0x20]\n"
 606       "LDRH    R1, [R4, #6]\n"
 607       "STRH    R1, [SP, #0x22]\n"
 608       "LDRH    R1, [R0, #0xC]\n"
 609       "STRH    R1, [SP, #0x24]\n"
 610       "LDRH    R1, [R4, #0xA]\n"
 611       "STRH    R1, [SP, #0x26]\n"
 612       "BL      sub_FF8B0FD4\n"
 613       "B       loc_FF8B009C\n"
 614 "loc_FF8AFFC8:\n"
 615       "LDRH    R1, [R0, #4]\n"
 616       "STRH    R1, [SP, #0x1C]\n"
 617       "LDRH    R1, [R4, #2]\n"
 618       "STRH    R1, [SP, #0x1E]\n"
 619       "LDRH    R1, [R4, #4]\n"
 620       "STRH    R1, [SP, #0x20]\n"
 621       "LDRH    R1, [R4, #6]\n"
 622       "STRH    R1, [SP, #0x22]\n"
 623       "LDRH    R1, [R4, #8]\n"
 624       "STRH    R1, [SP, #0x24]\n"
 625       "LDRH    R1, [R4, #0xA]\n"
 626       "STRH    R1, [SP, #0x26]\n"
 627       "BL      sub_FF8B1144\n"
 628       "B       loc_FF8B009C\n"
 629 "loc_FF8B0000:\n"
 630       "LDRH    R1, [R4]\n"
 631       "STRH    R1, [SP, #0x1C]\n"
 632       "LDRH    R1, [R0, #6]\n"
 633       "STRH    R1, [SP, #0x1E]\n"
 634       "LDRH    R1, [R4, #4]\n"
 635       "STRH    R1, [SP, #0x20]\n"
 636       "LDRH    R1, [R4, #6]\n"
 637       "STRH    R1, [SP, #0x22]\n"
 638       "LDRH    R1, [R4, #8]\n"
 639       "STRH    R1, [SP, #0x24]\n"
 640       "LDRH    R1, [R4, #0xA]\n"
 641       "STRH    R1, [SP, #0x26]\n"
 642       "BL      sub_FF8B11F8\n"
 643       "B       loc_FF8B009C\n"
 644 "loc_FF8B0038:\n"
 645       "LDRH    R1, [R4]\n"
 646       "STRH    R1, [SP, #0x1C]\n"
 647       "LDRH    R1, [R4, #2]\n"
 648       "STRH    R1, [SP, #0x1E]\n"
 649       "LDRH    R1, [R4, #4]\n"
 650       "STRH    R1, [SP, #0x20]\n"
 651       "LDRH    R1, [R4, #6]\n"
 652       "STRH    R1, [SP, #0x22]\n"
 653       "LDRH    R1, [R0, #0xC]\n"
 654       "STRH    R1, [SP, #0x24]\n"
 655       "LDRH    R1, [R4, #0xA]\n"
 656       "STRH    R1, [SP, #0x26]\n"
 657       "BL      sub_FF8B12A0\n"
 658       "B       loc_FF8B009C\n"
 659 "loc_FF8B0070:\n"
 660       "BL      sub_FF8ACE50\n"
 661       "B       loc_FF8B009C\n"
 662 "loc_FF8B0078:\n"
 663       "BL      sub_FF8AD5E0\n"
 664       "B       loc_FF8B009C\n"
 665 "loc_FF8B0080:\n"
 666       "BL      sub_FF8AD8C4\n"
 667       "B       loc_FF8B009C\n"
 668 "loc_FF8B0088:\n"
 669       "BL      sub_FF8ADB84\n"
 670       "B       loc_FF8B009C\n"
 671 "loc_FF8B0090:\n"
 672       "BL      sub_FF8ADD40\n"
 673       "B       loc_FF8B009C\n"
 674 "loc_FF8B0098:\n"
 675       "BL      sub_FF8ADEA8\n"
 676 "loc_FF8B009C:\n"
 677       "LDR     R0, [SP, #0x28]\n"
 678       "LDR     R1, [R0, #0x7C]\n"
 679       "LDR     R2, [R0, #0x90]\n"
 680       "LDR     R3, [R0, #0x8C]\n"
 681 "loc_FF8B00AC:\n"
 682       "ADD     R0, R0, #4\n"
 683       "BLX     R3\n"
 684 "loc_FF8B00B4:\n"
 685       "LDR     R0, [SP, #0x28]\n"
 686       "LDR     R0, [R0]\n"
 687       "CMP     R0, #0x10\n"
 688       "BEQ     loc_FF8B00EC\n"
 689       "BGT     loc_FF8B00DC\n"
 690       "CMP     R0, #1\n"
 691       "CMPNE   R0, #4\n"
 692       "CMPNE   R0, #0xE\n"
 693       "BNE     loc_FF8B0120\n"
 694       "B       loc_FF8B00EC\n"
 695 "loc_FF8B00DC:\n"
 696       "CMP     R0, #0x13\n"
 697       "CMPNE   R0, #0x17\n"
 698       "CMPNE   R0, #0x1A\n"
 699       "BNE     loc_FF8B0120\n"
 700 "loc_FF8B00EC:\n"
 701       "LDRSH   R0, [R4]\n"
 702       "CMN     R0, #0xC00\n"
 703       "LDRNESH R1, [R4, #8]\n"
 704       "CMNNE   R1, #0xC00\n"
 705       "STRNEH  R0, [SP, #0x1C]\n"
 706       "STRNEH  R1, [SP, #0x24]\n"
 707       "BNE     loc_FF8B0120\n"
 708       "ADD     R0, SP, #0x10\n"
 709       "BL      sub_FF8B1550\n"
 710       "LDRH    R0, [SP, #0x10]\n"
 711       "STRH    R0, [SP, #0x1C]\n"
 712       "LDRH    R0, [SP, #0x18]\n"
 713       "STRH    R0, [SP, #0x24]\n"
 714 "loc_FF8B0120:\n"
 715       "LDR     R0, [SP, #0x28]\n"
 716       "CMP     R8, #1\n"
 717       "BNE     loc_FF8B0170\n"
 718       "LDR     R1, [R0, #0x7C]\n"
 719       "MOV     R2, #0xC\n"
 720       "ADD     R1, R1, R1, LSL #1\n"
 721       "ADD     R0, R0, R1, LSL #2\n"
 722       "SUB     R8, R0, #8\n"
 723       "LDR     R0, =0x53D4C\n"
 724       "ADD     R1, SP, #0x1C\n"
 725       "BL      sub_003FC17C\n"
 726       "LDR     R0, =0x53D58\n"
 727       "MOV     R2, #0xC\n"
 728       "ADD     R1, SP, #0x1C\n"
 729       "BL      sub_003FC17C\n"
 730       "LDR     R0, =0x53D64\n"
 731       "MOV     R2, #0xC\n"
 732       "MOV     R1, R8\n"
 733       "BL      sub_003FC17C\n"
 734       "B       loc_FF8B01E8\n"
 735 "loc_FF8B0170:\n"
 736       "LDR     R0, [R0]\n"
 737       "MOV     R3, #1\n"
 738       "CMP     R0, #0xB\n"
 739       "BNE     loc_FF8B01B4\n"
 740       "MOV     R2, #0\n"
 741       "STRD    R2, [SP]\n"
 742       "MOV     R2, R3\n"
 743       "MOV     R1, R3\n"
 744       "MOV     R0, #0\n"
 745       "BL      sub_FF8AB7FC\n"
 746       "MOV     R3, #1\n"
 747       "MOV     R2, #0\n"
 748       "STRD    R2, [SP]\n"
 749       "MOV     R2, R3\n"
 750       "MOV     R1, R3\n"
 751       "MOV     R0, #0\n"
 752       "B       loc_FF8B01E4\n"
 753 "loc_FF8B01B4:\n"
 754       "MOV     R2, #1\n"
 755       "STRD    R2, [SP]\n"
 756       "MOV     R3, R2\n"
 757       "MOV     R1, R2\n"
 758       "MOV     R0, R2\n"
 759       "BL      sub_FF8AB7FC\n"
 760       "MOV     R3, #1\n"
 761       "MOV     R2, R3\n"
 762       "MOV     R1, R3\n"
 763       "MOV     R0, R3\n"
 764       "STR     R3, [SP]\n"
 765       "STR     R3, [SP, #4]\n"
 766 "loc_FF8B01E4:\n"
 767       "BL      sub_FF8AB968\n"
 768 "loc_FF8B01E8:\n"
 769       "LDR     R0, [SP, #0x28]\n"
 770       "BL      sub_FF8B0F40\n"
 771       "B       loc_FF8AFB80\n"
 772         );
 773 }
 774 
 775 
 776 //** sub_FF8AC74C_my  @ 0xFF8AC7D0 
 777 
 778 void __attribute__((naked,noinline)) sub_FF8AC7D0_my(  ) {
 779 asm volatile (
 780       "STMFD   SP!, {R4-R8,LR}\n"
 781       "LDR     R7, =0x3DDC\n"
 782       "MOV     R4, R0\n"
 783       "LDR     R0, [R7, #0x1C]\n"
 784       "MOV     R1, #0x3E\n"
 785       "BL      sub_003FACA0\n"
 786       "MOV     R2, #0\n"
 787       "LDRSH   R0, [R4, #4]\n"
 788       "MOV     R1, R2\n"
 789       "BL      sub_FF8AB504\n"
 790       "MOV     R6, R0\n"
 791       "LDRSH   R0, [R4, #6]\n"
 792       "BL      sub_FF8AB654\n"
 793       "LDRSH   R0, [R4, #8]\n"
 794       "BL      sub_FF8AB6AC\n"
 795       "LDRSH   R0, [R4, #0xA]\n"
 796       "BL      sub_FF8AB704\n"
 797       "LDRSH   R0, [R4, #0xC]\n"
 798       "MOV     R1, #0\n"
 799       "BL      sub_FF8AB75C\n"
 800       "MOV     R5, R0\n"
 801       "LDR     R0, [R4]\n"
 802       "LDR     R8, =0x53D64\n"
 803       "CMP     R0, #0xB\n"
 804       "MOVEQ   R6, #0\n"
 805       "MOVEQ   R5, R6\n"
 806       "BEQ     loc_FF8AC864\n"
 807       "CMP     R6, #1\n"
 808       "BNE     loc_FF8AC864\n"
 809       "LDRSH   R0, [R4, #4]\n"
 810       "LDR     R1, =0xFF8AB464\n"
 811       "MOV     R2, #2\n"
 812       "BL      sub_FF955A44\n"
 813       "STRH    R0, [R4, #4]\n"
 814       "MOV     R0, #0\n"
 815       "STR     R0, [R7, #0x28]\n"
 816       "B       loc_FF8AC86C\n"
 817 "loc_FF8AC864:\n"
 818       "LDRH    R0, [R8]\n"
 819       "STRH    R0, [R4, #4]\n"
 820 "loc_FF8AC86C:\n"
 821       "CMP     R5, #1\n"
 822       "LDRNEH  R0, [R8, #8]\n"
 823       "BNE     loc_FF8AC888\n"
 824       "LDRSH   R0, [R4, #0xC]\n"
 825       "LDR     R1, =0xFF8AB4E8\n"
 826       "MOV     R2, #0x20\n"
 827       "BL      sub_FF8B0F90\n"
 828 "loc_FF8AC888:\n"
 829       "STRH    R0, [R4, #0xC]\n"
 830       "LDRSH   R0, [R4, #6]\n"
 831 //      "BL      sub_FF89C418\n"  //original
 832       "BL      sub_FF89C418_my\n" //patch
 833       "B       sub_FF8AC894 \n" // continue in firmware
 834         );
 835 }
 836 
 837 
 838 //** sub_FF89C418_my  @ 0xFF89C418 
 839 
 840 void __attribute__((naked,noinline)) sub_FF89C418_my(  ) { 
 841 asm volatile (
 842       "STMFD   SP!, {R4-R6,LR}\n"
 843       "LDR     R5, =0x3A68\n"
 844       "MOV     R4, R0\n"
 845       "LDR     R0, [R5, #4]\n"
 846       "CMP     R0, #1\n"
 847       "LDRNE   R1, =0x14D\n"
 848       "LDRNE   R0, =0xFF89C250\n"
 849       "BLNE    _DebugAssert \n"
 850       "CMN     R4, #0xC00\n"
 851       "LDREQSH R4, [R5, #2]\n"
 852       "CMN     R4, #0xC00\n"
 853       "LDREQ   R1, =0x153\n"
 854       "LDREQ   R0, =0xFF89C250\n"
 855       "STRH    R4, [R5, #2]\n"
 856       "BLEQ    _DebugAssert \n"
 857       "MOV     R0, R4\n"
 858 //      "BL      _apex2us \n" //original apex2us function
 859       "BL      apex2us \n"    //patch
 860       "MOV     R4, R0\n"
 861       "BL      sub_FF8EA614\n"
 862       "MOV     R0, R4\n"
 863       "BL      sub_FF8F2E1C\n"
 864       "TST     R0, #1\n"
 865       "LDMEQFD SP!, {R4-R6,PC}\n"
 866       "LDMFD   SP!, {R4-R6,LR}\n"
 867       "MOV     R1, #0x158\n"
 868       "LDR     R0, =0xFF89C250\n"
 869       "B       _DebugAssert \n"
 870         );
 871 }

/* [<][>][^][v][top][bottom][index][help] */