This source file includes following definitions.
- taskHook
- boot
- sub_FF810380_my
- sub_FF8111D8_my
- sub_FF814288_my
- sub_FF81A6D0_my
- taskcreate_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- CreateTask_spytask
- init_file_modules_task
1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4 #include "dryos31.h"
5 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
6
7 const char * const new_sa = &_end;
8
9 void CreateTask_PhySw();
10 void CreateTask_spytask();
11
12 extern void task_CaptSeq();
13 extern void task_InitFileModules();
14 extern void task_MovieRecord();
15 extern void task_ExpDrv();
16 extern void task_PhySw();
17 extern void task_FileWrite();
18
19 void taskHook(context_t **context) {
20
21 task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
22
23 if(tcb->entry == (void*)task_PhySw) tcb->entry = (void*)mykbd_task;
24 if(tcb->entry == (void*)task_CaptSeq) tcb->entry = (void*)capt_seq_task;
25 if(tcb->entry == (void*)task_InitFileModules) tcb->entry = (void*)init_file_modules_task;
26 if(tcb->entry == (void*)task_MovieRecord) tcb->entry = (void*)movie_record_task;
27 if(tcb->entry == (void*)task_ExpDrv) tcb->entry = (void*)exp_drv_task;
28 if(tcb->entry == (void*)task_FileWrite) tcb->entry = (void*)filewritetask;
29 }
30
31 #define LED_GREEN 0xC0220120
32
33
34
35 void __attribute__((naked,noinline)) boot( ) {
36 asm volatile (
37 "LDR R1, =0xC0410000 \n"
38 "MOV R0, #0 \n"
39 "STR R0, [R1] \n"
40 "MOV R1, #0x78 \n"
41 "MCR p15, 0, R1, c1, c0 \n"
42 "MOV R1, #0 \n"
43 "MCR p15, 0, R1, c7, c10, 4 \n"
44 "MCR p15, 0, R1, c7, c5 \n"
45 "MCR p15, 0, R1, c7, c6 \n"
46 "MOV R0, #0x3D \n"
47 "MCR p15, 0, R0, c6, c0 \n"
48 "MOV R0, #0xC000002F \n"
49 "MCR p15, 0, R0, c6, c1 \n"
50 "MOV R0, #0x33 \n"
51 "MCR p15, 0, R0, c6, c2 \n"
52 "MOV R0, #0x40000033 \n"
53 "MCR p15, 0, R0, c6, c3 \n"
54 "MOV R0, #0x80000017 \n"
55 "MCR p15, 0, R0, c6, c4 \n"
56 "LDR R0, =0xFF80002D \n"
57 "MCR p15, 0, R0, c6, c5 \n"
58 "MOV R0, #0x34 \n"
59 "MCR p15, 0, R0, c2, c0 \n"
60 "MOV R0, #0x34 \n"
61 "MCR p15, 0, R0, c2, c0, 1 \n"
62 "MOV R0, #0x34 \n"
63 "MCR p15, 0, R0, c3, c0 \n"
64 "LDR R0, =0x3333330 \n"
65 "MCR p15, 0, R0, c5, c0, 2 \n"
66 "LDR R0, =0x3333330 \n"
67 "MCR p15, 0, R0, c5, c0, 3 \n"
68 "MRC p15, 0, R0, c1, c0 \n"
69 "ORR R0, R0, #0x1000 \n"
70 "ORR R0, R0, #4 \n"
71 "ORR R0, R0, #1 \n"
72 "MCR p15, 0, R0, c1, c0 \n"
73 "MOV R1, #0x80000006 \n"
74 "MCR p15, 0, R1, c9, c1 \n"
75 "MOV R1, #6 \n"
76 "MCR p15, 0, R1, c9, c1, 1 \n"
77 "MRC p15, 0, R1, c1, c0 \n"
78 "ORR R1, R1, #0x50000 \n"
79 "MCR p15, 0, R1, c1, c0 \n"
80 "LDR R2, =0xC0200000 \n"
81 "MOV R1, #1 \n"
82 "STR R1, [R2, #0x10C] \n"
83 "MOV R1, #0xFF \n"
84 "STR R1, [R2, #0xC] \n"
85 "STR R1, [R2, #0x1C] \n"
86 "STR R1, [R2, #0x2C] \n"
87 "STR R1, [R2, #0x3C] \n"
88 "STR R1, [R2, #0x4C] \n"
89 "STR R1, [R2, #0x5C] \n"
90 "STR R1, [R2, #0x6C] \n"
91 "STR R1, [R2, #0x7C] \n"
92 "STR R1, [R2, #0x8C] \n"
93 "STR R1, [R2, #0x9C] \n"
94 "STR R1, [R2, #0xAC] \n"
95 "STR R1, [R2, #0xBC] \n"
96 "STR R1, [R2, #0xCC] \n"
97 "STR R1, [R2, #0xDC] \n"
98 "STR R1, [R2, #0xEC] \n"
99 "STR R1, [R2, #0xFC] \n"
100 "LDR R1, =0xC0400008 \n"
101 "LDR R2, =0x430005 \n"
102 "STR R2, [R1] \n"
103 "MOV R1, #1 \n"
104 "LDR R2, =0xC0243100 \n"
105 "STR R2, [R1] \n"
106 "LDR R2, =0xC0242010 \n"
107 "LDR R1, [R2] \n"
108 "ORR R1, R1, #1 \n"
109 "STR R1, [R2] \n"
110 "LDR R0, =0xFFC02710 \n"
111 "LDR R1, =0x3F1000 \n"
112 "LDR R3, =0x4005D4 \n"
113 "loc_FF81013C:\n"
114 "CMP R1, R3 \n"
115 "LDRCC R2, [R0], #4 \n"
116 "STRCC R2, [R1], #4 \n"
117 "BCC loc_FF81013C \n"
118 "LDR R0, =0xFFBF7050 \n"
119 "LDR R1, =0x1900 \n"
120 "LDR R3, =0xCFC0 \n"
121 "loc_FF810158:\n"
122 "CMP R1, R3 \n"
123 "LDRCC R2, [R0], #4 \n"
124 "STRCC R2, [R1], #4 \n"
125 "BCC loc_FF810158 \n"
126 "LDR R1, =0x1585F0 \n"
127 "MOV R2, #0 \n"
128 "loc_FF810170:\n"
129 "CMP R3, R1 \n"
130 "STRCC R2, [R3], #4 \n"
131 "BCC loc_FF810170 \n"
132
133 "B sub_FF810380_my \n"
134 );
135 }
136
137
138
139
140 void __attribute__((naked,noinline)) sub_FF810380_my( ) {
141
142
143
144 *(int*)0x1934=(int)taskHook;
145 *(int*)0x1938=(int)taskHook;
146
147
148
149
150
151
152 if ((*(int*) 0xC02200F8) & 1)
153 *(int*)(0x2490+4) = 0x200000;
154 else
155 *(int*)(0x2490+4) = 0x100000;
156
157 asm volatile (
158 "LDR R0, =0xFF8103F8 \n"
159 "MOV R1, #0 \n"
160 "LDR R3, =0xFF810430 \n"
161 "loc_FF81038C:\n"
162 "CMP R0, R3 \n"
163 "LDRCC R2, [R0], #4 \n"
164 "STRCC R2, [R1], #4 \n"
165 "BCC loc_FF81038C \n"
166 "LDR R0, =0xFF810430 \n"
167 "MOV R1, #0x4B0 \n"
168 "LDR R3, =0xFF810644 \n"
169 "loc_FF8103A8:\n"
170 "CMP R0, R3 \n"
171 "LDRCC R2, [R0], #4 \n"
172 "STRCC R2, [R1], #4 \n"
173 "BCC loc_FF8103A8 \n"
174 "MOV R0, #0xD2 \n"
175 "MSR CPSR_cxsf, R0 \n"
176 "MOV SP, #0x1000 \n"
177 "MOV R0, #0xD3 \n"
178 "MSR CPSR_cxsf, R0 \n"
179 "MOV SP, #0x1000 \n"
180 "LDR R0, =0x6C4 \n"
181 "LDR R2, =0xEEEEEEEE \n"
182 "MOV R3, #0x1000 \n"
183 "loc_FF8103DC:\n"
184 "CMP R0, R3 \n"
185 "STRCC R2, [R0], #4 \n"
186 "BCC loc_FF8103DC \n"
187
188 "BL sub_FF8111D8_my \n"
189 );
190 }
191
192
193
194 void __attribute__((naked,noinline)) sub_FF8111D8_my( ) {
195 asm volatile (
196 "STR LR, [SP, #-4]! \n"
197 "SUB SP, SP, #0x74 \n"
198 "MOV R1, #0x74 \n"
199 "MOV R0, SP \n"
200 "BL sub_003FC448 \n"
201 "MOV R0, #0x57000 \n"
202 "STR R0, [SP, #4] \n"
203 #if defined(CHDK_NOT_IN_CANON_HEAP)
204 "LDR R0, =0x1585F0 \n"
205 #else
206 "LDR R0, =new_sa \n"
207 "LDR R0, [R0] \n"
208 #endif
209 "LDR R2, =0x2ED440 \n"
210 "STR R0, [SP, #8] \n"
211 "SUB R0, R2, R0 \n"
212 "STR R0, [SP, #0xC] \n"
213 "MOV R0, #0x22 \n"
214 "STR R0, [SP, #0x18] \n"
215 "MOV R0, #0x7C \n"
216 "STR R0, [SP, #0x1C] \n"
217 "LDR R1, =0x2F5C00 \n"
218 "LDR R0, =0x1CD \n"
219 "STR R1, [SP] \n"
220 "STR R0, [SP, #0x20] \n"
221 "MOV R0, #0x96 \n"
222 "STR R2, [SP, #0x10] \n"
223 "STR R1, [SP, #0x14] \n"
224 "STR R0, [SP, #0x24] \n"
225 "STR R0, [SP, #0x28] \n"
226 "MOV R0, #0x64 \n"
227 "STR R0, [SP, #0x2C] \n"
228 "MOV R0, #0 \n"
229 "STR R0, [SP, #0x30] \n"
230 "STR R0, [SP, #0x34] \n"
231 "MOV R0, #0x10 \n"
232 "STR R0, [SP, #0x5C] \n"
233 "MOV R0, #0x800 \n"
234 "STR R0, [SP, #0x60] \n"
235 "MOV R0, #0xA0 \n"
236 "STR R0, [SP, #0x64] \n"
237 "MOV R0, #0x280 \n"
238 "STR R0, [SP, #0x68] \n"
239
240 "LDR R1, =sub_FF814288_my \n"
241 "MOV R2, #0 \n"
242 "MOV R0, SP \n"
243 "BL sub_003F2778 \n"
244 "ADD SP, SP, #0x74 \n"
245 "LDR PC, [SP], #4 \n"
246 );
247 }
248
249
250
251 void __attribute__((naked,noinline)) sub_FF814288_my( ) {
252 asm volatile (
253 "STMFD SP!, {R4,LR} \n"
254 "BL sub_FF810B50 \n"
255 "BL sub_FF8151A4 \n"
256 "CMP R0, #0 \n"
257 "LDRLT R0, =0xFF81439C \n"
258 "BLLT _err_init_task \n"
259 "BL sub_FF813EC0 \n"
260 "CMP R0, #0 \n"
261 "LDRLT R0, =0xFF8143A4 \n"
262 "BLLT _err_init_task \n"
263 "LDR R0, =0xFF8143B4 \n"
264 "BL sub_FF813FA8 \n"
265 "CMP R0, #0 \n"
266 "LDRLT R0, =0xFF8143BC \n"
267 "BLLT _err_init_task \n"
268 "LDR R0, =0xFF8143B4 \n"
269 "BL sub_FF8129C8 \n"
270 "CMP R0, #0 \n"
271 "LDRLT R0, =0xFF8143D0 \n"
272 "BLLT _err_init_task \n"
273 "BL sub_FF814B40 \n"
274 "CMP R0, #0 \n"
275 "LDRLT R0, =0xFF8143DC \n"
276 "BLLT _err_init_task \n"
277 "BL sub_FF8116C8 \n"
278 "CMP R0, #0 \n"
279 "LDRLT R0, =0xFF8143E8 \n"
280 "BLLT _err_init_task \n"
281 "LDMFD SP!, {R4,LR} \n"
282
283 "B sub_FF81A6D0_my \n"
284 );
285 }
286
287
288
289
290 void __attribute__((naked,noinline)) sub_FF81A6D0_my( ) {
291 asm volatile (
292 "STMFD SP!, {R4,LR} \n"
293 "BL sub_FF82D6A8 \n"
294
295 "BL taskcreate_Startup_my \n"
296 "MOV R0, #0 \n"
297 "LDMFD SP!, {R4,PC} \n"
298 );
299 };
300
301
302
303 void __attribute__((naked,noinline)) taskcreate_Startup_my( ) {
304 asm volatile (
305 "STMFD SP!, {R3-R7,LR} \n"
306 "BL sub_FF834740 \n"
307 "LDR R6, =0xC0220000 \n"
308 "MOVS R4, R0 \n"
309 "MOV R5, #1 \n"
310 "BNE loc_FF81A734 \n"
311 "BL sub_FF82F104 \n"
312 "CMP R0, #0 \n"
313 "BEQ loc_FF81A734 \n"
314 "LDR R0, [R6, #0xFC] \n"
315 "BIC R1, R5, R0 \n"
316 "LDR R0, [R6, #0xF8] \n"
317 "BIC R0, R5, R0 \n"
318 "ORRS R2, R0, R1 \n"
319 "BNE loc_FF81A744 \n"
320 "BL sub_FF82CD0C \n"
321 "MOV R0, #0x44 \n"
322 "STR R0, [R6, #0x12C] \n"
323 "BL sub_FF82CE38 \n"
324 "loc_FF81A730:\n"
325 "B loc_FF81A730 \n"
326 "loc_FF81A734:\n"
327 "LDR R0, [R6, #0xF8] \n"
328 "LDR R1, [R6, #0xFC] \n"
329 "BIC R0, R5, R0 \n"
330 "BIC R1, R5, R1 \n"
331 "loc_FF81A744:\n"
332 "MOV R3, #0 \n"
333 "MOV R2, R4 \n"
334
335 "BL sub_FF82D6AC \n"
336 "BL sub_003F77E0 \n"
337 "LDR R1, =0x34E000 \n"
338 "MOV R0, #0 \n"
339 "BL sub_FF832D6C \n"
340 "BL sub_003F79F8 \n"
341 "MOV R3, #0 \n"
342 "STR R3, [SP] \n"
343
344 "LDR R3, =task_Startup_my \n"
345 "MOV R2, #0 \n"
346 "MOV R1, #0x19 \n"
347 "LDR R0, =0xFF81A798 \n"
348 "BL _CreateTask \n"
349 "MOV R0, #0 \n"
350 "LDMFD SP!, {R3-R7,PC} \n"
351 );
352 }
353
354
355
356
357 void __attribute__((naked,noinline)) task_Startup_my( ) {
358 asm volatile (
359 "STMFD SP!, {R4,LR} \n"
360 "BL sub_FF8148C8 \n"
361 "BL sub_FF82E7D0 \n"
362 "BL sub_FF82C98C \n"
363 "BL sub_FF834788 \n"
364 "BL sub_FF834974 \n"
365
366 "BL sub_FF834AF8 \n"
367 "BL sub_FF834CC4 \n"
368 "BL sub_FF834ABC \n"
369 "BL sub_FF8349A4 \n"
370 "BL sub_FF832CA0 \n"
371 "BL sub_FF834CCC \n"
372 "BL CreateTask_spytask \n"
373
374 "BL taskcreatePhySw_my \n"
375 "BL sub_FF83106C \n"
376 "BL sub_FF834CE4 \n"
377 "BL sub_FF82BA00 \n"
378 "BL sub_FF82C3B0 \n"
379 "BL sub_FF8344FC \n"
380 "BL sub_FF82C940 \n"
381 "BL sub_FF82C350 \n"
382 "BL sub_FF834AE8 \n"
383 "BL sub_FF835834 \n"
384 "BL sub_FF82C314 \n"
385 "LDMFD SP!, {R4,LR} \n"
386 "B sub_FF8149E8 \n"
387 );
388 }
389
390
391
392
393 void __attribute__((naked,noinline)) taskcreatePhySw_my( ) {
394 asm volatile (
395 "STMFD SP!, {R3-R5,LR} \n"
396 "LDR R4, =0x1BF8 \n"
397 "LDR R0, [R4, #4] \n"
398 "CMP R0, #0 \n"
399 "BNE loc_FF82D580 \n"
400 "MOV R3, #0 \n"
401 "STR R3, [SP] \n"
402 #if 1
403 "LDR R3, =mykbd_task \n"
404 "MOV R2, #0x2000 \n"
405 #else
406 "LDR R3, =0xFF82D518 \n"
407 "MOV R2, #0x800 \n"
408 #endif
409 "MOV R1, #0x17 \n"
410 "LDR R0, =0xFF82D7A8 \n"
411 "BL sub_003F7A50 \n"
412 "STR R0, [R4, #4] \n"
413 "loc_FF82D580:\n"
414 "BL sub_FF87CB50 \n"
415 "BL sub_FF82F054 \n"
416 "CMP R0, #0 \n"
417 "BNE loc_FF82D59C \n"
418 "LDR R1, =0x30FE4 \n"
419 "MOV R0, #0 \n"
420 "BL sub_FF87CAC0 \n"
421 "loc_FF82D59C:\n"
422 "LDMFD SP!, {R3-R5,PC} \n"
423 );
424 }
425
426
427 void CreateTask_spytask() {
428
429 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
430 };
431
432
433
434 void __attribute__((naked,noinline)) init_file_modules_task( ) {
435 asm volatile (
436 "STMFD SP!, {R4-R6,LR} \n"
437 "BL sub_FF87F110 \n"
438 "LDR R5, =0x5006 \n"
439 "MOVS R4, R0 \n"
440 "MOVNE R1, #0 \n"
441 "MOVNE R0, R5 \n"
442 "BLNE sub_FF8828B0 \n"
443 "BL sub_FF87F13C \n"
444 "BL core_spytask_can_start \n"
445 "CMP R4, #0 \n"
446 "LDMNEFD SP!, {R4-R6,PC} \n"
447 "MOV R0, R5 \n"
448 "LDMFD SP!, {R4-R6,LR} \n"
449 "MOV R1, #0 \n"
450 "B sub_FF8828B0 \n"
451 );
452 }