This source file includes following definitions.
- CreateTask_spytask
- boot
- CreateTask_my
- sub_FF00038C_my
- sub_FF00110C_my
- sub_FF00420C_my
- sub_FF00B24C_my
- sub_FF032004_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7 #include "dryos31.h"
8
9 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
10
11 const char * const new_sa = &_end;
12
13 extern void task_CaptSeq();
14 extern void task_InitFileModules();
15 extern void task_MovieRecord();
16 extern void task_ExpDrv();
17 extern void task_FileWrite();
18
19
20
21
22 void CreateTask_spytask()
23 {
24 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
25 }
26
27
28
29
30
31
32
33
34
35 void __attribute__((naked,noinline)) boot() {
36 asm volatile (
37 " LDR R1, =0xC0410000 \n"
38 " MOV R0, #0 \n"
39 " STR R0, [R1] \n"
40 " MOV R1, #0x78 \n"
41 " MCR p15, 0, R1, c1, c0 \n"
42 " MOV R1, #0 \n"
43 " MCR p15, 0, R1, c7, c10, 4 \n"
44 " MCR p15, 0, R1, c7, c5 \n"
45 " MCR p15, 0, R1, c7, c6 \n"
46 " MOV R0, #0x3D \n"
47 " MCR p15, 0, R0, c6, c0 \n"
48 " MOV R0, #0xC000002F \n"
49 " MCR p15, 0, R0, c6, c1 \n"
50 " MOV R0, #0x37 \n"
51 " MCR p15, 0, R0, c6, c2 \n"
52 " MOV R0, #0x40000037 \n"
53 " MCR p15, 0, R0, c6, c3 \n"
54 " MOV R0, #0x80000017 \n"
55 " MCR p15, 0, R0, c6, c4 \n"
56 " LDR R0, =0xFF00002F \n"
57 " MCR p15, 0, R0, c6, c5 \n"
58 " LDR R0, =0xD000002B \n"
59 " MCR p15, 0, R0, c6, c7 \n"
60 " MOV R0, #0x34 \n"
61 " MCR p15, 0, R0, c2, c0 \n"
62 " MOV R0, #0x34 \n"
63 " MCR p15, 0, R0, c2, c0, 1 \n"
64 " MOV R0, #0x34 \n"
65 " MCR p15, 0, R0, c3, c0 \n"
66 " LDR R0, =0x33333330 \n"
67 " MCR p15, 0, R0, c5, c0, 2 \n"
68 " LDR R0, =0x33333330 \n"
69 " MCR p15, 0, R0, c5, c0, 3 \n"
70 " MRC p15, 0, R0, c1, c0 \n"
71 " ORR R0, R0, #0x1000 \n"
72 " ORR R0, R0, #4 \n"
73 " ORR R0, R0, #1 \n"
74 " MCR p15, 0, R0, c1, c0 \n"
75 " MOV R1, #0x80000006 \n"
76 " MCR p15, 0, R1, c9, c1 \n"
77 " MOV R1, #6 \n"
78 " MCR p15, 0, R1, c9, c1, 1 \n"
79 " MRC p15, 0, R1, c1, c0 \n"
80 " ORR R1, R1, #0x50000 \n"
81 " MCR p15, 0, R1, c1, c0 \n"
82 " LDR R2, =0xC0200000 \n"
83 " MOV R1, #1 \n"
84 " STR R1, [R2, #0x10C] \n"
85 " MOV R1, #0xFF \n"
86 " STR R1, [R2, #0xC] \n"
87 " STR R1, [R2, #0x1C] \n"
88 " STR R1, [R2, #0x2C] \n"
89 " STR R1, [R2, #0x3C] \n"
90 " STR R1, [R2, #0x4C] \n"
91 " STR R1, [R2, #0x5C] \n"
92 " STR R1, [R2, #0x6C] \n"
93 " STR R1, [R2, #0x7C] \n"
94 " STR R1, [R2, #0x8C] \n"
95 " STR R1, [R2, #0x9C] \n"
96 " STR R1, [R2, #0xAC] \n"
97 " STR R1, [R2, #0xBC] \n"
98 " STR R1, [R2, #0xCC] \n"
99 " STR R1, [R2, #0xDC] \n"
100 " STR R1, [R2, #0xEC] \n"
101 " STR R1, [R2, #0xFC] \n"
102 " LDR R1, =0xC0400008 \n"
103 " LDR R2, =0x430005 \n"
104 " STR R2, [R1] \n"
105 " LDR R2, =0xC0242010 \n"
106 " LDR R1, [R2] \n"
107 " ORR R1, R1, #1 \n"
108 " STR R1, [R2] \n"
109 " LDR R0, =0xFF8986EC \n"
110 " LDR R1, =0x685000 \n"
111 " LDR R3, =0x6AFB54 \n"
112
113 "loc_FF000138:\n"
114 " CMP R1, R3 \n"
115 " LDRCC R2, [R0], #4 \n"
116 " STRCC R2, [R1], #4 \n"
117 " BCC loc_FF000138 \n"
118 " LDR R0, =0xFF880068 \n"
119 " LDR R1, =0x1900 \n"
120 " LDR R3, =0x19F84 \n"
121
122 "loc_FF000154:\n"
123 " CMP R1, R3 \n"
124 " LDRCC R2, [R0], #4 \n"
125 " STRCC R2, [R1], #4 \n"
126 " BCC loc_FF000154 \n"
127 " LDR R1, =0x26172C \n"
128 " MOV R2, #0 \n"
129
130 "loc_FF00016C:\n"
131 " CMP R3, R1 \n"
132 " STRCC R2, [R3], #4 \n"
133 " BCC loc_FF00016C \n"
134
135
136
137
138
139 " LDR R0, =patch_CreateTask\n"
140 " LDM R0, {R1,R2}\n"
141 " LDR R0, =hook_CreateTask\n"
142 " STM R0, {R1,R2}\n"
143
144 " B sub_FF00038C_my \n"
145
146 "patch_CreateTask:\n"
147 " LDR PC, [PC,#-0x4]\n"
148 " .long CreateTask_my\n"
149 );
150 }
151
152
153
154 void __attribute__((naked,noinline)) CreateTask_my() {
155 asm volatile (
156 " STMFD SP!, {R0}\n"
157
158
159
160 " LDR R0, =task_CaptSeq\n"
161 " CMP R0, R3\n"
162 " LDREQ R3, =capt_seq_task\n"
163 " BEQ exitHook\n"
164
165
166 " LDR R0, =task_ExpDrv\n"
167 " CMP R0, R3\n"
168 " LDREQ R3, =exp_drv_task\n"
169 " BEQ exitHook\n"
170
171
172 " LDR R0, =task_FileWrite\n"
173 " CMP R0, R3\n"
174 " LDREQ R3, =filewritetask\n"
175 " BEQ exitHook\n"
176
177
178
179
180
181
182
183
184
185
186 " LDR R0, =task_InitFileModules\n"
187 " CMP R0, R3\n"
188 " LDREQ R3, =init_file_modules_task\n"
189
190 "exitHook:\n"
191
192 " LDMFD SP!, {R0}\n"
193
194 " STMFD SP!, {R1-R9,LR} \n"
195 " MOV R4, R0 \n"
196 " LDR PC, =0x0068AB94 \n"
197 );
198 }
199
200
201
202 void __attribute__((naked,noinline)) sub_FF00038C_my() {
203
204
205
206
207
208
209
210 if ((*(int*) 0xc022f48c) & 4)
211 *(int*)(0x2fa8) = 0x200000;
212 else
213 *(int*)(0x2fa8) = 0x100000;
214
215 asm volatile (
216 " LDR R0, =0xFF000404 \n"
217 " MOV R1, #0 \n"
218 " LDR R3, =0xFF00043C \n"
219
220 "loc_FF000398:\n"
221 " CMP R0, R3 \n"
222 " LDRCC R2, [R0], #4 \n"
223 " STRCC R2, [R1], #4 \n"
224 " BCC loc_FF000398 \n"
225 " LDR R0, =0xFF00043C \n"
226 " MOV R1, #0x1B0 \n"
227 " LDR R3, =0xFF000624 \n"
228
229 "loc_FF0003B4:\n"
230 " CMP R0, R3 \n"
231 " LDRCC R2, [R0], #4 \n"
232 " STRCC R2, [R1], #4 \n"
233 " BCC loc_FF0003B4 \n"
234 " MOV R0, #0xD2 \n"
235 " MSR CPSR_cxsf, R0 \n"
236 " MOV SP, #0x1000 \n"
237 " MOV R0, #0xD3 \n"
238 " MSR CPSR_cxsf, R0 \n"
239 " MOV SP, #0x1000 \n"
240 " LDR R0, =0x398 \n"
241 " LDR R2, =0xEEEEEEEE \n"
242 " MOV R3, #0x1000 \n"
243
244 "loc_FF0003E8:\n"
245 " CMP R0, R3 \n"
246 " STRCC R2, [R0], #4 \n"
247 " BCC loc_FF0003E8 \n"
248 " BL sub_FF00110C_my \n"
249 );
250 }
251
252
253
254 void __attribute__((naked,noinline)) sub_FF00110C_my() {
255 asm volatile (
256 " STR LR, [SP, #-4]! \n"
257 " SUB SP, SP, #0x74 \n"
258 " MOV R1, #0x74 \n"
259 " MOV R0, SP \n"
260 " BL sub_006A93A4 \n"
261 " MOV R0, #0x83000 \n"
262 " STR R0, [SP, #4] \n"
263
264 #if defined(CHDK_NOT_IN_CANON_HEAP)
265 " LDR R0, =0x26172C \n"
266 #else
267 " LDR R0, =new_sa\n"
268 " LDR R0, [R0]\n"
269 #endif
270
271 " LDR R2, =0x53F15C \n"
272 " STR R0, [SP, #8] \n"
273 " SUB R0, R2, R0 \n"
274 " STR R0, [SP, #0xC] \n"
275 " MOV R0, #0x22 \n"
276 " STR R0, [SP, #0x18] \n"
277 " MOV R0, #0x98 \n"
278 " STR R0, [SP, #0x1C] \n"
279 " LDR R0, =0x1E2 \n"
280 " LDR R1, =0x549C00 \n"
281 " STR R2, [SP, #0x10] \n"
282 " STR R0, [SP, #0x20] \n"
283 " MOV R0, #0xF6 \n"
284 " STR R1, [SP] \n"
285 " STR R1, [SP, #0x14] \n"
286 " STR R0, [SP, #0x24] \n"
287 " MOV R0, #0xB6 \n"
288 " STR R0, [SP, #0x28] \n"
289 " MOV R0, #0x85 \n"
290 " STR R0, [SP, #0x2C] \n"
291 " MOV R0, #0x40 \n"
292 " STR R0, [SP, #0x30] \n"
293 " MOV R0, #4 \n"
294 " STR R0, [SP, #0x34] \n"
295 " MOV R0, #0x10 \n"
296 " STR R0, [SP, #0x5C] \n"
297 " MOV R0, #0x800 \n"
298 " STR R0, [SP, #0x60] \n"
299 " MOV R0, #0xA0 \n"
300 " STR R0, [SP, #0x64] \n"
301 " MOV R0, #0x280 \n"
302 " STR R0, [SP, #0x68] \n"
303 " LDR R1, =sub_FF00420C_my \n"
304 " MOV R2, #0 \n"
305 " MOV R0, SP \n"
306 " BL sub_006867E8 \n"
307 " ADD SP, SP, #0x74 \n"
308 " LDR PC, [SP], #4 \n"
309 );
310 }
311
312
313
314 void __attribute__((naked,noinline)) sub_FF00420C_my() {
315 asm volatile (
316 " STMFD SP!, {R4,LR} \n"
317 " BL sub_FF000AE8 \n"
318 " BL sub_FF00539C \n"
319 " CMP R0, #0 \n"
320 " LDRLT R0, =0xFF00434C /*'dmSetup'*/ \n"
321 " BLLT _err_init_task \n"
322 " BL sub_FF003E44 \n"
323 " CMP R0, #0 \n"
324 " LDRLT R0, =0xFF004354 /*'termDriverInit'*/ \n"
325 " BLLT _err_init_task \n"
326 " LDR R0, =0xFF004364 /*'/_term'*/ \n"
327 " BL sub_FF003F2C \n"
328 " CMP R0, #0 \n"
329 " LDRLT R0, =0xFF00436C /*'termDeviceCreate'*/ \n"
330 " BLLT _err_init_task \n"
331 " LDR R0, =0xFF004364 /*'/_term'*/ \n"
332 " BL sub_FF00294C \n"
333 " CMP R0, #0 \n"
334 " LDRLT R0, =0xFF004380 /*'stdioSetup'*/ \n"
335 " BLLT _err_init_task \n"
336 " BL sub_FF004D38 \n"
337 " CMP R0, #0 \n"
338 " LDRLT R0, =0xFF00438C /*'stdlibSetup'*/ \n"
339 " BLLT _err_init_task \n"
340 " BL sub_FF001604 \n"
341 " CMP R0, #0 \n"
342 " LDRLT R0, =0xFF004398 /*'armlib_setup'*/ \n"
343 " BLLT _err_init_task \n"
344 " LDMFD SP!, {R4,LR} \n"
345 " B sub_FF00B24C_my \n"
346 );
347 }
348
349
350
351 void __attribute__((naked,noinline)) sub_FF00B24C_my() {
352 asm volatile (
353 " STMFD SP!, {R3,LR} \n"
354 " BL sub_FF038080 \n"
355 " BL sub_FF03970C \n"
356 " CMP R0, #0 \n"
357 " BNE loc_FF00B270 \n"
358 " BL sub_FF034190 /*_IsNormalCameraMode_FW*/ \n"
359 " CMP R0, #0 \n"
360 " MOVNE R0, #1 \n"
361 " BNE loc_FF00B274 \n"
362
363 "loc_FF00B270:\n"
364 " MOV R0, #0 \n"
365
366 "loc_FF00B274:\n"
367 " BL sub_FF032004_my \n"
368 " CMP R0, #0 \n"
369 " BNE loc_FF00B288 \n"
370 " BL sub_FF0317F0 \n"
371
372 "loc_FF00B284:\n"
373 " B loc_FF00B284 \n"
374
375 "loc_FF00B288:\n"
376 " BL sub_0068C318 \n"
377 " LDR R1, =0x5CE000 \n"
378 " MOV R0, #0 \n"
379 " BL sub_FF039C48 \n"
380 " BL sub_0068C530 /*_EnableDispatch*/ \n"
381 " MOV R3, #0 \n"
382 " STR R3, [SP] \n"
383 " LDR R3, =task_Startup_my \n"
384 " MOV R2, #0 \n"
385 " MOV R1, #0x19 \n"
386 " LDR R0, =0xFF00B2C8 /*'Startup'*/ \n"
387 " BL _CreateTask \n"
388 " MOV R0, #0 \n"
389 " LDMFD SP!, {R3,PC} \n"
390 );
391 }
392
393
394
395 void __attribute__((naked,noinline)) sub_FF032004_my() {
396 asm volatile (
397 " STMFD SP!, {R2-R8,LR} \n"
398 " MOV R6, #0 \n"
399 " MOV R8, R0 \n"
400 " MOV R7, R6 \n"
401
402 " MOV R0, #0x36 \n"
403 " BL sub_FF091350 \n"
404 " MOV R4, #1 \n"
405 " BIC R5, R4, R0 \n"
406 " MOV R0, #0x37 \n"
407 " BL sub_FF091350 \n"
408 " CMP R8, #0 \n"
409 " BIC R4, R4, R0 \n"
410 " BEQ loc_FF032044 \n"
411 " ORRS R0, R5, R4 \n"
412 " BEQ loc_FF032068 \n"
413
414 "loc_FF032044:\n"
415 " BL sub_FF03970C \n"
416 " MOV R2, R0 \n"
417 " MOV R3, #0 \n"
418 " MOV R1, R4 \n"
419 " MOV R0, R5 \n"
420 " STRD R6, [SP] \n"
421
422
423 " MOV R0, #1 \n"
424
425 "loc_FF032068:\n"
426 " LDMFD SP!, {R2-R8,PC} \n"
427 );
428 }
429
430
431
432 void __attribute__((naked,noinline)) task_Startup_my() {
433 asm volatile (
434 " STMFD SP!, {R4,LR} \n"
435 " BL sub_FF0048A4 \n"
436 " BL sub_FF033220 \n"
437 " BL sub_FF031778 \n"
438
439 " BL sub_FF03997C \n"
440
441 " BL sub_FF039AE4 \n"
442 " BL sub_FF03A2BC \n"
443
444 " BL sub_FF0399B8 \n"
445 " BL sub_FF037FB8 \n"
446 " BL sub_FF03A2C4 \n"
447 " BL CreateTask_spytask\n"
448 " BL taskcreatePhySw_my \n"
449 " BL sub_FF036024 \n"
450 " BL sub_FF0DFBB0 \n"
451 " BL sub_FF02F374 \n"
452 " BL sub_FF0310E8 \n"
453 " BL sub_FF03953C \n"
454 " BL sub_FF03172C \n"
455 " BL sub_FF031084 \n"
456
457 " BL sub_FF030004 \n"
458 " BL sub_FF031048 \n"
459 " LDMFD SP!, {R4,LR} \n"
460 " B sub_FF0049E0 \n"
461 );
462 }
463
464
465
466 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
467 asm volatile (
468 " STMFD SP!, {R3-R5,LR} \n"
469 " LDR R4, =0x1E20 \n"
470 " LDR R0, [R4, #4] \n"
471 " CMP R0, #0 \n"
472 " BNE loc_FF031EE4 \n"
473 " MOV R3, #0 \n"
474 " STR R3, [SP] \n"
475 " LDR R3, =mykbd_task \n"
476 " MOV R2, #0x2000 \n"
477 " MOV R1, #0x17 \n"
478 " LDR R0, =0xFF032160 /*'PhySw'*/ \n"
479 " BL sub_0068AF04 /*_CreateTaskStrictly*/ \n"
480 " STR R0, [R4, #4] \n"
481
482 "loc_FF031EE4:\n"
483 " BL sub_FF0C8E90 \n"
484 " BL sub_FF0340E0 /*_IsFactoryMode_FW*/ \n"
485 " CMP R0, #0 \n"
486 " BNE loc_FF031F00 \n"
487 " LDR R1, =0x3F490 \n"
488 " MOV R0, #0 \n"
489 " BL sub_FF0C8DFC /*_OpLog.Start_FW*/ \n"
490
491 "loc_FF031F00:\n"
492 " LDMFD SP!, {R3-R5,PC} \n"
493 );
494 }
495
496
497
498 void __attribute__((naked,noinline)) init_file_modules_task() {
499 asm volatile (
500 " STMFD SP!, {R4-R6,LR} \n"
501 " BL sub_FF0CB788 \n"
502 " LDR R5, =0x5006 \n"
503 " MOVS R4, R0 \n"
504 " MOVNE R1, #0 \n"
505 " MOVNE R0, R5 \n"
506 " BLNE _PostLogicalEventToUI \n"
507 " BL sub_FF0CB7BC \n"
508 " BL core_spytask_can_start\n"
509 " CMP R4, #0 \n"
510 " LDMNEFD SP!, {R4-R6,PC} \n"
511 " MOV R0, R5 \n"
512 " LDMFD SP!, {R4-R6,LR} \n"
513 " MOV R1, #0 \n"
514 " B _PostLogicalEventToUI \n"
515 );
516 }