This source file includes following definitions.
- taskHook
- CreateTask_spytask
- boot
- sub_FF00038C_my
- sub_FF0011E4_my
- sub_FF004284_my
- sub_FF00B198_my
- taskcreate_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7 #include "dryos31.h"
8
9 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
10
11 const char * const new_sa = &_end;
12
13 extern void task_CaptSeq();
14 extern void task_InitFileModules();
15 extern void task_MovieRecord();
16 extern void task_ExpDrv();
17 extern void task_FileWrite();
18
19 void taskHook(context_t **context)
20 {
21 task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
22
23
24 if(tcb->entry == (void*)task_CaptSeq) tcb->entry = (void*)capt_seq_task;
25 if(tcb->entry == (void*)task_InitFileModules) tcb->entry = (void*)init_file_modules_task;
26 if(tcb->entry == (void*)task_MovieRecord) tcb->entry = (void*)movie_record_task;
27 if(tcb->entry == (void*)task_ExpDrv) tcb->entry = (void*)exp_drv_task;
28 if(tcb->entry == (void*)task_FileWrite) tcb->entry = (void*)filewritetask;
29 }
30
31
32
33
34 void CreateTask_spytask() {
35 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
36 }
37
38
39
40
41
42
43
44
45
46 void __attribute__((naked,noinline)) boot() {
47 asm volatile (
48 " LDR R1, =0xC0410000 \n"
49 " MOV R0, #0 \n"
50 " STR R0, [R1] \n"
51 " MOV R1, #0x78 \n"
52 " MCR p15, 0, R1, c1, c0 \n"
53 " MOV R1, #0 \n"
54 " MCR p15, 0, R1, c7, c10, 4 \n"
55 " MCR p15, 0, R1, c7, c5 \n"
56 " MCR p15, 0, R1, c7, c6 \n"
57 " MOV R0, #0x3D \n"
58 " MCR p15, 0, R0, c6, c0 \n"
59 " MOV R0, #0xC000002F \n"
60 " MCR p15, 0, R0, c6, c1 \n"
61 " MOV R0, #0x37 \n"
62 " MCR p15, 0, R0, c6, c2 \n"
63 " MOV R0, #0x40000037 \n"
64 " MCR p15, 0, R0, c6, c3 \n"
65 " MOV R0, #0x80000017 \n"
66 " MCR p15, 0, R0, c6, c4 \n"
67 " LDR R0, =0xFF00002F \n"
68 " MCR p15, 0, R0, c6, c5 \n"
69 " LDR R0, =0xD000002B \n"
70 " MCR p15, 0, R0, c6, c7 \n"
71 " MOV R0, #0x34 \n"
72 " MCR p15, 0, R0, c2, c0 \n"
73 " MOV R0, #0x34 \n"
74 " MCR p15, 0, R0, c2, c0, 1 \n"
75 " MOV R0, #0x34 \n"
76 " MCR p15, 0, R0, c3, c0 \n"
77 " LDR R0, =0x33333330 \n"
78 " MCR p15, 0, R0, c5, c0, 2 \n"
79 " LDR R0, =0x33333330 \n"
80 " MCR p15, 0, R0, c5, c0, 3 \n"
81 " MRC p15, 0, R0, c1, c0 \n"
82 " ORR R0, R0, #0x1000 \n"
83 " ORR R0, R0, #4 \n"
84 " ORR R0, R0, #1 \n"
85 " MCR p15, 0, R0, c1, c0 \n"
86 " MOV R1, #0x80000006 \n"
87 " MCR p15, 0, R1, c9, c1 \n"
88 " MOV R1, #6 \n"
89 " MCR p15, 0, R1, c9, c1, 1 \n"
90 " MRC p15, 0, R1, c1, c0 \n"
91 " ORR R1, R1, #0x50000 \n"
92 " MCR p15, 0, R1, c1, c0 \n"
93 " LDR R2, =0xC0200000 \n"
94 " MOV R1, #1 \n"
95 " STR R1, [R2, #0x10C] \n"
96 " MOV R1, #0xFF \n"
97 " STR R1, [R2, #0xC] \n"
98 " STR R1, [R2, #0x1C] \n"
99 " STR R1, [R2, #0x2C] \n"
100 " STR R1, [R2, #0x3C] \n"
101 " STR R1, [R2, #0x4C] \n"
102 " STR R1, [R2, #0x5C] \n"
103 " STR R1, [R2, #0x6C] \n"
104 " STR R1, [R2, #0x7C] \n"
105 " STR R1, [R2, #0x8C] \n"
106 " STR R1, [R2, #0x9C] \n"
107 " STR R1, [R2, #0xAC] \n"
108 " STR R1, [R2, #0xBC] \n"
109 " STR R1, [R2, #0xCC] \n"
110 " STR R1, [R2, #0xDC] \n"
111 " STR R1, [R2, #0xEC] \n"
112 " STR R1, [R2, #0xFC] \n"
113 " LDR R1, =0xC0400008 \n"
114 " LDR R2, =0x430005 \n"
115 " STR R2, [R1] \n"
116 " MOV R1, #1 \n"
117 " LDR R2, =0xC0243100 \n"
118 " STR R2, [R1] \n"
119 " LDR R2, =0xC0242010 \n"
120 " LDR R1, [R2] \n"
121 " ORR R1, R1, #1 \n"
122 " STR R1, [R2] \n"
123 " LDR R0, =0xFF63CDF8 \n"
124 " LDR R1, =0x685000 \n"
125 " LDR R3, =0x6946DC \n"
126
127 "loc_FF000144:\n"
128 " CMP R1, R3 \n"
129 " LDRCC R2, [R0], #4 \n"
130 " STRCC R2, [R1], #4 \n"
131 " BCC loc_FF000144 \n"
132 " LDR R0, =0xFF62AAEC \n"
133 " LDR R1, =0x1900 \n"
134 " LDR R3, =0x13C0C \n"
135
136 "loc_FF000160:\n"
137 " CMP R1, R3 \n"
138 " LDRCC R2, [R0], #4 \n"
139 " STRCC R2, [R1], #4 \n"
140 " BCC loc_FF000160 \n"
141 " LDR R1, =0x180998 \n"
142 " MOV R2, #0 \n"
143
144 "loc_FF000178:\n"
145 " CMP R3, R1 \n"
146 " STRCC R2, [R3], #4 \n"
147 " BCC loc_FF000178 \n"
148 " B sub_FF00038C_my \n"
149 );
150 }
151
152
153
154 void __attribute__((naked,noinline)) sub_FF00038C_my() {
155
156
157 *(int*)0x1938=(int)taskHook;
158 *(int*)0x193C=(int)taskHook;
159
160
161
162
163 *(int*)(0x2580) = (*(int*)0xC022C30C)&1 ? 0x200000 : 0x100000;
164
165 asm volatile (
166 " LDR R0, =0xFF000404 \n"
167 " MOV R1, #0 \n"
168 " LDR R3, =0xFF00043C \n"
169
170 "loc_FF000398:\n"
171 " CMP R0, R3 \n"
172 " LDRCC R2, [R0], #4 \n"
173 " STRCC R2, [R1], #4 \n"
174 " BCC loc_FF000398 \n"
175 " LDR R0, =0xFF00043C \n"
176 " MOV R1, #0x4B0 \n"
177 " LDR R3, =0xFF000650 \n"
178
179 "loc_FF0003B4:\n"
180 " CMP R0, R3 \n"
181 " LDRCC R2, [R0], #4 \n"
182 " STRCC R2, [R1], #4 \n"
183 " BCC loc_FF0003B4 \n"
184 " MOV R0, #0xD2 \n"
185 " MSR CPSR_cxsf, R0 \n"
186 " MOV SP, #0x1000 \n"
187 " MOV R0, #0xD3 \n"
188 " MSR CPSR_cxsf, R0 \n"
189 " MOV SP, #0x1000 \n"
190 " LDR R0, =0x6C4 \n"
191 " LDR R2, =0xEEEEEEEE \n"
192 " MOV R3, #0x1000 \n"
193
194 "loc_FF0003E8:\n"
195 " CMP R0, R3 \n"
196 " STRCC R2, [R0], #4 \n"
197 " BCC loc_FF0003E8 \n"
198 " BL sub_FF0011E4_my \n"
199 );
200 }
201
202
203
204 void __attribute__((naked,noinline)) sub_FF0011E4_my() {
205 asm volatile (
206 " STR LR, [SP, #-4]! \n"
207 " SUB SP, SP, #0x74 \n"
208 " MOV R1, #0x74 \n"
209 " MOV R0, SP \n"
210 " BL sub_00690448 \n"
211 " MOV R0, #0x67000 \n"
212 " STR R0, [SP, #4] \n"
213
214 #if defined(CHDK_NOT_IN_CANON_HEAP)
215 " LDR R0, =0x180998 \n"
216 #else
217 " LDR R0, =new_sa\n"
218 " LDR R0, [R0]\n"
219 #endif
220
221 " LDR R2, =0x55D440 \n"
222 " STR R0, [SP, #8] \n"
223 " SUB R0, R2, R0 \n"
224 " STR R0, [SP, #0xC] \n"
225 " MOV R0, #0x22 \n"
226 " STR R0, [SP, #0x18] \n"
227 " MOV R0, #0x7C \n"
228 " STR R0, [SP, #0x1C] \n"
229 " LDR R1, =0x565C00 \n"
230 " LDR R0, =0x1CD \n"
231 " STR R1, [SP] \n"
232 " STR R0, [SP, #0x20] \n"
233 " MOV R0, #0x96 \n"
234 " STR R2, [SP, #0x10] \n"
235 " STR R1, [SP, #0x14] \n"
236 " STR R0, [SP, #0x24] \n"
237 " STR R0, [SP, #0x28] \n"
238 " MOV R0, #0x64 \n"
239 " STR R0, [SP, #0x2C] \n"
240 " MOV R0, #0 \n"
241 " STR R0, [SP, #0x30] \n"
242 " STR R0, [SP, #0x34] \n"
243 " MOV R0, #0x10 \n"
244 " STR R0, [SP, #0x5C] \n"
245 " MOV R0, #0x800 \n"
246 " STR R0, [SP, #0x60] \n"
247 " MOV R0, #0xA0 \n"
248 " STR R0, [SP, #0x64] \n"
249 " MOV R0, #0x280 \n"
250 " STR R0, [SP, #0x68] \n"
251 " LDR R1, =sub_FF004284_my \n"
252 " LDR PC, =0xFF001280 \n"
253 );
254 }
255
256
257
258 void __attribute__((naked,noinline)) sub_FF004284_my() {
259 asm volatile (
260 " STMFD SP!, {R4,LR} \n"
261 " BL sub_FF000B5C \n"
262 " BL sub_FF0053A8 \n"
263 " CMP R0, #0 \n"
264 " LDRLT R0, =0xFF004398 /*'dmSetup'*/ \n"
265 " BLLT _err_init_task \n"
266 " BL sub_FF003EBC \n"
267 " CMP R0, #0 \n"
268 " LDRLT R0, =0xFF0043A0 /*'termDriverInit'*/ \n"
269 " BLLT _err_init_task \n"
270 " LDR R0, =0xFF0043B0 /*'/_term'*/ \n"
271 " BL sub_FF003FA4 \n"
272 " CMP R0, #0 \n"
273 " LDRLT R0, =0xFF0043B8 /*'termDeviceCreate'*/ \n"
274 " BLLT _err_init_task \n"
275 " LDR R0, =0xFF0043B0 /*'/_term'*/ \n"
276 " BL sub_FF0029C4 \n"
277 " CMP R0, #0 \n"
278 " LDRLT R0, =0xFF0043CC /*'stdioSetup'*/ \n"
279 " BLLT _err_init_task \n"
280 " BL sub_FF004D44 \n"
281 " CMP R0, #0 \n"
282 " LDRLT R0, =0xFF0043D8 /*'stdlibSetup'*/ \n"
283 " BLLT _err_init_task \n"
284 " BL sub_FF0016C4 \n"
285 " CMP R0, #0 \n"
286 " LDRLT R0, =0xFF0043E4 /*'armlib_setup'*/ \n"
287 " BLLT _err_init_task \n"
288 " LDMFD SP!, {R4,LR} \n"
289 " B sub_FF00B198_my \n"
290 );
291 }
292
293
294
295 void __attribute__((naked,noinline)) sub_FF00B198_my() {
296 asm volatile (
297 " STMFD SP!, {R4,LR} \n"
298
299 " BL taskcreate_Startup_my \n"
300 " MOV R0, #0 \n"
301 " LDMFD SP!, {R4,PC} \n"
302 );
303 }
304
305
306
307 void __attribute__((naked,noinline)) taskcreate_Startup_my() {
308 asm volatile (
309 " STMFD SP!, {R3-R7,LR} \n"
310 " BL sub_FF025F44 \n"
311 " MOVS R6, R0 \n"
312 " BNE loc_FF00B204 \n"
313 " BL sub_FF01FFE0 /*_IsNormalCameraMode_FW*/ \n"
314 " CMP R0, #0 \n"
315 " BEQ loc_FF00B204 \n"
316 " MOV R0, #0x37 \n"
317 " BL sub_FF024518 \n"
318 " RSBS R5, R0, #1 \n"
319 " MOVCC R5, #0 \n"
320 " MOV R0, #0x36 \n"
321 " BL sub_FF024518 \n"
322 " RSBS R4, R0, #1 \n"
323 " MOVCC R4, #0 \n"
324 " ORRS R0, R4, R5 \n"
325 " BNE loc_FF00B224 \n"
326 " BL sub_FF01DA04 \n"
327 " LDR R1, =0x83DC00 \n"
328 " MOV R0, #0x54 \n"
329 " BL sub_FF024508 \n"
330
331 "loc_FF00B200:\n"
332 " B loc_FF00B200 \n"
333
334 "loc_FF00B204:\n"
335 " MOV R0, #0x36 \n"
336 " BL sub_FF024518 \n"
337 " RSBS R4, R0, #1 \n"
338 " MOVCC R4, #0 \n"
339 " MOV R0, #0x37 \n"
340 " BL sub_FF024518 \n"
341 " RSBS R5, R0, #1 \n"
342 " MOVCC R5, #0 \n"
343
344 "loc_FF00B224:\n"
345 " MOV R3, #0 \n"
346 " MOV R2, R6 \n"
347 " MOV R1, R5 \n"
348 " MOV R0, R4 \n"
349
350
351 " BL sub_0068C118 \n"
352 " LDR R1, =0x5CE000 \n"
353 " MOV R0, #0 \n"
354 " BL sub_FF024308 \n"
355 " BL sub_0068C330 /*_EnableDispatch*/ \n"
356 " MOV R3, #0 \n"
357 " STR R3, [SP] \n"
358 " LDR R3, =task_Startup_my \n"
359 " LDR PC, =0xFF00B25C \n"
360 );
361 }
362
363
364
365 void __attribute__((naked,noinline)) task_Startup_my() {
366 asm volatile (
367 " STMFD SP!, {R4,LR} \n"
368 " BL sub_FF0048C4 \n"
369 " BL sub_FF01F6AC \n"
370 " BL sub_FF01D878 \n"
371
372 " BL sub_FF026178 \n"
373
374 " BL sub_FF0262E4 \n"
375 " BL sub_FF0264B0 \n"
376
377 " BL sub_FF0261A8 \n"
378 " BL sub_FF02423C \n"
379 " BL sub_FF0264B8 \n"
380 " BL CreateTask_spytask\n"
381 " BL taskcreatePhySw_my \n"
382 " LDR PC, =0xFF00B168 \n"
383 );
384 }
385
386
387
388 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
389 asm volatile (
390 " STMFD SP!, {R3-R5,LR} \n"
391 " LDR R4, =0x1C20 \n"
392 " LDR R0, [R4, #4] \n"
393 " CMP R0, #0 \n"
394 " BNE sub_FF01E46C \n"
395 " MOV R3, #0 \n"
396 " STR R3, [SP] \n"
397 " LDR R3, =mykbd_task \n"
398 " MOV R2, #0x2000 \n"
399 " LDR PC, =0xFF01E45C \n"
400 );
401 }
402
403
404
405 void __attribute__((naked,noinline)) init_file_modules_task() {
406 asm volatile (
407 " STMFD SP!, {R4-R6,LR} \n"
408 " BL sub_FF07BBBC \n"
409 " LDR R5, =0x5006 \n"
410 " MOVS R4, R0 \n"
411 " MOVNE R1, #0 \n"
412 " MOVNE R0, R5 \n"
413 " BLNE _PostLogicalEventToUI \n"
414 " BL sub_FF07BBE8 \n"
415 " BL core_spytask_can_start\n"
416 " LDR PC, =0xFF084050 \n"
417 );
418 }