This source file includes following definitions.
- taskCreateHook
- taskCreateHook2
- boot
- sub_FFC00358_my
- sub_FFC0119C_my
- sub_FFC05E5C_my
- taskcreate_Startup_my
- task_Startup_my
- spytask
- CreateTask_spytask
- CreateTask_PhySw
- init_file_modules_task
- sub_FFC6CF0C_my
- sub_FFC52014_my
- sub_FFC51C3C_my
- sub_FFC5195C_my
1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4 #include "dryos31.h"
5 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
6 const char * const new_sa = &_end;
7
8
9
10 void CreateTask_PhySw();
11 void CreateTask_spytask();
12 void task_CaptSeqTask_my();
13
14 void taskCreateHook(int *p) {
15 p-=17;
16 if (p[0]==(int)0xFFC73674) p[0]=(int)init_file_modules_task;
17 if (p[0]==(int)0xFFC5C198) p[0]=(int)task_CaptSeqTask_my;
18 if (p[0]==(int)0xFFC94FF8) p[0]=(int)exp_drv_task;
19 if (p[0]==(int)0xFFD1381C) p[0]=(int)movie_record_task;
20 }
21
22 void taskCreateHook2(int *p) {
23 p-=17;
24 if (p[0]==(int)0xFFC73674) p[0]=(int)init_file_modules_task;
25 if (p[0]==(int)0xFFC94FF8) p[0]=(int)exp_drv_task;
26 }
27
28
29 void __attribute__((naked,noinline)) boot() {
30
31 asm volatile (
32 "LDR R1, =0xC0410000\n"
33 "MOV R0, #0\n"
34 "STR R0, [R1]\n"
35 "MOV R1, #0x78\n"
36 "loc_FFC0001C:\n"
37 "MCR p15, 0, R1,c1,c0\n"
38 "MOV R1, #0\n"
39 "MCR p15, 0, R1,c7,c10, 4\n"
40 "loc_FFC00028:\n"
41 "MCR p15, 0, R1,c7,c5\n"
42 "MCR p15, 0, R1,c7,c6\n"
43 "MOV R0, #0x3D\n"
44 "MCR p15, 0, R0,c6,c0\n"
45 "MOV R0, #0xC000002F\n"
46 "MCR p15, 0, R0,c6,c1\n"
47 "MOV R0, #0x31\n"
48 "MCR p15, 0, R0,c6,c2\n"
49 "LDR R0, =0x10000031\n"
50 "MCR p15, 0, R0,c6,c3\n"
51 "MOV R0, #0x40000017\n"
52 "MCR p15, 0, R0,c6,c4\n"
53 "LDR R0, =0xFFC0002B\n"
54 "MCR p15, 0, R0,c6,c5\n"
55 "MOV R0, #0x34\n"
56 "MCR p15, 0, R0,c2,c0\n"
57 "MOV R0, #0x34\n"
58 "MCR p15, 0, R0,c2,c0, 1\n"
59 "MOV R0, #0x34\n"
60 "MCR p15, 0, R0,c3,c0\n"
61 "LDR R0, =0x3333330\n"
62 "MCR p15, 0, R0,c5,c0, 2\n"
63 "LDR R0, =0x3333330\n"
64 "MCR p15, 0, R0,c5,c0, 3\n"
65 "MRC p15, 0, R0,c1,c0\n"
66 "ORR R0, R0, #0x1000\n"
67 "ORR R0, R0, #4\n"
68 "ORR R0, R0, #1\n"
69 "MCR p15, 0, R0,c1,c0\n"
70 "MOV R1, #0x40000006\n"
71 "MCR p15, 0, R1,c9,c1\n"
72 "MOV R1, #6\n"
73 "MCR p15, 0, R1,c9,c1, 1\n"
74 "MRC p15, 0, R1,c1,c0\n"
75 "ORR R1, R1, #0x50000\n"
76 "MCR p15, 0, R1,c1,c0\n"
77 "LDR R2, =0xC0200000\n"
78 "MOV R1, #1\n"
79 "STR R1, [R2,#0x10C]\n"
80 "MOV R1, #0xFF\n"
81 "STR R1, [R2,#0xC]\n"
82 "STR R1, [R2,#0x1C]\n"
83 "STR R1, [R2,#0x2C]\n"
84 "STR R1, [R2,#0x3C]\n"
85 "STR R1, [R2,#0x4C]\n"
86 "STR R1, [R2,#0x5C]\n"
87 "STR R1, [R2,#0x6C]\n"
88 "STR R1, [R2,#0x7C]\n"
89 "STR R1, [R2,#0x8C]\n"
90 "STR R1, [R2,#0x9C]\n"
91 "STR R1, [R2,#0xAC]\n"
92 "STR R1, [R2,#0xBC]\n"
93 "STR R1, [R2,#0xCC]\n"
94 "STR R1, [R2,#0xDC]\n"
95 "STR R1, [R2,#0xEC]\n"
96 "STR R1, [R2,#0xFC]\n"
97 "LDR R1, =0xC0400008\n"
98 "LDR R2, =0x430005\n"
99 "STR R2, [R1]\n"
100 "MOV R1, #1\n"
101 "LDR R2, =0xC0243100\n"
102 "STR R2, [R1]\n"
103 "LDR R2, =0xC0242010\n"
104 "LDR R1, [R2]\n"
105 "ORR R1, R1, #1\n"
106 "STR R1, [R2]\n"
107 "LDR R0, =0xFFF03608\n"
108 "LDR R1, =0x1900\n"
109 "LDR R3, =0xB294\n"
110 "loc_FFC0013C:\n"
111 "CMP R1, R3\n"
112 "LDRCC R2, [R0],#4\n"
113 "STRCC R2, [R1],#4\n"
114 "BCC loc_FFC0013C\n"
115 "LDR R1, =0x133D38\n"
116 "MOV R2, #0\n"
117 "loc_FFC00154:\n"
118 "CMP R3, R1\n"
119 "STRCC R2, [R3],#4\n"
120 "BCC loc_FFC00154\n"
121
122 "B sub_FFC00358_my\n"
123 );
124 };
125
126 void __attribute__((naked,noinline)) sub_FFC00358_my() {
127 *(int*)0x1930=(int)taskCreateHook;
128 *(int*)0x1934=(int)taskCreateHook2;
129 *(int*)0x1938=(int)taskCreateHook;
130
131
132 *(int*)(0x21B4)= (*(int*)0xC02200A8)&1 ? 0x200000 : 0x100000;
133
134 asm volatile (
135 "loc_FFC00358:\n"
136 "LDR R0, =0xFFC003D0\n"
137 "MOV R1, #0\n"
138 "LDR R3, =0xFFC00408\n"
139 "loc_FFC00364:\n"
140 "CMP R0, R3\n"
141 "LDRCC R2, [R0],#4\n"
142 "STRCC R2, [R1],#4\n"
143 "BCC loc_FFC00364\n"
144 "LDR R0, =0xFFC00408\n"
145 "MOV R1, #0x4B0\n"
146 "LDR R3, =0xFFC0061C\n"
147 "loc_FFC00380:\n"
148 "CMP R0, R3\n"
149 "LDRCC R2, [R0],#4\n"
150 "STRCC R2, [R1],#4\n"
151 "BCC loc_FFC00380\n"
152 "MOV R0, #0xD2\n"
153 "MSR CPSR_cxsf, R0\n"
154 "MOV SP, #0x1000\n"
155 "MOV R0, #0xD3\n"
156 "MSR CPSR_cxsf, R0\n"
157 "MOV SP, #0x1000\n"
158 "LDR R0, =0x6C4\n"
159 "LDR R2, =0xEEEEEEEE\n"
160 "MOV R3, #0x1000\n"
161 "loc_FFC003B4:\n"
162 "CMP R0, R3\n"
163 "STRCC R2, [R0],#4\n"
164 "BCC loc_FFC003B4\n"
165
166 "BL sub_FFC0119C_my\n"
167
168
169
170
171
172
173
174
175
176
177
178 );
179 };
180
181
182 void __attribute__((naked,noinline)) sub_FFC0119C_my() {
183 asm volatile (
184 "STR LR, [SP,#-4]!\n"
185 "SUB SP, SP, #0x74\n"
186 "MOV R0, SP\n"
187 "MOV R1, #0x74\n"
188 "BL sub_FFE8D778\n"
189 "MOV R0, #0x53000\n"
190 "STR R0, [SP,#4]\n"
191 #if defined(CHDK_NOT_IN_CANON_HEAP)
192 "LDR R0, =0x133D38\n"
193 #else
194 "LDR R0, =new_sa\n"
195 "LDR R0, [R0]\n"
196 #endif
197 "LDR R2, =0x279C00\n"
198 "LDR R1, =0x2724A8\n"
199 "STR R0, [SP,#8]\n"
200 "SUB R0, R1, R0\n"
201 "ADD R3, SP, #0xC\n"
202 "STR R2, [SP]\n"
203 "STMIA R3, {R0-R2}\n"
204 "MOV R0, #0x22\n"
205 "STR R0, [SP,#0x18]\n"
206 "MOV R0, #0x68\n"
207 "STR R0, [SP,#0x1C]\n"
208 "LDR R0, =0x19B\n"
209
210 "LDR R1, =sub_FFC05E5C_my\n"
211 "LDR PC, =0xffc011f0\n"
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237 );
238 };
239
240 void __attribute__((naked,noinline)) sub_FFC05E5C_my() {
241 asm volatile (
242 "STMFD SP!, {R4,LR}\n"
243 "BL sub_FFC00B24\n"
244 "BL sub_FFC0A838\n"
245 "CMP R0, #0\n"
246 "LDRLT R0, =0xFFC05F70\n"
247 "BLLT sub_FFC05F50\n"
248 "BL sub_FFC05A98\n"
249 "CMP R0, #0\n"
250 "LDRLT R0, =0xFFC05F78\n"
251 "BLLT sub_FFC05F50\n"
252 "LDR R0, =0xFFC05F88\n"
253 "BL sub_FFC05B80\n"
254 "CMP R0, #0\n"
255 "LDRLT R0, =0xFFC05F90\n"
256 "BLLT sub_FFC05F50\n"
257 "LDR R0, =0xFFC05F88\n"
258 "BL sub_FFC03BF4\n"
259 "CMP R0, #0\n"
260 "LDRLT R0, =0xFFC05FA4\n"
261 "BLLT sub_FFC05F50\n"
262 "BL sub_FFC0A230\n"
263 "CMP R0, #0\n"
264 "LDRLT R0, =0xFFC05FB0\n"
265 "BLLT sub_FFC05F50\n"
266 "BL sub_FFC01680\n"
267 "CMP R0, #0\n"
268 "LDRLT R0, =0xFFC05FBC\n"
269 "BLLT sub_FFC05F50\n"
270 "LDMFD SP!, {R4,LR}\n"
271
272 "B taskcreate_Startup_my\n"
273 );
274 };
275
276
277
278 void __attribute__((naked,noinline)) taskcreate_Startup_my() {
279 asm volatile (
280
281 "STMFD SP!, {R3,LR}\n"
282 "BL sub_FFC23A78\n"
283 "BL sub_FFC2AF84\n"
284 "CMP R0, #0\n"
285 "BNE loc_FFC105F8\n"
286 "BL sub_FFC2526C\n"
287 "CMP R0, #0\n"
288 "BEQ loc_FFC105F8\n"
289 "BL sub_FFC23A74\n"
290 "CMP R0, #0\n"
291 "BNE loc_FFC105F8\n"
292 "LDR R1, =0xC0220000\n"
293 "MOV R0, #0x44\n"
294 "STR R0, [R1,#0x48]\n"
295 "loc_FFC105F4:\n"
296 "B loc_FFC105F4\n"
297 "loc_FFC105F8:\n"
298
299 "BL sub_FFC23A7C\n"
300 "BL sub_FFC293A8\n"
301 "LDR R1, =0x2CE000\n"
302 "MOV R0, #0\n"
303 "BL sub_FFC295F0\n"
304 "BL sub_FFC2959C \n"
305 "MOV R3, #0\n"
306 "STR R3, [SP]\n"
307
308 "LDR R3, =task_Startup_my\n"
309 "MOV R2, #0\n"
310 "MOV R1, #0x19\n"
311 "LDR R0, =0xFFC10640\n"
312 "BL sub_FFC0F110 \n"
313 "MOV R0, #0\n"
314 "LDMFD SP!, {R12,PC}\n"
315 );
316 };
317
318 void __attribute__((naked,noinline)) task_Startup_my() {
319 asm volatile (
320 "STMFD SP!, {R4,LR}\n"
321 "BL sub_FFC06228\n"
322 "BL sub_FFC24B7C\n"
323 "BL sub_FFC23414\n"
324 "BL sub_FFC2AFC4\n"
325 "BL sub_FFC2B1B0\n"
326
327 "BL sub_FFC2B34C\n"
328 "BL sub_FFC2B1E0\n"
329 "BL sub_FFC28840\n"
330 "BL sub_FFC2B350\n"
331
332 );
333 CreateTask_PhySw();
334 CreateTask_spytask();
335 asm volatile (
336 "BL sub_FFC26EA8\n"
337 "BL sub_FFC2B368\n"
338 "BL sub_FFC222BC\n"
339 "BL sub_FFC22E6C \n"
340 "BL sub_FFC2AD5C\n"
341 "BL sub_FFC233C8\n"
342 "BL sub_FFC22E08\n"
343 "BL sub_FFC2BDCC\n"
344 "BL sub_FFC22DE0\n"
345 "LDMFD SP!, {R4,LR}\n"
346 "B sub_FFC06128 \n"
347 );
348 };
349
350 void spytask(long ua, long ub, long uc, long ud, long ue, long uf)
351 {
352 (void)ua; (void)ub; (void)uc; (void)ud; (void)ue; (void)uf;
353 core_spytask();
354 }
355 void CreateTask_spytask() {
356 _CreateTask("SpyTask", 0x19, 0x2000, spytask, 0);
357 };
358
359 void __attribute__((naked,noinline)) CreateTask_PhySw() {
360 asm volatile (
361 "STMFD SP!, {R3-R5,LR}\n"
362 "LDR R4, =0x1BE4\n"
363 "LDR R0, [R4,#0x10]\n"
364 "CMP R0, #0\n"
365 "BNE loc_FFC2399C\n"
366 "MOV R3, #0\n"
367 "STR R3, [SP]\n"
368
369
370 "LDR R3, =mykbd_task\n"
371 "MOV R2, #0x2000\n"
372 "MOV R1, #0x17\n"
373 "LDR R0, =0xFFC23B70 \n"
374 "BL sub_FFC0F3E8 \n"
375 "STR R0, [R4,#0x10]\n"
376 "loc_FFC2399C:\n"
377 "BL sub_FFC6AA14\n"
378 "BL sub_FFC251E4\n"
379 "CMP R0, #0\n"
380 "LDREQ R1, =0x2EEE0\n"
381 "LDMEQFD SP!, {R3-R5,LR}\n"
382 "BEQ sub_FFC6A99C\n"
383 "LDMFD SP!, {R3-R5,PC}\n"
384 "CMP R0, #3\n"
385 );
386 };
387
388 void __attribute__((naked,noinline)) init_file_modules_task() {
389 asm volatile (
390 "STMFD SP!, {R4-R6,LR}\n"
391 "BL sub_FFC6CEE0\n"
392 "LDR R5, =0x5006\n"
393 "MOVS R4, R0\n"
394 "MOVNE R1, #0\n"
395 "MOVNE R0, R5\n"
396 "BLNE sub_FFC6F79C\n"
397
398 "BL sub_FFC6CF0C_my\n"
399 "BL core_spytask_can_start\n"
400 "CMP R4, #0\n"
401 "MOVEQ R0, R5\n"
402 "LDMEQFD SP!, {R4-R6,LR}\n"
403 "MOVEQ R1, #0\n"
404 "BEQ sub_FFC6F79C\n"
405 "LDMFD SP!, {R4-R6,PC}\n"
406 );
407 };
408
409 void __attribute__((naked,noinline)) sub_FFC6CF0C_my() {
410 asm volatile (
411 "STMFD SP!, {R4,LR}\n"
412 "MOV R0, #3\n"
413
414 "BL sub_FFC52014_my\n"
415 "LDR PC,=0xffc6cf18\n"
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433 );
434 };
435
436
437 void __attribute__((naked,noinline)) sub_FFC52014_my() {
438 asm volatile (
439 "STMFD SP!, {R4-R8,LR}\n"
440 "MOV R8, R0\n"
441 "BL sub_FFC51F94 \n"
442 "LDR R1, =0x33688\n"
443 "MOV R6, R0\n"
444 "ADD R4, R1, R0,LSL#7\n"
445 "LDR R0, [R4,#0x6C]\n"
446 "CMP R0, #4\n"
447 "LDREQ R1, =0x817\n"
448 "LDREQ R0, =0xFFC51AD4\n"
449 "BLEQ sub_FFC0F5E8\n"
450 "MOV R1, R8\n"
451 "MOV R0, R6\n"
452 "BL sub_FFC5184C \n"
453 "LDR R0, [R4,#0x38]\n"
454 "BL sub_FFC526B4\n"
455 "CMP R0, #0\n"
456 "STREQ R0, [R4,#0x6C]\n"
457 "MOV R0, R6\n"
458 "BL sub_FFC518DC\n"
459 "MOV R0, R6\n"
460
461 "BL sub_FFC51C3C_my\n"
462 "LDR PC, =0xffc5206c\n"
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498 );
499 };
500
501 void __attribute__((naked,noinline)) sub_FFC51C3C_my() {
502
503 asm volatile (
504 "STMFD SP!, {R4-R6,LR}\n"
505 "MOV R5, R0\n"
506 "LDR R0, =0x33688\n"
507 "ADD R4, R0, R5,LSL#7\n"
508 "LDR R0, [R4,#0x6C]\n"
509 "TST R0, #2\n"
510 "MOVNE R0, #1\n"
511 "LDMNEFD SP!, {R4-R6,PC}\n"
512 "LDR R0, [R4,#0x38]\n"
513 "MOV R1, R5\n"
514
515 "BL sub_FFC5195C_my\n"
516 "LDR PC,=0xffc51c68\n"
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538 );
539 };
540
541
542 void __attribute__((naked,noinline)) sub_FFC5195C_my() {
543 asm volatile (
544 "STMFD SP!, {R4-R10,LR}\n"
545 "MOV R9, R0\n"
546 "LDR R0, =0x33688\n"
547 "MOV R8, #0\n"
548 "ADD R5, R0, R1,LSL#7\n"
549 "LDR R0, [R5,#0x3C]\n"
550 "MOV R7, #0\n"
551 "CMP R0, #7\n"
552 "MOV R6, #0\n"
553 "ADDLS PC, PC, R0,LSL#2\n"
554 "B loc_FFC51AB4\n"
555 "loc_FFC51988:\n"
556 "B loc_FFC519C0\n"
557 "loc_FFC5198C:\n"
558 "B loc_FFC519A8\n"
559 "loc_FFC51990:\n"
560 "B loc_FFC519A8\n"
561 "loc_FFC51994:\n"
562 "B loc_FFC519A8\n"
563 "loc_FFC51998:\n"
564 "B loc_FFC519A8\n"
565 "loc_FFC5199C:\n"
566 "B loc_FFC51AAC\n"
567 "loc_FFC519A0:\n"
568 "B loc_FFC519A8\n"
569 "loc_FFC519A4:\n"
570 "B loc_FFC519A8\n"
571 "loc_FFC519A8:\n"
572 "MOV R2, #0\n"
573 "MOV R1, #0x200\n"
574 "MOV R0, #2\n"
575 "BL sub_FFC6710C\n"
576 "MOVS R4, R0\n"
577 "BNE loc_FFC519C8\n"
578 "loc_FFC519C0:\n"
579 "MOV R0, #0\n"
580 "LDMFD SP!, {R4-R10,PC}\n"
581 "loc_FFC519C8:\n"
582 "LDR R12, [R5,#0x50]\n"
583 "MOV R3, R4\n"
584 "MOV R2, #1\n"
585 "MOV R1, #0\n"
586 "MOV R0, R9\n"
587 "BLX R12\n"
588 "CMP R0, #1\n"
589 "BNE loc_FFC519F4\n"
590 "MOV R0, #2\n"
591 "BL sub_FFC67258 \n"
592 "B loc_FFC519C0\n"
593 "loc_FFC519F4:\n"
594 "LDR R1, [R5,#0x64]\n"
595 "MOV R0, R9\n"
596 "BLX R1\n"
597
598 "MOV R1, R4\n"
599
600
601
602
603
604
605
606 "MOV R12, R4\n"
607 "MOV LR, R4\n"
608 "MOV R1, #1\n"
609 "B dg_sd_fat32_enter\n"
610 "dg_sd_fat32:\n"
611 "CMP R1, #4\n"
612 "BEQ dg_sd_fat32_end\n"
613 "ADD R12, R12, #0x10\n"
614 "ADD R1, R1, #1\n"
615 "dg_sd_fat32_enter:\n"
616 "LDRB R2, [R12, #0x1BE]\n"
617 "LDRB R3, [R12, #0x1C2]\n"
618 "CMP R3, #0xB\n"
619 "CMPNE R3, #0xC\n"
620 "BNE dg_sd_fat32\n"
621 "CMP R2, #0x00\n"
622 "CMPNE R2, #0x80\n"
623 "BNE dg_sd_fat32\n"
624
625 "MOV R4, R12\n"
626
627 "dg_sd_fat32_end:\n"
628
629
630 "LDRB R1, [R4,#0x1C9]\n"
631 "LDRB R3, [R4,#0x1C8]\n"
632 "LDRB R12, [R4,#0x1CC]\n"
633 "MOV R1, R1,LSL#24\n"
634 "ORR R1, R1, R3,LSL#16\n"
635 "LDRB R3, [R4,#0x1C7]\n"
636 "LDRB R2, [R4,#0x1BE]\n"
637
638 "ORR R1, R1, R3,LSL#8\n"
639 "LDRB R3, [R4,#0x1C6]\n"
640 "CMP R2, #0\n"
641 "CMPNE R2, #0x80\n"
642 "ORR R1, R1, R3\n"
643 "LDRB R3, [R4,#0x1CD]\n"
644 "MOV R3, R3,LSL#24\n"
645 "ORR R3, R3, R12,LSL#16\n"
646 "LDRB R12, [R4,#0x1CB]\n"
647 "ORR R3, R3, R12,LSL#8\n"
648 "LDRB R12, [R4,#0x1CA]\n"
649 "ORR R3, R3, R12\n"
650
651 "LDRB R12, [LR,#0x1FE]\n"
652 "LDRB LR, [LR,#0x1FF]\n"
653 "BNE loc_FFC51A80\n"
654 "CMP R0, R1\n"
655 "BCC loc_FFC51A80\n"
656 "ADD R2, R1, R3\n"
657 "CMP R2, R0\n"
658 "CMPLS R12, #0x55\n"
659 "CMPEQ LR, #0xAA\n"
660 "MOVEQ R7, R1\n"
661 "MOVEQ R6, R3\n"
662 "MOVEQ R4, #1\n"
663 "BEQ loc_FFC51A84\n"
664 "loc_FFC51A80:\n"
665 "MOV R4, R8\n"
666 "loc_FFC51A84:\n"
667 "MOV R0, #2\n"
668 "BL sub_FFC67258 \n"
669 "CMP R4, #0\n"
670 "BNE loc_FFC51AC0\n"
671 "LDR R1, [R5,#0x64]\n"
672 "MOV R7, #0\n"
673 "MOV R0, R9\n"
674 "BLX R1\n"
675 "MOV R6, R0\n"
676 "B loc_FFC51AC0\n"
677 "loc_FFC51AAC:\n"
678 "MOV R6, #0x40\n"
679 "B loc_FFC51AC0\n"
680 "loc_FFC51AB4:\n"
681 "LDR R1, =0x572\n"
682 "LDR R0, =0xFFC51AD4\n"
683 "BL sub_FFC0F5E8\n"
684 "loc_FFC51AC0:\n"
685 "STR R7, [R5,#0x44]!\n"
686 "STMIB R5, {R6,R8}\n"
687 "MOV R0, #1\n"
688 "LDMFD SP!, {R4-R10,PC}\n"
689 );
690 };
691