This source file includes following definitions.
- taskCreateHook
- taskCreateHook2
- boot
- sub_FFC00358_my
- sub_FFC0119C_my
- sub_FFC05E5C_my
- taskcreate_Startup_my
- task_Startup_my
- spytask
- CreateTask_spytask
- CreateTask_PhySw
- init_file_modules_task
- sub_FFC6CF5C_my
- sub_FFC52014_my
- sub_FFC51C3C_my
- sub_FFC5195C_my
1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4 #include "dryos31.h"
5 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
6 const char * const new_sa = &_end;
7
8
9
10 void CreateTask_PhySw();
11 void CreateTask_spytask();
12 void task_CaptSeqTask_my();
13 void taskCreateHook(int *p) {
14 p-=17;
15 if (p[0]==(int)0xFFC736C4) p[0]=(int)init_file_modules_task;
16 if (p[0]==(int)0xFFC5C1E8) p[0]=(int)task_CaptSeqTask_my;
17 if (p[0]==(int)0xFFC95048) p[0]=(int)exp_drv_task;
18 if (p[0]==(int)0xFFD138CC) p[0]=(int)movie_record_task;
19 }
20
21 void taskCreateHook2(int *p) {
22 p-=17;
23 if (p[0]==(int)0xFFC736C4) p[0]=(int)init_file_modules_task;
24 if (p[0]==(int)0xFFC95048) p[0]=(int)exp_drv_task;
25 }
26
27 void __attribute__((naked,noinline)) boot() {
28
29 asm volatile (
30 "LDR R1, =0xC0410000\n"
31 "MOV R0, #0\n"
32 "STR R0, [R1]\n"
33 "MOV R1, #0x78\n"
34 "loc_FFC0001C:\n"
35 "MCR p15, 0, R1,c1,c0\n"
36 "MOV R1, #0\n"
37 "MCR p15, 0, R1,c7,c10, 4\n"
38 "loc_FFC00028:\n"
39 "MCR p15, 0, R1,c7,c5\n"
40 "MCR p15, 0, R1,c7,c6\n"
41 "MOV R0, #0x3D\n"
42 "MCR p15, 0, R0,c6,c0\n"
43 "MOV R0, #0xC000002F\n"
44 "MCR p15, 0, R0,c6,c1\n"
45 "MOV R0, #0x31\n"
46 "MCR p15, 0, R0,c6,c2\n"
47 "LDR R0, =0x10000031\n"
48 "MCR p15, 0, R0,c6,c3\n"
49 "MOV R0, #0x40000017\n"
50 "MCR p15, 0, R0,c6,c4\n"
51 "LDR R0, =0xFFC0002B\n"
52 "MCR p15, 0, R0,c6,c5\n"
53 "MOV R0, #0x34\n"
54 "MCR p15, 0, R0,c2,c0\n"
55 "MOV R0, #0x34\n"
56 "MCR p15, 0, R0,c2,c0, 1\n"
57 "MOV R0, #0x34\n"
58 "MCR p15, 0, R0,c3,c0\n"
59 "LDR R0, =0x3333330\n"
60 "MCR p15, 0, R0,c5,c0, 2\n"
61 "LDR R0, =0x3333330\n"
62 "MCR p15, 0, R0,c5,c0, 3\n"
63 "MRC p15, 0, R0,c1,c0\n"
64 "ORR R0, R0, #0x1000\n"
65 "ORR R0, R0, #4\n"
66 "ORR R0, R0, #1\n"
67 "MCR p15, 0, R0,c1,c0\n"
68 "MOV R1, #0x40000006\n"
69 "MCR p15, 0, R1,c9,c1\n"
70 "MOV R1, #6\n"
71 "MCR p15, 0, R1,c9,c1, 1\n"
72 "MRC p15, 0, R1,c1,c0\n"
73 "ORR R1, R1, #0x50000\n"
74 "MCR p15, 0, R1,c1,c0\n"
75 "LDR R2, =0xC0200000\n"
76 "MOV R1, #1\n"
77 "STR R1, [R2,#0x10C]\n"
78 "MOV R1, #0xFF\n"
79 "STR R1, [R2,#0xC]\n"
80 "STR R1, [R2,#0x1C]\n"
81 "STR R1, [R2,#0x2C]\n"
82 "STR R1, [R2,#0x3C]\n"
83 "STR R1, [R2,#0x4C]\n"
84 "STR R1, [R2,#0x5C]\n"
85 "STR R1, [R2,#0x6C]\n"
86 "STR R1, [R2,#0x7C]\n"
87 "STR R1, [R2,#0x8C]\n"
88 "STR R1, [R2,#0x9C]\n"
89 "STR R1, [R2,#0xAC]\n"
90 "STR R1, [R2,#0xBC]\n"
91 "STR R1, [R2,#0xCC]\n"
92 "STR R1, [R2,#0xDC]\n"
93 "STR R1, [R2,#0xEC]\n"
94 "STR R1, [R2,#0xFC]\n"
95 "LDR R1, =0xC0400008\n"
96 "LDR R2, =0x430005\n"
97 "STR R2, [R1]\n"
98 "MOV R1, #1\n"
99 "LDR R2, =0xC0243100\n"
100 "STR R2, [R1]\n"
101 "LDR R2, =0xC0242010\n"
102 "LDR R1, [R2]\n"
103 "ORR R1, R1, #1\n"
104 "STR R1, [R2]\n"
105 "LDR R0, =0xFFF03620\n"
106 "LDR R1, =0x1900\n"
107 "LDR R3, =0xB294\n"
108 "loc_FFC0013C:\n"
109 "CMP R1, R3\n"
110 "LDRCC R2, [R0],#4\n"
111 "STRCC R2, [R1],#4\n"
112 "BCC loc_FFC0013C\n"
113 "LDR R1, =0x133D38 \n"
114 "MOV R2, #0\n"
115 "loc_FFC00154:\n"
116 "CMP R3, R1\n"
117 "STRCC R2, [R3],#4\n"
118 "BCC loc_FFC00154\n"
119
120 "B sub_FFC00358_my\n"
121 );
122 };
123
124 void __attribute__((naked,noinline)) sub_FFC00358_my() {
125 *(int*)0x1930=(int)taskCreateHook;
126 *(int*)0x1934=(int)taskCreateHook2;
127 *(int*)0x1938=(int)taskCreateHook;
128
129 *(int*)(0x21B4)= (*(int*)0xC02200A8)&1 ? 0x200000 : 0x100000;
130
131 asm volatile (
132 "loc_FFC00358:\n"
133 "LDR R0, =0xFFC003D0\n"
134 "MOV R1, #0\n"
135 "LDR R3, =0xFFC00408\n"
136 "loc_FFC00364:\n"
137 "CMP R0, R3\n"
138 "LDRCC R2, [R0],#4\n"
139 "STRCC R2, [R1],#4\n"
140 "BCC loc_FFC00364\n"
141 "LDR R0, =0xFFC00408\n"
142 "MOV R1, #0x4B0\n"
143 "LDR R3, =0xFFC0061C\n"
144 "loc_FFC00380:\n"
145 "CMP R0, R3\n"
146 "LDRCC R2, [R0],#4\n"
147 "STRCC R2, [R1],#4\n"
148 "BCC loc_FFC00380\n"
149 "MOV R0, #0xD2\n"
150 "MSR CPSR_cxsf, R0\n"
151 "MOV SP, #0x1000\n"
152 "MOV R0, #0xD3\n"
153 "MSR CPSR_cxsf, R0\n"
154 "MOV SP, #0x1000\n"
155 "LDR R0, =0x6C4\n"
156 "LDR R2, =0xEEEEEEEE\n"
157 "MOV R3, #0x1000\n"
158 "loc_FFC003B4:\n"
159 "CMP R0, R3\n"
160 "STRCC R2, [R0],#4\n"
161 "BCC loc_FFC003B4\n"
162
163 "BL sub_FFC0119C_my\n"
164
165
166
167
168
169
170
171
172
173
174
175 );
176 };
177
178
179 void __attribute__((naked,noinline)) sub_FFC0119C_my() {
180 asm volatile (
181 "STR LR, [SP,#-4]!\n"
182 "SUB SP, SP, #0x74\n"
183 "MOV R0, SP\n"
184 "MOV R1, #0x74\n"
185 "BL sub_FFE8D78C\n"
186 "MOV R0, #0x53000\n"
187 "STR R0, [SP,#4]\n"
188 #if defined(CHDK_NOT_IN_CANON_HEAP)
189 "LDR R0, =0x133D38\n"
190 #else
191 "LDR R0, =new_sa\n"
192 "LDR R0, [R0]\n"
193 #endif
194 "LDR R2, =0x279C00\n"
195 "LDR R1, =0x2724A8\n"
196 "STR R0, [SP,#8]\n"
197 "SUB R0, R1, R0\n"
198 "ADD R3, SP, #0xC\n"
199 "STR R2, [SP]\n"
200 "STMIA R3, {R0-R2}\n"
201 "MOV R0, #0x22\n"
202 "STR R0, [SP,#0x18]\n"
203 "MOV R0, #0x68\n"
204 "STR R0, [SP,#0x1C]\n"
205 "LDR R0, =0x19B\n"
206
207 "LDR R1, =sub_FFC05E5C_my\n"
208 "LDR PC, =0xffc011f0\n"
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234 );
235 };
236
237 void __attribute__((naked,noinline)) sub_FFC05E5C_my() {
238 asm volatile (
239 "STMFD SP!, {R4,LR}\n"
240 "BL sub_FFC00B24\n"
241 "BL sub_FFC0A838\n"
242 "CMP R0, #0\n"
243 "LDRLT R0, =0xFFC05F70\n"
244 "BLLT sub_FFC05F50 \n"
245 "BL sub_FFC05A98\n"
246 "CMP R0, #0\n"
247 "LDRLT R0, =0xFFC05F78\n"
248 "BLLT sub_FFC05F50\n"
249 "LDR R0, =0xFFC05F88\n"
250 "BL sub_FFC05B80\n"
251 "CMP R0, #0\n"
252 "LDRLT R0, =0xFFC05F90\n"
253 "BLLT sub_FFC05F50\n"
254 "LDR R0, =0xFFC05F88\n"
255 "BL sub_FFC03BF4\n"
256 "CMP R0, #0\n"
257 "LDRLT R0, =0xFFC05FA4\n"
258 "BLLT sub_FFC05F50\n"
259 "BL sub_FFC0A230\n"
260 "CMP R0, #0\n"
261 "LDRLT R0, =0xFFC05FB0\n"
262 "BLLT sub_FFC05F50\n"
263 "BL sub_FFC01680\n"
264 "CMP R0, #0\n"
265 "LDRLT R0, =0xFFC05FBC\n"
266 "BLLT sub_FFC05F50\n"
267 "LDMFD SP!, {R4,LR}\n"
268
269 "B taskcreate_Startup_my\n"
270 );
271 };
272
273
274
275 void __attribute__((naked,noinline)) taskcreate_Startup_my() {
276 asm volatile (
277 "STMFD SP!, {R3,LR}\n"
278 "BL sub_FFC23A78\n"
279 "BL sub_FFC2AF84\n"
280 "CMP R0, #0\n"
281 "BNE loc_FFC105F8\n"
282 "BL sub_FFC2526C\n"
283 "CMP R0, #0\n"
284 "BEQ loc_FFC105F8\n"
285 "BL sub_FFC23A74\n"
286 "CMP R0, #0\n"
287 "BNE loc_FFC105F8\n"
288 "LDR R1, =0xC0220000\n"
289 "MOV R0, #0x44\n"
290 "STR R0, [R1,#0x48]\n"
291 "loc_FFC105F4:\n"
292 "B loc_FFC105F4\n"
293 "loc_FFC105F8:\n"
294
295 "BL sub_FFC23A7C\n"
296 "BL sub_FFC293A8\n"
297 "LDR R1, =0x2CE000\n"
298 "MOV R0, #0\n"
299 "BL sub_FFC295F0\n"
300 "BL sub_FFC2959C\n"
301 "MOV R3, #0\n"
302 "STR R3, [SP]\n"
303
304 "LDR R3, =task_Startup_my\n"
305 "MOV R2, #0\n"
306 "MOV R1, #0x19\n"
307 "LDR R0, =0xFFC10640\n"
308 "BL sub_FFC0F110\n"
309 "MOV R0, #0\n"
310 "LDMFD SP!, {R12,PC}\n"
311 );
312 };
313
314 void __attribute__((naked,noinline)) task_Startup_my() {
315 asm volatile (
316
317 "STMFD SP!, {R4,LR}\n"
318 "BL sub_FFC06228\n"
319 "BL sub_FFC24B7C\n"
320 "BL sub_FFC23414\n"
321 "BL sub_FFC2AFC4\n"
322 "BL sub_FFC2B1B0\n"
323
324 "BL sub_FFC2B34C\n"
325 "BL sub_FFC2B1E0\n"
326 "BL sub_FFC28840\n"
327 "BL sub_FFC2B350\n"
328
329 );
330 CreateTask_PhySw();
331 CreateTask_spytask();
332 asm volatile (
333 "BL sub_FFC26EA8\n"
334 "BL sub_FFC2B368\n"
335 "BL sub_FFC222BC\n"
336 "BL sub_FFC22E6C\n"
337 "BL sub_FFC2AD5C\n"
338 "BL sub_FFC233C8\n"
339 "BL sub_FFC22E08\n"
340 "BL sub_FFC2BDCC\n"
341 "BL sub_FFC22DE0\n"
342 "LDMFD SP!, {R4,LR}\n"
343 "B sub_FFC06128\n"
344 );
345 };
346
347 void spytask(long ua, long ub, long uc, long ud, long ue, long uf)
348 {
349 (void)ua; (void)ub; (void)uc; (void)ud; (void)ue; (void)uf;
350 core_spytask();
351 }
352 void CreateTask_spytask() {
353 _CreateTask("SpyTask", 0x19, 0x2000, spytask, 0);
354 };
355
356 void __attribute__((naked,noinline)) CreateTask_PhySw() {
357 asm volatile (
358 "STMFD SP!, {R3-R5,LR}\n"
359 "LDR R4, =0x1BE4\n"
360 "LDR R0, [R4,#0x10]\n"
361 "CMP R0, #0\n"
362 "BNE loc_FFC2399C\n"
363 "MOV R3, #0\n"
364 "STR R3, [SP]\n"
365
366
367 "LDR R3, =mykbd_task\n"
368 "MOV R2, #0x2000\n"
369
370
371 "MOV R1, #0x17\n"
372 "LDR R0, =0xFFC23B70\n"
373 "BL sub_FFC0F3E8 \n"
374 "STR R0, [R4,#0x10]\n"
375 "loc_FFC2399C:\n"
376 "BL sub_FFC6AA64\n"
377 "BL sub_FFC251E4\n"
378 "CMP R0, #0\n"
379 "LDREQ R1, =0x2EEE0\n"
380 "LDMEQFD SP!, {R3-R5,LR}\n"
381 "BEQ sub_FFC6A9EC\n"
382 "LDMFD SP!, {R3-R5,PC}\n"
383 "CMP R0, #3\n"
384 );
385 };
386
387 void __attribute__((naked,noinline)) init_file_modules_task() {
388 asm volatile (
389
390 "STMFD SP!, {R4-R6,LR}\n"
391 "BL sub_FFC6CF30\n"
392 "LDR R5, =0x5006\n"
393 "MOVS R4, R0\n"
394 "MOVNE R1, #0\n"
395 "MOVNE R0, R5\n"
396 "BLNE sub_FFC6F7EC\n"
397
398 "BL sub_FFC6CF5C_my\n"
399 "BL core_spytask_can_start\n"
400 "CMP R4, #0\n"
401 "MOVEQ R0, R5\n"
402 "LDMEQFD SP!, {R4-R6,LR}\n"
403 "MOVEQ R1, #0\n"
404 "BEQ sub_FFC6F7EC\n"
405 "LDMFD SP!, {R4-R6,PC}\n"
406 );
407 };
408
409 void __attribute__((naked,noinline)) sub_FFC6CF5C_my() {
410 asm volatile (
411
412 "STMFD SP!, {R4,LR}\n"
413 "MOV R0, #3\n"
414
415 "BL sub_FFC52014_my\n"
416 "LDR PC,=0xffc6cf68\n"
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434 );
435 };
436
437
438 void __attribute__((naked,noinline)) sub_FFC52014_my() {
439 asm volatile (
440 "STMFD SP!, {R4-R8,LR}\n"
441 "MOV R8, R0\n"
442 "BL sub_FFC51F94\n"
443 "LDR R1, =0x33688\n"
444 "MOV R6, R0\n"
445 "ADD R4, R1, R0,LSL#7\n"
446 "LDR R0, [R4,#0x6C]\n"
447 "CMP R0, #4\n"
448 "LDREQ R1, =0x817\n"
449 "LDREQ R0, =0xFFC51AD4\n"
450 "BLEQ sub_FFC0F5E8\n"
451 "MOV R1, R8\n"
452 "MOV R0, R6\n"
453 "BL sub_FFC5184C\n"
454 "LDR R0, [R4,#0x38]\n"
455 "BL sub_FFC526B4\n"
456 "CMP R0, #0\n"
457 "STREQ R0, [R4,#0x6C]\n"
458 "MOV R0, R6\n"
459 "BL sub_FFC518DC\n"
460 "MOV R0, R6\n"
461
462 "BL sub_FFC51C3C_my\n"
463 "LDR PC, =0xffc5206c\n"
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499 );
500 };
501
502 void __attribute__((naked,noinline)) sub_FFC51C3C_my() {
503
504 asm volatile (
505 "STMFD SP!, {R4-R6,LR}\n"
506 "MOV R5, R0\n"
507 "LDR R0, =0x33688\n"
508 "ADD R4, R0, R5,LSL#7\n"
509 "LDR R0, [R4,#0x6C]\n"
510 "TST R0, #2\n"
511 "MOVNE R0, #1\n"
512 "LDMNEFD SP!, {R4-R6,PC}\n"
513 "LDR R0, [R4,#0x38]\n"
514 "MOV R1, R5\n"
515
516 "BL sub_FFC5195C_my\n"
517 "LDR PC,=0xffc51c68\n"
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539 );
540 };
541
542
543 void __attribute__((naked,noinline)) sub_FFC5195C_my() {
544 asm volatile (
545 "STMFD SP!, {R4-R10,LR}\n"
546 "MOV R9, R0\n"
547 "LDR R0, =0x33688\n"
548 "MOV R8, #0\n"
549 "ADD R5, R0, R1,LSL#7\n"
550 "LDR R0, [R5,#0x3C]\n"
551 "MOV R7, #0\n"
552 "CMP R0, #7\n"
553 "MOV R6, #0\n"
554 "ADDLS PC, PC, R0,LSL#2\n"
555 "B loc_FFC51AB4\n"
556 "loc_FFC51988:\n"
557 "B loc_FFC519C0\n"
558 "loc_FFC5198C:\n"
559 "B loc_FFC519A8\n"
560 "loc_FFC51990:\n"
561 "B loc_FFC519A8\n"
562 "loc_FFC51994:\n"
563 "B loc_FFC519A8\n"
564 "loc_FFC51998:\n"
565 "B loc_FFC519A8\n"
566 "loc_FFC5199C:\n"
567 "B loc_FFC51AAC\n"
568 "loc_FFC519A0:\n"
569 "B loc_FFC519A8\n"
570 "loc_FFC519A4:\n"
571 "B loc_FFC519A8\n"
572 "loc_FFC519A8:\n"
573 "MOV R2, #0\n"
574 "MOV R1, #0x200\n"
575 "MOV R0, #2\n"
576 "BL sub_FFC6715C\n"
577 "MOVS R4, R0\n"
578 "BNE loc_FFC519C8\n"
579 "loc_FFC519C0:\n"
580 "MOV R0, #0\n"
581 "LDMFD SP!, {R4-R10,PC}\n"
582 "loc_FFC519C8:\n"
583 "LDR R12, [R5,#0x50]\n"
584 "MOV R3, R4\n"
585 "MOV R2, #1\n"
586 "MOV R1, #0\n"
587 "MOV R0, R9\n"
588 "BLX R12\n"
589 "CMP R0, #1\n"
590 "BNE loc_FFC519F4\n"
591 "MOV R0, #2\n"
592 "BL sub_FFC672A8\n"
593 "B loc_FFC519C0\n"
594 "loc_FFC519F4:\n"
595 "LDR R1, [R5,#0x64]\n"
596 "MOV R0, R9\n"
597 "BLX R1\n"
598
599 "MOV R1, R4\n"
600
601
602
603
604
605
606
607 "MOV R12, R4\n"
608 "MOV LR, R4\n"
609 "MOV R1, #1\n"
610 "B dg_sd_fat32_enter\n"
611 "dg_sd_fat32:\n"
612 "CMP R1, #4\n"
613 "BEQ dg_sd_fat32_end\n"
614 "ADD R12, R12, #0x10\n"
615 "ADD R1, R1, #1\n"
616 "dg_sd_fat32_enter:\n"
617 "LDRB R2, [R12, #0x1BE]\n"
618 "LDRB R3, [R12, #0x1C2]\n"
619 "CMP R3, #0xB\n"
620 "CMPNE R3, #0xC\n"
621 "BNE dg_sd_fat32\n"
622 "CMP R2, #0x00\n"
623 "CMPNE R2, #0x80\n"
624 "BNE dg_sd_fat32\n"
625
626 "MOV R4, R12\n"
627
628 "dg_sd_fat32_end:\n"
629
630
631
632 "LDRB R1, [R4,#0x1C9]\n"
633 "LDRB R3, [R4,#0x1C8]\n"
634 "LDRB R12, [R4,#0x1CC]\n"
635 "MOV R1, R1,LSL#24\n"
636 "ORR R1, R1, R3,LSL#16\n"
637 "LDRB R3, [R4,#0x1C7]\n"
638 "LDRB R2, [R4,#0x1BE]\n"
639
640 "ORR R1, R1, R3,LSL#8\n"
641 "LDRB R3, [R4,#0x1C6]\n"
642 "CMP R2, #0\n"
643 "CMPNE R2, #0x80\n"
644 "ORR R1, R1, R3\n"
645 "LDRB R3, [R4,#0x1CD]\n"
646 "MOV R3, R3,LSL#24\n"
647 "ORR R3, R3, R12,LSL#16\n"
648 "LDRB R12, [R4,#0x1CB]\n"
649 "ORR R3, R3, R12,LSL#8\n"
650 "LDRB R12, [R4,#0x1CA]\n"
651 "ORR R3, R3, R12\n"
652
653 "LDRB R12, [LR,#0x1FE]\n"
654 "LDRB LR, [LR,#0x1FF]\n"
655 "BNE loc_FFC51A80\n"
656 "CMP R0, R1\n"
657 "BCC loc_FFC51A80\n"
658 "ADD R2, R1, R3\n"
659 "CMP R2, R0\n"
660 "CMPLS R12, #0x55\n"
661 "CMPEQ LR, #0xAA\n"
662 "MOVEQ R7, R1\n"
663 "MOVEQ R6, R3\n"
664 "MOVEQ R4, #1\n"
665 "BEQ loc_FFC51A84\n"
666 "loc_FFC51A80:\n"
667 "MOV R4, R8\n"
668 "loc_FFC51A84:\n"
669 "MOV R0, #2\n"
670 "BL sub_FFC672A8\n"
671 "CMP R4, #0\n"
672 "BNE loc_FFC51AC0\n"
673 "LDR R1, [R5,#0x64]\n"
674 "MOV R7, #0\n"
675 "MOV R0, R9\n"
676 "BLX R1\n"
677 "MOV R6, R0\n"
678 "B loc_FFC51AC0\n"
679 "loc_FFC51AAC:\n"
680 "MOV R6, #0x40\n"
681 "B loc_FFC51AC0\n"
682 "loc_FFC51AB4:\n"
683 "LDR R1, =0x572\n"
684 "LDR R0, =0xFFC51AD4\n"
685 "BL sub_FFC0F5E8\n"
686 "loc_FFC51AC0:\n"
687 "STR R7, [R5,#0x44]!\n"
688 "STMIB R5, {R6,R8}\n"
689 "MOV R0, #1\n"
690 "LDMFD SP!, {R4-R10,PC}\n"
691
692 );
693 };
694