1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4 #include "dryos31.h"
5 //#include "stdlib.h"
6
7
8 extern void task_FileWrite();
9
10 //IXUS 1000 100F
11
12 #define LED_PR 0xC0220138 // -> ASM1989 08.24.2010 found at FF91E080 in sx200 was FF8E73D0
13 void __attribute__((naked,noinline)) blink()
14 {
15 volatile long *p=(void*)LED_PR;
16 int i;
17 int cnt =100;
18 for(;cnt>0;cnt--){
19 p[0]=0x46;
20
21 for(i=0;i<0x200000;i++){
22 asm ("nop\n");
23 asm ("nop\n");
24 }
25 p[0]=0x44;
26 for(i=0;i<0x200000;i++){
27 asm ("nop\n");
28 asm ("nop\n");
29 }
30 }
31 shutdown();
32 }
33
34 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
35
36 void JogDial_task_my(void);
37
38 const char * const new_sa = &_end;
39
40 void taskHook(context_t **context) {
41
42 task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
43
44 if(!_strcmp(tcb->name, "PhySw")) tcb->entry = (void*)mykbd_task; //JHARP - Verified name - Sept 5, 2010
45 if(!_strcmp(tcb->name, "CaptSeqTask")) tcb->entry = (void*)capt_seq_task; //JHARP - Verified name - Sept 5, 2010
46 if(!_strcmp(tcb->name, "InitFileModules")) tcb->entry = (void*)init_file_modules_task; //JHARP - Verified name - Sept 5, 2010
47 if(!_strcmp(tcb->name, "MovieRecord")) tcb->entry = (void*)movie_record_task; //JHARP - Verified name - Sept 5, 2010
48 if(!_strcmp(tcb->name, "ExpDrvTask")) tcb->entry = (void*)exp_drv_task; //JHARP - Verified name - Sept 5, 2010
49 if(!_strcmp(tcb->name, "RotarySw")) tcb->entry = (void*)JogDial_task_my; //JHARP - Must verify the code in use - Sept 5, 2010
50 if(tcb->entry == (void*)task_FileWrite) tcb->entry = (void*)filewritetask;
51
52 }
53
54 void CreateTask_spytask() {
55 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
56 };
57
58
59 void __attribute__((naked,noinline)) boot() {
60 asm volatile (
61 //"B sub_FF81000C\n" // work
62 "LDR R1, =0xC0410000\n"
63 "MOV R0, #0\n"
64 "STR R0, [R1]\n"
65 "MOV R1, #0x78\n"
66 "MCR p15, 0, R1,c1,c0\n" // control reg
67 "MOV R1, #0\n"
68 "MCR p15, 0, R1,c7,c10, 4\n" // drain write buffer
69 "MCR p15, 0, R1,c7,c5\n" // flush instruction cache
70 "MCR p15, 0, R1,c7,c6\n" // flush data cache
71 "MOV R0, #0x3D\n" // size 2GB base 0x00000000
72 "MCR p15, 0, R0,c6,c0\n"
73 "MOV R0, #0xC000002F\n" // size 16M base 0xc0000000
74 "MCR p15, 0, R0,c6,c1\n"
75 "MOV R0, #0x35\n" // size 128M base 0x00000000 (s90 is 64M)
76 "MCR p15, 0, R0,c6,c2\n"
77 "MOV R0, #0x40000035\n" // size 128M base 0x40000000 (s90 is 64M)
78 "MCR p15, 0, R0,c6,c3\n"
79 "MOV R0, #0x80000017\n" // size 4k base 0x80000000
80 "MCR p15, 0, R0,c6,c4\n"
81 "LDR R0, =0xFF80002D\n" // size 8M base 0xff800000
82 "MCR p15, 0, R0,c6,c5\n"
83 "MOV R0, #0x34\n"
84 "MCR p15, 0, R0,c2,c0\n"
85 "MOV R0, #0x34\n"
86 "MCR p15, 0, R0,c2,c0, 1\n"
87 "MOV R0, #0x34\n"
88 "MCR p15, 0, R0,c3,c0\n"
89 "LDR R0, =0x3333330\n"
90 "MCR p15, 0, R0,c5,c0, 2\n"
91 "LDR R0, =0x3333330\n"
92 "MCR p15, 0, R0,c5,c0, 3\n"
93 "MRC p15, 0, R0,c1,c0\n"
94 "ORR R0, R0, #0x1000\n"
95 "ORR R0, R0, #4\n"
96 "ORR R0, R0, #1\n"
97 "MCR p15, 0, R0,c1,c0\n"
98 "MOV R1, #0x80000006\n"
99 "MCR p15, 0, R1,c9,c1\n"
100 "MOV R1, #6\n"
101 "MCR p15, 0, R1,c9,c1, 1\n"
102 "MRC p15, 0, R1,c1,c0\n"
103 "ORR R1, R1, #0x50000\n"
104 "MCR p15, 0, R1,c1,c0\n"
105 "LDR R2, =0xC0200000\n"
106 "MOV R1, #1\n"
107 "STR R1, [R2,#0x10C]\n"
108 "MOV R1, #0xFF\n"
109 "STR R1, [R2,#0xC]\n"
110 "STR R1, [R2,#0x1C]\n"
111 "STR R1, [R2,#0x2C]\n"
112 "STR R1, [R2,#0x3C]\n"
113 "STR R1, [R2,#0x4C]\n"
114 "STR R1, [R2,#0x5C]\n"
115 "STR R1, [R2,#0x6C]\n"
116 "STR R1, [R2,#0x7C]\n"
117 "STR R1, [R2,#0x8C]\n"
118 "STR R1, [R2,#0x9C]\n"
119 "STR R1, [R2,#0xAC]\n"
120 "STR R1, [R2,#0xBC]\n"
121 "STR R1, [R2,#0xCC]\n"
122 "STR R1, [R2,#0xDC]\n"
123 "STR R1, [R2,#0xEC]\n"
124 "STR R1, [R2,#0xFC]\n"
125 "LDR R1, =0xC0400008\n"
126 "LDR R2, =0x430005\n"
127 "STR R2, [R1]\n"
128 "MOV R1, #1\n"
129 "LDR R2, =0xC0243100\n"
130 "STR R2, [R1]\n"
131 "LDR R2, =0xC0242010\n"
132 "LDR R1, [R2]\n"
133 "ORR R1, R1, #1\n"
134 "STR R1, [R2]\n"
135 "LDR R0, =0xFFC56CD0\n" // changed from 100 was FFC56CC8
136 "LDR R1, =0x1900\n"
137 "LDR R3, =0x10728\n" //changed from 100D
138 "loc_FF81013C:\n"
139
140 "CMP R1, R3\n"
141 "LDRCC R2, [R0],#4\n"
142 "STRCC R2, [R1],#4\n"
143 "BCC loc_FF81013C\n"
144 "LDR R1, =0x172BF8\n"
145 "MOV R2, #0\n"
146 "loc_FF810154:\n"
147 "CMP R3, R1\n"
148 "STRCC R2, [R3],#4\n"
149 "BCC loc_FF810154\n"
150 "B sub_FF810354_my\n"
151 //---------->
152 );
153 }
154
155
156 void __attribute__((naked,noinline)) sub_FF810354_my() { // ASM1989 -> In sx200 was: sub_FF8101A0_my
157
158
159
160 *(int*)0x1938=(int)taskHook; //was 1934 in sx200 if 1938 hangs
161 *(int*)0x193C=(int)taskHook;
162
163
164 if ((*(int*) 0xC022010C) & 1) // look at play switch
165 *(int*)(0x254C) = 0x400000; // start in play mode
166 else
167 *(int*)(0x254C) = 0x200000; // start in rec mode
168
169 asm volatile (
170 "LDR R0, =0xFF8103CC\n"
171 "MOV R1, #0\n"
172 "LDR R3, =0xFF810404\n"
173 "loc_FF810360:\n"
174 "CMP R0, R3\n"
175 "LDRCC R2, [R0],#4\n"
176 "STRCC R2, [R1],#4\n"
177 "BCC loc_FF810360\n"
178 "LDR R0, =0xFF810404\n"
179 "MOV R1, #0x4B0\n"
180 "LDR R3, =0xFF810618\n"
181 "loc_FF81037C:\n"
182 "CMP R0, R3\n"
183 "LDRCC R2, [R0],#4\n"
184 "STRCC R2, [R1],#4\n"
185 "BCC loc_FF81037C\n"
186 "MOV R0, #0xD2\n"
187 "MSR CPSR_cxsf, R0\n"
188 "MOV SP, #0x1000\n"
189 "MOV R0, #0xD3\n"
190 "MSR CPSR_cxsf, R0\n"
191 "MOV SP, #0x1000\n"
192 "LDR R0, =0x6C4\n"
193 "LDR R2, =0xEEEEEEEE\n"
194 "MOV R3, #0x1000\n"
195 "loc_FF8103B0:\n"
196 "CMP R0, R3\n"
197 "STRCC R2, [R0],#4\n"
198 "BCC loc_FF8103B0\n"
199 "BL sub_FF811198_my\n"
200 //------------>
201
202 //this is not disasmbled in 100F asuming is like 100D
203
204 "loc_FF8103C0:\n"
205 "ANDEQ R0, R0, R4,ASR#13\n"
206 "loc_FF8103C4:\n"
207 "ANDEQ R0, R0, R0,ROR R6\n"
208 "loc_FF8103C8:\n"
209 "ANDEQ R0, R0, R4,ROR R6\n"
210 "loc_FF8103CC:\n"
211 "NOP\n"
212 "LDR PC, =0xFF810618\n"
213 );
214 }
215
216 void __attribute__((naked,noinline)) sub_FF811198_my() {
217 asm volatile (
218 "STR LR, [SP,#-4]!\n"
219 "SUB SP, SP, #0x74\n"
220 "MOV R0, SP\n"
221 "MOV R1, #0x74\n"
222 "BL sub_FFB87550\n" // sub_FFB8754C 100D
223 //v4 stuff all copied from s95 its the same in principle
224 /*
225 " MOV R0, #0x53000 \n"
226 " STR R0, [SP,#4] \n"
227
228 //" LDR R0, =0x172BF8 \n" // old code
229 " LDR R0, =new_sa \n" // chdk patched
230 " LDR R0, [R0] \n" // chdk patched
231
232 " LDR R1, =0x379C00 \n"
233 " STR R0, [SP,#8] \n"
234 " RSB R0, R0, #0x1F80 \n"
235 " ADD R0, R0, #0x370000 \n"
236 " STR R0, [SP,#0x0c] \n"
237 " LDR R0, =0x371F80 \n"
238 " STR R1, [SP,#0] \n"
239 " STRD R0, [SP,#0x10] \n"
240 " MOV R0, #0x22 \n"
241 " STR R0, [SP,#0x18] \n"
242 " MOV R0, #0x68 \n"
243 " STR R0, [SP,#0x1c] \n"
244 " LDR R0, =0x19B \n"
245
246 */
247
248
249
250 //v3 stuff
251
252 "MOV R0, #0x53000\n"
253 "STR R0, [SP,#4]\n"
254 #if defined(CHDK_NOT_IN_CANON_HEAP) // use original heap offset if CHDK is loaded in high memory
255 " LDR R0, =0x172BF8 \n"
256 #else
257 " LDR R0, =new_sa\n" // otherwise use patched value
258 " LDR R0, [R0]\n" //
259 #endif
260 //"LDR R0, =0x172BF8\n"
261 "LDR R1, =0x379C00\n"
262 "STR R0, [SP,#8]\n"
263 //"SUB R0, R1, R0\n"
264 "RSB R0, R0, #0x1F80\n" // new in this cam
265 "ADD R0, R0, #0x370000\n" // new in this cam
266 "STR R0, [SP,#0x0c]\n" //changed
267 "LDR R0, =0x371F80\n"// new in this cam
268 //copied from s95
269 "STR R1, [SP,#0] \n"
270 "STRD R0, [SP,#0x10] \n"
271 "MOV R0, #0x22 \n"
272 "STR R0, [SP,#0x18] \n"
273 "MOV R0, #0x68 \n"
274 "STR R0, [SP,#0x1c] \n"
275 "LDR R0, =0x19B \n"
276
277
278
279
280 "LDR R1, =sub_FF815EE0_my\n" // chdk patched
281
282 //"LDR R1, =0xFF815EE0\n" // old code
283
284
285 //------------>
286
287
288
289 "STR R0, [SP,#0x20]\n"
290 "MOV R0, #0x96\n"
291 "STR R0, [SP,#0x24]\n"
292 //"MOV R0, #0x78\n" // looks like its not in 100F
293 "STR R0, [SP,#0x28]\n"
294 "MOV R0, #0x64\n"
295 "STR R0, [SP,#0x2C]\n"
296 "MOV R0, #0\n"
297 "STR R0, [SP,#0x30]\n"
298 "STR R0, [SP,#0x34]\n"
299 "MOV R0, #0x10\n"
300 "STR R0, [SP,#0x5C]\n"
301 "MOV R0, #0x800\n"
302 "STR R0, [SP,#0x60]\n"
303 "MOV R0, #0xA0\n"
304 "STR R0, [SP,#0x64]\n"
305 "MOV R0, #0x280\n"
306 "STR R0, [SP,#0x68]\n"
307 "MOV R0, SP\n"
308 "MOV R2, #0\n"
309
310
311 /*
312 //copied from s95 // not work
313 " MOV R0, #0x96 \n"
314 " STR R0, [SP,#0x24] \n"
315 " STR R0, [SP,#0x28] \n"
316 " MOV R0, #0x64 \n"
317 " STR R0, [SP,#0x2c] \n"
318 " MOV R0, #0 \n"
319 " STR R0, [SP,#0x30] \n"
320 " STR R0, [SP,#0x34] \n"
321 " MOV R0, #0x10 \n"
322 " STR R0, [SP,#0x5c] \n"
323 " MOV R0, #0x800 \n"
324 " STR R0, [SP,#0x60] \n"
325 " MOV R0, #0xA0 \n"
326 " STR R0, [SP,#0x64] \n"
327 " MOV R0, #0x280 \n"
328 " STR R0, [SP,#0x68] \n"
329 " MOV R0, SP \n"
330 " MOV R2, #0 \n"
331 */
332 "BL sub_FF8134B8\n"
333
334 "ADD SP, SP, #0x74\n"
335 "LDR PC, [SP],#4\n"
336 );
337 }
338
339 //Almost till here maybe checked
340
341 void __attribute__((naked,noinline)) sub_FF815EE0_my() {
342
343 //v4 testing full s95 code
344 /*
345 asm volatile (
346 " STMFD SP!, {R4,LR} \n"
347 " BL sub_FF810B20 \n"
348 " BL sub_FF81A33C \n" // dmSetup
349 " CMP R0, #0 \n"
350
351 //" ADRLT R0, aDmsetup \n" // "dmSetup"
352 " LDRLT r0, =0xFF815FF4 \n"
353
354 " BLLT sub_FF815FD4 \n" // err_init_task
355
356 " BL sub_FF815B1C \n"
357 " CMP R0, #0 \n"
358
359 //" ADRLT R0, aTermdriverinit \n" // "termDriverInit"
360 " LDRLT R0, =0xFF815FFC \n"
361
362 " BLLT sub_FF815FD4 \n" // err_init_task
363
364 //" ADR R0, a_term \n" // "/_term"
365 " LDR R0, =0xFF81600C \n"
366
367 " BL sub_FF815C04 \n" // termDeviceCreate
368 " CMP R0, #0 \n"
369
370 //" ADRLT R0, aTermdevicecrea \n" // "termDeviceCreate"
371 " LDRLT R0, =0xFF816014 \n"
372
373 " BLLT sub_FF815FD4 \n" // err_init_task
374
375 //" ADR R0, a_term \n" // "/_term"
376 " LDR R0, =0xFF81600C \n"
377
378 " BL sub_FF813CA4 \n"
379 " CMP R0, #0 \n"
380
381 //" ADRLT R0, aStdiosetup \n" // "stdioSetup"
382 " LDRLT R0, =0xFF816028 \n"
383
384 " BLLT sub_FF815FD4 \n" // err_init_task
385 " BL sub_FF819CC4 \n"
386 " CMP R0, #0 \n"
387
388 //" ADRLT R0, aStdlibsetup \n" // "stdlibSetup"
389 " LDRLT R0, =0xFF816034 \n"
390
391 " BLLT sub_FF815FD4 \n" // err_init_task
392 " BL sub_FF81167C \n"
393 " CMP R0, #0 \n"
394
395 //" ADRLT R0, aArmlib_setup \n" // "armlib_setup"
396 " LDRLT R0, =0xFF816040 \n"
397
398 " BLLT sub_FF815FD4 \n" // err_init_task
399
400 " LDMFD SP!, {R4,LR} \n"
401
402 //" B sub_FF81FB54 \n" // taskcreate_Startup
403 " B taskcreate_Startup_my \n" // patched
404
405 " MOV R0, #0 \n"
406 " LDMFD SP!, {R3-R5,PC} \n"
407 );
408 */
409
410 //v3
411
412 asm volatile (
413 "STMFD SP!, {R4,LR}\n"
414 "BL sub_FF810B20\n"
415 "BL sub_FF81A33C\n" // BL dmSetup
416 "CMP R0, #0\n"
417 "LDRLT R0, =0xFF815FF4\n" //Mising ; "dmSetup"
418 "BLLT sub_FF815FD4\n" //Mising err_init_task
419 "BL sub_FF815B1C\n"
420 "CMP R0, #0\n"
421 "LDRLT R0, =0xFF815FFC\n" // "termDriverInit"
422 "BLLT sub_FF815FD4\n" // err_init_task
423 "LDR R0, =0xFF81600C\n" // "/_term"
424 "BL sub_FF815C04\n" // termDeviceCreate
425 "CMP R0, #0\n"
426 "LDRLT R0, =0xFF816014\n" // "termDeviceCreate"
427 "BLLT sub_FF815FD4\n" // err_init_task
428 "LDR R0, =0xFF81600C\n" // "/_term"
429 "BL sub_FF813CA4\n"
430 "CMP R0, #0\n"
431 "LDRLT R0, =0xFF816028\n" // "stdioSetup"
432 "BLLT sub_FF815FD4\n" // err_init_task
433 "BL sub_FF819CC4\n"
434 "CMP R0, #0\n"
435 "LDRLT R0, =0xFF816034\n" //"stdlibSetup"
436 "BLLT sub_FF815FD4\n" // err_init_task
437 "BL sub_FF81167C\n"
438 "CMP R0, #0\n"
439 "LDRLT R0, =0xFF816040\n" // "armlib_setup"
440 "BLLT sub_FF815FD4\n" // err_init_task
441 "LDMFD SP!, {R4,LR}\n"
442 "B taskcreate_Startup_my\n" // ASM1989 -> at FF81FBA8
443 //---------->
444 //copied from s95
445 " MOV R0, #0 \n"
446 " LDMFD SP!, {R3-R5,PC} \n"
447
448 );
449 };
450
451
452 // ASM1989 -> Here starts the diferences with SX200
453
454 void __attribute__((naked,noinline)) taskcreate_Startup_my() {
455 asm volatile (
456
457 "STMFD SP!, {R3-R5,LR}\n"
458 "BL sub_FF8348CC\n" //j_nullsub_267
459 "BL sub_FF83D1D4\n"
460 "CMP R0, #0\n"
461
462 "BNE loc_FF81FBFC\n"
463
464
465 "BL sub_FF8370E8\n"
466 "CMP R0, #0\n"
467 "BEQ loc_FF81FBFC\n"
468
469
470 "LDR R4, =0xC0220000\n"
471
472
473
474 "LDR R0, [R4,#0x120]\n"
475 "TST R0, #1\n"
476 "MOVEQ R0, #0x12C\n"
477
478
479
480
481 "BLEQ sub_FF83B574\n" //ASM1989 -> eventproc_export_SleepTask
482
483
484
485 "BL sub_FF8348C8\n"
486 "CMP R0, #0\n"
487 "BNE loc_FF81FBFC\n"
488 "BL sub_FF833F34\n"
489 "MOV R0, #0x44\n"
490 "STR R0, [R4,#0x1C]\n"
491 "BL sub_FF834120\n"
492 "loc_FF81FBF8:\n"
493 "B loc_FF81FBF8\n"
494
495
496 "loc_FF81FBFC:\n"
497 //"BL sub_FF8348D4\n" // ASM1989 -> -- replaced for power button startup
498
499 "BL sub_FF8348D0\n"//ASM1989 -> j_nullsub_268
500 "BL sub_FF83B3EC\n"
501
502 "LDR R1, =0x3CE000\n"
503 "MOV R0, #0\n"
504
505 "BL sub_FF83B834\n"
506 "BL sub_FF83B5E0\n"
507 "MOV R3, #0\n"
508
509 "STR R3, [SP]\n"
510
511 "LDR R3, =task_Startup_my\n" // ASM1989 -> original is FF81FAF0 task_Startup // LDR instead of ADR
512 //---------------->
513 //ASM_SAFE("BL blink\n")
514 "MOV R2, #0\n"
515 "MOV R1, #0x19\n"
516 "LDR R0, =0xFF81FC60\n" //aStartup // LDR instead of ADR
517
518
519 "BL sub_FF81E8A0\n" //eventproc_export_CreateTask
520 "MOV R0, #0\n"
521 "LDMFD SP!, {R3-R5,PC}\n"
522
523
524
525
526 );
527 }
528
529 // TESTING S95 Code style
530
531
532 void __attribute__((naked,noinline)) task_Startup_my() {
533 asm volatile (
534
535 "STMFD SP!, {R4,LR}\n"
536
537 "BL sub_FF816594\n" // taskcreate_ClockSave
538 "BL sub_FF835A30\n"
539 "BL sub_FF833B3C\n"
540 "BL sub_FF83D218\n" //j_nullsub_271
541 "BL sub_FF83D404\n"
542 // "BL sub_FF83D2AC\n" // start diskboot.bin
543 "BL sub_FF83D5AC\n"
544 "BL sub_FF81648C\n"
545 "BL sub_FF836754\n"
546 "LDR R1, =0x7C007C00\n"
547 "LDR R0, =0xC0F1800C\n"
548 "BL sub_FF835A3C\n"
549 "LDR R0, =0xC0F18010\n"
550 "MOV R1, #0\n"
551 //OK
552 "BL sub_FF835A3C\n"
553 "LDR R0, =0xC0F18018\n"
554 "MOV R1, #0\n"
555 "BL sub_FF835A3C\n"
556 "LDR R0, =0xC0F1801C\n"
557 "MOV R1, #0x1000\n"
558 "BL sub_FF835A3C\n"
559 "LDR R0, =0xC0F18020\n"
560 "MOV R1, #8\n"
561 "BL sub_FF835A3C\n"
562 //OK
563
564
565 "LDR R0, =0xC022D06C\n"
566 "MOV R1, #0xE000000\n"
567 "BL sub_FF835A3C\n"
568 "BL sub_FF8164CC\n"
569 //OK
570
571 "BL sub_FF8324F4\n"
572
573
574 //FAILS
575 //ASM_SAFE("BL blink\n")
576 "BL sub_FF83D434\n"
577
578
579
580
581
582 "BL sub_FF83AB90\n"
583 "BL sub_FF83D5B0\n"
584
585 "BL CreateTask_spytask\n" // +
586 //---------------->
587 "BL sub_FF834788\n" //taskcreate_PhySw
588 );
589
590 // CreateTask_PhySw(); // our keyboard task
591
592 // CreateTask_spytask(); // chdk initialization
593
594
595 // "BL CreateTask_spytask\n" // +
596 //---------------->
597
598
599 asm volatile (
600
601
602 "BL sub_FF838CF0\n"
603 "BL sub_FF83D5C8\n"
604 "BL sub_FF8318F8\n" //nullsub_2
605 "BL sub_FF8334A0\n"
606 "BL sub_FF83CF9C\n" //taskcreate_Bye
607 "BL sub_FF833AF0\n"
608 "BL sub_FF83343C\n" //taskcreate_BatteryTask
609 "BL sub_FF832528\n"
610 "BL sub_FF83E1D0\n"
611 "BL sub_FF8333F8\n"
612 "LDMFD SP!, {R4,LR}\n"
613 "B sub_FF8166B4\n"
614 );
615 }
616
617
618 /*void __attribute__((naked,noinline)) CreateTask_PhySw() {
619 asm volatile (
620 " STMFD SP!, {R3-R5,LR} \n"
621 " LDR R4, =0x1C34 \n"
622 " LDR R0, [R4,#0x10] \n"
623 " CMP R0, #0 \n"
624 " BNE loc_FF8347BC \n"
625 " MOV R3, #0 \n"
626 " STR R3, [SP] \n"
627
628 //" ADR R3, task_PhySw \n"
629 //" LDR R3, =sub_FF834754 \n"
630 //" MOV R2, #0x800 \n"
631
632 " LDR R3, =mykbd_task \n" // PhySw Task patch
633 " MOV R2, #0x2000 \n" // larger stack
634
635 " MOV R1, #0x17 \n"
636
637 //" ADR R0, aPhysw \n"
638 " LDR R0, =0xFF8349DC \n" // "PhySw"
639
640 " BL sub_FF83B634 \n" // KernelCreateTask
641 " STR R0, [R4,#0x10] \n"
642 "loc_FF8347BC: \n"
643 " BL sub_FF863968 \n" //taskcreate_RotaryEncoder
644 " BL sub_FF8941DC \n"
645 " BL sub_FF837060 \n" //IsFactoryMode
646 " CMP R0, #0 \n"
647 " LDREQ R1, =0x34414 \n"
648 " LDMEQFD SP!, {R3-R5,LR} \n"
649 " BEQ sub_FF894164 \n" // eventproc_export_OpLog.Start
650 " LDMFD SP!, {R3-R5,PC} \n"
651 );
652 }
653
654 */
655
656 /*----------------------------------------------------------------------
657 JogDial_task_my()
658
659 Patched jog dial task at FF86363C
660 -----------------------------------------------------------------------*/
661 void __attribute__((naked,noinline)) JogDial_task_my() {
662 asm volatile (
663 " STMFD SP!, {R4-R11,LR} \n"
664 " SUB SP, SP, #0x1C \n"
665 " BL sub_FF863A68 \n"
666 " LDR R1, =0x2560 \n"
667 " LDR R6, =0xFFB8D5F4 \n" //100D --- FFB8D5F0
668 " MOV R0, #0 \n"
669 " ADD R3, SP, #0x10 \n"
670 " ADD R12, SP, #0x14 \n"
671 " ADD R10, SP, #0x08 \n"
672 " MOV R2, #0 \n"
673 " ADD R9, SP, #0xC \n"
674
675 "loc_FF863668: \n"
676 " ADD R12, SP, #0x14 \n"
677 " ADD LR, R12, R0,LSL#1 \n"
678 " MOV R2, #0 \n"
679 " ADD R3, SP, #0x10 \n"
680 " STRH R2, [LR] \n"
681 " ADD LR, R3, R0,LSL#1 \n"
682 " STRH R2, [LR] \n"
683 " STR R2, [R9,R0,LSL#2] \n"
684 " STR R2, [R10,R0,LSL#2] \n"
685 " ADD R0, R0, #1 \n"
686 " CMP R0, #2 \n"
687 " BLT loc_FF863668 \n"
688
689 "loc_FF863698: \n"
690 " LDR R0, =0x2560 \n"
691 " MOV R2, #0 \n"
692 " LDR R0, [R0,#0xC] \n"
693 " MOV R1, SP \n"
694 " BL sub_FF83AE20 \n"
695 " CMP R0, #0 \n"
696 " LDRNE R1, =0x262 \n"
697
698 //" ADRNE R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
699 " LDRNE R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
700
701 " BLNE sub_FF81EB78 \n" // DebugAssert
702
703 //------------------ begin added code ---------------
704 "labelA:\n"
705 "LDR R0, =jogdial_stopped\n"
706 "LDR R0, [R0]\n"
707 "CMP R0, #1\n"
708 "BNE labelB\n" // continue on if jogdial_stopped = 0
709 "MOV R0, #40\n"
710 "BL _SleepTask\n" // jogdial_stopped=1 -- give time back to OS and suspend jogdial task
711 "B labelA\n"
712 "labelB:\n"
713 //------------------ end added code -----------------
714
715 " LDR R0, [SP] \n"
716 " AND R4, R0, #0xFF \n"
717 " AND R0, R0, #0xFF00 \n"
718 " CMP R0, #0x100 \n"
719 " BEQ loc_FF863708 \n"
720 " CMP R0, #0x200 \n"
721 " BEQ loc_FF863740 \n"
722 " CMP R0, #0x300 \n"
723 " BEQ loc_FF863938 \n"
724 " CMP R0, #0x400 \n"
725 " BNE loc_FF863698 \n"
726 " CMP R4, #0 \n"
727 " LDRNE R1, =0x2ED \n"
728
729 //" ADRNE R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
730 " LDRNE R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
731
732 " BLNE sub_FF81EB78 \n" // DebugAssert
733 " RSB R0, R4, R4,LSL#3 \n"
734 " LDR R0, [R6,R0,LSL#2] \n"
735
736 "loc_FF863700: \n"
737 " BL sub_FF863A40 \n"
738 " B loc_FF863698 \n"
739
740 "loc_FF863708: \n"
741 " LDR R7, =0x2570 \n"
742 " LDR R0, [R7,R4,LSL#2] \n"
743 " BL sub_FF83BDB8 \n"
744
745 //" ADR R2, 0xFF863588 \n"
746 " LDR R2, =0xFF863588 \n"
747
748 " ADD R1, R2, #0 \n"
749 " ORR R3, R4, #0x200 \n"
750 " MOV R0, #0x28 \n"
751 " BL sub_FF83BCD4 \n"
752 " TST R0, #1 \n"
753 " CMPNE R0, #0x15 \n"
754 " STR R0, [R10,R4,LSL#2] \n"
755 " BEQ loc_FF863698 \n"
756 " MOV R1, #0x274 \n"
757 " B loc_FF8638E4 \n"
758
759 "loc_FF863740: \n"
760 " RSB R5, R4, R4,LSL#3 \n"
761 " LDR R0, [R6,R5,LSL#2] \n"
762 " LDR R1, =0xC0240104 \n"
763 " LDR R0, [R1,R0,LSL#8] \n"
764 " MOV R2, R0,ASR#16 \n"
765 " ADD R0, SP, #0x14 \n"
766 " ADD R0, R0, R4,LSL#1 \n"
767 " STR R0, [SP,#0x18] \n"
768 " STRH R2, [R0] \n"
769 " ADD R0, SP, #0x10 \n"
770 " ADD R11, R0, R4,LSL#1 \n"
771 " LDRSH R3, [R11] \n"
772 " SUB R0, R2, R3 \n"
773 " CMP R0, #0 \n"
774 " BNE loc_FF8637C0 \n"
775 " LDR R0, [R9,R4,LSL#2] \n"
776 " CMP R0, #0 \n"
777 " BEQ loc_FF8638A0 \n"
778 " LDR R7, =0x2570 \n"
779 " LDR R0, [R7,R4,LSL#2] \n"
780 " BL sub_FF83BDB8 \n"
781
782 //" ADR R2, 0xFF863594 \n"
783 " LDR R2, =0xFF863594 \n"
784
785 " ADD R1, R2, #0 \n"
786 " ORR R3, R4, #0x300 \n"
787 " MOV R0, #0x1F4 \n"
788 " BL sub_FF83BCD4 \n"
789 " TST R0, #1 \n"
790 " CMPNE R0, #0x15 \n"
791 " STR R0, [R7,R4,LSL#2] \n"
792 " BEQ loc_FF8638A0 \n"
793 " LDR R1, =0x28D \n"
794 " B loc_FF863898 \n"
795
796 "loc_FF8637C0: \n"
797 " MOV R1, R0 \n"
798 " RSBLT R0, R0, #0 \n"
799 " MOVLE R7, #0 \n"
800 " MOVGT R7, #1 \n"
801 " CMP R0, #0xFF \n"
802 " BLS loc_FF863800 \n"
803 " CMP R1, #0 \n"
804 " RSBLE R0, R3, #0xFF \n"
805 " ADDLE R0, R0, #0x7F00 \n"
806 " ADDLE R0, R0, R2 \n"
807 " RSBGT R0, R2, #0xFF \n"
808 " ADDGT R0, R0, #0x7F00 \n"
809 " ADDGT R0, R0, R3 \n"
810 " ADD R0, R0, #0x8000 \n"
811 " ADD R0, R0, #1 \n"
812 " EOR R7, R7, #1 \n"
813
814 "loc_FF863800: \n"
815 " STR R0, [SP,#0x04] \n"
816 " LDR R0, [R9,R4,LSL#2] \n"
817 " CMP R0, #0 \n"
818 " ADDEQ R0, R6, R5,LSL#2 \n"
819 " LDREQ R0, [R0,#8] \n"
820 " BEQ loc_FF863838 \n"
821 " ADD R8, R6, R5,LSL#2 \n"
822 " ADD R1, R8, R7,LSL#2 \n"
823 " LDR R1, [R1,#0x10] \n"
824 " CMP R1, R0 \n"
825 " BEQ loc_FF86383C \n"
826 " LDR R0, [R8,#0xC] \n"
827 " BL sub_FF89C2E4 \n"
828 " LDR R0, [R8,#8] \n"
829
830 "loc_FF863838: \n"
831 " BL sub_FF89C2E4 \n"
832
833 "loc_FF86383C: \n"
834 " ADD R0, R6, R5,LSL#2 \n"
835 " ADD R7, R0, R7,LSL#2 \n"
836 " LDR R0, [R7,#0x10] \n"
837 " LDR R1, [SP,#0x04] \n"
838 " BL sub_FF89C20C \n"
839 " LDR R0, [R7,#0x10] \n"
840 " LDR R7, =0x2570 \n"
841 " STR R0, [R9,R4,LSL#2] \n"
842 " LDR R0, [SP,#0x18] \n"
843 " LDRH R0, [R0] \n"
844 " STRH R0, [R11] \n"
845 " LDR R0, [R7,R4,LSL#2] \n"
846 " BL sub_FF83BDB8 \n"
847
848 //" ADR R2, 0xFF863594 \n"
849 " LDR R2, =0xFF863594 \n"
850
851 " ADD R1, R2, #0 \n"
852 " ORR R3, R4, #0x300 \n"
853 " MOV R0, #0x1F4 \n"
854 " BL sub_FF83BCD4 \n"
855 " TST R0, #1 \n"
856 " CMPNE R0, #0x15 \n"
857 " STR R0, [R7,R4,LSL#2] \n"
858 " BEQ loc_FF8638A0 \n"
859 " LDR R1, =0x2CF \n"
860
861 "loc_FF863898: \n"
862 //" ADR R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
863 " LDR R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
864
865 " BL sub_FF81EB78 \n" // DebugAssert
866
867 "loc_FF8638A0: \n"
868 " ADD R0, R6, R5,LSL#2 \n"
869 " LDR R0, [R0,#0x18] \n"
870 " CMP R0, #1 \n"
871 " BNE loc_FF863930 \n"
872 " LDR R0, =0x2560 \n"
873 " LDR R0, [R0,#0x14] \n"
874 " CMP R0, #0 \n"
875 " BEQ loc_FF863930 \n"
876
877 //" ADR R2, 0xFF863588 \n"
878 " LDR R2, =0xFF863588 \n"
879
880 " ADD R1, R2, #0 \n"
881 " ORR R3, R4, #0x400 \n"
882 " BL sub_FF83BCD4 \n"
883 " TST R0, #1 \n"
884 " CMPNE R0, #0x15 \n"
885 " STR R0, [R10,R4,LSL#2] \n"
886 " BEQ loc_FF863698 \n"
887 " LDR R1, =0x2D6 \n"
888
889 "loc_FF8638E4: \n"
890 //" ADR R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
891 " LDR R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
892
893 " BL sub_FF81EB78 \n" // DebugAssert
894 " B loc_FF863698 \n"
895
896 "NOP \n"
897
898
899 "loc_FF863930: \n"
900 " LDR R0, [R6,R5,LSL#2] \n"
901 " B loc_FF863700 \n"
902
903 "loc_FF863938: \n"
904 " LDR R0, [R9,R4,LSL#2] \n"
905 " CMP R0, #0 \n"
906 " MOVEQ R1, #0x2E0 \n"
907
908 //" ADREQ R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
909 " LDREQ R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
910
911 " BLEQ sub_FF81EB78 \n" // DebugAssert
912 " RSB R0, R4, R4,LSL#3 \n"
913 " ADD R0, R6, R0,LSL#2 \n"
914 " LDR R0, [R0,#0xC] \n"
915 " BL sub_FF89C2E4 \n"
916 " MOV R2, #0 \n"
917 " STR R2, [R9,R4,LSL#2] \n"
918 " B loc_FF863698 \n"
919 );
920 };
921
922
923 //FILE INIT STUFF
924 void __attribute__((naked,noinline)) init_file_modules_task() {
925 asm volatile(
926 "STMFD SP!, {R4-R6,LR}\n"
927 "BL sub_FF896688\n"
928 "LDR R5, =0x5006\n"
929 "MOVS R4, R0\n"
930 "MOVNE R1, #0\n"
931 "MOVNE R0, R5\n"
932 "BLNE sub_FF89A464\n" //PostLogicalEventToUI
933 // "BL sub_FF8966B4\n"
934 "BL sub_FF8966B4_my\n"
935 //----------------------->
936 "BL core_spytask_can_start\n" // + safe to start spytask S95 new stuff to speed up chdk load
937
938 "CMP R4, #0\n"
939 "MOVEQ R0, R5\n"
940 "LDMEQFD SP!, {R4-R6,LR}\n"
941 "MOVEQ R1, #0\n"
942 "BEQ sub_FF89A464\n" //PostLogicalEventToUI
943 "LDMFD SP!, {R4-R6,PC}\n"
944 );
945 };
946
947 void __attribute__((naked,noinline)) sub_FF8966B4_my() {
948 asm volatile(
949 "STMFD SP!, {R4,LR}\n"
950 "MOV R0, #3\n"
951 // "BL sub_FF87538C\n" //__Mounter.c__0
952 "BL sub_FF87538C_my\n" //__Mounter.c__0
953
954 "B sub_FF8966C0\n" // continue in firmware
955 );
956 };
957
958 void __attribute__((naked,noinline)) sub_FF87538C_my() {
959 asm volatile(
960 "STMFD SP!, {R4-R8,LR}\n"
961 "MOV R8, R0\n"
962 "BL sub_FF87530C\n" //__Mounter.c__0
963 "LDR R1, =0x3A068\n"
964 "MOV R6, R0\n"
965 "ADD R4, R1, R0,LSL#7\n"
966 "LDR R0, [R4,#0x6C]\n"
967 "CMP R0, #4\n"
968 "LDREQ R1, =0x83F\n"
969 "LDREQ R0, =0xFF874E4C\n" //aMounter_c
970 "BLEQ sub_FF81EB78\n" //DebugAssert
971 "MOV R1, R8\n"
972 "MOV R0, R6\n"
973 "BL sub_FF874BC0\n"
974 "LDR R0, [R4,#0x38]\n"
975 "BL sub_FF875A30\n"
976 "CMP R0, #0\n"
977 "STREQ R0, [R4,#0x6C]\n"
978 "MOV R0, R6\n"
979 "BL sub_FF874C50\n"
980 "MOV R0, R6\n"
981 // "BL sub_FF874FB4\n"
982 "BL sub_FF874FB4_my\n"
983 //------------------->
984 "B sub_FF8753E4 \n" //continue in firmware
985 );
986
987 };
988 void __attribute__((naked,noinline)) sub_FF874FB4_my() {
989 asm volatile(
990 "STMFD SP!, {R4-R6,LR}\n"
991 "MOV R5, R0\n"
992 "LDR R0, =0x3A068\n"
993 "ADD R4, R0, R5,LSL#7\n"
994 "LDR R0, [R4,#0x6C]\n"
995 "TST R0, #2\n"
996 "MOVNE R0, #1\n"
997 "LDMNEFD SP!, {R4-R6,PC}\n"
998 "LDR R0, [R4,#0x38]\n"
999 "MOV R1, R5\n"
1000 // "BL sub_FF874CD4\n"
1001 "BL sub_FF874CD4_my\n"
1002 //------------------->
1003
1004 "B sub_FF874FE0\n" //continue in firmware
1005
1006 );
1007
1008 };
1009
1010 void __attribute__((naked,noinline)) sub_FF874CD4_my() {
1011 asm volatile(
1012 " STMFD SP!, {R4-R10,LR}\n"
1013 " MOV R9, R0\n"
1014 " LDR R0, =0x3A068\n"
1015 " MOV R8, #0\n"
1016 " ADD R5, R0, R1,LSL#7\n"
1017 " LDR R0, [R5,#0x3C]\n"
1018 " MOV R7, #0\n"
1019 " CMP R0, #7\n"
1020 " MOV R6, #0\n"
1021 " ADDLS PC, PC, R0,LSL#2\n"
1022 " B loc_FF874E2C\n"
1023 "loc_FF874D00:\n"
1024 " B loc_FF874D38\n"
1025 "loc_FF874D04:\n"
1026 " B loc_FF874D20\n"
1027 "loc_FF874D08:\n"
1028 " B loc_FF874D20\n"
1029 "loc_FF874D0C:\n"
1030 " B loc_FF874D20\n"
1031 "loc_FF874D10:\n"
1032 " B loc_FF874D20\n"
1033 "loc_FF874D14:\n"
1034 " B loc_FF874E24\n"
1035 "loc_FF874D18:\n"
1036 " B loc_FF874D20\n"
1037 "loc_FF874D1C:\n"
1038 " B loc_FF874D20\n"
1039 "loc_FF874D20:\n"
1040 " MOV R2, #0\n"
1041 " MOV R1, #0x200\n"
1042 " MOV R0, #2\n"
1043 " BL sub_FF890738\n"
1044 " MOVS R4, R0\n"
1045 " BNE loc_FF874D40\n"
1046 "loc_FF874D38:\n"
1047 " MOV R0, #0\n"
1048 " LDMFD SP!, {R4-R10,PC}\n"
1049 "loc_FF874D40:\n"
1050 " LDR R12, [R5,#0x50]\n"
1051 " MOV R3, R4\n"
1052 " MOV R2, #1\n"
1053 " MOV R1, #0\n"
1054 " MOV R0, R9\n"
1055 " BLX R12\n"
1056 " CMP R0, #1\n"
1057 " BNE loc_FF874D6C\n"
1058 " MOV R0, #2\n"
1059 " BL sub_FF890888\n" //__ExMemMan.c__0 ; LOCATION: ExMemMan.c:0
1060 " B loc_FF874D38\n"
1061 "loc_FF874D6C:\n"
1062 " LDR R1, [R5,#0x64]\n"
1063 " MOV R0, R9\n"
1064 " BLX R1\n"
1065 //Allready inserted code
1066
1067 "MOV R1, R4\n" // pointer to MBR in R1
1068 "BL mbr_read_dryos\n" // total sectors count in R0 before and after call
1069
1070 // Start of DataGhost's FAT32 autodetection code
1071 // Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
1072 // According to the code below, we can use R1, R2, R3 and R12.
1073 // LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
1074 // that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
1075 "MOV R12, R4\n" // Copy the MBR start address so we have something to work with
1076 "MOV LR, R4\n" // Save old offset for MBR signature
1077 "MOV R1, #1\n" // Note the current partition number
1078 "B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
1079 "dg_sd_fat32:\n"
1080 "CMP R1, #4\n" // Did we already see the 4th partition?
1081 "BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
1082 "ADD R12, R12, #0x10\n" // Second partition
1083 "ADD R1, R1, #1\n" // Second partition for the loop
1084 "dg_sd_fat32_enter:\n"
1085 "LDRB R2, [R12, #0x1BE]\n" // Partition status
1086 "LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
1087 "CMP R3, #0xB\n" // Is this a FAT32 partition?
1088 "CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
1089 "BNE dg_sd_fat32\n" // No, it isn't. Loop again.
1090 "CMP R2, #0x00\n" // It is, check the validity of the partition type
1091 "CMPNE R2, #0x80\n"
1092 "BNE dg_sd_fat32\n" // Invalid, go to next partition
1093 // This partition is valid, it's the first one, bingo!
1094 "MOV R4, R12\n" // Move the new MBR offset for the partition detection.
1095
1096 "dg_sd_fat32_end:\n"
1097 // End of DataGhost's FAT32 autodetection code
1098
1099
1100
1101
1102
1103 " LDRB R1, [R4,#0x1C9]\n"
1104 " LDRB R3, [R4,#0x1C8]\n"
1105 " LDRB R12, [R4,#0x1CC]\n"
1106 " MOV R1, R1,LSL#24\n"
1107 " ORR R1, R1, R3,LSL#16\n"
1108 " LDRB R3, [R4,#0x1C7]\n"
1109 " LDRB R2, [R4,#0x1BE]\n"
1110 //" LDRB LR, [R4,#0x1FF]\n" //remains commented as in sx200
1111 " ORR R1, R1, R3,LSL#8\n"
1112 " LDRB R3, [R4,#0x1C6]\n"
1113 " CMP R2, #0\n"
1114 " CMPNE R2, #0x80\n"
1115 " ORR R1, R1, R3\n"
1116 " LDRB R3, [R4,#0x1CD]\n"
1117 " MOV R3, R3,LSL#24\n"
1118 " ORR R3, R3, R12,LSL#16\n"
1119 " LDRB R12, [R4,#0x1CB]\n"
1120 " ORR R3, R3, R12,LSL#8\n"
1121 " LDRB R12, [R4,#0x1CA]\n"
1122 " ORR R3, R3, R12\n"
1123 //" LDRB R12, [R4,#0x1FE]\n" //remains commented as in sx200
1124 // Left as in sx200
1125 "LDRB R12, [LR,#0x1FE]\n" // + First MBR signature byte (0x55), LR is original offset.
1126 "LDRB LR, [LR,#0x1FF]\n" // + Last MBR signature byte (0xAA), LR is original offset.
1127
1128
1129 " BNE loc_FF874DF8\n"
1130 " CMP R0, R1\n"
1131 " BCC loc_FF874DF8\n"
1132 " ADD R2, R1, R3\n"
1133 " CMP R2, R0\n"
1134 " CMPLS R12, #0x55\n"
1135 " CMPEQ LR, #0xAA\n"
1136 " MOVEQ R7, R1\n"
1137 " MOVEQ R6, R3\n"
1138 " MOVEQ R4, #1\n"
1139 " BEQ loc_FF874DFC\n"
1140 "loc_FF874DF8:\n"
1141 " MOV R4, R8\n"
1142 "loc_FF874DFC:\n"
1143 " MOV R0, #2\n"
1144 " BL sub_FF890888\n" //__ExMemMan.c__0 ; LOCATION: ExMemMan.c:0
1145 " CMP R4, #0\n"
1146 " BNE loc_FF874E38\n"
1147 " LDR R1, [R5,#0x64]\n"
1148 " MOV R7, #0\n"
1149 " MOV R0, R9\n"
1150 " BLX R1\n"
1151 " MOV R6, R0\n"
1152 " B loc_FF874E38\n"
1153 "loc_FF874E24:\n"
1154 " MOV R6, #0x40\n"
1155 " B loc_FF874E38\n"
1156 "loc_FF874E2C:\n"
1157 " LDR R1, =0x597\n"
1158 " LDR R0, =0xFF874E4C\n" //aMounter_c ; Mounter.c
1159 " BL sub_FF81EB78\n" //DebugAssert
1160
1161 "loc_FF874E38:\n"
1162 " STR R7, [R5,#0x44]!\n"
1163 " STMIB R5, {R6,R8}\n"
1164 " MOV R0, #1\n"
1165 " LDMFD SP!, {R4-R10,PC}\n"
1166
1167 );
1168
1169 };