1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4 #include "dryos31.h"
5
6
7 extern void task_FileWrite();
8
9 //IXUS 1000 102B
10 // mwvent82: taken from reference sub 100D and adjusted what needs to be adjusted
11 // most location labels are left as 100D with the 'real' 102B locations commented in some cases
12
13 int fsionotify_compfail = 0; // count of number of times the file handle was already in the array
14 int fsionotify_success = 0; // count of number of times the code succeeded
15
16 int __attribute__((naked,noinline)) _Open(const char *name, int flags, int mode) {
17 (void)name; (void)flags, (void)mode;
18 // eventproc_export_Open ROM FF837FF4 0000006C R . . . . . .
19 asm volatile (
20 "STMFD SP!, {R4-R8,LR} \n"
21 "MOV R6, R0 \n"
22 "LDRB R0, [R0] \n"
23 "MOV R7, R2 \n"
24 "MOV R4, R1 \n"
25 "BL sub_FF874530 \n"
26 "MOV R8, R0 \n"
27 "MOV R0, #1 \n"
28 "BIC R5, R0, R4,LSR#12 \n"
29 "BIC R4, R4, #0x9000 \n"
30 "MOV R0, R8 \n"
31 "MOV R1, #1 \n"
32 "BL sub_FF8758C0 \n"
33 "MOV R2, R7 \n"
34 "MOV R1, R4 \n"
35 "MOV R0, R6 \n"
36 "BL _open \n"
37 "CMP R5, #0 \n"
38 "MOV R7, R0 \n"
39 "MOVNE R0, R7 \n"
40 "MOVNE R2, R4 \n"
41 "MOVNE R1, R6 \n"
42 "BLNE sub_FF872470_my \n"
43 "MOV R0, R8 \n"
44 "BL sub_FF875938 \n"
45 "MOV R0, R7 \n"
46 "LDMFD SP!, {R4-R8,PC} \n"
47 );
48
49 return 0; // stop compiler warning
50 }
51
52 void __attribute__((naked,noinline)) sub_FF872470_my() {
53 // in 102B the original function is at FF87249C
54 asm volatile (
55 "STMFD SP!, {R4-R8,LR} \n"
56 "MOV R5, R0 \n"
57 "LDR R0, =0x31B8 \n"
58 "MOV R7, R1 \n"
59 "LDR R0, [R0,#4] \n"
60 "MOV R6, R2 \n"
61 "CMP R0, #0 \n"
62 "LDMEQFD SP!, {R4-R8,PC} \n"
63 "CMP R5, #0 \n"
64 "LDMLTFD SP!, {R4-R8,PC} \n"
65 "MOV R4, #0 \n"
66 "LDR R2, =0x38EA8 \n"
67 "MOV R0, #0 \n"
68 "loc_FF8724D0: \n"
69 "ADD R1, R0, R0,LSL#1 \n"
70 "LDR R1, [R2,R1,LSL#5] \n"
71 "CMN R1, #1 \n"
72 "ADDEQ R0, R0, R0,LSL#1 \n"
73 "ADDEQ R4, R2, R0,LSL#5 \n"
74 "BEQ loc_FF8724F8\n"
75 "CMP R1, R5 \n"
76
77 "BEQ loc_2 \n" // + // branch if found entry matching new file handle
78
79 "ADDNE R0, R0, #1 \n"
80 "CMPNE R0, #0xA \n"
81 "BLT loc_FF8724D0 \n"
82
83 "loc_FF8724F8: \n"
84 "CMP R4, #0 \n"
85 "LDREQ R1, =0x1C9 \n"
86 "LDREQ R0, =0xFF8723E4 \n"
87 "BLEQ sub_FF81EB78 \n"
88
89 "LDR R1, =fsionotify_success \n" // + // increment counter
90 "LDR R0, [R1] \n" // + // of successful calls
91 "ADD R0, R0, #1 \n" // +
92 "STR R0, [R1] \n" // +
93
94 "MOV R0, #0 \n" // original code - save handle in array
95 "STR R0, [R4,#0x58] \n"
96 "STR R5, [R4] \n"
97 "MOV R0, R4 \n"
98 "MOV R1, R7 \n"
99 "STR R6, [R4,#0x24] \n"
100 "BL sub_FF872264 \n"
101 "ADD R1, R4, #0x28 \n"
102 "MOV R0, R7 \n"
103 "LDMFD SP!, {R4-R8,LR} \n"
104 "B sub_FF8381C4 \n"
105
106 "loc_2: \n" // + // Handle case when new file handle returned from _open is already in array
107 "LDR R1, =fsionotify_compfail \n" // + // increment counter then return rather than throw exception
108 "LDR R0, [R1] \n" // + // equivalent to calling _open rather than _Open
109 "ADD R0, R0, #1 \n" // +
110 "STR R0, [R1] \n" // +
111 "LDMFD SP!, {R4-R8,PC} \n" // +
112 );
113 }
114
115 #define LED_PR 0xC0220138 // -> ASM1989 08.24.2010 found at FF91E080 in sx200 was FF8E73D0
116 void __attribute__((naked,noinline)) blink()
117 {
118 volatile long *p=(void*)LED_PR;
119 int i;
120 int cnt =10;
121 for(;cnt>0;cnt--){
122 p[0]=0x46;
123
124 for(i=0;i<0x200000;i++){
125 asm ("nop\n");
126 asm ("nop\n");
127 }
128 p[0]=0x44;
129 for(i=0;i<0x200000;i++){
130 asm ("nop\n");
131 asm ("nop\n");
132 }
133 }
134 shutdown();
135 }
136
137
138 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
139
140 void JogDial_task_my(void);
141
142 const char * const new_sa = &_end;
143
144 void taskHook(context_t **context) {
145
146 task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
147
148 if(!_strcmp(tcb->name, "PhySw")) tcb->entry = (void*)mykbd_task; //JHARP - Verified name - Sept 5, 2010
149 if(!_strcmp(tcb->name, "CaptSeqTask")) tcb->entry = (void*)capt_seq_task; //JHARP - Verified name - Sept 5, 2010
150 if(!_strcmp(tcb->name, "InitFileModules")) tcb->entry = (void*)init_file_modules_task; //JHARP - Verified name - Sept 5, 2010
151 //if(!_strcmp(tcb->name, "MovieRecord")) tcb->entry = (void*)movie_record_task; //JHARP - Verified name - Sept 5, 2010
152 if(!_strcmp(tcb->name, "ExpDrvTask")) tcb->entry = (void*)exp_drv_task; //JHARP - Verified name - Sept 5, 2010
153 if(!_strcmp(tcb->name, "RotarySw")) tcb->entry = (void*)JogDial_task_my; //JHARP - Must verify the code in use - Sept 5, 2010
154 if(tcb->entry == (void*)task_FileWrite) tcb->entry = (void*)filewritetask;
155
156 }
157
158 void CreateTask_spytask() {
159 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
160 };
161
162
163 void __attribute__((naked,noinline)) boot() {
164
165 asm volatile (
166 // "B sub_FF81000C\n" // work
167 "LDR R1, =0xC0410000\n"
168 "MOV R0, #0\n"
169 "STR R0, [R1]\n"
170 "MOV R1, #0x78\n"
171 "MCR p15, 0, R1,c1,c0\n" // control reg
172 "MOV R1, #0\n"
173 "MCR p15, 0, R1,c7,c10, 4\n" // drain write buffer
174 "MCR p15, 0, R1,c7,c5\n" // flush instruction cache
175 "MCR p15, 0, R1,c7,c6\n" // flush data cache
176 "MOV R0, #0x3D\n" // size 2GB base 0x00000000
177 "MCR p15, 0, R0,c6,c0\n"
178 "MOV R0, #0xC000002F\n" // size 16M base 0xc0000000
179 "MCR p15, 0, R0,c6,c1\n"
180 "MOV R0, #0x35\n" // size 128M base 0x00000000 (s90 is 64M)
181 "MCR p15, 0, R0,c6,c2\n"
182 "MOV R0, #0x40000035\n" // size 128M base 0x40000000 (s90 is 64M)
183 "MCR p15, 0, R0,c6,c3\n"
184 "MOV R0, #0x80000017\n" // size 4k base 0x80000000
185 "MCR p15, 0, R0,c6,c4\n"
186 "LDR R0, =0xFF80002D\n" // size 8M base 0xff800000
187 "MCR p15, 0, R0,c6,c5\n"
188 "MOV R0, #0x34\n"
189 "MCR p15, 0, R0,c2,c0\n"
190 "MOV R0, #0x34\n"
191 "MCR p15, 0, R0,c2,c0, 1\n"
192 "MOV R0, #0x34\n"
193 "MCR p15, 0, R0,c3,c0\n"
194 "LDR R0, =0x3333330\n"
195 "MCR p15, 0, R0,c5,c0, 2\n"
196 "LDR R0, =0x3333330\n"
197 "MCR p15, 0, R0,c5,c0, 3\n"
198 "MRC p15, 0, R0,c1,c0\n"
199 "ORR R0, R0, #0x1000\n"
200 "ORR R0, R0, #4\n"
201 "ORR R0, R0, #1\n"
202 "MCR p15, 0, R0,c1,c0\n"
203 "MOV R1, #0x80000006\n"
204 "MCR p15, 0, R1,c9,c1\n"
205 "MOV R1, #6\n"
206 "MCR p15, 0, R1,c9,c1, 1\n"
207 "MRC p15, 0, R1,c1,c0\n"
208 "ORR R1, R1, #0x50000\n"
209 "MCR p15, 0, R1,c1,c0\n"
210 "LDR R2, =0xC0200000\n"
211 "MOV R1, #1\n"
212 "STR R1, [R2,#0x10C]\n"
213 "MOV R1, #0xFF\n"
214 "STR R1, [R2,#0xC]\n"
215 "STR R1, [R2,#0x1C]\n"
216 "STR R1, [R2,#0x2C]\n"
217 "STR R1, [R2,#0x3C]\n"
218 "STR R1, [R2,#0x4C]\n"
219 "STR R1, [R2,#0x5C]\n"
220 "STR R1, [R2,#0x6C]\n"
221 "STR R1, [R2,#0x7C]\n"
222 "STR R1, [R2,#0x8C]\n"
223 "STR R1, [R2,#0x9C]\n"
224 "STR R1, [R2,#0xAC]\n"
225 "STR R1, [R2,#0xBC]\n"
226 "STR R1, [R2,#0xCC]\n"
227 "STR R1, [R2,#0xDC]\n"
228 "STR R1, [R2,#0xEC]\n"
229 "STR R1, [R2,#0xFC]\n"
230 "LDR R1, =0xC0400008\n"
231 "LDR R2, =0x430005\n"
232 "STR R2, [R1]\n"
233 "MOV R1, #1\n"
234 "LDR R2, =0xC0243100\n"
235 "STR R2, [R1]\n"
236 "LDR R2, =0xC0242010\n"
237 "LDR R1, [R2]\n"
238 "ORR R1, R1, #1\n"
239 "STR R1, [R2]\n"
240 "LDR R0, =0xFFC56DE0\n"
241 "LDR R1, =0x1900\n"
242 "LDR R3, =0x10728\n"
243 "loc_FF81013C:\n"
244
245 "CMP R1, R3\n"
246 "LDRCC R2, [R0],#4\n"
247 "STRCC R2, [R1],#4\n"
248 "BCC loc_FF81013C\n"
249 "LDR R1, =0x172BF8\n"
250 "MOV R2, #0\n"
251 "loc_FF810154:\n"
252 "CMP R3, R1\n"
253 "STRCC R2, [R3],#4\n"
254 "BCC loc_FF810154\n"
255 "B sub_FF810354_my\n"
256 //---------->
257 );
258 }
259
260
261 void __attribute__((naked,noinline)) sub_FF810354_my() { // ASM1989 -> In sx200 was: sub_FF8101A0_my
262
263 *(int*)0x1938=(int)taskHook; //was 1934 in sx200 if 1938 hangs
264 *(int*)0x193C=(int)taskHook;
265
266
267 if ((*(int*) 0xC022010C) & 1) // look at play switch
268 *(int*)(0x254C) = 0x400000; // start in play mode
269 else
270 *(int*)(0x254C) = 0x200000; // start in rec mode
271
272 asm volatile (
273 "LDR R0, =0xFF8103CC\n"
274 "MOV R1, #0\n"
275 "LDR R3, =0xFF810404\n"
276 "loc_FF810360:\n"
277 "CMP R0, R3\n"
278 "LDRCC R2, [R0],#4\n"
279 "STRCC R2, [R1],#4\n"
280 "BCC loc_FF810360\n"
281 "LDR R0, =0xFF810404\n"
282 "MOV R1, #0x4B0\n"
283 "LDR R3, =0xFF810618\n"
284 "loc_FF81037C:\n"
285 "CMP R0, R3\n"
286 "LDRCC R2, [R0],#4\n"
287 "STRCC R2, [R1],#4\n"
288 "BCC loc_FF81037C\n"
289 "MOV R0, #0xD2\n"
290 "MSR CPSR_cxsf, R0\n"
291 "MOV SP, #0x1000\n"
292 "MOV R0, #0xD3\n"
293 "MSR CPSR_cxsf, R0\n"
294 "MOV SP, #0x1000\n"
295 "LDR R0, =0x6C4\n"
296 "LDR R2, =0xEEEEEEEE\n"
297 "MOV R3, #0x1000\n"
298 "loc_FF8103B0:\n"
299 "CMP R0, R3\n"
300 "STRCC R2, [R0],#4\n"
301 "BCC loc_FF8103B0\n"
302 "BL sub_FF811198_my\n"
303 //------------>
304
305
306
307 "loc_FF8103C0:\n"
308 "ANDEQ R0, R0, R4,ASR#13\n"
309 "loc_FF8103C4:\n"
310 "ANDEQ R0, R0, R0,ROR R6\n"
311 "loc_FF8103C8:\n"
312 "ANDEQ R0, R0, R4,ROR R6\n"
313 "loc_FF8103CC:\n"
314 "NOP\n"
315 "LDR PC, =0xFF810618\n"
316 );
317 }
318
319 void __attribute__((naked,noinline)) sub_FF811198_my() {
320 asm volatile (
321 "STR LR, [SP,#-4]!\n"
322 "SUB SP, SP, #0x74\n"
323 "MOV R0, SP\n"
324 "MOV R1, #0x74\n"
325 "BL sub_FFB87648\n"
326 //v4 stuff all copied from s95 its the same in principle
327 /*
328 " MOV R0, #0x53000 \n"
329 " STR R0, [SP,#4] \n"
330
331 //" LDR R0, =0x172BF8 \n" // old code
332 " LDR R0, =new_sa \n" // chdk patched
333 " LDR R0, [R0] \n" // chdk patched
334
335 " LDR R1, =0x379C00 \n"
336 " STR R0, [SP,#8] \n"
337 " RSB R0, R0, #0x1F80 \n"
338 " ADD R0, R0, #0x370000 \n"
339 " STR R0, [SP,#0x0c] \n"
340 " LDR R0, =0x371F80 \n"
341 " STR R1, [SP,#0] \n"
342 " STRD R0, [SP,#0x10] \n"
343 " MOV R0, #0x22 \n"
344 " STR R0, [SP,#0x18] \n"
345 " MOV R0, #0x68 \n"
346 " STR R0, [SP,#0x1c] \n"
347 " LDR R0, =0x19B \n"
348
349 */
350
351
352
353 //v3 stuff
354
355 "MOV R0, #0x53000\n"
356 "STR R0, [SP,#4]\n"
357 #if defined(CHDK_NOT_IN_CANON_HEAP) // use original heap offset if CHDK is loaded in high memory
358 " LDR R0, =0x172BF8 \n"
359 #else
360 " LDR R0, =new_sa\n" // otherwise use patched value
361 " LDR R0, [R0]\n" //
362 #endif
363 "LDR R1, =0x379C00\n"
364 "STR R0, [SP,#8]\n"
365 //"SUB R0, R1, R0\n"
366 "RSB R0, R0, #0x1F80\n" // new in this cam
367 "ADD R0, R0, #0x370000\n" // new in this cam
368 "STR R0, [SP,#0x0c]\n" //changed
369 "LDR R0, =0x371F80\n"// new in this cam
370 //copied from s95
371 "STR R1, [SP,#0] \n"
372 "STRD R0, [SP,#0x10] \n"
373 "MOV R0, #0x22 \n"
374 "STR R0, [SP,#0x18] \n"
375 "MOV R0, #0x68 \n"
376 "STR R0, [SP,#0x1c] \n"
377 "LDR R0, =0x19B \n"
378
379
380
381
382 "LDR R1, =sub_FF815EE0_my\n" // chdk patched
383
384 //"LDR R1, =0xFF815EE0\n" // old code
385
386
387 //------------>
388
389
390
391 "STR R0, [SP,#0x20]\n"
392 "MOV R0, #0x96\n"
393 "STR R0, [SP,#0x24]\n"
394 "MOV R0, #0x78\n"
395 "STR R0, [SP,#0x28]\n"
396 "MOV R0, #0x64\n"
397 "STR R0, [SP,#0x2C]\n"
398 "MOV R0, #0\n"
399 "STR R0, [SP,#0x30]\n"
400 "STR R0, [SP,#0x34]\n"
401 "MOV R0, #0x10\n"
402 "STR R0, [SP,#0x5C]\n"
403 "MOV R0, #0x800\n"
404 "STR R0, [SP,#0x60]\n"
405 "MOV R0, #0xA0\n"
406 "STR R0, [SP,#0x64]\n"
407 "MOV R0, #0x280\n"
408 "STR R0, [SP,#0x68]\n"
409 "MOV R0, SP\n"
410 "MOV R2, #0\n"
411 /*
412 //copied from s95 // not work
413 " MOV R0, #0x96 \n"
414 " STR R0, [SP,#0x24] \n"
415 " STR R0, [SP,#0x28] \n"
416 " MOV R0, #0x64 \n"
417 " STR R0, [SP,#0x2c] \n"
418 " MOV R0, #0 \n"
419 " STR R0, [SP,#0x30] \n"
420 " STR R0, [SP,#0x34] \n"
421 " MOV R0, #0x10 \n"
422 " STR R0, [SP,#0x5c] \n"
423 " MOV R0, #0x800 \n"
424 " STR R0, [SP,#0x60] \n"
425 " MOV R0, #0xA0 \n"
426 " STR R0, [SP,#0x64] \n"
427 " MOV R0, #0x280 \n"
428 " STR R0, [SP,#0x68] \n"
429 " MOV R0, SP \n"
430 " MOV R2, #0 \n"
431 */
432 "BL sub_FF8134B8\n"
433 "ADD SP, SP, #0x74\n"
434 "LDR PC, [SP],#4\n"
435 );
436 }
437
438 //Almost till here maybe checked
439
440 void __attribute__((naked,noinline)) sub_FF815EE0_my() {
441
442 //v4 testing full s95 code
443 /*
444 asm volatile (
445 " STMFD SP!, {R4,LR} \n"
446 " BL sub_FF810B20 \n"
447 " BL sub_FF81A33C \n" // dmSetup
448 " CMP R0, #0 \n"
449
450 //" ADRLT R0, aDmsetup \n" // "dmSetup"
451 " LDRLT r0, =0xFF815FF4 \n"
452
453 " BLLT sub_FF815FD4 \n" // err_init_task
454
455 " BL sub_FF815B1C \n"
456 " CMP R0, #0 \n"
457
458 //" ADRLT R0, aTermdriverinit \n" // "termDriverInit"
459 " LDRLT R0, =0xFF815FFC \n"
460
461 " BLLT sub_FF815FD4 \n" // err_init_task
462
463 //" ADR R0, a_term \n" // "/_term"
464 " LDR R0, =0xFF81600C \n"
465
466 " BL sub_FF815C04 \n" // termDeviceCreate
467 " CMP R0, #0 \n"
468
469 //" ADRLT R0, aTermdevicecrea \n" // "termDeviceCreate"
470 " LDRLT R0, =0xFF816014 \n"
471
472 " BLLT sub_FF815FD4 \n" // err_init_task
473
474 //" ADR R0, a_term \n" // "/_term"
475 " LDR R0, =0xFF81600C \n"
476
477 " BL sub_FF813CA4 \n"
478 " CMP R0, #0 \n"
479
480 //" ADRLT R0, aStdiosetup \n" // "stdioSetup"
481 " LDRLT R0, =0xFF816028 \n"
482
483 " BLLT sub_FF815FD4 \n" // err_init_task
484 " BL sub_FF819CC4 \n"
485 " CMP R0, #0 \n"
486
487 //" ADRLT R0, aStdlibsetup \n" // "stdlibSetup"
488 " LDRLT R0, =0xFF816034 \n"
489
490 " BLLT sub_FF815FD4 \n" // err_init_task
491 " BL sub_FF81167C \n"
492 " CMP R0, #0 \n"
493
494 //" ADRLT R0, aArmlib_setup \n" // "armlib_setup"
495 " LDRLT R0, =0xFF816040 \n"
496
497 " BLLT sub_FF815FD4 \n" // err_init_task
498
499 " LDMFD SP!, {R4,LR} \n"
500
501 //" B sub_FF81FB54 \n" // taskcreate_Startup
502 " B taskcreate_Startup_my \n" // patched
503
504 " MOV R0, #0 \n"
505 " LDMFD SP!, {R3-R5,PC} \n"
506 );
507 */
508
509 //v3
510
511 asm volatile (
512 "STMFD SP!, {R4,LR}\n"
513 "BL sub_FF810B20\n"
514 "BL sub_FF81A33C\n" // BL dmSetup
515 "CMP R0, #0\n"
516 "LDRLT R0, =0xFF815FF4\n" //Mising ; "dmSetup"
517 "BLLT sub_FF815FD4\n" //Mising err_init_task
518 "BL sub_FF815B1C\n"
519 "CMP R0, #0\n"
520 "LDRLT R0, =0xFF815FFC\n" // "termDriverInit"
521 "BLLT sub_FF815FD4\n" // err_init_task
522 "LDR R0, =0xFF81600C\n" // "/_term"
523 "BL sub_FF815C04\n" // termDeviceCreate
524 "CMP R0, #0\n"
525 "LDRLT R0, =0xFF816014\n" // "termDeviceCreate"
526 "BLLT sub_FF815FD4\n" // err_init_task
527 "LDR R0, =0xFF81600C\n" // "/_term"
528 "BL sub_FF813CA4\n"
529 "CMP R0, #0\n"
530 "LDRLT R0, =0xFF816028\n" // "stdioSetup"
531 "BLLT sub_FF815FD4\n" // err_init_task
532 "BL sub_FF819CC4\n"
533 "CMP R0, #0\n"
534 "LDRLT R0, =0xFF816034\n" //"stdlibSetup"
535 "BLLT sub_FF815FD4\n" // err_init_task
536 "BL sub_FF81167C\n"
537 "CMP R0, #0\n"
538 "LDRLT R0, =0xFF816040\n" // "armlib_setup"
539 "BLLT sub_FF815FD4\n" // err_init_task
540 "LDMFD SP!, {R4,LR}\n"
541 "B taskcreate_Startup_my\n" // ASM1989 -> at FF81FBA8
542 //---------->
543 //copied from s95
544 " MOV R0, #0 \n"
545 " LDMFD SP!, {R3-R5,PC} \n"
546
547 );
548 };
549
550
551 // ASM1989 -> Here starts the diferences with SX200
552
553 void __attribute__((naked,noinline)) taskcreate_Startup_my() {
554 asm volatile (
555
556 "STMFD SP!, {R3-R5,LR}\n"
557 "BL sub_FF8348CC\n" //j_nullsub_267
558 "BL sub_FF83D1D4\n"
559 "CMP R0, #0\n"
560
561 "BNE loc_FF81FBFC\n"
562
563
564 "BL sub_FF8370E8\n"
565 "CMP R0, #0\n"
566 "BEQ loc_FF81FBFC\n"
567
568
569 "LDR R4, =0xC0220000\n"
570
571
572
573 "LDR R0, [R4,#0x120]\n"
574 "TST R0, #1\n"
575 "MOVEQ R0, #0x12C\n"
576
577
578
579
580 "BLEQ sub_FF83B574\n" //ASM1989 -> eventproc_export_SleepTask
581
582
583
584 "BL sub_FF8348C8\n"
585 "CMP R0, #0\n"
586 "BNE loc_FF81FBFC\n"
587 "BL sub_FF833F34\n"
588 "MOV R0, #0x44\n"
589 "STR R0, [R4,#0x1C]\n"
590 "BL sub_FF834120\n"
591 "loc_FF81FBF8:\n"
592 "B loc_FF81FBF8\n"
593
594
595 "loc_FF81FBFC:\n"
596 //"BL sub_FF8348D4\n" // ASM1989 -> -- replaced for power button startup
597
598 "BL sub_FF8348D0\n"//ASM1989 -> j_nullsub_268
599 "BL sub_FF83B3EC\n"
600
601 "LDR R1, =0x3CE000\n"
602 "MOV R0, #0\n"
603
604 "BL sub_FF83B834\n"
605 "BL sub_FF83B5E0\n"
606 "MOV R3, #0\n"
607
608 "STR R3, [SP]\n"
609 "LDR R3, =task_Startup_my\n" // ASM1989 -> original is FF81FAF0 task_Startup // LDR instead of ADR
610 //---------------->
611
612 "MOV R2, #0\n"
613 "MOV R1, #0x19\n"
614 "LDR R0, =0xFF81FC60\n" //aStartup // LDR instead of ADR
615
616
617 "BL sub_FF81E8A0\n" //eventproc_export_CreateTask
618 "MOV R0, #0\n"
619 "LDMFD SP!, {R3-R5,PC}\n"
620
621
622
623
624 );
625 }
626
627 // TESTING S95 Code style
628
629
630 void __attribute__((naked,noinline)) task_Startup_my() {
631 asm volatile (
632
633 "STMFD SP!, {R4,LR}\n"
634 "BL sub_FF816594\n" // taskcreate_ClockSave
635 "BL sub_FF835A30\n"
636 "BL sub_FF833B3C\n"
637 "BL sub_FF83D218\n" //j_nullsub_271
638 "BL sub_FF83D404\n"
639 // "BL sub_FF83D2AC\n" // start diskboot.bin
640 "BL sub_FF83D5AC\n"
641 "BL sub_FF81648C\n"
642 "BL sub_FF836754\n"
643 "LDR R1, =0x7C007C00\n"
644 "LDR R0, =0xC0F1800C\n"
645 "BL sub_FF835A3C\n"
646 "LDR R0, =0xC0F18010\n"
647 "MOV R1, #0\n"
648 "BL sub_FF835A3C\n"
649 "LDR R0, =0xC0F18018\n"
650 "MOV R1, #0\n"
651 "BL sub_FF835A3C\n"
652 "LDR R0, =0xC0F1801C\n"
653 "MOV R1, #0x1000\n"
654 "BL sub_FF835A3C\n"
655 "LDR R0, =0xC0F18020\n"
656 "MOV R1, #8\n"
657 "BL sub_FF835A3C\n"
658 "LDR R0, =0xC022D06C\n"
659 "MOV R1, #0xE000000\n"
660 "BL sub_FF835A3C\n"
661 "BL sub_FF8164CC\n"
662 "BL sub_FF8324F4\n"
663 "BL sub_FF83D434\n"
664 "BL sub_FF83AB90\n"
665 "BL sub_FF83D5B0\n"
666
667 "BL CreateTask_spytask\n" // +
668 //---------------->
669 "BL sub_FF834788\n" //taskcreate_PhySw
670 );
671
672 // CreateTask_PhySw(); // our keyboard task
673
674 // CreateTask_spytask(); // chdk initialization
675
676
677 // "BL CreateTask_spytask\n" // +
678 //---------------->
679
680
681 asm volatile (
682 "BL sub_FF838CF0\n"
683 "BL sub_FF83D5C8\n"
684 "BL sub_FF8318F8\n" //nullsub_2
685 "BL sub_FF8334A0\n"
686 "BL sub_FF83CF9C\n" //taskcreate_Bye
687 "BL sub_FF833AF0\n"
688 "BL sub_FF83343C\n"
689 "BL sub_FF832528\n"
690 "BL sub_FF83E1D0\n"
691 "BL sub_FF8333F8\n"
692 "LDMFD SP!, {R4,LR}\n"
693 // "BL blink\n"
694 "B sub_FF8166B4\n"
695 );
696 }
697
698
699 /*
700 void __attribute__((naked,noinline)) CreateTask_PhySw() {
701 asm volatile (
702 " STMFD SP!, {R3-R5,LR} \n"
703 " LDR R4, =0x1C34 \n"
704 " LDR R0, [R4,#0x10] \n"
705 " CMP R0, #0 \n"
706 " BNE loc_FF8347BC \n"
707 " MOV R3, #0 \n"
708 " STR R3, [SP] \n"
709
710 //" ADR R3, task_PhySw \n"
711 //" LDR R3, =sub_FF834754 \n"
712 //" MOV R2, #0x800 \n"
713
714 " LDR R3, =mykbd_task \n" // PhySw Task patch
715 " MOV R2, #0x2000 \n" // larger stack
716
717 " MOV R1, #0x17 \n"
718
719 //" ADR R0, aPhysw \n"
720 " LDR R0, =0xFF8349DC \n" // "PhySw"
721
722 " BL sub_FF83B634 \n" // KernelCreateTask
723 " STR R0, [R4,#0x10] \n"
724 "loc_FF8347BC: \n"
725 " BL sub_FF863968 \n"
726 " BL sub_FF8941DC \n"
727 " BL sub_FF837060 \n" //IsFactoryMode
728 " CMP R0, #0 \n"
729 " LDREQ R1, =0x34414 \n"
730 " LDMEQFD SP!, {R3-R5,LR} \n"
731 " BEQ sub_FF894164 \n" // eventproc_export_OpLog.Start
732 " LDMFD SP!, {R3-R5,PC} \n"
733 );
734 }
735 */
736
737
738 /*----------------------------------------------------------------------
739 JogDial_task_my()
740
741 Patched jog dial task at 102B: FF863668 100D: FF86363C
742 -----------------------------------------------------------------------*/
743 void __attribute__((naked,noinline)) JogDial_task_my() {
744
745 asm volatile (
746 " STMFD SP!, {R4-R11,LR} \n"
747 " SUB SP, SP, #0x1C \n"
748 " BL sub_FF863A68 \n"
749 " LDR R1, =0x2560 \n"
750 " LDR R6, =0xFFB8D6EC \n"
751 " MOV R0, #0 \n"
752 " ADD R3, SP, #0x10 \n"
753 " ADD R12, SP, #0x14 \n"
754 " ADD R10, SP, #0x08 \n"
755 " MOV R2, #0 \n"
756 " ADD R9, SP, #0xC \n"
757
758 "loc_FF863668: \n" // loc_FF863694 in 102B
759 " ADD R12, SP, #0x14 \n"
760 " ADD LR, R12, R0,LSL#1 \n"
761 " MOV R2, #0 \n"
762 " ADD R3, SP, #0x10 \n"
763 " STRH R2, [LR] \n"
764 " ADD LR, R3, R0,LSL#1 \n"
765 " STRH R2, [LR] \n"
766 " STR R2, [R9,R0,LSL#2] \n"
767 " STR R2, [R10,R0,LSL#2] \n"
768 " ADD R0, R0, #1 \n"
769 " CMP R0, #2 \n"
770 " BLT loc_FF863668 \n" // loc_FF863694 in 102B
771
772 "loc_FF863698: \n" // loc_FF8636C4 in 102B
773 " LDR R0, =0x2560 \n"
774 " MOV R2, #0 \n"
775 " LDR R0, [R0,#0xC] \n"
776 " MOV R1, SP \n"
777 " BL sub_FF83AE20 \n"
778 " CMP R0, #0 \n"
779 " LDRNE R1, =0x262 \n"
780
781 //" ADRNE R0, 0xFF863924 \n" // "RotaryEncoder.c"
782 " LDRNE R0, =0xFF863924 \n" // "RotaryEncoder.c" // changed from 0xFF8638F8 in 100D
783
784 " BLNE sub_FF81EB78 \n" // DebugAssert
785
786 //------------------ begin added code ---------------
787 "labelA:\n"
788 "LDR R0, =jogdial_stopped\n"
789 "LDR R0, [R0]\n"
790 "CMP R0, #1\n"
791 "BNE labelB\n" // continue on if jogdial_stopped = 0
792 "MOV R0, #40\n"
793 "BL _SleepTask\n" // jogdial_stopped=1 -- give time back to OS and suspend jogdial task
794 "B labelA\n"
795 "labelB:\n"
796 //------------------ end added code -----------------
797
798 " LDR R0, [SP] \n"
799 " AND R4, R0, #0xFF \n"
800 " AND R0, R0, #0xFF00 \n"
801 " CMP R0, #0x100 \n"
802 " BEQ loc_FF863708 \n" // loc_FF863734 in 102B
803 " CMP R0, #0x200 \n"
804 " BEQ loc_FF863740 \n" // loc_FF86376C in 102B
805 " CMP R0, #0x300 \n"
806 " BEQ loc_FF863938 \n" // loc_FF863964 in 102B
807 " CMP R0, #0x400 \n"
808 " BNE loc_FF863698 \n" // loc_FF8636C4 in 102B
809 " CMP R4, #0 \n"
810 " LDRNE R1, =0x2ED \n"
811
812 //" ADRNE R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
813 " LDRNE R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
814
815 " BLNE sub_FF81EB78 \n" // DebugAssert
816 " RSB R0, R4, R4,LSL#3 \n"
817 " LDR R0, [R6,R0,LSL#2] \n"
818
819 "loc_FF863700: \n" // is FF86372C in 102B
820 " BL sub_FF863A6C \n"
821 " B loc_FF863698 \n" // loc_FF8636C4 in 102b
822
823 "loc_FF863708: \n" // loc_FF863734 in 102B
824 " LDR R7, =0x2570 \n"
825 " LDR R0, [R7,R4,LSL#2] \n"
826 " BL sub_FF83BDB8 \n"
827
828 //" ADR R2, 0xFF863588 \n"
829 " LDR R2, =0xFF8635B4 \n"
830
831 " ADD R1, R2, #0 \n"
832 " ORR R3, R4, #0x200 \n"
833 " MOV R0, #0x28 \n"
834 " BL sub_FF83BCD4 \n" // sub_FF83BCD4 in 102B
835 " TST R0, #1 \n"
836 " CMPNE R0, #0x15 \n"
837 " STR R0, [R10,R4,LSL#2] \n"
838 " BEQ loc_FF863698 \n" // loc_FF8636C4 in 102B
839 " MOV R1, #0x274 \n"
840 " B loc_FF8638E4 \n" // loc_FF863910 in 102B
841
842 "loc_FF863740: \n" // loc_FF86376C in 102B
843 " RSB R5, R4, R4,LSL#3 \n"
844 " LDR R0, [R6,R5,LSL#2] \n"
845 " LDR R1, =0xC0240104 \n"
846 " LDR R0, [R1,R0,LSL#8] \n"
847 " MOV R2, R0,ASR#16 \n"
848 " ADD R0, SP, #0x14 \n"
849 " ADD R0, R0, R4,LSL#1 \n"
850 " STR R0, [SP,#0x18] \n"
851 " STRH R2, [R0] \n"
852 " ADD R0, SP, #0x10 \n"
853 " ADD R11, R0, R4,LSL#1 \n"
854 " LDRSH R3, [R11] \n"
855 " SUB R0, R2, R3 \n"
856 " CMP R0, #0 \n"
857 " BNE loc_FF8637C0 \n" // loc_FF8637EC in 102B
858 " LDR R0, [R9,R4,LSL#2] \n"
859 " CMP R0, #0 \n"
860 " BEQ loc_FF8638A0 \n" // loc_FF8638CC in 102B
861 " LDR R7, =0x2570 \n"
862 " LDR R0, [R7,R4,LSL#2] \n"
863 " BL sub_FF83BDB8 \n"
864
865 //" ADR R2, 0xFF863594 \n"
866 " LDR R2, =0xFF8635C0 \n"
867
868 " ADD R1, R2, #0 \n"
869 " ORR R3, R4, #0x300 \n"
870 " MOV R0, #0x1F4 \n"
871 " BL sub_FF83BCD4 \n"
872 " TST R0, #1 \n"
873 " CMPNE R0, #0x15 \n"
874 " STR R0, [R7,R4,LSL#2] \n"
875 " BEQ loc_FF8638A0 \n" // loc_FF8638CC in 102B
876 " LDR R1, =0x28D \n"
877 " B loc_FF863898 \n" // loc_FF8638C4 in 102B
878
879 "loc_FF8637C0: \n"
880 " MOV R1, R0 \n"
881 " RSBLT R0, R0, #0 \n"
882 " MOVLE R7, #0 \n"
883 " MOVGT R7, #1 \n"
884 " CMP R0, #0xFF \n"
885 " BLS loc_FF863800 \n" // loc_FF86382C in 102B
886 " CMP R1, #0 \n"
887 " RSBLE R0, R3, #0xFF \n"
888 " ADDLE R0, R0, #0x7F00 \n"
889 " ADDLE R0, R0, R2 \n"
890 " RSBGT R0, R2, #0xFF \n"
891 " ADDGT R0, R0, #0x7F00 \n"
892 " ADDGT R0, R0, R3 \n"
893 " ADD R0, R0, #0x8000 \n"
894 " ADD R0, R0, #1 \n"
895 " EOR R7, R7, #1 \n"
896
897 "loc_FF863800: \n" // loc_FF86382C in 102B
898 " STR R0, [SP,#0x04] \n"
899 " LDR R0, [R9,R4,LSL#2] \n"
900 " CMP R0, #0 \n"
901 " ADDEQ R0, R6, R5,LSL#2 \n"
902 " LDREQ R0, [R0,#8] \n"
903 " BEQ loc_FF863838 \n" // loc_FF863864 in 102B
904 " ADD R8, R6, R5,LSL#2 \n"
905 " ADD R1, R8, R7,LSL#2 \n"
906 " LDR R1, [R1,#0x10] \n"
907 " CMP R1, R0 \n"
908 " BEQ loc_FF86383C \n" // loc_FF863868 in 102B
909 " LDR R0, [R8,#0xC] \n"
910 " BL sub_FF89C310 \n" // changed from sub_FF89C2E4 in 100D
911 " LDR R0, [R8,#8] \n"
912
913 "loc_FF863838: \n" // loc_FF863864 in 102B
914 " BL sub_FF89C310 \n" // changed from sub_FF89C2E4 in 100D
915
916 "loc_FF86383C: \n" // loc_FF863868 in 102B
917 " ADD R0, R6, R5,LSL#2 \n"
918 " ADD R7, R0, R7,LSL#2 \n"
919 " LDR R0, [R7,#0x10] \n"
920 " LDR R1, [SP,#0x04] \n"
921 " BL sub_FF89C238 \n" // changed from sub_FF89C20C in 100D
922 " LDR R0, [R7,#0x10] \n"
923 " LDR R7, =0x2570 \n"
924 " STR R0, [R9,R4,LSL#2] \n"
925 " LDR R0, [SP,#0x18] \n"
926 " LDRH R0, [R0] \n"
927 " STRH R0, [R11] \n"
928 " LDR R0, [R7,R4,LSL#2] \n"
929 " BL sub_FF83BDB8 \n"
930
931 //" ADR R2, 0xFF863594 \n"
932 " LDR R2, =0xFF8635C0 \n" // changed from 0xFF863594 in 100D
933
934 " ADD R1, R2, #0 \n"
935 " ORR R3, R4, #0x300 \n"
936 " MOV R0, #0x1F4 \n"
937 " BL sub_FF83BCD4 \n"
938 " TST R0, #1 \n"
939 " CMPNE R0, #0x15 \n"
940 " STR R0, [R7,R4,LSL#2] \n"
941 " BEQ loc_FF8638A0 \n" // loc_FF8638CC in 102B
942 " LDR R1, =0x2CF \n"
943
944 "loc_FF863898: \n" // loc_FF8638C4 in 102B
945 //" ADR R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
946 " LDR R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
947
948 " BL sub_FF81EB78 \n" // DebugAssert
949
950 "loc_FF8638A0: \n" // loc_FF8638CC in 102B
951 " ADD R0, R6, R5,LSL#2 \n"
952 " LDR R0, [R0,#0x18] \n"
953 " CMP R0, #1 \n"
954 " BNE loc_FF863930 \n" // loc_FF86395C in 102B
955 " LDR R0, =0x2560 \n"
956 " LDR R0, [R0,#0x14] \n"
957 " CMP R0, #0 \n"
958 " BEQ loc_FF863930 \n" // loc_FF86395C in 102B
959
960 //" ADR R2, 0xFF863588 \n"
961 " LDR R2, =0xFF8635B4 \n" // changed from 0xFF863588 in 100D
962
963 " ADD R1, R2, #0 \n"
964 " ORR R3, R4, #0x400 \n"
965 " BL sub_FF83BCD4 \n"
966 " TST R0, #1 \n"
967 " CMPNE R0, #0x15 \n"
968 " STR R0, [R10,R4,LSL#2] \n"
969 " BEQ loc_FF863698 \n" // loc_FF8636C4 in 102B
970 " LDR R1, =0x2D6 \n"
971
972 "loc_FF8638E4: \n" // loc_FF863910 in 102B
973 //" ADR R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
974 " LDR R0, =0xFF863924 \n" // "RotaryEncoder.c" // changed from 0xFF8638F in 100D
975
976 " BL sub_FF81EB78 \n" // DebugAssert
977 " B loc_FF863698 \n" // loc_FF8636C4 in 102B
978
979 "NOP \n"
980
981
982 "loc_FF863930: \n" // loc_FF86395C in 102B
983 " LDR R0, [R6,R5,LSL#2] \n"
984 " B loc_FF863700 \n" // loc_FF86372C in 102B
985
986 "loc_FF863938: \n" // loc_FF863964 in 102B
987 " LDR R0, [R9,R4,LSL#2] \n"
988 " CMP R0, #0 \n"
989 " MOVEQ R1, #0x2E0 \n"
990
991 //" ADREQ R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
992 " LDREQ R0, =0xFF863924 \n" // "RotaryEncoder.c" // changed from 0xFF8638F8 in 100D
993
994 " BLEQ sub_FF81EB78 \n" // DebugAssert
995 " RSB R0, R4, R4,LSL#3 \n"
996 " ADD R0, R6, R0,LSL#2 \n"
997 " LDR R0, [R0,#0xC] \n"
998 " BL sub_FF89C310 \n"
999 " MOV R2, #0 \n"
1000 " STR R2, [R9,R4,LSL#2] \n"
1001 " B loc_FF863698 \n" // loc_FF8636C4 in 102B
1002 );
1003 };
1004
1005
1006 //FILE INIT STUFF
1007 void __attribute__((naked,noinline)) init_file_modules_task() {
1008 // 102B: FF8A01E0
1009 asm volatile(
1010 "STMFD SP!, {R4-R6,LR}\n"
1011 "BL sub_FF8966B4\n"
1012 "LDR R5, =0x5006\n"
1013 "MOVS R4, R0\n"
1014 "MOVNE R1, #0\n"
1015 "MOVNE R0, R5\n"
1016 "BLNE sub_FF89A490\n" //PostLogicalEventToUI
1017 // "BL sub_FF8966B4\n"
1018 "BL sub_FF8966B4_my\n" // sub_FF8966E0 in 102B
1019 //----------------------->
1020 "BL core_spytask_can_start\n" // + safe to start spytask
1021 "CMP R4, #0\n"
1022 "MOVEQ R0, R5\n"
1023 "LDMEQFD SP!, {R4-R6,LR}\n"
1024 "MOVEQ R1, #0\n"
1025 "BEQ sub_FF89A490\n" //PostLogicalEventToUI
1026 "LDMFD SP!, {R4-R6,PC}\n"
1027 );
1028 };
1029
1030 void __attribute__((naked,noinline)) sub_FF8966B4_my() {
1031 // sub_FF8966E0 ROM FF8966E0 00000044 R . . . . . .
1032 asm volatile(
1033 "STMFD SP!, {R4,LR}\n"
1034 "MOV R0, #3\n"
1035 // "BL sub_FF87538C\n" //__Mounter.c__0
1036 "BL sub_FF87538C_my\n" //__Mounter.c__0
1037
1038 // "B sub_FF8966C0\n" // continue in firmware
1039 "B sub_FF8966EC\n" // continue in firmware 102B - changed from 100D line above
1040 );
1041 };
1042
1043 void __attribute__((naked,noinline)) sub_FF87538C_my() {
1044 // _sub_FF8753B8__Mounter.c__0 ROM FF8753B8 000000D8 R . . . . . .
1045 asm volatile(
1046 "STMFD SP!, {R4-R8,LR}\n"
1047 "MOV R8, R0\n"
1048 "BL sub_FF875338\n" //__Mounter.c__0 // Changed from sub_FF87530C in 100D
1049 "LDR R1, =0x3A068\n"
1050 "MOV R6, R0\n"
1051 "ADD R4, R1, R0,LSL#7\n"
1052 "LDR R0, [R4,#0x6C]\n"
1053 "CMP R0, #4\n"
1054 "LDREQ R1, =0x83F\n"
1055 "LDREQ R0, =0xFF874E78\n" //aMounter_c // changed from 0xFF874E4C in 100D
1056 "BLEQ sub_FF81EB78\n" //DebugAssert
1057 "MOV R1, R8\n"
1058 "MOV R0, R6\n"
1059 "BL sub_FF874BEC\n" // changed from sub_FF874BC0 in 100D
1060 "LDR R0, [R4,#0x38]\n"
1061 "BL sub_FF875A5C\n" // changed from sub_FF875A30 in 100D
1062 "CMP R0, #0\n"
1063 "STREQ R0, [R4,#0x6C]\n"
1064 "MOV R0, R6\n"
1065 "BL sub_FF874C7C\n" // changed from sub_FF874C50 in 100D
1066 "MOV R0, R6\n"
1067 // "BL sub_FF874FB4\n"
1068 "BL sub_FF874FB4_my\n" // is sub_FF874FE0 in 102B
1069 //------------------->
1070 // "B sub_FF8753E4 \n" //continue in firmware
1071 "B sub_FF875410 \n" //continue in firmware changed from 100D line above
1072 );
1073
1074 };
1075 void __attribute__((naked,noinline)) sub_FF874FB4_my() {
1076 // is sub_FF874FE0 in 102B
1077 asm volatile(
1078 "STMFD SP!, {R4-R6,LR}\n"
1079 "MOV R5, R0\n"
1080 "LDR R0, =0x3A068\n"
1081 "ADD R4, R0, R5,LSL#7\n"
1082 "LDR R0, [R4,#0x6C]\n"
1083 "TST R0, #2\n"
1084 "MOVNE R0, #1\n"
1085 "LDMNEFD SP!, {R4-R6,PC}\n"
1086 "LDR R0, [R4,#0x38]\n"
1087 "MOV R1, R5\n"
1088 // "BL sub_FF874CD4\n"
1089 "BL sub_FF874CD4_my\n" // is FF874D00 in 102B
1090 //------------------->
1091
1092 "B sub_FF87500C\n" //continue in firmware 100D: sub_FF874FE0
1093
1094 );
1095
1096 };
1097
1098 void __attribute__((naked,noinline)) sub_FF874CD4_my() {
1099 asm volatile(
1100 " STMFD SP!, {R4-R10,LR}\n"
1101 " MOV R9, R0\n"
1102 " LDR R0, =0x3A068\n"
1103 " MOV R8, #0\n"
1104 " ADD R5, R0, R1,LSL#7\n"
1105 " LDR R0, [R5,#0x3C]\n"
1106 " MOV R7, #0\n"
1107 " CMP R0, #7\n"
1108 " MOV R6, #0\n"
1109 " ADDLS PC, PC, R0,LSL#2\n"
1110 " B loc_FF874E2C\n" // loc_FF874E58 in 102B
1111 "loc_FF874D00:\n" // loc_FF874D2C in 102B
1112 " B loc_FF874D38\n" // loc_FF874D64 in 102B
1113 "loc_FF874D04:\n" // loc_FF874D30
1114 " B loc_FF874D20\n" // loc_FF874D4C in 102B
1115 "loc_FF874D08:\n" // loc_FF874D34 in 102B
1116 " B loc_FF874D20\n" // loc_FF874D4C in 102B
1117 "loc_FF874D0C:\n" // loc_FF874D38 in 102B
1118 " B loc_FF874D20\n" // loc_FF874D4C in 102B
1119 "loc_FF874D10:\n" // loc_FF874D3C in 102B
1120 " B loc_FF874D20\n" // loc_FF874D4C in 102B
1121 "loc_FF874D14:\n" // loc_FF874D40 in 102B
1122 " B loc_FF874E24\n" // loc_FF874E50 in 102B
1123 "loc_FF874D18:\n" // loc_FF874D44 in 102B
1124 " B loc_FF874D20\n" // loc_FF874D4C in 102B
1125 "loc_FF874D1C:\n" // loc_FF874D48 in 102B
1126 " B loc_FF874D20\n" // loc_FF874D4C in 102B
1127 "loc_FF874D20:\n" // loc_FF874D4C in 102B
1128 " MOV R2, #0\n"
1129 " MOV R1, #0x200\n"
1130 " MOV R0, #2\n"
1131 " BL sub_FF890764\n" // changed from sub_FF890738 in 100D
1132 " MOVS R4, R0\n"
1133 " BNE loc_FF874D40\n" // loc_FF874D6C in 102B
1134 "loc_FF874D38:\n" // loc_FF874D64 in 102B
1135 " MOV R0, #0\n"
1136 " LDMFD SP!, {R4-R10,PC}\n"
1137 "loc_FF874D40:\n" // loc_FF874D6C
1138 " LDR R12, [R5,#0x50]\n"
1139 " MOV R3, R4\n"
1140 " MOV R2, #1\n"
1141 " MOV R1, #0\n"
1142 " MOV R0, R9\n"
1143 " BLX R12\n"
1144 " CMP R0, #1\n"
1145 " BNE loc_FF874D6C\n" // loc_FF874D98 in 102B
1146 " MOV R0, #2\n"
1147 " BL sub_FF8908B4\n" //__ExMemMan.c__0 ; LOCATION: ExMemMan.c:0 // changed was sub_FF890888 in 100D
1148 " B loc_FF874D38\n" // loc_FF874D64 in 102B
1149 "loc_FF874D6C:\n" // loc_FF874D98 in 102B
1150 " LDR R1, [R5,#0x64]\n"
1151 " MOV R0, R9\n"
1152 " BLX R1\n"
1153 //Allready inserted code
1154
1155 "MOV R1, R4\n" // pointer to MBR in R1
1156 "BL mbr_read_dryos\n" // total sectors count in R0 before and after call
1157
1158 // Start of DataGhost's FAT32 autodetection code
1159 // Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
1160 // According to the code below, we can use R1, R2, R3 and R12.
1161 // LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
1162 // that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
1163 "MOV R12, R4\n" // Copy the MBR start address so we have something to work with
1164 "MOV LR, R4\n" // Save old offset for MBR signature
1165 "MOV R1, #1\n" // Note the current partition number
1166 "B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
1167 "dg_sd_fat32:\n"
1168 "CMP R1, #4\n" // Did we already see the 4th partition?
1169 "BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
1170 "ADD R12, R12, #0x10\n" // Second partition
1171 "ADD R1, R1, #1\n" // Second partition for the loop
1172 "dg_sd_fat32_enter:\n"
1173 "LDRB R2, [R12, #0x1BE]\n" // Partition status
1174 "LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
1175 "CMP R3, #0xB\n" // Is this a FAT32 partition?
1176 "CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
1177 "BNE dg_sd_fat32\n" // No, it isn't. Loop again.
1178 "CMP R2, #0x00\n" // It is, check the validity of the partition type
1179 "CMPNE R2, #0x80\n"
1180 "BNE dg_sd_fat32\n" // Invalid, go to next partition
1181 // This partition is valid, it's the first one, bingo!
1182 "MOV R4, R12\n" // Move the new MBR offset for the partition detection.
1183
1184 "dg_sd_fat32_end:\n"
1185 // End of DataGhost's FAT32 autodetection code
1186
1187
1188
1189
1190
1191 " LDRB R1, [R4,#0x1C9]\n"
1192 " LDRB R3, [R4,#0x1C8]\n"
1193 " LDRB R12, [R4,#0x1CC]\n"
1194 " MOV R1, R1,LSL#24\n"
1195 " ORR R1, R1, R3,LSL#16\n"
1196 " LDRB R3, [R4,#0x1C7]\n"
1197 " LDRB R2, [R4,#0x1BE]\n"
1198 //" LDRB LR, [R4,#0x1FF]\n" //remains commented as in sx200
1199 " ORR R1, R1, R3,LSL#8\n"
1200 " LDRB R3, [R4,#0x1C6]\n"
1201 " CMP R2, #0\n"
1202 " CMPNE R2, #0x80\n"
1203 " ORR R1, R1, R3\n"
1204 " LDRB R3, [R4,#0x1CD]\n"
1205 " MOV R3, R3,LSL#24\n"
1206 " ORR R3, R3, R12,LSL#16\n"
1207 " LDRB R12, [R4,#0x1CB]\n"
1208 " ORR R3, R3, R12,LSL#8\n"
1209 " LDRB R12, [R4,#0x1CA]\n"
1210 " ORR R3, R3, R12\n"
1211 //" LDRB R12, [R4,#0x1FE]\n" //remains commented as in sx200
1212 // Left as in sx200
1213 "LDRB R12, [LR,#0x1FE]\n" // + First MBR signature byte (0x55), LR is original offset.
1214 "LDRB LR, [LR,#0x1FF]\n" // + Last MBR signature byte (0xAA), LR is original offset.
1215
1216
1217 " BNE loc_FF874DF8\n"
1218 " CMP R0, R1\n"
1219 " BCC loc_FF874DF8\n"
1220 " ADD R2, R1, R3\n"
1221 " CMP R2, R0\n"
1222 " CMPLS R12, #0x55\n"
1223 " CMPEQ LR, #0xAA\n"
1224 " MOVEQ R7, R1\n"
1225 " MOVEQ R6, R3\n"
1226 " MOVEQ R4, #1\n"
1227 " BEQ loc_FF874DFC\n" // loc_FF874E28 in 102B
1228 "loc_FF874DF8:\n" // loc_FF874E24 in 102B
1229 " MOV R4, R8\n"
1230 "loc_FF874DFC:\n" // loc_FF874E28 in 102B
1231 " MOV R0, #2\n"
1232 " BL sub_FF8908B4\n" //__ExMemMan.c__0 ; LOCATION: ExMemMan.c:0 // changed from sub_FF890888 in 100D
1233 " CMP R4, #0\n"
1234 " BNE loc_FF874E38\n" // loc_FF874E64 in 102B
1235 " LDR R1, [R5,#0x64]\n"
1236 " MOV R7, #0\n"
1237 " MOV R0, R9\n"
1238 " BLX R1\n"
1239 " MOV R6, R0\n"
1240 " B loc_FF874E38\n" // loc_FF874E64 in 102B
1241 "loc_FF874E24:\n" // loc_FF874E50 in 102B
1242 " MOV R6, #0x40\n"
1243 " B loc_FF874E38\n" // loc_FF874E64 in 102B
1244 "loc_FF874E2C:\n"
1245 " LDR R1, =0x597\n"
1246 " LDR R0, =0xFF874E78\n" //aMounter_c ; Mounter.c
1247 " BL sub_FF81EB78\n" //DebugAssert
1248
1249 "loc_FF874E38:\n"
1250 " STR R7, [R5,#0x44]!\n"
1251 " STMIB R5, {R6,R8}\n"
1252 " MOV R0, #1\n"
1253 " LDMFD SP!, {R4-R10,PC}\n"
1254
1255 );
1256
1257 };