This source file includes following definitions.
- taskCreateHook
- taskCreateHook2
- boot
- sub_FFC00358_my
- sub_FFC0119C_my
- sub_FFC05E5C_my
- taskcreate_Startup_my
- task_Startup_my
- spytask
- CreateTask_spytask
- CreateTask_PhySw
- init_file_modules_task
- sub_FFC6CF5C_my
- sub_FFC52014_my
- sub_FFC51C3C_my
- sub_FFC5195C_my
1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4 #include "dryos31.h"
5 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
6 const char * const new_sa = &_end;
7
8
9
10 void CreateTask_PhySw();
11 void CreateTask_spytask();
12 void task_CaptSeqTask_my();
13 void taskCreateHook(int *p) {
14 p-=17;
15 if (p[0]==(int)0xFFC736C4) p[0]=(int)init_file_modules_task;
16 if (p[0]==(int)0xFFC5C1E8) p[0]=(int)task_CaptSeqTask_my;
17 if (p[0]==(int)0xFFC95048) p[0]=(int)exp_drv_task;
18 if (p[0]==(int)0xFFD138CC) p[0]=(int)movie_record_task;
19 }
20
21 void taskCreateHook2(int *p) {
22 p-=17;
23 if (p[0]==(int)0xFFC736C4) p[0]=(int)init_file_modules_task;
24 if (p[0]==(int)0xFFC95048) p[0]=(int)exp_drv_task;
25 }
26
27
28 void __attribute__((naked,noinline)) boot() {
29
30 asm volatile (
31 "LDR R1, =0xC0410000\n"
32 "MOV R0, #0\n"
33 "STR R0, [R1]\n"
34 "MOV R1, #0x78\n"
35 "loc_FFC0001C:\n"
36 "MCR p15, 0, R1,c1,c0\n"
37 "MOV R1, #0\n"
38 "MCR p15, 0, R1,c7,c10, 4\n"
39 "loc_FFC00028:\n"
40 "MCR p15, 0, R1,c7,c5\n"
41 "MCR p15, 0, R1,c7,c6\n"
42 "MOV R0, #0x3D\n"
43 "MCR p15, 0, R0,c6,c0\n"
44 "MOV R0, #0xC000002F\n"
45 "MCR p15, 0, R0,c6,c1\n"
46 "MOV R0, #0x31\n"
47 "MCR p15, 0, R0,c6,c2\n"
48 "LDR R0, =0x10000031\n"
49 "MCR p15, 0, R0,c6,c3\n"
50 "MOV R0, #0x40000017\n"
51 "MCR p15, 0, R0,c6,c4\n"
52 "LDR R0, =0xFFC0002B\n"
53 "MCR p15, 0, R0,c6,c5\n"
54 "MOV R0, #0x34\n"
55 "MCR p15, 0, R0,c2,c0\n"
56 "MOV R0, #0x34\n"
57 "MCR p15, 0, R0,c2,c0, 1\n"
58 "MOV R0, #0x34\n"
59 "MCR p15, 0, R0,c3,c0\n"
60 "LDR R0, =0x3333330\n"
61 "MCR p15, 0, R0,c5,c0, 2\n"
62 "LDR R0, =0x3333330\n"
63 "MCR p15, 0, R0,c5,c0, 3\n"
64 "MRC p15, 0, R0,c1,c0\n"
65 "ORR R0, R0, #0x1000\n"
66 "ORR R0, R0, #4\n"
67 "ORR R0, R0, #1\n"
68 "MCR p15, 0, R0,c1,c0\n"
69 "MOV R1, #0x40000006\n"
70 "MCR p15, 0, R1,c9,c1\n"
71 "MOV R1, #6\n"
72 "MCR p15, 0, R1,c9,c1, 1\n"
73 "MRC p15, 0, R1,c1,c0\n"
74 "ORR R1, R1, #0x50000\n"
75 "MCR p15, 0, R1,c1,c0\n"
76 "LDR R2, =0xC0200000\n"
77 "MOV R1, #1\n"
78 "STR R1, [R2,#0x10C]\n"
79 "MOV R1, #0xFF\n"
80 "STR R1, [R2,#0xC]\n"
81 "STR R1, [R2,#0x1C]\n"
82 "STR R1, [R2,#0x2C]\n"
83 "STR R1, [R2,#0x3C]\n"
84 "STR R1, [R2,#0x4C]\n"
85 "STR R1, [R2,#0x5C]\n"
86 "STR R1, [R2,#0x6C]\n"
87 "STR R1, [R2,#0x7C]\n"
88 "STR R1, [R2,#0x8C]\n"
89 "STR R1, [R2,#0x9C]\n"
90 "STR R1, [R2,#0xAC]\n"
91 "STR R1, [R2,#0xBC]\n"
92 "STR R1, [R2,#0xCC]\n"
93 "STR R1, [R2,#0xDC]\n"
94 "STR R1, [R2,#0xEC]\n"
95 "STR R1, [R2,#0xFC]\n"
96 "LDR R1, =0xC0400008\n"
97 "LDR R2, =0x430005\n"
98 "STR R2, [R1]\n"
99 "MOV R1, #1\n"
100 "LDR R2, =0xC0243100\n"
101 "STR R2, [R1]\n"
102 "LDR R2, =0xC0242010\n"
103 "LDR R1, [R2]\n"
104 "ORR R1, R1, #1\n"
105 "STR R1, [R2]\n"
106 "LDR R0, =0xFFF036C8\n"
107 "LDR R1, =0x1900\n"
108 "LDR R3, =0xB294\n"
109 "loc_FFC0013C:\n"
110 "CMP R1, R3\n"
111 "LDRCC R2, [R0],#4\n"
112 "STRCC R2, [R1],#4\n"
113 "BCC loc_FFC0013C\n"
114 "LDR R1, =0x133D38\n"
115 "MOV R2, #0\n"
116 "loc_FFC00154:\n"
117 "CMP R3, R1\n"
118 "STRCC R2, [R3],#4\n"
119 "BCC loc_FFC00154\n"
120
121 "B sub_FFC00358_my\n"
122 );
123 };
124
125 void __attribute__((naked,noinline)) sub_FFC00358_my() {
126 *(int*)0x1930=(int)taskCreateHook;
127 *(int*)0x1934=(int)taskCreateHook2;
128 *(int*)0x1938=(int)taskCreateHook;
129
130
131 *(int*)(0x21B4)= (*(int*)0xC02200A8)&1 ? 0x200000 : 0x100000;
132
133 asm volatile (
134 "loc_FFC00358:\n"
135 "LDR R0, =0xFFC003D0\n"
136 "MOV R1, #0\n"
137 "LDR R3, =0xFFC00408\n"
138 "loc_FFC00364:\n"
139 "CMP R0, R3\n"
140 "LDRCC R2, [R0],#4\n"
141 "STRCC R2, [R1],#4\n"
142 "BCC loc_FFC00364\n"
143 "LDR R0, =0xFFC00408\n"
144 "MOV R1, #0x4B0\n"
145 "LDR R3, =0xFFC0061C\n"
146 "loc_FFC00380:\n"
147 "CMP R0, R3\n"
148 "LDRCC R2, [R0],#4\n"
149 "STRCC R2, [R1],#4\n"
150 "BCC loc_FFC00380\n"
151 "MOV R0, #0xD2\n"
152 "MSR CPSR_cxsf, R0\n"
153 "MOV SP, #0x1000\n"
154 "MOV R0, #0xD3\n"
155 "MSR CPSR_cxsf, R0\n"
156 "MOV SP, #0x1000\n"
157 "LDR R0, =0x6C4\n"
158 "LDR R2, =0xEEEEEEEE\n"
159 "MOV R3, #0x1000\n"
160 "loc_FFC003B4:\n"
161 "CMP R0, R3\n"
162 "STRCC R2, [R0],#4\n"
163 "BCC loc_FFC003B4\n"
164
165 "BL sub_FFC0119C_my\n"
166
167
168
169
170
171
172
173
174
175
176 );
177 };
178
179
180 void __attribute__((naked,noinline)) sub_FFC0119C_my() {
181 asm volatile (
182 "STR LR, [SP,#-4]!\n"
183 "SUB SP, SP, #0x74\n"
184 "MOV R0, SP\n"
185 "MOV R1, #0x74\n"
186 "BL sub_FFE8D838\n"
187 "MOV R0, #0x53000\n"
188 "STR R0, [SP,#4]\n"
189 #if defined(CHDK_NOT_IN_CANON_HEAP)
190 "LDR R0, =0x133D38\n"
191 #else
192 "LDR R0, =new_sa\n"
193 "LDR R0, [R0]\n"
194 #endif
195 "LDR R2, =0x279C00\n"
196 "LDR R1, =0x2724A8\n"
197 "STR R0, [SP,#8]\n"
198 "SUB R0, R1, R0\n"
199 "ADD R3, SP, #0xC\n"
200 "STR R2, [SP]\n"
201 "STMIA R3, {R0-R2}\n"
202 "MOV R0, #0x22\n"
203 "STR R0, [SP,#0x18]\n"
204 "MOV R0, #0x68\n"
205 "STR R0, [SP,#0x1C]\n"
206 "LDR R0, =0x19B\n"
207
208 "LDR R1, =sub_FFC05E5C_my\n"
209 "LDR PC, =0xffc011f0\n"
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235 );
236 };
237
238 void __attribute__((naked,noinline)) sub_FFC05E5C_my() {
239 asm volatile (
240 "STMFD SP!, {R4,LR}\n"
241 "BL sub_FFC00B24\n"
242 "BL sub_FFC0A838\n"
243 "CMP R0, #0\n"
244 "LDRLT R0, =0xFFC05F70\n"
245 "BLLT sub_FFC05F50\n"
246 "BL sub_FFC05A98\n"
247 "CMP R0, #0\n"
248 "LDRLT R0, =0xFFC05F78\n"
249 "BLLT sub_FFC05F50\n"
250 "LDR R0, =0xFFC05F88\n"
251 "BL sub_FFC05B80\n"
252 "CMP R0, #0\n"
253 "LDRLT R0, =0xFFC05F90\n"
254 "BLLT sub_FFC05F50\n"
255 "LDR R0, =0xFFC05F88\n"
256 "BL sub_FFC03BF4\n"
257 "CMP R0, #0\n"
258 "LDRLT R0, =0xFFC05FA4\n"
259 "BLLT sub_FFC05F50\n"
260 "BL sub_FFC0A230\n"
261 "CMP R0, #0\n"
262 "LDRLT R0, =0xFFC05FB0\n"
263 "BLLT sub_FFC05F50\n"
264 "BL sub_FFC01680\n"
265 "CMP R0, #0\n"
266 "LDRLT R0, =0xFFC05FBC\n"
267 "BLLT sub_FFC05F50\n"
268 "LDMFD SP!, {R4,LR}\n"
269
270 "B taskcreate_Startup_my\n"
271 );
272 };
273
274
275 void __attribute__((naked,noinline)) taskcreate_Startup_my() {
276 asm volatile (
277 "STMFD SP!, {R3,LR}\n"
278 "BL sub_FFC23A78\n"
279 "BL sub_FFC2AF84\n"
280 "CMP R0, #0\n"
281 "BNE loc_FFC105F8\n"
282 "BL sub_FFC2526C\n"
283 "CMP R0, #0\n"
284 "BEQ loc_FFC105F8\n"
285 "BL sub_FFC23A74\n"
286 "CMP R0, #0\n"
287 "BNE loc_FFC105F8\n"
288 "LDR R1, =0xC0220000\n"
289 "MOV R0, #0x44\n"
290 "STR R0, [R1,#0x48]\n"
291 "loc_FFC105F4:\n"
292 "B loc_FFC105F4\n"
293 "loc_FFC105F8:\n"
294
295 "BL sub_FFC23A7C\n"
296 "BL sub_FFC293A8\n"
297 "LDR R1, =0x2CE000\n"
298 "MOV R0, #0\n"
299 "BL sub_FFC295F0\n"
300 "BL sub_FFC2959C \n"
301 "MOV R3, #0\n"
302 "STR R3, [SP]\n"
303
304 "LDR R3, =task_Startup_my\n"
305 "MOV R2, #0\n"
306 "MOV R1, #0x19\n"
307 "LDR R0, =0xFFC10640\n"
308 "BL sub_FFC0F110 \n"
309 "MOV R0, #0\n"
310 "LDMFD SP!, {R12,PC}\n"
311 );
312 };
313
314
315 void __attribute__((naked,noinline)) task_Startup_my() {
316 asm volatile (
317 "STMFD SP!, {R4,LR}\n"
318 "BL sub_FFC06228\n"
319 "BL sub_FFC24B7C\n"
320 "BL sub_FFC23414\n"
321 "BL sub_FFC2AFC4\n"
322 "BL sub_FFC2B1B0\n"
323
324 "BL sub_FFC2B34C\n"
325 "BL sub_FFC2B1E0\n"
326 "BL sub_FFC28840\n"
327 "BL sub_FFC2B350\n"
328
329 );
330 CreateTask_PhySw();
331 CreateTask_spytask();
332 asm volatile (
333 "BL sub_FFC26EA8\n"
334 "BL sub_FFC2B368\n"
335 "BL sub_FFC222BC\n"
336 "BL sub_FFC22E6C \n"
337 "BL sub_FFC2AD5C\n"
338 "BL sub_FFC233C8\n"
339 "BL sub_FFC22E08\n"
340 "BL sub_FFC2BDCC\n"
341 "BL sub_FFC22DE0\n"
342 "LDMFD SP!, {R4,LR}\n"
343 "B sub_FFC06128 \n"
344 );
345 };
346
347 void spytask(long ua, long ub, long uc, long ud, long ue, long uf)
348 {
349 (void)ua; (void)ub; (void)uc; (void)ud; (void)ue; (void)uf;
350 core_spytask();
351 }
352 void CreateTask_spytask() {
353 _CreateTask("SpyTask", 0x19, 0x2000, spytask, 0);
354 };
355
356 void __attribute__((naked,noinline)) CreateTask_PhySw() {
357 asm volatile (
358 "STMFD SP!, {R3-R5,LR}\n"
359 "LDR R4, =0x1BE4\n"
360 "LDR R0, [R4,#0x10]\n"
361 "CMP R0, #0\n"
362 "BNE loc_FFC2399C\n"
363 "MOV R3, #0\n"
364 "STR R3, [SP]\n"
365
366
367 "LDR R3, =mykbd_task\n"
368 "MOV R2, #0x2000\n"
369 "MOV R1, #0x17\n"
370 "LDR R0, =0xFFC23B70\n"
371 "BL sub_FFC0F3E8 \n"
372 "STR R0, [R4,#0x10]\n"
373 "loc_FFC2399C:\n"
374 "BL sub_FFC6AA64\n"
375 "BL sub_FFC251E4\n"
376 "CMP R0, #0\n"
377 "LDREQ R1, =0x2EEE0\n"
378 "LDMEQFD SP!, {R3-R5,LR}\n"
379 "BEQ sub_FFC6A9EC\n"
380 "LDMFD SP!, {R3-R5,PC}\n"
381 );
382 };
383
384 void __attribute__((naked,noinline)) init_file_modules_task() {
385 asm volatile (
386 "STMFD SP!, {R4-R6,LR}\n"
387 "BL sub_FFC6CF30\n"
388 "LDR R5, =0x5006\n"
389 "MOVS R4, R0\n"
390 "MOVNE R1, #0\n"
391 "MOVNE R0, R5\n"
392 "BLNE sub_FFC6F7EC\n"
393
394 "BL sub_FFC6CF5C_my\n"
395 "BL core_spytask_can_start\n"
396 "CMP R4, #0\n"
397 "MOVEQ R0, R5\n"
398 "LDMEQFD SP!, {R4-R6,LR}\n"
399 "MOVEQ R1, #0\n"
400 "BEQ sub_FFC6F7EC\n"
401 "LDMFD SP!, {R4-R6,PC}\n"
402 );
403 };
404
405 void __attribute__((naked,noinline)) sub_FFC6CF5C_my() {
406 asm volatile (
407 "STMFD SP!, {R4,LR}\n"
408 "MOV R0, #3\n"
409
410 "BL sub_FFC52014_my\n"
411 "LDR PC,=0xffc6cf68\n"
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429 );
430 };
431
432
433 void __attribute__((naked,noinline)) sub_FFC52014_my() {
434 asm volatile (
435 "STMFD SP!, {R4-R8,LR}\n"
436 "MOV R8, R0\n"
437 "BL sub_FFC51F94 \n"
438 "LDR R1, =0x33688\n"
439 "MOV R6, R0\n"
440 "ADD R4, R1, R0,LSL#7\n"
441 "LDR R0, [R4,#0x6C]\n"
442 "CMP R0, #4\n"
443 "LDREQ R1, =0x817\n"
444 "LDREQ R0, =0xFFC51AD4\n"
445 "BLEQ sub_FFC0F5E8\n"
446 "MOV R1, R8\n"
447 "MOV R0, R6\n"
448 "BL sub_FFC5184C \n"
449 "LDR R0, [R4,#0x38]\n"
450 "BL sub_FFC526B4\n"
451 "CMP R0, #0\n"
452 "STREQ R0, [R4,#0x6C]\n"
453 "MOV R0, R6\n"
454 "BL sub_FFC518DC\n"
455 "MOV R0, R6\n"
456
457 "BL sub_FFC51C3C_my\n"
458 "LDR PC, =0xffc5206c\n"
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494 );
495 };
496
497 void __attribute__((naked,noinline)) sub_FFC51C3C_my() {
498
499 asm volatile (
500 "STMFD SP!, {R4-R6,LR}\n"
501 "MOV R5, R0\n"
502 "LDR R0, =0x33688\n"
503 "ADD R4, R0, R5,LSL#7\n"
504 "LDR R0, [R4,#0x6C]\n"
505 "TST R0, #2\n"
506 "MOVNE R0, #1\n"
507 "LDMNEFD SP!, {R4-R6,PC}\n"
508 "LDR R0, [R4,#0x38]\n"
509 "MOV R1, R5\n"
510
511 "BL sub_FFC5195C_my\n"
512 "LDR PC,=0xffc51c68\n"
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534 );
535 };
536
537
538 void __attribute__((naked,noinline)) sub_FFC5195C_my() {
539 asm volatile (
540 "STMFD SP!, {R4-R10,LR}\n"
541 "MOV R9, R0\n"
542 "LDR R0, =0x33688\n"
543 "MOV R8, #0\n"
544 "ADD R5, R0, R1,LSL#7\n"
545 "LDR R0, [R5,#0x3C]\n"
546 "MOV R7, #0\n"
547 "CMP R0, #7\n"
548 "MOV R6, #0\n"
549 "ADDLS PC, PC, R0,LSL#2\n"
550 "B loc_FFC51AB4\n"
551 "loc_FFC51988:\n"
552 "B loc_FFC519C0\n"
553 "loc_FFC5198C:\n"
554 "B loc_FFC519A8\n"
555 "loc_FFC51990:\n"
556 "B loc_FFC519A8\n"
557 "loc_FFC51994:\n"
558 "B loc_FFC519A8\n"
559 "loc_FFC51998:\n"
560 "B loc_FFC519A8\n"
561 "loc_FFC5199C:\n"
562 "B loc_FFC51AAC\n"
563 "loc_FFC519A0:\n"
564 "B loc_FFC519A8\n"
565 "loc_FFC519A4:\n"
566 "B loc_FFC519A8\n"
567 "loc_FFC519A8:\n"
568 "MOV R2, #0\n"
569 "MOV R1, #0x200\n"
570 "MOV R0, #2\n"
571 "BL sub_FFC6715C\n"
572 "MOVS R4, R0\n"
573 "BNE loc_FFC519C8\n"
574 "loc_FFC519C0:\n"
575 "MOV R0, #0\n"
576 "LDMFD SP!, {R4-R10,PC}\n"
577 "loc_FFC519C8:\n"
578 "LDR R12, [R5,#0x50]\n"
579 "MOV R3, R4\n"
580 "MOV R2, #1\n"
581 "MOV R1, #0\n"
582 "MOV R0, R9\n"
583 "BLX R12\n"
584 "CMP R0, #1\n"
585 "BNE loc_FFC519F4\n"
586 "MOV R0, #2\n"
587 "BL sub_FFC672A8 \n"
588 "B loc_FFC519C0\n"
589 "loc_FFC519F4:\n"
590 "LDR R1, [R5,#0x64]\n"
591 "MOV R0, R9\n"
592 "BLX R1\n"
593
594 "MOV R1, R4\n"
595
596
597
598
599
600
601
602 "MOV R12, R4\n"
603 "MOV LR, R4\n"
604 "MOV R1, #1\n"
605 "B dg_sd_fat32_enter\n"
606 "dg_sd_fat32:\n"
607 "CMP R1, #4\n"
608 "BEQ dg_sd_fat32_end\n"
609 "ADD R12, R12, #0x10\n"
610 "ADD R1, R1, #1\n"
611 "dg_sd_fat32_enter:\n"
612 "LDRB R2, [R12, #0x1BE]\n"
613 "LDRB R3, [R12, #0x1C2]\n"
614 "CMP R3, #0xB\n"
615 "CMPNE R3, #0xC\n"
616 "BNE dg_sd_fat32\n"
617 "CMP R2, #0x00\n"
618 "CMPNE R2, #0x80\n"
619 "BNE dg_sd_fat32\n"
620
621 "MOV R4, R12\n"
622
623 "dg_sd_fat32_end:\n"
624
625
626 "LDRB R1, [R4,#0x1C9]\n"
627 "LDRB R3, [R4,#0x1C8]\n"
628 "LDRB R12, [R4,#0x1CC]\n"
629 "MOV R1, R1,LSL#24\n"
630 "ORR R1, R1, R3,LSL#16\n"
631 "LDRB R3, [R4,#0x1C7]\n"
632 "LDRB R2, [R4,#0x1BE]\n"
633
634 "ORR R1, R1, R3,LSL#8\n"
635 "LDRB R3, [R4,#0x1C6]\n"
636 "CMP R2, #0\n"
637 "CMPNE R2, #0x80\n"
638 "ORR R1, R1, R3\n"
639 "LDRB R3, [R4,#0x1CD]\n"
640 "MOV R3, R3,LSL#24\n"
641 "ORR R3, R3, R12,LSL#16\n"
642 "LDRB R12, [R4,#0x1CB]\n"
643 "ORR R3, R3, R12,LSL#8\n"
644 "LDRB R12, [R4,#0x1CA]\n"
645 "ORR R3, R3, R12\n"
646
647 "LDRB R12, [LR,#0x1FE]\n"
648 "LDRB LR, [LR,#0x1FF]\n"
649 "BNE loc_FFC51A80\n"
650 "CMP R0, R1\n"
651 "BCC loc_FFC51A80\n"
652 "ADD R2, R1, R3\n"
653 "CMP R2, R0\n"
654 "CMPLS R12, #0x55\n"
655 "CMPEQ LR, #0xAA\n"
656 "MOVEQ R7, R1\n"
657 "MOVEQ R6, R3\n"
658 "MOVEQ R4, #1\n"
659 "BEQ loc_FFC51A84\n"
660 "loc_FFC51A80:\n"
661 "MOV R4, R8\n"
662 "loc_FFC51A84:\n"
663 "MOV R0, #2\n"
664 "BL sub_FFC672A8 \n"
665 "CMP R4, #0\n"
666 "BNE loc_FFC51AC0\n"
667 "LDR R1, [R5,#0x64]\n"
668 "MOV R7, #0\n"
669 "MOV R0, R9\n"
670 "BLX R1\n"
671 "MOV R6, R0\n"
672 "B loc_FFC51AC0\n"
673 "loc_FFC51AAC:\n"
674 "MOV R6, #0x40\n"
675 "B loc_FFC51AC0\n"
676 "loc_FFC51AB4:\n"
677 "LDR R1, =0x572\n"
678 "LDR R0, =0xFFC51AD4\n"
679 "BL sub_FFC0F5E8\n"
680 "loc_FFC51AC0:\n"
681 "STR R7, [R5,#0x44]!\n"
682 "STMIB R5, {R6,R8}\n"
683 "MOV R0, #1\n"
684 "LDMFD SP!, {R4-R10,PC}\n"
685 );
686 };
687