1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4 #include "dryos31.h"
5
6
7 extern void task_FileWrite();
8
9 //IXUS 1000 100F
10
11 #define LED_PR 0xC0220138 // -> ASM1989 08.24.2010 found at FF91E080 in sx200 was FF8E73D0
12 void __attribute__((naked,noinline)) blink()
13 {
14 volatile long *p=(void*)LED_PR;
15 int i;
16 int cnt =100;
17 for(;cnt>0;cnt--){
18 p[0]=0x46;
19
20 for(i=0;i<0x200000;i++){
21 asm ("nop\n");
22 asm ("nop\n");
23 }
24 p[0]=0x44;
25 for(i=0;i<0x200000;i++){
26 asm ("nop\n");
27 asm ("nop\n");
28 }
29 }
30 shutdown();
31 }
32
33 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
34
35 void JogDial_task_my(void);
36
37 const char * const new_sa = &_end;
38
39 void taskHook(context_t **context) {
40
41 task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
42
43 if(!_strcmp(tcb->name, "PhySw")) tcb->entry = (void*)mykbd_task; //JHARP - Verified name - Sept 5, 2010
44 if(!_strcmp(tcb->name, "CaptSeqTask")) tcb->entry = (void*)capt_seq_task; //JHARP - Verified name - Sept 5, 2010
45 if(!_strcmp(tcb->name, "InitFileModules")) tcb->entry = (void*)init_file_modules_task; //JHARP - Verified name - Sept 5, 2010
46 if(!_strcmp(tcb->name, "MovieRecord")) tcb->entry = (void*)movie_record_task; //JHARP - Verified name - Sept 5, 2010
47 if(!_strcmp(tcb->name, "ExpDrvTask")) tcb->entry = (void*)exp_drv_task; //JHARP - Verified name - Sept 5, 2010
48 if(!_strcmp(tcb->name, "RotarySw")) tcb->entry = (void*)JogDial_task_my; //JHARP - Must verify the code in use - Sept 5, 2010
49 if(tcb->entry == (void*)task_FileWrite) tcb->entry = (void*)filewritetask;
50
51 }
52
53 void CreateTask_spytask() {
54 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
55 };
56
57
58 void __attribute__((naked,noinline)) boot() {
59 asm volatile (
60 //"B sub_FF81000C\n" // work
61 "LDR R1, =0xC0410000\n"
62 "MOV R0, #0\n"
63 "STR R0, [R1]\n"
64 "MOV R1, #0x78\n"
65 "MCR p15, 0, R1,c1,c0\n" // control reg
66 "MOV R1, #0\n"
67 "MCR p15, 0, R1,c7,c10, 4\n" // drain write buffer
68 "MCR p15, 0, R1,c7,c5\n" // flush instruction cache
69 "MCR p15, 0, R1,c7,c6\n" // flush data cache
70 "MOV R0, #0x3D\n" // size 2GB base 0x00000000
71 "MCR p15, 0, R0,c6,c0\n"
72 "MOV R0, #0xC000002F\n" // size 16M base 0xc0000000
73 "MCR p15, 0, R0,c6,c1\n"
74 "MOV R0, #0x35\n" // size 128M base 0x00000000 (s90 is 64M)
75 "MCR p15, 0, R0,c6,c2\n"
76 "MOV R0, #0x40000035\n" // size 128M base 0x40000000 (s90 is 64M)
77 "MCR p15, 0, R0,c6,c3\n"
78 "MOV R0, #0x80000017\n" // size 4k base 0x80000000
79 "MCR p15, 0, R0,c6,c4\n"
80 "LDR R0, =0xFF80002D\n" // size 8M base 0xff800000
81 "MCR p15, 0, R0,c6,c5\n"
82 "MOV R0, #0x34\n"
83 "MCR p15, 0, R0,c2,c0\n"
84 "MOV R0, #0x34\n"
85 "MCR p15, 0, R0,c2,c0, 1\n"
86 "MOV R0, #0x34\n"
87 "MCR p15, 0, R0,c3,c0\n"
88 "LDR R0, =0x3333330\n"
89 "MCR p15, 0, R0,c5,c0, 2\n"
90 "LDR R0, =0x3333330\n"
91 "MCR p15, 0, R0,c5,c0, 3\n"
92 "MRC p15, 0, R0,c1,c0\n"
93 "ORR R0, R0, #0x1000\n"
94 "ORR R0, R0, #4\n"
95 "ORR R0, R0, #1\n"
96 "MCR p15, 0, R0,c1,c0\n"
97 "MOV R1, #0x80000006\n"
98 "MCR p15, 0, R1,c9,c1\n"
99 "MOV R1, #6\n"
100 "MCR p15, 0, R1,c9,c1, 1\n"
101 "MRC p15, 0, R1,c1,c0\n"
102 "ORR R1, R1, #0x50000\n"
103 "MCR p15, 0, R1,c1,c0\n"
104 "LDR R2, =0xC0200000\n"
105 "MOV R1, #1\n"
106 "STR R1, [R2,#0x10C]\n"
107 "MOV R1, #0xFF\n"
108 "STR R1, [R2,#0xC]\n"
109 "STR R1, [R2,#0x1C]\n"
110 "STR R1, [R2,#0x2C]\n"
111 "STR R1, [R2,#0x3C]\n"
112 "STR R1, [R2,#0x4C]\n"
113 "STR R1, [R2,#0x5C]\n"
114 "STR R1, [R2,#0x6C]\n"
115 "STR R1, [R2,#0x7C]\n"
116 "STR R1, [R2,#0x8C]\n"
117 "STR R1, [R2,#0x9C]\n"
118 "STR R1, [R2,#0xAC]\n"
119 "STR R1, [R2,#0xBC]\n"
120 "STR R1, [R2,#0xCC]\n"
121 "STR R1, [R2,#0xDC]\n"
122 "STR R1, [R2,#0xEC]\n"
123 "STR R1, [R2,#0xFC]\n"
124 "LDR R1, =0xC0400008\n"
125 "LDR R2, =0x430005\n"
126 "STR R2, [R1]\n"
127 "MOV R1, #1\n"
128 "LDR R2, =0xC0243100\n"
129 "STR R2, [R1]\n"
130 "LDR R2, =0xC0242010\n"
131 "LDR R1, [R2]\n"
132 "ORR R1, R1, #1\n"
133 "STR R1, [R2]\n"
134 "LDR R0, =0xFFC56CD0\n" // changed from 100 was FFC56CC8
135 "LDR R1, =0x1900\n"
136 "LDR R3, =0x10728\n" //changed from 100D
137 "loc_FF81013C:\n"
138
139 "CMP R1, R3\n"
140 "LDRCC R2, [R0],#4\n"
141 "STRCC R2, [R1],#4\n"
142 "BCC loc_FF81013C\n"
143 "LDR R1, =0x172BF8\n"
144 "MOV R2, #0\n"
145 "loc_FF810154:\n"
146 "CMP R3, R1\n"
147 "STRCC R2, [R3],#4\n"
148 "BCC loc_FF810154\n"
149 "B sub_FF810354_my\n"
150 //---------->
151 );
152 }
153
154
155 void __attribute__((naked,noinline)) sub_FF810354_my() { // ASM1989 -> In sx200 was: sub_FF8101A0_my
156
157
158
159 *(int*)0x1938=(int)taskHook; //was 1934 in sx200 if 1938 hangs
160 *(int*)0x193C=(int)taskHook;
161
162
163 if ((*(int*) 0xC022010C) & 1) // look at play switch
164 *(int*)(0x254C) = 0x400000; // start in play mode
165 else
166 *(int*)(0x254C) = 0x200000; // start in rec mode
167
168 asm volatile (
169 "LDR R0, =0xFF8103CC\n"
170 "MOV R1, #0\n"
171 "LDR R3, =0xFF810404\n"
172 "loc_FF810360:\n"
173 "CMP R0, R3\n"
174 "LDRCC R2, [R0],#4\n"
175 "STRCC R2, [R1],#4\n"
176 "BCC loc_FF810360\n"
177 "LDR R0, =0xFF810404\n"
178 "MOV R1, #0x4B0\n"
179 "LDR R3, =0xFF810618\n"
180 "loc_FF81037C:\n"
181 "CMP R0, R3\n"
182 "LDRCC R2, [R0],#4\n"
183 "STRCC R2, [R1],#4\n"
184 "BCC loc_FF81037C\n"
185 "MOV R0, #0xD2\n"
186 "MSR CPSR_cxsf, R0\n"
187 "MOV SP, #0x1000\n"
188 "MOV R0, #0xD3\n"
189 "MSR CPSR_cxsf, R0\n"
190 "MOV SP, #0x1000\n"
191 "LDR R0, =0x6C4\n"
192 "LDR R2, =0xEEEEEEEE\n"
193 "MOV R3, #0x1000\n"
194 "loc_FF8103B0:\n"
195 "CMP R0, R3\n"
196 "STRCC R2, [R0],#4\n"
197 "BCC loc_FF8103B0\n"
198 "BL sub_FF811198_my\n"
199 //------------>
200
201 //this is not disasmbled in 100F asuming is like 100D
202
203 "loc_FF8103C0:\n"
204 "ANDEQ R0, R0, R4,ASR#13\n"
205 "loc_FF8103C4:\n"
206 "ANDEQ R0, R0, R0,ROR R6\n"
207 "loc_FF8103C8:\n"
208 "ANDEQ R0, R0, R4,ROR R6\n"
209 "loc_FF8103CC:\n"
210 "NOP\n"
211 "LDR PC, =0xFF810618\n"
212 );
213 }
214
215 void __attribute__((naked,noinline)) sub_FF811198_my() {
216 asm volatile (
217 "STR LR, [SP,#-4]!\n"
218 "SUB SP, SP, #0x74\n"
219 "MOV R0, SP\n"
220 "MOV R1, #0x74\n"
221 "BL sub_FFB87550\n" // sub_FFB8754C 100D
222 //v4 stuff all copied from s95 its the same in principle
223 /*
224 " MOV R0, #0x53000 \n"
225 " STR R0, [SP,#4] \n"
226
227 //" LDR R0, =0x172BF8 \n" // old code
228 " LDR R0, =new_sa \n" // chdk patched
229 " LDR R0, [R0] \n" // chdk patched
230
231 " LDR R1, =0x379C00 \n"
232 " STR R0, [SP,#8] \n"
233 " RSB R0, R0, #0x1F80 \n"
234 " ADD R0, R0, #0x370000 \n"
235 " STR R0, [SP,#0x0c] \n"
236 " LDR R0, =0x371F80 \n"
237 " STR R1, [SP,#0] \n"
238 " STRD R0, [SP,#0x10] \n"
239 " MOV R0, #0x22 \n"
240 " STR R0, [SP,#0x18] \n"
241 " MOV R0, #0x68 \n"
242 " STR R0, [SP,#0x1c] \n"
243 " LDR R0, =0x19B \n"
244
245 */
246
247
248
249 //v3 stuff
250
251 "MOV R0, #0x53000\n"
252 "STR R0, [SP,#4]\n"
253 #if defined(CHDK_NOT_IN_CANON_HEAP) // use original heap offset if CHDK is loaded in high memory
254 " LDR R0, =0x172BF8 \n"
255 #else
256 " LDR R0, =new_sa\n" // otherwise use patched value
257 " LDR R0, [R0]\n" //
258 #endif
259 //"LDR R0, =0x172BF8\n"
260 "LDR R1, =0x379C00\n"
261 "STR R0, [SP,#8]\n"
262 //"SUB R0, R1, R0\n"
263 "RSB R0, R0, #0x1F80\n" // new in this cam
264 "ADD R0, R0, #0x370000\n" // new in this cam
265 "STR R0, [SP,#0x0c]\n" //changed
266 "LDR R0, =0x371F80\n"// new in this cam
267 //copied from s95
268 "STR R1, [SP,#0] \n"
269 "STRD R0, [SP,#0x10] \n"
270 "MOV R0, #0x22 \n"
271 "STR R0, [SP,#0x18] \n"
272 "MOV R0, #0x68 \n"
273 "STR R0, [SP,#0x1c] \n"
274 "LDR R0, =0x19B \n"
275
276
277
278
279 "LDR R1, =sub_FF815EE0_my\n" // chdk patched
280
281 //"LDR R1, =0xFF815EE0\n" // old code
282
283
284 //------------>
285
286
287
288 "STR R0, [SP,#0x20]\n"
289 "MOV R0, #0x96\n"
290 "STR R0, [SP,#0x24]\n"
291 //"MOV R0, #0x78\n" // looks like its not in 100F
292 "STR R0, [SP,#0x28]\n"
293 "MOV R0, #0x64\n"
294 "STR R0, [SP,#0x2C]\n"
295 "MOV R0, #0\n"
296 "STR R0, [SP,#0x30]\n"
297 "STR R0, [SP,#0x34]\n"
298 "MOV R0, #0x10\n"
299 "STR R0, [SP,#0x5C]\n"
300 "MOV R0, #0x800\n"
301 "STR R0, [SP,#0x60]\n"
302 "MOV R0, #0xA0\n"
303 "STR R0, [SP,#0x64]\n"
304 "MOV R0, #0x280\n"
305 "STR R0, [SP,#0x68]\n"
306 "MOV R0, SP\n"
307 "MOV R2, #0\n"
308
309
310 /*
311 //copied from s95 // not work
312 " MOV R0, #0x96 \n"
313 " STR R0, [SP,#0x24] \n"
314 " STR R0, [SP,#0x28] \n"
315 " MOV R0, #0x64 \n"
316 " STR R0, [SP,#0x2c] \n"
317 " MOV R0, #0 \n"
318 " STR R0, [SP,#0x30] \n"
319 " STR R0, [SP,#0x34] \n"
320 " MOV R0, #0x10 \n"
321 " STR R0, [SP,#0x5c] \n"
322 " MOV R0, #0x800 \n"
323 " STR R0, [SP,#0x60] \n"
324 " MOV R0, #0xA0 \n"
325 " STR R0, [SP,#0x64] \n"
326 " MOV R0, #0x280 \n"
327 " STR R0, [SP,#0x68] \n"
328 " MOV R0, SP \n"
329 " MOV R2, #0 \n"
330 */
331 "BL sub_FF8134B8\n"
332
333 "ADD SP, SP, #0x74\n"
334 "LDR PC, [SP],#4\n"
335 );
336 }
337
338 //Almost till here maybe checked
339
340 void __attribute__((naked,noinline)) sub_FF815EE0_my() {
341
342 //v4 testing full s95 code
343 /*
344 asm volatile (
345 " STMFD SP!, {R4,LR} \n"
346 " BL sub_FF810B20 \n"
347 " BL sub_FF81A33C \n" // dmSetup
348 " CMP R0, #0 \n"
349
350 //" ADRLT R0, aDmsetup \n" // "dmSetup"
351 " LDRLT r0, =0xFF815FF4 \n"
352
353 " BLLT sub_FF815FD4 \n" // err_init_task
354
355 " BL sub_FF815B1C \n"
356 " CMP R0, #0 \n"
357
358 //" ADRLT R0, aTermdriverinit \n" // "termDriverInit"
359 " LDRLT R0, =0xFF815FFC \n"
360
361 " BLLT sub_FF815FD4 \n" // err_init_task
362
363 //" ADR R0, a_term \n" // "/_term"
364 " LDR R0, =0xFF81600C \n"
365
366 " BL sub_FF815C04 \n" // termDeviceCreate
367 " CMP R0, #0 \n"
368
369 //" ADRLT R0, aTermdevicecrea \n" // "termDeviceCreate"
370 " LDRLT R0, =0xFF816014 \n"
371
372 " BLLT sub_FF815FD4 \n" // err_init_task
373
374 //" ADR R0, a_term \n" // "/_term"
375 " LDR R0, =0xFF81600C \n"
376
377 " BL sub_FF813CA4 \n"
378 " CMP R0, #0 \n"
379
380 //" ADRLT R0, aStdiosetup \n" // "stdioSetup"
381 " LDRLT R0, =0xFF816028 \n"
382
383 " BLLT sub_FF815FD4 \n" // err_init_task
384 " BL sub_FF819CC4 \n"
385 " CMP R0, #0 \n"
386
387 //" ADRLT R0, aStdlibsetup \n" // "stdlibSetup"
388 " LDRLT R0, =0xFF816034 \n"
389
390 " BLLT sub_FF815FD4 \n" // err_init_task
391 " BL sub_FF81167C \n"
392 " CMP R0, #0 \n"
393
394 //" ADRLT R0, aArmlib_setup \n" // "armlib_setup"
395 " LDRLT R0, =0xFF816040 \n"
396
397 " BLLT sub_FF815FD4 \n" // err_init_task
398
399 " LDMFD SP!, {R4,LR} \n"
400
401 //" B sub_FF81FB54 \n" // taskcreate_Startup
402 " B taskcreate_Startup_my \n" // patched
403
404 " MOV R0, #0 \n"
405 " LDMFD SP!, {R3-R5,PC} \n"
406 );
407 */
408
409 //v3
410
411 asm volatile (
412 "STMFD SP!, {R4,LR}\n"
413 "BL sub_FF810B20\n"
414 "BL sub_FF81A33C\n" // BL dmSetup
415 "CMP R0, #0\n"
416 "LDRLT R0, =0xFF815FF4\n" //Mising ; "dmSetup"
417 "BLLT sub_FF815FD4\n" //Mising err_init_task
418 "BL sub_FF815B1C\n"
419 "CMP R0, #0\n"
420 "LDRLT R0, =0xFF815FFC\n" // "termDriverInit"
421 "BLLT sub_FF815FD4\n" // err_init_task
422 "LDR R0, =0xFF81600C\n" // "/_term"
423 "BL sub_FF815C04\n" // termDeviceCreate
424 "CMP R0, #0\n"
425 "LDRLT R0, =0xFF816014\n" // "termDeviceCreate"
426 "BLLT sub_FF815FD4\n" // err_init_task
427 "LDR R0, =0xFF81600C\n" // "/_term"
428 "BL sub_FF813CA4\n"
429 "CMP R0, #0\n"
430 "LDRLT R0, =0xFF816028\n" // "stdioSetup"
431 "BLLT sub_FF815FD4\n" // err_init_task
432 "BL sub_FF819CC4\n"
433 "CMP R0, #0\n"
434 "LDRLT R0, =0xFF816034\n" //"stdlibSetup"
435 "BLLT sub_FF815FD4\n" // err_init_task
436 "BL sub_FF81167C\n"
437 "CMP R0, #0\n"
438 "LDRLT R0, =0xFF816040\n" // "armlib_setup"
439 "BLLT sub_FF815FD4\n" // err_init_task
440 "LDMFD SP!, {R4,LR}\n"
441 "B taskcreate_Startup_my\n" // ASM1989 -> at FF81FBA8
442 //---------->
443 //copied from s95
444 " MOV R0, #0 \n"
445 " LDMFD SP!, {R3-R5,PC} \n"
446
447 );
448 };
449
450
451 // ASM1989 -> Here starts the diferences with SX200
452
453 void __attribute__((naked,noinline)) taskcreate_Startup_my() {
454 asm volatile (
455
456 "STMFD SP!, {R3-R5,LR}\n"
457 "BL sub_FF8348CC\n" //j_nullsub_267
458 "BL sub_FF83D1D4\n"
459 "CMP R0, #0\n"
460
461 "BNE loc_FF81FBFC\n"
462
463
464 "BL sub_FF8370E8\n"
465 "CMP R0, #0\n"
466 "BEQ loc_FF81FBFC\n"
467
468
469 "LDR R4, =0xC0220000\n"
470
471
472
473 "LDR R0, [R4,#0x120]\n"
474 "TST R0, #1\n"
475 "MOVEQ R0, #0x12C\n"
476
477
478
479
480 "BLEQ sub_FF83B574\n" //ASM1989 -> eventproc_export_SleepTask
481
482
483
484 "BL sub_FF8348C8\n"
485 "CMP R0, #0\n"
486 "BNE loc_FF81FBFC\n"
487 "BL sub_FF833F34\n"
488 "MOV R0, #0x44\n"
489 "STR R0, [R4,#0x1C]\n"
490 "BL sub_FF834120\n"
491 "loc_FF81FBF8:\n"
492 "B loc_FF81FBF8\n"
493
494
495 "loc_FF81FBFC:\n"
496 //"BL sub_FF8348D4\n" // ASM1989 -> -- replaced for power button startup
497
498 "BL sub_FF8348D0\n"//ASM1989 -> j_nullsub_268
499 "BL sub_FF83B3EC\n"
500
501 "LDR R1, =0x3CE000\n"
502 "MOV R0, #0\n"
503
504 "BL sub_FF83B834\n"
505 "BL sub_FF83B5E0\n"
506 "MOV R3, #0\n"
507
508 "STR R3, [SP]\n"
509
510 "LDR R3, =task_Startup_my\n" // ASM1989 -> original is FF81FAF0 task_Startup // LDR instead of ADR
511 //---------------->
512 //ASM_SAFE("BL blink\n")
513 "MOV R2, #0\n"
514 "MOV R1, #0x19\n"
515 "LDR R0, =0xFF81FC60\n" //aStartup // LDR instead of ADR
516
517
518 "BL sub_FF81E8A0\n" //eventproc_export_CreateTask
519 "MOV R0, #0\n"
520 "LDMFD SP!, {R3-R5,PC}\n"
521
522
523
524
525 );
526 }
527
528 // TESTING S95 Code style
529
530
531 void __attribute__((naked,noinline)) task_Startup_my() {
532 asm volatile (
533
534 "STMFD SP!, {R4,LR}\n"
535
536 "BL sub_FF816594\n" // taskcreate_ClockSave
537 "BL sub_FF835A30\n"
538 "BL sub_FF833B3C\n"
539 "BL sub_FF83D218\n" //j_nullsub_271
540 "BL sub_FF83D404\n"
541 // "BL sub_FF83D2AC\n" // start diskboot.bin
542 "BL sub_FF83D5AC\n"
543 "BL sub_FF81648C\n"
544 "BL sub_FF836754\n"
545 "LDR R1, =0x7C007C00\n"
546 "LDR R0, =0xC0F1800C\n"
547 "BL sub_FF835A3C\n"
548 "LDR R0, =0xC0F18010\n"
549 "MOV R1, #0\n"
550 //OK
551 "BL sub_FF835A3C\n"
552 "LDR R0, =0xC0F18018\n"
553 "MOV R1, #0\n"
554 "BL sub_FF835A3C\n"
555 "LDR R0, =0xC0F1801C\n"
556 "MOV R1, #0x1000\n"
557 "BL sub_FF835A3C\n"
558 "LDR R0, =0xC0F18020\n"
559 "MOV R1, #8\n"
560 "BL sub_FF835A3C\n"
561 //OK
562
563
564 "LDR R0, =0xC022D06C\n"
565 "MOV R1, #0xE000000\n"
566 "BL sub_FF835A3C\n"
567 "BL sub_FF8164CC\n"
568 //OK
569
570 "BL sub_FF8324F4\n"
571
572
573 //FAILS
574 //ASM_SAFE("BL blink\n")
575 "BL sub_FF83D434\n"
576
577
578
579
580
581 "BL sub_FF83AB90\n"
582 "BL sub_FF83D5B0\n"
583
584 "BL CreateTask_spytask\n" // +
585 //---------------->
586 "BL sub_FF834788\n" //taskcreate_PhySw
587 );
588
589 // CreateTask_PhySw(); // our keyboard task
590
591 // CreateTask_spytask(); // chdk initialization
592
593
594 // "BL CreateTask_spytask\n" // +
595 //---------------->
596
597
598 asm volatile (
599
600
601 "BL sub_FF838CF0\n"
602 "BL sub_FF83D5C8\n"
603 "BL sub_FF8318F8\n" //nullsub_2
604 "BL sub_FF8334A0\n"
605 "BL sub_FF83CF9C\n" //taskcreate_Bye
606 "BL sub_FF833AF0\n"
607 "BL sub_FF83343C\n" //taskcreate_BatteryTask
608 "BL sub_FF832528\n"
609 "BL sub_FF83E1D0\n"
610 "BL sub_FF8333F8\n"
611 "LDMFD SP!, {R4,LR}\n"
612 "B sub_FF8166B4\n"
613 );
614 }
615
616
617 /*void __attribute__((naked,noinline)) CreateTask_PhySw() {
618 asm volatile (
619 " STMFD SP!, {R3-R5,LR} \n"
620 " LDR R4, =0x1C34 \n"
621 " LDR R0, [R4,#0x10] \n"
622 " CMP R0, #0 \n"
623 " BNE loc_FF8347BC \n"
624 " MOV R3, #0 \n"
625 " STR R3, [SP] \n"
626
627 //" ADR R3, task_PhySw \n"
628 //" LDR R3, =sub_FF834754 \n"
629 //" MOV R2, #0x800 \n"
630
631 " LDR R3, =mykbd_task \n" // PhySw Task patch
632 " MOV R2, #0x2000 \n" // larger stack
633
634 " MOV R1, #0x17 \n"
635
636 //" ADR R0, aPhysw \n"
637 " LDR R0, =0xFF8349DC \n" // "PhySw"
638
639 " BL sub_FF83B634 \n" // KernelCreateTask
640 " STR R0, [R4,#0x10] \n"
641 "loc_FF8347BC: \n"
642 " BL sub_FF863968 \n" //taskcreate_RotaryEncoder
643 " BL sub_FF8941DC \n"
644 " BL sub_FF837060 \n" //IsFactoryMode
645 " CMP R0, #0 \n"
646 " LDREQ R1, =0x34414 \n"
647 " LDMEQFD SP!, {R3-R5,LR} \n"
648 " BEQ sub_FF894164 \n" // eventproc_export_OpLog.Start
649 " LDMFD SP!, {R3-R5,PC} \n"
650 );
651 }
652
653 */
654
655 /*----------------------------------------------------------------------
656 JogDial_task_my()
657
658 Patched jog dial task at FF86363C
659 -----------------------------------------------------------------------*/
660 void __attribute__((naked,noinline)) JogDial_task_my() {
661 asm volatile (
662 " STMFD SP!, {R4-R11,LR} \n"
663 " SUB SP, SP, #0x1C \n"
664 " BL sub_FF863A68 \n"
665 " LDR R1, =0x2560 \n"
666 " LDR R6, =0xFFB8D5F4 \n" //100D --- FFB8D5F0
667 " MOV R0, #0 \n"
668 " ADD R3, SP, #0x10 \n"
669 " ADD R12, SP, #0x14 \n"
670 " ADD R10, SP, #0x08 \n"
671 " MOV R2, #0 \n"
672 " ADD R9, SP, #0xC \n"
673
674 "loc_FF863668: \n"
675 " ADD R12, SP, #0x14 \n"
676 " ADD LR, R12, R0,LSL#1 \n"
677 " MOV R2, #0 \n"
678 " ADD R3, SP, #0x10 \n"
679 " STRH R2, [LR] \n"
680 " ADD LR, R3, R0,LSL#1 \n"
681 " STRH R2, [LR] \n"
682 " STR R2, [R9,R0,LSL#2] \n"
683 " STR R2, [R10,R0,LSL#2] \n"
684 " ADD R0, R0, #1 \n"
685 " CMP R0, #2 \n"
686 " BLT loc_FF863668 \n"
687
688 "loc_FF863698: \n"
689 " LDR R0, =0x2560 \n"
690 " MOV R2, #0 \n"
691 " LDR R0, [R0,#0xC] \n"
692 " MOV R1, SP \n"
693 " BL sub_FF83AE20 \n"
694 " CMP R0, #0 \n"
695 " LDRNE R1, =0x262 \n"
696
697 //" ADRNE R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
698 " LDRNE R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
699
700 " BLNE sub_FF81EB78 \n" // DebugAssert
701
702 //------------------ begin added code ---------------
703 "labelA:\n"
704 "LDR R0, =jogdial_stopped\n"
705 "LDR R0, [R0]\n"
706 "CMP R0, #1\n"
707 "BNE labelB\n" // continue on if jogdial_stopped = 0
708 "MOV R0, #40\n"
709 "BL _SleepTask\n" // jogdial_stopped=1 -- give time back to OS and suspend jogdial task
710 "B labelA\n"
711 "labelB:\n"
712 //------------------ end added code -----------------
713
714 " LDR R0, [SP] \n"
715 " AND R4, R0, #0xFF \n"
716 " AND R0, R0, #0xFF00 \n"
717 " CMP R0, #0x100 \n"
718 " BEQ loc_FF863708 \n"
719 " CMP R0, #0x200 \n"
720 " BEQ loc_FF863740 \n"
721 " CMP R0, #0x300 \n"
722 " BEQ loc_FF863938 \n"
723 " CMP R0, #0x400 \n"
724 " BNE loc_FF863698 \n"
725 " CMP R4, #0 \n"
726 " LDRNE R1, =0x2ED \n"
727
728 //" ADRNE R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
729 " LDRNE R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
730
731 " BLNE sub_FF81EB78 \n" // DebugAssert
732 " RSB R0, R4, R4,LSL#3 \n"
733 " LDR R0, [R6,R0,LSL#2] \n"
734
735 "loc_FF863700: \n"
736 " BL sub_FF863A40 \n"
737 " B loc_FF863698 \n"
738
739 "loc_FF863708: \n"
740 " LDR R7, =0x2570 \n"
741 " LDR R0, [R7,R4,LSL#2] \n"
742 " BL sub_FF83BDB8 \n"
743
744 //" ADR R2, 0xFF863588 \n"
745 " LDR R2, =0xFF863588 \n"
746
747 " ADD R1, R2, #0 \n"
748 " ORR R3, R4, #0x200 \n"
749 " MOV R0, #0x28 \n"
750 " BL sub_FF83BCD4 \n"
751 " TST R0, #1 \n"
752 " CMPNE R0, #0x15 \n"
753 " STR R0, [R10,R4,LSL#2] \n"
754 " BEQ loc_FF863698 \n"
755 " MOV R1, #0x274 \n"
756 " B loc_FF8638E4 \n"
757
758 "loc_FF863740: \n"
759 " RSB R5, R4, R4,LSL#3 \n"
760 " LDR R0, [R6,R5,LSL#2] \n"
761 " LDR R1, =0xC0240104 \n"
762 " LDR R0, [R1,R0,LSL#8] \n"
763 " MOV R2, R0,ASR#16 \n"
764 " ADD R0, SP, #0x14 \n"
765 " ADD R0, R0, R4,LSL#1 \n"
766 " STR R0, [SP,#0x18] \n"
767 " STRH R2, [R0] \n"
768 " ADD R0, SP, #0x10 \n"
769 " ADD R11, R0, R4,LSL#1 \n"
770 " LDRSH R3, [R11] \n"
771 " SUB R0, R2, R3 \n"
772 " CMP R0, #0 \n"
773 " BNE loc_FF8637C0 \n"
774 " LDR R0, [R9,R4,LSL#2] \n"
775 " CMP R0, #0 \n"
776 " BEQ loc_FF8638A0 \n"
777 " LDR R7, =0x2570 \n"
778 " LDR R0, [R7,R4,LSL#2] \n"
779 " BL sub_FF83BDB8 \n"
780
781 //" ADR R2, 0xFF863594 \n"
782 " LDR R2, =0xFF863594 \n"
783
784 " ADD R1, R2, #0 \n"
785 " ORR R3, R4, #0x300 \n"
786 " MOV R0, #0x1F4 \n"
787 " BL sub_FF83BCD4 \n"
788 " TST R0, #1 \n"
789 " CMPNE R0, #0x15 \n"
790 " STR R0, [R7,R4,LSL#2] \n"
791 " BEQ loc_FF8638A0 \n"
792 " LDR R1, =0x28D \n"
793 " B loc_FF863898 \n"
794
795 "loc_FF8637C0: \n"
796 " MOV R1, R0 \n"
797 " RSBLT R0, R0, #0 \n"
798 " MOVLE R7, #0 \n"
799 " MOVGT R7, #1 \n"
800 " CMP R0, #0xFF \n"
801 " BLS loc_FF863800 \n"
802 " CMP R1, #0 \n"
803 " RSBLE R0, R3, #0xFF \n"
804 " ADDLE R0, R0, #0x7F00 \n"
805 " ADDLE R0, R0, R2 \n"
806 " RSBGT R0, R2, #0xFF \n"
807 " ADDGT R0, R0, #0x7F00 \n"
808 " ADDGT R0, R0, R3 \n"
809 " ADD R0, R0, #0x8000 \n"
810 " ADD R0, R0, #1 \n"
811 " EOR R7, R7, #1 \n"
812
813 "loc_FF863800: \n"
814 " STR R0, [SP,#0x04] \n"
815 " LDR R0, [R9,R4,LSL#2] \n"
816 " CMP R0, #0 \n"
817 " ADDEQ R0, R6, R5,LSL#2 \n"
818 " LDREQ R0, [R0,#8] \n"
819 " BEQ loc_FF863838 \n"
820 " ADD R8, R6, R5,LSL#2 \n"
821 " ADD R1, R8, R7,LSL#2 \n"
822 " LDR R1, [R1,#0x10] \n"
823 " CMP R1, R0 \n"
824 " BEQ loc_FF86383C \n"
825 " LDR R0, [R8,#0xC] \n"
826 " BL sub_FF89C2E4 \n"
827 " LDR R0, [R8,#8] \n"
828
829 "loc_FF863838: \n"
830 " BL sub_FF89C2E4 \n"
831
832 "loc_FF86383C: \n"
833 " ADD R0, R6, R5,LSL#2 \n"
834 " ADD R7, R0, R7,LSL#2 \n"
835 " LDR R0, [R7,#0x10] \n"
836 " LDR R1, [SP,#0x04] \n"
837 " BL sub_FF89C20C \n"
838 " LDR R0, [R7,#0x10] \n"
839 " LDR R7, =0x2570 \n"
840 " STR R0, [R9,R4,LSL#2] \n"
841 " LDR R0, [SP,#0x18] \n"
842 " LDRH R0, [R0] \n"
843 " STRH R0, [R11] \n"
844 " LDR R0, [R7,R4,LSL#2] \n"
845 " BL sub_FF83BDB8 \n"
846
847 //" ADR R2, 0xFF863594 \n"
848 " LDR R2, =0xFF863594 \n"
849
850 " ADD R1, R2, #0 \n"
851 " ORR R3, R4, #0x300 \n"
852 " MOV R0, #0x1F4 \n"
853 " BL sub_FF83BCD4 \n"
854 " TST R0, #1 \n"
855 " CMPNE R0, #0x15 \n"
856 " STR R0, [R7,R4,LSL#2] \n"
857 " BEQ loc_FF8638A0 \n"
858 " LDR R1, =0x2CF \n"
859
860 "loc_FF863898: \n"
861 //" ADR R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
862 " LDR R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
863
864 " BL sub_FF81EB78 \n" // DebugAssert
865
866 "loc_FF8638A0: \n"
867 " ADD R0, R6, R5,LSL#2 \n"
868 " LDR R0, [R0,#0x18] \n"
869 " CMP R0, #1 \n"
870 " BNE loc_FF863930 \n"
871 " LDR R0, =0x2560 \n"
872 " LDR R0, [R0,#0x14] \n"
873 " CMP R0, #0 \n"
874 " BEQ loc_FF863930 \n"
875
876 //" ADR R2, 0xFF863588 \n"
877 " LDR R2, =0xFF863588 \n"
878
879 " ADD R1, R2, #0 \n"
880 " ORR R3, R4, #0x400 \n"
881 " BL sub_FF83BCD4 \n"
882 " TST R0, #1 \n"
883 " CMPNE R0, #0x15 \n"
884 " STR R0, [R10,R4,LSL#2] \n"
885 " BEQ loc_FF863698 \n"
886 " LDR R1, =0x2D6 \n"
887
888 "loc_FF8638E4: \n"
889 //" ADR R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
890 " LDR R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
891
892 " BL sub_FF81EB78 \n" // DebugAssert
893 " B loc_FF863698 \n"
894
895 "NOP \n"
896
897
898 "loc_FF863930: \n"
899 " LDR R0, [R6,R5,LSL#2] \n"
900 " B loc_FF863700 \n"
901
902 "loc_FF863938: \n"
903 " LDR R0, [R9,R4,LSL#2] \n"
904 " CMP R0, #0 \n"
905 " MOVEQ R1, #0x2E0 \n"
906
907 //" ADREQ R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
908 " LDREQ R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
909
910 " BLEQ sub_FF81EB78 \n" // DebugAssert
911 " RSB R0, R4, R4,LSL#3 \n"
912 " ADD R0, R6, R0,LSL#2 \n"
913 " LDR R0, [R0,#0xC] \n"
914 " BL sub_FF89C2E4 \n"
915 " MOV R2, #0 \n"
916 " STR R2, [R9,R4,LSL#2] \n"
917 " B loc_FF863698 \n"
918 );
919 };
920
921
922 //FILE INIT STUFF
923 void __attribute__((naked,noinline)) init_file_modules_task() {
924 asm volatile(
925 "STMFD SP!, {R4-R6,LR}\n"
926 "BL sub_FF896688\n"
927 "LDR R5, =0x5006\n"
928 "MOVS R4, R0\n"
929 "MOVNE R1, #0\n"
930 "MOVNE R0, R5\n"
931 "BLNE sub_FF89A464\n" //PostLogicalEventToUI
932 // "BL sub_FF8966B4\n"
933 "BL sub_FF8966B4_my\n"
934 //----------------------->
935 "BL core_spytask_can_start\n" // + safe to start spytask S95 new stuff to speed up chdk load
936
937 "CMP R4, #0\n"
938 "MOVEQ R0, R5\n"
939 "LDMEQFD SP!, {R4-R6,LR}\n"
940 "MOVEQ R1, #0\n"
941 "BEQ sub_FF89A464\n" //PostLogicalEventToUI
942 "LDMFD SP!, {R4-R6,PC}\n"
943 );
944 };
945
946 void __attribute__((naked,noinline)) sub_FF8966B4_my() {
947 asm volatile(
948 "STMFD SP!, {R4,LR}\n"
949 "MOV R0, #3\n"
950 // "BL sub_FF87538C\n" //__Mounter.c__0
951 "BL sub_FF87538C_my\n" //__Mounter.c__0
952
953 "B sub_FF8966C0\n" // continue in firmware
954 );
955 };
956
957 void __attribute__((naked,noinline)) sub_FF87538C_my() {
958 asm volatile(
959 "STMFD SP!, {R4-R8,LR}\n"
960 "MOV R8, R0\n"
961 "BL sub_FF87530C\n" //__Mounter.c__0
962 "LDR R1, =0x3A068\n"
963 "MOV R6, R0\n"
964 "ADD R4, R1, R0,LSL#7\n"
965 "LDR R0, [R4,#0x6C]\n"
966 "CMP R0, #4\n"
967 "LDREQ R1, =0x83F\n"
968 "LDREQ R0, =0xFF874E4C\n" //aMounter_c
969 "BLEQ sub_FF81EB78\n" //DebugAssert
970 "MOV R1, R8\n"
971 "MOV R0, R6\n"
972 "BL sub_FF874BC0\n"
973 "LDR R0, [R4,#0x38]\n"
974 "BL sub_FF875A30\n"
975 "CMP R0, #0\n"
976 "STREQ R0, [R4,#0x6C]\n"
977 "MOV R0, R6\n"
978 "BL sub_FF874C50\n"
979 "MOV R0, R6\n"
980 // "BL sub_FF874FB4\n"
981 "BL sub_FF874FB4_my\n"
982 //------------------->
983 "B sub_FF8753E4 \n" //continue in firmware
984 );
985
986 };
987 void __attribute__((naked,noinline)) sub_FF874FB4_my() {
988 asm volatile(
989 "STMFD SP!, {R4-R6,LR}\n"
990 "MOV R5, R0\n"
991 "LDR R0, =0x3A068\n"
992 "ADD R4, R0, R5,LSL#7\n"
993 "LDR R0, [R4,#0x6C]\n"
994 "TST R0, #2\n"
995 "MOVNE R0, #1\n"
996 "LDMNEFD SP!, {R4-R6,PC}\n"
997 "LDR R0, [R4,#0x38]\n"
998 "MOV R1, R5\n"
999 // "BL sub_FF874CD4\n"
1000 "BL sub_FF874CD4_my\n"
1001 //------------------->
1002
1003 "B sub_FF874FE0\n" //continue in firmware
1004
1005 );
1006
1007 };
1008
1009 void __attribute__((naked,noinline)) sub_FF874CD4_my() {
1010 asm volatile(
1011 " STMFD SP!, {R4-R10,LR}\n"
1012 " MOV R9, R0\n"
1013 " LDR R0, =0x3A068\n"
1014 " MOV R8, #0\n"
1015 " ADD R5, R0, R1,LSL#7\n"
1016 " LDR R0, [R5,#0x3C]\n"
1017 " MOV R7, #0\n"
1018 " CMP R0, #7\n"
1019 " MOV R6, #0\n"
1020 " ADDLS PC, PC, R0,LSL#2\n"
1021 " B loc_FF874E2C\n"
1022 "loc_FF874D00:\n"
1023 " B loc_FF874D38\n"
1024 "loc_FF874D04:\n"
1025 " B loc_FF874D20\n"
1026 "loc_FF874D08:\n"
1027 " B loc_FF874D20\n"
1028 "loc_FF874D0C:\n"
1029 " B loc_FF874D20\n"
1030 "loc_FF874D10:\n"
1031 " B loc_FF874D20\n"
1032 "loc_FF874D14:\n"
1033 " B loc_FF874E24\n"
1034 "loc_FF874D18:\n"
1035 " B loc_FF874D20\n"
1036 "loc_FF874D1C:\n"
1037 " B loc_FF874D20\n"
1038 "loc_FF874D20:\n"
1039 " MOV R2, #0\n"
1040 " MOV R1, #0x200\n"
1041 " MOV R0, #2\n"
1042 " BL sub_FF890738\n"
1043 " MOVS R4, R0\n"
1044 " BNE loc_FF874D40\n"
1045 "loc_FF874D38:\n"
1046 " MOV R0, #0\n"
1047 " LDMFD SP!, {R4-R10,PC}\n"
1048 "loc_FF874D40:\n"
1049 " LDR R12, [R5,#0x50]\n"
1050 " MOV R3, R4\n"
1051 " MOV R2, #1\n"
1052 " MOV R1, #0\n"
1053 " MOV R0, R9\n"
1054 " BLX R12\n"
1055 " CMP R0, #1\n"
1056 " BNE loc_FF874D6C\n"
1057 " MOV R0, #2\n"
1058 " BL sub_FF890888\n" //__ExMemMan.c__0 ; LOCATION: ExMemMan.c:0
1059 " B loc_FF874D38\n"
1060 "loc_FF874D6C:\n"
1061 " LDR R1, [R5,#0x64]\n"
1062 " MOV R0, R9\n"
1063 " BLX R1\n"
1064 //Allready inserted code
1065
1066 "MOV R1, R4\n" // pointer to MBR in R1
1067 "BL mbr_read_dryos\n" // total sectors count in R0 before and after call
1068
1069 // Start of DataGhost's FAT32 autodetection code
1070 // Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
1071 // According to the code below, we can use R1, R2, R3 and R12.
1072 // LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
1073 // that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
1074 "MOV R12, R4\n" // Copy the MBR start address so we have something to work with
1075 "MOV LR, R4\n" // Save old offset for MBR signature
1076 "MOV R1, #1\n" // Note the current partition number
1077 "B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
1078 "dg_sd_fat32:\n"
1079 "CMP R1, #4\n" // Did we already see the 4th partition?
1080 "BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
1081 "ADD R12, R12, #0x10\n" // Second partition
1082 "ADD R1, R1, #1\n" // Second partition for the loop
1083 "dg_sd_fat32_enter:\n"
1084 "LDRB R2, [R12, #0x1BE]\n" // Partition status
1085 "LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
1086 "CMP R3, #0xB\n" // Is this a FAT32 partition?
1087 "CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
1088 "BNE dg_sd_fat32\n" // No, it isn't. Loop again.
1089 "CMP R2, #0x00\n" // It is, check the validity of the partition type
1090 "CMPNE R2, #0x80\n"
1091 "BNE dg_sd_fat32\n" // Invalid, go to next partition
1092 // This partition is valid, it's the first one, bingo!
1093 "MOV R4, R12\n" // Move the new MBR offset for the partition detection.
1094
1095 "dg_sd_fat32_end:\n"
1096 // End of DataGhost's FAT32 autodetection code
1097
1098
1099
1100
1101
1102 " LDRB R1, [R4,#0x1C9]\n"
1103 " LDRB R3, [R4,#0x1C8]\n"
1104 " LDRB R12, [R4,#0x1CC]\n"
1105 " MOV R1, R1,LSL#24\n"
1106 " ORR R1, R1, R3,LSL#16\n"
1107 " LDRB R3, [R4,#0x1C7]\n"
1108 " LDRB R2, [R4,#0x1BE]\n"
1109 //" LDRB LR, [R4,#0x1FF]\n" //remains commented as in sx200
1110 " ORR R1, R1, R3,LSL#8\n"
1111 " LDRB R3, [R4,#0x1C6]\n"
1112 " CMP R2, #0\n"
1113 " CMPNE R2, #0x80\n"
1114 " ORR R1, R1, R3\n"
1115 " LDRB R3, [R4,#0x1CD]\n"
1116 " MOV R3, R3,LSL#24\n"
1117 " ORR R3, R3, R12,LSL#16\n"
1118 " LDRB R12, [R4,#0x1CB]\n"
1119 " ORR R3, R3, R12,LSL#8\n"
1120 " LDRB R12, [R4,#0x1CA]\n"
1121 " ORR R3, R3, R12\n"
1122 //" LDRB R12, [R4,#0x1FE]\n" //remains commented as in sx200
1123 // Left as in sx200
1124 "LDRB R12, [LR,#0x1FE]\n" // + First MBR signature byte (0x55), LR is original offset.
1125 "LDRB LR, [LR,#0x1FF]\n" // + Last MBR signature byte (0xAA), LR is original offset.
1126
1127
1128 " BNE loc_FF874DF8\n"
1129 " CMP R0, R1\n"
1130 " BCC loc_FF874DF8\n"
1131 " ADD R2, R1, R3\n"
1132 " CMP R2, R0\n"
1133 " CMPLS R12, #0x55\n"
1134 " CMPEQ LR, #0xAA\n"
1135 " MOVEQ R7, R1\n"
1136 " MOVEQ R6, R3\n"
1137 " MOVEQ R4, #1\n"
1138 " BEQ loc_FF874DFC\n"
1139 "loc_FF874DF8:\n"
1140 " MOV R4, R8\n"
1141 "loc_FF874DFC:\n"
1142 " MOV R0, #2\n"
1143 " BL sub_FF890888\n" //__ExMemMan.c__0 ; LOCATION: ExMemMan.c:0
1144 " CMP R4, #0\n"
1145 " BNE loc_FF874E38\n"
1146 " LDR R1, [R5,#0x64]\n"
1147 " MOV R7, #0\n"
1148 " MOV R0, R9\n"
1149 " BLX R1\n"
1150 " MOV R6, R0\n"
1151 " B loc_FF874E38\n"
1152 "loc_FF874E24:\n"
1153 " MOV R6, #0x40\n"
1154 " B loc_FF874E38\n"
1155 "loc_FF874E2C:\n"
1156 " LDR R1, =0x597\n"
1157 " LDR R0, =0xFF874E4C\n" //aMounter_c ; Mounter.c
1158 " BL sub_FF81EB78\n" //DebugAssert
1159
1160 "loc_FF874E38:\n"
1161 " STR R7, [R5,#0x44]!\n"
1162 " STMIB R5, {R6,R8}\n"
1163 " MOV R0, #1\n"
1164 " LDMFD SP!, {R4-R10,PC}\n"
1165
1166 );
1167
1168 };