root/platform/ixus130_sd1400/sub/100c/lib.c

DEFINITIONS

1. hook_raw_image_addr
2. vid_get_viewport_width
3. vid_get_viewport_height
4. camera_jpeg_count_str

   1 #include "platform.h"
   3 // RAM addresses
   5 char *hook_raw_image_addr() {
   6     return (char*)0x41db3b80;           // first RAW buffer address, search String "CRAW BUFF"
   7     // table at 0xffb40208, no second buffer
   8 }
  10 // search for String "VRAM Address" (like SX10)
  11 // or search for String "MaxY %ld MinY %ld" and look below
  12 //void *vid_get_viewport_fb() {
  13 //    return (void*)0x40547700;
  14 //}
  16 //void *vid_get_viewport_fb_d() {
  17 //    return (void*)(*(int*)0x29f8);         // ff871dec: 0x29a0 + 0x58
  18 //}
  20 /*
  21 from http://chdk.setepontos.com/index.php?topic=5045.msg54035#msg54035
  22 this must be completely opaque to an uninitiated scholar...
  23 
  24 First, a quick suggestion: for a start, return 0 in *vid_get_viewport_live_fb(),
  25 and return the correct viewport base address in *vid_get_viewport_fb(),
  26 which is easy to find from the code that references the "VRAM Address: %p" string.
  27 
  28 Now in more detail. Actually, Canon uses (or used to anyway) three buffers,
  29 one (first) of them located at the base address, and switches between them about 30 times a second,
  30 if I remember correctly. We only need to know which one of them is most recently updated,
  31 if we want to speed up motion detection by about 30ms.
  32 There is a table somewhere in RAM with the addresses of the buffers, and a variable with the index 0,1,2 into this table.
  33 It's these two locations that you may want to find, but I'm afraid there's no generic recipe...
  34 They are usually referenced in the code just before, or around "LiveView.c".
  35 Here're sample code snippets from the Ixus950 and A720 (sorry, don't have disasms of later cameras):
  36 
  37 FF9C9E84                 LDR     R3, =0x8C74
  38 FF9C9E88                 LDR     R2, =0x8C58
  39 FF9C9E8C                 LDRB    R0, [R3]
  40 FF9C9E90                 LDR     R1, [R2,R0,LSL#2]
  41 
  42 FFC2936C                 LDR     R4, =0x2084
  43 ...
  44 FFC293B8                 LDRB    R2, [R4]
  45 FFC293BC                 LDR     R0, =0x21D0
  46 FFC293C0                 LDR     R2, [R0,R2,LSL#2]
  47 
  48 You can verify them in memory browser: the index variable should circle through 0,1,2,
  49 and the table should contain three addresses, starting with the VRAM base address.
  50 */
  51 /*
  52 void *vid_get_viewport_live_fb() {
  53     return (void*)0;
  54     // sub_ff84e0e0??? (cf sd990 FF839850)
  55     void **fb=(void **)0x0; // ???
  56     unsigned char buff = *((unsigned char*)0x2040);
  57     if (buff == 0) {
  58         buff = 2;
  59     }
  60     else {
  61         buff--;
  62     }
  63     return fb[buff];
  64 }*/
  66 // OSD buffer
  67 // search dispcon* functions and BmpDDev.c
  68 // ff90ce04:    e92d41f0        push    {r4, r5, r6, r7, r8, lr}
  69 // ff90ce08:    e51f8040        ldr     r8, [pc, #-64]  ; ff90cdd0: (0000556c) 
  70 // ff90ce0c:    e1a04000        mov     r4, r0
  71 // ff90ce10:    e5980010        ldr     r0, [r8, #16]
  72 // ff90ce14:    e1a05001        mov     r5, r1
  73 // ff90ce18:    e3500001        cmp     r0, #1  ; 0x1
  74 // ff90ce1c:    059f123c        ldreq   r1, [pc, #572]  ; ff90d060: (0000013f) 
  75 // ff90ce20:    024f004c        subeq   r0, pc, #76     ; ff90cddc: (44706d42)  *"BmpDDev.c"
  76 // ff90ce24:    e1a07003        mov     r7, r3
  77 // ff90ce28:    e1a06002        mov     r6, r2
  78 // ff90ce2c:    0bfc4738        bleq    loc_ff81eb14
  79 // ff90ce30:    e3540000        cmp     r4, #0  ; 0x0
  80 // ff90ce34:    13550000        cmpne   r5, #0  ; 0x0
  81 // ff90ce38:    13560000        cmpne   r6, #0  ; 0x0
  82 // ff90ce3c:    13570000        cmpne   r7, #0  ; 0x0
  83 // ff90ce40:    059f121c        ldreq   r1, [pc, #540]  ; ff90d064: (00000142) 
  84 // ff90ce44:    024f0070        subeq   r0, pc, #112    ; ff90cddc: (44706d42)  *"BmpDDev.c"
  85 // ff90ce48:    0bfc4731        bleq    loc_ff81eb14
  86 // ff90ce4c:    e59f1214        ldr     r1, [pc, #532]  ; ff90d068: (0000010e) 
  87 // ff90ce50:    e3a00d0f        mov     r0, #960        ; 0x3c0
  88 // ff90ce54:    e5840000        str     r0, [r4]
  89 // ff90ce58:    e5851000        str     r1, [r5]
  90 // ff90ce5c:    e5860000        str     r0, [r6]
  91 // ff90ce60:    e59f0204        ldr     r0, [pc, #516]  ; ff90d06c: (40431000) ; <----
  92 // ff90ce64:    e5870000        str     r0, [r7]
  93 // ff90ce68:    e3a00001        mov     r0, #1  ; 0x1
  94 // ff90ce6c:    e5880010        str     r0, [r8, #16]
  95 // ff90ce70:    e3a00000        mov     r0, #0  ; 0x0
  96 // ff90ce74:    e8bd81f0        pop     {r4, r5, r6, r7, r8, pc}
  97 //void *vid_get_bitmap_fb() {
  98 //    return (void*)0x40431000;
  99 //}
 101 int vid_get_viewport_width() { return 360; }
 103 long vid_get_viewport_height() { return 270; }
 105 // search for String "9999"
 106 // ff9eacb0:    e250cc27        subs    ip, r0, #9984   ; 0x2700
 107 // ff9eacb4:    225cc00f        subscs  ip, ip, #15     ; 0xf
 108 // ff9eacb8:    3a000003        bcc     loc_ff9eaccc
 109 // ff9eacbc:    e59f013c        ldr     r0, [pc, #316]  ; ff9eae00: (0009eb4c) 
 110 // ff9eacc0:    e28f1e13        add     r1, pc, #304    ; ff9eadf8: (39393939)  *"9999"
 111 // ff9eacc4:    ebf8d631        bl      loc_ff820590
 112 // ff9eacc8:    ea000003        b       loc_ff9eacdc
 113 char *camera_jpeg_count_str() {
 114     return (char*)0x9eb4c;
 115 }