root/platform/d10/sub/100a/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. taskHook
  2. boot
  3. sub_FF8101A0_my
  4. sub_FF810FC4_my
  5. sub_FF814D38_my
  6. taskcreate_Startup_my
  7. task_Startup_my
  8. taskcreatePhySw_my
  9. CreateTask_spytask
  10. init_file_modules_task
  11. sub_FF872598_my
  12. sub_FF855974_my
  13. sub_FF855714_my
  14. sub_FF8554A4_my
  15. task_blinker
  16. CreateTask_blinker
   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 #include "dryos31.h"
   5 
   6 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
   7 
   8 const char * const new_sa = &_end;
   9 
  10 /* Ours stuff */
  11 extern long wrs_kernel_bss_start;
  12 extern long wrs_kernel_bss_end;
  13 
  14 // Forward declarations
  15 void CreateTask_spytask();
  16 void boot();
  17 void task_CaptSeqTask_my();
  18 
  19 extern void task_CaptSeq();
  20 extern void task_InitFileModules();
  21 extern void task_MovieRecord();
  22 extern void task_ExpDrv();
  23 extern void task_FileWrite();
  24 
  25 void taskHook(context_t **context) { 
  26  task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
  27 
  28 // physw is done directly to avoid wasting stack space
  29 // if(!_strcmp(tcb->name, "PhySw"))           tcb->entry = (void*)mykbd_task; 
  30  if(tcb->entry == task_CaptSeq)         tcb->entry = (void*)task_CaptSeqTask_my; 
  31  if(tcb->entry == task_InitFileModules) tcb->entry = (void*)init_file_modules_task;
  32  if(tcb->entry == task_MovieRecord)     tcb->entry = (void*)movie_record_task;
  33  if(tcb->entry == task_ExpDrv)          tcb->entry = (void*)exp_drv_task;
  34 // for development testing with/without, not be needed once development is complete
  35 #ifdef CAM_HAS_FILEWRITETASK_HOOK
  36  if(tcb->entry == task_FileWrite)   tcb->entry = (void*)filewritetask;
  37 #endif
  38 }
  39 
  40 #define DEBUG_LED ((unsigned volatile *)0xC0220130) // RED
  41 #define GREEN_LED ((unsigned volatile *)0xC0220134) // GREEN
  42 
  43 void boot() {
  44         asm volatile(
  45 "                LDR     R1, =0xC0410000\n"
  46 "                MOV     R0, #0\n"
  47 "                STR     R0, [R1]\n"
  48 "                MOV     R1, #0x78\n"
  49 "                MCR     p15, 0, R1,c1,c0\n"
  50 "                MOV     R1, #0\n"
  51 "                MCR     p15, 0, R1,c7,c10, 4\n"
  52 "                MCR     p15, 0, R1,c7,c5\n"
  53 "                MCR     p15, 0, R1,c7,c6\n"
  54 "                MOV     R0, #0x3D\n"
  55 "                MCR     p15, 0, R0,c6,c0\n"
  56 "                MOV     R0, #0xC000002F\n"
  57 "                MCR     p15, 0, R0,c6,c1\n"
  58 "                MOV     R0, #0x33\n"
  59 "                MCR     p15, 0, R0,c6,c2\n"
  60 "                MOV     R0, #0x40000033\n"
  61 "                MCR     p15, 0, R0,c6,c3\n"
  62 "                MOV     R0, #0x80000017\n"
  63 "                MCR     p15, 0, R0,c6,c4\n"
  64 "                LDR     R0, =0xFF80002D\n"
  65 "                MCR     p15, 0, R0,c6,c5\n"
  66 "                MOV     R0, #0x34\n"
  67 "                MCR     p15, 0, R0,c2,c0\n"
  68 "                MOV     R0, #0x34\n"
  69 "                MCR     p15, 0, R0,c2,c0, 1\n"
  70 "                MOV     R0, #0x34\n"
  71 "                MCR     p15, 0, R0,c3,c0\n"
  72 "                LDR     R0, =0x3333330\n"
  73 "                MCR     p15, 0, R0,c5,c0, 2\n"
  74 "                LDR     R0, =0x3333330\n"
  75 "                MCR     p15, 0, R0,c5,c0, 3\n"
  76 "                MRC     p15, 0, R0,c1,c0\n"
  77 "                ORR     R0, R0, #0x1000\n"
  78 "                ORR     R0, R0, #4\n"
  79 "                ORR     R0, R0, #1\n"
  80 "                MCR     p15, 0, R0,c1,c0\n"
  81 "                MOV     R1, #0x80000006\n"
  82 "                MCR     p15, 0, R1,c9,c1\n"
  83 "                MOV     R1, #6\n"
  84 "                MCR     p15, 0, R1,c9,c1, 1\n"
  85 "                MRC     p15, 0, R1,c1,c0\n"
  86 "                ORR     R1, R1, #0x50000\n"
  87 "                MCR     p15, 0, R1,c1,c0\n"
  88 "                LDR     R2, =0xC0200000\n"
  89 "                MOV     R1, #1\n"
  90 "                STR     R1, [R2,#0x10C]\n"
  91 "                MOV     R1, #0xFF\n"
  92 "                STR     R1, [R2,#0xC]\n"
  93 "                STR     R1, [R2,#0x1C]\n"
  94 "                STR     R1, [R2,#0x2C]\n"
  95 "                STR     R1, [R2,#0x3C]\n"
  96 "                STR     R1, [R2,#0x4C]\n"
  97 "                STR     R1, [R2,#0x5C]\n"
  98 "                STR     R1, [R2,#0x6C]\n"
  99 "                STR     R1, [R2,#0x7C]\n"
 100 "                STR     R1, [R2,#0x8C]\n"
 101 "                STR     R1, [R2,#0x9C]\n"
 102 "                STR     R1, [R2,#0xAC]\n"
 103 "                STR     R1, [R2,#0xBC]\n"
 104 "                STR     R1, [R2,#0xCC]\n"
 105 "                STR     R1, [R2,#0xDC]\n"
 106 "                STR     R1, [R2,#0xEC]\n"
 107 "                STR     R1, [R2,#0xFC]\n"
 108 "                LDR     R1, =0xC0400008\n"
 109 "                LDR     R2, =0x430005\n"
 110 "                STR     R2, [R1]\n"
 111 "                MOV     R1, #1\n"
 112 "                LDR     R2, =0xC0243100\n"
 113 "                STR     R2, [R1]\n"
 114 "                LDR     R2, =0xC0242010\n"
 115 "                LDR     R1, [R2]\n"
 116 "                ORR     R1, R1, #1\n"
 117 "                STR     R1, [R2]\n"
 118 "                LDR     R0, =0xFFB4EFA4\n"
 119 "                LDR     R1, =0x1900\n"
 120 "                LDR     R3, =0xCDA0\n"
 121 "loc_FF81013C:\n"
 122 "                CMP     R1, R3\n"
 123 "                LDRCC   R2, [R0],#4\n"
 124 "                STRCC   R2, [R1],#4\n"
 125 "                BCC     loc_FF81013C\n"
 126 "                LDR     R1, =0x146A2C\n"
 127 "                MOV     R2, #0\n"
 128 "loc_FF810154:\n"
 129 "                CMP     R3, R1\n"
 130 "                STRCC   R2, [R3],#4\n"
 131 "                BCC     loc_FF810154\n"
 132         );
 133 
 134 // see http://chdk.setepontos.com/index.php/topic,2972.msg30712.html#msg30712
 135 // this works for init_file_modules task in both play and rec mode
 136     *(int*)0x1934=(int)taskHook;
 137 // this does not start init_file_modules task ever
 138 //    *(int*)0x1938=(int)taskHook;
 139 
 140         // Search on 0x12345678 finds function called by sub_FF846AF4, values found there OK
 141     *(int*)(0x2444)= (*(int*)0xC02200F8)&1 ? 0x200000 : 0x100000; 
 142 
 143     // jump to init-sequence that follows the data-copy-routine 
 144     asm volatile ("B      sub_FF8101A0_my\n");
 145 }
 146 
 147 void __attribute__((naked,noinline)) sub_FF8101A0_my() {
 148         asm volatile (
 149 "                LDR     R0, =0xFF810218\n" // exception handler code
 150 "                MOV     R1, #0\n"
 151 "                LDR     R3, =0xFF810250\n"
 152 "loc_FF8101AC:\n"
 153 "                CMP     R0, R3\n"          // load exception vector
 154 "                LDRCC   R2, [R0],#4\n"
 155 "                STRCC   R2, [R1],#4\n"
 156 "                BCC     loc_FF8101AC\n"
 157 "                LDR     R0, =0xFF810250\n"
 158 "                MOV     R1, #0x4B0\n"
 159 "                LDR     R3, =0xFF810464\n"
 160 "loc_FF8101C8:\n"
 161 "                CMP     R0, R3\n"          // copy IRQ handler to ITCM starting at 0x4b0, 532 bytes up to 0x6C4
 162 "                LDRCC   R2, [R0],#4\n"
 163 "                STRCC   R2, [R1],#4\n"
 164 "                BCC     loc_FF8101C8\n"
 165 "                MOV     R0, #0xD2\n"
 166 "                MSR     CPSR_cxsf, R0\n"   // set CPSR mode = IRQ, ints disabled
 167 "                MOV     SP, #0x1000\n"     // irq mode SP
 168 "                MOV     R0, #0xD3\n"
 169 "                MSR     CPSR_cxsf, R0\n"   // set CPSR mode = Super, ints disabled
 170 "                MOV     SP, #0x1000\n"     // super mode SP
 171 "                LDR     R0, =0x6C4\n"
 172 "                LDR     R2, =0xEEEEEEEE\n"
 173 "                MOV     R3, #0x1000\n"
 174 "loc_FF8101FC:\n"
 175 "                CMP     R0, R3\n"          // clear ITCM 0x6C4-end with EEEEEEEE
 176 "                STRCC   R2, [R0],#4\n"
 177 "                BCC     loc_FF8101FC\n"
 178 "                BL      sub_FF810FC4_my\n" //->
 179         );
 180 }
 181 
 182 void __attribute__((naked,noinline)) sub_FF810FC4_my() {
 183         asm volatile (
 184 "                STR     LR, [SP,#-4]!\n"
 185 "                SUB     SP, SP, #0x74\n"
 186 "                MOV     R0, SP\n"
 187 "                MOV     R1, #0x74\n"
 188 "                BL      sub_FFACBFBC\n"
 189 "                MOV     R0, #0x53000\n"
 190 "                STR     R0, [SP,#4]\n"
 191 //"                LDR     R0, =0x146A2C\n"
 192 #if defined(CHDK_NOT_IN_CANON_HEAP)
 193 "                LDR     R0, =0x146A2C\n"
 194 #else
 195               "LDR     R0, =new_sa\n"
 196               "LDR     R0, [R0]\n"
 197 #endif
 198 "                LDR     R2, =0x2F9C00\n"
 199 "                LDR     R1, =0x2F24A8\n"
 200 "                STR     R0, [SP,#8]\n"
 201 "                SUB     R0, R1, R0\n"
 202 "                ADD     R3, SP, #0xC\n"
 203 "                STR     R2, [SP]\n"
 204 "                STMIA   R3, {R0-R2}\n"
 205 "                MOV     R0, #0x22\n"
 206 "                STR     R0, [SP,#0x18]\n"
 207 "                MOV     R0, #0x68\n"
 208 "                STR     R0, [SP,#0x1C]\n"
 209 "                LDR     R0, =0x19B\n"
 210 "                LDR     R1, =sub_FF814D38_my\n"
 211 "                LDR     PC, =0xFF811018\n" // jump back to original FW
 212 /*
 213 "                STR     R0, [SP,#0x20]\n"
 214 "                MOV     R0, #0x96\n"
 215 "                STR     R0, [SP,#0x24]\n"
 216 "                MOV     R0, #0x78\n"
 217 "                STR     R0, [SP,#0x28]\n"
 218 "                MOV     R0, #0x64\n"
 219 "                STR     R0, [SP,#0x2C]\n"
 220 "                MOV     R0, #0\n"
 221 "                STR     R0, [SP,#0x30]\n"
 222 "                STR     R0, [SP,#0x34]\n"
 223 "                MOV     R0, #0x10\n"
 224 "                STR     R0, [SP,#0x5C]\n"
 225 "                MOV     R0, #0x800\n"
 226 "                STR     R0, [SP,#0x60]\n"
 227 "                MOV     R0, #0xA0\n"
 228 "                STR     R0, [SP,#0x64]\n"
 229 "                MOV     R0, #0x280\n"
 230 "                STR     R0, [SP,#0x68]\n"
 231 "                MOV     R0, SP\n"
 232 "                MOV     R2, #0\n"
 233 "                BL      sub_FF812D68\n"
 234 // will never return
 235 //"                ADD     SP, SP, #0x74\n"
 236 //"                LDR     PC, [SP],#4\n"
 237 */
 238         );
 239 }
 240 void __attribute__((naked,noinline)) sub_FF814D38_my() {
 241         asm volatile (
 242 "                STMFD   SP!, {R4,LR}\n"
 243 "                BL      sub_FF810954\n"
 244 "                BL      sub_FF8190B4\n" // dmSetup
 245 "                CMP     R0, #0\n"
 246 "                LDRLT   R0, =0xFF814E4C\n"    // "dmSetup"
 247 "                BLLT    sub_FF814E2C\n" // err_init_task
 248 "                BL      sub_FF814974\n"
 249 "                CMP     R0, #0\n"
 250 "                LDRLT   R0,=0xFF814E54\n" // "termDriverInit"
 251 "                BLLT    sub_FF814E2C\n" // err_init_task
 252 "                LDR     R0, =0xFF814E64\n"      // "/_term"
 253 "                BL      sub_FF814A5C\n" // termDeviceCreate
 254 "                CMP     R0, #0\n"
 255 "                LDRLT   R0, =0xFF814E6C\n" // "termDeviceCreate"
 256 "                BLLT    sub_FF814E2C\n" // err_init_task
 257 "                LDR     R0, =0xFF814E64\n"      // "/_term"
 258 "                BL      sub_FF813578\n" // stdioSetup
 259 "                CMP     R0, #0\n"
 260 "                LDRLT   R0, =0xFF814E80\n" // "stdioSetup"
 261 "                BLLT    sub_FF814E2C\n" // err_init_task
 262 "                BL      sub_FF818BCC\n"
 263 "                CMP     R0, #0\n"
 264 "                LDRLT   R0, =0xFF814E8C\n" // "stdlibSetup"
 265 "                BLLT    sub_FF814E2C\n" // err_init_task
 266 "                BL      sub_FF8114A8\n"
 267 "                CMP     R0, #0\n"
 268 "                LDRLT   R0, =0xFF814E98\n" // "armlib_setup"
 269 "                BLLT    sub_FF814E2C\n" // err_init_task
 270 "                LDMFD   SP!, {R4,LR}\n"
 271 "                B       taskcreate_Startup_my\n"
 272         );
 273 }
 274 
 275 void __attribute__((naked,noinline)) taskcreate_Startup_my() {
 276         asm volatile (
 277 "                STMFD   SP!, {R3,LR}\n"
 278 //"                BL      j_nullsub_173\n"
 279 "                BL      sub_FF828F44\n"
 280 "                CMP     R0, #0\n"
 281 "                BNE     loc_FF81C29C\n"
 282 "                BL      sub_FF821B88\n"
 283 "                CMP     R0, #0\n"
 284 "                BNE     loc_FF81C29C\n"
 285 "                BL      sub_FF821254\n"
 286 "                LDR     R1, =0xC0220000\n"
 287 "                MOV     R0, #0x44\n"
 288 "                STR     R0, [R1,#0x14]\n"
 289 "                STR     R0, [R1,#0x1C]\n"
 290 "                BL      sub_FF821440\n"
 291 "loc_FF81C298:\n"
 292 "                B       loc_FF81C298\n"
 293 "loc_FF81C29C:\n"
 294 //"                BL      sub_FF821B94\n" // remove for correct power on (hold pwr button for rec)
 295 //"                BL      j_nullsub_174\n"
 296 "                BL      sub_FF8271FC\n"
 297 "                LDR     R1, =0x34E000\n"
 298 "                MOV     R0, #0\n"
 299 "                BL      sub_FF827644\n"
 300 "                BL      sub_FF8273F0\n" // KerSys.c 548
 301 "                MOV     R3, #0\n"
 302 "                STR     R3, [SP]\n"
 303 "                LDR     R3, =task_Startup_my\n"
 304 "                MOV     R2, #0\n"
 305 "                MOV     R1, #0x19\n"
 306 "                LDR     R0, =0xFF81C2E0\n" // aStartup
 307 "                BL      sub_FF81AFAC\n" // eventproc_export_CreateTask
 308 "                MOV     R0, #0\n"
 309 "                LDMFD   SP!, {R12,PC}\n"
 310         );
 311 }
 312 
 313 void CreateTask_blinker();
 314 
 315 void __attribute__((naked,noinline)) task_Startup_my() {
 316         asm volatile (
 317 "                STMFD   SP!, {R4,LR}\n"
 318 "                BL      sub_FF815394\n" // taskcreate_ClockSave
 319 "                BL      sub_FF822C70\n"
 320 "                BL      sub_FF820F38\n"
 321 //"                BL      j_nullsub_175\n"
 322 "                BL      sub_FF829168\n"
 323 //"                BL      sub_FF829018\n" // diskboot
 324 "                BL      CreateTask_spytask\n"
 325 "                BL      sub_FF829304\n"
 326 "                BL      sub_FF81FB94\n"
 327 "                BL      sub_FF829198\n"
 328 "                BL      sub_FF8267FC\n"
 329 "                BL      sub_FF829308\n"
 330 "                BL      taskcreatePhySw_my\n"  // we do this here rather than hook so we don't waste the original stack
 331 #if defined(OPT_RUN_WITH_BATT_COVER_OPEN)
 332 // Pause for startup with battery door open 0x70000 was not enough, 0x88000 seemed fine
 333 "    LDR     R0, =0x90000\n"    
 334 "batt_delay:\n"
 335 "    NOP\n"
 336 "    SUBS    R0,R0,#1\n"
 337 "    BNE     batt_delay\n"
 338 #endif
 339 "                LDR     PC, =0xFF81C230\n" // jump back to original firmware
 340 /*
 341 //"                BL      sub_FF821A88\n" // taskcreate_PhySw
 342 "                BL      sub_FF824ADC\n"
 343 "                BL      sub_FF829320\n"
 344 //"                BL      nullsub_2\n"
 345 "                BL      sub_FF820854\n"
 346 "                BL      sub_FF828D24\n" // taskcreate_Bye
 347 "                BL      sub_FF820EE8\n"
 348 "                BL      sub_FF820760\n" // taskcreate_TempCheck LOCATION: LowBat.c:2
 349 "                BL      sub_FF81FBC8\n"
 350 "                BL      sub_FF829DE8\n"
 351 "                BL      sub_FF820738\n"
 352 "                LDMFD   SP!, {R4,LR}\n"
 353 "                B       sub_FF8154B4\n" // LOCATION: MLHClock.c:0
 354 */
 355         );
 356 }
 357 
 358 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
 359         asm volatile (
 360 "                STMFD   SP!, {R3-R5,LR}\n"
 361 "                LDR     R4, =0x1C2C\n"
 362 "                LDR     R0, [R4,#0x10]\n"
 363 "                CMP     R0, #0\n"
 364 "                BNE     loc_FF821ABC\n"
 365 "                MOV     R3, #0\n"
 366 "                STR     R3, [SP]\n"
 367 "                LDR     R3, =mykbd_task\n" // task_PhySw
 368 //"                MOV     R2, #0x800\n"
 369 "                MOV     R2, #0x2000\n" // stack size for new task_PhySw so we don't have to do stack switch
 370 "                MOV     R1, #0x17\n"
 371 "                LDR     R0, =0xFF821C90\n"      // "PhySw"
 372 "                BL      sub_FF827444\n" // KernelCreateTask LOCATION: KernelMisc.c:19
 373 "                STR     R0, [R4,#0x10]\n"
 374 "loc_FF821ABC:\n"
 375 "                BL      sub_FF87015C\n"
 376 "                BL      sub_FF849F90\n" // IsFactoryMode
 377 "                CMP     R0, #0\n"
 378 "                LDREQ   R1, =0xE244\n"
 379 "                LDMEQFD SP!, {R3-R5,LR}\n"
 380 "                BEQ     sub_FF8700E4\n" // eventproc_export_OpLog_Start
 381 "                LDMFD   SP!, {R3-R5,PC}\n"
 382         );
 383 }
 384 
 385 void CreateTask_spytask() {
 386         _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
 387 }
 388 
 389 void __attribute__((naked,noinline)) init_file_modules_task() { 
 390   asm volatile (
 391 "                 STMFD   SP!, {R4-R6,LR}\n"
 392 "                 BL      sub_FF87256C\n"
 393 "                 LDR     R5, =0x5006\n"
 394 "                 MOVS    R4, R0\n"
 395 "                 MOVNE   R1, #0\n"
 396 "                 MOVNE   R0, R5\n"
 397 "                 BLNE    sub_FF8773D4\n" // PostLogicalEventToUI
 398 "                 BL      sub_FF872598_my\n"
 399 "                 BL      core_spytask_can_start\n" // + safe to start spytask
 400 "                 CMP     R4, #0\n"
 401 "                 MOVEQ   R0, R5\n"
 402 "                 LDMEQFD SP!, {R4-R6,LR}\n"
 403 "                 MOVEQ   R1, #0\n"
 404 "                 BEQ     sub_FF8773D4\n" // PostLogicalEventToUI
 405 "                 LDMFD   SP!, {R4-R6,PC}\n"
 406  );
 407 } 
 408 
 409 void __attribute__((naked,noinline)) sub_FF872598_my() { 
 410   asm volatile (
 411 "                STMFD   SP!, {R4,LR}\n"
 412 "                MOV     R0, #3\n"
 413 "                BL      sub_FF855974_my\n" // -> (Mounter.c)
 414 "                LDR     PC,=0xFF8725A8\n" //jump back to firmware
 415 /*
 416 //"                BL      nullsub_64\n"
 417 "                LDR     R4, =0x2E20\n"
 418 "                LDR     R0, [R4,#4]\n"
 419 "                CMP     R0, #0\n"
 420 "                BNE     loc_FF8725D0\n"
 421 "                BL      sub_FF854D38\n"
 422 "                BL      sub_FF902984\n"
 423 "                BL      sub_FF854D38\n"
 424 "                BL      sub_FF850D8C\n"
 425 "                BL      sub_FF854C38\n"
 426 "                BL      sub_FF902A50\n"
 427 "loc_FF8725D0:\n"
 428 "                MOV     R0, #1\n"
 429 "                STR     R0, [R4]\n"
 430 "                LDMFD   SP!, {R4,PC}\n"
 431 */
 432  );
 433 } 
 434 
 435 void __attribute__((naked,noinline)) sub_FF855974_my() { 
 436   asm volatile (
 437 "                STMFD   SP!, {R4-R8,LR}\n"
 438 "                MOV     R6, R0\n"
 439 "                BL      sub_FF8558DC\n" // Mounter.c 0
 440 "                LDR     R1, =0x10770\n"
 441 "                MOV     R5, R0\n"
 442 "                ADD     R4, R1, R0,LSL#7\n"
 443 "                LDR     R0, [R4,#0x70]\n"
 444 "                CMP     R0, #4\n"
 445 "                LDREQ   R1, =0x6D8\n"
 446 "                LDREQ   R0, =0xFF855400\n" // "Mounter.c"
 447 "                BLEQ    sub_FF81B284\n" // DebugAssert
 448 "                MOV     R1, R6\n"
 449 "                MOV     R0, R5\n"
 450 "                BL      sub_FF855348\n" // Mounter.c 0
 451 "                LDR     R0, [R4,#0x38]\n"
 452 "                BL      sub_FF855EA0\n"
 453 "                CMP     R0, #0\n"
 454 "                STREQ   R0, [R4,#0x70]\n"
 455 "                MOV     R0, R5\n"
 456 "                BL      sub_FF855420\n"
 457 "                MOV     R0, R5\n"
 458 "                BL      sub_FF855714_my\n" // ->
 459 "                LDR     PC,=0xFF8559CC\n" // jump back to original fw
 460 /*
 461 "                MOV     R7, R0\n"
 462 "                MOV     R0, R5\n"
 463 "                BL      sub_FF855778\n" // Mounter.c 7
 464 "                LDR     R1, [R4,#0x3C]\n"
 465 "                AND     R2, R7, R0\n"
 466 "                CMP     R1, #0\n"
 467 "                MOV     R0, #0\n"
 468 "                MOVEQ   R0, #0x80000001\n"
 469 "                BEQ     loc_FF855A1C\n"
 470 "                LDR     R3, [R4,#0x2C]\n"
 471 "                CMP     R3, #2\n"
 472 "                MOVEQ   R0, #4\n"
 473 "                CMP     R1, #5\n"
 474 "                ORRNE   R0, R0, #1\n"
 475 "                BICEQ   R0, R0, #1\n"
 476 "                CMP     R2, #0\n"
 477 "                BICEQ   R0, R0, #2\n"
 478 "                ORREQ   R0, R0, #0x80000000\n"
 479 "                BICNE   R0, R0, #0x80000000\n"
 480 "                ORRNE   R0, R0, #2\n"
 481 "loc_FF855A1C:\n"
 482 "                CMP     R6, #7\n"
 483 "                STR     R0, [R4,#0x40]\n"
 484 "                LDMNEFD SP!, {R4-R8,PC}\n"
 485 "                MOV     R0, R6\n"
 486 "                BL      sub_FF85592C\n"
 487 "                CMP     R0, #0\n"
 488 "                LDMEQFD SP!, {R4-R8,LR}\n"
 489 "                LDREQ   R0, =0xFF855C18\n" // "EmemMountError"
 490 "                BEQ     sub_FF8115A8\n" // qPrintf
 491 "                LDMFD   SP!, {R4-R8,PC}\n"
 492 */
 493  );
 494 } 
 495 
 496 void __attribute__((naked,noinline)) sub_FF855714_my() { 
 497   asm volatile (
 498 "                STMFD   SP!, {R4-R6,LR}\n"
 499 "                MOV     R5, R0\n"
 500 "                LDR     R0, =0x10770\n"
 501 "                ADD     R4, R0, R5,LSL#7\n"
 502 "                LDR     R0, [R4,#0x70]\n"
 503 "                TST     R0, #2\n"
 504 "                MOVNE   R0, #1\n"
 505 "                LDMNEFD SP!, {R4-R6,PC}\n"
 506 "                LDR     R0, [R4,#0x38]\n"
 507 "                MOV     R1, R5\n"
 508 "                BL      sub_FF8554A4_my\n" // -> (Mounter.c)
 509 "                LDR     PC, =0xFF855740\n" // jump back to origina fw
 510 /*
 511 "                CMP     R0, #0\n"
 512 "                LDMEQFD SP!, {R4-R6,PC}\n"
 513 "                LDR     R0, [R4,#0x38]\n"
 514 "                MOV     R1, R5\n"
 515 "                BL      sub_FF855610\n" // Mounter.c
 516 "                CMP     R0, #0\n"
 517 "                LDMEQFD SP!, {R4-R6,PC}\n"
 518 "                MOV     R0, R5\n"
 519 "                BL      sub_FF854F30\n"
 520 "                CMP     R0, #0\n"
 521 "                LDRNE   R1, [R4,#0x70]\n"
 522 "                ORRNE   R1, R1, #2\n"
 523 "                STRNE   R1, [R4,#0x70]\n"
 524 "                LDMFD   SP!, {R4-R6,PC}\n"
 525 */
 526  );
 527 } 
 528 void __attribute__((naked,noinline)) sub_FF8554A4_my() { 
 529   asm volatile (
 530 "                STMFD   SP!, {R4-R8,LR}\n"
 531 "                MOV     R8, R0\n"
 532 "                LDR     R0, =0x10770\n"
 533 "                MOV     R7, #0\n"
 534 "                ADD     R5, R0, R1,LSL#7\n"
 535 "                LDR     R0, [R5,#0x3C]\n"
 536 "                MOV     R6, #0\n"
 537 "                CMP     R0, #7\n"
 538 "                ADDLS   PC, PC, R0,LSL#2\n"
 539 "                B       loc_FF8555F4\n"
 540 "                B       loc_FF855504\n"
 541 "                B       loc_FF8554EC\n"
 542 "                B       loc_FF8554EC\n"
 543 "                B       loc_FF8554EC\n"
 544 "                B       loc_FF8554EC\n"
 545 "                B       loc_FF8555EC\n"
 546 "                B       loc_FF8554EC\n"
 547 "                B       loc_FF8554EC\n"
 548 "loc_FF8554EC:\n"
 549 // jumptable FF8554C4 entries 1-4,6,7
 550 "                MOV     R2, #0\n"
 551 "                MOV     R1, #0x200\n"
 552 "                MOV     R0, #2\n"
 553 "                BL      sub_FF86C664\n"
 554 "                MOVS    R4, R0\n"
 555 "                BNE     loc_FF85550C\n"
 556 "loc_FF855504:\n"
 557 // jumptable FF8554C4 entry 0
 558 "                MOV     R0, #0\n"
 559 "                LDMFD   SP!, {R4-R8,PC}\n"
 560 "loc_FF85550C:\n"
 561 "                LDR     R12, [R5,#0x4C]\n"
 562 "                MOV     R3, R4\n"
 563 "                MOV     R2, #1\n"
 564 "                MOV     R1, #0\n"
 565 "                MOV     R0, R8\n"
 566 "                BLX     R12\n"
 567 "                CMP     R0, #1\n"
 568 "                BNE     loc_FF855538\n"
 569 "                MOV     R0, #2\n"
 570 "                BL      sub_FF86C7B0\n" // ExMemMan.c 0
 571 "                B       loc_FF855504\n"
 572 "loc_FF855538:\n"
 573 
 574 "                LDR     R1, [R5,#0x68]\n"
 575 "                MOV     R0, R8\n"
 576 "                BLX     R1\n"
 577            "MOV   R1, R4\n"           //  pointer to MBR in R1
 578            "BL    mbr_read_dryos\n"   //  total sectors count in R0 before and after call
 579 
 580         // Start of DataGhost's FAT32 autodetection code
 581         // Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
 582         // According to the code below, we can use R1, R2, R3 and R12.
 583         // LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
 584         // that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
 585         "MOV     R12, R4\n"                    // Copy the MBR start address so we have something to work with
 586         "MOV     LR, R4\n"                     // Save old offset for MBR signature
 587         "MOV     R1, #1\n"                     // Note the current partition number
 588         "B       dg_sd_fat32_enter\n"          // We actually need to check the first partition as well, no increments yet!
 589    "dg_sd_fat32:\n"
 590         "CMP     R1, #4\n"                     // Did we already see the 4th partition?
 591         "BEQ     dg_sd_fat32_end\n"            // Yes, break. We didn't find anything, so don't change anything.
 592         "ADD     R12, R12, #0x10\n"            // Second partition
 593         "ADD     R1, R1, #1\n"                 // Second partition for the loop
 594    "dg_sd_fat32_enter:\n"
 595         "LDRB    R2, [R12, #0x1BE]\n"          // Partition status
 596         "LDRB    R3, [R12, #0x1C2]\n"          // Partition type (FAT32 = 0xB)
 597         "CMP     R3, #0xB\n"                   // Is this a FAT32 partition?
 598         "CMPNE   R3, #0xC\n"                   // Not 0xB, is it 0xC (FAT32 LBA) then?
 599         "BNE     dg_sd_fat32\n"                // No, it isn't. Loop again.
 600         "CMP     R2, #0x00\n"                  // It is, check the validity of the partition type
 601         "CMPNE   R2, #0x80\n"
 602         "BNE     dg_sd_fat32\n"                // Invalid, go to next partition
 603                                                // This partition is valid, it's the first one, bingo!
 604         "MOV     R4, R12\n"                    // Move the new MBR offset for the partition detection.
 605         
 606    "dg_sd_fat32_end:\n"
 607         // End of DataGhost's FAT32 autodetection code
 608 "                LDRB    R1, [R4,#0x1C9]\n"
 609 "                LDRB    R3, [R4,#0x1C8]\n"
 610 "                LDRB    R12, [R4,#0x1CC]\n"
 611 "                MOV     R1, R1,LSL#24\n"
 612 "                ORR     R1, R1, R3,LSL#16\n"
 613 "                LDRB    R3, [R4,#0x1C7]\n"
 614 "                LDRB    R2, [R4,#0x1BE]\n"
 615 //"                LDRB    LR, [R4,#0x1FF]\n"
 616 "                ORR     R1, R1, R3,LSL#8\n"
 617 "                LDRB    R3, [R4,#0x1C6]\n"
 618 "                CMP     R2, #0\n"
 619 "                CMPNE   R2, #0x80\n"
 620 "                ORR     R1, R1, R3\n"
 621 "                LDRB    R3, [R4,#0x1CD]\n"
 622 "                MOV     R3, R3,LSL#24\n"
 623 "                ORR     R3, R3, R12,LSL#16\n"
 624 "                LDRB    R12, [R4,#0x1CB]\n"
 625 "                ORR     R3, R3, R12,LSL#8\n"
 626 "                LDRB    R12, [R4,#0x1CA]\n"
 627 "                ORR     R3, R3, R12\n"
 628 //"                LDRB    R12, [R4,#0x1FE]\n"
 629 "                LDRB    R12, [LR,#0x1FE]\n" // +
 630 "                LDRB    LR, [LR,#0x1FF]\n" // +
 631 "                MOV     R4, #0\n"
 632 "                BNE     loc_FF8555C4\n"
 633 "                CMP     R0, R1\n"
 634 "                BCC     loc_FF8555C4\n"
 635 "                ADD     R2, R1, R3\n"
 636 "                CMP     R2, R0\n"
 637 "                CMPLS   R12, #0x55\n"
 638 "                CMPEQ   LR, #0xAA\n"
 639 "                MOVEQ   R7, R1\n"
 640 "                MOVEQ   R6, R3\n"
 641 "                MOVEQ   R4, #1\n"
 642 "loc_FF8555C4:\n"
 643 "                MOV     R0, #2\n"
 644 "                BL      sub_FF86C7B0\n" // ExMemMan.c 0
 645 "                CMP     R4, #0\n"
 646 "                BNE     loc_FF855600\n"
 647 "                LDR     R1, [R5,#0x68]\n"
 648 "                MOV     R7, #0\n"
 649 "                MOV     R0, R8\n"
 650 "                BLX     R1\n"
 651 "                MOV     R6, R0\n"
 652 "                B       loc_FF855600\n"
 653 "loc_FF8555EC:\n"
 654 // jumptable FF8554C4 entry 5
 655 "                MOV     R6, #0x40\n"
 656 "                B       loc_FF855600\n"
 657 "loc_FF8555F4:\n"
 658 // jumptable FF8554C4 default entry
 659 "                LDR     R1, =0x5C9\n"
 660 "                LDR     R0, =0xFF855400\n"  // "Mounter.c"
 661 "                BL      sub_FF81B1CC\n" // DebugAssert
 662 "loc_FF855600:\n"
 663 "                STR     R7, [R5,#0x44]!\n"
 664 "                MOV     R0, #1\n"
 665 "                STR     R6, [R5,#4]\n"
 666 "                LDMFD   SP!, {R4-R8,PC}\n"
 667  );
 668 } 
 669 
 670 #if 0
 671 const unsigned ledlist[]={
 672         0xC0220134, // green
 673         0xC0220130, // red
 674 };
 675 // shamelessly stolen from s5 for debugging
 676 extern void msleep(int x);
 677 void __attribute__((noinline)) task_blinker() {
 678         int ledstate;
 679 
 680         int counter = 0;
 681 
 682         int *led = (void*) ledlist[0];
 683                 int i_led = 0;
 684 
 685         int *anypointer;       // multi-purpose pointer to poke around in memory
 686         int v1, v2, v3, v4;    // multi-purpose vars
 687 
 688         ledstate = 0;   // init: led off
 689         *led = 0x46;      // led on
 690 
 691         while (1) {
 692 
 693                 if (ledstate == 1) {    // toggle LED
 694                         ledstate = 0;
 695                         *led = 0x44;      // LED off
 696                                                 led=(void *)ledlist[(++i_led)%2];
 697                         //core_test(1);
 698                 } else {
 699                         ledstate = 1;
 700                         *led = 0x46;      // LED on
 701                         //core_test(0);
 702                 }
 703 
 704                 if (counter == 2) {
 705                         //dump_chdk();
 706                         //gui_init();
 707                         //_ExecuteEventProcedure("UIFS_WriteFirmInfoToFile");
 708                         //_UIFS_WriteFirmInfoToFile(0);
 709                 }
 710 
 711                 if (counter == 10) {
 712                         //draw_txt_string(2, 2, "test");
 713                 }
 714 
 715                 msleep(500);
 716                 counter++;
 717         }
 718 };
 719 
 720 void CreateTask_blinker() {
 721         _CreateTask("Blinker", 0x1, 0x200, task_blinker, 0);
 722 };
 723 #endif
 724
/* [<][>][^][v][top][bottom][index][help] */