root/platform/ixus980_sd990/sub/100e/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. taskHook
  2. boot
  3. sub_FF8101A0_my
  4. sub_FF810F94_my
  5. sub_FF814D8C_my
  6. taskcreate_Startup_my
  7. task_Startup_my
  8. sub_FF8218C8_my
  9. CreateTask_spytask
  10. init_file_modules_task
  11. sub_FF876C24_my
  12. sub_FF8592B8_my
  13. sub_FF8590F4_my
  14. sub_FF858E84_my
  15. JogDial_task_my
  16. task_blinker
  17. CreateTask_blinker

   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 #include "dryos31.h"
   5 
   6 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
   7 
   8 const char * const new_sa = &_end;
   9 
  10 /* Ours stuff */
  11 extern long wrs_kernel_bss_start;
  12 extern long wrs_kernel_bss_end;
  13 
  14 // Forward declarations
  15 void CreateTask_spytask();
  16 extern volatile int jogdial_stopped;
  17 void JogDial_task_my(void);
  18 
  19 extern void task_CaptSeq();
  20 extern void task_InitFileModules();
  21 extern void task_MovieRecord();
  22 extern void task_ExpDrv();
  23 extern void task_PhySw();
  24 extern void task_FileWrite();
  25 extern void task_RotaryEncoder();
  26 
  27 void taskHook(context_t **context) { 
  28         task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
  29 
  30         // Replace firmware task addresses with ours
  31     if(tcb->entry == (void*)task_CaptSeq)           tcb->entry = (void*)capt_seq_task; 
  32     if(tcb->entry == (void*)task_InitFileModules)   tcb->entry = (void*)init_file_modules_task;
  33     if(tcb->entry == (void*)task_MovieRecord)       tcb->entry = (void*)movie_record_task;
  34     if(tcb->entry == (void*)task_ExpDrv)            tcb->entry = (void*)exp_drv_task;
  35     if(tcb->entry == (void*)task_FileWrite)         tcb->entry = (void*)filewritetask;
  36     if(tcb->entry == (void*)task_RotaryEncoder)     tcb->entry = (void*)JogDial_task_my;
  37 }
  38 
  39 
  40 #define DEBUG_LED 0xC02200BC
  41 void boot() { //#fs
  42     long *canon_data_src = (void*)0xFFB74B98;
  43     long *canon_data_dst = (void*)0x1900;
  44     long canon_data_len = 0xFE80 - 0x1900; // data_end - data_start
  45     long *canon_bss_start = (void*)0xFE80; // just after data 
  46     long canon_bss_len = 0xE8B40 - 0xFE80; 
  47 
  48     long i;
  49 
  50 
  51     // enable caches and write buffer, disabled earlier in loader 
  52     asm volatile (
  53         "MRC     p15, 0, R0,c1,c0\n"
  54         "ORR     R0, R0, #0x1000\n"
  55         "ORR     R0, R0, #4\n"
  56         "ORR     R0, R0, #1\n"
  57         "MCR     p15, 0, R0,c1,c0\n"
  58     :::"r0");
  59 
  60     for(i=0;i<canon_data_len/4;i++)
  61         canon_data_dst[i]=canon_data_src[i];
  62 
  63     for(i=0;i<canon_bss_len/4;i++)
  64         canon_bss_start[i]=0;
  65 
  66 // see http://chdk.setepontos.com/index.php/topic,2972.msg30712.html#msg30712
  67     *(int*)0x1930=(int)taskHook;
  68     *(int*)0x1934=(int)taskHook;
  69 
  70         // similar to SX10 (but no +4 and values are >> 8) via sub_FF849EB0. 
  71         // Search on 0x12345678 finds function called by this
  72     *(int*)(0x2588)= (*(int*)0xC02200F8)&1 ? 0x200000 : 0x100000; // replacement of sub_FF8219D8 for correct power-on.
  73 
  74     // jump to init-sequence that follows the data-copy-routine 
  75     asm volatile ("B      sub_FF8101A0_my\n");
  76 }
  77 
  78 void __attribute__((naked,noinline)) sub_FF8101A0_my() {
  79         asm volatile (
  80 "                LDR     R0, =0xFF810218\n" // exception handler code
  81 "                MOV     R1, #0\n"
  82 "                LDR     R3, =0xFF810250\n"
  83 "loc_FF8101AC:\n"
  84 "                CMP     R0, R3\n"          // load exception vector
  85 "                LDRCC   R2, [R0],#4\n"
  86 "                STRCC   R2, [R1],#4\n"
  87 "                BCC     loc_FF8101AC\n"
  88 "                LDR     R0, =0xFF810250\n"
  89 "                MOV     R1, #0x4B0\n"
  90 "                LDR     R3, =0xFF810464\n"
  91 "loc_FF8101C8:\n"
  92 "                CMP     R0, R3\n"          // copy IRQ handler to ITCM starting at 0x4b0, 532 bytes up to 0x6C4
  93 "                LDRCC   R2, [R0],#4\n"
  94 "                STRCC   R2, [R1],#4\n"
  95 "                BCC     loc_FF8101C8\n"
  96 "                MOV     R0, #0xD2\n"
  97 "                MSR     CPSR_cxsf, R0\n"   // set CPSR mode = IRQ, ints disabled
  98 "                MOV     SP, #0x1000\n"     // irq mode SP
  99 "                MOV     R0, #0xD3\n"
 100 "                MSR     CPSR_cxsf, R0\n"   // set CPSR mode = Super, ints disabled
 101 "                MOV     SP, #0x1000\n"     // super mode SP
 102 "                LDR     R0, =0x6C4\n"
 103 "                LDR     R2, =0xEEEEEEEE\n"
 104 "                MOV     R3, #0x1000\n"
 105 "loc_FF8101FC:\n"
 106 "                CMP     R0, R3\n"          // clear ITCM 0x6C4-end with EEEEEEEE
 107 "                STRCC   R2, [R0],#4\n"
 108 "                BCC     loc_FF8101FC\n"
 109 "                BL      sub_FF810F94_my\n" //->
 110         );
 111 }
 112 
 113 void __attribute__((naked,noinline)) sub_FF810F94_my() {
 114         asm volatile (
 115 "                 STR     LR, [SP,#-4]!\n"
 116 "                 SUB     SP, SP, #0x74\n"
 117 "                 MOV     R0, SP\n"
 118 "                 MOV     R1, #0x74\n"
 119 "                 BL      sub_FFADE438\n"
 120 "                 MOV     R0, #0x53000\n"
 121 "                 STR     R0, [SP,#4]\n"
 122 
 123 #if defined(CHDK_NOT_IN_CANON_HEAP) // use original heap offset if CHDK is loaded in high memory
 124 "                 LDR     R0, =0xE8B40\n"
 125 #else
 126               "LDR     R0, =new_sa\n"
 127               "LDR     R0, [R0]\n"
 128 #endif
 129 
 130 "                 LDR     R2, =0x379C00\n"
 131 "                 LDR     R1, =0x3724A8\n"
 132 "                 STR     R0, [SP,#8]\n"
 133 "                 SUB     R0, R1, R0\n"
 134 "                 ADD     R3, SP, #0xC\n"
 135 "                 STR     R2, [SP]\n"
 136 "                 STMIA   R3, {R0-R2}\n"
 137 "                 MOV     R0, #0x22\n"
 138 "                 STR     R0, [SP,#0x18]\n"
 139 "                 MOV     R0, #0x68\n"
 140 "                 STR     R0, [SP,#0x1C]\n"
 141 "                 LDR     R0, =0x19B\n"
 142 //"                 LDR     R1, =sub_FF814D8C\n"
 143 "                 LDR     R1, =sub_FF814D8C_my\n"
 144 "                 STR     R0, [SP,#0x20]\n"
 145 "                 MOV     R0, #0x96\n"
 146 "                 STR     R0, [SP,#0x24]\n"
 147 "                 MOV     R0, #0x78\n"
 148 "                 STR     R0, [SP,#0x28]\n"
 149 "                 MOV     R0, #0x64\n"
 150 "                 STR     R0, [SP,#0x2C]\n"
 151 "                 MOV     R0, #0\n"
 152 "                 STR     R0, [SP,#0x30]\n"
 153 "                 STR     R0, [SP,#0x34]\n"
 154 "                 MOV     R0, #0x10\n"
 155 "                 STR     R0, [SP,#0x5C]\n"
 156 "                 MOV     R0, #0x800\n"
 157 "                 STR     R0, [SP,#0x60]\n"
 158 "                 MOV     R0, #0xA0\n"
 159 "                 STR     R0, [SP,#0x64]\n"
 160 "                 MOV     R0, #0x280\n"
 161 "                 STR     R0, [SP,#0x68]\n"
 162 "                 MOV     R0, SP\n"
 163 "                 MOV     R2, #0\n"
 164 "                 BL      sub_FF812D38\n"
 165 "                 ADD     SP, SP, #0x74\n"
 166 "                 LDR     PC, [SP],#4\n"
 167         );
 168 }
 169 
 170 void __attribute__((naked,noinline)) sub_FF814D8C_my() {
 171         asm volatile (
 172 "                 STMFD   SP!, {R4,LR}\n"
 173 "                 BL      sub_FF810940\n"
 174 "                 BL      sub_FF81901C\n" // dmSetup
 175 "                 CMP     R0, #0\n"
 176 "                 LDRLT   R0, =0xFF814EA0\n" // "dmSetup"
 177 "                 BLLT    sub_FF814E80\n" // err_init_task
 178 "                 BL      sub_FF8149B4\n"
 179 "                 CMP     R0, #0\n"
 180 "                 LDRLT   R0, =0xFF814EA8\n" // "termDriverInit"
 181 "                 BLLT    sub_FF814E80\n" // err_init_task
 182 "                 LDR     R0, =0xFF814EB8\n" // "/_term"
 183 "                 BL      sub_FF814A9C\n" // termDeviceCreate
 184 "                 CMP     R0, #0\n"
 185 "                 LDRLT   R0, =0xFF814EC0\n" // "termDeviceCreate"
 186 "                 BLLT    sub_FF814E80\n" // err_init_task
 187 "                 LDR     R0, =0xFF814EB8\n" // "/_term"
 188 "                 BL      sub_FF813548\n" // stdioSetup
 189 "                 CMP     R0, #0\n"
 190 "                 LDRLT   R0, =0xFF814ED4\n" // "stdioSetup"
 191 "                 BLLT    sub_FF814E80\n" // err_init_task
 192 "                 BL      sub_FF818BA4\n" // stdlibSetup
 193 "                 CMP     R0, #0\n"
 194 "                 LDRLT   R0, =0xFF814EE0\n" // "stdlibSetup"
 195 "                 BLLT    sub_FF814E80\n" // err_init_task
 196 "                 BL      sub_FF811478\n"
 197 "                 CMP     R0, #0\n"
 198 "                 LDRLT   R0, =0xFF814EEC\n" // "armlib_setup"
 199 "                 BLLT    sub_FF814E80\n" // err_init_task
 200 "                 LDMFD   SP!, {R4,LR}\n"
 201 "                 B       taskcreate_Startup_my\n" // ->
 202         );
 203 }
 204 
 205 void __attribute__((naked,noinline)) taskcreate_Startup_my() {
 206         asm volatile (
 207 "                STMFD   SP!, {R3,LR}\n"
 208 "                BL      sub_FF8219D0\n"
 209 "                BL      sub_FF8298A8\n"
 210 "                CMP     R0, #0\n"
 211 "                BNE     loc_FF81C1E0\n"
 212 "                BL      sub_FF8219CC\n"
 213 "                CMP     R0, #0\n"
 214 "                BNE     loc_FF81C1E0\n"
 215 "                BL      sub_FF821138\n"
 216 "                LDR     R1, =0xC0220000\n"
 217 "                MOV     R0, #0x44\n"
 218 "                STR     R0, [R1,#0x1C]\n"
 219 "                BL      sub_FF821328\n"
 220 "loc_FF81C1DC:\n"
 221 "                B       loc_FF81C1DC\n"
 222 "loc_FF81C1E0:\n"
 223 //"                BL      sub_FF8219D8\n" // removed for correct power-on on 'on/off' button.
 224 "                BL      sub_FF8219D4\n"
 225 "                BL      sub_FF827A38\n"
 226 "                LDR     R1, =0x3CE000\n"
 227 "                MOV     R0, #0\n"
 228 "                BL      sub_FF827E80\n"
 229 "                BL      sub_FF827C2C\n" // LOCATION: KerSys.c:548
 230 "                MOV     R3, #0\n"
 231 "                STR     R3, [SP]\n"
 232 "                LDR     R3, =task_Startup_my\n" // ->
 233 "                MOV     R2, #0\n"
 234 "                MOV     R1, #0x19\n"
 235 "                LDR     R0, =0xFF81C228\n"  // "Startup"
 236 "                BL      sub_FF81AEF4\n" // eventproc_export_CreateTask ; LOCATION: KerTask.c:163\n"
 237 "                MOV     R0, #0\n"
 238 "                LDMFD   SP!, {R12,PC}\n"
 239         );
 240 }
 241 void CreateTask_blinker();
 242 void __attribute__((naked,noinline)) task_Startup_my() {
 243         asm volatile (
 244 "                 STMFD   SP!, {R4,LR}\n"
 245 "                 BL      sub_FF8153CC\n" // taskcreate_ClockSave
 246 "                 BL      sub_FF822B34\n"
 247 "                 BL      sub_FF820E0C\n" // j_nullsub
 248 "                 BL      sub_FF8298E8\n"
 249 "                 BL      sub_FF829AB0\n"
 250 //"                 BL      sub_FF829970\n" // diskboot
 251         );
 252 
 253        CreateTask_spytask();
 254 //       CreateTask_blinker();
 255 
 256         asm volatile (
 257 "                 BL      sub_FF829C68\n"
 258 "                 BL      sub_FF81FAA0\n"
 259 "                 BL      sub_FF829B00\n"
 260 "                 BL      sub_FF827038\n"
 261 "                 BL      sub_FF829C6C\n"
 262         );
 263 
 264 //        CreateTask_PhySw(); // not here, next call does this and jogdial
 265 
 266         asm volatile (
 267 "                 BL      sub_FF8218C8_my\n"// taskcreate_PhySw ->
 268 //"                 BL      sub_FF824A80_my\n" // taskcreate_SsTask -> for shoot seq stuff
 269 "                 BL      sub_FF824A80\n" // call original function, capt_seq_task implemented by taskHook()
 270 "                 BL      sub_FF829C84\n"
 271 //"                 BL      sub_FF81EEF8\n" // nullsub
 272 "                 BL      sub_FF820724\n"
 273 "                 BL      sub_FF829684\n" // taskcreate_Bye
 274 "                 BL      sub_FF820DBC\n"
 275 "                 BL      sub_FF820630\n" // taskcreate_TempCheck
 276 "                 BL      sub_FF81FAD4\n"
 277 "                 BL      sub_FF82A7E0\n"
 278 "                 BL      sub_FF820608\n"
 279 "                 LDMFD   SP!, {R4,LR}\n"
 280 "                 B       sub_FF815490\n" // _sub_FF815490__MLHClock_c__0 ; LOCATION: MLHClock.c:0
 281         );
 282 }
 283 
 284 /*
 285 void __attribute__((naked,noinline)) sub_FF824A80_my() {
 286 asm volatile (
 287 "                 STMFD   SP!, {R4,LR}\n"
 288 "                 LDR     R4, =0x1C3C\n"
 289 "                 MOV     R0, #0\n"
 290 "                 MOV     R1, #4\n"
 291 "                 STR     R0, [R4,#0xC]\n"
 292 "                 BL      sub_FF827CD8\n" // KernelMisc.c:43
 293 "                 STR     R0, [R4,#4]\n"
 294 "                 MOV     R0, #0\n"
 295 "                 MOV     R1, #1\n"
 296 "                 BL      sub_FF827CFC\n" //  KernelMisc.c:55
 297 "                 STR     R0, [R4,#8]\n"
 298 "                 BL      sub_FF869E44\n"
 299 "                 BL      sub_FF86B618\n" // -> taskcreate_SsTask
 300 "                 BL      sub_FF868DC4\n"
 301 "                 BL      sub_FF864BE8_my\n"
 302 "                 BL      sub_FF86A124\n"
 303 "                 LDR     R0, [R4,#4]\n"
 304 "                 LDMFD   SP!, {R4,LR}\n"
 305 "                 MOV     R1, #0x1000\n"
 306 "                 B       sub_FF86E084\n"
 307         );
 308 }
 309 
 310 void __attribute__((naked,noinline)) sub_FF864BE8_my() {
 311         asm volatile (
 312 "                STMFD   SP!, {R4,LR}\n"
 313 "                LDR     R4, =0x54B8\n"
 314 "                LDR     R0, [R4]\n"
 315 "                CMP     R0, #0\n"
 316 "                BNE     loc_FF864C54\n"
 317 "                BL      sub_FF867F5C\n" // nullsub
 318 "                MOV     R1, #1\n"
 319 "                MOV     R0, #0\n"
 320 "                BL      sub_FF827CFC\n" // KernelMisc.c:55
 321 "                STR     R0, [R4,#0xC]\n"
 322 "                MOV     R0, #0\n"
 323 "                MOV     R1, #0\n"
 324 "                BL      sub_FF827CD8\n" // KernelMisc.c:43
 325 "                STR     R0, [R4,#0x10]\n"
 326 "                BL      sub_FF864F98\n"
 327 "                BL      sub_FF86545C\n"
 328 "                MOV     R0, #0\n"
 329 "                STR     R0, [R4,#8]\n"
 330 "                ADD     R0, R4, #0x14\n"
 331 "                MOV     R1, #0\n"
 332 "                STR     R1, [R0],#4\n"
 333 "                STR     R1, [R0]\n"
 334 "                BL      sub_FF865664\n"
 335 "                BL      sub_FF86A32C\n"
 336 "                BL      sub_FF868348\n"
 337 "                BL      sub_FF8661F8_my\n" // ->taskcreate_CaptSeqTask
 338 "                BL      sub_FF8671D0\n"
 339 "loc_FF864C54:\n"
 340 "                MOV     R0, #1\n"
 341 "                STR     R0, [R4]\n"
 342 "                LDMFD   SP!, {R4,PC}\n"
 343         );
 344 }
 345 void __attribute__((naked,noinline)) sub_FF8661F8_my() {
 346         asm volatile (
 347 "                STMFD   SP!, {R3-R5,LR}\n"
 348 "                LDR     R2, =0x1B194\n"
 349 "                MOV     R0, #0\n"
 350 "                MOV     R1, #0\n"
 351 "loc_FF866208:\n"
 352 "                ADD     R3, R2, R0,LSL#4\n"
 353 "                ADD     R0, R0, #1\n"
 354 "                CMP     R0, #5\n"
 355 "                STR     R1, [R3,#8]\n"
 356 "                BCC     loc_FF866208\n"
 357 "                BL      sub_FF866CF8\n"
 358 "                BL      sub_FF93E9F0\n"
 359 "                MOV     R1, #5\n"
 360 "                MOV     R0, #0\n"
 361 "                BL      sub_FF827CB4\n" // KernelMisc.c:31
 362 "                LDR     R4, =0x54EC\n"
 363 "                LDR     R1, =0x101DFF\n"
 364 "                STR     R0, [R4,#0xC]\n"
 365 "                MOV     R0, #0\n"
 366 "                BL      sub_FF827CD8\n" // KernelMisc.c:43
 367 "                STR     R0, [R4,#8]\n"
 368 "                MOV     R0, #0\n"
 369 "                MOV     R1, #1\n"
 370 "                BL      sub_FF827CFC\n" // KernelMisc.c:55
 371 "                STR     R0, [R4,#0x10]\n"
 372 "                MOV     R3, #0\n"
 373 "                STR     R3, [SP]\n"
 374 "                LDR     R3, =task_CaptSeqTask_my\n"
 375 "                LDR     R0, =0xFF866450\n" // "CaptSeqTask"
 376 "                MOV     R2, #0x1000\n"
 377 "                MOV     R1, #0x17\n"
 378 "                BL      sub_FF827C80\n"// KernelCreateTask ; LOCATION: KernelMisc.c:19
 379 "                LDMFD   SP!, {R3-R5,PC}\n"
 380         );
 381 }*/
 382 
 383 void __attribute__((naked,noinline)) sub_FF8218C8_my() {
 384         asm volatile (
 385 "                STMFD   SP!, {R3-R5,LR}\n"
 386 "                LDR     R4, =0x1C1C\n"
 387 "                LDR     R0, [R4,#0x10]\n"
 388 "                CMP     R0, #0\n"
 389 "                BNE     loc_FF8218FC\n"
 390 "                MOV     R3, #0\n"
 391 "                STR     R3, [SP]\n"
 392 //"                LDR     R3, =0xFF821894\n" // task_PhySw
 393 "                LDR     R3, =mykbd_task\n" // task_PhySw
 394 //"                MOV     R2, #0x800\n"
 395 "                MOV     R2, #0x2000\n" // stack size for new task_PhySw so we don't have to do stack switch
 396 "                MOV     R1, #0x17\n"
 397 "                LDR     R0, =0xFF821AD0\n" // "PhySw"
 398 "                BL      sub_FF827C80\n" // KernelCreateTask
 399 "                STR     R0, [R4,#0x10]\n"
 400 "loc_FF8218FC:\n"
 401 "                BL      sub_FF84A57C\n"// taskcreate_JogDial
 402 "                BL      sub_FF874848\n"
 403 "                BL      sub_FF84DD9C\n" // IsFactoryMode
 404 "                CMP     R0, #0\n"
 405 "                LDREQ   R1, =0x11324\n"
 406 "                LDMEQFD SP!, {R3-R5,LR}\n"
 407 "                BEQ     sub_FF874788\n" // eventproc_export_OpLog_Start
 408 "                LDMFD   SP!, {R3-R5,PC}\n"
 409         );
 410 }
 411 
 412 void CreateTask_spytask() {
 413         _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
 414 }
 415 
 416 void __attribute__((naked,noinline)) init_file_modules_task() { 
 417   asm volatile (
 418 "                 STMFD   SP!, {R4-R6,LR}\n"
 419 "                 BL      sub_FF876BF8\n"
 420 "                 LDR     R5, =0x5006\n"
 421 "                 MOVS    R4, R0\n"
 422 "                 MOVNE   R1, #0\n"
 423 "                 MOVNE   R0, R5\n"
 424 "                 BLNE    sub_FF87B8A4\n"// PostLogicalEventToUI
 425 "                 BL      sub_FF876C24_my\n" // ->
 426 "                 BL      core_spytask_can_start\n" // + safe to start spytask
 427 "                 CMP     R4, #0\n"
 428 "                 MOVEQ   R0, R5\n"
 429 "                 LDMEQFD SP!, {R4-R6,LR}\n"
 430 "                 MOVEQ   R1, #0\n"
 431 "                 BEQ     sub_FF87B8A4\n" // PostLogicalEventToUI
 432 "                 LDMFD   SP!, {R4-R6,PC}\n"
 433  );
 434 } 
 435 
 436 void __attribute__((naked,noinline)) sub_FF876C24_my() { 
 437   asm volatile (
 438 "                 STMFD   SP!, {R4,LR}\n"
 439 "                 BL      sub_FF8592B8_my\n" // ->
 440 //"                 BL      nullsub_93\n"
 441 "                 LDR     R4, =0x5824\n"
 442 "                 LDR     R0, [R4,#4]\n"
 443 "                 CMP     R0, #0\n"
 444 "                 BNE     loc_FF876C58\n"
 445 "                 BL      sub_FF858780\n"
 446 "                 BL      sub_FF909EBC\n"
 447 "                 BL      sub_FF858780\n"
 448 "                 BL      sub_FF854654\n"
 449 "                 BL      sub_FF858680\n"
 450 "                 BL      sub_FF909F88\n"
 451 "loc_FF876C58:\n"
 452 "                 MOV     R0, #1\n"
 453 "                 STR     R0, [R4]\n"
 454 "                 LDMFD   SP!, {R4,PC}\n"
 455  );
 456 } 
 457 
 458 void __attribute__((naked,noinline)) sub_FF8592B8_my() { 
 459   asm volatile (
 460 "                 STMFD   SP!, {R4-R6,LR}\n"
 461 "                 MOV     R6, #0\n"
 462 "                 MOV     R0, R6\n"
 463 "                 BL      sub_FF858D78\n"
 464 "                 LDR     R4, =0x19BC8\n"
 465 "                 MOV     R5, #0\n"
 466 "                 LDR     R0, [R4,#0x38]\n"
 467 "                 BL      sub_FF8597D8\n"
 468 "                 CMP     R0, #0\n"
 469 "                 LDREQ   R0, =0x2A20\n"
 470 "                 STREQ   R5, [R0,#0x10]\n"
 471 "                 STREQ   R5, [R0,#0x14]\n"
 472 "                 STREQ   R5, [R0,#0x18]\n"
 473 "                 MOV     R0, R6\n"
 474 "                 BL      sub_FF858DB8\n" // LOCATION: Mounter.c:824
 475 "                 MOV     R0, R6\n"
 476 "                 BL      sub_FF8590F4_my\n" // ->
 477 "                 MOV     R5, R0\n"
 478 "                 MOV     R0, R6\n"
 479 "                 BL      sub_FF859160\n" // LOCATION: Mounter.c:8
 480 "                 LDR     R1, [R4,#0x3C]\n"
 481 "                 AND     R2, R5, R0\n"
 482 "                 CMP     R1, #0\n"
 483 "                 MOV     R0, #0\n"
 484 "                 MOVEQ   R0, #0x80000001\n"
 485 "                 BEQ     loc_FF85934C\n"
 486 "                 LDR     R3, [R4,#0x2C]\n"
 487 "                 CMP     R3, #2\n"
 488 "                 MOVEQ   R0, #4\n"
 489 "                 CMP     R1, #5\n"
 490 "                 ORRNE   R0, R0, #1\n"
 491 "                 BICEQ   R0, R0, #1\n"
 492 "                 CMP     R2, #0\n"
 493 "                 BICEQ   R0, R0, #2\n"
 494 "                 ORREQ   R0, R0, #0x80000000\n"
 495 "                 BICNE   R0, R0, #0x80000000\n"
 496 "                 ORRNE   R0, R0, #2\n"
 497 "loc_FF85934C:\n"
 498 "                 STR     R0, [R4,#0x40]\n"
 499 "                 LDMFD   SP!, {R4-R6,PC}\n"
 500  );
 501 } 
 502 
 503 void __attribute__((naked,noinline)) sub_FF8590F4_my() { 
 504   asm volatile (
 505 "                 STMFD   SP!, {R4-R6,LR}\n"
 506 "                 LDR     R5, =0x2A20\n"
 507 "                 MOV     R6, R0\n"
 508 "                 LDR     R0, [R5,#0x14]\n"
 509 "                 CMP     R0, #0\n"
 510 "                 MOVNE   R0, #1\n"
 511 "                 LDMNEFD SP!, {R4-R6,PC}\n"
 512 "                 MOV     R0, #0x17\n"
 513 "                 MUL     R1, R0, R6\n"
 514 "                 LDR     R0, =0x19BC8\n"
 515 "                 ADD     R4, R0, R1,LSL#2\n"
 516 "                 LDR     R0, [R4,#0x38]\n"
 517 "                 MOV     R1, R6\n"
 518 "                 BL      sub_FF858E84_my\n" // -> was Mounter.c
 519 "                 CMP     R0, #0\n"
 520 "                 LDMEQFD SP!, {R4-R6,PC}\n"
 521 "                 LDR     R0, [R4,#0x38]\n"
 522 "                 MOV     R1, R6\n"
 523 "                 BL      sub_FF858FEC\n" // LOCATION: Mounter.c:0
 524 "                 CMP     R0, #0\n"
 525 "                 LDMEQFD SP!, {R4-R6,PC}\n"
 526 "                 MOV     R0, R6\n"
 527 "                 BL      sub_FF858980\n"
 528 "                 CMP     R0, #0\n"
 529 "                 MOVNE   R1, #1\n"
 530 "                 STRNE   R1, [R5,#0x14]\n"
 531 "                 LDMFD   SP!, {R4-R6,PC}\n"
 532   );
 533 }
 534 
 535 void __attribute__((naked,noinline)) sub_FF858E84_my() { 
 536   asm volatile (
 537 "                 STMFD   SP!, {R4-R8,LR}\n"
 538 "                 MOV     R8, R0\n"
 539 "                 MOV     R0, #0x17\n"
 540 "                 MUL     R1, R0, R1\n"
 541 "                 LDR     R0, =0x19BC8\n"
 542 "                 MOV     R6, #0\n"
 543 "                 ADD     R7, R0, R1,LSL#2\n"
 544 "                 LDR     R0, [R7,#0x3C]\n"
 545 "                 MOV     R5, #0\n"
 546 "                 CMP     R0, #6\n"
 547 "                 ADDLS   PC, PC, R0,LSL#2\n"
 548 "                 B       loc_FF858FD0\n"
 549 "                 B       loc_FF858EE8\n"
 550 "                 B       loc_FF858ED0\n"
 551 "                 B       loc_FF858ED0\n"
 552 "                 B       loc_FF858ED0\n"
 553 "                 B       loc_FF858ED0\n"
 554 "                 B       loc_FF858FC8\n"
 555 "                 B       loc_FF858ED0\n"
 556 "loc_FF858ED0:\n"
 557 // jumptable FF858EAC entries 1-4,6
 558 "                 MOV     R2, #0\n"
 559 "                 MOV     R1, #0x200\n"
 560 "                 MOV     R0, #2\n"
 561 "                 BL      sub_FF870BA0\n"
 562 "                 MOVS    R4, R0\n"
 563 "                 BNE     loc_FF858EF0\n"
 564 "loc_FF858EE8:\n"
 565 // jumptable FF858EAC entry 0
 566 "                 MOV     R0, #0\n"
 567 "                 LDMFD   SP!, {R4-R8,PC}\n"
 568 "loc_FF858EF0:\n"
 569 "                 LDR     R12, [R7,#0x4C]\n"
 570 "                 MOV     R3, R4\n"
 571 "                 MOV     R2, #1\n"
 572 "                 MOV     R1, #0\n"
 573 "                 MOV     R0, R8\n"
 574 "                 BLX     R12\n"
 575 "                 CMP     R0, #1\n"
 576 "                 BNE     loc_FF858F1C\n"
 577 "                 MOV     R0, #2\n"
 578 "                 BL      sub_FF870CEC\n" // LOCATION: ExMemMan.c:0
 579 "                 B       loc_FF858EE8\n"
 580 "loc_FF858F1C:\n"
 581 "                 MOV     R0, R8\n"
 582 "                 BL      sub_FF9214E8\n"
 583          "MOV   R1, R4\n"           //  pointer to MBR in R1
 584          "BL    mbr_read_dryos\n"   //  total sectors count in R0 before and after call
 585 
 586         // Start of DataGhost's FAT32 autodetection code
 587         // Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
 588         // According to the code below, we can use R1, R2, R3 and R12.
 589         // LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
 590         // that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
 591         "MOV     R12, R4\n"                    // Copy the MBR start address so we have something to work with
 592         "MOV     LR, R4\n"                     // Save old offset for MBR signature
 593         "MOV     R1, #1\n"                     // Note the current partition number
 594         "B       dg_sd_fat32_enter\n"          // We actually need to check the first partition as well, no increments yet!
 595    "dg_sd_fat32:\n"
 596         "CMP     R1, #4\n"                     // Did we already see the 4th partition?
 597         "BEQ     dg_sd_fat32_end\n"            // Yes, break. We didn't find anything, so don't change anything.
 598         "ADD     R12, R12, #0x10\n"            // Second partition
 599         "ADD     R1, R1, #1\n"                 // Second partition for the loop
 600    "dg_sd_fat32_enter:\n"
 601         "LDRB    R2, [R12, #0x1BE]\n"          // Partition status
 602         "LDRB    R3, [R12, #0x1C2]\n"          // Partition type (FAT32 = 0xB)
 603         "CMP     R3, #0xB\n"                   // Is this a FAT32 partition?
 604         "CMPNE   R3, #0xC\n"                   // Not 0xB, is it 0xC (FAT32 LBA) then?
 605         "BNE     dg_sd_fat32\n"                // No, it isn't. Loop again.
 606         "CMP     R2, #0x00\n"                  // It is, check the validity of the partition type
 607         "CMPNE   R2, #0x80\n"
 608         "BNE     dg_sd_fat32\n"                // Invalid, go to next partition
 609                                                // This partition is valid, it's the first one, bingo!
 610         "MOV     R4, R12\n"                    // Move the new MBR offset for the partition detection.
 611         
 612    "dg_sd_fat32_end:\n"
 613         // End of DataGhost's FAT32 autodetection code
 614 "                 LDRB    R1, [R4,#0x1C9]\n"
 615 "                 LDRB    R3, [R4,#0x1C8]\n"
 616 "                 LDRB    R12, [R4,#0x1CC]\n"
 617 "                 MOV     R1, R1,LSL#24\n"
 618 "                 ORR     R1, R1, R3,LSL#16\n"
 619 "                 LDRB    R3, [R4,#0x1C7]\n"
 620 "                 LDRB    R2, [R4,#0x1BE]\n"
 621 //"                 LDRB    LR, [R4,#0x1FF]\n" // -
 622 "                 ORR     R1, R1, R3,LSL#8\n"
 623 "                 LDRB    R3, [R4,#0x1C6]\n"
 624 "                 CMP     R2, #0\n"
 625 "                 CMPNE   R2, #0x80\n"
 626 "                 ORR     R1, R1, R3\n"
 627 "                 LDRB    R3, [R4,#0x1CD]\n"
 628 "                 MOV     R3, R3,LSL#24\n"
 629 "                 ORR     R3, R3, R12,LSL#16\n"
 630 "                 LDRB    R12, [R4,#0x1CB]\n"
 631 "                 ORR     R3, R3, R12,LSL#8\n"
 632 "                 LDRB    R12, [R4,#0x1CA]\n"
 633 "                 ORR     R3, R3, R12\n"
 634 //"                 LDRB    R12, [R4,#0x1FE]\n" // -
 635 "                 LDRB    R12, [LR,#0x1FE]\n" // +
 636 "                 LDRB    LR, [LR,#0x1FF]\n" // +
 637 "                 MOV     R4, #0\n"
 638 "                 BNE     loc_FF858FA4\n"
 639 "                 CMP     R0, R1\n"
 640 "                 BCC     loc_FF858FA4\n"
 641 "                 ADD     R2, R1, R3\n"
 642 "                 CMP     R2, R0\n"
 643 "                 CMPLS   R12, #0x55\n"
 644 "                 CMPEQ   LR, #0xAA\n"
 645 "                 MOVEQ   R6, R1\n"
 646 "                 MOVEQ   R5, R3\n"
 647 "                 MOVEQ   R4, #1\n"
 648 "loc_FF858FA4:\n"
 649 "                 MOV     R0, #2\n"
 650 "                 BL      sub_FF870CEC\n" // LOCATION: ExMemMan.c:0
 651 "                 CMP     R4, #0\n"
 652 "                 BNE     loc_FF858FDC\n"
 653 "                 MOV     R6, #0\n"
 654 "                 MOV     R0, R8\n"
 655 "                 BL      sub_FF9214E8\n"
 656 "                 MOV     R5, R0\n"
 657 "                 B       loc_FF858FDC\n"
 658 "loc_FF858FC8:\n"
 659 // jumptable FF858EAC entry 5
 660 "                 MOV     R5, #0x40\n"
 661 "                 B       loc_FF858FDC\n"
 662 "loc_FF858FD0:\n"
 663 // jumptable FF858EAC default entry
 664 "                 LDR     R1, =0x37A\n"
 665 "                 LDR     R0, =0xFF858E78\n" // "Mounter.c"
 666 "                 BL      sub_FF81B1CC\n" // DebugAssert
 667 " loc_FF858FDC:\n"
 668 "                 STR     R6, [R7,#0x44]!\n"
 669 "                 MOV     R0, #1\n"
 670 "                 STR     R5, [R7,#4]\n"
 671 "                 LDMFD   SP!, {R4-R8,PC}\n"
 672   );
 673 }
 674 
 675 void __attribute__((naked,noinline)) JogDial_task_my() { 
 676   asm volatile (
 677 "                STMFD   SP!, {R3-R11,LR}\n"
 678 "                BL      sub_FF84A630\n" //__JogDial_c__14 ; LOCATION: JogDial.c:14
 679 "                LDR     R11, =0x80000B01\n"
 680 "                LDR     R8, =0xFFAE872C\n"
 681 "                LDR     R7, =0xC0240000\n"
 682 "                LDR     R6, =0x2594\n"
 683 "                MOV     R9, #1\n"
 684 "                MOV     R10, #0\n"
 685 "loc_FF84A4A0:\n"
 686 "                LDR     R3, =0x1AE\n"
 687 "                LDR     R0, [R6,#0xC]\n"
 688 "                LDR     R2, =0xFF84A6D8\n" // ; "JogDial.c"
 689 "                MOV     R1, #0\n"
 690 "                BL      sub_FF827D68\n"  //  ; take semaphore or assert
 691 "                MOV     R0, #0x28\n"
 692 "                BL      sub_FF827BC0\n" // eventproc_export_SleepTask ; LOCATION: KerSys.c:0
 693 //------------------  added code ---------------------
 694 "labelA:\n"
 695                 "LDR     R0, =jogdial_stopped\n"
 696                 "LDR     R0, [R0]\n"
 697                 "CMP     R0, #1\n"
 698                 "BNE     labelB\n"
 699                 "MOV     R0, #40\n"
 700                 "BL      _SleepTask\n"
 701                 "B       labelA\n"
 702 "labelB:\n"
 703 //------------------  original code ------------------
 704 
 705 "                LDR     R0, [R7,#0x104]\n"
 706 "                MOV     R0, R0,ASR#16\n"
 707 "                STRH    R0, [R6]\n"
 708 "                LDRSH   R2, [R6,#2]\n"
 709 "                SUB     R1, R0, R2\n"
 710 "                CMP     R1, #0\n"
 711 "                BEQ     loc_FF84A564\n"
 712 "                MOV     R5, R1\n"
 713 "                RSBLT   R5, R5, #0\n"
 714 "                MOVLE   R4, #0\n"
 715 "                MOVGT   R4, #1\n"
 716 "                CMP     R5, #0xFF\n"
 717 "                BLS     loc_FF84A518\n"
 718 "                CMP     R1, #0\n"
 719 "                RSBLE   R1, R2, #0xFF\n"
 720 "                ADDLE   R1, R1, #0x7F00\n"
 721 "                ADDLE   R0, R1, R0\n"
 722 "                RSBGT   R0, R0, #0xFF\n"
 723 "                ADDGT   R0, R0, #0x7F00\n"
 724 "                ADDGT   R0, R0, R2\n"
 725 "                ADD     R5, R0, #0x8000\n"
 726 "                ADD     R5, R5, #1\n"
 727 "                EOR     R4, R4, #1\n"
 728 "loc_FF84A518:\n"
 729 "                LDR     R0, [R6,#0x14]\n"
 730 "                CMP     R0, #0\n"
 731 "                BEQ     loc_FF84A55C\n"
 732 "                LDR     R0, [R6,#0x1C]\n"
 733 "                CMP     R0, #0\n"
 734 "                BEQ     loc_FF84A544\n"
 735 "                LDR     R1, [R8,R4,LSL#2]\n"
 736 "                CMP     R1, R0\n"
 737 "                BEQ     loc_FF84A54C\n"
 738 "                LDR     R0, =0xB01\n"
 739 "                BL      sub_FF87D754\n"
 740 "loc_FF84A544:\n"
 741 "                MOV     R0, R11\n"
 742 "                BL      sub_FF87D754\n"
 743 "loc_FF84A54C:\n"
 744 "                LDR     R0, [R8,R4,LSL#2]\n"
 745 "                MOV     R1, R5\n"
 746 "                STR     R0, [R6,#0x1C]\n"
 747 "                BL      sub_FF87D69C\n"
 748 "loc_FF84A55C:\n"
 749 "                LDRH    R0, [R6]\n"
 750 "                STRH    R0, [R6,#2]\n"
 751 "loc_FF84A564:\n"
 752 "                STR     R10, [R7,#0x100]\n"
 753 "                STR     R9, [R7,#0x108]\n"
 754 "                LDR     R0, [R6,#0x10]\n"
 755 "                CMP     R0, #0\n"
 756 "                BLNE    sub_FF827BC0\n" // eventproc_export_SleepTask ; LOCATION: KerSys.c:0
 757 "                B       loc_FF84A4A0\n"
 758   );
 759 }
 760 
 761 
 762 #if 0
 763 const unsigned ledlist[]={
 764         0xC0220134, // green
 765         0xC0220130, // orange (right)
 766         0xC0220138, // yellow (left)
 767         0xC02200B0, // power
 768         0xC02200BC, // dp
 769 };
 770 // shamelessly stolen from s5 for debugging
 771 extern void msleep(int x);
 772 void __attribute__((noinline)) task_blinker() {
 773         int ledstate;
 774 
 775         int counter = 0;
 776 
 777         int *led = (void*) ledlist[0];
 778                 int i_led = 0;
 779 
 780         int *anypointer;       // multi-purpose pointer to poke around in memory
 781         int v1, v2, v3, v4;    // multi-purpose vars
 782 
 783         ledstate = 0;   // init: led off
 784         *led = 0x46;      // led on
 785 
 786         while (1) {
 787 
 788                 if (ledstate == 1) {    // toggle LED
 789                         ledstate = 0;
 790                         *led = 0x44;      // LED off
 791                                                 led=(void *)ledlist[(++i_led)%5];
 792                         //core_test(1);
 793                 } else {
 794                         ledstate = 1;
 795                         *led = 0x46;      // LED on
 796                         //core_test(0);
 797                 }
 798 
 799                 if (counter == 2) {
 800                         //dump_chdk();
 801                         //gui_init();
 802                         //_ExecuteEventProcedure("UIFS_WriteFirmInfoToFile");
 803                         //_UIFS_WriteFirmInfoToFile(0);
 804                 }
 805 
 806                 if (counter == 10) {
 807                         //draw_txt_string(2, 2, "test");
 808                 }
 809 
 810                 msleep(500);
 811                 counter++;
 812         }
 813 };
 814 
 815 void CreateTask_blinker() {
 816         _CreateTask("Blinker", 0x1, 0x200, task_blinker, 0);
 817 };
 818 #endif
 819 

/* [<][>][^][v][top][bottom][index][help] */