This source file includes following definitions.
- CreateTask_spytask
- taskCreateHook
- boot
- sub_FF8101A4_my
- sub_FF810FB8_my
- uHwSetup_my
- CreateTask_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
- sub_FF869D2C_my
- sub_FF84D4A8_my
- sub_FF84D2E4_my
- sub_FF84D17C_my
- my_touchw_task
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7
8 const char * const new_sa = &_end;
9
10
11
12
13 void CreateTask_spytask() {
14 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
15 };
16
17
18 void my_touchw_task(void);
19
20 void taskCreateHook(int *p) {
21 p-=16;
22 if (p[0]==(int)0xff85bd10) p[0]=(int)capt_seq_task;
23 if (p[0]==(int)0xff8aebf4) p[0]=(int)exp_drv_task;
24 if (p[0]==(int)0xff85821c) p[0]=(int)movie_record_task;
25 if (p[0]==(int)0xffa021bc) p[0]=(int)filewritetask;
26 if (p[0]==(int)0xff870ce8) p[0]=(int)init_file_modules_task;
27 if (p[0]==(int)0xff8e6dc0) p[0]=(int)my_touchw_task;
28 }
29
30 void boot()
31 {
32 long *canon_data_src = (void*)0xFFAF47EC;
33 long *canon_data_dst = (void*)0x1900;
34 long canon_data_len = 0xFEBC - 0x1900;
35 long *canon_bss_start = (void*)0xFEBC;
36 long canon_bss_len = 0x9FE50 - 0xFEBC;
37
38 long i;
39
40
41
42 asm volatile (
43 "MRC p15, 0, R0,c1,c0\n"
44 "ORR R0, R0, #0x1000\n"
45 "ORR R0, R0, #4\n"
46 "ORR R0, R0, #1\n"
47 "MCR p15, 0, R0,c1,c0\n"
48 :::"r0");
49
50 for(i=0;i<canon_data_len/4;i++)
51 canon_data_dst[i]=canon_data_src[i];
52
53 for(i=0;i<canon_bss_len/4;i++)
54 canon_bss_start[i]=0;
55
56
57 asm volatile ("B sub_FF8101A4_my\n");
58 };
59
60
61
62
63 void __attribute__((naked,noinline)) sub_FF8101A4_my() {
64
65 *(int*)0x1930=(int)taskCreateHook;
66
67
68
69 *(int*)(0x23E0+0x4)= (*(int*)0xC0220078) & 1 ? 0x100000 : 0x200000;
70
71 asm volatile (
72 " LDR R0, =0xFF81021C \n"
73 " MOV R1, #0 \n"
74 " LDR R3, =0xFF810254 \n"
75
76 "loc_FF8101B0:\n"
77 " CMP R0, R3 \n"
78 " LDRCC R2, [R0], #4 \n"
79 " STRCC R2, [R1], #4 \n"
80 " BCC loc_FF8101B0 \n"
81 " LDR R0, =0xFF810254 \n"
82 " MOV R1, #0x4B0 \n"
83 " LDR R3, =0xFF810468 \n"
84
85 "loc_FF8101CC:\n"
86 " CMP R0, R3 \n"
87 " LDRCC R2, [R0], #4 \n"
88 " STRCC R2, [R1], #4 \n"
89 " BCC loc_FF8101CC \n"
90 " MOV R0, #0xD2 \n"
91 " MSR CPSR_cxsf, R0 \n"
92 " MOV SP, #0x1000 \n"
93 " MOV R0, #0xD3 \n"
94 " MSR CPSR_cxsf, R0 \n"
95 " MOV SP, #0x1000 \n"
96 " LDR R0, =0x6C4 \n"
97 " LDR R2, =0xEEEEEEEE \n"
98 " MOV R3, #0x1000 \n"
99
100 "loc_FF810200:\n"
101 " CMP R0, R3 \n"
102 " STRCC R2, [R0], #4 \n"
103 " BCC loc_FF810200 \n"
104 " BL sub_FF810FB8_my \n"
105 );
106 }
107
108
109
110 void __attribute__((naked,noinline)) sub_FF810FB8_my() {
111 asm volatile (
112 " STR LR, [SP, #-4]! \n"
113 " SUB SP, SP, #0x74 \n"
114 " MOV R0, SP \n"
115 " MOV R1, #0x74 \n"
116 " BL sub_FFA8C05C \n"
117 " MOV R0, #0x53000 \n"
118 " STR R0, [SP, #4] \n"
119
120 #if defined(CHDK_NOT_IN_CANON_HEAP)
121 " LDR R0, =0x9FE50 \n"
122 #else
123 " LDR R0, =new_sa\n"
124 " LDR R0, [R0]\n"
125 #endif
126
127 " LDR R2, =0x2ABC00 \n"
128 " LDR R1, =0x2A4968 \n"
129 " STR R0, [SP, #8] \n"
130 " SUB R0, R1, R0 \n"
131 " ADD R3, SP, #0xC \n"
132 " STR R2, [SP] \n"
133 " STMIA R3, {R0-R2} \n"
134 " MOV R0, #0x22 \n"
135 " STR R0, [SP, #0x18] \n"
136 " MOV R0, #0x68 \n"
137 " STR R0, [SP, #0x1C] \n"
138 " LDR R0, =0x19B \n"
139 " MOV R1, #0x64 \n"
140 " STRD R0, [SP, #0x20] \n"
141 " MOV R0, #0x78 \n"
142 " STRD R0, [SP, #0x28] \n"
143 " MOV R0, #0 \n"
144 " STR R0, [SP, #0x30] \n"
145 " STR R0, [SP, #0x34] \n"
146 " MOV R0, #0x10 \n"
147 " STR R0, [SP, #0x5C] \n"
148 " MOV R0, #0x800 \n"
149 " STR R0, [SP, #0x60] \n"
150 " MOV R0, #0xA0 \n"
151 " STR R0, [SP, #0x64] \n"
152 " MOV R0, #0x280 \n"
153 " STR R0, [SP, #0x68] \n"
154 " LDR R1, =uHwSetup_my \n"
155 " MOV R0, SP \n"
156 " MOV R2, #0 \n"
157 " BL sub_FF812D70 \n"
158 " ADD SP, SP, #0x74 \n"
159 " LDR PC, [SP], #4 \n"
160 );
161 }
162
163
164
165 void __attribute__((naked,noinline)) uHwSetup_my() {
166 asm volatile (
167 " STMFD SP!, {R4,LR} \n"
168 " BL sub_FF81095C \n"
169 " BL sub_FF819A10 \n"
170 " CMP R0, #0 \n"
171 " LDRLT R0, =0xFF814ED0 /*'dmSetup'*/ \n"
172 " BLLT _err_init_task \n"
173 " BL sub_FF8149E0 \n"
174 " CMP R0, #0 \n"
175 " LDRLT R0, =0xFF814ED8 /*'termDriverInit'*/ \n"
176 " BLLT _err_init_task \n"
177 " LDR R0, =0xFF814EE8 /*'/_term'*/ \n"
178 " BL sub_FF814ACC \n"
179 " CMP R0, #0 \n"
180 " LDRLT R0, =0xFF814EF0 /*'termDeviceCreate'*/ \n"
181 " BLLT _err_init_task \n"
182 " LDR R0, =0xFF814EE8 /*'/_term'*/ \n"
183 " BL sub_FF81357C \n"
184 " CMP R0, #0 \n"
185 " LDRLT R0, =0xFF814F04 /*'stdioSetup'*/ \n"
186 " BLLT _err_init_task \n"
187 " BL sub_FF819598 \n"
188 " CMP R0, #0 \n"
189 " LDRLT R0, =0xFF814F10 /*'stdlibSetup'*/ \n"
190 " BLLT _err_init_task \n"
191 " BL sub_FF8114D0 \n"
192 " CMP R0, #0 \n"
193 " LDRLT R0, =0xFF814F1C /*'armlib_setup'*/ \n"
194 " BLLT _err_init_task \n"
195 " LDMFD SP!, {R4,LR} \n"
196 " B CreateTask_Startup_my \n"
197 );
198 }
199
200
201
202 void __attribute__((naked,noinline)) CreateTask_Startup_my() {
203 asm volatile (
204 " STMFD SP!, {R3,LR} \n"
205 " BL sub_FF843E74 \n"
206 " BL sub_FF82BA7C \n"
207 " CMP R0, #0 \n"
208 " BNE loc_FF81DD0C \n"
209 " LDR R2, =0xC0220000 \n"
210 " LDR R0, [R2, #0x78] \n"
211 " LDR R1, [R2, #0x7C] \n"
212 " AND R0, R0, R1 \n"
213 " TST R0, #1 \n"
214 " BEQ loc_FF81DD0C \n"
215 " MOV R0, #0x44 \n"
216 " STR R0, [R2, #0x4C] \n"
217
218 "loc_FF81DD08:\n"
219 " B loc_FF81DD08 \n"
220
221 "loc_FF81DD0C:\n"
222
223 " BL sub_FF843E88 \n"
224 " BL sub_FF829608 \n"
225 " MOV R1, #0x300000 \n"
226 " MOV R0, #0 \n"
227 " BL sub_FF829850 \n"
228 " BL sub_FF8297FC /*_EnableDispatch*/ \n"
229 " MOV R3, #0 \n"
230 " STR R3, [SP] \n"
231 " LDR R3, =task_Startup_my \n"
232 " MOV R2, #0 \n"
233 " MOV R1, #0x19 \n"
234 " LDR R0, =0xFF81DD50 /*'Startup'*/ \n"
235 " BL _CreateTask \n"
236 " MOV R0, #0 \n"
237 " LDMFD SP!, {R12,PC} \n"
238 );
239 }
240
241
242
243 void __attribute__((naked,noinline)) task_Startup_my() {
244 asm volatile (
245 " STMFD SP!, {R4,LR} \n"
246 " BL _taskcreate_ClockSave \n"
247 " BL sub_FF823FA8 \n"
248 " BL sub_FF820E84 \n"
249
250 " BL sub_FF82BC5C \n"
251
252 " BL CreateTask_spytask\n"
253 " BL sub_FF86D26C \n"
254 " BL sub_FF82BCAC \n"
255 " BL sub_FF828B4C \n"
256 " BL sub_FF82BE28 \n"
257 " BL taskcreatePhySw_my \n"
258 " BL sub_FF825C34 \n"
259 " BL sub_FF82BE40 \n"
260 " BL _nullsub_2 \n"
261 " BL sub_FF82213C \n"
262 " BL _taskcreate_Bye \n"
263 " BL sub_FF8228D8 \n"
264 " BL _taskcreate_TempCheck \n"
265 " BL sub_FF82C8E4 \n"
266 " BL sub_FF822004 \n"
267 " LDMFD SP!, {R4,LR} \n"
268 " B sub_FF815088 \n"
269 );
270 }
271
272
273
274 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
275 asm volatile (
276 " STMFD SP!, {R3-R5,LR} \n"
277 " LDR R4, =0x1C98 \n"
278 " LDR R0, [R4, #0x10] \n"
279 " CMP R0, #0 \n"
280 " BNE loc_FF822DE0 \n"
281 " MOV R3, #0 \n"
282 " STR R3, [SP] \n"
283 " LDR R3, =mykbd_task \n"
284 " MOV R2, #0x2000 \n"
285 " MOV R1, #0x17 \n"
286 " LDR R0, =0xFF822FA0 /*'PhySw'*/ \n"
287 " BL _KernelCreateTask \n"
288 " STR R0, [R4, #0x10] \n"
289
290 "loc_FF822DE0:\n"
291 " LDMFD SP!, {R3-R5,PC} \n"
292 );
293 }
294
295
296
297 void __attribute__((naked,noinline)) init_file_modules_task() {
298 asm volatile (
299 " STMFD SP!, {R4-R6,LR} \n"
300 " BL sub_FF869D00 \n"
301 " LDR R5, =0x5006 \n"
302 " MOVS R4, R0 \n"
303 " MOVNE R1, #0 \n"
304 " MOVNE R0, R5 \n"
305 " BLNE _PostLogicalEventToUI \n"
306 " BL sub_FF869D2C_my \n"
307 " BL core_spytask_can_start\n"
308 " CMP R4, #0 \n"
309 " MOVEQ R0, R5 \n"
310 " LDMEQFD SP!, {R4-R6,LR} \n"
311 " MOVEQ R1, #0 \n"
312 " BEQ _PostLogicalEventToUI \n"
313 " LDMFD SP!, {R4-R6,PC} \n"
314 );
315 }
316
317
318
319 void __attribute__((naked,noinline)) sub_FF869D2C_my() {
320 asm volatile (
321 " STMFD SP!, {R4,LR} \n"
322 " BL sub_FF84D4A8_my \n"
323 " LDR R4, =0x58A8 \n"
324 " LDR R0, [R4, #4] \n"
325 " CMP R0, #0 \n"
326 " BNE loc_FF869D5C \n"
327 " BL sub_FF879F20 \n"
328 " BL sub_FF8FB3B0 \n"
329 " BL sub_FF879F20 \n"
330 " BL sub_FF907F04 \n"
331 " BL sub_FF879F30 \n"
332 " BL sub_FF8FB458 \n"
333
334 "loc_FF869D5C:\n"
335 " MOV R0, #1 \n"
336 " STR R0, [R4] \n"
337 " LDMFD SP!, {R4,PC} \n"
338 );
339 }
340
341
342
343 void __attribute__((naked,noinline)) sub_FF84D4A8_my() {
344 asm volatile (
345 " STMFD SP!, {R4-R6,LR} \n"
346 " MOV R6, #0 \n"
347 " MOV R0, R6 \n"
348 " BL sub_FF84D078 \n"
349 " LDR R4, =0x125D4 \n"
350 " MOV R5, #0 \n"
351 " LDR R0, [R4, #0x38] \n"
352 " BL sub_FF84DA40 \n"
353 " CMP R0, #0 \n"
354 " LDREQ R0, =0x2B3C \n"
355 " STREQ R5, [R0, #0xC] \n"
356 " STREQ R5, [R0, #0x10] \n"
357 " STREQ R5, [R0, #0x14] \n"
358 " MOV R0, R6 \n"
359 " BL sub_FF84D0B8 \n"
360 " MOV R0, R6 \n"
361 " BL sub_FF84D2E4_my \n"
362 " MOV R5, R0 \n"
363 " MOV R0, R6 \n"
364 " BL sub_FF84D350 \n"
365 " LDR R1, [R4, #0x3C] \n"
366 " AND R2, R5, R0 \n"
367 " CMP R1, #0 \n"
368 " MOV R0, #0 \n"
369 " MOVEQ R0, #0x80000001 \n"
370 " BEQ loc_FF84D53C \n"
371 " LDR R3, [R4, #0x2C] \n"
372 " CMP R3, #2 \n"
373 " MOVEQ R0, #4 \n"
374 " CMP R1, #5 \n"
375 " ORRNE R0, R0, #1 \n"
376 " BICEQ R0, R0, #1 \n"
377 " CMP R2, #0 \n"
378 " BICEQ R0, R0, #2 \n"
379 " ORREQ R0, R0, #0x80000000 \n"
380 " BICNE R0, R0, #0x80000000 \n"
381 " ORRNE R0, R0, #2 \n"
382
383 "loc_FF84D53C:\n"
384 " STR R0, [R4, #0x40] \n"
385 " LDMFD SP!, {R4-R6,PC} \n"
386 );
387 }
388
389
390
391 void __attribute__((naked,noinline)) sub_FF84D2E4_my() {
392 asm volatile (
393 " STMFD SP!, {R4-R6,LR} \n"
394 " LDR R5, =0x2B3C \n"
395 " MOV R6, R0 \n"
396 " LDR R0, [R5, #0x10] \n"
397 " CMP R0, #0 \n"
398 " MOVNE R0, #1 \n"
399 " LDMNEFD SP!, {R4-R6,PC} \n"
400 " MOV R0, #0x17 \n"
401 " MUL R1, R0, R6 \n"
402 " LDR R0, =0x125D4 \n"
403 " ADD R4, R0, R1, LSL#2 \n"
404 " LDR R0, [R4, #0x38] \n"
405 " MOV R1, R6 \n"
406 " BL sub_FF84D17C_my \n"
407 " CMP R0, #0 \n"
408 " LDMEQFD SP!, {R4-R6,PC} \n"
409 " LDR R0, [R4, #0x38] \n"
410 " MOV R1, R6 \n"
411 " BL sub_FF84DB58 \n"
412 " CMP R0, #0 \n"
413 " LDMEQFD SP!, {R4-R6,PC} \n"
414 " MOV R0, R6 \n"
415 " BL sub_FF84CC98 \n"
416 " CMP R0, #0 \n"
417 " MOVNE R1, #1 \n"
418 " STRNE R1, [R5, #0x10] \n"
419 " LDMFD SP!, {R4-R6,PC} \n"
420 );
421 }
422
423
424
425 void __attribute__((naked,noinline)) sub_FF84D17C_my() {
426 asm volatile (
427 " STMFD SP!, {R4-R8,LR} \n"
428 " MOV R8, R0 \n"
429 " MOV R0, #0x17 \n"
430 " MUL R1, R0, R1 \n"
431 " LDR R0, =0x125D4 \n"
432 " MOV R6, #0 \n"
433 " ADD R7, R0, R1, LSL#2 \n"
434 " LDR R0, [R7, #0x3C] \n"
435 " MOV R5, #0 \n"
436 " CMP R0, #6 \n"
437 " ADDLS PC, PC, R0, LSL#2 \n"
438 " B loc_FF84D2C8 \n"
439 " B loc_FF84D1E0 \n"
440 " B loc_FF84D1C8 \n"
441 " B loc_FF84D1C8 \n"
442 " B loc_FF84D1C8 \n"
443 " B loc_FF84D1C8 \n"
444 " B loc_FF84D2C0 \n"
445 " B loc_FF84D1C8 \n"
446
447 "loc_FF84D1C8:\n"
448 " MOV R2, #0 \n"
449 " MOV R1, #0x200 \n"
450 " MOV R0, #3 \n"
451 " BL _exmem_ualloc \n"
452 " MOVS R4, R0 \n"
453 " BNE loc_FF84D1E8 \n"
454
455 "loc_FF84D1E0:\n"
456 " MOV R0, #0 \n"
457 " LDMFD SP!, {R4-R8,PC} \n"
458
459 "loc_FF84D1E8:\n"
460 " LDR R12, [R7, #0x4C] \n"
461 " MOV R3, R4 \n"
462 " MOV R2, #1 \n"
463 " MOV R1, #0 \n"
464 " MOV R0, R8 \n"
465 " BLX R12 \n"
466 " CMP R0, #1 \n"
467 " BNE loc_FF84D214 \n"
468 " MOV R0, #3 \n"
469 " BL _exmem_ufree \n"
470 " B loc_FF84D1E0 \n"
471
472 "loc_FF84D214:\n"
473 " MOV R0, R8 \n"
474 " BL sub_FF9186B8 \n"
475
476 " MOV R1, R4\n"
477 " BL mbr_read_dryos\n"
478
479
480
481
482
483
484 " MOV R12, R4\n"
485 " MOV LR, R4\n"
486 " MOV R1, #1\n"
487 " B dg_sd_fat32_enter\n"
488 "dg_sd_fat32:\n"
489 " CMP R1, #4\n"
490 " BEQ dg_sd_fat32_end\n"
491 " ADD R12, R12, #0x10\n"
492 " ADD R1, R1, #1\n"
493 "dg_sd_fat32_enter:\n"
494 " LDRB R2, [R12, #0x1BE]\n"
495 " LDRB R3, [R12, #0x1C2]\n"
496 " CMP R3, #0xB\n"
497 " CMPNE R3, #0xC\n"
498 " CMPNE R3, #0x7\n"
499 " BNE dg_sd_fat32\n"
500 " CMP R2, #0x00\n"
501 " CMPNE R2, #0x80\n"
502 " BNE dg_sd_fat32\n"
503
504 " MOV R4, R12\n"
505
506 "dg_sd_fat32_end:\n"
507
508
509 " LDRB R1, [R4, #0x1C9] \n"
510 " LDRB R3, [R4, #0x1C8] \n"
511 " LDRB R12, [R4, #0x1CC] \n"
512 " MOV R1, R1, LSL#24 \n"
513 " ORR R1, R1, R3, LSL#16 \n"
514 " LDRB R3, [R4, #0x1C7] \n"
515 " LDRB R2, [R4, #0x1BE] \n"
516
517 " ORR R1, R1, R3, LSL#8 \n"
518 " LDRB R3, [R4, #0x1C6] \n"
519 " CMP R2, #0 \n"
520 " CMPNE R2, #0x80 \n"
521 " ORR R1, R1, R3 \n"
522 " LDRB R3, [R4, #0x1CD] \n"
523 " MOV R3, R3, LSL#24 \n"
524 " ORR R3, R3, R12, LSL#16 \n"
525 " LDRB R12, [R4, #0x1CB] \n"
526 " ORR R3, R3, R12, LSL#8 \n"
527 " LDRB R12, [R4, #0x1CA] \n"
528 " ORR R3, R3, R12 \n"
529
530
531 " LDRB R12, [LR,#0x1FE]\n"
532 " LDRB LR, [LR,#0x1FF]\n"
533
534 " MOV R4, #0 \n"
535 " BNE loc_FF84D29C \n"
536 " CMP R0, R1 \n"
537 " BCC loc_FF84D29C \n"
538 " ADD R2, R1, R3 \n"
539 " CMP R2, R0 \n"
540 " CMPLS R12, #0x55 \n"
541 " CMPEQ LR, #0xAA \n"
542 " MOVEQ R6, R1 \n"
543 " MOVEQ R5, R3 \n"
544 " MOVEQ R4, #1 \n"
545
546 "loc_FF84D29C:\n"
547 " MOV R0, #3 \n"
548 " BL _exmem_ufree \n"
549 " CMP R4, #0 \n"
550 " BNE loc_FF84D2D4 \n"
551 " MOV R6, #0 \n"
552 " MOV R0, R8 \n"
553 " BL sub_FF9186B8 \n"
554 " MOV R5, R0 \n"
555 " B loc_FF84D2D4 \n"
556
557 "loc_FF84D2C0:\n"
558 " MOV R5, #0x40 \n"
559 " B loc_FF84D2D4 \n"
560
561 "loc_FF84D2C8:\n"
562 " LDR R1, =0x365 \n"
563 " LDR R0, =0xFF84D170 /*'Mounter.c'*/ \n"
564 " BL _DebugAssert \n"
565
566 "loc_FF84D2D4:\n"
567 " STR R6, [R7, #0x44]! \n"
568 " MOV R0, #1 \n"
569 " STR R5, [R7, #4] \n"
570 " LDMFD SP!, {R4-R8,PC} \n"
571 );
572 }
573
574
575
576 void __attribute__((naked,noinline)) my_touchw_task() {
577 asm volatile (
578 " STMFD SP!, {R4-R6,LR} \n"
579 " BL sub_FF8E79C4 \n"
580 " LDR R5, =0xFFAA0D8C \n"
581 " LDR R4, =0x9C10 \n"
582
583 "loc_FF8E6DD0:\n"
584 " LDR R0, [R4, #0x1C] \n"
585 " MOV R3, #0x1D0 \n"
586 " LDR R2, =0xFF8E6FE0 /*'TouchWheel.c'*/ \n"
587 " MOV R1, #0 \n"
588 " BL sub_FF81BF78 /*_TakeSemaphoreStrictly*/ \n"
589 " BL kbd_is_blocked\n"
590 " MOV R6, R0\n"
591 " LDR R0, [R4, #0x24] \n"
592 " LDR R1, [R4, #0x28] \n"
593
594
595 " CMP R6, #0\n"
596 " BEQ bypass_skip_touch\n"
597
598
599 " CMP R0, #2\n"
600 " CMPEQ R1, #1\n"
601 " BEQ loc_FF8E6DD0\n"
602
603 "bypass_skip_touch:\n"
604
605 " ADD R0, R5, R0, LSL#4 \n"
606 " LDR R0, [R0, R1, LSL#2] \n"
607 " BLX R0 \n"
608 " B loc_FF8E6DD0 \n"
609 );
610 }