This source file includes following definitions.
- CreateTask_spytask
- taskCreateHook
- boot
- sub_FFC001A4_my
- sub_FFC00FB8_my
- uHwSetup_my
- CreateTask_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
- sub_FFC5A4E8_my
- sub_FFC3F0CC_my
- sub_FFC3EF08_my
- sub_FFC3EDA0_my
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7
8 const char * const new_sa = &_end;
9
10
11
12
13 void CreateTask_spytask()
14 {
15 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
16 }
17
18 void taskCreateHook(int *p) {
19 p-=16;
20 if (p[0]==(int)0xffc4cb64) p[0]=(int)capt_seq_task;
21 if (p[0]==(int)0xffc91454) p[0]=(int)exp_drv_task;
22 if (p[0]==(int)0xffc49b18) p[0]=(int)movie_record_task;
23 if (p[0]==(int)0xffdbfc80) p[0]=(int)filewritetask;
24 if (p[0]==(int)0xffc5f754) p[0]=(int)init_file_modules_task;
25 }
26
27 void boot()
28 {
29 long *canon_data_src = (void*)0xFFE9C5D0;
30 long *canon_data_dst = (void*)0x1900;
31 long canon_data_len = 0xf0c4 - 0x1900;
32 long *canon_bss_start = (void*)0xf0c4;
33 long canon_bss_len = 0x9d024 - 0xf0c4;
34
35 long i;
36
37
38
39 asm volatile (
40 "MRC p15, 0, R0,c1,c0\n"
41 "ORR R0, R0, #0x1000\n"
42 "ORR R0, R0, #4\n"
43 "ORR R0, R0, #1\n"
44 "MCR p15, 0, R0,c1,c0\n"
45 :::"r0");
46
47 for(i=0;i<canon_data_len/4;i++)
48 canon_data_dst[i]=canon_data_src[i];
49
50 for(i=0;i<canon_bss_len/4;i++)
51 canon_bss_start[i]=0;
52
53 *(int*)0x1930=(int)taskCreateHook;
54 *(int*)0x1934=(int)taskCreateHook;
55
56
57 asm volatile ("B sub_FFC001A4_my\n");
58 };
59
60
61
62
63 void __attribute__((naked,noinline)) sub_FFC001A4_my() {
64 asm volatile (
65 " LDR R0, =0xFFC0021C \n"
66 " MOV R1, #0 \n"
67 " LDR R3, =0xFFC00254 \n"
68
69 "loc_FFC001B0:\n"
70 " CMP R0, R3 \n"
71 " LDRCC R2, [R0], #4 \n"
72 " STRCC R2, [R1], #4 \n"
73 " BCC loc_FFC001B0 \n"
74 " LDR R0, =0xFFC00254 \n"
75 " MOV R1, #0x4B0 \n"
76 " LDR R3, =0xFFC00468 \n"
77
78 "loc_FFC001CC:\n"
79 " CMP R0, R3 \n"
80 " LDRCC R2, [R0], #4 \n"
81 " STRCC R2, [R1], #4 \n"
82 " BCC loc_FFC001CC \n"
83 " MOV R0, #0xD2 \n"
84 " MSR CPSR_cxsf, R0 \n"
85 " MOV SP, #0x1000 \n"
86 " MOV R0, #0xD3 \n"
87 " MSR CPSR_cxsf, R0 \n"
88 " MOV SP, #0x1000 \n"
89 " LDR R0, =0x6C4 \n"
90 " LDR R2, =0xEEEEEEEE \n"
91 " MOV R3, #0x1000 \n"
92
93 "loc_FFC00200:\n"
94 " CMP R0, R3 \n"
95 " STRCC R2, [R0], #4 \n"
96 " BCC loc_FFC00200 \n"
97 " BL sub_FFC00FB8_my \n"
98 );
99 }
100
101
102
103 void __attribute__((naked,noinline)) sub_FFC00FB8_my() {
104 asm volatile (
105 " STR LR, [SP, #-4]! \n"
106 " SUB SP, SP, #0x74 \n"
107 " MOV R0, SP \n"
108 " MOV R1, #0x74 \n"
109 " BL sub_FFE3B620 \n"
110 " MOV R0, #0x53000 \n"
111 " STR R0, [SP, #4] \n"
112
113 #if defined(CHDK_NOT_IN_CANON_HEAP)
114 " LDR R0, =0x9D024 \n"
115 #else
116 " LDR R0, =new_sa\n"
117 " LDR R0, [R0]\n"
118 #endif
119
120 " LDR R2, =0x2ABC00 \n"
121 " LDR R1, =0x2A4968 \n"
122 " STR R0, [SP, #8] \n"
123 " SUB R0, R1, R0 \n"
124 " ADD R3, SP, #0xC \n"
125 " STR R2, [SP] \n"
126 " STMIA R3, {R0-R2} \n"
127 " MOV R0, #0x22 \n"
128 " STR R0, [SP, #0x18] \n"
129 " MOV R0, #0x68 \n"
130 " STR R0, [SP, #0x1C] \n"
131 " LDR R0, =0x19B \n"
132 " MOV R1, #0x64 \n"
133 " STRD R0, [SP, #0x20] \n"
134 " MOV R0, #0x78 \n"
135 " STRD R0, [SP, #0x28] \n"
136 " MOV R0, #0 \n"
137 " STR R0, [SP, #0x30] \n"
138 " STR R0, [SP, #0x34] \n"
139 " MOV R0, #0x10 \n"
140 " STR R0, [SP, #0x5C] \n"
141 " MOV R0, #0x800 \n"
142 " STR R0, [SP, #0x60] \n"
143 " MOV R0, #0xA0 \n"
144 " STR R0, [SP, #0x64] \n"
145 " MOV R0, #0x280 \n"
146 " STR R0, [SP, #0x68] \n"
147 " LDR R1, =uHwSetup_my \n"
148 " MOV R0, SP \n"
149 " MOV R2, #0 \n"
150 " BL sub_FFC02D70 \n"
151 " ADD SP, SP, #0x74 \n"
152 " LDR PC, [SP], #4 \n"
153 );
154 }
155
156
157
158 void __attribute__((naked,noinline)) uHwSetup_my() {
159 asm volatile (
160 " STMFD SP!, {R4,LR} \n"
161 " BL sub_FFC0095C \n"
162 " BL sub_FFC09A18 \n"
163 " CMP R0, #0 \n"
164 " LDRLT R0, =0xFFC04ED0 /*'dmSetup'*/ \n"
165 " BLLT _err_init_task \n"
166 " BL sub_FFC049E0 \n"
167 " CMP R0, #0 \n"
168 " LDRLT R0, =0xFFC04ED8 /*'termDriverInit'*/ \n"
169 " BLLT _err_init_task \n"
170 " LDR R0, =0xFFC04EE8 /*'/_term'*/ \n"
171 " BL sub_FFC04ACC \n"
172 " CMP R0, #0 \n"
173 " LDRLT R0, =0xFFC04EF0 /*'termDeviceCreate'*/ \n"
174 " BLLT _err_init_task \n"
175 " LDR R0, =0xFFC04EE8 /*'/_term'*/ \n"
176 " BL sub_FFC0357C \n"
177 " CMP R0, #0 \n"
178 " LDRLT R0, =0xFFC04F04 /*'stdioSetup'*/ \n"
179 " BLLT _err_init_task \n"
180 " BL sub_FFC095A0 \n"
181 " CMP R0, #0 \n"
182 " LDRLT R0, =0xFFC04F10 /*'stdlibSetup'*/ \n"
183 " BLLT _err_init_task \n"
184 " BL sub_FFC014D0 \n"
185 " CMP R0, #0 \n"
186 " LDRLT R0, =0xFFC04F1C /*'armlib_setup'*/ \n"
187 " BLLT _err_init_task \n"
188 " LDMFD SP!, {R4,LR} \n"
189 " B CreateTask_Startup_my \n"
190 );
191 }
192
193
194
195 void __attribute__((naked,noinline)) CreateTask_Startup_my() {
196 asm volatile (
197 " STMFD SP!, {R3,LR} \n"
198
199 " BL sub_FFC1B9BC \n"
200 " CMP R0, #0 \n"
201 " LDREQ R0, =0xC0220000 \n"
202 " LDREQ R1, [R0, #0xB8] \n"
203 " TSTEQ R1, #1 \n"
204 " BNE loc_FFC0DD08 \n"
205 " MOV R1, #0x44 \n"
206 " STR R1, [R0, #0x4C] \n"
207
208 "loc_FFC0DD04:\n"
209 " B loc_FFC0DD04 \n"
210
211 "loc_FFC0DD08:\n"
212
213
214 " BL sub_FFC19548 \n"
215 " MOV R1, #0x300000 \n"
216 " MOV R0, #0 \n"
217 " BL sub_FFC19790 \n"
218 " BL sub_FFC1973C /*_EnableDispatch*/ \n"
219 " MOV R3, #0 \n"
220 " STR R3, [SP] \n"
221 " LDR R3, =task_Startup_my \n"
222 " MOV R2, #0 \n"
223 " MOV R1, #0x19 \n"
224 " LDR R0, =0xFFC0DD4C /*'Startup'*/ \n"
225 " BL _CreateTask \n"
226 " MOV R0, #0 \n"
227 " LDMFD SP!, {R12,PC} \n"
228 );
229 }
230
231
232
233 void __attribute__((naked,noinline)) task_Startup_my() {
234 asm volatile (
235 " STMFD SP!, {R4,LR} \n"
236 " BL sub_FFC051CC \n"
237 " BL sub_FFC13FA8 \n"
238 " BL sub_FFC10EA4 \n"
239 " BL sub_FFC370E8 \n"
240 " BL sub_FFC1BB9C \n"
241
242 " BL CreateTask_spytask\n"
243 " BL sub_FFC5C18C \n"
244 " BL sub_FFC1BBEC \n"
245 " BL sub_FFC18A8C \n"
246 " BL sub_FFC1BD68 \n"
247 " BL taskcreatePhySw_my \n"
248 " BL sub_FFC15BC8 \n"
249 " BL sub_FFC1BD80 \n"
250
251 " BL sub_FFC1213C \n"
252 " BL sub_FFC1B768 \n"
253 " BL sub_FFC128D8 \n"
254 " BL sub_FFC12048 \n"
255 " BL sub_FFC1C6C4 \n"
256 " BL sub_FFC12004 \n"
257 " LDMFD SP!, {R4,LR} \n"
258 " B sub_FFC05088 \n"
259 );
260 }
261
262
263
264 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
265 asm volatile (
266 " STMFD SP!, {R3-R5,LR} \n"
267 " LDR R4, =0x1C98 \n"
268 " LDR R0, [R4, #0x10] \n"
269 " CMP R0, #0 \n"
270 " BNE loc_FFC12DE0 \n"
271 " MOV R3, #0 \n"
272 " STR R3, [SP] \n"
273 " LDR R3, =mykbd_task \n"
274 " MOV R2, #0x800 \n"
275 " MOV R1, #0x17 \n"
276 " LDR R0, =0xFFC12FA0 /*'PhySw'*/ \n"
277 " BL sub_FFC0BE98 /*_CreateTaskStrictly*/ \n"
278 " STR R0, [R4, #0x10] \n"
279
280 "loc_FFC12DE0:\n"
281 " LDMFD SP!, {R3-R5,PC} \n"
282 );
283 }
284
285
286
287 void __attribute__((naked,noinline)) init_file_modules_task() {
288 asm volatile (
289 " STMFD SP!, {R4-R6,LR} \n"
290 " BL sub_FFC5A4BC \n"
291 " LDR R5, =0x5006 \n"
292 " MOVS R4, R0 \n"
293 " MOVNE R1, #0 \n"
294 " MOVNE R0, R5 \n"
295 " BLNE _PostLogicalEventToUI \n"
296 " BL sub_FFC5A4E8_my \n"
297 " BL core_spytask_can_start\n"
298 " CMP R4, #0 \n"
299 " MOVEQ R0, R5 \n"
300 " LDMEQFD SP!, {R4-R6,LR} \n"
301 " MOVEQ R1, #0 \n"
302 " BEQ _PostLogicalEventToUI \n"
303 " LDMFD SP!, {R4-R6,PC} \n"
304 );
305 }
306
307
308
309 void __attribute__((naked,noinline)) sub_FFC5A4E8_my() {
310 asm volatile (
311 " STMFD SP!, {R4,LR} \n"
312 " BL sub_FFC3F0CC_my \n"
313 " LDR R4, =0x58D0 \n"
314 " LDR R0, [R4, #4] \n"
315 " CMP R0, #0 \n"
316 " BNE loc_FFC5A518 \n"
317 " BL sub_FFC674CC \n"
318 " BL sub_FFCDCA24 \n"
319 " BL sub_FFC674CC \n"
320 " BL sub_FFCE6504 \n"
321 " BL sub_FFC674DC \n"
322 " BL sub_FFCDCAC4 \n"
323
324 "loc_FFC5A518:\n"
325 " MOV R0, #1 \n"
326 " STR R0, [R4] \n"
327 " LDMFD SP!, {R4,PC} \n"
328 );
329 }
330
331
332
333 void __attribute__((naked,noinline)) sub_FFC3F0CC_my() {
334 asm volatile (
335 " STMFD SP!, {R4-R6,LR} \n"
336 " MOV R6, #0 \n"
337 " MOV R0, R6 \n"
338 " BL sub_FFC3EC9C \n"
339 " LDR R4, =0x11800 \n"
340 " MOV R5, #0 \n"
341 " LDR R0, [R4, #0x38] \n"
342 " BL sub_FFC3F664 \n"
343 " CMP R0, #0 \n"
344 " LDREQ R0, =0x2BA0 \n"
345 " STREQ R5, [R0, #0xC] \n"
346 " STREQ R5, [R0, #0x10] \n"
347 " STREQ R5, [R0, #0x14] \n"
348 " MOV R0, R6 \n"
349 " BL sub_FFC3ECDC \n"
350 " MOV R0, R6 \n"
351 " BL sub_FFC3EF08_my \n"
352 " MOV R5, R0 \n"
353 " MOV R0, R6 \n"
354 " BL sub_FFC3EF74 \n"
355 " LDR R1, [R4, #0x3C] \n"
356 " AND R2, R5, R0 \n"
357 " CMP R1, #0 \n"
358 " MOV R0, #0 \n"
359 " MOVEQ R0, #0x80000001 \n"
360 " BEQ loc_FFC3F160 \n"
361 " LDR R3, [R4, #0x2C] \n"
362 " CMP R3, #2 \n"
363 " MOVEQ R0, #4 \n"
364 " CMP R1, #5 \n"
365 " ORRNE R0, R0, #1 \n"
366 " BICEQ R0, R0, #1 \n"
367 " CMP R2, #0 \n"
368 " BICEQ R0, R0, #2 \n"
369 " ORREQ R0, R0, #0x80000000 \n"
370 " BICNE R0, R0, #0x80000000 \n"
371 " ORRNE R0, R0, #2 \n"
372
373 "loc_FFC3F160:\n"
374 " STR R0, [R4, #0x40] \n"
375 " LDMFD SP!, {R4-R6,PC} \n"
376 );
377 }
378
379
380
381 void __attribute__((naked,noinline)) sub_FFC3EF08_my() {
382 asm volatile (
383 " STMFD SP!, {R4-R6,LR} \n"
384 " LDR R5, =0x2BA0 \n"
385 " MOV R6, R0 \n"
386 " LDR R0, [R5, #0x10] \n"
387 " CMP R0, #0 \n"
388 " MOVNE R0, #1 \n"
389 " LDMNEFD SP!, {R4-R6,PC} \n"
390 " MOV R0, #0x17 \n"
391 " MUL R1, R0, R6 \n"
392 " LDR R0, =0x11800 \n"
393 " ADD R4, R0, R1, LSL#2 \n"
394 " LDR R0, [R4, #0x38] \n"
395 " MOV R1, R6 \n"
396 " BL sub_FFC3EDA0_my \n"
397 " CMP R0, #0 \n"
398 " LDMEQFD SP!, {R4-R6,PC} \n"
399 " LDR R0, [R4, #0x38] \n"
400 " MOV R1, R6 \n"
401 " BL sub_FFC3F77C \n"
402 " CMP R0, #0 \n"
403 " LDMEQFD SP!, {R4-R6,PC} \n"
404 " MOV R0, R6 \n"
405 " BL sub_FFC3E8BC \n"
406 " CMP R0, #0 \n"
407 " MOVNE R1, #1 \n"
408 " STRNE R1, [R5, #0x10] \n"
409 " LDMFD SP!, {R4-R6,PC} \n"
410 );
411 }
412
413
414
415 void __attribute__((naked,noinline)) sub_FFC3EDA0_my() {
416 asm volatile (
417 " STMFD SP!, {R4-R8,LR} \n"
418 " MOV R8, R0 \n"
419 " MOV R0, #0x17 \n"
420 " MUL R1, R0, R1 \n"
421 " LDR R0, =0x11800 \n"
422 " MOV R6, #0 \n"
423 " ADD R7, R0, R1, LSL#2 \n"
424 " LDR R0, [R7, #0x3C] \n"
425 " MOV R5, #0 \n"
426 " CMP R0, #6 \n"
427 " ADDLS PC, PC, R0, LSL#2 \n"
428 " B loc_FFC3EEEC \n"
429 " B loc_FFC3EE04 \n"
430 " B loc_FFC3EDEC \n"
431 " B loc_FFC3EDEC \n"
432 " B loc_FFC3EDEC \n"
433 " B loc_FFC3EDEC \n"
434 " B loc_FFC3EEE4 \n"
435 " B loc_FFC3EDEC \n"
436
437 "loc_FFC3EDEC:\n"
438 " MOV R2, #0 \n"
439 " MOV R1, #0x200 \n"
440 " MOV R0, #3 \n"
441 " BL _exmem_ualloc \n"
442 " MOVS R4, R0 \n"
443 " BNE loc_FFC3EE0C \n"
444
445 "loc_FFC3EE04:\n"
446 " MOV R0, #0 \n"
447 " LDMFD SP!, {R4-R8,PC} \n"
448
449 "loc_FFC3EE0C:\n"
450 " LDR R12, [R7, #0x4C] \n"
451 " MOV R3, R4 \n"
452 " MOV R2, #1 \n"
453 " MOV R1, #0 \n"
454 " MOV R0, R8 \n"
455 " BLX R12 \n"
456 " CMP R0, #1 \n"
457 " BNE loc_FFC3EE38 \n"
458 " MOV R0, #3 \n"
459 " BL _exmem_ufree \n"
460 " B loc_FFC3EE04 \n"
461
462 "loc_FFC3EE38:\n"
463 " MOV R0, R8 \n"
464 " BL sub_FFCF554C \n"
465
466 " MOV R1, R4\n"
467 " BL mbr_read_dryos\n"
468
469
470
471
472
473
474 " MOV R12, R4\n"
475 " MOV LR, R4\n"
476 " MOV R1, #1\n"
477 " B dg_sd_fat32_enter\n"
478 "dg_sd_fat32:\n"
479 " CMP R1, #4\n"
480 " BEQ dg_sd_fat32_end\n"
481 " ADD R12, R12, #0x10\n"
482 " ADD R1, R1, #1\n"
483 "dg_sd_fat32_enter:\n"
484 " LDRB R2, [R12, #0x1BE]\n"
485 " LDRB R3, [R12, #0x1C2]\n"
486 " CMP R3, #0xB\n"
487 " CMPNE R3, #0xC\n"
488 " CMPNE R3, #0x7\n"
489 " BNE dg_sd_fat32\n"
490 " CMP R2, #0x00\n"
491 " CMPNE R2, #0x80\n"
492 " BNE dg_sd_fat32\n"
493
494 " MOV R4, R12\n"
495
496 "dg_sd_fat32_end:\n"
497
498
499 " LDRB R1, [R4, #0x1C9] \n"
500 " LDRB R3, [R4, #0x1C8] \n"
501 " LDRB R12, [R4, #0x1CC] \n"
502 " MOV R1, R1, LSL#24 \n"
503 " ORR R1, R1, R3, LSL#16 \n"
504 " LDRB R3, [R4, #0x1C7] \n"
505 " LDRB R2, [R4, #0x1BE] \n"
506
507 " ORR R1, R1, R3, LSL#8 \n"
508 " LDRB R3, [R4, #0x1C6] \n"
509 " CMP R2, #0 \n"
510 " CMPNE R2, #0x80 \n"
511 " ORR R1, R1, R3 \n"
512 " LDRB R3, [R4, #0x1CD] \n"
513 " MOV R3, R3, LSL#24 \n"
514 " ORR R3, R3, R12, LSL#16 \n"
515 " LDRB R12, [R4, #0x1CB] \n"
516 " ORR R3, R3, R12, LSL#8 \n"
517 " LDRB R12, [R4, #0x1CA] \n"
518 " ORR R3, R3, R12 \n"
519
520
521 " LDRB R12, [LR,#0x1FE]\n"
522 " LDRB LR, [LR,#0x1FF]\n"
523
524 " MOV R4, #0 \n"
525 " BNE loc_FFC3EEC0 \n"
526 " CMP R0, R1 \n"
527 " BCC loc_FFC3EEC0 \n"
528 " ADD R2, R1, R3 \n"
529 " CMP R2, R0 \n"
530 " CMPLS R12, #0x55 \n"
531 " CMPEQ LR, #0xAA \n"
532 " MOVEQ R6, R1 \n"
533 " MOVEQ R5, R3 \n"
534 " MOVEQ R4, #1 \n"
535
536 "loc_FFC3EEC0:\n"
537 " MOV R0, #3 \n"
538 " BL _exmem_ufree \n"
539 " CMP R4, #0 \n"
540 " BNE loc_FFC3EEF8 \n"
541 " MOV R6, #0 \n"
542 " MOV R0, R8 \n"
543 " BL sub_FFCF554C \n"
544 " MOV R5, R0 \n"
545 " B loc_FFC3EEF8 \n"
546
547 "loc_FFC3EEE4:\n"
548 " MOV R5, #0x40 \n"
549 " B loc_FFC3EEF8 \n"
550
551 "loc_FFC3EEEC:\n"
552 " LDR R1, =0x365 \n"
553 " LDR R0, =0xFFC3ED94 /*'Mounter.c'*/ \n"
554 " BL _DebugAssert \n"
555
556 "loc_FFC3EEF8:\n"
557 " STR R6, [R7, #0x44]! \n"
558 " MOV R0, #1 \n"
559 " STR R5, [R7, #4] \n"
560 " LDMFD SP!, {R4-R8,PC} \n"
561 );
562 }