This source file includes following definitions.
- taskHook
- CreateTask_spytask
- boot
- sub_FF810358_my
- sub_FF8111B0_my
- sub_FF815EE0_my
- taskcreate_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7 #include "dryos31.h"
8
9 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
10
11 const char * const new_sa = &_end;
12
13
14 extern void task_CaptSeq();
15 extern void task_InitFileModules();
16 extern void task_MovieRecord();
17 extern void task_ExpDrv();
18
19
20 void taskHook(context_t **context)
21 {
22 task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
23
24
25 if(tcb->entry == (void*)task_CaptSeq) tcb->entry = (void*)capt_seq_task;
26 if(tcb->entry == (void*)task_InitFileModules) tcb->entry = (void*)init_file_modules_task;
27 if(tcb->entry == (void*)task_MovieRecord) tcb->entry = (void*)movie_record_task;
28 if(tcb->entry == (void*)task_ExpDrv) tcb->entry = (void*)exp_drv_task;
29
30 }
31
32
33
34
35 void CreateTask_spytask()
36 {
37 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
38 }
39
40
41
42
43
44
45
46
47
48 void __attribute__((naked,noinline)) boot() {
49 asm volatile (
50 " LDR R1, =0xC0410000 \n"
51 " MOV R0, #0 \n"
52 " STR R0, [R1] \n"
53 " MOV R1, #0x78 \n"
54 " MCR p15, 0, R1, c1, c0 \n"
55 " MOV R1, #0 \n"
56 " MCR p15, 0, R1, c7, c10, 4 \n"
57 " MCR p15, 0, R1, c7, c5 \n"
58 " MCR p15, 0, R1, c7, c6 \n"
59 " MOV R0, #0x3D \n"
60 " MCR p15, 0, R0, c6, c0 \n"
61 " MOV R0, #0xC000002F \n"
62 " MCR p15, 0, R0, c6, c1 \n"
63 " MOV R0, #0x35 \n"
64 " MCR p15, 0, R0, c6, c2 \n"
65 " MOV R0, #0x40000035 \n"
66 " MCR p15, 0, R0, c6, c3 \n"
67 " MOV R0, #0x80000017 \n"
68 " MCR p15, 0, R0, c6, c4 \n"
69 " LDR R0, =0xFF80002D \n"
70 " MCR p15, 0, R0, c6, c5 \n"
71 " MOV R0, #0x34 \n"
72 " MCR p15, 0, R0, c2, c0 \n"
73 " MOV R0, #0x34 \n"
74 " MCR p15, 0, R0, c2, c0, 1 \n"
75 " MOV R0, #0x34 \n"
76 " MCR p15, 0, R0, c3, c0 \n"
77 " LDR R0, =0x3333330 \n"
78 " MCR p15, 0, R0, c5, c0, 2 \n"
79 " LDR R0, =0x3333330 \n"
80 " MCR p15, 0, R0, c5, c0, 3 \n"
81 " MRC p15, 0, R0, c1, c0 \n"
82 " ORR R0, R0, #0x1000 \n"
83 " ORR R0, R0, #4 \n"
84 " ORR R0, R0, #1 \n"
85 " MCR p15, 0, R0, c1, c0 \n"
86 " MOV R1, #0x80000006 \n"
87 " MCR p15, 0, R1, c9, c1 \n"
88 " MOV R1, #6 \n"
89 " MCR p15, 0, R1, c9, c1, 1 \n"
90 " MRC p15, 0, R1, c1, c0 \n"
91 " ORR R1, R1, #0x50000 \n"
92 " MCR p15, 0, R1, c1, c0 \n"
93 " LDR R2, =0xC0200000 \n"
94 " MOV R1, #1 \n"
95 " STR R1, [R2, #0x10C] \n"
96 " MOV R1, #0xFF \n"
97 " STR R1, [R2, #0xC] \n"
98 " STR R1, [R2, #0x1C] \n"
99 " STR R1, [R2, #0x2C] \n"
100 " STR R1, [R2, #0x3C] \n"
101 " STR R1, [R2, #0x4C] \n"
102 " STR R1, [R2, #0x5C] \n"
103 " STR R1, [R2, #0x6C] \n"
104 " STR R1, [R2, #0x7C] \n"
105 " STR R1, [R2, #0x8C] \n"
106 " STR R1, [R2, #0x9C] \n"
107 " STR R1, [R2, #0xAC] \n"
108 " STR R1, [R2, #0xBC] \n"
109 " STR R1, [R2, #0xCC] \n"
110 " STR R1, [R2, #0xDC] \n"
111 " STR R1, [R2, #0xEC] \n"
112 " STR R1, [R2, #0xFC] \n"
113 " LDR R1, =0xC0400008 \n"
114 " LDR R2, =0x430005 \n"
115 " STR R2, [R1] \n"
116 " MOV R1, #1 \n"
117 " LDR R2, =0xC0243100 \n"
118 " STR R2, [R1] \n"
119 " LDR R2, =0xC0242010 \n"
120 " LDR R1, [R2] \n"
121 " ORR R1, R1, #1 \n"
122 " STR R1, [R2] \n"
123 " LDR R0, =0xFFC8AB40 \n"
124 " LDR R1, =0x1900 \n"
125 " LDR R3, =0x1049C \n"
126
127 "loc_FF81013C:\n"
128 " CMP R1, R3 \n"
129 " LDRCC R2, [R0], #4 \n"
130 " STRCC R2, [R1], #4 \n"
131 " BCC loc_FF81013C \n"
132 " LDR R1, =0x1774EC \n"
133 " MOV R2, #0 \n"
134
135 "loc_FF810154:\n"
136 " CMP R3, R1 \n"
137 " STRCC R2, [R3], #4 \n"
138 " BCC loc_FF810154 \n"
139 " B sub_FF810358_my \n"
140 );
141 }
142
143
144
145 void __attribute__((naked,noinline)) sub_FF810358_my() {
146
147
148 *(int*)0x1938=(int)taskHook;
149 *(int*)0x193C=(int)taskHook;
150
151
152
153 *(int*)(0x25F4) = (*(int*)0xC0220128)&1 ? 0x200000 : 0x100000;
154
155 asm volatile (
156 " LDR R0, =0xFF8103D0 \n"
157 " MOV R1, #0 \n"
158 " LDR R3, =0xFF810408 \n"
159
160 "loc_FF810364:\n"
161 " CMP R0, R3 \n"
162 " LDRCC R2, [R0], #4 \n"
163 " STRCC R2, [R1], #4 \n"
164 " BCC loc_FF810364 \n"
165 " LDR R0, =0xFF810408 \n"
166 " MOV R1, #0x4B0 \n"
167 " LDR R3, =0xFF81061C \n"
168
169 "loc_FF810380:\n"
170 " CMP R0, R3 \n"
171 " LDRCC R2, [R0], #4 \n"
172 " STRCC R2, [R1], #4 \n"
173 " BCC loc_FF810380 \n"
174 " MOV R0, #0xD2 \n"
175 " MSR CPSR_cxsf, R0 \n"
176 " MOV SP, #0x1000 \n"
177 " MOV R0, #0xD3 \n"
178 " MSR CPSR_cxsf, R0 \n"
179 " MOV SP, #0x1000 \n"
180 " LDR R0, =0x6C4 \n"
181 " LDR R2, =0xEEEEEEEE \n"
182 " MOV R3, #0x1000 \n"
183
184 "loc_FF8103B4:\n"
185 " CMP R0, R3 \n"
186 " STRCC R2, [R0], #4 \n"
187 " BCC loc_FF8103B4 \n"
188 " BL sub_FF8111B0_my \n"
189 );
190 }
191
192
193
194 void __attribute__((naked,noinline)) sub_FF8111B0_my() {
195 asm volatile (
196 " STR LR, [SP, #-4]! \n"
197 " SUB SP, SP, #0x74 \n"
198 " MOV R1, #0x74 \n"
199 " MOV R0, SP \n"
200 " BL sub_FFB9C644 \n"
201 " MOV R0, #0x53000 \n"
202 " STR R0, [SP, #4] \n"
203
204 #if defined(CHDK_NOT_IN_CANON_HEAP)
205 " LDR R0, =0x1774EC \n"
206 #else
207 " LDR R0, =new_sa\n"
208 " LDR R0, [R0]\n"
209 #endif
210
211 " LDR R2, =0x371F80 \n"
212 " STR R0, [SP, #8] \n"
213 " SUB R0, R2, R0 \n"
214 " STR R0, [SP, #0xC] \n"
215 " MOV R0, #0x22 \n"
216 " STR R0, [SP, #0x18] \n"
217 " MOV R0, #0x68 \n"
218 " STR R0, [SP, #0x1C] \n"
219 " LDR R1, =0x379C00 \n"
220 " LDR R0, =0x19B \n"
221 " STR R1, [SP] \n"
222 " STR R0, [SP, #0x20] \n"
223 " MOV R0, #0x96 \n"
224 " STR R2, [SP, #0x10] \n"
225 " STR R1, [SP, #0x14] \n"
226 " STR R0, [SP, #0x24] \n"
227 " STR R0, [SP, #0x28] \n"
228 " MOV R0, #0x64 \n"
229 " STR R0, [SP, #0x2C] \n"
230 " MOV R0, #0 \n"
231 " STR R0, [SP, #0x30] \n"
232 " STR R0, [SP, #0x34] \n"
233 " MOV R0, #0x10 \n"
234 " STR R0, [SP, #0x5C] \n"
235 " MOV R0, #0x800 \n"
236 " STR R0, [SP, #0x60] \n"
237 " MOV R0, #0xA0 \n"
238 " STR R0, [SP, #0x64] \n"
239 " MOV R0, #0x280 \n"
240 " STR R0, [SP, #0x68] \n"
241 " LDR R1, =sub_FF815EE0_my \n"
242 " LDR PC, =0xFF81124C \n"
243 );
244 }
245
246
247
248 void __attribute__((naked,noinline)) sub_FF815EE0_my() {
249 asm volatile (
250 " STMFD SP!, {R4,LR} \n"
251 " BL sub_FF810B28 \n"
252 " BL sub_FF81A374 \n"
253 " CMP R0, #0 \n"
254 " LDRLT R0, =0xFF815FF4 /*'dmSetup'*/ \n"
255 " BLLT _err_init_task \n"
256 " BL sub_FF815B18 \n"
257 " CMP R0, #0 \n"
258 " LDRLT R0, =0xFF815FFC /*'termDriverInit'*/ \n"
259 " BLLT _err_init_task \n"
260 " LDR R0, =0xFF81600C /*'/_term'*/ \n"
261 " BL sub_FF815C00 \n"
262 " CMP R0, #0 \n"
263 " LDRLT R0, =0xFF816014 /*'termDeviceCreate'*/ \n"
264 " BLLT _err_init_task \n"
265 " LDR R0, =0xFF81600C /*'/_term'*/ \n"
266 " BL sub_FF813CA8 \n"
267 " CMP R0, #0 \n"
268 " LDRLT R0, =0xFF816028 /*'stdioSetup'*/ \n"
269 " BLLT _err_init_task \n"
270 " BL sub_FF819D00 \n"
271 " CMP R0, #0 \n"
272 " LDRLT R0, =0xFF816034 /*'stdlibSetup'*/ \n"
273 " BLLT _err_init_task \n"
274 " BL sub_FF811690 \n"
275 " CMP R0, #0 \n"
276 " LDRLT R0, =0xFF816040 /*'armlib_setup'*/ \n"
277 " BLLT _err_init_task \n"
278 " LDMFD SP!, {R4,LR} \n"
279 " B taskcreate_Startup_my \n"
280 );
281 }
282
283
284
285 void __attribute__((naked,noinline)) taskcreate_Startup_my() {
286 asm volatile (
287 " STMFD SP!, {R3-R9,LR} \n"
288 " MOV R6, #0 \n"
289
290 " BL sub_FF83D9B0 \n"
291 " LDR R9, =0xC0220000 \n"
292 " MOVS R7, R0 \n"
293 " MOV R8, #1 \n"
294 " BNE loc_FF81FD1C \n"
295 " BL sub_FF8372F0 /*_IsNormalCameraMode_FW*/ \n"
296 " CMP R0, #0 \n"
297 " BEQ loc_FF81FD1C \n"
298 " LDR R0, [R9, #0x12C] \n"
299 " BIC R5, R8, R0 \n"
300 " LDR R0, [R9, #0x128] \n"
301 " BIC R4, R8, R0 \n"
302 " BL sub_FF833DDC \n"
303 " CMP R0, #1 \n"
304 " MOVEQ R6, #1 \n"
305 " ORR R0, R4, R5 \n"
306 " ORRS R0, R0, R6 \n"
307 " BNE loc_FF81FD2C \n"
308 " BL sub_FF834190 \n"
309 " MOV R0, #0x44 \n"
310 " STR R0, [R9, #0x1C] \n"
311 " BL sub_FF834380 \n"
312
313 "loc_FF81FD18:\n"
314 " B loc_FF81FD18 \n"
315
316 "loc_FF81FD1C:\n"
317 " LDR R0, [R9, #0x128] \n"
318 " BIC R4, R8, R0 \n"
319 " LDR R0, [R9, #0x12C] \n"
320 " BIC R5, R8, R0 \n"
321
322 "loc_FF81FD2C:\n"
323 " MOV R3, R6 \n"
324 " MOV R2, R7 \n"
325 " MOV R1, R5 \n"
326 " MOV R0, R4 \n"
327
328
329 " BL sub_FF83BB7C \n"
330 " LDR R1, =0x3CE000 \n"
331 " MOV R0, #0 \n"
332 " BL sub_FF83BFEC \n"
333 " BL sub_FF83BD94 /*_EnableDispatch*/ \n"
334 " MOV R3, #0 \n"
335 " STR R3, [SP] \n"
336 " LDR R3, =task_Startup_my \n"
337 " LDR PC, =0xFF81FD64 \n"
338 );
339 }
340
341
342
343 void __attribute__((naked,noinline)) task_Startup_my() {
344 asm volatile (
345 " STMFD SP!, {R4,LR} \n"
346 " BL sub_FF816588 \n"
347 " BL sub_FF835D30 \n"
348 " BL sub_FF833DEC \n"
349
350 " BL sub_FF83DBE4 \n"
351 " BL sub_FF834F90 \n"
352 " BL sub_FF833870 \n"
353
354 " BL sub_FF89AFCC \n"
355 " BL sub_FF816488 \n"
356 " BL sub_FF836A50 \n"
357 " LDR R1, =0x7C007C00 \n"
358 " LDR R0, =0xC0F1800C \n"
359 " BL sub_FF835D3C /*_EngDrvOut*/ \n"
360 " LDR R0, =0xC0F18010 \n"
361 " MOV R1, #0 \n"
362 " BL sub_FF835D3C /*_EngDrvOut*/ \n"
363 " LDR R0, =0xC0F18018 \n"
364 " MOV R1, #0 \n"
365 " BL sub_FF835D3C /*_EngDrvOut*/ \n"
366 " LDR R0, =0xC0F1801C \n"
367 " MOV R1, #0x1000 \n"
368 " BL sub_FF835D3C /*_EngDrvOut*/ \n"
369 " LDR R0, =0xFF81FD90 \n"
370 " MOV R1, #8 \n"
371 " BL sub_FF835D3C /*_EngDrvOut*/ \n"
372 " LDR R0, =0xFF81FD94 \n"
373 " MOV R1, #0xE000000 \n"
374 " BL sub_FF835D3C /*_EngDrvOut*/ \n"
375 " BL sub_FF8164C0 \n"
376 " BL sub_FF832280 \n"
377 " BL sub_FF83DC14 \n"
378 " BL sub_FF83B320 \n"
379 " BL sub_FF83DD94 \n"
380
381 " BL CreateTask_spytask\n"
382
383 " BL taskcreatePhySw_my \n"
384 " LDR PC, =0xFF81FC84 \n"
385 );
386 }
387
388
389
390 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
391 asm volatile (
392 " STMFD SP!, {R3-R5,LR} \n"
393 " LDR R4, =0x1C3C \n"
394 " LDR R0, [R4, #4] \n"
395 " CMP R0, #0 \n"
396 " BNE sub_FF834A20 \n"
397 " MOV R3, #0 \n"
398 " STR R3, [SP] \n"
399 " LDR R3, =mykbd_task \n"
400 " MOV R2, #0x2000 \n"
401 " LDR PC, =0xFF834A10 \n"
402 );
403 }
404
405
406
407 void __attribute__((naked,noinline)) init_file_modules_task() {
408 asm volatile (
409 " STMFD SP!, {R4-R6,LR} \n"
410 " BL sub_FF89669C \n"
411 " LDR R5, =0x5006 \n"
412 " MOVS R4, R0 \n"
413 " MOVNE R1, #0 \n"
414 " MOVNE R0, R5 \n"
415 " BLNE _PostLogicalEventToUI \n"
416 " BL sub_FF8966C8 \n"
417 " BL core_spytask_can_start\n"
418 " LDR PC, =0xFF89E68C \n"
419 );
420 }