This source file includes following definitions.
- taskCreateHook
- taskCreateHook2
- boot
- sub_FFC001A4_my
- sub_FFC00FA0_my
- uHwSetup_my
- CreateTask_Startup_my
- task_Startup_my
- CreateTask_spytask
- task_InitFileModules_my
- sub_FFC58A54_my
- sub_FFC3D588_my
- sub_FFC3D3C4_my
- sub_FFC3D154_my
1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4
5 const char * const new_sa = &_end;
6
7
8 extern long wrs_kernel_bss_start;
9 extern long wrs_kernel_bss_end;
10
11
12 void CreateTask_PhySw();
13 void CreateTask_spytask();
14
15 void task_CaptSeqTask_my();
16 void task_InitFileModules_my();
17 void MovieRecord_Task_my();
18
19 void boot();
20
21 void taskCreateHook(int *p) {
22 p-=16;
23 if (p[0]==(int)0xFFC49B38) p[0]=(int)task_CaptSeqTask_my;
24 if (p[0]==(int)0xFFC118BC) p[0]=(int)mykbd_task;
25 if (p[0]==(int)0xFFC5FEA0) p[0]=(int)task_InitFileModules_my;
26 if (p[0]==(int)0xFFC46678) p[0]=(int)MovieRecord_Task_my;
27 if (p[0]==(int)0xFFC91194) p[0]=(int)exp_drv_task;
28 if (p[0]==(int)0xFFDCB5A8) p[0]=(int)filewritetask;
29 }
30
31 void taskCreateHook2(int *p) {
32 p-=16;
33 if (p[0]==(int)0xFFC5FEA0) p[0]=(int)task_InitFileModules_my;
34 }
35
36 #define DEBUG_LED 0xC02200C4
37
38 void boot() {
39 long *canon_data_src = (void*)0xFFEBFB4C;
40 long *canon_data_dst = (void*)0x1900;
41 long canon_data_len = 0xD700 - 0x1900;
42 long *canon_bss_start = (void*)0xD700;
43 long canon_bss_len = 0xA47E0 - 0xD700;
44
45 long i;
46
47
48
49 asm volatile (
50 "MRC p15, 0, R0,c1,c0\n"
51 "ORR R0, R0, #0x1000\n"
52 "ORR R0, R0, #4\n"
53 "ORR R0, R0, #1\n"
54 "MCR p15, 0, R0,c1,c0\n"
55 :::"r0");
56
57 for(i=0;i<canon_data_len/4;i++)
58 canon_data_dst[i]=canon_data_src[i];
59
60 for(i=0;i<canon_bss_len/4;i++)
61 canon_bss_start[i]=0;
62
63
64
65
66
67
68
69
70
71
72 *(int*)0x1930=(int)taskCreateHook;
73 *(int*)0x1934=(int)taskCreateHook;
74 *(int*)0x1938=(int)taskCreateHook2;
75
76
77 asm volatile ("B sub_FFC001A4_my\n");
78 };
79
80
81
82 void __attribute__((naked,noinline)) sub_FFC001A4_my() {
83 asm volatile (
84 "LDR R0, =0xFFC0021C\n"
85 "MOV R1, #0\n"
86 "LDR R3, =0xFFC00254\n"
87
88 "loc_FFC001B0:\n"
89 "CMP R0, R3\n"
90 "LDRCC R2, [R0], #4\n"
91 "STRCC R2, [R1], #4\n"
92 "BCC loc_FFC001B0\n"
93
94 "LDR R0, =0xFFC00254\n"
95 "MOV R1, #0x4B0\n"
96 "LDR R3, =0xFFC00468\n"
97
98 "loc_FFC001CC:\n"
99 "CMP R0, R3\n"
100 "LDRCC R2, [R0], #4\n"
101 "STRCC R2, [R1], #4\n"
102 "BCC loc_FFC001CC\n"
103 "MOV R0, #0xD2\n"
104 "MSR CPSR_cxsf, R0\n"
105 "MOV SP, #0x1000\n"
106 "MOV R0, #0xD3\n"
107 "MSR CPSR_cxsf, R0\n"
108 "MOV SP, #0x1000\n"
109 "LDR R0, =0x6C4\n"
110 "LDR R2, =0xEEEEEEEE\n"
111 "MOV R3, #0x1000\n"
112 "loc_FFC00200:\n"
113 "CMP R0, R3\n"
114 "STRCC R2, [R0], #4\n"
115 "BCC loc_FFC00200\n"
116
117 "BL sub_FFC00FA0_my\n"
118 );
119 }
120
121
122
123
124 void __attribute__((naked,noinline)) sub_FFC00FA0_my( ) {
125 asm volatile (
126 "STR LR, [SP, #-4]!\n"
127 "SUB SP, SP, #0x74\n"
128 "MOV R0, SP\n"
129 "MOV R1, #0x74\n"
130 "BL sub_FFE58D6C\n"
131 "MOV R0, #0x53000\n"
132 "STR R0, [SP, #4]\n"
133 #if defined(CHDK_NOT_IN_CANON_HEAP)
134 "LDR R0, =0xA47E0\n"
135 #else
136 "LDR R0, =new_sa\n"
137 "LDR R0, [R0]\n"
138 #endif
139 "LDR R2, =0x279C00\n"
140 "LDR R1, =0x272968\n"
141 "STR R0, [SP, #8]\n"
142 "SUB R0, R1, R0\n"
143 "ADD R3, SP, #0xC\n"
144 "STR R2, [SP]\n"
145 "STMIA R3, {R0-R2}\n"
146 "MOV R0, #0x22\n"
147 "STR R0, [SP, #0x18]\n"
148 "MOV R0, #0x68\n"
149 "STR R0, [SP, #0x1C]\n"
150 "LDR R0, =0x19B\n"
151 "MOV R1, #0x64\n"
152 "STRD R0, [SP, #0x20]\n"
153 "MOV R0, #0x78\n"
154 "STRD R0, [SP, #0x28]\n"
155 "MOV R0, #0\n"
156 "STR R0, [SP, #0x30]\n"
157 "STR R0, [SP, #0x34]\n"
158 "MOV R0, #0x10\n"
159 "STR R0, [SP, #0x5C]\n"
160 "MOV R0, #0x800\n"
161 "STR R0, [SP, #0x60]\n"
162 "MOV R0, #0xA0\n"
163 "STR R0, [SP, #0x64]\n"
164 "MOV R0, #0x280\n"
165 "STR R0, [SP, #0x68]\n"
166
167
168 "LDR R1, =uHwSetup_my\n"
169
170 "MOV R0, SP\n"
171 "MOV R2, #0\n"
172 "BL sub_FFC02D58\n"
173 "ADD SP, SP, #0x74\n"
174 "LDR PC, [SP], #4\n"
175 );
176 }
177
178
179
180
181 void __attribute__((naked,noinline)) uHwSetup_my() {
182 asm volatile (
183 "STMFD SP!, {R4,LR}\n"
184 "BL sub_FFC0094C\n"
185 "BL sub_FFC0972C\n"
186 "CMP R0, #0\n"
187 "LDRLT R0, =0xFFC04EB8\n"
188 "BLLT _err_init_task \n"
189 "BL sub_FFC049C8\n"
190 "CMP R0, #0\n"
191 "LDRLT R0, =0xFFC04EC0\n"
192 "BLLT _err_init_task \n"
193 "LDR R0, =0xFFC04ED0\n"
194 "BL sub_FFC04AB4\n"
195 "CMP R0, #0\n"
196 "LDRLT R0, =0xFFC04ED8\n"
197 "BLLT _err_init_task \n"
198 "LDR R0, =0xFFC04ED0\n"
199 "BL sub_FFC03564\n"
200 "CMP R0, #0\n"
201 "LDRLT R0, =0xFFC04EEC\n"
202 "BLLT _err_init_task \n"
203 "BL sub_FFC092B4\n"
204 "CMP R0, #0\n"
205 "LDRLT R0, =0xFFC04EF8\n"
206 "BLLT _err_init_task \n"
207 "BL sub_FFC014B8\n"
208 "CMP R0, #0\n"
209 "LDRLT R0, =0xFFC04F04\n"
210 "BLLT _err_init_task \n"
211 "LDMFD SP!, {R4,LR}\n"
212
213 "B CreateTask_Startup_my\n"
214 );
215 }
216
217
218
219
220 void __attribute__((naked,noinline)) CreateTask_Startup_my( ) {
221 asm volatile (
222 "STMFD SP!, {R3,LR}\n"
223 "BL sub_FFC119DC\n"
224 "BL sub_FFC1979C\n"
225 "CMP R0, #0\n"
226 "BNE loc_FFC0CDB4\n"
227 "BL sub_FFC119D8\n"
228 "CMP R0, #0\n"
229 "BNE loc_FFC0CDB4\n"
230 "LDR R1, =0xC0220000\n"
231 "MOV R0, #0x44\n"
232 "STR R0, [R1, #0x4C]\n"
233 "loc_FFC0CDB0:\n"
234 "B loc_FFC0CDB0\n"
235 "loc_FFC0CDB4:\n"
236
237
238 "BL sub_FFC17B24\n"
239 "LDR R1, =0x2CE000\n"
240 "MOV R0, #0\n"
241
242 "BL sub_FFC17D6C\n"
243 "BL sub_FFC17D18\n"
244 "MOV R3, #0\n"
245 "STR R3, [SP]\n"
246
247
248 "LDR R3, =task_Startup_my\n"
249 "MOV R2, #0\n"
250 "MOV R1, #0x19\n"
251 "LDR R0, =0xFFC0CDFC\n"
252 "BL _CreateTask \n"
253 "MOV R0, #0\n"
254 "LDMFD SP!, {R12,PC}\n"
255 );
256 }
257
258
259
260
261 void __attribute__((naked,noinline)) task_Startup_my( ) {
262 asm volatile (
263 "STMFD SP!, {R4,LR}\n"
264 "BL sub_FFC051BC\n"
265 "BL sub_FFC12B3C\n"
266 "BL sub_FFC0FE14\n"
267
268 "BL sub_FFC199A4\n"
269
270 "BL CreateTask_spytask\n"
271 "BL sub_FFC19B58\n"
272 "BL sub_FFC199F4\n"
273 "BL sub_FFC17064\n"
274 "BL sub_FFC19B5C\n"
275 "BL sub_FFC118F0\n"
276 "BL sub_FFC14A34\n"
277 "BL sub_FFC19B74\n"
278
279 "BL sub_FFC10DC4\n"
280 "BL sub_FFC19564\n"
281 "BL sub_FFC11420\n"
282 "BL sub_FFC10CC4\n"
283 "BL sub_FFC1A4C0\n"
284 "BL sub_FFC10C80\n"
285
286
287
288
289 "BL sub_FFC05070\n"
290 "LDMFD SP!, {R4,PC}\n"
291 );
292 }
293
294 void CreateTask_spytask() {
295 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
296
297 };
298
299
300
301 void __attribute__((naked,noinline)) task_InitFileModules_my( ) {
302 asm volatile (
303 "STMFD SP!, {R4-R6,LR}\n"
304 "BL sub_FFC58A28\n"
305 "LDR R5, =0x5006\n"
306 "MOVS R4, R0\n"
307 "MOVNE R1, #0\n"
308 "MOVNE R0, R5\n"
309 "BLNE _PostLogicalEventToUI \n"
310
311 "BL sub_FFC58A54_my\n"
312
313 "BL core_spytask_can_start\n"
314
315 "CMP R4, #0\n"
316 "MOVEQ R0, R5\n"
317 "LDMEQFD SP!, {R4-R6,LR}\n"
318 "MOVEQ R1, #0\n"
319 "BEQ _PostLogicalEventToUI \n"
320 "LDMFD SP!, {R4-R6,PC}\n"
321 );
322 }
323
324
325
326
327 void __attribute__((naked,noinline)) sub_FFC58A54_my() {
328 asm volatile (
329 "STMFD SP!, {R4,LR}\n"
330
331 "BL sub_FFC3D588_my\n"
332 "LDR R4, =0x5580\n"
333 "LDR R0, [R4, #4]\n"
334 "CMP R0, #0\n"
335 "BNE loc_FFC58A84\n"
336 "BL sub_FFC66B30\n"
337 "BL sub_FFCDE71C\n"
338 "BL sub_FFC66B30\n"
339 "BL sub_FFC3AF78\n"
340 "BL sub_FFC66B40\n"
341 "BL sub_FFCDE7E8\n"
342 "loc_FFC58A84:\n"
343 "MOV R0, #1\n"
344 "STR R0, [R4]\n"
345 "LDMFD SP!, {R4,PC}\n"
346 );
347 }
348
349
350
351
352 void __attribute__((naked,noinline)) sub_FFC3D588_my() {
353 asm volatile (
354 "STMFD SP!, {R4-R6,LR}\n"
355 "MOV R6, #0\n"
356 "MOV R0, R6\n"
357 "BL sub_FFC3D048\n"
358 "LDR R4, =0xFE6C\n"
359 "MOV R5, #0\n"
360 "LDR R0, [R4, #0x38]\n"
361 "BL sub_FFC3DA7C\n"
362 "CMP R0, #0\n"
363 "LDREQ R0, =0x2828\n"
364 "STREQ R5, [R0, #0x10]\n"
365 "STREQ R5, [R0, #0x14]\n"
366 "STREQ R5, [R0, #0x18]\n"
367 "MOV R0, R6\n"
368 "BL sub_FFC3D088\n"
369 "MOV R0, R6\n"
370
371 "BL sub_FFC3D3C4_my\n"
372 "MOV R5, R0\n"
373 "MOV R0, R6\n"
374 "BL sub_FFC3D430\n"
375 "LDR R1, [R4, #0x3C]\n"
376 "AND R2, R5, R0\n"
377 "CMP R1, #0\n"
378 "MOV R0, #0\n"
379 "MOVEQ R0, #0x80000001\n"
380 "BEQ loc_FFC3D61C\n"
381 "LDR R3, [R4, #0x2C]\n"
382 "CMP R3, #2\n"
383 "MOVEQ R0, #4\n"
384 "CMP R1, #5\n"
385 "ORRNE R0, R0, #1\n"
386 "BICEQ R0, R0, #1\n"
387 "CMP R2, #0\n"
388 "BICEQ R0, R0, #2\n"
389 "ORREQ R0, R0, #0x80000000\n"
390 "BICNE R0, R0, #0x80000000\n"
391 "ORRNE R0, R0, #2\n"
392 "loc_FFC3D61C:\n"
393 "STR R0, [R4, #0x40]\n"
394 "LDMFD SP!, {R4-R6,PC}\n"
395 );
396 }
397
398
399
400
401 void __attribute__((naked,noinline)) sub_FFC3D3C4_my() {
402 asm volatile (
403 "STMFD SP!, {R4-R6,LR}\n"
404 "LDR R5, =0x2828\n"
405 "MOV R6, R0\n"
406 "LDR R0, [R5, #0x14]\n"
407 "CMP R0, #0\n"
408 "MOVNE R0, #1\n"
409 "LDMNEFD SP!, {R4-R6,PC}\n"
410 "MOV R0, #0x17\n"
411 "MUL R1, R0, R6\n"
412 "LDR R0, =0xFE6C\n"
413 "ADD R4, R0, R1, LSL #2\n"
414 "LDR R0, [R4, #0x38]\n"
415 "MOV R1, R6\n"
416
417 "BL sub_FFC3D154_my\n"
418 "CMP R0, #0\n"
419 "LDMEQFD SP!, {R4-R6,PC}\n"
420 "LDR R0, [R4, #0x38]\n"
421 "MOV R1, R6\n"
422 "BL sub_FFC3D2BC\n"
423 "CMP R0, #0\n"
424 "LDMEQFD SP!, {R4-R6,PC}\n"
425 "MOV R0, R6\n"
426 "BL sub_FFC3CC50\n"
427 "CMP R0, #0\n"
428 "MOVNE R1, #1\n"
429 "STRNE R1, [R5, #0x14]\n"
430 "LDMFD SP!, {R4-R6,PC}\n"
431 );
432 }
433
434
435
436
437 void __attribute__((naked,noinline)) sub_FFC3D154_my() {
438 asm volatile (
439 "STMFD SP!, {R4-R8,LR}\n"
440 "MOV R8, R0\n"
441 "MOV R0, #0x17\n"
442 "MUL R1, R0, R1\n"
443 "LDR R0, =0xFE6C\n"
444 "MOV R6, #0\n"
445 "ADD R7, R0, R1, LSL #2\n"
446 "LDR R0, [R7, #0x3C]\n"
447 "MOV R5, #0\n"
448 "CMP R0, #6\n"
449 "ADDLS PC, PC, R0, LSL #2\n"
450 "B loc_FFC3D2A0\n"
451 "B loc_FFC3D1B8\n"
452 "B loc_FFC3D1A0\n"
453 "B loc_FFC3D1A0\n"
454 "B loc_FFC3D1A0\n"
455 "B loc_FFC3D1A0\n"
456 "B loc_FFC3D298\n"
457 "B loc_FFC3D1A0\n"
458 "loc_FFC3D1A0:\n"
459 "MOV R2, #0\n"
460 "MOV R1, #0x200\n"
461 "MOV R0, #3\n"
462 "BL sub_FFC52BD4\n"
463 "MOVS R4, R0\n"
464 "BNE loc_FFC3D1C0\n"
465 "loc_FFC3D1B8:\n"
466 "MOV R0, #0\n"
467 "LDMFD SP!, {R4-R8,PC}\n"
468 "loc_FFC3D1C0:\n"
469 "LDR R12, [R7, #0x4C]\n"
470 "MOV R3, R4\n"
471 "MOV R2, #1\n"
472 "MOV R1, #0\n"
473 "MOV R0, R8\n"
474 "BLX R12\n"
475 "CMP R0, #1\n"
476 "BNE loc_FFC3D1EC\n"
477 "MOV R0, #3\n"
478 "BL sub_FFC52D14\n"
479 "B loc_FFC3D1B8\n"
480
481 "loc_FFC3D1EC:\n"
482 "MOV R0, R8\n"
483 "BL sub_FFCFB2F0\n"
484 "MOV R1, R4\n"
485 "BL mbr_read_dryos\n"
486
487
488
489
490
491
492 "MOV R12, R4\n"
493 "MOV LR, R4\n"
494 "MOV R1, #1\n"
495 "B dg_sd_fat32_enter\n"
496 "dg_sd_fat32:\n"
497 "CMP R1, #4\n"
498 "BEQ dg_sd_fat32_end\n"
499 "ADD R12, R12, #0x10\n"
500 "ADD R1, R1, #1\n"
501 "dg_sd_fat32_enter:\n"
502 "LDRB R2, [R12, #0x1BE]\n"
503 "LDRB R3, [R12, #0x1C2]\n"
504 "CMP R3, #0xB\n"
505 "CMPNE R3, #0xC\n"
506 "BNE dg_sd_fat32\n"
507 "CMP R2, #0x00\n"
508 "CMPNE R2, #0x80\n"
509 "BNE dg_sd_fat32\n"
510
511 "MOV R4, R12\n"
512
513 "dg_sd_fat32_end:\n"
514
515
516 "LDRB R1, [R4, #0x1C9]\n"
517 "LDRB R3, [R4, #0x1C8]\n"
518 "LDRB R12, [R4, #0x1CC]\n"
519 "MOV R1, R1, LSL #0x18\n"
520 "ORR R1, R1, R3, LSL #0x10\n"
521 "LDRB R3, [R4, #0x1C7]\n"
522 "LDRB R2, [R4, #0x1BE]\n"
523
524 "ORR R1, R1, R3, LSL #8\n"
525 "LDRB R3, [R4, #0x1C6]\n"
526 "CMP R2, #0\n"
527 "CMPNE R2, #0x80\n"
528 "ORR R1, R1, R3\n"
529 "LDRB R3, [R4, #0x1CD]\n"
530 "MOV R3, R3, LSL #0x18\n"
531 "ORR R3, R3, R12, LSL #0x10\n"
532 "LDRB R12, [R4, #0x1CB]\n"
533 "ORR R3, R3, R12, LSL #8\n"
534 "LDRB R12, [R4, #0x1CA]\n"
535 "ORR R3, R3, R12\n"
536
537
538 "LDRB R12, [LR,#0x1FE]\n"
539 "LDRB LR, [LR,#0x1FF]\n"
540
541 "MOV R4, #0\n"
542 "BNE loc_FFC3D274\n"
543 "CMP R0, R1\n"
544 "BCC loc_FFC3D274\n"
545 "ADD R2, R1, R3\n"
546 "CMP R2, R0\n"
547 "CMPLS R12, #0x55\n"
548 "CMPEQ LR, #0xAA\n"
549 "MOVEQ R6, R1\n"
550 "MOVEQ R5, R3\n"
551 "MOVEQ R4, #1\n"
552 "loc_FFC3D274:\n"
553 "MOV R0, #3\n"
554 "BL sub_FFC52D14\n"
555 "CMP R4, #0\n"
556 "BNE loc_FFC3D2AC\n"
557 "MOV R6, #0\n"
558 "MOV R0, R8\n"
559 "BL sub_FFCFB2F0\n"
560 "MOV R5, R0\n"
561 "B loc_FFC3D2AC\n"
562 "loc_FFC3D298:\n"
563 "MOV R5, #0x40\n"
564 "B loc_FFC3D2AC\n"
565 "loc_FFC3D2A0:\n"
566 "MOV R1, #0x374\n"
567 "LDR R0, =0xFFC3D148\n"
568 "BL _DebugAssert \n"
569 "loc_FFC3D2AC:\n"
570 "STR R6, [R7, #0x44]!\n"
571 "MOV R0, #1\n"
572 "STR R5, [R7, #4]\n"
573 "LDMFD SP!, {R4-R8,PC}\n"
574 );
575 }