1 #include "platform.h"
2 //#include "keyboard.h"
3
4 /********** hook_raw_fptr() & hook_raw_ret_addr()
5 ROM:FF8EB058 loc_FF8EB058
6 ROM:FF8EB058 LDR R5, =0x36344
7 ROM:FF8EB05C MOV R2, #0
8 ROM:FF8EB060 MOV R1, #0x220000
9 ROM:FF8EB064 LDR R0, [R5]
10 ROM:FF8EB068 BL unknown_libname_21
11 ROM:FF8EB06C MOV R1, #0x220000
12 ROM:FF8EB070 LDR R0, [R5]
13 ROM:FF8EB074 BL ClearEventFlag
14 ROM:FF8EB078 LDR R3, =0x3635C
15 ROM:FF8EB07C LDR R2, =0x36358 ; <--- hook_raw_fptr()
16 ROM:FF8EB080 LDR R0, [R3]
17 ROM:FF8EB084 MOV LR, PC
18 ROM:FF8EB088 LDR PC, [R2]
19 ROM:FF8EB08C BL sub_FF8EABF0 ; <--- hook_raw_ret_addr() points here
20 ROM:FF8EB090 LDR R3, =0x58A4
21 ***********/
22 // obsolete
23 /*
24 void *hook_raw_fptr() {
25 return (void*)0x36358; // ROM:FF8EB07C
26 }
27 void *hook_raw_ret_addr() {
28 return (void*)0xFF8EB08C; // ROM:FF8EB08C
29 }
30 */
31
32
33 /*********** hook_raw_image_addr()
34 search for string "ImgPrcssBuf.c:156", raw buffer table is right above sub
35
36 ROM:FF99865C LDR LR, =0xFF9985B8 ; <--- raw buffer table
37 ROM:FF998660 LDR R3, =0x6BC0
38 ROM:FF998664 LDR R2, =0x6BC4 ; <---
39
40 ROM:FF9985B8 raw_buffer_table
41 ...
42 ROM:FF9985D8 DCD 0x113D38D2
43 ROM:FF9985DC DCD 0x1082C320 ; <---
44 ROM:FF9985E0 DCD 0x1088B440
45 ROM:FF9985E4 DCD 0x1278AE32
46 ROM:FF9985E8 DCD 0x11BE3880 ; <---
47 ROM:FF9985EC DCD 0x114D36C0
48 ***********/
49 char *hook_raw_image_addr() {
50 // return (char*)(0x1082C320); // 0x1082C000 + 0x320 does not work
51 return (char*)(*(int*)0x6BC4 ? 0x11BE3880 : 0x1082C320); // looks like SD900 has volatile RAW buffer like G7 / G9 / A650
52 }
53
54 /*********** vid_get_bitmap_fb()
55 look near string "BmpDDev.c"
56
57 ROM:FF95A884 MOV R3, #0x10000000 ; <---
58 ROM:FF95A888 ADD R3, R3, #0x360000 ; <---
59 ROM:FF95A88C ADD R3, R3, #0x1000 ; <---
60 ROM:FF95A890 CMP R0, R3
61 ROM:FF95A894 STR LR, [SP,#-4]!
62 ROM:FF95A898 MOV R2, #0
63 ROM:FF95A89C MOV R1, #0xF6
64 ROM:FF95A8A0 LDR R0, =aBmpddev_c
65 ***********/
66 void *vid_get_bitmap_fb() {
67 return (void*)0x10361000; // 0x10000000 + 0x360000 + 0x1000 , same as SD800 / SD1000
68 }
69
70 /*********** vid_get_viewport_live_fb()
71 OLD !!!
72
73 ROM:FFB133D8 loc_FFB133D8
74 ROM:FFB133D8 BL sub_FF8BE30C
75 ROM:FFB133DC LDR R2, =0x1065B130 ; <--- this plus below
76 ROM:FFB133E0 MOVL R3, 0x8B380 ; <---
77 ROM:FFB133E8 MOV R1, R2
78 ROM:FFB133EC STMIA R4, {R2,R3}
79 ROM:FFB133F0 LDR R0, =aVramAddressP
80 ROM:FFB133F4 BL sub_FFB08E8C
81 ROM:FFB133F8 LDR R1, [R4,#4]
82 ROM:FFB133FC LDR R0, =aVramSize0xX
83 ROM:FFB13400 BL sub_FFB08E8C
84 ROM:FFB13404 MOV R0, #0
85 ROM:FFB13408 LDMFD SP!, {R4-R7,PC}
86 ***********/
87 /*
88 void *vid_get_viewport_live_fb() { // live picture buffer (shoot not pressed)
89 return (void*)0x106E64B0; // 0x1065B130 + 0x8B380
90 }
91 */
92
93 /*********** vid_get_viewport_live_fb()
94 ROM:FF8BB124 loc_FF8BB124
95 ROM:FF8BB124 LDR R3, =0x55D4 ; <---
96 ROM:FF8BB128 LDR R2, =0x55BC ; <---
97 ROM:FF8BB12C LDRB R0, [R3]
98 ROM:FF8BB130 LDR R1, [R2,R0,LSL#2]
99 ROM:FF8BB134 MOV R0, #0
100 ROM:FF8BB138 BL loc_FF88E5D4
101 ***********/
102 void *vid_get_viewport_live_fb() { // live picture buffer (shoot not pressed)
103 //return (void*)0x106E64B0; // 0x1065B130 + 0x8B380
104 void **fb = (void **)0x55BC;
105 unsigned char buff = *((unsigned char*)0x55D4);
106 if(buff == 0) {
107 buff = 2;
108 } else {
109 buff--;
110 }
111 return fb[buff];
112 }
113
114 /*********** vid_get_viewport_fb
115 look near string "VRAM Address : %p"
116
117 ROM:FFB133D8 loc_FFB133D8
118 ROM:FFB133D8 BL sub_FF8BE30C
119 ROM:FFB133DC LDR R2, =0x1065B130 ; <---
120 ROM:FFB133E0 MOVL R3, 0x8B380
121 ROM:FFB133E8 MOV R1, R2
122 ROM:FFB133EC STMIA R4, {R2,R3}
123 ROM:FFB133F0 LDR R0, =aVramAddressP
124 ROM:FFB133F4 BL sub_FFB08E8C
125 ROM:FFB133F8 LDR R1, [R4,#4]
126 ROM:FFB133FC LDR R0, =aVramSize0xX
127 ROM:FFB13400 BL sub_FFB08E8C
128 ROM:FFB13404 MOV R0, #0
129 ROM:FFB13408 LDMFD SP!, {R4-R7,PC}
130 ***********/
131 void *vid_get_viewport_fb() { // live picture buffer (shoot half-pressed)
132 return (void*)0x1065B130; // ROM:FFB133DC
133 }
134
135 /*********** vid_get_viewport_fb_d()
136 look near string "ImagePlayer.c"
137
138 ROM:FF95C314 LDR R1, =0x74028 ; <---
139 ROM:FF95C318 ADD R3, R3, R3,LSL#2
140 ***********/
141 void *vid_get_viewport_fb_d() { // picture buffer (play mode)
142 return (void*)(*(int*)0x74028); // ROM:FF95C354
143 }
144
145 long vid_get_viewport_height() {
146 return ((mode_get()&MODE_MASK) == MODE_PLAY)?240:230;
147 }
148
149 /*********** camera_jpeg_count_str()
150 search for DCB "9999",0
151
152 ROM:FFAA77B0 dword_FFAA77B0 DCD 0x98E0
153 ROM:FFAA7130 a9999 DCB "9999",0
154 ROM:FFAA7135 DCB 0
155 ROM:FFAA7136 DCB 0
156 ROM:FFAA7137 DCB 0
157 ROM:FFAA7138 aD_0 DCB "%d",0
158 ROM:FFAA713B DCB 0
159 ROM:FFAA713C sub_FFAA713C
160 ROM:FFAA713C MOV R3, #0x2700
161 ROM:FFAA7140 MOV R2, R0
162 ROM:FFAA7144 STMFD SP!, {R4,LR}
163 ROM:FFAA7148 ADD R3, R3, #0xE
164 ROM:FFAA714C LDR R4, =0x818C8 ; <---
165 ROM:FFAA7150 CMP R2, R3
166 ROM:FFAA7154 LDR R1, =a9999
167 ROM:FFAA7158 MOV R0, R4
168 ROM:FFAA715C BLS loc_FFAA7168
169 ROM:FFAA7160 BL sprintf
170 ROM:FFAA7164 B loc_FFAA7178
171 ***********/
172 char *camera_jpeg_count_str() {
173 return (char*)0x818C8; // ROM:FFAA714C
174 }