This source file includes following definitions.
- taskHook
- CreateTask_spytask
- boot
- sub_FF000358_my
- sub_FF0011B0_my
- sub_FF005F2C_my
- sub_FF00FDA0_my
- taskcreate_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4 #include "dryos31.h"
5
6 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
7
8 const char * const new_sa = &_end;
9
10
11 void CreateTask_PhySw();
12 void CreateTask_spytask();
13 extern void task_CaptSeq();
14 extern void task_InitFileModules();
15 extern void task_MovieRecord();
16 extern void task_ExpDrv();
17 extern void task_FileWrite();
18
19 void taskHook(context_t **context)
20 {
21 task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
22
23
24
25 if(tcb->entry == (void*)task_CaptSeq) tcb->entry = (void*)capt_seq_task;
26 if(tcb->entry == (void*)task_InitFileModules) tcb->entry = (void*)init_file_modules_task;
27 if(tcb->entry == (void*)task_MovieRecord) tcb->entry = (void*)movie_record_task;
28 if(tcb->entry == (void*)task_ExpDrv) tcb->entry = (void*)exp_drv_task;
29 if(tcb->entry == (void*)task_FileWrite) tcb->entry = (void*)filewritetask;
30 }
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53 void CreateTask_spytask()
54 {
55 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
56 }
57
58
59
60
61
62
63 void __attribute__((naked,noinline)) boot() {
64 asm volatile (
65 " LDR R1, =0xC0410000 \n"
66 " MOV R0, #0 \n"
67 " STR R0, [R1] \n"
68 " MOV R1, #0x78 \n"
69 " MCR p15, 0, R1, c1, c0 \n"
70 " MOV R1, #0 \n"
71 " MCR p15, 0, R1, c7, c10, 4 \n"
72 " MCR p15, 0, R1, c7, c5 \n"
73 " MCR p15, 0, R1, c7, c6 \n"
74 " MOV R0, #0x3D \n"
75 " MCR p15, 0, R0, c6, c0 \n"
76 " MOV R0, #0xC000002F \n"
77 " MCR p15, 0, R0, c6, c1 \n"
78 " MOV R0, #0x35 \n"
79 " MCR p15, 0, R0, c6, c2 \n"
80 " MOV R0, #0x40000035 \n"
81 " MCR p15, 0, R0, c6, c3 \n"
82 " MOV R0, #0x80000017 \n"
83 " MCR p15, 0, R0, c6, c4 \n"
84 " LDR R0, =0xFF00002F \n"
85 " MCR p15, 0, R0, c6, c5 \n"
86 " MOV R0, #0x34 \n"
87 " MCR p15, 0, R0, c2, c0 \n"
88 " MOV R0, #0x34 \n"
89 " MCR p15, 0, R0, c2, c0, 1 \n"
90 " MOV R0, #0x34 \n"
91 " MCR p15, 0, R0, c3, c0 \n"
92 " LDR R0, =0x3333330 \n"
93 " MCR p15, 0, R0, c5, c0, 2 \n"
94 " LDR R0, =0x3333330 \n"
95 " MCR p15, 0, R0, c5, c0, 3 \n"
96 " MRC p15, 0, R0, c1, c0 \n"
97 " ORR R0, R0, #0x1000 \n"
98 " ORR R0, R0, #4 \n"
99 " ORR R0, R0, #1 \n"
100 " MCR p15, 0, R0, c1, c0 \n"
101 " MOV R1, #0x80000006 \n"
102 " MCR p15, 0, R1, c9, c1 \n"
103 " MOV R1, #6 \n"
104 " MCR p15, 0, R1, c9, c1, 1 \n"
105 " MRC p15, 0, R1, c1, c0 \n"
106 " ORR R1, R1, #0x50000 \n"
107 " MCR p15, 0, R1, c1, c0 \n"
108 " LDR R2, =0xC0200000 \n"
109 " MOV R1, #1 \n"
110 " STR R1, [R2, #0x10C] \n"
111 " MOV R1, #0xFF \n"
112 " STR R1, [R2, #0xC] \n"
113 " STR R1, [R2, #0x1C] \n"
114 " STR R1, [R2, #0x2C] \n"
115 " STR R1, [R2, #0x3C] \n"
116 " STR R1, [R2, #0x4C] \n"
117 " STR R1, [R2, #0x5C] \n"
118 " STR R1, [R2, #0x6C] \n"
119 " STR R1, [R2, #0x7C] \n"
120 " STR R1, [R2, #0x8C] \n"
121 " STR R1, [R2, #0x9C] \n"
122 " STR R1, [R2, #0xAC] \n"
123 " STR R1, [R2, #0xBC] \n"
124 " STR R1, [R2, #0xCC] \n"
125 " STR R1, [R2, #0xDC] \n"
126 " STR R1, [R2, #0xEC] \n"
127 " STR R1, [R2, #0xFC] \n"
128 " LDR R1, =0xC0400008 \n"
129 " LDR R2, =0x430005 \n"
130 " STR R2, [R1] \n"
131 " MOV R1, #1 \n"
132 " LDR R2, =0xC0243100 \n"
133 " STR R2, [R1] \n"
134 " LDR R2, =0xC0242010 \n"
135 " LDR R1, [R2] \n"
136 " ORR R1, R1, #1 \n"
137 " STR R1, [R2] \n"
138 " LDR R0, =0xFF497420 \n"
139 " LDR R1, =0x1900 \n"
140 " LDR R3, =0x102DC \n"
141 "loc_FF00013C:\n"
142 " CMP R1, R3 \n"
143 " LDRCC R2, [R0], #4 \n"
144 " STRCC R2, [R1], #4 \n"
145 " BCC loc_FF00013C \n"
146 " LDR R1, =0x181A9C \n"
147 " MOV R2, #0 \n"
148 "loc_FF000154:\n"
149 " CMP R3, R1 \n"
150 " STRCC R2, [R3], #4 \n"
151 " BCC loc_FF000154 \n"
152
153 " B sub_FF000358_my \n"
154 );
155 }
156
157
158
159
160
161 void __attribute__((naked,noinline)) sub_FF000358_my() {
162
163
164 *(int*)0x1938=(int)taskHook;
165 *(int*)0x193C=(int)taskHook;
166
167
168
169
170 *(int*)(0x2610) = (*(int*)0xC0220130)&1 ? 0x200000 : 0x100000;
171
172 asm volatile (
173 " LDR R0, =0xFF0003D0 \n"
174 " MOV R1, #0 \n"
175 " LDR R3, =0xFF000408 \n"
176 "loc_FF000364:\n"
177 " CMP R0, R3 \n"
178 " LDRCC R2, [R0], #4 \n"
179 " STRCC R2, [R1], #4 \n"
180 " BCC loc_FF000364 \n"
181 " LDR R0, =0xFF000408 \n"
182 " MOV R1, #0x4B0 \n"
183 " LDR R3, =0xFF00061C \n"
184 "loc_FF000380:\n"
185 " CMP R0, R3 \n"
186 " LDRCC R2, [R0], #4 \n"
187 " STRCC R2, [R1], #4 \n"
188 " BCC loc_FF000380 \n"
189 " MOV R0, #0xD2 \n"
190 " MSR CPSR_cxsf, R0 \n"
191 " MOV SP, #0x1000 \n"
192 " MOV R0, #0xD3 \n"
193 " MSR CPSR_cxsf, R0 \n"
194 " MOV SP, #0x1000 \n"
195 " LDR R0, =0x6C4 \n"
196 " LDR R2, =0xEEEEEEEE \n"
197 " MOV R3, #0x1000 \n"
198 "loc_FF0003B4:\n"
199 " CMP R0, R3 \n"
200 " STRCC R2, [R0], #4 \n"
201 " BCC loc_FF0003B4 \n"
202
203 " BL sub_FF0011B0_my \n"
204 );
205 }
206
207
208
209
210
211 void __attribute__((naked,noinline)) sub_FF0011B0_my() {
212 asm volatile (
213 " STR LR, [SP, #-4]! \n"
214 " SUB SP, SP, #0x74 \n"
215 " MOV R1, #0x74 \n"
216 " MOV R0, SP \n"
217 " BL sub_FF3A2D58 \n"
218 " MOV R0, #0x57000 \n"
219 " STR R0, [SP, #4] \n"
220 #if defined(CHDK_NOT_IN_CANON_HEAP)
221 " LDR R0, =0x181A9C \n"
222 #else
223 " LDR R0, =new_sa \n"
224 " LDR R0, [R0] \n"
225 #endif
226 " LDR R2, =0x36D788 \n"
227 " STR R0, [SP, #8] \n"
228 " SUB R0, R2, R0 \n"
229 " STR R0, [SP, #0xC] \n"
230 " MOV R0, #0x22 \n"
231 " STR R0, [SP, #0x18] \n"
232 " MOV R0, #0x72 \n"
233 " STR R0, [SP, #0x1C] \n"
234 " LDR R1, =0x375C00 \n"
235 " LDR R0, =0x1CD \n"
236 " STR R1, [SP] \n"
237 " STR R0, [SP, #0x20] \n"
238 " MOV R0, #0x96 \n"
239 " STR R2, [SP, #0x10] \n"
240 " STR R1, [SP, #0x14] \n"
241 " STR R0, [SP, #0x24] \n"
242 " STR R0, [SP, #0x28] \n"
243 " MOV R0, #0x64 \n"
244 " STR R0, [SP, #0x2C] \n"
245 " MOV R0, #0 \n"
246 " STR R0, [SP, #0x30] \n"
247 " STR R0, [SP, #0x34] \n"
248 " MOV R0, #0x10 \n"
249 " STR R0, [SP, #0x5C] \n"
250 " MOV R0, #0x800 \n"
251 " STR R0, [SP, #0x60] \n"
252 " MOV R0, #0xA0 \n"
253 " STR R0, [SP, #0x64] \n"
254 " MOV R0, #0x280 \n"
255 " STR R0, [SP, #0x68] \n"
256
257 " LDR R1, =sub_FF005F2C_my \n"
258 " B sub_FF00124C \n"
259 );
260 }
261
262
263
264
265
266 void __attribute__((naked,noinline)) sub_FF005F2C_my() {
267 asm volatile (
268 " STMFD SP!, {R4,LR} \n"
269 " BL sub_FF000B28 \n"
270 " BL sub_FF00A384 \n"
271 " CMP R0, #0 \n"
272 " LDRLT R0, =0xFF006040 \n"
273
274 " BLLT _err_init_task \n"
275 " BL sub_FF005B64 \n"
276 " CMP R0, #0 \n"
277 " LDRLT R0, =0xFF006048 \n"
278
279 " BLLT _err_init_task \n"
280 " LDR R0, =0xFF006058 \n"
281 " BL sub_FF005C4C \n"
282 " CMP R0, #0 \n"
283 " LDRLT R0, =0xFF006060 \n"
284
285 " BLLT _err_init_task \n"
286 " LDR R0, =0xFF006058 \n"
287 " BL sub_FF003CA8 \n"
288 " CMP R0, #0 \n"
289 " LDRLT R0, =0xFF006074 \n"
290
291 " BLLT _err_init_task \n"
292 " BL sub_FF009CEC \n"
293 " CMP R0, #0 \n"
294 " LDRLT R0, =0xFF006080 \n"
295
296 " BLLT _err_init_task \n"
297 " BL sub_FF001690 \n"
298 " CMP R0, #0 \n"
299 " LDRLT R0, =0xFF00608C \n"
300
301 " BLLT _err_init_task \n"
302 " LDMFD SP!, {R4,LR} \n"
303
304 " B sub_FF00FDA0_my \n"
305 );
306 }
307
308
309
310
311
312 void __attribute__((naked,noinline)) sub_FF00FDA0_my() {
313 asm volatile (
314 " STMFD SP!, {R4,LR} \n"
315 " BL sub_FF025558 \n"
316
317 " BL taskcreate_Startup_my \n"
318 " MOV R0, #0 \n"
319 " LDMFD SP!, {R4,PC} \n"
320 );
321 }
322
323
324
325
326
327 void __attribute__((naked,noinline)) taskcreate_Startup_my() {
328 asm volatile (
329 " STMFD SP!, {R3-R9,LR} \n"
330 " MOV R6, #0 \n"
331 " BL sub_FF02D710 \n"
332 " LDR R9, =0xC0220000 \n"
333 " MOVS R7, R0 \n"
334 " MOV R8, #1 \n"
335 " BNE loc_FF00FE18 \n"
336 " BL sub_FF026F24 \n"
337 " CMP R0, #0 \n"
338 " BEQ loc_FF00FE18 \n"
339 " LDR R0, [R9, #0x128] \n"
340 " BIC R5, R8, R0 \n"
341 " LDR R0, [R9, #0x12C] \n"
342 " BIC R4, R8, R0 \n"
343 " BL sub_FF02396C \n"
344 " CMP R0, #1 \n"
345 " MOVEQ R6, #1 \n"
346 " ORR R0, R4, R5 \n"
347 " ORRS R0, R0, R6 \n"
348 " BNE loc_FF00FE28 \n"
349 " BL sub_FF024634 \n"
350 " MOV R0, #0x44 \n"
351 " STR R0, [R9, #0x1C] \n"
352 " BL sub_FF024824 \n"
353 "loc_FF00FE14:\n"
354 " B loc_FF00FE14 \n"
355 "loc_FF00FE18:\n"
356 " LDR R0, [R9, #0x12C] \n"
357 " BIC R4, R8, R0 \n"
358 " LDR R0, [R9, #0x128] \n"
359 " BIC R5, R8, R0 \n"
360 "loc_FF00FE28:\n"
361 " MOV R3, R6 \n"
362 " MOV R2, R7 \n"
363 " MOV R1, R5 \n"
364 " MOV R0, R4 \n"
365 " BL sub_FF025560 \n"
366 " BL sub_FF02555C \n"
367 " BL sub_FF02B8DC \n"
368 " LDR R1, =0x3CE000 \n"
369 " MOV R0, #0 \n"
370 " BL sub_FF02BD4C \n"
371 " BL sub_FF02BAF4 \n"
372 " MOV R3, #0 \n"
373 " STR R3, [SP] \n"
374
375 " LDR R3, =task_Startup_my \n"
376 " B sub_FF00FE60 \n"
377 );
378 }
379
380
381
382
383
384 void __attribute__((naked,noinline)) task_Startup_my() {
385 asm volatile (
386 " STMFD SP!, {R4,LR} \n"
387 " BL sub_FF0065DC \n"
388 " BL sub_FF026668 \n"
389 " BL sub_FF023EF0 \n"
390 " BL sub_FF024270 \n"
391
392 " BL sub_FF02D944 \n"
393 " BL sub_FF024954 \n"
394 " BL sub_FF02397C \n"
395 " MOV R0, #1 \n"
396 " BL sub_FF023E64 \n"
397
398 " BL sub_FF02DAFC \n"
399 " BL sub_FF022378 \n"
400 " BL sub_FF02D974 \n"
401 " BL sub_FF02B080 \n"
402 " BL sub_FF02DB00 \n"
403
404 " BL CreateTask_spytask \n"
405 " BL taskcreatePhySw_my \n"
406 " B sub_FF00FD70 \n"
407 );
408 }
409
410
411
412
413
414 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
415 asm volatile (
416 " STMFD SP!, {R3-R5,LR} \n"
417 " LDR R4, =0x1C4C \n"
418 " LDR R0, [R4, #4] \n"
419 " CMP R0, #0 \n"
420 " BNE sub_FF025410 \n"
421 " MOV R3, #0 \n"
422 " STR R3, [SP] \n"
423
424 " LDR R3, =mykbd_task \n"
425
426 " MOV R2, #0x2000 \n"
427 " B sub_FF025400 \n"
428 );
429 }
430
431
432
433
434
435
436 void __attribute__((naked,noinline)) init_file_modules_task() {
437 asm volatile (
438 " STMFD SP!, {R4-R6,LR} \n"
439 " BL sub_FF08ABA0 \n"
440 " LDR R5, =0x5006 \n"
441 " MOVS R4, R0 \n"
442 " MOVNE R1, #0 \n"
443 " MOVNE R0, R5 \n"
444 " BLNE sub_FF08EDF0 \n"
445 " BL sub_FF08ABCC \n"
446 " BL core_spytask_can_start\n"
447 " B sub_FF09303C \n"
448 );
449 }