root/platform/ixus40_sd300/sub/100k/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. boot
  2. h_usrInit
  3. h_usrKernelInit
  4. h_usrRoot
  5. ttyRead
  6. mytty_nextline
  7. mytty_putc
  8. ttyWrite
  9. replaceConsoleDriver
  10. h_ios_tty_Init

   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 
   5 /* These functions need to be taken from the original firmware and addresses need to be modifyed */
   6 
   7 /* Ours stuff */
   8 extern long wrs_kernel_bss_start;
   9 extern long wrs_kernel_bss_end;
  10 extern void createHook (void *pNewTcb);
  11 extern void deleteHook (void *pTcb);
  12 const char * const new_sa = &_end;
  13 
  14 void boot();
  15 
  16 /* "relocated" functions */
  17 void __attribute__((naked,noinline)) h_usrInit();
  18 void __attribute__((naked,noinline)) h_usrKernelInit();
  19 void __attribute__((naked,noinline)) h_usrRoot();
  20 
  21 extern void mykbd_task_proceed_2();
  22 
  23 void boot()
  24 {
  25     long *canon_data_src = (void*)0xFFAD7700; // This is the address of the "Startofdata" string on the firmware
  26     long *canon_data_dst = (void*)0x1900; // This is where the boot data is copiedduring firmware update
  27     long canon_data_len = 0xEB60; // This is the length of data from "Startofdata" to the end of the firmware dump
  28     long *canon_bss_start = (void*)0x10460; //  = 0xEB60 + 0x1900,  just after data
  29     long canon_bss_len = 0x72DC0 - 0x10460; // The original address of h_usrKernelInit - bss start
  30     long i;
  31 
  32     asm volatile (
  33         "MRC     p15, 0, R0,c1,c0\n"
  34         "ORR     R0, R0, #0x1000\n"
  35         "ORR     R0, R0, #4\n"
  36         "ORR     R0, R0, #1\n"
  37         "MCR     p15, 0, R0,c1,c0\n"
  38     :::"r0");
  39 
  40 
  41     for(i=0;i<canon_data_len/4;i++)
  42         canon_data_dst[i]=canon_data_src[i];
  43 
  44     for(i=0;i<canon_bss_len/4;i++)
  45         canon_bss_start[i]=0;
  46 
  47     asm volatile (
  48         "MRC     p15, 0, R0,c1,c0\n"
  49         "ORR     R0, R0, #0x1000\n"
  50         "BIC     R0, R0, #4\n"
  51         "ORR     R0, R0, #1\n"
  52         "MCR     p15, 0, R0,c1,c0\n"
  53     :::"r0");
  54     
  55     h_usrInit();
  56 }
  57 
  58 
  59 void h_usrInit()
  60 {
  61         asm volatile (
  62         "STR     LR, [SP,#-4]!\n"
  63         "BL      sub_FF811B20\n"
  64         "MOV     R0, #2\n"
  65         "MOV     R1, R0\n"
  66         "BL      sub_FFABDC68\n"
  67         "BL      sub_FFAAA238\n"
  68         "BL      sub_FF81125C\n"
  69         "BL      sub_FF811838\n"
  70         "LDR     LR, [SP],#4\n"
  71         "B       h_usrKernelInit\n"
  72         );
  73 
  74 }
  75 
  76 void  h_usrKernelInit()
  77 {
  78         asm volatile (
  79         "STMFD   SP!, {R4,LR}\n"
  80         "SUB     SP, SP, #8\n"
  81         "BL      sub_FFABE168\n"
  82         "BL      sub_FFAD0C28\n"
  83         "LDR     R3, =0xF894\n"
  84         "LDR     R2, =0x704A0\n"
  85         "LDR     R1, [R3]\n"
  86         "LDR     R0, =0x7278C\n"
  87         "MOV     R3, #0x100\n"
  88         "BL      sub_FFACC464\n"
  89         "LDR     R3, =0xF854\n"
  90         "LDR     R0, =0xFC74\n"
  91         "LDR     R1, [R3]\n"
  92         "BL      sub_FFACC464\n"
  93         "LDR     R3, =0xF910\n"
  94         "LDR     R0, =0x72760\n"
  95         "LDR     R1, [R3]\n"
  96         "BL      sub_FFACC464\n"
  97         "BL      sub_FFAD57A8\n"
  98         "BL      sub_FF811348\n"
  99         "MOV     R4, #0\n"
 100         "MOV     R3, R0\n"
 101         "MOV     R12, #0x800\n"
 102         "LDR     R0, =h_usrRoot\n"
 103         "MOV     R1, #0x4000\n"
 104         );
 105 
 106         //"LDR     R2, =0xB2DC0\n" // 0x72DC0 + 0x40000
 107         asm volatile (
 108         "LDR     R2, =new_sa\n"
 109         "LDR     R2, [R2]\n"
 110         );
 111 
 112         asm volatile (
 113         "STR     R12, [SP]\n"
 114         "STR     R4, [SP,#4]\n"
 115         "BL      sub_FFACDE68\n"
 116         "ADD     SP, SP, #8\n"
 117         "LDMFD   SP!, {R4,PC}\n"
 118         );
 119  
 120 }
 121 
 122 
 123 void  h_usrRoot()
 124 {
 125         volatile long *p;
 126         
 127         asm volatile (
 128         "STMFD   SP!, {R4,R5,LR}\n"
 129         "MOV     R5, R0\n"
 130         "MOV     R4, R1\n"
 131         "BL      sub_FF811BA0\n"
 132         "MOV     R1, R4\n"
 133         "MOV     R0, R5\n"
 134         "BL      sub_FFAC4450\n" // memInit
 135         "MOV     R1, R4\n"
 136         "MOV     R0, R5\n"
 137         "BL      sub_FFAC4EC8\n" // mmPartLibInit <----- OK up to here!!
 138         
 139         //"BL      sub_FF811928\n" // Here something BAD happens! It initializes the MMU, but SD500 has this replaced by a NULLSUB call...
 140 
 141         "BL      sub_FF811814\n"
 142         "MOV     R0, #0x32\n"
 143         "BL      sub_FFAC6938\n" // selectInit
 144         "BL      sub_FF811BE4\n"
 145         "BL      sub_FF811BC4\n"
 146         "BL      sub_FF811C10\n"
 147         "BL      sub_FFAC61F8\n" //selTaskDeleteHookAdd
 148         "BL      sub_FF811B94\n"
 149         );
 150         
 151     _taskCreateHookAdd(createHook);
 152     _taskDeleteHookAdd(deleteHook);
 153 
 154     drv_self_hide();
 155 
 156         asm volatile (
 157         "LDMFD   SP!, {R4,R5,LR}\n"
 158         "B       sub_FF811408\n"
 159         );
 160 
 161 }
 162 
 163 #if CAM_CONSOLE_LOG_ENABLED
 164 typedef struct { 
 165                     long dev_hdr[4]; 
 166                     long opened; 
 167                  
 168                     long fill[64]; 
 169                 } MY_DEV; 
 170                  
 171                 #define CONS_W (45) 
 172                 #define CONS_H (128) 
 173                  
 174                 char console_buf[CONS_H][CONS_W]; 
 175                 long console_buf_line = 0; 
 176                 long console_buf_line_ptr = 0; 
 177                  
 178                 char cmd[100] = "ShowCameraLog\n\0"; 
 179                 int cons_cmd_ptr = -1; 
 180                  
 181                 void mytty_putc(char c); 
 182                  
 183                 int ttyRead(MY_DEV* tty,  char* buffer, int nBytes) 
 184                 { 
 185                     int r = 1; 
 186                  
 187                     if (cons_cmd_ptr == -1){ 
 188                         msleep(2000); 
 189                         cons_cmd_ptr = 0; 
 190                     } 
 191                  
 192                     mytty_putc('r'); 
 193                      
 194                     if (cmd[cons_cmd_ptr] != 0){ 
 195                         *buffer = cmd[cons_cmd_ptr]; 
 196                         cons_cmd_ptr++; 
 197                     } else { 
 198                         while (cons_cmd_ptr != 0){ 
 199                             msleep(10); 
 200                         } 
 201                         *buffer = cmd[cons_cmd_ptr]; 
 202                         cons_cmd_ptr++; 
 203                     } 
 204                  
 205                     return r; 
 206                 } 
 207                  
 208                 void mytty_nextline() 
 209                 { 
 210                     int i; 
 211                  
 212                     console_buf_line_ptr=0; 
 213                     console_buf_line++; 
 214                     if (console_buf_line>=CONS_H){ 
 215                         console_buf_line = 0; 
 216                     } 
 217                     for (i=0;i<15;i++){ 
 218                         int l=i+console_buf_line; 
 219                         if (l>=CONS_H) 
 220                             l-=CONS_H; 
 221                         console_buf[l][0] = 0; 
 222                     } 
 223                 } 
 224                  
 225                 void mytty_putc(char c) 
 226                 { 
 227                     if (c == 0xa){ 
 228                         mytty_nextline(); 
 229                     } else { 
 230                         if (console_buf_line_ptr>=(CONS_W-1)){ 
 231                             mytty_nextline(); 
 232                         } 
 233                  
 234                         console_buf[console_buf_line][console_buf_line_ptr++] = c; 
 235                         console_buf[console_buf_line][console_buf_line_ptr] = 0; 
 236                     } 
 237                 } 
 238                  
 239                 int tyWrite = 0xFFACA1E4; //FFB19FF8; 
 240                 
 241     //ttyWrite seems to work, Read might be broken 
 242                 int ttyWrite(MY_DEV* tty,  char* buffer, int nBytes) 
 243                 { 
 244                     int i; 
 245                  
 246                     for (i=0;i<nBytes;i++){ 
 247                         mytty_putc(buffer[i]); 
 248                     } 
 249                  
 250                     return ((int(*)(void *p, void *p2, int l))tyWrite)(tty, buffer, nBytes); 
 251                 //    return nBytes; 
 252                 } 
 253                  
 254                  
 255                 /* 
 256                   Referenced from ttyDrv_init as 
 257                      LDR     R11, =TTY_DRV_NUM 
 258                   and ttyDevCreate as 
 259                      LDR     R9, =TTY_DRV_NUM 
 260                 */ 
 261                 int *TTY_DRV_NUM = (int*)0x0006F578; 
 262                  
 263                 static void replaceConsoleDriver() 
 264                 { 
 265                     // These function addresses are from ttyDrv_init function call 
 266                     int f0 = 0xFFAC9274; //0xFFB19088; 
 267                     int f1 = 0; 
 268                     int f2 = 0xFFAC9274; //0xFFB19088; 
 269                     int f3 = 0xFFAC92B4; //0xFFB190C8; 
 270                     int f6 = 0xFFAC92F8; //0xFFB1910C; 
 271                     int fRead = (int)&ttyRead; 
 272                     int fWrite = (int)&ttyWrite; 
 273                     int newdriver_id = _iosDrvInstall((void*)f0, (void*)f1, (void*)f2, (void*)f3, (void*)fRead, (void*)fWrite, (void*)f6); 
 274                  
 275                     *TTY_DRV_NUM = newdriver_id; 
 276                 } 
 277                  
 278                 void h_ios_tty_Init() 
 279                 { 
 280                 /* 
 281                   asm volatile 
 282                   ( 
 283                       "MOV     R0, #0x1000" 
 284                       "BL      sub_FF811478" 
 285                  
 286                       "MOV     R1, #0x32"                  
 287                       "LDR     R2, =aNull" 
 288                       "MOV     R0, #0x14"                        
 289                       "BL      iosInit" 
 290                   ); 
 291                 */   
 292                   _iosInit(0x14, 0x32, "/null"); 
 293                   replaceConsoleDriver(); 
 294            
 295                 /*  asm volatile 
 296                   ( 
 297                       "BL      sub_FF811878" 
 298                   ); 
 299                 */ 
 300                 } 
 301 #endif
 302     

/* [<][>][^][v][top][bottom][index][help] */