This source file includes following definitions.
- taskHook
- CreateTask_spytask
- boot
- sub_FF000380_my
- sub_FF0011D8_my
- sub_FF004288_my
- sub_FF00A6BC_my
- sub_FF00A694_my
- sub_FF00A6EC_my
- task_Startup_my
- sub_FF02632C_my
- sub_FF080DE0_my
- taskcreatePhySw_my
- init_file_modules_task
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7 #include "dryos31.h"
8
9 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
10
11 const char * const new_sa = &_end;
12
13 void CreateTask_PhySw();
14 void CreateTask_spytask();
15
16 extern void task_CaptSeq();
17 extern void task_InitFileModules();
18 extern void task_MovieRecord();
19 extern void task_ExpDrv();
20 extern void task_PhySw();
21 extern void task_FileWrite();
22
23 void taskHook(context_t **context) {
24 task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
25
26 if(tcb->entry == (void*)task_PhySw) tcb->entry = (void*)mykbd_task;
27 if(tcb->entry == (void*)task_CaptSeq) tcb->entry = (void*)capt_seq_task;
28 if(tcb->entry == (void*)task_InitFileModules) tcb->entry = (void*)init_file_modules_task;
29 if(tcb->entry == (void*)task_MovieRecord) tcb->entry = (void*)movie_record_task;
30 if(tcb->entry == (void*)task_ExpDrv) tcb->entry = (void*)exp_drv_task;
31 if(tcb->entry == (void*)task_FileWrite) tcb->entry = (void*)filewritetask;
32 }
33
34
35
36
37 void CreateTask_spytask()
38 {
39 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
40 }
41
42
43
44
45
46
47
48
49
50 void __attribute__((naked,noinline)) boot() {
51 asm volatile (
52 " LDR R1, =0xC0410000 \n"
53 " MOV R0, #0 \n"
54 " STR R0, [R1] \n"
55 " MOV R1, #0x78 \n"
56 " MCR p15, 0, R1, c1, c0 \n"
57 " MOV R1, #0 \n"
58 " MCR p15, 0, R1, c7, c10, 4 \n"
59 " MCR p15, 0, R1, c7, c5 \n"
60 " MCR p15, 0, R1, c7, c6 \n"
61 " MOV R0, #0x3D \n"
62 " MCR p15, 0, R0, c6, c0 \n"
63 " MOV R0, #0xC000002F \n"
64 " MCR p15, 0, R0, c6, c1 \n"
65 " MOV R0, #0x35 \n"
66 " MCR p15, 0, R0, c6, c2 \n"
67 " MOV R0, #0x40000035 \n"
68 " MCR p15, 0, R0, c6, c3 \n"
69 " MOV R0, #0x80000017 \n"
70 " MCR p15, 0, R0, c6, c4 \n"
71 " LDR R0, =0xFF00002F \n"
72 " MCR p15, 0, R0, c6, c5 \n"
73 " MOV R0, #0x34 \n"
74 " MCR p15, 0, R0, c2, c0 \n"
75 " MOV R0, #0x34 \n"
76 " MCR p15, 0, R0, c2, c0, 1 \n"
77 " MOV R0, #0x34 \n"
78 " MCR p15, 0, R0, c3, c0 \n"
79 " LDR R0, =0x3333330 \n"
80 " MCR p15, 0, R0, c5, c0, 2 \n"
81 " LDR R0, =0x3333330 \n"
82 " MCR p15, 0, R0, c5, c0, 3 \n"
83 " MRC p15, 0, R0, c1, c0 \n"
84 " ORR R0, R0, #0x1000 \n"
85 " ORR R0, R0, #4 \n"
86 " ORR R0, R0, #1 \n"
87 " MCR p15, 0, R0, c1, c0 \n"
88 " MOV R1, #0x80000006 \n"
89 " MCR p15, 0, R1, c9, c1 \n"
90 " MOV R1, #6 \n"
91 " MCR p15, 0, R1, c9, c1, 1 \n"
92 " MRC p15, 0, R1, c1, c0 \n"
93 " ORR R1, R1, #0x50000 \n"
94 " MCR p15, 0, R1, c1, c0 \n"
95 " LDR R2, =0xC0200000 \n"
96 " MOV R1, #1 \n"
97 " STR R1, [R2, #0x10C] \n"
98 " MOV R1, #0xFF \n"
99 " STR R1, [R2, #0xC] \n"
100 " STR R1, [R2, #0x1C] \n"
101 " STR R1, [R2, #0x2C] \n"
102 " STR R1, [R2, #0x3C] \n"
103 " STR R1, [R2, #0x4C] \n"
104 " STR R1, [R2, #0x5C] \n"
105 " STR R1, [R2, #0x6C] \n"
106 " STR R1, [R2, #0x7C] \n"
107 " STR R1, [R2, #0x8C] \n"
108 " STR R1, [R2, #0x9C] \n"
109 " STR R1, [R2, #0xAC] \n"
110 " STR R1, [R2, #0xBC] \n"
111 " STR R1, [R2, #0xCC] \n"
112 " STR R1, [R2, #0xDC] \n"
113 " STR R1, [R2, #0xEC] \n"
114 " STR R1, [R2, #0xFC] \n"
115 " LDR R1, =0xC0400008 \n"
116 " LDR R2, =0x430005 \n"
117 " STR R2, [R1] \n"
118 " MOV R1, #1 \n"
119 " LDR R2, =0xC0243100 \n"
120 " STR R2, [R1] \n"
121 " LDR R2, =0xC0242010 \n"
122 " LDR R1, [R2] \n"
123 " ORR R1, R1, #1 \n"
124 " STR R1, [R2] \n"
125 " LDR R0, =0xFF4ADCD0 \n"
126 " LDR R1, =0x471000 \n"
127 " LDR R3, =0x48078C \n"
128
129 "loc_FF00013C:\n"
130 " CMP R1, R3 \n"
131 " LDRCC R2, [R0], #4 \n"
132 " STRCC R2, [R1], #4 \n"
133 " BCC loc_FF00013C \n"
134 " LDR R0, =0xFF49F914 \n"
135 " LDR R1, =0x1900 \n"
136 " LDR R3, =0xFCBC \n"
137
138 "loc_FF000158:\n"
139 " CMP R1, R3 \n"
140 " LDRCC R2, [R0], #4 \n"
141 " STRCC R2, [R1], #4 \n"
142 " BCC loc_FF000158 \n"
143 " LDR R1, =0x171710 \n"
144 " MOV R2, #0 \n"
145
146 "loc_FF000170:\n"
147 " CMP R3, R1 \n"
148 " STRCC R2, [R3], #4 \n"
149 " BCC loc_FF000170 \n"
150 " B sub_FF000380_my \n"
151 );
152 }
153
154
155
156 void __attribute__((naked,noinline)) sub_FF000380_my() {
157
158
159 *(int*)0x1938=(int)taskHook;
160 *(int*)0x193C=(int)taskHook;
161
162
163
164
165 *(int*)(0x2630+4) = (*(int*)0xC022012C) & 0x800000 ? 0x200000 : 0x100000;
166
167 asm volatile (
168 " LDR R0, =0xFF0003F8 \n"
169 " MOV R1, #0 \n"
170 " LDR R3, =0xFF000430 \n"
171
172 "loc_FF00038C:\n"
173 " CMP R0, R3 \n"
174 " LDRCC R2, [R0], #4 \n"
175 " STRCC R2, [R1], #4 \n"
176 " BCC loc_FF00038C \n"
177 " LDR R0, =0xFF000430 \n"
178 " MOV R1, #0x4B0 \n"
179 " LDR R3, =0xFF000644 \n"
180
181 "loc_FF0003A8:\n"
182 " CMP R0, R3 \n"
183 " LDRCC R2, [R0], #4 \n"
184 " STRCC R2, [R1], #4 \n"
185 " BCC loc_FF0003A8 \n"
186 " MOV R0, #0xD2 \n"
187 " MSR CPSR_cxsf, R0 \n"
188 " MOV SP, #0x1000 \n"
189 " MOV R0, #0xD3 \n"
190 " MSR CPSR_cxsf, R0 \n"
191 " MOV SP, #0x1000 \n"
192 " LDR R0, =0x6C4 \n"
193 " LDR R2, =0xEEEEEEEE \n"
194 " MOV R3, #0x1000 \n"
195
196 "loc_FF0003DC:\n"
197 " CMP R0, R3 \n"
198 " STRCC R2, [R0], #4 \n"
199 " BCC loc_FF0003DC \n"
200 " BL sub_FF0011D8_my \n"
201 );
202 }
203
204
205
206 void __attribute__((naked,noinline)) sub_FF0011D8_my() {
207 asm volatile (
208 " STR LR, [SP, #-4]! \n"
209 " SUB SP, SP, #0x74 \n"
210 " MOV R1, #0x74 \n"
211 " MOV R0, SP \n"
212 " BL sub_0047C448 \n"
213 " MOV R0, #0x57000 \n"
214 " STR R0, [SP, #4] \n"
215
216 #if defined(CHDK_NOT_IN_CANON_HEAP)
217 " LDR R0, =0x171710 \n"
218 #else
219 " LDR R0, =new_sa\n"
220 " LDR R0, [R0]\n"
221 #endif
222
223 " LDR R2, =0x36D440 \n"
224 " STR R0, [SP, #8] \n"
225 " SUB R0, R2, R0 \n"
226 " STR R0, [SP, #0xC] \n"
227 " MOV R0, #0x22 \n"
228 " STR R0, [SP, #0x18] \n"
229 " MOV R0, #0x7C \n"
230 " STR R0, [SP, #0x1C] \n"
231 " LDR R1, =0x375C00 \n"
232 " LDR R0, =0x1CD \n"
233 " STR R1, [SP] \n"
234 " STR R0, [SP, #0x20] \n"
235 " MOV R0, #0x96 \n"
236 " STR R2, [SP, #0x10] \n"
237 " STR R1, [SP, #0x14] \n"
238 " STR R0, [SP, #0x24] \n"
239 " STR R0, [SP, #0x28] \n"
240 " MOV R0, #0x64 \n"
241 " STR R0, [SP, #0x2C] \n"
242 " MOV R0, #0 \n"
243 " STR R0, [SP, #0x30] \n"
244 " STR R0, [SP, #0x34] \n"
245 " MOV R0, #0x10 \n"
246 " STR R0, [SP, #0x5C] \n"
247 " MOV R0, #0x800 \n"
248 " STR R0, [SP, #0x60] \n"
249 " MOV R0, #0xA0 \n"
250 " STR R0, [SP, #0x64] \n"
251 " MOV R0, #0x280 \n"
252 " STR R0, [SP, #0x68] \n"
253 " LDR R1, =sub_FF004288_my \n"
254 " LDR PC, =0xFF001274 \n"
255 );
256 }
257
258
259
260 void __attribute__((naked,noinline)) sub_FF004288_my() {
261 asm volatile (
262 " STMFD SP!, {R4,LR} \n"
263 " BL sub_FF000B50 \n"
264 " BL sub_FF005174 \n"
265 " CMP R0, #0 \n"
266 " LDRLT R0, =0xFF00439C /*'dmSetup'*/ \n"
267 " BLLT _err_init_task \n"
268 " BL sub_FF003EC0 \n"
269 " CMP R0, #0 \n"
270 " LDRLT R0, =0xFF0043A4 /*'termDriverInit'*/ \n"
271 " BLLT _err_init_task \n"
272 " LDR R0, =0xFF0043B4 /*'/_term'*/ \n"
273 " BL sub_FF003FA8 \n"
274 " CMP R0, #0 \n"
275 " LDRLT R0, =0xFF0043BC /*'termDeviceCreate'*/ \n"
276 " BLLT _err_init_task \n"
277 " LDR R0, =0xFF0043B4 /*'/_term'*/ \n"
278 " BL sub_FF0029C8 \n"
279 " CMP R0, #0 \n"
280 " LDRLT R0, =0xFF0043D0 /*'stdioSetup'*/ \n"
281 " BLLT _err_init_task \n"
282 " BL sub_FF004B10 \n"
283 " CMP R0, #0 \n"
284 " LDRLT R0, =0xFF0043DC /*'stdlibSetup'*/ \n"
285 " BLLT _err_init_task \n"
286 " BL sub_FF0016C8 \n"
287 " CMP R0, #0 \n"
288 " LDRLT R0, =0xFF0043E8 /*'armlib_setup'*/ \n"
289 " BLLT _err_init_task \n"
290 " LDMFD SP!, {R4,LR} \n"
291 " B sub_FF00A6BC_my \n"
292 );
293 }
294
295
296
297 void __attribute__((naked,noinline)) sub_FF00A6BC_my() {
298 asm volatile (
299 " STMFD SP!, {R3,LR} \n"
300 " BL sub_004777E0 \n"
301 " BL sub_004779F8 /*_EnableDispatch*/ \n"
302 " MOV R3, #0 \n"
303 " STR R3, [SP] \n"
304 " LDR R3, =sub_FF00A694_my \n"
305 " MOV R2, #0x200 \n"
306 " MOV R1, #0x19 \n"
307 " LDR R0, =0xFF00A798 /*'Booting'*/ \n"
308 " BL _CreateTask \n"
309 " MOV R0, #0 \n"
310 " LDMFD SP!, {R3,PC} \n"
311 );
312 }
313
314
315
316 void __attribute__((naked,noinline)) sub_FF00A694_my() {
317 asm volatile (
318 " STMFD SP!, {R4,LR} \n"
319
320 " BL sub_FF01F840 \n"
321 " BL sub_FF01D43C \n"
322 " BL sub_FF025FFC \n"
323 " BL sub_FF01E9F4 \n"
324 " BL sub_FF01DB08 \n"
325 " BL sub_FF01CBF0 \n"
326 " LDMFD SP!, {R4,LR} \n"
327 " B sub_FF00A6EC_my \n"
328 );
329 }
330
331
332
333 void __attribute__((naked,noinline)) sub_FF00A6EC_my() {
334 asm volatile (
335 " STMFD SP!, {R3-R7,LR} \n"
336 " BL sub_FF025D98 \n"
337 " LDR R6, =0xC0220000 \n"
338 " MOVS R4, R0 \n"
339 " MOV R5, #1 \n"
340 " BNE loc_FF00A73C \n"
341 " BL sub_FF020174 /*_IsNormalCameraMode_FW*/ \n"
342 " CMP R0, #0 \n"
343 " BEQ loc_FF00A73C \n"
344 " LDR R0, [R6, #0x128] \n"
345 " BIC R1, R5, R0 \n"
346 " LDR R0, [R6, #0x12C] \n"
347 " BIC R0, R5, R0 \n"
348 " ORRS R2, R0, R1 \n"
349 " BNE loc_FF00A74C \n"
350 " BL sub_FF01D7EC \n"
351 " MOV R0, #0x44 \n"
352 " STR R0, [R6, #0x1C] \n"
353 " BL sub_FF01D9DC \n"
354
355 "loc_FF00A738:\n"
356 " B loc_FF00A738 \n"
357
358 "loc_FF00A73C:\n"
359 " LDR R0, [R6, #0x12C] \n"
360 " LDR R1, [R6, #0x128] \n"
361 " BIC R0, R5, R0 \n"
362 " BIC R1, R5, R1 \n"
363
364 "loc_FF00A74C:\n"
365 " MOV R3, #0 \n"
366 " MOV R2, R4 \n"
367
368
369 " BL sub_004777E0 \n"
370 " LDR R1, =0x3CE000 \n"
371 " MOV R0, #0 \n"
372 " BL sub_FF024374 \n"
373 " BL sub_004779F8 /*_EnableDispatch*/ \n"
374 " MOV R3, #0 \n"
375 " STR R3, [SP] \n"
376 " LDR R3, =task_Startup_my \n"
377 " LDR PC, =0xFF00A77C \n"
378 );
379 }
380
381
382
383 void __attribute__((naked,noinline)) task_Startup_my() {
384 asm volatile (
385 " STMFD SP!, {R4,LR} \n"
386 " BL sub_FF0048C8 \n"
387
388
389 " BL sub_FF026158 \n"
390 " BL sub_FF026324 \n"
391 " BL sub_FF0439A8 \n"
392 " BL sub_FF02602C \n"
393 " BL sub_FF0242A8 \n"
394 " BL sub_FF02632C_my \n"
395 " BL CreateTask_spytask\n"
396 " BL taskcreatePhySw_my \n"
397 " LDR PC, =0xFF00A664 \n"
398 );
399 }
400
401
402
403 void __attribute__((naked,noinline)) sub_FF02632C_my() {
404 asm volatile (
405 " STMFD SP!, {R4,LR} \n"
406 " BL sub_FF080DE0_my \n"
407 " BL sub_FF07E434 \n"
408 " BL sub_FF07EDE8 \n"
409 " LDMFD SP!, {R4,LR} \n"
410 " B sub_FF07FDEC \n"
411 );
412 }
413
414
415
416 void __attribute__((naked,noinline)) sub_FF080DE0_my() {
417 asm volatile (
418 " STMFD SP!, {R4-R6,LR} \n"
419 " BL sub_FF0200C4 /*_IsFactoryMode_FW*/ \n"
420 " CMP R0, #0 \n"
421 " LDR R4, =0x3390 \n"
422 " LDRNE R0, =0xFF02437C \n"
423 " STRNE R0, [R4, #4] \n"
424 " LDRNE R0, =0xFF024380 \n"
425 " STRNE R0, [R4, #8] \n"
426 " LDMNEFD SP!, {R4-R6,PC} \n"
427 " LDR R0, [R4] \n"
428 " CMP R0, #0 \n"
429 " LDMNEFD SP!, {R4-R6,PC} \n"
430 " LDR R5, =0x493E0 \n"
431 " MOV R0, R5 \n"
432 " BL sub_FF024384 /*_malloc_strictly*/ \n"
433 " MOV R1, R5 \n"
434 " BL sub_FF00129C \n"
435 " TST R0, #1 \n"
436 " STR R0, [R4] \n"
437 " LDMEQFD SP!, {R4-R6,PC} \n"
438 " LDMFD SP!, {R4-R6,LR} \n"
439 " MOV R1, #0x4D \n"
440 " LDR R0, =0xFF080E5C /*'UiMemory.c'*/ \n"
441 " B _DebugAssert \n"
442 " LDR R1, =0x3390 \n"
443 " LDR R1, [R1, #4] \n"
444 " BX R1 \n"
445 " LDR R1, =0x3390 \n"
446 " LDR R1, [R1, #8] \n"
447 " BX R1 \n"
448 );
449 }
450
451
452
453 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
454 asm volatile (
455 " STMFD SP!, {R3-R5,LR} \n"
456 " LDR R4, =0x1C30 \n"
457 " LDR R0, [R4, #4] \n"
458 " CMP R0, #0 \n"
459 " BNE sub_FF01E488 \n"
460 " MOV R3, #0 \n"
461 " STR R3, [SP] \n"
462 " LDR R3, =mykbd_task \n"
463 " MOV R2, #0x2000 \n"
464 " LDR PC, =0xFF01E478 \n"
465 );
466 }
467
468
469
470 void __attribute__((naked,noinline)) init_file_modules_task() {
471 asm volatile (
472 " STMFD SP!, {R4-R6,LR} \n"
473 " BL sub_FF07AC50 \n"
474 " LDR R5, =0x5006 \n"
475 " MOVS R4, R0 \n"
476 " MOVNE R1, #0 \n"
477 " MOVNE R0, R5 \n"
478 " BLNE _PostLogicalEventToUI \n"
479 " BL sub_FF07AC84 \n"
480 " BL core_spytask_can_start\n"
481 " LDR PC, =0xFF083A54 \n"
482 );
483 }