root/platform/a2400/sub/100e/boot.c

DEFINITIONS

1. taskHook
2. boot
3. sub_FF810380_my
4. sub_FF8111D8_my
5. sub_FF814288_my
6. sub_FF81A6A8_my
7. taskcreate_Startup_my
8. task_Startup_my
9. taskcreatePhySw_my
10. CreateTask_spytask
11. init_file_modules_task

   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 #include "dryos31.h"
   5 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
   7 const char * const new_sa = &_end;
   9 void CreateTask_PhySw();
  10 void CreateTask_spytask();
  12 extern void task_CaptSeq();
  13 extern void task_InitFileModules();
  14 extern void task_MovieRecord();
  15 extern void task_ExpDrv();
  16 extern void task_PhySw();
  17 extern void task_FileWrite();
  19 void taskHook(context_t **context) {
task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
  23         if(tcb->entry == (void*)task_PhySw)            tcb->entry = (void*)mykbd_task;
  24         if(tcb->entry == (void*)task_CaptSeq)          tcb->entry = (void*)capt_seq_task; 
  25         if(tcb->entry == (void*)task_InitFileModules)  tcb->entry = (void*)init_file_modules_task;
  26         if(tcb->entry == (void*)task_MovieRecord)      tcb->entry = (void*)movie_record_task;
  27         if(tcb->entry == (void*)task_ExpDrv)           tcb->entry = (void*)exp_drv_task;
  28     if(tcb->entry == (void*)task_FileWrite)         tcb->entry = (void*)filewritetask;
  29 }
  31 //** boot  @ 0xFF81000C 
  33 void __attribute__((naked,noinline)) boot(  ) { 
  34 asm volatile (
  35       "LDR     R1, =0xC0410000\n"
  36       "MOV     R0, #0\n"
  37       "STR     R0, [R1]\n"
  38       "MOV     R1, #0x78\n"
  39       "MCR     p15, 0, R1, c1, c0\n"
  40       "MOV     R1, #0\n"
  41       "MCR     p15, 0, R1, c7, c10, 4\n"
  42       "MCR     p15, 0, R1, c7, c5\n"
  43       "MCR     p15, 0, R1, c7, c6\n"
  44       "MOV     R0, #0x3D\n"
  45       "MCR     p15, 0, R0, c6, c0\n"
  46       "MOV     R0, #0xC000002F\n"
  47       "MCR     p15, 0, R0, c6, c1\n"
  48       "MOV     R0, #0x33\n"
  49       "MCR     p15, 0, R0, c6, c2\n"
  50       "MOV     R0, #0x40000033\n"
  51       "MCR     p15, 0, R0, c6, c3\n"
  52       "MOV     R0, #0x80000017\n"
  53       "MCR     p15, 0, R0, c6, c4\n"
  54       "LDR     R0, =0xFF80002D\n"
  55       "MCR     p15, 0, R0, c6, c5\n"
  56       "MOV     R0, #0x34\n"
  57       "MCR     p15, 0, R0, c2, c0\n"
  58       "MOV     R0, #0x34\n"
  59       "MCR     p15, 0, R0, c2, c0, 1\n"
  60       "MOV     R0, #0x34\n"
  61       "MCR     p15, 0, R0, c3, c0\n"
  62       "LDR     R0, =0x3333330\n"
  63       "MCR     p15, 0, R0, c5, c0, 2\n"
  64       "LDR     R0, =0x3333330\n"
  65       "MCR     p15, 0, R0, c5, c0, 3\n"
  66       "MRC     p15, 0, R0, c1, c0\n"
  67       "ORR     R0, R0, #0x1000\n"
  68       "ORR     R0, R0, #4\n"
  69       "ORR     R0, R0, #1\n"
  70       "MCR     p15, 0, R0, c1, c0\n"
  71       "MOV     R1, #0x80000006\n"
  72       "MCR     p15, 0, R1, c9, c1\n"
  73       "MOV     R1, #6\n"
  74       "MCR     p15, 0, R1, c9, c1, 1\n"
  75       "MRC     p15, 0, R1, c1, c0\n"
  76       "ORR     R1, R1, #0x50000\n"
  77       "MCR     p15, 0, R1, c1, c0\n"
  78       "LDR     R2, =0xC0200000\n"
  79       "MOV     R1, #1\n"
  80       "STR     R1, [R2, #0x10C]\n"
  81       "MOV     R1, #0xFF\n"
  82       "STR     R1, [R2, #0xC]\n"
  83       "STR     R1, [R2, #0x1C]\n"
  84       "STR     R1, [R2, #0x2C]\n"
  85       "STR     R1, [R2, #0x3C]\n"
  86       "STR     R1, [R2, #0x4C]\n"
  87       "STR     R1, [R2, #0x5C]\n"
  88       "STR     R1, [R2, #0x6C]\n"
  89       "STR     R1, [R2, #0x7C]\n"
  90       "STR     R1, [R2, #0x8C]\n"
  91       "STR     R1, [R2, #0x9C]\n"
  92       "STR     R1, [R2, #0xAC]\n"
  93       "STR     R1, [R2, #0xBC]\n"
  94       "STR     R1, [R2, #0xCC]\n"
  95       "STR     R1, [R2, #0xDC]\n"
  96       "STR     R1, [R2, #0xEC]\n"
  97       "STR     R1, [R2, #0xFC]\n"
  98       "LDR     R1, =0xC0400008\n"
  99       "LDR     R2, =0x430005\n"
 100       "STR     R2, [R1]\n"
 101       "MOV     R1, #1\n"
 102       "LDR     R2, =0xC0243100\n"
 103       "STR     R2, [R1]\n"
 104       "LDR     R2, =0xC0242010\n"
 105       "LDR     R1, [R2]\n"
 106       "ORR     R1, R1, #1\n"
 107       "STR     R1, [R2]\n"
 108       "LDR     R0, =0xFFC036BC\n"
 109       "LDR     R1, =0x3F1000\n"
 110       "LDR     R3, =0x4005D4\n"
 111 "loc_FF81013C:\n"
 112       "CMP     R1, R3\n"
 113       "LDRCC   R2, [R0], #4\n"
 114       "STRCC   R2, [R1], #4\n"
 115       "BCC     loc_FF81013C\n"
 116       "LDR     R0, =0xFFBF7CE0\n"
 117       "LDR     R1, =0x1900\n"
 118       "LDR     R3, =0xD2DC\n"
 119 "loc_FF810158:\n"
 120       "CMP     R1, R3\n"
 121       "LDRCC   R2, [R0], #4\n"
 122       "STRCC   R2, [R1], #4\n"
 123       "BCC     loc_FF810158\n"
 124       "LDR     R1, =0x1580A0\n" //MEMISOSTART
 125       "MOV     R2, #0\n"
 126 "loc_FF810170:\n"
 127       "CMP     R3, R1\n"
 128       "STRCC   R2, [R3], #4\n"
 129       "BCC     loc_FF810170\n"
 130 //      "B       sub_FF810380 \n" //original
 131       "B       sub_FF810380_my \n" //patched
 132         );
 133 }
 136 //** sub_FF810380_my  @ 0xFF810380 
 138 void __attribute__((naked,noinline)) sub_FF810380_my(  ) { 
 140    //http://chdk.setepontos.com/index.php/topic,4194.0.html
 141    *(int*)0x1934=(int)taskHook;
 142    *(int*)0x1938=(int)taskHook;
 144     // Power Button detection (short press = playback mode, long press = record mode) 
 145     // C02200F8  power up button
 146     // C02200F8  a2400.100e sub_FF81A6BC : C0220000 (@FF81A6C4) + 0xF8 (@FF81A6E8)
 147     // 0x24B0    a2400 100e Found @ 0xFF856494
 148     if ((*(int*) 0xC02200F8) & 1)                 // look at power-on switch
 149             *(int*)(0x24B0+4) = 0x200000;         // start in play mode
 150     else
 151             *(int*)(0x24B0+4) = 0x100000;         // start in rec mode
 153 asm volatile (
 154       "LDR     R0, =0xFF8103F8\n"
 155       "MOV     R1, #0\n"
 156       "LDR     R3, =0xFF810430\n"
 157 "loc_FF81038C:\n"
 158       "CMP     R0, R3\n"
 159       "LDRCC   R2, [R0], #4\n"
 160       "STRCC   R2, [R1], #4\n"
 161       "BCC     loc_FF81038C\n"
 162       "LDR     R0, =0xFF810430\n"
 163       "MOV     R1, #0x4B0\n"
 164       "LDR     R3, =0xFF810644\n"
 165 "loc_FF8103A8:\n"
 166       "CMP     R0, R3\n"
 167       "LDRCC   R2, [R0], #4\n"
 168       "STRCC   R2, [R1], #4\n"
 169       "BCC     loc_FF8103A8\n"
 170       "MOV     R0, #0xD2\n"
 171       "MSR     CPSR_cxsf, R0\n"
 172       "MOV     SP, #0x1000\n"
 173       "MOV     R0, #0xD3\n"
 174       "MSR     CPSR_cxsf, R0\n"
 175       "MOV     SP, #0x1000\n"
 176       "LDR     R0, =0x6C4\n"
 177       "LDR     R2, =0xEEEEEEEE\n"
 178       "MOV     R3, #0x1000\n"
 179 "loc_FF8103DC:\n"
 180       "CMP     R0, R3\n"
 181       "STRCC   R2, [R0], #4\n"
 182       "BCC     loc_FF8103DC\n"
 183 //      "BL      sub_FF8111D8 \n" //original
 184       "BL      sub_FF8111D8_my \n" //patched
 185         );
 186 }
 189 //** sub_FF8111D8_my  @ 0xFF8111D8 
 191 void __attribute__((naked,noinline)) sub_FF8111D8_my(  ) { 
 192 asm volatile (
 193       "STR     LR, [SP, #-4]!\n"
 194       "SUB     SP, SP, #0x74\n"
 195       "MOV     R1, #0x74\n"
 196       "MOV     R0, SP\n"
 197       "BL      sub_003FC448\n"
 198       "MOV     R0, #0x57000\n"
 199       "STR     R0, [SP, #4]\n"
 200 #if defined(CHDK_NOT_IN_CANON_HEAP)
 201       "LDR     R0, =0x1580A0\n" // MEMISOSTART: Use original heap offset since CHDK is loaded in high memory 
 202 #else
 203       "LDR     R0, =new_sa \n"  //otherwise use patched value
 204       "LDR     R0, [R0] \n"
 205 #endif
 206       "LDR     R2, =0x2ED440\n"
 207       "STR     R0, [SP, #8]\n"
 208       "SUB     R0, R2, R0\n"
 209       "STR     R0, [SP, #0xC]\n"
 210       "MOV     R0, #0x22\n"
 211       "STR     R0, [SP, #0x18]\n"
 212       "MOV     R0, #0x7C\n"
 213       "STR     R0, [SP, #0x1C]\n"
 214       "LDR     R1, =0x2F5C00\n"
 215       "LDR     R0, =0x1CD\n"
 216       "STR     R1, [SP]\n"
 217       "STR     R0, [SP, #0x20]\n"
 218       "MOV     R0, #0x96\n"
 219       "STR     R2, [SP, #0x10]\n"
 220       "STR     R1, [SP, #0x14]\n"
 221       "STR     R0, [SP, #0x24]\n"
 222       "STR     R0, [SP, #0x28]\n"
 223       "MOV     R0, #0x64\n"
 224       "STR     R0, [SP, #0x2C]\n"
 225       "MOV     R0, #0\n"
 226       "STR     R0, [SP, #0x30]\n"
 227       "STR     R0, [SP, #0x34]\n"
 228       "MOV     R0, #0x10\n"
 229       "STR     R0, [SP, #0x5C]\n"
 230       "MOV     R0, #0x800\n"
 231       "STR     R0, [SP, #0x60]\n"
 232       "MOV     R0, #0xA0\n"
 233       "STR     R0, [SP, #0x64]\n"
 234       "MOV     R0, #0x280\n"
 235       "STR     R0, [SP, #0x68]\n"
 236 //      "LDR     R1, =0xFF814288 \n" //original
 237       "LDR     R1, =sub_FF814288_my \n" //patched
 238       "MOV     R2, #0\n"
 239       "MOV     R0, SP\n"
 240       "BL      sub_003F2778\n"
 241       "ADD     SP, SP, #0x74\n"
 242       "LDR     PC, [SP], #4\n"
 243         );
 244 }
 247 //** sub_FF814288_my  @ 0xFF814288 
 249 void __attribute__((naked,noinline)) sub_FF814288_my(  ) { 
 250 asm volatile (
 251       "STMFD   SP!, {R4,LR}\n"
 252       "BL      sub_FF810B50\n"
 253       "BL      sub_FF815174\n"
 254       "CMP     R0, #0\n"
 255       "LDRLT   R0, =0xFF81439C \n" // "dmSetup"
 256       "BLLT    _err_init_task \n"
 257       "BL      sub_FF813EC0\n"
 258       "CMP     R0, #0\n"
 259       "LDRLT   R0, =0xFF8143A4 \n" // "termDriverInit"
 260       "BLLT    _err_init_task \n"
 261       "LDR     R0, =0xFF8143B4 \n" // "/_term"
 262       "BL      sub_FF813FA8\n"
 263       "CMP     R0, #0\n"
 264       "LDRLT   R0, =0xFF8143BC \n" // "termDeviceCreate"
 265       "BLLT    _err_init_task \n"
 266       "LDR     R0, =0xFF8143B4 \n" //  "/_term"
 267       "BL      sub_FF8129C8\n"
 268       "CMP     R0, #0\n"
 269       "LDRLT   R0, =0xFF8143D0 \n" // "stdioSetup"
 270       "BLLT    _err_init_task \n"
 271       "BL      sub_FF814B10\n"
 272       "CMP     R0, #0\n"
 273       "LDRLT   R0, =0xFF8143DC \n" // "stdlibSetup"
 274       "BLLT    _err_init_task \n"
 275       "BL      sub_FF8116C8\n"
 276       "CMP     R0, #0\n"
 277       "LDRLT   R0, =0xFF8143E8 \n" // "armlib_setup"
 278       "BLLT    _err_init_task \n"
 279       "LDMFD   SP!, {R4,LR}\n"
 280 //      "B       sub_FF81A6A8 \n" //original
 281       "B       sub_FF81A6A8_my \n" //patched
 282         );
 283 }
 286 //** sub_FF81A6A8_my  @ 0xFF81A6A8 
 288 void __attribute__((naked,noinline)) sub_FF81A6A8_my(  ) { 
 289 asm volatile (
 290       "STMFD   SP!, {R4,LR}\n"
 291       "BL      sub_FF82EAEC\n"
 292 //      "BL      loc_FF81A6BC\n" // original taskcreate_Startup
 293       "BL      taskcreate_Startup_my \n" //patched taskcreate_Startup
 294       "MOV     R0, #0\n"
 295       "LDMFD   SP!, {R4,PC}\n"
 296         );
 297 }
 300 //** taskcreate_Startup_my  @ 0xFF81A6BC 
 302 void __attribute__((naked,noinline)) taskcreate_Startup_my(  ) { 
 303 asm volatile (
 304       "STMFD   SP!, {R3-R7,LR}\n"
 305       "BL      sub_FF835B9C\n"
 306       "LDR     R6, =0xC0220000\n"
 307       "MOVS    R4, R0\n"
 308       "MOV     R5, #1\n"
 309       "BNE     loc_FF81A70C\n"
 310       "BL      sub_FF830548\n"
 311       "CMP     R0, #0\n"
 312       "BEQ     loc_FF81A70C\n"
 313       "LDR     R0, [R6, #0xFC]\n"
 314       "BIC     R1, R5, R0\n"
 315       "LDR     R0, [R6, #0xF8]\n"
 316       "BIC     R0, R5, R0\n"
 317       "ORRS    R2, R0, R1\n"
 318       "BNE     loc_FF81A71C\n"
 319       "BL      sub_FF82E1BC\n"
 320       "MOV     R0, #0x44\n"
 321       "STR     R0, [R6, #0x12C]\n"
 322       "BL      sub_FF82E2C4\n"
 323 "loc_FF81A708:\n"
 324       "B       loc_FF81A708\n"
 325 "loc_FF81A70C:\n"
 326       "LDR     R0, [R6, #0xF8]\n"
 327       "LDR     R1, [R6, #0xFC]\n"
 328       "BIC     R0, R5, R0\n"
 329       "BIC     R1, R5, R1\n"
 330 "loc_FF81A71C:\n"
 331       "MOV     R3, #0\n"
 332       "MOV     R2, R4\n"
 333 //      "BL      sub_FF82EAF4\n" //StartUp mode detection. We must remove this for power-on mode handling to work
 334       "BL      sub_FF82EAF0\n"
 335       "BL      sub_003F77E0\n"
 336       "LDR     R1, =0x34E000\n"
 337       "MOV     R0, #0\n"
 338       "BL      sub_FF8341D4\n"
 339       "BL      sub_003F79F8\n"
 340       "MOV     R3, #0\n"
 341       "STR     R3, [SP]\n"
 342 //      "LDR     R3, =0xFF81A638 \n" //original
 343       "LDR     R3, =task_Startup_my \n" //patched
 344       "MOV     R2, #0\n"
 345       "MOV     R1, #0x19\n"
 346       "LDR     R0, =0xFF81A770\n"
 347       "BL      _CreateTask \n"
 348       "MOV     R0, #0\n"
 349       "LDMFD   SP!, {R3-R7,PC}\n"
 350         );
 351 }
 354 //** task_Startup_my  @ 0xFF81A638 
 356 void __attribute__((naked,noinline)) task_Startup_my(  ) { 
 357 asm volatile (
 358       "STMFD   SP!, {R4,LR}\n"
 359       "BL      sub_FF8148C8\n"
 360       "BL      sub_FF82FC14\n"
 361       "BL      sub_FF82DE60\n"
 362       "BL      sub_FF835BE4\n"
 363       "BL      sub_FF835DD0\n"
 364       "BL      sub_FF82CC5C\n"
 365       "BL      sub_FF82D824\n"
 366 //      "BL      sub_FF835C78\n" //disable Diskboot.bin
 367       "BL      sub_FF835F4C\n"
 368       "BL      sub_FF836118\n"
 369       "BL      sub_FF835F10\n"
 370       "BL      sub_FF835E00\n"
 371       "BL      sub_FF834108\n"
 372       "BL      sub_FF836120\n"
 373       "BL     CreateTask_spytask \n"            //added to create the Spytask
 374 //      "BL      sub_FF82E990\n" //original taskcreate_PhySw()
 375       "BL     taskcreatePhySw_my \n"            // patched taskcreate_PhySw()
 376       "BL      sub_FF832370\n"
 377       "BL      sub_FF836138\n"
 378       "BL      sub_FF82B9D8\n"
 379       "BL      sub_FF82C520\n"
 380       "BL      sub_FF835958\n"
 381       "BL      sub_FF82CB4C\n"
 382       "BL      sub_FF82C4BC\n"
 383       "BL      sub_FF835F3C\n"
 384       "BL      sub_FF836C90\n"
 385       "BL      sub_FF82C480\n"
 386       "LDMFD   SP!, {R4,LR}\n"
 387       "B       sub_FF8149E8\n"
 388         );
 389 }
 392 //** taskcreatePhySw_my  @ 0xFF82E990 
 394 void __attribute__((naked,noinline)) taskcreatePhySw_my(  ) { 
 395 asm volatile (
 396       "STMFD   SP!, {R3-R5,LR}\n"
 397       "LDR     R4, =0x1C18\n"
 398       "LDR     R0, [R4, #4]\n"
 399       "CMP     R0, #0\n"
 400       "BNE     loc_FF82E9C4\n"
 401       "MOV     R3, #0\n"
 402       "STR     R3, [SP]\n"
 403 //      "LDR     R3, =0xFF82E95C\n"
 404       "LDR     R3, =mykbd_task \n"   //patched
 405 //      "MOV     R2, #0x800\n"      //original
 406       "MOV     R2, #0x2000 \n" // stack size for new task_PhySw so we don't have to do stack switch
 407       "MOV     R1, #0x17\n"
 408       "LDR     R0, =0xFF82EBEC\n"
 409       "BL      sub_003F7A50\n"
 410       "STR     R0, [R4, #4]\n"
 411 "loc_FF82E9C4:\n"
 412       "BL      sub_FF87F4F0\n"
 413       "BL      sub_FF830498\n"
 414       "CMP     R0, #0\n"
 415       "BNE     loc_FF82E9E0\n"
 416       "LDR     R1, =0x3146C\n"
 417       "MOV     R0, #0\n"
 418       "BL      sub_FF87F460\n"
 419 "loc_FF82E9E0:\n"
 420       "LDMFD   SP!, {R3-R5,PC}\n"
 421         );
 422 }
 424 void CreateTask_spytask() {
_CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);                        
 427 };
 429 //** init_file_modules_task  @ 0xFF889004 
 431 void __attribute__((naked,noinline)) init_file_modules_task(  ) { 
 432 asm volatile (
 433       "STMFD   SP!, {R4-R6,LR}\n"
 434       "BL      sub_FF881A5C\n"
 435       "LDR     R5, =0x5006\n"
 436       "MOVS    R4, R0\n"
 437       "MOVNE   R1, #0\n"
 438       "MOVNE   R0, R5\n"
 439       "BLNE    _PostLogicalEventToUI \n"
 440       "BL      sub_FF881A88\n"
 441       "BL          core_spytask_can_start \n" //added CHDK: Set "it's-safe-to-start"-Flag for spytask
 442       "CMP     R4, #0\n"
 443       "LDMNEFD SP!, {R4-R6,PC}\n"
 444       "MOV     R0, R5\n"
 445       "LDMFD   SP!, {R4-R6,LR}\n"
 446       "MOV     R1, #0\n"
 447       "B       _PostLogicalEventToUI \n"
 448         );
 449 }