This source file includes following definitions.
- taskHook
- boot
- sub_FF810358_my
- sub_FF8111B0_my
- sub_FF815EE0_my
- taskcreate_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- CreateTask_spytask
- init_file_modules_task
1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4 #include "dryos31.h"
5 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
6
7 #define LED_AF 0xC02200F4
8 #define LED_PR 0xC02200F0
9
10 const char * const new_sa = &_end;
11
12
13 void CreateTask_PhySw();
14 void CreateTask_spytask();
15 void boot();
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55 extern void task_CaptSeq();
56 extern void task_InitFileModules();
57 extern void task_MovieRecord();
58 extern void task_ExpDrv();
59 extern void task_PhySw();
60 extern void task_FileWrite();
61
62 void taskHook(context_t **context) {
63
64 task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
65
66
67 if(tcb->entry == (void*)task_PhySw) tcb->entry = (void*)mykbd_task;
68 if(tcb->entry == (void*)task_CaptSeq) tcb->entry = (void*)capt_seq_task;
69 if(tcb->entry == (void*)task_InitFileModules) tcb->entry = (void*)init_file_modules_task;
70 if(tcb->entry == (void*)task_MovieRecord) tcb->entry = (void*)movie_record_task;
71 if(tcb->entry == (void*)task_ExpDrv) tcb->entry = (void*)exp_drv_task;
72 if(tcb->entry == (void*)task_FileWrite) tcb->entry = (void*)filewritetask;
73 }
74
75
76
77 void __attribute__((naked,noinline)) boot( ) {
78 asm volatile (
79 "LDR R1, =0xC0410000 \n"
80 "MOV R0, #0 \n"
81 "STR R0, [R1] \n"
82 "MOV R1, #0x78 \n"
83 "MCR p15, 0, R1, c1, c0 \n"
84 "MOV R1, #0 \n"
85 "MCR p15, 0, R1, c7, c10, 4 \n"
86 "MCR p15, 0, R1, c7, c5 \n"
87 "MCR p15, 0, R1, c7, c6 \n"
88 "MOV R0, #0x3D \n"
89 "MCR p15, 0, R0, c6, c0 \n"
90 "MOV R0, #0xC000002F \n"
91 "MCR p15, 0, R0, c6, c1 \n"
92 "MOV R0, #0x33 \n"
93 "MCR p15, 0, R0, c6, c2 \n"
94 "MOV R0, #0x40000033 \n"
95 "MCR p15, 0, R0, c6, c3 \n"
96 "MOV R0, #0x80000017 \n"
97 "MCR p15, 0, R0, c6, c4 \n"
98 "LDR R0, =0xFF80002D \n"
99 "MCR p15, 0, R0, c6, c5 \n"
100 "MOV R0, #0x34 \n"
101 "MCR p15, 0, R0, c2, c0 \n"
102 "MOV R0, #0x34 \n"
103 "MCR p15, 0, R0, c2, c0, 1 \n"
104 "MOV R0, #0x34 \n"
105 "MCR p15, 0, R0, c3, c0 \n"
106 "LDR R0, =0x3333330 \n"
107 "MCR p15, 0, R0, c5, c0, 2 \n"
108 "LDR R0, =0x3333330 \n"
109 "MCR p15, 0, R0, c5, c0, 3 \n"
110 "MRC p15, 0, R0, c1, c0 \n"
111 "ORR R0, R0, #0x1000 \n"
112 "ORR R0, R0, #4 \n"
113 "ORR R0, R0, #1 \n"
114 "MCR p15, 0, R0, c1, c0 \n"
115 "MOV R1, #0x80000006 \n"
116 "MCR p15, 0, R1, c9, c1 \n"
117 "MOV R1, #6 \n"
118 "MCR p15, 0, R1, c9, c1, 1 \n"
119 "MRC p15, 0, R1, c1, c0 \n"
120 "ORR R1, R1, #0x50000 \n"
121 "MCR p15, 0, R1, c1, c0 \n"
122 "LDR R2, =0xC0200000 \n"
123 "MOV R1, #1 \n"
124 "STR R1, [R2, #0x10C] \n"
125 "MOV R1, #0xFF \n"
126 "STR R1, [R2, #0xC] \n"
127 "STR R1, [R2, #0x1C] \n"
128 "STR R1, [R2, #0x2C] \n"
129 "STR R1, [R2, #0x3C] \n"
130 "STR R1, [R2, #0x4C] \n"
131 "STR R1, [R2, #0x5C] \n"
132 "STR R1, [R2, #0x6C] \n"
133 "STR R1, [R2, #0x7C] \n"
134 "STR R1, [R2, #0x8C] \n"
135 "STR R1, [R2, #0x9C] \n"
136 "STR R1, [R2, #0xAC] \n"
137 "STR R1, [R2, #0xBC] \n"
138 "STR R1, [R2, #0xCC] \n"
139 "STR R1, [R2, #0xDC] \n"
140 "STR R1, [R2, #0xEC] \n"
141 "STR R1, [R2, #0xFC] \n"
142 "LDR R1, =0xC0400008 \n"
143 "LDR R2, =0x430005 \n"
144 "STR R2, [R1] \n"
145 "MOV R1, #1 \n"
146 "LDR R2, =0xC0243100 \n"
147 "STR R2, [R1] \n"
148 "LDR R2, =0xC0242010 \n"
149 "LDR R1, [R2] \n"
150 "ORR R1, R1, #1 \n"
151 "STR R1, [R2] \n"
152 "LDR R0, =0xFFC33798 \n"
153 "LDR R1, =0x1900 \n"
154 "LDR R3, =0xF0AC \n"
155 "loc_FF81013C:\n"
156 "CMP R1, R3 \n"
157 "LDRCC R2, [R0], #4 \n"
158 "STRCC R2, [R1], #4 \n"
159 "BCC loc_FF81013C \n"
160 "LDR R1, =0x16A88C \n"
161 "MOV R2, #0 \n"
162 "loc_FF810154:\n"
163 "CMP R3, R1 \n"
164 "STRCC R2, [R3], #4 \n"
165 "BCC loc_FF810154 \n"
166
167 "B sub_FF810358_my \n"
168 );
169 }
170
171
172
173
174 void __attribute__((naked,noinline)) sub_FF810358_my() {
175
176
177 *(int*)0x1938=(int)taskHook;
178 *(int*)0x193C=(int)taskHook;
179
180
181
182
183 *(int*)(0x24F8)= (*(int*)0xC0220038)&1 ? 0x200000 : 0x100000;
184
185 asm volatile (
186 "LDR R0, =0xFF8103D0 \n"
187 "MOV R1, #0 \n"
188 "LDR R3, =0xFF810408 \n"
189 "loc_FF810364:\n"
190 "CMP R0, R3 \n"
191 "LDRCC R2, [R0], #4 \n"
192 "STRCC R2, [R1], #4 \n"
193 "BCC loc_FF810364 \n"
194 "LDR R0, =0xFF810408 \n"
195 "MOV R1, #0x4B0 \n"
196 "LDR R3, =0xFF81061C \n"
197 "loc_FF810380:\n"
198 "CMP R0, R3 \n"
199 "LDRCC R2, [R0], #4 \n"
200 "STRCC R2, [R1], #4 \n"
201 "BCC loc_FF810380 \n"
202 "MOV R0, #0xD2 \n"
203 "MSR CPSR_cxsf, R0 \n"
204 "MOV SP, #0x1000 \n"
205 "MOV R0, #0xD3 \n"
206 "MSR CPSR_cxsf, R0 \n"
207 "MOV SP, #0x1000 \n"
208 "LDR R0, =0x6C4 \n"
209 "LDR R2, =0xEEEEEEEE \n"
210 "MOV R3, #0x1000 \n"
211 "loc_FF8103B4:\n"
212 "CMP R0, R3 \n"
213 "STRCC R2, [R0], #4 \n"
214 "BCC loc_FF8103B4 \n"
215
216 "BL sub_FF8111B0_my \n"
217 );
218 }
219
220
221
222 void __attribute__((naked,noinline)) sub_FF8111B0_my( ) {
223 asm volatile (
224 "STR LR, [SP, #-4]! \n"
225 "SUB SP, SP, #0x74 \n"
226 "MOV R1, #0x74 \n"
227 "MOV R0, SP \n"
228 "BL sub_FFB58388 \n"
229 "MOV R0, #0x53000 \n"
230 "STR R0, [SP, #4] \n"
231 #if defined(CHDK_NOT_IN_CANON_HEAP)
232 "LDR R0, =0x16A88C \n"
233 #else
234 "LDR R0, =new_sa\n"
235 "LDR R0, [R0]\n"
236 #endif
237 "LDR R2, =0x2F1F80 \n"
238 "STR R0, [SP, #8] \n"
239 "SUB R0, R2, R0 \n"
240 "STR R0, [SP, #0xC] \n"
241 "MOV R0, #0x22 \n"
242 "STR R0, [SP, #0x18] \n"
243 "MOV R0, #0x68 \n"
244 "STR R0, [SP, #0x1C] \n"
245 "LDR R1, =0x2F9C00 \n"
246 "LDR R0, =0x19B \n"
247 "STR R1, [SP] \n"
248 "STR R0, [SP, #0x20] \n"
249 "MOV R0, #0x96 \n"
250 "STR R2, [SP, #0x10] \n"
251 "STR R1, [SP, #0x14] \n"
252 "STR R0, [SP, #0x24] \n"
253 "STR R0, [SP, #0x28] \n"
254 "MOV R0, #0x64 \n"
255 "STR R0, [SP, #0x2C] \n"
256 "MOV R0, #0 \n"
257 "STR R0, [SP, #0x30] \n"
258 "STR R0, [SP, #0x34] \n"
259 "MOV R0, #0x10 \n"
260 "STR R0, [SP, #0x5C] \n"
261 "MOV R0, #0x800 \n"
262 "STR R0, [SP, #0x60] \n"
263 "MOV R0, #0xA0 \n"
264 "STR R0, [SP, #0x64] \n"
265 "MOV R0, #0x280 \n"
266 "STR R0, [SP, #0x68] \n"
267
268 "LDR R1, =sub_FF815EE0_my \n"
269 "MOV R2, #0 \n"
270 "MOV R0, SP \n"
271 "BL sub_FF8134C4 \n"
272 "ADD SP, SP, #0x74 \n"
273 "LDR PC, [SP], #4 \n"
274 );
275 }
276
277
278
279 void __attribute__((naked,noinline)) sub_FF815EE0_my() {
280
281 asm volatile (
282 "STMFD SP!, {R4,LR} \n"
283 "BL sub_FF810B28 \n"
284 "BL sub_FF81A374 \n"
285 "CMP R0, #0 \n"
286 "LDRLT R0, =0xFF815FF4 \n"
287 "BLLT sub_FF815FD4 \n"
288 "BL sub_FF815B18 \n"
289 "CMP R0, #0 \n"
290 "LDRLT R0, =0xFF815FFC \n"
291 "BLLT sub_FF815FD4 \n"
292 "LDR R0, =0xFF81600C \n"
293 "BL sub_FF815C00 \n"
294 "CMP R0, #0 \n"
295 "LDRLT R0, =0xFF816014 \n"
296 "BLLT sub_FF815FD4 \n"
297 "LDR R0, =0xFF81600C \n"
298 "BL sub_FF813CA8 \n"
299 "CMP R0, #0 \n"
300 "LDRLT R0, =0xFF816028 \n"
301 "BLLT sub_FF815FD4 \n"
302 "BL sub_FF819D00 \n"
303 "CMP R0, #0 \n"
304 "LDRLT R0, =0xFF816034 \n"
305 "BLLT sub_FF815FD4 \n"
306 "BL sub_FF811690 \n"
307 "CMP R0, #0 \n"
308 "LDRLT R0, =0xFF816040 \n"
309 "BLLT sub_FF815FD4 \n"
310 "LDMFD SP!, {R4,LR} \n"
311
312 "B taskcreate_Startup_my \n"
313 );
314 }
315
316
317
318 void __attribute__((naked,noinline)) taskcreate_Startup_my( ) {
319 asm volatile (
320 "STMFD SP!, {R3-R9,LR} \n"
321 "MOV R6, #0 \n"
322 "BL sub_FF834274 \n"
323 "BL sub_FF83BF7C \n"
324 "LDR R9, =0xC0220000 \n"
325 "MOVS R7, R0 \n"
326 "MOV R8, #1 \n"
327 "BNE loc_FF81FCC0 \n"
328 "BL sub_FF835B78 \n"
329 "CMP R0, #0 \n"
330 "BEQ loc_FF81FCC0 \n"
331 "LDR R0, [R9, #0x34] \n"
332 "BIC R5, R8, R0 \n"
333 "LDR R0, [R9, #0x38] \n"
334 "BIC R4, R8, R0 \n"
335 "BL sub_FF83363C \n"
336 "CMP R0, #1 \n"
337 "MOVEQ R6, #1 \n"
338 "ORR R0, R4, R5 \n"
339 "ORRS R0, R0, R6 \n"
340 "BNE loc_FF81FCD0 \n"
341 "BL sub_FF833930 \n"
342 "MOV R0, #0x44 \n"
343 "STR R0, [R9, #0xDC] \n"
344 "BL sub_FF833B1C \n"
345 "loc_FF81FCBC:\n"
346 "B loc_FF81FCBC \n"
347 "loc_FF81FCC0:\n"
348 "LDR R0, [R9, #0x38] \n"
349 "BIC R4, R8, R0 \n"
350 "LDR R0, [R9, #0x34] \n"
351 "BIC R5, R8, R0 \n"
352 "loc_FF81FCD0:\n"
353 "MOV R3, R6 \n"
354 "MOV R2, R7 \n"
355 "MOV R1, R5 \n"
356 "MOV R0, R4 \n"
357
358 "BL sub_FF834278 \n"
359 "BL sub_FF83A14C \n"
360 "LDR R1, =0x34E000 \n"
361 "MOV R0, #0 \n"
362 "BL sub_FF83A5BC \n"
363 "BL sub_FF83A364 \n"
364 "MOV R3, #0 \n"
365 "STR R3, [SP] \n"
366
367 "LDR R3, =task_Startup_my\n"
368 "MOV R2, #0 \n"
369 "MOV R1, #0x19 \n"
370 "LDR R0, =0xFF81FD2C \n"
371 "BL sub_FF81E9B0 \n"
372 "MOV R0, #0 \n"
373 "LDMFD SP!, {R3-R9,PC} \n"
374 );
375 }
376
377
378
379 void __attribute__((naked,noinline)) task_Startup_my( ) {
380 asm volatile (
381 "STMFD SP!, {R4,LR} \n"
382 "BL sub_FF816588 \n"
383 "BL sub_FF8353E8 \n"
384 "BL sub_FF83364C \n"
385 "BL sub_FF83BFC4 \n"
386 "BL sub_FF83C1B0 \n"
387
388 "BL sub_FF83C350 \n"
389 "BL sub_FF832208 \n"
390 "BL sub_FF83C1E0 \n"
391 "BL sub_FF8398F0 \n"
392 "BL sub_FF83C354 \n"
393 "BL CreateTask_spytask\n"
394 "BL taskcreatePhySw_my\n"
395
396 "BL sub_FF837AF4 \n"
397 "BL sub_FF83C36C \n"
398 "BL sub_FF831600 \n"
399 "BL sub_FF832FB0 \n"
400 "BL sub_FF83BD38 \n"
401 "BL sub_FF8335EC \n"
402 "BL sub_FF832F4C \n"
403 "BL sub_FF83223C \n"
404 "BL sub_FF83CE0C \n"
405 "BL sub_FF832F10 \n"
406 "LDMFD SP!, {R4,LR} \n"
407 "B sub_FF8166A8 \n"
408 );
409 }
410
411
412
413 void __attribute__((naked,noinline)) taskcreatePhySw_my( ) {
414 asm volatile (
415 "STMFD SP!, {R3-R5,LR} \n"
416 "LDR R4, =0x1C30 \n"
417 "LDR R0, [R4, #4] \n"
418 "CMP R0, #0 \n"
419 "BNE loc_FF834170 \n"
420 "MOV R3, #0 \n"
421 "STR R3, [SP] \n"
422
423 "LDR R3, =mykbd_task\n"
424
425 "MOV R2, #0x2000 \n"
426 "MOV R1, #0x17 \n"
427 "LDR R0, =0xFF834390 \n"
428 "BL sub_FF83A3BC \n"
429 "STR R0, [R4, #4] \n"
430 "loc_FF834170:\n"
431 "BL sub_FF88B298 \n"
432 "BL sub_FF835AC8 \n"
433 "CMP R0, #0 \n"
434 "BNE loc_FF83418C \n"
435 "LDR R1, =0x32D20 \n"
436 "MOV R0, #0 \n"
437 "BL sub_FF88B20C \n"
438 "loc_FF83418C:\n"
439 "LDMFD SP!, {R3-R5,PC} \n"
440 );
441 }
442
443 void CreateTask_spytask() {
444
445 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
446 };
447
448
449
450
451 void __attribute__((naked,noinline)) init_file_modules_task() {
452 asm volatile (
453 "STMFD SP!, {R4-R6,LR} \n"
454 "BL sub_FF88D734 \n"
455 "LDR R5, =0x5006 \n"
456 "MOVS R4, R0 \n"
457 "MOVNE R1, #0 \n"
458 "MOVNE R0, R5 \n"
459 "BLNE sub_FF8915CC \n"
460 "BL sub_FF88D760 \n"
461 "BL core_spytask_can_start\n"
462 "CMP R4, #0 \n"
463 "LDMNEFD SP!, {R4-R6,PC} \n"
464 "MOV R0, R5 \n"
465 "LDMFD SP!, {R4-R6,LR} \n"
466 "MOV R1, #0 \n"
467 "B sub_FF8915CC \n"
468 );
469 }