This source file includes following definitions.
- CreateTask_spytask
- taskCreateHook
- boot
- sub_FF8101A4_my
- sub_FF810FB8_my
- uHwSetup_my
- CreateTask_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
- sub_FF86A0B0_my
- sub_FF84D658_my
- sub_FF84D494_my
- sub_FF84D32C_my
- my_touchw_task
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7
8 const char * const new_sa = &_end;
9
10
11
12
13 void CreateTask_spytask() {
14 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
15 };
16
17
18
19 void my_touchw_task(void);
20
21 void taskCreateHook(int *p) {
22 p-=16;
23 if (p[0]==(int)0xff85c038) p[0]=(int)capt_seq_task;
24 if (p[0]==(int)0xff8af7b0) p[0]=(int)exp_drv_task;
25 if (p[0]==(int)0xff8584ec) p[0]=(int)movie_record_task;
26 if (p[0]==(int)0xffa082a4) p[0]=(int)filewritetask;
27 if (p[0]==(int)0xff871070) p[0]=(int)init_file_modules_task;
28 if (p[0]==(int)0xff8e85f8) p[0]=(int)my_touchw_task;
29 }
30
31 void boot()
32 {
33 long *canon_data_src = (void*)0xFFAFB86C;
34 long *canon_data_dst = (void*)0x1900;
35 long canon_data_len = 0x137A8 - 0x1900;
36 long *canon_bss_start = (void*)0x137A8;
37 long canon_bss_len = 0xA6234 - 0x137A8;
38
39 long i;
40
41
42
43 asm volatile (
44 "MRC p15, 0, R0,c1,c0\n"
45 "ORR R0, R0, #0x1000\n"
46 "ORR R0, R0, #4\n"
47 "ORR R0, R0, #1\n"
48 "MCR p15, 0, R0,c1,c0\n"
49 :::"r0");
50
51 for(i=0;i<canon_data_len/4;i++)
52 canon_data_dst[i]=canon_data_src[i];
53
54 for(i=0;i<canon_bss_len/4;i++)
55 canon_bss_start[i]=0;
56
57
58 asm volatile ("B sub_FF8101A4_my\n");
59 };
60
61
62
63
64 void __attribute__((naked,noinline)) sub_FF8101A4_my() {
65
66 *(int*)0x1930=(int)taskCreateHook;
67 *(int*)0x1934=(int)taskCreateHook;
68
69
70
71 *(int*)(0x23E8+0x4)= (*(int*)0xC0220078) & 1 ? 0x200000 : 0x400000;
72
73 asm volatile (
74 " LDR R0, =0xFF81021C \n"
75 " MOV R1, #0 \n"
76 " LDR R3, =0xFF810254 \n"
77
78 "loc_FF8101B0:\n"
79 " CMP R0, R3 \n"
80 " LDRCC R2, [R0], #4 \n"
81 " STRCC R2, [R1], #4 \n"
82 " BCC loc_FF8101B0 \n"
83 " LDR R0, =0xFF810254 \n"
84 " MOV R1, #0x4B0 \n"
85 " LDR R3, =0xFF810468 \n"
86
87 "loc_FF8101CC:\n"
88 " CMP R0, R3 \n"
89 " LDRCC R2, [R0], #4 \n"
90 " STRCC R2, [R1], #4 \n"
91 " BCC loc_FF8101CC \n"
92 " MOV R0, #0xD2 \n"
93 " MSR CPSR_cxsf, R0 \n"
94 " MOV SP, #0x1000 \n"
95 " MOV R0, #0xD3 \n"
96 " MSR CPSR_cxsf, R0 \n"
97 " MOV SP, #0x1000 \n"
98 " LDR R0, =0x6C4 \n"
99 " LDR R2, =0xEEEEEEEE \n"
100 " MOV R3, #0x1000 \n"
101
102 "loc_FF810200:\n"
103 " CMP R0, R3 \n"
104 " STRCC R2, [R0], #4 \n"
105 " BCC loc_FF810200 \n"
106 " BL sub_FF810FB8_my \n"
107 );
108 }
109
110
111
112 void __attribute__((naked,noinline)) sub_FF810FB8_my() {
113 asm volatile (
114 " STR LR, [SP, #-4]! \n"
115 " SUB SP, SP, #0x74 \n"
116 " MOV R0, SP \n"
117 " MOV R1, #0x74 \n"
118 " BL sub_FFA91C1C \n"
119 " MOV R0, #0x53000 \n"
120 " STR R0, [SP, #4] \n"
121
122 #if defined(CHDK_NOT_IN_CANON_HEAP)
123 " LDR R0, =0xA6234 \n"
124 #else
125 " LDR R0, =new_sa\n"
126 " LDR R0, [R0]\n"
127 #endif
128
129 " LDR R2, =0x2ABC00 \n"
130 " LDR R1, =0x2A4968 \n"
131 " STR R0, [SP, #8] \n"
132 " SUB R0, R1, R0 \n"
133 " ADD R3, SP, #0xC \n"
134 " STR R2, [SP] \n"
135 " STMIA R3, {R0-R2} \n"
136 " MOV R0, #0x22 \n"
137 " STR R0, [SP, #0x18] \n"
138 " MOV R0, #0x68 \n"
139 " STR R0, [SP, #0x1C] \n"
140 " LDR R0, =0x19B \n"
141 " MOV R1, #0x64 \n"
142 " STRD R0, [SP, #0x20] \n"
143 " MOV R0, #0x78 \n"
144 " STRD R0, [SP, #0x28] \n"
145 " MOV R0, #0 \n"
146 " STR R0, [SP, #0x30] \n"
147 " STR R0, [SP, #0x34] \n"
148 " MOV R0, #0x10 \n"
149 " STR R0, [SP, #0x5C] \n"
150 " MOV R0, #0x800 \n"
151 " STR R0, [SP, #0x60] \n"
152 " MOV R0, #0xA0 \n"
153 " STR R0, [SP, #0x64] \n"
154 " MOV R0, #0x280 \n"
155 " STR R0, [SP, #0x68] \n"
156 " LDR R1, =uHwSetup_my \n"
157 " MOV R0, SP \n"
158 " MOV R2, #0 \n"
159 " BL sub_FF812D70 \n"
160 " ADD SP, SP, #0x74 \n"
161 " LDR PC, [SP], #4 \n"
162 );
163 }
164
165
166
167 void __attribute__((naked,noinline)) uHwSetup_my() {
168 asm volatile (
169 " STMFD SP!, {R4,LR} \n"
170 " BL sub_FF81095C \n"
171 " BL sub_FF819948 \n"
172 " CMP R0, #0 \n"
173 " LDRLT R0, =0xFF814ED0 /*'dmSetup'*/ \n"
174 " BLLT _err_init_task \n"
175 " BL sub_FF8149E0 \n"
176 " CMP R0, #0 \n"
177 " LDRLT R0, =0xFF814ED8 /*'termDriverInit'*/ \n"
178 " BLLT _err_init_task \n"
179 " LDR R0, =0xFF814EE8 /*'/_term'*/ \n"
180 " BL sub_FF814ACC \n"
181 " CMP R0, #0 \n"
182 " LDRLT R0, =0xFF814EF0 /*'termDeviceCreate'*/ \n"
183 " BLLT _err_init_task \n"
184 " LDR R0, =0xFF814EE8 /*'/_term'*/ \n"
185 " BL sub_FF81357C \n"
186 " CMP R0, #0 \n"
187 " LDRLT R0, =0xFF814F04 /*'stdioSetup'*/ \n"
188 " BLLT _err_init_task \n"
189 " BL sub_FF8194D0 \n"
190 " CMP R0, #0 \n"
191 " LDRLT R0, =0xFF814F10 /*'stdlibSetup'*/ \n"
192 " BLLT _err_init_task \n"
193 " BL sub_FF8114D0 \n"
194 " CMP R0, #0 \n"
195 " LDRLT R0, =0xFF814F1C /*'armlib_setup'*/ \n"
196 " BLLT _err_init_task \n"
197 " LDMFD SP!, {R4,LR} \n"
198 " B CreateTask_Startup_my \n"
199 );
200 }
201
202
203
204 void __attribute__((naked,noinline)) CreateTask_Startup_my() {
205 asm volatile (
206 " STMFD SP!, {R3,LR} \n"
207
208 " BL sub_FF82BA24 \n"
209 " CMP R0, #0 \n"
210 " BNE loc_FF81DC44 \n"
211 " LDR R2, =0xC0220000 \n"
212 " LDR R0, [R2, #0x7C] \n"
213 " LDR R1, [R2, #0x78] \n"
214 " AND R0, R0, R1 \n"
215 " TST R0, #1 \n"
216 " BEQ loc_FF81DC44 \n"
217 " MOV R0, #0x44 \n"
218 " STR R0, [R2, #0x4C] \n"
219
220 "loc_FF81DC40:\n"
221 " B loc_FF81DC40 \n"
222
223 "loc_FF81DC44:\n"
224
225
226 " BL sub_FF8295B0 \n"
227 " MOV R1, #0x300000 \n"
228 " MOV R0, #0 \n"
229 " BL sub_FF8297F8 \n"
230 " BL sub_FF8297A4 /*_EnableDispatch*/ \n"
231 " MOV R3, #0 \n"
232 " STR R3, [SP] \n"
233 " LDR R3, =task_Startup_my \n"
234 " MOV R2, #0 \n"
235 " MOV R1, #0x19 \n"
236 " LDR R0, =0xFF81DC88 /*'Startup'*/ \n"
237 " BL _CreateTask \n"
238 " MOV R0, #0 \n"
239 " LDMFD SP!, {R12,PC} \n"
240 );
241 }
242
243
244
245 void __attribute__((naked,noinline)) task_Startup_my() {
246 asm volatile (
247 " STMFD SP!, {R4,LR} \n"
248 " BL sub_FF81517C \n"
249 " BL sub_FF823F44 \n"
250 " BL sub_FF820E24 \n"
251
252 " BL sub_FF82BC04 \n"
253
254 " BL CreateTask_spytask\n"
255 " BL sub_FF86D5F0 \n"
256 " BL sub_FF82BC54 \n"
257 " BL sub_FF828AF4 \n"
258 " BL sub_FF82BDD0 \n"
259 " BL taskcreatePhySw_my \n"
260 " BL sub_FF825BD0 \n"
261 " BL sub_FF82BDE8 \n"
262
263 " BL sub_FF8220D8 \n"
264 " BL sub_FF82B7D0 \n"
265 " BL sub_FF822874 \n"
266 " BL sub_FF821FE4 \n"
267 " BL sub_FF82C88C \n"
268 " BL sub_FF821FA0 \n"
269 " LDMFD SP!, {R4,LR} \n"
270 " B sub_FF815088 \n"
271 );
272 }
273
274
275
276 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
277 asm volatile (
278 " STMFD SP!, {R3-R5,LR} \n"
279 " LDR R4, =0x1C98 \n"
280 " LDR R0, [R4, #0x10] \n"
281 " CMP R0, #0 \n"
282 " BNE loc_FF822D7C \n"
283 " MOV R3, #0 \n"
284 " STR R3, [SP] \n"
285 " LDR R3, =mykbd_task \n"
286 " MOV R2, #0x2000 \n"
287 " MOV R1, #0x17 \n"
288 " LDR R0, =0xFF822F3C /*'PhySw'*/ \n"
289 " BL sub_FF81BDC8 /*_CreateTaskStrictly*/ \n"
290 " STR R0, [R4, #0x10] \n"
291
292 "loc_FF822D7C:\n"
293 " LDMFD SP!, {R3-R5,PC} \n"
294 );
295 }
296
297
298
299 void __attribute__((naked,noinline)) init_file_modules_task() {
300 asm volatile (
301 " STMFD SP!, {R4-R6,LR} \n"
302 " BL sub_FF86A084 \n"
303 " LDR R5, =0x5006 \n"
304 " MOVS R4, R0 \n"
305 " MOVNE R1, #0 \n"
306 " MOVNE R0, R5 \n"
307 " BLNE _PostLogicalEventToUI \n"
308 " BL sub_FF86A0B0_my \n"
309 " BL core_spytask_can_start\n"
310 " CMP R4, #0 \n"
311 " MOVEQ R0, R5 \n"
312 " LDMEQFD SP!, {R4-R6,LR} \n"
313 " MOVEQ R1, #0 \n"
314 " BEQ _PostLogicalEventToUI \n"
315 " LDMFD SP!, {R4-R6,PC} \n"
316 );
317 }
318
319
320
321 void __attribute__((naked,noinline)) sub_FF86A0B0_my() {
322 asm volatile (
323 " STMFD SP!, {R4,LR} \n"
324 " BL sub_FF84D658_my \n"
325 " LDR R4, =0x58B0 \n"
326 " LDR R0, [R4, #4] \n"
327 " CMP R0, #0 \n"
328 " BNE loc_FF86A0E0 \n"
329 " BL sub_FF87A208 \n"
330 " BL sub_FF8FDA18 \n"
331 " BL sub_FF87A208 \n"
332 " BL sub_FF90A56C \n"
333 " BL sub_FF87A218 \n"
334 " BL sub_FF8FDAC0 \n"
335
336 "loc_FF86A0E0:\n"
337 " MOV R0, #1 \n"
338 " STR R0, [R4] \n"
339 " LDMFD SP!, {R4,PC} \n"
340 );
341 }
342
343
344
345 void __attribute__((naked,noinline)) sub_FF84D658_my() {
346 asm volatile (
347 " STMFD SP!, {R4-R6,LR} \n"
348 " MOV R6, #0 \n"
349 " MOV R0, R6 \n"
350 " BL sub_FF84D228 \n"
351 " LDR R4, =0x15F80 \n"
352 " MOV R5, #0 \n"
353 " LDR R0, [R4, #0x38] \n"
354 " BL sub_FF84DBF0 \n"
355 " CMP R0, #0 \n"
356 " LDREQ R0, =0x2B44 \n"
357 " STREQ R5, [R0, #0xC] \n"
358 " STREQ R5, [R0, #0x10] \n"
359 " STREQ R5, [R0, #0x14] \n"
360 " MOV R0, R6 \n"
361 " BL sub_FF84D268 \n"
362 " MOV R0, R6 \n"
363 " BL sub_FF84D494_my \n"
364 " MOV R5, R0 \n"
365 " MOV R0, R6 \n"
366 " BL sub_FF84D500 \n"
367 " LDR R1, [R4, #0x3C] \n"
368 " AND R2, R5, R0 \n"
369 " CMP R1, #0 \n"
370 " MOV R0, #0 \n"
371 " MOVEQ R0, #0x80000001 \n"
372 " BEQ loc_FF84D6EC \n"
373 " LDR R3, [R4, #0x2C] \n"
374 " CMP R3, #2 \n"
375 " MOVEQ R0, #4 \n"
376 " CMP R1, #5 \n"
377 " ORRNE R0, R0, #1 \n"
378 " BICEQ R0, R0, #1 \n"
379 " CMP R2, #0 \n"
380 " BICEQ R0, R0, #2 \n"
381 " ORREQ R0, R0, #0x80000000 \n"
382 " BICNE R0, R0, #0x80000000 \n"
383 " ORRNE R0, R0, #2 \n"
384
385 "loc_FF84D6EC:\n"
386 " STR R0, [R4, #0x40] \n"
387 " LDMFD SP!, {R4-R6,PC} \n"
388 );
389 }
390
391
392
393 void __attribute__((naked,noinline)) sub_FF84D494_my() {
394 asm volatile (
395 " STMFD SP!, {R4-R6,LR} \n"
396 " LDR R5, =0x2B44 \n"
397 " MOV R6, R0 \n"
398 " LDR R0, [R5, #0x10] \n"
399 " CMP R0, #0 \n"
400 " MOVNE R0, #1 \n"
401 " LDMNEFD SP!, {R4-R6,PC} \n"
402 " MOV R0, #0x17 \n"
403 " MUL R1, R0, R6 \n"
404 " LDR R0, =0x15F80 \n"
405 " ADD R4, R0, R1, LSL#2 \n"
406 " LDR R0, [R4, #0x38] \n"
407 " MOV R1, R6 \n"
408 " BL sub_FF84D32C_my \n"
409 " CMP R0, #0 \n"
410 " LDMEQFD SP!, {R4-R6,PC} \n"
411 " LDR R0, [R4, #0x38] \n"
412 " MOV R1, R6 \n"
413 " BL sub_FF84DD08 \n"
414 " CMP R0, #0 \n"
415 " LDMEQFD SP!, {R4-R6,PC} \n"
416 " MOV R0, R6 \n"
417 " BL sub_FF84CE48 \n"
418 " CMP R0, #0 \n"
419 " MOVNE R1, #1 \n"
420 " STRNE R1, [R5, #0x10] \n"
421 " LDMFD SP!, {R4-R6,PC} \n"
422 );
423 }
424
425
426
427 void __attribute__((naked,noinline)) sub_FF84D32C_my() {
428 asm volatile (
429 " STMFD SP!, {R4-R8,LR} \n"
430 " MOV R8, R0 \n"
431 " MOV R0, #0x17 \n"
432 " MUL R1, R0, R1 \n"
433 " LDR R0, =0x15F80 \n"
434 " MOV R6, #0 \n"
435 " ADD R7, R0, R1, LSL#2 \n"
436 " LDR R0, [R7, #0x3C] \n"
437 " MOV R5, #0 \n"
438 " CMP R0, #6 \n"
439 " ADDLS PC, PC, R0, LSL#2 \n"
440 " B loc_FF84D478 \n"
441 " B loc_FF84D390 \n"
442 " B loc_FF84D378 \n"
443 " B loc_FF84D378 \n"
444 " B loc_FF84D378 \n"
445 " B loc_FF84D378 \n"
446 " B loc_FF84D470 \n"
447 " B loc_FF84D378 \n"
448
449 "loc_FF84D378:\n"
450 " MOV R2, #0 \n"
451 " MOV R1, #0x200 \n"
452 " MOV R0, #3 \n"
453 " BL _exmem_ualloc \n"
454 " MOVS R4, R0 \n"
455 " BNE loc_FF84D398 \n"
456
457 "loc_FF84D390:\n"
458 " MOV R0, #0 \n"
459 " LDMFD SP!, {R4-R8,PC} \n"
460
461 "loc_FF84D398:\n"
462 " LDR R12, [R7, #0x4C] \n"
463 " MOV R3, R4 \n"
464 " MOV R2, #1 \n"
465 " MOV R1, #0 \n"
466 " MOV R0, R8 \n"
467 " BLX R12 \n"
468 " CMP R0, #1 \n"
469 " BNE loc_FF84D3C4 \n"
470 " MOV R0, #3 \n"
471 " BL _exmem_ufree \n"
472 " B loc_FF84D390 \n"
473
474 "loc_FF84D3C4:\n"
475 " MOV R0, R8 \n"
476 " BL sub_FF91AD24 \n"
477
478 " MOV R1, R4\n"
479 " BL mbr_read_dryos\n"
480
481
482
483
484
485
486 " MOV R12, R4\n"
487 " MOV LR, R4\n"
488 " MOV R1, #1\n"
489 " B dg_sd_fat32_enter\n"
490 "dg_sd_fat32:\n"
491 " CMP R1, #4\n"
492 " BEQ dg_sd_fat32_end\n"
493 " ADD R12, R12, #0x10\n"
494 " ADD R1, R1, #1\n"
495 "dg_sd_fat32_enter:\n"
496 " LDRB R2, [R12, #0x1BE]\n"
497 " LDRB R3, [R12, #0x1C2]\n"
498 " CMP R3, #0xB\n"
499 " CMPNE R3, #0xC\n"
500 " CMPNE R3, #0x7\n"
501 " BNE dg_sd_fat32\n"
502 " CMP R2, #0x00\n"
503 " CMPNE R2, #0x80\n"
504 " BNE dg_sd_fat32\n"
505
506 " MOV R4, R12\n"
507
508 "dg_sd_fat32_end:\n"
509
510
511 " LDRB R1, [R4, #0x1C9] \n"
512 " LDRB R3, [R4, #0x1C8] \n"
513 " LDRB R12, [R4, #0x1CC] \n"
514 " MOV R1, R1, LSL#24 \n"
515 " ORR R1, R1, R3, LSL#16 \n"
516 " LDRB R3, [R4, #0x1C7] \n"
517 " LDRB R2, [R4, #0x1BE] \n"
518
519 " ORR R1, R1, R3, LSL#8 \n"
520 " LDRB R3, [R4, #0x1C6] \n"
521 " CMP R2, #0 \n"
522 " CMPNE R2, #0x80 \n"
523 " ORR R1, R1, R3 \n"
524 " LDRB R3, [R4, #0x1CD] \n"
525 " MOV R3, R3, LSL#24 \n"
526 " ORR R3, R3, R12, LSL#16 \n"
527 " LDRB R12, [R4, #0x1CB] \n"
528 " ORR R3, R3, R12, LSL#8 \n"
529 " LDRB R12, [R4, #0x1CA] \n"
530 " ORR R3, R3, R12 \n"
531
532
533 " LDRB R12, [LR,#0x1FE]\n"
534 " LDRB LR, [LR,#0x1FF]\n"
535
536 " MOV R4, #0 \n"
537 " BNE loc_FF84D44C \n"
538 " CMP R0, R1 \n"
539 " BCC loc_FF84D44C \n"
540 " ADD R2, R1, R3 \n"
541 " CMP R2, R0 \n"
542 " CMPLS R12, #0x55 \n"
543 " CMPEQ LR, #0xAA \n"
544 " MOVEQ R6, R1 \n"
545 " MOVEQ R5, R3 \n"
546 " MOVEQ R4, #1 \n"
547
548 "loc_FF84D44C:\n"
549 " MOV R0, #3 \n"
550 " BL _exmem_ufree \n"
551 " CMP R4, #0 \n"
552 " BNE loc_FF84D484 \n"
553 " MOV R6, #0 \n"
554 " MOV R0, R8 \n"
555 " BL sub_FF91AD24 \n"
556 " MOV R5, R0 \n"
557 " B loc_FF84D484 \n"
558
559 "loc_FF84D470:\n"
560 " MOV R5, #0x40 \n"
561 " B loc_FF84D484 \n"
562
563 "loc_FF84D478:\n"
564 " LDR R1, =0x365 \n"
565 " LDR R0, =0xFF84D320 /*'Mounter.c'*/ \n"
566 " BL _DebugAssert \n"
567
568 "loc_FF84D484:\n"
569 " STR R6, [R7, #0x44]! \n"
570 " MOV R0, #1 \n"
571 " STR R5, [R7, #4] \n"
572 " LDMFD SP!, {R4-R8,PC} \n"
573 );
574 }
575
576
577
578 void __attribute__((naked,noinline)) my_touchw_task() {
579 asm volatile (
580 " STMFD SP!, {R4-R6,LR} \n"
581 " BL sub_FF8E91FC \n"
582 " LDR R5, =0xFFAA78B8 \n"
583 " LDR R4, =0xD284 \n"
584
585 "loc_FF8E8608:\n"
586 " LDR R0, [R4, #0x1C] \n"
587 " MOV R3, #0x1D0 \n"
588 " LDR R2, =0xFF8E8818 /*'TouchWheel.c'*/ \n"
589 " MOV R1, #0 \n"
590 " BL sub_FF81BEB0 /*_TakeSemaphoreStrictly*/ \n"
591
592 " BL kbd_is_blocked\n"
593 " MOV R6, R0\n"
594 " LDR R0, [R4, #0x24] \n"
595 " LDR R1, [R4, #0x28] \n"
596
597
598 " CMP R6, #0\n"
599 " BEQ bypass_skip_touch\n"
600
601
602 " CMP R0, #2\n"
603 " CMPEQ R1, #1\n"
604 " BEQ loc_FF8E8608\n"
605
606 "bypass_skip_touch:\n"
607
608 " ADD R0, R5, R0, LSL#4 \n"
609 " LDR R0, [R0, R1, LSL#2] \n"
610 " BLX R0 \n"
611 " B loc_FF8E8608 \n"
612 );
613 }