root/platform/a3200/sub/100d/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. taskHook
  2. boot
  3. sub_FF810358_my
  4. sub_FF8111B0_my
  5. sub_FF815EE0_my
  6. taskcreate_Startup_my
  7. task_Startup_my
  8. taskcreatePhySw_my
  9. CreateTask_spytask
  10. init_file_modules_task
   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 #include "dryos31.h"
   5 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
   6 
   7 #define LED_AF          0xC02200F4
   8 #define LED_PR          0xC02200F0  //Power LED green
   9 
  10 const char * const new_sa = &_end;
  11 
  12 // Forward declarations
  13 void CreateTask_PhySw();
  14 void CreateTask_spytask();
  15 void boot();
  16 
  17 /*
  18 //debug use only
  19 int debug_blink(int save_R0) {
  20         int i;
  21         *((volatile int *) LED_PR) = 0x46; // Turn on LED
  22         for (i=0; i<800000; i++) // Wait a while
  23                 {
  24                 asm volatile ( "nop \n" );
  25                 }
  26 
  27         *((volatile int *) LED_PR) = 0x44; // Turn off LED
  28         for (i=0; i<800000; i++) // Wait a while
  29                 {
  30                 asm volatile ( "nop \n" );
  31                 }
  32         return save_R0;
  33 };
  34 
  35 void __attribute__((naked,noinline)) my_blinker(int n) {
  36         asm volatile (
  37 "                STMFD   SP!, {R0-R5,LR}\n"
  38 );
  39         int i, j;
  40         for (j=0; j<n; j++)
  41         {
  42                 *((volatile int *) LED_PR) = 0x46; // Turn on LED
  43                 for (i=0; i<0x200000; i++) { asm volatile ( "nop\n" ); }
  44 
  45                 *((volatile int *) LED_PR) = 0x44; // Turn off LED
  46                 for (i=0; i<0x400000; i++) { asm volatile ( "nop\n" ); }
  47         }
  48         for (i=0; i<0x900000; i++) { asm volatile ( "nop\n" ); }
  49         asm volatile (
  50 "                LDMFD   SP!, {R0-R5,PC}\n"
  51         );
  52 }
  53 */
  54 
  55 extern void task_CaptSeq();
  56 extern void task_InitFileModules();
  57 extern void task_MovieRecord();
  58 extern void task_ExpDrv();
  59 extern void task_PhySw();
  60 extern void task_FileWrite();
  61 
  62 void taskHook(context_t **context) {
  63 
  64         task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
  65 
  66         // Replace firmware task addresses with ours
  67         if(tcb->entry == (void*)task_PhySw)             tcb->entry = (void*)mykbd_task;
  68         if(tcb->entry == (void*)task_CaptSeq)           tcb->entry = (void*)capt_seq_task;
  69         if(tcb->entry == (void*)task_InitFileModules)   tcb->entry = (void*)init_file_modules_task;
  70         if(tcb->entry == (void*)task_MovieRecord)       tcb->entry = (void*)movie_record_task;
  71         if(tcb->entry == (void*)task_ExpDrv)            tcb->entry = (void*)exp_drv_task;
  72     if(tcb->entry == (void*)task_FileWrite)        tcb->entry = (void*)filewritetask;
  73 }
  74 
  75 /*---------------------------------------------------------------------
  76   Memory Map:
  77     0001900     MEMBASEADDR             start of data - used for initialized vars
  78     0011057??                           end of inited data 
  79     0011058??                           start of bss - used for zeroed/uninited vars 
  80     0xxxxxx                             end of bss 
  81     016A88C     MEMISOSTART             start of our data / bss 
  82 
  83     0400000??                           raw buffers
  84     8000000??                           end of raw buffers
  85 
  86     C0xxxxxx                            I/O
  87 
  88     FF810000    ROMBASEADDR             start of rom
  89     FFFFFFFF                            end of rom
  90 ----------------------------------------------------------------------*/
  91 
  92 //** boot  @ 0xFF81000C
  93 
  94 void __attribute__((naked,noinline)) boot(  ) { 
  95 asm volatile (
  96       "LDR     R1, =0xC0410000 \n"
  97       "MOV     R0, #0 \n"
  98       "STR     R0, [R1] \n"
  99       "MOV     R1, #0x78 \n"
 100       "MCR     p15, 0, R1, c1, c0 \n"
 101       "MOV     R1, #0 \n"
 102       "MCR     p15, 0, R1, c7, c10, 4 \n"
 103       "MCR     p15, 0, R1, c7, c5 \n"
 104       "MCR     p15, 0, R1, c7, c6 \n"
 105       "MOV     R0, #0x3D \n"
 106       "MCR     p15, 0, R0, c6, c0 \n"
 107       "MOV     R0, #0xC000002F \n"
 108       "MCR     p15, 0, R0, c6, c1 \n"
 109       "MOV     R0, #0x33 \n"                    // memory region & size. bits 5:1 = size index, actual size = 2^(size index + 1) = 64MB
 110       "MCR     p15, 0, R0, c6, c2 \n"
 111       "MOV     R0, #0x40000033 \n"      // memory region & size. bits 5:1 = size index, actual size = 2^(size index + 1) = 64MB
 112       "MCR     p15, 0, R0, c6, c3 \n"
 113       "MOV     R0, #0x80000017 \n"
 114       "MCR     p15, 0, R0, c6, c4 \n"
 115       "LDR     R0, =0xFF80002D \n"
 116       "MCR     p15, 0, R0, c6, c5 \n"
 117       "MOV     R0, #0x34 \n"
 118       "MCR     p15, 0, R0, c2, c0 \n"
 119       "MOV     R0, #0x34 \n"
 120       "MCR     p15, 0, R0, c2, c0, 1 \n"
 121       "MOV     R0, #0x34 \n"
 122       "MCR     p15, 0, R0, c3, c0 \n"
 123       "LDR     R0, =0x3333330 \n"
 124       "MCR     p15, 0, R0, c5, c0, 2 \n"
 125       "LDR     R0, =0x3333330 \n"
 126       "MCR     p15, 0, R0, c5, c0, 3 \n"
 127       "MRC     p15, 0, R0, c1, c0 \n"
 128       "ORR     R0, R0, #0x1000 \n"
 129       "ORR     R0, R0, #4 \n"
 130       "ORR     R0, R0, #1 \n"
 131       "MCR     p15, 0, R0, c1, c0 \n"
 132       "MOV     R1, #0x80000006 \n"
 133       "MCR     p15, 0, R1, c9, c1 \n"
 134       "MOV     R1, #6 \n"
 135       "MCR     p15, 0, R1, c9, c1, 1 \n"
 136       "MRC     p15, 0, R1, c1, c0 \n"
 137       "ORR     R1, R1, #0x50000 \n"
 138       "MCR     p15, 0, R1, c1, c0 \n"
 139       "LDR     R2, =0xC0200000 \n"
 140       "MOV     R1, #1 \n"
 141       "STR     R1, [R2, #0x10C] \n"
 142       "MOV     R1, #0xFF \n"
 143       "STR     R1, [R2, #0xC] \n"
 144       "STR     R1, [R2, #0x1C] \n"
 145       "STR     R1, [R2, #0x2C] \n"
 146       "STR     R1, [R2, #0x3C] \n"
 147       "STR     R1, [R2, #0x4C] \n"
 148       "STR     R1, [R2, #0x5C] \n"
 149       "STR     R1, [R2, #0x6C] \n"
 150       "STR     R1, [R2, #0x7C] \n"
 151       "STR     R1, [R2, #0x8C] \n"
 152       "STR     R1, [R2, #0x9C] \n"
 153       "STR     R1, [R2, #0xAC] \n"
 154       "STR     R1, [R2, #0xBC] \n"
 155       "STR     R1, [R2, #0xCC] \n"
 156       "STR     R1, [R2, #0xDC] \n"
 157       "STR     R1, [R2, #0xEC] \n"
 158       "STR     R1, [R2, #0xFC] \n"
 159       "LDR     R1, =0xC0400008 \n"
 160       "LDR     R2, =0x430005 \n"
 161       "STR     R2, [R1] \n"
 162       "MOV     R1, #1 \n"
 163       "LDR     R2, =0xC0243100 \n"
 164       "STR     R2, [R1] \n"
 165       "LDR     R2, =0xC0242010 \n"
 166       "LDR     R1, [R2] \n"
 167       "ORR     R1, R1, #1 \n"
 168       "STR     R1, [R2] \n"
 169       "LDR     R0, =0xFFC337A8 \n" // canon_data_src
 170       "LDR     R1, =0x1900 \n"     // MEMBASEADDR
 171       "LDR     R3, =0xF0AC \n"
 172 "loc_FF81013C:\n"
 173       "CMP     R1, R3 \n"
 174       "LDRCC   R2, [R0], #4 \n"
 175       "STRCC   R2, [R1], #4 \n"
 176       "BCC     loc_FF81013C \n"
 177       "LDR     R1, =0x16A88C \n"                // MEMISOSTART
 178       "MOV     R2, #0 \n"
 179 "loc_FF810154:\n"
 180       "CMP     R3, R1 \n"
 181       "STRCC   R2, [R3], #4 \n"
 182       "BCC     loc_FF810154 \n"
 183       "B       sub_FF810358_my \n"      //patched
 184         );
 185 }
 186 
 187 
 188 //** sub_FF810358_my  @ 0xFF810358 
 189 
 190 void __attribute__((naked,noinline)) sub_FF810358_my(  ) {
 191 
 192 // Hook Canon Firmware Tasks, http://chdk.setepontos.com/index.php/topic,4194.0.html
 193    *(int*)0x1938=(int)taskHook;         //ROM @ 0xFF81069C
 194    *(int*)0x193C=(int)taskHook;         //ROM @ 0xFF8106DC
 195 
 196 
 197 // Power Button detection (short press = playback mode, long press = record mode) 
 198 /* a3200 0x24f8 found @ ff85fc00 */
 199 /* C0220038 ??? */
 200     *(int*)(0x24F8)= (*(int*)0xC0220038)&1 ? 0x200000 : 0x100000;
 201 
 202 asm volatile (
 203       "LDR     R0, =0xFF8103D0 \n"
 204       "MOV     R1, #0 \n"
 205       "LDR     R3, =0xFF810408 \n"
 206 "loc_FF810364:\n"
 207       "CMP     R0, R3 \n"
 208       "LDRCC   R2, [R0], #4 \n"
 209       "STRCC   R2, [R1], #4 \n"
 210       "BCC     loc_FF810364 \n"
 211       "LDR     R0, =0xFF810408 \n"
 212       "MOV     R1, #0x4B0 \n"
 213       "LDR     R3, =0xFF81061C \n"
 214 "loc_FF810380:\n"
 215       "CMP     R0, R3 \n"
 216       "LDRCC   R2, [R0], #4 \n"
 217       "STRCC   R2, [R1], #4 \n"
 218       "BCC     loc_FF810380 \n"
 219       "MOV     R0, #0xD2 \n"
 220       "MSR     CPSR_cxsf, R0 \n"
 221       "MOV     SP, #0x1000 \n"
 222       "MOV     R0, #0xD3 \n"
 223       "MSR     CPSR_cxsf, R0 \n"
 224       "MOV     SP, #0x1000 \n"
 225       "LDR     R0, =0x6C4 \n"
 226       "LDR     R2, =0xEEEEEEEE \n"
 227       "MOV     R3, #0x1000 \n"
 228 "loc_FF8103B4:\n"
 229       "CMP     R0, R3 \n"
 230       "STRCC   R2, [R0], #4 \n"
 231       "BCC     loc_FF8103B4 \n"
 232 //      "BL      sub_FF8111B0 \n"   //original
 233       "BL      sub_FF8111B0_my \n"  //patched
 234         );
 235 }
 236 
 237 //** sub_FF8111B0_my  @ 0xFF8111B0 
 238 
 239 void __attribute__((naked,noinline)) sub_FF8111B0_my(  ) { 
 240 asm volatile (
 241       "STR     LR, [SP, #-4]! \n"
 242       "SUB     SP, SP, #0x74 \n"
 243       "MOV     R1, #0x74 \n"
 244       "MOV     R0, SP \n"
 245       "BL      sub_FFB58394 \n"
 246       "MOV     R0, #0x53000 \n"
 247       "STR     R0, [SP, #4] \n"
 248 #if defined(CHDK_NOT_IN_CANON_HEAP)
 249       "LDR     R0, =0x16A88C \n"    // use original heap offset since CHDK is loaded in high memory
 250 #else
 251       "LDR     R0, =new_sa\n"           // otherwise use patched value
 252       "LDR       R0, [R0]\n"                    //
 253 #endif
 254       "LDR     R2, =0x2F1F80 \n"
 255       "STR     R0, [SP, #8] \n"
 256       "SUB     R0, R2, R0 \n"
 257       "STR     R0, [SP, #0xC] \n"
 258       "MOV     R0, #0x22 \n"
 259       "STR     R0, [SP, #0x18] \n"
 260       "MOV     R0, #0x68 \n"
 261       "STR     R0, [SP, #0x1C] \n"
 262       "LDR     R1, =0x2F9C00 \n"
 263       "LDR     R0, =0x19B \n"
 264       "STR     R1, [SP] \n"
 265       "STR     R0, [SP, #0x20] \n"
 266       "MOV     R0, #0x96 \n"
 267       "STR     R2, [SP, #0x10] \n"
 268       "STR     R1, [SP, #0x14] \n"
 269       "STR     R0, [SP, #0x24] \n"
 270       "STR     R0, [SP, #0x28] \n"
 271       "MOV     R0, #0x64 \n"
 272       "STR     R0, [SP, #0x2C] \n"
 273       "MOV     R0, #0 \n"
 274       "STR     R0, [SP, #0x30] \n"
 275       "STR     R0, [SP, #0x34] \n"
 276       "MOV     R0, #0x10 \n"
 277       "STR     R0, [SP, #0x5C] \n"
 278       "MOV     R0, #0x800 \n"
 279       "STR     R0, [SP, #0x60] \n"
 280       "MOV     R0, #0xA0 \n"
 281       "STR     R0, [SP, #0x64] \n"
 282       "MOV     R0, #0x280 \n"
 283       "STR     R0, [SP, #0x68] \n"
 284 //      "LDR     R1, =0xFF815EE0 \n" //original
 285       "LDR     R1, =sub_FF815EE0_my \n" //patched
 286       "MOV     R2, #0 \n"
 287       "MOV     R0, SP \n"
 288       "BL      sub_FF8134C4 \n"
 289       "ADD     SP, SP, #0x74 \n"
 290       "LDR     PC, [SP], #4 \n"
 291         );
 292 }
 293 
 294 //** sub_FF815EE0_my  @ 0xFF815EE0 
 295 
 296 void __attribute__((naked,noinline)) sub_FF815EE0_my() {
 297 
 298 asm volatile (
 299       "STMFD   SP!, {R4,LR} \n"
 300       "BL      sub_FF810B28 \n"
 301       "BL      sub_FF81A374 \n"
 302       "CMP     R0, #0 \n"
 303       "LDRLT   R0, =0xFF815FF4 \n"
 304       "BLLT    sub_FF815FD4 \n"
 305       "BL      sub_FF815B18 \n"
 306       "CMP     R0, #0 \n"
 307       "LDRLT   R0, =0xFF815FFC \n"
 308       "BLLT    sub_FF815FD4 \n"
 309       "LDR     R0, =0xFF81600C \n"
 310       "BL      sub_FF815C00 \n"
 311       "CMP     R0, #0 \n"
 312       "LDRLT   R0, =0xFF816014 \n"
 313       "BLLT    sub_FF815FD4 \n"
 314       "LDR     R0, =0xFF81600C \n"
 315       "BL      sub_FF813CA8 \n"
 316       "CMP     R0, #0 \n"
 317       "LDRLT   R0, =0xFF816028 \n"
 318       "BLLT    sub_FF815FD4 \n"
 319       "BL      sub_FF819D00 \n"
 320       "CMP     R0, #0 \n"
 321       "LDRLT   R0, =0xFF816034 \n"
 322       "BLLT    sub_FF815FD4 \n"
 323       "BL      sub_FF811690 \n"
 324       "CMP     R0, #0 \n"
 325       "LDRLT   R0, =0xFF816040 \n"
 326       "BLLT    sub_FF815FD4 \n"
 327       "LDMFD   SP!, {R4,LR} \n"
 328 //      "B       sub_FF81FC58 \n" //original
 329       "B       taskcreate_Startup_my \n"                //patched
 330         );
 331 }
 332 
 333 //** taskcreate_Startup_my  @ 0xFF81FC58 
 334 
 335 void __attribute__((naked,noinline)) taskcreate_Startup_my(  ) { 
 336 asm volatile (
 337       "STMFD   SP!, {R3-R9,LR} \n"
 338       "MOV     R6, #0 \n"
 339       "BL      sub_FF834274 \n"
 340       "BL      sub_FF83BF7C \n"
 341       "LDR     R9, =0xC0220000 \n"
 342       "MOVS    R7, R0 \n"
 343       "MOV     R8, #1 \n"
 344       "BNE     loc_FF81FCC0 \n"
 345       "BL      sub_FF835B78 \n"
 346       "CMP     R0, #0 \n"
 347       "BEQ     loc_FF81FCC0 \n"
 348       "LDR     R0, [R9, #0x34] \n"
 349       "BIC     R5, R8, R0 \n"
 350       "LDR     R0, [R9, #0x38] \n"
 351       "BIC     R4, R8, R0 \n"
 352       "BL      sub_FF83363C \n"
 353       "CMP     R0, #1 \n"
 354       "MOVEQ   R6, #1 \n"
 355       "ORR     R0, R4, R5 \n"
 356       "ORRS    R0, R0, R6 \n"
 357       "BNE     loc_FF81FCD0 \n"
 358       "BL      sub_FF833930 \n"
 359       "MOV     R0, #0x44 \n"
 360       "STR     R0, [R9, #0xDC] \n"
 361       "BL      sub_FF833B1C \n"
 362 "loc_FF81FCBC:\n"
 363       "B       loc_FF81FCBC \n"
 364 "loc_FF81FCC0:\n"
 365       "LDR     R0, [R9, #0x38] \n"
 366       "BIC     R4, R8, R0 \n"
 367       "LDR     R0, [R9, #0x34] \n"
 368       "BIC     R5, R8, R0 \n"
 369 "loc_FF81FCD0:\n"
 370       "MOV     R3, R6 \n"
 371       "MOV     R2, R7 \n"
 372       "MOV     R1, R5 \n"
 373       "MOV     R0, R4 \n"
 374 //      "BL      sub_FF83427C \n"   // we must remove this for power-on mode handling to work
 375       "BL      sub_FF834278 \n"
 376       "BL      sub_FF83A14C \n"
 377       "LDR     R1, =0x34E000 \n"
 378       "MOV     R0, #0 \n"
 379       "BL      sub_FF83A5BC \n"
 380       "BL      sub_FF83A364 \n"
 381       "MOV     R3, #0 \n"
 382       "STR     R3, [SP] \n"
 383 //      "LDR     R3, =0xFF81FBF4 \n"   //original
 384       "LDR     R3, =task_Startup_my\n" //patched
 385       "MOV     R2, #0 \n"
 386       "MOV     R1, #0x19 \n"
 387       "LDR     R0, =0xFF81FD2C \n"
 388       "BL      sub_FF81E9B0 \n"
 389       "MOV     R0, #0 \n"
 390       "LDMFD   SP!, {R3-R9,PC} \n"
 391         );
 392 }
 393 
 394 //** task_Startup_my  @ 0xFF81FBF4 
 395 
 396 void __attribute__((naked,noinline)) task_Startup_my(  ) { 
 397 asm volatile (
 398       "STMFD   SP!, {R4,LR} \n"
 399       "BL      sub_FF816588 \n"
 400       "BL      sub_FF8353E8 \n"
 401       "BL      sub_FF83364C \n"
 402       "BL      sub_FF83BFC4 \n"
 403       "BL      sub_FF83C1B0 \n"
 404 //      "BL      sub_FF83C058 \n" //removed to keep Diskboot.bin from loading again
 405       "BL      sub_FF83C350 \n"
 406       "BL      sub_FF832208 \n"
 407       "BL      sub_FF83C1E0 \n"
 408       "BL      sub_FF8398F0 \n"
 409       "BL      sub_FF83C354 \n"
 410       "BL      CreateTask_spytask\n"    //added
 411       "BL      taskcreatePhySw_my\n"    //added
 412 //      "BL      sub_FF83413C \n"               //removed
 413       "BL      sub_FF837AF4 \n" 
 414       "BL      sub_FF83C36C \n" 
 415       "BL      sub_FF831600 \n" 
 416       "BL      sub_FF832FB0 \n" 
 417       "BL      sub_FF83BD38 \n" 
 418       "BL      sub_FF8335EC \n" 
 419       "BL      sub_FF832F4C \n" 
 420       "BL      sub_FF83223C \n" 
 421       "BL      sub_FF83CE0C \n" 
 422       "BL      sub_FF832F10 \n" 
 423       "LDMFD   SP!, {R4,LR} \n" 
 424       "B       sub_FF8166A8 \n"  //Continue in firmware */
 425         );
 426 }
 427 
 428 //** taskcreatePhySw_my  @ 0xFF83413C 
 429 
 430 void __attribute__((naked,noinline)) taskcreatePhySw_my(  ) { 
 431 asm volatile (
 432       "STMFD   SP!, {R3-R5,LR} \n"
 433       "LDR     R4, =0x1C30 \n"
 434       "LDR     R0, [R4, #4] \n"
 435       "CMP     R0, #0 \n"
 436       "BNE     loc_FF834170 \n"
 437       "MOV     R3, #0 \n"
 438       "STR     R3, [SP] \n"
 439 //      "LDR     R3, =0xFF834108 \n" //original. Replaced by mykbd_tasks
 440       "LDR     R3, =mykbd_task\n"       //added
 441 //      "MOV     R2, #0x800 \n"      //original
 442       "MOV     R2, #0x2000 \n"          //patched
 443       "MOV     R1, #0x17 \n"
 444       "LDR     R0, =0xFF834390 \n"
 445       "BL      sub_FF83A3BC \n"
 446       "STR     R0, [R4, #4] \n"
 447 "loc_FF834170:\n"
 448       "BL      sub_FF88B298 \n"
 449       "BL      sub_FF835AC8 \n"
 450       "CMP     R0, #0 \n"
 451       "BNE     loc_FF83418C \n"
 452       "LDR     R1, =0x32D20 \n"
 453       "MOV     R0, #0 \n"
 454       "BL      sub_FF88B20C \n"
 455 "loc_FF83418C:\n"
 456       "LDMFD   SP!, {R3-R5,PC} \n"
 457         );
 458 }
 459 
 460 void CreateTask_spytask() {
 461 
 462         _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
 463 };
 464 
 465 
 466 //** init_file_modules_task  @ 0xFF895844 
 467 
 468 void __attribute__((naked,noinline)) init_file_modules_task() {
 469 asm volatile (
 470       "STMFD   SP!, {R4-R6,LR} \n"
 471       "BL      sub_FF88D734 \n"
 472       "LDR     R5, =0x5006 \n"
 473       "MOVS    R4, R0 \n"
 474       "MOVNE   R1, #0 \n"
 475       "MOVNE   R0, R5 \n"
 476       "BLNE    sub_FF8915CC \n"
 477       "BL      sub_FF88D760 \n"
 478       "BL      core_spytask_can_start\n"//added
 479       "CMP     R4, #0 \n"
 480       "LDMNEFD SP!, {R4-R6,PC} \n"
 481       "MOV     R0, R5 \n"
 482       "LDMFD   SP!, {R4-R6,LR} \n"
 483       "MOV     R1, #0 \n"
 484       "B       sub_FF8915CC \n"
 485         );
 486 }
/* [<][>][^][v][top][bottom][index][help] */