This source file includes following definitions.
- CreateTask_spytask
- boot
- CreateTask_low_my
- sub_FF8203C4_my
- sub_FF8228D4_my
- sub_FF8246FC_my
- sub_FF8285C0_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
- init_required_fw_features
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7 #include "dryos31.h"
8
9 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
10
11 const char * const new_sa = &_end;
12
13
14
15
16 void CreateTask_spytask()
17 {
18 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
19 }
20
21
22
23
24
25
26
27
28
29
30 void __attribute__((naked,noinline)) boot() {
31 asm volatile (
32 " LDR R1, =0xC0410000 \n"
33 " MOV R0, #0 \n"
34 " STR R0, [R1] \n"
35 " MOV R1, #0x78 \n"
36 " MCR p15, 0, R1, c1, c0 \n"
37 " MOV R1, #0 \n"
38 " MCR p15, 0, R1, c7, c10, 4 \n"
39 " MCR p15, 0, R1, c7, c5 \n"
40 " MCR p15, 0, R1, c7, c6 \n"
41 " MOV R0, #0x3D \n"
42 " MCR p15, 0, R0, c6, c0 \n"
43 " MOV R0, #0xC000002F \n"
44 " MCR p15, 0, R0, c6, c1 \n"
45 " MOV R0, #0x35 \n"
46 " MCR p15, 0, R0, c6, c2 \n"
47 " MOV R0, #0x40000035 \n"
48 " MCR p15, 0, R0, c6, c3 \n"
49 " MOV R0, #0x80000017 \n"
50 " MCR p15, 0, R0, c6, c4 \n"
51 " LDR R0, =0xFF80002D \n"
52 " MCR p15, 0, R0, c6, c5 \n"
53 " MOV R0, #0x34 \n"
54 " MCR p15, 0, R0, c2, c0 \n"
55 " MOV R0, #0x34 \n"
56 " MCR p15, 0, R0, c2, c0, 1 \n"
57 " MOV R0, #0x34 \n"
58 " MCR p15, 0, R0, c3, c0 \n"
59 " LDR R0, =0x3333330 \n"
60 " MCR p15, 0, R0, c5, c0, 2 \n"
61 " LDR R0, =0x3333330 \n"
62 " MCR p15, 0, R0, c5, c0, 3 \n"
63 " MRC p15, 0, R0, c1, c0 \n"
64 " ORR R0, R0, #0x1000 \n"
65 " ORR R0, R0, #4 \n"
66 " ORR R0, R0, #1 \n"
67 " MCR p15, 0, R0, c1, c0 \n"
68 " MOV R1, #0x80000006 \n"
69 " MCR p15, 0, R1, c9, c1 \n"
70 " MOV R1, #6 \n"
71 " MCR p15, 0, R1, c9, c1, 1 \n"
72 " MRC p15, 0, R1, c1, c0 \n"
73 " ORR R1, R1, #0x50000 \n"
74 " MCR p15, 0, R1, c1, c0 \n"
75 " LDR R2, =0xC0200000 \n"
76 " MOV R1, #1 \n"
77 " STR R1, [R2, #0x10C] \n"
78 " MVN R1, #0 \n"
79 " STR R1, [R2, #0xC] \n"
80 " STR R1, [R2, #0x1C] \n"
81 " STR R1, [R2, #0x2C] \n"
82 " STR R1, [R2, #0x3C] \n"
83 " STR R1, [R2, #0x4C] \n"
84 " STR R1, [R2, #0x5C] \n"
85 " STR R1, [R2, #0x6C] \n"
86 " STR R1, [R2, #0x7C] \n"
87 " STR R1, [R2, #0x8C] \n"
88 " STR R1, [R2, #0x9C] \n"
89 " STR R1, [R2, #0xAC] \n"
90 " STR R1, [R2, #0xBC] \n"
91 " STR R1, [R2, #0xCC] \n"
92 " STR R1, [R2, #0xDC] \n"
93 " STR R1, [R2, #0xEC] \n"
94 " STR R1, [R2, #0xFC] \n"
95 " LDR R1, =0xC0400008 \n"
96 " LDR R2, =0x430005 \n"
97 " STR R2, [R1] \n"
98 " MOV R1, #1 \n"
99 " LDR R2, =0xC0243100 \n"
100 " STR R2, [R1] \n"
101 " LDR R2, =0xC0242010 \n"
102 " LDR R1, [R2] \n"
103 " ORR R1, R1, #1 \n"
104 " STR R1, [R2] \n"
105 " LDR R0, =0xFFCEE1FC \n"
106 " LDR R1, =0x6B1000 \n"
107 " LDR R3, =0x6BE85A \n"
108
109 "loc_FF82013C:\n"
110 " CMP R1, R3 \n"
111 " LDRCC R2, [R0], #4 \n"
112 " STRCC R2, [R1], #4 \n"
113 " BCC loc_FF82013C \n"
114 " LDR R0, =0xFFCDFE80 \n"
115 " LDR R1, =0x1900 \n"
116 " LDR R3, =0xFC7C \n"
117
118 "loc_FF820158:\n"
119 " CMP R1, R3 \n"
120 " LDRCC R2, [R0], #4 \n"
121 " STRCC R2, [R1], #4 \n"
122 " BCC loc_FF820158 \n"
123 " LDR R1, =0x1929D8 \n"
124 " MOV R2, #0 \n"
125
126 "loc_FF820170:\n"
127 " CMP R3, R1 \n"
128 " STRCC R2, [R3], #4 \n"
129 " BCC loc_FF820170 \n"
130
131
132
133
134 " LDR R0, =patch_CreateTask_low\n"
135 " LDM R0, {R1,R2}\n"
136 " LDR R0, =hook_CreateTask_low\n"
137 " STM R0, {R1,R2}\n"
138
139 " B sub_FF8203C4_my \n"
140
141 "patch_CreateTask_low:\n"
142 " LDR PC, [PC,#-0x4]\n"
143 " .long CreateTask_low_my\n"
144 );
145 }
146
147
148
149 void __attribute__((naked,noinline)) CreateTask_low_my() {
150 asm volatile (
151 " STMFD SP!, {R1}\n"
152
153
154
155 " LDR R1, =task_CaptSeq\n"
156 " CMP R1, R0\n"
157 " LDREQ R0, =capt_seq_task\n"
158 " BEQ exitHook\n"
159
160
161 " LDR R1, =task_ExpDrv\n"
162 " CMP R1, R0\n"
163 " LDREQ R0, =exp_drv_task\n"
164 " BEQ exitHook\n"
165
166
167 " LDR R1, =task_FileWrite\n"
168 " CMP R1, R0\n"
169 " LDREQ R0, =filewritetask\n"
170 " BEQ exitHook\n"
171
172
173 " LDR R1, =task_MovieRecord\n"
174 " CMP R1, R0\n"
175 " LDREQ R0, =movie_record_task\n"
176 " BEQ exitHook\n"
177
178
179 " LDR R1, =task_InitFileModules\n"
180 " CMP R1, R0\n"
181 " LDREQ R0, =init_file_modules_task\n"
182
183 "exitHook:\n"
184
185 " LDMFD SP!, {R1}\n"
186
187 " STMFD SP!, {R4-R8,LR} \n"
188 " CMP R3, #0 \n"
189 " LDR PC, =0x006B15AC \n"
190 );
191 }
192
193
194
195 void __attribute__((naked,noinline)) sub_FF8203C4_my() {
196
197
198
199
200
201
202 *(int*)(0x29ec+0x4) = (*(int*)0xC022F484)&0x20000 ? 0x400000 : 0x200000;
203
204 asm volatile (
205 " LDR R0, =0xFF82043C \n"
206 " MOV R1, #0 \n"
207 " LDR R3, =0xFF820474 \n"
208
209 "loc_FF8203D0:\n"
210 " CMP R0, R3 \n"
211 " LDRCC R2, [R0], #4 \n"
212 " STRCC R2, [R1], #4 \n"
213 " BCC loc_FF8203D0 \n"
214 " LDR R0, =0xFF820474 \n"
215 " MOV R1, #0x1C0 \n"
216 " LDR R3, =0xFF82065C \n"
217
218 "loc_FF8203EC:\n"
219 " CMP R0, R3 \n"
220 " LDRCC R2, [R0], #4 \n"
221 " STRCC R2, [R1], #4 \n"
222 " BCC loc_FF8203EC \n"
223 " MOV R0, #0xD2 \n"
224 " MSR CPSR_cxsf, R0 \n"
225 " MOV SP, #0x1000 \n"
226 " MOV R0, #0xD3 \n"
227 " MSR CPSR_cxsf, R0 \n"
228 " MOV SP, #0x1000 \n"
229 " LDR R0, =0x3A8 \n"
230 " LDR R2, =0xEEEEEEEE \n"
231 " MOV R3, #0x1000 \n"
232
233 "loc_FF820420:\n"
234 " CMP R0, R3 \n"
235 " STRCC R2, [R0], #4 \n"
236 " BCC loc_FF820420 \n"
237 " B sub_FF8228D4_my \n"
238 );
239 }
240
241
242
243 void __attribute__((naked,noinline)) sub_FF8228D4_my() {
244 asm volatile (
245 " LDR R0, =0x1A5C \n"
246 " STR LR, [SP, #-4]! \n"
247 " SUB SP, SP, #0x7C \n"
248 " MOV R1, #0x80000 \n"
249 " STR R1, [R0] \n"
250 " LDR R0, =0x40BEE980 \n"
251 " LDR R1, =0x1A60 \n"
252 " STR R0, [R1] \n"
253 " LDR R1, =0x1A64 \n"
254 " ADD R0, R0, #0x2000 \n"
255 " STR R0, [R1] \n"
256 " MOV R1, #0x78 \n"
257 " ADD R0, SP, #4 \n"
258 " BL sub_006BAAF4 \n"
259 " MOV R0, #0x84000 \n"
260 " STR R0, [SP, #8] \n"
261
262 #if defined(CHDK_NOT_IN_CANON_HEAP)
263 " LDR R0, =0x1929D8 \n"
264 #else
265 " LDR R0, =new_sa\n"
266 " LDR R0, [R0]\n"
267 #endif
268
269 " LDR R2, =0x5817B0 \n"
270 " STR R0, [SP, #0xC] \n"
271 " SUB R0, R2, R0 \n"
272 " STR R0, [SP, #0x10] \n"
273 " MOV R0, #0x22 \n"
274 " STR R0, [SP, #0x1C] \n"
275 " MOV R0, #0x7C \n"
276 " STR R0, [SP, #0x20] \n"
277 " LDR R1, =0x58A000 \n"
278 " LDR R0, =0x1D3 \n"
279 " STR R1, [SP, #4] \n"
280 " STR R0, [SP, #0x24] \n"
281 " MOV R0, #0x96 \n"
282 " STR R2, [SP, #0x14] \n"
283 " STR R1, [SP, #0x18] \n"
284 " STR R0, [SP, #0x28] \n"
285 " STR R0, [SP, #0x2C] \n"
286 " MOV R0, #0x64 \n"
287 " STR R0, [SP, #0x30] \n"
288 " MOV R0, #0 \n"
289 " STR R0, [SP, #0x34] \n"
290 " STR R0, [SP, #0x38] \n"
291 " STR R0, [SP, #0x3C] \n"
292 " MOV R0, #0x10 \n"
293 " STR R0, [SP, #0x60] \n"
294 " MOV R0, #0x1000 \n"
295 " STR R0, [SP, #0x64] \n"
296 " MOV R0, #0x100 \n"
297 " STR R0, [SP, #0x68] \n"
298 " MOV R0, #0x2000 \n"
299 " STR R0, [SP, #0x6C] \n"
300 " LDR R1, =sub_FF8246FC_my \n"
301 " MOV R2, #0 \n"
302 " ADD R0, SP, #4 \n"
303 " BL sub_006B1BC8 \n"
304 " ADD SP, SP, #0x7C \n"
305 " LDR PC, [SP], #4 \n"
306 );
307 }
308
309
310
311 void __attribute__((naked,noinline)) sub_FF8246FC_my() {
312 asm volatile (
313 " STMFD SP!, {R4,LR} \n"
314 " LDR R4, =0xFF8247B8 /*'/_term'*/ \n"
315 " BL sub_FF820858 \n"
316 " LDR R1, =0x1A5C \n"
317 " LDR R0, =0x19F0 \n"
318 " LDR R1, [R1] \n"
319 " LDR R0, [R0] \n"
320 " ADD R1, R1, #0x10 \n"
321 " CMP R0, R1 \n"
322 " LDRCC R0, =0xFF8247C8 /*'USER_MEM size checking'*/ \n"
323 " BLCC _err_init_task \n"
324 " BL sub_FF8234D8 \n"
325 " CMP R0, #0 \n"
326 " LDRLT R0, =0xFF8247E0 /*'dmSetup'*/ \n"
327 " BLLT _err_init_task \n"
328 " BL sub_FF8224E8 \n"
329 " CMP R0, #0 \n"
330 " LDRLT R0, =0xFF8247E8 /*'termDriverInit'*/ \n"
331 " BLLT _err_init_task \n"
332 " MOV R0, R4 \n"
333 " BL sub_FF8225C8 \n"
334 " CMP R0, #0 \n"
335 " LDRLT R0, =0xFF8247F8 /*'termDeviceCreate'*/ \n"
336 " BLLT _err_init_task \n"
337 " MOV R0, R4 \n"
338 " BL sub_FF822100 \n"
339 " CMP R0, #0 \n"
340 " LDRLT R0, =0xFF82480C /*'stdioSetup'*/ \n"
341 " BLLT _err_init_task \n"
342 " BL sub_FF82534C \n"
343 " CMP R0, #0 \n"
344 " LDRLT R0, =0xFF824818 /*'stdlibSetup'*/ \n"
345 " BLLT _err_init_task \n"
346 " BL sub_FF8210A8 \n"
347 " CMP R0, #0 \n"
348 " LDRLT R0, =0xFF824824 /*'extlib_setup'*/ \n"
349 " BLLT _err_init_task \n"
350 " LDMFD SP!, {R4,LR} \n"
351 " B sub_FF8285C0_my \n"
352 );
353 }
354
355
356
357 void __attribute__((naked,noinline)) sub_FF8285C0_my() {
358 asm volatile (
359 " STMFD SP!, {R3,LR} \n"
360
361 " BL sub_FF838634 \n"
362 " CMP R0, #0 \n"
363 " BNE loc_FF8285E4 \n"
364 " BL sub_FF82E810 /*_IsNormalCameraMode_FW*/ \n"
365 " CMP R0, #0 \n"
366 " MOVNE R0, #1 \n"
367 " BNE loc_FF8285E8 \n"
368
369 "loc_FF8285E4:\n"
370 " MOV R0, #0 \n"
371
372 "loc_FF8285E8:\n"
373 " BL sub_FF82D94C \n"
374 " CMP R0, #0 \n"
375 " BNE loc_FF8285FC \n"
376 " BL sub_FF82D134 \n"
377
378 "loc_FF8285F8:\n"
379 " B loc_FF8285F8 \n"
380
381 "loc_FF8285FC:\n"
382 " BL sub_FF82A464 \n"
383 " LDR R1, =0x60E000 \n"
384 " MOV R0, #0 \n"
385 " BL sub_FF838B40 \n"
386 " BL sub_FF82A7AC /*_EnableDispatch*/ \n"
387 " MOV R3, #0 \n"
388 " STR R3, [SP] \n"
389 " LDR R3, =task_Startup_my \n"
390 " MOV R2, #0 \n"
391 " MOV R1, #0x19 \n"
392 " LDR R0, =0xFF82863C /*'Startup'*/ \n"
393 " BL _CreateTask \n"
394 " MOV R0, #0 \n"
395 " LDMFD SP!, {R3,PC} \n"
396 );
397 }
398
399
400
401 void __attribute__((naked,noinline)) task_Startup_my() {
402 asm volatile (
403 " STMFD SP!, {R4,LR} \n"
404 " BL sub_FF822C7C \n"
405 " BL sub_FF82DDCC \n"
406 " BL sub_FF82D0E0 \n"
407
408 " BL sub_FF838870 \n"
409
410 " BL sub_FF8389CC \n"
411 " BL sub_FF838C14 \n"
412
413 " BL sub_FF8388AC \n"
414 " BL sub_FF834858 \n"
415 " BL sub_FF838C1C \n"
416 " BL CreateTask_spytask\n"
417 " BL taskcreatePhySw_my \n"
418 " BL init_required_fw_features\n"
419 " BL sub_FF8328F0 \n"
420 " BL sub_FF8B0B18 \n"
421 " BL sub_FF82AFE0 \n"
422 " BL sub_FF82CC3C \n"
423 " BL sub_FF838440 \n"
424 " BL sub_FF82D094 \n"
425 " BL sub_FF82CBD0 \n"
426
427 " BL sub_FF82BCF0 \n"
428 " BL sub_FF82CB8C \n"
429 " LDMFD SP!, {R4,LR} \n"
430 " B sub_FF822DCC \n"
431 );
432 }
433
434
435
436 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
437 asm volatile (
438 " STMFD SP!, {R3-R5,LR} \n"
439 " BL sub_FF837690 \n"
440 " BL sub_FF82E748 /*_IsFactoryMode_FW*/ \n"
441 " CMP R0, #0 \n"
442 " BLEQ sub_FF8375F8 /*_OpLog.Start_FW*/ \n"
443 " LDR R4, =0x1C94 \n"
444 " LDR R0, [R4, #4] \n"
445 " CMP R0, #0 \n"
446 " BNE loc_FF82D83C \n"
447 " MOV R3, #0 \n"
448 " STR R3, [SP] \n"
449 " LDR R3, =mykbd_task \n"
450 " MOV R2, #0x2000 \n"
451 " MOV R1, #0x17 \n"
452 " LDR R0, =0xFF82DAA8 /*'PhySw'*/ \n"
453 " BL sub_FF82661C /*_CreateTaskStrictly*/ \n"
454 " STR R0, [R4, #4] \n"
455
456 "loc_FF82D83C:\n"
457 " LDMFD SP!, {R3-R5,PC} \n"
458 );
459 }
460
461
462
463 void __attribute__((naked,noinline)) init_file_modules_task() {
464 asm volatile (
465 " STMFD SP!, {R4-R6,LR} \n"
466 " BL sub_FF8A0914 \n"
467 " LDR R5, =0x5006 \n"
468 " MOVS R4, R0 \n"
469 " MOVNE R1, #0 \n"
470 " MOVNE R0, R5 \n"
471 " BLNE _PostLogicalEventToUI \n"
472 " BL sub_FF8A0944 \n"
473 " BL core_spytask_can_start\n"
474 " CMP R4, #0 \n"
475 " LDMNEFD SP!, {R4-R6,PC} \n"
476 " MOV R0, R5 \n"
477 " LDMFD SP!, {R4-R6,LR} \n"
478 " MOV R1, #0 \n"
479 " B _PostLogicalEventToUI \n"
480 );
481 }
482
483
484
485
486
487 void init_required_fw_features(void) {
488 extern void _init_focus_eventflag();
489 extern void _init_nd_eventflag();
490 extern void _init_nd_semaphore();
491
492
493 _init_focus_eventflag();
494 _init_nd_eventflag();
495 _init_nd_semaphore();
496 }
497