This source file includes following definitions.
- CreateTask_spytask
- taskCreateHook
- boot
- sub_FF8101A4_my
- sub_FF810FA0_my
- uHwSetup_my
- CreateTask_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
- sub_FF86D638_my
- sub_FF84ED48_my
- sub_FF84EB84_my
- sub_FF84E914_my
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7
8 const char * const new_sa = &_end;
9
10
11
12
13 void CreateTask_spytask() {
14 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
15 }
16
17 void taskCreateHook(int *p) {
18 p-=16;
19 if (p[0]==(int)0xff85de08) p[0]=(int)capt_seq_task;
20 if (p[0]==(int)0xff8b3d68) p[0]=(int)exp_drv_task;
21 if (p[0]==(int)0xffa08e80) p[0]=(int)filewritetask;
22 if (p[0]==(int)0xff877140) p[0]=(int)init_file_modules_task;
23 if (p[0]==(int)0xff859e28) p[0]=(int)movie_record_task;
24 }
25
26 void boot()
27 {
28 long *canon_data_src = (void*)0xffb126f4;
29 long *canon_data_dst = (void*)0x1900;
30 long canon_data_len = 0xee8c - 0x1900 ;
31 long *canon_bss_start = (void*)0xee8c;
32 long canon_bss_len = MEMISOSTART - 0xee8c;
33
34 long i;
35
36
37
38 asm volatile (
39 "MRC p15, 0, R0,c1,c0\n"
40 "ORR R0, R0, #0x1000\n"
41 "ORR R0, R0, #4\n"
42 "ORR R0, R0, #1\n"
43 "MCR p15, 0, R0,c1,c0\n"
44 :::"r0");
45
46 for(i=0;i<canon_data_len/4;i++)
47 canon_data_dst[i]=canon_data_src[i];
48
49 for(i=0;i<canon_bss_len/4;i++)
50 canon_bss_start[i]=0;
51
52 *(int*)0x1930=(int)taskCreateHook;
53 *(int*)0x1934=(int)taskCreateHook;
54
55
56 asm volatile ("B sub_FF8101A4_my\n");
57 };
58
59
60
61
62 void __attribute__((naked,noinline)) sub_FF8101A4_my() {
63 asm volatile (
64 " LDR R0, =0xFF81021C \n"
65 " MOV R1, #0 \n"
66 " LDR R3, =0xFF810254 \n"
67
68 "loc_FF8101B0:\n"
69 " CMP R0, R3 \n"
70 " LDRCC R2, [R0], #4 \n"
71 " STRCC R2, [R1], #4 \n"
72 " BCC loc_FF8101B0 \n"
73 " LDR R0, =0xFF810254 \n"
74 " MOV R1, #0x4B0 \n"
75 " LDR R3, =0xFF810468 \n"
76
77 "loc_FF8101CC:\n"
78 " CMP R0, R3 \n"
79 " LDRCC R2, [R0], #4 \n"
80 " STRCC R2, [R1], #4 \n"
81 " BCC loc_FF8101CC \n"
82 " MOV R0, #0xD2 \n"
83 " MSR CPSR_cxsf, R0 \n"
84 " MOV SP, #0x1000 \n"
85 " MOV R0, #0xD3 \n"
86 " MSR CPSR_cxsf, R0 \n"
87 " MOV SP, #0x1000 \n"
88 " LDR R0, =0x6C4 \n"
89 " LDR R2, =0xEEEEEEEE \n"
90 " MOV R3, #0x1000 \n"
91
92 "loc_FF810200:\n"
93 " CMP R0, R3 \n"
94 " STRCC R2, [R0], #4 \n"
95 " BCC loc_FF810200 \n"
96 " BL sub_FF810FA0_my \n"
97 );
98 }
99
100
101
102 void __attribute__((naked,noinline)) sub_FF810FA0_my() {
103 asm volatile (
104 " STR LR, [SP, #-4]! \n"
105 " SUB SP, SP, #0x74 \n"
106 " MOV R0, SP \n"
107 " MOV R1, #0x74 \n"
108 " BL sub_FFAA4D88 \n"
109 " MOV R0, #0x53000 \n"
110 " STR R0, [SP, #4] \n"
111
112 #if defined(CHDK_NOT_IN_CANON_HEAP)
113 " LDR R0, =0xBFF60 \n"
114 #else
115 " LDR R0, =new_sa\n"
116 " LDR R0, [R0]\n"
117 #endif
118
119 " LDR R2, =0x279C00 \n"
120 " LDR R1, =0x272968 \n"
121 " STR R0, [SP, #8] \n"
122 " SUB R0, R1, R0 \n"
123 " ADD R3, SP, #0xC \n"
124 " STR R2, [SP] \n"
125 " STMIA R3, {R0-R2} \n"
126 " MOV R0, #0x22 \n"
127 " STR R0, [SP, #0x18] \n"
128 " MOV R0, #0x68 \n"
129 " STR R0, [SP, #0x1C] \n"
130 " LDR R0, =0x19B \n"
131 " MOV R1, #0x64 \n"
132 " STRD R0, [SP, #0x20] \n"
133 " MOV R0, #0x78 \n"
134 " STRD R0, [SP, #0x28] \n"
135 " MOV R0, #0 \n"
136 " STR R0, [SP, #0x30] \n"
137 " STR R0, [SP, #0x34] \n"
138 " MOV R0, #0x10 \n"
139 " STR R0, [SP, #0x5C] \n"
140 " MOV R0, #0x800 \n"
141 " STR R0, [SP, #0x60] \n"
142 " MOV R0, #0xA0 \n"
143 " STR R0, [SP, #0x64] \n"
144 " MOV R0, #0x280 \n"
145 " STR R0, [SP, #0x68] \n"
146 " LDR R1, =uHwSetup_my \n"
147 " MOV R0, SP \n"
148 " MOV R2, #0 \n"
149 " BL sub_FF812D58 \n"
150 " ADD SP, SP, #0x74 \n"
151 " LDR PC, [SP], #4 \n"
152 );
153 }
154
155
156
157 void __attribute__((naked,noinline)) uHwSetup_my() {
158 asm volatile (
159 " STMFD SP!, {R4,LR} \n"
160 " BL sub_FF81094C \n"
161 " BL sub_FF81972C \n"
162 " CMP R0, #0 \n"
163 " LDRLT R0, =0xFF814EB8 /*'dmSetup'*/ \n"
164 " BLLT _err_init_task \n"
165 " BL sub_FF8149C8 \n"
166 " CMP R0, #0 \n"
167 " LDRLT R0, =0xFF814EC0 /*'termDriverInit'*/ \n"
168 " BLLT _err_init_task \n"
169 " LDR R0, =0xFF814ED0 /*'/_term'*/ \n"
170 " BL sub_FF814AB4 \n"
171 " CMP R0, #0 \n"
172 " LDRLT R0, =0xFF814ED8 /*'termDeviceCreate'*/ \n"
173 " BLLT _err_init_task \n"
174 " LDR R0, =0xFF814ED0 /*'/_term'*/ \n"
175 " BL sub_FF813564 \n"
176 " CMP R0, #0 \n"
177 " LDRLT R0, =0xFF814EEC /*'stdioSetup'*/ \n"
178 " BLLT _err_init_task \n"
179 " BL sub_FF8192B4 \n"
180 " CMP R0, #0 \n"
181 " LDRLT R0, =0xFF814EF8 /*'stdlibSetup'*/ \n"
182 " BLLT _err_init_task \n"
183 " BL sub_FF8114B8 \n"
184 " CMP R0, #0 \n"
185 " LDRLT R0, =0xFF814F04 /*'armlib_setup'*/ \n"
186 " BLLT _err_init_task \n"
187 " LDMFD SP!, {R4,LR} \n"
188 " B CreateTask_Startup_my \n"
189 );
190 }
191
192
193
194 void __attribute__((naked,noinline)) CreateTask_Startup_my() {
195 asm volatile (
196 " STMFD SP!, {R3,LR} \n"
197
198 " BL sub_FF829FA4 \n"
199 " CMP R0, #0 \n"
200 " BNE loc_FF81CDB4 \n"
201 " BL sub_FF842558 \n"
202 " CMP R0, #0 \n"
203 " BNE loc_FF81CDB4 \n"
204 " LDR R1, =0xC0220000 \n"
205 " MOV R0, #0x44 \n"
206 " STR R0, [R1, #0x4C] \n"
207
208 "loc_FF81CDB0:\n"
209 " B loc_FF81CDB0 \n"
210
211 "loc_FF81CDB4:\n"
212
213
214 " BL sub_FF82832C \n"
215 " LDR R1, =0x2CE000 \n"
216 " MOV R0, #0 \n"
217 " BL sub_FF828574 \n"
218 " BL sub_FF828520 /*_EnableDispatch*/ \n"
219 " MOV R3, #0 \n"
220 " STR R3, [SP] \n"
221 " LDR R3, =task_Startup_my \n"
222 " MOV R2, #0 \n"
223 " MOV R1, #0x19 \n"
224 " LDR R0, =0xFF81CDFC /*'Startup'*/ \n"
225 " BL _CreateTask \n"
226 " MOV R0, #0 \n"
227 " LDMFD SP!, {R12,PC} \n"
228 );
229 }
230
231
232
233 void __attribute__((naked,noinline)) task_Startup_my() {
234 asm volatile (
235 " STMFD SP!, {R4,LR} \n"
236 " BL sub_FF8151BC \n"
237 " BL sub_FF822E14 \n"
238 " BL sub_FF81FEB8 \n"
239 " BL sub_FF842AA4 \n"
240 " BL sub_FF82A1AC \n"
241
242 " BL CreateTask_spytask\n"
243 " BL sub_FF873AC4 \n"
244 " BL sub_FF82A1FC \n"
245 " BL sub_FF82786C \n"
246 " BL sub_FF82A364 \n"
247 " BL taskcreatePhySw_my \n"
248 " BL sub_FF824D7C \n"
249 " BL sub_FF82A37C \n"
250
251 " BL sub_FF821084 \n"
252 " BL sub_FF829D6C \n"
253 " BL sub_FF8216F8 \n"
254 " BL sub_FF820F74 \n"
255 " BL sub_FF82ACC4 \n"
256 " BL sub_FF820F30 \n"
257 " LDMFD SP!, {R4,LR} \n"
258 " B sub_FF815070 \n"
259 );
260 }
261
262
263
264 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
265 asm volatile (
266 " STMFD SP!, {R3-R5,LR} \n"
267 " LDR R4, =0x1BF4 \n"
268 " LDR R0, [R4, #0x10] \n"
269 " CMP R0, #0 \n"
270 " BNE loc_FF821BFC \n"
271 " MOV R3, #0 \n"
272 " STR R3, [SP] \n"
273 " LDR R3, =mykbd_task \n"
274 " MOV R2, #0x800 \n"
275 " MOV R1, #0x17 \n"
276 " LDR R0, =0xFF821DF0 /*'PhySw'*/ \n"
277 " BL sub_FF81BBB8 /*_CreateTaskStrictly*/ \n"
278 " STR R0, [R4, #0x10] \n"
279
280 "loc_FF821BFC:\n"
281 " BL sub_FF824780 \n"
282 " LDR R1, =0x1037C \n"
283 " LDMFD SP!, {R3-R5,LR} \n"
284 " MOV R0, #0 \n"
285 " B sub_FF86B164 /*_OpLog.Start_FW*/ \n"
286 );
287 }
288
289
290
291 void __attribute__((naked,noinline)) init_file_modules_task() {
292 asm volatile (
293 " STMFD SP!, {R4-R6,LR} \n"
294 " BL sub_FF86D60C \n"
295 " LDR R5, =0x5006 \n"
296 " MOVS R4, R0 \n"
297 " MOVNE R1, #0 \n"
298 " MOVNE R0, R5 \n"
299 " BLNE _PostLogicalEventToUI \n"
300 " BL sub_FF86D638_my \n"
301 " BL core_spytask_can_start\n"
302 " CMP R4, #0 \n"
303 " MOVEQ R0, R5 \n"
304 " LDMEQFD SP!, {R4-R6,LR} \n"
305 " MOVEQ R1, #0 \n"
306 " BEQ _PostLogicalEventToUI \n"
307 " LDMFD SP!, {R4-R6,PC} \n"
308 );
309 }
310
311
312
313 void __attribute__((naked,noinline)) sub_FF86D638_my() {
314 asm volatile (
315 " STMFD SP!, {R4,LR} \n"
316 " BL sub_FF84ED48_my \n"
317 " LDR R4, =0x57A8 \n"
318 " LDR R0, [R4, #4] \n"
319 " CMP R0, #0 \n"
320 " BNE loc_FF86D668 \n"
321 " BL sub_FF87FB54 \n"
322 " BL sub_FF901C5C \n"
323 " BL sub_FF87FB54 \n"
324 " BL sub_FF84C738 \n"
325 " BL sub_FF87FB64 \n"
326 " BL sub_FF901D28 \n"
327
328 "loc_FF86D668:\n"
329 " MOV R0, #1 \n"
330 " STR R0, [R4] \n"
331 " LDMFD SP!, {R4,PC} \n"
332 );
333 }
334
335
336
337 void __attribute__((naked,noinline)) sub_FF84ED48_my() {
338 asm volatile (
339 " STMFD SP!, {R4-R6,LR} \n"
340 " MOV R6, #0 \n"
341 " MOV R0, R6 \n"
342 " BL sub_FF84E808 \n"
343 " LDR R4, =0x11544 \n"
344 " MOV R5, #0 \n"
345 " LDR R0, [R4, #0x38] \n"
346 " BL sub_FF84F23C \n"
347 " CMP R0, #0 \n"
348 " LDREQ R0, =0x29AC \n"
349 " STREQ R5, [R0, #0x10] \n"
350 " STREQ R5, [R0, #0x14] \n"
351 " STREQ R5, [R0, #0x18] \n"
352 " MOV R0, R6 \n"
353 " BL sub_FF84E848 \n"
354 " MOV R0, R6 \n"
355 " BL sub_FF84EB84_my \n"
356 " MOV R5, R0 \n"
357 " MOV R0, R6 \n"
358 " BL sub_FF84EBF0 \n"
359 " LDR R1, [R4, #0x3C] \n"
360 " AND R2, R5, R0 \n"
361 " CMP R1, #0 \n"
362 " MOV R0, #0 \n"
363 " MOVEQ R0, #0x80000001 \n"
364 " BEQ loc_FF84EDDC \n"
365 " LDR R3, [R4, #0x2C] \n"
366 " CMP R3, #2 \n"
367 " MOVEQ R0, #4 \n"
368 " CMP R1, #5 \n"
369 " ORRNE R0, R0, #1 \n"
370 " BICEQ R0, R0, #1 \n"
371 " CMP R2, #0 \n"
372 " BICEQ R0, R0, #2 \n"
373 " ORREQ R0, R0, #0x80000000 \n"
374 " BICNE R0, R0, #0x80000000 \n"
375 " ORRNE R0, R0, #2 \n"
376
377 "loc_FF84EDDC:\n"
378 " STR R0, [R4, #0x40] \n"
379 " LDMFD SP!, {R4-R6,PC} \n"
380 );
381 }
382
383
384
385 void __attribute__((naked,noinline)) sub_FF84EB84_my() {
386 asm volatile (
387 " STMFD SP!, {R4-R6,LR} \n"
388 " LDR R5, =0x29AC \n"
389 " MOV R6, R0 \n"
390 " LDR R0, [R5, #0x14] \n"
391 " CMP R0, #0 \n"
392 " MOVNE R0, #1 \n"
393 " LDMNEFD SP!, {R4-R6,PC} \n"
394 " MOV R0, #0x17 \n"
395 " MUL R1, R0, R6 \n"
396 " LDR R0, =0x11544 \n"
397 " ADD R4, R0, R1, LSL#2 \n"
398 " LDR R0, [R4, #0x38] \n"
399 " MOV R1, R6 \n"
400 " BL sub_FF84E914_my \n"
401 " CMP R0, #0 \n"
402 " LDMEQFD SP!, {R4-R6,PC} \n"
403 " LDR R0, [R4, #0x38] \n"
404 " MOV R1, R6 \n"
405 " BL sub_FF84EA7C \n"
406 " CMP R0, #0 \n"
407 " LDMEQFD SP!, {R4-R6,PC} \n"
408 " MOV R0, R6 \n"
409 " BL sub_FF84E410 \n"
410 " CMP R0, #0 \n"
411 " MOVNE R1, #1 \n"
412 " STRNE R1, [R5, #0x14] \n"
413 " LDMFD SP!, {R4-R6,PC} \n"
414 );
415 }
416
417
418
419 void __attribute__((naked,noinline)) sub_FF84E914_my() {
420 asm volatile (
421 " STMFD SP!, {R4-R8,LR} \n"
422 " MOV R8, R0 \n"
423 " MOV R0, #0x17 \n"
424 " MUL R1, R0, R1 \n"
425 " LDR R0, =0x11544 \n"
426 " MOV R6, #0 \n"
427 " ADD R7, R0, R1, LSL#2 \n"
428 " LDR R0, [R7, #0x3C] \n"
429 " MOV R5, #0 \n"
430 " CMP R0, #6 \n"
431 " ADDLS PC, PC, R0, LSL#2 \n"
432 " B loc_FF84EA60 \n"
433 " B loc_FF84E978 \n"
434 " B loc_FF84E960 \n"
435 " B loc_FF84E960 \n"
436 " B loc_FF84E960 \n"
437 " B loc_FF84E960 \n"
438 " B loc_FF84EA58 \n"
439 " B loc_FF84E960 \n"
440
441 "loc_FF84E960:\n"
442 " MOV R2, #0 \n"
443 " MOV R1, #0x200 \n"
444 " MOV R0, #3 \n"
445 " BL _exmem_ualloc \n"
446 " MOVS R4, R0 \n"
447 " BNE loc_FF84E980 \n"
448
449 "loc_FF84E978:\n"
450 " MOV R0, #0 \n"
451 " LDMFD SP!, {R4-R8,PC} \n"
452
453 "loc_FF84E980:\n"
454 " LDR R12, [R7, #0x4C] \n"
455 " MOV R3, R4 \n"
456 " MOV R2, #1 \n"
457 " MOV R1, #0 \n"
458 " MOV R0, R8 \n"
459 " BLX R12 \n"
460 " CMP R0, #1 \n"
461 " BNE loc_FF84E9AC \n"
462 " MOV R0, #3 \n"
463 " BL _exmem_ufree \n"
464 " B loc_FF84E978 \n"
465
466 "loc_FF84E9AC:\n"
467 " MOV R0, R8 \n"
468 " BL sub_FF91F484 \n"
469
470 " MOV R1, R4\n"
471 " BL mbr_read_dryos\n"
472
473
474
475
476
477
478 " MOV R12, R4\n"
479 " MOV LR, R4\n"
480 " MOV R1, #1\n"
481 " B dg_sd_fat32_enter\n"
482 "dg_sd_fat32:\n"
483 " CMP R1, #4\n"
484 " BEQ dg_sd_fat32_end\n"
485 " ADD R12, R12, #0x10\n"
486 " ADD R1, R1, #1\n"
487 "dg_sd_fat32_enter:\n"
488 " LDRB R2, [R12, #0x1BE]\n"
489 " LDRB R3, [R12, #0x1C2]\n"
490 " CMP R3, #0xB\n"
491 " CMPNE R3, #0xC\n"
492 " CMPNE R3, #0x7\n"
493 " BNE dg_sd_fat32\n"
494 " CMP R2, #0x00\n"
495 " CMPNE R2, #0x80\n"
496 " BNE dg_sd_fat32\n"
497
498 " MOV R4, R12\n"
499
500 "dg_sd_fat32_end:\n"
501
502
503 " LDRB R1, [R4, #0x1C9] \n"
504 " LDRB R3, [R4, #0x1C8] \n"
505 " LDRB R12, [R4, #0x1CC] \n"
506 " MOV R1, R1, LSL#24 \n"
507 " ORR R1, R1, R3, LSL#16 \n"
508 " LDRB R3, [R4, #0x1C7] \n"
509 " LDRB R2, [R4, #0x1BE] \n"
510
511 " ORR R1, R1, R3, LSL#8 \n"
512 " LDRB R3, [R4, #0x1C6] \n"
513 " CMP R2, #0 \n"
514 " CMPNE R2, #0x80 \n"
515 " ORR R1, R1, R3 \n"
516 " LDRB R3, [R4, #0x1CD] \n"
517 " MOV R3, R3, LSL#24 \n"
518 " ORR R3, R3, R12, LSL#16 \n"
519 " LDRB R12, [R4, #0x1CB] \n"
520 " ORR R3, R3, R12, LSL#8 \n"
521 " LDRB R12, [R4, #0x1CA] \n"
522 " ORR R3, R3, R12 \n"
523
524
525 " LDRB R12, [LR,#0x1FE]\n"
526 " LDRB LR, [LR,#0x1FF]\n"
527
528 " MOV R4, #0 \n"
529 " BNE loc_FF84EA34 \n"
530 " CMP R0, R1 \n"
531 " BCC loc_FF84EA34 \n"
532 " ADD R2, R1, R3 \n"
533 " CMP R2, R0 \n"
534 " CMPLS R12, #0x55 \n"
535 " CMPEQ LR, #0xAA \n"
536 " MOVEQ R6, R1 \n"
537 " MOVEQ R5, R3 \n"
538 " MOVEQ R4, #1 \n"
539
540 "loc_FF84EA34:\n"
541 " MOV R0, #3 \n"
542 " BL _exmem_ufree \n"
543 " CMP R4, #0 \n"
544 " BNE loc_FF84EA6C \n"
545 " MOV R6, #0 \n"
546 " MOV R0, R8 \n"
547 " BL sub_FF91F484 \n"
548 " MOV R5, R0 \n"
549 " B loc_FF84EA6C \n"
550
551 "loc_FF84EA58:\n"
552 " MOV R5, #0x40 \n"
553 " B loc_FF84EA6C \n"
554
555 "loc_FF84EA60:\n"
556 " MOV R1, #0x374 \n"
557 " LDR R0, =0xFF84E908 /*'Mounter.c'*/ \n"
558 " BL _DebugAssert \n"
559
560 "loc_FF84EA6C:\n"
561 " STR R6, [R7, #0x44]! \n"
562 " MOV R0, #1 \n"
563 " STR R5, [R7, #4] \n"
564 " LDMFD SP!, {R4-R8,PC} \n"
565 );
566 }