1
2 #include "lolevel.h"
3 #include "platform.h"
4 #include "core.h"
5 #include "dryos31.h"
6
7 #include "camera_info.h"
8
9 const char * const new_sa = &_end;
10
11 // Forward declarations
12 extern void task_CaptSeq();
13 extern void task_InitFileModules();
14 //extern void task_MovieRecord();
15 extern void task_ExpDrv();
16 extern void task_FsIoNotifyTask();
17
18 // void blinker()
19 // {
20 // // green LED
21 // volatile int* p = (int*)0xD20801E4;
22 //
23 // // blinker
24 // int i;
25 // while (1)
26 // {
27 // *p = 0x24D0002;
28 // for(i=0;i<10000000;i++) {
29 // asm volatile(
30 // "nop\n"
31 // );
32 // }
33 // *p = 0x24C0003;
34 // for(i=0;i<10000000;i++) {
35 // asm volatile(
36 // "nop\n"
37 // );
38 // }
39 // }
40 // }
41 // void blinkeraf()
42 // {
43 // // green LED
44 // volatile int* p = (int*)0xD20801E8;
45 //
46 // // blinker
47 // int i;
48 // while (1)
49 // {
50 // *p = 0x24D0002;
51 // for(i=0;i<10000000;i++) {
52 // asm volatile(
53 // "nop\n"
54 // );
55 // }
56 // *p = 0x24C0003;
57 // for(i=0;i<10000000;i++) {
58 // asm volatile(
59 // "nop\n"
60 // );
61 // }
62 // }
63 // }
64 // void blinktask(long ua, long ub, long uc, long ud, long ue, long uf)
65 // {
66 // // green LED
67 // volatile int* p = (int*)0xD20801E4;
68 //
69 // // blinker
70 // while (1)
71 // {
72 // *p = 0x24D0002;
73 // _SleepTask(1000);
74 // *p = 0x24C0003;
75 // _SleepTask(1000);
76 // }
77 // }
78
79 // Get current active processor core
80 void __attribute__((naked,noinline)) get_core() {
81 asm volatile (
82 " mrc p15, #0, r0, c0, c0, #5\n"
83 " ands r0, #0xf\n"
84 " bx lr\n"
85 );
86 }
87
88 /*----------------------------------------------------------------------
89 CreateTask_spytask
90 -----------------------------------------------------------------------*/
91 void CreateTask_spytask()
92 {
93 // _CreateTask("BlinkTask", 0x19, 0x800, blinktask, 0);
94 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
95 }
96
97 /*----------------------------------------------------------------------
98 boot()
99
100 Main entry point for the CHDK code
101 -----------------------------------------------------------------------*/
102
103 /*************************************************************/
104 void __attribute__((naked,noinline)) boot() {
105 asm volatile (
106 " mrc p15, #0, r0, c0, c0, #5\n"
107 " ands r0, #0xf\n"
108 " beq loc_boot\n" // let core0 boot
109 " adr r0, loc_boot\n"
110 " orr r0, #1\n"
111 " bl sub_e0539e64\n" // park core1 then continue at r0
112 "loc_boot:\n"
113
114 //capdis -f=chdk -s=0xe0020011 -c=65 -stubs PRIMARY.BIN 0xe0000000
115 " ldr r0, =0xe0020200\n"
116 " mcr p15, #0, r0, c12, c0, #0\n"
117 " isb sy\n"
118 " movw r0, #0x2000\n"
119 " movt r0, #0\n"
120 " mov sp, r0\n"
121 " mrc p15, #0, r5, c0, c0, #5\n"
122 " ands r0, r5, #0xf\n"
123 " bne loc_e0020032\n"
124 " b.w loc_e002003c\n"
125 "loc_e0020032:\n"
126 " b.w sub_e00200f8_my\n" // Patched
127 // " movs r0, r0\n" // Data
128 // " lsls r0, r0, #8\n" // Data
129 // " b loc_e0020042\n" // Data
130 "loc_e002003c:\n"
131 " ldr r0, =0xe0fd37b8\n"
132 " ldr r1, =0x00008000\n"
133 " ldr r3, =0x0004c610\n"
134 "loc_e0020042:\n"
135 " cmp r1, r3\n"
136 " itt lo\n"
137 " ldrlo r2, [r0], #4\n"
138 " strlo r2, [r1], #4\n"
139 " blo loc_e0020042\n"
140 " ldr r1, =0x002c460c\n"
141 " mov.w r2, #0\n"
142 "loc_e0020056:\n"
143 " cmp r3, r1\n"
144 " it lo\n"
145 " strlo r2, [r3], #4\n"
146 " blo loc_e0020056\n"
147 " ldr r0, =0xe1017dc8\n" // **"zH"
148 " ldr r1, =0x01900000\n" // **"zH"
149 " ldr r3, =0x0190139c\n"
150 "loc_e0020066:\n"
151 " cmp r1, r3\n"
152 " itt lo\n"
153 " ldrlo r2, [r0], #4\n"
154 " strlo r2, [r1], #4\n"
155 " blo loc_e0020066\n"
156 " ldr r0, =0x01900000\n" // **"zH"
157 " ldr r1, =0x0000139c\n"
158 " bl sub_e042eb74\n"
159 " ldr r0, =0x01900000\n" // **"zH"
160 " ldr r1, =0x0000139c\n"
161 " bl sub_e042ec4c\n"
162 " ldr r0, =0xe1019164\n"
163 " ldr r1, =0xdffc4900\n"
164 " ldr r3, =0xdffd0908\n"
165 "loc_e002008a:\n"
166 " cmp r1, r3\n"
167 " itt lo\n"
168 " ldrlo r2, [r0], #4\n"
169 " strlo r2, [r1], #4\n"
170 " blo loc_e002008a\n"
171 " ldr r1, =0xdffd0908\n"
172 " mov.w r2, #0\n"
173 "loc_e002009e:\n"
174 " cmp r3, r1\n"
175 " it lo\n"
176 " strlo r2, [r3], #4\n"
177 " blo loc_e002009e\n"
178
179 " blx patch_mzrm_sendmsg\n"
180
181 // Install CreateTask patch
182 // use half words in case source or destination not word aligned
183 " adr r0, patch_CreateTask\n" // src: Patch data
184 " ldr r1, =hook_CreateTask\n" // dest: Address to patch
185 " add r2, r0, #8\n" // two words
186 "patch_hook_loop:\n"
187 " ldrh r3, [r0],#2\n"
188 " strh r3, [r1],#2\n"
189 " cmp r0,r2\n"
190 " blo patch_hook_loop\n"
191
192 " ldr r0, =0xdffc4900\n"
193 " ldr r1, =0x0000c008\n"
194 " bl sub_e042eb74\n"
195 " ldr r0, =0xdffc4900\n"
196 " ldr r1, =0x0000c008\n"
197 " bl sub_e042ec4c\n"
198 // " ldr r0, =loc_e0020032\n" // -
199 // " orr r0, r0, #1\n" // -
200 // " bx r0\n" // -
201 " b loc_e0020032\n" // +
202
203 // CreateTask patch, must be aligned as the original
204 " .align 2\n"
205 " .short 0\n" // added for alignment
206 "patch_CreateTask:\n"
207 " ldr.w pc, _createtask_my\n" // Do jump to absolute address CreateTask_my
208 "_createtask_my:\n"
209 " .long CreateTask_my + 1\n" // has to be a thumb address
210 " .align 1\n"
211 );
212 }
213
214 /*************************************************************/
215 /*
216 Custom function called in mzrm_sendmsg via logging function pointer (normally disabled)
217 Checks if called from function that is updating the Canon UI.
218 Updates CHDK bitmap settings and sets flag to update CHDK UI.
219 */
220 void __attribute__((naked,noinline))
221 debug_logging_my(char* fmt, ...)
222 {
223 (void)fmt; // unused parameter
224 asm volatile (
225 //LR = Return address
226 " ldr r0, =mzrm_sendmsg_ret_adr\n" // Is return address in mzrm_sendmsg function?
227 " cmp r0, lr\n"
228 " beq do_ui_update\n"
229 "exit_debug_logging_my:\n"
230 " bx lr\n"
231
232 "do_ui_update:\n"
233 " ldr r0, [sp,#0x18]\n" // mzrm_sendmsg 'msg' value (2nd parameter, saved on stack)
234 " ldr r1, [r0]\n" // message type
235 " mov r2, #0x25\n" // Ximr update? (3rd parameter to mzrm_createmsg)
236 " cmp r1, r2\n"
237 " bne exit_debug_logging_my\n"
238 " add r0, r0, #16\n" // Offset to Ximr context in 'msg'
239 " b update_ui\n"
240 );
241 }
242
243 /*
244 Install and enable custom logging function for mzrm_sendmsg.
245 */
246 void
247 patch_mzrm_sendmsg ()
248 {
249 extern int debug_logging_flag;
250 extern void (*debug_logging_ptr)(char* fmt, ...);
251
252 // Each bit in debug_logging_flag enables logging in different areas of the firmware code - only set the bit required for mzrm logging.
253 debug_logging_flag = 0x200;
254 debug_logging_ptr = debug_logging_my;
255 }
256
257 /*************************************************************/
258 void __attribute__((naked,noinline)) CreateTask_my() {
259 asm volatile (
260 " push {r0}\n"
261 //R3 = Pointer to task function to create
262
263 " ldr r0, =task_CaptSeq\n" // DryOS original code function ptr.
264 " cmp r0, r3\n" // is the given taskptr equal to our searched function?
265 " itt eq\n" // EQ block
266 " ldreq r3, =capt_seq_task\n" // if so replace with our task function base ptr.
267 " beq exitHook\n" // below compares not necessary if this check has found something.
268
269 " ldr r0, =task_ExpDrv\n"
270 " cmp r0, R3\n"
271 " itt eq\n"
272 " ldreq r3, =exp_drv_task\n"
273 " beq exitHook\n"
274
275 //" ldr r0, =task_DvlpSeq\n"
276 //" cmp r0, R3\n"
277 //" itt eq\n"
278 //" ldreq r3, =developseq_task\n"
279 //" beq exitHook\n"
280
281 " ldr r0, =task_FileWrite\n"
282 " cmp r0, R3\n"
283 " itt eq\n"
284 " ldreq r3, =filewritetask\n"
285 " beq exitHook\n"
286
287 //" ldr r0, =task_MovieRecord\n"
288 //" cmp r0, R3\n"
289 //" itt eq\n"
290 //" ldreq r3, =movie_record_task\n"
291 //" beq exitHook\n"
292
293 " ldr r0, =task_FsIoNotifyTask\n"
294 " cmp r0, r3\n"
295 " itt eq\n"
296 " ldreq r3, =task_FsIoNotifyTask_my\n"
297 " beq exitHook\n"
298
299 " ldr r0, =task_TricInitTask\n"
300 " cmp r0, r3\n"
301 " itt eq\n"
302 " ldreq r3, =task_TricInitTask_my\n"
303 " beq exitHook\n"
304
305 " ldr r0, =task_InitFileModules\n"
306 " cmp r0, r3\n"
307 " it eq\n"
308 " ldreq r3, =init_file_modules_task\n"
309
310 "exitHook:\n"
311 // restore overwritten register(s)
312 " pop {r0}\n"
313 // Execute overwritten instructions from original code, then jump to firmware
314 " push {r1, r2, r3, r4, r5, r6, r7, lr}\n"
315 " mov r4, r3\n"
316 " mov.w r3, #0x1000\n"
317 " ldr.w pc, =0xDFFC93C3\n" // Continue in firmware
318 );
319 }
320
321 //e00200f8
322 void __attribute__((naked,noinline)) sub_e00200f8_my() {
323
324 if (*(int*)(0xd2082000 + 0x168) & 0x10000) {
325 // see FUN_e004e4d6, FUN_e004e4d6
326 // GPIO 0x10 (aka ON/OFF button) is not pressed -> play
327 *(int*)(0x9914+0x8) = 0x100000;
328 }
329 else {
330 // GPIO 0x10 is pressed -> rec
331 *(int*)(0x9914+0x8) = 0x80000;
332 }
333
334 asm volatile (
335 //capdis -f=chdk -s=0xe00200f9 -c=81 -stubs PRIMARY.BIN 0xe0000000
336 " push {r4, r5, r6, lr}\n"
337 #if defined(CHDK_NOT_IN_CANON_HEAP)
338 " ldr r0, =0x002c4613\n" // heap start, modify here
339 #else
340 " ldr r0, =new_sa\n" // +
341 " ldr r0, [r0]\n" // +
342 " add r0, #7\n" // +
343 #endif
344 " sub sp, #0x80\n"
345 " ldr r1, =0x000f264c\n"
346 " bic r5, r0, #7\n"
347 " ldr r0, =0x006cd400\n"
348 " subs r0, r0, r5\n"
349 " cmp r0, r1\n"
350 " bhs loc_e002010e\n"
351 "loc_e002010c:\n"
352 " b loc_e002010c\n"
353 "loc_e002010e:\n"
354 " mrc p15, #0, r0, c0, c0, #5\n"
355 " and r6, r0, #0xf\n"
356 " mov.w r0, #0x400\n"
357 " add.w r1, r5, #0x400\n"
358 " str r0, [sp]\n"
359 " lsls r2, r0, #1\n"
360 " mov r3, r5\n"
361 " mov r4, r1\n"
362 " mov r0, r6\n"
363 " bl sub_e002052c\n"
364 " cbz r6, loc_e0020136\n"
365 " bl sub_dffc570c\n"
366 "loc_e0020132:\n"
367 " add sp, #0x80\n"
368 " pop {r4, r5, r6, pc}\n"
369 "loc_e0020136:\n"
370 " ldr r0, =0x00008088\n"
371 " mov.w r1, #0x80000\n"
372 " str r1, [r0]\n"
373 " ldr r1, =0x0000808c\n"
374 " ldr r0, =0x42aaa000\n"
375 " str r0, [r1]\n"
376 " ldr r1, =0x00008090\n"
377 " ldr r0, =0x42aac000\n"
378 " str r0, [r1]\n"
379 " movs r1, #0x78\n"
380 " add r0, sp, #4\n"
381 " bl sub_dffcc544\n"
382 " ldr r1, =0x005ce000\n"
383 " mov.w r0, #0x100000\n"
384 " ldr r2, =0x005bedb4\n"
385 " strd r1, r0, [sp, #4]\n"
386 " subs r2, r2, r5\n"
387 " add.w r0, r5, #0xc00\n"
388 " strd r0, r2, [sp, #0xc]\n"
389 " ldr r2, =0x005bf9b4\n"
390 " strd r2, r1, [sp, #0x14]\n"
391 " movs r1, #0x22\n"
392 " str r1, [sp, #0x1c]\n"
393 " movs r1, #0xca\n"
394 " str r1, [sp, #0x20]\n"
395 " mov.w r1, #0x2b0\n"
396 " str r1, [sp, #0x24]\n"
397 " movs r1, #0xfa\n"
398 " str r1, [sp, #0x28]\n"
399 " mov.w r1, #0x11a\n"
400 " str r1, [sp, #0x2c]\n"
401 " movs r1, #0x85\n"
402 " str r1, [sp, #0x30]\n"
403 " movs r1, #0x40\n"
404 " str r1, [sp, #0x34]\n"
405 " movs r1, #4\n"
406 " str r1, [sp, #0x38]\n"
407 " movs r1, #0\n"
408 " str r1, [sp, #0x3c]\n"
409 " movs r1, #0x10\n"
410 " str r1, [sp, #0x60]\n"
411 " lsls r1, r1, #8\n"
412 " str r1, [sp, #0x64]\n"
413 " asrs r1, r1, #4\n"
414 " str r1, [sp, #0x68]\n"
415 " lsls r1, r1, #5\n"
416 " str r1, [sp, #0x6c]\n"
417 " mov.w r1, #-0x11111112\n"
418 " b loc_e00201ae\n"
419 "loc_e00201ac:\n"
420 " stm r4!, {r1}\n"
421 "loc_e00201ae:\n"
422 " cmp r0, r4\n"
423 " bhi loc_e00201ac\n"
424 " movs r2, #0\n"
425 " ldr r1, =sub_e0020398_my\n" // ->
426 " add r0, sp, #4\n"
427 " bl sub_dffc49e0\n"
428 " b loc_e0020132\n"
429 );
430 }
431
432 //e0020398
433 void __attribute__((naked,noinline)) sub_e0020398_my() {
434 asm volatile (
435 //capdis -f=chdk -s=0xe0020399 -c=47 -stubs PRIMARY.BIN 0xe0000000
436 " push {r4, lr}\n"
437 " ldr r4, =0xe0020474\n" // *"/_term"
438 " bl sub_e00213fa\n"
439 " ldr r0, =0x00008154\n"
440 " ldr r1, [r0]\n"
441 " ldr r0, =0x00008088\n"
442 " ldr r0, [r0]\n"
443 " adds r0, #0x10\n"
444 " cmp r1, r0\n"
445 " bhs loc_e00203b4\n"
446 " ldr r0, =0xe0020484\n" // *"USER_MEM size checking"
447 " bl sub_e0020418\n"
448 "loc_e00203b4:\n"
449 " bl sub_e0450d70\n"
450 " cmp r0, #0\n"
451 " bge loc_e00203c2\n"
452 " ldr r0, =0xe002049c\n" // *"dmSetup"
453 " bl sub_e0020418\n"
454 "loc_e00203c2:\n"
455 " bl sub_e002210c\n"
456 " cmp r0, #0\n"
457 " bge loc_e00203d0\n"
458 " ldr r0, =0xe00204a4\n" // *"termDriverInit"
459 " bl sub_e0020418\n"
460 "loc_e00203d0:\n"
461 " mov r0, r4\n"
462 " bl sub_e00221b0\n"
463 " cmp r0, #0\n"
464 " bge loc_e00203e0\n"
465 " ldr r0, =0xe00204b4\n" // *"termDeviceCreate"
466 " bl sub_e0020418\n"
467 "loc_e00203e0:\n"
468 " mov r0, r4\n"
469 " bl sub_e002056c\n"
470 " cmp r0, #0\n"
471 " bge loc_e00203f0\n"
472 " ldr r0, =0xe00204c8\n" // *"stdioSetup"
473 " bl sub_e0020418\n"
474 "loc_e00203f0:\n"
475 " bl sub_e00206b0\n"
476 " cmp r0, #0\n"
477 " bge loc_e00203fe\n"
478 " ldr r0, =0xe00204d4\n" // *"stdlibSetup"
479 " bl sub_e0020418\n"
480 "loc_e00203fe:\n"
481 " bl sub_e0029ae4\n"
482 " cmp r0, #0\n"
483 " bge loc_e002040c\n"
484 " ldr r0, =0xe00204e0\n" // *"extlib_setup"
485 " bl sub_e0020418\n"
486 "loc_e002040c:\n"
487 " bl sub_e002042e\n"
488 " pop.w {r4, lr}\n"
489 " b.w sub_e0020750_my\n" // -> continue (taskcreate_startup)
490 );
491 }
492
493 //e0020750
494 void __attribute__((naked,noinline)) sub_e0020750_my() {
495 asm volatile (
496 //capdis -f=chdk -s=0xe0020751 -c=23 -stubs PRIMARY.BIN 0xe0000000
497 " push {r3, lr}\n"
498 " bl sub_e002088c\n" // return
499 " bl sub_e0020848\n"
500
501 " mrc p15, #0, r0, c0, c0, #5\n" // +
502 " ands r0, r0, #0xf\n" // +
503 " bne skip\n" // + to be on the safe side, skip this with core1
504 " movs r0, #1\n" // +
505 " bl sub_e051e078\n" // unblock core1 (needs to be done twice)
506
507 " movs r0, #1\n"
508 " bl sub_e051e078\n" // unblock core1
509 "skip:\n" // +
510
511 " bl sub_e003e3bc\n" // IsNormalCameraMode_FW
512 " bl sub_e005b418_my\n" // -> power-on mode handling & startupchecks here
513 " cbz r0, loc_e002078a\n"
514 " bl sub_dffc9094\n"
515 " ldr r1, =0x006ce000\n"
516 " movs r0, #0\n"
517 " bl sub_e037e5d0\n" // return 0
518 " ldr r3, =task_Startup_my\n" // ->
519 " movs r0, #0\n"
520 " mov r2, r0\n"
521 " str r0, [sp]\n"
522 " movs r1, #0x19\n"
523 " ldr r0, =0xe00207a8\n" // *"Startup"
524 " bl sub_dffc93ba\n"
525 " movs r0, #0\n"
526 " pop {r3, pc}\n"
527 "loc_e002078a:\n"
528 " bl sub_e002087c\n"
529 "loc_e002078e:\n"
530 " b loc_e002078e\n"
531 );
532 }
533
534 //e005b418
535 void __attribute__((naked,noinline)) sub_e005b418_my() {
536 asm volatile (
537 //capdis -f=chdk -s=0xe005b419 -c=44 -stubs PRIMARY.BIN 0xe0000000
538 " push.w {r3, r4, r5, r6, r7, r8, sb, sl, fp, lr}\n"
539 " movs r5, #0\n"
540 " mov sl, r0\n"
541 " mov r4, r5\n"
542 " bl sub_e004e4d2\n" // return
543 " mov.w r0, #0x168\n"
544 " bl sub_e004ed2a\n"
545 " movs r6, #1\n"
546 " bic.w r7, r6, r0\n"
547 " mov.w r0, #0x150\n"
548 " bl sub_e004ed2a\n"
549 " bic.w r8, r6, r0\n"
550 " movs r0, #0\n"
551 " bl sub_e004e4ce\n" // return 0x1
552 " cbz r0, loc_e005b454\n"
553 " mov.w r0, #0x16c\n"
554 " bl sub_e004ed2a\n"
555 " bic.w r5, r6, r0\n"
556 "loc_e005b454:\n"
557 " movs r0, #0x38\n"
558 " bl sub_e004ed2a\n"
559 " mov sb, r6\n"
560 " bics r6, r0\n"
561 " movs r0, #1\n"
562 " bl sub_e004e4ce\n" // return 0x1
563 " cbz r0, loc_e005b472\n"
564 " mov.w r0, #0x194\n"
565 " bl sub_e004ed2a\n"
566 " bic.w r4, sb, r0\n"
567 "loc_e005b472:\n"
568 " cmp.w sl, #0\n"
569 " beq loc_e005b486\n"
570 " orr.w r0, r7, r8\n"
571 " orr.w r1, r5, r6\n"
572 " orrs r0, r1\n"
573 " orrs r0, r4\n"
574 // " beq loc_e005b49a\n" // return
575 "loc_e005b486:\n"
576 " mov r3, r6\n"
577 " mov r2, r5\n"
578 " mov r1, r8\n"
579 " mov r0, r7\n"
580 " str r4, [sp]\n"
581 // " bl sub_e004e4d6\n"
582 // " bl sub_e004e4d4\n" // return
583 " movs r0, #1\n"
584 "loc_e005b49a:\n"
585 " pop.w {r3, r4, r5, r6, r7, r8, sb, sl, fp, pc}\n"
586 );
587 }
588
589 // *** TEMPORARY? workaround ***
590 // Init stuff to avoid asserts on cameras running DryOS r54+
591 // https://chdk.setepontos.com/index.php?topic=12516.0
592 // Execute this only once
593 void init_required_fw_features(void)
594 {
595 extern void _init_focus_eventflag();
596 _init_focus_eventflag();
597 extern void _init_nd_eventflag();
598 _init_nd_eventflag();
599 extern int av_override_semaphore;
600 extern int _CreateBinarySemaphoreStrictly(int x, int y);
601 av_override_semaphore = _CreateBinarySemaphoreStrictly(0,0);
602 }
603
604 // task_Startup e00206d4
605 void __attribute__((naked,noinline)) task_Startup_my() {
606 asm volatile (
607 //capdis -f=chdk -s=0xe00206d5 -c=34 -stubs PRIMARY.BIN 0xe0000000
608 " push {r4, lr}\n"
609 " bl sub_e013a49a\n"
610 " ldr r0, =0x4194a000\n"
611 " mov.w r1, #0x20000\n"
612 " bl sub_e03ea27c\n"
613 " cbz r0, loc_e00206f0\n"
614 " movs r2, #0x7d\n"
615 " movs r0, #0\n"
616 " ldr r1, =0xe0020794\n" // *"Startup.c"
617 " bl sub_dffc96f4\n"
618 "loc_e00206f0:\n"
619 " bl sub_e0020860\n"
620 " bl sub_e046e380\n" // return
621 " bl sub_e052fda8\n"
622 // added for SD card UHS detection https://chdk.setepontos.com/index.php?topic=13089.msg132583#msg132583
623 " bl sub_e04d9986\n" // ref in sub_e04d9c10 before "SDPower.c" string
624 // " bl sub_e046e3dc\n" // - diskboot
625 " bl sub_e005a122\n"
626 " bl sub_e0425880\n"
627 " bl sub_e0020924\n"
628 " bl sub_e00208be\n"
629 " bl sub_e052fdde\n"
630 " bl sub_e0056650\n"
631 " bl sub_e0425886\n"
632 " bl sub_e005b33e_my\n" // -> taskcreate_physw
633 " BL CreateTask_spytask\n" // +
634 " bl init_required_fw_features\n" // +
635 " bl sub_e0297df6\n"
636 " bl sub_e042589c\n"
637 " bl sub_e052fd40\n"
638 " bl sub_e04914c0\n"
639 " bl sub_e005b870\n"
640 " bl sub_e005a0d2\n"
641 " bl sub_e049147c\n"
642 " bl sub_e0020928\n" // return
643 " bl sub_e037bccc\n"
644 " bl sub_e049144e\n"
645 " pop.w {r4, lr}\n"
646 " b.w sub_e013a496\n" // + jump to FW
647 );
648 }
649
650 //taskcreate_physw e005b33e
651 void __attribute__((naked,noinline)) sub_e005b33e_my() {
652 asm volatile (
653 //capdis -f=chdk -s=0xe005b33f -c=18 -stubs PRIMARY.BIN 0xe0000000
654 " push {r2, r3, r4, lr}\n"
655 " bl sub_e005744c\n"
656 " bl sub_e003e33c\n"
657 " cbnz r0, loc_e005b34e\n"
658 " bl sub_e00573f0\n"
659 "loc_e005b34e:\n"
660 " ldr r4, =0x00008370\n"
661 " ldr r0, [r4, #4]\n"
662 " cmp r0, #0\n"
663 " bne loc_e005b36a\n" // return
664 " movs r1, #1\n"
665 // " ldr r3, =0xe005b319\n" // -
666 // " lsls r2, r1, #0xb\n" // -
667 " ldr r3, =mykbd_task\n" // + task_PhySw replacement
668 " mov r2, #0x2000\n" // +
669 " strd r0, r1, [sp]\n"
670 " movs r1, #0x17\n"
671 " ldr r0, =0xe005b6a4\n" // *"PhySw"
672 " bl sub_dffc95d8\n"
673 " str r0, [r4, #4]\n"
674 "loc_e005b36a:\n"
675 " pop {r2, r3, r4, pc}\n"
676 );
677 }
678
679 //e04200b0
680 void __attribute__((naked,noinline)) init_file_modules_task() {
681 asm volatile (
682 //capdis -f=chdk -s=0xe04200b1 -c=18 -stubs PRIMARY.BIN 0xe0000000
683 " push {r4, r5, r6, lr}\n"
684 " movs r0, #6\n"
685 " bl sub_e037b34c\n" // return
686 " bl sub_e049683c\n"
687 " movs r4, r0\n"
688 " movw r5, #0x5006\n"
689 " beq loc_e04200cc\n"
690 " movs r1, #0\n"
691 " mov r0, r5\n"
692 " bl _PostLogicalEventToUI\n"
693 "loc_e04200cc:\n"
694 " bl sub_e0496864\n"
695 " BL core_spytask_can_start\n" // + CHDK: Set "it's-safe-to-start" flag for spytask
696 " cmp r4, #0\n"
697 " bne loc_e04200e0\n" // return
698 " mov r0, r5\n"
699 " pop.w {r4, r5, r6, lr}\n"
700 " movs r1, #1\n"
701 " b.w _PostLogicalEventToUI\n"
702 "loc_e04200e0:\n"
703 " pop {r4, r5, r6, pc}\n"
704 ".ltorg\n"
705 );
706 }
707
708 //e005b078
709 void __attribute__((naked,noinline)) kbd_p2_f_my() {
710 asm volatile(
711 //capdis -f=chdk -s=0xe005b079 -c=77 -stubs PRIMARY.BIN 0xe0000000
712 " push.w {r4, r5, r6, r7, r8, lr}\n"
713 " ldr r6, =0x0004e464\n"
714 " sub sp, #0x18\n"
715 " mov r7, sp\n"
716 " subs r6, #0xc\n"
717 " b loc_e005b0ba\n"
718 "loc_e005b086:\n"
719 " ldrb.w r0, [sp, #0x10]\n"
720 " mov r3, sp\n"
721 " ldr r1, =0x0004e464\n"
722 " add r2, sp, #0xc\n"
723 " subs r1, #0x18\n"
724 " bl sub_e004eb64\n"
725 " cbnz r0, loc_e005b0a0\n"
726 " ldr r1, [sp, #0xc]\n"
727 " movs r0, #0\n"
728 " bl sub_e005afe6\n"
729 "loc_e005b0a0:\n"
730 " movs r0, #2\n"
731 "loc_e005b0a2:\n"
732 " ldr.w r1, [r7, r0, lsl #2]\n"
733 " cbz r1, loc_e005b0b2\n"
734 " ldr.w r2, [r6, r0, lsl #2]\n"
735 " bics r2, r1\n"
736 " str.w r2, [r6, r0, lsl #2]\n"
737 "loc_e005b0b2:\n"
738 " subs r0, r0, #1\n"
739 " sxtb r0, r0\n"
740 " cmp r0, #0\n"
741 " bge loc_e005b0a2\n"
742 "loc_e005b0ba:\n"
743 " add r1, sp, #0x10\n"
744 " ldr r0, =0x0004e464\n"
745 " subs r0, #0xc\n"
746 " bl sub_e004e820\n"
747 " cmp r0, #0\n"
748 " bne loc_e005b086\n"
749 " movs r4, #0\n"
750 " ldr.w r8, =0x0004e464\n"
751 "loc_e005b0ce:\n"
752 " movs r5, #0\n"
753 " ldr.w r0, [r6, r4, lsl #2]\n"
754 " ldr.w r1, [r8, r4, lsl #2]\n"
755 " ands r0, r1\n"
756 " str.w r0, [r6, r4, lsl #2]\n"
757 " b loc_e005b126\n"
758 "loc_e005b0e0:\n"
759 " lsrs r0, r5\n"
760 " lsls r0, r0, #0x1f\n"
761 " beq loc_e005b11e\n"
762 " add.w r0, r5, r4, lsl #5\n"
763 " ldr r1, =0x0004e464\n"
764 " mov r3, sp\n"
765 " uxtb r0, r0\n"
766 " subs r1, #0x18\n"
767 " add r2, sp, #0xc\n"
768 " bl sub_e004eb64\n"
769 " cbnz r0, loc_e005b102\n"
770 " ldr r1, [sp, #0xc]\n"
771 " movs r0, #1\n"
772 " bl sub_e005afe6\n"
773 "loc_e005b102:\n"
774 " mov r0, r4\n"
775 " b loc_e005b11a\n"
776 "loc_e005b106:\n"
777 " ldr.w r1, [r7, r0, lsl #2]\n"
778 " cbz r1, loc_e005b116\n"
779 " ldr.w r2, [r6, r0, lsl #2]\n"
780 " bics r2, r1\n"
781 " str.w r2, [r6, r0, lsl #2]\n"
782 "loc_e005b116:\n"
783 " adds r0, r0, #1\n"
784 " sxtb r0, r0\n"
785 "loc_e005b11a:\n"
786 " cmp r0, #3\n"
787 " blt loc_e005b106\n"
788 "loc_e005b11e:\n"
789 " adds r5, r5, #1\n"
790 " ldr.w r0, [r6, r4, lsl #2]\n"
791 " uxtb r5, r5\n"
792 "loc_e005b126:\n"
793 " cmp r0, #0\n"
794 " bne loc_e005b0e0\n"
795 " adds r4, r4, #1\n"
796 " sxtb r4, r4\n"
797 " cmp r4, #3\n"
798 " blt loc_e005b0ce\n"
799 " bl sub_e004e5ee_my\n" // Patched
800 " add sp, #0x18\n"
801 " pop.w {r4, r5, r6, r7, r8, pc}\n"
802 );
803 }
804
805 //e004e5ee
806 void __attribute__((naked,noinline)) sub_e004e5ee_my() {
807 asm volatile(
808 //capdis -f=chdk -s=0xe004e5ef -c=13 -stubs PRIMARY.BIN 0xe0000000
809 " push {r4, lr}\n"
810 " ldr r4, =0x00009914\n"
811 " ldr r0, [r4, #0xc]\n"
812 " bl sub_e0052e76\n"
813 " ldr r0, [r4, #0x18]\n"
814 " bl sub_e0052f00\n"
815 " bl sub_e0402302\n"
816 " ldr r0, [r4, #0x14]\n"
817 " bl sub_e0052da8\n"
818 " ldr r0, [r4, #0x10]\n"
819 " bl sub_e0052da8\n"
820
821 " bl handle_jogdial\n" // +
822 " cmp r0, #0\n" // +
823 " beq no_scroll\n" // +
824
825 " pop.w {r4, lr}\n"
826 " b.w sub_e0517000\n" // + jump to FW
827
828 "no_scroll:\n" // +
829 " pop {r4, pc}\n" // +
830 );
831 }
832
833 //e005b632
834 void __attribute__((naked,noinline)) kbd_p1_f_cont_my ()
835 {
836 asm volatile(
837 //capdis -f=chdk -s=0xe005b633 -c=18 -jfw -stubs PRIMARY.BIN 0xe0000000
838 " ldr r6, =0x0004e440\n"
839 " movs r1, #2\n"
840 " mov r5, sp\n"
841 " add.w r3, r6, #0x24\n"
842 "loc_e005b63c:\n"
843 " add.w r0, r3, r1, lsl #2\n"
844 " ldr.w r2, [r6, r1, lsl #2]\n"
845 " ldr r7, [r0, #0xc]\n"
846 " ldr r0, [r0, #0x18]\n"
847 " ands r2, r7\n"
848 " eors r2, r0\n"
849 " str.w r2, [r5, r1, lsl #2]\n"
850 " subs r1, r1, #1\n"
851 " bpl loc_e005b63c\n"
852 " mov r0, r5\n"
853 " ldr r2, =0x0004e440\n"
854 " adds r2, #0x18\n"
855 " sub.w r1, r2, #0xc\n"
856 " bl sub_e005b13c_my\n" // -> some physical status is re-read here (not into physw_status)
857 " ldr pc, =0xe005b663\n" // Continue in firmware
858 );
859 }
860
861 extern int physw0_override;
862
863 //e005b13c
864 void __attribute__((naked,noinline)) sub_e005b13c_my ()
865 {
866 asm volatile(
867 //capdis -f=chdk -s=0xe005b13d -c=4 -jfw -stubs PRIMARY.BIN 0xe0000000
868 " push.w {r0, r1, r2, r3, r4, r5, r6, r7, r8, sb, sl, fp, ip, lr}\n"
869 " mov r5, r0\n"
870 " ldr r4, =0x0004e464\n"
871 " ldr r0, =physw0_override\n" // +
872 " ldr.w r0, [r0]\n" // + use CHDK override value
873 //" mov.w r0, #-1\n" // -
874 " ldr pc, =0xe005b149\n" // Continue in firmware
875 );
876 }
877
878 //e025d526
879 void __attribute__((naked,noinline)) task_TricInitTask_my() {
880 asm volatile(
881 //capdis -f=chdk -s=0xe025d527 -c=12 -stubs PRIMARY.BIN 0xe0000000
882 " push.w {r0, r1, r2, r3, r4, r5, r6, r7, r8, sb, sl, fp, ip, lr}\n"
883 " movs r0, #8\n"
884 " ldr r1, =0xe025d7b4\n" // *"InitTskStart"
885 " bl sub_e033c7b2\n"
886 " ldr.w fp, =0x000256f0\n"
887 " mov.w sl, #0x1000\n"
888 " ldr r4, =0x000256ec\n"
889 " movs r2, #0\n"
890 " ldr r1, =0x0703870f\n"
891 " ldr r0, [r4]\n"
892 " bl sub_dffc9830\n"
893 " lsls r0, r0, #0x1f\n"
894 " bne sub_e025d54a\n" // + jump to FW
895
896 //capdis -f=chdk -s=0xe025d55d -c=15 -stubs PRIMARY.BIN 0xe0000000
897 " ldr r4, =0x000256ec\n"
898 " mov r1, sp\n"
899 " ldr r0, [r4]\n"
900 " bl sub_dffc9996\n"
901 " ldr r1, [sp]\n"
902 " ldr r0, [r4]\n"
903 " bl sub_dffc9966\n"
904 " ldr r0, =0x02000003\n"
905 " ldr r7, [sp]\n"
906 " tst r7, r0\n"
907 " beq sub_e025d652\n" // + jump to FW
908 " lsls r0, r7, #0x1f\n"
909 " beq sub_e025d580\n" // + jump to FW
910
911 " ldr r0, =0xd2050074\n" // +
912 " ldr r0, [r0]\n" // + nonzero when core already running
913 " subs r0, #0\n" // +
914 " beq tric1\n" // +
915 " ldr r0, [r4]\n" // +
916 " mov r1, #0x80\n" // +
917 " bl _SetEventFlag\n" // + core already initialized, set the SmacIdleCmp eventflag here
918 "tric1:\n" // +
919
920 " bl sub_e025da1a\n"
921 " b sub_e025d5c2\n" // + jump to FW
922 );
923 }
924
925 int check_fsio_skip(char* msg)
926 {
927 // Short file name (< 32 chars)
928 char* name = msg + 4;
929 // Long file name (will be 0 if not allocated)
930 char* long_name = *((char**)(msg+0x5c));
931 if (long_name != 0) name = long_name;
932 int l = strlen(name);
933
934 // G7X2 crashes when deleting or creating non-Canon files in DCIM image folder if camera is connected to PC via USB
935 // This causes the FsIoNotify task to ignore files that are not Canon image files.
936 // Only applies to files in A/DCIM folders with filename xxx_nnnn.ext, and ext is not JPG or CR2.
937 int skip = ((strncmp(name,"A/DCIM",6) == 0) && (name[l-9] == '_') && (strncmp(name+l-4, ".JPG", 4) != 0) && (strncmp(name+l-4, ".CR2", 4) != 0));
938
939 // If we tell FsIoNotify to skip processing message, then we need to free the long name memory buffer
940 if (skip && (long_name != 0))
941 free(long_name);
942
943 return skip;
944 }
945
946 //e00f2b5c
947 void __attribute__((naked,noinline)) task_FsIoNotifyTask_my() {
948 asm volatile(
949 //capdis -f=chdk -s=0xe00f2b5d -c=20 -stubs PRIMARY.BIN 0xe0000000
950 " ldr r4, =0x000111a8\n"
951 " push {r3, lr}\n"
952 " ldr r0, [r4, #8]\n"
953 " cbnz r0, loc_e00f2b6e\n"
954 " movs r2, #0xbf\n"
955 " movs r0, #0\n"
956 " ldr r1, =0xe00f2ed0\n" // *"FsIoNotify.c"
957 " bl sub_dffc96f4\n"
958 "loc_e00f2b6e:\n"
959 " ldr r0, [r4, #8]\n"
960 " movs r2, #0\n"
961 " mov r1, sp\n"
962 " bl sub_dffc9de0\n"
963 " cbz r0, loc_e00f2b84\n"
964 " movs r2, #0xc3\n"
965 " movs r0, #0\n"
966 " ldr r1, =0xe00f2ed0\n" // *"FsIoNotify.c"
967 " bl sub_dffc96f4\n"
968 "loc_e00f2b84:\n"
969 " ldr r0, [sp]\n"
970 " bl check_fsio_skip\n" // +
971 " cbnz r0, loc_skip\n" // +
972 " ldr r0, [sp]\n"
973 " bl sub_e00f2ac4\n"
974 "loc_skip:\n" // +
975 " b loc_e00f2b6e\n"
976 );
977 }