root/platform/g7x2/sub/101a/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. CreateTask_spytask
  2. boot
  3. debug_logging_my
  4. patch_mzrm_sendmsg
  5. CreateTask_my
  6. sub_e00200f8_my
  7. sub_e0020398_my
  8. sub_e0020750_my
  9. sub_e005b418_my
  10. init_required_fw_features
  11. task_Startup_my
  12. sub_e005b33e_my
  13. init_file_modules_task
  14. kbd_p2_f_my
  15. sub_e004e5ee_my
  16. kbd_p1_f_cont_my
  17. sub_e005b13c_my
  18. task_TricInitTask_my
  19. check_fsio_skip
  20. task_FsIoNotifyTask_my

   1 
   2 #include "lolevel.h"
   3 #include "platform.h"
   4 #include "core.h"
   5 #include "dryos31.h"
   6 
   7 #include "camera_info.h"
   8 
   9 const char * const new_sa = &_end;
  10 
  11 // Forward declarations
  12 extern void task_CaptSeq();
  13 extern void task_InitFileModules();
  14 //extern void task_MovieRecord();
  15 extern void task_ExpDrv();
  16 extern void task_FsIoNotifyTask();
  17 
  18 // void blinker()
  19 // {
  20 //     // green LED
  21 //     volatile int* p = (int*)0xD20801E4;
  22 // 
  23 //     // blinker
  24 //     int i;
  25 //     while (1)
  26 //     {
  27 //         *p = 0x24D0002;
  28 //         for(i=0;i<10000000;i++) {
  29 //             asm volatile(
  30 //             "nop\n"
  31 //             );
  32 //         }
  33 //         *p = 0x24C0003;
  34 //         for(i=0;i<10000000;i++) {
  35 //             asm volatile(
  36 //             "nop\n"
  37 //             );
  38 //         }
  39 //     }
  40 // }
  41 // void blinkeraf()
  42 // {
  43 //     // green LED
  44 //     volatile int* p = (int*)0xD20801E8;
  45 // 
  46 //     // blinker
  47 //     int i;
  48 //     while (1)
  49 //     {
  50 //         *p = 0x24D0002;
  51 //         for(i=0;i<10000000;i++) {
  52 //             asm volatile(
  53 //             "nop\n"
  54 //             );
  55 //         }
  56 //         *p = 0x24C0003;
  57 //         for(i=0;i<10000000;i++) {
  58 //             asm volatile(
  59 //             "nop\n"
  60 //             );
  61 //         }
  62 //     }
  63 // }
  64 // void blinktask(long ua, long ub, long uc, long ud, long ue, long uf)
  65 // {
  66 //     // green LED
  67 //     volatile int* p = (int*)0xD20801E4;
  68 // 
  69 //     // blinker
  70 //     while (1)
  71 //     {
  72 //         *p = 0x24D0002;
  73 //         _SleepTask(1000);
  74 //         *p = 0x24C0003;
  75 //         _SleepTask(1000);
  76 //     }
  77 // }
  78 
  79 /*----------------------------------------------------------------------
  80     CreateTask_spytask
  81 -----------------------------------------------------------------------*/
  82 void CreateTask_spytask()
  83 {
  84 //    _CreateTask("BlinkTask", 0x19, 0x800, blinktask, 0);
  85     _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
  86 }
  87 
  88 /*----------------------------------------------------------------------
  89     boot()
  90 
  91     Main entry point for the CHDK code
  92 -----------------------------------------------------------------------*/
  93 
  94 /*************************************************************/
  95 void __attribute__((naked,noinline)) boot() {
  96     asm volatile (
  97             "    mrc     p15, #0, r0, c0, c0, #5\n"
  98             "    ands    r0, #0xf\n"
  99             "    beq     loc_boot\n" // let core0 boot
 100             "    adr     r0, loc_boot\n"
 101             "    orr     r0, #1\n"
 102             "    bl      sub_e0539e68\n" // park core1 then continue at r0
 103             "loc_boot:\n"
 104 
 105             //capdis -f=chdk -s=0xe0020011 -c=65 -stubs PRIMARY.BIN 0xe0000000
 106             "    ldr     r0, =0xe0020200\n"
 107             "    mcr     p15, #0, r0, c12, c0, #0\n"
 108             "    isb     sy\n"
 109             "    movw    r0, #0x2000\n"
 110             "    movt    r0, #0\n"
 111             "    mov     sp, r0\n"
 112             "    mrc     p15, #0, r5, c0, c0, #5\n"
 113             "    ands    r0, r5, #0xf\n"
 114             "    bne     loc_e0020032\n"
 115             "    b.w     loc_e002003c\n"
 116             "loc_e0020032:\n"
 117             "    b.w     sub_e00200f8_my\n"     // Patched
 118 //            "    movs    r0, r0\n"            // Data
 119 //            "    lsls    r0, r0, #8\n"        // Data
 120 //            "    b       loc_e0020042\n"      // Data
 121             "loc_e002003c:\n"
 122             "    ldr     r0, =0xe0fd3770\n"
 123             "    ldr     r1, =0x00008000\n"
 124             "    ldr     r3, =0x0004c618\n"
 125             "loc_e0020042:\n"
 126             "    cmp     r1, r3\n"
 127             "    itt     lo\n"
 128             "    ldrlo   r2, [r0], #4\n"
 129             "    strlo   r2, [r1], #4\n"
 130             "    blo     loc_e0020042\n"
 131             "    ldr     r1, =0x002c460c\n"
 132             "    mov.w   r2, #0\n"
 133             "loc_e0020056:\n"
 134             "    cmp     r3, r1\n"
 135             "    it      lo\n"
 136             "    strlo   r2, [r3], #4\n"
 137             "    blo     loc_e0020056\n"
 138             "    ldr     r0, =0xe1017d88\n" //  **"zH"
 139             "    ldr     r1, =0x01900000\n" //  **"zH"
 140             "    ldr     r3, =0x0190139c\n"
 141             "loc_e0020066:\n"
 142             "    cmp     r1, r3\n"
 143             "    itt     lo\n"
 144             "    ldrlo   r2, [r0], #4\n"
 145             "    strlo   r2, [r1], #4\n"
 146             "    blo     loc_e0020066\n"
 147             "    ldr     r0, =0x01900000\n" //  **"zH"
 148             "    ldr     r1, =0x0000139c\n"
 149             "    bl      sub_e042eb74\n"
 150             "    ldr     r0, =0x01900000\n" //  **"zH"
 151             "    ldr     r1, =0x0000139c\n"
 152             "    bl      sub_e042ec4c\n"
 153             "    ldr     r0, =0xe1019124\n"
 154             "    ldr     r1, =0xdffc4900\n"
 155             "    ldr     r3, =0xdffd0908\n"
 156             "loc_e002008a:\n"
 157             "    cmp     r1, r3\n"
 158             "    itt     lo\n"
 159             "    ldrlo   r2, [r0], #4\n"
 160             "    strlo   r2, [r1], #4\n"
 161             "    blo     loc_e002008a\n"
 162             "    ldr     r1, =0xdffd0908\n"
 163             "    mov.w   r2, #0\n"
 164             "loc_e002009e:\n"
 165             "    cmp     r3, r1\n"
 166             "    it      lo\n"
 167             "    strlo   r2, [r3], #4\n"
 168             "    blo     loc_e002009e\n"
 169 
 170             "    blx     patch_mzrm_sendmsg\n"
 171 
 172             // Install CreateTask patch
 173             // use half words in case source or destination not word aligned
 174             "    adr     r0, patch_CreateTask\n"    // src: Patch data
 175             "    ldr     r1, =hook_CreateTask\n"    // dest: Address to patch
 176             "    add     r2, r0, #8\n"              // two words
 177             "patch_hook_loop:\n"
 178             "    ldrh    r3, [r0],#2\n"
 179             "    strh    r3, [r1],#2\n"
 180             "    cmp     r0,r2\n"
 181             "    blo     patch_hook_loop\n"
 182 
 183             "    ldr     r0, =0xdffc4900\n"
 184             "    ldr     r1, =0x0000c008\n"
 185             "    bl      sub_e042eb74\n"
 186             "    ldr     r0, =0xdffc4900\n"
 187             "    ldr     r1, =0x0000c008\n"
 188             "    bl      sub_e042ec4c\n"
 189 //            "    ldr     r0, =loc_e0020032\n"     // -
 190 //            "    orr     r0, r0, #1\n"            // -
 191 //            "    bx      r0\n"                    // -
 192             "    b       loc_e0020032\n" // +
 193 
 194             // CreateTask patch, must be aligned as the original
 195             "    .align  2\n"
 196             "    .short  0\n" // added for alignment
 197             "patch_CreateTask:\n"
 198             "    ldr.w   pc, _createtask_my\n"      // Do jump to absolute address CreateTask_my
 199             "_createtask_my:\n"
 200             "    .long   CreateTask_my + 1\n"       // has to be a thumb address
 201             "    .align  1\n"
 202     );
 203 }
 204 
 205 /*************************************************************/
 206 /*
 207     Custom function called in mzrm_sendmsg via logging function pointer (normally disabled)
 208     Checks if called from function that is updating the Canon UI.
 209     Updates CHDK bitmap settings and sets flag to update CHDK UI.
 210 */
 211 void __attribute__((naked,noinline))
 212 debug_logging_my(char* fmt, ...)
 213 {
 214     (void)fmt;  // unused parameter
 215     asm volatile (
 216             //LR = Return address
 217             "    ldr     r0, =mzrm_sendmsg_ret_adr\n"   // Is return address in mzrm_sendmsg function?
 218             "    cmp     r0, lr\n"
 219             "    beq     do_ui_update\n"
 220             "exit_debug_logging_my:\n"
 221             "    bx      lr\n"
 222 
 223             "do_ui_update:\n"
 224             "    ldr     r0, [sp,#0x18]\n"              // mzrm_sendmsg 'msg' value (2nd parameter, saved on stack)
 225             "    ldr     r1, [r0]\n"                    // message type
 226             "    mov     r2, #0x25\n"                   // Ximr update? (3rd parameter to mzrm_createmsg)
 227             "    cmp     r1, r2\n"
 228             "    bne     exit_debug_logging_my\n"
 229             "    add     r0, r0, #16\n"                 // Offset to Ximr context in 'msg'
 230             "    b       update_ui\n"
 231     );
 232 }
 233 
 234 /*
 235     Install and enable custom logging function for mzrm_sendmsg.
 236 */
 237 void
 238 patch_mzrm_sendmsg ()
 239 {
 240     extern int debug_logging_flag;
 241     extern void (*debug_logging_ptr)(char* fmt, ...);
 242 
 243     // Each bit in debug_logging_flag enables logging in different areas of the firmware code - only set the bit required for mzrm logging.
 244     debug_logging_flag = 0x200;
 245     debug_logging_ptr = debug_logging_my;
 246 }
 247 
 248 /*************************************************************/
 249 void __attribute__((naked,noinline)) CreateTask_my() {
 250     asm volatile (
 251             "    push   {r0}\n"
 252             //R3 = Pointer to task function to create
 253 
 254             "    ldr     r0, =task_CaptSeq\n"       // DryOS original code function ptr.
 255             "    cmp     r0, r3\n"                  // is the given taskptr equal to our searched function?
 256             "    itt     eq\n"                      // EQ block
 257             "    ldreq   r3, =capt_seq_task\n"      // if so replace with our task function base ptr.
 258             "    beq     exitHook\n"                // below compares not necessary if this check has found something.
 259 
 260             "    ldr     r0, =task_ExpDrv\n"
 261             "    cmp     r0, R3\n"
 262             "    itt     eq\n"
 263             "    ldreq   r3, =exp_drv_task\n"
 264             "    beq     exitHook\n"
 265 
 266             //"    ldr     r0, =task_DvlpSeq\n"
 267             //"    cmp     r0, R3\n"
 268             //"    itt     eq\n"
 269             //"    ldreq   r3, =developseq_task\n"
 270             //"    beq     exitHook\n"
 271 
 272             "    ldr     r0, =task_FileWrite\n"
 273             "    cmp     r0, R3\n"
 274             "    itt     eq\n"
 275             "    ldreq   r3, =filewritetask\n"
 276             "    beq     exitHook\n"
 277 
 278             //"    ldr     r0, =task_MovieRecord\n"
 279             //"    cmp     r0, R3\n"
 280             //"    itt     eq\n"
 281             //"    ldreq   r3, =movie_record_task\n"
 282             //"    beq     exitHook\n"
 283 
 284             "    ldr     r0, =task_FsIoNotifyTask\n"
 285             "    cmp     r0, r3\n"
 286             "    itt     eq\n"
 287             "    ldreq   r3, =task_FsIoNotifyTask_my\n"
 288             "    beq     exitHook\n"
 289 
 290             "    ldr     r0, =task_TricInitTask\n"
 291             "    cmp     r0, r3\n"
 292             "    itt     eq\n"
 293             "    ldreq   r3, =task_TricInitTask_my\n"
 294             "    beq     exitHook\n"
 295 
 296             "    ldr     r0, =task_InitFileModules\n"
 297             "    cmp     r0, r3\n"
 298             "    it      eq\n"
 299             "    ldreq   r3, =init_file_modules_task\n"
 300 
 301             "exitHook:\n"
 302             // restore overwritten register(s)
 303             "    pop    {r0}\n"
 304             // Execute overwritten instructions from original code, then jump to firmware
 305             "    push    {r1, r2, r3, r4, r5, r6, r7, lr}\n"
 306             "    mov     r4, r3\n"
 307             "    mov.w   r3, #0x1000\n"
 308             "    ldr.w   pc, =0xDFFC93C3\n" // Continue in firmware
 309     );
 310 }
 311 
 312 //e00200f8
 313 void __attribute__((naked,noinline)) sub_e00200f8_my() {
 314 
 315     if (*(int*)(0xd2082000 + 0x168) & 0x10000) {
 316         // see FUN_e004e4d6, FUN_e004e4d6
 317         // GPIO 0x10 (aka ON/OFF button) is not pressed -> play
 318         *(int*)(0x9914+0x8) = 0x100000;
 319     }
 320     else {
 321         // GPIO 0x10 is pressed -> rec
 322         *(int*)(0x9914+0x8) = 0x80000;
 323     }
 324 
 325     asm volatile (
 326             //capdis -f=chdk -s=0xe00200f9 -c=81 -stubs PRIMARY.BIN 0xe0000000
 327             "    push    {r4, r5, r6, lr}\n"
 328 #if defined(CHDK_NOT_IN_CANON_HEAP)
 329             "    ldr     r0, =0x002c4613\n"         // heap start, modify here
 330 #else
 331             "    ldr     r0, =new_sa\n"             // +
 332             "    ldr     r0, [r0]\n"                // +
 333             "    add     r0, #7\n"                  // +
 334 #endif
 335             "    sub     sp, #0x80\n"
 336             "    ldr     r1, =0x000f264c\n"
 337             "    bic     r5, r0, #7\n"
 338             "    ldr     r0, =0x006cd400\n"
 339             "    subs    r0, r0, r5\n"
 340             "    cmp     r0, r1\n"
 341             "    bhs     loc_e002010e\n"
 342             "loc_e002010c:\n"
 343             "    b       loc_e002010c\n"
 344             "loc_e002010e:\n"
 345             "    mrc     p15, #0, r0, c0, c0, #5\n"
 346             "    and     r6, r0, #0xf\n"
 347             "    mov.w   r0, #0x400\n"
 348             "    add.w   r1, r5, #0x400\n"
 349             "    str     r0, [sp]\n"
 350             "    lsls    r2, r0, #1\n"
 351             "    mov     r3, r5\n"
 352             "    mov     r4, r1\n"
 353             "    mov     r0, r6\n"
 354             "    bl      sub_e002052c\n"
 355             "    cbz     r6, loc_e0020136\n"
 356             "    bl      sub_dffc570c\n"
 357             "loc_e0020132:\n"
 358             "    add     sp, #0x80\n"
 359             "    pop     {r4, r5, r6, pc}\n"
 360             "loc_e0020136:\n"
 361             "    ldr     r0, =0x00008088\n"
 362             "    mov.w   r1, #0x80000\n"
 363             "    str     r1, [r0]\n"
 364             "    ldr     r1, =0x0000808c\n"
 365             "    ldr     r0, =0x42aaa000\n"
 366             "    str     r0, [r1]\n"
 367             "    ldr     r1, =0x00008090\n"
 368             "    ldr     r0, =0x42aac000\n"
 369             "    str     r0, [r1]\n"
 370             "    movs    r1, #0x78\n"
 371             "    add     r0, sp, #4\n"
 372             "    bl      sub_dffcc544\n"
 373             "    ldr     r1, =0x005ce000\n"
 374             "    mov.w   r0, #0x100000\n"
 375             "    ldr     r2, =0x005bedb4\n"
 376             "    strd    r1, r0, [sp, #4]\n"
 377             "    subs    r2, r2, r5\n"
 378             "    add.w   r0, r5, #0xc00\n"
 379             "    strd    r0, r2, [sp, #0xc]\n"
 380             "    ldr     r2, =0x005bf9b4\n"
 381             "    strd    r2, r1, [sp, #0x14]\n"
 382             "    movs    r1, #0x22\n"
 383             "    str     r1, [sp, #0x1c]\n"
 384             "    movs    r1, #0xca\n"
 385             "    str     r1, [sp, #0x20]\n"
 386             "    mov.w   r1, #0x2b0\n"
 387             "    str     r1, [sp, #0x24]\n"
 388             "    movs    r1, #0xfa\n"
 389             "    str     r1, [sp, #0x28]\n"
 390             "    mov.w   r1, #0x11a\n"
 391             "    str     r1, [sp, #0x2c]\n"
 392             "    movs    r1, #0x85\n"
 393             "    str     r1, [sp, #0x30]\n"
 394             "    movs    r1, #0x40\n"
 395             "    str     r1, [sp, #0x34]\n"
 396             "    movs    r1, #4\n"
 397             "    str     r1, [sp, #0x38]\n"
 398             "    movs    r1, #0\n"
 399             "    str     r1, [sp, #0x3c]\n"
 400             "    movs    r1, #0x10\n"
 401             "    str     r1, [sp, #0x60]\n"
 402             "    lsls    r1, r1, #8\n"
 403             "    str     r1, [sp, #0x64]\n"
 404             "    asrs    r1, r1, #4\n"
 405             "    str     r1, [sp, #0x68]\n"
 406             "    lsls    r1, r1, #5\n"
 407             "    str     r1, [sp, #0x6c]\n"
 408             "    mov.w   r1, #-0x11111112\n"
 409             "    b       loc_e00201ae\n"
 410             "loc_e00201ac:\n"
 411             "    stm     r4!, {r1}\n"
 412             "loc_e00201ae:\n"
 413             "    cmp     r0, r4\n"
 414             "    bhi     loc_e00201ac\n"
 415             "    movs    r2, #0\n"
 416             "    ldr     r1, =sub_e0020398_my\n" // ->
 417             "    add     r0, sp, #4\n"
 418             "    bl      sub_dffc49e0\n"
 419             "    b       loc_e0020132\n"
 420     );
 421 }
 422 
 423 //e0020398
 424 void __attribute__((naked,noinline)) sub_e0020398_my() {
 425     asm volatile (
 426             //capdis -f=chdk -s=0xe0020399 -c=47 -stubs PRIMARY.BIN 0xe0000000
 427             "    push    {r4, lr}\n"
 428             "    ldr     r4, =0xe0020474\n" //  *"/_term"
 429             "    bl      sub_e00213fa\n"
 430             "    ldr     r0, =0x00008154\n"
 431             "    ldr     r1, [r0]\n"
 432             "    ldr     r0, =0x00008088\n"
 433             "    ldr     r0, [r0]\n"
 434             "    adds    r0, #0x10\n"
 435             "    cmp     r1, r0\n"
 436             "    bhs     loc_e00203b4\n"
 437             "    ldr     r0, =0xe0020484\n" //  *"USER_MEM size checking"
 438             "    bl      sub_e0020418\n"
 439             "loc_e00203b4:\n"
 440             "    bl      sub_e0450d70\n"
 441             "    cmp     r0, #0\n"
 442             "    bge     loc_e00203c2\n"
 443             "    ldr     r0, =0xe002049c\n" //  *"dmSetup"
 444             "    bl      sub_e0020418\n"
 445             "loc_e00203c2:\n"
 446             "    bl      sub_e002210c\n"
 447             "    cmp     r0, #0\n"
 448             "    bge     loc_e00203d0\n"
 449             "    ldr     r0, =0xe00204a4\n" //  *"termDriverInit"
 450             "    bl      sub_e0020418\n"
 451             "loc_e00203d0:\n"
 452             "    mov     r0, r4\n"
 453             "    bl      sub_e00221b0\n"
 454             "    cmp     r0, #0\n"
 455             "    bge     loc_e00203e0\n"
 456             "    ldr     r0, =0xe00204b4\n" //  *"termDeviceCreate"
 457             "    bl      sub_e0020418\n"
 458             "loc_e00203e0:\n"
 459             "    mov     r0, r4\n"
 460             "    bl      sub_e002056c\n"
 461             "    cmp     r0, #0\n"
 462             "    bge     loc_e00203f0\n"
 463             "    ldr     r0, =0xe00204c8\n" //  *"stdioSetup"
 464             "    bl      sub_e0020418\n"
 465             "loc_e00203f0:\n"
 466             "    bl      sub_e00206b0\n"
 467             "    cmp     r0, #0\n"
 468             "    bge     loc_e00203fe\n"
 469             "    ldr     r0, =0xe00204d4\n" //  *"stdlibSetup"
 470             "    bl      sub_e0020418\n"
 471             "loc_e00203fe:\n"
 472             "    bl      sub_e0029ae4\n"
 473             "    cmp     r0, #0\n"
 474             "    bge     loc_e002040c\n"
 475             "    ldr     r0, =0xe00204e0\n" //  *"extlib_setup"
 476             "    bl      sub_e0020418\n"
 477             "loc_e002040c:\n"
 478             "    bl      sub_e002042e\n"
 479             "    pop.w   {r4, lr}\n"
 480             "    b.w     sub_e0020750_my\n" // -> continue (taskcreate_startup)
 481     );
 482 }
 483 
 484 //e0020750
 485 void __attribute__((naked,noinline)) sub_e0020750_my() {
 486     asm volatile (
 487             //capdis -f=chdk -s=0xe0020751 -c=23 -stubs PRIMARY.BIN 0xe0000000
 488             "    push    {r3, lr}\n"
 489             "    bl      sub_e002088c\n"
 490             "    bl      sub_e0020848\n"
 491 
 492             "    mrc     p15, #0, r0, c0, c0, #5\n" // +
 493             "    ands    r0, r0, #0xf\n"            // +
 494             "    bne     skip\n"                    // + to be on the safe side, skip this with core1
 495             "    movs    r0, #1\n"                  // +
 496             "    bl      sub_e051e07c\n"            // unblock core1 (needs to be done twice)
 497 
 498             "    movs    r0, #1\n"
 499             "    bl      sub_e051e07c\n"            // unblock core1
 500             "skip:\n"                               // +
 501 
 502             "    bl      sub_e003e3bc\n"        // IsNormalCameraMode_FW
 503             "    bl      sub_e005b418_my\n"     // -> power-on mode handling & startupchecks here
 504             "    cbz     r0, loc_e002078a\n"
 505             "    bl      sub_dffc9094\n"
 506             "    ldr     r1, =0x006ce000\n"
 507             "    movs    r0, #0\n"
 508             "    bl      sub_e037e5d0\n"
 509             "    ldr     r3, =task_Startup_my\n"    // ->
 510             "    movs    r0, #0\n"
 511             "    mov     r2, r0\n"
 512             "    str     r0, [sp]\n"
 513             "    movs    r1, #0x19\n"
 514             "    ldr     r0, =0xe00207a8\n" //  *"Startup"
 515             "    bl      sub_dffc93ba\n"
 516             "    movs    r0, #0\n"
 517             "    pop     {r3, pc}\n"
 518             "loc_e002078a:\n"
 519             "    bl      sub_e002087c\n"
 520             "loc_e002078e:\n"
 521             "    b       loc_e002078e\n"
 522     );
 523 }
 524 
 525 //e005b418
 526 void __attribute__((naked,noinline)) sub_e005b418_my() {
 527     asm volatile (
 528             //capdis -f=chdk -s=0xe005b419 -c=44 -stubs PRIMARY.BIN 0xe0000000
 529             "    push.w  {r3, r4, r5, r6, r7, r8, sb, sl, fp, lr}\n"
 530             "    movs    r5, #0\n"
 531             "    mov     sl, r0\n"
 532             "    mov     r4, r5\n"
 533             "    bl      sub_e004e4d2\n"
 534             "    mov.w   r0, #0x168\n"
 535             "    bl      sub_e004ed2a\n"
 536             "    movs    r6, #1\n"
 537             "    bic.w   r7, r6, r0\n"
 538             "    mov.w   r0, #0x150\n"
 539             "    bl      sub_e004ed2a\n"
 540             "    bic.w   r8, r6, r0\n"
 541             "    movs    r0, #0\n"
 542             "    bl      sub_e004e4ce\n"
 543             "    cbz     r0, loc_e005b454\n"
 544             "    mov.w   r0, #0x16c\n"
 545             "    bl      sub_e004ed2a\n"
 546             "    bic.w   r5, r6, r0\n"
 547             "loc_e005b454:\n"
 548             "    movs    r0, #0x38\n"
 549             "    bl      sub_e004ed2a\n"
 550             "    mov     sb, r6\n"
 551             "    bics    r6, r0\n"
 552             "    movs    r0, #1\n"
 553             "    bl      sub_e004e4ce\n"
 554             "    cbz     r0, loc_e005b472\n"
 555             "    mov.w   r0, #0x194\n"
 556             "    bl      sub_e004ed2a\n"
 557             "    bic.w   r4, sb, r0\n"
 558             "loc_e005b472:\n"
 559             "    cmp.w   sl, #0\n"
 560             "    beq     loc_e005b486\n"
 561             "    orr.w   r0, r7, r8\n"
 562             "    orr.w   r1, r5, r6\n"
 563             "    orrs    r0, r1\n"
 564             "    orrs    r0, r4\n"
 565 //            "    beq     loc_e005b49a\n"
 566             "loc_e005b486:\n"
 567             "    mov     r3, r6\n"
 568             "    mov     r2, r5\n"
 569             "    mov     r1, r8\n"
 570             "    mov     r0, r7\n"
 571             "    str     r4, [sp]\n"
 572 //            "    bl      sub_e004e4d6\n"
 573 //            "    bl      sub_e004e4d4\n"
 574             "    movs    r0, #1\n"
 575             "loc_e005b49a:\n"
 576             "    pop.w   {r3, r4, r5, r6, r7, r8, sb, sl, fp, pc}\n"
 577     );
 578 }
 579 
 580 // *** TEMPORARY? workaround ***
 581 // Init stuff to avoid asserts on cameras running DryOS r54+
 582 // https://chdk.setepontos.com/index.php?topic=12516.0
 583 // Execute this only once
 584 void init_required_fw_features(void)
 585 {
 586     extern void _init_focus_eventflag();
 587     _init_focus_eventflag();
 588     extern void _init_nd_eventflag();
 589     _init_nd_eventflag();
 590     extern int av_override_semaphore;
 591     extern int _CreateBinarySemaphoreStrictly(int x, int y);
 592     av_override_semaphore = _CreateBinarySemaphoreStrictly(0,0);
 593 }
 594 
 595 // task_Startup e00206d4
 596 void __attribute__((naked,noinline)) task_Startup_my() {
 597     asm volatile (
 598             //capdis -f=chdk -s=0xe00206d5 -c=34 -stubs PRIMARY.BIN 0xe0000000
 599             "    push    {r4, lr}\n"
 600             "    bl      sub_e013a49a\n"
 601             "    ldr     r0, =0x4194a000\n"
 602             "    mov.w   r1, #0x20000\n"
 603             "    bl      sub_e03ea27c\n"
 604             "    cbz     r0, loc_e00206f0\n"
 605             "    movs    r2, #0x7d\n"
 606             "    movs    r0, #0\n"
 607             "    ldr     r1, =0xe0020794\n" //  *"Startup.c"
 608             "    bl      sub_dffc96f4\n"
 609             "loc_e00206f0:\n"
 610             "    bl      sub_e0020860\n"
 611             "    bl      sub_e046e380\n"
 612             "    bl      sub_e052fdac\n"
 613             // added for SD card UHS detection https://chdk.setepontos.com/index.php?topic=13089.msg132583#msg132583
 614             "    bl      sub_e04d998a\n" // ref in sub_e04d9c14 before "SDPower.c" string
 615 //            "    bl      sub_e046e3dc\n"    // - diskboot
 616             "    bl      sub_e005a122\n"
 617             "    bl      sub_e0425880\n"
 618             "    bl      sub_e0020924\n"
 619             "    bl      sub_e00208be\n"
 620             "    bl      sub_e052fde2\n"
 621             "    bl      sub_e0056650\n"
 622             "    bl      sub_e0425886\n"
 623             "    bl      sub_e005b33e_my\n"     // -> taskcreate_physw
 624             "    BL      CreateTask_spytask\n"  // +
 625             "    bl      init_required_fw_features\n"   // +
 626             "    bl      sub_e0297df6\n"
 627             "    bl      sub_e042589c\n"
 628             "    bl      sub_e052fd44\n"
 629             "    bl      sub_e04914a0\n"
 630             "    bl      sub_e005b870\n"
 631             "    bl      sub_e005a0d2\n"
 632             "    bl      sub_e049145c\n"
 633             "    bl      sub_e0020928\n"
 634             "    bl      sub_e037bccc\n"
 635             "    bl      sub_e049142e\n"
 636             "    pop.w   {r4, lr}\n"
 637             "    b.w     sub_e013a496\n"    // + jump to FW
 638     );
 639 }
 640 
 641 //taskcreate_physw e005b33e
 642 void __attribute__((naked,noinline)) sub_e005b33e_my() {
 643     asm volatile (
 644             //capdis -f=chdk -s=0xe005b33f -c=18 -stubs PRIMARY.BIN 0xe0000000
 645             "    push    {r2, r3, r4, lr}\n"
 646             "    bl      sub_e005744c\n"
 647             "    bl      sub_e003e33c\n"
 648             "    cbnz    r0, loc_e005b34e\n"
 649             "    bl      sub_e00573f0\n"
 650             "loc_e005b34e:\n"
 651             "    ldr     r4, =0x00008370\n"
 652             "    ldr     r0, [r4, #4]\n"
 653             "    cmp     r0, #0\n"
 654             "    bne     loc_e005b36a\n"
 655             "    movs    r1, #1\n"
 656 //            "    ldr     r3, =0xe005b319\n" // -
 657 //            "    lsls    r2, r1, #0xb\n"  // -
 658             "    ldr     r3, =mykbd_task\n" // + task_PhySw replacement
 659             "    mov     r2, #0x2000\n"     // +
 660             "    strd    r0, r1, [sp]\n"
 661             "    movs    r1, #0x17\n"
 662             "    ldr     r0, =0xe005b6a4\n" //  *"PhySw"
 663             "    bl      sub_dffc95d8\n"
 664             "    str     r0, [r4, #4]\n"
 665             "loc_e005b36a:\n"
 666             "    pop     {r2, r3, r4, pc}\n"
 667     );
 668 }
 669 
 670 //e04200b0
 671 void __attribute__((naked,noinline)) init_file_modules_task() {
 672     asm volatile (
 673             //capdis -f=chdk -s=0xe04200b1 -c=18 -stubs PRIMARY.BIN 0xe0000000
 674             "    push    {r4, r5, r6, lr}\n"
 675             "    movs    r0, #6\n"
 676             "    bl      sub_e037b34c\n"
 677             "    bl      sub_e049681c\n"
 678             "    movs    r4, r0\n"
 679             "    movw    r5, #0x5006\n"
 680             "    beq     loc_e04200cc\n"
 681             "    movs    r1, #0\n"
 682             "    mov     r0, r5\n"
 683             "    bl      _PostLogicalEventToUI\n"
 684             "loc_e04200cc:\n"
 685             "    bl      sub_e0496844\n"
 686             "    BL      core_spytask_can_start\n" // + CHDK: Set "it's-safe-to-start" flag for spytask
 687             "    cmp     r4, #0\n"
 688             "    bne     loc_e04200e0\n"
 689             "    mov     r0, r5\n"
 690             "    pop.w   {r4, r5, r6, lr}\n"
 691             "    movs    r1, #1\n"
 692             "    b.w     _PostLogicalEventToUI\n"
 693             "loc_e04200e0:\n"
 694             "    pop     {r4, r5, r6, pc}\n"
 695 ".ltorg\n"
 696     );
 697 }
 698 
 699 //e005b078
 700 void __attribute__((naked,noinline)) kbd_p2_f_my() {
 701     asm volatile(
 702             //capdis -f=chdk -s=0xe005b079 -c=77 -stubs PRIMARY.BIN 0xe0000000
 703             "    push.w  {r4, r5, r6, r7, r8, lr}\n"
 704             "    ldr     r6, =0x0004e46c\n"
 705             "    sub     sp, #0x18\n"
 706             "    mov     r7, sp\n"
 707             "    subs    r6, #0xc\n"
 708             "    b       loc_e005b0ba\n"
 709             "loc_e005b086:\n"
 710             "    ldrb.w  r0, [sp, #0x10]\n"
 711             "    mov     r3, sp\n"
 712             "    ldr     r1, =0x0004e46c\n"
 713             "    add     r2, sp, #0xc\n"
 714             "    subs    r1, #0x18\n"
 715             "    bl      sub_e004eb64\n"
 716             "    cbnz    r0, loc_e005b0a0\n"
 717             "    ldr     r1, [sp, #0xc]\n"
 718             "    movs    r0, #0\n"
 719             "    bl      sub_e005afe6\n"
 720             "loc_e005b0a0:\n"
 721             "    movs    r0, #2\n"
 722             "loc_e005b0a2:\n"
 723             "    ldr.w   r1, [r7, r0, lsl #2]\n"
 724             "    cbz     r1, loc_e005b0b2\n"
 725             "    ldr.w   r2, [r6, r0, lsl #2]\n"
 726             "    bics    r2, r1\n"
 727             "    str.w   r2, [r6, r0, lsl #2]\n"
 728             "loc_e005b0b2:\n"
 729             "    subs    r0, r0, #1\n"
 730             "    sxtb    r0, r0\n"
 731             "    cmp     r0, #0\n"
 732             "    bge     loc_e005b0a2\n"
 733             "loc_e005b0ba:\n"
 734             "    add     r1, sp, #0x10\n"
 735             "    ldr     r0, =0x0004e46c\n"
 736             "    subs    r0, #0xc\n"
 737             "    bl      sub_e004e820\n"
 738             "    cmp     r0, #0\n"
 739             "    bne     loc_e005b086\n"
 740             "    movs    r4, #0\n"
 741             "    ldr.w   r8, =0x0004e46c\n"
 742             "loc_e005b0ce:\n"
 743             "    movs    r5, #0\n"
 744             "    ldr.w   r0, [r6, r4, lsl #2]\n"
 745             "    ldr.w   r1, [r8, r4, lsl #2]\n"
 746             "    ands    r0, r1\n"
 747             "    str.w   r0, [r6, r4, lsl #2]\n"
 748             "    b       loc_e005b126\n"
 749             "loc_e005b0e0:\n"
 750             "    lsrs    r0, r5\n"
 751             "    lsls    r0, r0, #0x1f\n"
 752             "    beq     loc_e005b11e\n"
 753             "    add.w   r0, r5, r4, lsl #5\n"
 754             "    ldr     r1, =0x0004e46c\n"
 755             "    mov     r3, sp\n"
 756             "    uxtb    r0, r0\n"
 757             "    subs    r1, #0x18\n"
 758             "    add     r2, sp, #0xc\n"
 759             "    bl      sub_e004eb64\n"
 760             "    cbnz    r0, loc_e005b102\n"
 761             "    ldr     r1, [sp, #0xc]\n"
 762             "    movs    r0, #1\n"
 763             "    bl      sub_e005afe6\n"
 764             "loc_e005b102:\n"
 765             "    mov     r0, r4\n"
 766             "    b       loc_e005b11a\n"
 767             "loc_e005b106:\n"
 768             "    ldr.w   r1, [r7, r0, lsl #2]\n"
 769             "    cbz     r1, loc_e005b116\n"
 770             "    ldr.w   r2, [r6, r0, lsl #2]\n"
 771             "    bics    r2, r1\n"
 772             "    str.w   r2, [r6, r0, lsl #2]\n"
 773             "loc_e005b116:\n"
 774             "    adds    r0, r0, #1\n"
 775             "    sxtb    r0, r0\n"
 776             "loc_e005b11a:\n"
 777             "    cmp     r0, #3\n"
 778             "    blt     loc_e005b106\n"
 779             "loc_e005b11e:\n"
 780             "    adds    r5, r5, #1\n"
 781             "    ldr.w   r0, [r6, r4, lsl #2]\n"
 782             "    uxtb    r5, r5\n"
 783             "loc_e005b126:\n"
 784             "    cmp     r0, #0\n"
 785             "    bne     loc_e005b0e0\n"
 786             "    adds    r4, r4, #1\n"
 787             "    sxtb    r4, r4\n"
 788             "    cmp     r4, #3\n"
 789             "    blt     loc_e005b0ce\n"
 790             "    bl      sub_e004e5ee_my\n" // Patched
 791             "    add     sp, #0x18\n"
 792             "    pop.w   {r4, r5, r6, r7, r8, pc}\n"
 793     );
 794 }
 795 
 796 //e004e5ee
 797 void __attribute__((naked,noinline)) sub_e004e5ee_my() {
 798     asm volatile(
 799             //capdis -f=chdk -s=0xe004e5ef -c=13 -stubs PRIMARY.BIN 0xe0000000
 800             "    push    {r4, lr}\n"
 801             "    ldr     r4, =0x00009914\n"
 802             "    ldr     r0, [r4, #0xc]\n"
 803             "    bl      sub_e0052e76\n"
 804             "    ldr     r0, [r4, #0x18]\n"
 805             "    bl      sub_e0052f00\n"
 806             "    bl      sub_e0402302\n"
 807             "    ldr     r0, [r4, #0x14]\n"
 808             "    bl      sub_e0052da8\n"
 809             "    ldr     r0, [r4, #0x10]\n"
 810             "    bl      sub_e0052da8\n"
 811 
 812             "    bl      handle_jogdial\n" // +
 813             "    cmp     r0, #0\n" // +
 814             "    beq     no_scroll\n" // +
 815 
 816             "    pop.w   {r4, lr}\n"
 817             "    b.w     sub_e0517004\n"    // + jump to FW
 818 
 819             "no_scroll:\n" // +
 820             "    pop     {r4, pc}\n" // +
 821     );
 822 }
 823 
 824 //e005b632
 825 void __attribute__((naked,noinline)) kbd_p1_f_cont_my ()
 826 {
 827     asm volatile(
 828             //capdis -f=chdk -s=0xe005b633 -c=18 -jfw -stubs PRIMARY.BIN 0xe0000000
 829             "    ldr     r6, =0x0004e448\n"
 830             "    movs    r1, #2\n"
 831             "    mov     r5, sp\n"
 832             "    add.w   r3, r6, #0x24\n"
 833             "loc_e005b63c:\n"
 834             "    add.w   r0, r3, r1, lsl #2\n"
 835             "    ldr.w   r2, [r6, r1, lsl #2]\n"
 836             "    ldr     r7, [r0, #0xc]\n"
 837             "    ldr     r0, [r0, #0x18]\n"
 838             "    ands    r2, r7\n"
 839             "    eors    r2, r0\n"
 840             "    str.w   r2, [r5, r1, lsl #2]\n"
 841             "    subs    r1, r1, #1\n"
 842             "    bpl     loc_e005b63c\n"
 843             "    mov     r0, r5\n"
 844             "    ldr     r2, =0x0004e448\n"
 845             "    adds    r2, #0x18\n"
 846             "    sub.w   r1, r2, #0xc\n"
 847             "    bl      sub_e005b13c_my\n" // -> some physical status is re-read here (not into physw_status)
 848             "    ldr     pc, =0xe005b663\n" // Continue in firmware
 849     );
 850 }
 851 
 852 extern int physw0_override;
 853 
 854 //e005b13c
 855 void __attribute__((naked,noinline)) sub_e005b13c_my ()
 856 {
 857     asm volatile(
 858             //capdis -f=chdk -s=0xe005b13d -c=4 -jfw -stubs PRIMARY.BIN 0xe0000000
 859             "    push.w  {r0, r1, r2, r3, r4, r5, r6, r7, r8, sb, sl, fp, ip, lr}\n"
 860             "    mov     r5, r0\n"
 861             "    ldr     r4, =0x0004e46c\n"
 862             "    ldr     r0, =physw0_override\n" // +
 863             "    ldr.w   r0, [r0]\n" // + use CHDK override value
 864             //"    mov.w   r0, #-1\n"           // -
 865             "    ldr     pc, =0xe005b149\n" // Continue in firmware
 866     );
 867 }
 868 
 869 //e025d526
 870 void __attribute__((naked,noinline)) task_TricInitTask_my() {
 871     asm volatile(
 872             //capdis -f=chdk -s=0xe025d527 -c=12 -stubs PRIMARY.BIN 0xe0000000
 873             "    push.w  {r0, r1, r2, r3, r4, r5, r6, r7, r8, sb, sl, fp, ip, lr}\n"
 874             "    movs    r0, #8\n"
 875             "    ldr     r1, =0xe025d7b4\n" //  *"InitTskStart"
 876             "    bl      sub_e033c7b2\n"
 877             "    ldr.w   fp, =0x000256f0\n"
 878             "    mov.w   sl, #0x1000\n"
 879             "    ldr     r4, =0x000256ec\n"
 880             "    movs    r2, #0\n"
 881             "    ldr     r1, =0x0703870f\n"
 882             "    ldr     r0, [r4]\n"
 883             "    bl      sub_dffc9830\n"
 884             "    lsls    r0, r0, #0x1f\n"
 885             "    bne     sub_e025d54a\n"    // + jump to FW
 886 
 887             //capdis -f=chdk -s=0xe025d55d -c=15 -stubs PRIMARY.BIN 0xe0000000
 888             "    ldr     r4, =0x000256ec\n"
 889             "    mov     r1, sp\n"
 890             "    ldr     r0, [r4]\n"
 891             "    bl      sub_dffc9996\n"
 892             "    ldr     r1, [sp]\n"
 893             "    ldr     r0, [r4]\n"
 894             "    bl      sub_dffc9966\n"
 895             "    ldr     r0, =0x02000003\n"
 896             "    ldr     r7, [sp]\n"
 897             "    tst     r7, r0\n"
 898             "    beq     sub_e025d652\n"    // + jump to FW
 899             "    lsls    r0, r7, #0x1f\n"
 900             "    beq     sub_e025d580\n"    // + jump to FW
 901 
 902             "    ldr     r0, =0xd2050074\n" // +
 903             "    ldr     r0, [r0]\n"        // + nonzero when core already running
 904             "    subs    r0, #0\n"          // +
 905             "    beq     tric1\n"           // +
 906             "    ldr     r0, [r4]\n"        // +
 907             "    mov     r1, #0x80\n"       // +
 908             "    bl      _SetEventFlag\n"   // + core already initialized, set the SmacIdleCmp eventflag here
 909             "tric1:\n"                      // +
 910 
 911             "    bl      sub_e025da1a\n"
 912             "    b       sub_e025d5c2\n"    // + jump to FW
 913     );
 914 }
 915 
 916 int check_fsio_skip(char* msg)
 917 {
 918     // Short file name (< 32 chars)
 919     char* name = msg + 4;
 920     // Long file name (will be 0 if not allocated)
 921     char* long_name = *((char**)(msg+0x5c));
 922     if (long_name != 0) name = long_name;
 923     int l = strlen(name);
 924 
 925     // G7X2 crashes when deleting or creating non-Canon files in DCIM image folder if camera is connected to PC via USB
 926     // This causes the FsIoNotify task to ignore files that are not Canon image files.
 927     // Only applies to files in A/DCIM folders with filename xxx_nnnn.ext, and ext is not JPG or CR2.
 928     int skip = ((strncmp(name,"A/DCIM",6) == 0) && (name[l-9] == '_') && (strncmp(name+l-4, ".JPG", 4) != 0) && (strncmp(name+l-4, ".CR2", 4) != 0));
 929 
 930     // If we tell FsIoNotify to skip processing message, then we need to free the long name memory buffer
 931     if (skip && (long_name != 0))
 932         free(long_name);
 933 
 934     return skip;
 935 }
 936 
 937 //e00f2b5c
 938 void __attribute__((naked,noinline)) task_FsIoNotifyTask_my() {
 939     asm volatile(
 940             //capdis -f=chdk -s=0xe00f2b5d -c=20 -stubs PRIMARY.BIN 0xe0000000
 941             "    ldr     r4, =0x000111a8\n"
 942             "    push    {r3, lr}\n"
 943             "    ldr     r0, [r4, #8]\n"
 944             "    cbnz    r0, loc_e00f2b6e\n"
 945             "    movs    r2, #0xbf\n"
 946             "    movs    r0, #0\n"
 947             "    ldr     r1, =0xe00f2ed0\n" //  *"FsIoNotify.c"
 948             "    bl      sub_dffc96f4\n"
 949             "loc_e00f2b6e:\n"
 950             "    ldr     r0, [r4, #8]\n"
 951             "    movs    r2, #0\n"
 952             "    mov     r1, sp\n"
 953             "    bl      sub_dffc9de0\n"
 954             "    cbz     r0, loc_e00f2b84\n"
 955             "    movs    r2, #0xc3\n"
 956             "    movs    r0, #0\n"
 957             "    ldr     r1, =0xe00f2ed0\n" //  *"FsIoNotify.c"
 958             "    bl      sub_dffc96f4\n"
 959             "loc_e00f2b84:\n"
 960             "    ldr     r0, [sp]\n"
 961             "    bl      check_fsio_skip\n" // +
 962             "    cbnz    r0, loc_skip\n"    // +
 963             "    ldr     r0, [sp]\n"
 964             "    bl      sub_e00f2ac4\n"
 965             "loc_skip:\n"                   // +
 966             "    b       loc_e00f2b6e\n"
 967     );
 968 }

/* [<][>][^][v][top][bottom][index][help] */