root/platform/ixus300_sd4000/sub/100d/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. taskHook
  2. CreateTask_spytask
  3. boot
  4. sub_FF810354_my
  5. sub_FF811198_my
  6. uHwSetup_my
  7. taskcreate_Startup_my
  8. task_Startup_my
  9. taskcreate_PhySw_my
  10. init_file_modules_task
  11. JogDial_task_my
  12. sub_FF88FF58_my
  13. sub_FF871A04_my
  14. sub_FF87162C_my
  15. sub_FF87134C_my

   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 #include "dryos31.h"
   5 #include "asmsafe.h"
   6 
   7 const char * const new_sa = &_end;
   8 
   9 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
  10 
  11 // Forward declarations
  12 void CreateTask_PhySw();
  13 void CreateTask_spytask();
  14 extern volatile int jogdial_stopped;
  15 void JogDial_task_my(void);
  16 void boot();
  17 
  18 extern void task_CaptSeq();
  19 extern void task_InitFileModules();
  20 extern void task_RotaryEncoder();
  21 extern void task_MovieRecord();
  22 extern void task_ExpDrv();
  23 extern void task_FileWrite();
  24 
  25 //----------------------------------------------------------------------
  26 // Pointer to stack location where jogdial task records previous and current
  27 // jogdial positions
  28 
  29 short *jog_position;
  30 
  31 
  32 // almost the same as SX30 / G12
  33 
  34 void taskHook(context_t **context) {
  35     task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
  36 
  37     // Replace firmware task addresses
  38     // since we create our own PhySw Task (taskcreatePhySw_my), no need to hook it
  39     if(tcb->entry == (void*)task_CaptSeq)           tcb->entry = (void*)capt_seq_task;
  40     if(tcb->entry == (void*)task_InitFileModules)   tcb->entry = (void*)init_file_modules_task;
  41     if(tcb->entry == (void*)task_RotaryEncoder)     tcb->entry = (void*)JogDial_task_my;
  42     if(tcb->entry == (void*)task_MovieRecord)       tcb->entry = (void*)movie_record_task;
  43     if(tcb->entry == (void*)task_ExpDrv)            tcb->entry = (void*)exp_drv_task;
  44     if(tcb->entry == (void*)task_FileWrite)         tcb->entry = (void*)filewritetask;
  45 }
  46 
  47 void CreateTask_spytask() {    //#fs
  48     _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
  49 }    //#fe
  50 
  51 // ROM:FF81000C
  52 void __attribute__((naked,noinline)) boot() {    //#fs
  53     asm volatile (
  54         "LDR     R1, =0xC0410000\n"
  55         "MOV     R0, #0\n"
  56         "STR     R0, [R1]\n"
  57         "MOV     R1, #0x78\n"
  58         "MCR     p15, 0, R1,c1,c0\n"
  59         "MOV     R1, #0\n"
  60         "MCR     p15, 0, R1,c7,c10, 4\n"
  61         "MCR     p15, 0, R1,c7,c5\n"
  62         "MCR     p15, 0, R1,c7,c6\n"
  63         "MOV     R0, #0x3D\n"
  64         "MCR     p15, 0, R0,c6,c0\n"
  65         "MOV     R0, #0xC000002F\n"
  66         "MCR     p15, 0, R0,c6,c1\n"
  67         "MOV     R0, #0x35\n"
  68         "MCR     p15, 0, R0,c6,c2\n"
  69         "MOV     R0, #0x40000035\n"
  70         "MCR     p15, 0, R0,c6,c3\n"
  71         "MOV     R0, #0x80000017\n"
  72         "MCR     p15, 0, R0,c6,c4\n"
  73         "LDR     R0, =0xFF80002D\n"
  74         "MCR     p15, 0, R0,c6,c5\n"
  75         "MOV     R0, #0x34\n"
  76         "MCR     p15, 0, R0,c2,c0\n"
  77         "MOV     R0, #0x34\n"
  78         "MCR     p15, 0, R0,c2,c0, 1\n"
  79         "MOV     R0, #0x34\n"
  80         "MCR     p15, 0, R0,c3,c0\n"
  81         "LDR     R0, =0x3333330\n"
  82         "MCR     p15, 0, R0,c5,c0, 2\n"
  83         "LDR     R0, =0x3333330\n"
  84         "MCR     p15, 0, R0,c5,c0, 3\n"
  85         "MRC     p15, 0, R0,c1,c0\n"
  86         "ORR     R0, R0, #0x1000\n"
  87         "ORR     R0, R0, #4\n"
  88         "ORR     R0, R0, #1\n"
  89         "MCR     p15, 0, R0,c1,c0\n"
  90         "MOV     R1, #0x80000006\n"
  91         "MCR     p15, 0, R1,c9,c1\n"
  92         "MOV     R1, #6\n"
  93         "MCR     p15, 0, R1,c9,c1, 1\n"
  94         "MRC     p15, 0, R1,c1,c0\n"
  95         "ORR     R1, R1, #0x50000\n"
  96         "MCR     p15, 0, R1,c1,c0\n"
  97         "LDR     R2, =0xC0200000\n"
  98         "MOV     R1, #1\n"
  99         "STR     R1, [R2,#0x10C]\n"
 100         "MOV     R1, #0xFF\n"
 101         "STR     R1, [R2,#0xC]\n"
 102         "STR     R1, [R2,#0x1C]\n"
 103         "STR     R1, [R2,#0x2C]\n"
 104         "STR     R1, [R2,#0x3C]\n"
 105         "STR     R1, [R2,#0x4C]\n"
 106         "STR     R1, [R2,#0x5C]\n"
 107         "STR     R1, [R2,#0x6C]\n"
 108         "STR     R1, [R2,#0x7C]\n"
 109         "STR     R1, [R2,#0x8C]\n"
 110         "STR     R1, [R2,#0x9C]\n"
 111         "STR     R1, [R2,#0xAC]\n"
 112         "STR     R1, [R2,#0xBC]\n"
 113         "STR     R1, [R2,#0xCC]\n"
 114         "STR     R1, [R2,#0xDC]\n"
 115         "STR     R1, [R2,#0xEC]\n"
 116         "STR     R1, [R2,#0xFC]\n"
 117         "LDR     R1, =0xC0400008\n"
 118         "LDR     R2, =0x430005\n"
 119         "STR     R2, [R1]\n"
 120         "MOV     R1, #1\n"
 121         "LDR     R2, =0xC0243100\n"
 122         "STR     R2, [R1]\n"
 123         "LDR     R2, =0xC0242010\n"
 124         "LDR     R1, [R2]\n"
 125         "ORR     R1, R1, #1\n"
 126         "STR     R1, [R2]\n"
 127         "LDR     R0, =0xFFC206D4\n"          // canon_data_src
 128         "LDR     R1, =0x1900\n"              // MEMBASEADDR
 129         "LDR     R3, =0xF244\n"
 130         "loc_FF81013C:\n"
 131         "CMP     R1, R3\n"
 132         "LDRCC   R2, [R0],#4\n"
 133         "STRCC   R2, [R1],#4\n"
 134         "BCC     loc_FF81013C\n"
 135         "LDR     R1, =0x14B394\n"            // MEMISOSTART
 136         "MOV     R2, #0\n"
 137         "loc_FF810154:\n"
 138         "CMP     R3, R1\n"
 139         "STRCC   R2, [R3],#4\n"
 140         "BCC     loc_FF810154\n"
 141 
 142         //"B       sub_FF810354\n"           // original
 143         "B       sub_FF810354_my\n"          // +
 144     );
 145 }    //#fe
 146 
 147 
 148 void __attribute__((naked,noinline)) sub_FF810354_my() {    //#fs
 149 
 150     // Hook Canon Firmware Tasks, http://chdk.setepontos.com/index.php/topic,4194.0.html
 151     //*(int*)0x1930=(int)taskHook;               // does not work
 152     //*(int*)0x1934=(int)taskHook;               // 0x1934 not used in firmware
 153     *(int*)0x1938=(int)taskHook;                 // ROM:FF810698
 154     // 0x1938=taskHook and 0x193C=taskHook together cause ASSERT in SpyTask on CHDK autostart
 155     *(int*)0x193C=(int)taskHook;                 // ROM:FF8106D8
 156     //*(int*)0x19A0=(int)taskHook;               // maybe correct IRQ is 0x19A0 (ROM:FF816634) ?
 157 
 158     // Power Button detection (short press = playback mode, long press = record mode)
 159     // replacement for ROM:FF834580 -> ROM:FF861134 for correct power-on
 160     *(int*)(0x24B8)= (*(int*)0xC0220110)&1 ? 0x400000 : 0x200000;    // ROM:FF861138, value 0x200000 and 0x400000 must be in reverse order, else detection is reversed too
 161 
 162     asm volatile (
 163         "LDR     R0, =0xFF8103CC\n"
 164         "MOV     R1, #0\n"
 165         "LDR     R3, =0xFF810404\n"
 166         "loc_FF810360:\n"
 167         "CMP     R0, R3\n"
 168         "LDRCC   R2, [R0],#4\n"
 169         "STRCC   R2, [R1],#4\n"
 170         "BCC     loc_FF810360\n"
 171         "LDR     R0, =0xFF810404\n"
 172         "MOV     R1, #0x4B0\n"
 173         "LDR     R3, =0xFF810618\n"
 174         "loc_FF81037C:\n"
 175         "CMP     R0, R3\n"
 176         "LDRCC   R2, [R0],#4\n"
 177         "STRCC   R2, [R1],#4\n"
 178         "BCC     loc_FF81037C\n"
 179         "MOV     R0, #0xD2\n"
 180         "MSR     CPSR_cxsf, R0\n"
 181         "MOV     SP, #0x1000\n"
 182         "MOV     R0, #0xD3\n"
 183         "MSR     CPSR_cxsf, R0\n"
 184         "MOV     SP, #0x1000\n"
 185         "LDR     R0, =0x6C4\n"
 186         "LDR     R2, =0xEEEEEEEE\n"
 187         "MOV     R3, #0x1000\n"
 188         "loc_FF8103B0:\n"
 189         "CMP     R0, R3\n"
 190         "STRCC   R2, [R0],#4\n"
 191         "BCC     loc_FF8103B0\n"
 192 
 193         //"BL      sub_FF811198\n"           // original
 194         "BL      sub_FF811198_my\n"          // +
 195 
 196         // Shouldn't we continue with original function ?!? Most other Port do not...
 197         // asm volatile ("B      sub_FF8103CC\n");
 198     );
 199 }    //#fe
 200 
 201 void __attribute__((naked,noinline)) sub_FF811198_my() { //#fs
 202     asm volatile (
 203         "STR     LR, [SP,#-4]!\n"
 204         "SUB     SP, SP, #0x74\n"
 205         "MOV     R0, SP\n"
 206         "MOV     R1, #0x74\n"
 207         "BL      sub_FFB59A1C\n"
 208         "MOV     R0, #0x53000\n"
 209         "STR     R0, [SP,#4]\n"
 210 #if defined(CHDK_NOT_IN_CANON_HEAP)            // use original heap offset since CHDK is loaded in high memory
 211         "LDR     R0, =0x14B394\n"              // original
 212 #else                                          // otherwise use patched value
 213         "LDR     R0, =new_sa\n"                // +
 214         "LDR     R0, [R0]\n"                   // +
 215 #endif
 216         "LDR     R2, =0x379C00\n"
 217         "LDR     R1, =0x3724A8\n"
 218         "STR     R0, [SP,#8]\n"
 219         "SUB     R0, R1, R0\n"
 220         "ADD     R3, SP, #0xC\n"
 221         "STR     R2, [SP]\n"
 222         "STMIA   R3, {R0-R2}\n"
 223         "MOV     R0, #0x22\n"
 224         "STR     R0, [SP,#0x18]\n"
 225         "MOV     R0, #0x68\n"
 226         "STR     R0, [SP,#0x1C]\n"
 227         "LDR     R0, =0x19B\n"
 228 
 229         //"LDR     R1, =sub_FF815E58\n"        // original uHwSetup()
 230         "LDR     R1, =uHwSetup_my\n"           // +
 231 
 232         "B       sub_FF8111EC\n"              // Continue in firmware
 233     );
 234 };    //#fe
 235 
 236 // ROM:FF815E58
 237 void __attribute__((naked,noinline)) uHwSetup_my() {    //#fs
 238     asm volatile (
 239         "STMFD   SP!, {R4,LR}\n"
 240         "BL      sub_FF810B20\n"
 241         "BL      sub_FF81A244\n"             // dmSetup()
 242         "CMP     R0, #0\n"
 243         //"ADRLT   R0, =0xFF815F6C\n"        // "dmSetup"
 244         "LDRLT   R0, =0xFF815F6C\n"          // compiler does not like ADRLT
 245         "BLLT    sub_FF815F4C\n"             // err_init_task()
 246         "BL      sub_FF815A94\n"             // termDriverInit()
 247         "CMP     R0, #0\n"
 248         //"ADRLT   R0, =0xFF815F74\n"        // "termDriverInit"
 249         "LDRLT   R0, =0xFF815F74\n"          // compiler does not like ADRLT
 250         "BLLT    sub_FF815F4C\n"             // err_init_task()
 251         //"ADR     R0, =0xFF815F84\n"        // "/_term"
 252         "LDR     R0, =0xFF815F84\n"          // compiler does not like ADR
 253         "BL      sub_FF815B7C\n"             // termDeviceCreate()
 254         "CMP     R0, #0\n"
 255         //"ADRLT   R0, =0xFF815B7C\n"        // "termDeviceCreate"
 256         "LDRLT   R0, =0xFF815B7C\n"          // compiler does not like ADRLT
 257         "BLLT    sub_FF815F4C\n"             // err_init_task()
 258         //"ADR     R0, =0xFF815F84\n"        // "/_term"
 259         "LDR     R0, =0xFF815F84\n"          // compiler does not like ADR
 260         "BL      sub_FF813BF0\n"             // stdioSetup()
 261         "CMP     R0, #0\n"
 262         //"ADRLT   R0, =0xFF813BF0\n"        // "stdioSetup"
 263         "LDRLT   R0, =0xFF813BF0\n"          // compiler does not like ADRLT
 264         "BLLT    sub_FF815F4C\n"             // err_init_task()
 265         "BL      sub_FF819C3C\n"             // stdlibSetup()
 266         "CMP     R0, #0\n"
 267         //"ADRLT   R0, =0xFF815FAC\n"        // "stdlibSetup"
 268         "LDRLT   R0, =0xFF815FAC\n"          // compiler does not like ADRLT
 269         "BLLT    sub_FF815F4C\n"             // err_init_task()
 270         "BL      sub_FF81167C\n"             // armlib_setup()
 271         "CMP     R0, #0\n"
 272         //"ADRLT   R0, =0xFF815FB8\n"        // "armlib_setup"
 273         "LDRLT   R0, =0xFF815FB8\n"          // compiler does not like ADRLT
 274         "BLLT    sub_FF815F4C\n"             // err_init_task()
 275         "LDMFD   SP!, {R4,LR}\n"
 276 
 277         //"B       sub_FF81FAF0\n"           // taskcreate_Startup() ROM:FF81FAF0
 278         "B       taskcreate_Startup_my\n"    // +
 279     );
 280 }; //#fe
 281 
 282 // ROM:FF81FAF0
 283 void __attribute__((naked,noinline)) taskcreate_Startup_my() { //#fs
 284     asm volatile (
 285         "STMFD   SP!, {R3,LR}\n"
 286         //"BL      j_nullsub_213\n"
 287         "BL      sub_FF83BCF0\n"
 288         "CMP     R0, #0\n"
 289         "BNE     loc_FF81FB34\n"
 290         "BL      sub_FF835D6C\n"               // IsNormalCameraMode()
 291         "CMP     R0, #0\n"
 292         "BEQ     loc_FF81FB34\n"
 293         "BL      sub_FF834574\n"
 294         "CMP     R0, #0\n"
 295         "BNE     loc_FF81FB34\n"
 296         "BL      sub_FF833BDC\n"
 297         "LDR     R1, =0xC0220000\n"
 298         "MOV     R0, #0x44\n"
 299         "STR     R0, [R1,#0x1C]\n"
 300         "BL      sub_FF833DCC\n"
 301         "loc_FF81FB30:\n"
 302         "B       loc_FF81FB30\n"
 303         "loc_FF81FB34:\n"
 304         //"BL      sub_FF834580\n"           // + disabled for correct Power Button detection, ROM:FF861134 is canon function
 305         //"BL      j_nullsub_214\n"
 306         "BL      sub_FF839F18\n"
 307         "LDR     R1, =0x3CE000\n"
 308         "MOV     R0, #0\n"
 309         "BL      sub_FF83A360\n"
 310         "BL      sub_FF83A10C\n"             // KerSys.c:548
 311         "MOV     R3, #0\n"
 312         "STR     R3, [SP]\n"
 313 
 314         //"ADR     R3, =0xFF81FA8C\n"        // original: task_Startup()
 315         //"LDR     R3, =0xFF81FA8C\n"        // compiler does not like ADR
 316         "LDR     R3, =task_Startup_my\n"     // +
 317 
 318         "B       sub_FF81FB5C\n"             // Continue in firmware
 319     );
 320 }; //#fe
 321 
 322 // ROM:FF81FA8C
 323 void __attribute__((naked,noinline)) task_Startup_my() { //#fs
 324     asm volatile (
 325         "STMFD   SP!, {R4,LR}\n"
 326         "BL      sub_FF81650C\n"             // taskcreate_ClockSave()
 327         "BL      sub_FF835674\n"
 328         "BL      sub_FF833808\n"             // taskcreate_ClkEnabler()
 329         //"BL      sub_FF83BD30\n"           // j_nullsub_217
 330         "BL      sub_FF83BF1C\n"             // taskcreate_ADCScn()
 331 
 332         //"BL      sub_FF83BDC4\n"           // original: StartSdInit() -> StartDiskboot()
 333 
 334         "BL      sub_FF83C0C0\n"
 335         "BL      sub_FF8322E4\n"
 336         "BL      sub_FF83BF4C\n"             // taskcreate_WDT()
 337         "BL      sub_FF8396BC\n"             // ErrorStuff
 338         "BL      sub_FF83C0C4\n"             // taskcreate_?
 339 
 340         "BL      CreateTask_spytask\n"       // +
 341 
 342         //"BL      sub_FF834434\n"           // taskcreate_PhySw()
 343         "BL      taskcreate_PhySw_my\n"      // + (create our own PhySw Task instead of hooking firmware Task)
 344 
 345         "BL      sub_FF8379F8\n"             // task_ShootSeqTask()
 346         //"BL      task_ShootSeqTask_my\n"   // +
 347 
 348         "B       sub_FF81FAC4\n"             // Continue in firmware
 349     );
 350 }; //#fe
 351 
 352 // ROM:FF834434
 353 void __attribute__((naked,noinline)) taskcreate_PhySw_my() {    //#fs
 354     asm volatile (
 355             "STMFD   SP!, {R3-R5,LR}\n"
 356             "LDR     R4, =0x1C28\n"
 357             "LDR     R0, [R4,#0x10]\n"
 358             "CMP     R0, #0\n"
 359             "BNE     sub_FF834468\n"
 360             "MOV     R3, #0\n"
 361             "STR     R3, [SP]\n"
 362 
 363             //"ADR     R3, FF834400\n"           // task_PhySw()
 364             //"LDR     R3, =0xFF834400\n"        // compiler does not like ADR
 365             "LDR     R3, =mykbd_task\n"          // +
 366             //"MOV     R2, #0x800\n"             // original stack size is to small
 367             "MOV     R2, #0x2000\n"              // + increase stack size for our task_PhySw so we don't have to do stack switch, if stack is too small large scripts may cause crash !!!
 368 
 369             "B       sub_FF834458\n"             // Continue in Firmware
 370     );
 371 };    //#fe
 372 
 373 // ROM:FF8995E0
 374 void __attribute__((naked,noinline)) init_file_modules_task() {    //#fs
 375     asm volatile (
 376         "STMFD   SP!, {R4-R6,LR}\n"
 377         "BL      sub_FF88FF2C\n"
 378         "LDR     R5, =0x5006\n"
 379         "MOVS    R4, R0\n"
 380         "MOVNE   R1, #0\n"
 381         "MOVNE   R0, R5\n"
 382         "BLNE    sub_FF893994\n"             // eventproc_export_PostLogicalEventToUI()
 383 
 384         //"BL      sub_FF88FF58\n"           // original
 385         "BL      sub_FF88FF58_my\n"          // +
 386         "BL      core_spytask_can_start\n"   // + safe to start CHDK SpyTask
 387 
 388         "B       sub_FF899600\n"             // Continue in Firmware
 389     );
 390 };    //#fe
 391 
 392 // ROM:FF861B68
 393 // actually Task Name is task_RotarySw() not task_JogDial()
 394 void __attribute__((naked,noinline)) JogDial_task_my() {
 395     asm volatile (
 396         "STMFD   SP!, {R4-R11,LR}\n"
 397         "SUB     SP, SP, #0x2C\n"
 398         "BL      sub_FF861F54\n"             // LOCATION: JogDial.c:14
 399         "LDR     R1, =0x24CC\n"
 400         "LDR     R9, =0xFFB5F800\n"
 401         "MOV     R0, #0\n"
 402         "ADD     R2, SP, #0x14\n"
 403         "ADD     R3, SP, #0x18\n"
 404         "ADD     R10, SP, #0xC\n"
 405         "ADD     R8, SP, #0x10\n"
 406 
 407         // Save pointer for kbd.c routine
 408         "LDR     R3, =jog_position\n"
 409         "STR     R8, [R3]\n"        
 410         
 411         "MOV     R7, #0\n"
 412     "loc_FF861B94:\n"
 413         "ADD     R3, SP, #0x18\n"
 414         "ADD     R12, R3, R0,LSL#1\n"
 415         "ADD     R2, SP, #0x14\n"
 416         "STRH    R7, [R12]\n"
 417         "ADD     R12, R2, R0,LSL#1\n"
 418         "STRH    R7, [R12]\n"
 419         "STR     R7, [R8,R0,LSL#2]\n"
 420         "STR     R7, [R10,R0,LSL#2]\n"
 421         "ADD     R0, R0, #1\n"
 422         "CMP     R0, #1\n"
 423         "BLT     loc_FF861B94\n"
 424         "loc_FF861BC0:\n"
 425         "LDR     R0, =0x24CC\n"
 426         "MOV     R2, #0\n"
 427         "LDR     R0, [R0,#8]\n"
 428         "ADD     R1, SP, #0x4\n"
 429         "BL      sub_FF83994C\n"             // LOCATION: KerQueue.c:0
 430         "TST     R0, #1\n"
 431         "MOVNE   R1, #0x25C\n"
 432         //"ADRNE   R0, =0xFF861E8C\n"          // "JogDial.c"
 433         "LDRNE   R0, =0xFF861E8C\n"          // compiler does not like ADRNE
 434         "BLNE    sub_FF81EB14\n"             // DebugAssert()
 435 
 436         // disable JogDial Task in ALT mode
 437         // like G11
 438         //------------------  added code ---------------------
 439         "labelA:\n"
 440         "LDR     R0, =jogdial_stopped\n"
 441         "LDR     R0, [R0]\n"
 442         "CMP     R0, #1\n"
 443         "BNE     labelB\n"
 444         "MOV     R0, #40\n"
 445         "BL      _SleepTask\n"
 446         "B       labelA\n"
 447         "labelB:\n"
 448         //------------------  original code ------------------
 449 
 450         "LDR     R0, [SP,#0x4]\n"
 451         "AND     R4, R0, #0xFF\n"
 452         "AND     R0, R0, #0xFF00\n"
 453         "CMP     R0, #0x100\n"
 454         "BEQ     loc_FF861C44\n"
 455         "CMP     R0, #0x200\n"
 456         "BEQ     loc_FF861C7C\n"
 457         "CMP     R0, #0x300\n"
 458         "BEQ     loc_FF861ED8\n"
 459         "CMP     R0, #0x400\n"
 460         "BNE     loc_FF861BC0\n"
 461         "CMP     R4, #0\n"
 462         "LDRNE   R1, =0x30E\n"
 463         //"ADRNE   R0, =0xFF861E8C\n"        // "JogDial.c"
 464         "LDRNE   R0, =0xFF861E8C\n"          // compiler does not like ADRNE
 465         "BLNE    sub_FF81EB14\n"             // DebugAssert()
 466         "LDR     R2, =0xFFB5F7EC\n"
 467         "ADD     R0, R4, R4,LSL#2\n"
 468         "LDR     R1, [R2,R0,LSL#2]\n"
 469         "STR     R7, [R1]\n"
 470         "MOV     R1, #1\n"
 471         "ADD     R0, R2, R0,LSL#2\n"
 472         "loc_FF861C38:\n"
 473         "LDR     R0, [R0,#8]\n"
 474         "STR     R1, [R0]\n"
 475         "B       loc_FF861BC0\n"
 476         "loc_FF861C44:\n"
 477         "LDR     R5, =0x24DC\n"
 478         "LDR     R0, [R5,R4,LSL#2]\n"
 479         "BL      sub_FF83A8E4\n"
 480         //"ADR     R2, loc_FF861AD0\n"
 481         "LDR     R2, =0xFF861AD0\n"          // compiler does not like ADR
 482         "MOV     R1, R2\n"
 483         "ORR     R3, R4, #0x200\n"
 484         "MOV     R0, #0x28\n"
 485         "BL      sub_FF83A800\n"
 486         "TST     R0, #1\n"
 487         "CMPNE   R0, #0x15\n"
 488         "STR     R0, [R10,R4,LSL#2]\n"
 489         "BEQ     loc_FF861BC0\n"
 490         "LDR     R1, =0x271\n"
 491         "B       loc_FF861E7C\n"
 492         "loc_FF861C7C:\n"
 493         "LDR     R1, =0xFFB5F7EC\n"
 494         "ADD     R0, R4, R4,LSL#2\n"
 495         "STR     R0, [SP,#0x28]\n"
 496         "ADD     R0, R1, R0,LSL#2\n"
 497         "STR     R0, [SP,#0x24]\n"
 498         "LDR     R0, [R0,#4]\n"
 499         "LDR     R0, [R0]\n"
 500         "MOV     R2, R0,ASR#16\n"
 501         "ADD     R0, SP, #0x18\n"
 502         "ADD     R0, R0, R4,LSL#1\n"
 503         "STR     R0, [SP,#0x20]\n"
 504         "STRH    R2, [R0]\n"
 505         "ADD     R0, SP, #0x14\n"
 506         "ADD     R0, R0, R4,LSL#1\n"
 507         "STR     R0, [SP,#0x1C]\n"
 508         "LDRSH   R3, [R0]\n"
 509         "SUB     R0, R2, R3\n"
 510         "CMP     R0, #0\n"
 511         "BNE     loc_FF861D0C\n"
 512         "LDR     R0, [R8,R4,LSL#2]\n"
 513         "CMP     R0, #0\n"
 514         "BEQ     loc_FF861E34\n"
 515         "LDR     R5, =0x24DC\n"
 516         "LDR     R0, [R5,R4,LSL#2]\n"
 517         "BL      sub_FF83A8E4\n"
 518         //"ADR     R2, sub_FF861ADC\n"       // JogDial.c:824
 519         "LDR     R2, =0xFF861ADC\n"          // compiler does not like ADR
 520         "MOV     R1, R2\n"
 521         "ORR     R3, R4, #0x300\n"
 522         "MOV     R0, #0x1F4\n"
 523         "BL      sub_FF83A800\n"
 524         "TST     R0, #1\n"
 525         "CMPNE   R0, #0x15\n"
 526         "STR     R0, [R5,R4,LSL#2]\n"
 527         "BEQ     loc_FF861E34\n"
 528         "LDR     R1, =0x28E\n"
 529         "B       loc_FF861E2C\n"
 530         "loc_FF861D0C:\n"
 531         "MOV     R1, R0\n"
 532         "RSBLT   R0, R0, #0\n"
 533         "MOVLE   R5, #0\n"
 534         "MOVGT   R5, #1\n"
 535         "CMP     R0, #0xFF\n"
 536         "BLS     loc_FF861D4C\n"
 537         "CMP     R1, #0\n"
 538         "RSBLE   R0, R3, #0xFF\n"
 539         "ADDLE   R0, R0, #0x7F00\n"
 540         "ADDLE   R0, R0, R2\n"
 541         "RSBGT   R0, R2, #0xFF\n"
 542         "ADDGT   R0, R0, #0x7F00\n"
 543         "ADDGT   R0, R0, R3\n"
 544         "ADD     R0, R0, #0x8000\n"
 545         "ADD     R0, R0, #1\n"
 546         "EOR     R5, R5, #1\n"
 547         "loc_FF861D4C:\n"
 548         "STR     R0, [SP,#0x8]\n"
 549         "LDR     R0, [R8,R4,LSL#2]\n"
 550         "CMP     R0, #0\n"
 551         "BEQ     loc_FF861D9C\n"
 552         "LDR     R1, =0xFFB5F7E4\n"
 553         "ADD     R1, R1, R4,LSL#3\n"
 554         "LDR     R1, [R1,R5,LSL#2]\n"
 555         "CMP     R1, R0\n"
 556         "BEQ     loc_FF861DB8\n"
 557         "ADD     R11, R4, R4,LSL#1\n"
 558         "ADD     R6, R9, R11,LSL#2\n"
 559         "LDRB    R0, [R6,#9]\n"
 560         "CMP     R0, #1\n"
 561         "LDREQ   R0, [R6,#4]\n"
 562         "BLEQ    sub_FF89583C\n"
 563         "LDRB    R0, [R6,#8]\n"
 564         "CMP     R0, #1\n"
 565         "BNE     loc_FF861DB8\n"
 566         "LDR     R0, [R9,R11,LSL#2]\n"
 567         "B       loc_FF861DB4\n"
 568         "loc_FF861D9C:\n"
 569         "ADD     R0, R4, R4,LSL#1\n"
 570         "ADD     R1, R9, R0,LSL#2\n"
 571         "LDRB    R1, [R1,#8]\n"
 572         "CMP     R1, #1\n"
 573         "BNE     loc_FF861DB8\n"
 574         "LDR     R0, [R9,R0,LSL#2]\n"
 575         "loc_FF861DB4:\n"
 576         "BL      sub_FF89583C\n"
 577         "loc_FF861DB8:\n"
 578         "LDR     R0, =0xFFB5F7E4\n"
 579         "LDR     R1, [SP,#0x8]\n"
 580         "ADD     R6, R0, R4,LSL#3\n"
 581         "LDR     R0, [R6,R5,LSL#2]\n"
 582         "BL      sub_FF89576C\n"
 583         "LDR     R0, [R6,R5,LSL#2]\n"
 584         "STR     R0, [R8,R4,LSL#2]\n"
 585         "LDR     R0, [SP,#0x20]\n"
 586         "LDR     R1, [SP,#0x1C]\n"
 587         "LDRH    R0, [R0]\n"
 588         "STRH    R0, [R1]\n"
 589         "ADD     R0, R4, R4,LSL#1\n"
 590         "ADD     R0, R9, R0,LSL#2\n"
 591         "LDRB    R0, [R0,#9]\n"
 592         "CMP     R0, #1\n"
 593         "BNE     loc_FF861E34\n"
 594         "LDR     R5, =0x24DC\n"
 595         "LDR     R0, [R5,R4,LSL#2]\n"
 596         "BL      sub_FF83A8E4\n"
 597         //"ADR     R2, sub_FF861ADC\n"       // LOCATION: JogDial.c:824
 598         "LDR     R2, =0xFF861ADC\n"          // compiler does not like ADR
 599         "MOV     R1, R2\n"
 600         "ORR     R3, R4, #0x300\n"
 601         "MOV     R0, #0x1F4\n"
 602         "BL      sub_FF83A800\n"
 603         "TST     R0, #1\n"
 604         "CMPNE   R0, #0x15\n"
 605         "STR     R0, [R5,R4,LSL#2]\n"
 606         "BEQ     loc_FF861E34\n"
 607         "MOV     R1, #0x2E8\n"
 608         "loc_FF861E2C:\n"
 609         //"ADR     R0, =0xFF861E8C\n"        // "JogDial.c"
 610         "LDR     R0, =0xFF861E8C\n"          // compiler does not like ADR
 611         "BL      sub_FF81EB14\n"             // DebugAssert()
 612         "loc_FF861E34:\n"
 613         "ADD     R0, R4, R4,LSL#1\n"
 614         "ADD     R0, R9, R0,LSL#2\n"
 615         "LDRB    R0, [R0,#0xA]\n"
 616         "CMP     R0, #1\n"
 617         "BNE     loc_FF861EBC\n"
 618         "LDR     R0, =0x24CC\n"
 619         "LDR     R0, [R0,#0xC]\n"
 620         "CMP     R0, #0\n"
 621         "BEQ     loc_FF861EBC\n"
 622         //"ADR     R2, loc_FF861AD0\n"
 623         "LDR     R2, =0xFF861AD0\n"          // compiler does not like ADR
 624         "MOV     R1, R2\n"
 625         "ORR     R3, R4, #0x400\n"
 626         "BL      sub_FF83A800\n"
 627         "TST     R0, #1\n"
 628         "CMPNE   R0, #0x15\n"
 629         "STR     R0, [R10,R4,LSL#2]\n"
 630         "BEQ     loc_FF861BC0\n"
 631         "LDR     R1, =0x2F3\n"
 632         "loc_FF861E7C:\n"
 633         //"ADR     R0, =0xFF861E8C\n"        // "JogDial.c"
 634         "LDR     R0, =0xFF861E8C\n"          // compiler does not like ADR
 635         "BL      sub_FF81EB14\n"             // DebugAssert()
 636         "B       loc_FF861BC0\n"
 637 
 638         "loc_FF861EBC:\n"
 639         "LDR     R1, =0xFFB5F7EC\n"
 640         "LDR     R0, [SP,#0x28]\n"
 641         "LDR     R0, [R1,R0,LSL#2]\n"
 642         "STR     R7, [R0]\n"
 643         "LDR     R0, [SP,#0x24]\n"
 644         "MOV     R1, #1\n"
 645         "B       loc_FF861C38\n"
 646         "loc_FF861ED8:\n"
 647         "LDR     R0, [R8,R4,LSL#2]\n"
 648         "CMP     R0, #0\n"
 649         "MOVEQ   R1, #0x300\n"
 650         //"ADREQ   R0, =0xFF861E8C\n"        // "JogDial.c"
 651         "LDREQ   R0, =0xFF861E8C\n"          // compiler does not like ADREQ
 652         "BLEQ    sub_FF81EB14\n"             // DebugAssert()
 653         "ADD     R0, R4, R4,LSL#1\n"
 654         "ADD     R0, R9, R0,LSL#2\n"
 655         "LDR     R0, [R0,#4]\n"
 656         "BL      sub_FF89583C\n"
 657         "STR     R7, [R8,R4,LSL#2]\n"
 658         "B       loc_FF861BC0\n"
 659     );
 660 }
 661 
 662 void __attribute__((naked,noinline)) sub_FF88FF58_my() {    //#fs
 663     asm volatile (
 664         "STMFD   SP!, {R4,LR}\n"
 665         "MOV     R0, #3\n"
 666 
 667         //"BL      sub_FF871A04\n"           // LOCATION: Mounter.c:0
 668         "BL      sub_FF871A04_my\n"          // +
 669 
 670         "B       sub_FF88FF64\n"             // Continue in firmware
 671     );
 672 };    //#fe
 673 
 674 void __attribute__((naked,noinline)) sub_FF871A04_my() {    //#fs
 675     asm volatile (
 676         "STMFD   SP!, {R4-R8,LR}\n"
 677         "MOV     R8, R0\n"
 678         "BL      sub_FF871984\n"             // LOCATION: Mounter.c:0
 679         "LDR     R1, =0x384C8\n"
 680         "MOV     R6, R0\n"
 681         "ADD     R4, R1, R0,LSL#7\n"
 682         "LDR     R0, [R4,#0x6C]\n"
 683         "CMP     R0, #4\n"
 684         "LDREQ   R1, =0x83F\n"
 685         "LDREQ   R0, =0xFF8714C4\n"          // "Mounter.c"
 686         "BLEQ    sub_FF81EB14\n"             // DebugAssert()
 687         "MOV     R1, R8\n"
 688         "MOV     R0, R6\n"
 689         "BL      sub_FF87123C\n"             // LOCATION: Mounter.c:0
 690         "LDR     R0, [R4,#0x38]\n"
 691         "BL      sub_FF8720A4\n"
 692         "CMP     R0, #0\n"
 693         "STREQ   R0, [R4,#0x6C]\n"
 694         "MOV     R0, R6\n"
 695         "BL      sub_FF8712CC\n"
 696         "MOV     R0, R6\n"
 697         //"BL      sub_FF87162C\n"
 698         "BL      sub_FF87162C_my\n"          // +
 699 
 700         "B       sub_FF871A5C\n"             // Continue in firmware
 701     );
 702 };    //#fe
 703 
 704 void __attribute__((naked,noinline)) sub_FF87162C_my() {    //#fs
 705     asm volatile (
 706         "STMFD   SP!, {R4-R6,LR}\n"
 707         "MOV     R5, R0\n"
 708         "LDR     R0, =0x384C8\n"
 709         "ADD     R4, R0, R5,LSL#7\n"
 710         "LDR     R0, [R4,#0x6C]\n"
 711         "TST     R0, #2\n"
 712         "MOVNE   R0, #1\n"
 713         "LDMNEFD SP!, {R4-R6,PC}\n"
 714         "LDR     R0, [R4,#0x38]\n"
 715         "MOV     R1, R5\n"
 716 
 717         //"BL      sub_FF87134C\n"           // LOCATION: Mounter.c:0
 718         "BL      sub_FF87134C_my\n"          // +
 719 
 720         "B       sub_FF871658\n"             // Continue in firmware
 721     );
 722 };    //#fe
 723 
 724 void __attribute__((naked,noinline)) sub_FF87134C_my() {    //#fs
 725     asm volatile (
 726         "STMFD   SP!, {R4-R10,LR}\n"
 727         "MOV     R9, R0\n"
 728         "LDR     R0, =0x384C8\n"
 729         "MOV     R8, #0\n"
 730         "ADD     R5, R0, R1,LSL#7\n"
 731         "LDR     R0, [R5,#0x3C]\n"
 732         "MOV     R7, #0\n"
 733         "CMP     R0, #7\n"
 734         "MOV     R6, #0\n"
 735         "ADDLS   PC, PC, R0,LSL#2\n"
 736         "B       loc_FF8714A4\n"// jumptable FF871370 entries 1-4,6,7
 737         "B       loc_FF8713B0\n"
 738         "B       loc_FF871398\n"
 739         "B       loc_FF871398\n"
 740         "B       loc_FF871398\n"
 741         "B       loc_FF871398\n"
 742         "B       loc_FF87149C\n"
 743         "B       loc_FF871398\n"
 744         "B       loc_FF871398\n"
 745     "loc_FF871398:\n"
 746         "MOV     R2, #0\n"
 747         "MOV     R1, #0x200\n"
 748         "MOV     R0, #2\n"
 749         "BL      sub_FF889FD0\n"             // ExMem.AllocUncacheable()
 750         "MOVS    R4, R0\n"
 751         "BNE     loc_FF8713B8\n"
 752     "loc_FF8713B0:\n"                        // jumptable FF871370 entry 0
 753         "MOV     R0, #0\n"
 754         "LDMFD   SP!, {R4-R10,PC}\n"
 755     "loc_FF8713B8:\n"
 756         "LDR     R12, [R5,#0x50]\n"
 757         "MOV     R3, R4\n"
 758         "MOV     R2, #1\n"
 759         "MOV     R1, #0\n"
 760         "MOV     R0, R9\n"
 761         "BLX     R12\n"
 762         "CMP     R0, #1\n"
 763         "BNE     loc_FF8713E4\n"
 764         "MOV     R0, #2\n"
 765         "BL      sub_FF88A11C\n"             // ExMemMan.c:0
 766         "B       loc_FF8713B0\n"
 767     "loc_FF8713E4:\n"
 768         "LDR     R1, [R5,#0x64]\n"
 769         "MOV     R0, R9\n"
 770         "BLX     R1\n"
 771 
 772         "MOV   R1, R4\n"                     // pointer to MBR in R1
 773         "BL    mbr_read_dryos\n"             // total sectors count in R0 before and after call
 774         // Start of DataGhost's FAT32 autodetection code
 775         // Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
 776         // According to the code below, we can use R1, R2, R3 and R12.
 777         // LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
 778         // that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
 779         "MOV     R12, R4\n"                    // Copy the MBR start address so we have something to work with
 780         "MOV     LR, R4\n"                     // Save old offset for MBR signature
 781         "MOV     R1, #1\n"                     // Note the current partition number
 782         "B       dg_sd_fat32_enter\n"          // We actually need to check the first partition as well, no increments yet!
 783     "dg_sd_fat32:\n"
 784         "CMP     R1, #4\n"                     // Did we already see the 4th partition?
 785         "BEQ     dg_sd_fat32_end\n"            // Yes, break. We didn't find anything, so don't change anything.
 786         "ADD     R12, R12, #0x10\n"            // Second partition
 787         "ADD     R1, R1, #1\n"                 // Second partition for the loop
 788     "dg_sd_fat32_enter:\n"
 789         "LDRB    R2, [R12, #0x1BE]\n"          // Partition status
 790         "LDRB    R3, [R12, #0x1C2]\n"          // Partition type (FAT32 = 0xB)
 791         "CMP     R3, #0xB\n"                   // Is this a FAT32 partition?
 792         "CMPNE   R3, #0xC\n"                   // Not 0xB, is it 0xC (FAT32 LBA) then?
 793         "CMPNE   R3, #0x7\n"                   // exFat?
 794         "BNE     dg_sd_fat32\n"                // No, it isn't. Loop again.
 795         "CMP     R2, #0x00\n"                  // It is, check the validity of the partition type
 796         "CMPNE   R2, #0x80\n"
 797         "BNE     dg_sd_fat32\n"                // Invalid, go to next partition
 798         // This partition is valid, it's the first one, bingo!
 799         "MOV     R4, R12\n"                    // Move the new MBR offset for the partition detection.
 800     "dg_sd_fat32_end:\n"
 801         // End of DataGhost's FAT32 autodetection code
 802 
 803         "LDRB    R1, [R4,#0x1C9]\n"
 804         "LDRB    R3, [R4,#0x1C8]\n"
 805         "LDRB    R12, [R4,#0x1CC]\n"
 806         "MOV     R1, R1,LSL#24\n"
 807         "ORR     R1, R1, R3,LSL#16\n"
 808         "LDRB    R3, [R4,#0x1C7]\n"
 809         "LDRB    R2, [R4,#0x1BE]\n"
 810 
 811         //"LDRB    LR, [R4,#0x1FF]\n"          // original
 812 
 813         "ORR     R1, R1, R3,LSL#8\n"
 814         "LDRB    R3, [R4,#0x1C6]\n"
 815         "CMP     R2, #0\n"
 816         "CMPNE   R2, #0x80\n"
 817         "ORR     R1, R1, R3\n"
 818         "LDRB    R3, [R4,#0x1CD]\n"
 819         "MOV     R3, R3,LSL#24\n"
 820         "ORR     R3, R3, R12,LSL#16\n"
 821         "LDRB    R12, [R4,#0x1CB]\n"
 822         "ORR     R3, R3, R12,LSL#8\n"
 823         "LDRB    R12, [R4,#0x1CA]\n"
 824         "ORR     R3, R3, R12\n"
 825         //"LDRB    R12, [R4,#0x1FE]\n"       // original
 826 
 827         "LDRB    R12, [LR,#0x1FE]\n"         // + First MBR signature byte (0x55), LR is original offset.
 828         "LDRB    LR, [LR,#0x1FF]\n"          // + Last MBR signature byte (0xAA), LR is original offset.
 829 
 830         "BNE     loc_FF871470\n"
 831         "CMP     R0, R1\n"
 832         "BCC     loc_FF871470\n"
 833         "ADD     R2, R1, R3\n"
 834         "CMP     R2, R0\n"
 835         "CMPLS   R12, #0x55\n"
 836         "CMPEQ   LR, #0xAA\n"
 837         "MOVEQ   R7, R1\n"
 838         "MOVEQ   R6, R3\n"
 839         "MOVEQ   R4, #1\n"
 840         "BEQ     loc_FF871474\n"
 841     "loc_FF871470:\n"
 842         "MOV     R4, R8\n"
 843     "loc_FF871474:\n"
 844         "MOV     R0, #2\n"
 845         "BL      sub_FF88A11C\n"             // ExMemMan.c:0
 846         "CMP     R4, #0\n"
 847         "BNE     loc_FF8714B0\n"
 848         "LDR     R1, [R5,#0x64]\n"
 849         "MOV     R7, #0\n"
 850         "MOV     R0, R9\n"
 851         "BLX     R1\n"
 852         "MOV     R6, R0\n"
 853         "B       loc_FF8714B0\n"
 854     "loc_FF87149C:\n"                        // jumptable FF871370 entry 5
 855         "MOV     R6, #0x40\n"
 856         "B       loc_FF8714B0\n"
 857     "loc_FF8714A4:\n"                        // jumptable FF871370 default entry
 858         "LDR     R1, =0x597\n"
 859         //"ADR     R0, aMounter_c\n"         // "Mounter.c"
 860         "LDR     R0, =0xFF8714C4\n"          // Compilter does not like ADR
 861         "BL      sub_FF81EB14\n"             // DebugAssert()
 862     "loc_FF8714B0:\n"
 863         "STR     R7, [R5,#0x44]!\n"
 864         "STMIB   R5, {R6,R8}\n"
 865         "MOV     R0, #1\n"
 866         "LDMFD   SP!, {R4-R10,PC}\n"
 867     );
 868 };    //#fe

/* [<][>][^][v][top][bottom][index][help] */