This source file includes following definitions.
- CreateTask_spytask
- boot
- CreateTask_low_my
- sub_FF0203C4_my
- sub_FF022A0C_my
- sub_FF024834_my
- sub_FF027F38_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
- kbd_p1_f_cont_my
- sub_FF02C960_my
- init_required_fw_features
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7 #include "dryos31.h"
8
9 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
10
11 const char * const new_sa = &_end;
12
13
14
15
16 void CreateTask_spytask()
17 {
18 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
19 }
20
21
22
23
24
25
26
27
28
29
30
31 void __attribute__((naked,noinline)) boot() {
32 asm volatile (
33 " LDR R1, =0xC0410000 \n"
34 " MOV R0, #0 \n"
35 " STR R0, [R1] \n"
36 " MOV R1, #0x78 \n"
37 " MCR p15, 0, R1, c1, c0 \n"
38 " MOV R1, #0 \n"
39 " MCR p15, 0, R1, c7, c10, 4 \n"
40 " MCR p15, 0, R1, c7, c5 \n"
41 " MCR p15, 0, R1, c7, c6 \n"
42 " MOV R0, #0x3D \n"
43 " MCR p15, 0, R0, c6, c0 \n"
44 " MOV R0, #0xC000002F \n"
45 " MCR p15, 0, R0, c6, c1 \n"
46 " MOV R0, #0x37 \n"
47 " MCR p15, 0, R0, c6, c2 \n"
48 " MOV R0, #0x40000037 \n"
49 " MCR p15, 0, R0, c6, c3 \n"
50 " MOV R0, #0x80000017 \n"
51 " MCR p15, 0, R0, c6, c4 \n"
52 " LDR R0, =0xFF00002F \n"
53 " MCR p15, 0, R0, c6, c5 \n"
54 " MOV R0, #0x34 \n"
55 " MCR p15, 0, R0, c2, c0 \n"
56 " MOV R0, #0x34 \n"
57 " MCR p15, 0, R0, c2, c0, 1 \n"
58 " MOV R0, #0x34 \n"
59 " MCR p15, 0, R0, c3, c0 \n"
60 " LDR R0, =0x3333330 \n"
61 " MCR p15, 0, R0, c5, c0, 2 \n"
62 " LDR R0, =0x3333330 \n"
63 " MCR p15, 0, R0, c5, c0, 3 \n"
64 " MRC p15, 0, R0, c1, c0 \n"
65 " ORR R0, R0, #0x1000 \n"
66 " ORR R0, R0, #4 \n"
67 " ORR R0, R0, #1 \n"
68 " MCR p15, 0, R0, c1, c0 \n"
69 " MOV R1, #0x80000006 \n"
70 " MCR p15, 0, R1, c9, c1 \n"
71 " MOV R1, #6 \n"
72 " MCR p15, 0, R1, c9, c1, 1 \n"
73 " MRC p15, 0, R1, c1, c0 \n"
74 " ORR R1, R1, #0x50000 \n"
75 " MCR p15, 0, R1, c1, c0 \n"
76 " LDR R2, =0xC0200000 \n"
77 " MOV R1, #1 \n"
78 " STR R1, [R2, #0x10C] \n"
79 " MVN R1, #0 \n"
80 " STR R1, [R2, #0xC] \n"
81 " STR R1, [R2, #0x1C] \n"
82 " STR R1, [R2, #0x2C] \n"
83 " STR R1, [R2, #0x3C] \n"
84 " STR R1, [R2, #0x4C] \n"
85 " STR R1, [R2, #0x5C] \n"
86 " STR R1, [R2, #0x6C] \n"
87 " STR R1, [R2, #0x7C] \n"
88 " STR R1, [R2, #0x8C] \n"
89 " STR R1, [R2, #0x9C] \n"
90 " STR R1, [R2, #0xAC] \n"
91 " STR R1, [R2, #0xBC] \n"
92 " STR R1, [R2, #0xCC] \n"
93 " STR R1, [R2, #0xDC] \n"
94 " STR R1, [R2, #0xEC] \n"
95 " STR R1, [R2, #0xFC] \n"
96 " LDR R1, =0xC0400008 \n"
97 " LDR R2, =0x430005 \n"
98 " STR R2, [R1] \n"
99 " MOV R1, #1 \n"
100 " LDR R2, =0xC0243100 \n"
101 " STR R2, [R1] \n"
102 " LDR R2, =0xC0242010 \n"
103 " LDR R1, [R2] \n"
104 " ORR R1, R1, #1 \n"
105 " STR R1, [R2] \n"
106 " LDR R0, =0xFF7CF0A8 \n"
107 " LDR R1, =0x6B1000 \n"
108 " LDR R3, =0x6E01C6 \n"
109
110 "loc_FF02013C:\n"
111 " CMP R1, R3 \n"
112 " LDRCC R2, [R0], #4 \n"
113 " STRCC R2, [R1], #4 \n"
114 " BCC loc_FF02013C \n"
115 " LDR R0, =0xFF7BBA78 \n"
116 " LDR R1, =0x1900 \n"
117 " LDR R3, =0x14F30 \n"
118
119 "loc_FF020158:\n"
120 " CMP R1, R3 \n"
121 " LDRCC R2, [R0], #4 \n"
122 " STRCC R2, [R1], #4 \n"
123 " BCC loc_FF020158 \n"
124 " LDR R1, =0x2B9464 \n"
125 " MOV R2, #0 \n"
126
127 "loc_FF020170:\n"
128 " CMP R3, R1 \n"
129 " STRCC R2, [R3], #4 \n"
130 " BCC loc_FF020170 \n"
131
132
133
134
135 " LDR R0, =patch_CreateTask_low\n"
136 " LDM R0, {R1,R2}\n"
137 " LDR R0, =hook_CreateTask_low\n"
138 " STM R0, {R1,R2}\n"
139
140 " B sub_FF0203C4_my \n"
141
142 "patch_CreateTask_low:\n"
143 " LDR PC, [PC,#-0x4]\n"
144 " .long CreateTask_low_my\n"
145 );
146 }
147
148
149
150 void __attribute__((naked,noinline)) CreateTask_low_my() {
151 asm volatile (
152 " STMFD SP!, {R1}\n"
153
154
155
156 " LDR R1, =task_CaptSeq\n"
157 " CMP R1, R0\n"
158 " LDREQ R0, =capt_seq_task\n"
159 " BEQ exitHook\n"
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186 " LDR R1, =task_InitFileModules\n"
187 " CMP R1, R0\n"
188 " LDREQ R0, =init_file_modules_task\n"
189
190 "exitHook:\n"
191
192 " LDMFD SP!, {R1}\n"
193
194 " STMFD SP!, {R4-R8,LR} \n"
195 " CMP R3, #0 \n"
196 " LDR PC, =0x006B15A8 \n"
197 );
198 }
199
200
201
202 void __attribute__((naked,noinline)) sub_FF0203C4_my() {
203
204
205
206
207 *(int*)(0x2D70+0x4) = (*(int*)0xC022F48C)&0x20000 ? 0x400000 : 0x200000;
208
209 asm volatile (
210 " LDR R0, =0xFF02043C \n"
211 " MOV R1, #0 \n"
212 " LDR R3, =0xFF020474 \n"
213
214 "loc_FF0203D0:\n"
215 " CMP R0, R3 \n"
216 " LDRCC R2, [R0], #4 \n"
217 " STRCC R2, [R1], #4 \n"
218 " BCC loc_FF0203D0 \n"
219 " LDR R0, =0xFF020474 \n"
220 " MOV R1, #0x1E0 \n"
221 " LDR R3, =0xFF02064C \n"
222
223 "loc_FF0203EC:\n"
224 " CMP R0, R3 \n"
225 " LDRCC R2, [R0], #4 \n"
226 " STRCC R2, [R1], #4 \n"
227 " BCC loc_FF0203EC \n"
228 " MOV R0, #0xD2 \n"
229 " MSR CPSR_cxsf, R0 \n"
230 " MOV SP, #0x1000 \n"
231 " MOV R0, #0xD3 \n"
232 " MSR CPSR_cxsf, R0 \n"
233 " MOV SP, #0x1000 \n"
234 " LDR R0, =0x3B8 \n"
235 " LDR R2, =0xEEEEEEEE \n"
236 " MOV R3, #0x1000 \n"
237
238 "loc_FF020420:\n"
239 " CMP R0, R3 \n"
240 " STRCC R2, [R0], #4 \n"
241 " BCC loc_FF020420 \n"
242 " B sub_FF022A0C_my \n"
243 );
244 }
245
246
247
248 void __attribute__((naked,noinline)) sub_FF022A0C_my() {
249 asm volatile (
250 " LDR R1, =0x1A64 \n"
251 " STR LR, [SP, #-4]! \n"
252 " SUB SP, SP, #0x7C \n"
253 " MOV R0, #0x80000 \n"
254 " STR R0, [R1] \n"
255 " LDR R0, =0x40BEE980 \n"
256 " LDR R1, =0x1A68 \n"
257 " STR R0, [R1] \n"
258 " LDR R1, =0x1A6C \n"
259 " ADD R0, R0, #0x2000 \n"
260 " STR R0, [R1] \n"
261 " MOV R1, #0x78 \n"
262 " ADD R0, SP, #4 \n"
263 " BL sub_006D9B7C /*_bzero*/ \n"
264 " LDR R0, =0x9E100 \n"
265 " LDR R2, =0x564A3C \n"
266 " STR R0, [SP, #8] \n"
267
268 #if defined(CHDK_NOT_IN_CANON_HEAP)
269 " LDR R0, =0x2B9464 \n"
270 #else
271 " LDR R0, =new_sa\n"
272 " LDR R0, [R0]\n"
273 #endif
274
275 " STR R2, [SP, #0x14] \n"
276 " STR R0, [SP, #0xC] \n"
277 " SUB R0, R2, R0 \n"
278 " STR R0, [SP, #0x10] \n"
279 " MOV R0, #0x22 \n"
280 " STR R0, [SP, #0x1C] \n"
281 " MOV R0, #0x96 \n"
282 " STR R0, [SP, #0x20] \n"
283 " ADD R0, R0, #0x184 \n"
284 " STR R0, [SP, #0x24] \n"
285 " LDR R1, =0x56FF00 \n"
286 " MOV R0, #0xFA \n"
287 " STR R0, [SP, #0x28] \n"
288 " MOV R0, #0xD4 \n"
289 " STR R1, [SP, #4] \n"
290 " STR R0, [SP, #0x2C] \n"
291 " MOV R0, #0x85 \n"
292 " STR R0, [SP, #0x30] \n"
293 " MOV R0, #0x40 \n"
294 " STR R0, [SP, #0x34] \n"
295 " MOV R0, #4 \n"
296 " STR R0, [SP, #0x38] \n"
297 " MOV R0, #0 \n"
298 " STR R0, [SP, #0x3C] \n"
299 " MOV R0, #0x10 \n"
300 " STR R0, [SP, #0x60] \n"
301 " MOV R0, #0x1000 \n"
302 " STR R0, [SP, #0x64] \n"
303 " MOV R0, #0x100 \n"
304 " STR R0, [SP, #0x68] \n"
305 " MOV R0, #0x2000 \n"
306 " STR R1, [SP, #0x18] \n"
307 " STR R0, [SP, #0x6C] \n"
308 " LDR R1, =sub_FF024834_my \n"
309 " MOV R2, #0 \n"
310 " ADD R0, SP, #4 \n"
311 " BL sub_006B1BC4 \n"
312 " ADD SP, SP, #0x7C \n"
313 " LDR PC, [SP], #4 \n"
314 );
315 }
316
317
318
319 void __attribute__((naked,noinline)) sub_FF024834_my() {
320 asm volatile (
321 " STMFD SP!, {R4,LR} \n"
322 " LDR R4, =0xFF0248F0 /*'/_term'*/ \n"
323 " BL sub_FF020848 \n"
324 " LDR R1, =0x1A64 \n"
325 " LDR R0, =0x19F8 \n"
326 " LDR R1, [R1] \n"
327 " LDR R0, [R0] \n"
328 " ADD R1, R1, #8 \n"
329 " CMP R0, R1 \n"
330 " LDRCC R0, =0xFF024900 /*'USER_MEM size checking'*/ \n"
331 " BLCC _err_init_task \n"
332 " BL sub_FF023620 \n"
333 " CMP R0, #0 \n"
334 " LDRLT R0, =0xFF024918 /*'dmSetup'*/ \n"
335 " BLLT _err_init_task \n"
336 " BL sub_FF02263C \n"
337 " CMP R0, #0 \n"
338 " LDRLT R0, =0xFF024920 /*'termDriverInit'*/ \n"
339 " BLLT _err_init_task \n"
340 " MOV R0, R4 \n"
341 " BL sub_FF02271C \n"
342 " CMP R0, #0 \n"
343 " LDRLT R0, =0xFF024930 /*'termDeviceCreate'*/ \n"
344 " BLLT _err_init_task \n"
345 " MOV R0, R4 \n"
346 " BL sub_FF022254 \n"
347 " CMP R0, #0 \n"
348 " LDRLT R0, =0xFF024944 /*'stdioSetup'*/ \n"
349 " BLLT _err_init_task \n"
350 " BL sub_FF025564 \n"
351 " CMP R0, #0 \n"
352 " LDRLT R0, =0xFF024950 /*'stdlibSetup'*/ \n"
353 " BLLT _err_init_task \n"
354 " BL sub_FF021060 \n"
355 " CMP R0, #0 \n"
356 " LDRLT R0, =0xFF02495C /*'extlib_setup'*/ \n"
357 " BLLT _err_init_task \n"
358 " LDMFD SP!, {R4,LR} \n"
359 " B sub_FF027F38_my \n"
360 );
361 }
362
363
364
365 void __attribute__((naked,noinline)) sub_FF027F38_my() {
366 asm volatile (
367 " STMFD SP!, {R3-R5,LR} \n"
368 " BL sub_FF034ABC \n"
369 " BL sub_FF021330 \n"
370 " BL sub_FF038D70 \n"
371 " LDR R4, =0x60E000 \n"
372 " CMP R0, #0 \n"
373 " BEQ loc_FF027F6C \n"
374 " BL sub_FF039B9C \n"
375 " MOV R1, R4 \n"
376 " MOV R0, #0 \n"
377 " BL sub_FF038C9C \n"
378 " BL sub_FF02C480 \n"
379 " BL sub_FF038DF8 \n"
380
381 "loc_FF027F6C:\n"
382 " BL sub_FF02E35C /*_IsNormalCameraMode_FW*/ \n"
383
384
385
386
387
388 "loc_FF027F80:\n"
389
390
391 "loc_FF027F84:\n"
392 " BL sub_FF039B9C \n"
393 " MOV R1, R4 \n"
394 " MOV R0, #0 \n"
395 " BL sub_FF038C9C \n"
396 " MOV R3, #0 \n"
397 " STR R3, [SP] \n"
398 " LDR R3, =task_Startup_my \n"
399 " MOV R2, #0 \n"
400 " MOV R1, #0x19 \n"
401 " LDR R0, =0xFF027FC0 /*'Startup'*/ \n"
402 " BL _CreateTask \n"
403 " MOV R0, #0 \n"
404 " LDMFD SP!, {R3-R5,PC} \n"
405 );
406 }
407
408
409
410 void __attribute__((naked,noinline)) task_Startup_my() {
411 asm volatile (
412 " STMFD SP!, {R4,LR} \n"
413 " BL sub_FF022DC4 \n"
414 " BL sub_FF02D238 \n"
415 " BL sub_FF02C480 \n"
416
417 " BL sub_FF038A58 \n"
418
419 " BL sub_FF038BAC \n"
420 " BL sub_FF038EDC \n"
421
422 " BL sub_FF038A8C \n"
423 " BL sub_FF0349F0 \n"
424 " BL sub_FF038EE4 \n"
425 " BL CreateTask_spytask\n"
426 " BL taskcreatePhySw_my \n"
427 " BL init_required_fw_features\n"
428 " BL sub_FF032710 \n"
429 " BL sub_FF0C51B0 \n"
430 " BL sub_FF029E5C \n"
431 " BL sub_FF02C004 \n"
432 " BL sub_FF038648 \n"
433 " BL sub_FF02C434 \n"
434 " BL sub_FF02BF98 \n"
435
436 " BL sub_FF02ACA4 \n"
437 " BL sub_FF02BF54 \n"
438 " LDMFD SP!, {R4,LR} \n"
439 " B sub_FF022F14 \n"
440 );
441 }
442
443
444
445 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
446 asm volatile (
447 " STMFD SP!, {R2-R4,LR} \n"
448 " BL sub_FF0378B4 \n"
449 " BL sub_FF02E294 /*_IsFactoryMode_FW*/ \n"
450 " CMP R0, #0 \n"
451 " BLEQ sub_FF03781C /*_OpLog.Start_FW*/ \n"
452 " LDR R4, =0x1BE4 \n"
453 " LDR R0, [R4, #4] \n"
454 " CMP R0, #0 \n"
455 " BNE loc_FF02CC4C \n"
456 " MOV R3, #1 \n"
457 " MOV R2, #0 \n"
458 " STRD R2, [SP] \n"
459 " LDR R3, =mykbd_task \n"
460 " MOV R2, #0x2000 \n"
461 " MOV R1, #0x13 \n"
462 " LDR R0, =0xFF02CEFC /*'PhySw'*/ \n"
463 " BL sub_FF028444 /*_CreateTaskStrictly*/ \n"
464 " STR R0, [R4, #4] \n"
465
466 "loc_FF02CC4C:\n"
467 " LDMFD SP!, {R2-R4,PC} \n"
468 );
469 }
470
471
472
473 void __attribute__((naked,noinline)) init_file_modules_task() {
474 asm volatile (
475 " STMFD SP!, {R4-R6,LR} \n"
476 " MOV R0, #6 \n"
477
478 " BL sub_FF0AEF30 \n"
479 " LDR R5, =0x5006 \n"
480 " MOVS R4, R0 \n"
481 " MOVNE R1, #0 \n"
482 " MOVNE R0, R5 \n"
483 " BLNE _PostLogicalEventToUI \n"
484 " BL sub_FF0AEF60 \n"
485 " BL core_spytask_can_start\n"
486 " CMP R4, #0 \n"
487 " LDMNEFD SP!, {R4-R6,PC} \n"
488 " MOV R0, R5 \n"
489 " LDMFD SP!, {R4-R6,LR} \n"
490 " MOV R1, #1 \n"
491 " B _PostLogicalEventToUI \n"
492 );
493 }
494
495
496
497 void __attribute__((naked,noinline)) kbd_p1_f_cont_my() {
498 asm volatile (
499 " LDR R2, =0x15CBC \n"
500 " MOV R0, #2 \n"
501 " ADD R3, R2, #0x24 \n"
502 " MOV R4, SP \n"
503
504 "loc_FF02D170:\n"
505 " ADD R1, R3, R0, LSL#2 \n"
506 " LDR R12, [R2, R0, LSL#2] \n"
507 " LDR R6, [R1, #0xC] \n"
508 " LDR R1, [R1, #0x18] \n"
509 " AND R12, R12, R6 \n"
510 " EOR R1, R1, R12 \n"
511 " STR R1, [R4, R0, LSL#2] \n"
512 " SUBS R0, R0, #1 \n"
513 " BPL loc_FF02D170 \n"
514 " bl xtra_kbd_cb \n"
515 " mov r3, r0 \n"
516 " LDR R2, =0x15CD4 \n"
517 " MOV R0, SP \n"
518 " SUB R1, R2, #0xC \n"
519 " BL sub_FF02C960_my \n"
520 " LDR PC, =0xFF02D1A4 \n"
521 );
522 }
523
524
525
526 void __attribute__((naked,noinline)) sub_FF02C960_my() {
527 asm volatile (
528 " STMFD SP!, {R0-R12,LR} \n"
529 " MOV R5, R0 \n"
530
531 " mov r0, r3 \n"
532 " LDR PC, =0xFF02C96C \n"
533 );
534 }
535
536
537
538
539
540 void init_required_fw_features(void) {
541 extern void _init_focus_eventflag();
542
543
544
545
546 _init_focus_eventflag();
547
548
549
550
551 extern int av_override_semaphore;
552 extern int _CreateBinarySemaphoreStrictly(int x, int y);
553 av_override_semaphore = _CreateBinarySemaphoreStrictly(0,0);
554 }
555