1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4 #include "dryos31.h"
5
6 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
7
8 #define DP (void*)0xC02200C4 // direct-print (blue)
9 #define LED_PR 0xc02200C4
10 #define LED_RED 0xc02200C8
11 #define LED_GRN 0xc02200CC
12 #define LED_PWR 0xc02200D0
13
14 const char * const new_sa = &_end;
15
16 void CreateTask_blinker();
17 void __attribute__((naked,noinline)) task_blinker();
18
19 extern void task_CaptSeq();
20 extern void task_InitFileModules();
21 extern void task_MovieRecord();
22 extern void task_ExpDrv();
23 extern void task_PhySw();
24 extern void task_FileWrite();
25
26 void taskHook(context_t **context) {
27 task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
28
29 // Replace firmware task addresses with ours
30 if(tcb->entry == (void*)task_PhySw) tcb->entry = (void*)mykbd_task;
31 if(tcb->entry == (void*)task_CaptSeq) tcb->entry = (void*)capt_seq_task;
32 if(tcb->entry == (void*)task_InitFileModules) tcb->entry = (void*)init_file_modules_task;
33 if(tcb->entry == (void*)task_MovieRecord) tcb->entry = (void*)movie_record_task;
34 if(tcb->entry == (void*)task_ExpDrv) tcb->entry = (void*)exp_drv_task;
35 if(tcb->entry == (void*)task_FileWrite) tcb->entry = (void*)filewritetask;
36 }
37
38 void CreateTask_spytask() {
39 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
40 };
41
42
43 void boot() {
44
45 long *canon_data_src = (void*)0xFFEDAC70; // value taken at ROM:FFC00188
46 long *canon_data_dst = (void*)0x1900;
47 long canon_data_len = 0xDF84 - 0x1900; // data_end - data_start 0xDF7C taken at ROM:FFC00138
48 long *canon_bss_start = (void*)0xDF84; // just after data
49 long canon_bss_len = 0xD4F38 - 0xDF84; // d4ec8 taken at ROM:FFC00FB4
50
51 long i;
52
53 // enable caches and write buffer...
54 // this is a carryover from old dryos ports, may not be useful
55 asm volatile (
56 "MRC p15, 0, R0,c1,c0\n"
57 "ORR R0, R0, #0x1000\n"
58 "ORR R0, R0, #4\n"
59 "ORR R0, R0, #1\n"
60 "MCR p15, 0, R0,c1,c0\n"
61 :::"r0"
62 );
63
64 for(i=0;i<canon_data_len/4;i++)
65 canon_data_dst[i]=canon_data_src[i];
66
67 for(i=0;i<canon_bss_len/4;i++)
68 canon_bss_start[i]=0;
69
70 asm volatile ("B sub_FFC001A4_my\n");
71 };
72
73 /* OK */
74 void __attribute__((naked,noinline)) sub_FFC001A4_my() {
75
76 *(int*)0x1930=(int)taskHook;
77 *(int*)0x1934=(int)taskHook;
78
79 // replacement of sub_FFC111A4
80 // from taskcreate_startup to sub_FFC111A4
81 // and there to sub_FFC35CC4
82 // Found at: ROM:FFC30DF0
83 *(int*)(0x228C+0x4) = (*(int*)0xC02200B8)&1 ? 0x100000: 0x200000;
84
85 asm volatile (
86 "LDR R0, =0xFFC0021C\n" // exception handler code
87 "MOV R1, #0\n"
88 "LDR R3, =0xFFC00254\n"
89
90 "loc_FFC001B0:\n"
91 "CMP R0, R3\n" // load exception vector
92 "LDRCC R2, [R0],#4\n"
93 "STRCC R2, [R1],#4\n"
94 "BCC loc_FFC001B0\n"
95 "LDR R0, =0xFFC00254\n"
96 "MOV R1, #0x4B0\n"
97 "LDR R3, =0xFFC00468\n"
98
99 "loc_FFC001CC:\n"
100 "CMP R0, R3\n" // copy IRQ handler to ITCM starting at 0x4b0, 532 bytes up to 0x6C4
101 "LDRCC R2, [R0],#4\n"
102 "STRCC R2, [R1],#4\n"
103 "BCC loc_FFC001CC\n"
104 "MOV R0, #0xD2\n"
105 "MSR CPSR_cxsf, R0\n" // set CPSR mode = IRQ, ints disabled
106 "MOV SP, #0x1000\n" // irq mode SP
107 "MOV R0, #0xD3\n"
108 "MSR CPSR_cxsf, R0\n" // set CPSR mode = Super, ints disabled
109 "MOV SP, #0x1000\n" // super mode SP
110 "LDR R0, =0xFFC00210\n"
111 "LDR R2, =0xEEEEEEEE\n"
112 "MOV R3, #0x1000\n"
113
114 "loc_FFC00200:\n"
115 "CMP R0, R3\n" // clear ITCM 0x6C4-end with EEEEEEEE
116 "STRCC R2, [R0],#4\n"
117 "BCC loc_FFC00200\n"
118 "BL sub_FFC00F98_my\n" // --> Hook
119
120 "loc_FFC00210:\n"
121 "ANDEQ R0, R0, R4,ASR#13\n"
122
123 "loc_FFC00214:\n"
124 "ANDEQ R0, R0, R0,ROR R6\n"
125
126 "loc_FFC00218:\n"
127 "ANDEQ R0, R0, R4,ROR R6\n"
128
129 "loc_FFC0021C:\n"
130 "NOP\n"
131
132 "LDR PC, =0xFFC00468\n"
133
134 );
135 }
136
137 /* OK */
138 void __attribute__((naked,noinline)) sub_FFC00F98_my() {
139
140 asm volatile (
141
142 "STR LR, [SP,#-0x4]!\n"
143 "SUB SP, SP, #0x74\n"
144 "MOV R0, SP\n"
145 "MOV R1, #0x74\n"
146 "BL sub_FFE723D0\n"
147 "MOV R0, #0x53000\n"
148 "STR R0, [SP,#0x74-0x70]\n"
149
150 #if defined(CHDK_NOT_IN_CANON_HEAP) // use original heap offset if CHDK is loaded in high memory
151 "LDR R0, =0xD4F38\n"
152 #else
153 "LDR R0, =new_sa\n"
154 "LDR R0, [R0]\n"
155 #endif
156
157
158 "LDR R2, =0x279C00\n"
159 "LDR R1, =0x2724A8\n"
160 "STR R0, [SP,#0x74-0x6C]\n"
161 "SUB R0, R1, R0\n"
162 "ADD R3, SP, #0x74-0x68\n"
163 "STR R2, [SP,#0x74-0x74]\n"
164 "STMIA R3, {R0-R2}\n"
165 "MOV R0, #0x22\n"
166 "STR R0, [SP,#0x74-0x5C]\n"
167 "MOV R0, #0x68\n"
168 "STR R0, [SP,#0x74-0x58]\n"
169 "LDR R0, =0x19B\n"
170
171 "LDR R1, =sub_FFC04D90_my\n" // -> Hook
172
173 "STR R0, [SP,#0x74-0x54]\n"
174 "MOV R0, #0x96\n"
175 "STR R0, [SP,#0x74-0x50]\n"
176 "MOV R0, #0x78\n"
177 "STR R0, [SP,#0x74-0x4C]\n"
178 "MOV R0, #0x64\n"
179 "STR R0, [SP,#0x74-0x48]\n"
180 "MOV R0, #0\n"
181 "STR R0, [SP,#0x74-0x44]\n"
182 "STR R0, [SP,#0x74-0x40]\n"
183 "MOV R0, #0x10\n"
184 "STR R0, [SP,#0x74-0x18]\n"
185 "MOV R0, #0x800\n"
186 "STR R0, [SP,#0x74-0x14]\n"
187 "MOV R0, #0xA0\n"
188 "STR R0, [SP,#0x74-0x10]\n"
189 "MOV R0, #0x280\n"
190 "STR R0, [SP,#0x74-0xC]\n"
191 "MOV R0, SP\n"
192 "MOV R2, #0\n"
193
194 "BL sub_FFC02D3C\n"
195
196 "ADD SP, SP, #0x74\n"
197 "LDR PC, [SP],#4\n"
198 );
199 }
200
201
202 /* OK */
203 void __attribute__((naked,noinline)) sub_FFC04D90_my() {
204
205 asm volatile (
206
207 "STMFD SP!, {R4,LR}\n"
208 "BL sub_FFC00944\n"
209 "BL sub_FFC09708\n" // _dmSetup
210 "CMP R0, #0\n"
211 "LDRLT R0, =0xFFC04EA4\n"
212 "BLLT sub_FFC04E84\n" // err_init_task
213 "BL sub_FFC049B8\n" // termDriverInit
214 "CMP R0, #0\n"
215 "LDRLT R0, =0xFFC04EAC\n"
216 "BLLT sub_FFC04E84\n" // err_init_task
217 "LDR R0, =0xFFC04EBC\n" // /_term
218 "BL sub_FFC04AA0\n" // termDeviceCreate
219 "CMP R0, #0\n"
220 "LDRLT R0, =0xFFC04EC4\n" // termDeviceCreate
221 "BLLT sub_FFC04E84\n" // err_init_task
222 "LDR R0, =0xFFC04EBC\n"
223 "BL sub_FFC0354C\n" // stdioSetup
224 "CMP R0, #0\n"
225 "LDRLT R0, =0xFFC04ED8\n" // stdioSetup
226 "BLLT sub_FFC04E84\n" // err_init_task
227 "BL sub_FFC09290\n" // stdlibSetup
228 "CMP R0, #0\n"
229 "LDRLT R0, =0xFFC04EE4\n" // stdlibSetup
230 "BLLT sub_FFC04E84\n" // err_init_task
231 "BL sub_FFC0147C\n" // armlib_setup
232 "CMP R0, #0\n"
233 "LDRLT R0, =0xFFC04EF0\n" // armlib_setup
234 "BLLT sub_FFC04E84\n" // err_init_task
235 "LDMFD SP!, {R4,LR}\n"
236 "B taskcreate_Startup_my\n" // <--------------- changed, 0xFFC0CD6C in fw
237 );
238 };
239
240 /* OK */
241 void __attribute__((naked,noinline)) taskcreate_Startup_my() {
242
243 asm volatile (
244
245 "STMFD SP!, {R3,LR}\n"
246 "BL sub_FFC11198\n" // j_nullsub_234
247 "BL sub_FFC18AE0\n"
248 "CMP R0, #0\n"
249 "BNE loc_FFC0CDA0\n"
250 "BL sub_FFC11194\n"
251 "CMP R0, #0\n"
252 "BNE loc_FFC0CDA0\n"
253 "LDR R1, =0xC0022000\n"
254 "MOV R0, #0x44\n"
255 "STR R0, [R1,#0xA4]\n"
256 "STR R0, [R1,#0xA0]\n"
257 "loc_FFC0CD9C:\n" // CODE XREF: taskcreate_Startup:loc_FFC0CD9C
258 "B loc_FFC0CD9C\n"
259 "loc_FFC0CDA0:\n" // CODE XREF: taskcreate_Startup+10
260 //"BL sub_FFC111A0\n" // removed for correct power-on on "on/off" button.
261 "BL sub_FFC1119C\n" // j_nullsub_235
262 "BL sub_FFC16E70\n"
263 "LDR R1, =0x2CE000\n"
264 "MOV R0, #0\n"
265 "BL sub_FFC170B8\n"
266 "BL sub_FFC17064\n" // _sub_FFC17064__KerSys_c__548 ; LOCATION: KerSys.c:548
267 "MOV R3, #0\n"
268 "STR R3, [SP]\n"
269 "LDR R3, =task_Startup_my\n" // <----------- changed, 0x:FFC0CD10 in fw
270 "MOV R2, #0\n"
271 "MOV R1, #0x19\n"
272 "LDR R0, =0xFFC0CDE8\n" // "Startup"
273 "BL sub_FFC0B8C0\n" // eventproc_export_CreateTask ; LOCATION: KerTask.c:163
274 "MOV R0, #0\n"
275 "LDMFD SP!, {R12,PC}\n"
276 ".ltorg\n"
277 );
278 }
279
280 /* OK */
281 void __attribute__((naked,noinline)) task_Startup_my() {
282
283 asm volatile (
284
285 "STMFD SP!, {R4,LR}\n"
286 "BL sub_FFC0515C\n" // taskcreate_ClockSave
287 "BL sub_FFC12304\n"
288 "BL sub_FFC10BE0\n"
289 "BL sub_FFC18B20\n" // j_nullsub_238
290 "BL sub_FFC18CE8\n"
291 //"BL sub_FFC18BA8\n" // //start diskboot.bin, //StartDiskboot --> removed
292 "BL sub_FFC18EA0\n"
293 "BL sub_FFC18D38\n"
294 "BL sub_FFC16164\n"
295 "BL sub_FFC18EA4\n"
296 "BL CreateTask_spytask\n" // <--- function added
297 "BL sub_FFC11094\n" // taskcreate_PhySw
298 "BL sub_FFC141F0\n"
299 "BL sub_FFC18EBC\n"
300 "BL sub_FFC0FC08\n" // nullsub_2
301 "BL sub_FFC10530\n"
302 "BL sub_FFC188C0\n" // taskcreate_Bye
303 "BL sub_FFC10B90\n"
304 "BL sub_FFC1044C\n" // _sub_FFC1044C__LowBat_c__2 ; LOCATION: LowBat.c:2
305 "BL sub_FFC19944\n"
306 "BL sub_FFC10424\n"
307 "LDMFD SP!, {R4,LR}\n"
308 "B sub_FFC0505C\n" // _sub_FFC0505C__ClkEnabler_V_J_c__144 ; LOCATION: ClkEnabler_V_J.c:144
309 ".ltorg\n"
310 );
311 }
312
313 void __attribute__((naked,noinline)) init_file_modules_task() {
314 asm volatile(
315
316
317 "STMFD SP!, {R4-R6,LR}\n"
318 "BL sub_FFC5994C\n"
319 "LDR R5, =0x5006\n"
320 "MOVS R4, R0\n"
321 "MOVNE R1, #0\n"
322 "MOVNE R0, R5\n"
323 "BLNE sub_FFC5C03C\n" //eventproc_export_PostLogicalEventToUI
324 "BL sub_FFC59978_my\n" // <---------- changed
325 "BL core_spytask_can_start\n" // CHDK: Set "it's-save-to-start"-Flag for spytask
326 "CMP R4, #0\n"
327 "MOVEQ R0, R5\n"
328 "LDMEQFD SP!, {R4-R6,LR}\n"
329 "MOVEQ R1, #0\n"
330 "BEQ sub_FFC5C03C\n" //eventproc_export_PostLogicalEventToUI
331 "LDMFD SP!, {R4-R6,PC}\n"
332 );
333 }
334
335 /* OK */
336 void __attribute__((naked,noinline)) sub_FFC59978_my() {
337
338 asm volatile (
339 "STMFD SP!, {R4,LR}\n"
340 "BL sub_FFC3F894_my\n" // +----> Hook for SDHC booting (ex sub_FFC3FC50_my)
341 "BL sub_FFCE9BA4\n" // nullsub_101
342 "LDR R4, =0x5454\n"
343 "LDR R0, [R4,#4]\n"
344 "CMP R0, #0\n"
345 "BNE loc_FFC599AC\n"
346 "BL sub_FFC3ED5C\n"
347 "BL sub_FFCDF96C\n"
348 "BL sub_FFC3ED5C\n"
349 "BL sub_FFC3AC30\n"
350 "BL sub_FFC3EC5C\n"
351 "BL sub_FFCDFA38\n"
352
353 "loc_FFC599AC:\n"
354 "MOV R0, #1\n"
355 "STR R0, [R4]\n"
356 "LDMFD SP!, {R4,PC}\n"
357 );
358 }
359
360 void __attribute__((naked,noinline)) sub_FFC3F894_my() {
361
362 asm volatile (
363 "STMFD SP!, {R4-R6,LR}\n"
364 "MOV R6, #0\n"
365 "MOV R0, R6\n"
366 "BL sub_FFC3F354\n"
367 "LDR R4, =0x176C4\n"
368 "MOV R5, #0\n"
369 "LDR R0, [R4,#0x38]\n"
370 "BL sub_FFC3FDB4\n"
371 "CMP R0, #0\n"
372 "LDREQ R0, =0x26DC\n"
373 "STREQ R5, [R0,#0x10]\n"
374 "STREQ R5, [R0,#0x14]\n"
375 "STREQ R5, [R0,#0x18]\n"
376 "MOV R0, R6\n"
377 "BL sub_FFC3F394\n" // _sub_FFC3F394__Mounter_c__824 ; LOCATION: Mounter.c:824
378 "MOV R0, R6\n"
379 "BL sub_FFC3F6D0_my\n" // +----> Hook for SDHC booting (ex sub_FFC3FA8C_my)
380 "MOV R5, R0\n"
381 "MOV R0, R6\n"
382 "BL sub_FFC3F73C\n" // _sub_FFC3F73C__Mounter_c__8 ; LOCATION: Mounter.c:8
383 "LDR R1, [R4,#0x3C]\n"
384 "AND R2, R5, R0\n"
385 "CMP R1, #0\n"
386 "MOV R0, #0\n"
387 "MOVEQ R0, #0x80000001\n"
388 "BEQ loc_FFC3F928\n"
389 "LDR R3, [R4,#0x2C]\n"
390 "CMP R3, #2\n"
391 "MOVEQ R0, #4\n"
392 "CMP R1, #5\n"
393 "ORRNE R0, R0, #1\n"
394 "BICEQ R0, R0, #1\n"
395 "CMP R2, #0\n"
396 "BICEQ R0, R0, #2\n"
397 "ORREQ R0, R0, #0x80000000\n"
398 "BICNE R0, R0, #0x80000000\n"
399 "ORRNE R0, R0, #2\n"
400
401 "loc_FFC3F928:\n"
402 "STR R0, [R4,#0x40]\n"
403 "LDMFD SP!, {R4-R6,PC}\n"
404 );
405 }
406
407 void __attribute__((naked,noinline)) sub_FFC3F6D0_my() {
408
409 asm volatile (
410 "STMFD SP!, {R4-R6,LR}\n"
411 "LDR R5, =0x26DC\n"
412 "MOV R6, R0\n"
413 "LDR R0, [R5,#0x14]\n"
414 "CMP R0, #0\n"
415 "MOVNE R0, #1\n"
416 "LDMNEFD SP!, {R4-R6,PC}\n"
417 "MOV R0, #0x17\n"
418 "MUL R1, R0, R6\n"
419 "LDR R0, =0x176C4\n"
420 "ADD R4, R0, R1,LSL#2\n"
421 "LDR R0, [R4,#0x38]\n"
422 "MOV R1, R6\n"
423 "BL sub_FFC3F460_my\n" // +----> Hook for SDHC booting (ex sub_FFC3F81C_my) _sub_FFC3F460__Mounter_c__0 ; LOCATION: Mounter.c:0
424 "CMP R0, #0\n"
425 "LDMEQFD SP!, {R4-R6,PC}\n"
426 "LDR R0, [R4,#0x38]\n"
427 "MOV R1, R6\n"
428 "BL sub_FFC3F5C8\n" // _sub_FFC3F5C8__Mounter_c__0 ; LOCATION: Mounter.c:0
429 "CMP R0, #0\n"
430 "LDMEQFD SP!, {R4-R6,PC}\n"
431 "MOV R0, R6\n"
432 "BL sub_FFC3EF5C\n"
433 "CMP R0, #0\n"
434 "MOVNE R1, #1\n"
435 "STRNE R1, [R5,#0x14]\n"
436 "LDMFD SP!, {R4-R6,PC}\n"
437 );
438 }
439
440 void __attribute__((naked,noinline)) sub_FFC3F460_my() {
441
442 asm volatile (
443 "STMFD SP!, {R4-R8,LR}\n"
444 "MOV R8, R0\n"
445 "MOV R0, #0x17\n"
446 "MUL R1, R0, R1\n"
447 "LDR R0, =0x176C4\n"
448 "MOV R6, #0\n"
449 "ADD R7, R0, R1,LSL#2\n"
450 "LDR R0, [R7,#0x3C]\n"
451 "MOV R5, #0\n"
452 "CMP R0, #6\n"
453 "ADDLS PC, PC, R0,LSL#2\n"
454 "B loc_FFC3F5AC\n"
455
456 "loc_FFC3F490:\n"
457 "B loc_FFC3F4C4\n"
458
459 "loc_FFC3F494:\n"
460 "B loc_FFC3F4AC\n"
461
462 "loc_FFC3F498:\n"
463 "B loc_FFC3F4AC\n"
464
465 "loc_FFC3F49C:\n"
466 "B loc_FFC3F4AC\n"
467
468 "loc_FFC3F4A0:\n"
469 "B loc_FFC3F4AC\n"
470
471 "loc_FFC3F4A4:\n"
472 "B loc_FFC3F5A4\n"
473
474 "loc_FFC3F4A8:\n"
475 "B loc_FFC3F4AC\n"
476
477 "loc_FFC3F4AC:\n"
478 "MOV R2, #0\n"
479 "MOV R1, #0x200\n"
480 "MOV R0, #2\n"
481 "BL sub_FFC53A1C\n"
482 "MOVS R4, R0\n"
483 "BNE loc_FFC3F4CC\n"
484
485 "loc_FFC3F4C4:\n"
486 "MOV R0, #0\n"
487 "LDMFD SP!, {R4-R8,PC}\n"
488
489 "loc_FFC3F4CC:\n"
490 "LDR R12, [R7,#0x4C]\n"
491 "MOV R3, R4\n"
492 "MOV R2, #1\n"
493 "MOV R1, #0\n"
494 "MOV R0, R8\n"
495
496 // "BLX R12\n" // !! Workaround !!
497 "MOV LR, PC\n" // gcc won't compile "BLX R12" nor "BL R12".
498 "MOV PC, R12\n" // workaround: make your own "BL" and hope we don't need the change to thumb-mode
499
500 "CMP R0, #1\n"
501 "BNE loc_FFC3F4F8\n"
502 "MOV R0, #2\n"
503 "BL sub_FFC53B68\n" // _sub_FFC53B68__ExMemMan_c__0 ; LOCATION: ExMemMan.c:0
504 "B loc_FFC3F4C4\n"
505
506 "loc_FFC3F4F8:\n"
507 "MOV R0, R8\n"
508 "BL sub_FFCF4E44\n"
509
510 //insertion of new code for FAT32 autodetection
511 // Start of DataGhost's FAT32 autodetection code
512 // Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
513 // According to the code below, we can use R1, R2, R3 and R12.
514 // LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
515 // that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
516 "MOV R12, R4\n" // Copy the MBR start address so we have something to work with
517 "MOV LR, R4\n" // Save old offset for MBR signature
518 "MOV R1, #1\n" // Note the current partition number
519 "B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
520 "dg_sd_fat32:\n"
521 "CMP R1, #4\n" // Did we already see the 4th partition?
522 "BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
523 "ADD R12, R12, #0x10\n" // Second partition
524 "ADD R1, R1, #1\n" // Second partition for the loop
525 "dg_sd_fat32_enter:\n"
526 "LDRB R2, [R12, #0x1BE]\n" // Partition status
527 "LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
528 "CMP R3, #0xB\n" // Is this a FAT32 partition?
529 "CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
530 "BNE dg_sd_fat32\n" // No, it isn't. Loop again.
531 "CMP R2, #0x00\n" // It is, check the validity of the partition type
532 "CMPNE R2, #0x80\n"
533 "BNE dg_sd_fat32\n" // Invalid, go to next partition
534 // This partition is valid, it's the first one, bingo!
535 "MOV R4, R12\n" // Move the new MBR offset for the partition detection.
536
537 "dg_sd_fat32_end:\n"
538 // End of DataGhost's FAT32 autodetection code
539 "LDRB R1, [R4,#0x1C9]\n" // 4th byte of LBA
540 "LDRB R3, [R4,#0x1C8]\n" // 3rd byte of LBA
541 "LDRB R12, [R4,#0x1CC]\n" // 3rd byte of partition length
542 "MOV R1, R1,LSL#24\n" // Shift and...
543 "ORR R1, R1, R3,LSL#16\n" // combine LBA bytes (endianness fix)
544 "LDRB R3, [R4,#0x1C7]\n" // 2nd byte of LBA
545 "LDRB R2, [R4,#0x1BE]\n" // Partition status (0x00=nonboot, 0x80=boot, other=bad)
546 //"LDRB LR, [R4,#0x1FF]\n" // Last MBR signature byte (0xAA)
547 "ORR R1, R1, R3,LSL#8\n" // Combine more LBA bytes
548 "LDRB R3, [R4,#0x1C6]\n" // 1st byte of LBA
549 "CMP R2, #0\n" // Check partition status
550 "CMPNE R2, #0x80\n" // and again
551 "ORR R1, R1, R3\n" // Combine LBA into final value
552 "LDRB R3, [R4,#0x1CD]\n" // 4th byte of partition length
553 "MOV R3, R3,LSL#24\n" // Shift and...
554 "ORR R3, R3, R12,LSL#16\n" // combine partition length bytes
555 "LDRB R12, [R4,#0x1CB]\n" // 2nd byte of partition length
556 "ORR R3, R3, R12,LSL#8\n" // Combine partition length bytes
557 "LDRB R12, [R4,#0x1CA]\n" // 1st byte of partition length
558 "ORR R3, R3, R12\n" // Combine partition length bytes into final value
559 //"LDRB R12, [R4,#0x1FE]\n" // First MBR signature byte (0x55)
560 "LDRB R12, [LR,#0x1FE]\n" // + First MBR signature byte (0x55), LR is original offset.
561 "LDRB LR, [LR,#0x1FF]\n" // + Last MBR signature byte (0xAA), LR is original offset.
562 "MOV R4, #0\n" // This value previously held a pointer to the partition table :(
563 "BNE loc_FFC3F580\n" // Jump out if the partition is malformed (partition status \'other\')
564 "CMP R0, R1\n"
565 "BCC loc_FFC3F580\n" // Jump out if R0 < R1 (probably checking for a valid LBA addr)
566 "ADD R2, R1, R3\n" // R2 = partition start address + length = partition end address
567 "CMP R2, R0\n" // Guess: CMPLS is used to check for an overflow, the partition end address cannot be negative.
568 "CMPLS R12, #0x55\n" // Check MBR signature with original offset
569 "CMPEQ LR, #0xAA\n" // Check MBR signature with original offset
570 "MOVEQ R6, R1\n"
571 "MOVEQ R5, R3\n"
572 "MOVEQ R4, #1\n"
573
574 "loc_FFC3F580:\n"
575 //"MOV R0, #3\n"
576 "MOV R0, #2\n"
577 "BL sub_FFC53B68\n" // _sub_FFC53B68__ExMemMan_c__0 ; LOCATION: ExMemMan.c:0
578 "CMP R4, #0\n"
579 "BNE loc_FFC3F5B8\n"
580 "MOV R6, #0\n"
581 "MOV R0, R8\n"
582 "BL sub_FFCF4E44\n"
583 "MOV R5, R0\n"
584 "B loc_FFC3F5B8\n"
585
586 "loc_FFC3F5A4:\n"
587 "MOV R5, #0x40\n"
588 "B loc_FFC3F5B8\n"
589
590 "loc_FFC3F5AC:\n"
591 "LDR R1, =0x37A\n"
592 "LDR R0, =0xFFC3F454\n" // "Mounter.c"
593 "BL sub_FFC0BD98\n" // DebugAssert
594
595 "loc_FFC3F5B8:\n"
596 "STR R6, [R7,#0x44]!\n"
597 "MOV R0, #1\n"
598 "STR R5, [R7,#4]\n"
599 "LDMFD SP!, {R4-R8,PC}\n"
600 );
601 }
602
603 void __attribute__((naked,noinline)) task_blinker() {
604
605 volatile long *p=(void*)0xC02200CC;
606
607 int delay = 0x200000;
608 int i;
609
610 while(1){
611 p[0]=0x46;
612 for(i=0;i<delay;i++){
613 asm ("nop\n");
614 asm ("nop\n");
615 }
616 p[0]=0x44;
617 for(i=0;i<delay;i++){
618 asm ("nop\n");
619 asm ("nop\n");
620 }
621 }
622 };
623
624 void CreateTask_blinker() {
625 _CreateTask("Blinker", 0x1, 0x200, task_blinker, 0);
626 };