root/platform/a1300/sub/100e/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. taskHook
  2. boot
  3. sub_FF810380_my
  4. sub_FF8111D8_my
  5. sub_FF814288_my
  6. sub_FF81A6D0_my
  7. taskcreate_Startup_my
  8. task_Startup_my
  9. taskcreatePhySw_my
  10. CreateTask_spytask
  11. init_file_modules_task

   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 #include "dryos31.h"
   5 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
   6 
   7 const char * const new_sa = &_end;
   8 
   9 void CreateTask_PhySw();
  10 void CreateTask_spytask();
  11 
  12 extern void task_CaptSeq();
  13 extern void task_InitFileModules();
  14 extern void task_MovieRecord();
  15 extern void task_ExpDrv();
  16 extern void task_PhySw();
  17 extern void task_FileWrite();
  18 
  19 void taskHook(context_t **context) {
  20 
  21     task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
  22 
  23     if(tcb->entry == (void*)task_PhySw)            tcb->entry = (void*)mykbd_task;
  24     if(tcb->entry == (void*)task_CaptSeq)          tcb->entry = (void*)capt_seq_task;
  25     if(tcb->entry == (void*)task_InitFileModules)  tcb->entry = (void*)init_file_modules_task;
  26     if(tcb->entry == (void*)task_MovieRecord)      tcb->entry = (void*)movie_record_task;
  27     if(tcb->entry == (void*)task_ExpDrv)           tcb->entry = (void*)exp_drv_task;
  28     if(tcb->entry == (void*)task_FileWrite)        tcb->entry = (void*)filewritetask;
  29 }
  30 
  31 #define LED_GREEN               0xC0220120
  32 
  33 //** boot  @ 0xFF81000C 
  34 
  35 void __attribute__((naked,noinline)) boot(  ) { 
  36 asm volatile (
  37       "LDR     R1, =0xC0410000 \n"
  38       "MOV     R0, #0 \n"
  39       "STR     R0, [R1] \n"
  40       "MOV     R1, #0x78 \n"
  41       "MCR     p15, 0, R1, c1, c0 \n"
  42       "MOV     R1, #0 \n"
  43       "MCR     p15, 0, R1, c7, c10, 4 \n"
  44       "MCR     p15, 0, R1, c7, c5 \n"
  45       "MCR     p15, 0, R1, c7, c6 \n"
  46       "MOV     R0, #0x3D \n"
  47       "MCR     p15, 0, R0, c6, c0 \n"
  48       "MOV     R0, #0xC000002F \n"
  49       "MCR     p15, 0, R0, c6, c1 \n"
  50       "MOV     R0, #0x33 \n"
  51       "MCR     p15, 0, R0, c6, c2 \n"
  52       "MOV     R0, #0x40000033 \n"
  53       "MCR     p15, 0, R0, c6, c3 \n"
  54       "MOV     R0, #0x80000017 \n"
  55       "MCR     p15, 0, R0, c6, c4 \n"
  56       "LDR     R0, =0xFF80002D \n"
  57       "MCR     p15, 0, R0, c6, c5 \n"
  58       "MOV     R0, #0x34 \n"
  59       "MCR     p15, 0, R0, c2, c0 \n"
  60       "MOV     R0, #0x34 \n"
  61       "MCR     p15, 0, R0, c2, c0, 1 \n"
  62       "MOV     R0, #0x34 \n"
  63       "MCR     p15, 0, R0, c3, c0 \n"
  64       "LDR     R0, =0x3333330 \n"
  65       "MCR     p15, 0, R0, c5, c0, 2 \n"
  66       "LDR     R0, =0x3333330 \n"
  67       "MCR     p15, 0, R0, c5, c0, 3 \n"
  68       "MRC     p15, 0, R0, c1, c0 \n"
  69       "ORR     R0, R0, #0x1000 \n"
  70       "ORR     R0, R0, #4 \n"
  71       "ORR     R0, R0, #1 \n"
  72       "MCR     p15, 0, R0, c1, c0 \n"
  73       "MOV     R1, #0x80000006 \n"
  74       "MCR     p15, 0, R1, c9, c1 \n"
  75       "MOV     R1, #6 \n"
  76       "MCR     p15, 0, R1, c9, c1, 1 \n"
  77       "MRC     p15, 0, R1, c1, c0 \n"
  78       "ORR     R1, R1, #0x50000 \n"
  79       "MCR     p15, 0, R1, c1, c0 \n"
  80       "LDR     R2, =0xC0200000 \n"
  81       "MOV     R1, #1 \n"
  82       "STR     R1, [R2, #0x10C] \n"
  83       "MOV     R1, #0xFF \n"
  84       "STR     R1, [R2, #0xC] \n"
  85       "STR     R1, [R2, #0x1C] \n"
  86       "STR     R1, [R2, #0x2C] \n"
  87       "STR     R1, [R2, #0x3C] \n"
  88       "STR     R1, [R2, #0x4C] \n"
  89       "STR     R1, [R2, #0x5C] \n"
  90       "STR     R1, [R2, #0x6C] \n"
  91       "STR     R1, [R2, #0x7C] \n"
  92       "STR     R1, [R2, #0x8C] \n"
  93       "STR     R1, [R2, #0x9C] \n"
  94       "STR     R1, [R2, #0xAC] \n"
  95       "STR     R1, [R2, #0xBC] \n"
  96       "STR     R1, [R2, #0xCC] \n"
  97       "STR     R1, [R2, #0xDC] \n"
  98       "STR     R1, [R2, #0xEC] \n"
  99       "STR     R1, [R2, #0xFC] \n"
 100       "LDR     R1, =0xC0400008 \n"
 101       "LDR     R2, =0x430005 \n"
 102       "STR     R2, [R1] \n"
 103       "MOV     R1, #1 \n"
 104       "LDR     R2, =0xC0243100 \n"
 105       "STR     R2, [R1] \n"
 106       "LDR     R2, =0xC0242010 \n"
 107       "LDR     R1, [R2] \n"
 108       "ORR     R1, R1, #1 \n"
 109       "STR     R1, [R2] \n"
 110       "LDR     R0, =0xFFC02710 \n"
 111       "LDR     R1, =0x3F1000 \n"
 112       "LDR     R3, =0x4005D4 \n"
 113 "loc_FF81013C:\n"
 114       "CMP     R1, R3 \n"
 115       "LDRCC   R2, [R0], #4 \n"
 116       "STRCC   R2, [R1], #4 \n"
 117       "BCC     loc_FF81013C \n"
 118       "LDR     R0, =0xFFBF7050 \n"
 119       "LDR     R1, =0x1900 \n"
 120       "LDR     R3, =0xCFC0 \n"
 121 "loc_FF810158:\n"
 122       "CMP     R1, R3 \n"
 123       "LDRCC   R2, [R0], #4 \n"
 124       "STRCC   R2, [R1], #4 \n"
 125       "BCC     loc_FF810158 \n"
 126       "LDR     R1, =0x1585F0 \n" //MEMISOSTART
 127       "MOV     R2, #0 \n"
 128 "loc_FF810170:\n"
 129       "CMP     R3, R1 \n"
 130       "STRCC   R2, [R3], #4 \n"
 131       "BCC     loc_FF810170 \n"
 132 //      "B       sub_FF810380 \n" //original
 133       "B       sub_FF810380_my \n" //patched
 134         );
 135 }
 136 
 137 
 138 //** sub_FF810380_my  @ 0xFF810380 
 139 
 140 void __attribute__((naked,noinline)) sub_FF810380_my(  ) { 
 141 
 142    //http://chdk.setepontos.com/index.php/topic,4194.0.html
 143 //   *(int*)0x1930=(int)taskHook; //??
 144    *(int*)0x1934=(int)taskHook;
 145    *(int*)0x1938=(int)taskHook;
 146 //   *(int*)0x193C=(int)taskHook;
 147 
 148     // Power Button detection (short press = playback mode, long press = record mode) 
 149     // C02200F8  a810 
 150     // 0x24b8    a810
 151     //ff8560f8:  ldr r3, [pc, #80]   ; ff856150: (00002490)
 152     if ((*(int*) 0xC02200F8) & 1)                 // look at power-on switch
 153             *(int*)(0x2490+4) = 0x200000;         // start in play mode
 154     else
 155             *(int*)(0x2490+4) = 0x100000;         // start in rec mode    
 156     
 157 asm volatile (
 158       "LDR     R0, =0xFF8103F8 \n"
 159       "MOV     R1, #0 \n"
 160       "LDR     R3, =0xFF810430 \n"
 161 "loc_FF81038C:\n"
 162       "CMP     R0, R3 \n"
 163       "LDRCC   R2, [R0], #4 \n"
 164       "STRCC   R2, [R1], #4 \n"
 165       "BCC     loc_FF81038C \n"
 166       "LDR     R0, =0xFF810430 \n"
 167       "MOV     R1, #0x4B0 \n"
 168       "LDR     R3, =0xFF810644 \n"
 169 "loc_FF8103A8:\n"
 170       "CMP     R0, R3 \n"
 171       "LDRCC   R2, [R0], #4 \n"
 172       "STRCC   R2, [R1], #4 \n"
 173       "BCC     loc_FF8103A8 \n"
 174       "MOV     R0, #0xD2 \n"
 175       "MSR     CPSR_cxsf, R0 \n"
 176       "MOV     SP, #0x1000 \n"
 177       "MOV     R0, #0xD3 \n"
 178       "MSR     CPSR_cxsf, R0 \n"
 179       "MOV     SP, #0x1000 \n"
 180       "LDR     R0, =0x6C4 \n"
 181       "LDR     R2, =0xEEEEEEEE \n"
 182       "MOV     R3, #0x1000 \n"
 183 "loc_FF8103DC:\n"
 184       "CMP     R0, R3 \n"
 185       "STRCC   R2, [R0], #4 \n"
 186       "BCC     loc_FF8103DC \n"
 187 //      "BL      sub_FF8111D8 \n" //original
 188       "BL      sub_FF8111D8_my \n" //patched
 189         );
 190 }
 191 
 192 //** sub_FF8111D8_my  @ 0xFF8111D8 
 193 
 194 void __attribute__((naked,noinline)) sub_FF8111D8_my(  ) { 
 195 asm volatile (
 196       "STR     LR, [SP, #-4]! \n"
 197       "SUB     SP, SP, #0x74 \n"
 198       "MOV     R1, #0x74 \n"
 199       "MOV     R0, SP \n"
 200       "BL      sub_003FC448 \n" // RAM
 201       "MOV     R0, #0x57000 \n"
 202       "STR     R0, [SP, #4] \n"
 203 #if defined(CHDK_NOT_IN_CANON_HEAP)
 204       "LDR     R0, =0x1585F0 \n" // MEMISOSTART: Use original heap offset since CHDK is loaded in high memory 
 205 #else
 206       "LDR     R0, =new_sa \n"      //otherwise use patched value
 207       "LDR     R0, [R0] \n"
 208 #endif
 209       "LDR     R2, =0x2ED440 \n"
 210       "STR     R0, [SP, #8] \n"
 211       "SUB     R0, R2, R0 \n"
 212       "STR     R0, [SP, #0xC] \n"
 213       "MOV     R0, #0x22 \n"
 214       "STR     R0, [SP, #0x18] \n"
 215       "MOV     R0, #0x7C \n"
 216       "STR     R0, [SP, #0x1C] \n"
 217       "LDR     R1, =0x2F5C00 \n"
 218       "LDR     R0, =0x1CD \n"
 219       "STR     R1, [SP] \n"
 220       "STR     R0, [SP, #0x20] \n"
 221       "MOV     R0, #0x96 \n"
 222       "STR     R2, [SP, #0x10] \n"
 223       "STR     R1, [SP, #0x14] \n"
 224       "STR     R0, [SP, #0x24] \n"
 225       "STR     R0, [SP, #0x28] \n"
 226       "MOV     R0, #0x64 \n"
 227       "STR     R0, [SP, #0x2C] \n"
 228       "MOV     R0, #0 \n"
 229       "STR     R0, [SP, #0x30] \n"
 230       "STR     R0, [SP, #0x34] \n"
 231       "MOV     R0, #0x10 \n"
 232       "STR     R0, [SP, #0x5C] \n"
 233       "MOV     R0, #0x800 \n"
 234       "STR     R0, [SP, #0x60] \n"
 235       "MOV     R0, #0xA0 \n"
 236       "STR     R0, [SP, #0x64] \n"
 237       "MOV     R0, #0x280 \n"
 238       "STR     R0, [SP, #0x68] \n"
 239 //      "LDR     R1, =sub_FF814288 \n" //original
 240       "LDR     R1, =sub_FF814288_my \n" //patched
 241       "MOV     R2, #0 \n"
 242       "MOV     R0, SP \n"
 243       "BL      sub_003F2778 \n" //RAM
 244       "ADD     SP, SP, #0x74 \n"
 245       "LDR     PC, [SP], #4 \n"
 246         );
 247 }
 248 
 249 //** sub_FF814288_my  @ 0xFF814288 
 250 
 251 void __attribute__((naked,noinline)) sub_FF814288_my(  ) { 
 252 asm volatile (
 253       "STMFD   SP!, {R4,LR} \n"
 254       "BL      sub_FF810B50 \n"
 255       "BL      sub_FF8151A4 \n"
 256       "CMP     R0, #0 \n"
 257       "LDRLT   R0, =0xFF81439C \n" // "dmSetup"
 258       "BLLT    _err_init_task \n" 
 259       "BL      sub_FF813EC0 \n"
 260       "CMP     R0, #0 \n"
 261       "LDRLT   R0, =0xFF8143A4 \n" // "termDriverInit"
 262       "BLLT    _err_init_task \n"
 263       "LDR     R0, =0xFF8143B4 \n" // "/_term"
 264       "BL      sub_FF813FA8 \n"
 265       "CMP     R0, #0 \n"
 266       "LDRLT   R0, =0xFF8143BC \n" // "termDeviceCreate"
 267       "BLLT    _err_init_task \n"
 268       "LDR     R0, =0xFF8143B4 \n" //  "/_term"
 269       "BL      sub_FF8129C8 \n"
 270       "CMP     R0, #0 \n"
 271       "LDRLT   R0, =0xFF8143D0 \n" // "stdioSetup"
 272       "BLLT    _err_init_task \n"
 273       "BL      sub_FF814B40 \n"
 274       "CMP     R0, #0 \n"
 275       "LDRLT   R0, =0xFF8143DC \n" // "stdlibSetup"
 276       "BLLT    _err_init_task \n"
 277       "BL      sub_FF8116C8 \n"
 278       "CMP     R0, #0 \n"
 279       "LDRLT   R0, =0xFF8143E8 \n" // "armlib_setup"
 280       "BLLT    _err_init_task \n"
 281       "LDMFD   SP!, {R4,LR} \n"
 282 //      "B       sub_FF81A6D0 \n" //original
 283       "B       sub_FF81A6D0_my \n" //patched
 284         );
 285 }
 286 
 287 
 288 //** sub_FF81A6D0_my  @ 0xFF81A6D0 
 289 
 290 void __attribute__((naked,noinline)) sub_FF81A6D0_my(  ) { 
 291 asm volatile (
 292       "STMFD   SP!, {R4,LR} \n"
 293       "BL      sub_FF82D6A8 \n"
 294 //      "BL      loc_FF81A6E4 \n" // original taskcreate_Startup
 295       "BL      taskcreate_Startup_my \n" //patched taskcreate_Startup
 296       "MOV     R0, #0 \n"
 297       "LDMFD   SP!, {R4,PC} \n"
 298         );
 299 };
 300 
 301 //** taskcreate_Startup_my  @ 0xFF81A6E4 
 302 
 303 void __attribute__((naked,noinline)) taskcreate_Startup_my(  ) { 
 304 asm volatile (
 305       "STMFD   SP!, {R3-R7,LR} \n"
 306       "BL      sub_FF834740 \n"
 307       "LDR     R6, =0xC0220000 \n"
 308       "MOVS    R4, R0 \n"
 309       "MOV     R5, #1 \n"
 310       "BNE     loc_FF81A734 \n"
 311       "BL      sub_FF82F104 \n"
 312       "CMP     R0, #0 \n"
 313       "BEQ     loc_FF81A734 \n"
 314       "LDR     R0, [R6, #0xFC] \n"
 315       "BIC     R1, R5, R0 \n"
 316       "LDR     R0, [R6, #0xF8] \n"
 317       "BIC     R0, R5, R0 \n"
 318       "ORRS    R2, R0, R1 \n"
 319       "BNE     loc_FF81A744 \n"
 320       "BL      sub_FF82CD0C \n"
 321       "MOV     R0, #0x44 \n"
 322       "STR     R0, [R6, #0x12C] \n"
 323       "BL      sub_FF82CE38 \n"
 324 "loc_FF81A730:\n"
 325       "B       loc_FF81A730 \n"
 326 "loc_FF81A734:\n"
 327       "LDR     R0, [R6, #0xF8] \n"
 328       "LDR     R1, [R6, #0xFC] \n"
 329       "BIC     R0, R5, R0 \n"
 330       "BIC     R1, R5, R1 \n"
 331 "loc_FF81A744:\n"
 332       "MOV     R3, #0 \n"
 333       "MOV     R2, R4 \n"
 334 //      "BL      sub_FF82D6B0 \n" // StartUp mode detection. We must remove this for power-on mode handling to work
 335       "BL      sub_FF82D6AC \n" // nullsub
 336       "BL      sub_003F77E0 \n" //RAM
 337       "LDR     R1, =0x34E000 \n"
 338       "MOV     R0, #0 \n"
 339       "BL      sub_FF832D6C \n"
 340       "BL      sub_003F79F8 \n" //RAM
 341       "MOV     R3, #0 \n"
 342       "STR     R3, [SP] \n"
 343 //      "LDR     R3, =0xFF81A668 \n" //original
 344       "LDR     R3, =task_Startup_my \n" //patched
 345       "MOV     R2, #0 \n"
 346       "MOV     R1, #0x19 \n"
 347       "LDR     R0, =0xFF81A798 \n"
 348       "BL      _CreateTask \n" 
 349       "MOV     R0, #0 \n"
 350       "LDMFD   SP!, {R3-R7,PC} \n"
 351         );
 352 }
 353 
 354 
 355 //** task_Startup_my  @ 0xFF81A668 
 356 
 357 void __attribute__((naked,noinline)) task_Startup_my(  ) { 
 358 asm volatile (
 359       "STMFD   SP!, {R4,LR} \n"
 360       "BL      sub_FF8148C8 \n" //clocksave
 361       "BL      sub_FF82E7D0 \n"
 362       "BL      sub_FF82C98C \n"
 363       "BL      sub_FF834788 \n" //j_nullsub_xxx
 364       "BL      sub_FF834974 \n"
 365 //      "BL      sub_FF83481C \n" //disable Diskboot.bin
 366       "BL      sub_FF834AF8 \n"
 367       "BL      sub_FF834CC4 \n"
 368       "BL      sub_FF834ABC \n"
 369       "BL      sub_FF8349A4 \n"
 370       "BL      sub_FF832CA0 \n"
 371       "BL      sub_FF834CCC \n"
 372       "BL     CreateTask_spytask \n"            //added to create the Spytask
 373 //      "BL      sub_FF82D54C \n" //original taskcreate_PhySw()
 374       "BL     taskcreatePhySw_my \n"            // patched taskcreate_PhySw()
 375       "BL      sub_FF83106C \n"
 376       "BL      sub_FF834CE4 \n"
 377       "BL      sub_FF82BA00 \n"
 378       "BL      sub_FF82C3B0 \n"
 379       "BL      sub_FF8344FC \n"
 380       "BL      sub_FF82C940 \n"
 381       "BL      sub_FF82C350 \n"
 382       "BL      sub_FF834AE8 \n"
 383       "BL      sub_FF835834 \n" //StartFactoryModeController
 384       "BL      sub_FF82C314 \n"
 385       "LDMFD   SP!, {R4,LR} \n"
 386       "B       sub_FF8149E8 \n"
 387         );
 388 }
 389 
 390 
 391 //** taskcreatePhySw_my  @ 0xFF82D54C 
 392 
 393 void __attribute__((naked,noinline)) taskcreatePhySw_my(  ) { 
 394 asm volatile (
 395       "STMFD   SP!, {R3-R5,LR} \n"
 396       "LDR     R4, =0x1BF8 \n"
 397       "LDR     R0, [R4, #4] \n"
 398       "CMP     R0, #0 \n"
 399       "BNE     loc_FF82D580 \n"
 400       "MOV     R3, #0 \n"
 401       "STR     R3, [SP] \n"
 402       #if 1
 403       "LDR     R3, =mykbd_task \n" //patched  task_PhySw
 404       "MOV     R2, #0x2000 \n" // stack size for new task_PhySw so we don't have to do stack switch
 405       #else
 406       "LDR     R3, =0xFF82D518 \n" //original
 407       "MOV     R2, #0x800 \n" // original      
 408       #endif
 409       "MOV     R1, #0x17 \n"
 410       "LDR     R0, =0xFF82D7A8 \n"
 411       "BL      sub_003F7A50 \n" //RAM
 412       "STR     R0, [R4, #4] \n"
 413 "loc_FF82D580:\n"
 414       "BL      sub_FF87CB50 \n"
 415       "BL      sub_FF82F054 \n"
 416       "CMP     R0, #0 \n"
 417       "BNE     loc_FF82D59C \n"
 418       "LDR     R1, =0x30FE4 \n"
 419       "MOV     R0, #0 \n"
 420       "BL      sub_FF87CAC0 \n"
 421 "loc_FF82D59C:\n"
 422       "LDMFD   SP!, {R3-R5,PC} \n"
 423         );
 424 }
 425 
 426 
 427 void CreateTask_spytask() {
 428 
 429         _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);                        
 430 };
 431 
 432 //** init_file_modules_task  @ 0xFF88688C 
 433 
 434 void __attribute__((naked,noinline)) init_file_modules_task(  ) { 
 435 asm volatile (
 436       "STMFD   SP!, {R4-R6,LR} \n"
 437       "BL      sub_FF87F110 \n"
 438       "LDR     R5, =0x5006 \n"
 439       "MOVS    R4, R0 \n"
 440       "MOVNE   R1, #0 \n"
 441       "MOVNE   R0, R5 \n"
 442       "BLNE    sub_FF8828B0 \n"
 443       "BL      sub_FF87F13C \n"
 444       "BL          core_spytask_can_start \n" //added CHDK: Set "it's-safe-to-start"-Flag for spytask
 445       "CMP     R4, #0 \n"
 446       "LDMNEFD SP!, {R4-R6,PC} \n"
 447       "MOV     R0, R5 \n"
 448       "LDMFD   SP!, {R4-R6,LR} \n"
 449       "MOV     R1, #0 \n"
 450       "B       sub_FF8828B0 \n"
 451         );
 452 }

/* [<][>][^][v][top][bottom][index][help] */