This source file includes following definitions.
- taskHook
- boot
- sub_FF810380_my
- sub_FF8111D8_my
- sub_FF814288_my
- sub_FF81A6D0_my
- taskcreate_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- CreateTask_spytask
- init_file_modules_task
1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4 #include "dryos31.h"
5 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
6
7 const char * const new_sa = &_end;
8
9 void CreateTask_PhySw();
10 void CreateTask_spytask();
11
12 extern void task_CaptSeq();
13 extern void task_InitFileModules();
14 extern void task_MovieRecord();
15 extern void task_ExpDrv();
16 extern void task_PhySw();
17 extern void task_FileWrite();
18
19 void taskHook(context_t **context) {
20
21 task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
22
23 if(tcb->entry == (void*)task_PhySw) tcb->entry = (void*)mykbd_task;
24 if(tcb->entry == (void*)task_CaptSeq) tcb->entry = (void*)capt_seq_task;
25 if(tcb->entry == (void*)task_InitFileModules) tcb->entry = (void*)init_file_modules_task;
26 if(tcb->entry == (void*)task_MovieRecord) tcb->entry = (void*)movie_record_task;
27 if(tcb->entry == (void*)task_ExpDrv) tcb->entry = (void*)exp_drv_task;
28 if(tcb->entry == (void*)task_FileWrite) tcb->entry = (void*)filewritetask;
29 }
30
31 #define LED_GREEN 0xC0220120
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73 void __attribute__((naked,noinline)) boot( ) {
74 asm volatile (
75 "LDR R1, =0xC0410000 \n"
76 "MOV R0, #0 \n"
77 "STR R0, [R1] \n"
78 "MOV R1, #0x78 \n"
79 "MCR p15, 0, R1, c1, c0 \n"
80 "MOV R1, #0 \n"
81 "MCR p15, 0, R1, c7, c10, 4 \n"
82 "MCR p15, 0, R1, c7, c5 \n"
83 "MCR p15, 0, R1, c7, c6 \n"
84 "MOV R0, #0x3D \n"
85 "MCR p15, 0, R0, c6, c0 \n"
86 "MOV R0, #0xC000002F \n"
87 "MCR p15, 0, R0, c6, c1 \n"
88 "MOV R0, #0x33 \n"
89 "MCR p15, 0, R0, c6, c2 \n"
90 "MOV R0, #0x40000033 \n"
91 "MCR p15, 0, R0, c6, c3 \n"
92 "MOV R0, #0x80000017 \n"
93 "MCR p15, 0, R0, c6, c4 \n"
94 "LDR R0, =0xFF80002D \n"
95 "MCR p15, 0, R0, c6, c5 \n"
96 "MOV R0, #0x34 \n"
97 "MCR p15, 0, R0, c2, c0 \n"
98 "MOV R0, #0x34 \n"
99 "MCR p15, 0, R0, c2, c0, 1 \n"
100 "MOV R0, #0x34 \n"
101 "MCR p15, 0, R0, c3, c0 \n"
102 "LDR R0, =0x3333330 \n"
103 "MCR p15, 0, R0, c5, c0, 2 \n"
104 "LDR R0, =0x3333330 \n"
105 "MCR p15, 0, R0, c5, c0, 3 \n"
106 "MRC p15, 0, R0, c1, c0 \n"
107 "ORR R0, R0, #0x1000 \n"
108 "ORR R0, R0, #4 \n"
109 "ORR R0, R0, #1 \n"
110 "MCR p15, 0, R0, c1, c0 \n"
111 "MOV R1, #0x80000006 \n"
112 "MCR p15, 0, R1, c9, c1 \n"
113 "MOV R1, #6 \n"
114 "MCR p15, 0, R1, c9, c1, 1 \n"
115 "MRC p15, 0, R1, c1, c0 \n"
116 "ORR R1, R1, #0x50000 \n"
117 "MCR p15, 0, R1, c1, c0 \n"
118 "LDR R2, =0xC0200000 \n"
119 "MOV R1, #1 \n"
120 "STR R1, [R2, #0x10C] \n"
121 "MOV R1, #0xFF \n"
122 "STR R1, [R2, #0xC] \n"
123 "STR R1, [R2, #0x1C] \n"
124 "STR R1, [R2, #0x2C] \n"
125 "STR R1, [R2, #0x3C] \n"
126 "STR R1, [R2, #0x4C] \n"
127 "STR R1, [R2, #0x5C] \n"
128 "STR R1, [R2, #0x6C] \n"
129 "STR R1, [R2, #0x7C] \n"
130 "STR R1, [R2, #0x8C] \n"
131 "STR R1, [R2, #0x9C] \n"
132 "STR R1, [R2, #0xAC] \n"
133 "STR R1, [R2, #0xBC] \n"
134 "STR R1, [R2, #0xCC] \n"
135 "STR R1, [R2, #0xDC] \n"
136 "STR R1, [R2, #0xEC] \n"
137 "STR R1, [R2, #0xFC] \n"
138 "LDR R1, =0xC0400008 \n"
139 "LDR R2, =0x430005 \n"
140 "STR R2, [R1] \n"
141 "MOV R1, #1 \n"
142 "LDR R2, =0xC0243100 \n"
143 "STR R2, [R1] \n"
144 "LDR R2, =0xC0242010 \n"
145 "LDR R1, [R2] \n"
146 "ORR R1, R1, #1 \n"
147 "STR R1, [R2] \n"
148 "LDR R0, =0xFFC011A8 \n"
149 "LDR R1, =0x3F1000 \n"
150 "LDR R3, =0x4005D4 \n"
151 "loc_FF81013C:\n"
152 "CMP R1, R3 \n"
153 "LDRCC R2, [R0], #4 \n"
154 "STRCC R2, [R1], #4 \n"
155 "BCC loc_FF81013C \n"
156 "LDR R0, =0xFFBF5B08 \n"
157 "LDR R1, =0x1900 \n"
158 "LDR R3, =0xCFA0 \n"
159 "loc_FF810158:\n"
160 "CMP R1, R3 \n"
161 "LDRCC R2, [R0], #4 \n"
162 "STRCC R2, [R1], #4 \n"
163 "BCC loc_FF810158 \n"
164 "LDR R1, =0x1581D0 \n"
165 "MOV R2, #0 \n"
166 "loc_FF810170:\n"
167 "CMP R3, R1 \n"
168 "STRCC R2, [R3], #4 \n"
169 "BCC loc_FF810170 \n"
170
171 "B sub_FF810380_my \n"
172 );
173 }
174
175
176
177
178 void __attribute__((naked,noinline)) sub_FF810380_my( ) {
179
180
181
182 *(int*)0x1934=(int)taskHook;
183 *(int*)0x1938=(int)taskHook;
184
185
186
187
188
189
190 if ((*(int*) 0xC02200F8) & 1)
191 *(int*)(0x2490+4) = 0x200000;
192 else
193 *(int*)(0x2490+4) = 0x100000;
194
195 asm volatile (
196 "LDR R0, =0xFF8103F8 \n"
197 "MOV R1, #0 \n"
198 "LDR R3, =0xFF810430 \n"
199 "loc_FF81038C:\n"
200 "CMP R0, R3 \n"
201 "LDRCC R2, [R0], #4 \n"
202 "STRCC R2, [R1], #4 \n"
203 "BCC loc_FF81038C \n"
204 "LDR R0, =0xFF810430 \n"
205 "MOV R1, #0x4B0 \n"
206 "LDR R3, =0xFF810644 \n"
207 "loc_FF8103A8:\n"
208 "CMP R0, R3 \n"
209 "LDRCC R2, [R0], #4 \n"
210 "STRCC R2, [R1], #4 \n"
211 "BCC loc_FF8103A8 \n"
212 "MOV R0, #0xD2 \n"
213 "MSR CPSR_cxsf, R0 \n"
214 "MOV SP, #0x1000 \n"
215 "MOV R0, #0xD3 \n"
216 "MSR CPSR_cxsf, R0 \n"
217 "MOV SP, #0x1000 \n"
218 "LDR R0, =0x6C4 \n"
219 "LDR R2, =0xEEEEEEEE \n"
220 "MOV R3, #0x1000 \n"
221 "loc_FF8103DC:\n"
222 "CMP R0, R3 \n"
223 "STRCC R2, [R0], #4 \n"
224 "BCC loc_FF8103DC \n"
225
226 "BL sub_FF8111D8_my \n"
227 );
228 }
229
230
231
232 void __attribute__((naked,noinline)) sub_FF8111D8_my( ) {
233 asm volatile (
234 "STR LR, [SP, #-4]! \n"
235 "SUB SP, SP, #0x74 \n"
236 "MOV R1, #0x74 \n"
237 "MOV R0, SP \n"
238 "BL sub_003FC448 \n"
239 "MOV R0, #0x57000 \n"
240 "STR R0, [SP, #4] \n"
241 #if defined(CHDK_NOT_IN_CANON_HEAP)
242 "LDR R0, =0x1581D0 \n"
243 #else
244 "LDR R0, =new_sa \n"
245 "LDR R0, [R0] \n"
246 #endif
247 "LDR R2, =0x2ED440 \n"
248 "STR R0, [SP, #8] \n"
249 "SUB R0, R2, R0 \n"
250 "STR R0, [SP, #0xC] \n"
251 "MOV R0, #0x22 \n"
252 "STR R0, [SP, #0x18] \n"
253 "MOV R0, #0x7C \n"
254 "STR R0, [SP, #0x1C] \n"
255 "LDR R1, =0x2F5C00 \n"
256 "LDR R0, =0x1CD \n"
257 "STR R1, [SP] \n"
258 "STR R0, [SP, #0x20] \n"
259 "MOV R0, #0x96 \n"
260 "STR R2, [SP, #0x10] \n"
261 "STR R1, [SP, #0x14] \n"
262 "STR R0, [SP, #0x24] \n"
263 "STR R0, [SP, #0x28] \n"
264 "MOV R0, #0x64 \n"
265 "STR R0, [SP, #0x2C] \n"
266 "MOV R0, #0 \n"
267 "STR R0, [SP, #0x30] \n"
268 "STR R0, [SP, #0x34] \n"
269 "MOV R0, #0x10 \n"
270 "STR R0, [SP, #0x5C] \n"
271 "MOV R0, #0x800 \n"
272 "STR R0, [SP, #0x60] \n"
273 "MOV R0, #0xA0 \n"
274 "STR R0, [SP, #0x64] \n"
275 "MOV R0, #0x280 \n"
276 "STR R0, [SP, #0x68] \n"
277
278 "LDR R1, =sub_FF814288_my \n"
279 "MOV R2, #0 \n"
280 "MOV R0, SP \n"
281 "BL sub_003F2778 \n"
282 "ADD SP, SP, #0x74 \n"
283 "LDR PC, [SP], #4 \n"
284 );
285 }
286
287
288
289 void __attribute__((naked,noinline)) sub_FF814288_my() {
290
291 asm volatile (
292 "STMFD SP!, {R4,LR} \n"
293 "BL sub_FF810B50 \n"
294 "BL sub_FF8151A4 \n"
295 "CMP R0, #0 \n"
296 "LDRLT R0, =0xFF81439C \n"
297 "BLLT _err_init_task \n"
298 "BL sub_FF813EC0 \n"
299 "CMP R0, #0 \n"
300 "LDRLT R0, =0xFF8143A4 \n"
301 "BLLT _err_init_task \n"
302 "LDR R0, =0xFF8143B4 \n"
303 "BL sub_FF813FA8 \n"
304 "CMP R0, #0 \n"
305 "LDRLT R0, =0xFF8143BC \n"
306 "BLLT _err_init_task \n"
307 "LDR R0, =0xFF8143B4 \n"
308 "BL sub_FF8129C8 \n"
309 "CMP R0, #0 \n"
310 "LDRLT R0, =0xFF8143D0 \n"
311 "BLLT _err_init_task \n"
312 "BL sub_FF814B40 \n"
313 "CMP R0, #0 \n"
314 "LDRLT R0, =0xFF8143DC \n"
315 "BLLT _err_init_task \n"
316 "BL sub_FF8116C8 \n"
317 "CMP R0, #0 \n"
318 "LDRLT R0, =0xFF8143E8 \n"
319 "BLLT _err_init_task \n"
320 "LDMFD SP!, {R4,LR} \n"
321
322 "B sub_FF81A6D0_my \n"
323 );
324 };
325
326
327
328
329 void __attribute__((naked,noinline)) sub_FF81A6D0_my( ) {
330 asm volatile (
331 "STMFD SP!, {R4,LR} \n"
332 "BL sub_FF82D6A8 \n"
333
334 "BL taskcreate_Startup_my \n"
335 "MOV R0, #0 \n"
336 "LDMFD SP!, {R4,PC} \n"
337 );
338 };
339
340
341
342 void __attribute__((naked,noinline)) taskcreate_Startup_my( ) {
343 asm volatile (
344 "STMFD SP!, {R3-R7,LR} \n"
345 "BL sub_FF834740 \n"
346 "LDR R6, =0xC0220000 \n"
347 "MOVS R4, R0 \n"
348 "MOV R5, #1 \n"
349 "BNE loc_FF81A734 \n"
350 "BL sub_FF82F104 \n"
351 "CMP R0, #0 \n"
352 "BEQ loc_FF81A734 \n"
353 "LDR R0, [R6, #0xFC] \n"
354 "BIC R1, R5, R0 \n"
355 "LDR R0, [R6, #0xF8] \n"
356 "BIC R0, R5, R0 \n"
357 "ORRS R2, R0, R1 \n"
358 "BNE loc_FF81A744 \n"
359 "BL sub_FF82CD0C \n"
360 "MOV R0, #0x44 \n"
361 "STR R0, [R6, #0x12C] \n"
362 "BL sub_FF82CE38 \n"
363 "loc_FF81A730:\n"
364 "B loc_FF81A730 \n"
365 "loc_FF81A734:\n"
366 "LDR R0, [R6, #0xF8] \n"
367 "LDR R1, [R6, #0xFC] \n"
368 "BIC R0, R5, R0 \n"
369 "BIC R1, R5, R1 \n"
370 "loc_FF81A744:\n"
371 "MOV R3, #0 \n"
372 "MOV R2, R4 \n"
373
374 "BL sub_FF82D6AC \n"
375 "BL sub_003F77E0 \n"
376 "LDR R1, =0x34E000 \n"
377 "MOV R0, #0 \n"
378 "BL sub_FF832D6C \n"
379 "BL sub_003F79F8 \n"
380 "MOV R3, #0 \n"
381 "STR R3, [SP] \n"
382
383 "LDR R3, =task_Startup_my \n"
384 "MOV R2, #0 \n"
385 "MOV R1, #0x19 \n"
386 "LDR R0, =0xFF81A798 \n"
387 "BL _CreateTask \n"
388 "MOV R0, #0 \n"
389 "LDMFD SP!, {R3-R7,PC} \n"
390 );
391 }
392
393
394
395
396 void __attribute__((naked,noinline)) task_Startup_my( ) {
397 asm volatile (
398 "STMFD SP!, {R4,LR} \n"
399 "BL sub_FF8148C8 \n"
400 "BL sub_FF82E7D0 \n"
401 "BL sub_FF82C98C \n"
402 "BL sub_FF834788 \n"
403 "BL sub_FF834974 \n"
404
405 "BL sub_FF834AF8 \n"
406 "BL sub_FF834CC4 \n"
407 "BL sub_FF834ABC \n"
408 "BL sub_FF8349A4 \n"
409 "BL sub_FF832CA0 \n"
410 "BL sub_FF834CCC \n"
411 "BL CreateTask_spytask \n"
412
413 "BL taskcreatePhySw_my \n"
414 "BL sub_FF83106C \n"
415 "BL sub_FF834CE4 \n"
416 "BL sub_FF82BA00 \n"
417 "BL sub_FF82C3B0 \n"
418 "BL sub_FF8344FC \n"
419 "BL sub_FF82C940 \n"
420 "BL sub_FF82C350 \n"
421 "BL sub_FF834AE8 \n"
422 "BL sub_FF835834 \n"
423 "BL sub_FF82C314 \n"
424 "LDMFD SP!, {R4,LR} \n"
425 "B sub_FF8149E8 \n"
426 );
427 }
428
429
430
431
432 void __attribute__((naked,noinline)) taskcreatePhySw_my( ) {
433 asm volatile (
434 "STMFD SP!, {R3-R5,LR} \n"
435 "LDR R4, =0x1BF8 \n"
436 "LDR R0, [R4, #4] \n"
437 "CMP R0, #0 \n"
438 "BNE loc_FF82D580 \n"
439 "MOV R3, #0 \n"
440 "STR R3, [SP] \n"
441 #if 1
442 "LDR R3, =mykbd_task \n"
443 "MOV R2, #0x2000 \n"
444 #else
445 "LDR R3, =0xFF82D518 \n"
446 "MOV R2, #0x800 \n"
447 #endif
448 "MOV R1, #0x17 \n"
449 "LDR R0, =0xFF82D7A8 \n"
450 "BL sub_003F7A50 \n"
451 "STR R0, [R4, #4] \n"
452 "loc_FF82D580:\n"
453 "BL sub_FF87CB50 \n"
454 "BL sub_FF82F054 \n"
455 "CMP R0, #0 \n"
456 "BNE loc_FF82D59C \n"
457 "LDR R1, =0x30FC4 \n"
458 "MOV R0, #0 \n"
459 "BL sub_FF87CAC0 \n"
460 "loc_FF82D59C:\n"
461 "LDMFD SP!, {R3-R5,PC} \n"
462 );
463 }
464
465
466 void CreateTask_spytask() {
467
468 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
469 };
470
471
472
473 void __attribute__((naked,noinline)) init_file_modules_task( ) {
474 asm volatile (
475 "STMFD SP!, {R4-R6,LR} \n"
476 "BL sub_FF87F110 \n"
477 "LDR R5, =0x5006 \n"
478 "MOVS R4, R0 \n"
479 "MOVNE R1, #0 \n"
480 "MOVNE R0, R5 \n"
481 "BLNE sub_FF8828B0 \n"
482 "BL sub_FF87F13C \n"
483 "BL core_spytask_can_start \n"
484 "CMP R4, #0 \n"
485 "LDMNEFD SP!, {R4-R6,PC} \n"
486 "MOV R0, R5 \n"
487 "LDMFD SP!, {R4-R6,LR} \n"
488 "MOV R1, #0 \n"
489 "B sub_FF8828B0 \n"
490 );
491 }