1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4
5 const char * const new_sa = &_end;
6
7
8 // Forward declarations
9 void CreateTask_PhySw();
10 void CreateTask_spytask();
11 extern volatile int jogdial_stopped;
12 void JogDial_task_my(void);
13
14
15 /*---------------------------------------------------------------------
16 Memory Map:
17 00001900 MEMBASEADDR start of data - used for initialized vars
18 00010FE3 end of inited data
19 00010FE4 start of bss - used for zeroed/uninited vars
20 00016E2F end of bss
21 0016EE30 MEMISOSTART start of CHDK code / data / bss
22 001B0000 end of CHDK data (approx)
23 001B0001 start of DRYOS heap (approx)
24 0037FFFF end of heap (?)
25
26 41269150 raw buffer 0
27 46000000 raw buffer 1
28
29 C0xxxxxx I/O
30
31 FF810000 ROMBASEADDR start of rom
32 FFFFFFFF end of rom
33 ----------------------------------------------------------------------*/
34
35
36 /*----------------------------------------------------------------------
37 taskCreateHook()
38 -----------------------------------------------------------------------*/
39 void taskCreateHook(int *p)
40 {
41 p-=17;
42
43 if (p[0] == (int)0xFF88322C)
44 p[0] = (int) capt_seq_task;
45
46 if (p[0] == (int)0xFF98642C)
47 p[0] = (int) movie_record_task;
48
49 if (p[0] == (int)0xFF8A0AA0)
50 p[0] = (int) init_file_modules_task;
51
52 if (p[0] == (int)0xFF8CF1A8)
53 p[0] = (int) exp_drv_task;
54
55 if (p[0] == (int)0xFF865894)
56 p[0] = (int) JogDial_task_my;
57 }
58
59
60 /*----------------------------------------------------------------------
61 boot()
62
63 Main entry point for the CHDK code
64 -----------------------------------------------------------------------*/
65 void __attribute__((naked,noinline)) boot()
66 {
67
68 asm volatile (
69 " LDR R1, =0xC0410000 \n"
70 " MOV R0, #0 \n"
71 " STR R0, [R1] \n"
72
73 " MOV R1, #0x78 \n"
74 " MCR p15, 0, R1,c1,c0 \n" // control reg
75
76 " MOV R1, #0 \n"
77 " MCR p15, 0, R1,c7,c10, 4 \n" // drain write buffer
78 " MCR p15, 0, R1,c7,c5 \n" // flush instruction cache
79 " MCR p15, 0, R1,c7,c6 \n" // flush data cache
80
81 " MOV R0, #0x3D \n" // size 2GB base 0x00000000
82 " MCR p15, 0, R0,c6,c0 \n" // protection region 0
83 " MOV R0, #0xC000002F \n" // size 16M base 0xc0000000
84 " MCR p15, 0, R0,c6,c1 \n" // protection region 1
85 " MOV R0, #0x35 \n" // size 128M base 0x00000000 (s90 is 64M)
86 " MCR p15, 0, R0,c6,c2 \n" // protection region 2
87 " MOV R0, #0x40000035 \n" // size 128M base 0x40000000 (s90 is 64M)
88 " MCR p15, 0, R0,c6,c3 \n" // protection region 3
89 " MOV R0, #0x80000017 \n" // size 4k base 0x80000000
90 " MCR p15, 0, R0,c6,c4 \n" // protection region 4
91 " LDR R0, =0xFF80002D \n" // size 8M base 0xff800000
92 " MCR p15, 0, R0,c6,c5 \n" // protection region 5
93
94 " MOV R0, #0x34 \n" // regions 2,4,5
95 " MCR p15, 0, R0,c2,c0 \n" // data cachable bits
96 " MOV R0, #0x34 \n" // regions 2,4,5
97 " MCR p15, 0, R0,c2,c0, 1 \n" // instruction cachable bits
98
99 " MOV R0, #0x34 \n" // regions 2,4,5
100 " MCR p15, 0, R0,c3,c0 \n" // data bufferable bits
101 " LDR R0, =0x3333330 \n" // region 0,7 = --, 1-6 = rw
102 " MCR p15, 0, R0,c5,c0, 2 \n" // data access permission
103 " LDR R0, =0x3333330 \n" // region 0,7 = --, 1-6 = rw
104 " MCR p15, 0, R0,c5,c0, 3 \n" // instruction access permission
105
106 " MRC p15, 0, R0,c1,c0 \n" // control reg
107 " ORR R0, R0, #0x1000 \n" // enable L1 instruction cache
108 " ORR R0, R0, #4 \n" // L1 unified/data cache enable
109 " ORR R0, R0, #1 \n" // MMU or Protection Unit enable
110 " MCR p15, 0, R0,c1,c0 \n" // control reg
111
112 " MOV R1, #0x80000006 \n" // size 4K base 0x80000000
113 " MCR p15, 0, R1,c9,c1 \n" // data tightly-coupled memory
114 " MOV R1, #6 \n" // size 4K base 0x00000000
115 " MCR p15, 0, R1,c9,c1, 1 \n" // instruction tightly-coupled memory
116 " MRC p15, 0, R1,c1,c0 \n" // control reg
117
118 " ORR R1, R1, #0x50000 \n" // DRAM bit | IRAM bit
119 " MCR p15, 0, R1,c1,c0 \n" // control reg
120
121 " LDR R2, =0xC0200000 \n"
122 " MOV R1, #1 \n"
123 " STR R1, [R2,#0x10C] \n"
124
125 " MOV R1, #0xFF \n"
126 " STR R1, [R2,#0xC] \n"
127 " STR R1, [R2,#0x1C] \n"
128 " STR R1, [R2,#0x2C] \n"
129 " STR R1, [R2,#0x3C] \n"
130 " STR R1, [R2,#0x4C] \n"
131 " STR R1, [R2,#0x5C] \n"
132 " STR R1, [R2,#0x6C] \n"
133 " STR R1, [R2,#0x7C] \n"
134 " STR R1, [R2,#0x8C] \n"
135 " STR R1, [R2,#0x9C] \n"
136 " STR R1, [R2,#0xAC] \n"
137 " STR R1, [R2,#0xBC] \n"
138 " STR R1, [R2,#0xCC] \n"
139 " STR R1, [R2,#0xDC] \n"
140 " STR R1, [R2,#0xEC] \n"
141 " STR R1, [R2,#0xFC] \n"
142
143 " LDR R1, =0xC0400008 \n"
144 " LDR R2, =0x430005 \n"
145 " STR R2, [R1] \n"
146
147 " MOV R1, #1 \n"
148 " LDR R2, =0xC0243100 \n"
149 " STR R2, [R1] \n"
150
151 " LDR R2, =0xC0242010 \n"
152 " LDR R1, [R2] \n"
153 " ORR R1, R1, #1 \n"
154 " STR R1, [R2] \n"
155
156 " LDR R0, =0xFFC9A23C \n" // init data section
157 " LDR R1, =0x1900 \n"
158 " LDR R3, =0x10FE4 \n"
159 "loc_FF81013C: \n"
160 " CMP R1, R3 \n"
161 " LDRCC R2, [R0],#4 \n"
162 " STRCC R2, [R1],#4 \n"
163 " BCC loc_FF81013C \n"
164
165 " LDR R1, =0x16EE30 \n" // clear bss section
166 " MOV R2, #0 \n"
167 "loc_FF810154: \n"
168 " CMP R3, R1 \n"
169 " STRCC R2, [R3],#4 \n"
170 " BCC loc_FF810154 \n"
171
172 //" B sub_FF810354 \n"
173 " B sub_FF810354_my \n" // patched
174 );
175 };
176
177
178 /*----------------------------------------------------------------------
179 sub_FF810354_my
180 -----------------------------------------------------------------------*/
181 void __attribute__((naked,noinline)) sub_FF810354_my()
182 {
183 *(int*)0x1938 = (int)taskCreateHook;
184 *(int*)0x193C = (int)taskCreateHook;
185
186 // s95 @FF864D68
187 // fix for correct power-on
188 // must also comment out function in taskcreate_Startup_my
189
190 if ((*(int*) 0xC0220128) & 1) // look at play switch
191 *(int*)(0x25E8) = 0x200000; // start in play mode
192 else
193 *(int*)(0x25E8) = 0x100000; // start in rec mode
194
195 asm volatile (
196 " LDR R0, =0xFF8103CC \n"
197 " MOV R1, #0 \n"
198 " LDR R3, =0xFF810404 \n"
199 "loc_FF810360: \n"
200 " CMP R0, R3 \n"
201 " LDRCC R2, [R0],#4 \n"
202 " STRCC R2, [R1],#4 \n"
203 " BCC loc_FF810360 \n"
204 " LDR R0, =0xFF810404 \n"
205 " MOV R1, #0x4B0 \n"
206 " LDR R3, =0xFF810618 \n"
207 "loc_FF81037C: \n"
208 " CMP R0, R3 \n"
209 " LDRCC R2, [R0],#4 \n"
210 " STRCC R2, [R1],#4 \n"
211 " BCC loc_FF81037C \n"
212 " MOV R0, #0xD2 \n"
213 " MSR CPSR_cxsf, R0 \n"
214 " MOV SP, #0x1000 \n"
215 " MOV R0, #0xD3 \n"
216 " MSR CPSR_cxsf, R0 \n"
217 " MOV SP, #0x1000 \n"
218 " LDR R0, =0x6C4 \n"
219 " LDR R2, =0xEEEEEEEE \n"
220 " MOV R3, #0x1000 \n"
221 "loc_FF8103B0: \n"
222 " CMP R0, R3 \n"
223 " STRCC R2, [R0],#4 \n"
224 " BCC loc_FF8103B0 \n"
225
226 //" BL sub_FF811198 \n"
227 " BL sub_FF811198_my \n" // patched
228
229 "loc_FF8103C0: \n"
230 " ANDEQ R0, R0, R4,ASR#13 \n"
231 "loc_FF8103C4: \n"
232 " ANDEQ R0, R0, R0,ROR R6 \n"
233 "loc_FF8103C8: \n"
234 " ANDEQ R0, R0, R4,ROR R6 \n"
235 "loc_FF8103CC: \n"
236 " NOP \n"
237 " LDR PC, =0xFF810618 \n"
238 );
239 }
240
241
242 /*----------------------------------------------------------------------
243 sub_FF811198_my
244 -----------------------------------------------------------------------*/
245 void __attribute__((naked,noinline)) sub_FF811198_my()
246 {
247 asm volatile (
248 " STR LR, [SP,#-4]! \n"
249 " SUB SP, SP, #0x74 \n"
250 " MOV R0, SP \n"
251 " MOV R1, #0x74 \n"
252 " BL sub_FFB9F330 \n"
253 " MOV R0, #0x53000 \n"
254 " STR R0, [SP,#4] \n"
255
256 //" LDR R0, =0x16EE30 \n"
257 " LDR R0, =new_sa \n" // patched
258 " LDR R0, [R0] \n"
259
260 " LDR R1, =0x379C00 \n"
261 " STR R0, [SP,#8] \n"
262 " RSB R0, R0, #0x1F80 \n"
263 " ADD R0, R0, #0x370000 \n"
264 " STR R0, [SP,#0x0c] \n"
265 " LDR R0, =0x371F80 \n"
266 " STR R1, [SP,#0] \n"
267 " STRD R0, [SP,#0x10] \n"
268 " MOV R0, #0x22 \n"
269 " STR R0, [SP,#0x18] \n"
270 " MOV R0, #0x68 \n"
271 " STR R0, [SP,#0x1c] \n"
272 " LDR R0, =0x19B \n"
273
274 //" LDR R1, =sub_FF815EE0 \n"
275 " LDR R1, =sub_FF815EE0_my \n" // patched
276
277 " STR R0, [SP,#0x20] \n"
278 " MOV R0, #0x96 \n"
279 " STR R0, [SP,#0x24] \n"
280 " STR R0, [SP,#0x28] \n"
281 " MOV R0, #0x64 \n"
282 " STR R0, [SP,#0x2c] \n"
283 " MOV R0, #0 \n"
284 " STR R0, [SP,#0x30] \n"
285 " STR R0, [SP,#0x34] \n"
286 " MOV R0, #0x10 \n"
287 " STR R0, [SP,#0x5c] \n"
288 " MOV R0, #0x800 \n"
289 " STR R0, [SP,#0x60] \n"
290 " MOV R0, #0xA0 \n"
291 " STR R0, [SP,#0x64] \n"
292 " MOV R0, #0x280 \n"
293 " STR R0, [SP,#0x68] \n"
294 " MOV R0, SP \n"
295 " MOV R2, #0 \n"
296 " BL sub_FF8134B8 \n"
297 " ADD SP, SP, #0x74 \n"
298 " LDR PC, [SP],#4 \n"
299 );
300 }
301
302
303 /*----------------------------------------------------------------------
304 sub_FF815EE0_my
305 -----------------------------------------------------------------------*/
306 void __attribute__((naked,noinline)) sub_FF815EE0_my()
307 {
308 asm volatile (
309 " STMFD SP!, {R4,LR} \n"
310 " BL sub_FF810B20 \n"
311 " BL sub_FF81A33C \n" // dmSetup
312 " CMP R0, #0 \n"
313 " LDRLT r0, =0xFF815FF4 \n" // "dmSetup"
314 " BLLT sub_FF815FD4 \n" // err_init_task
315 " BL sub_FF815B1C \n"
316 " CMP R0, #0 \n"
317 " LDRLT R0, =0xFF815FFC \n" // "termDriverInit"
318 " BLLT sub_FF815FD4 \n" // err_init_task
319 " LDR R0, =0xFF81600C \n" // "/_term"
320 " BL sub_FF815C04 \n" // termDeviceCreate
321 " CMP R0, #0 \n"
322 " LDRLT R0, =0xFF816014 \n" // "termDeviceCreate"
323 " BLLT sub_FF815FD4 \n" // err_init_task
324 " LDR R0, =0xFF81600C \n" // "/_term"
325 " BL sub_FF813CA4 \n"
326 " CMP R0, #0 \n"
327 " LDRLT R0, =0xFF816028 \n" // "stdioSetup"
328 " BLLT sub_FF815FD4 \n" // err_init_task
329 " BL sub_FF819CC4 \n"
330 " CMP R0, #0 \n"
331 " LDRLT R0, =0xFF816034 \n" // "stdlibSetup"
332 " BLLT sub_FF815FD4 \n" // err_init_task
333 " BL sub_FF81167C \n"
334 " CMP R0, #0 \n"
335 " LDRLT R0, =0xFF816040 \n" // "armlib_setup"
336 " BLLT sub_FF815FD4 \n" // err_init_task
337 " LDMFD SP!, {R4,LR} \n"
338
339 //" B sub_FF81FB54 \n" // taskcreate_Startup
340 " B taskcreate_Startup_my \n" // patched
341
342 " MOV R0, #0 \n"
343 " LDMFD SP!, {R3-R5,PC} \n"
344 );
345 }
346
347
348 /*----------------------------------------------------------------------
349 taskcreate_Startup_my
350 -----------------------------------------------------------------------*/
351 void __attribute__((naked,noinline)) taskcreate_Startup_my()
352 {
353 asm volatile (
354 " STMFD SP!, {R3-R5,LR} \n"
355 " BL sub_FF8346CC \n" // j_nullsub_60
356 " BL sub_FF83C6B0 \n"
357 " CMP R0, #0 \n"
358 " BNE loc_FF81FBA8 \n"
359 " BL sub_FF8360B8 \n"
360 " CMP R0, #0 \n"
361 " BEQ loc_FF81FBA8 \n"
362 " LDR R4, =0xC0220000 \n"
363 " LDR R0, [R4,#0x12C] \n"
364 " TST R0, #1 \n"
365 " MOVEQ R0, #0x12C \n"
366 " BLEQ sub_FF83AA4C \n" // eventproc_export_SleepTask
367 " BL sub_FF8346C8 \n"
368 " CMP R0, #0 \n"
369 " BNE loc_FF81FBA8 \n"
370 " BL sub_FF833D5C \n"
371 " MOV R0, #0x44 \n"
372 " STR R0, [R4,#0x1C] \n"
373 " BL sub_FF833F4C \n"
374 "loc_FF81FBA4: \n"
375 " B loc_FF81FBA4 \n"
376 "loc_FF81FBA8: \n"
377
378 // we must remove this for power-on mode handling in sub_FF810354_my to work
379 //" BL sub_FF8346D4 \n"
380
381 " BL sub_FF8346D0 \n" // j_nullsub_61
382 " BL sub_FF83A8C4 \n"
383 " LDR R1, =0x3CE000 \n"
384 " MOV R0, #0 \n"
385 " BL sub_FF83AD0C \n"
386 " BL sub_FF83AAB8 \n"
387 " MOV R3, #0 \n"
388 " STR R3, [SP] \n"
389
390 //" LDR R3, =0xFF81FAF0 \n" // task_Startup
391 " LDR R3, =task_Startup_my \n" // patched
392
393 " MOV R2, #0 \n"
394 " MOV R1, #0x19 \n"
395 " LDR R0, =0xFF81FBF0 \n" // "Startup"
396 " BL sub_FF81E8A0 \n" // eventproc_export_CreateTask
397 " MOV R0, #0 \n"
398 " LDMFD SP!, {R3-R5,PC} \n"
399
400 );
401 }
402
403
404 /*----------------------------------------------------------------------
405 task_Startup_my
406 -----------------------------------------------------------------------*/
407 void __attribute__((naked,noinline)) task_Startup_my()
408 {
409 asm volatile (
410 " STMFD SP!, {R4,LR} \n"
411 " BL sub_FF816594 \n" // taskcreate_ClockSave
412 " BL sub_FF835830 \n"
413 " BL sub_FF8339B4 \n"
414 " BL sub_FF83C6F4 \n" // j_nullsub_63
415 " BL sub_FF83C8E0 \n"
416
417 //" BL sub_FF83C788 \n" // Skip starting diskboot.bin again
418
419 " BL sub_FF83CA88 \n"
420 " BL sub_FF832484 \n"
421 " BL sub_FF83C910 \n"
422 " BL sub_FF83A068 \n"
423 " BL sub_FF83CA8C \n"
424
425 //" BL sub_FF8345B0 \n" // taskcreate_PhySw
426 );
427
428 CreateTask_PhySw(); // our keyboard task
429
430 CreateTask_spytask(); // chdk initialization
431
432 asm volatile (
433 " BL sub_FF837D14 \n"
434 " BL sub_FF83CAA4 \n"
435 " BL sub_FF831888 \n" // nullsub_2
436 " BL sub_FF833318 \n"
437 " BL sub_FF83C478 \n" // taskcreate_Bye
438 " BL sub_FF833968 \n"
439 " BL sub_FF8332B4 \n"
440 " BL sub_FF8324B8 \n"
441 " BL sub_FF83D670 \n"
442 " BL sub_FF833278 \n"
443 " LDMFD SP!, {R4,LR} \n"
444 " B sub_FF8166B4 \n"
445 );
446 }
447
448
449 /*----------------------------------------------------------------------
450 spytask
451 -----------------------------------------------------------------------*/
452 void spytask(long ua, long ub, long uc, long ud, long ue, long uf)
453 {
454 (void)ua; (void)ub; (void)uc; (void)ud; (void)ue; (void)uf;
455 core_spytask();
456 }
457
458
459 /*----------------------------------------------------------------------
460 CreateTask_spytask
461 -----------------------------------------------------------------------*/
462 void CreateTask_spytask()
463 {
464 _CreateTask("SpyTask", 0x19, 0x2000, spytask, 0);
465 }
466
467
468 /*----------------------------------------------------------------------
469 CreateTask_PhySw
470 -----------------------------------------------------------------------*/
471 void __attribute__((naked,noinline)) CreateTask_PhySw()
472 {
473 asm volatile (
474 " STMFD SP!, {R3-R5,LR} \n"
475 " LDR R4, =0x1C30 \n"
476 " LDR R0, [R4,#0x10] \n"
477 " CMP R0, #0 \n"
478 " BNE loc_FF8345E4 \n"
479 " MOV R3, #0 \n"
480 " STR R3, [SP] \n"
481
482 //" ADR R3, task_PhySw \n"
483 //" LDR R3, =sub_FF83457C \n"
484 //" MOV R2, #0x800 \n"
485
486 " LDR R3, =mykbd_task \n" // PhySw Task patch
487 " MOV R2, #0x2000 \n" // larger stack
488
489 " MOV R1, #0x17 \n"
490 " LDR R0, =0xFF8347DC \n" // "PhySw"
491 " BL sub_FF83AB0C \n" // KernelCreateTask
492 " STR R0, [R4,#0x10] \n"
493 "loc_FF8345E4: \n"
494 " BL sub_FF865BC0 \n"
495 " BL sub_FF894834 \n"
496 " BL sub_FF836030 \n"
497 " CMP R0, #0 \n"
498 " LDREQ R1, =0x34CC0 \n"
499 " LDMEQFD SP!, {R3-R5,LR} \n"
500 " BEQ sub_FF8947BC \n" // eventproc_export_OpLog.Start
501 " LDMFD SP!, {R3-R5,PC} \n"
502 );
503 }
504
505
506 /*----------------------------------------------------------------------
507 init_file_modules_task()
508 -----------------------------------------------------------------------*/
509 void __attribute__((naked,noinline)) init_file_modules_task()
510 {
511 asm volatile (
512 " STMFD SP!, {R4-R6,LR} \n"
513 " BL sub_FF896CE0 \n"
514 " LDR R5, =0x5006 \n"
515 " MOVS R4, R0 \n"
516 " MOVNE R1, #0 \n"
517 " MOVNE R0, R5 \n"
518 " BLNE sub_FF89AAD4 \n" // eventproc_export_PostLogicalEventToUI
519
520 //" BL sub_FF896D0C \n"
521 " BL sub_FF896D0C_my \n" // patched
522
523 " BL core_spytask_can_start\n" // added
524
525 " CMP R4, #0 \n"
526 " MOVEQ R0, R5 \n"
527 " LDMEQFD SP!, {R4-R6,LR} \n"
528 " MOVEQ R1, #0 \n"
529 " BEQ sub_FF89AAD4 \n" // eventproc_export_PostLogicalEventToUI
530 " LDMFD SP!, {R4-R6,PC} \n"
531 );
532 }
533
534
535 /*----------------------------------------------------------------------
536 sub_FF896D0C_my()
537 -----------------------------------------------------------------------*/
538 void __attribute__((naked,noinline)) sub_FF896D0C_my()
539 {
540 asm volatile (
541 " STMFD SP!, {R4,LR} \n"
542 " MOV R0, #3 \n"
543
544 //" BL sub_FF876598 \n"
545 " BL sub_FF876598_my \n" // patched
546
547 " BL sub_FF96A8E8 \n" // nullsub_94
548 " LDR R4, =0x3244 \n"
549 " LDR R0, [R4,#4] \n"
550 " CMP R0, #0 \n"
551 " BNE loc_FF896D44 \n"
552 " BL sub_FF8757DC \n"
553 " BL sub_FF95D878 \n"
554 " BL sub_FF8757DC \n"
555 " BL sub_FF871B80 \n"
556 " BL sub_FF8756DC \n"
557 " BL sub_FF95D914 \n"
558 "loc_FF896D44: \n"
559 " MOV R0, #1 \n"
560 " STR R0, [R4] \n"
561 " LDMFD SP!, {R4,PC} \n"
562 );
563 }
564
565
566 /*----------------------------------------------------------------------
567 sub_FF876598_my()
568 -----------------------------------------------------------------------*/
569 void __attribute__((naked,noinline)) sub_FF876598_my()
570 {
571 asm volatile (
572 " STMFD SP!, {R4-R8,LR} \n"
573 " MOV R8, R0 \n"
574 " BL sub_FF876518 \n"
575 " LDR R1, =0x3B0A8 \n"
576 " MOV R6, R0 \n"
577 " ADD R4, R1, R0,LSL#7 \n"
578 " LDR R0, [R4,#0x6C] \n"
579 " CMP R0, #4 \n"
580 " LDREQ R1, =0x83F \n"
581 " LDREQ R0, =0xFF876058 \n"
582 " BLEQ sub_FF81EB78 \n" // DebugAssert
583 " MOV R1, R8 \n"
584 " MOV R0, R6 \n"
585 " BL sub_FF875DCC \n"
586 " LDR R0, [R4,#0x38] \n"
587 " BL sub_FF876C3C \n"
588 " CMP R0, #0 \n"
589 " STREQ R0, [R4,#0x6C] \n"
590 " MOV R0, R6 \n"
591 " BL sub_FF875E5C \n"
592 " MOV R0, R6 \n"
593
594 //" BL sub_FF8761C0 \n"
595 " BL sub_FF8761C0_my \n" // patched
596
597 " MOV R5, R0 \n"
598 " MOV R0, R6 \n"
599 " BL sub_FF8763F0 \n"
600 " LDR R6, [R4,#0x3C] \n"
601 " AND R7, R5, R0 \n"
602 " CMP R6, #0 \n"
603 " LDR R1, [R4,#0x38] \n"
604 " MOVEQ R0, #0x80000001 \n"
605 " MOV R5, #0 \n"
606 " BEQ loc_FF876648 \n"
607 " MOV R0, R1 \n"
608 " BL sub_FF875944 \n"
609 " CMP R0, #0 \n"
610 " MOVNE R5, #4 \n"
611 " CMP R6, #5 \n"
612 " ORRNE R0, R5, #1 \n"
613 " BICEQ R0, R5, #1 \n"
614 " CMP R7, #0 \n"
615 " BICEQ R0, R0, #2 \n"
616 " ORREQ R0, R0, #0x80000000 \n"
617 " BICNE R0, R0, #0x80000000 \n"
618 " ORRNE R0, R0, #2 \n"
619
620 "loc_FF876648: \n"
621 " CMP R8, #7 \n"
622 " STR R0, [R4,#0x40] \n"
623 " LDMNEFD SP!, {R4-R8,PC} \n"
624 " MOV R0, R8 \n"
625 " BL sub_FF876568 \n"
626 " CMP R0, #0 \n"
627 " LDMEQFD SP!, {R4-R8,LR} \n"
628 " LDREQ R0, =0xFF876694 \n" // "EMEM MOUNT ERROR"
629 " BEQ sub_FF81177C \n" // qPrintf
630 " LDMFD SP!, {R4-R8,PC} \n"
631 );
632 }
633
634
635 /*----------------------------------------------------------------------
636 sub_FF8761C0_my()
637 -----------------------------------------------------------------------*/
638 void __attribute__((naked,noinline)) sub_FF8761C0_my()
639 {
640 asm volatile (
641 " STMFD SP!, {R4-R6,LR} \n"
642 " MOV R5, R0 \n"
643 " LDR R0, =0x3B0A8 \n"
644 " ADD R4, R0, R5,LSL#7 \n"
645 " LDR R0, [R4,#0x6C] \n"
646 " TST R0, #2 \n"
647 " MOVNE R0, #1 \n"
648 " LDMNEFD SP!, {R4-R6,PC} \n"
649 " LDR R0, [R4,#0x38] \n"
650 " MOV R1, R5 \n"
651
652 //" BL sub_FF875EE0 \n"
653 " BL sub_FF875EE0_my \n" // patched
654
655 " CMP R0, #0 \n"
656 " LDRNE R0, [R4,#0x38] \n"
657 " MOVNE R1, R5 \n"
658 " BLNE sub_FF87607C \n"
659 " LDR R2, =0x3B128 \n"
660 " ADD R1, R5, R5,LSL#4 \n"
661 " LDR R1, [R2,R1,LSL#2] \n"
662 " CMP R1, #4 \n"
663 " BEQ loc_FF876220 \n"
664 " CMP R0, #0 \n"
665 " LDMEQFD SP!, {R4-R6,PC} \n"
666 " MOV R0, R5 \n"
667 " BL sub_FF8759D4 \n"
668 "loc_FF876220: \n"
669 " CMP R0, #0 \n"
670 " LDRNE R1, [R4,#0x6C] \n"
671 " ORRNE R1, R1, #2 \n"
672 " STRNE R1, [R4,#0x6C] \n"
673 " LDMFD SP!, {R4-R6,PC} \n"
674 );
675 }
676
677
678 /*----------------------------------------------------------------------
679 sub_FF875EE0_my()
680 -----------------------------------------------------------------------*/
681 void __attribute__((naked,noinline)) sub_FF875EE0_my()
682 {
683 asm volatile (
684 " STMFD SP!, {R4-R10,LR} \n"
685 " MOV R9, R0 \n"
686 " LDR R0, =0x3B0A8 \n"
687 " MOV R8, #0 \n"
688 " ADD R5, R0, R1,LSL#7 \n"
689 " LDR R0, [R5,#0x3C] \n"
690 " MOV R7, #0 \n"
691 " CMP R0, #7 \n"
692 " MOV R6, #0 \n"
693 " ADDLS PC, PC, R0,LSL#2 \n"
694 " B loc_FF876038 \n"
695 "loc_FF875F0C: \n"
696 " B loc_FF875F44 \n"
697 "loc_FF875F10: \n"
698 " B loc_FF875F2C \n"
699 "loc_FF875F14: \n"
700 " B loc_FF875F2C \n"
701 "loc_FF875F18: \n"
702 " B loc_FF875F2C \n"
703 "loc_FF875F1C: \n"
704 " B loc_FF875F2C \n"
705 "loc_FF875F20: \n"
706 " B loc_FF876030 \n"
707 "loc_FF875F24: \n"
708 " B loc_FF875F2C \n"
709 "loc_FF875F28: \n"
710 " B loc_FF875F2C \n"
711 "loc_FF875F2C: \n"
712 // jumptable FF875F04 entries 1-4,6,7
713 " MOV R2, #0 \n"
714 " MOV R1, #0x200 \n"
715 " MOV R0, #2 \n"
716 " BL sub_FF890D90 \n"
717 " MOVS R4, R0 \n"
718 " BNE loc_FF875F4C \n"
719 "loc_FF875F44: \n"
720 // jumptable FF875F04 entry 0
721 " MOV R0, #0 \n"
722 " LDMFD SP!, {R4-R10,PC} \n"
723 "loc_FF875F4C: \n"
724 " LDR R12, [R5,#0x50] \n"
725 " MOV R3, R4 \n"
726 " MOV R2, #1 \n"
727 " MOV R1, #0 \n"
728 " MOV R0, R9 \n"
729 " BLX R12 \n"
730 " CMP R0, #1 \n"
731 " BNE loc_FF875F78 \n"
732 " MOV R0, #2 \n"
733 " BL sub_FF890EE0 \n"
734 " B loc_FF875F44 \n"
735 "loc_FF875F78: \n"
736 " LDR R1, [R5,#0x64] \n"
737 " MOV R0, R9 \n"
738 " BLX R1 \n"
739
740 //------------------ begin added code ---------------
741 "MOV R1, R4\n" // pointer to MBR in R1
742 "BL mbr_read_dryos\n" // total sectors count in R0 before and after call
743
744 // Start of DataGhost's FAT32 autodetection code
745 // Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
746 // According to the code below, we can use R1, R2, R3 and R12.
747 // LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
748 // that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
749 "MOV R12, R4\n" // Copy the MBR start address so we have something to work with
750 "MOV LR, R4\n" // Save old offset for MBR signature
751 "MOV R1, #1\n" // Note the current partition number
752 "B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
753 "dg_sd_fat32:\n"
754 "CMP R1, #4\n" // Did we already see the 4th partition?
755 "BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
756 "ADD R12, R12, #0x10\n" // Second partition
757 "ADD R1, R1, #1\n" // Second partition for the loop
758 "dg_sd_fat32_enter:\n"
759 "LDRB R2, [R12, #0x1BE]\n" // Partition status
760 "LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
761 "CMP R3, #0xB\n" // Is this a FAT32 partition?
762 "CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
763 "BNE dg_sd_fat32\n" // No, it isn't.
764 "CMP R2, #0x00\n" // It is, check the validity of the partition type
765 "CMPNE R2, #0x80\n"
766 "BNE dg_sd_fat32\n" // Invalid, go to next partition
767 // This partition is valid, it's the first one, bingo!
768 "MOV R4, R12\n" // Move the new MBR offset for the partition detection.
769
770 "dg_sd_fat32_end:\n"
771 // End of DataGhost's FAT32 autodetection code
772 //------------------ end added code ---------------
773
774 " LDRB R1, [R4,#0x1C9] \n"
775 " LDRB R3, [R4,#0x1C8] \n"
776 " LDRB R12, [R4,#0x1CC] \n"
777 " MOV R1, R1,LSL#24 \n"
778 " ORR R1, R1, R3,LSL#16 \n"
779 " LDRB R3, [R4,#0x1C7] \n"
780 " LDRB R2, [R4,#0x1BE] \n"
781
782 //" LDRB LR, [R4,#0x1FF] \n" // replaced, see below
783
784 " ORR R1, R1, R3,LSL#8 \n"
785 " LDRB R3, [R4,#0x1C6] \n"
786 " CMP R2, #0 \n"
787 " CMPNE R2, #0x80 \n"
788 " ORR R1, R1, R3 \n"
789 " LDRB R3, [R4,#0x1CD] \n"
790 " MOV R3, R3,LSL#24 \n"
791 " ORR R3, R3, R12,LSL#16 \n"
792 " LDRB R12, [R4,#0x1CB] \n"
793 " ORR R3, R3, R12,LSL#8 \n"
794 " LDRB R12, [R4,#0x1CA] \n"
795 " ORR R3, R3, R12 \n"
796
797 //" LDRB R12, [R4,#0x1FE] \n"
798 "LDRB R12, [LR,#0x1FE]\n" // New! First MBR signature byte (0x55)
799 "LDRB LR, [LR,#0x1FF]\n" // Last MBR signature byte (0xAA)
800
801 " BNE loc_FF876004 \n"
802 " CMP R0, R1 \n"
803 " BCC loc_FF876004 \n"
804 " ADD R2, R1, R3 \n"
805 " CMP R2, R0 \n"
806 " CMPLS R12, #0x55 \n"
807 " CMPEQ LR, #0xAA \n"
808 " MOVEQ R7, R1 \n"
809 " MOVEQ R6, R3 \n"
810 " MOVEQ R4, #1 \n"
811 " BEQ loc_FF876008 \n"
812 "loc_FF876004: \n"
813 " MOV R4, R8 \n"
814 "loc_FF876008: \n"
815 " MOV R0, #2 \n"
816 " BL sub_FF890EE0 \n"
817 " CMP R4, #0 \n"
818 " BNE loc_FF876044 \n"
819 " LDR R1, [R5,#0x64] \n"
820 " MOV R7, #0 \n"
821 " MOV R0, R9 \n"
822 " BLX R1 \n"
823 " MOV R6, R0 \n"
824 " B loc_FF876044 \n"
825 "loc_FF876030: \n"
826 // jumptable FF875F04 entry 5
827 " MOV R6, #0x40 \n"
828 " B loc_FF876044 \n"
829 "loc_FF876038: \n"
830 // jumptable FF875F04 default entry
831 " LDR R1, =0x597 \n"
832 " LDR R0, =0xFF876058 \n" // "Mounter.c"
833 " BL sub_FF81EB78 \n" // DebugAssert
834 "loc_FF876044: \n"
835 " STR R7, [R5,#0x44]! \n"
836 " STMIB R5, {R6,R8} \n"
837 " MOV R0, #1 \n"
838 " LDMFD SP!, {R4-R10,PC} \n"
839 );
840 }
841
842
843 /*----------------------------------------------------------------------
844 JogDial_task_my()
845
846 Patched jog dial task
847 -----------------------------------------------------------------------*/
848 void __attribute__((naked,noinline)) JogDial_task_my()
849 {
850 asm volatile (
851 " STMFD SP!, {R4-R11,LR} \n"
852 " SUB SP, SP, #0x24 \n"
853 " BL sub_FF865C2C \n"
854 " LDR R1, =0x25FC \n"
855 " LDR R6, =0xFFBA5474 \n"
856 " MOV R0, #0 \n"
857 " ADD R3, SP, #0x18 \n"
858 " ADD R12, SP, #0x1c \n"
859 " ADD R10, SP, #0x08 \n"
860 " MOV R2, #0 \n"
861 " ADD R9, SP, #0x10 \n"
862
863 "loc_FF8658C0: \n"
864 " ADD R12, SP, #0x1c \n"
865 " ADD LR, R12, R0,LSL#1 \n"
866 " MOV R2, #0 \n"
867 " ADD R3, SP, #0x18 \n"
868 " STRH R2, [LR] \n"
869 " ADD LR, R3, R0,LSL#1 \n"
870 " STRH R2, [LR] \n"
871 " STR R2, [R9,R0,LSL#2] \n"
872 " STR R2, [R10,R0,LSL#2] \n"
873 " ADD R0, R0, #1 \n"
874 " CMP R0, #2 \n"
875 " BLT loc_FF8658C0 \n"
876
877 "loc_FF8658F0: \n"
878 " LDR R0, =0x25FC \n"
879 " MOV R2, #0 \n"
880 " LDR R0, [R0,#8] \n"
881 " MOV R1, SP \n"
882 " BL sub_FF83A2F8 \n"
883 " CMP R0, #0 \n"
884 " LDRNE R1, =0x262 \n"
885 " LDRNE R0, =0xFF865B50 \n" // "RotaryEncoder.c"
886 " BLNE sub_FF81EB78 \n" // DebugAssert
887
888 //------------------ begin added code ---------------
889 "labelA:\n"
890 "LDR R0, =jogdial_stopped\n"
891 "LDR R0, [R0]\n"
892 "CMP R0, #1\n"
893 "BNE labelB\n" // continue on if jogdial_stopped = 0
894 "MOV R0, #40\n"
895 "BL _SleepTask\n" // jogdial_stopped=1 -- give time back to OS and suspend jogdial task
896 "B labelA\n"
897 "labelB:\n"
898 //------------------ end added code -----------------
899
900 " LDR R0, [SP] \n"
901 " AND R4, R0, #0xFF \n"
902 " AND R0, R0, #0xFF00 \n"
903 " CMP R0, #0x100 \n"
904 " BEQ loc_FF865960 \n"
905 " CMP R0, #0x200 \n"
906 " BEQ loc_FF865998 \n"
907 " CMP R0, #0x300 \n"
908 " BEQ loc_FF865B90 \n"
909 " CMP R0, #0x400 \n"
910 " BNE loc_FF8658F0 \n"
911 " CMP R4, #0 \n"
912 " LDRNE R1, =0x2ED \n"
913 " LDRNE R0, =0xFF865B50 \n" // "RotaryEncoder.c"
914 " BLNE sub_FF81EB78 \n" // DebugAssert
915 " RSB R0, R4, R4,LSL#3 \n"
916 " LDR R0, [R6,R0,LSL#2] \n"
917
918 "loc_FF865958: \n"
919 " BL sub_FF865C10 \n"
920 " B loc_FF8658F0 \n"
921
922 "loc_FF865960: \n"
923 " LDR R7, =0x260C \n"
924 " LDR R0, [R7,R4,LSL#2] \n"
925 " BL sub_FF83B290 \n"
926 " LDR R2, =0xFF8657E0 \n"
927 " ADD R1, R2, #0 \n"
928 " ORR R3, R4, #0x200 \n"
929 " MOV R0, #0x28 \n"
930 " BL sub_FF83B1AC \n"
931 " TST R0, #1 \n"
932 " CMPNE R0, #0x15 \n"
933 " STR R0, [R10,R4,LSL#2] \n"
934 " BEQ loc_FF8658F0 \n"
935 " MOV R1, #0x274 \n"
936 " B loc_FF865B3C \n"
937
938 "loc_FF865998: \n"
939 " RSB R5, R4, R4,LSL#3 \n"
940 " LDR R0, [R6,R5,LSL#2] \n"
941 " LDR R1, =0xC0240104 \n"
942 " LDR R0, [R1,R0,LSL#8] \n"
943 " MOV R2, R0,ASR#16 \n"
944 " ADD R0, SP, #0x1c \n"
945 " ADD R0, R0, R4,LSL#1 \n"
946 " STR R0, [SP,#0x20] \n"
947 " STRH R2, [R0] \n"
948 " ADD R0, SP, #0x18 \n"
949 " ADD R11, R0, R4,LSL#1 \n"
950 " LDRSH R3, [R11] \n"
951 " SUB R0, R2, R3 \n"
952 " CMP R0, #0 \n"
953 " BNE loc_FF865A18 \n"
954 " LDR R0, [R9,R4,LSL#2] \n"
955 " CMP R0, #0 \n"
956 " BEQ loc_FF865AF8 \n"
957 " LDR R7, =0x260C \n"
958 " LDR R0, [R7,R4,LSL#2] \n"
959 " BL sub_FF83B290 \n"
960 " LDR R2, =0xFF8657EC \n"
961 " ADD R1, R2, #0 \n"
962 " ORR R3, R4, #0x300 \n"
963 " MOV R0, #0x1F4 \n"
964 " BL sub_FF83B1AC \n"
965 " TST R0, #1 \n"
966 " CMPNE R0, #0x15 \n"
967 " STR R0, [R7,R4,LSL#2] \n"
968 " BEQ loc_FF865AF8 \n"
969 " LDR R1, =0x28D \n"
970 " B loc_FF865AF0 \n"
971
972 "loc_FF865A18: \n"
973 " MOV R1, R0 \n"
974 " RSBLT R0, R0, #0 \n"
975 " MOVLE R7, #0 \n"
976 " MOVGT R7, #1 \n"
977 " CMP R0, #0xFF \n"
978 " BLS loc_FF865A58 \n"
979 " CMP R1, #0 \n"
980 " RSBLE R0, R3, #0xFF \n"
981 " ADDLE R0, R0, #0x7F00 \n"
982 " ADDLE R0, R0, R2 \n"
983 " RSBGT R0, R2, #0xFF \n"
984 " ADDGT R0, R0, #0x7F00 \n"
985 " ADDGT R0, R0, R3 \n"
986 " ADD R0, R0, #0x8000 \n"
987 " ADD R0, R0, #1 \n"
988 " EOR R7, R7, #1 \n"
989
990 "loc_FF865A58: \n"
991 " STR R0, [SP,#0x04] \n"
992 " LDR R0, [R9,R4,LSL#2] \n"
993 " CMP R0, #0 \n"
994 " ADDEQ R0, R6, R5,LSL#2 \n"
995 " LDREQ R0, [R0,#8] \n"
996 " BEQ loc_FF865A90 \n"
997 " ADD R8, R6, R5,LSL#2 \n"
998 " ADD R1, R8, R7,LSL#2 \n"
999 " LDR R1, [R1,#0x10] \n"
1000 " CMP R1, R0 \n"
1001 " BEQ loc_FF865A94 \n"
1002 " LDR R0, [R8,#0xC] \n"
1003 " BL sub_FF89CCA4 \n"
1004 " LDR R0, [R8,#8] \n"
1005
1006 "loc_FF865A90: \n"
1007 " BL sub_FF89CCA4 \n"
1008
1009 "loc_FF865A94: \n"
1010 " ADD R0, R6, R5,LSL#2 \n"
1011 " ADD R7, R0, R7,LSL#2 \n"
1012 " LDR R0, [R7,#0x10] \n"
1013 " LDR R1, [SP,#0x04] \n"
1014 " BL sub_FF89CBCC \n"
1015 " LDR R0, [R7,#0x10] \n"
1016 " LDR R7, =0x260C \n"
1017 " STR R0, [R9,R4,LSL#2] \n"
1018 " LDR R0, [SP,#0x20] \n"
1019 " LDRH R0, [R0] \n"
1020 " STRH R0, [R11] \n"
1021 " LDR R0, [R7,R4,LSL#2] \n"
1022 " BL sub_FF83B290 \n"
1023 " LDR R2, =0xFF8657EC \n"
1024 " ADD R1, R2, #0 \n"
1025 " ORR R3, R4, #0x300 \n"
1026 " MOV R0, #0x1F4 \n"
1027 " BL sub_FF83B1AC \n"
1028 " TST R0, #1 \n"
1029 " CMPNE R0, #0x15 \n"
1030 " STR R0, [R7,R4,LSL#2] \n"
1031 " BEQ loc_FF865AF8 \n"
1032 " LDR R1, =0x2CF \n"
1033
1034 "loc_FF865AF0: \n"
1035 " LDR R0, =0xFF865B50 \n" // "RotaryEncoder.c"
1036 " BL sub_FF81EB78 \n" // DebugAssert
1037
1038 "loc_FF865AF8: \n"
1039 " ADD R0, R6, R5,LSL#2 \n"
1040 " LDR R0, [R0,#0x18] \n"
1041 " CMP R0, #1 \n"
1042 " BNE loc_FF865B88 \n"
1043 " LDR R0, =0x25FC \n"
1044 " LDR R0, [R0,#0xC] \n"
1045 " CMP R0, #0 \n"
1046 " BEQ loc_FF865B88 \n"
1047 " LDR R2, =0xFF8657E0 \n"
1048 " ADD R1, R2, #0 \n"
1049 " ORR R3, R4, #0x400 \n"
1050 " BL sub_FF83B1AC \n"
1051 " TST R0, #1 \n"
1052 " CMPNE R0, #0x15 \n"
1053 " STR R0, [R10,R4,LSL#2] \n"
1054 " BEQ loc_FF8658F0 \n"
1055 " LDR R1, =0x2D6 \n"
1056
1057 "loc_FF865B3C: \n"
1058 " LDR R0, =0xFF865B50 \n" // "RotaryEncoder.c"
1059 " BL sub_FF81EB78 \n" // DebugAssert
1060 " B loc_FF8658F0 \n"
1061
1062 "NOP \n"
1063
1064 "loc_FF865B88: \n"
1065 " LDR R0, [R6,R5,LSL#2] \n"
1066 " B loc_FF865958 \n"
1067
1068 "loc_FF865B90: \n"
1069 " LDR R0, [R9,R4,LSL#2] \n"
1070 " CMP R0, #0 \n"
1071 " MOVEQ R1, #0x2E0 \n"
1072 " LDREQ R0, =0xFF865B50 \n" // "RotaryEncoder.c"
1073 " BLEQ sub_FF81EB78 \n" // DebugAssert
1074 " RSB R0, R4, R4,LSL#3 \n"
1075 " ADD R0, R6, R0,LSL#2 \n"
1076 " LDR R0, [R0,#0xC] \n"
1077 " BL sub_FF89CCA4 \n"
1078 " MOV R2, #0 \n"
1079 " STR R2, [R9,R4,LSL#2] \n"
1080 " B loc_FF8658F0 \n"
1081 );
1082 };