root/platform/g5x/sub/101a/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. spytask
  2. CreateTask_spytask
  3. boot
  4. CreateTask_my
  5. sub_fc066258_my
  6. sub_fc0663e8_my
  7. sub_fc0667de_my
  8. sub_fc0ecf20_my
  9. task_Startup_my
  10. sub_fc0ece46_my
  11. init_file_modules_task
  12. kbd_p2_f_my
  13. sub_fc09b570_my
  14. kbd_p1_f_cont_my
  15. sub_fc0ecc40_my
  16. task_TricInitTask_my

   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 #include "dryos31.h"
   5 
   6 #include "camera_info.h"
   7 
   8 const char * const new_sa = &_end;
   9 
  10 // Forward declarations
  11 extern void task_CaptSeq ();
  12 extern void task_InitFileModules ();
  13 //extern void task_MovieRecord();
  14 extern void task_ExpDrv ();
  15 
  16 /*----------------------------------------------------------------------
  17  spytask
  18  -----------------------------------------------------------------------*/
  19 void
  20 spytask (long ua, long ub, long uc, long ud, long ue, long uf)
  21 {
  22     core_spytask ();
  23 }
  24 
  25 /*----------------------------------------------------------------------
  26  CreateTask_spytask
  27  -----------------------------------------------------------------------*/
  28 void
  29 CreateTask_spytask ()
  30 {
  31     _CreateTask ("SpyTask", 0x19, 0x2000, spytask, 0);
  32 }
  33 
  34 /*----------------------------------------------------------------------
  35  boot()
  36 
  37  Main entry point for the CHDK code
  38  -----------------------------------------------------------------------*/
  39 
  40 /*************************************************************/
  41 void __attribute__((naked,noinline))
  42 boot ()
  43 {
  44     asm volatile ( // 0xfc02000c
  45             //capdis -f=chdk -s=0xfc02000d -c=43 -stubs PRIMARY.BIN 0xfc000000
  46             "    movw    r0, #0x4000\n"
  47             "    movt    r0, #0\n"
  48             "    mov     sp, r0\n"
  49             "    bl      sub_fc02007e\n"
  50             "    ldr     r2, =0xc0242010\n"
  51             "    ldr     r1, [r2]\n"
  52             "    orr     r1, r1, #1\n"
  53             "    str     r1, [r2]\n"
  54             "    ldr     r0, =0xfcee2140\n"
  55             "    ldr     r1, =0x010e1000\n"
  56             "    ldr     r3, =0x010fbd18\n"
  57             "loc_fc02002a:\n"
  58             "    cmp     r1, r3\n"
  59             "    itt     lo\n"
  60             "    ldrlo   r2, [r0], #4\n"
  61             "    strlo   r2, [r1], #4\n"
  62             "    blo     loc_fc02002a\n"
  63             "    ldr     r0, =0x010e1000\n"
  64             "    ldr     r1, =0x0001ad18\n"
  65             "    bl      sub_fc150d5a\n"
  66             "    ldr     r0, =0xfcefce58\n"
  67             "    ldr     r1, =0xbfe10800\n"
  68             "    ldr     r3, =0xbfe176a9\n"
  69             "loc_fc020046:\n"
  70             "    cmp     r1, r3\n"
  71             "    itt     lo\n"
  72             "    ldrlo   r2, [r0], #4\n"
  73             "    strlo   r2, [r1], #4\n"
  74             "    blo     loc_fc020046\n"
  75 
  76             // Install CreateTask patch
  77             "    adr     r0, patch_CreateTask\n" // Patch data
  78             "    ldm     r0, {r1,r2}\n" // Get two patch instructions
  79             "    ldr     r0, =hook_CreateTask\n" // Address to patch, thumb bit is clear in stubs_entry.S
  80             "    stm     r0, {r1,r2}\n" // Store patch instructions
  81 
  82             "    ldr     r0, =0xfceacacc\n"
  83             "    ldr     r1, =0x00008000\n"
  84             "    ldr     r3, =0x0003d674\n"
  85             "loc_fc02005a:\n"
  86             "    cmp     r1, r3\n"
  87             "    itt     lo\n"
  88             "    ldrlo   r2, [r0], #4\n"
  89             "    strlo   r2, [r1], #4\n"
  90             "    blo     loc_fc02005a\n"
  91             "    ldr     r3, =0x0003d674\n"
  92             "    ldr     r1, =0x0039124c\n"
  93             "    mov.w   r2, #0\n"
  94             "loc_fc020070:\n"
  95             "    cmp     r3, r1\n"
  96             "    it      lo\n"
  97             "    strlo   r2, [r3], #4\n"
  98             "    blo     loc_fc020070\n"
  99             "    b.w     sub_fc066258_my\n" // Patched
 100 
 101             "patch_CreateTask:\n"
 102             "    ldr.w   pc, [pc,#0]\n" // Do jump to absolute address CreateTask_my
 103             "    .long   CreateTask_my + 1\n" // has to be a thumb address
 104     );
 105 }
 106 
 107 /*************************************************************/
 108 void __attribute__((naked,noinline))
 109 CreateTask_my ()
 110 {
 111     asm volatile (
 112             "    push   {r0}\n"
 113             //R3 = Pointer to task function to create
 114 
 115             "    ldr     r0, =task_CaptSeq\n" // DryOS original code function ptr.
 116             "    cmp     r0, r3\n" // is the given taskptr equal to our searched function?
 117             "    itt     eq\n" // EQ block
 118             "    ldreq   r3, =capt_seq_task\n" // if so replace with our task function base ptr.
 119             "    beq     exitHook\n" // below compares not necessary if this check has found something.
 120 
 121             "    ldr     r0, =task_ExpDrv\n"
 122             "    cmp     r0, R3\n"
 123             "    itt     eq\n"
 124             "    ldreq   r3, =exp_drv_task\n"
 125             "    beq     exitHook\n"
 126 
 127             //"    ldr     r0, =task_DvlpSeq\n"
 128             //"    cmp     r0, R3\n"
 129             //"    itt     eq\n"
 130             //"    LDREQ   r3, =developseq_task\n"
 131             //"    BEQ     exitHook\n"
 132 
 133             "    ldr     r0, =task_FileWrite\n"
 134             "    cmp     r0, R3\n"
 135             "    itt     eq\n"
 136             "    ldreq   r3, =filewritetask\n"
 137             "    beq     exitHook\n"
 138 
 139             //"    ldr     r0, =task_MovieRecord\n"
 140             //"    cmp     r0, R3\n"
 141             //"    itt     eq\n"
 142             //"    ldreq   r3, =movie_record_task\n"
 143             //"    beq     exitHook\n"
 144 
 145             "    ldr     r0, =task_TricInitTask\n"
 146             "    cmp     r0, r3\n"
 147             "    itt     eq\n"
 148             "    ldreq   r3, =task_TricInitTask_my\n"
 149             "    beq     exitHook\n"
 150 
 151             "    ldr     r0, =task_InitFileModules\n"
 152             "    cmp     r0, r3\n"
 153             "    it      eq\n"
 154             "    ldreq   r3, =init_file_modules_task\n"
 155 
 156             "exitHook:\n"
 157             // restore overwritten register(s)
 158             "    pop    {r0}\n"
 159             // Execute overwritten instructions from original code, then jump to firmware
 160             "    push.w  {r1, r2, r3, r4, r5, r6, r7, r8, sb, lr}\n"
 161             "    mov     r4, r0\n"
 162             "    ldr     r0, =0x00008164\n"
 163             "    ldr.w   pc, =(hook_CreateTask + 9) \n" // Continue in firmware, thumb bit set
 164             ".ltorg\n"
 165     );
 166 }
 167 
 168 //fc066258
 169 void __attribute__((naked,noinline))
 170 sub_fc066258_my ()
 171 {
 172     if (*(int*) (0xd20b0000 + 0x97 * 4) & 0x10000)
 173     {
 174         // see sub_FC0ECF20, sub_FC09B450
 175         // GPIO 0x10 (aka ON/OFF button) is not pressed -> play
 176         *(int*) (0x9c44 + 0x8) = 0x200000;
 177     }
 178     else
 179     {
 180         // GPIO 0x10 is pressed -> rec
 181         *(int*) (0x9c44 + 0x8) = 0x100000;
 182     }
 183 
 184     asm volatile (
 185             //capdis -f=chdk -s=0xfc066259 -c=60 -stubs PRIMARY.BIN 0xfc000000
 186             "    push    {r4, lr}\n"
 187 #if defined(CHDK_NOT_IN_CANON_HEAP)
 188             "    ldr     r4, =0x0039124c\n"         // heap start, modify here
 189 #else
 190             "    ldr     r4, =new_sa\n"             // +
 191             "    ldr     r4, [r4]\n" // +
 192 #endif
 193             "    sub     sp, #0x78\n"
 194             "    ldr     r0, =0x006ce000\n"
 195             "    ldr     r1, =0x000b1fec\n"
 196             "    subs    r0, r0, r4\n"
 197             "    cmp     r0, r1\n"
 198             "    bhs     loc_fc06626a\n"
 199             "loc_fc066268:\n"
 200             "    b       loc_fc066268\n"            // too small heap, go into infinite loop
 201             "loc_fc06626a:\n"
 202             "    ldr     r1, =0x00008078\n"
 203             "    mov.w   r0, #0x80000\n"
 204             "    str     r0, [r1]\n"
 205             "    ldr     r1, =0x0000807c\n"
 206             "    ldr     r0, =0x42281000\n"
 207             "    str     r0, [r1]\n"
 208             "    ldr     r1, =0x00008080\n"
 209             "    ldr     r0, =0x42283000\n"
 210             "    str     r0, [r1]\n"
 211             "    movs    r1, #0x78\n"
 212             "    mov     r0, sp\n"
 213             "    blx     sub_fc34d25c\n"
 214             "    ldr     r0, =0x0060e000\n"
 215             "    mov.w   r1, #0xc0000\n"
 216             "    stm.w   sp, {r0, r1, r4}\n"
 217             "    ldr     r1, =0x00600014\n"
 218             "    subs    r2, r1, r4\n"
 219             "    strd    r2, r1, [sp, #0xc]\n"
 220             "    str     r0, [sp, #0x14]\n"
 221             "    movs    r0, #0x22\n"
 222             "    str     r0, [sp, #0x18]\n"
 223             "    movs    r0, #0xca\n"
 224             "    str     r0, [sp, #0x1c]\n"
 225             "    movw    r0, #0x2b0\n"
 226             "    str     r0, [sp, #0x20]\n"
 227             "    movs    r0, #0xfa\n"
 228             "    str     r0, [sp, #0x24]\n"
 229             "    movw    r0, #0x11a\n"
 230             "    str     r0, [sp, #0x28]\n"
 231             "    movs    r0, #0x85\n"
 232             "    str     r0, [sp, #0x2c]\n"
 233             "    movs    r0, #0x40\n"
 234             "    str     r0, [sp, #0x30]\n"
 235             "    movs    r0, #4\n"
 236             "    str     r0, [sp, #0x34]\n"
 237             "    movs    r0, #0\n"
 238             "    str     r0, [sp, #0x38]\n"
 239             "    movs    r0, #0x10\n"
 240             "    str     r0, [sp, #0x5c]\n"
 241             "    movs    r2, #0\n"
 242             "    lsls    r0, r0, #8\n"
 243             "    str     r0, [sp, #0x60]\n"
 244             "    ldr     r1, =sub_fc0663e8_my\n" // -> continue here (init_task)
 245             "    asrs    r0, r0, #4\n"
 246             "    str     r0, [sp, #0x64]\n"
 247             "    lsls    r0, r0, #5\n"
 248             "    str     r0, [sp, #0x68]\n"
 249             "    mov     r0, sp\n"
 250             "    blx     sub_fc34c9b8\n"
 251             "    add     sp, #0x78\n"
 252             "    pop     {r4, pc}\n"
 253     );
 254 }
 255 
 256 //fc0663e8
 257 void __attribute__((naked,noinline))
 258 sub_fc0663e8_my ()
 259 {
 260     asm volatile (
 261             //capdis -f=chdk -s=0xfc0663e9 -c=54 -stubs PRIMARY.BIN 0xfc000000
 262             "    push    {r4, lr}\n"
 263             "    ldr     r4, =0xfc066490\n" //  *"/_term"
 264             "    bl      sub_fc0672e4\n"
 265             "    ldr     r0, =0x000080f0\n"
 266             "    ldr     r1, [r0]\n"
 267             "    ldr     r0, =0x00008078\n"
 268             "    ldr     r0, [r0]\n"
 269             "    adds    r0, #0x10\n"
 270             "    cmp     r1, r0\n"
 271             "    bhs     loc_fc066404\n"
 272             "    ldr     r0, =0xfc0664a0\n" //  *"USER_MEM size checking"
 273             "    bl      sub_fc06647a\n"
 274             "loc_fc066404:\n"
 275             "    bl      sub_fc150e34\n"
 276             "    ldr     r1, =0xbfe10000\n"
 277             "    mov.w   r2, #-0x11111112\n"
 278             "    ldr     r3, =0xbfe10800\n"
 279             "loc_fc066410:\n"
 280             "    stm     r1!, {r2}\n"
 281             "    cmp     r1, r3\n"
 282             "    blo     loc_fc066410\n"
 283             "    bl      sub_fc150e46\n"
 284             "    bl      sub_fc150f60\n"
 285             "    cmp     r0, #0\n"
 286             "    bge     loc_fc066428\n"
 287             "    ldr     r0, =0xfc0664c0\n" //  *"dmSetup"
 288             "    bl      sub_fc06647a\n"
 289             "loc_fc066428:\n"
 290             "    bl      sub_fc0674fc\n"
 291             "    cmp     r0, #0\n"
 292             "    bge     loc_fc066436\n"
 293             "    ldr     r0, =0xfc0664c8\n" //  *"termDriverInit"
 294             "    bl      sub_fc06647a\n"
 295             "loc_fc066436:\n"
 296             "    mov     r0, r4\n"
 297             "    bl      sub_fc06758a\n"
 298             "    cmp     r0, #0\n"
 299             "    bge     loc_fc066446\n"
 300             "    ldr     r0, =0xfc0664d8\n" //  *"termDeviceCreate"
 301             "    bl      sub_fc06647a\n"
 302             "loc_fc066446:\n"
 303             "    mov     r0, r4\n"
 304             "    bl      sub_fc066610\n"
 305             "    cmp     r0, #0\n"
 306             "    bge     loc_fc066456\n"
 307             "    ldr     r0, =0xfc0664ec\n" //  *"stdioSetup"
 308             "    bl      sub_fc06647a\n"
 309             "loc_fc066456:\n"
 310             "    bl      sub_fc066754\n"
 311             "    cmp     r0, #0\n"
 312             "    bge     loc_fc066464\n"
 313             "    ldr     r0, =0xfc0664f8\n" //  *"stdlibSetup"
 314             "    bl      sub_fc06647a\n"
 315             "loc_fc066464:\n"
 316             "    bl      sub_fc0ec8e0\n"
 317             "    cmp     r0, #0\n"
 318             "    bge     loc_fc066472\n"
 319             "    ldr     r0, =0xfc066504\n" //  *"extlib_setup"
 320             "    bl      sub_fc06647a\n"
 321             "loc_fc066472:\n"
 322             "    pop.w   {r4, lr}\n"
 323             "    b.w     sub_fc0667de_my\n" // -> continue (taskcreate_startup)
 324     );
 325 }
 326 
 327 //fc0667de
 328 void __attribute__((naked,noinline))
 329 sub_fc0667de_my ()
 330 {
 331     asm volatile (
 332             //capdis -f=chdk -s=0xfc0667df -c=20 -stubs PRIMARY.BIN 0xfc000000
 333             "    push    {r3, lr}\n"
 334             "    bl      sub_fc0668ec\n"
 335             "    bl      sub_fc088984\n"
 336             "    bl      sub_fc0ecf20_my\n" // -> power-on mode handling & startupchecks here
 337             "    cbnz    r0, loc_fc0667f4\n"
 338             "    bl      sub_fc0668da\n"
 339             "loc_fc0667f2:\n"
 340             "    b       loc_fc0667f2\n" // infinite loop
 341             "loc_fc0667f4:\n"
 342             "    blx     sub_fc34ca10\n"
 343             "    ldr     r1, =0x006ce000\n"
 344             "    movs    r0, #0\n"
 345             "    bl      sub_fc3bf980\n"
 346             "    movs    r3, #0\n"
 347             "    str     r3, [sp]\n"
 348             "    ldr     r3, =task_Startup_my\n" // Patched
 349             "    movs    r2, #0\n"
 350             "    movs    r1, #0x19\n"
 351             "    ldr     r0, =0xfc06681c\n" //  *"Startup"
 352             "    blx     sub_fc34ce3c\n"
 353             "    movs    r0, #0\n"
 354             "    pop     {r3, pc}\n"
 355     );
 356 }
 357 
 358 //fc0ecf20
 359 void __attribute__((naked,noinline))
 360 sub_fc0ecf20_my ()
 361 {
 362     asm volatile (
 363             //capdis -f=chdk -s=0xfc0ecf21 -c=54 -stubs PRIMARY.BIN 0xfc000000
 364             "    push.w  {r3, r4, r5, r6, r7, r8, sb, sl, fp, lr}\n"
 365             "    movs    r4, #0\n"
 366             "    mov     sl, r0\n"
 367             "    mov     r6, r4\n"
 368             "    bl      sub_fc09b44c\n"
 369             "    movs    r0, #0x97\n"
 370             "    bl      sub_fc09bcca\n"
 371             "    mov.w   r8, #1\n"
 372             "    bic.w   r7, r8, r0\n"
 373             "    mov     r5, r8\n"
 374             "    movs    r0, #0x8a\n"
 375             "    bl      sub_fc09bcca\n"
 376             "    bics    r5, r0\n"
 377             "    movs    r0, #0\n"
 378             "    bl      sub_fc09b448\n"
 379             "    cbz     r0, loc_fc0ecf58\n"
 380             "    movs    r0, #0x98\n"
 381             "    bl      sub_fc09bcca\n"
 382             "    bic.w   r6, r8, r0\n"
 383             "loc_fc0ecf58:\n"
 384             "    movw    r0, #0x10e\n"
 385             "    bl      sub_fc09bcca\n"
 386             "    bic.w   sb, r8, r0\n"
 387             "    movs    r0, #1\n"
 388             "    bl      sub_fc09b448\n"
 389             "    cbz     r0, loc_fc0ecf76\n"
 390             "    movs    r0, #2\n"
 391             "    bl      sub_fc09bcca\n"
 392             "    bic.w   r4, r8, r0\n"
 393             "loc_fc0ecf76:\n"
 394             "    cmp.w   sl, #0\n"
 395             "    beq     loc_fc0ecfa6\n"
 396             "    cbz     r5, loc_fc0ecf98\n"
 397             "    movs    r0, #0x5a\n"
 398             "    blx     sub_fc34d1b4\n"
 399             "    movs    r0, #0x8a\n"
 400             "    bl      sub_fc09bcca\n"
 401             "    bic.w   r5, r8, r0\n"
 402             "    mov     r7, r8\n"
 403             "    movs    r0, #0x97\n"
 404             "    bl      sub_fc09bcca\n"
 405             "    bics    r7, r0\n"
 406             "loc_fc0ecf98:\n"
 407             "    orr.w   r0, r7, r5\n"
 408             "    orr.w   r1, r6, sb\n"
 409             "    orrs    r0, r1\n"
 410             "    orrs    r0, r4\n"
 411             //"    beq     loc_fc0ecfba\n" // -
 412             "loc_fc0ecfa6:\n"
 413             "    mov     r3, sb\n"
 414             "    mov     r2, r6\n"
 415             "    mov     r1, r5\n"
 416             "    mov     r0, r7\n"
 417             "    str     r4, [sp]\n"
 418             //"    bl      sub_fc09b450\n" // -
 419             //"    bl      sub_fc09b44e\n" // -
 420             "    movs    r0, #1\n"
 421             "loc_fc0ecfba:\n"
 422             "    pop.w   {r3, r4, r5, r6, r7, r8, sb, sl, fp, pc}\n"
 423     );
 424 }
 425 
 426 // *** TEMPORARY? workaround ***
 427 // Init stuff to avoid asserts on cameras running DryOS r54+
 428 // https://chdk.setepontos.com/index.php?topic=12516.0
 429 // Execute this only once
 430 //void init_required_fw_features(void)
 431 //{
 432 //    extern void _init_focus_eventflag();
 433 //    _init_focus_eventflag();
 434 //    extern void _init_nd_eventflag();
 435 //    _init_nd_eventflag();
 436 //}
 437 
 438 // task_Startup fc066778
 439 void __attribute__((naked,noinline))
 440 task_Startup_my ()
 441 {
 442     asm volatile (
 443             //capdis -f=chdk -s=0xfc066779 -c=26 -stubs PRIMARY.BIN 0xfc000000
 444             "    push    {r4, lr}\n"
 445             "    bl      sub_fc0c2dfc\n"
 446             "    bl      sub_fc0668b8\n"
 447             "    bl      sub_fc0ed2d0\n"
 448             "    bl      sub_fc44f2d0\n"
 449             // added for SD card UHS detection https://chdk.setepontos.com/index.php?topic=13089.msg132583#msg132583
 450             "    bl      sub_010e1746\n" // ref in sub_010e1746 following SD1stInit create
 451             //"    bl      sub_fc0ed356\n"   // - startdiskboot
 452             "    bl      sub_fc0b277e\n"
 453             "    bl      sub_fc0ed448\n"
 454             "    bl      sub_fc066a44\n"
 455             "    bl      sub_fc0669c0\n"
 456             "    bl      sub_fc44f30e\n"
 457             "    bl      sub_fc0a2498\n"
 458             "    bl      sub_fc0ed44e\n"
 459             "    bl      sub_fc0ece46_my\n" // -> taskcreate_physw
 460             "    BL      CreateTask_spytask\n"          // +
 461 //            "    bl      init_required_fw_features\n"   // + TODO: Check if needed on G5X
 462             "    bl      sub_fc2d2a06\n"
 463             "    bl      sub_fc0ed464\n"
 464             "    bl      sub_fc0ec9ac\n"
 465             "    bl      sub_fc0c29fc\n"
 466             "    bl      sub_fc0c2f62\n"
 467             "    bl      sub_fc0c2d4a\n"
 468             "    bl      sub_fc0c29b8\n"
 469             "    bl      sub_fc066a48\n"
 470             "    bl      sub_fc3691d0\n"
 471             "    bl      sub_fc0c298a\n"
 472             "    pop.w   {r4, lr}\n"
 473             "    b.w     sub_fc0c2dd2\n" // continue in firmware
 474     );
 475 }
 476 
 477 //taskcreate_physw fc0ece46
 478 void __attribute__((naked,noinline))
 479 sub_fc0ece46_my ()
 480 {
 481     asm volatile (
 482             //capdis -f=chdk -s=0xfc0ece47 -c=18 -stubs PRIMARY.BIN 0xfc000000
 483             "    push    {r3, r4, r5, lr}\n"
 484             "    bl      sub_fc09da2c\n"
 485             "    bl      sub_fc088902\n"
 486             "    cbnz    r0, loc_fc0ece56\n"
 487             "    bl      sub_fc09d9d0\n"
 488             "loc_fc0ece56:\n"
 489             "    ldr     r4, =0x000082d8\n"
 490             "    ldr     r0, [r4, #4]\n"
 491             "    cmp     r0, #0\n"
 492             "    bne     loc_fc0ece72\n"
 493             "    movs    r3, #0\n"
 494             "    str     r3, [sp]\n"
 495             "    ldr     r3, =mykbd_task\n" // task_PhySw replacement
 496             "    movs    r1, #0x17\n"
 497             "    ldr     r0, =0xfc0ed1c8\n" //  *"PhySw"
 498             "    movw    r2, #0x2000\n" // original value 0x800
 499             "    blx     sub_fc34d0b4\n"
 500             "    str     r0, [r4, #4]\n"
 501             "loc_fc0ece72:\n"
 502             "    pop     {r3, r4, r5, pc}\n"
 503     );
 504 }
 505 
 506 //fc157608
 507 void __attribute__((naked,noinline))
 508 init_file_modules_task ()
 509 {
 510     asm volatile (
 511             //capdis -f=chdk -s=0xfc157609 -c=18 -stubs PRIMARY.BIN 0xfc000000
 512             "    push    {r4, r5, r6, lr}\n"
 513             "    movs    r0, #6\n"
 514             "    bl      sub_fc368a2c\n"
 515             "    bl      sub_fc0c994c\n"
 516             "    movs    r4, r0\n"
 517             "    movw    r5, #0x5006\n"
 518             "    beq     loc_fc157624\n"
 519             "    movs    r1, #0\n"
 520             "    mov     r0, r5\n"
 521             "    bl      sub_fc3bd784\n"
 522             "loc_fc157624:\n"
 523             "    bl      sub_fc0c9976\n"
 524             "    bl      core_spytask_can_start\n" // + CHDK: Set "it's-safe-to-start" flag for spytask
 525             "    cmp     r4, #0\n"
 526             "    bne     loc_fc157638\n"
 527             "    mov     r0, r5\n"
 528             "    pop.w   {r4, r5, r6, lr}\n"
 529             "    movs    r1, #1\n"
 530             "    b.w     sub_fc3bd784\n" // continue in firmware
 531             "loc_fc157638:\n"
 532             "    pop     {r4, r5, r6, pc}\n"
 533     );
 534 }
 535 
 536 //fc0ecb7c
 537 void __attribute__((naked,noinline))
 538 kbd_p2_f_my ()
 539 {
 540     asm volatile(
 541             //capdis -f=chdk -s=0xfc0ecb7d -c=77 -stubs PRIMARY.BIN 0xfc000000
 542             "    push.w  {r4, r5, r6, r7, r8, lr}\n"
 543             "    ldr     r6, =0x0003ef70\n"
 544             "    sub     sp, #0x18\n"
 545             "    add     r7, sp, #8\n"
 546             "    subs    r6, #0xc\n"
 547             "    b       loc_fc0ecbbe\n"
 548             "loc_fc0ecb8a:\n"
 549             "    ldr     r1, =0x0003ef70\n"
 550             "    add     r3, sp, #8\n"
 551             "    ldrb.w  r0, [sp, #4]\n"
 552             "    add     r2, sp, #0x14\n"
 553             "    subs    r1, #0x18\n"
 554             "    bl      sub_fc09bb10\n"
 555             "    cbnz    r0, loc_fc0ecba4\n"
 556             "    ldr     r1, [sp, #0x14]\n"
 557             "    movs    r0, #0\n"
 558             "    bl      sub_fc0ecaee\n"
 559             "loc_fc0ecba4:\n"
 560             "    movs    r0, #2\n"
 561             "loc_fc0ecba6:\n"
 562             "    ldr.w   r1, [r7, r0, lsl #2]\n"
 563             "    cbz     r1, loc_fc0ecbb6\n"
 564             "    ldr.w   r2, [r6, r0, lsl #2]\n"
 565             "    bics    r2, r1\n"
 566             "    str.w   r2, [r6, r0, lsl #2]\n"
 567             "loc_fc0ecbb6:\n"
 568             "    subs    r0, r0, #1\n"
 569             "    sxtb    r0, r0\n"
 570             "    cmp     r0, #0\n"
 571             "    bge     loc_fc0ecba6\n"
 572             "loc_fc0ecbbe:\n"
 573             "    ldr     r0, =0x0003ef70\n"
 574             "    add     r1, sp, #4\n"
 575             "    subs    r0, #0xc\n"
 576             "    bl      sub_fc09b7f6\n"
 577             "    cmp     r0, #0\n"
 578             "    bne     loc_fc0ecb8a\n"
 579             "    ldr.w   r8, =0x0003ef70\n"
 580             "    movs    r4, #0\n"
 581             "loc_fc0ecbd2:\n"
 582             "    movs    r5, #0\n"
 583             "    ldr.w   r0, [r6, r4, lsl #2]\n"
 584             "    ldr.w   r1, [r8, r4, lsl #2]\n"
 585             "    ands    r0, r1\n"
 586             "    str.w   r0, [r6, r4, lsl #2]\n"
 587             "    b       loc_fc0ecc2a\n"
 588             "loc_fc0ecbe4:\n"
 589             "    lsrs    r0, r5\n"
 590             "    lsls    r0, r0, #0x1f\n"
 591             "    beq     loc_fc0ecc22\n"
 592             "    ldr     r1, =0x0003ef70\n"
 593             "    add.w   r0, r5, r4, lsl #5\n"
 594             "    add     r3, sp, #8\n"
 595             "    subs    r1, #0x18\n"
 596             "    add     r2, sp, #0x14\n"
 597             "    uxtb    r0, r0\n"
 598             "    bl      sub_fc09bb10\n"
 599             "    cbnz    r0, loc_fc0ecc06\n"
 600             "    ldr     r1, [sp, #0x14]\n"
 601             "    movs    r0, #1\n"
 602             "    bl      sub_fc0ecaee\n"
 603             "loc_fc0ecc06:\n"
 604             "    mov     r0, r4\n"
 605             "    b       loc_fc0ecc1e\n"
 606             "loc_fc0ecc0a:\n"
 607             "    ldr.w   r1, [r7, r0, lsl #2]\n"
 608             "    cbz     r1, loc_fc0ecc1a\n"
 609             "    ldr.w   r2, [r6, r0, lsl #2]\n"
 610             "    bics    r2, r1\n"
 611             "    str.w   r2, [r6, r0, lsl #2]\n"
 612             "loc_fc0ecc1a:\n"
 613             "    adds    r0, r0, #1\n"
 614             "    sxtb    r0, r0\n"
 615             "loc_fc0ecc1e:\n"
 616             "    cmp     r0, #3\n"
 617             "    blt     loc_fc0ecc0a\n"
 618             "loc_fc0ecc22:\n"
 619             "    ldr.w   r0, [r6, r4, lsl #2]\n"
 620             "    adds    r5, r5, #1\n"
 621             "    uxtb    r5, r5\n"
 622             "loc_fc0ecc2a:\n"
 623             "    cmp     r0, #0\n"
 624             "    bne     loc_fc0ecbe4\n"
 625             "    adds    r4, r4, #1\n"
 626             "    sxtb    r4, r4\n"
 627             "    cmp     r4, #3\n"
 628             "    blt     loc_fc0ecbd2\n"
 629             "    bl      sub_fc09b570_my\n" // Patched
 630             "    add     sp, #0x18\n"
 631             "    pop.w   {r4, r5, r6, r7, r8, pc}\n"
 632     );
 633 }
 634 
 635 //fc09b570
 636 void __attribute__((naked,noinline))
 637 sub_fc09b570_my ()
 638 {
 639     asm volatile(
 640             //capdis -f=chdk -s=0xfc09b571 -c=14 -stubs PRIMARY.BIN 0xfc000000
 641             "    push    {r4, lr}\n"
 642             "    ldr     r4, =0x00009c44\n"
 643             "    ldr     r0, [r4, #0xc]\n"
 644             "    bl      sub_fc0a3b54\n"
 645             "    ldr     r0, [r4, #0x10]\n"
 646             "    bl      sub_fc0a3bde\n"
 647             "    bl      sub_fc0a3c66\n"
 648             "    bl      sub_fc10b3f4\n"
 649             "    ldr     r0, [r4, #0x14]\n"
 650             "    bl      sub_fc0a3a84\n"
 651             "    ldr     r0, [r4, #0x18]\n"
 652             "    bl      sub_fc0a3a84\n"
 653 
 654             "    bl      handle_jogdial\n" // +
 655             "    cmp     r0, #0\n" // +
 656             "    beq     no_scroll\n" // +
 657 
 658             "    pop.w   {r4, lr}\n"
 659             "    b.w     sub_fc0a3fc2\n" // continue in firmware
 660 
 661             "no_scroll:\n" // +
 662             "    pop     {r4, pc}\n" // +
 663     );
 664 }
 665 
 666 //fc0ed152
 667 void __attribute__((naked,noinline))
 668 kbd_p1_f_cont_my ()
 669 {
 670     asm volatile(
 671             //capdis -f=chdk -s=0xfc0ed153 -c=18 -jfw -stubs PRIMARY.BIN 0xfc000000
 672             "    ldr     r3, =0x0003ef4c\n"
 673             "    movs    r0, #2\n"
 674             "    mov     r5, sp\n"
 675             "    add.w   r6, r3, #0x24\n"
 676             "loc_fc0ed15c:\n"
 677             "    add.w   r1, r6, r0, lsl #2\n"
 678             "    ldr.w   r2, [r3, r0, lsl #2]\n"
 679             "    ldr     r7, [r1, #0xc]\n"
 680             "    ldr     r1, [r1, #0x18]\n"
 681             "    and.w   r2, r2, r7\n"
 682             "    eor.w   r2, r2, r1\n"
 683             "    str.w   r2, [r5, r0, lsl #2]\n"
 684             "    subs    r0, r0, #1\n"
 685             "    bpl     loc_fc0ed15c\n"
 686             "    ldr     r2, =0x0003ef4c\n"
 687             "    mov     r0, sp\n"
 688             "    adds    r2, #0x18\n"
 689             "    sub.w   r1, r2, #0xc\n"
 690             "    bl      sub_fc0ecc40_my\n" // -> some physical status is re-read here (not into physw_status)
 691             "    ldr     pc, =0xfc0ed187\n" // Continue in firmware
 692     );
 693 }
 694 
 695 extern int physw0_override;
 696 
 697 //fc0ecc40
 698 void __attribute__((naked,noinline))
 699 sub_fc0ecc40_my ()
 700 {
 701     asm volatile(
 702             //capdis -f=chdk -s=0xfc0ecc41 -c=4 -jfw -stubs PRIMARY.BIN 0xfc000000
 703             "    push.w  {r0, r1, r2, r3, r4, r5, r6, r7, r8, sb, sl, fp, ip, lr}\n"
 704             "    ldr     r4, =0x0003ef70\n"
 705             "    mov     r5, r0\n"
 706             "    ldr     r0, =physw0_override\n" // +
 707             "    ldr.w   r0, [r0]\n" // + use CHDK override value
 708             //"    mov.w   r0, #-1\n"           // -
 709             "    ldr     pc, =0xfc0ecc4d\n" // Continue in firmware
 710     );
 711 }
 712 
 713 void __attribute__((naked,noinline)) task_TricInitTask_my() {
 714     asm volatile(
 715             //capdis -f=chdk -s=0xfc542265 -c=35 -stubs PRIMARY.BIN 0xfc000000
 716             "    push.w  {r0, r1, r2, r3, r4, r5, r6, r7, r8, sb, sl, fp, ip, lr}\n"
 717             "    movs    r0, #8\n"
 718             "    ldr     r1, =0xfc542490\n" //  *"InitTskStart"
 719             "    bl      sub_fc3b780a\n"
 720             "    ldr.w   sl, =0x000222dc\n"
 721             "    movw    fp, #0x1000\n"
 722             "    ldr     r4, =0x000222d8\n"
 723             "    movs    r2, #0\n"
 724             "    ldr     r1, =0x0703870f\n"
 725             "    ldr     r0, [r4]\n"
 726             "    blx     sub_fc34d22c\n"
 727             "    lsls    r0, r0, #0x1f\n"
 728             "    bne     sub_fc542288\n"    // + jump to FW
 729             "    ldr     r4, =0x000222d8\n"
 730             "    add     r1, sp, #0xc\n"
 731             "    ldr     r0, [r4]\n"
 732             "    blx     sub_fc34d014\n"
 733             "    ldr     r1, [sp, #0xc]\n"
 734             "    ldr     r0, [r4]\n"
 735             "    blx     sub_fc34d1e4\n"
 736             "    ldr     r0, =0x02000003\n"
 737             "    ldr     r7, [sp, #0xc]\n"
 738             "    tst     r7, r0\n"
 739             "    beq     sub_fc54239e\n"    // + jump to FW
 740             "    lsls    r0, r7, #0x1f\n"
 741             "    beq     sub_fc5422be\n"    // + jump to FW
 742 
 743             "    ldr     r0, =0xd2020074\n" // +
 744             "    ldr     r0, [r0]\n"        // + nonzero when core already running
 745             "    subs    r0, #0\n"          // +
 746             "    beq     tric1\n"           // +
 747             "    ldr     r0, [r4]\n"        // +
 748             "    mov     r1, #0x80\n"       // +
 749             "    bl      _SetEventFlag\n"   // + core already initialized, set the SmacIdleCmp eventflag here
 750             "tric1:\n"                      // +
 751 
 752             "    bl      sub_fc542742\n"
 753             "    b       sub_fc54232a\n"    // + jump to FW
 754     );
 755 }

/* [<][>][^][v][top][bottom][index][help] */