root/platform/g5x/sub/101b/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. spytask
  2. CreateTask_spytask
  3. boot
  4. CreateTask_my
  5. sub_fc066258_my
  6. sub_fc0663e8_my
  7. sub_fc0667de_my
  8. sub_fc0ecf20_my
  9. task_Startup_my
  10. sub_fc0ece46_my
  11. init_file_modules_task
  12. kbd_p2_f_my
  13. sub_fc09b570_my
  14. kbd_p1_f_cont_my
  15. sub_fc0ecc40_my
  16. task_TricInitTask_my

   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 #include "dryos31.h"
   5 
   6 #include "camera_info.h"
   7 
   8 const char * const new_sa = &_end;
   9 
  10 // Forward declarations
  11 extern void task_CaptSeq ();
  12 extern void task_InitFileModules ();
  13 //extern void task_MovieRecord();
  14 extern void task_ExpDrv ();
  15 
  16 /*----------------------------------------------------------------------
  17  spytask
  18  -----------------------------------------------------------------------*/
  19 void
  20 spytask (long ua, long ub, long uc, long ud, long ue, long uf)
  21 {
  22     core_spytask ();
  23 }
  24 
  25 /*----------------------------------------------------------------------
  26  CreateTask_spytask
  27  -----------------------------------------------------------------------*/
  28 void
  29 CreateTask_spytask ()
  30 {
  31     _CreateTask ("SpyTask", 0x19, 0x2000, spytask, 0);
  32 }
  33 
  34 /*----------------------------------------------------------------------
  35  boot()
  36 
  37  Main entry point for the CHDK code
  38  -----------------------------------------------------------------------*/
  39 
  40 /*************************************************************/
  41 void __attribute__((naked,noinline))
  42 boot ()
  43 {
  44     asm volatile ( // 0xfc02000c
  45             //capdis -f=chdk -s=0xfc02000d -c=43 -stubs PRIMARY.BIN 0xfc000000
  46             "    movw    r0, #0x4000\n"
  47             "    movt    r0, #0\n"
  48             "    mov     sp, r0\n"
  49             "    bl      sub_fc02007e\n"
  50             "    ldr     r2, =0xc0242010\n"
  51             "    ldr     r1, [r2]\n"
  52             "    orr     r1, r1, #1\n"
  53             "    str     r1, [r2]\n"
  54             "    ldr     r0, =0xfcee2168\n"
  55             "    ldr     r1, =0x010e1000\n"
  56             "    ldr     r3, =0x010fbd18\n"
  57             "loc_fc02002a:\n"
  58             "    cmp     r1, r3\n"
  59             "    itt     lo\n"
  60             "    ldrlo   r2, [r0], #4\n"
  61             "    strlo   r2, [r1], #4\n"
  62             "    blo     loc_fc02002a\n"
  63             "    ldr     r0, =0x010e1000\n"
  64             "    ldr     r1, =0x0001ad18\n"
  65             "    bl      sub_fc150d5a\n"
  66             "    ldr     r0, =0xfcefce80\n"
  67             "    ldr     r1, =0xbfe10800\n"
  68             "    ldr     r3, =0xbfe176a9\n"
  69             "loc_fc020046:\n"
  70             "    cmp     r1, r3\n"
  71             "    itt     lo\n"
  72             "    ldrlo   r2, [r0], #4\n"
  73             "    strlo   r2, [r1], #4\n"
  74             "    blo     loc_fc020046\n"
  75 
  76             // Install CreateTask patch
  77             "    adr     r0, patch_CreateTask\n" // Patch data
  78             "    ldm     r0, {r1,r2}\n" // Get two patch instructions
  79             "    ldr     r0, =orig_CreateTask\n" // Address to patch
  80             "    bic     r0, #1\n" // clear thumb bit
  81             "    stm     r0, {r1,r2}\n" // Store patch instructions
  82 
  83             "    ldr     r0, =0xfceacaf4\n"
  84             "    ldr     r1, =0x00008000\n"
  85             "    ldr     r3, =0x0003d674\n"
  86             "loc_fc02005a:\n"
  87             "    cmp     r1, r3\n"
  88             "    itt     lo\n"
  89             "    ldrlo   r2, [r0], #4\n"
  90             "    strlo   r2, [r1], #4\n"
  91             "    blo     loc_fc02005a\n"
  92             "    ldr     r3, =0x0003d674\n"
  93             "    ldr     r1, =0x0039124c\n"
  94             "    mov.w   r2, #0\n"
  95             "loc_fc020070:\n"
  96             "    cmp     r3, r1\n"
  97             "    it      lo\n"
  98             "    strlo   r2, [r3], #4\n"
  99             "    blo     loc_fc020070\n"
 100             "    b.w     sub_fc066258_my\n" // Patched
 101 
 102             "patch_CreateTask:\n"
 103             "    ldr.w   pc, [pc,#0]\n" // Do jump to absolute address CreateTask_my
 104             "    .long   CreateTask_my + 1\n" // has to be a thumb address
 105     );
 106 }
 107 
 108 /*************************************************************/
 109 void __attribute__((naked,noinline))
 110 CreateTask_my ()
 111 {
 112     asm volatile (
 113             "    push   {r0}\n"
 114             //R3 = Pointer to task function to create
 115 
 116             "    ldr     r0, =task_CaptSeq\n" // DryOS original code function ptr.
 117             "    cmp     r0, r3\n" // is the given taskptr equal to our searched function?
 118             "    itt     eq\n" // EQ block
 119             "    ldreq   r3, =capt_seq_task\n" // if so replace with our task function base ptr.
 120             "    beq     exitHook\n" // below compares not necessary if this check has found something.
 121 
 122             "    ldr     r0, =task_ExpDrv\n"
 123             "    cmp     r0, R3\n"
 124             "    itt     eq\n"
 125             "    ldreq   r3, =exp_drv_task\n"
 126             "    beq     exitHook\n"
 127 
 128             //"    ldr     r0, =task_DvlpSeq\n"
 129             //"    cmp     r0, R3\n"
 130             //"    itt     eq\n"
 131             //"    LDREQ   r3, =developseq_task\n"
 132             //"    BEQ     exitHook\n"
 133 
 134             "    ldr     r0, =task_FileWrite\n"
 135             "    cmp     r0, R3\n"
 136             "    itt     eq\n"
 137             "    ldreq   r3, =filewritetask\n"
 138             "    beq     exitHook\n"
 139 
 140             //"    ldr     r0, =task_MovieRecord\n"
 141             //"    cmp     r0, R3\n"
 142             //"    itt     eq\n"
 143             //"    ldreq   r3, =movie_record_task\n"
 144             //"    beq     exitHook\n"
 145 
 146             "    ldr     r0, =task_TricInitTask\n"
 147             "    cmp     r0, r3\n"
 148             "    itt     eq\n"
 149             "    ldreq   r3, =task_TricInitTask_my\n"
 150             "    beq     exitHook\n"
 151 
 152             "    ldr     r0, =task_InitFileModules\n"
 153             "    cmp     r0, r3\n"
 154             "    it      eq\n"
 155             "    ldreq   r3, =init_file_modules_task\n"
 156 
 157             "exitHook:\n"
 158             // restore overwritten register(s)
 159             "    pop    {r0}\n"
 160             // Execute overwritten instructions from original code, then jump to firmware
 161             "    push.w  {r1, r2, r3, r4, r5, r6, r7, r8, sb, lr}\n"
 162             "    mov     r4, r0\n"
 163             "    ldr     r0, =0x00008164\n"
 164             "    ldr.w   pc, =(orig_CreateTask + 8) \n" // Continue in firmware
 165             ".ltorg\n"
 166     );
 167 }
 168 
 169 //fc066258
 170 void __attribute__((naked,noinline))
 171 sub_fc066258_my ()
 172 {
 173     if (*(int*) (0xd20b0000 + 0x97 * 4) & 0x10000)
 174     {
 175         // see sub_FC0ECF20, sub_FC09B450
 176         // GPIO 0x10 (aka ON/OFF button) is not pressed -> play
 177         *(int*) (0x9c44 + 0x8) = 0x200000;
 178     }
 179     else
 180     {
 181         // GPIO 0x10 is pressed -> rec
 182         *(int*) (0x9c44 + 0x8) = 0x100000;
 183     }
 184 
 185     asm volatile (
 186             //capdis -f=chdk -s=0xfc066259 -c=60 -stubs PRIMARY.BIN 0xfc000000
 187             "    push    {r4, lr}\n"
 188 #if defined(CHDK_NOT_IN_CANON_HEAP)
 189             "    ldr     r4, =0x0039124c\n"         // heap start, modify here
 190 #else
 191             "    ldr     r4, =new_sa\n"             // +
 192             "    ldr     r4, [r4]\n" // +
 193 #endif
 194             "    sub     sp, #0x78\n"
 195             "    ldr     r0, =0x006ce000\n"
 196             "    ldr     r1, =0x000b1fec\n"
 197             "    subs    r0, r0, r4\n"
 198             "    cmp     r0, r1\n"
 199             "    bhs     loc_fc06626a\n"
 200             "loc_fc066268:\n"
 201             "    b       loc_fc066268\n"            // too small heap, go into infinite loop
 202             "loc_fc06626a:\n"
 203             "    ldr     r1, =0x00008078\n"
 204             "    mov.w   r0, #0x80000\n"
 205             "    str     r0, [r1]\n"
 206             "    ldr     r1, =0x0000807c\n"
 207             "    ldr     r0, =0x42281000\n"
 208             "    str     r0, [r1]\n"
 209             "    ldr     r1, =0x00008080\n"
 210             "    ldr     r0, =0x42283000\n"
 211             "    str     r0, [r1]\n"
 212             "    movs    r1, #0x78\n"
 213             "    mov     r0, sp\n"
 214             "    blx     sub_fc34d25c\n"
 215             "    ldr     r0, =0x0060e000\n"
 216             "    mov.w   r1, #0xc0000\n"
 217             "    stm.w   sp, {r0, r1, r4}\n"
 218             "    ldr     r1, =0x00600014\n"
 219             "    subs    r2, r1, r4\n"
 220             "    strd    r2, r1, [sp, #0xc]\n"
 221             "    str     r0, [sp, #0x14]\n"
 222             "    movs    r0, #0x22\n"
 223             "    str     r0, [sp, #0x18]\n"
 224             "    movs    r0, #0xca\n"
 225             "    str     r0, [sp, #0x1c]\n"
 226             "    movw    r0, #0x2b0\n"
 227             "    str     r0, [sp, #0x20]\n"
 228             "    movs    r0, #0xfa\n"
 229             "    str     r0, [sp, #0x24]\n"
 230             "    movw    r0, #0x11a\n"
 231             "    str     r0, [sp, #0x28]\n"
 232             "    movs    r0, #0x85\n"
 233             "    str     r0, [sp, #0x2c]\n"
 234             "    movs    r0, #0x40\n"
 235             "    str     r0, [sp, #0x30]\n"
 236             "    movs    r0, #4\n"
 237             "    str     r0, [sp, #0x34]\n"
 238             "    movs    r0, #0\n"
 239             "    str     r0, [sp, #0x38]\n"
 240             "    movs    r0, #0x10\n"
 241             "    str     r0, [sp, #0x5c]\n"
 242             "    movs    r2, #0\n"
 243             "    lsls    r0, r0, #8\n"
 244             "    str     r0, [sp, #0x60]\n"
 245             "    ldr     r1, =sub_fc0663e8_my\n" // -> continue here (init_task)
 246             "    asrs    r0, r0, #4\n"
 247             "    str     r0, [sp, #0x64]\n"
 248             "    lsls    r0, r0, #5\n"
 249             "    str     r0, [sp, #0x68]\n"
 250             "    mov     r0, sp\n"
 251             "    blx     sub_fc34c9b8\n"
 252             "    add     sp, #0x78\n"
 253             "    pop     {r4, pc}\n"
 254     );
 255 }
 256 
 257 //fc0663e8
 258 void __attribute__((naked,noinline))
 259 sub_fc0663e8_my ()
 260 {
 261     asm volatile (
 262             //capdis -f=chdk -s=0xfc0663e9 -c=54 -stubs PRIMARY.BIN 0xfc000000
 263             "    push    {r4, lr}\n"
 264             "    ldr     r4, =0xfc066490\n" //  *"/_term"
 265             "    bl      sub_fc0672e4\n"
 266             "    ldr     r0, =0x000080f0\n"
 267             "    ldr     r1, [r0]\n"
 268             "    ldr     r0, =0x00008078\n"
 269             "    ldr     r0, [r0]\n"
 270             "    adds    r0, #0x10\n"
 271             "    cmp     r1, r0\n"
 272             "    bhs     loc_fc066404\n"
 273             "    ldr     r0, =0xfc0664a0\n" //  *"USER_MEM size checking"
 274             "    bl      sub_fc06647a\n"
 275             "loc_fc066404:\n"
 276             "    bl      sub_fc150e34\n"
 277             "    ldr     r1, =0xbfe10000\n"
 278             "    mov.w   r2, #-0x11111112\n"
 279             "    ldr     r3, =0xbfe10800\n"
 280             "loc_fc066410:\n"
 281             "    stm     r1!, {r2}\n"
 282             "    cmp     r1, r3\n"
 283             "    blo     loc_fc066410\n"
 284             "    bl      sub_fc150e46\n"
 285             "    bl      sub_fc150f60\n"
 286             "    cmp     r0, #0\n"
 287             "    bge     loc_fc066428\n"
 288             "    ldr     r0, =0xfc0664c0\n" //  *"dmSetup"
 289             "    bl      sub_fc06647a\n"
 290             "loc_fc066428:\n"
 291             "    bl      sub_fc0674fc\n"
 292             "    cmp     r0, #0\n"
 293             "    bge     loc_fc066436\n"
 294             "    ldr     r0, =0xfc0664c8\n" //  *"termDriverInit"
 295             "    bl      sub_fc06647a\n"
 296             "loc_fc066436:\n"
 297             "    mov     r0, r4\n"
 298             "    bl      sub_fc06758a\n"
 299             "    cmp     r0, #0\n"
 300             "    bge     loc_fc066446\n"
 301             "    ldr     r0, =0xfc0664d8\n" //  *"termDeviceCreate"
 302             "    bl      sub_fc06647a\n"
 303             "loc_fc066446:\n"
 304             "    mov     r0, r4\n"
 305             "    bl      sub_fc066610\n"
 306             "    cmp     r0, #0\n"
 307             "    bge     loc_fc066456\n"
 308             "    ldr     r0, =0xfc0664ec\n" //  *"stdioSetup"
 309             "    bl      sub_fc06647a\n"
 310             "loc_fc066456:\n"
 311             "    bl      sub_fc066754\n"
 312             "    cmp     r0, #0\n"
 313             "    bge     loc_fc066464\n"
 314             "    ldr     r0, =0xfc0664f8\n" //  *"stdlibSetup"
 315             "    bl      sub_fc06647a\n"
 316             "loc_fc066464:\n"
 317             "    bl      sub_fc0ec8e0\n"
 318             "    cmp     r0, #0\n"
 319             "    bge     loc_fc066472\n"
 320             "    ldr     r0, =0xfc066504\n" //  *"extlib_setup"
 321             "    bl      sub_fc06647a\n"
 322             "loc_fc066472:\n"
 323             "    pop.w   {r4, lr}\n"
 324             "    b.w     sub_fc0667de_my\n" // -> continue (taskcreate_startup)
 325     );
 326 }
 327 
 328 //fc0667de
 329 void __attribute__((naked,noinline))
 330 sub_fc0667de_my ()
 331 {
 332     asm volatile (
 333             //capdis -f=chdk -s=0xfc0667df -c=20 -stubs PRIMARY.BIN 0xfc000000
 334             "    push    {r3, lr}\n"
 335             "    bl      sub_fc0668ec\n"
 336             "    bl      sub_fc088984\n"
 337             "    bl      sub_fc0ecf20_my\n" // -> power-on mode handling & startupchecks here
 338             "    cbnz    r0, loc_fc0667f4\n"
 339             "    bl      sub_fc0668da\n"
 340             "loc_fc0667f2:\n"
 341             "    b       loc_fc0667f2\n" // infinite loop
 342             "loc_fc0667f4:\n"
 343             "    blx     sub_fc34ca10\n"
 344             "    ldr     r1, =0x006ce000\n"
 345             "    movs    r0, #0\n"
 346             "    bl      sub_fc3bf9a4\n"
 347             "    movs    r3, #0\n"
 348             "    str     r3, [sp]\n"
 349             "    ldr     r3, =task_Startup_my\n" // Patched
 350             "    movs    r2, #0\n"
 351             "    movs    r1, #0x19\n"
 352             "    ldr     r0, =0xfc06681c\n" //  *"Startup"
 353             "    blx     sub_fc34ce3c\n"
 354             "    movs    r0, #0\n"
 355             "    pop     {r3, pc}\n"
 356     );
 357 }
 358 
 359 //fc0ecf20
 360 void __attribute__((naked,noinline))
 361 sub_fc0ecf20_my ()
 362 {
 363     asm volatile (
 364             //capdis -f=chdk -s=0xfc0ecf21 -c=54 -stubs PRIMARY.BIN 0xfc000000
 365             "    push.w  {r3, r4, r5, r6, r7, r8, sb, sl, fp, lr}\n"
 366             "    movs    r4, #0\n"
 367             "    mov     sl, r0\n"
 368             "    mov     r6, r4\n"
 369             "    bl      sub_fc09b44c\n"
 370             "    movs    r0, #0x97\n"
 371             "    bl      sub_fc09bcca\n"
 372             "    mov.w   r8, #1\n"
 373             "    bic.w   r7, r8, r0\n"
 374             "    mov     r5, r8\n"
 375             "    movs    r0, #0x8a\n"
 376             "    bl      sub_fc09bcca\n"
 377             "    bics    r5, r0\n"
 378             "    movs    r0, #0\n"
 379             "    bl      sub_fc09b448\n"
 380             "    cbz     r0, loc_fc0ecf58\n"
 381             "    movs    r0, #0x98\n"
 382             "    bl      sub_fc09bcca\n"
 383             "    bic.w   r6, r8, r0\n"
 384             "loc_fc0ecf58:\n"
 385             "    movw    r0, #0x10e\n"
 386             "    bl      sub_fc09bcca\n"
 387             "    bic.w   sb, r8, r0\n"
 388             "    movs    r0, #1\n"
 389             "    bl      sub_fc09b448\n"
 390             "    cbz     r0, loc_fc0ecf76\n"
 391             "    movs    r0, #2\n"
 392             "    bl      sub_fc09bcca\n"
 393             "    bic.w   r4, r8, r0\n"
 394             "loc_fc0ecf76:\n"
 395             "    cmp.w   sl, #0\n"
 396             "    beq     loc_fc0ecfa6\n"
 397             "    cbz     r5, loc_fc0ecf98\n"
 398             "    movs    r0, #0x5a\n"
 399             "    blx     sub_fc34d1b4\n"
 400             "    movs    r0, #0x8a\n"
 401             "    bl      sub_fc09bcca\n"
 402             "    bic.w   r5, r8, r0\n"
 403             "    mov     r7, r8\n"
 404             "    movs    r0, #0x97\n"
 405             "    bl      sub_fc09bcca\n"
 406             "    bics    r7, r0\n"
 407             "loc_fc0ecf98:\n"
 408             "    orr.w   r0, r7, r5\n"
 409             "    orr.w   r1, r6, sb\n"
 410             "    orrs    r0, r1\n"
 411             "    orrs    r0, r4\n"
 412             //"    beq     loc_fc0ecfba\n" // -
 413             "loc_fc0ecfa6:\n"
 414             "    mov     r3, sb\n"
 415             "    mov     r2, r6\n"
 416             "    mov     r1, r5\n"
 417             "    mov     r0, r7\n"
 418             "    str     r4, [sp]\n"
 419             //"    bl      sub_fc09b450\n" // -
 420             //"    bl      sub_fc09b44e\n" // -
 421             "    movs    r0, #1\n"
 422             "loc_fc0ecfba:\n"
 423             "    pop.w   {r3, r4, r5, r6, r7, r8, sb, sl, fp, pc}\n"
 424     );
 425 }
 426 
 427 // *** TEMPORARY? workaround ***
 428 // Init stuff to avoid asserts on cameras running DryOS r54+
 429 // https://chdk.setepontos.com/index.php?topic=12516.0
 430 // Execute this only once
 431 //void init_required_fw_features(void)
 432 //{
 433 //    extern void _init_focus_eventflag();
 434 //    _init_focus_eventflag();
 435 //    extern void _init_nd_eventflag();
 436 //    _init_nd_eventflag();
 437 //}
 438 
 439 // task_Startup fc066778
 440 void __attribute__((naked,noinline))
 441 task_Startup_my ()
 442 {
 443     asm volatile (
 444             //capdis -f=chdk -s=0xfc066779 -c=26 -stubs PRIMARY.BIN 0xfc000000
 445             "    push    {r4, lr}\n"
 446             "    bl      sub_fc0c2dfc\n"
 447             "    bl      sub_fc0668b8\n"
 448             "    bl      sub_fc0ed2d0\n"
 449             "    bl      sub_fc44f2f4\n"
 450             // added for SD card UHS detection https://chdk.setepontos.com/index.php?topic=13089.msg132583#msg132583
 451             "    bl      sub_010e1746\n" // ref in sub_010e1746 following SD1stInit create
 452             //"    bl      sub_fc0ed356\n"   // - startdiskboot
 453             "    bl      sub_fc0b277e\n"
 454             "    bl      sub_fc0ed448\n"
 455             "    bl      sub_fc066a44\n"
 456             "    bl      sub_fc0669c0\n"
 457             "    bl      sub_fc44f332\n"
 458             "    bl      sub_fc0a2498\n"
 459             "    bl      sub_fc0ed44e\n"
 460             "    bl      sub_fc0ece46_my\n" // -> taskcreate_physw
 461             "    BL      CreateTask_spytask\n"          // +
 462 //            "    bl      init_required_fw_features\n"   // + TODO: Check if needed on G5X
 463             "    bl      sub_fc2d2a06\n"
 464             "    bl      sub_fc0ed464\n"
 465             "    bl      sub_fc0ec9ac\n"
 466             "    bl      sub_fc0c29fc\n"
 467             "    bl      sub_fc0c2f62\n"
 468             "    bl      sub_fc0c2d4a\n"
 469             "    bl      sub_fc0c29b8\n"
 470             "    bl      sub_fc066a48\n"
 471             "    bl      sub_fc3691d0\n"
 472             "    bl      sub_fc0c298a\n"
 473             "    pop.w   {r4, lr}\n"
 474             "    b.w     sub_fc0c2dd2\n" // continue in firmware
 475     );
 476 }
 477 
 478 //taskcreate_physw fc0ece46
 479 void __attribute__((naked,noinline))
 480 sub_fc0ece46_my ()
 481 {
 482     asm volatile (
 483             //capdis -f=chdk -s=0xfc0ece47 -c=18 -stubs PRIMARY.BIN 0xfc000000
 484             "    push    {r3, r4, r5, lr}\n"
 485             "    bl      sub_fc09da2c\n"
 486             "    bl      sub_fc088902\n"
 487             "    cbnz    r0, loc_fc0ece56\n"
 488             "    bl      sub_fc09d9d0\n"
 489             "loc_fc0ece56:\n"
 490             "    ldr     r4, =0x000082d8\n"
 491             "    ldr     r0, [r4, #4]\n"
 492             "    cmp     r0, #0\n"
 493             "    bne     loc_fc0ece72\n"
 494             "    movs    r3, #0\n"
 495             "    str     r3, [sp]\n"
 496             "    ldr     r3, =mykbd_task\n" // task_PhySw replacement
 497             "    movs    r1, #0x17\n"
 498             "    ldr     r0, =0xfc0ed1c8\n" //  *"PhySw"
 499             "    movw    r2, #0x2000\n" // original value 0x800
 500             "    blx     sub_fc34d0b4\n"
 501             "    str     r0, [r4, #4]\n"
 502             "loc_fc0ece72:\n"
 503             "    pop     {r3, r4, r5, pc}\n"
 504     );
 505 }
 506 
 507 //fc157608
 508 void __attribute__((naked,noinline))
 509 init_file_modules_task ()
 510 {
 511     asm volatile (
 512             //capdis -f=chdk -s=0xfc157609 -c=18 -stubs PRIMARY.BIN 0xfc000000
 513             "    push    {r4, r5, r6, lr}\n"
 514             "    movs    r0, #6\n"
 515             "    bl      sub_fc368a2c\n"
 516             "    bl      sub_fc0c994c\n"
 517             "    movs    r4, r0\n"
 518             "    movw    r5, #0x5006\n"
 519             "    beq     loc_fc157624\n"
 520             "    movs    r1, #0\n"
 521             "    mov     r0, r5\n"
 522             "    bl      sub_fc3bd7a8\n"
 523             "loc_fc157624:\n"
 524             "    bl      sub_fc0c9976\n"
 525             "    bl      core_spytask_can_start\n" // + CHDK: Set "it's-safe-to-start" flag for spytask
 526             "    cmp     r4, #0\n"
 527             "    bne     loc_fc157638\n"
 528             "    mov     r0, r5\n"
 529             "    pop.w   {r4, r5, r6, lr}\n"
 530             "    movs    r1, #1\n"
 531             "    b.w     sub_fc3bd7a8\n" // continue in firmware
 532             "loc_fc157638:\n"
 533             "    pop     {r4, r5, r6, pc}\n"
 534     );
 535 }
 536 
 537 //fc0ecb7c
 538 void __attribute__((naked,noinline))
 539 kbd_p2_f_my ()
 540 {
 541     asm volatile(
 542             //capdis -f=chdk -s=0xfc0ecb7d -c=77 -stubs PRIMARY.BIN 0xfc000000
 543             "    push.w  {r4, r5, r6, r7, r8, lr}\n"
 544             "    ldr     r6, =0x0003ef70\n"
 545             "    sub     sp, #0x18\n"
 546             "    add     r7, sp, #8\n"
 547             "    subs    r6, #0xc\n"
 548             "    b       loc_fc0ecbbe\n"
 549             "loc_fc0ecb8a:\n"
 550             "    ldr     r1, =0x0003ef70\n"
 551             "    add     r3, sp, #8\n"
 552             "    ldrb.w  r0, [sp, #4]\n"
 553             "    add     r2, sp, #0x14\n"
 554             "    subs    r1, #0x18\n"
 555             "    bl      sub_fc09bb10\n"
 556             "    cbnz    r0, loc_fc0ecba4\n"
 557             "    ldr     r1, [sp, #0x14]\n"
 558             "    movs    r0, #0\n"
 559             "    bl      sub_fc0ecaee\n"
 560             "loc_fc0ecba4:\n"
 561             "    movs    r0, #2\n"
 562             "loc_fc0ecba6:\n"
 563             "    ldr.w   r1, [r7, r0, lsl #2]\n"
 564             "    cbz     r1, loc_fc0ecbb6\n"
 565             "    ldr.w   r2, [r6, r0, lsl #2]\n"
 566             "    bics    r2, r1\n"
 567             "    str.w   r2, [r6, r0, lsl #2]\n"
 568             "loc_fc0ecbb6:\n"
 569             "    subs    r0, r0, #1\n"
 570             "    sxtb    r0, r0\n"
 571             "    cmp     r0, #0\n"
 572             "    bge     loc_fc0ecba6\n"
 573             "loc_fc0ecbbe:\n"
 574             "    ldr     r0, =0x0003ef70\n"
 575             "    add     r1, sp, #4\n"
 576             "    subs    r0, #0xc\n"
 577             "    bl      sub_fc09b7f6\n"
 578             "    cmp     r0, #0\n"
 579             "    bne     loc_fc0ecb8a\n"
 580             "    ldr.w   r8, =0x0003ef70\n"
 581             "    movs    r4, #0\n"
 582             "loc_fc0ecbd2:\n"
 583             "    movs    r5, #0\n"
 584             "    ldr.w   r0, [r6, r4, lsl #2]\n"
 585             "    ldr.w   r1, [r8, r4, lsl #2]\n"
 586             "    ands    r0, r1\n"
 587             "    str.w   r0, [r6, r4, lsl #2]\n"
 588             "    b       loc_fc0ecc2a\n"
 589             "loc_fc0ecbe4:\n"
 590             "    lsrs    r0, r5\n"
 591             "    lsls    r0, r0, #0x1f\n"
 592             "    beq     loc_fc0ecc22\n"
 593             "    ldr     r1, =0x0003ef70\n"
 594             "    add.w   r0, r5, r4, lsl #5\n"
 595             "    add     r3, sp, #8\n"
 596             "    subs    r1, #0x18\n"
 597             "    add     r2, sp, #0x14\n"
 598             "    uxtb    r0, r0\n"
 599             "    bl      sub_fc09bb10\n"
 600             "    cbnz    r0, loc_fc0ecc06\n"
 601             "    ldr     r1, [sp, #0x14]\n"
 602             "    movs    r0, #1\n"
 603             "    bl      sub_fc0ecaee\n"
 604             "loc_fc0ecc06:\n"
 605             "    mov     r0, r4\n"
 606             "    b       loc_fc0ecc1e\n"
 607             "loc_fc0ecc0a:\n"
 608             "    ldr.w   r1, [r7, r0, lsl #2]\n"
 609             "    cbz     r1, loc_fc0ecc1a\n"
 610             "    ldr.w   r2, [r6, r0, lsl #2]\n"
 611             "    bics    r2, r1\n"
 612             "    str.w   r2, [r6, r0, lsl #2]\n"
 613             "loc_fc0ecc1a:\n"
 614             "    adds    r0, r0, #1\n"
 615             "    sxtb    r0, r0\n"
 616             "loc_fc0ecc1e:\n"
 617             "    cmp     r0, #3\n"
 618             "    blt     loc_fc0ecc0a\n"
 619             "loc_fc0ecc22:\n"
 620             "    ldr.w   r0, [r6, r4, lsl #2]\n"
 621             "    adds    r5, r5, #1\n"
 622             "    uxtb    r5, r5\n"
 623             "loc_fc0ecc2a:\n"
 624             "    cmp     r0, #0\n"
 625             "    bne     loc_fc0ecbe4\n"
 626             "    adds    r4, r4, #1\n"
 627             "    sxtb    r4, r4\n"
 628             "    cmp     r4, #3\n"
 629             "    blt     loc_fc0ecbd2\n"
 630             "    bl      sub_fc09b570_my\n" // Patched
 631             "    add     sp, #0x18\n"
 632             "    pop.w   {r4, r5, r6, r7, r8, pc}\n"
 633     );
 634 }
 635 
 636 //fc09b570
 637 void __attribute__((naked,noinline))
 638 sub_fc09b570_my ()
 639 {
 640     asm volatile(
 641             //capdis -f=chdk -s=0xfc09b571 -c=14 -stubs PRIMARY.BIN 0xfc000000
 642             "    push    {r4, lr}\n"
 643             "    ldr     r4, =0x00009c44\n"
 644             "    ldr     r0, [r4, #0xc]\n"
 645             "    bl      sub_fc0a3b54\n"
 646             "    ldr     r0, [r4, #0x10]\n"
 647             "    bl      sub_fc0a3bde\n"
 648             "    bl      sub_fc0a3c66\n"
 649             "    bl      sub_fc10b3f4\n"
 650             "    ldr     r0, [r4, #0x14]\n"
 651             "    bl      sub_fc0a3a84\n"
 652             "    ldr     r0, [r4, #0x18]\n"
 653             "    bl      sub_fc0a3a84\n"
 654 
 655             "    bl      handle_jogdial\n" // +
 656             "    cmp     r0, #0\n" // +
 657             "    beq     no_scroll\n" // +
 658 
 659             "    pop.w   {r4, lr}\n"
 660             "    b.w     sub_fc0a3fc2\n" // continue in firmware
 661 
 662             "no_scroll:\n" // +
 663             "    pop     {r4, pc}\n" // +
 664     );
 665 }
 666 
 667 //fc0ed152
 668 void __attribute__((naked,noinline))
 669 kbd_p1_f_cont_my ()
 670 {
 671     asm volatile(
 672             //capdis -f=chdk -s=0xfc0ed153 -c=18 -jfw -stubs PRIMARY.BIN 0xfc000000
 673             "    ldr     r3, =0x0003ef4c\n"
 674             "    movs    r0, #2\n"
 675             "    mov     r5, sp\n"
 676             "    add.w   r6, r3, #0x24\n"
 677             "loc_fc0ed15c:\n"
 678             "    add.w   r1, r6, r0, lsl #2\n"
 679             "    ldr.w   r2, [r3, r0, lsl #2]\n"
 680             "    ldr     r7, [r1, #0xc]\n"
 681             "    ldr     r1, [r1, #0x18]\n"
 682             "    and.w   r2, r2, r7\n"
 683             "    eor.w   r2, r2, r1\n"
 684             "    str.w   r2, [r5, r0, lsl #2]\n"
 685             "    subs    r0, r0, #1\n"
 686             "    bpl     loc_fc0ed15c\n"
 687             "    ldr     r2, =0x0003ef4c\n"
 688             "    mov     r0, sp\n"
 689             "    adds    r2, #0x18\n"
 690             "    sub.w   r1, r2, #0xc\n"
 691             "    bl      sub_fc0ecc40_my\n" // -> some physical status is re-read here (not into physw_status)
 692             "    ldr     pc, =0xfc0ed187\n" // Continue in firmware
 693     );
 694 }
 695 
 696 extern int physw0_override;
 697 
 698 //fc0ecc40
 699 void __attribute__((naked,noinline))
 700 sub_fc0ecc40_my ()
 701 {
 702     asm volatile(
 703             //capdis -f=chdk -s=0xfc0ecc41 -c=4 -jfw -stubs PRIMARY.BIN 0xfc000000
 704             "    push.w  {r0, r1, r2, r3, r4, r5, r6, r7, r8, sb, sl, fp, ip, lr}\n"
 705             "    ldr     r4, =0x0003ef70\n"
 706             "    mov     r5, r0\n"
 707             "    ldr     r0, =physw0_override\n" // +
 708             "    ldr.w   r0, [r0]\n" // + use CHDK override value
 709             //"    mov.w   r0, #-1\n"           // -
 710             "    ldr     pc, =0xfc0ecc4d\n" // Continue in firmware
 711     );
 712 }
 713 
 714 void __attribute__((naked,noinline)) task_TricInitTask_my() {
 715     asm volatile(
 716             //capdis -f=chdk -s=0xfc542289 -c=35 -stubs PRIMARY.BIN 0xfc000000
 717             "    push.w  {r0, r1, r2, r3, r4, r5, r6, r7, r8, sb, sl, fp, ip, lr}\n"
 718             "    movs    r0, #8\n"
 719             "    ldr     r1, =0xfc5424b4\n" //  *"InitTskStart"
 720             "    bl      sub_fc3b782e\n"
 721             "    ldr.w   sl, =0x000222dc\n"
 722             "    movw    fp, #0x1000\n"
 723             "    ldr     r4, =0x000222d8\n"
 724             "    movs    r2, #0\n"
 725             "    ldr     r1, =0x0703870f\n"
 726             "    ldr     r0, [r4]\n"
 727             "    blx     sub_fc34d22c\n"
 728             "    lsls    r0, r0, #0x1f\n"
 729             "    bne     sub_fc5422ac\n"    // + jump to FW
 730             "    ldr     r4, =0x000222d8\n"
 731             "    add     r1, sp, #0xc\n"
 732             "    ldr     r0, [r4]\n"
 733             "    blx     sub_fc34d014\n"
 734             "    ldr     r1, [sp, #0xc]\n"
 735             "    ldr     r0, [r4]\n"
 736             "    blx     sub_fc34d1e4\n"
 737             "    ldr     r0, =0x02000003\n"
 738             "    ldr     r7, [sp, #0xc]\n"
 739             "    tst     r7, r0\n"
 740             "    beq     sub_fc5423c2\n"    // + jump to FW
 741             "    lsls    r0, r7, #0x1f\n"
 742             "    beq     sub_fc5422e2\n"    // + jump to FW
 743 
 744             "    ldr     r0, =0xd2020074\n" // +
 745             "    ldr     r0, [r0]\n"        // + nonzero when core already running
 746             "    subs    r0, #0\n"          // +
 747             "    beq     tric1\n"           // +
 748             "    ldr     r0, [r4]\n"        // +
 749             "    mov     r1, #0x80\n"       // +
 750             "    bl      _SetEventFlag\n"   // + core already initialized, set the SmacIdleCmp eventflag here
 751             "tric1:\n"                      // +
 752 
 753             "    bl      sub_fc542766\n"
 754             "    b       sub_fc54234e\n"    // + jump to FW
 755     );
 756 }

/* [<][>][^][v][top][bottom][index][help] */