1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4
5 const char * const new_sa = &_end;
6
7
8 // Forward declarations
9 void CreateTask_PhySw();
10 void CreateTask_spytask();
11 extern volatile int jogdial_stopped;
12 void JogDial_task_my(void);
13
14
15 /*---------------------------------------------------------------------
16 Memory Map:
17 00001900 MEMBASEADDR start of data - used for initialized vars
18 00010FE3 end of inited data
19 00010FE4 start of bss - used for zeroed/uninited vars
20 00016E2F end of bss
21 0016EE30 MEMISOSTART start of CHDK code / data / bss
22 001B0000 end of CHDK data (approx)
23 001B0001 start of DRYOS heap (approx)
24 0037FFFF end of heap (?)
25
26 41269150 raw buffer 0
27 46000000 raw buffer 1
28
29 C0xxxxxx I/O
30
31 FF810000 ROMBASEADDR start of rom
32 FFFFFFFF end of rom
33 ----------------------------------------------------------------------*/
34
35
36 /*----------------------------------------------------------------------
37 taskCreateHook()
38 -----------------------------------------------------------------------*/
39 void taskCreateHook(int *p)
40 {
41 p-=17;
42
43 if (p[0] == (int)0xFF88322C)
44 p[0] = (int) capt_seq_task;
45
46 if (p[0] == (int)0xFF986420)
47 p[0] = (int) movie_record_task;
48
49 if (p[0] == (int)0xFF8A0AA0)
50 p[0] = (int) init_file_modules_task;
51
52 if (p[0] == (int)0xFF8CF1A8)
53 p[0] = (int) exp_drv_task;
54
55 if (p[0] == (int)0xFF865894)
56 p[0] = (int) JogDial_task_my;
57 }
58
59
60 /*----------------------------------------------------------------------
61 boot()
62
63 Main entry point for the CHDK code
64 -----------------------------------------------------------------------*/
65 void __attribute__((naked,noinline)) boot()
66 {
67 asm volatile (
68 " LDR R1, =0xC0410000 \n"
69 " MOV R0, #0 \n"
70 " STR R0, [R1] \n"
71
72 " MOV R1, #0x78 \n"
73 " MCR p15, 0, R1,c1,c0 \n" // control reg
74
75 " MOV R1, #0 \n"
76 " MCR p15, 0, R1,c7,c10, 4 \n" // drain write buffer
77 " MCR p15, 0, R1,c7,c5 \n" // flush instruction cache
78 " MCR p15, 0, R1,c7,c6 \n" // flush data cache
79
80 " MOV R0, #0x3D \n" // size 2GB base 0x00000000
81 " MCR p15, 0, R0,c6,c0 \n" // protection region 0
82 " MOV R0, #0xC000002F \n" // size 16M base 0xc0000000
83 " MCR p15, 0, R0,c6,c1 \n" // protection region 1
84 " MOV R0, #0x35 \n" // size 128M base 0x00000000 (s90 is 64M)
85 " MCR p15, 0, R0,c6,c2 \n" // protection region 2
86 " MOV R0, #0x40000035 \n" // size 128M base 0x40000000 (s90 is 64M)
87 " MCR p15, 0, R0,c6,c3 \n" // protection region 3
88 " MOV R0, #0x80000017 \n" // size 4k base 0x80000000
89 " MCR p15, 0, R0,c6,c4 \n" // protection region 4
90 " LDR R0, =0xFF80002D \n" // size 8M base 0xff800000
91 " MCR p15, 0, R0,c6,c5 \n" // protection region 5
92
93 " MOV R0, #0x34 \n" // regions 2,4,5
94 " MCR p15, 0, R0,c2,c0 \n" // data cachable bits
95 " MOV R0, #0x34 \n" // regions 2,4,5
96 " MCR p15, 0, R0,c2,c0, 1 \n" // instruction cachable bits
97
98 " MOV R0, #0x34 \n" // regions 2,4,5
99 " MCR p15, 0, R0,c3,c0 \n" // data bufferable bits
100 " LDR R0, =0x3333330 \n" // region 0,7 = --, 1-6 = rw
101 " MCR p15, 0, R0,c5,c0, 2 \n" // data access permission
102 " LDR R0, =0x3333330 \n" // region 0,7 = --, 1-6 = rw
103 " MCR p15, 0, R0,c5,c0, 3 \n" // instruction access permission
104
105 " MRC p15, 0, R0,c1,c0 \n" // control reg
106 " ORR R0, R0, #0x1000 \n" // enable L1 instruction cache
107 " ORR R0, R0, #4 \n" // L1 unified/data cache enable
108 " ORR R0, R0, #1 \n" // MMU or Protection Unit enable
109 " MCR p15, 0, R0,c1,c0 \n" // control reg
110
111 " MOV R1, #0x80000006 \n" // size 4K base 0x80000000
112 " MCR p15, 0, R1,c9,c1 \n" // data tightly-coupled memory
113 " MOV R1, #6 \n" // size 4K base 0x00000000
114 " MCR p15, 0, R1,c9,c1, 1 \n" // instruction tightly-coupled memory
115 " MRC p15, 0, R1,c1,c0 \n" // control reg
116
117 " ORR R1, R1, #0x50000 \n" // DRAM bit | IRAM bit
118 " MCR p15, 0, R1,c1,c0 \n" // control reg
119
120 " LDR R2, =0xC0200000 \n"
121 " MOV R1, #1 \n"
122 " STR R1, [R2,#0x10C] \n"
123
124 " MOV R1, #0xFF \n"
125 " STR R1, [R2,#0xC] \n"
126 " STR R1, [R2,#0x1C] \n"
127 " STR R1, [R2,#0x2C] \n"
128 " STR R1, [R2,#0x3C] \n"
129 " STR R1, [R2,#0x4C] \n"
130 " STR R1, [R2,#0x5C] \n"
131 " STR R1, [R2,#0x6C] \n"
132 " STR R1, [R2,#0x7C] \n"
133 " STR R1, [R2,#0x8C] \n"
134 " STR R1, [R2,#0x9C] \n"
135 " STR R1, [R2,#0xAC] \n"
136 " STR R1, [R2,#0xBC] \n"
137 " STR R1, [R2,#0xCC] \n"
138 " STR R1, [R2,#0xDC] \n"
139 " STR R1, [R2,#0xEC] \n"
140 " STR R1, [R2,#0xFC] \n"
141
142 " LDR R1, =0xC0400008 \n"
143 " LDR R2, =0x430005 \n"
144 " STR R2, [R1] \n"
145
146 " MOV R1, #1 \n"
147 " LDR R2, =0xC0243100 \n"
148 " STR R2, [R1] \n"
149
150 " LDR R2, =0xC0242010 \n"
151 " LDR R1, [R2] \n"
152 " ORR R1, R1, #1 \n"
153 " STR R1, [R2] \n"
154
155 " LDR R0, =0xFFC9A08C \n" // init data section
156 " LDR R1, =0x1900 \n"
157 " LDR R3, =0x10FE4 \n"
158 "loc_FF81013C: \n"
159 " CMP R1, R3 \n"
160 " LDRCC R2, [R0],#4 \n"
161 " STRCC R2, [R1],#4 \n"
162 " BCC loc_FF81013C \n"
163
164 " LDR R1, =0x16EE30 \n" // clear bss section
165 " MOV R2, #0 \n"
166 "loc_FF810154: \n"
167 " CMP R3, R1 \n"
168 " STRCC R2, [R3],#4 \n"
169 " BCC loc_FF810154 \n"
170
171 //" B sub_FF810354 \n"
172 " B sub_FF810354_my \n" // patched
173 );
174 };
175
176
177 /*----------------------------------------------------------------------
178 sub_FF810354_my
179 -----------------------------------------------------------------------*/
180 void __attribute__((naked,noinline)) sub_FF810354_my()
181 {
182 *(int*)0x1938 = (int)taskCreateHook;
183 *(int*)0x193c = (int)taskCreateHook;
184
185 // s95 @FF864D68
186 // fix for correct power-on
187 // must also comment out function in taskcreate_Startup_my
188
189 if ((*(int*) 0xC0220128) & 1) // look at play switch
190 *(int*)(0x25E8) = 0x200000; // start in play mode
191 else
192 *(int*)(0x25E8) = 0x100000; // start in rec mode
193
194 asm volatile (
195 " LDR R0, =0xFF8103CC \n"
196 " MOV R1, #0 \n"
197 " LDR R3, =0xFF810404 \n"
198 "loc_FF810360: \n"
199 " CMP R0, R3 \n"
200 " LDRCC R2, [R0],#4 \n"
201 " STRCC R2, [R1],#4 \n"
202 " BCC loc_FF810360 \n"
203 " LDR R0, =0xFF810404 \n"
204 " MOV R1, #0x4B0 \n"
205 " LDR R3, =0xFF810618 \n"
206 "loc_FF81037C: \n"
207 " CMP R0, R3 \n"
208 " LDRCC R2, [R0],#4 \n"
209 " STRCC R2, [R1],#4 \n"
210 " BCC loc_FF81037C \n"
211 " MOV R0, #0xD2 \n"
212 " MSR CPSR_cxsf, R0 \n"
213 " MOV SP, #0x1000 \n"
214 " MOV R0, #0xD3 \n"
215 " MSR CPSR_cxsf, R0 \n"
216 " MOV SP, #0x1000 \n"
217 " LDR R0, =0x6C4 \n"
218 " LDR R2, =0xEEEEEEEE \n"
219 " MOV R3, #0x1000 \n"
220 "loc_FF8103B0: \n"
221 " CMP R0, R3 \n"
222 " STRCC R2, [R0],#4 \n"
223 " BCC loc_FF8103B0 \n"
224
225 //" BL sub_FF811198 \n"
226 " BL sub_FF811198_my \n" // patched
227
228 "loc_FF8103C0: \n"
229 " ANDEQ R0, R0, R4,ASR#13 \n"
230 "loc_FF8103C4: \n"
231 " ANDEQ R0, R0, R0,ROR R6 \n"
232 "loc_FF8103C8: \n"
233 " ANDEQ R0, R0, R4,ROR R6 \n"
234 "loc_FF8103CC: \n"
235 " NOP \n"
236 " LDR PC, =0xFF810618 \n"
237 );
238 }
239
240
241 /*----------------------------------------------------------------------
242 sub_FF811198_my
243 -----------------------------------------------------------------------*/
244 void __attribute__((naked,noinline)) sub_FF811198_my()
245 {
246 asm volatile (
247 " STR LR, [SP,#-4]! \n"
248 " SUB SP, SP, #0x74 \n"
249 " MOV R0, SP \n"
250 " MOV R1, #0x74 \n"
251 " BL sub_FFB9F180 \n"
252 " MOV R0, #0x53000 \n"
253 " STR R0, [SP,#4] \n"
254
255 //" LDR R0, =0x16EE30 \n"
256 " LDR R0, =new_sa \n" // patched
257 " LDR R0, [R0] \n"
258
259 " LDR R1, =0x379C00 \n"
260 " STR R0, [SP,#8] \n"
261 " RSB R0, R0, #0x1F80 \n"
262 " ADD R0, R0, #0x370000 \n"
263 " STR R0, [SP,#0x0c] \n"
264 " LDR R0, =0x371F80 \n"
265 " STR R1, [SP,#0] \n"
266 " STRD R0, [SP,#0x10] \n"
267 " MOV R0, #0x22 \n"
268 " STR R0, [SP,#0x18] \n"
269 " MOV R0, #0x68 \n"
270 " STR R0, [SP,#0x1c] \n"
271 " LDR R0, =0x19B \n"
272
273 //" LDR R1, =sub_FF815EE0 \n"
274 " LDR R1, =sub_FF815EE0_my \n" // patched
275
276 " STR R0, [SP,#0x20] \n"
277 " MOV R0, #0x96 \n"
278 " STR R0, [SP,#0x24] \n"
279 " STR R0, [SP,#0x28] \n"
280 " MOV R0, #0x64 \n"
281 " STR R0, [SP,#0x2c] \n"
282 " MOV R0, #0 \n"
283 " STR R0, [SP,#0x30] \n"
284 " STR R0, [SP,#0x34] \n"
285 " MOV R0, #0x10 \n"
286 " STR R0, [SP,#0x5c] \n"
287 " MOV R0, #0x800 \n"
288 " STR R0, [SP,#0x60] \n"
289 " MOV R0, #0xA0 \n"
290 " STR R0, [SP,#0x64] \n"
291 " MOV R0, #0x280 \n"
292 " STR R0, [SP,#0x68] \n"
293 " MOV R0, SP \n"
294 " MOV R2, #0 \n"
295 " BL sub_FF8134B8 \n"
296 " ADD SP, SP, #0x74 \n"
297 " LDR PC, [SP],#4 \n"
298 );
299 }
300
301
302 /*----------------------------------------------------------------------
303 sub_FF815EE0_my
304 -----------------------------------------------------------------------*/
305 void __attribute__((naked,noinline)) sub_FF815EE0_my()
306 {
307 asm volatile (
308 " STMFD SP!, {R4,LR} \n"
309 " BL sub_FF810B20 \n"
310 " BL sub_FF81A33C \n" // dmSetup
311 " CMP R0, #0 \n"
312 " LDRLT r0, =0xFF815FF4 \n" // "dmSetup"
313 " BLLT sub_FF815FD4 \n" // err_init_task
314 " BL sub_FF815B1C \n"
315 " CMP R0, #0 \n"
316 " LDRLT R0, =0xFF815FFC \n" // "termDriverInit"
317 " BLLT sub_FF815FD4 \n" // err_init_task
318 " LDR R0, =0xFF81600C \n" // "/_term"
319 " BL sub_FF815C04 \n" // termDeviceCreate
320 " CMP R0, #0 \n"
321 " LDRLT R0, =0xFF816014 \n" // "termDeviceCreate"
322 " BLLT sub_FF815FD4 \n" // err_init_task
323 " LDR R0, =0xFF81600C \n" // "/_term"
324 " BL sub_FF813CA4 \n"
325 " CMP R0, #0 \n"
326 " LDRLT R0, =0xFF816028 \n" // "stdioSetup"
327 " BLLT sub_FF815FD4 \n" // err_init_task
328 " BL sub_FF819CC4 \n"
329 " CMP R0, #0 \n"
330 " LDRLT R0, =0xFF816034 \n" // "stdlibSetup"
331 " BLLT sub_FF815FD4 \n" // err_init_task
332 " BL sub_FF81167C \n"
333 " CMP R0, #0 \n"
334 " LDRLT R0, =0xFF816040 \n" // "armlib_setup"
335 " BLLT sub_FF815FD4 \n" // err_init_task
336 " LDMFD SP!, {R4,LR} \n"
337
338 //" B sub_FF81FB54 \n" // taskcreate_Startup
339 " B taskcreate_Startup_my \n" // patched
340
341 " MOV R0, #0 \n"
342 " LDMFD SP!, {R3-R5,PC} \n"
343 );
344 }
345
346
347 /*----------------------------------------------------------------------
348 taskcreate_Startup_my
349 -----------------------------------------------------------------------*/
350 void __attribute__((naked,noinline)) taskcreate_Startup_my()
351 {
352 asm volatile (
353 " STMFD SP!, {R3-R5,LR} \n"
354 " BL sub_FF8346CC \n" // j_nullsub_60
355 " BL sub_FF83C6B0 \n"
356 " CMP R0, #0 \n"
357 " BNE loc_FF81FBA8 \n"
358 " BL sub_FF8360B8 \n"
359 " CMP R0, #0 \n"
360 " BEQ loc_FF81FBA8 \n"
361 " LDR R4, =0xC0220000 \n"
362 " LDR R0, [R4,#0x12C] \n"
363 " TST R0, #1 \n"
364 " MOVEQ R0, #0x12C \n"
365 " BLEQ sub_FF83AA4C \n" // eventproc_export_SleepTask
366 " BL sub_FF8346C8 \n"
367 " CMP R0, #0 \n"
368 " BNE loc_FF81FBA8 \n"
369 " BL sub_FF833D5C \n"
370 " MOV R0, #0x44 \n"
371 " STR R0, [R4,#0x1C] \n"
372 " BL sub_FF833F4C \n"
373 "loc_FF81FBA4: \n"
374 " B loc_FF81FBA4 \n"
375 "loc_FF81FBA8: \n"
376
377 // we must remove this for power-on mode handling in sub_FF810354_my to work
378 //" BL sub_FF8346D4 \n"
379
380 " BL sub_FF8346D0 \n" // j_nullsub_61
381 " BL sub_FF83A8C4 \n"
382 " LDR R1, =0x3CE000 \n"
383 " MOV R0, #0 \n"
384 " BL sub_FF83AD0C \n"
385 " BL sub_FF83AAB8 \n"
386 " MOV R3, #0 \n"
387 " STR R3, [SP] \n"
388
389 //" LDR R3, =0xFF81FAF0 \n" // task_Startup
390 " LDR R3, =task_Startup_my \n" // patched
391
392 " MOV R2, #0 \n"
393 " MOV R1, #0x19 \n"
394 " LDR R0, =0xFF81FBF0 \n" // "Startup"
395 " BL sub_FF81E8A0 \n" // eventproc_export_CreateTask
396 " MOV R0, #0 \n"
397 " LDMFD SP!, {R3-R5,PC} \n"
398
399 );
400 }
401
402
403 /*----------------------------------------------------------------------
404 task_Startup_my
405 -----------------------------------------------------------------------*/
406 void __attribute__((naked,noinline)) task_Startup_my()
407 {
408 asm volatile (
409 " STMFD SP!, {R4,LR} \n"
410 " BL sub_FF816594 \n" // taskcreate_ClockSave
411 " BL sub_FF835830 \n"
412 " BL sub_FF8339B4 \n"
413 " BL sub_FF83C6F4 \n" // j_nullsub_63
414 " BL sub_FF83C8E0 \n"
415
416 //" BL sub_FF83C788 \n" // Skip starting diskboot.bin again
417
418 " BL sub_FF83CA88 \n"
419 " BL sub_FF832484 \n"
420 " BL sub_FF83C910 \n"
421 " BL sub_FF83A068 \n"
422 " BL sub_FF83CA8C \n"
423
424 //" BL sub_FF8345B0 \n" // taskcreate_PhySw
425 );
426
427 CreateTask_PhySw(); // our keyboard task
428
429 CreateTask_spytask(); // chdk initialization
430
431 asm volatile (
432 " BL sub_FF837D14 \n"
433 " BL sub_FF83CAA4 \n"
434 " BL sub_FF831888 \n" // nullsub_2
435 " BL sub_FF833318 \n"
436 " BL sub_FF83C478 \n" // taskcreate_Bye
437 " BL sub_FF833968 \n"
438 " BL sub_FF8332B4 \n"
439 " BL sub_FF8324B8 \n"
440 " BL sub_FF83D670 \n"
441 " BL sub_FF833278 \n"
442 " LDMFD SP!, {R4,LR} \n"
443 " B sub_FF8166B4 \n"
444 );
445 }
446
447
448 /*----------------------------------------------------------------------
449 spytask
450 -----------------------------------------------------------------------*/
451 void spytask(long ua, long ub, long uc, long ud, long ue, long uf)
452 {
453 (void)ua; (void)ub; (void)uc; (void)ud; (void)ue; (void)uf;
454 core_spytask();
455 }
456
457
458 /*----------------------------------------------------------------------
459 CreateTask_spytask
460 -----------------------------------------------------------------------*/
461 void CreateTask_spytask()
462 {
463 _CreateTask("SpyTask", 0x19, 0x2000, spytask, 0);
464 }
465
466
467 /*----------------------------------------------------------------------
468 CreateTask_PhySw
469 -----------------------------------------------------------------------*/
470 void __attribute__((naked,noinline)) CreateTask_PhySw()
471 {
472 asm volatile (
473 " STMFD SP!, {R3-R5,LR} \n"
474 " LDR R4, =0x1C30 \n"
475 " LDR R0, [R4,#0x10] \n"
476 " CMP R0, #0 \n"
477 " BNE loc_FF8345E4 \n"
478 " MOV R3, #0 \n"
479 " STR R3, [SP] \n"
480
481 //" ADR R3, task_PhySw \n"
482 //" LDR R3, =sub_FF83457C \n"
483 //" MOV R2, #0x800 \n"
484
485 " LDR R3, =mykbd_task \n" // PhySw Task patch
486 " MOV R2, #0x2000 \n" // larger stack
487
488 " MOV R1, #0x17 \n"
489 " LDR R0, =0xFF8347DC \n" // "PhySw"
490 " BL sub_FF83AB0C \n" // KernelCreateTask
491 " STR R0, [R4,#0x10] \n"
492 "loc_FF8345E4: \n"
493 " BL sub_FF865BC0 \n"
494 " BL sub_FF894834 \n"
495 " BL sub_FF836030 \n"
496 " CMP R0, #0 \n"
497 " LDREQ R1, =0x34CC0 \n"
498 " LDMEQFD SP!, {R3-R5,LR} \n"
499 " BEQ sub_FF8947BC \n" // eventproc_export_OpLog.Start
500 " LDMFD SP!, {R3-R5,PC} \n"
501 );
502 }
503
504
505 /*----------------------------------------------------------------------
506 init_file_modules_task()
507 -----------------------------------------------------------------------*/
508 void __attribute__((naked,noinline)) init_file_modules_task()
509 {
510 asm volatile (
511 " STMFD SP!, {R4-R6,LR} \n"
512 " BL sub_FF896CE0 \n"
513 " LDR R5, =0x5006 \n"
514 " MOVS R4, R0 \n"
515 " MOVNE R1, #0 \n"
516 " MOVNE R0, R5 \n"
517 " BLNE sub_FF89AAD4 \n" // eventproc_export_PostLogicalEventToUI
518
519 //" BL sub_FF896D0C \n"
520 " BL sub_FF896D0C_my \n" // patched
521
522 " BL core_spytask_can_start\n" // added
523
524 " CMP R4, #0 \n"
525 " MOVEQ R0, R5 \n"
526 " LDMEQFD SP!, {R4-R6,LR} \n"
527 " MOVEQ R1, #0 \n"
528 " BEQ sub_FF89AAD4 \n" // eventproc_export_PostLogicalEventToUI
529 " LDMFD SP!, {R4-R6,PC} \n"
530 );
531 }
532
533
534 /*----------------------------------------------------------------------
535 sub_FF896D0C_my()
536 -----------------------------------------------------------------------*/
537 void __attribute__((naked,noinline)) sub_FF896D0C_my()
538 {
539 asm volatile (
540 " STMFD SP!, {R4,LR} \n"
541 " MOV R0, #3 \n"
542
543 //" BL sub_FF876598 \n"
544 " BL sub_FF876598_my \n" // patched
545
546 " BL sub_FF96A8E8 \n" // nullsub_94
547 " LDR R4, =0x3244 \n"
548 " LDR R0, [R4,#4] \n"
549 " CMP R0, #0 \n"
550 " BNE loc_FF896D44 \n"
551 " BL sub_FF8757DC \n"
552 " BL sub_FF95D878 \n"
553 " BL sub_FF8757DC \n"
554 " BL sub_FF871B80 \n"
555 " BL sub_FF8756DC \n"
556 " BL sub_FF95D914 \n"
557 "loc_FF896D44: \n"
558 " MOV R0, #1 \n"
559 " STR R0, [R4] \n"
560 " LDMFD SP!, {R4,PC} \n"
561 );
562 }
563
564
565 /*----------------------------------------------------------------------
566 sub_FF876598_my()
567 -----------------------------------------------------------------------*/
568 void __attribute__((naked,noinline)) sub_FF876598_my()
569 {
570 asm volatile (
571 " STMFD SP!, {R4-R8,LR} \n"
572 " MOV R8, R0 \n"
573 " BL sub_FF876518 \n"
574 " LDR R1, =0x3B0A8 \n"
575 " MOV R6, R0 \n"
576 " ADD R4, R1, R0,LSL#7 \n"
577 " LDR R0, [R4,#0x6C] \n"
578 " CMP R0, #4 \n"
579 " LDREQ R1, =0x83F \n"
580 " LDREQ R0, =0xFF876058 \n"
581 " BLEQ sub_FF81EB78 \n" // DebugAssert
582 " MOV R1, R8 \n"
583 " MOV R0, R6 \n"
584 " BL sub_FF875DCC \n"
585 " LDR R0, [R4,#0x38] \n"
586 " BL sub_FF876C3C \n"
587 " CMP R0, #0 \n"
588 " STREQ R0, [R4,#0x6C] \n"
589 " MOV R0, R6 \n"
590 " BL sub_FF875E5C \n"
591 " MOV R0, R6 \n"
592
593 //" BL sub_FF8761C0 \n"
594 " BL sub_FF8761C0_my \n" // patched
595
596 " MOV R5, R0 \n"
597 " MOV R0, R6 \n"
598 " BL sub_FF8763F0 \n"
599 " LDR R6, [R4,#0x3C] \n"
600 " AND R7, R5, R0 \n"
601 " CMP R6, #0 \n"
602 " LDR R1, [R4,#0x38] \n"
603 " MOVEQ R0, #0x80000001 \n"
604 " MOV R5, #0 \n"
605 " BEQ loc_FF876648 \n"
606 " MOV R0, R1 \n"
607 " BL sub_FF875944 \n"
608 " CMP R0, #0 \n"
609 " MOVNE R5, #4 \n"
610 " CMP R6, #5 \n"
611 " ORRNE R0, R5, #1 \n"
612 " BICEQ R0, R5, #1 \n"
613 " CMP R7, #0 \n"
614 " BICEQ R0, R0, #2 \n"
615 " ORREQ R0, R0, #0x80000000 \n"
616 " BICNE R0, R0, #0x80000000 \n"
617 " ORRNE R0, R0, #2 \n"
618
619 "loc_FF876648: \n"
620 " CMP R8, #7 \n"
621 " STR R0, [R4,#0x40] \n"
622 " LDMNEFD SP!, {R4-R8,PC} \n"
623 " MOV R0, R8 \n"
624 " BL sub_FF876568 \n"
625 " CMP R0, #0 \n"
626 " LDMEQFD SP!, {R4-R8,LR} \n"
627 " LDREQ R0, =0xFF876694 \n" // "EMEM MOUNT ERROR"
628 " BEQ sub_FF81177C \n" // qPrintf
629 " LDMFD SP!, {R4-R8,PC} \n"
630 );
631 }
632
633
634 /*----------------------------------------------------------------------
635 sub_FF8761C0_my()
636 -----------------------------------------------------------------------*/
637 void __attribute__((naked,noinline)) sub_FF8761C0_my()
638 {
639 asm volatile (
640 " STMFD SP!, {R4-R6,LR} \n"
641 " MOV R5, R0 \n"
642 " LDR R0, =0x3B0A8 \n"
643 " ADD R4, R0, R5,LSL#7 \n"
644 " LDR R0, [R4,#0x6C] \n"
645 " TST R0, #2 \n"
646 " MOVNE R0, #1 \n"
647 " LDMNEFD SP!, {R4-R6,PC} \n"
648 " LDR R0, [R4,#0x38] \n"
649 " MOV R1, R5 \n"
650
651 //" BL sub_FF875EE0 \n"
652 " BL sub_FF875EE0_my \n" // patched
653
654 " CMP R0, #0 \n"
655 " LDRNE R0, [R4,#0x38] \n"
656 " MOVNE R1, R5 \n"
657 " BLNE sub_FF87607C \n"
658 " LDR R2, =0x3B128 \n"
659 " ADD R1, R5, R5,LSL#4 \n"
660 " LDR R1, [R2,R1,LSL#2] \n"
661 " CMP R1, #4 \n"
662 " BEQ loc_FF876220 \n"
663 " CMP R0, #0 \n"
664 " LDMEQFD SP!, {R4-R6,PC} \n"
665 " MOV R0, R5 \n"
666 " BL sub_FF8759D4 \n"
667 "loc_FF876220: \n"
668 " CMP R0, #0 \n"
669 " LDRNE R1, [R4,#0x6C] \n"
670 " ORRNE R1, R1, #2 \n"
671 " STRNE R1, [R4,#0x6C] \n"
672 " LDMFD SP!, {R4-R6,PC} \n"
673 );
674 }
675
676
677 /*----------------------------------------------------------------------
678 sub_FF875EE0_my()
679 -----------------------------------------------------------------------*/
680 void __attribute__((naked,noinline)) sub_FF875EE0_my()
681 {
682 asm volatile (
683 " STMFD SP!, {R4-R10,LR} \n"
684 " MOV R9, R0 \n"
685 " LDR R0, =0x3B0A8 \n"
686 " MOV R8, #0 \n"
687 " ADD R5, R0, R1,LSL#7 \n"
688 " LDR R0, [R5,#0x3C] \n"
689 " MOV R7, #0 \n"
690 " CMP R0, #7 \n"
691 " MOV R6, #0 \n"
692 " ADDLS PC, PC, R0,LSL#2 \n"
693 " B loc_FF876038 \n"
694 "loc_FF875F0C: \n"
695 " B loc_FF875F44 \n"
696 "loc_FF875F10: \n"
697 " B loc_FF875F2C \n"
698 "loc_FF875F14: \n"
699 " B loc_FF875F2C \n"
700 "loc_FF875F18: \n"
701 " B loc_FF875F2C \n"
702 "loc_FF875F1C: \n"
703 " B loc_FF875F2C \n"
704 "loc_FF875F20: \n"
705 " B loc_FF876030 \n"
706 "loc_FF875F24: \n"
707 " B loc_FF875F2C \n"
708 "loc_FF875F28: \n"
709 " B loc_FF875F2C \n"
710 "loc_FF875F2C: \n"
711 // jumptable FF875F04 entries 1-4,6,7
712 " MOV R2, #0 \n"
713 " MOV R1, #0x200 \n"
714 " MOV R0, #2 \n"
715 " BL sub_FF890D90 \n"
716 " MOVS R4, R0 \n"
717 " BNE loc_FF875F4C \n"
718 "loc_FF875F44: \n"
719 // jumptable FF875F04 entry 0
720 " MOV R0, #0 \n"
721 " LDMFD SP!, {R4-R10,PC} \n"
722 "loc_FF875F4C: \n"
723 " LDR R12, [R5,#0x50] \n"
724 " MOV R3, R4 \n"
725 " MOV R2, #1 \n"
726 " MOV R1, #0 \n"
727 " MOV R0, R9 \n"
728 " BLX R12 \n"
729 " CMP R0, #1 \n"
730 " BNE loc_FF875F78 \n"
731 " MOV R0, #2 \n"
732 " BL sub_FF890EE0 \n"
733 " B loc_FF875F44 \n"
734 "loc_FF875F78: \n"
735 " LDR R1, [R5,#0x64] \n"
736 " MOV R0, R9 \n"
737 " BLX R1 \n"
738
739 //------------------ begin added code ---------------
740 "MOV R1, R4\n" // pointer to MBR in R1
741 "BL mbr_read_dryos\n" // total sectors count in R0 before and after call
742
743 // Start of DataGhost's FAT32 autodetection code
744 // Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
745 // According to the code below, we can use R1, R2, R3 and R12.
746 // LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
747 // that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
748 "MOV R12, R4\n" // Copy the MBR start address so we have something to work with
749 "MOV LR, R4\n" // Save old offset for MBR signature
750 "MOV R1, #1\n" // Note the current partition number
751 "B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
752 "dg_sd_fat32:\n"
753 "CMP R1, #4\n" // Did we already see the 4th partition?
754 "BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
755 "ADD R12, R12, #0x10\n" // Second partition
756 "ADD R1, R1, #1\n" // Second partition for the loop
757 "dg_sd_fat32_enter:\n"
758 "LDRB R2, [R12, #0x1BE]\n" // Partition status
759 "LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
760 "CMP R3, #0xB\n" // Is this a FAT32 partition?
761 "CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
762 "BNE dg_sd_fat32\n" // No, it isn't.
763 "CMP R2, #0x00\n" // It is, check the validity of the partition type
764 "CMPNE R2, #0x80\n"
765 "BNE dg_sd_fat32\n" // Invalid, go to next partition
766 // This partition is valid, it's the first one, bingo!
767 "MOV R4, R12\n" // Move the new MBR offset for the partition detection.
768
769 "dg_sd_fat32_end:\n"
770 // End of DataGhost's FAT32 autodetection code
771 //------------------ end added code ---------------
772
773 " LDRB R1, [R4,#0x1C9] \n"
774 " LDRB R3, [R4,#0x1C8] \n"
775 " LDRB R12, [R4,#0x1CC] \n"
776 " MOV R1, R1,LSL#24 \n"
777 " ORR R1, R1, R3,LSL#16 \n"
778 " LDRB R3, [R4,#0x1C7] \n"
779 " LDRB R2, [R4,#0x1BE] \n"
780
781 //" LDRB LR, [R4,#0x1FF] \n" // replaced, see below
782
783 " ORR R1, R1, R3,LSL#8 \n"
784 " LDRB R3, [R4,#0x1C6] \n"
785 " CMP R2, #0 \n"
786 " CMPNE R2, #0x80 \n"
787 " ORR R1, R1, R3 \n"
788 " LDRB R3, [R4,#0x1CD] \n"
789 " MOV R3, R3,LSL#24 \n"
790 " ORR R3, R3, R12,LSL#16 \n"
791 " LDRB R12, [R4,#0x1CB] \n"
792 " ORR R3, R3, R12,LSL#8 \n"
793 " LDRB R12, [R4,#0x1CA] \n"
794 " ORR R3, R3, R12 \n"
795
796 //" LDRB R12, [R4,#0x1FE] \n"
797 "LDRB R12, [LR,#0x1FE]\n" // New! First MBR signature byte (0x55)
798 "LDRB LR, [LR,#0x1FF]\n" // Last MBR signature byte (0xAA)
799
800 " BNE loc_FF876004 \n"
801 " CMP R0, R1 \n"
802 " BCC loc_FF876004 \n"
803 " ADD R2, R1, R3 \n"
804 " CMP R2, R0 \n"
805 " CMPLS R12, #0x55 \n"
806 " CMPEQ LR, #0xAA \n"
807 " MOVEQ R7, R1 \n"
808 " MOVEQ R6, R3 \n"
809 " MOVEQ R4, #1 \n"
810 " BEQ loc_FF876008 \n"
811 "loc_FF876004: \n"
812 " MOV R4, R8 \n"
813 "loc_FF876008: \n"
814 " MOV R0, #2 \n"
815 " BL sub_FF890EE0 \n"
816 " CMP R4, #0 \n"
817 " BNE loc_FF876044 \n"
818 " LDR R1, [R5,#0x64] \n"
819 " MOV R7, #0 \n"
820 " MOV R0, R9 \n"
821 " BLX R1 \n"
822 " MOV R6, R0 \n"
823 " B loc_FF876044 \n"
824 "loc_FF876030: \n"
825 // jumptable FF875F04 entry 5
826 " MOV R6, #0x40 \n"
827 " B loc_FF876044 \n"
828 "loc_FF876038: \n"
829 // jumptable FF875F04 default entry
830 " LDR R1, =0x597 \n"
831 " LDR R0, =0xFF876058 \n" // "Mounter.c"
832 " BL sub_FF81EB78 \n" // DebugAssert
833 "loc_FF876044: \n"
834 " STR R7, [R5,#0x44]! \n"
835 " STMIB R5, {R6,R8} \n"
836 " MOV R0, #1 \n"
837 " LDMFD SP!, {R4-R10,PC} \n"
838 );
839 }
840
841
842 /*----------------------------------------------------------------------
843 JogDial_task_my()
844
845 Patched jog dial task
846 -----------------------------------------------------------------------*/
847 void __attribute__((naked,noinline)) JogDial_task_my()
848 {
849 asm volatile (
850 " STMFD SP!, {R4-R11,LR} \n"
851 " SUB SP, SP, #0x24 \n"
852 " BL sub_FF865C2C \n"
853 " LDR R1, =0x25FC \n"
854 " LDR R6, =0xFFBA52C4 \n"
855 " MOV R0, #0 \n"
856 " ADD R3, SP, #0x18 \n"
857 " ADD R12, SP, #0x1c \n"
858 " ADD R10, SP, #0x08 \n"
859 " MOV R2, #0 \n"
860 " ADD R9, SP, #0x10 \n"
861
862 "loc_FF8658C0: \n"
863 " ADD R12, SP, #0x1c \n"
864 " ADD LR, R12, R0,LSL#1 \n"
865 " MOV R2, #0 \n"
866 " ADD R3, SP, #0x18 \n"
867 " STRH R2, [LR] \n"
868 " ADD LR, R3, R0,LSL#1 \n"
869 " STRH R2, [LR] \n"
870 " STR R2, [R9,R0,LSL#2] \n"
871 " STR R2, [R10,R0,LSL#2] \n"
872 " ADD R0, R0, #1 \n"
873 " CMP R0, #2 \n"
874 " BLT loc_FF8658C0 \n"
875
876 "loc_FF8658F0: \n"
877 " LDR R0, =0x25FC \n"
878 " MOV R2, #0 \n"
879 " LDR R0, [R0,#8] \n"
880 " MOV R1, SP \n"
881 " BL sub_FF83A2F8 \n"
882 " CMP R0, #0 \n"
883 " LDRNE R1, =0x262 \n"
884 " LDRNE R0, =0xFF865B50 \n" // "RotaryEncoder.c"
885 " BLNE sub_FF81EB78 \n" // DebugAssert
886
887 //------------------ begin added code ---------------
888 "labelA:\n"
889 "LDR R0, =jogdial_stopped\n"
890 "LDR R0, [R0]\n"
891 "CMP R0, #1\n"
892 "BNE labelB\n" // continue on if jogdial_stopped = 0
893 "MOV R0, #40\n"
894 "BL _SleepTask\n" // jogdial_stopped=1 -- give time back to OS and suspend jogdial task
895 "B labelA\n"
896 "labelB:\n"
897 //------------------ end added code -----------------
898
899 " LDR R0, [SP] \n"
900 " AND R4, R0, #0xFF \n"
901 " AND R0, R0, #0xFF00 \n"
902 " CMP R0, #0x100 \n"
903 " BEQ loc_FF865960 \n"
904 " CMP R0, #0x200 \n"
905 " BEQ loc_FF865998 \n"
906 " CMP R0, #0x300 \n"
907 " BEQ loc_FF865B90 \n"
908 " CMP R0, #0x400 \n"
909 " BNE loc_FF8658F0 \n"
910 " CMP R4, #0 \n"
911 " LDRNE R1, =0x2ED \n"
912 " LDRNE R0, =0xFF865B50 \n" // "RotaryEncoder.c"
913 " BLNE sub_FF81EB78 \n" // DebugAssert
914 " RSB R0, R4, R4,LSL#3 \n"
915 " LDR R0, [R6,R0,LSL#2] \n"
916
917 "loc_FF865958: \n"
918 " BL sub_FF865C10 \n"
919 " B loc_FF8658F0 \n"
920
921 "loc_FF865960: \n"
922 " LDR R7, =0x260C \n"
923 " LDR R0, [R7,R4,LSL#2] \n"
924 " BL sub_FF83B290 \n"
925 " LDR R2, =0xFF8657E0 \n"
926 " ADD R1, R2, #0 \n"
927 " ORR R3, R4, #0x200 \n"
928 " MOV R0, #0x28 \n"
929 " BL sub_FF83B1AC \n"
930 " TST R0, #1 \n"
931 " CMPNE R0, #0x15 \n"
932 " STR R0, [R10,R4,LSL#2] \n"
933 " BEQ loc_FF8658F0 \n"
934 " MOV R1, #0x274 \n"
935 " B loc_FF865B3C \n"
936
937 "loc_FF865998: \n"
938 " RSB R5, R4, R4,LSL#3 \n"
939 " LDR R0, [R6,R5,LSL#2] \n"
940 " LDR R1, =0xC0240104 \n"
941 " LDR R0, [R1,R0,LSL#8] \n"
942 " MOV R2, R0,ASR#16 \n"
943 " ADD R0, SP, #0x1c \n"
944 " ADD R0, R0, R4,LSL#1 \n"
945 " STR R0, [SP,#0x20] \n"
946 " STRH R2, [R0] \n"
947 " ADD R0, SP, #0x18 \n"
948 " ADD R11, R0, R4,LSL#1 \n"
949 " LDRSH R3, [R11] \n"
950 " SUB R0, R2, R3 \n"
951 " CMP R0, #0 \n"
952 " BNE loc_FF865A18 \n"
953 " LDR R0, [R9,R4,LSL#2] \n"
954 " CMP R0, #0 \n"
955 " BEQ loc_FF865AF8 \n"
956 " LDR R7, =0x260C \n"
957 " LDR R0, [R7,R4,LSL#2] \n"
958 " BL sub_FF83B290 \n"
959 " LDR R2, =0xFF8657EC \n"
960 " ADD R1, R2, #0 \n"
961 " ORR R3, R4, #0x300 \n"
962 " MOV R0, #0x1F4 \n"
963 " BL sub_FF83B1AC \n"
964 " TST R0, #1 \n"
965 " CMPNE R0, #0x15 \n"
966 " STR R0, [R7,R4,LSL#2] \n"
967 " BEQ loc_FF865AF8 \n"
968 " LDR R1, =0x28D \n"
969 " B loc_FF865AF0 \n"
970
971 "loc_FF865A18: \n"
972 " MOV R1, R0 \n"
973 " RSBLT R0, R0, #0 \n"
974 " MOVLE R7, #0 \n"
975 " MOVGT R7, #1 \n"
976 " CMP R0, #0xFF \n"
977 " BLS loc_FF865A58 \n"
978 " CMP R1, #0 \n"
979 " RSBLE R0, R3, #0xFF \n"
980 " ADDLE R0, R0, #0x7F00 \n"
981 " ADDLE R0, R0, R2 \n"
982 " RSBGT R0, R2, #0xFF \n"
983 " ADDGT R0, R0, #0x7F00 \n"
984 " ADDGT R0, R0, R3 \n"
985 " ADD R0, R0, #0x8000 \n"
986 " ADD R0, R0, #1 \n"
987 " EOR R7, R7, #1 \n"
988
989 "loc_FF865A58: \n"
990 " STR R0, [SP,#0x04] \n"
991 " LDR R0, [R9,R4,LSL#2] \n"
992 " CMP R0, #0 \n"
993 " ADDEQ R0, R6, R5,LSL#2 \n"
994 " LDREQ R0, [R0,#8] \n"
995 " BEQ loc_FF865A90 \n"
996 " ADD R8, R6, R5,LSL#2 \n"
997 " ADD R1, R8, R7,LSL#2 \n"
998 " LDR R1, [R1,#0x10] \n"
999 " CMP R1, R0 \n"
1000 " BEQ loc_FF865A94 \n"
1001 " LDR R0, [R8,#0xC] \n"
1002 " BL sub_FF89CCA4 \n"
1003 " LDR R0, [R8,#8] \n"
1004
1005 "loc_FF865A90: \n"
1006 " BL sub_FF89CCA4 \n"
1007
1008 "loc_FF865A94: \n"
1009 " ADD R0, R6, R5,LSL#2 \n"
1010 " ADD R7, R0, R7,LSL#2 \n"
1011 " LDR R0, [R7,#0x10] \n"
1012 " LDR R1, [SP,#0x04] \n"
1013 " BL sub_FF89CBCC \n"
1014 " LDR R0, [R7,#0x10] \n"
1015 " LDR R7, =0x260C \n"
1016 " STR R0, [R9,R4,LSL#2] \n"
1017 " LDR R0, [SP,#0x20] \n"
1018 " LDRH R0, [R0] \n"
1019 " STRH R0, [R11] \n"
1020 " LDR R0, [R7,R4,LSL#2] \n"
1021 " BL sub_FF83B290 \n"
1022 " LDR R2, =0xFF8657EC \n"
1023 " ADD R1, R2, #0 \n"
1024 " ORR R3, R4, #0x300 \n"
1025 " MOV R0, #0x1F4 \n"
1026 " BL sub_FF83B1AC \n"
1027 " TST R0, #1 \n"
1028 " CMPNE R0, #0x15 \n"
1029 " STR R0, [R7,R4,LSL#2] \n"
1030 " BEQ loc_FF865AF8 \n"
1031 " LDR R1, =0x2CF \n"
1032
1033 "loc_FF865AF0: \n"
1034 " LDR R0, =0xFF865B50 \n" // "RotaryEncoder.c"
1035 " BL sub_FF81EB78 \n" // DebugAssert
1036
1037 "loc_FF865AF8: \n"
1038 " ADD R0, R6, R5,LSL#2 \n"
1039 " LDR R0, [R0,#0x18] \n"
1040 " CMP R0, #1 \n"
1041 " BNE loc_FF865B88 \n"
1042 " LDR R0, =0x25FC \n"
1043 " LDR R0, [R0,#0xC] \n"
1044 " CMP R0, #0 \n"
1045 " BEQ loc_FF865B88 \n"
1046 " LDR R2, =0xFF8657E0 \n"
1047 " ADD R1, R2, #0 \n"
1048 " ORR R3, R4, #0x400 \n"
1049 " BL sub_FF83B1AC \n"
1050 " TST R0, #1 \n"
1051 " CMPNE R0, #0x15 \n"
1052 " STR R0, [R10,R4,LSL#2] \n"
1053 " BEQ loc_FF8658F0 \n"
1054 " LDR R1, =0x2D6 \n"
1055
1056 "loc_FF865B3C: \n"
1057 " LDR R0, =0xFF865B50 \n" // "RotaryEncoder.c"
1058 " BL sub_FF81EB78 \n" // DebugAssert
1059 " B loc_FF8658F0 \n"
1060
1061 "NOP \n"
1062
1063 "loc_FF865B88: \n"
1064 " LDR R0, [R6,R5,LSL#2] \n"
1065 " B loc_FF865958 \n"
1066
1067 "loc_FF865B90: \n"
1068 " LDR R0, [R9,R4,LSL#2] \n"
1069 " CMP R0, #0 \n"
1070 " MOVEQ R1, #0x2E0 \n"
1071 " LDREQ R0, =0xFF865B50 \n" // "RotaryEncoder.c"
1072 " BLEQ sub_FF81EB78 \n" // DebugAssert
1073 " RSB R0, R4, R4,LSL#3 \n"
1074 " ADD R0, R6, R0,LSL#2 \n"
1075 " LDR R0, [R0,#0xC] \n"
1076 " BL sub_FF89CCA4 \n"
1077 " MOV R2, #0 \n"
1078 " STR R2, [R9,R4,LSL#2] \n"
1079 " B loc_FF8658F0 \n"
1080 );
1081 };