This source file includes following definitions.
- CreateTask_spytask
- boot
- CreateTask_my
- sub_FF8203C4_my
- sub_FF822914_my
- sub_FF824734_my
- sub_FF827DB8_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
- kbd_p1_f_cont_my
- sub_FF82BA18_my
- init_required_fw_features
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7 #include "dryos31.h"
8
9 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
10
11 const char * const new_sa = &_end;
12
13
14
15
16 void CreateTask_spytask()
17 {
18 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
19 }
20
21
22
23
24
25
26
27
28
29 void __attribute__((naked,noinline)) boot() {
30 asm volatile (
31 " LDR R1, =0xC0410000 \n"
32 " MOV R0, #0 \n"
33 " STR R0, [R1] \n"
34 " MOV R1, #0x78 \n"
35 " MCR p15, 0, R1, c1, c0 \n"
36 " MOV R1, #0 \n"
37 " MCR p15, 0, R1, c7, c10, 4 \n"
38 " MCR p15, 0, R1, c7, c5 \n"
39 " MCR p15, 0, R1, c7, c6 \n"
40 " MOV R0, #0x3D \n"
41 " MCR p15, 0, R0, c6, c0 \n"
42 " MOV R0, #0xC000002F \n"
43 " MCR p15, 0, R0, c6, c1 \n"
44 " MOV R0, #0x35 \n"
45 " MCR p15, 0, R0, c6, c2 \n"
46 " MOV R0, #0x40000035 \n"
47 " MCR p15, 0, R0, c6, c3 \n"
48 " MOV R0, #0x80000017 \n"
49 " MCR p15, 0, R0, c6, c4 \n"
50 " LDR R0, =0xFF80002D \n"
51 " MCR p15, 0, R0, c6, c5 \n"
52 " MOV R0, #0x34 \n"
53 " MCR p15, 0, R0, c2, c0 \n"
54 " MOV R0, #0x34 \n"
55 " MCR p15, 0, R0, c2, c0, 1 \n"
56 " MOV R0, #0x34 \n"
57 " MCR p15, 0, R0, c3, c0 \n"
58 " LDR R0, =0x3333330 \n"
59 " MCR p15, 0, R0, c5, c0, 2 \n"
60 " LDR R0, =0x3333330 \n"
61 " MCR p15, 0, R0, c5, c0, 3 \n"
62 " MRC p15, 0, R0, c1, c0 \n"
63 " ORR R0, R0, #0x1000 \n"
64 " ORR R0, R0, #4 \n"
65 " ORR R0, R0, #1 \n"
66 " MCR p15, 0, R0, c1, c0 \n"
67 " MOV R1, #0x80000006 \n"
68 " MCR p15, 0, R1, c9, c1 \n"
69 " MOV R1, #6 \n"
70 " MCR p15, 0, R1, c9, c1, 1 \n"
71 " MRC p15, 0, R1, c1, c0 \n"
72 " ORR R1, R1, #0x50000 \n"
73 " MCR p15, 0, R1, c1, c0 \n"
74 " LDR R2, =0xC0200000 \n"
75 " MOV R1, #1 \n"
76 " STR R1, [R2, #0x10C] \n"
77 " MVN R1, #0 \n"
78 " STR R1, [R2, #0xC] \n"
79 " STR R1, [R2, #0x1C] \n"
80 " STR R1, [R2, #0x2C] \n"
81 " STR R1, [R2, #0x3C] \n"
82 " STR R1, [R2, #0x4C] \n"
83 " STR R1, [R2, #0x5C] \n"
84 " STR R1, [R2, #0x6C] \n"
85 " STR R1, [R2, #0x7C] \n"
86 " STR R1, [R2, #0x8C] \n"
87 " STR R1, [R2, #0x9C] \n"
88 " STR R1, [R2, #0xAC] \n"
89 " STR R1, [R2, #0xBC] \n"
90 " STR R1, [R2, #0xCC] \n"
91 " STR R1, [R2, #0xDC] \n"
92 " STR R1, [R2, #0xEC] \n"
93 " STR R1, [R2, #0xFC] \n"
94 " LDR R1, =0xC0400008 \n"
95 " LDR R2, =0x430005 \n"
96 " STR R2, [R1] \n"
97 " MOV R1, #1 \n"
98 " LDR R2, =0xC0243100 \n"
99 " STR R2, [R1] \n"
100 " LDR R2, =0xC0242010 \n"
101 " LDR R1, [R2] \n"
102 " ORR R1, R1, #1 \n"
103 " STR R1, [R2] \n"
104 " LDR R0, =0xFFD2B31C \n"
105 " LDR R1, =0x6B1000 \n"
106 " LDR R3, =0x6C1736 \n"
107
108 "loc_FF82013C:\n"
109 " CMP R1, R3 \n"
110 " LDRCC R2, [R0], #4 \n"
111 " STRCC R2, [R1], #4 \n"
112 " BCC loc_FF82013C \n"
113 " LDR R0, =0xFFD1D850 \n"
114 " LDR R1, =0x1900 \n"
115 " LDR R3, =0xF3CC \n"
116
117 "loc_FF820158:\n"
118 " CMP R1, R3 \n"
119 " LDRCC R2, [R0], #4 \n"
120 " STRCC R2, [R1], #4 \n"
121 " BCC loc_FF820158 \n"
122 " LDR R1, =0x1899D8 \n"
123 " MOV R2, #0 \n"
124
125 "loc_FF820170:\n"
126 " CMP R3, R1 \n"
127 " STRCC R2, [R3], #4 \n"
128 " BCC loc_FF820170 \n"
129
130
131
132
133 " LDR R0, =patch_CreateTask\n"
134 " LDM R0, {R1,R2}\n"
135 " LDR R0, =hook_CreateTask\n"
136 " STM R0, {R1,R2}\n"
137
138 " B sub_FF8203C4_my \n"
139
140 "patch_CreateTask:\n"
141 " LDR PC, [PC,#-0x4]\n"
142 " .long CreateTask_my\n"
143 );
144 }
145
146
147
148 void __attribute__((naked,noinline)) CreateTask_my() {
149 asm volatile (
150 " STMFD SP!, {R0}\n"
151
152
153
154 " LDR R0, =task_CaptSeq\n"
155 " CMP R0, R3\n"
156 " LDREQ R3, =capt_seq_task\n"
157 " BEQ exitHook\n"
158
159
160
161
162
163
164
165
166
167 " LDR R0, =task_FileWrite\n"
168 " CMP R0, R3\n"
169 " LDREQ R3, =filewritetask\n"
170 " BEQ exitHook\n"
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187 " LDR R0, =task_InitFileModules\n"
188 " CMP R0, R3\n"
189 " LDREQ R3, =init_file_modules_task\n"
190
191 "exitHook:\n"
192
193 " LDMFD SP!, {R0}\n"
194
195 " STMFD SP!, {R1-R5,LR} \n"
196 " MOV R4, R2 \n"
197 " LDR PC, =0x006B571C \n"
198 );
199 }
200
201
202
203 void __attribute__((naked,noinline)) sub_FF8203C4_my() {
204
205
206
207
208
209
210 *(int*)(0x2BD4 + 4) = (*(int*)0xC022F484)&0x20000 ? 0x400000 : 0x200000;
211
212 asm volatile (
213 " LDR R0, =0xFF82043C \n"
214 " MOV R1, #0 \n"
215 " LDR R3, =0xFF820474 \n"
216
217 "loc_FF8203D0:\n"
218 " CMP R0, R3 \n"
219 " LDRCC R2, [R0], #4 \n"
220 " STRCC R2, [R1], #4 \n"
221 " BCC loc_FF8203D0 \n"
222 " LDR R0, =0xFF820474 \n"
223 " MOV R1, #0x1E0 \n"
224 " LDR R3, =0xFF82064C \n"
225
226 "loc_FF8203EC:\n"
227 " CMP R0, R3 \n"
228 " LDRCC R2, [R0], #4 \n"
229 " STRCC R2, [R1], #4 \n"
230 " BCC loc_FF8203EC \n"
231 " MOV R0, #0xD2 \n"
232 " MSR CPSR_cxsf, R0 \n"
233 " MOV SP, #0x1000 \n"
234 " MOV R0, #0xD3 \n"
235 " MSR CPSR_cxsf, R0 \n"
236 " MOV SP, #0x1000 \n"
237 " LDR R0, =0x3B8 \n"
238 " LDR R2, =0xEEEEEEEE \n"
239 " MOV R3, #0x1000 \n"
240
241 "loc_FF820420:\n"
242 " CMP R0, R3 \n"
243 " STRCC R2, [R0], #4 \n"
244 " BCC loc_FF820420 \n"
245 " B sub_FF822914_my \n"
246 );
247 }
248
249
250
251 void __attribute__((naked,noinline)) sub_FF822914_my() {
252 asm volatile (
253 " LDR R0, =0x1A64 \n"
254 " STR LR, [SP, #-4]! \n"
255 " SUB SP, SP, #0x7C \n"
256 " MOV R1, #0x80000 \n"
257 " STR R1, [R0] \n"
258 " LDR R0, =0x40BEE980 \n"
259 " LDR R1, =0x1A68 \n"
260 " STR R0, [R1] \n"
261 " LDR R1, =0x1A6C \n"
262 " ADD R0, R0, #0x2000 \n"
263 " STR R0, [R1] \n"
264 " MOV R1, #0x78 \n"
265 " ADD R0, SP, #4 \n"
266 " BL sub_006BD2AC \n"
267 " MOV R0, #0x84000 \n"
268 " STR R0, [SP, #8] \n"
269
270 #if defined(CHDK_NOT_IN_CANON_HEAP)
271 " LDR R0, =0x1899D8 \n"
272 #else
273 " LDR R0, =new_sa\n"
274 " LDR R0, [R0]\n"
275 #endif
276
277 " LDR R2, =0x580DD8 \n"
278 " STR R0, [SP, #0xC] \n"
279 " SUB R0, R2, R0 \n"
280 " STR R0, [SP, #0x10] \n"
281 " MOV R0, #0x22 \n"
282 " STR R0, [SP, #0x1C] \n"
283 " MOV R0, #0x7C \n"
284 " STR R0, [SP, #0x20] \n"
285 " LDR R0, =0x205 \n"
286 " LDR R1, =0x58A000 \n"
287 " STR R2, [SP, #0x14] \n"
288 " STR R0, [SP, #0x24] \n"
289 " MOV R0, #0x96 \n"
290 " STR R1, [SP, #4] \n"
291 " STR R1, [SP, #0x18] \n"
292 " STR R0, [SP, #0x28] \n"
293 " MOV R0, #0xB4 \n"
294 " STR R0, [SP, #0x2C] \n"
295 " MOV R0, #0x64 \n"
296 " STR R0, [SP, #0x30] \n"
297 " MOV R0, #0 \n"
298 " STR R0, [SP, #0x34] \n"
299 " STR R0, [SP, #0x38] \n"
300 " STR R0, [SP, #0x3C] \n"
301 " MOV R0, #0x10 \n"
302 " STR R0, [SP, #0x60] \n"
303 " MOV R0, #0x1000 \n"
304 " STR R0, [SP, #0x64] \n"
305 " MOV R0, #0x100 \n"
306 " STR R0, [SP, #0x68] \n"
307 " MOV R0, #0x2000 \n"
308 " STR R0, [SP, #0x6C] \n"
309 " LDR R1, =sub_FF824734_my \n"
310 " MOV R2, #0 \n"
311 " ADD R0, SP, #4 \n"
312 " BL sub_006B1BC4 \n"
313 " ADD SP, SP, #0x7C \n"
314 " LDR PC, [SP], #4 \n"
315 );
316 }
317
318
319
320 void __attribute__((naked,noinline)) sub_FF824734_my() {
321 asm volatile (
322 " STMFD SP!, {R4,LR} \n"
323 " LDR R4, =0xFF8247F0 /*'/_term'*/ \n"
324 " BL sub_FF820848 \n"
325 " LDR R1, =0x1A64 \n"
326 " LDR R0, =0x19F8 \n"
327 " LDR R1, [R1] \n"
328 " LDR R0, [R0] \n"
329 " ADD R1, R1, #0x10 \n"
330 " CMP R0, R1 \n"
331 " LDRCC R0, =0xFF824800 /*'USER_MEM size checking'*/ \n"
332 " BLCC _err_init_task \n"
333 " BL sub_FF823520 \n"
334 " CMP R0, #0 \n"
335 " LDRLT R0, =0xFF824818 /*'dmSetup'*/ \n"
336 " BLLT _err_init_task \n"
337 " BL sub_FF822528 \n"
338 " CMP R0, #0 \n"
339 " LDRLT R0, =0xFF824820 /*'termDriverInit'*/ \n"
340 " BLLT _err_init_task \n"
341 " MOV R0, R4 \n"
342 " BL sub_FF822608 \n"
343 " CMP R0, #0 \n"
344 " LDRLT R0, =0xFF824830 /*'termDeviceCreate'*/ \n"
345 " BLLT _err_init_task \n"
346 " MOV R0, R4 \n"
347 " BL sub_FF822140 \n"
348 " CMP R0, #0 \n"
349 " LDRLT R0, =0xFF824844 /*'stdioSetup'*/ \n"
350 " BLLT _err_init_task \n"
351 " BL sub_FF824DA0 \n"
352 " CMP R0, #0 \n"
353 " LDRLT R0, =0xFF824850 /*'stdlibSetup'*/ \n"
354 " BLLT _err_init_task \n"
355 " BL sub_FF820F4C \n"
356 " CMP R0, #0 \n"
357 " LDRLT R0, =0xFF82485C /*'extlib_setup'*/ \n"
358 " BLLT _err_init_task \n"
359 " LDMFD SP!, {R4,LR} \n"
360 " B sub_FF827DB8_my \n"
361 );
362 }
363
364
365
366 void __attribute__((naked,noinline)) sub_FF827DB8_my() {
367 asm volatile (
368 " STMFD SP!, {R3,LR} \n"
369
370 " BL sub_FF82CD0C /*_IsNormalCameraMode_FW*/ \n"
371
372
373
374
375
376 "loc_FF827DD4:\n"
377
378
379 "loc_FF827DD8:\n"
380 " BL sub_006B8C18 \n"
381 " LDR R1, =0x60E000 \n"
382 " MOV R0, #0 \n"
383 " BL sub_FF83720C \n"
384 " MOV R3, #0 \n"
385 " STR R3, [SP] \n"
386 " LDR R3, =task_Startup_my \n"
387 " MOV R2, #0 \n"
388 " MOV R1, #0x19 \n"
389 " LDR R0, =0xFF827E14 /*'Startup'*/ \n"
390 " BL _CreateTask \n"
391 " MOV R0, #0 \n"
392 " LDMFD SP!, {R3,PC} \n"
393 );
394 }
395
396
397
398 void __attribute__((naked,noinline)) task_Startup_my() {
399 asm volatile (
400 " STMFD SP!, {R4,LR} \n"
401 " BL sub_FF822CC4 \n"
402 " BL sub_FF82C288 \n"
403 " BL sub_FF82B538 \n"
404
405 " BL sub_FF836FC8 \n"
406
407 " BL sub_FF83711C \n"
408 " BL sub_FF8372E0 \n"
409
410 " BL sub_FF836FFC \n"
411 " BL sub_FF832F50 \n"
412 " BL sub_FF8372E8 \n"
413 " BL CreateTask_spytask\n"
414 " BL taskcreatePhySw_my \n"
415 " BL init_required_fw_features\n"
416 " BL sub_FF830F8C \n"
417 " BL sub_FF8B07C8 \n"
418 " BL sub_FF829188 \n"
419 " BL sub_FF82B0B4 \n"
420 " BL sub_FF836B50 \n"
421 " BL sub_FF82B4EC \n"
422 " BL sub_FF82B048 \n"
423
424 " BL sub_FF829F0C \n"
425 " BL sub_FF82B004 \n"
426 " LDMFD SP!, {R4,LR} \n"
427 " B sub_FF822E14 \n"
428 );
429 }
430
431
432
433 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
434 asm volatile (
435 " STMFD SP!, {R3-R5,LR} \n"
436 " BL sub_FF835DB8 \n"
437 " BL sub_FF82CC44 /*_IsFactoryMode_FW*/ \n"
438 " CMP R0, #0 \n"
439 " BLEQ sub_FF835D20 /*_OpLog.Start_FW*/ \n"
440 " LDR R4, =0x1C18 \n"
441 " LDR R0, [R4, #4] \n"
442 " CMP R0, #0 \n"
443 " BNE loc_FF82BD00 \n"
444 " MOV R3, #0 \n"
445 " STR R3, [SP] \n"
446 " LDR R3, =mykbd_task \n"
447 " MOV R2, #0x2000 \n"
448 " MOV R1, #0x17 \n"
449 " LDR R0, =0xFF82BF64 /*'PhySw'*/ \n"
450 " BL sub_006B7C84 /*_CreateTaskStrictly*/ \n"
451 " STR R0, [R4, #4] \n"
452
453 "loc_FF82BD00:\n"
454 " LDMFD SP!, {R3-R5,PC} \n"
455 );
456 }
457
458
459
460 void __attribute__((naked,noinline)) init_file_modules_task() {
461 asm volatile (
462 " STMFD SP!, {R4-R6,LR} \n"
463 " MOV R0, #6 \n"
464
465 " BL sub_FF89FCF4 \n"
466 " LDR R5, =0x5006 \n"
467 " MOVS R4, R0 \n"
468 " MOVNE R1, #0 \n"
469 " MOVNE R0, R5 \n"
470 " BLNE _PostLogicalEventToUI \n"
471 " BL sub_FF89FD24 \n"
472 " BL core_spytask_can_start\n"
473 " CMP R4, #0 \n"
474 " LDMNEFD SP!, {R4-R6,PC} \n"
475 " MOV R0, R5 \n"
476 " LDMFD SP!, {R4-R6,LR} \n"
477 " MOV R1, #1 \n"
478 " B _PostLogicalEventToUI \n"
479 );
480 }
481
482
483
484 void __attribute__((naked,noinline)) kbd_p1_f_cont_my() {
485 asm volatile (
486 " LDR R2, =0x10198 \n"
487 " MOV R0, #2 \n"
488 " ADD R3, R2, #0x24 \n"
489 " MOV R4, SP \n"
490
491 "loc_FF82C1C0:\n"
492 " ADD R1, R3, R0, LSL#2 \n"
493 " LDR R12, [R2, R0, LSL#2] \n"
494 " LDR R6, [R1, #0xC] \n"
495 " LDR R1, [R1, #0x18] \n"
496 " AND R12, R12, R6 \n"
497 " EOR R1, R1, R12 \n"
498 " STR R1, [R4, R0, LSL#2] \n"
499 " SUBS R0, R0, #1 \n"
500 " BPL loc_FF82C1C0 \n"
501 " bl xtra_kbd_cb \n"
502 " mov r3, r0 \n"
503 " LDR R2, =0x101B0 \n"
504 " MOV R0, SP \n"
505 " SUB R1, R2, #0xC \n"
506 " BL sub_FF82BA18_my \n"
507 " LDR PC, =0xFF82C1F4 \n"
508 );
509 }
510
511
512
513 void __attribute__((naked,noinline)) sub_FF82BA18_my() {
514 asm volatile (
515 " STMFD SP!, {R0-R12,LR} \n"
516 " MOV R5, R0 \n"
517
518 " mov r0, r3 \n"
519 " LDR PC, =0xFF82BA24 \n"
520 );
521 }
522
523
524
525
526
527
528 void init_required_fw_features(void) {
529 extern void _init_focus_eventflag();
530 extern void _init_nd_eventflag();
531 extern void _init_nd_semaphore();
532
533
534 _init_focus_eventflag();
535 _init_nd_eventflag();
536 _init_nd_semaphore();