root/platform/ixus95_sd1200/sub/100c/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. taskHook
  2. CreateTask_spytask
  3. boot
  4. sub_FFC001A0_my
  5. sub_FFC00FC4_my
  6. sub_FFC04D38_my
  7. taskcreate_Startup_my
  8. task_Startup_my
  9. taskcreatePhySw_my
  10. init_file_modules_task
  11. sub_FFC5ABB4_my
  12. sub_FFC3F454_my
  13. sub_FFC3F1F4_my
  14. sub_FFC3EF84_my
   1 /*
   2  * boot.c - auto-generated by CHDK code_gen.
   3  */
   4 #include "lolevel.h"
   5 #include "platform.h"
   6 #include "core.h"
   7 #include "dryos31.h"
   8 
   9 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
  10 
  11 const char * const new_sa = &_end;
  12 
  13 extern void task_CaptSeq();
  14 extern void task_InitFileModules();
  15 extern void task_MovieRecord();
  16 extern void task_ExpDrv();
  17 extern void task_FileWrite();
  18 
  19 void taskHook(context_t **context)
  20 {
  21     task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
  22 
  23     // Replace firmware task addresses with ours
  24     if(tcb->entry == (void*)task_CaptSeq)           tcb->entry = (void*)capt_seq_task;
  25     if(tcb->entry == (void*)task_InitFileModules)   tcb->entry = (void*)init_file_modules_task;
  26     if(tcb->entry == (void*)task_MovieRecord)       tcb->entry = (void*)movie_record_task;
  27     if(tcb->entry == (void*)task_ExpDrv)            tcb->entry = (void*)exp_drv_task;
  28     if(tcb->entry == (void*)task_FileWrite)         tcb->entry = (void*)filewritetask;    
  29 }
  30 
  31 /*----------------------------------------------------------------------
  32     CreateTask_spytask
  33 -----------------------------------------------------------------------*/
  34 void CreateTask_spytask() {
  35     _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
  36 };
  37 
  38 /*----------------------------------------------------------------------
  39     boot()
  40 
  41     Main entry point for the CHDK code
  42 -----------------------------------------------------------------------*/
  43 
  44 /*************************************************************/
  45 //** boot @ 0xFFC0000C - 0xFFC00160, length=86
  46 void __attribute__((naked,noinline)) boot() {
  47 asm volatile (
  48 "    LDR     R1, =0xC0410000 \n"
  49 "    MOV     R0, #0 \n"
  50 "    STR     R0, [R1] \n"
  51 "    MOV     R1, #0x78 \n"
  52 "    MCR     p15, 0, R1, c1, c0 \n"
  53 "    MOV     R1, #0 \n"
  54 "    MCR     p15, 0, R1, c7, c10, 4 \n"
  55 "    MCR     p15, 0, R1, c7, c5 \n"
  56 "    MCR     p15, 0, R1, c7, c6 \n"
  57 "    MOV     R0, #0x3D \n"
  58 "    MCR     p15, 0, R0, c6, c0 \n"
  59 "    MOV     R0, #0xC000002F \n"
  60 "    MCR     p15, 0, R0, c6, c1 \n"
  61 "    MOV     R0, #0x33 \n"
  62 "    MCR     p15, 0, R0, c6, c2 \n"
  63 "    MOV     R0, #0x40000033 \n"
  64 "    MCR     p15, 0, R0, c6, c3 \n"
  65 "    MOV     R0, #0x80000017 \n"
  66 "    MCR     p15, 0, R0, c6, c4 \n"
  67 "    LDR     R0, =0xFFC0002B \n"
  68 "    MCR     p15, 0, R0, c6, c5 \n"
  69 "    MOV     R0, #0x34 \n"
  70 "    MCR     p15, 0, R0, c2, c0 \n"
  71 "    MOV     R0, #0x34 \n"
  72 "    MCR     p15, 0, R0, c2, c0, 1 \n"
  73 "    MOV     R0, #0x34 \n"
  74 "    MCR     p15, 0, R0, c3, c0 \n"
  75 "    LDR     R0, =0x3333330 \n"
  76 "    MCR     p15, 0, R0, c5, c0, 2 \n"
  77 "    LDR     R0, =0x3333330 \n"
  78 "    MCR     p15, 0, R0, c5, c0, 3 \n"
  79 "    MRC     p15, 0, R0, c1, c0 \n"
  80 "    ORR     R0, R0, #0x1000 \n"
  81 "    ORR     R0, R0, #4 \n"
  82 "    ORR     R0, R0, #1 \n"
  83 "    MCR     p15, 0, R0, c1, c0 \n"
  84 "    MOV     R1, #0x80000006 \n"
  85 "    MCR     p15, 0, R1, c9, c1 \n"
  86 "    MOV     R1, #6 \n"
  87 "    MCR     p15, 0, R1, c9, c1, 1 \n"
  88 "    MRC     p15, 0, R1, c1, c0 \n"
  89 "    ORR     R1, R1, #0x50000 \n"
  90 "    MCR     p15, 0, R1, c1, c0 \n"
  91 "    LDR     R2, =0xC0200000 \n"
  92 "    MOV     R1, #1 \n"
  93 "    STR     R1, [R2, #0x10C] \n"
  94 "    MOV     R1, #0xFF \n"
  95 "    STR     R1, [R2, #0xC] \n"
  96 "    STR     R1, [R2, #0x1C] \n"
  97 "    STR     R1, [R2, #0x2C] \n"
  98 "    STR     R1, [R2, #0x3C] \n"
  99 "    STR     R1, [R2, #0x4C] \n"
 100 "    STR     R1, [R2, #0x5C] \n"
 101 "    STR     R1, [R2, #0x6C] \n"
 102 "    STR     R1, [R2, #0x7C] \n"
 103 "    STR     R1, [R2, #0x8C] \n"
 104 "    STR     R1, [R2, #0x9C] \n"
 105 "    STR     R1, [R2, #0xAC] \n"
 106 "    STR     R1, [R2, #0xBC] \n"
 107 "    STR     R1, [R2, #0xCC] \n"
 108 "    STR     R1, [R2, #0xDC] \n"
 109 "    STR     R1, [R2, #0xEC] \n"
 110 "    STR     R1, [R2, #0xFC] \n"
 111 "    LDR     R1, =0xC0400008 \n"
 112 "    LDR     R2, =0x430005 \n"
 113 "    STR     R2, [R1] \n"
 114 "    MOV     R1, #1 \n"
 115 "    LDR     R2, =0xC0243100 \n"
 116 "    STR     R2, [R1] \n"
 117 "    LDR     R2, =0xC0242010 \n"
 118 "    LDR     R1, [R2] \n"
 119 "    ORR     R1, R1, #1 \n"
 120 "    STR     R1, [R2] \n"
 121 "    LDR     R0, =0xFFECD3E4 \n"
 122 "    LDR     R1, =0x1900 \n"
 123 "    LDR     R3, =0xAEB8 \n"
 124 
 125 "loc_FFC0013C:\n"
 126 "    CMP     R1, R3 \n"
 127 "    LDRCC   R2, [R0], #4 \n"
 128 "    STRCC   R2, [R1], #4 \n"
 129 "    BCC     loc_FFC0013C \n"
 130 "    LDR     R1, =0x12AD3C \n"
 131 "    MOV     R2, #0 \n"
 132 
 133 "loc_FFC00154:\n"
 134 "    CMP     R3, R1 \n"
 135 "    STRCC   R2, [R3], #4 \n"
 136 "    BCC     loc_FFC00154 \n"
 137 "    B       sub_FFC001A0_my \n"  // --> Patched. Old value = 0xFFC001A0.
 138 );
 139 }
 140 
 141 /*************************************************************/
 142 //** sub_FFC001A0_my @ 0xFFC001A0 - 0xFFC00208, length=27
 143 void __attribute__((naked,noinline)) sub_FFC001A0_my() {
 144 
 145     //http://chdk.setepontos.com/index.php/topic,4194.0.html
 146     *(int*)0x1934=(int)taskHook;
 147     *(int*)0x1938=(int)taskHook;
 148 
 149     // replacement of sub_FFC11B20 (sub_FFC307C4) for correct power-on.
 150     //(short press = playback mode, long press = record mode)
 151     *(int*)(0x222C+0x4)= (*(int*)0xC02200F8) &1 ? 0x200000 : 0x100000;
 152 
 153 asm volatile (
 154 "    LDR     R0, =0xFFC00218 \n"
 155 "    MOV     R1, #0 \n"
 156 "    LDR     R3, =0xFFC00250 \n"
 157 
 158 "loc_FFC001AC:\n"
 159 "    CMP     R0, R3 \n"
 160 "    LDRCC   R2, [R0], #4 \n"
 161 "    STRCC   R2, [R1], #4 \n"
 162 "    BCC     loc_FFC001AC \n"
 163 "    LDR     R0, =0xFFC00250 \n"
 164 "    MOV     R1, #0x4B0 \n"
 165 "    LDR     R3, =0xFFC00464 \n"
 166 
 167 "loc_FFC001C8:\n"
 168 "    CMP     R0, R3 \n"
 169 "    LDRCC   R2, [R0], #4 \n"
 170 "    STRCC   R2, [R1], #4 \n"
 171 "    BCC     loc_FFC001C8 \n"
 172 "    MOV     R0, #0xD2 \n"
 173 "    MSR     CPSR_cxsf, R0 \n"
 174 "    MOV     SP, #0x1000 \n"
 175 "    MOV     R0, #0xD3 \n"
 176 "    MSR     CPSR_cxsf, R0 \n"
 177 "    MOV     SP, #0x1000 \n"
 178 "    LDR     R0, =0x6C4 \n"
 179 "    LDR     R2, =0xEEEEEEEE \n"
 180 "    MOV     R3, #0x1000 \n"
 181 
 182 "loc_FFC001FC:\n"
 183 "    CMP     R0, R3 \n"
 184 "    STRCC   R2, [R0], #4 \n"
 185 "    BCC     loc_FFC001FC \n"
 186 "    BL      sub_FFC00FC4_my \n"  // --> Patched. Old value = 0xFFC00FC4.
 187 );
 188 }
 189 
 190 /*************************************************************/
 191 //** sub_FFC00FC4_my @ 0xFFC00FC4 - 0xFFC01070, length=44
 192 void __attribute__((naked,noinline)) sub_FFC00FC4_my() {
 193 asm volatile (
 194 "    STR     LR, [SP, #-4]! \n"
 195 "    SUB     SP, SP, #0x74 \n"
 196 "    MOV     R0, SP \n"
 197 "    MOV     R1, #0x74 \n"
 198 "    BL      sub_FFE6083C \n"
 199 "    MOV     R0, #0x53000 \n"
 200 "    STR     R0, [SP, #4] \n"
 201 
 202 #if defined(CHDK_NOT_IN_CANON_HEAP) // use original heap offset if CHDK is loaded in high memory
 203 "    LDR     R0, =0x12AD3C \n"
 204 #else
 205 "    LDR     R0, =new_sa\n"   // otherwise use patched value
 206 "    LDR     R0, [R0]\n"      //
 207 #endif
 208 
 209 "    LDR     R2, =0x2F9C00 \n"
 210 "    LDR     R1, =0x2F24A8 \n"
 211 "    STR     R0, [SP, #8] \n"
 212 "    SUB     R0, R1, R0 \n"
 213 "    ADD     R3, SP, #0xC \n"
 214 "    STR     R2, [SP] \n"
 215 "    STMIA   R3, {R0-R2} \n"
 216 "    MOV     R0, #0x22 \n"
 217 "    STR     R0, [SP, #0x18] \n"
 218 "    MOV     R0, #0x68 \n"
 219 "    STR     R0, [SP, #0x1C] \n"
 220 "    LDR     R0, =0x19B \n"
 221 "    LDR     R1, =sub_FFC04D38_my \n"  // --> Patched. Old value = 0xFFC04D38.
 222 "    STR     R0, [SP, #0x20] \n"
 223 "    MOV     R0, #0x96 \n"
 224 "    STR     R0, [SP, #0x24] \n"
 225 "    MOV     R0, #0x78 \n"
 226 "    STR     R0, [SP, #0x28] \n"
 227 "    MOV     R0, #0x64 \n"
 228 "    STR     R0, [SP, #0x2C] \n"
 229 "    MOV     R0, #0 \n"
 230 "    STR     R0, [SP, #0x30] \n"
 231 "    STR     R0, [SP, #0x34] \n"
 232 "    MOV     R0, #0x10 \n"
 233 "    STR     R0, [SP, #0x5C] \n"
 234 "    MOV     R0, #0x800 \n"
 235 "    STR     R0, [SP, #0x60] \n"
 236 "    MOV     R0, #0xA0 \n"
 237 "    STR     R0, [SP, #0x64] \n"
 238 "    MOV     R0, #0x280 \n"
 239 "    STR     R0, [SP, #0x68] \n"
 240 "    MOV     R0, SP \n"
 241 "    MOV     R2, #0 \n"
 242 "    BL      sub_FFC02D68 \n"
 243 "    ADD     SP, SP, #0x74 \n"
 244 "    LDR     PC, [SP], #4 \n"
 245 );
 246 }
 247 
 248 /*************************************************************/
 249 //** sub_FFC04D38_my @ 0xFFC04D38 - 0xFFC04DAC, length=30
 250 void __attribute__((naked,noinline)) sub_FFC04D38_my() {
 251 asm volatile (
 252 "    STMFD   SP!, {R4,LR} \n"
 253 "    BL      sub_FFC00954 \n"
 254 "    BL      sub_FFC090B4 \n"
 255 "    CMP     R0, #0 \n"
 256 "    LDRLT   R0, =0xFFC04E4C /*'dmSetup'*/ \n"
 257 "    BLLT    _err_init_task \n"
 258 "    BL      sub_FFC04974 \n"
 259 "    CMP     R0, #0 \n"
 260 "    LDRLT   R0, =0xFFC04E54 /*'termDriverInit'*/ \n"
 261 "    BLLT    _err_init_task \n"
 262 "    LDR     R0, =0xFFC04E64 /*'/_term'*/ \n"
 263 "    BL      sub_FFC04A5C \n"
 264 "    CMP     R0, #0 \n"
 265 "    LDRLT   R0, =0xFFC04E6C /*'termDeviceCreate'*/ \n"
 266 "    BLLT    _err_init_task \n"
 267 "    LDR     R0, =0xFFC04E64 /*'/_term'*/ \n"
 268 "    BL      sub_FFC03578 \n"
 269 "    CMP     R0, #0 \n"
 270 "    LDRLT   R0, =0xFFC04E80 /*'stdioSetup'*/ \n"
 271 "    BLLT    _err_init_task \n"
 272 "    BL      sub_FFC08BCC \n"
 273 "    CMP     R0, #0 \n"
 274 "    LDRLT   R0, =0xFFC04E8C /*'stdlibSetup'*/ \n"
 275 "    BLLT    _err_init_task \n"
 276 "    BL      sub_FFC014A8 \n"
 277 "    CMP     R0, #0 \n"
 278 "    LDRLT   R0, =0xFFC04E98 /*'armlib_setup'*/ \n"
 279 "    BLLT    _err_init_task \n"
 280 "    LDMFD   SP!, {R4,LR} \n"
 281 "    B       taskcreate_Startup_my \n"  // --> Patched. Old value = 0xFFC0C260.
 282 );
 283 }
 284 
 285 /*************************************************************/
 286 //** taskcreate_Startup_my @ 0xFFC0C260 - 0xFFC0C2D4, length=30
 287 void __attribute__((naked,noinline)) taskcreate_Startup_my() {
 288 asm volatile (
 289 "    STMFD   SP!, {R3,LR} \n"
 290 //"  BL      _sub_FFC307BC \n"  // --> Nullsub call removed.
 291 "    BL      sub_FFC18AC8 \n"
 292 "    CMP     R0, #0 \n"
 293 "    BNE     loc_FFC0C298 \n"
 294 "    BL      sub_FFC30770 \n"
 295 "    CMP     R0, #0 \n"
 296 "    BNE     loc_FFC0C298 \n"
 297 "    BL      sub_FFC111F0 \n"
 298 "    LDR     R1, =0xC0220000 \n"
 299 "    MOV     R0, #0x44 \n"
 300 "    STR     R0, [R1, #0x1C] \n"
 301 "    BL      sub_FFC113DC \n"
 302 
 303 "loc_FFC0C294:\n"
 304 "    B       loc_FFC0C294 \n"
 305 
 306 "loc_FFC0C298:\n"
 307 //"  BL      _sub_FFC307C4 \n"  // Removed for correct power-on
 308 //"  BL      _sub_FFC307C0 \n"  // --> Nullsub call removed.
 309 "    BL      sub_FFC16D84 \n"
 310 "    LDR     R1, =0x34E000 \n"
 311 "    MOV     R0, #0 \n"
 312 "    BL      sub_FFC171CC \n"
 313 "    BL      sub_FFC16F78 /*_EnableDispatch*/ \n"
 314 "    MOV     R3, #0 \n"
 315 "    STR     R3, [SP] \n"
 316 "    LDR     R3, =task_Startup_my \n"  // --> Patched. Old value = 0xFFC0C1FC.
 317 "    MOV     R2, #0 \n"
 318 "    MOV     R1, #0x19 \n"
 319 "    LDR     R0, =0xFFC0C2E0 /*'Startup'*/ \n"
 320 "    BL      _CreateTask \n"
 321 "    MOV     R0, #0 \n"
 322 "    LDMFD   SP!, {R12,PC} \n"
 323 );
 324 }
 325 
 326 /*************************************************************/
 327 //** task_Startup_my @ 0xFFC0C1FC - 0xFFC0C25C, length=25
 328 void __attribute__((naked,noinline)) task_Startup_my() {
 329 asm volatile (
 330 "    STMFD   SP!, {R4,LR} \n"
 331 "    BL      sub_FFC05394 \n"
 332 "    BL      sub_FFC12BFC \n"
 333 "    BL      sub_FFC10F04 \n"
 334 //"  BL      _sub_FFC30E48 \n"  // --> Nullsub call removed.
 335 "    BL      sub_FFC18CEC \n"
 336 //"  BL      _sub_FFC18B9C \n"  // start diskboot.bin
 337 "    BL      sub_FFC5DE00 \n"
 338 "    BL      sub_FFC0FB90 \n"
 339 "    BL      sub_FFC18D1C \n"
 340 "    BL      sub_FFC16384 \n"
 341 "    BL      sub_FFC18E8C \n"
 342 "    BL      CreateTask_spytask\n"  // added
 343 "    BL      taskcreatePhySw_my \n"  // --> Patched. Old value = 0xFFC11A14.
 344 "    BL      sub_FFC14A14 \n"
 345 "    BL      sub_FFC18EA4 \n"
 346 //"  BL      _sub_FFC0EFB0 \n"  // --> Nullsub call removed.
 347 "    BL      sub_FFC10808 \n"
 348 "    BL      sub_FFC188A8 \n"
 349 "    BL      sub_FFC10EB4 \n"
 350 "    BL      sub_FFC10714 \n"
 351 "    BL      sub_FFC0FBC4 \n"
 352 "    BL      sub_FFC198E0 \n"
 353 "    BL      sub_FFC106EC \n"
 354 "    LDMFD   SP!, {R4,LR} \n"
 355 "    B       sub_FFC054B4 \n"
 356 );
 357 }
 358 
 359 /*************************************************************/
 360 //** taskcreatePhySw_my @ 0xFFC11A14 - 0xFFC11A34, length=9
 361 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
 362 asm volatile (
 363 "    STMFD   SP!, {R3-R5,LR} \n"
 364 "    LDR     R4, =0x1C28 \n"
 365 "    LDR     R0, [R4, #0x10] \n"
 366 "    CMP     R0, #0 \n"
 367 "    BNE     sub_FFC11A48 \n"
 368 "    MOV     R3, #0 \n"
 369 "    STR     R3, [SP] \n"
 370 "    LDR     R3, =mykbd_task \n"  // --> Patched. Old value = 0xFFC119E0.
 371 "    MOV     R2, #0x2000 \n"  // --> Patched. Old value = 0x800. stack size for new task_PhySw
 372 "    LDR     PC, =0xFFC11A38 \n"  // Continue in firmware
 373 );
 374 }
 375 
 376 /*************************************************************/
 377 //** init_file_modules_task @ 0xFFC61374 - 0xFFC613A8, length=14
 378 void __attribute__((naked,noinline)) init_file_modules_task() {
 379 asm volatile (
 380 "    STMFD   SP!, {R4-R6,LR} \n"
 381 "    BL      sub_FFC5AB88 \n"
 382 "    LDR     R5, =0x5006 \n"
 383 "    MOVS    R4, R0 \n"
 384 "    MOVNE   R1, #0 \n"
 385 "    MOVNE   R0, R5 \n"
 386 "    BLNE    _PostLogicalEventToUI \n"
 387 "    BL      sub_FFC5ABB4_my \n"  // --> Patched. Old value = 0xFFC5ABB4.
 388 "    BL      core_spytask_can_start\n"  // CHDK: Set "it's-safe-to-start" flag for spytask
 389 "    CMP     R4, #0 \n"
 390 "    MOVEQ   R0, R5 \n"
 391 "    LDMEQFD SP!, {R4-R6,LR} \n"
 392 "    MOVEQ   R1, #0 \n"
 393 "    BEQ     _PostLogicalEventToUI \n"
 394 "    LDMFD   SP!, {R4-R6,PC} \n"
 395 );
 396 }
 397 
 398 /*************************************************************/
 399 //** sub_FFC5ABB4_my @ 0xFFC5ABB4 - 0xFFC5ABBC, length=3
 400 void __attribute__((naked,noinline)) sub_FFC5ABB4_my() {
 401 asm volatile (
 402 "    STMFD   SP!, {R4,LR} \n"
 403 "    MOV     R0, #3 \n"
 404 "    BL      sub_FFC3F454_my \n"  // --> Patched. Old value = 0xFFC3F454.
 405 "    LDR     PC, =0xFFC5ABC0 \n"  // Continue in firmware
 406 );
 407 }
 408 
 409 /*************************************************************/
 410 //** sub_FFC3F454_my @ 0xFFC3F454 - 0xFFC3F4A8, length=22
 411 void __attribute__((naked,noinline)) sub_FFC3F454_my() {
 412 asm volatile (
 413 "    STMFD   SP!, {R4-R8,LR} \n"
 414 "    MOV     R6, R0 \n"
 415 "    BL      sub_FFC3F3BC \n"
 416 "    LDR     R1, =0xE2FC \n"
 417 "    MOV     R5, R0 \n"
 418 "    ADD     R4, R1, R0, LSL#7 \n"
 419 "    LDR     R0, [R4, #0x70] \n"
 420 "    CMP     R0, #4 \n"
 421 "    LDREQ   R1, =0x6D8 \n"
 422 "    LDREQ   R0, =0xFFC3EEE0 /*'Mounter.c'*/ \n"
 423 "    BLEQ    _DebugAssert \n"
 424 "    MOV     R1, R6 \n"
 425 "    MOV     R0, R5 \n"
 426 "    BL      sub_FFC3EE28 \n"
 427 "    LDR     R0, [R4, #0x38] \n"
 428 "    BL      sub_FFC3F980 \n"
 429 "    CMP     R0, #0 \n"
 430 "    STREQ   R0, [R4, #0x70] \n"
 431 "    MOV     R0, R5 \n"
 432 "    BL      sub_FFC3EF00 \n"
 433 "    MOV     R0, R5 \n"
 434 "    BL      sub_FFC3F1F4_my \n"  // --> Patched. Old value = 0xFFC3F1F4.
 435 "    LDR     PC, =0xFFC3F4AC \n"  // Continue in firmware
 436 );
 437 }
 438 
 439 /*************************************************************/
 440 //** sub_FFC3F1F4_my @ 0xFFC3F1F4 - 0xFFC3F21C, length=11
 441 void __attribute__((naked,noinline)) sub_FFC3F1F4_my() {
 442 asm volatile (
 443 "    STMFD   SP!, {R4-R6,LR} \n"
 444 "    MOV     R5, R0 \n"
 445 "    LDR     R0, =0xE2FC \n"
 446 "    ADD     R4, R0, R5, LSL#7 \n"
 447 "    LDR     R0, [R4, #0x70] \n"
 448 "    TST     R0, #2 \n"
 449 "    MOVNE   R0, #1 \n"
 450 "    LDMNEFD SP!, {R4-R6,PC} \n"
 451 "    LDR     R0, [R4, #0x38] \n"
 452 "    MOV     R1, R5 \n"
 453 "    BL      sub_FFC3EF84_my \n"  // --> Patched. Old value = 0xFFC3EF84.
 454 "    LDR     PC, =0xFFC3F220 \n"  // Continue in firmware
 455 );
 456 }
 457 
 458 /*************************************************************/
 459 //** sub_FFC3EF84_my @ 0xFFC3EF84 - 0xFFC3F0EC, length=91
 460 void __attribute__((naked,noinline)) sub_FFC3EF84_my() {
 461 asm volatile (
 462 "    STMFD   SP!, {R4-R8,LR} \n"
 463 "    MOV     R8, R0 \n"
 464 "    LDR     R0, =0xE2FC \n"
 465 "    MOV     R7, #0 \n"
 466 "    ADD     R5, R0, R1, LSL#7 \n"
 467 "    LDR     R0, [R5, #0x3C] \n"
 468 "    MOV     R6, #0 \n"
 469 "    CMP     R0, #7 \n"
 470 "    ADDLS   PC, PC, R0, LSL#2 \n"
 471 "    B       loc_FFC3F0D4 \n"
 472 "    B       loc_FFC3EFE4 \n"
 473 "    B       loc_FFC3EFCC \n"
 474 "    B       loc_FFC3EFCC \n"
 475 "    B       loc_FFC3EFCC \n"
 476 "    B       loc_FFC3EFCC \n"
 477 "    B       loc_FFC3F0CC \n"
 478 "    B       loc_FFC3EFCC \n"
 479 "    B       loc_FFC3EFCC \n"
 480 
 481 "loc_FFC3EFCC:\n"
 482 "    MOV     R2, #0 \n"
 483 "    MOV     R1, #0x200 \n"
 484 "    MOV     R0, #2 \n"
 485 "    BL      _exmem_ualloc \n"
 486 "    MOVS    R4, R0 \n"
 487 "    BNE     loc_FFC3EFEC \n"
 488 
 489 "loc_FFC3EFE4:\n"
 490 "    MOV     R0, #0 \n"
 491 "    LDMFD   SP!, {R4-R8,PC} \n"
 492 
 493 "loc_FFC3EFEC:\n"
 494 "    LDR     R12, [R5, #0x4C] \n"
 495 "    MOV     R3, R4 \n"
 496 "    MOV     R2, #1 \n"
 497 "    MOV     R1, #0 \n"
 498 "    MOV     R0, R8 \n"
 499 "    BLX     R12 \n"
 500 "    CMP     R0, #1 \n"
 501 "    BNE     loc_FFC3F018 \n"
 502 "    MOV     R0, #2 \n"
 503 "    BL      _exmem_ufree \n"
 504 "    B       loc_FFC3EFE4 \n"
 505 
 506 "loc_FFC3F018:\n"
 507 "    LDR     R1, [R5, #0x68] \n"
 508 "    MOV     R0, R8 \n"
 509 "    BLX     R1 \n"
 510 
 511 "    MOV     R1, R4\n"              //  pointer to MBR in R1
 512 "    BL      mbr_read_dryos\n"      //  total sectors count in R0 before and after call
 513 
 514 // Start of DataGhost's FAT32 autodetection code
 515 // Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
 516 // According to the code below, we can use R1, R2, R3 and R12.
 517 // LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
 518 // that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
 519 "    MOV     R12, R4\n"             // Copy the MBR start address so we have something to work with
 520 "    MOV     LR, R4\n"              // Save old offset for MBR signature
 521 "    MOV     R1, #1\n"              // Note the current partition number
 522 "    B       dg_sd_fat32_enter\n"   // We actually need to check the first partition as well, no increments yet!
 523 "dg_sd_fat32:\n"
 524 "    CMP     R1, #4\n"              // Did we already see the 4th partition?
 525 "    BEQ     dg_sd_fat32_end\n"     // Yes, break. We didn't find anything, so don't change anything.
 526 "    ADD     R12, R12, #0x10\n"     // Second partition
 527 "    ADD     R1, R1, #1\n"          // Second partition for the loop
 528 "dg_sd_fat32_enter:\n"
 529 "    LDRB    R2, [R12, #0x1BE]\n"   // Partition status
 530 "    LDRB    R3, [R12, #0x1C2]\n"   // Partition type (FAT32 = 0xB)
 531 "    CMP     R3, #0xB\n"            // Is this a FAT32 partition?
 532 "    CMPNE   R3, #0xC\n"            // Not 0xB, is it 0xC (FAT32 LBA) then?
 533 "    CMPNE   R3, #0x7\n"            // exFat?
 534 "    BNE     dg_sd_fat32\n"         // No, it isn't. Loop again.
 535 "    CMP     R2, #0x00\n"           // It is, check the validity of the partition type
 536 "    CMPNE   R2, #0x80\n"
 537 "    BNE     dg_sd_fat32\n"         // Invalid, go to next partition
 538                                     // This partition is valid, it's the first one, bingo!
 539 "    MOV     R4, R12\n"             // Move the new MBR offset for the partition detection.
 540 
 541 "dg_sd_fat32_end:\n"
 542 // End of DataGhost's FAT32 autodetection code
 543 
 544 "    LDRB    R1, [R4, #0x1C9] \n"
 545 "    LDRB    R3, [R4, #0x1C8] \n"
 546 "    LDRB    R12, [R4, #0x1CC] \n"
 547 "    MOV     R1, R1, LSL#24 \n"
 548 "    ORR     R1, R1, R3, LSL#16 \n"
 549 "    LDRB    R3, [R4, #0x1C7] \n"
 550 "    LDRB    R2, [R4, #0x1BE] \n"
 551 //"  LDRB    LR, [R4, #0x1FF] \n"  // replaced below
 552 "    ORR     R1, R1, R3, LSL#8 \n"
 553 "    LDRB    R3, [R4, #0x1C6] \n"
 554 "    CMP     R2, #0 \n"
 555 "    CMPNE   R2, #0x80 \n"
 556 "    ORR     R1, R1, R3 \n"
 557 "    LDRB    R3, [R4, #0x1CD] \n"
 558 "    MOV     R3, R3, LSL#24 \n"
 559 "    ORR     R3, R3, R12, LSL#16 \n"
 560 "    LDRB    R12, [R4, #0x1CB] \n"
 561 "    ORR     R3, R3, R12, LSL#8 \n"
 562 "    LDRB    R12, [R4, #0x1CA] \n"
 563 "    ORR     R3, R3, R12 \n"
 564 //"  LDRB    R12, [R4, #0x1FE] \n"  // replaced below
 565 "    LDRB    R12, [LR,#0x1FE]\n"    // replace instructions above - First MBR signature byte (0x55), LR is original offset.
 566 "    LDRB    LR, [LR,#0x1FF]\n"     // replace instructions above - Last MBR signature byte (0xAA), LR is original offset.
 567 "    MOV     R4, #0 \n"
 568 "    BNE     loc_FFC3F0A4 \n"
 569 "    CMP     R0, R1 \n"
 570 "    BCC     loc_FFC3F0A4 \n"
 571 "    ADD     R2, R1, R3 \n"
 572 "    CMP     R2, R0 \n"
 573 "    CMPLS   R12, #0x55 \n"
 574 "    CMPEQ   LR, #0xAA \n"
 575 "    MOVEQ   R7, R1 \n"
 576 "    MOVEQ   R6, R3 \n"
 577 "    MOVEQ   R4, #1 \n"
 578 
 579 "loc_FFC3F0A4:\n"
 580 "    MOV     R0, #2 \n"
 581 "    BL      _exmem_ufree \n"
 582 "    CMP     R4, #0 \n"
 583 "    BNE     loc_FFC3F0E0 \n"
 584 "    LDR     R1, [R5, #0x68] \n"
 585 "    MOV     R7, #0 \n"
 586 "    MOV     R0, R8 \n"
 587 "    BLX     R1 \n"
 588 "    MOV     R6, R0 \n"
 589 "    B       loc_FFC3F0E0 \n"
 590 
 591 "loc_FFC3F0CC:\n"
 592 "    MOV     R6, #0x40 \n"
 593 "    B       loc_FFC3F0E0 \n"
 594 
 595 "loc_FFC3F0D4:\n"
 596 "    LDR     R1, =0x5C9 \n"
 597 "    LDR     R0, =0xFFC3EEE0 /*'Mounter.c'*/ \n"
 598 "    BL      _DebugAssert \n"
 599 
 600 "loc_FFC3F0E0:\n"
 601 "    STR     R7, [R5, #0x44]! \n"
 602 "    MOV     R0, #1 \n"
 603 "    STR     R6, [R5, #4] \n"
 604 "    LDMFD   SP!, {R4-R8,PC} \n"
 605 );
 606 }
/* [<][>][^][v][top][bottom][index][help] */