root/platform/ixus285_elph360hs/sub/100b/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. CreateTask_spytask
  2. boot
  3. CreateTask_my
  4. sub_FF0203C4_my
  5. sub_FF022914_my
  6. sub_FF02473C_my
  7. sub_FF027DC0_my
  8. task_Startup_my
  9. taskcreatePhySw_my
  10. init_file_modules_task
  11. kbd_p1_f_cont_my
  12. sub_FF02BF18_my
  13. init_required_fw_features
   1 /*
   2  * boot.c - auto-generated by CHDK code_gen.
   3  */
   4 #include "lolevel.h"
   5 #include "platform.h"
   6 #include "core.h"
   7 #include "dryos31.h"
   8 
   9 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
  10 
  11 const char * const new_sa = &_end;
  12 
  13 /*----------------------------------------------------------------------
  14     CreateTask_spytask
  15 -----------------------------------------------------------------------*/
  16 void CreateTask_spytask()
  17 {
  18     _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
  19 }
  20 
  21 /*----------------------------------------------------------------------
  22     boot()
  23 
  24     Main entry point for the CHDK code
  25 -----------------------------------------------------------------------*/
  26 
  27 
  28 /*************************************************************/
  29 //** boot @ 0xFF02000C - 0xFF02017C, length=93
  30 void __attribute__((naked,noinline)) boot() {
  31 asm volatile (
  32 "    LDR     R1, =0xC0410000 \n"
  33 "    MOV     R0, #0 \n"
  34 "    STR     R0, [R1] \n"
  35 "    MOV     R1, #0x78 \n"
  36 "    MCR     p15, 0, R1, c1, c0 \n"
  37 "    MOV     R1, #0 \n"
  38 "    MCR     p15, 0, R1, c7, c10, 4 \n"
  39 "    MCR     p15, 0, R1, c7, c5 \n"
  40 "    MCR     p15, 0, R1, c7, c6 \n"
  41 "    MOV     R0, #0x3D \n"
  42 "    MCR     p15, 0, R0, c6, c0 \n"
  43 "    MOV     R0, #0xC000002F \n"
  44 "    MCR     p15, 0, R0, c6, c1 \n"
  45 "    MOV     R0, #0x39 \n"
  46 "    MCR     p15, 0, R0, c6, c2 \n"
  47 "    MOV     R0, #0x40000039 \n"
  48 "    MCR     p15, 0, R0, c6, c3 \n"
  49 "    MOV     R0, #0x80000017 \n"
  50 "    MCR     p15, 0, R0, c6, c4 \n"
  51 "    LDR     R0, =0xFF00002F \n"
  52 "    MCR     p15, 0, R0, c6, c5 \n"
  53 "    MOV     R0, #0x34 \n"
  54 "    MCR     p15, 0, R0, c2, c0 \n"
  55 "    MOV     R0, #0x34 \n"
  56 "    MCR     p15, 0, R0, c2, c0, 1 \n"
  57 "    MOV     R0, #0x34 \n"
  58 "    MCR     p15, 0, R0, c3, c0 \n"
  59 "    LDR     R0, =0x3333330 \n"
  60 "    MCR     p15, 0, R0, c5, c0, 2 \n"
  61 "    LDR     R0, =0x3333330 \n"
  62 "    MCR     p15, 0, R0, c5, c0, 3 \n"
  63 "    MRC     p15, 0, R0, c1, c0 \n"
  64 "    ORR     R0, R0, #0x1000 \n"
  65 "    ORR     R0, R0, #4 \n"
  66 "    ORR     R0, R0, #1 \n"
  67 "    MCR     p15, 0, R0, c1, c0 \n"
  68 "    MOV     R1, #0x80000006 \n"
  69 "    MCR     p15, 0, R1, c9, c1 \n"
  70 "    MOV     R1, #6 \n"
  71 "    MCR     p15, 0, R1, c9, c1, 1 \n"
  72 "    MRC     p15, 0, R1, c1, c0 \n"
  73 "    ORR     R1, R1, #0x50000 \n"
  74 "    MCR     p15, 0, R1, c1, c0 \n"
  75 "    LDR     R2, =0xC0200000 \n"
  76 "    MOV     R1, #1 \n"
  77 "    STR     R1, [R2, #0x10C] \n"
  78 "    MVN     R1, #0 \n"
  79 "    STR     R1, [R2, #0xC] \n"
  80 "    STR     R1, [R2, #0x1C] \n"
  81 "    STR     R1, [R2, #0x2C] \n"
  82 "    STR     R1, [R2, #0x3C] \n"
  83 "    STR     R1, [R2, #0x4C] \n"
  84 "    STR     R1, [R2, #0x5C] \n"
  85 "    STR     R1, [R2, #0x6C] \n"
  86 "    STR     R1, [R2, #0x7C] \n"
  87 "    STR     R1, [R2, #0x8C] \n"
  88 "    STR     R1, [R2, #0x9C] \n"
  89 "    STR     R1, [R2, #0xAC] \n"
  90 "    STR     R1, [R2, #0xBC] \n"
  91 "    STR     R1, [R2, #0xCC] \n"
  92 "    STR     R1, [R2, #0xDC] \n"
  93 "    STR     R1, [R2, #0xEC] \n"
  94 "    STR     R1, [R2, #0xFC] \n"
  95 "    LDR     R1, =0xC0400008 \n"
  96 "    LDR     R2, =0x430005 \n"
  97 "    STR     R2, [R1] \n"
  98 "    MOV     R1, #1 \n"
  99 "    LDR     R2, =0xC0243100 \n"
 100 "    STR     R2, [R1] \n"
 101 "    LDR     R2, =0xC0242010 \n"
 102 "    LDR     R1, [R2] \n"
 103 "    ORR     R1, R1, #1 \n"
 104 "    STR     R1, [R2] \n"
 105 "    LDR     R0, =0xFF90BC80 \n"
 106 "    LDR     R1, =0x6B1000 \n"
 107 "    LDR     R3, =0x6E3F2A \n"
 108 
 109 "loc_FF02013C:\n"
 110 "    CMP     R1, R3 \n"
 111 "    LDRCC   R2, [R0], #4 \n"
 112 "    STRCC   R2, [R1], #4 \n"
 113 "    BCC     loc_FF02013C \n"
 114 "    LDR     R0, =0xFF8F42E0 \n"
 115 "    LDR     R1, =0x1900 \n"
 116 "    LDR     R3, =0x192A0 \n"
 117 
 118 "loc_FF020158:\n"
 119 "    CMP     R1, R3 \n"
 120 "    LDRCC   R2, [R0], #4 \n"
 121 "    STRCC   R2, [R1], #4 \n"
 122 "    BCC     loc_FF020158 \n"
 123 "    LDR     R1, =0x2F6598 \n"
 124 "    MOV     R2, #0 \n"
 125 
 126 "loc_FF020170:\n"
 127 "    CMP     R3, R1 \n"
 128 "    STRCC   R2, [R3], #4 \n"
 129 "    BCC     loc_FF020170 \n"
 130 /* Install task hooks via 0x193x is not possible with this new dryos version
 131    So the below code patches the CreateTask function in RAM to install our
 132    hook -- ERR99
 133 */
 134 // Install CreateTask patch
 135 "    LDR     R0, =patch_CreateTask\n"   // Patch data
 136 "    LDM     R0, {R1,R2}\n"             // Get two patch instructions
 137 "    LDR     R0, =hook_CreateTask\n"    // Address to patch
 138 "    STM     R0, {R1,R2}\n"             // Store patch instructions
 139 
 140 "    B       sub_FF0203C4_my \n"  // --> Patched. Old value = 0xFF0203C4.
 141 
 142 "patch_CreateTask:\n"
 143 "    LDR     PC, [PC,#-0x4]\n"          // Do jump to absolute address CreateTask_my
 144 "    .long   CreateTask_my\n"
 145 );
 146 }
 147 
 148 /*************************************************************/
 149 //** CreateTask_my @ 0x006B5714 - 0x006B5718, length=2
 150 void __attribute__((naked,noinline)) CreateTask_my() {
 151 asm volatile (
 152 "    STMFD   SP!, {R0}\n"
 153 //R3 = Pointer to task function to create
 154 
 155 /*** INSTALL capt_seq_task() hook ***/
 156 "    LDR     R0, =task_CaptSeq\n"       // DryOS original code function ptr.
 157 "    CMP     R0, R3\n"                  // is the given taskptr equal to our searched function?
 158 "    LDREQ   R3, =capt_seq_task\n"      // if so replace with our task function base ptr.
 159 "    BEQ     exitHook\n"                // below compares not necessary if this check has found something.
 160 
 161 /*** INSTALL exp_drv_task() hook ***/
 162 /*
 163 "    LDR     R0, =task_ExpDrv\n"
 164 "    CMP     R0, R3\n"
 165 "    LDREQ   R3, =exp_drv_task\n"
 166 "    BEQ     exitHook\n"
 167 */
 168 
 169 /*** INSTALL filewrite() hook ***/
 170 //"    LDR     R0, =task_FileWrite\n"
 171 //"    CMP     R0, R3\n"
 172 //"    LDREQ   R3, =filewritetask\n"
 173 //"    BEQ     exitHook\n"
 174 
 175 /*** INSTALL movie_record_task() hook ***/
 176 //"    LDR     R0, =task_MovieRecord\n"
 177 //"    CMP     R0, R3\n"
 178 //"    LDREQ   R3, =movie_record_task\n"
 179 //"    BEQ     exitHook\n"
 180 
 181 /*** INSTALL liveimage_task() hook ***/
 182 //"    LDR     R0, =task_LiveImageTask\n"
 183 //"    CMP     R0, R3\n"
 184 //"    LDREQ   R3, =liveimage_task\n"
 185 //"    BEQ     exitHook\n"
 186 
 187 /*** INSTALL init_file_modules_task() hook ***/
 188 "    LDR     R0, =task_InitFileModules\n"
 189 "    CMP     R0, R3\n"
 190 "    LDREQ   R3, =init_file_modules_task\n"
 191 
 192 "exitHook:\n" 
 193 // restore overwritten registers
 194 "    LDMFD   SP!, {R0}\n"
 195 // Execute overwritten instructions from original code, then jump to firmware
 196 "    STMFD   SP!, {R1-R5,LR} \n"
 197 "    MOV     R4, R2 \n"
 198 "    LDR     PC, =0x006B571C \n"  // Continue in firmware
 199 );
 200 }
 201 
 202 /*************************************************************/
 203 //** sub_FF0203C4_my @ 0xFF0203C4 - 0xFF02042C, length=27
 204 void __attribute__((naked,noinline)) sub_FF0203C4_my() {
 205 
 206    // Replacement of sub_ for correct power-on.
 207    // (short press = playback mode, long press = record mode)
 208    // value and pointer from sub_FF073448 ixus285
 209    *(int*)(0x2dc8) = (*(int*)0xC022F48C)&0x80000 ? 0x80000 : 0x40000;
 210 
 211 asm volatile (
 212 "    LDR     R0, =0xFF02043C \n"
 213 "    MOV     R1, #0 \n"
 214 "    LDR     R3, =0xFF020474 \n"
 215 
 216 "loc_FF0203D0:\n"
 217 "    CMP     R0, R3 \n"
 218 "    LDRCC   R2, [R0], #4 \n"
 219 "    STRCC   R2, [R1], #4 \n"
 220 "    BCC     loc_FF0203D0 \n"
 221 "    LDR     R0, =0xFF020474 \n"
 222 "    MOV     R1, #0x1E0 \n"
 223 "    LDR     R3, =0xFF02064C \n"
 224 
 225 "loc_FF0203EC:\n"
 226 "    CMP     R0, R3 \n"
 227 "    LDRCC   R2, [R0], #4 \n"
 228 "    STRCC   R2, [R1], #4 \n"
 229 "    BCC     loc_FF0203EC \n"
 230 "    MOV     R0, #0xD2 \n"
 231 "    MSR     CPSR_cxsf, R0 \n"
 232 "    MOV     SP, #0x1000 \n"
 233 "    MOV     R0, #0xD3 \n"
 234 "    MSR     CPSR_cxsf, R0 \n"
 235 "    MOV     SP, #0x1000 \n"
 236 "    LDR     R0, =0x3B8 \n"
 237 "    LDR     R2, =0xEEEEEEEE \n"
 238 "    MOV     R3, #0x1000 \n"
 239 
 240 "loc_FF020420:\n"
 241 "    CMP     R0, R3 \n"
 242 "    STRCC   R2, [R0], #4 \n"
 243 "    BCC     loc_FF020420 \n"
 244 "    B       sub_FF022914_my \n"  // --> Patched. Old value = 0xFF022914.
 245 );
 246 }
 247 
 248 /*************************************************************/
 249 //** sub_FF022914_my @ 0xFF022914 - 0xFF022A24, length=69
 250 void __attribute__((naked,noinline)) sub_FF022914_my() {
 251 asm volatile (
 252 "    LDR     R1, =0x1A64 \n"
 253 "    STR     LR, [SP, #-4]! \n"
 254 "    SUB     SP, SP, #0x7C \n"
 255 "    MOV     R0, #0x80000 \n"
 256 "    STR     R0, [R1] \n"
 257 "    LDR     R0, =0x40DEBEE0 \n"
 258 "    LDR     R1, =0x1A68 \n"
 259 "    STR     R0, [R1] \n"
 260 "    LDR     R1, =0x1A6C \n"
 261 "    ADD     R0, R0, #0x2000 \n"
 262 "    STR     R0, [R1] \n"
 263 "    MOV     R1, #0x78 \n"
 264 "    ADD     R0, SP, #4 \n"
 265 "    BL      sub_006DC0D0 \n"
 266 "    MOV     R0, #0xA0000 \n"
 267 "    STR     R0, [SP, #8] \n"
 268 
 269 #if defined(CHDK_NOT_IN_CANON_HEAP) // use original heap offset if CHDK is loaded in high memory
 270 "    LDR     R0, =0x2F6598 \n"
 271 #else
 272 "    LDR     R0, =new_sa\n"   // otherwise use patched value
 273 "    LDR     R0, [R0]\n"      //
 274 #endif
 275 
 276 "    LDR     R2, =0x562A94 \n"
 277 "    STR     R0, [SP, #0xC] \n"
 278 "    SUB     R0, R2, R0 \n"
 279 "    STR     R0, [SP, #0x10] \n"
 280 "    MOV     R0, #0x22 \n"
 281 "    STR     R0, [SP, #0x1C] \n"
 282 "    MOV     R0, #0x98 \n"
 283 "    STR     R0, [SP, #0x20] \n"
 284 "    LDR     R0, =0x21A \n"
 285 "    LDR     R1, =0x56E000 \n"
 286 "    STR     R2, [SP, #0x14] \n"
 287 "    STR     R0, [SP, #0x24] \n"
 288 "    MOV     R0, #0xFA \n"
 289 "    STR     R1, [SP, #4] \n"
 290 "    STR     R1, [SP, #0x18] \n"
 291 "    STR     R0, [SP, #0x28] \n"
 292 "    MOV     R0, #0xD4 \n"
 293 "    STR     R0, [SP, #0x2C] \n"
 294 "    MOV     R0, #0x85 \n"
 295 "    STR     R0, [SP, #0x30] \n"
 296 "    MOV     R0, #0x40 \n"
 297 "    STR     R0, [SP, #0x34] \n"
 298 "    MOV     R0, #4 \n"
 299 "    STR     R0, [SP, #0x38] \n"
 300 "    MOV     R0, #0 \n"
 301 "    STR     R0, [SP, #0x3C] \n"
 302 "    MOV     R0, #0x10 \n"
 303 "    STR     R0, [SP, #0x60] \n"
 304 "    MOV     R0, #0x1000 \n"
 305 "    STR     R0, [SP, #0x64] \n"
 306 "    MOV     R0, #0x100 \n"
 307 "    STR     R0, [SP, #0x68] \n"
 308 "    MOV     R0, #0x2000 \n"
 309 "    STR     R0, [SP, #0x6C] \n"
 310 "    LDR     R1, =sub_FF02473C_my \n"  // --> Patched. Old value = 0xFF02473C.
 311 "    MOV     R2, #0 \n"
 312 "    ADD     R0, SP, #4 \n"
 313 "    BL      sub_006B1BC4 \n"
 314 "    ADD     SP, SP, #0x7C \n"
 315 "    LDR     PC, [SP], #4 \n"
 316 );
 317 }
 318 
 319 /*************************************************************/
 320 //** sub_FF02473C_my @ 0xFF02473C - 0xFF0247D4, length=39
 321 void __attribute__((naked,noinline)) sub_FF02473C_my() {
 322 asm volatile (
 323 "    STMFD   SP!, {R4,LR} \n"
 324 "    LDR     R4, =0xFF0247F8 /*'/_term'*/ \n"
 325 "    BL      sub_FF020848 \n"
 326 "    LDR     R1, =0x1A64 \n"
 327 "    LDR     R0, =0x19F8 \n"
 328 "    LDR     R1, [R1] \n"
 329 "    LDR     R0, [R0] \n"
 330 "    ADD     R1, R1, #0x10 \n"
 331 "    CMP     R0, R1 \n"
 332 "    LDRCC   R0, =0xFF024808 /*'USER_MEM size checking'*/ \n"
 333 "    BLCC    _err_init_task \n"
 334 "    BL      sub_FF023528 \n"
 335 "    CMP     R0, #0 \n"
 336 "    LDRLT   R0, =0xFF024820 /*'dmSetup'*/ \n"
 337 "    BLLT    _err_init_task \n"
 338 "    BL      sub_FF022528 \n"
 339 "    CMP     R0, #0 \n"
 340 "    LDRLT   R0, =0xFF024828 /*'termDriverInit'*/ \n"
 341 "    BLLT    _err_init_task \n"
 342 "    MOV     R0, R4 \n"
 343 "    BL      sub_FF022608 \n"
 344 "    CMP     R0, #0 \n"
 345 "    LDRLT   R0, =0xFF024838 /*'termDeviceCreate'*/ \n"
 346 "    BLLT    _err_init_task \n"
 347 "    MOV     R0, R4 \n"
 348 "    BL      sub_FF022140 \n"
 349 "    CMP     R0, #0 \n"
 350 "    LDRLT   R0, =0xFF02484C /*'stdioSetup'*/ \n"
 351 "    BLLT    _err_init_task \n"
 352 "    BL      sub_FF024DA8 \n"
 353 "    CMP     R0, #0 \n"
 354 "    LDRLT   R0, =0xFF024858 /*'stdlibSetup'*/ \n"
 355 "    BLLT    _err_init_task \n"
 356 "    BL      sub_FF020F4C \n"
 357 "    CMP     R0, #0 \n"
 358 "    LDRLT   R0, =0xFF024864 /*'extlib_setup'*/ \n"
 359 "    BLLT    _err_init_task \n"
 360 "    LDMFD   SP!, {R4,LR} \n"
 361 "    B       sub_FF027DC0_my \n"  // --> Patched. Old value = 0xFF027DC0.
 362 );
 363 }
 364 
 365 /*************************************************************/
 366 //** sub_FF027DC0_my @ 0xFF027DC0 - 0xFF027E10, length=21
 367 void __attribute__((naked,noinline)) sub_FF027DC0_my() {
 368 asm volatile (
 369 "    STMFD   SP!, {R3,LR} \n"
 370 "    BL      sub_FF034148 \n"
 371 "    BL      sub_FF02D8EC /*_IsNormalCameraMode_FW*/ \n"
 372 //"  BL      _sub_FF02C310 \n"  // startup check,disabled
 373 //"  CMP     R0, #0 \n"
 374 //"  BNE     loc_FF027DE0 \n"
 375 //"  BL      _sub_FF02BA8C \n"
 376 
 377 "loc_FF027DDC:\n"
 378 //"  B       loc_FF027DDC \n"
 379 
 380 "loc_FF027DE0:\n"
 381 "    BL      sub_006B8C18 \n"
 382 "    LDR     R1, =0x60E000 \n"
 383 "    MOV     R0, #0 \n"
 384 "    BL      sub_FF0383F8 \n"
 385 "    MOV     R3, #0 \n"
 386 "    STR     R3, [SP] \n"
 387 "    LDR     R3, =task_Startup_my \n"  // --> Patched. Old value = 0xFF027D58.
 388 "    MOV     R2, #0 \n"
 389 "    MOV     R1, #0x19 \n"
 390 "    LDR     R0, =0xFF027E1C /*'Startup'*/ \n"
 391 "    BL      _CreateTask \n"
 392 "    MOV     R0, #0 \n"
 393 "    LDMFD   SP!, {R3,PC} \n"
 394 );
 395 }
 396 
 397 /*************************************************************/
 398 //** task_Startup_my @ 0xFF027D58 - 0xFF027DBC, length=26
 399 void __attribute__((naked,noinline)) task_Startup_my() {
 400 asm volatile (
 401 "    STMFD   SP!, {R4,LR} \n"
 402 "    BL      sub_FF022CCC \n"
 403 "    BL      sub_FF02C7D0 \n"
 404 "    BL      sub_FF02BA38 \n"
 405 //"  BL      _sub_FF073D6C \n"  // --> Nullsub call removed.
 406 "    BL      sub_FF0381AC \n"
 407 //"  BL      _sub_FF03806C \n"  // load DISKBOOT.BIN
 408 "    BL      sub_FF038308 \n"
 409 "    BL      sub_FF0384CC \n"
 410 //"  BL      _sub_FF0382FC \n"  // --> Nullsub call removed.
 411 "    BL      sub_FF0381E0 \n"
 412 "    BL      sub_FF034080 \n"
 413 "    BL      sub_FF0384D4 \n"
 414 "    BL      CreateTask_spytask\n" // added
 415 "    BL      taskcreatePhySw_my \n"  // --> Patched. Old value = 0xFF02C1BC.
 416 "    BL      init_required_fw_features\n" // added
 417 "    BL      sub_FF031D80 \n"
 418 "    BL      sub_FF0C359C \n"
 419 "    BL      sub_FF029190 \n"
 420 "    BL      sub_FF02B3CC \n"
 421 "    BL      sub_FF037D30 \n"
 422 "    BL      sub_FF02B9EC \n"
 423 "    BL      sub_FF02B360 \n"
 424 //"  BL      _sub_FF038300 \n"  // --> Nullsub call removed.
 425 "    BL      sub_FF02A020 \n"
 426 "    BL      sub_FF02B31C \n"
 427 "    LDMFD   SP!, {R4,LR} \n"
 428 "    B       sub_FF022E1C \n"
 429 );
 430 }
 431 
 432 /*************************************************************/
 433 //** taskcreatePhySw_my @ 0xFF02C1BC - 0xFF02C200, length=18
 434 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
 435 asm volatile (
 436 "    STMFD   SP!, {R3-R5,LR} \n"
 437 "    BL      sub_FF036F98 \n"
 438 "    BL      sub_FF02D824 /*_IsFactoryMode_FW*/ \n"
 439 "    CMP     R0, #0 \n"
 440 "    BLEQ    sub_FF036F00 /*_OpLog.Start_FW*/ \n"
 441 "    LDR     R4, =0x1C24 \n"
 442 "    LDR     R0, [R4, #4] \n"
 443 "    CMP     R0, #0 \n"
 444 "    BNE     loc_FF02C200 \n"
 445 "    MOV     R3, #0 \n"
 446 "    STR     R3, [SP] \n"
 447 "    LDR     R3, =mykbd_task \n"  // --> Patched. Old value = 0xFF02C188.
 448 "    MOV     R2, #0x2000 \n"  // --> Patched. Old value = 0x800. stack size for new task_PhySw so we don't have to do stack switch
 449 "    MOV     R1, #0x17 \n"
 450 "    LDR     R0, =0xFF02C4B0 /*'PhySw'*/ \n"
 451 "    BL      sub_006B7C84 /*_CreateTaskStrictly*/ \n"
 452 "    STR     R0, [R4, #4] \n"
 453 
 454 "loc_FF02C200:\n"
 455 "    LDMFD   SP!, {R3-R5,PC} \n"
 456 );
 457 }
 458 
 459 /*************************************************************/
 460 //** init_file_modules_task @ 0xFF05F9E8 - 0xFF05FA24, length=16
 461 void __attribute__((naked,noinline)) init_file_modules_task() {
 462 asm volatile (
 463 "    STMFD   SP!, {R4-R6,LR} \n"
 464 "    MOV     R0, #6 \n"
 465 //"  BL      _sub_FF029558 \n"  // --> Nullsub call removed.
 466 "    BL      sub_FF0ACDBC \n"
 467 "    LDR     R5, =0x5006 \n"
 468 "    MOVS    R4, R0 \n"
 469 "    MOVNE   R1, #0 \n"
 470 "    MOVNE   R0, R5 \n"
 471 "    BLNE    _PostLogicalEventToUI \n"
 472 "    BL      sub_FF0ACDEC \n"
 473 "    BL      core_spytask_can_start\n"  // CHDK: Set "it's-safe-to-start" flag for spytask
 474 "    CMP     R4, #0 \n"
 475 "    LDMNEFD SP!, {R4-R6,PC} \n"
 476 "    MOV     R0, R5 \n"
 477 "    LDMFD   SP!, {R4-R6,LR} \n"
 478 "    MOV     R1, #1 \n"
 479 "    B       _PostLogicalEventToUI \n"
 480 );
 481 }
 482 
 483 /*************************************************************/
 484 //** kbd_p1_f_cont_my @ 0xFF02C6F8 - 0xFF02C738, length=17
 485 void __attribute__((naked,noinline)) kbd_p1_f_cont_my() {
 486 asm volatile (
 487 "    LDR     R2, =0x1A078 \n"
 488 "    MOV     R0, #2 \n"
 489 "    ADD     R3, R2, #0x24 \n"
 490 "    MOV     R4, SP \n"
 491 
 492 "loc_FF02C708:\n"
 493 "    ADD     R1, R3, R0, LSL#2 \n"
 494 "    LDR     R12, [R2, R0, LSL#2] \n"
 495 "    LDR     R6, [R1, #0xC] \n"
 496 "    LDR     R1, [R1, #0x18] \n"
 497 "    AND     R12, R12, R6 \n"
 498 "    EOR     R1, R1, R12 \n"
 499 "    STR     R1, [R4, R0, LSL#2] \n"
 500 "    SUBS    R0, R0, #1 \n"
 501 "    BPL     loc_FF02C708 \n"
 502 "    bl      xtra_kbd_cb \n"            // + returns part of physw_status when overriding, -1 otherwise
 503 "    mov     r3, r0 \n"                 // + provide new argument for the next function
 504 "    LDR     R2, =0x1A090 \n"
 505 "    MOV     R0, SP \n"
 506 "    SUB     R1, R2, #0xC \n"
 507 "    BL      sub_FF02BF18_my \n"  // --> Patched. Old value = 0xFF02BF18.
 508 "    LDR     PC, =0xFF02C73C \n"  // Continue in firmware
 509 );
 510 }
 511 
 512 /*************************************************************/
 513 //** sub_FF02BF18_my @ 0xFF02BF18 - 0xFF02BF20, length=3
 514 void __attribute__((naked,noinline)) sub_FF02BF18_my() {
 515 asm volatile (
 516 "    STMFD   SP!, {R0-R12,LR} \n"
 517 "    MOV     R5, R0 \n"
 518 //"  MVN     R0, #0 \n"  // - should be (physw_status[0] & 0xffff) when overriding, -1 otherwise. 
 519 "    mov     r0, r3 \n"  // + (new argument to allow passing our variable)
 520 "    LDR     PC, =0xFF02BF24 \n"  // Continue in firmware
 521 );
 522 }
 523 /*
 524     *** TEMPORARY workaround ***
 525     Init stuff to avoid asserts on cameras running DryOS r54+
 526     Execute this only once
 527  */
 528 void init_required_fw_features(void) {
 529     extern void _init_focus_eventflag();
 530     extern void _init_nd_eventflag();
 531     extern void _init_nd_semaphore();
 532     //extern void _init_zoom_semaphore(); // for MoveZoomLensWithPoint
 533 
 534     _init_focus_eventflag();
 535     _init_nd_eventflag();
 536     _init_nd_semaphore();
 537 }
 538
/* [<][>][^][v][top][bottom][index][help] */