root/platform/g5x/sub/101d/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. CreateTask_spytask
  2. boot
  3. debug_logging_my
  4. patch_mzrm_sendmsg
  5. CreateTask_my
  6. sub_fc066258_my
  7. sub_fc0663e8_my
  8. sub_fc0667de_my
  9. sub_fc0ecf20_my
  10. init_required_fw_features
  11. task_Startup_my
  12. sub_fc0ece46_my
  13. init_file_modules_task
  14. kbd_p2_f_my
  15. sub_fc09b570_my
  16. kbd_p1_f_cont_my
  17. sub_fc0ecc40_my
  18. task_TricInitTask_my

   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 #include "dryos31.h"
   5 
   6 #include "camera_info.h"
   7 
   8 const char * const new_sa = &_end;
   9 
  10 // Forward declarations
  11 extern void task_CaptSeq ();
  12 extern void task_InitFileModules ();
  13 //extern void task_MovieRecord();
  14 extern void task_ExpDrv ();
  15 
  16 /*----------------------------------------------------------------------
  17  CreateTask_spytask
  18  -----------------------------------------------------------------------*/
  19 void
  20 CreateTask_spytask ()
  21 {
  22     _CreateTask ("SpyTask", 0x19, 0x2000, core_spytask, 0);
  23 }
  24 
  25 /*----------------------------------------------------------------------
  26  boot()
  27 
  28  Main entry point for the CHDK code
  29  -----------------------------------------------------------------------*/
  30 
  31 /*************************************************************/
  32 void __attribute__((naked,noinline))
  33 boot ()
  34 {
  35     asm volatile ( // 0xfc02000c
  36             //capdis -f=chdk -s=0xfc02000d -c=43 -stubs PRIMARY.BIN 0xfc000000
  37             "    movw    r0, #0x4000\n"
  38             "    movt    r0, #0\n"
  39             "    mov     sp, r0\n"
  40             "    bl      sub_fc02007e\n"
  41             "    ldr     r2, =0xc0242010\n"
  42             "    ldr     r1, [r2]\n"
  43             "    orr     r1, r1, #1\n"
  44             "    str     r1, [r2]\n"
  45             "    ldr     r0, =0xfcee2190\n"
  46             "    ldr     r1, =0x010e1000\n"
  47             "    ldr     r3, =0x010fbd18\n"
  48             "loc_fc02002a:\n"
  49             "    cmp     r1, r3\n"
  50             "    itt     lo\n"
  51             "    ldrlo   r2, [r0], #4\n"
  52             "    strlo   r2, [r1], #4\n"
  53             "    blo     loc_fc02002a\n"
  54             "    ldr     r0, =0x010e1000\n"
  55             "    ldr     r1, =0x0001ad18\n"
  56             "    bl      sub_fc150d5a\n"
  57             "    ldr     r0, =0xfcefcea8\n"
  58             "    ldr     r1, =0xbfe10800\n"
  59             "    ldr     r3, =0xbfe176a9\n"
  60             "loc_fc020046:\n"
  61             "    cmp     r1, r3\n"
  62             "    itt     lo\n"
  63             "    ldrlo   r2, [r0], #4\n"
  64             "    strlo   r2, [r1], #4\n"
  65             "    blo     loc_fc020046\n"
  66 
  67             // Install CreateTask patch
  68             "    adr     r0, patch_CreateTask\n" // Patch data
  69             "    ldm     r0, {r1,r2}\n" // Get two patch instructions
  70             "    ldr     r0, =hook_CreateTask\n" // Address to patch, thumb bit is clear in stubs_entry.S
  71             "    stm     r0, {r1,r2}\n" // Store patch instructions
  72 
  73             "    ldr     r0, =0xfceacb1c\n"
  74             "    ldr     r1, =0x00008000\n"
  75             "    ldr     r3, =0x0003d674\n"
  76             "loc_fc02005a:\n"
  77             "    cmp     r1, r3\n"
  78             "    itt     lo\n"
  79             "    ldrlo   r2, [r0], #4\n"
  80             "    strlo   r2, [r1], #4\n"
  81             "    blo     loc_fc02005a\n"
  82             "    ldr     r3, =0x0003d674\n"
  83             "    ldr     r1, =0x0039124c\n"
  84             "    mov.w   r2, #0\n"
  85             "loc_fc020070:\n"
  86             "    cmp     r3, r1\n"
  87             "    it      lo\n"
  88             "    strlo   r2, [r3], #4\n"
  89             "    blo     loc_fc020070\n"
  90 
  91             "    blx     patch_mzrm_sendmsg\n"
  92 
  93             "    b.w     sub_fc066258_my\n" // Patched
  94 
  95             "patch_CreateTask:\n"
  96             "    ldr.w   pc, [pc,#0]\n" // Do jump to absolute address CreateTask_my
  97             "    .long   CreateTask_my + 1\n" // has to be a thumb address
  98     );
  99 }
 100 
 101 /*************************************************************/
 102 /*
 103     Custom function called in mzrm_sendmsg via logging function pointer (normally disabled)
 104     Checks if called from function that is updating the Canon UI.
 105     Updates CHDK bitmap settings and sets flag to update CHDK UI.
 106 */
 107 void __attribute__((naked,noinline))
 108 debug_logging_my(char* fmt, ...)
 109 {
 110     (void)fmt;  // unused parameter
 111     asm volatile (
 112             //LR = Return address
 113             "    ldr     r0, =mzrm_sendmsg_ret_adr\n"   // Is return address in mzrm_sendmsg function?
 114             "    cmp     r0, lr\n"
 115             "    beq     do_ui_update\n"
 116             "exit_debug_logging_my:\n"
 117             "    bx      lr\n"
 118 
 119             "do_ui_update:\n"
 120             "    mov     r0, r11\n"                     // mzrm_sendmsg 'msg' value (2nd parameter, saved in r11)
 121             "    ldr     r1, [r0]\n"                    // message type
 122             "    mov     r2, #0x25\n"                   // Ximr update? (3rd parameter to mzrm_createmsg)
 123             "    cmp     r1, r2\n"
 124             "    bne     exit_debug_logging_my\n"
 125             "    add     r0, r0, #16\n"                 // Offset to Ximr context in 'msg'
 126             "    b       update_ui\n"
 127     );
 128 }
 129 
 130 /*
 131     Install and enable custom logging function for mzrm_sendmsg.
 132 */
 133 void
 134 patch_mzrm_sendmsg ()
 135 {
 136     extern int debug_logging_flag;
 137     extern void (*debug_logging_ptr)(char* fmt, ...);
 138 
 139     // Each bit in debug_logging_flag enables logging in different areas of the firmware code - only set the bit required for mzrm logging.
 140     debug_logging_flag = 0x200;
 141     debug_logging_ptr = debug_logging_my;
 142 }
 143 
 144 /*************************************************************/
 145 void __attribute__((naked,noinline))
 146 CreateTask_my ()
 147 {
 148     asm volatile (
 149             "    push   {r0}\n"
 150             //R3 = Pointer to task function to create
 151 
 152             "    ldr     r0, =task_CaptSeq\n" // DryOS original code function ptr.
 153             "    cmp     r0, r3\n" // is the given taskptr equal to our searched function?
 154             "    itt     eq\n" // EQ block
 155             "    ldreq   r3, =capt_seq_task\n" // if so replace with our task function base ptr.
 156             "    beq     exitHook\n" // below compares not necessary if this check has found something.
 157 
 158             "    ldr     r0, =task_ExpDrv\n"
 159             "    cmp     r0, R3\n"
 160             "    itt     eq\n"
 161             "    ldreq   r3, =exp_drv_task\n"
 162             "    beq     exitHook\n"
 163 
 164             //"    ldr     r0, =task_DvlpSeq\n"
 165             //"    cmp     r0, R3\n"
 166             //"    itt     eq\n"
 167             //"    LDREQ   r3, =developseq_task\n"
 168             //"    BEQ     exitHook\n"
 169 
 170             "    ldr     r0, =task_FileWrite\n"
 171             "    cmp     r0, R3\n"
 172             "    itt     eq\n"
 173             "    ldreq   r3, =filewritetask\n"
 174             "    beq     exitHook\n"
 175 
 176             //"    ldr     r0, =task_MovieRecord\n"
 177             //"    cmp     r0, R3\n"
 178             //"    itt     eq\n"
 179             //"    ldreq   r3, =movie_record_task\n"
 180             //"    beq     exitHook\n"
 181 
 182             "    ldr     r0, =task_TricInitTask\n"
 183             "    cmp     r0, r3\n"
 184             "    itt     eq\n"
 185             "    ldreq   r3, =task_TricInitTask_my\n"
 186             "    beq     exitHook\n"
 187 
 188             "    ldr     r0, =task_InitFileModules\n"
 189             "    cmp     r0, r3\n"
 190             "    it      eq\n"
 191             "    ldreq   r3, =init_file_modules_task\n"
 192 
 193             "exitHook:\n"
 194             // restore overwritten register(s)
 195             "    pop    {r0}\n"
 196             // Execute overwritten instructions from original code, then jump to firmware
 197             "    push.w  {r1, r2, r3, r4, r5, r6, r7, r8, sb, lr}\n"
 198             "    mov     r4, r0\n"
 199             "    ldr     r0, =0x00008164\n"
 200             "    ldr.w   pc, =(hook_CreateTask + 9) \n" // Continue in firmware, thumb bit set
 201             ".ltorg\n"
 202     );
 203 }
 204 
 205 //fc066258
 206 void __attribute__((naked,noinline))
 207 sub_fc066258_my ()
 208 {
 209     if (*(int*) (0xd20b0000 + 0x97 * 4) & 0x10000)
 210     {
 211         // see sub_FC0ECF20, sub_FC09B450
 212         // GPIO 0x10 (aka ON/OFF button) is not pressed -> play
 213         *(int*) (0x9c44 + 0x8) = 0x200000;
 214     }
 215     else
 216     {
 217         // GPIO 0x10 is pressed -> rec
 218         *(int*) (0x9c44 + 0x8) = 0x100000;
 219     }
 220 
 221     asm volatile (
 222             //capdis -f=chdk -s=0xfc066259 -c=60 -stubs PRIMARY.BIN 0xfc000000
 223             "    push    {r4, lr}\n"
 224 #if defined(CHDK_NOT_IN_CANON_HEAP)
 225             "    ldr     r4, =0x0039124c\n"         // heap start, modify here
 226 #else
 227             "    ldr     r4, =new_sa\n"             // +
 228             "    ldr     r4, [r4]\n" // +
 229 #endif
 230             "    sub     sp, #0x78\n"
 231             "    ldr     r0, =0x006ce000\n"
 232             "    ldr     r1, =0x000b1fec\n"
 233             "    subs    r0, r0, r4\n"
 234             "    cmp     r0, r1\n"
 235             "    bhs     loc_fc06626a\n"
 236             "loc_fc066268:\n"
 237             "    b       loc_fc066268\n"            // too small heap, go into infinite loop
 238             "loc_fc06626a:\n"
 239             "    ldr     r1, =0x00008078\n"
 240             "    mov.w   r0, #0x80000\n"
 241             "    str     r0, [r1]\n"
 242             "    ldr     r1, =0x0000807c\n"
 243             "    ldr     r0, =0x42281000\n"
 244             "    str     r0, [r1]\n"
 245             "    ldr     r1, =0x00008080\n"
 246             "    ldr     r0, =0x42283000\n"
 247             "    str     r0, [r1]\n"
 248             "    movs    r1, #0x78\n"
 249             "    mov     r0, sp\n"
 250             "    blx     sub_fc34d284\n"
 251             "    ldr     r0, =0x0060e000\n"
 252             "    mov.w   r1, #0xc0000\n"
 253             "    stm.w   sp, {r0, r1, r4}\n"
 254             "    ldr     r1, =0x00600014\n"
 255             "    subs    r2, r1, r4\n"
 256             "    strd    r2, r1, [sp, #0xc]\n"
 257             "    str     r0, [sp, #0x14]\n"
 258             "    movs    r0, #0x22\n"
 259             "    str     r0, [sp, #0x18]\n"
 260             "    movs    r0, #0xca\n"
 261             "    str     r0, [sp, #0x1c]\n"
 262             "    movw    r0, #0x2b0\n"
 263             "    str     r0, [sp, #0x20]\n"
 264             "    movs    r0, #0xfa\n"
 265             "    str     r0, [sp, #0x24]\n"
 266             "    movw    r0, #0x11a\n"
 267             "    str     r0, [sp, #0x28]\n"
 268             "    movs    r0, #0x85\n"
 269             "    str     r0, [sp, #0x2c]\n"
 270             "    movs    r0, #0x40\n"
 271             "    str     r0, [sp, #0x30]\n"
 272             "    movs    r0, #4\n"
 273             "    str     r0, [sp, #0x34]\n"
 274             "    movs    r0, #0\n"
 275             "    str     r0, [sp, #0x38]\n"
 276             "    movs    r0, #0x10\n"
 277             "    str     r0, [sp, #0x5c]\n"
 278             "    movs    r2, #0\n"
 279             "    lsls    r0, r0, #8\n"
 280             "    str     r0, [sp, #0x60]\n"
 281             "    ldr     r1, =sub_fc0663e8_my\n" // -> continue here (init_task)
 282             "    asrs    r0, r0, #4\n"
 283             "    str     r0, [sp, #0x64]\n"
 284             "    lsls    r0, r0, #5\n"
 285             "    str     r0, [sp, #0x68]\n"
 286             "    mov     r0, sp\n"
 287             "    blx     sub_fc34c9e0\n"
 288             "    add     sp, #0x78\n"
 289             "    pop     {r4, pc}\n"
 290     );
 291 }
 292 
 293 //fc0663e8
 294 void __attribute__((naked,noinline))
 295 sub_fc0663e8_my ()
 296 {
 297     asm volatile (
 298             //capdis -f=chdk -s=0xfc0663e9 -c=54 -stubs PRIMARY.BIN 0xfc000000
 299             "    push    {r4, lr}\n"
 300             "    ldr     r4, =0xfc066490\n" //  *"/_term"
 301             "    bl      sub_fc0672e4\n"
 302             "    ldr     r0, =0x000080f0\n"
 303             "    ldr     r1, [r0]\n"
 304             "    ldr     r0, =0x00008078\n"
 305             "    ldr     r0, [r0]\n"
 306             "    adds    r0, #0x10\n"
 307             "    cmp     r1, r0\n"
 308             "    bhs     loc_fc066404\n"
 309             "    ldr     r0, =0xfc0664a0\n" //  *"USER_MEM size checking"
 310             "    bl      sub_fc06647a\n"
 311             "loc_fc066404:\n"
 312             "    bl      sub_fc150e34\n"
 313             "    ldr     r1, =0xbfe10000\n"
 314             "    mov.w   r2, #-0x11111112\n"
 315             "    ldr     r3, =0xbfe10800\n"
 316             "loc_fc066410:\n"
 317             "    stm     r1!, {r2}\n"
 318             "    cmp     r1, r3\n"
 319             "    blo     loc_fc066410\n"
 320             "    bl      sub_fc150e46\n"
 321             "    bl      sub_fc150f60\n"
 322             "    cmp     r0, #0\n"
 323             "    bge     loc_fc066428\n"
 324             "    ldr     r0, =0xfc0664c0\n" //  *"dmSetup"
 325             "    bl      sub_fc06647a\n"
 326             "loc_fc066428:\n"
 327             "    bl      sub_fc0674fc\n"
 328             "    cmp     r0, #0\n"
 329             "    bge     loc_fc066436\n"
 330             "    ldr     r0, =0xfc0664c8\n" //  *"termDriverInit"
 331             "    bl      sub_fc06647a\n"
 332             "loc_fc066436:\n"
 333             "    mov     r0, r4\n"
 334             "    bl      sub_fc06758a\n"
 335             "    cmp     r0, #0\n"
 336             "    bge     loc_fc066446\n"
 337             "    ldr     r0, =0xfc0664d8\n" //  *"termDeviceCreate"
 338             "    bl      sub_fc06647a\n"
 339             "loc_fc066446:\n"
 340             "    mov     r0, r4\n"
 341             "    bl      sub_fc066610\n"
 342             "    cmp     r0, #0\n"
 343             "    bge     loc_fc066456\n"
 344             "    ldr     r0, =0xfc0664ec\n" //  *"stdioSetup"
 345             "    bl      sub_fc06647a\n"
 346             "loc_fc066456:\n"
 347             "    bl      sub_fc066754\n"
 348             "    cmp     r0, #0\n"
 349             "    bge     loc_fc066464\n"
 350             "    ldr     r0, =0xfc0664f8\n" //  *"stdlibSetup"
 351             "    bl      sub_fc06647a\n"
 352             "loc_fc066464:\n"
 353             "    bl      sub_fc0ec8e0\n"
 354             "    cmp     r0, #0\n"
 355             "    bge     loc_fc066472\n"
 356             "    ldr     r0, =0xfc066504\n" //  *"extlib_setup"
 357             "    bl      sub_fc06647a\n"
 358             "loc_fc066472:\n"
 359             "    pop.w   {r4, lr}\n"
 360             "    b.w     sub_fc0667de_my\n" // -> continue (taskcreate_startup)
 361     );
 362 }
 363 
 364 //fc0667de
 365 void __attribute__((naked,noinline))
 366 sub_fc0667de_my ()
 367 {
 368     asm volatile (
 369             //capdis -f=chdk -s=0xfc0667df -c=20 -stubs PRIMARY.BIN 0xfc000000
 370             "    push    {r3, lr}\n"
 371             "    bl      sub_fc0668ec\n"
 372             "    bl      sub_fc088984\n"
 373             "    bl      sub_fc0ecf20_my\n" // -> power-on mode handling & startupchecks here
 374             "    cbnz    r0, loc_fc0667f4\n"
 375             "    bl      sub_fc0668da\n"
 376             "loc_fc0667f2:\n"
 377             "    b       loc_fc0667f2\n" // infinite loop
 378             "loc_fc0667f4:\n"
 379             "    blx     sub_fc34ca38\n"
 380             "    ldr     r1, =0x006ce000\n"
 381             "    movs    r0, #0\n"
 382             "    bl      sub_fc3bf9cc\n"
 383             "    movs    r3, #0\n"
 384             "    str     r3, [sp]\n"
 385             "    ldr     r3, =task_Startup_my\n" // Patched
 386             "    movs    r2, #0\n"
 387             "    movs    r1, #0x19\n"
 388             "    ldr     r0, =0xfc06681c\n" //  *"Startup"
 389             "    blx     sub_fc34ce64\n"
 390             "    movs    r0, #0\n"
 391             "    pop     {r3, pc}\n"
 392     );
 393 }
 394 
 395 //fc0ecf20
 396 void __attribute__((naked,noinline))
 397 sub_fc0ecf20_my ()
 398 {
 399     asm volatile (
 400             //capdis -f=chdk -s=0xfc0ecf21 -c=54 -stubs PRIMARY.BIN 0xfc000000
 401             "    push.w  {r3, r4, r5, r6, r7, r8, sb, sl, fp, lr}\n"
 402             "    movs    r4, #0\n"
 403             "    mov     sl, r0\n"
 404             "    mov     r6, r4\n"
 405             "    bl      sub_fc09b44c\n"
 406             "    movs    r0, #0x97\n"
 407             "    bl      sub_fc09bcca\n"
 408             "    mov.w   r8, #1\n"
 409             "    bic.w   r7, r8, r0\n"
 410             "    mov     r5, r8\n"
 411             "    movs    r0, #0x8a\n"
 412             "    bl      sub_fc09bcca\n"
 413             "    bics    r5, r0\n"
 414             "    movs    r0, #0\n"
 415             "    bl      sub_fc09b448\n"
 416             "    cbz     r0, loc_fc0ecf58\n"
 417             "    movs    r0, #0x98\n"
 418             "    bl      sub_fc09bcca\n"
 419             "    bic.w   r6, r8, r0\n"
 420             "loc_fc0ecf58:\n"
 421             "    movw    r0, #0x10e\n"
 422             "    bl      sub_fc09bcca\n"
 423             "    bic.w   sb, r8, r0\n"
 424             "    movs    r0, #1\n"
 425             "    bl      sub_fc09b448\n"
 426             "    cbz     r0, loc_fc0ecf76\n"
 427             "    movs    r0, #2\n"
 428             "    bl      sub_fc09bcca\n"
 429             "    bic.w   r4, r8, r0\n"
 430             "loc_fc0ecf76:\n"
 431             "    cmp.w   sl, #0\n"
 432             "    beq     loc_fc0ecfa6\n"
 433             "    cbz     r5, loc_fc0ecf98\n"
 434             "    movs    r0, #0x5a\n"
 435             "    blx     sub_fc34d1dc\n"
 436             "    movs    r0, #0x8a\n"
 437             "    bl      sub_fc09bcca\n"
 438             "    bic.w   r5, r8, r0\n"
 439             "    mov     r7, r8\n"
 440             "    movs    r0, #0x97\n"
 441             "    bl      sub_fc09bcca\n"
 442             "    bics    r7, r0\n"
 443             "loc_fc0ecf98:\n"
 444             "    orr.w   r0, r7, r5\n"
 445             "    orr.w   r1, r6, sb\n"
 446             "    orrs    r0, r1\n"
 447             "    orrs    r0, r4\n"
 448             //"    beq     loc_fc0ecfba\n" // -
 449             "loc_fc0ecfa6:\n"
 450             "    mov     r3, sb\n"
 451             "    mov     r2, r6\n"
 452             "    mov     r1, r5\n"
 453             "    mov     r0, r7\n"
 454             "    str     r4, [sp]\n"
 455             //"    bl      sub_fc09b450\n" // -
 456             //"    bl      sub_fc09b44e\n" // -
 457             "    movs    r0, #1\n"
 458             "loc_fc0ecfba:\n"
 459             "    pop.w   {r3, r4, r5, r6, r7, r8, sb, sl, fp, pc}\n"
 460     );
 461 }
 462 
 463 // *** TEMPORARY? workaround ***
 464 // Init stuff to avoid asserts on cameras running DryOS r54+
 465 // https://chdk.setepontos.com/index.php?topic=12516.0
 466 // Execute this only once
 467 void init_required_fw_features(void)
 468 {
 469 //    extern void _init_focus_eventflag();
 470 //    _init_focus_eventflag();
 471 //    extern void _init_nd_eventflag();
 472 //    _init_nd_eventflag();
 473     extern int av_override_semaphore;
 474     extern int _CreateBinarySemaphoreStrictly(int x, int y);
 475     av_override_semaphore = _CreateBinarySemaphoreStrictly(0,0);
 476 }
 477 
 478 // task_Startup fc066778
 479 void __attribute__((naked,noinline))
 480 task_Startup_my ()
 481 {
 482     asm volatile (
 483             //capdis -f=chdk -s=0xfc066779 -c=26 -stubs PRIMARY.BIN 0xfc000000
 484             "    push    {r4, lr}\n"
 485             "    bl      sub_fc0c2dfc\n"
 486             "    bl      sub_fc0668b8\n"
 487             "    bl      sub_fc0ed2d0\n"
 488             "    bl      sub_fc44f31c\n"
 489             // added for SD card UHS detection https://chdk.setepontos.com/index.php?topic=13089.msg132583#msg132583
 490             "    bl      sub_010e1746\n" // ref in sub_010e1746 following SD1stInit create
 491             //"    bl      sub_fc0ed356\n"   // - startdiskboot
 492             "    bl      sub_fc0b277e\n"
 493             "    bl      sub_fc0ed448\n"
 494             "    bl      sub_fc066a44\n"
 495             "    bl      sub_fc0669c0\n"
 496             "    bl      sub_fc44f35a\n"
 497             "    bl      sub_fc0a2498\n"
 498             "    bl      sub_fc0ed44e\n"
 499             "    bl      sub_fc0ece46_my\n" // -> taskcreate_physw
 500             "    BL      CreateTask_spytask\n"          // +
 501             "    bl      init_required_fw_features\n"   // + TODO: Check if needed on G5X
 502             "    bl      sub_fc2d2a2e\n"
 503             "    bl      sub_fc0ed464\n"
 504             "    bl      sub_fc0ec9ac\n"
 505             "    bl      sub_fc0c29fc\n"
 506             "    bl      sub_fc0c2f62\n"
 507             "    bl      sub_fc0c2d4a\n"
 508             "    bl      sub_fc0c29b8\n"
 509             "    bl      sub_fc066a48\n"
 510             "    bl      sub_fc3691f8\n"
 511             "    bl      sub_fc0c298a\n"
 512             "    pop.w   {r4, lr}\n"
 513             "    b.w     sub_fc0c2dd2\n" // continue in firmware
 514     );
 515 }
 516 
 517 //taskcreate_physw fc0ece46
 518 void __attribute__((naked,noinline))
 519 sub_fc0ece46_my ()
 520 {
 521     asm volatile (
 522             //capdis -f=chdk -s=0xfc0ece47 -c=18 -stubs PRIMARY.BIN 0xfc000000
 523             "    push    {r3, r4, r5, lr}\n"
 524             "    bl      sub_fc09da2c\n"
 525             "    bl      sub_fc088902\n"
 526             "    cbnz    r0, loc_fc0ece56\n"
 527             "    bl      sub_fc09d9d0\n"
 528             "loc_fc0ece56:\n"
 529             "    ldr     r4, =0x000082d8\n"
 530             "    ldr     r0, [r4, #4]\n"
 531             "    cmp     r0, #0\n"
 532             "    bne     loc_fc0ece72\n"
 533             "    movs    r3, #0\n"
 534             "    str     r3, [sp]\n"
 535             "    ldr     r3, =mykbd_task\n" // task_PhySw replacement
 536             "    movs    r1, #0x17\n"
 537             "    ldr     r0, =0xfc0ed1c8\n" //  *"PhySw"
 538             "    movw    r2, #0x2000\n" // original value 0x800
 539             "    blx     sub_fc34d0dc\n"
 540             "    str     r0, [r4, #4]\n"
 541             "loc_fc0ece72:\n"
 542             "    pop     {r3, r4, r5, pc}\n"
 543     );
 544 }
 545 
 546 //fc157608
 547 void __attribute__((naked,noinline))
 548 init_file_modules_task ()
 549 {
 550     asm volatile (
 551             //capdis -f=chdk -s=0xfc157609 -c=18 -stubs PRIMARY.BIN 0xfc000000
 552             "    push    {r4, r5, r6, lr}\n"
 553             "    movs    r0, #6\n"
 554             "    bl      sub_fc368a54\n"
 555             "    bl      sub_fc0c994c\n"
 556             "    movs    r4, r0\n"
 557             "    movw    r5, #0x5006\n"
 558             "    beq     loc_fc157624\n"
 559             "    movs    r1, #0\n"
 560             "    mov     r0, r5\n"
 561             "    bl      sub_fc3bd7d0\n"
 562             "loc_fc157624:\n"
 563             "    bl      sub_fc0c9976\n"
 564             "    bl      core_spytask_can_start\n" // + CHDK: Set "it's-safe-to-start" flag for spytask
 565             "    cmp     r4, #0\n"
 566             "    bne     loc_fc157638\n"
 567             "    mov     r0, r5\n"
 568             "    pop.w   {r4, r5, r6, lr}\n"
 569             "    movs    r1, #1\n"
 570             "    b.w     sub_fc3bd7d0\n" // continue in firmware
 571             "loc_fc157638:\n"
 572             "    pop     {r4, r5, r6, pc}\n"
 573     );
 574 }
 575 
 576 //fc0ecb7c
 577 void __attribute__((naked,noinline))
 578 kbd_p2_f_my ()
 579 {
 580     asm volatile(
 581             //capdis -f=chdk -s=0xfc0ecb7d -c=77 -stubs PRIMARY.BIN 0xfc000000
 582             "    push.w  {r4, r5, r6, r7, r8, lr}\n"
 583             "    ldr     r6, =0x0003ef70\n"
 584             "    sub     sp, #0x18\n"
 585             "    add     r7, sp, #8\n"
 586             "    subs    r6, #0xc\n"
 587             "    b       loc_fc0ecbbe\n"
 588             "loc_fc0ecb8a:\n"
 589             "    ldr     r1, =0x0003ef70\n"
 590             "    add     r3, sp, #8\n"
 591             "    ldrb.w  r0, [sp, #4]\n"
 592             "    add     r2, sp, #0x14\n"
 593             "    subs    r1, #0x18\n"
 594             "    bl      sub_fc09bb10\n"
 595             "    cbnz    r0, loc_fc0ecba4\n"
 596             "    ldr     r1, [sp, #0x14]\n"
 597             "    movs    r0, #0\n"
 598             "    bl      sub_fc0ecaee\n"
 599             "loc_fc0ecba4:\n"
 600             "    movs    r0, #2\n"
 601             "loc_fc0ecba6:\n"
 602             "    ldr.w   r1, [r7, r0, lsl #2]\n"
 603             "    cbz     r1, loc_fc0ecbb6\n"
 604             "    ldr.w   r2, [r6, r0, lsl #2]\n"
 605             "    bics    r2, r1\n"
 606             "    str.w   r2, [r6, r0, lsl #2]\n"
 607             "loc_fc0ecbb6:\n"
 608             "    subs    r0, r0, #1\n"
 609             "    sxtb    r0, r0\n"
 610             "    cmp     r0, #0\n"
 611             "    bge     loc_fc0ecba6\n"
 612             "loc_fc0ecbbe:\n"
 613             "    ldr     r0, =0x0003ef70\n"
 614             "    add     r1, sp, #4\n"
 615             "    subs    r0, #0xc\n"
 616             "    bl      sub_fc09b7f6\n"
 617             "    cmp     r0, #0\n"
 618             "    bne     loc_fc0ecb8a\n"
 619             "    ldr.w   r8, =0x0003ef70\n"
 620             "    movs    r4, #0\n"
 621             "loc_fc0ecbd2:\n"
 622             "    movs    r5, #0\n"
 623             "    ldr.w   r0, [r6, r4, lsl #2]\n"
 624             "    ldr.w   r1, [r8, r4, lsl #2]\n"
 625             "    ands    r0, r1\n"
 626             "    str.w   r0, [r6, r4, lsl #2]\n"
 627             "    b       loc_fc0ecc2a\n"
 628             "loc_fc0ecbe4:\n"
 629             "    lsrs    r0, r5\n"
 630             "    lsls    r0, r0, #0x1f\n"
 631             "    beq     loc_fc0ecc22\n"
 632             "    ldr     r1, =0x0003ef70\n"
 633             "    add.w   r0, r5, r4, lsl #5\n"
 634             "    add     r3, sp, #8\n"
 635             "    subs    r1, #0x18\n"
 636             "    add     r2, sp, #0x14\n"
 637             "    uxtb    r0, r0\n"
 638             "    bl      sub_fc09bb10\n"
 639             "    cbnz    r0, loc_fc0ecc06\n"
 640             "    ldr     r1, [sp, #0x14]\n"
 641             "    movs    r0, #1\n"
 642             "    bl      sub_fc0ecaee\n"
 643             "loc_fc0ecc06:\n"
 644             "    mov     r0, r4\n"
 645             "    b       loc_fc0ecc1e\n"
 646             "loc_fc0ecc0a:\n"
 647             "    ldr.w   r1, [r7, r0, lsl #2]\n"
 648             "    cbz     r1, loc_fc0ecc1a\n"
 649             "    ldr.w   r2, [r6, r0, lsl #2]\n"
 650             "    bics    r2, r1\n"
 651             "    str.w   r2, [r6, r0, lsl #2]\n"
 652             "loc_fc0ecc1a:\n"
 653             "    adds    r0, r0, #1\n"
 654             "    sxtb    r0, r0\n"
 655             "loc_fc0ecc1e:\n"
 656             "    cmp     r0, #3\n"
 657             "    blt     loc_fc0ecc0a\n"
 658             "loc_fc0ecc22:\n"
 659             "    ldr.w   r0, [r6, r4, lsl #2]\n"
 660             "    adds    r5, r5, #1\n"
 661             "    uxtb    r5, r5\n"
 662             "loc_fc0ecc2a:\n"
 663             "    cmp     r0, #0\n"
 664             "    bne     loc_fc0ecbe4\n"
 665             "    adds    r4, r4, #1\n"
 666             "    sxtb    r4, r4\n"
 667             "    cmp     r4, #3\n"
 668             "    blt     loc_fc0ecbd2\n"
 669             "    bl      sub_fc09b570_my\n" // Patched
 670             "    add     sp, #0x18\n"
 671             "    pop.w   {r4, r5, r6, r7, r8, pc}\n"
 672     );
 673 }
 674 
 675 //fc09b570
 676 void __attribute__((naked,noinline))
 677 sub_fc09b570_my ()
 678 {
 679     asm volatile(
 680             //capdis -f=chdk -s=0xfc09b571 -c=14 -stubs PRIMARY.BIN 0xfc000000
 681             "    push    {r4, lr}\n"
 682             "    ldr     r4, =0x00009c44\n"
 683             "    ldr     r0, [r4, #0xc]\n"
 684             "    bl      sub_fc0a3b54\n"
 685             "    ldr     r0, [r4, #0x10]\n"
 686             "    bl      sub_fc0a3bde\n"
 687             "    bl      sub_fc0a3c66\n"
 688             "    bl      sub_fc10b3f4\n"
 689             "    ldr     r0, [r4, #0x14]\n"
 690             "    bl      sub_fc0a3a84\n"
 691             "    ldr     r0, [r4, #0x18]\n"
 692             "    bl      sub_fc0a3a84\n"
 693 
 694             "    bl      handle_jogdial\n" // +
 695             "    cmp     r0, #0\n" // +
 696             "    beq     no_scroll\n" // +
 697 
 698             "    pop.w   {r4, lr}\n"
 699             "    b.w     sub_fc0a3fc2\n" // continue in firmware
 700 
 701             "no_scroll:\n" // +
 702             "    pop     {r4, pc}\n" // +
 703     );
 704 }
 705 
 706 //fc0ed152
 707 void __attribute__((naked,noinline))
 708 kbd_p1_f_cont_my ()
 709 {
 710     asm volatile(
 711             //capdis -f=chdk -s=0xfc0ed153 -c=18 -jfw -stubs PRIMARY.BIN 0xfc000000
 712             "    ldr     r3, =0x0003ef4c\n"
 713             "    movs    r0, #2\n"
 714             "    mov     r5, sp\n"
 715             "    add.w   r6, r3, #0x24\n"
 716             "loc_fc0ed15c:\n"
 717             "    add.w   r1, r6, r0, lsl #2\n"
 718             "    ldr.w   r2, [r3, r0, lsl #2]\n"
 719             "    ldr     r7, [r1, #0xc]\n"
 720             "    ldr     r1, [r1, #0x18]\n"
 721             "    and.w   r2, r2, r7\n"
 722             "    eor.w   r2, r2, r1\n"
 723             "    str.w   r2, [r5, r0, lsl #2]\n"
 724             "    subs    r0, r0, #1\n"
 725             "    bpl     loc_fc0ed15c\n"
 726             "    ldr     r2, =0x0003ef4c\n"
 727             "    mov     r0, sp\n"
 728             "    adds    r2, #0x18\n"
 729             "    sub.w   r1, r2, #0xc\n"
 730             "    bl      sub_fc0ecc40_my\n" // -> some physical status is re-read here (not into physw_status)
 731             "    ldr     pc, =0xfc0ed187\n" // Continue in firmware
 732     );
 733 }
 734 
 735 extern int physw0_override;
 736 
 737 //fc0ecc40
 738 void __attribute__((naked,noinline))
 739 sub_fc0ecc40_my ()
 740 {
 741     asm volatile(
 742             //capdis -f=chdk -s=0xfc0ecc41 -c=4 -jfw -stubs PRIMARY.BIN 0xfc000000
 743             "    push.w  {r0, r1, r2, r3, r4, r5, r6, r7, r8, sb, sl, fp, ip, lr}\n"
 744             "    ldr     r4, =0x0003ef70\n"
 745             "    mov     r5, r0\n"
 746             "    ldr     r0, =physw0_override\n" // +
 747             "    ldr.w   r0, [r0]\n" // + use CHDK override value
 748             //"    mov.w   r0, #-1\n"           // -
 749             "    ldr     pc, =0xfc0ecc4d\n" // Continue in firmware
 750     );
 751 }
 752 
 753 void __attribute__((naked,noinline)) task_TricInitTask_my() {
 754     asm volatile(
 755             //capdis -f=chdk -s=0xfc5422b1 -c=35 -stubs PRIMARY.BIN 0xfc000000
 756             "    push.w  {r0, r1, r2, r3, r4, r5, r6, r7, r8, sb, sl, fp, ip, lr}\n"
 757             "    movs    r0, #8\n"
 758             "    ldr     r1, =0xfc5424dc\n" //  *"InitTskStart"
 759             "    bl      sub_fc3b7856\n"
 760             "    ldr.w   sl, =0x000222dc\n"
 761             "    movw    fp, #0x1000\n"
 762             "    ldr     r4, =0x000222d8\n"
 763             "    movs    r2, #0\n"
 764             "    ldr     r1, =0x0703870f\n"
 765             "    ldr     r0, [r4]\n"
 766             "    blx     sub_fc34d254\n"
 767             "    lsls    r0, r0, #0x1f\n"
 768             "    bne     sub_fc5422d4\n"    // + jump to FW
 769             "    ldr     r4, =0x000222d8\n"
 770             "    add     r1, sp, #0xc\n"
 771             "    ldr     r0, [r4]\n"
 772             "    blx     sub_fc34d03c\n"
 773             "    ldr     r1, [sp, #0xc]\n"
 774             "    ldr     r0, [r4]\n"
 775             "    blx     sub_fc34d20c\n"
 776             "    ldr     r0, =0x02000003\n"
 777             "    ldr     r7, [sp, #0xc]\n"
 778             "    tst     r7, r0\n"
 779             "    beq     sub_fc5423ea\n"    // + jump to FW
 780             "    lsls    r0, r7, #0x1f\n"
 781             "    beq     sub_fc54230a\n"    // + jump to FW
 782 
 783             "    ldr     r0, =0xd2020074\n" // +
 784             "    ldr     r0, [r0]\n"        // + nonzero when core already running
 785             "    subs    r0, #0\n"          // +
 786             "    beq     tric1\n"           // +
 787             "    ldr     r0, [r4]\n"        // +
 788             "    mov     r1, #0x80\n"       // +
 789             "    bl      _SetEventFlag\n"   // + core already initialized, set the SmacIdleCmp eventflag here
 790             "tric1:\n"                      // +
 791 
 792             "    bl      sub_fc54278e\n"
 793             "    b       sub_fc542376\n"    // + jump to FW
 794     );
 795 }

/* [<][>][^][v][top][bottom][index][help] */