This source file includes following definitions.
- CreateTask_spytask
- boot
- CreateTask_my
- sub_FF810380_my
- sub_FF811100_my
- sub_FF8141B8_my
- sub_FF81A1FC_my
- sub_FF82A998_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7 #include "dryos31.h"
8
9 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
10
11 const char * const new_sa = &_end;
12
13 extern void task_CaptSeq();
14 extern void task_InitFileModules();
15 extern void task_MovieRecord();
16 extern void task_ExpDrv();
17 extern void task_FileWrite();
18
19
20
21
22 void CreateTask_spytask()
23 {
24 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
25 }
26
27
28
29
30
31
32
33
34
35
36 void __attribute__((naked,noinline)) boot() {
37 asm volatile (
38 " LDR R1, =0xC0410000 \n"
39 " MOV R0, #0 \n"
40 " STR R0, [R1] \n"
41 " MOV R1, #0x78 \n"
42 " MCR p15, 0, R1, c1, c0 \n"
43 " MOV R1, #0 \n"
44 " MCR p15, 0, R1, c7, c10, 4 \n"
45 " MCR p15, 0, R1, c7, c5 \n"
46 " MCR p15, 0, R1, c7, c6 \n"
47 " MOV R0, #0x3D \n"
48 " MCR p15, 0, R0, c6, c0 \n"
49 " MOV R0, #0xC000002F \n"
50 " MCR p15, 0, R0, c6, c1 \n"
51 " MOV R0, #0x33 \n"
52 " MCR p15, 0, R0, c6, c2 \n"
53 " MOV R0, #0x40000033 \n"
54 " MCR p15, 0, R0, c6, c3 \n"
55 " MOV R0, #0x80000017 \n"
56 " MCR p15, 0, R0, c6, c4 \n"
57 " LDR R0, =0xFF80002D \n"
58 " MCR p15, 0, R0, c6, c5 \n"
59 " MOV R0, #0x34 \n"
60 " MCR p15, 0, R0, c2, c0 \n"
61 " MOV R0, #0x34 \n"
62 " MCR p15, 0, R0, c2, c0, 1 \n"
63 " MOV R0, #0x34 \n"
64 " MCR p15, 0, R0, c3, c0 \n"
65 " LDR R0, =0x3333330 \n"
66 " MCR p15, 0, R0, c5, c0, 2 \n"
67 " LDR R0, =0x3333330 \n"
68 " MCR p15, 0, R0, c5, c0, 3 \n"
69 " MRC p15, 0, R0, c1, c0 \n"
70 " ORR R0, R0, #0x1000 \n"
71 " ORR R0, R0, #4 \n"
72 " ORR R0, R0, #1 \n"
73 " MCR p15, 0, R0, c1, c0 \n"
74 " MOV R1, #0x80000006 \n"
75 " MCR p15, 0, R1, c9, c1 \n"
76 " MOV R1, #6 \n"
77 " MCR p15, 0, R1, c9, c1, 1 \n"
78 " MRC p15, 0, R1, c1, c0 \n"
79 " ORR R1, R1, #0x50000 \n"
80 " MCR p15, 0, R1, c1, c0 \n"
81 " LDR R2, =0xC0200000 \n"
82 " MOV R1, #1 \n"
83 " STR R1, [R2, #0x10C] \n"
84 " MOV R1, #0xFF \n"
85 " STR R1, [R2, #0xC] \n"
86 " STR R1, [R2, #0x1C] \n"
87 " STR R1, [R2, #0x2C] \n"
88 " STR R1, [R2, #0x3C] \n"
89 " STR R1, [R2, #0x4C] \n"
90 " STR R1, [R2, #0x5C] \n"
91 " STR R1, [R2, #0x6C] \n"
92 " STR R1, [R2, #0x7C] \n"
93 " STR R1, [R2, #0x8C] \n"
94 " STR R1, [R2, #0x9C] \n"
95 " STR R1, [R2, #0xAC] \n"
96 " STR R1, [R2, #0xBC] \n"
97 " STR R1, [R2, #0xCC] \n"
98 " STR R1, [R2, #0xDC] \n"
99 " STR R1, [R2, #0xEC] \n"
100 " STR R1, [R2, #0xFC] \n"
101 " LDR R1, =0xC0400008 \n"
102 " LDR R2, =0x430005 \n"
103 " STR R2, [R1] \n"
104 " LDR R2, =0xC0242010 \n"
105 " LDR R1, [R2] \n"
106 " ORR R1, R1, #1 \n"
107 " STR R1, [R2] \n"
108 " LDR R0, =0xFFC53A20 \n"
109 " LDR R1, =0x3F1000 \n"
110 " LDR R3, =0x40099C \n"
111
112 "loc_FF810130:\n"
113 " CMP R1, R3 \n"
114 " LDRCC R2, [R0], #4 \n"
115 " STRCC R2, [R1], #4 \n"
116 " BCC loc_FF810130 \n"
117 " LDR R0, =0xFFC46DC0 \n"
118 " LDR R1, =0x1900 \n"
119 " LDR R3, =0xE560 \n"
120
121 "loc_FF81014C:\n"
122 " CMP R1, R3 \n"
123 " LDRCC R2, [R0], #4 \n"
124 " STRCC R2, [R1], #4 \n"
125 " BCC loc_FF81014C \n"
126 " LDR R1, =0x15A048 \n"
127 " MOV R2, #0 \n"
128
129 "loc_FF810164:\n"
130 " CMP R3, R1 \n"
131 " STRCC R2, [R3], #4 \n"
132 " BCC loc_FF810164 \n"
133
134
135
136
137
138 " LDR R0, =patch_CreateTask\n"
139 " LDM R0, {R1,R2}\n"
140 " LDR R0, =hook_CreateTask\n"
141 " STM R0, {R1,R2}\n"
142
143 " B sub_FF810380_my \n"
144
145 "patch_CreateTask:\n"
146 " LDR PC, [PC,#-0x4]\n"
147 " .long CreateTask_my\n"
148 );
149 }
150
151
152
153 void __attribute__((naked,noinline)) CreateTask_my() {
154 asm volatile (
155 " STMFD SP!, {R0}\n"
156
157
158
159 " LDR R0, =task_CaptSeq\n"
160 " CMP R0, R3\n"
161 " LDREQ R3, =capt_seq_task\n"
162 " BEQ exitHook\n"
163
164
165 " LDR R0, =task_ExpDrv\n"
166 " CMP R0, R3\n"
167 " LDREQ R3, =exp_drv_task\n"
168 " BEQ exitHook\n"
169
170
171 " LDR R0, =task_FileWrite\n"
172 " CMP R0, R3\n"
173 " LDREQ R3, =filewritetask\n"
174 " BEQ exitHook\n"
175
176
177 " LDR R0, =task_MovieRecord\n"
178 " CMP R0, R3\n"
179 " LDREQ R3, =movie_record_task\n"
180 " BEQ exitHook\n"
181
182
183 " LDR R0, =task_InitFileModules\n"
184 " CMP R0, R3\n"
185 " LDREQ R3, =init_file_modules_task\n"
186
187 "exitHook:\n"
188
189 " LDMFD SP!, {R0}\n"
190
191 " STMFD SP!, {R1-R9,LR} \n"
192 " MOV R4, R0 \n"
193 " LDR PC, =0x003F68B8 \n"
194 );
195 }
196
197
198
199 void __attribute__((naked,noinline)) sub_FF810380_my() {
200
201
202
203
204 *(int*)(0x2900+0x4) = (*(int*)0xC02200F8) & 1 ? 0x200000 : 0x100000;
205
206 asm volatile (
207 " LDR R0, =0xFF8103F8 \n"
208 " MOV R1, #0 \n"
209 " LDR R3, =0xFF810430 \n"
210
211 "loc_FF81038C:\n"
212 " CMP R0, R3 \n"
213 " LDRCC R2, [R0], #4 \n"
214 " STRCC R2, [R1], #4 \n"
215 " BCC loc_FF81038C \n"
216 " LDR R0, =0xFF810430 \n"
217 " MOV R1, #0x1B0 \n"
218 " LDR R3, =0xFF810618 \n"
219
220 "loc_FF8103A8:\n"
221 " CMP R0, R3 \n"
222 " LDRCC R2, [R0], #4 \n"
223 " STRCC R2, [R1], #4 \n"
224 " BCC loc_FF8103A8 \n"
225 " MOV R0, #0xD2 \n"
226 " MSR CPSR_cxsf, R0 \n"
227 " MOV SP, #0x1000 \n"
228 " MOV R0, #0xD3 \n"
229 " MSR CPSR_cxsf, R0 \n"
230 " MOV SP, #0x1000 \n"
231 " LDR R0, =0x398 \n"
232 " LDR R2, =0xEEEEEEEE \n"
233 " MOV R3, #0x1000 \n"
234
235 "loc_FF8103DC:\n"
236 " CMP R0, R3 \n"
237 " STRCC R2, [R0], #4 \n"
238 " BCC loc_FF8103DC \n"
239 " BL sub_FF811100_my \n"
240 );
241 }
242
243
244
245 void __attribute__((naked,noinline)) sub_FF811100_my() {
246 asm volatile (
247 " STR LR, [SP, #-4]! \n"
248 " SUB SP, SP, #0x74 \n"
249 " MOV R1, #0x74 \n"
250 " MOV R0, SP \n"
251 " BL sub_003FC81C \n"
252 " MOV R0, #0x57000 \n"
253 " STR R0, [SP, #4] \n"
254
255 #if defined(CHDK_NOT_IN_CANON_HEAP)
256 " LDR R0, =0x15A048 \n"
257 #else
258 " LDR R0, =new_sa\n"
259 " LDR R0, [R0]\n"
260 #endif
261
262 " LDR R2, =0x2ED440 \n"
263 " STR R0, [SP, #8] \n"
264 " SUB R0, R2, R0 \n"
265 " STR R0, [SP, #0xC] \n"
266 " MOV R0, #0x22 \n"
267 " STR R0, [SP, #0x18] \n"
268 " MOV R0, #0x7C \n"
269 " STR R0, [SP, #0x1C] \n"
270 " LDR R1, =0x2F5C00 \n"
271 " LDR R0, =0x1CD \n"
272 " STR R1, [SP] \n"
273 " STR R0, [SP, #0x20] \n"
274 " MOV R0, #0x96 \n"
275 " STR R2, [SP, #0x10] \n"
276 " STR R1, [SP, #0x14] \n"
277 " STR R0, [SP, #0x24] \n"
278 " STR R0, [SP, #0x28] \n"
279 " MOV R0, #0x64 \n"
280 " STR R0, [SP, #0x2C] \n"
281 " MOV R0, #0 \n"
282 " STR R0, [SP, #0x30] \n"
283 " STR R0, [SP, #0x34] \n"
284 " MOV R0, #0x10 \n"
285 " STR R0, [SP, #0x5C] \n"
286 " MOV R0, #0x800 \n"
287 " STR R0, [SP, #0x60] \n"
288 " MOV R0, #0xA0 \n"
289 " STR R0, [SP, #0x64] \n"
290 " MOV R0, #0x280 \n"
291 " STR R0, [SP, #0x68] \n"
292 " LDR R1, =sub_FF8141B8_my \n"
293 " MOV R2, #0 \n"
294 " MOV R0, SP \n"
295 " BL sub_003F27E8 \n"
296 " ADD SP, SP, #0x74 \n"
297 " LDR PC, [SP], #4 \n"
298 );
299 }
300
301
302
303 void __attribute__((naked,noinline)) sub_FF8141B8_my() {
304 asm volatile (
305 " STMFD SP!, {R4,LR} \n"
306 " BL sub_FF810ADC \n"
307 " BL sub_FF8150A4 \n"
308 " CMP R0, #0 \n"
309 " LDRLT R0, =0xFF8142CC /*'dmSetup'*/ \n"
310 " BLLT _err_init_task \n"
311 " BL sub_FF813DF0 \n"
312 " CMP R0, #0 \n"
313 " LDRLT R0, =0xFF8142D4 /*'termDriverInit'*/ \n"
314 " BLLT _err_init_task \n"
315 " LDR R0, =0xFF8142E4 /*'/_term'*/ \n"
316 " BL sub_FF813ED8 \n"
317 " CMP R0, #0 \n"
318 " LDRLT R0, =0xFF8142EC /*'termDeviceCreate'*/ \n"
319 " BLLT _err_init_task \n"
320 " LDR R0, =0xFF8142E4 /*'/_term'*/ \n"
321 " BL sub_FF8128F8 \n"
322 " CMP R0, #0 \n"
323 " LDRLT R0, =0xFF814300 /*'stdioSetup'*/ \n"
324 " BLLT _err_init_task \n"
325 " BL sub_FF814A40 \n"
326 " CMP R0, #0 \n"
327 " LDRLT R0, =0xFF81430C /*'stdlibSetup'*/ \n"
328 " BLLT _err_init_task \n"
329 " BL sub_FF8115F0 \n"
330 " CMP R0, #0 \n"
331 " LDRLT R0, =0xFF814318 /*'armlib_setup'*/ \n"
332 " BLLT _err_init_task \n"
333 " LDMFD SP!, {R4,LR} \n"
334 " B sub_FF81A1FC_my \n"
335 );
336 }
337
338
339
340 void __attribute__((naked,noinline)) sub_FF81A1FC_my() {
341 asm volatile (
342 " STMFD SP!, {R3,LR} \n"
343
344 " BL sub_FF83128C \n"
345 " CMP R0, #0 \n"
346 " BNE loc_FF81A220 \n"
347 " BL sub_FF82C4FC /*_IsNormalCameraMode_FW*/ \n"
348 " CMP R0, #0 \n"
349 " MOVNE R0, #1 \n"
350 " BNE loc_FF81A224 \n"
351
352 "loc_FF81A220:\n"
353 " MOV R0, #0 \n"
354
355 "loc_FF81A224:\n"
356 " BL sub_FF82A998_my \n"
357 " CMP R0, #0 \n"
358 " BNE loc_FF81A238 \n"
359 " BL sub_FF82A280 \n"
360
361 "loc_FF81A234:\n"
362 " B loc_FF81A234 \n"
363
364 "loc_FF81A238:\n"
365 " BL sub_003F79E0 \n"
366 " LDR R1, =0x34E000 \n"
367 " MOV R0, #0 \n"
368 " BL sub_FF8317E0 \n"
369 " BL sub_003F7BF8 /*_EnableDispatch*/ \n"
370 " MOV R3, #0 \n"
371 " STR R3, [SP] \n"
372 " LDR R3, =task_Startup_my \n"
373 " MOV R2, #0 \n"
374 " MOV R1, #0x19 \n"
375 " LDR R0, =0xFF81A278 /*'Startup'*/ \n"
376 " BL _CreateTask \n"
377 " MOV R0, #0 \n"
378 " LDMFD SP!, {R3,PC} \n"
379 );
380 }
381
382
383
384 void __attribute__((naked,noinline)) sub_FF82A998_my() {
385 asm volatile (
386 " STMFD SP!, {R2-R8,LR} \n"
387 " MOV R6, #0 \n"
388 " MOV R8, R0 \n"
389 " MOV R7, R6 \n"
390
391 " LDR R0, =0xC02200F8 \n"
392 " BL sub_FF85FBE4 \n"
393 " MOV R4, #1 \n"
394 " BIC R5, R4, R0 \n"
395 " LDR R0, =0xC02200FC \n"
396 " BL sub_FF85FBE4 \n"
397 " CMP R8, #0 \n"
398 " BIC R4, R4, R0 \n"
399 " BEQ loc_FF82A9D8 \n"
400 " ORRS R0, R5, R4 \n"
401 " BEQ loc_FF82A9FC \n"
402
403 "loc_FF82A9D8:\n"
404 " BL sub_FF83128C \n"
405 " MOV R2, R0 \n"
406 " MOV R3, #0 \n"
407 " MOV R1, R4 \n"
408 " MOV R0, R5 \n"
409 " STRD R6, [SP] \n"
410
411
412 " MOV R0, #1 \n"
413
414 "loc_FF82A9FC:\n"
415 " LDMFD SP!, {R2-R8,PC} \n"
416 );
417 }
418
419
420
421 void __attribute__((naked,noinline)) task_Startup_my() {
422 asm volatile (
423 " STMFD SP!, {R4,LR} \n"
424 " BL sub_FF8147F8 \n"
425 " BL sub_FF82BB20 \n"
426 " BL sub_FF82A22C \n"
427
428 " BL sub_FF831500 \n"
429
430 " BL sub_FF83167C \n"
431 " BL sub_FF831E58 \n"
432 " BL sub_FF831640 \n"
433 " BL sub_FF831530 \n"
434 " BL sub_FF82FE80 \n"
435 " BL sub_FF831E60 \n"
436 " BL CreateTask_spytask\n"
437 " BL taskcreatePhySw_my \n"
438 " BL sub_FF82E2D4 \n"
439 " BL sub_FF89D31C \n"
440 " BL sub_FF82836C \n"
441 " BL sub_FF829C40 \n"
442 " BL sub_FF8310BC \n"
443 " BL sub_FF82A1E0 \n"
444 " BL sub_FF829BE0 \n"
445 " BL sub_FF850CEC \n"
446 " BL sub_FF828F34 \n"
447 " BL sub_FF829BA4 \n"
448 " LDMFD SP!, {R4,LR} \n"
449 " B sub_FF814918 \n"
450 );
451 }
452
453
454
455 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
456 asm volatile (
457 " STMFD SP!, {R3-R5,LR} \n"
458 " LDR R4, =0x1C90 \n"
459 " LDR R0, [R4, #4] \n"
460 " CMP R0, #0 \n"
461 " BNE loc_FF82A870 \n"
462 " MOV R3, #0 \n"
463 " STR R3, [SP] \n"
464 " LDR R3, =mykbd_task \n"
465 " MOV R2, #0x2000 \n"
466 " MOV R1, #0x17 \n"
467 " LDR R0, =0xFF82AAF4 /*'PhySw'*/ \n"
468 " BL sub_003F7C50 /*_CreateTaskStrictly*/ \n"
469 " STR R0, [R4, #4] \n"
470
471 "loc_FF82A870:\n"
472 " BL sub_FF88C040 \n"
473 " BL sub_FF82C44C /*_IsFactoryMode_FW*/ \n"
474 " CMP R0, #0 \n"
475 " BNE loc_FF82A88C \n"
476 " LDR R1, =0x325F0 \n"
477 " MOV R0, #0 \n"
478 " BL sub_FF88BFAC /*_OpLog.Start_FW*/ \n"
479
480 "loc_FF82A88C:\n"
481 " LDMFD SP!, {R3-R5,PC} \n"
482 );
483 }
484
485
486
487 void __attribute__((naked,noinline)) init_file_modules_task() {
488 asm volatile (
489 " STMFD SP!, {R4-R6,LR} \n"
490 " BL sub_FF88E930 \n"
491 " LDR R5, =0x5006 \n"
492 " MOVS R4, R0 \n"
493 " MOVNE R1, #0 \n"
494 " MOVNE R0, R5 \n"
495 " BLNE _PostLogicalEventToUI \n"
496 " BL sub_FF88E964 \n"
497 " BL core_spytask_can_start\n"
498 " CMP R4, #0 \n"
499 " LDMNEFD SP!, {R4-R6,PC} \n"
500 " MOV R0, R5 \n"
501 " LDMFD SP!, {R4-R6,LR} \n"
502 " MOV R1, #0 \n"
503 " B _PostLogicalEventToUI \n"
504 );
505 }