This source file includes following definitions.
- save_romlog2
- spytask_my
- spytask
- CreateTask_spytask
- boot
- CreateTask_my
- sub_fc062f48_my
- sub_fc0630d9_my
- sub_fc0634e2_my
- sub_fc06347d_my
- sub_fc083bea_my
- init_file_modules_task
- kbd_p2_f_my
- sub_fc074e8a_my
- wrap_kbd_p1_f
- sub_fc0839d8_my
- sub_fc07507e_my
- agent_orange
1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4 #include "dryos31.h"
5 #include "core.h"
6 #include "callfunc.h"
7
8
9 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
10
11 const char * const new_sa = &_end;
12
13
14 extern volatile int jogdial_stopped;
15 void JogDial_task_my(void);
16
17 extern void task_CaptSeq();
18 extern void task_InitFileModules();
19 extern void task_RotaryEncoder();
20 extern void task_MovieRecord();
21 extern void task_ExpDrv();
22
23 extern unsigned _ExecuteEventProcedure(const char *name,...);
24
25
26 extern unsigned _LCDMsg_Create (unsigned, unsigned, unsigned);
27 extern void _LCDMsg_SetStr (unsigned, char * );
28
29
30
31
32 #ifdef BOOT_ROMLOG_SHORTCUT
33 void save_romlog2(void)
34 {
35 unsigned args[4];
36 args[0] = (unsigned)"SystemEventInit";
37 call_func_ptr(_ExecuteEventProcedure,args,1);
38 args[0] = (unsigned)"UI.CreatePublic";
39 call_func_ptr(_ExecuteEventProcedure,args,1);
40 args[0] = (unsigned)"System.Create";
41 call_func_ptr(_ExecuteEventProcedure,args,1);
42 args[0] = (unsigned)"Driver.Create";
43 call_func_ptr(_ExecuteEventProcedure,args,1);
44
45 args[0] = (unsigned)"GetLogToFile";
46 args[1] = (unsigned)"A/ROMLOG.LOG";
47 args[2] = 1;
48 call_func_ptr(_ExecuteEventProcedure,args,3);
49
50 args[0] = (unsigned)"BeepDrive";
51 args[1] = (unsigned) 0x02;
52 call_func_ptr(_ExecuteEventProcedure,args,2);
53
54
55
56 }
57
58
59
60
61
62 void spytask_my(long ua, long ub, long uc, long ud, long ue, long uf)
63 {
64 (void)ua; (void)ub; (void)uc; (void)ud; (void)ue; (void)uf;
65
66 _SleepTask(2800);
67 save_romlog2();
68
69 while (1){
70 _SleepTask(300);
71 }
72 }
73 #endif
74
75
76
77
78 void spytask(long ua, long ub, long uc, long ud, long ue, long uf)
79 {
80 (void)ua; (void)ub; (void)uc; (void)ud; (void)ue; (void)uf;
81 core_spytask();
82 }
83
84
85
86
87
88 void CreateTask_spytask()
89 {
90
91
92 if ( *(int*)(0x9e78) & 0x00600000 )
93 {
94 #ifdef BOOT_ROMLOG_SHORTCUT
95 if (( *(int*)(0xD20BF4A0) & 0x00002000) == 0) _CreateTask("SpyTaskMY", 0x19, 0x2000, spytask_my, 0);
96 #endif
97 _CreateTask("SpyTask", 0x19, 0x2000, spytask, 0);
98 }
99 }
100
101
102
103
104
105
106
107
108
109
110
111
112
113 void __attribute__((naked,noinline)) boot() {
114 asm volatile (
115 " movw r0, #0x4000\n"
116 " movt r0, #0\n"
117 " mov sp, r0\n"
118 " bl sub_fc02007e\n"
119 " ldr r2, =0xc0242010\n"
120 " ldr r1, [r2]\n"
121 " orr r1, r1, #1\n"
122 " str r1, [r2]\n"
123 " ldr r0, =0xfcc988a0\n"
124 " ldr r1, =0x010e1000\n"
125 " ldr r3, =0x011074ac\n"
126 "loc_fc02002a:\n"
127 " cmp r1, r3\n"
128 " itt lo\n"
129 " ldrlo r2, [r0], #4\n"
130 " strlo r2, [r1], #4\n"
131 " blo loc_fc02002a\n"
132 " ldr r0, =0x010e1000\n"
133 " ldr r1, =0x000264ac\n"
134 " bl sub_fc1301a2\n"
135 " ldr r0, =0xfccbed4c\n"
136 " ldr r1, =0xbfe10800\n"
137 " ldr r3, =0xbfe17391\n"
138 "loc_fc020046:\n"
139 " cmp r1, r3\n"
140 " itt lo\n"
141 " ldrlo r2, [r0], #4\n"
142 " strlo r2, [r1], #4\n"
143 " blo loc_fc020046\n"
144 " ldr r0, =0xfcc50130\n"
145 " ldr r1, =0x00008000\n"
146 " ldr r3, =0x00050770\n"
147 "loc_fc02005a:\n"
148 " cmp r1, r3\n"
149 " itt lo\n"
150 " ldrlo r2, [r0], #4\n"
151 " strlo r2, [r1], #4\n"
152 " blo loc_fc02005a\n"
153
154
155
156
157
158 " ldr r3, =0x50770\n"
159 " ldr r1, =0x3a7cc8\n"
160 " mov.w r2, #0\n"
161 "loc_fc020070:\n"
162 " cmp r3, r1\n"
163 " it cc\n"
164 " strcc.w r2, [r3],#4\n"
165 " bcc loc_fc020070\n"
166
167
168 "adr r0, patch_CreateTask\n"
169 "ldm r0, {r1,r2}\n"
170 "ldr r0, =orig_CreateTask\n"
171 "bic r0, #1\n"
172 "stm r0, {r1,r2}\n"
173
174 "b.w sub_fc062f48_my\n"
175
176 "patch_CreateTask:\n"
177 "ldr.w pc, [pc,#0]\n"
178 ".long CreateTask_my + 1\n"
179 );
180 }
181
182
183 void __attribute__((naked,noinline)) CreateTask_my() {
184
185
186 asm volatile (
187 " push {r0}\n"
188
189
190
191
192
193
194
195
196
197
198 " ldr r0, =task_CaptSeq\n"
199 " cmp r0, r3\n"
200 " itt eq\n"
201 " ldreq r3, =capt_seq_task\n"
202 " orreq r3, #1\n"
203 " beq exitHook\n"
204
205
206 " LDR R0, =task_ExpDrv\n"
207 " CMP R0, R3\n"
208 " itt eq\n"
209 " LDREQ R3, =exp_drv_task\n"
210 " orreq r3, #1\n"
211 " BEQ exitHook\n"
212
213
214
215
216
217
218
219
220
221
222 " LDR R0, =task_FileWrite\n"
223 " CMP R0, R3\n"
224 " itt eq\n"
225 " LDREQ R3, =filewritetask\n"
226 " orreq r3, #1\n"
227 " BEQ exitHook\n"
228
229 " LDR R0, =0xFC262421\n"
230 " CMP R0, R3\n"
231 " itt eq\n"
232 " LDREQ R3, =task_cocoa0\n"
233 " orreq r3, #1\n"
234 " BEQ exitHook\n"
235
236 " LDR R0, =task_MovieRecord\n"
237 " CMP R0, R3\n"
238 " itt eq\n"
239 " LDREQ R3, =movie_record_task\n"
240 " orreq r3, #1\n"
241 " BEQ exitHook\n"
242
243 " ldr r0, =task_InitFileModules\n"
244 " cmp r0, r3\n"
245 " itt eq\n"
246 " ldreq r3, =init_file_modules_task\n"
247 " orreq r3, #1\n"
248
249 "exitHook:\n"
250
251
252
253 " pop {r0}\n"
254
255 " stmdb sp!, {r1, r2, r3, r4, r5, r6, r7, r8, r9, lr}\n"
256 " mov r4, r0\n"
257 " ldr r0, =0x8160\n"
258 " ldr.w pc, =(orig_CreateTask + 8) \n"
259 ".ltorg\n"
260 );
261 }
262
263
264 void __attribute__((naked,noinline)) sub_fc062f48_my() {
265
266 asm volatile (
267 "push {r4, lr}\n"
268 #if defined(CHDK_NOT_IN_CANON_HEAP)
269 " ldr r4, =0x3a7cc8\n"
270 #else
271 "ldr r4, =new_sa\n"
272 "ldr r4, [r4]\n"
273 #endif
274 " sub sp, #0x78\n"
275 " ldr r0, =0x0074e000\n"
276 " ldr r1, =0x000afd8c\n"
277 " subs r0, r0, r4\n"
278 " cmp r0, r1\n"
279 " bhs loc_fc062f5a\n"
280 "loc_fc062f58:\n"
281 " b loc_fc062f58\n"
282 "loc_fc062f5a:\n"
283 " ldr r1, =0x00008074\n"
284 " mov.w r0, #0x80000\n"
285 " str r0, [r1]\n"
286 " ldr r1, =0x00008078\n"
287 " ldr r0, =0x42a41000\n"
288 " str r0, [r1]\n"
289 " ldr r1, =0x0000807c\n"
290 " ldr r0, =0x42a43000\n"
291 " str r0, [r1]\n"
292 " movs r1, #0x78\n"
293 " mov r0, sp\n"
294 " blx sub_fc30246c\n"
295 " ldr r0, =0x0068e000\n"
296 " mov.w r1, #0xc0000\n"
297 " stm.w sp, {r0, r1, r4}\n"
298 " ldr r1, =0x00682274\n"
299 " subs r2, r1, r4\n"
300 " strd r2, r1, [sp, #0xc]\n"
301 " str r0, [sp, #0x14]\n"
302 " movs r0, #0x22\n"
303 " str r0, [sp, #0x18]\n"
304 " movs r0, #0x98\n"
305 " str r0, [sp, #0x1c]\n"
306 " movw r0, #0x24c\n"
307 " str r0, [sp, #0x20]\n"
308 " movs r0, #0xfa\n"
309 " str r0, [sp, #0x24]\n"
310 " movs r0, #0xe8\n"
311 " str r0, [sp, #0x28]\n"
312 " movs r0, #0x85\n"
313 " str r0, [sp, #0x2c]\n"
314 " movs r0, #0x40\n"
315 " str r0, [sp, #0x30]\n"
316 " movs r0, #4\n"
317 " str r0, [sp, #0x34]\n"
318 " movs r0, #0\n"
319 " str r0, [sp, #0x38]\n"
320 " movs r0, #0x10\n"
321 " str r0, [sp, #0x5c]\n"
322 " movs r2, #0\n"
323 " lsls r0, r0, #8\n"
324 " str r0, [sp, #0x60]\n"
325 " ldr r1, =sub_fc0630d9_my\n"
326 " asrs r0, r0, #4\n"
327 " str r0, [sp, #0x64]\n"
328 " lsls r0, r0, #5\n"
329 " str r0, [sp, #0x68]\n"
330 " mov r0, sp\n"
331 " blx sub_fc301bd0\n"
332 " add sp, #0x78\n"
333 " pop {r4, pc}\n"
334 ".ltorg\n"
335 );
336 }
337
338
339 void __attribute__((naked,noinline)) sub_fc0630d9_my() {
340 asm volatile (
341 " push {r4, lr}\n"
342 "loc_fc0630da:\n"
343 " ldr r4, =0xfc063180\n"
344 " bl sub_fc0643d4\n"
345 " ldr r0, =0x000080ec\n"
346 " ldr r1, [r0]\n"
347 " ldr r0, =0x00008074\n"
348 " ldr r0, [r0]\n"
349 " adds r0, #0x10\n"
350 " cmp r1, r0\n"
351 " bhs loc_fc0630f4\n"
352 " ldr r0, =0xfc063190\n"
353 " bl sub_fc06316a\n"
354 "loc_fc0630f4:\n"
355 " bl sub_fc13027c\n"
356 " ldr r1, =0xbfe10000\n"
357 " mov.w r2, #-0x11111112\n"
358 " ldr r3, =0xbfe10800\n"
359 "loc_fc063100:\n"
360 " stm r1!, {r2}\n"
361 " cmp r1, r3\n"
362 " blo loc_fc063100\n"
363 " bl sub_fc13028e\n"
364 " bl sub_fc1edfc4\n"
365 " cmp r0, #0\n"
366 " bge loc_fc063118\n"
367 " ldr r0, =0xfc0631b0\n"
368 " bl sub_fc06316a\n"
369 "loc_fc063118:\n"
370 " bl sub_fc063964\n"
371 " cmp r0, #0\n"
372 " bge loc_fc063126\n"
373 " ldr r0, =0xfc0631b8\n"
374 " bl sub_fc06316a\n"
375 "loc_fc063126:\n"
376 " mov r0, r4\n"
377 " bl sub_fc0639f2\n"
378 " cmp r0, #0\n"
379 " bge loc_fc063136\n"
380 " ldr r0, =0xfc0631c8\n"
381 " bl sub_fc06316a\n"
382 "loc_fc063136:\n"
383 " mov r0, r4\n"
384 " bl sub_fc063314\n"
385 " cmp r0, #0\n"
386 " bge loc_fc063146\n"
387 " ldr r0, =0xfc0631dc\n"
388 " bl sub_fc06316a\n"
389 "loc_fc063146:\n"
390 " bl sub_fc063458\n"
391 " cmp r0, #0\n"
392 " bge loc_fc063154\n"
393 " ldr r0, =0xfc0631e8\n"
394 " bl sub_fc06316a\n"
395 "loc_fc063154:\n"
396 " bl sub_fc0665ac\n"
397 " cmp r0, #0\n"
398 " bge loc_fc063162\n"
399 " ldr r0, =0xfc0631f4\n"
400 " bl sub_fc06316a\n"
401 "loc_fc063162:\n"
402 " pop.w {r4, lr}\n"
403 " b.w sub_fc0634e2_my\n"
404 ".ltorg\n"
405 );
406 }
407
408 void __attribute__((naked,noinline)) sub_fc0634e2_my() {
409 asm volatile (
410 " push {r3, lr}\n"
411 " bl sub_fc0635fc\n"
412 " bl sub_fc131324\n"
413 " cbnz r0, loc_fc0634f8\n"
414 " bl sub_fc07803e\n"
415 " cbz r0, loc_fc0634f8\n"
416 " movs r0, #1\n"
417 " b loc_fc0634fa\n"
418 "loc_fc0634f8:\n"
419 " movs r0, #0\n"
420 "loc_fc0634fa:\n"
421 " bl sub_fc083cc4\n"
422 " cbnz r0, loc_fc063506\n"
423 " bl sub_fc0635ea\n"
424 "loc_fc063504:\n"
425 " b loc_fc063504\n"
426 "loc_fc063506:\n"
427 " blx sub_fc301c28\n"
428 " ldr r1, =0x0074e000\n"
429 " movs r0, #0\n"
430 " bl sub_fc37a788\n"
431 " blx sub_fc30200c\n"
432 " movs r3, #0\n"
433 " str r3, [sp]\n"
434 " ldr r3, =sub_fc06347d_my\n"
435 " movs r2, #0\n"
436 " movs r1, #0x19\n"
437 " ldr r0, =0xfc063534\n"
438 " blx sub_fc302204\n"
439 " movs r0, #0\n"
440 " pop {r3, pc}\n"
441 ".ltorg\n"
442 );
443 }
444
445
446 void __attribute__((naked,noinline)) sub_fc06347d_my() {
447 asm volatile (
448 " push {r4, lr}\n"
449 " bl sub_fc131038\n"
450 " bl sub_fc0635c8\n"
451
452 " bl sub_fc0f41f0\n"
453
454 " bl sub_010e16c8\n"
455 " bl sub_fc36dfd6\n"
456 " bl sub_fc0f4348\n"
457 " bl sub_fc0638a4\n"
458 " bl sub_fc0636dc\n"
459 " bl sub_fc0f4222\n"
460 " bl sub_fc1ee778\n"
461 " bl sub_fc0f434e\n"
462 " bl CreateTask_spytask\n"
463 " bl sub_fc083bea_my\n"
464 " bl sub_fc0a9870\n"
465 " bl sub_fc0f4364\n"
466 " bl sub_fc0d2610\n"
467 " bl sub_fc130df0\n"
468 " bl sub_fc1311e2\n"
469 " bl sub_fc0f41a2\n"
470 " bl sub_fc130dac\n"
471
472 " bl sub_fc363050\n"
473 " bl sub_fc130d80\n"
474 " pop.w {r4, lr}\n"
475
476 "ldr pc, =0xfc13100f\n"
477 ".ltorg\n"
478 );
479 }
480
481
482 void __attribute__((naked,noinline)) sub_fc083bea_my() {
483 asm volatile (
484 " push {r3, r4, r5, lr}\n"
485 " bl sub_fc0763a4\n"
486 " bl sub_fc077fbc\n"
487 " cbnz r0, loc_fc083bfa\n"
488 " bl sub_fc076348\n"
489 "loc_fc083bfa:\n"
490 " ldr r4, =0x000082cc\n"
491 " ldr r0, [r4, #4]\n"
492 " cmp r0, #0\n"
493 " bne loc_fc083c16\n"
494 " movs r3, #0\n"
495 " str r3, [sp]\n"
496 " ldr r3, =mykbd_task\n"
497
498 " movs r1, #0x17\n"
499 " ldr r0, =0xfc083f2c\n"
500 " movw r2, #0x2000\n"
501 " blx sub_fc302314\n"
502 " str r0, [r4, #4]\n"
503 "loc_fc083c16:\n"
504 " pop {r3, r4, r5, pc}\n"
505 ".ltorg\n"
506 );
507 }
508
509 void __attribute__((naked,noinline)) init_file_modules_task() {
510 asm volatile (
511 " push {r4, r5, r6, lr}\n"
512 " bl sub_fc0f9dec\n"
513 " movs r4, r0\n"
514 " movw r5, #0x5006\n"
515 " beq loc_fc0f79b6\n"
516 " movs r1, #0\n"
517 " mov r0, r5\n"
518 " bl sub_fc37ebd4\n"
519 "loc_fc0f79b6:\n"
520 " bl sub_fc0f9e16\n"
521 " BL core_spytask_can_start\n"
522 " cmp r4, #0\n"
523 " bne loc_fc0f79ca\n"
524 " mov r0, r5\n"
525 " pop.w {r4, r5, r6, lr}\n"
526 " movs r1, #0\n"
527 " b.w sub_fc37ebd4\n"
528 "loc_fc0f79ca:\n"
529 " pop {r4, r5, r6, pc}\n"
530 ".ltorg\n"
531 );
532 }
533
534 void __attribute__((naked,noinline)) kbd_p2_f_my() {
535 asm volatile(
536 " push.w {r4, r5, r6, r7, r8, lr}\n"
537 " ldr r6, =0x000520ec\n"
538 " sub sp, #0x18\n"
539 " add r7, sp, #8\n"
540 " subs r6, #0xc\n"
541 " b loc_fc083956\n"
542 "loc_fc083922:\n"
543 " ldr r1, =0x000520ec\n"
544 " add r3, sp, #8\n"
545 " ldrb.w r0, [sp, #4]\n"
546 " add r2, sp, #0x14\n"
547 " subs r1, #0x18\n"
548 " bl sub_fc075420\n"
549 " cbnz r0, loc_fc08393c\n"
550 " ldr r1, [sp, #0x14]\n"
551 " movs r0, #0\n"
552 " bl sub_fc083886\n"
553 "loc_fc08393c:\n"
554 " movs r0, #2\n"
555 "loc_fc08393e:\n"
556 " ldr.w r1, [r7, r0, lsl #2]\n"
557 " cbz r1, loc_fc08394e\n"
558 " ldr.w r2, [r6, r0, lsl #2]\n"
559 " bics r2, r1\n"
560 " str.w r2, [r6, r0, lsl #2]\n"
561 "loc_fc08394e:\n"
562 " subs r0, r0, #1\n"
563 " sxtb r0, r0\n"
564 " cmp r0, #0\n"
565 " bge loc_fc08393e\n"
566 "loc_fc083956:\n"
567 " ldr r0, =0x000520ec\n"
568 " add r1, sp, #4\n"
569 " subs r0, #0xc\n"
570 " bl sub_fc0750d2\n"
571 " cmp r0, #0\n"
572 " bne loc_fc083922\n"
573 " ldr.w r8, =0x000520ec\n"
574 " movs r4, #0\n"
575 "loc_fc08396a:\n"
576 " movs r5, #0\n"
577 " ldr.w r0, [r6, r4, lsl #2]\n"
578 " ldr.w r1, [r8, r4, lsl #2]\n"
579 " ands r0, r1\n"
580 " str.w r0, [r6, r4, lsl #2]\n"
581 " b loc_fc0839c2\n"
582 "loc_fc08397c:\n"
583 " lsrs r0, r5\n"
584 " lsls r0, r0, #0x1f\n"
585 " beq loc_fc0839ba\n"
586 " ldr r1, =0x000520ec\n"
587 " add.w r0, r5, r4, lsl #5\n"
588 " add r3, sp, #8\n"
589 " subs r1, #0x18\n"
590 " add r2, sp, #0x14\n"
591 " uxtb r0, r0\n"
592 " bl sub_fc075420\n"
593 " cbnz r0, loc_fc08399e\n"
594 " ldr r1, [sp, #0x14]\n"
595 " movs r0, #1\n"
596 " bl sub_fc083886\n"
597 "loc_fc08399e:\n"
598 " mov r0, r4\n"
599 " b loc_fc0839b6\n"
600 "loc_fc0839a2:\n"
601 " ldr.w r1, [r7, r0, lsl #2]\n"
602 " cbz r1, loc_fc0839b2\n"
603 " ldr.w r2, [r6, r0, lsl #2]\n"
604 " bics r2, r1\n"
605 " str.w r2, [r6, r0, lsl #2]\n"
606 "loc_fc0839b2:\n"
607 " adds r0, r0, #1\n"
608 " sxtb r0, r0\n"
609 "loc_fc0839b6:\n"
610 " cmp r0, #3\n"
611 " blt loc_fc0839a2\n"
612 "loc_fc0839ba:\n"
613 " ldr.w r0, [r6, r4, lsl #2]\n"
614 " adds r5, r5, #1\n"
615 " uxtb r5, r5\n"
616 "loc_fc0839c2:\n"
617 " cmp r0, #0\n"
618 " bne loc_fc08397c\n"
619 " adds r4, r4, #1\n"
620 " sxtb r4, r4\n"
621 " cmp r4, #3\n"
622 " blt loc_fc08396a\n"
623 " bl sub_fc074e8a_my\n"
624 " add sp, #0x18\n"
625 " pop.w {r4, r5, r6, r7, r8, pc}\n"
626 ".ltorg\n"
627 );
628 }
629
630 void __attribute__((naked,noinline)) sub_fc074e8a_my() {
631 asm volatile(
632 " push {r4, lr}\n"
633 " ldr r4, =0x00009e6c\n"
634 " ldr r0, [r4, #0x10]\n"
635 " bl sub_fc0765e4\n"
636 " ldr r0, [r4, #0x14]\n"
637 " bl sub_fc07666e\n"
638 " bl sub_fc0766f6\n"
639 " bl sub_fc17b380\n"
640 " ldr r0, [r4, #0x18]\n"
641 " bl sub_fc076500\n"
642 " ldr r0, [r4, #0x1c]\n"
643 " bl sub_fc076500\n"
644
645
646
647 " bl handle_jogdial\n"
648 " cmp r0, #0\n"
649 " beq no_scroll\n"
650 " b.w sub_fc076948\n"
651 "no_scroll:\n"
652 " pop {r4, pc}\n"
653 );
654 }
655
656
657 long __attribute__((naked,noinline)) wrap_kbd_p1_f() {
658
659 asm volatile(
660 " push {r1, r2, r3, r4, r5, r6, r7, lr}\n"
661 " movs r4, #0\n"
662 " bl my_kbd_read_keys\n"
663 " kbd_p1_f_cont:\n"
664 " ldr r3, =physw_status\n"
665 " movs r0, #2\n"
666 " mov r5, sp\n"
667 " add.w r6, r3, #0x24\n"
668 "loc_fc083ebe:\n"
669 " add.w r1, r6, r0, lsl #2\n"
670 " ldr.w r2, [r3, r0, lsl #2]\n"
671 " ldr r7, [r1, #0xc]\n"
672 " ldr r1, [r1, #0x18]\n"
673 " and.w r2, r2, r7\n"
674 " eor.w r2, r2, r1\n"
675 " str.w r2, [r5, r0, lsl #2]\n"
676 " subs r0, r0, #1\n"
677 " bpl loc_fc083ebe\n"
678 " ldr r2, =physw_status\n"
679 " mov r0, sp\n"
680 " adds r2, #0x18\n"
681 " sub.w r1, r2, #0xc\n"
682 " bl sub_fc0839d8_my\n"
683 " ldr r0, =physw_status\n"
684 " adds r0, #0xc\n"
685 " bl sub_fc074e34\n"
686 " cmp r0, #1\n"
687 " bne loc_fc083ef6\n"
688 " movs r4, #1\n"
689 "loc_fc083ef6:\n"
690 " ldr r2, =physw_status\n"
691 " movs r0, #2\n"
692 " adds r2, #0x18\n"
693 " sub.w r3, r2, #0xc\n"
694 "loc_fc083f00:\n"
695 " ldr.w r1, [r2, r0, lsl #2]\n"
696 " cbz r1, loc_fc083f1a\n"
697 " ldr.w r4, [r3, r0, lsl #2]\n"
698 " ldr.w r6, [r5, r0, lsl #2]\n"
699 " bics r4, r1\n"
700 " ands r1, r6\n"
701 " orrs r4, r1\n"
702 " str.w r4, [r3, r0, lsl #2]\n"
703 " movs r4, #1\n"
704 "loc_fc083f1a:\n"
705 " subs r0, r0, #1\n"
706 " bpl loc_fc083f00\n"
707 " mov r0, r4\n"
708 " pop {r1, r2, r3, r4, r5, r6, r7, pc}\n"
709 ".ltorg\n"
710 );
711 return 0;
712 }
713
714 void __attribute__((naked,noinline)) sub_fc0839d8_my() {
715 asm volatile(
716 " push.w {r0, r1, r2, r3, r4, r5, r6, r7, r8, sb, sl, fp, ip, lr}\n"
717 " ldr r7, =0x000520ec\n"
718 " mov r5, r0\n"
719 " mov.w r0, #-1\n"
720 " mov sb, r1\n"
721 " str r0, [sp]\n"
722 " movs r0, #2\n"
723 " adds r7, #0x24\n"
724 " mov r6, r2\n"
725 "loc_fc0839ee:\n"
726 " ldr.w r1, [r5, r0, lsl #2]\n"
727 " ldr.w r2, [sb, r0, lsl #2]\n"
728 " eors r1, r2\n"
729 " add.w r2, r7, r0, lsl #2\n"
730 " ldr.w r2, [r2, #0xc0]\n"
731 " ands r1, r2\n"
732 " str.w r1, [r6, r0, lsl #2]\n"
733 " subs r0, r0, #1\n"
734 " sxtb r0, r0\n"
735 " cmp r0, #0\n"
736 " bge loc_fc0839ee\n"
737 " movs r0, #2\n"
738 "loc_fc083a10:\n"
739 " ldrh r1, [r7, #0x30]\n"
740 " add.w r1, r1, r1, lsl #1\n"
741 " ldr.w r2, [r5, r0, lsl #2]\n"
742 " add.w r1, r7, r1, lsl #2\n"
743 " add.w r1, r1, r0, lsl #2\n"
744 " subs r0, r0, #1\n"
745 " sxtb r0, r0\n"
746 " cmp r0, #0\n"
747 " str r2, [r1, #0xc]\n"
748 " bge loc_fc083a10\n"
749 " ldrh r0, [r7, #0x30]\n"
750 " mov.w ip, #0\n"
751 " adds r0, r0, #1\n"
752 " cmp r0, #3\n"
753 " blo loc_fc083a3e\n"
754 " strh.w ip, [r7, #0x30]\n"
755 " b loc_fc083a40\n"
756 "loc_fc083a3e:\n"
757 " strh r0, [r7, #0x30]\n"
758 "loc_fc083a40:\n"
759 " movs r0, #2\n"
760 "loc_fc083a42:\n"
761 " movs r2, #0\n"
762 " mov r1, r2\n"
763 "loc_fc083a46:\n"
764 " add.w r3, r1, r1, lsl #1\n"
765 " adds r1, r1, #1\n"
766 " add.w r3, r7, r3, lsl #2\n"
767 " add.w r3, r3, r0, lsl #2\n"
768 " sxtb r1, r1\n"
769 " ldr r4, [r3, #0xc]\n"
770 " ldr r3, [r3, #0x18]\n"
771 " eors r4, r3\n"
772 " orrs r2, r4\n"
773 " cmp r1, #2\n"
774 " blt loc_fc083a46\n"
775 " ldr.w r1, [r5, r0, lsl #2]\n"
776 " ldr.w r3, [sb, r0, lsl #2]\n"
777 " eors r1, r3\n"
778 " bics r1, r2\n"
779 " ldr.w r2, [r7, r0, lsl #2]\n"
780 " ands r1, r2\n"
781 " ldr.w r2, [r6, r0, lsl #2]\n"
782 " orrs r1, r2\n"
783 " str.w r1, [r6, r0, lsl #2]\n"
784 " subs r0, r0, #1\n"
785 " sxtb r0, r0\n"
786 " cmp r0, #0\n"
787 " bge loc_fc083a42\n"
788 " add.w sl, sp, #4\n"
789 " mov.w r8, #4\n"
790 " mov fp, ip\n"
791 "loc_fc083a90:\n"
792 " ldr r3, =0x000520ec\n"
793 " movs r1, #0\n"
794 " mov ip, sl\n"
795 " movs r0, #2\n"
796 " rsb r2, r8, r8, lsl #3\n"
797 " adds r3, #0x24\n"
798 " add.w r4, r3, r2, lsl #2\n"
799 "loc_fc083aa2:\n"
800 " mov sl, ip\n"
801 " add.w r2, r4, r0, lsl #2\n"
802 " str.w fp, [ip, r0, lsl #2]\n"
803 " ldr r2, [r2, #0x38]\n"
804 " cbz r2, loc_fc083ac2\n"
805 " ldr.w r3, [sb, r0, lsl #2]\n"
806 " ldr.w r7, [r5, r0, lsl #2]\n"
807 " eors r3, r7\n"
808 " ands r3, r2\n"
809 " orrs r1, r3\n"
810 " str.w r3, [sl, r0, lsl #2]\n"
811 "loc_fc083ac2:\n"
812 " subs r0, r0, #1\n"
813 " sxtb r0, r0\n"
814 " cmp r0, #0\n"
815 " bge loc_fc083aa2\n"
816 " cbnz r1, loc_fc083ad2\n"
817 " strb.w fp, [r4, #0x36]\n"
818 " b loc_fc083b86\n"
819 "loc_fc083ad2:\n"
820 " ldrb.w r0, [r4, #0x36]\n"
821 " cbz r0, loc_fc083afa\n"
822 " movs r0, #2\n"
823 "loc_fc083ada:\n"
824 " add.w r1, r4, r0, lsl #2\n"
825 " ldr.w r3, [r5, r0, lsl #2]\n"
826 " ldr r2, [r1, #0x44]\n"
827 " ldr r1, [r1, #0x38]\n"
828 " eors r2, r3\n"
829 " tst r2, r1\n"
830 " beq loc_fc083af2\n"
831 " strb.w fp, [r4, #0x36]\n"
832 " b loc_fc083afa\n"
833 "loc_fc083af2:\n"
834 " subs r0, r0, #1\n"
835 " sxtb r0, r0\n"
836 " cmp r0, #0\n"
837 " bge loc_fc083ada\n"
838 "loc_fc083afa:\n"
839 " add.w r4, r4, #0x34\n"
840 " ldrb r0, [r4, #2]\n"
841 " add.w r0, r0, #1\n"
842 " strb r0, [r4, #2]\n"
843 " ldrb r0, [r4], #-0x34\n"
844 " lsls r0, r0, #0x18\n"
845 " bpl loc_fc083b34\n"
846 " ldr r0, [r5]\n"
847 " ldr r1, [r4, #0x38]\n"
848 " ldr r2, [r4, #0x3c]\n"
849 " ands r0, r1\n"
850 " ldr r1, [r5, #4]\n"
851 " ands r1, r2\n"
852 " ldr r2, [r4, #0x40]\n"
853 " orrs r0, r1\n"
854 " ldr r1, [r5, #8]\n"
855 " ands r1, r2\n"
856 " orrs r0, r1\n"
857 " ldrb.w r0, [r4, #0x35]\n"
858 " beq loc_fc083b2e\n"
859 " lsrs r7, r0, #4\n"
860 " b loc_fc083b38\n"
861 "loc_fc083b2e:\n"
862 " and r7, r0, #0xf\n"
863 " b loc_fc083b38\n"
864 "loc_fc083b34:\n"
865 " ldrsb.w r7, [r4, #0x35]\n"
866 "loc_fc083b38:\n"
867 " cmp r7, #1\n"
868 " bne loc_fc083b4a\n"
869 " ldr r2, =0x000520ec\n"
870 " add.w r3, r4, #0x34\n"
871 " mov r1, r5\n"
872 " mov r0, sp\n"
873 " bl sub_fc07507e_my\n"
874 "loc_fc083b4a:\n"
875 " ldrb.w r0, [r4, #0x36]\n"
876 " cmp r0, r7\n"
877 " blt loc_fc083b72\n"
878 " movs r0, #2\n"
879 " mov r2, sl\n"
880 "loc_fc083b56:\n"
881 " ldr.w r1, [r2, r0, lsl #2]\n"
882 " cbz r1, loc_fc083b66\n"
883 " ldr.w r3, [r6, r0, lsl #2]\n"
884 " orrs r3, r1\n"
885 " str.w r3, [r6, r0, lsl #2]\n"
886 "loc_fc083b66:\n"
887 " subs r0, r0, #1\n"
888 " sxtb r0, r0\n"
889 " cmp r0, #0\n"
890 " bge loc_fc083b56\n"
891 " strb.w fp, [r4, #0x36]\n"
892 "loc_fc083b72:\n"
893 " movs r0, #2\n"
894 "loc_fc083b74:\n"
895 " add.w r2, r4, r0, lsl #2\n"
896 " ldr.w r1, [r5, r0, lsl #2]\n"
897 " subs r0, r0, #1\n"
898 " sxtb r0, r0\n"
899 " cmp r0, #0\n"
900 " str r1, [r2, #0x44]\n"
901 " bge loc_fc083b74\n"
902 "loc_fc083b86:\n"
903 " sub.w r0, r8, #1\n"
904 " sxtb.w r8, r0\n"
905 " cmp.w r8, #0\n"
906 " bge.w loc_fc083a90\n"
907 " pop.w {r0, r1, r2, r3, r4, r5, r6, r7, r8, sb, sl, fp, ip, pc}\n"
908 ".ltorg\n"
909 );
910 }
911
912
913 void __attribute__((naked,noinline)) sub_fc07507e_my() {
914
915 extern long kbd_mod_state[];
916 (void)kbd_mod_state;
917 asm volatile(
918 " push {r4, r5, r6, r7, r8, lr}\n"
919 " ldr r4, [r0]\n"
920 " adds r4, r4, #1\n"
921 " bne loc_fc075090\n"
922 " ldr r4, =0xd20bf4a0\n"
923 " ldr r4, [r4]\n"
924 " ldr r5, =0x00043ff9\n"
925 "ldr r8, =kbd_mod_state\n"
926 "ldr r8, [r8,#4]\n"
927 "ands r4, r8\n"
928 " ands r4, r5\n"
929 " str r4, [r0]\n"
930 "loc_fc075090:\n"
931 " movs r4, #2\n"
932 "loc_fc075092:\n"
933 " add.w r5, r3, r4, lsl #2\n"
934 " ldr r5, [r5, #4]\n"
935 " cbnz r5, loc_fc07509e\n"
936 " subs r4, r4, #1\n"
937 " bpl loc_fc075092\n"
938 "loc_fc07509e:\n"
939 " ldr r5, [r0]\n"
940 " add.w r0, r2, r4, lsl #2\n"
941 " add.w r7, r3, r4, lsl #2\n"
942 " ldr r2, [r0, #0xc]\n"
943 " ldr r0, [r0, #0x18]\n"
944 " ands r5, r2\n"
945 " ldr.w r2, [r1, r4, lsl #2]\n"
946 " eors r5, r0\n"
947 " ldr r0, [r7, #4]\n"
948 " ands r5, r0\n"
949 " and.w r6, r2, r0\n"
950 " cmp r6, r5\n"
951 " beq loc_fc0750d0\n"
952 " ldr r5, [r7, #0x10]\n"
953 " bics r2, r0\n"
954 " ands r5, r0\n"
955 " orrs r2, r5\n"
956 " str.w r2, [r1, r4, lsl #2]\n"
957 " movs r0, #0\n"
958 " strb r0, [r3, #2]\n"
959 "loc_fc0750d0:\n"
960 " pop {r4, r5, r6, r7, r8, pc}\n"
961 ".ltorg\n"
962 );
963 }
964
965 void agent_orange(){
966 *(int*)0xd20b0810 = 0x4d0002;
967 }
968