root/platform/ixus115_elph100hs/sub/101b/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. taskHook
  2. boot
  3. sub_FF810358_my
  4. sub_FF8111B0_my
  5. sub_FF815EE0_my
  6. taskcreate_Startup_my
  7. task_Startup_my
  8. taskcreatePhySw_my
  9. spytask
  10. CreateTask_spytask
  11. init_file_modules_task

   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 #include "dryos31.h"
   5 
   6 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
   7 
   8 const char * const new_sa = &_end;
   9 
  10 // Forward declarations
  11 void CreateTask_PhySw();
  12 void CreateTask_spytask();
  13 
  14 extern void task_CaptSeq();
  15 extern void task_InitFileModules();
  16 extern void task_MovieRecord();
  17 extern void task_ExpDrv();
  18 
  19 void taskHook(context_t **context)
  20 {
  21         task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
  22 
  23         // Replace firmware task addresses with ours
  24         if(tcb->entry == (void*)task_CaptSeq)                   tcb->entry = (void*)capt_seq_task;
  25         if(tcb->entry == (void*)task_InitFileModules)   tcb->entry = (void*)init_file_modules_task;
  26         if(tcb->entry == (void*)task_MovieRecord)               tcb->entry = (void*)movie_record_task;
  27         if(tcb->entry == (void*)task_ExpDrv)                    tcb->entry = (void*)exp_drv_task;
  28 }
  29 
  30 /*----------------------------------------------------------------------
  31         boot()
  32 
  33         Main entry point for the CHDK code
  34 -----------------------------------------------------------------------*/
  35 
  36 void __attribute__((naked,noinline)) boot(  ) {
  37 asm volatile (
  38 "       LDR     R1, =0xC0410000 \n"
  39 "       MOV     R0, #0 \n"
  40 "       STR     R0, [R1] \n"
  41 "       MOV     R1, #0x78 \n"
  42 "       MCR     p15, 0, R1, c1, c0 \n"
  43 "       MOV     R1, #0 \n"
  44 "       MCR     p15, 0, R1, c7, c10, 4 \n"
  45 "       MCR     p15, 0, R1, c7, c5 \n"
  46 "       MCR     p15, 0, R1, c7, c6 \n"
  47 "       MOV     R0, #0x3D \n"
  48 "       MCR     p15, 0, R0, c6, c0 \n"
  49 "       MOV     R0, #0xC000002F \n"
  50 "       MCR     p15, 0, R0, c6, c1 \n"
  51 "       MOV     R0, #0x35 \n"
  52 "       MCR     p15, 0, R0, c6, c2 \n"
  53 "       MOV     R0, #0x40000035 \n"
  54 "       MCR     p15, 0, R0, c6, c3 \n"
  55 "       MOV     R0, #0x80000017 \n"
  56 "       MCR     p15, 0, R0, c6, c4 \n"
  57 "       LDR     R0, =0xFF80002D \n"
  58 "       MCR     p15, 0, R0, c6, c5 \n"
  59 "       MOV     R0, #0x34 \n"
  60 "       MCR     p15, 0, R0, c2, c0 \n"
  61 "       MOV     R0, #0x34 \n"
  62 "       MCR     p15, 0, R0, c2, c0, 1 \n"
  63 "       MOV     R0, #0x34 \n"
  64 "       MCR     p15, 0, R0, c3, c0 \n"
  65 "       LDR     R0, =0x3333330 \n"
  66 "       MCR     p15, 0, R0, c5, c0, 2 \n"
  67 "       LDR     R0, =0x3333330 \n"
  68 "       MCR     p15, 0, R0, c5, c0, 3 \n"
  69 "       MRC     p15, 0, R0, c1, c0 \n"
  70 "       ORR     R0, R0, #0x1000 \n"
  71 "       ORR     R0, R0, #4 \n"
  72 "       ORR     R0, R0, #1 \n"
  73 "       MCR     p15, 0, R0, c1, c0 \n"
  74 "       MOV     R1, #0x80000006 \n"
  75 "       MCR     p15, 0, R1, c9, c1 \n"
  76 "       MOV     R1, #6 \n"
  77 "       MCR     p15, 0, R1, c9, c1, 1 \n"
  78 "       MRC     p15, 0, R1, c1, c0 \n"
  79 "       ORR     R1, R1, #0x50000 \n"
  80 "       MCR     p15, 0, R1, c1, c0 \n"
  81 "       LDR     R2, =0xC0200000 \n"
  82 "       MOV     R1, #1 \n"
  83 "       STR     R1, [R2, #0x10C] \n"
  84 "       MOV     R1, #0xFF \n"
  85 "       STR     R1, [R2, #0xC] \n"
  86 "       STR     R1, [R2, #0x1C] \n"
  87 "       STR     R1, [R2, #0x2C] \n"
  88 "       STR     R1, [R2, #0x3C] \n"
  89 "       STR     R1, [R2, #0x4C] \n"
  90 "       STR     R1, [R2, #0x5C] \n"
  91 "       STR     R1, [R2, #0x6C] \n"
  92 "       STR     R1, [R2, #0x7C] \n"
  93 "       STR     R1, [R2, #0x8C] \n"
  94 "       STR     R1, [R2, #0x9C] \n"
  95 "       STR     R1, [R2, #0xAC] \n"
  96 "       STR     R1, [R2, #0xBC] \n"
  97 "       STR     R1, [R2, #0xCC] \n"
  98 "       STR     R1, [R2, #0xDC] \n"
  99 "       STR     R1, [R2, #0xEC] \n"
 100 "       STR     R1, [R2, #0xFC] \n"
 101 "       LDR     R1, =0xC0400008 \n"
 102 "       LDR     R2, =0x430005 \n"
 103 "       STR     R2, [R1] \n"
 104 "       MOV     R1, #1 \n"
 105 "       LDR     R2, =0xC0243100 \n"
 106 "       STR     R2, [R1] \n"
 107 "       LDR     R2, =0xC0242010 \n"
 108 "       LDR     R1, [R2] \n"
 109 "       ORR     R1, R1, #1 \n"
 110 "       STR     R1, [R2] \n"
 111 "       LDR     R0, =0xFFC7EDE0 \n"   //1.01b
 112 "       LDR     R1, =0x1900 \n"
 113 "       LDR     R3, =0x102C0 \n"
 114 "loc_FF81013C:\n"
 115 "       CMP     R1, R3 \n"
 116 "       LDRCC   R2, [R0], #4 \n"
 117 "       STRCC   R2, [R1], #4 \n"
 118 "       BCC     loc_FF81013C \n"
 119 "       LDR     R1, =0x1745BC \n"
 120 "       MOV     R2, #0 \n"
 121 "loc_FF810154:\n"
 122 "       CMP     R3, R1 \n"
 123 "       STRCC   R2, [R3], #4 \n"
 124 "       BCC     loc_FF810154 \n"
 125 "       B       sub_FF810358_my \n"   // -->>
 126         );
 127 }
 128 
 129 //** sub_FF810358_my  @ 0xFF810358
 130 
 131 void __attribute__((naked,noinline)) sub_FF810358_my(  ) {
 132 
 133    *(int*)0x1938=(int)taskHook;
 134    *(int*)0x193C=(int)taskHook;
 135 
 136 //Power-on FF81FCE0+FF863FD0
 137 if ((*(int*) 0xC0220004) & 1)                                           // look at play switch //elph100
 138                 *(int*)(0x25E4) = 0x200000;                             // not pressed - start in play mode
 139         else
 140                 *(int*)(0x25E4) = 0x100000;                             // power pressed - start in rec mode
 141 
 142 asm volatile (
 143 "       LDR     R0, =0xFF8103D0 \n"
 144 "       MOV     R1, #0 \n"
 145 "       LDR     R3, =0xFF810408 \n"
 146 "loc_FF810364:\n"
 147 "       CMP     R0, R3 \n"
 148 "       LDRCC   R2, [R0], #4 \n"
 149 "       STRCC   R2, [R1], #4 \n"
 150 "       BCC     loc_FF810364 \n"
 151 "       LDR     R0, =0xFF810408 \n"
 152 "       MOV     R1, #0x4B0 \n"
 153 "       LDR     R3, =0xFF81061C \n"
 154 "loc_FF810380:\n"
 155 "       CMP     R0, R3 \n"
 156 "       LDRCC   R2, [R0], #4 \n"
 157 "       STRCC   R2, [R1], #4 \n"
 158 "       BCC     loc_FF810380 \n"
 159 "       MOV     R0, #0xD2 \n"
 160 "       MSR     CPSR_cxsf, R0 \n"
 161 "       MOV     SP, #0x1000 \n"
 162 "       MOV     R0, #0xD3 \n"
 163 "       MSR     CPSR_cxsf, R0 \n"
 164 "       MOV     SP, #0x1000 \n"
 165 "       LDR     R0, =0x6C4 \n"
 166 "       LDR     R2, =0xEEEEEEEE \n"
 167 "       MOV     R3, #0x1000 \n"
 168 "loc_FF8103B4:\n"
 169 "       CMP     R0, R3 \n"
 170 "       STRCC   R2, [R0], #4 \n"
 171 "       BCC     loc_FF8103B4 \n"
 172 "       BL      sub_FF8111B0_my \n"   // -->
 173         );
 174 }
 175 
 176 //** sub_FF8111B0_my  @ 0xFF8111B0
 177 
 178 void __attribute__((naked,noinline)) sub_FF8111B0_my(  ) {
 179 asm volatile (
 180 "       STR     LR, [SP, #-4]! \n"
 181 "       SUB     SP, SP, #0x74 \n"
 182 "       MOV     R1, #0x74 \n"
 183 "       MOV     R0, SP \n"
 184 "       BL      sub_FFB94350 \n"        // 1.01b
 185 "       MOV     R0, #0x53000 \n"
 186 "       STR     R0, [SP, #4] \n"
 187    #if defined(CHDK_NOT_IN_CANON_HEAP)
 188 "       LDR     R0, =0x1745BC\n"
 189         #else
 190 "       LDR     R0, =new_sa\n"          // added
 191 "       LDR       R0, [R0]\n"                   // added
 192         #endif
 193 
 194 "       LDR     R2, =0x371F80 \n"
 195 "       STR     R0, [SP, #8] \n"
 196 "       SUB     R0, R2, R0 \n"
 197 "       STR     R0, [SP, #0xC] \n"
 198 "       MOV     R0, #0x22 \n"
 199 "       STR     R0, [SP, #0x18] \n"
 200 "       MOV     R0, #0x68 \n"
 201 "       STR     R0, [SP, #0x1C] \n"
 202 "       LDR     R1, =0x379C00 \n"
 203 "       LDR     R0, =0x19B \n"
 204 "       STR     R1, [SP] \n"
 205 "       STR     R0, [SP, #0x20] \n"
 206 "       MOV     R0, #0x96 \n"
 207 "       STR     R2, [SP, #0x10] \n"
 208 "       STR     R1, [SP, #0x14] \n"
 209 "       STR     R0, [SP, #0x24] \n"
 210 "       STR     R0, [SP, #0x28] \n"
 211 "       MOV     R0, #0x64 \n"
 212 "       STR     R0, [SP, #0x2C] \n"
 213 "       MOV     R0, #0 \n"
 214 "       STR     R0, [SP, #0x30] \n"
 215 "       STR     R0, [SP, #0x34] \n"
 216 "       MOV     R0, #0x10 \n"
 217 "       STR     R0, [SP, #0x5C] \n"
 218 "       MOV     R0, #0x800 \n"
 219 "       STR     R0, [SP, #0x60] \n"
 220 "       MOV     R0, #0xA0 \n"
 221 "       STR     R0, [SP, #0x64] \n"
 222 "       MOV     R0, #0x280 \n"
 223 "       STR     R0, [SP, #0x68] \n"
 224 //"     LDR     R1, =sub_FF815EE0 \n"
 225 "       LDR     R1, =sub_FF815EE0_my \n"   // -->
 226 "       B       sub_FF81124C \n"        // continue in firmware
 227         );
 228 }
 229 
 230 
 231 //** sub_FF815EE0_my  @ 0xFF815EE0
 232 
 233 void __attribute__((naked,noinline)) sub_FF815EE0_my(  ) {
 234 asm volatile (
 235 "       STMFD   SP!, {R4,LR} \n"
 236 "       BL      sub_FF810B28 \n"
 237 "       BL      sub_FF81A374 \n"
 238 "       CMP     R0, #0 \n"
 239 "       LDRLT   R0, =0xFF815FF4 \n"
 240 "       BLLT    sub_FF815FD4 \n"
 241 "       BL      sub_FF815B18 \n"
 242 "       CMP     R0, #0 \n"
 243 "       LDRLT   R0, =0xFF815FFC \n"
 244 "       BLLT    sub_FF815FD4 \n"
 245 "       LDR     R0, =0xFF81600C \n"
 246 "       BL      sub_FF815C00 \n"
 247 "       CMP     R0, #0 \n"
 248 "       LDRLT   R0, =0xFF816014 \n"
 249 "       BLLT    sub_FF815FD4 \n"
 250 "       LDR     R0, =0xFF81600C \n"
 251 "       BL      sub_FF813CA8 \n"
 252 "       CMP     R0, #0 \n"
 253 "       LDRLT   R0, =0xFF816028 \n"
 254 "       BLLT    sub_FF815FD4 \n"
 255 "       BL      sub_FF819D00 \n"
 256 "       CMP     R0, #0 \n"
 257 "       LDRLT   R0, =0xFF816034 \n"
 258 "       BLLT    sub_FF815FD4 \n"
 259 "       BL      sub_FF811690 \n"
 260 "       CMP     R0, #0 \n"
 261 "       LDRLT   R0, =0xFF816040 \n"
 262 "       BLLT    sub_FF815FD4 \n"
 263 "       LDMFD   SP!, {R4,LR} \n"
 264 "       B               taskcreate_Startup_my\n" //patched
 265         );
 266 }
 267 
 268 
 269 //** taskcreate_Startup_my  @ 0xFF81FCAC
 270 
 271 void __attribute__((naked,noinline)) taskcreate_Startup_my(  ) {
 272 asm volatile (
 273 "       STMFD   SP!, {R3-R9,LR} \n"
 274 "       MOV     R6, #0 \n"
 275 "       BL      sub_FF834690 \n"
 276 "       BL      sub_FF83D464 \n"
 277 "       LDR     R9, =0xC0220000 \n"
 278 "       MOVS    R7, R0 \n"
 279 "       MOV     R8, #1 \n"
 280 "       BNE     loc_FF81FD14 \n"
 281 "       BL      sub_FF836DC4 \n"
 282 "       CMP     R0, #0 \n"
 283 "       BEQ     loc_FF81FD14 \n"
 284 "       LDR     R0, [R9] \n"
 285 "       BIC     R5, R8, R0 \n"
 286 "       LDR     R0, [R9, #4] \n"
 287 "       BIC     R4, R8, R0 \n"
 288 "       BL      sub_FF833964 \n"
 289 "       CMP     R0, #1 \n"
 290 "       MOVEQ   R6, #1 \n"
 291 "       ORR     R0, R4, R5 \n"
 292 "       ORRS    R0, R0, R6 \n"
 293 "       BNE     loc_FF81FD24 \n"
 294 "       BL      sub_FF833CE8 \n"
 295 "       MOV     R0, #0x44 \n"
 296 "       STR     R0, [R9, #0x1C] \n"
 297 "       BL      sub_FF833ED4 \n"
 298 "loc_FF81FD10:\n"
 299 "       B       loc_FF81FD10 \n"
 300 "loc_FF81FD14:\n"
 301 "       LDR     R0, [R9, #4] \n"
 302 "       BIC     R4, R8, R0 \n"
 303 "       LDR     R0, [R9] \n"
 304 "       BIC     R5, R8, R0 \n"
 305 "loc_FF81FD24:\n"
 306 "       MOV     R3, R6 \n"
 307 "       MOV     R2, R7 \n"
 308 "       MOV     R1, R5 \n"
 309 "       MOV     R0, R4 \n"
 310 //"     BL      sub_FF834698 \n"
 311 "       BL      sub_FF834694 \n"
 312 "       BL      sub_FF83B630 \n"
 313 "       LDR     R1, =0x3CE000 \n"
 314 "       MOV     R0, #0 \n"
 315 "       BL      sub_FF83BAA0 \n"
 316 "       BL      sub_FF83B848 \n"
 317 "       MOV     R3, #0 \n"
 318 "       STR     R3, [SP] \n"
 319 "       LDR R3, =task_Startup_my\n" //patched
 320 "       B       sub_FF81FD5C\n"  // continue in firmware
 321         );
 322 }
 323 
 324 
 325 //** task_Startup_my  @ 0xFF81FBF4
 326 
 327 void __attribute__((naked,noinline)) task_Startup_my(  ) {
 328 asm volatile (
 329 "       STMFD   SP!, {R4,LR} \n"
 330 "       BL      sub_FF816588 \n"
 331 "       BL      sub_FF835804 \n"
 332 "       BL      sub_FF8339A0 \n"
 333 "       BL      sub_FF83D4AC \n"
 334 "       BL      sub_FF83D698 \n"
 335 //"     BL      sub_FF83D540 \n"
 336 "       BL      sub_FF83D844 \n"
 337 "       BL      sub_FF816488 \n"
 338 "       BL      sub_FF836524 \n"
 339 "       LDR     R1, =0x7C007C00 \n"
 340 "       LDR     R0, =0xC0F1800C \n"
 341 "       BL      sub_FF835810 \n"
 342 "       LDR     R0, =0xC0F18010 \n"
 343 "       MOV     R1, #0 \n"
 344 "       BL      sub_FF835810 \n"
 345 "       LDR     R0, =0xC0F18018 \n"
 346 "       MOV     R1, #0 \n"
 347 "       BL      sub_FF835810 \n"
 348 "       LDR     R0, =0xC0F1801C \n"
 349 "       MOV     R1, #0x1000 \n"
 350 "       BL      sub_FF835810 \n"
 351 "       LDR     R0, =0xC0F18020 \n"
 352 "       MOV     R1, #8 \n"
 353 "       BL      sub_FF835810 \n"
 354 "       LDR     R0, =0xC022D06C \n"
 355 "       MOV     R1, #0xE000000 \n"
 356 "       BL      sub_FF835810 \n"
 357 "       BL      sub_FF8164C0 \n"
 358 "       BL      sub_FF832278 \n"
 359 "       BL      sub_FF83D6C8 \n"
 360 "       BL      sub_FF83ADD4 \n"
 361 "       BL  CreateTask_spytask\n"
 362 "       BL      sub_FF83D848 \n"
 363 //"     BL      sub_FF834538 \n"
 364 "       BL        taskcreatePhySw_my\n" //patched
 365 "       BL      sub_FF838D30 \n"
 366 "       BL      sub_FF83D860 \n"
 367 "       BL      sub_FF831670 \n"
 368 "       BL      sub_FF8332A8 \n"
 369 "       BL      sub_FF83D220 \n"
 370 "       BL      sub_FF8338F0 \n"
 371 "       BL      sub_FF833244 \n"
 372 "       BL      sub_FF8322AC \n"
 373 "       BL      sub_FF83E460 \n"
 374 "       BL      sub_FF833208 \n"
 375 "       LDMFD   SP!, {R4,LR} \n"
 376 "       B       sub_FF8166A8 \n"
 377         );
 378 }
 379 
 380 
 381 
 382 
 383 //** taskcreatePhySw_my  @ 0xFF834538
 384 
 385 void __attribute__((naked,noinline)) taskcreatePhySw_my(  ) {
 386 asm volatile (
 387 "       STMFD   SP!, {R3-R5,LR} \n"
 388 "       LDR     R4, =0x1C44 \n"
 389 "       LDR     R0, [R4, #4] \n"
 390 "       CMP     R0, #0 \n"
 391 "       BNE     sub_FF83456C \n"   // continue in firmware
 392 "       MOV     R3, #0 \n"
 393 "       STR     R3, [SP] \n"
 394 //"     LDR     R3, =0xFF834504 \n"
 395 //"     MOV     R2, #0x800 \n"
 396 
 397 "       LDR  R3, =mykbd_task\n" //later
 398 "       MOV  R2, #0x2000\n"             //stack size for new task_PhySw so we don't have to do stack switch
 399 "       B       sub_ff83455c \n" // continue in firmware
 400         );
 401 }
 402 
 403 /*----------------------------------------------------------------------
 404         spytask
 405 -----------------------------------------------------------------------*/
 406 void spytask(long ua, long ub, long uc, long ud, long ue, long uf)
 407 {
 408     core_spytask();
 409 }
 410 
 411 /*----------------------------------------------------------------------
 412         CreateTask_spytask
 413 -----------------------------------------------------------------------*/
 414 void CreateTask_spytask() {
 415         _CreateTask("SpyTask", 0x19, 0x2000, spytask, 0);
 416 }
 417 
 418 ///*----------------------------------------------------------------------
 419 //** init_file_modules_task  @ 0xFF89D020
 420 
 421 void __attribute__((naked,noinline)) init_file_modules_task(  ) {
 422 asm volatile (
 423 "       STMFD   SP!, {R4-R6,LR} \n"
 424 "       BL      sub_FF89504C \n"
 425 "       LDR     R5, =0x5006 \n"
 426 "       MOVS    R4, R0 \n"
 427 "       MOVNE   R1, #0 \n"
 428 "       MOVNE   R0, R5 \n"
 429 "       BLNE    sub_FF898F44 \n"
 430 "       BL      sub_FF895078 \n"
 431 "       BL  core_spytask_can_start\n"   //added CHDK: Set "it's-safe-to-start"-Flag for spytask
 432 "       B       sub_FF89D040\n"                         //continue in firmware
 433 
 434         );
 435 }

/* [<][>][^][v][top][bottom][index][help] */