This source file includes following definitions.
- taskHook
- boot
- sub_FF810358_my
- sub_FF8111B0_my
- sub_FF815EE0_my
- taskcreate_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- spytask
- CreateTask_spytask
- init_file_modules_task
1
2 #include "lolevel.h"
3 #include "platform.h"
4 #include "core.h"
5 #include "dryos31.h"
6
7 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
8
9 const char * const new_sa = &_end;
10
11
12 void CreateTask_PhySw();
13 void CreateTask_spytask();
14
15 extern void task_CaptSeq();
16 extern void task_InitFileModules();
17 extern void task_MovieRecord();
18 extern void task_ExpDrv();
19
20 void taskHook(context_t **context)
21 {
22 task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
23
24
25 if(tcb->entry == (void*)task_CaptSeq) tcb->entry = (void*)capt_seq_task;
26 if(tcb->entry == (void*)task_InitFileModules) tcb->entry = (void*)init_file_modules_task;
27 if(tcb->entry == (void*)task_MovieRecord) tcb->entry = (void*)movie_record_task;
28 if(tcb->entry == (void*)task_ExpDrv) tcb->entry = (void*)exp_drv_task;
29 }
30
31
32
33
34
35
36
37
38 void __attribute__((naked,noinline)) boot( ) {
39 asm volatile (
40 " LDR R1, =0xC0410000 \n"
41 " MOV R0, #0 \n"
42 " STR R0, [R1] \n"
43 " MOV R1, #0x78 \n"
44 " MCR p15, 0, R1, c1, c0 \n"
45 " MOV R1, #0 \n"
46 " MCR p15, 0, R1, c7, c10, 4 \n"
47 " MCR p15, 0, R1, c7, c5 \n"
48 " MCR p15, 0, R1, c7, c6 \n"
49 " MOV R0, #0x3D \n"
50 " MCR p15, 0, R0, c6, c0 \n"
51 " MOV R0, #0xC000002F \n"
52 " MCR p15, 0, R0, c6, c1 \n"
53 " MOV R0, #0x35 \n"
54 " MCR p15, 0, R0, c6, c2 \n"
55 " MOV R0, #0x40000035 \n"
56 " MCR p15, 0, R0, c6, c3 \n"
57 " MOV R0, #0x80000017 \n"
58 " MCR p15, 0, R0, c6, c4 \n"
59 " LDR R0, =0xFF80002D \n"
60 " MCR p15, 0, R0, c6, c5 \n"
61 " MOV R0, #0x34 \n"
62 " MCR p15, 0, R0, c2, c0 \n"
63 " MOV R0, #0x34 \n"
64 " MCR p15, 0, R0, c2, c0, 1 \n"
65 " MOV R0, #0x34 \n"
66 " MCR p15, 0, R0, c3, c0 \n"
67 " LDR R0, =0x3333330 \n"
68 " MCR p15, 0, R0, c5, c0, 2 \n"
69 " LDR R0, =0x3333330 \n"
70 " MCR p15, 0, R0, c5, c0, 3 \n"
71 " MRC p15, 0, R0, c1, c0 \n"
72 " ORR R0, R0, #0x1000 \n"
73 " ORR R0, R0, #4 \n"
74 " ORR R0, R0, #1 \n"
75 " MCR p15, 0, R0, c1, c0 \n"
76 " MOV R1, #0x80000006 \n"
77 " MCR p15, 0, R1, c9, c1 \n"
78 " MOV R1, #6 \n"
79 " MCR p15, 0, R1, c9, c1, 1 \n"
80 " MRC p15, 0, R1, c1, c0 \n"
81 " ORR R1, R1, #0x50000 \n"
82 " MCR p15, 0, R1, c1, c0 \n"
83 " LDR R2, =0xC0200000 \n"
84 " MOV R1, #1 \n"
85 " STR R1, [R2, #0x10C] \n"
86 " MOV R1, #0xFF \n"
87 " STR R1, [R2, #0xC] \n"
88 " STR R1, [R2, #0x1C] \n"
89 " STR R1, [R2, #0x2C] \n"
90 " STR R1, [R2, #0x3C] \n"
91 " STR R1, [R2, #0x4C] \n"
92 " STR R1, [R2, #0x5C] \n"
93 " STR R1, [R2, #0x6C] \n"
94 " STR R1, [R2, #0x7C] \n"
95 " STR R1, [R2, #0x8C] \n"
96 " STR R1, [R2, #0x9C] \n"
97 " STR R1, [R2, #0xAC] \n"
98 " STR R1, [R2, #0xBC] \n"
99 " STR R1, [R2, #0xCC] \n"
100 " STR R1, [R2, #0xDC] \n"
101 " STR R1, [R2, #0xEC] \n"
102 " STR R1, [R2, #0xFC] \n"
103 " LDR R1, =0xC0400008 \n"
104 " LDR R2, =0x430005 \n"
105 " STR R2, [R1] \n"
106 " MOV R1, #1 \n"
107 " LDR R2, =0xC0243100 \n"
108 " STR R2, [R1] \n"
109 " LDR R2, =0xC0242010 \n"
110 " LDR R1, [R2] \n"
111 " ORR R1, R1, #1 \n"
112 " STR R1, [R2] \n"
113 " LDR R0, =0xFFC7EDD8 \n"
114 " LDR R1, =0x1900 \n"
115 " LDR R3, =0x102C0 \n"
116 "loc_FF81013C:\n"
117 " CMP R1, R3 \n"
118 " LDRCC R2, [R0], #4 \n"
119 " STRCC R2, [R1], #4 \n"
120 " BCC loc_FF81013C \n"
121 " LDR R1, =0x1745BC \n"
122 " MOV R2, #0 \n"
123 "loc_FF810154:\n"
124 " CMP R3, R1 \n"
125 " STRCC R2, [R3], #4 \n"
126 " BCC loc_FF810154 \n"
127 " B sub_FF810358_my \n"
128 );
129 }
130
131
132
133 void __attribute__((naked,noinline)) sub_FF810358_my( ) {
134
135 *(int*)0x1938=(int)taskHook;
136 *(int*)0x193C=(int)taskHook;
137
138
139 if ((*(int*) 0xC0220004) & 1)
140 *(int*)(0x25E4) = 0x200000;
141 else
142 *(int*)(0x25E4) = 0x100000;
143
144 asm volatile (
145 " LDR R0, =0xFF8103D0 \n"
146 " MOV R1, #0 \n"
147 " LDR R3, =0xFF810408 \n"
148 "loc_FF810364:\n"
149 " CMP R0, R3 \n"
150 " LDRCC R2, [R0], #4 \n"
151 " STRCC R2, [R1], #4 \n"
152 " BCC loc_FF810364 \n"
153 " LDR R0, =0xFF810408 \n"
154 " MOV R1, #0x4B0 \n"
155 " LDR R3, =0xFF81061C \n"
156 "loc_FF810380:\n"
157 " CMP R0, R3 \n"
158 " LDRCC R2, [R0], #4 \n"
159 " STRCC R2, [R1], #4 \n"
160 " BCC loc_FF810380 \n"
161 " MOV R0, #0xD2 \n"
162 " MSR CPSR_cxsf, R0 \n"
163 " MOV SP, #0x1000 \n"
164 " MOV R0, #0xD3 \n"
165 " MSR CPSR_cxsf, R0 \n"
166 " MOV SP, #0x1000 \n"
167 " LDR R0, =0x6C4 \n"
168 " LDR R2, =0xEEEEEEEE \n"
169 " MOV R3, #0x1000 \n"
170 "loc_FF8103B4:\n"
171 " CMP R0, R3 \n"
172 " STRCC R2, [R0], #4 \n"
173 " BCC loc_FF8103B4 \n"
174 " BL sub_FF8111B0_my \n"
175 );
176 }
177
178
179
180 void __attribute__((naked,noinline)) sub_FF8111B0_my( ) {
181 asm volatile (
182 " STR LR, [SP, #-4]! \n"
183 " SUB SP, SP, #0x74 \n"
184 " MOV R1, #0x74 \n"
185 " MOV R0, SP \n"
186 " BL sub_FFB94344 \n"
187 " MOV R0, #0x53000 \n"
188 " STR R0, [SP, #4] \n"
189 #if defined(CHDK_NOT_IN_CANON_HEAP)
190 " LDR R0, =0x1745BC\n"
191 #else
192 " LDR R0, =new_sa\n"
193 " LDR R0, [R0]\n"
194 #endif
195
196 " LDR R2, =0x371F80 \n"
197 " STR R0, [SP, #8] \n"
198 " SUB R0, R2, R0 \n"
199 " STR R0, [SP, #0xC] \n"
200 " MOV R0, #0x22 \n"
201 " STR R0, [SP, #0x18] \n"
202 " MOV R0, #0x68 \n"
203 " STR R0, [SP, #0x1C] \n"
204 " LDR R1, =0x379C00 \n"
205 " LDR R0, =0x19B \n"
206 " STR R1, [SP] \n"
207 " STR R0, [SP, #0x20] \n"
208 " MOV R0, #0x96 \n"
209 " STR R2, [SP, #0x10] \n"
210 " STR R1, [SP, #0x14] \n"
211 " STR R0, [SP, #0x24] \n"
212 " STR R0, [SP, #0x28] \n"
213 " MOV R0, #0x64 \n"
214 " STR R0, [SP, #0x2C] \n"
215 " MOV R0, #0 \n"
216 " STR R0, [SP, #0x30] \n"
217 " STR R0, [SP, #0x34] \n"
218 " MOV R0, #0x10 \n"
219 " STR R0, [SP, #0x5C] \n"
220 " MOV R0, #0x800 \n"
221 " STR R0, [SP, #0x60] \n"
222 " MOV R0, #0xA0 \n"
223 " STR R0, [SP, #0x64] \n"
224 " MOV R0, #0x280 \n"
225 " STR R0, [SP, #0x68] \n"
226
227 " LDR R1, =sub_FF815EE0_my \n"
228 " B sub_FF81124C \n"
229 );
230 }
231
232
233
234
235 void __attribute__((naked,noinline)) sub_FF815EE0_my( ) {
236 asm volatile (
237 " STMFD SP!, {R4,LR} \n"
238 " BL sub_FF810B28 \n"
239 " BL sub_FF81A374 \n"
240 " CMP R0, #0 \n"
241 " LDRLT R0, =0xFF815FF4 \n"
242 " BLLT sub_FF815FD4 \n"
243 " BL sub_FF815B18 \n"
244 " CMP R0, #0 \n"
245 " LDRLT R0, =0xFF815FFC \n"
246 " BLLT sub_FF815FD4 \n"
247 " LDR R0, =0xFF81600C \n"
248 " BL sub_FF815C00 \n"
249 " CMP R0, #0 \n"
250 " LDRLT R0, =0xFF816014 \n"
251 " BLLT sub_FF815FD4 \n"
252 " LDR R0, =0xFF81600C \n"
253 " BL sub_FF813CA8 \n"
254 " CMP R0, #0 \n"
255 " LDRLT R0, =0xFF816028 \n"
256 " BLLT sub_FF815FD4 \n"
257 " BL sub_FF819D00 \n"
258 " CMP R0, #0 \n"
259 " LDRLT R0, =0xFF816034 \n"
260 " BLLT sub_FF815FD4 \n"
261 " BL sub_FF811690 \n"
262 " CMP R0, #0 \n"
263 " LDRLT R0, =0xFF816040 \n"
264 " BLLT sub_FF815FD4 \n"
265 " LDMFD SP!, {R4,LR} \n"
266 " B taskcreate_Startup_my\n"
267 );
268 }
269
270
271
272
273 void __attribute__((naked,noinline)) taskcreate_Startup_my( ) {
274 asm volatile (
275 " STMFD SP!, {R3-R9,LR} \n"
276 " MOV R6, #0 \n"
277 " BL sub_FF834690 \n"
278 " BL sub_FF83D464 \n"
279 " LDR R9, =0xC0220000 \n"
280 " MOVS R7, R0 \n"
281 " MOV R8, #1 \n"
282 " BNE loc_FF81FD14 \n"
283 " BL sub_FF836DC4 \n"
284 " CMP R0, #0 \n"
285 " BEQ loc_FF81FD14 \n"
286 " LDR R0, [R9] \n"
287 " BIC R5, R8, R0 \n"
288 " LDR R0, [R9, #4] \n"
289 " BIC R4, R8, R0 \n"
290 " BL sub_FF833964 \n"
291 " CMP R0, #1 \n"
292 " MOVEQ R6, #1 \n"
293 " ORR R0, R4, R5 \n"
294 " ORRS R0, R0, R6 \n"
295 " BNE loc_FF81FD24 \n"
296 " BL sub_FF833CE8 \n"
297 " MOV R0, #0x44 \n"
298 " STR R0, [R9, #0x1C] \n"
299 " BL sub_FF833ED4 \n"
300 "loc_FF81FD10:\n"
301 " B loc_FF81FD10 \n"
302 "loc_FF81FD14:\n"
303 " LDR R0, [R9, #4] \n"
304 " BIC R4, R8, R0 \n"
305 " LDR R0, [R9] \n"
306 " BIC R5, R8, R0 \n"
307 "loc_FF81FD24:\n"
308 " MOV R3, R6 \n"
309 " MOV R2, R7 \n"
310 " MOV R1, R5 \n"
311 " MOV R0, R4 \n"
312
313 " BL sub_FF834694 \n"
314 " BL sub_FF83B630 \n"
315 " LDR R1, =0x3CE000 \n"
316 " MOV R0, #0 \n"
317 " BL sub_FF83BAA0 \n"
318 " BL sub_FF83B848 \n"
319 " MOV R3, #0 \n"
320 " STR R3, [SP] \n"
321 " LDR R3, =task_Startup_my\n"
322 " B sub_FF81FD5C\n"
323 );
324 }
325
326
327
328
329 void __attribute__((naked,noinline)) task_Startup_my( ) {
330 asm volatile (
331 " STMFD SP!, {R4,LR} \n"
332 " BL sub_FF816588 \n"
333 " BL sub_FF835804 \n"
334 " BL sub_FF8339A0 \n"
335 " BL sub_FF83D4AC \n"
336 " BL sub_FF83D698 \n"
337
338 " BL sub_FF83D844 \n"
339 " BL sub_FF816488 \n"
340 " BL sub_FF836524 \n"
341 " LDR R1, =0x7C007C00 \n"
342 " LDR R0, =0xC0F1800C \n"
343 " BL sub_FF835810 \n"
344 " LDR R0, =0xC0F18010 \n"
345 " MOV R1, #0 \n"
346 " BL sub_FF835810 \n"
347 " LDR R0, =0xC0F18018 \n"
348 " MOV R1, #0 \n"
349 " BL sub_FF835810 \n"
350 " LDR R0, =0xC0F1801C \n"
351 " MOV R1, #0x1000 \n"
352 " BL sub_FF835810 \n"
353 " LDR R0, =0xC0F18020 \n"
354 " MOV R1, #8 \n"
355 " BL sub_FF835810 \n"
356 " LDR R0, =0xC022D06C \n"
357 " MOV R1, #0xE000000 \n"
358 " BL sub_FF835810 \n"
359 " BL sub_FF8164C0 \n"
360 " BL sub_FF832278 \n"
361 " BL sub_FF83D6C8 \n"
362 " BL sub_FF83ADD4 \n"
363 " BL CreateTask_spytask\n"
364 " BL sub_FF83D848 \n"
365
366 " BL taskcreatePhySw_my\n"
367 " BL sub_FF838D30 \n"
368 " BL sub_FF83D860 \n"
369 " BL sub_FF831670 \n"
370 " BL sub_FF8332A8 \n"
371 " BL sub_FF83D220 \n"
372 " BL sub_FF8338F0 \n"
373 " BL sub_FF833244 \n"
374 " BL sub_FF8322AC \n"
375 " BL sub_FF83E460 \n"
376 " BL sub_FF833208 \n"
377 " LDMFD SP!, {R4,LR} \n"
378 " B sub_FF8166A8 \n"
379 );
380 }
381
382
383
384
385
386
387 void __attribute__((naked,noinline)) taskcreatePhySw_my( ) {
388 asm volatile (
389 " STMFD SP!, {R3-R5,LR} \n"
390 " LDR R4, =0x1C44 \n"
391 " LDR R0, [R4, #4] \n"
392 " CMP R0, #0 \n"
393 " BNE sub_FF83456C \n"
394 " MOV R3, #0 \n"
395 " STR R3, [SP] \n"
396
397
398
399 " LDR R3, =mykbd_task\n"
400 " MOV R2, #0x2000\n"
401 " B sub_ff83455c \n"
402 );
403 }
404
405
406
407
408 void spytask(long ua, long ub, long uc, long ud, long ue, long uf)
409 {
410 (void)ua; (void)ub; (void)uc; (void)ud; (void)ue; (void)uf;
411 core_spytask();
412 }
413
414
415
416
417 void CreateTask_spytask() {
418 _CreateTask("SpyTask", 0x19, 0x2000, spytask, 0);
419 }
420
421
422
423
424 void __attribute__((naked,noinline)) init_file_modules_task( ) {
425 asm volatile (
426 " STMFD SP!, {R4-R6,LR} \n"
427 " BL sub_FF89504C \n"
428 " LDR R5, =0x5006 \n"
429 " MOVS R4, R0 \n"
430 " MOVNE R1, #0 \n"
431 " MOVNE R0, R5 \n"
432 " BLNE sub_FF898F44 \n"
433 " BL sub_FF895078 \n"
434 " BL core_spytask_can_start\n"
435 " B sub_FF89D040\n"
436 );
437 }