This source file includes following definitions.
- CreateTask_spytask
- taskCreateHook
- boot
- sub_FFC001A4_my
- sub_FFC00FA0_my
- uHwSetup_my
- CreateTask_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
- sub_FFC5E36C_my
- sub_FFC412FC_my
- sub_FFC41138_my
- sub_FFC40EC8_my
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7
8 const char * const new_sa = &_end;
9
10
11 extern long wrs_kernel_bss_start;
12 extern long wrs_kernel_bss_end;
13
14
15
16
17 void CreateTask_spytask()
18 {
19 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
20 }
21
22 void taskCreateHook(int *p) {
23 p-=16;
24 if (p[0]==(int)0xFFC4F0F8) p[0]=(int)capt_seq_task;
25 if (p[0]==(int)0xFFC973E4) p[0]=(int)exp_drv_task;
26 if (p[0]==(int)0xFFC4BBBC) p[0]=(int)movie_record_task;
27 if (p[0]==(int)0xFFDD6404) p[0]=(int)filewritetask;
28 if (p[0]==(int)0xFFC657B4) p[0]=(int)init_file_modules_task;
29 }
30
31 void boot()
32 {
33 long *canon_data_src = (void*)0xFFED0D74;
34 long *canon_data_dst = (void*)0x1900;
35 long canon_data_len = 0xDC48 - 0x1900;
36 long *canon_bss_start = (void*)0xDC48;
37 long canon_bss_len = 0xA5304 - 0xDC48;
38
39 long i;
40
41
42
43 asm volatile (
44 "MRC p15, 0, R0,c1,c0\n"
45 "ORR R0, R0, #0x1000\n"
46 "ORR R0, R0, #4\n"
47 "ORR R0, R0, #1\n"
48 "MCR p15, 0, R0,c1,c0\n"
49 :::"r0");
50
51 for(i=0;i<canon_data_len/4;i++)
52 canon_data_dst[i]=canon_data_src[i];
53
54 for(i=0;i<canon_bss_len/4;i++)
55 canon_bss_start[i]=0;
56
57 *(int*)0x1930=(int)taskCreateHook;
58 *(int*)0x1934=(int)taskCreateHook;
59
60
61 asm volatile ("B sub_FFC001A4_my\n");
62 };
63
64
65
66
67 void __attribute__((naked,noinline)) sub_FFC001A4_my() {
68 asm volatile (
69 " LDR R0, =0xFFC0021C \n"
70 " MOV R1, #0 \n"
71 " LDR R3, =0xFFC00254 \n"
72
73 "loc_FFC001B0:\n"
74 " CMP R0, R3 \n"
75 " LDRCC R2, [R0], #4 \n"
76 " STRCC R2, [R1], #4 \n"
77 " BCC loc_FFC001B0 \n"
78 " LDR R0, =0xFFC00254 \n"
79 " MOV R1, #0x4B0 \n"
80 " LDR R3, =0xFFC00468 \n"
81
82 "loc_FFC001CC:\n"
83 " CMP R0, R3 \n"
84 " LDRCC R2, [R0], #4 \n"
85 " STRCC R2, [R1], #4 \n"
86 " BCC loc_FFC001CC \n"
87 " MOV R0, #0xD2 \n"
88 " MSR CPSR_cxsf, R0 \n"
89 " MOV SP, #0x1000 \n"
90 " MOV R0, #0xD3 \n"
91 " MSR CPSR_cxsf, R0 \n"
92 " MOV SP, #0x1000 \n"
93 " LDR R0, =0x6C4 \n"
94 " LDR R2, =0xEEEEEEEE \n"
95 " MOV R3, #0x1000 \n"
96
97 "loc_FFC00200:\n"
98 " CMP R0, R3 \n"
99 " STRCC R2, [R0], #4 \n"
100 " BCC loc_FFC00200 \n"
101 " BL sub_FFC00FA0_my \n"
102 );
103 }
104
105
106
107 void __attribute__((naked,noinline)) sub_FFC00FA0_my() {
108 asm volatile (
109 " STR LR, [SP, #-4]! \n"
110 " SUB SP, SP, #0x74 \n"
111 " MOV R0, SP \n"
112 " MOV R1, #0x74 \n"
113 " BL sub_FFE66B1C \n"
114 " MOV R0, #0x53000 \n"
115 " STR R0, [SP, #4] \n"
116
117 #if defined(CHDK_NOT_IN_CANON_HEAP)
118 " LDR R0, =0xA5304 \n"
119 #else
120 " LDR R0, =new_sa\n"
121 " LDR R0, [R0]\n"
122 #endif
123
124 " LDR R2, =0x279C00 \n"
125 " LDR R1, =0x272968 \n"
126 " STR R0, [SP, #8] \n"
127 " SUB R0, R1, R0 \n"
128 " ADD R3, SP, #0xC \n"
129 " STR R2, [SP] \n"
130 " STMIA R3, {R0-R2} \n"
131 " MOV R0, #0x22 \n"
132 " STR R0, [SP, #0x18] \n"
133 " MOV R0, #0x68 \n"
134 " STR R0, [SP, #0x1C] \n"
135 " LDR R0, =0x19B \n"
136 " MOV R1, #0x64 \n"
137 " STRD R0, [SP, #0x20] \n"
138 " MOV R0, #0x78 \n"
139 " STRD R0, [SP, #0x28] \n"
140 " MOV R0, #0 \n"
141 " STR R0, [SP, #0x30] \n"
142 " STR R0, [SP, #0x34] \n"
143 " MOV R0, #0x10 \n"
144 " STR R0, [SP, #0x5C] \n"
145 " MOV R0, #0x800 \n"
146 " STR R0, [SP, #0x60] \n"
147 " MOV R0, #0xA0 \n"
148 " STR R0, [SP, #0x64] \n"
149 " MOV R0, #0x280 \n"
150 " STR R0, [SP, #0x68] \n"
151 " LDR R1, =uHwSetup_my \n"
152 " MOV R0, SP \n"
153 " MOV R2, #0 \n"
154 " BL sub_FFC02D58 \n"
155 " ADD SP, SP, #0x74 \n"
156 " LDR PC, [SP], #4 \n"
157 );
158 }
159
160
161
162 void __attribute__((naked,noinline)) uHwSetup_my() {
163 asm volatile (
164 " STMFD SP!, {R4,LR} \n"
165 " BL sub_FFC0094C \n"
166 " BL sub_FFC0972C \n"
167 " CMP R0, #0 \n"
168 " LDRLT R0, =0xFFC04EB8 /*'dmSetup'*/ \n"
169 " BLLT _err_init_task \n"
170 " BL sub_FFC049C8 \n"
171 " CMP R0, #0 \n"
172 " LDRLT R0, =0xFFC04EC0 /*'termDriverInit'*/ \n"
173 " BLLT _err_init_task \n"
174 " LDR R0, =0xFFC04ED0 /*'/_term'*/ \n"
175 " BL sub_FFC04AB4 \n"
176 " CMP R0, #0 \n"
177 " LDRLT R0, =0xFFC04ED8 /*'termDeviceCreate'*/ \n"
178 " BLLT _err_init_task \n"
179 " LDR R0, =0xFFC04ED0 /*'/_term'*/ \n"
180 " BL sub_FFC03564 \n"
181 " CMP R0, #0 \n"
182 " LDRLT R0, =0xFFC04EEC /*'stdioSetup'*/ \n"
183 " BLLT _err_init_task \n"
184 " BL sub_FFC092B4 \n"
185 " CMP R0, #0 \n"
186 " LDRLT R0, =0xFFC04EF8 /*'stdlibSetup'*/ \n"
187 " BLLT _err_init_task \n"
188 " BL sub_FFC014B8 \n"
189 " CMP R0, #0 \n"
190 " LDRLT R0, =0xFFC04F04 /*'armlib_setup'*/ \n"
191 " BLLT _err_init_task \n"
192 " LDMFD SP!, {R4,LR} \n"
193 " B CreateTask_Startup_my \n"
194 );
195 }
196
197
198
199 void __attribute__((naked,noinline)) CreateTask_Startup_my() {
200 asm volatile (
201 " STMFD SP!, {R3,LR} \n"
202
203 " BL sub_FFC19C58 \n"
204 " CMP R0, #0 \n"
205 " BNE loc_FFC0CDB4 \n"
206 " BL sub_FFC350A8 \n"
207 " CMP R0, #0 \n"
208 " BNE loc_FFC0CDB4 \n"
209 " LDR R1, =0xC0220000 \n"
210 " MOV R0, #0x44 \n"
211 " STR R0, [R1, #0x4C] \n"
212
213 "loc_FFC0CDB0:\n"
214 " B loc_FFC0CDB0 \n"
215
216 "loc_FFC0CDB4:\n"
217
218
219 " BL sub_FFC17FE0 \n"
220 " LDR R1, =0x2CE000 \n"
221 " MOV R0, #0 \n"
222 " BL sub_FFC18228 \n"
223 " BL sub_FFC181D4 /*_EnableDispatch*/ \n"
224 " MOV R3, #0 \n"
225 " STR R3, [SP] \n"
226 " LDR R3, =task_Startup_my \n"
227 " MOV R2, #0 \n"
228 " MOV R1, #0x19 \n"
229 " LDR R0, =0xFFC0CDFC /*'Startup'*/ \n"
230 " BL _CreateTask \n"
231 " MOV R0, #0 \n"
232 " LDMFD SP!, {R12,PC} \n"
233 );
234 }
235
236
237
238 void __attribute__((naked,noinline)) task_Startup_my() {
239 asm volatile (
240 " STMFD SP!, {R4,LR} \n"
241 " BL sub_FFC051BC \n"
242 " BL sub_FFC12B48 \n"
243 " BL sub_FFC0FE20 \n"
244
245 " BL sub_FFC19E60 \n"
246
247 " BL CreateTask_spytask\n"
248 " BL sub_FFC6234C \n"
249 " BL sub_FFC19EB0 \n"
250 " BL sub_FFC17520 \n"
251 " BL sub_FFC1A018 \n"
252 " BL taskcreatePhySw_my \n"
253 " BL sub_FFC14AB4 \n"
254 " BL sub_FFC1A030 \n"
255
256 " BL sub_FFC10DD0 \n"
257 " BL sub_FFC19A20 \n"
258 " BL sub_FFC1142C \n"
259 " BL sub_FFC10CD0 \n"
260 " BL sub_FFC1A97C \n"
261 " BL sub_FFC10C8C \n"
262 " LDMFD SP!, {R4,LR} \n"
263 );
264 }
265
266
267
268 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
269 asm volatile (
270 " STMFD SP!, {R3-R5,LR} \n"
271 " LDR R4, =0x1BE4 \n"
272 " LDR R0, [R4, #0x10] \n"
273 " CMP R0, #0 \n"
274 " BNE loc_FFC11930 \n"
275 " MOV R3, #0 \n"
276 " STR R3, [SP] \n"
277 " LDR R3, =mykbd_task \n"
278 " MOV R2, #0x800 \n"
279 " MOV R1, #0x17 \n"
280 " LDR R0, =0xFFC11B24 /*'PhySw'*/ \n"
281 " BL sub_FFC0BBB8 /*_CreateTaskStrictly*/ \n"
282 " STR R0, [R4, #0x10] \n"
283
284 "loc_FFC11930:\n"
285 " BL sub_FFC144B4 \n"
286 " LDR R1, =0xF128 \n"
287 " LDMFD SP!, {R3-R5,LR} \n"
288 " MOV R0, #0 \n"
289 " B sub_FFC5BE98 /*_OpLog.Start_FW*/ \n"
290 );
291 }
292
293
294
295 void __attribute__((naked,noinline)) init_file_modules_task() {
296 asm volatile (
297 " STMFD SP!, {R4-R6,LR} \n"
298 " BL sub_FFC5E340 \n"
299 " LDR R5, =0x5006 \n"
300 " MOVS R4, R0 \n"
301 " MOVNE R1, #0 \n"
302 " MOVNE R0, R5 \n"
303 " BLNE _PostLogicalEventToUI \n"
304 " BL sub_FFC5E36C_my \n"
305 " BL core_spytask_can_start\n"
306 " CMP R4, #0 \n"
307 " MOVEQ R0, R5 \n"
308 " LDMEQFD SP!, {R4-R6,LR} \n"
309 " MOVEQ R1, #0 \n"
310 " BEQ _PostLogicalEventToUI \n"
311 " LDMFD SP!, {R4-R6,PC} \n"
312 );
313 }
314
315
316
317 void __attribute__((naked,noinline)) sub_FFC5E36C_my() {
318 asm volatile (
319 " STMFD SP!, {R4,LR} \n"
320 " BL sub_FFC412FC_my \n"
321 " LDR R4, =0x57A0 \n"
322 " LDR R0, [R4, #4] \n"
323 " CMP R0, #0 \n"
324 " BNE loc_FFC5E39C \n"
325 " BL sub_FFC6C348 \n"
326 " BL sub_FFCE4D14 \n"
327 " BL sub_FFC6C348 \n"
328 " BL sub_FFC3ECEC \n"
329 " BL sub_FFC6C358 \n"
330 " BL sub_FFCE4DE0 \n"
331
332 "loc_FFC5E39C:\n"
333 " MOV R0, #1 \n"
334 " STR R0, [R4] \n"
335 " LDMFD SP!, {R4,PC} \n"
336 );
337 }
338
339
340
341 void __attribute__((naked,noinline)) sub_FFC412FC_my() {
342 asm volatile (
343 " STMFD SP!, {R4-R6,LR} \n"
344 " MOV R6, #0 \n"
345 " MOV R0, R6 \n"
346 " BL sub_FFC40DBC \n"
347 " LDR R4, =0x103AC \n"
348 " MOV R5, #0 \n"
349 " LDR R0, [R4, #0x38] \n"
350 " BL sub_FFC417F0 \n"
351 " CMP R0, #0 \n"
352 " LDREQ R0, =0x29E4 \n"
353 " STREQ R5, [R0, #0x10] \n"
354 " STREQ R5, [R0, #0x14] \n"
355 " STREQ R5, [R0, #0x18] \n"
356 " MOV R0, R6 \n"
357 " BL sub_FFC40DFC \n"
358 " MOV R0, R6 \n"
359 " BL sub_FFC41138_my \n"
360 " MOV R5, R0 \n"
361 " MOV R0, R6 \n"
362 " BL sub_FFC411A4 \n"
363 " LDR R1, [R4, #0x3C] \n"
364 " AND R2, R5, R0 \n"
365 " CMP R1, #0 \n"
366 " MOV R0, #0 \n"
367 " MOVEQ R0, #0x80000001 \n"
368 " BEQ loc_FFC41390 \n"
369 " LDR R3, [R4, #0x2C] \n"
370 " CMP R3, #2 \n"
371 " MOVEQ R0, #4 \n"
372 " CMP R1, #5 \n"
373 " ORRNE R0, R0, #1 \n"
374 " BICEQ R0, R0, #1 \n"
375 " CMP R2, #0 \n"
376 " BICEQ R0, R0, #2 \n"
377 " ORREQ R0, R0, #0x80000000 \n"
378 " BICNE R0, R0, #0x80000000 \n"
379 " ORRNE R0, R0, #2 \n"
380
381 "loc_FFC41390:\n"
382 " STR R0, [R4, #0x40] \n"
383 " LDMFD SP!, {R4-R6,PC} \n"
384 );
385 }
386
387
388
389 void __attribute__((naked,noinline)) sub_FFC41138_my() {
390 asm volatile (
391 " STMFD SP!, {R4-R6,LR} \n"
392 " LDR R5, =0x29E4 \n"
393 " MOV R6, R0 \n"
394 " LDR R0, [R5, #0x14] \n"
395 " CMP R0, #0 \n"
396 " MOVNE R0, #1 \n"
397 " LDMNEFD SP!, {R4-R6,PC} \n"
398 " MOV R0, #0x17 \n"
399 " MUL R1, R0, R6 \n"
400 " LDR R0, =0x103AC \n"
401 " ADD R4, R0, R1, LSL#2 \n"
402 " LDR R0, [R4, #0x38] \n"
403 " MOV R1, R6 \n"
404 " BL sub_FFC40EC8_my \n"
405 " CMP R0, #0 \n"
406 " LDMEQFD SP!, {R4-R6,PC} \n"
407 " LDR R0, [R4, #0x38] \n"
408 " MOV R1, R6 \n"
409 " BL sub_FFC41030 \n"
410 " CMP R0, #0 \n"
411 " LDMEQFD SP!, {R4-R6,PC} \n"
412 " MOV R0, R6 \n"
413 " BL sub_FFC409C4 \n"
414 " CMP R0, #0 \n"
415 " MOVNE R1, #1 \n"
416 " STRNE R1, [R5, #0x14] \n"
417 " LDMFD SP!, {R4-R6,PC} \n"
418 );
419 }
420
421
422
423 void __attribute__((naked,noinline)) sub_FFC40EC8_my() {
424 asm volatile (
425 " STMFD SP!, {R4-R8,LR} \n"
426 " MOV R8, R0 \n"
427 " MOV R0, #0x17 \n"
428 " MUL R1, R0, R1 \n"
429 " LDR R0, =0x103AC \n"
430 " MOV R6, #0 \n"
431 " ADD R7, R0, R1, LSL#2 \n"
432 " LDR R0, [R7, #0x3C] \n"
433 " MOV R5, #0 \n"
434 " CMP R0, #6 \n"
435 " ADDLS PC, PC, R0, LSL#2 \n"
436 " B loc_FFC41014 \n"
437 " B loc_FFC40F2C \n"
438 " B loc_FFC40F14 \n"
439 " B loc_FFC40F14 \n"
440 " B loc_FFC40F14 \n"
441 " B loc_FFC40F14 \n"
442 " B loc_FFC4100C \n"
443 " B loc_FFC40F14 \n"
444
445 "loc_FFC40F14:\n"
446 " MOV R2, #0 \n"
447 " MOV R1, #0x200 \n"
448 " MOV R0, #3 \n"
449 " BL _exmem_ualloc \n"
450 " MOVS R4, R0 \n"
451 " BNE loc_FFC40F34 \n"
452
453 "loc_FFC40F2C:\n"
454 " MOV R0, #0 \n"
455 " LDMFD SP!, {R4-R8,PC} \n"
456
457 "loc_FFC40F34:\n"
458 " LDR R12, [R7, #0x4C] \n"
459 " MOV R3, R4 \n"
460 " MOV R2, #1 \n"
461 " MOV R1, #0 \n"
462 " MOV R0, R8 \n"
463 " BLX R12 \n"
464 " CMP R0, #1 \n"
465 " BNE loc_FFC40F60 \n"
466 " MOV R0, #3 \n"
467 " BL _exmem_ufree \n"
468 " B loc_FFC40F2C \n"
469
470 "loc_FFC40F60:\n"
471 " MOV R0, R8 \n"
472 " BL sub_FFD018E4 \n"
473
474 " MOV R1, R4\n"
475 " BL mbr_read_dryos\n"
476
477
478
479
480
481
482 " MOV R12, R4\n"
483 " MOV LR, R4\n"
484 " MOV R1, #1\n"
485 " B dg_sd_fat32_enter\n"
486 "dg_sd_fat32:\n"
487 " CMP R1, #4\n"
488 " BEQ dg_sd_fat32_end\n"
489 " ADD R12, R12, #0x10\n"
490 " ADD R1, R1, #1\n"
491 "dg_sd_fat32_enter:\n"
492 " LDRB R2, [R12, #0x1BE]\n"
493 " LDRB R3, [R12, #0x1C2]\n"
494 " CMP R3, #0xB\n"
495 " CMPNE R3, #0xC\n"
496 " CMPNE R3, #0x7\n"
497 " BNE dg_sd_fat32\n"
498 " CMP R2, #0x00\n"
499 " CMPNE R2, #0x80\n"
500 " BNE dg_sd_fat32\n"
501
502 " MOV R4, R12\n"
503
504 "dg_sd_fat32_end:\n"
505
506
507 " LDRB R1, [R4, #0x1C9] \n"
508 " LDRB R3, [R4, #0x1C8] \n"
509 " LDRB R12, [R4, #0x1CC] \n"
510 " MOV R1, R1, LSL#24 \n"
511 " ORR R1, R1, R3, LSL#16 \n"
512 " LDRB R3, [R4, #0x1C7] \n"
513 " LDRB R2, [R4, #0x1BE] \n"
514
515 " ORR R1, R1, R3, LSL#8 \n"
516 " LDRB R3, [R4, #0x1C6] \n"
517 " CMP R2, #0 \n"
518 " CMPNE R2, #0x80 \n"
519 " ORR R1, R1, R3 \n"
520 " LDRB R3, [R4, #0x1CD] \n"
521 " MOV R3, R3, LSL#24 \n"
522 " ORR R3, R3, R12, LSL#16 \n"
523 " LDRB R12, [R4, #0x1CB] \n"
524 " ORR R3, R3, R12, LSL#8 \n"
525 " LDRB R12, [R4, #0x1CA] \n"
526 " ORR R3, R3, R12 \n"
527
528
529 " LDRB R12, [LR,#0x1FE]\n"
530 " LDRB LR, [LR,#0x1FF]\n"
531
532 " MOV R4, #0 \n"
533 " BNE loc_FFC40FE8 \n"
534 " CMP R0, R1 \n"
535 " BCC loc_FFC40FE8 \n"
536 " ADD R2, R1, R3 \n"
537 " CMP R2, R0 \n"
538 " CMPLS R12, #0x55 \n"
539 " CMPEQ LR, #0xAA \n"
540 " MOVEQ R6, R1 \n"
541 " MOVEQ R5, R3 \n"
542 " MOVEQ R4, #1 \n"
543
544 "loc_FFC40FE8:\n"
545 " MOV R0, #3 \n"
546 " BL _exmem_ufree \n"
547 " CMP R4, #0 \n"
548 " BNE loc_FFC41020 \n"
549 " MOV R6, #0 \n"
550 " MOV R0, R8 \n"
551 " BL sub_FFD018E4 \n"
552 " MOV R5, R0 \n"
553 " B loc_FFC41020 \n"
554
555 "loc_FFC4100C:\n"
556 " MOV R5, #0x40 \n"
557 " B loc_FFC41020 \n"
558
559 "loc_FFC41014:\n"
560 " MOV R1, #0x374 \n"
561 " LDR R0, =0xFFC40EBC /*'Mounter.c'*/ \n"
562 " BL _DebugAssert \n"
563
564 "loc_FFC41020:\n"
565 " STR R6, [R7, #0x44]! \n"
566 " MOV R0, #1 \n"
567 " STR R5, [R7, #4] \n"
568 " LDMFD SP!, {R4-R8,PC} \n"
569 );
570 }