This source file includes following definitions.
- taskHook
- boot
- sub_FF810358_my
- sub_FF8111B0_my
- sub_FF815EE0_my
- taskcreate_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- spytask
- CreateTask_spytask
- init_file_modules_task
1 #include "lolevel.h"
2 #include "platform.h"
3 #include "core.h"
4 #include "dryos31.h"
5
6 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
7
8 const char * const new_sa = &_end;
9
10
11 void CreateTask_PhySw();
12 void CreateTask_spytask();
13
14 extern void task_CaptSeq();
15 extern void task_InitFileModules();
16 extern void task_MovieRecord();
17 extern void task_ExpDrv();
18
19 void taskHook(context_t **context)
20 {
21 task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context));
22
23
24 if(tcb->entry == (void*)task_CaptSeq) tcb->entry = (void*)capt_seq_task;
25 if(tcb->entry == (void*)task_InitFileModules) tcb->entry = (void*)init_file_modules_task;
26 if(tcb->entry == (void*)task_MovieRecord) tcb->entry = (void*)movie_record_task;
27 if(tcb->entry == (void*)task_ExpDrv) tcb->entry = (void*)exp_drv_task;
28 }
29
30
31
32
33
34
35
36 void __attribute__((naked,noinline)) boot( ) {
37 asm volatile (
38 " LDR R1, =0xC0410000 \n"
39 " MOV R0, #0 \n"
40 " STR R0, [R1] \n"
41 " MOV R1, #0x78 \n"
42 " MCR p15, 0, R1, c1, c0 \n"
43 " MOV R1, #0 \n"
44 " MCR p15, 0, R1, c7, c10, 4 \n"
45 " MCR p15, 0, R1, c7, c5 \n"
46 " MCR p15, 0, R1, c7, c6 \n"
47 " MOV R0, #0x3D \n"
48 " MCR p15, 0, R0, c6, c0 \n"
49 " MOV R0, #0xC000002F \n"
50 " MCR p15, 0, R0, c6, c1 \n"
51 " MOV R0, #0x35 \n"
52 " MCR p15, 0, R0, c6, c2 \n"
53 " MOV R0, #0x40000035 \n"
54 " MCR p15, 0, R0, c6, c3 \n"
55 " MOV R0, #0x80000017 \n"
56 " MCR p15, 0, R0, c6, c4 \n"
57 " LDR R0, =0xFF80002D \n"
58 " MCR p15, 0, R0, c6, c5 \n"
59 " MOV R0, #0x34 \n"
60 " MCR p15, 0, R0, c2, c0 \n"
61 " MOV R0, #0x34 \n"
62 " MCR p15, 0, R0, c2, c0, 1 \n"
63 " MOV R0, #0x34 \n"
64 " MCR p15, 0, R0, c3, c0 \n"
65 " LDR R0, =0x3333330 \n"
66 " MCR p15, 0, R0, c5, c0, 2 \n"
67 " LDR R0, =0x3333330 \n"
68 " MCR p15, 0, R0, c5, c0, 3 \n"
69 " MRC p15, 0, R0, c1, c0 \n"
70 " ORR R0, R0, #0x1000 \n"
71 " ORR R0, R0, #4 \n"
72 " ORR R0, R0, #1 \n"
73 " MCR p15, 0, R0, c1, c0 \n"
74 " MOV R1, #0x80000006 \n"
75 " MCR p15, 0, R1, c9, c1 \n"
76 " MOV R1, #6 \n"
77 " MCR p15, 0, R1, c9, c1, 1 \n"
78 " MRC p15, 0, R1, c1, c0 \n"
79 " ORR R1, R1, #0x50000 \n"
80 " MCR p15, 0, R1, c1, c0 \n"
81 " LDR R2, =0xC0200000 \n"
82 " MOV R1, #1 \n"
83 " STR R1, [R2, #0x10C] \n"
84 " MOV R1, #0xFF \n"
85 " STR R1, [R2, #0xC] \n"
86 " STR R1, [R2, #0x1C] \n"
87 " STR R1, [R2, #0x2C] \n"
88 " STR R1, [R2, #0x3C] \n"
89 " STR R1, [R2, #0x4C] \n"
90 " STR R1, [R2, #0x5C] \n"
91 " STR R1, [R2, #0x6C] \n"
92 " STR R1, [R2, #0x7C] \n"
93 " STR R1, [R2, #0x8C] \n"
94 " STR R1, [R2, #0x9C] \n"
95 " STR R1, [R2, #0xAC] \n"
96 " STR R1, [R2, #0xBC] \n"
97 " STR R1, [R2, #0xCC] \n"
98 " STR R1, [R2, #0xDC] \n"
99 " STR R1, [R2, #0xEC] \n"
100 " STR R1, [R2, #0xFC] \n"
101 " LDR R1, =0xC0400008 \n"
102 " LDR R2, =0x430005 \n"
103 " STR R2, [R1] \n"
104 " MOV R1, #1 \n"
105 " LDR R2, =0xC0243100 \n"
106 " STR R2, [R1] \n"
107 " LDR R2, =0xC0242010 \n"
108 " LDR R1, [R2] \n"
109 " ORR R1, R1, #1 \n"
110 " STR R1, [R2] \n"
111 " LDR R0, =0xFFC7EDE0 \n"
112 " LDR R1, =0x1900 \n"
113 " LDR R3, =0x102C0 \n"
114 "loc_FF81013C:\n"
115 " CMP R1, R3 \n"
116 " LDRCC R2, [R0], #4 \n"
117 " STRCC R2, [R1], #4 \n"
118 " BCC loc_FF81013C \n"
119 " LDR R1, =0x1745BC \n"
120 " MOV R2, #0 \n"
121 "loc_FF810154:\n"
122 " CMP R3, R1 \n"
123 " STRCC R2, [R3], #4 \n"
124 " BCC loc_FF810154 \n"
125 " B sub_FF810358_my \n"
126 );
127 }
128
129
130
131 void __attribute__((naked,noinline)) sub_FF810358_my( ) {
132
133 *(int*)0x1938=(int)taskHook;
134 *(int*)0x193C=(int)taskHook;
135
136
137 if ((*(int*) 0xC0220004) & 1)
138 *(int*)(0x25E4) = 0x200000;
139 else
140 *(int*)(0x25E4) = 0x100000;
141
142 asm volatile (
143 " LDR R0, =0xFF8103D0 \n"
144 " MOV R1, #0 \n"
145 " LDR R3, =0xFF810408 \n"
146 "loc_FF810364:\n"
147 " CMP R0, R3 \n"
148 " LDRCC R2, [R0], #4 \n"
149 " STRCC R2, [R1], #4 \n"
150 " BCC loc_FF810364 \n"
151 " LDR R0, =0xFF810408 \n"
152 " MOV R1, #0x4B0 \n"
153 " LDR R3, =0xFF81061C \n"
154 "loc_FF810380:\n"
155 " CMP R0, R3 \n"
156 " LDRCC R2, [R0], #4 \n"
157 " STRCC R2, [R1], #4 \n"
158 " BCC loc_FF810380 \n"
159 " MOV R0, #0xD2 \n"
160 " MSR CPSR_cxsf, R0 \n"
161 " MOV SP, #0x1000 \n"
162 " MOV R0, #0xD3 \n"
163 " MSR CPSR_cxsf, R0 \n"
164 " MOV SP, #0x1000 \n"
165 " LDR R0, =0x6C4 \n"
166 " LDR R2, =0xEEEEEEEE \n"
167 " MOV R3, #0x1000 \n"
168 "loc_FF8103B4:\n"
169 " CMP R0, R3 \n"
170 " STRCC R2, [R0], #4 \n"
171 " BCC loc_FF8103B4 \n"
172 " BL sub_FF8111B0_my \n"
173 );
174 }
175
176
177
178 void __attribute__((naked,noinline)) sub_FF8111B0_my( ) {
179 asm volatile (
180 " STR LR, [SP, #-4]! \n"
181 " SUB SP, SP, #0x74 \n"
182 " MOV R1, #0x74 \n"
183 " MOV R0, SP \n"
184 " BL sub_FFB94350 \n"
185 " MOV R0, #0x53000 \n"
186 " STR R0, [SP, #4] \n"
187 #if defined(CHDK_NOT_IN_CANON_HEAP)
188 " LDR R0, =0x1745BC\n"
189 #else
190 " LDR R0, =new_sa\n"
191 " LDR R0, [R0]\n"
192 #endif
193
194 " LDR R2, =0x371F80 \n"
195 " STR R0, [SP, #8] \n"
196 " SUB R0, R2, R0 \n"
197 " STR R0, [SP, #0xC] \n"
198 " MOV R0, #0x22 \n"
199 " STR R0, [SP, #0x18] \n"
200 " MOV R0, #0x68 \n"
201 " STR R0, [SP, #0x1C] \n"
202 " LDR R1, =0x379C00 \n"
203 " LDR R0, =0x19B \n"
204 " STR R1, [SP] \n"
205 " STR R0, [SP, #0x20] \n"
206 " MOV R0, #0x96 \n"
207 " STR R2, [SP, #0x10] \n"
208 " STR R1, [SP, #0x14] \n"
209 " STR R0, [SP, #0x24] \n"
210 " STR R0, [SP, #0x28] \n"
211 " MOV R0, #0x64 \n"
212 " STR R0, [SP, #0x2C] \n"
213 " MOV R0, #0 \n"
214 " STR R0, [SP, #0x30] \n"
215 " STR R0, [SP, #0x34] \n"
216 " MOV R0, #0x10 \n"
217 " STR R0, [SP, #0x5C] \n"
218 " MOV R0, #0x800 \n"
219 " STR R0, [SP, #0x60] \n"
220 " MOV R0, #0xA0 \n"
221 " STR R0, [SP, #0x64] \n"
222 " MOV R0, #0x280 \n"
223 " STR R0, [SP, #0x68] \n"
224
225 " LDR R1, =sub_FF815EE0_my \n"
226 " B sub_FF81124C \n"
227 );
228 }
229
230
231
232
233 void __attribute__((naked,noinline)) sub_FF815EE0_my( ) {
234 asm volatile (
235 " STMFD SP!, {R4,LR} \n"
236 " BL sub_FF810B28 \n"
237 " BL sub_FF81A374 \n"
238 " CMP R0, #0 \n"
239 " LDRLT R0, =0xFF815FF4 \n"
240 " BLLT sub_FF815FD4 \n"
241 " BL sub_FF815B18 \n"
242 " CMP R0, #0 \n"
243 " LDRLT R0, =0xFF815FFC \n"
244 " BLLT sub_FF815FD4 \n"
245 " LDR R0, =0xFF81600C \n"
246 " BL sub_FF815C00 \n"
247 " CMP R0, #0 \n"
248 " LDRLT R0, =0xFF816014 \n"
249 " BLLT sub_FF815FD4 \n"
250 " LDR R0, =0xFF81600C \n"
251 " BL sub_FF813CA8 \n"
252 " CMP R0, #0 \n"
253 " LDRLT R0, =0xFF816028 \n"
254 " BLLT sub_FF815FD4 \n"
255 " BL sub_FF819D00 \n"
256 " CMP R0, #0 \n"
257 " LDRLT R0, =0xFF816034 \n"
258 " BLLT sub_FF815FD4 \n"
259 " BL sub_FF811690 \n"
260 " CMP R0, #0 \n"
261 " LDRLT R0, =0xFF816040 \n"
262 " BLLT sub_FF815FD4 \n"
263 " LDMFD SP!, {R4,LR} \n"
264 " B taskcreate_Startup_my\n"
265 );
266 }
267
268
269
270
271 void __attribute__((naked,noinline)) taskcreate_Startup_my( ) {
272 asm volatile (
273 " STMFD SP!, {R3-R9,LR} \n"
274 " MOV R6, #0 \n"
275 " BL sub_FF834690 \n"
276 " BL sub_FF83D464 \n"
277 " LDR R9, =0xC0220000 \n"
278 " MOVS R7, R0 \n"
279 " MOV R8, #1 \n"
280 " BNE loc_FF81FD14 \n"
281 " BL sub_FF836DC4 \n"
282 " CMP R0, #0 \n"
283 " BEQ loc_FF81FD14 \n"
284 " LDR R0, [R9] \n"
285 " BIC R5, R8, R0 \n"
286 " LDR R0, [R9, #4] \n"
287 " BIC R4, R8, R0 \n"
288 " BL sub_FF833964 \n"
289 " CMP R0, #1 \n"
290 " MOVEQ R6, #1 \n"
291 " ORR R0, R4, R5 \n"
292 " ORRS R0, R0, R6 \n"
293 " BNE loc_FF81FD24 \n"
294 " BL sub_FF833CE8 \n"
295 " MOV R0, #0x44 \n"
296 " STR R0, [R9, #0x1C] \n"
297 " BL sub_FF833ED4 \n"
298 "loc_FF81FD10:\n"
299 " B loc_FF81FD10 \n"
300 "loc_FF81FD14:\n"
301 " LDR R0, [R9, #4] \n"
302 " BIC R4, R8, R0 \n"
303 " LDR R0, [R9] \n"
304 " BIC R5, R8, R0 \n"
305 "loc_FF81FD24:\n"
306 " MOV R3, R6 \n"
307 " MOV R2, R7 \n"
308 " MOV R1, R5 \n"
309 " MOV R0, R4 \n"
310
311 " BL sub_FF834694 \n"
312 " BL sub_FF83B630 \n"
313 " LDR R1, =0x3CE000 \n"
314 " MOV R0, #0 \n"
315 " BL sub_FF83BAA0 \n"
316 " BL sub_FF83B848 \n"
317 " MOV R3, #0 \n"
318 " STR R3, [SP] \n"
319 " LDR R3, =task_Startup_my\n"
320 " B sub_FF81FD5C\n"
321 );
322 }
323
324
325
326
327 void __attribute__((naked,noinline)) task_Startup_my( ) {
328 asm volatile (
329 " STMFD SP!, {R4,LR} \n"
330 " BL sub_FF816588 \n"
331 " BL sub_FF835804 \n"
332 " BL sub_FF8339A0 \n"
333 " BL sub_FF83D4AC \n"
334 " BL sub_FF83D698 \n"
335
336 " BL sub_FF83D844 \n"
337 " BL sub_FF816488 \n"
338 " BL sub_FF836524 \n"
339 " LDR R1, =0x7C007C00 \n"
340 " LDR R0, =0xC0F1800C \n"
341 " BL sub_FF835810 \n"
342 " LDR R0, =0xC0F18010 \n"
343 " MOV R1, #0 \n"
344 " BL sub_FF835810 \n"
345 " LDR R0, =0xC0F18018 \n"
346 " MOV R1, #0 \n"
347 " BL sub_FF835810 \n"
348 " LDR R0, =0xC0F1801C \n"
349 " MOV R1, #0x1000 \n"
350 " BL sub_FF835810 \n"
351 " LDR R0, =0xC0F18020 \n"
352 " MOV R1, #8 \n"
353 " BL sub_FF835810 \n"
354 " LDR R0, =0xC022D06C \n"
355 " MOV R1, #0xE000000 \n"
356 " BL sub_FF835810 \n"
357 " BL sub_FF8164C0 \n"
358 " BL sub_FF832278 \n"
359 " BL sub_FF83D6C8 \n"
360 " BL sub_FF83ADD4 \n"
361 " BL CreateTask_spytask\n"
362 " BL sub_FF83D848 \n"
363
364 " BL taskcreatePhySw_my\n"
365 " BL sub_FF838D30 \n"
366 " BL sub_FF83D860 \n"
367 " BL sub_FF831670 \n"
368 " BL sub_FF8332A8 \n"
369 " BL sub_FF83D220 \n"
370 " BL sub_FF8338F0 \n"
371 " BL sub_FF833244 \n"
372 " BL sub_FF8322AC \n"
373 " BL sub_FF83E460 \n"
374 " BL sub_FF833208 \n"
375 " LDMFD SP!, {R4,LR} \n"
376 " B sub_FF8166A8 \n"
377 );
378 }
379
380
381
382
383
384
385 void __attribute__((naked,noinline)) taskcreatePhySw_my( ) {
386 asm volatile (
387 " STMFD SP!, {R3-R5,LR} \n"
388 " LDR R4, =0x1C44 \n"
389 " LDR R0, [R4, #4] \n"
390 " CMP R0, #0 \n"
391 " BNE sub_FF83456C \n"
392 " MOV R3, #0 \n"
393 " STR R3, [SP] \n"
394
395
396
397 " LDR R3, =mykbd_task\n"
398 " MOV R2, #0x2000\n"
399 " B sub_ff83455c \n"
400 );
401 }
402
403
404
405
406 void spytask(long ua, long ub, long uc, long ud, long ue, long uf)
407 {
408 (void)ua; (void)ub; (void)uc; (void)ud; (void)ue; (void)uf;
409 core_spytask();
410 }
411
412
413
414
415 void CreateTask_spytask() {
416 _CreateTask("SpyTask", 0x19, 0x2000, spytask, 0);
417 }
418
419
420
421
422 void __attribute__((naked,noinline)) init_file_modules_task( ) {
423 asm volatile (
424 " STMFD SP!, {R4-R6,LR} \n"
425 " BL sub_FF89504C \n"
426 " LDR R5, =0x5006 \n"
427 " MOVS R4, R0 \n"
428 " MOVNE R1, #0 \n"
429 " MOVNE R0, R5 \n"
430 " BLNE sub_FF898F44 \n"
431 " BL sub_FF895078 \n"
432 " BL core_spytask_can_start\n"
433 " B sub_FF89D040\n"
434
435 );
436 }