This source file includes following definitions.
- CreateTask_spytask
- taskCreateHook
- boot
- sub_FF8101B8_my
- sub_FF810FCC_my
- uHwSetup_my
- CreateTask_Startup_my
- task_Startup_my
- taskcreatePhySw_my
- init_file_modules_task
- sub_FF8750A4_my
- sub_FF8569D8_my
- sub_FF856814_my
- sub_FF8566AC_my
1
2
3
4 #include "lolevel.h"
5 #include "platform.h"
6 #include "core.h"
7
8 const char * const new_sa = &_end;
9
10
11
12
13 void CreateTask_spytask()
14 {
15 _CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
16 }
17
18 void taskCreateHook(int *p) {
19 p-=16;
20 if (p[0]==(int)0xff866d48) p[0]=(int)capt_seq_task;
21 if (p[0]==(int)0xff8d3888) p[0]=(int)exp_drv_task;
22 if (p[0]==(int)0xffa25bd8) p[0]=(int)filewritetask;
23 if (p[0]==(int)0xff87bff0) p[0]=(int)init_file_modules_task;
24 if (p[0]==(int)0xff862f10) p[0]=(int)movie_record_task;
25 }
26
27 void boot()
28 {
29 long *canon_data_src = (void*)0xFFB07FA8;
30 long *canon_data_dst = (void*)0x1900;
31 long canon_data_len = 0x1056C - 0x1900;
32 long *canon_bss_start = (void*)0x1056C;
33 long canon_bss_len = 0x9B610 - 0x1056C;
34
35 long i;
36
37
38
39 asm volatile (
40 "MRC p15, 0, R0,c1,c0\n"
41 "ORR R0, R0, #0x1000\n"
42 "ORR R0, R0, #4\n"
43 "ORR R0, R0, #1\n"
44 "MCR p15, 0, R0,c1,c0\n"
45 :::"r0");
46
47 for(i=0;i<canon_data_len/4;i++)
48 canon_data_dst[i]=canon_data_src[i];
49
50 for(i=0;i<canon_bss_len/4;i++)
51 canon_bss_start[i]=0;
52
53 *(int*)0x1930=(int)taskCreateHook;
54 *(int*)0x1934=(int)taskCreateHook;
55
56
57 asm volatile ("B sub_FF8101B8_my\n");
58 };
59
60
61
62
63 void __attribute__((naked,noinline)) sub_FF8101B8_my() {
64 asm volatile (
65 " LDR R0, =0xFF810230 \n"
66 " MOV R1, #0 \n"
67 " LDR R3, =0xFF810268 \n"
68
69 "loc_FF8101C4:\n"
70 " CMP R0, R3 \n"
71 " LDRCC R2, [R0], #4 \n"
72 " STRCC R2, [R1], #4 \n"
73 " BCC loc_FF8101C4 \n"
74 " LDR R0, =0xFF810268 \n"
75 " MOV R1, #0x4B0 \n"
76 " LDR R3, =0xFF81047C \n"
77
78 "loc_FF8101E0:\n"
79 " CMP R0, R3 \n"
80 " LDRCC R2, [R0], #4 \n"
81 " STRCC R2, [R1], #4 \n"
82 " BCC loc_FF8101E0 \n"
83 " MOV R0, #0xD2 \n"
84 " MSR CPSR_cxsf, R0 \n"
85 " MOV SP, #0x1000 \n"
86 " MOV R0, #0xD3 \n"
87 " MSR CPSR_cxsf, R0 \n"
88 " MOV SP, #0x1000 \n"
89 " LDR R0, =0x6C4 \n"
90 " LDR R2, =0xEEEEEEEE \n"
91 " MOV R3, #0x1000 \n"
92
93 "loc_FF810214:\n"
94 " CMP R0, R3 \n"
95 " STRCC R2, [R0], #4 \n"
96 " BCC loc_FF810214 \n"
97 " BL sub_FF810FCC_my \n"
98 );
99 }
100
101
102
103 void __attribute__((naked,noinline)) sub_FF810FCC_my() {
104 asm volatile (
105 " STR LR, [SP, #-4]! \n"
106 " SUB SP, SP, #0x74 \n"
107 " MOV R0, SP \n"
108 " MOV R1, #0x74 \n"
109 " BL sub_FFA92D04 \n"
110 " MOV R0, #0x53000 \n"
111 " STR R0, [SP, #4] \n"
112
113 #if defined(CHDK_NOT_IN_CANON_HEAP)
114 " LDR R0, =0x9B610 \n"
115 #else
116 " LDR R0, =new_sa\n"
117 " LDR R0, [R0]\n"
118 #endif
119
120 " LDR R2, =0x2ABC00 \n"
121 " LDR R1, =0x2A4968 \n"
122 " STR R0, [SP, #8] \n"
123 " SUB R0, R1, R0 \n"
124 " ADD R3, SP, #0xC \n"
125 " STR R2, [SP] \n"
126 " STMIA R3, {R0-R2} \n"
127 " MOV R0, #0x22 \n"
128 " STR R0, [SP, #0x18] \n"
129 " MOV R0, #0x68 \n"
130 " STR R0, [SP, #0x1C] \n"
131 " LDR R0, =0x19B \n"
132 " MOV R1, #0x64 \n"
133 " STRD R0, [SP, #0x20] \n"
134 " MOV R0, #0x78 \n"
135 " STRD R0, [SP, #0x28] \n"
136 " MOV R0, #0 \n"
137 " STR R0, [SP, #0x30] \n"
138 " STR R0, [SP, #0x34] \n"
139 " MOV R0, #0x10 \n"
140 " STR R0, [SP, #0x5C] \n"
141 " MOV R0, #0x800 \n"
142 " STR R0, [SP, #0x60] \n"
143 " MOV R0, #0xA0 \n"
144 " STR R0, [SP, #0x64] \n"
145 " MOV R0, #0x280 \n"
146 " STR R0, [SP, #0x68] \n"
147 " LDR R1, =uHwSetup_my \n"
148 " MOV R0, SP \n"
149 " MOV R2, #0 \n"
150 " BL sub_FF812D84 \n"
151 " ADD SP, SP, #0x74 \n"
152 " LDR PC, [SP], #4 \n"
153 );
154 }
155
156
157
158 void __attribute__((naked,noinline)) uHwSetup_my() {
159 asm volatile (
160 " STMFD SP!, {R4,LR} \n"
161 " BL sub_FF810970 \n"
162 " BL sub_FF819898 \n"
163 " CMP R0, #0 \n"
164 " LDRLT R0, =0xFF814F20 /*'dmSetup'*/ \n"
165 " BLLT _err_init_task \n"
166 " BL sub_FF814A30 \n"
167 " CMP R0, #0 \n"
168 " LDRLT R0, =0xFF814F28 /*'termDriverInit'*/ \n"
169 " BLLT _err_init_task \n"
170 " LDR R0, =0xFF814F38 /*'/_term'*/ \n"
171 " BL sub_FF814B1C \n"
172 " CMP R0, #0 \n"
173 " LDRLT R0, =0xFF814F40 /*'termDeviceCreate'*/ \n"
174 " BLLT _err_init_task \n"
175 " LDR R0, =0xFF814F38 /*'/_term'*/ \n"
176 " BL sub_FF813594 \n"
177 " CMP R0, #0 \n"
178 " LDRLT R0, =0xFF814F54 /*'stdioSetup'*/ \n"
179 " BLLT _err_init_task \n"
180 " BL sub_FF819580 \n"
181 " CMP R0, #0 \n"
182 " LDRLT R0, =0xFF814F60 /*'stdlibSetup'*/ \n"
183 " BLLT _err_init_task \n"
184 " BL sub_FF8114E4 \n"
185 " CMP R0, #0 \n"
186 " LDRLT R0, =0xFF814F6C /*'armlib_setup'*/ \n"
187 " BLLT _err_init_task \n"
188 " LDMFD SP!, {R4,LR} \n"
189 " B CreateTask_Startup_my \n"
190 );
191 }
192
193
194
195 void __attribute__((naked,noinline)) CreateTask_Startup_my() {
196 asm volatile (
197 " STMFD SP!, {R3,LR} \n"
198 " BL sub_FF82CEF0 \n"
199 " CMP R0, #0 \n"
200 " BNE loc_FF81DAF4 \n"
201 " BL sub_FF824DCC \n"
202 " CMP R0, #0 \n"
203 " LDREQ R2, =0xC0220000 \n"
204 " LDREQ R0, [R2, #0x10C] \n"
205 " LDREQ R1, [R2, #0x108] \n"
206 " ORREQ R0, R0, R1 \n"
207 " TSTEQ R0, #1 \n"
208 " BNE loc_FF81DAF4 \n"
209 " MOV R0, #0x44 \n"
210 " STR R0, [R2, #0x4C] \n"
211
212 "loc_FF81DAF0:\n"
213 " B loc_FF81DAF0 \n"
214
215 "loc_FF81DAF4:\n"
216 " BL sub_FF84D3CC \n"
217 " BL sub_FF82AA98 \n"
218 " MOV R1, #0x300000 \n"
219 " MOV R0, #0 \n"
220 " BL sub_FF82ACE0 \n"
221 " BL sub_FF82AC8C /*_EnableDispatch*/ \n"
222 " MOV R3, #0 \n"
223 " STR R3, [SP] \n"
224 " LDR R3, =task_Startup_my \n"
225 " MOV R2, #0 \n"
226 " MOV R1, #0x19 \n"
227 " LDR R0, =0xFF81DB44 /*'Startup'*/ \n"
228 " BL _CreateTask \n"
229 " MOV R0, #0 \n"
230 " LDMFD SP!, {R12,PC} \n"
231 );
232 }
233
234
235
236 void __attribute__((naked,noinline)) task_Startup_my() {
237 asm volatile (
238 " STMFD SP!, {R4,LR} \n"
239 " BL sub_FF81521C \n"
240 " BL sub_FF824840 \n"
241 " BL sub_FF820E14 \n"
242
243 " BL sub_FF82D0E0 \n"
244
245 " BL CreateTask_spytask\n"
246 " LDR R4, =0x66A8 \n"
247 " B loc_FF81DA44 \n"
248
249 "loc_FF81DA3C:\n"
250 " SUBS R4, R4, #1 \n"
251 " BEQ loc_FF81DA54 \n"
252
253 "loc_FF81DA44:\n"
254 " MOV R0, #5 \n"
255 " BL sub_FF820F1C \n"
256 " CMP R0, #1 \n"
257 " BEQ loc_FF81DA3C \n"
258
259 "loc_FF81DA54:\n"
260 " MOV R0, #5 \n"
261 " BL sub_FF821314 \n"
262 " SUBS R12, R0, #0x300 \n"
263 " SUBGES R12, R12, #0xF6 \n"
264 " BLE loc_FF81DA78 \n"
265 " BL sub_FF829FD4 \n"
266 " MOV R1, #0xB5 \n"
267 " LDR R0, =0xFF81DB34 /*'Startup.c'*/ \n"
268 " BL _DebugAssert \n"
269
270 "loc_FF81DA78:\n"
271 " BL sub_FF82DB84 \n"
272 " BL sub_FF82D130 \n"
273 " BL sub_FF829FD4 \n"
274 " BL sub_FF82DB94 \n"
275 " BL taskcreatePhySw_my \n"
276 " BL sub_FF826A50 \n"
277 " BL sub_FF82DBB4 \n"
278
279 " BL sub_FF822A60 \n"
280 " BL sub_FF82CCBC \n"
281 " BL sub_FF823188 \n"
282 " BL sub_FF82296C \n"
283 " BL sub_FF82E638 \n"
284 " BL sub_FF8227F0 \n"
285 " LDMFD SP!, {R4,LR} \n"
286 " B sub_FF8150D8 \n"
287 );
288 }
289
290
291
292 void __attribute__((naked,noinline)) taskcreatePhySw_my() {
293 asm volatile (
294 " STMFD SP!, {R3-R5,LR} \n"
295 " LDR R4, =0x1CD0 \n"
296 " LDR R0, [R4, #0xC] \n"
297 " CMP R0, #0 \n"
298 " BNE loc_FF8236D0 \n"
299 " MOV R3, #0 \n"
300 " STR R3, [SP] \n"
301 " LDR R3, =mykbd_task \n"
302 " MOV R2, #0x800 \n"
303 " MOV R1, #0x17 \n"
304 " LDR R0, =0xFF823888 /*'PhySw'*/ \n"
305 " BL sub_FF81BC9C /*_CreateTaskStrictly*/ \n"
306 " STR R0, [R4, #0xC] \n"
307
308 "loc_FF8236D0:\n"
309 " LDMFD SP!, {R3-R5,PC} \n"
310 );
311 }
312
313
314
315 void __attribute__((naked,noinline)) init_file_modules_task() {
316 asm volatile (
317 " STMFD SP!, {R4-R6,LR} \n"
318 " BL sub_FF875078 \n"
319 " LDR R5, =0x5006 \n"
320 " MOVS R4, R0 \n"
321 " MOVNE R1, #0 \n"
322 " MOVNE R0, R5 \n"
323 " BLNE _PostLogicalEventToUI \n"
324 " BL sub_FF8750A4_my \n"
325 " BL core_spytask_can_start\n"
326 " CMP R4, #0 \n"
327 " MOVEQ R0, R5 \n"
328 " LDMEQFD SP!, {R4-R6,LR} \n"
329 " MOVEQ R1, #0 \n"
330 " BEQ _PostLogicalEventToUI \n"
331 " LDMFD SP!, {R4-R6,PC} \n"
332 );
333 }
334
335
336
337 void __attribute__((naked,noinline)) sub_FF8750A4_my() {
338 asm volatile (
339 " STMFD SP!, {R4,LR} \n"
340 " BL sub_FF8569D8_my \n"
341 " LDR R4, =0x5C88 \n"
342 " LDR R0, [R4, #4] \n"
343 " CMP R0, #0 \n"
344 " BNE loc_FF8750D4 \n"
345 " BL sub_FF888240 \n"
346 " BL sub_FF9275B4 \n"
347 " BL sub_FF888240 \n"
348 " BL sub_FF933D88 \n"
349 " BL sub_FF888250 \n"
350 " BL sub_FF92765C \n"
351
352 "loc_FF8750D4:\n"
353 " MOV R0, #1 \n"
354 " STR R0, [R4] \n"
355 " LDMFD SP!, {R4,PC} \n"
356 );
357 }
358
359
360
361 void __attribute__((naked,noinline)) sub_FF8569D8_my() {
362 asm volatile (
363 " STMFD SP!, {R4-R6,LR} \n"
364 " MOV R6, #0 \n"
365 " MOV R0, R6 \n"
366 " BL sub_FF8565A8 \n"
367 " LDR R4, =0x131E4 \n"
368 " MOV R5, #0 \n"
369 " LDR R0, [R4, #0x38] \n"
370 " BL sub_FF856F70 \n"
371 " CMP R0, #0 \n"
372 " LDREQ R0, =0x2EB4 \n"
373 " STREQ R5, [R0, #0xC] \n"
374 " STREQ R5, [R0, #0x10] \n"
375 " STREQ R5, [R0, #0x14] \n"
376 " MOV R0, R6 \n"
377 " BL sub_FF8565E8 \n"
378 " MOV R0, R6 \n"
379 " BL sub_FF856814_my \n"
380 " MOV R5, R0 \n"
381 " MOV R0, R6 \n"
382 " BL sub_FF856880 \n"
383 " LDR R1, [R4, #0x3C] \n"
384 " AND R2, R5, R0 \n"
385 " CMP R1, #0 \n"
386 " MOV R0, #0 \n"
387 " MOVEQ R0, #0x80000001 \n"
388 " BEQ loc_FF856A6C \n"
389 " LDR R3, [R4, #0x2C] \n"
390 " CMP R3, #2 \n"
391 " MOVEQ R0, #4 \n"
392 " CMP R1, #5 \n"
393 " ORRNE R0, R0, #1 \n"
394 " BICEQ R0, R0, #1 \n"
395 " CMP R2, #0 \n"
396 " BICEQ R0, R0, #2 \n"
397 " ORREQ R0, R0, #0x80000000 \n"
398 " BICNE R0, R0, #0x80000000 \n"
399 " ORRNE R0, R0, #2 \n"
400
401 "loc_FF856A6C:\n"
402 " STR R0, [R4, #0x40] \n"
403 " LDMFD SP!, {R4-R6,PC} \n"
404 );
405 }
406
407
408
409 void __attribute__((naked,noinline)) sub_FF856814_my() {
410 asm volatile (
411 " STMFD SP!, {R4-R6,LR} \n"
412 " LDR R5, =0x2EB4 \n"
413 " MOV R6, R0 \n"
414 " LDR R0, [R5, #0x10] \n"
415 " CMP R0, #0 \n"
416 " MOVNE R0, #1 \n"
417 " LDMNEFD SP!, {R4-R6,PC} \n"
418 " MOV R0, #0x17 \n"
419 " MUL R1, R0, R6 \n"
420 " LDR R0, =0x131E4 \n"
421 " ADD R4, R0, R1, LSL#2 \n"
422 " LDR R0, [R4, #0x38] \n"
423 " MOV R1, R6 \n"
424 " BL sub_FF8566AC_my \n"
425 " CMP R0, #0 \n"
426 " LDMEQFD SP!, {R4-R6,PC} \n"
427 " LDR R0, [R4, #0x38] \n"
428 " MOV R1, R6 \n"
429 " BL sub_FF857088 \n"
430 " CMP R0, #0 \n"
431 " LDMEQFD SP!, {R4-R6,PC} \n"
432 " MOV R0, R6 \n"
433 " BL sub_FF8561C8 \n"
434 " CMP R0, #0 \n"
435 " MOVNE R1, #1 \n"
436 " STRNE R1, [R5, #0x10] \n"
437 " LDMFD SP!, {R4-R6,PC} \n"
438 );
439 }
440
441
442
443 void __attribute__((naked,noinline)) sub_FF8566AC_my() {
444 asm volatile (
445 " STMFD SP!, {R4-R8,LR} \n"
446 " MOV R8, R0 \n"
447 " MOV R0, #0x17 \n"
448 " MUL R1, R0, R1 \n"
449 " LDR R0, =0x131E4 \n"
450 " MOV R6, #0 \n"
451 " ADD R7, R0, R1, LSL#2 \n"
452 " LDR R0, [R7, #0x3C] \n"
453 " MOV R5, #0 \n"
454 " CMP R0, #6 \n"
455 " ADDLS PC, PC, R0, LSL#2 \n"
456 " B loc_FF8567F8 \n"
457 " B loc_FF856710 \n"
458 " B loc_FF8566F8 \n"
459 " B loc_FF8566F8 \n"
460 " B loc_FF8566F8 \n"
461 " B loc_FF8566F8 \n"
462 " B loc_FF8567F0 \n"
463 " B loc_FF8566F8 \n"
464
465 "loc_FF8566F8:\n"
466 " MOV R2, #0 \n"
467 " MOV R1, #0x200 \n"
468 " MOV R0, #3 \n"
469 " BL _exmem_ualloc \n"
470 " MOVS R4, R0 \n"
471 " BNE loc_FF856718 \n"
472
473 "loc_FF856710:\n"
474 " MOV R0, #0 \n"
475 " LDMFD SP!, {R4-R8,PC} \n"
476
477 "loc_FF856718:\n"
478 " LDR R12, [R7, #0x4C] \n"
479 " MOV R3, R4 \n"
480 " MOV R2, #1 \n"
481 " MOV R1, #0 \n"
482 " MOV R0, R8 \n"
483 " BLX R12 \n"
484 " CMP R0, #1 \n"
485 " BNE loc_FF856744 \n"
486 " MOV R0, #3 \n"
487 " BL _exmem_ufree \n"
488 " B loc_FF856710 \n"
489
490 "loc_FF856744:\n"
491 " MOV R0, R8 \n"
492 " BL sub_FF9445D4 \n"
493
494 " MOV R1, R4\n"
495 " BL mbr_read_dryos\n"
496
497
498
499
500
501
502 " MOV R12, R4\n"
503 " MOV LR, R4\n"
504 " MOV R1, #1\n"
505 " B dg_sd_fat32_enter\n"
506 "dg_sd_fat32:\n"
507 " CMP R1, #4\n"
508 " BEQ dg_sd_fat32_end\n"
509 " ADD R12, R12, #0x10\n"
510 " ADD R1, R1, #1\n"
511 "dg_sd_fat32_enter:\n"
512 " LDRB R2, [R12, #0x1BE]\n"
513 " LDRB R3, [R12, #0x1C2]\n"
514 " CMP R3, #0xB\n"
515 " CMPNE R3, #0xC\n"
516 " CMPNE R3, #0x7\n"
517 " BNE dg_sd_fat32\n"
518 " CMP R2, #0x00\n"
519 " CMPNE R2, #0x80\n"
520 " BNE dg_sd_fat32\n"
521
522 " MOV R4, R12\n"
523
524 "dg_sd_fat32_end:\n"
525
526
527 " LDRB R1, [R4, #0x1C9] \n"
528 " LDRB R3, [R4, #0x1C8] \n"
529 " LDRB R12, [R4, #0x1CC] \n"
530 " MOV R1, R1, LSL#24 \n"
531 " ORR R1, R1, R3, LSL#16 \n"
532 " LDRB R3, [R4, #0x1C7] \n"
533 " LDRB R2, [R4, #0x1BE] \n"
534
535 " ORR R1, R1, R3, LSL#8 \n"
536 " LDRB R3, [R4, #0x1C6] \n"
537 " CMP R2, #0 \n"
538 " CMPNE R2, #0x80 \n"
539 " ORR R1, R1, R3 \n"
540 " LDRB R3, [R4, #0x1CD] \n"
541 " MOV R3, R3, LSL#24 \n"
542 " ORR R3, R3, R12, LSL#16 \n"
543 " LDRB R12, [R4, #0x1CB] \n"
544 " ORR R3, R3, R12, LSL#8 \n"
545 " LDRB R12, [R4, #0x1CA] \n"
546 " ORR R3, R3, R12 \n"
547
548
549 " LDRB R12, [LR,#0x1FE]\n"
550 " LDRB LR, [LR,#0x1FF]\n"
551
552 " MOV R4, #0 \n"
553 " BNE loc_FF8567CC \n"
554 " CMP R0, R1 \n"
555 " BCC loc_FF8567CC \n"
556 " ADD R2, R1, R3 \n"
557 " CMP R2, R0 \n"
558 " CMPLS R12, #0x55 \n"
559 " CMPEQ LR, #0xAA \n"
560 " MOVEQ R6, R1 \n"
561 " MOVEQ R5, R3 \n"
562 " MOVEQ R4, #1 \n"
563
564 "loc_FF8567CC:\n"
565 " MOV R0, #3 \n"
566 " BL _exmem_ufree \n"
567 " CMP R4, #0 \n"
568 " BNE loc_FF856804 \n"
569 " MOV R6, #0 \n"
570 " MOV R0, R8 \n"
571 " BL sub_FF9445D4 \n"
572 " MOV R5, R0 \n"
573 " B loc_FF856804 \n"
574
575 "loc_FF8567F0:\n"
576 " MOV R5, #0x40 \n"
577 " B loc_FF856804 \n"
578
579 "loc_FF8567F8:\n"
580 " LDR R1, =0x365 \n"
581 " LDR R0, =0xFF8566A0 /*'Mounter.c'*/ \n"
582 " BL _DebugAssert \n"
583
584 "loc_FF856804:\n"
585 " STR R6, [R7, #0x44]! \n"
586 " MOV R0, #1 \n"
587 " STR R5, [R7, #4] \n"
588 " LDMFD SP!, {R4-R8,PC} \n"
589 );
590 }