root/platform/n_facebook/sub/100a/capt_seq.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. capt_seq_task
  2. sub_FF240090_my
  3. sub_FF23FE90_my
  4. sub_FF3EDDA0_my
  5. sub_FF3EDB08_my
  6. exp_drv_task
  7. sub_FF1266F4_my
  8. sub_FF113AE4_my

   1 /*
   2  * capt_seq.c - auto-generated by CHDK code_gen.
   3  */
   4 // Powershot N Facebook
   5 #include "lolevel.h"
   6 #include "platform.h"
   7 #include "core.h"
   8 
   9 #define NR_AUTO (0)                          // have to explictly reset value back to 0 to enable auto
  10 #define PAUSE_FOR_FILE_COUNTER 100           // sometimes the file counter isn't updated when hook starts
  11 
  12 static long *nrflag = (long*)(0xdeb0+0x00);  // Found @ ff2ff348 & ff2ff384
  13 
  14 #include "../../../generic/capt_seq.c"
  15 //////////////////////////////////////////////////////////////
  16 // capt_seq_task & exp_drv_task- based on A2500
  17 //////////////////////////////////////////////////////////////
  18 
  19 /*************************************************************/
  20 //** capt_seq_task @ 0xFF0B82EC - 0xFF0B85BC, length=181
  21 void __attribute__((naked,noinline)) capt_seq_task() {
  22 asm volatile (
  23 "    STMFD   SP!, {R3-R7,LR} \n"
  24 "    LDR     R4, =0xA57DC \n"
  25 "    LDR     R7, =0x3A74 \n"
  26 "    MOV     R6, #0 \n"
  27 
  28 "loc_FF0B82FC:\n"
  29 "    LDR     R0, [R7, #4] \n"
  30 "    MOV     R2, #0 \n"
  31 "    MOV     R1, SP \n"
  32 "    BL      sub_0068BDE4 /*_ReceiveMessageQueue*/ \n"
  33 "    TST     R0, #1 \n"
  34 "    BEQ     loc_FF0B8328 \n"
  35 "    LDR     R1, =0x479 \n"
  36 "    LDR     R0, =0xFF0B7D08 /*'SsShootTask.c'*/ \n"
  37 "    BL      _DebugAssert \n"
  38 "    BL      _ExitTask \n"
  39 "    LDMFD   SP!, {R3-R7,PC} \n"
  40 
  41 "loc_FF0B8328:\n"
  42 "    LDR     R0, [SP] \n"
  43 "    LDR     R1, [R0] \n"
  44 "    CMP     R1, #0x25 \n"
  45 "    ADDCC   PC, PC, R1, LSL#2 \n"
  46 "    B       loc_FF0B8584 \n"
  47 "    B       loc_FF0B83D0 \n"
  48 "    B       loc_FF0B83E8 \n"
  49 "    B       loc_FF0B83F4 \n"
  50 "    B       loc_FF0B8408 \n"
  51 "    B       loc_FF0B8400 \n"
  52 "    B       loc_FF0B8414 \n"
  53 "    B       loc_FF0B841C \n"
  54 "    B       loc_FF0B8424 \n"
  55 "    B       loc_FF0B8430 \n"
  56 "    B       loc_FF0B848C \n"
  57 "    B       loc_FF0B843C \n"
  58 "    B       loc_FF0B8448 \n"
  59 "    B       loc_FF0B8450 \n"
  60 "    B       loc_FF0B8474 \n"
  61 "    B       loc_FF0B847C \n"
  62 "    B       loc_FF0B8484 \n"
  63 "    B       loc_FF0B8494 \n"
  64 "    B       loc_FF0B849C \n"
  65 "    B       loc_FF0B84A4 \n"
  66 "    B       loc_FF0B84AC \n"
  67 "    B       loc_FF0B84B4 \n"
  68 "    B       loc_FF0B84C0 \n"
  69 "    B       loc_FF0B84C8 \n"
  70 "    B       loc_FF0B84D0 \n"
  71 "    B       loc_FF0B84D8 \n"
  72 "    B       loc_FF0B84E0 \n"
  73 "    B       loc_FF0B84E8 \n"
  74 "    B       loc_FF0B84F0 \n"
  75 "    B       loc_FF0B84F8 \n"
  76 "    B       loc_FF0B8500 \n"
  77 "    B       loc_FF0B8508 \n"
  78 "    B       loc_FF0B8514 \n"
  79 "    B       loc_FF0B851C \n"
  80 "    B       loc_FF0B8528 \n"
  81 "    B       loc_FF0B8564 \n"
  82 "    B       loc_FF0B8570 \n"
  83 "    B       loc_FF0B8590 \n"
  84 
  85 "loc_FF0B83D0:\n"
  86 //"    BL      shooting_expo_iso_override\n"      // extra ISO override call doesn't appear to be needed on elph130
  87 "    BL      sub_FF0B8B24 \n"
  88 "    BL      shooting_expo_param_override\n"    // added
  89 "    BL      sub_FF0B5980 \n"
  90 // try avoid intermittetant override failues on quick press, not needed?
  91 "    MOV     R0, #0\n"                          // added
  92 "    STR     R0, [R4,#0x28]\n"                  // added
  93 "    LDR     R0, [R4, #0x28] \n"
  94 "    CMP     R0, #0 \n"
  95 "    BLNE    sub_FF240090_my \n"  // --> Patched. Old value = 0xFF240090.
  96 "    B       loc_FF0B8590 \n"
  97 
  98 "loc_FF0B83E8:\n"
  99 "    LDR     R0, [R0, #0x10] \n"
 100 "    BL      sub_FF23FE90_my \n"  // --> Patched. Old value = 0xFF23FE90.
 101 "    B       loc_FF0B8590 \n"
 102 
 103 "loc_FF0B83F4:\n"
 104 "    MOV     R0, #1 \n"
 105 "    BL      sub_FF0B8E48 \n"
 106 "    B       loc_FF0B8590 \n"
 107 
 108 "loc_FF0B8400:\n"
 109 "    BL      sub_FF0B8760 \n"
 110 "    B       loc_FF0B840C \n"
 111 
 112 "loc_FF0B8408:\n"
 113 "    BL      sub_FF0B8B00 \n"
 114 
 115 "loc_FF0B840C:\n"
 116 "    STR     R6, [R4, #0x28] \n"
 117 "    B       loc_FF0B8590 \n"
 118 
 119 "loc_FF0B8414:\n"
 120 "    BL      sub_FF0B8B08 \n"
 121 "    B       loc_FF0B8590 \n"
 122 
 123 "loc_FF0B841C:\n"
 124 "    BL      sub_FF0B8D18 \n"
 125 "    B       loc_FF0B8434 \n"
 126 
 127 "loc_FF0B8424:\n"
 128 "    LDR     R0, [R0, #0x10] \n"
 129 "    BL      sub_FF240120 \n"
 130 "    B       loc_FF0B8590 \n"
 131 
 132 "loc_FF0B8430:\n"
 133 "    BL      sub_FF0B8D9C \n"
 134 
 135 "loc_FF0B8434:\n"
 136 "    BL      sub_FF0B5980 \n"
 137 "    B       loc_FF0B8590 \n"
 138 
 139 "loc_FF0B843C:\n"
 140 "    LDR     R0, [R4, #0x58] \n"
 141 "    BL      sub_FF0B951C \n"
 142 "    B       loc_FF0B8590 \n"
 143 
 144 "loc_FF0B8448:\n"
 145 "    BL      sub_FF0B9884 \n"
 146 "    B       loc_FF0B8590 \n"
 147 
 148 "loc_FF0B8450:\n"
 149 "    LDRH    R0, [R4] \n"
 150 "    SUB     R1, R0, #0x8200 \n"
 151 "    SUBS    R1, R1, #0x3B \n"
 152 "    SUBNE   R1, R0, #0x8000 \n"
 153 "    SUBNES  R1, R1, #0x10 \n"
 154 "    MOVEQ   R0, #1 \n"
 155 "    MOVNE   R0, #0 \n"
 156 "    BL      sub_FF0B98E8 \n"
 157 "    B       loc_FF0B8590 \n"
 158 
 159 "loc_FF0B8474:\n"
 160 "    BL      sub_FF0B9AC8 \n"
 161 "    B       loc_FF0B8590 \n"
 162 
 163 "loc_FF0B847C:\n"
 164 "    BL      sub_FF0B9F60 \n"
 165 "    B       loc_FF0B8590 \n"
 166 
 167 "loc_FF0B8484:\n"
 168 "    BL      sub_FF0BA044 \n"
 169 "    B       loc_FF0B8590 \n"
 170 
 171 "loc_FF0B848C:\n"
 172 "    BL      sub_FF0B8B00 \n"
 173 "    B       loc_FF0B8590 \n"
 174 
 175 "loc_FF0B8494:\n"
 176 "    BL      sub_FF23F188 \n"
 177 "    B       loc_FF0B8590 \n"
 178 
 179 "loc_FF0B849C:\n"
 180 "    BL      sub_FF23F3C8 \n"
 181 "    B       loc_FF0B8590 \n"
 182 
 183 "loc_FF0B84A4:\n"
 184 "    BL      sub_FF23F484 \n"
 185 "    B       loc_FF0B8590 \n"
 186 
 187 "loc_FF0B84AC:\n"
 188 "    BL      sub_FF23F558 \n"
 189 "    B       loc_FF0B8590 \n"
 190 
 191 "loc_FF0B84B4:\n"
 192 "    MOV     R0, #0 \n"
 193 "    BL      sub_FF23F7B8 \n"
 194 "    B       loc_FF0B8590 \n"
 195 
 196 "loc_FF0B84C0:\n"
 197 "    BL      sub_FF23F91C \n"
 198 "    B       loc_FF0B8590 \n"
 199 
 200 "loc_FF0B84C8:\n"
 201 "    BL      sub_FF23F9B0 \n"
 202 "    B       loc_FF0B8590 \n"
 203 
 204 "loc_FF0B84D0:\n"
 205 "    BL      sub_FF23FA58 \n"
 206 "    B       loc_FF0B8590 \n"
 207 
 208 "loc_FF0B84D8:\n"
 209 "    BL      sub_FF0B8FB4 \n"
 210 "    B       loc_FF0B8590 \n"
 211 
 212 "loc_FF0B84E0:\n"
 213 "    BL      sub_FF0B9038 \n"
 214 "    B       loc_FF0B8590 \n"
 215 
 216 "loc_FF0B84E8:\n"
 217 "    BL      sub_FF23F628 \n"
 218 "    B       loc_FF0B8590 \n"
 219 
 220 "loc_FF0B84F0:\n"
 221 "    BL      sub_FF23F668 \n"
 222 "    B       loc_FF0B8590 \n"
 223 
 224 "loc_FF0B84F8:\n"
 225 "    BL      sub_FF0BE490 \n"
 226 "    B       loc_FF0B8590 \n"
 227 
 228 "loc_FF0B8500:\n"
 229 "    BL      sub_FF0BE590 \n"
 230 "    B       loc_FF0B8590 \n"
 231 
 232 "loc_FF0B8508:\n"
 233 "    LDR     R0, [R0, #0xC] \n"
 234 "    BL      sub_FF23FB68 \n"
 235 "    B       loc_FF0B8590 \n"
 236 
 237 "loc_FF0B8514:\n"
 238 "    BL      sub_FF23FBD8 \n"
 239 "    B       loc_FF0B8590 \n"
 240 
 241 "loc_FF0B851C:\n"
 242 "    BL      sub_FF0BE71C \n"
 243 "    BL      sub_FF0BE5E8 \n"
 244 "    B       loc_FF0B8590 \n"
 245 
 246 "loc_FF0B8528:\n"
 247 "    MOV     R0, #1 \n"
 248 "    BL      sub_FF240930 \n"
 249 "    MOV     R0, #1 \n"
 250 "    BL      sub_FF240A58 \n"
 251 "    LDR     R0, =0xA58DC \n"
 252 "    LDRH    R0, [R0, #0x8C] \n"
 253 "    CMP     R0, #4 \n"
 254 "    LDRNEH  R0, [R4] \n"
 255 "    SUBNE   R1, R0, #0x8000 \n"
 256 "    SUBNES  R1, R1, #0x230 \n"
 257 "    BNE     loc_FF0B8590 \n"
 258 "    BL      sub_FF0BE590 \n"
 259 "    BL      sub_FF0BED14 \n"
 260 "    BL      sub_FF0BEA2C \n"
 261 "    B       loc_FF0B8590 \n"
 262 
 263 "loc_FF0B8564:\n"
 264 "    MOV     R2, #0 \n"
 265 "    MOV     R1, #0xD \n"
 266 "    B       loc_FF0B8578 \n"
 267 
 268 "loc_FF0B8570:\n"
 269 "    MOV     R2, #0 \n"
 270 "    MOV     R1, #0xC \n"
 271 
 272 "loc_FF0B8578:\n"
 273 "    MOV     R0, #0 \n"
 274 "    BL      sub_FF0B656C \n"
 275 "    B       loc_FF0B8590 \n"
 276 
 277 "loc_FF0B8584:\n"
 278 "    LDR     R1, =0x5DE \n"
 279 "    LDR     R0, =0xFF0B7D08 /*'SsShootTask.c'*/ \n"
 280 "    BL      _DebugAssert \n"
 281 
 282 "loc_FF0B8590:\n"
 283 "    LDR     R0, [SP] \n"
 284 "    LDR     R1, [R0, #4] \n"
 285 "    LDR     R0, [R7] \n"
 286 "    BL      sub_0068BB54 /*_SetEventFlag*/ \n"
 287 "    LDR     R5, [SP] \n"
 288 "    LDR     R0, [R5, #8] \n"
 289 "    CMP     R0, #0 \n"
 290 "    LDREQ   R1, =0x116 \n"
 291 "    LDREQ   R0, =0xFF0B7D08 /*'SsShootTask.c'*/ \n"
 292 "    BLEQ    _DebugAssert \n"
 293 "    STR     R6, [R5, #8] \n"
 294 "    B       loc_FF0B82FC \n"
 295 );
 296 }
 297 
 298 /*************************************************************/
 299 //** sub_FF240090_my @ 0xFF240090 - 0xFF24011C, length=36
 300 void __attribute__((naked,noinline)) sub_FF240090_my() {
 301 asm volatile (
 302 "    STMFD   SP!, {R4-R6,LR} \n"
 303 "    BL      sub_FF0B7940 \n"
 304 "    MOV     R4, R0 \n"
 305 "    MOV     R0, #0xC \n"
 306 "    BL      sub_FF0C03E4 \n"
 307 "    LDR     R6, =0xAA80 \n"
 308 "    TST     R0, #1 \n"
 309 "    MOV     R5, #1 \n"
 310 "    BNE     loc_FF240118 \n"
 311 "    BL      sub_FF0B8B10 \n"
 312 "    BL      sub_FF0BC078 \n"
 313 "    MOV     R1, R4 \n"
 314 "    BL      sub_FF0BC0D0 \n"
 315 "    LDR     R0, =0x10E \n"
 316 "    MOV     R2, #4 \n"
 317 "    ADD     R1, R4, #0x48 \n"
 318 "    BL      _SetPropertyCase \n"
 319 "    MOV     R2, #4 \n"
 320 "    ADD     R1, R4, #0x4C \n"
 321 "    MOV     R0, #0x2C \n"
 322 "    BL      _SetPropertyCase \n"
 323 "    MOV     R2, #4 \n"
 324 "    ADD     R1, R4, #8 \n"
 325 "    MOV     R0, #0x3F \n"
 326 "    BL      _SetPropertyCase \n"
 327 "    BL      sub_FF240C18 \n"
 328 "    MVN     R1, #0x1000 \n"
 329 "    BL      sub_0068BB88 /*_ClearEventFlag*/ \n"
 330 "    MOV     R0, R4 \n"
 331 "    BL      sub_FF3EDA0C \n"
 332 "    MOV     R0, R4 \n"
 333 "    BL      sub_FF3EDDA0_my \n"  // --> Patched. Old value = 0xFF3EDDA0.
 334 "    TST     R0, #1 \n"
 335 "    LDMEQFD SP!, {R4-R6,PC} \n"
 336 
 337 "loc_FF240118:\n"
 338 "    STR     R5, [R6] \n"
 339 "    LDMFD   SP!, {R4-R6,PC} \n"
 340 );
 341 }
 342 
 343 /*************************************************************/
 344 //** sub_FF23FE90_my @ 0xFF23FE90 - 0xFF24008C, length=128
 345 void __attribute__((naked,noinline)) sub_FF23FE90_my() {
 346 asm volatile (
 347 "    STMFD   SP!, {R2-R8,LR} \n"
 348 "    MOV     R5, R0 \n"
 349 "    LDR     R0, =0xAA80 \n"
 350 "    LDR     R7, =0xA57DC \n"
 351 "    LDR     R0, [R0] \n"
 352 "    MOV     R4, #0 \n"
 353 "    CMP     R0, #0 \n"
 354 "    MOVNE   R4, #0x1D \n"
 355 "    BNE     loc_FF240058 \n"
 356 "    LDR     R0, [R7, #0x28] \n"
 357 "    CMP     R0, #0 \n"
 358 "    BNE     loc_FF240058 \n"
 359 "    BL      sub_FF0BC078 \n"
 360 "    MOV     R1, R5 \n"
 361 "    BL      sub_FF0BC0D0 \n"
 362 "    LDR     R0, =0x10E \n"
 363 "    MOV     R2, #4 \n"
 364 "    ADD     R1, R5, #0x48 \n"
 365 "    BL      _SetPropertyCase \n"
 366 "    MOV     R2, #4 \n"
 367 "    ADD     R1, R5, #0x4C \n"
 368 "    MOV     R0, #0x2C \n"
 369 "    BL      _SetPropertyCase \n"
 370 "    LDR     R0, [R7, #0x11C] \n"
 371 "    LDR     R6, =0xA58DC \n"
 372 "    CMP     R0, #0 \n"
 373 "    LDRNEH  R0, [R6, #0x8A] \n"
 374 "    CMPNE   R0, #3 \n"
 375 "    LDRNE   R0, [R5, #8] \n"
 376 "    CMPNE   R0, #1 \n"
 377 "    BLS     loc_FF23FF2C \n"
 378 "    LDR     R0, [R7, #0xD4] \n"
 379 "    CMP     R0, #0 \n"
 380 "    BNE     loc_FF23FF44 \n"
 381 "    BL      sub_FF030CCC \n"
 382 "    TST     R0, #1 \n"
 383 "    BEQ     loc_FF23FF44 \n"
 384 "    BL      sub_FF0C044C \n"
 385 "    B       loc_FF23FF40 \n"
 386 
 387 "loc_FF23FF2C:\n"
 388 "    MOV     R0, #0xC \n"
 389 "    BL      sub_FF0C03E4 \n"
 390 "    TST     R0, #1 \n"
 391 "    BEQ     loc_FF23FF44 \n"
 392 "    BL      sub_FF0B62D8 \n"
 393 
 394 "loc_FF23FF40:\n"
 395 "    MOV     R4, #1 \n"
 396 
 397 "loc_FF23FF44:\n"
 398 "    TST     R4, #1 \n"
 399 "    BNE     loc_FF240058 \n"
 400 "    BL      sub_FF240C18 \n"
 401 "    MVN     R1, #0x1000 \n"
 402 "    BL      sub_0068BB88 /*_ClearEventFlag*/ \n"
 403 "    MOV     R0, R5 \n"
 404 "    BL      sub_FF3ED0E8 \n"
 405 "    TST     R0, #1 \n"
 406 "    MOV     R4, R0 \n"
 407 "    BNE     loc_FF240058 \n"
 408 "    BL      sub_FF0B8B10 \n"
 409 "    MOV     R0, R5 \n"
 410 "    BL      sub_FF3EDA0C \n"
 411 "    LDR     R0, [R7, #0x118] \n"
 412 "    CMP     R0, #0 \n"
 413 "    BNE     loc_FF23FF98 \n"
 414 "    LDRH    R0, [R6, #0x8A] \n"
 415 "    CMP     R0, #3 \n"
 416 "    LDRNE   R0, [R5, #8] \n"
 417 "    CMPNE   R0, #1 \n"
 418 "    BHI     loc_FF23FFA0 \n"
 419 
 420 "loc_FF23FF98:\n"
 421 "    MOV     R0, #2 \n"
 422 "    BL      sub_FF0C1C98 \n"
 423 
 424 "loc_FF23FFA0:\n"
 425 "    LDR     R0, [R7, #0xA0] \n"
 426 "    CMP     R0, #0 \n"
 427 "    BEQ     loc_FF240038 \n"
 428 "    LDRH    R0, [R6, #0x8A] \n"
 429 "    CMP     R0, #3 \n"
 430 "    LDRNE   R0, [R5, #8] \n"
 431 "    CMPNE   R0, #1 \n"
 432 "    BLS     loc_FF23FFDC \n"
 433 "    BL      sub_FF240C18 \n"
 434 "    MOV     R3, #0xDB \n"
 435 "    STR     R3, [SP] \n"
 436 "    LDR     R2, =0x3A98 \n"
 437 "    LDR     R3, =0xFF2401B0 /*'SsCaptureCtrl.c'*/ \n"
 438 "    MOV     R1, #0x1000 \n"
 439 "    BL      sub_FF0C065C \n"
 440 
 441 "loc_FF23FFDC:\n"
 442 "    MOV     R2, #4 \n"
 443 "    ADD     R1, SP, #4 \n"
 444 "    MOV     R0, #0x180 \n"
 445 "    BL      _GetPropertyCase \n"
 446 "    TST     R0, #1 \n"
 447 "    MOVNE   R1, #0xDF \n"
 448 "    LDRNE   R0, =0xFF2401B0 /*'SsCaptureCtrl.c'*/ \n"
 449 "    BLNE    _DebugAssert \n"
 450 "    LDR     R0, [SP, #4] \n"
 451 "    CMP     R0, #0 \n"
 452 "    BNE     loc_FF240018 \n"
 453 "    BL      sub_FF240C18 \n"
 454 "    MOV     R1, #0x1000 \n"
 455 "    BL      sub_0068BB54 /*_SetEventFlag*/ \n"
 456 "    B       loc_FF240038 \n"
 457 
 458 "loc_FF240018:\n"
 459 "    BL      sub_FF240C18 \n"
 460 "    MOV     R1, #0x1000 \n"
 461 "    BL      sub_0068BB88 /*_ClearEventFlag*/ \n"
 462 "    LDR     R2, =0xFF23FE7C \n"
 463 "    LDR     R0, [SP, #4] \n"
 464 "    MOV     R3, #0x1000 \n"
 465 "    MOV     R1, R2 \n"
 466 "    BL      sub_FF039F5C /*_SetTimerAfter*/ \n"
 467 
 468 "loc_FF240038:\n"
 469 "    LDR     R0, [R7, #0xAC] \n"
 470 "    CMP     R0, #0 \n"
 471 "    MOV     R0, R5 \n"
 472 "    BEQ     loc_FF240050 \n"
 473 "    BL      sub_FF3EE344 \n"
 474 "    B       loc_FF240054 \n"
 475 
 476 "loc_FF240050:\n"
 477 "    BL      sub_FF3EDDA0_my \n"  // --> Patched. Old value = 0xFF3EDDA0.
 478 
 479 "loc_FF240054:\n"
 480 "    BL      capt_seq_hook_raw_here \n"         // added
 481 "    MOV     R4, R0 \n"
 482 
 483 "loc_FF240058:\n"
 484 "    MOV     R2, R5 \n"
 485 "    MOV     R1, #1 \n"
 486 "    MOV     R0, R4 \n"
 487 "    BL      sub_FF0B656C \n"
 488 "    TST     R4, #1 \n"
 489 "    BNE     loc_FF24008C \n"
 490 "    MOV     R0, #0 \n"
 491 "    STR     R0, [R7, #0x28] \n"
 492 "    LDR     R0, [R7, #0xF0] \n"
 493 "    CMP     R0, #0 \n"
 494 "    BEQ     loc_FF24008C \n"
 495 "    MOV     R0, R5 \n"
 496 "    BL      sub_FF0B62EC \n"
 497 
 498 "loc_FF24008C:\n"
 499 "    LDMFD   SP!, {R2-R8,PC} \n"
 500 );
 501 }
 502 
 503 /*************************************************************/
 504 //** sub_FF3EDDA0_my @ 0xFF3EDDA0 - 0xFF3EDE40, length=41
 505 void __attribute__((naked,noinline)) sub_FF3EDDA0_my() {
 506 asm volatile (
 507 "    STMFD   SP!, {R2-R10,LR} \n"
 508 "    LDR     R8, =0xA57DC \n"
 509 "    MOV     R4, R0 \n"
 510 "    LDR     R0, [R8, #0x15C] \n"
 511 "    ADD     R5, R8, #0x100 \n"
 512 "    CMP     R0, #0 \n"
 513 "    LDRNEH  R0, [R5, #0x8A] \n"
 514 "    CMPNE   R0, #3 \n"
 515 "    LDRNE   R0, [R4, #8] \n"
 516 "    CMPNE   R0, #1 \n"
 517 "    BHI     loc_FF3EDDD8 \n"
 518 "    MOV     R0, R4 \n"
 519 "    BL      sub_FF3ED988 \n"
 520 "    BL      sub_FF24070C \n"
 521 
 522 "loc_FF3EDDD8:\n"
 523 "    LDR     R0, [R8, #0x180] \n"
 524 "    CMP     R0, #2 \n"
 525 "    BNE     loc_FF3EDDFC \n"
 526 "    LDRH    R0, [R5, #0x8A] \n"
 527 "    CMP     R0, #3 \n"
 528 "    LDRNE   R0, [R4, #8] \n"
 529 "    CMPNE   R0, #1 \n"
 530 "    MOVLS   R0, #4 \n"
 531 "    BLLS    sub_FF179924 \n"
 532 
 533 "loc_FF3EDDFC:\n"
 534 "    LDR     R0, =0x12F \n"
 535 "    MOV     R2, #4 \n"
 536 "    ADD     R1, SP, #4 \n"
 537 "    BL      _GetPropertyCase \n"
 538 "    TST     R0, #1 \n"
 539 "    MOVNE   R1, #0x170 \n"
 540 "    LDRNE   R0, =0xFF3EE054 /*'SsStandardCaptureSeq.c'*/ \n"
 541 "    BLNE    _DebugAssert \n"
 542 "    LDR     R0, [SP, #4] \n"
 543 "    AND     R0, R0, #0xFF00 \n"
 544 "    CMP     R0, #0x600 \n"
 545 "    LDRNE   R0, =0xFF3ED5BC \n"
 546 "    LDREQ   R0, =0xFF3EDD68 \n"
 547 "    MOVNE   R1, R4 \n"
 548 "    MOVEQ   R1, #0 \n"
 549 "    BL      sub_FF11CF10 \n"
 550 "    MOV     R0, R4 \n"
 551 "    BL      sub_FF3EDB08_my \n"  // --> Patched. Old value = 0xFF3EDB08.
 552 "    LDR     PC, =0xFF3EDE44 \n"  // Continue in firmware
 553 );
 554 }
 555 
 556 /*************************************************************/
 557 //** sub_FF3EDB08_my @ 0xFF3EDB08 - 0xFF3EDBA0, length=39
 558 void __attribute__((naked,noinline)) sub_FF3EDB08_my() {
 559 asm volatile (
 560 "    STMFD   SP!, {R1-R7,LR} \n"
 561 "    LDR     R5, =0xA59AC \n"
 562 "    LDR     R6, =0xA57DC \n"
 563 "    MOV     R4, R0 \n"
 564 "    LDR     R3, [R5] \n"
 565 "    LDRSH   R2, [R5, #0xC] \n"
 566 "    LDRSH   R1, [R5, #0xE] \n"
 567 "    LDR     R0, [R6, #0x88] \n"
 568 "    BL      sub_FF1E97A8 \n"
 569 "    MOV     R2, #2 \n"
 570 "    ADD     R1, SP, #8 \n"
 571 "    MOV     R0, #0xFA \n"
 572 "    BL      _GetPropertyCase \n"
 573 "    TST     R0, #1 \n"
 574 "    LDRNE   R1, =0x2E5 \n"
 575 "    LDRNE   R0, =0xFF3ED870 /*'SsCaptureCommon.c'*/ \n"
 576 "    BLNE    _DebugAssert \n"
 577 "    LDRSH   R0, [R5, #0xC] \n"
 578 "    LDRSH   R1, [SP, #8] \n"
 579 "    BL      sub_FF176C24 \n"
 580 "    LDR     R0, [R6, #0xE4] \n"
 581 "    CMP     R0, #0 \n"
 582 "    LDRNE   R0, =0xA58DC \n"
 583 "    LDRNEH  R0, [R0, #0x8A] \n"
 584 "    CMPNE   R0, #3 \n"
 585 "    LDRNE   R0, [R4, #8] \n"
 586 "    CMPNE   R0, #1 \n"
 587 "    BHI     loc_FF3EDBA0 \n"
 588 "    BL      _GetCCDTemperature \n"
 589 "    LDR     R3, =0x134B0 \n"
 590 "    STRH    R0, [R4, #0xC8] \n"
 591 "    SUB     R2, R3, #4 \n"
 592 "    STRD    R2, [SP] \n"
 593 "    MOV     R1, R0 \n"
 594 "    LDRSH   R2, [R5, #0xC] \n"
 595 "    LDRH    R0, [R6, #0x5E] \n"
 596 "    ADD     R3, R3, #4 \n"
 597 "    BL      sub_FF2FEF10 \n"
 598 
 599 "loc_FF3EDBA0:\n"
 600 "    BL      wait_until_remote_button_is_released\n" // added
 601 "    BL      capt_seq_hook_set_nr\n"                 // added
 602 "    LDRH    R0, [R4, #0xC8] \n"
 603 "    LDR     PC, =0xFF3EDBA4 \n"  // Continue in firmware
 604 );
 605 }
 606 
 607 /*************************************************************/
 608 //** exp_drv_task @ 0xFF12A2F0 - 0xFF12A980, length=421
 609 void __attribute__((naked,noinline)) exp_drv_task() {
 610 asm volatile (
 611 "    STMFD   SP!, {R4-R9,LR} \n"
 612 "    SUB     SP, SP, #0x2C \n"
 613 "    LDR     R6, =0x4F28 \n"
 614 "    LDR     R7, =0xBB8 \n"
 615 "    LDR     R4, =0xF9D00 \n"
 616 "    MOV     R0, #0 \n"
 617 "    ADD     R5, SP, #0x1C \n"
 618 "    STR     R0, [SP, #0xC] \n"
 619 
 620 "loc_FF12A310:\n"
 621 "    LDR     R0, [R6, #0x20] \n"
 622 "    MOV     R2, #0 \n"
 623 "    ADD     R1, SP, #0x28 \n"
 624 "    BL      sub_0068BDE4 /*_ReceiveMessageQueue*/ \n"
 625 "    LDR     R0, [SP, #0xC] \n"
 626 "    CMP     R0, #1 \n"
 627 "    BNE     loc_FF12A35C \n"
 628 "    LDR     R0, [SP, #0x28] \n"
 629 "    LDR     R0, [R0] \n"
 630 "    CMP     R0, #0x14 \n"
 631 "    CMPNE   R0, #0x15 \n"
 632 "    CMPNE   R0, #0x16 \n"
 633 "    CMPNE   R0, #0x17 \n"
 634 "    BEQ     loc_FF12A4BC \n"
 635 "    CMP     R0, #0x2A \n"
 636 "    BEQ     loc_FF12A444 \n"
 637 "    ADD     R1, SP, #0xC \n"
 638 "    MOV     R0, #0 \n"
 639 "    BL      sub_FF12A2A0 \n"
 640 
 641 "loc_FF12A35C:\n"
 642 "    LDR     R0, [SP, #0x28] \n"
 643 "    LDR     R1, [R0] \n"
 644 "    CMP     R1, #0x30 \n"
 645 "    BNE     loc_FF12A388 \n"
 646 "    BL      sub_FF12B8B0 \n"
 647 "    LDR     R0, [R6, #0x1C] \n"
 648 "    MOV     R1, #1 \n"
 649 "    BL      sub_0068BB54 /*_SetEventFlag*/ \n"
 650 "    BL      _ExitTask \n"
 651 "    ADD     SP, SP, #0x2C \n"
 652 "    LDMFD   SP!, {R4-R9,PC} \n"
 653 
 654 "loc_FF12A388:\n"
 655 "    CMP     R1, #0x2F \n"
 656 "    BNE     loc_FF12A3A4 \n"
 657 "    LDR     R2, [R0, #0xA4]! \n"
 658 "    LDR     R1, [R0, #4] \n"
 659 "    MOV     R0, R1 \n"
 660 "    BLX     R2 \n"
 661 "    B       loc_FF12A978 \n"
 662 
 663 "loc_FF12A3A4:\n"
 664 "    CMP     R1, #0x28 \n"
 665 "    BNE     loc_FF12A3F4 \n"
 666 "    LDR     R0, [R6, #0x1C] \n"
 667 "    MOV     R1, #0x80 \n"
 668 "    BL      sub_0068BB88 /*_ClearEventFlag*/ \n"
 669 "    LDR     R0, =0xFF125080 \n"
 670 "    MOV     R1, #0x80 \n"
 671 "    BL      sub_FF23124C \n"
 672 "    LDR     R0, [R6, #0x1C] \n"
 673 "    MOV     R2, R7 \n"
 674 "    MOV     R1, #0x80 \n"
 675 "    BL      sub_0068BA94 /*_WaitForAllEventFlag*/ \n"
 676 "    TST     R0, #1 \n"
 677 "    LDRNE   R1, =0x167F \n"
 678 "    BNE     loc_FF12A4B0 \n"
 679 
 680 "loc_FF12A3E0:\n"
 681 "    LDR     R1, [SP, #0x28] \n"
 682 "    LDR     R0, [R1, #0xA8] \n"
 683 "    LDR     R1, [R1, #0xA4] \n"
 684 "    BLX     R1 \n"
 685 "    B       loc_FF12A978 \n"
 686 
 687 "loc_FF12A3F4:\n"
 688 "    CMP     R1, #0x29 \n"
 689 "    BNE     loc_FF12A43C \n"
 690 "    ADD     R1, SP, #0xC \n"
 691 "    BL      sub_FF12A2A0 \n"
 692 "    LDR     R0, [R6, #0x1C] \n"
 693 "    MOV     R1, #0x100 \n"
 694 "    BL      sub_0068BB88 /*_ClearEventFlag*/ \n"
 695 "    LDR     R0, =0xFF125090 \n"
 696 "    MOV     R1, #0x100 \n"
 697 "    BL      sub_FF2313EC \n"
 698 "    LDR     R0, [R6, #0x1C] \n"
 699 "    MOV     R2, R7 \n"
 700 "    MOV     R1, #0x100 \n"
 701 "    BL      sub_0068BA94 /*_WaitForAllEventFlag*/ \n"
 702 "    TST     R0, #1 \n"
 703 "    BEQ     loc_FF12A3E0 \n"
 704 "    LDR     R1, =0x1689 \n"
 705 "    B       loc_FF12A4B0 \n"
 706 
 707 "loc_FF12A43C:\n"
 708 "    CMP     R1, #0x2A \n"
 709 "    BNE     loc_FF12A454 \n"
 710 
 711 "loc_FF12A444:\n"
 712 "    LDR     R0, [SP, #0x28] \n"
 713 "    ADD     R1, SP, #0xC \n"
 714 "    BL      sub_FF12A2A0 \n"
 715 "    B       loc_FF12A3E0 \n"
 716 
 717 "loc_FF12A454:\n"
 718 "    CMP     R1, #0x2D \n"
 719 "    BNE     loc_FF12A46C \n"
 720 "    BL      sub_FF113D98 \n"
 721 "    BL      sub_FF114B6C \n"
 722 "    BL      sub_FF114680 \n"
 723 "    B       loc_FF12A3E0 \n"
 724 
 725 "loc_FF12A46C:\n"
 726 "    CMP     R1, #0x2E \n"
 727 "    BNE     loc_FF12A4BC \n"
 728 "    LDR     R0, [R6, #0x1C] \n"
 729 "    MOV     R1, #4 \n"
 730 "    BL      sub_0068BB88 /*_ClearEventFlag*/ \n"
 731 "    LDR     R1, =0xFF1250B0 \n"
 732 "    LDR     R0, =0xFFFFF400 \n"
 733 "    MOV     R2, #4 \n"
 734 "    BL      sub_FF1137E8 \n"
 735 "    BL      sub_FF113A78 \n"
 736 "    LDR     R0, [R6, #0x1C] \n"
 737 "    MOV     R2, R7 \n"
 738 "    MOV     R1, #4 \n"
 739 "    BL      sub_0068B9B0 /*_WaitForAnyEventFlag*/ \n"
 740 "    TST     R0, #1 \n"
 741 "    BEQ     loc_FF12A3E0 \n"
 742 "    LDR     R1, =0x16B1 \n"
 743 
 744 "loc_FF12A4B0:\n"
 745 "    LDR     R0, =0xFF12591C /*'ExpDrv.c'*/ \n"
 746 "    BL      _DebugAssert \n"
 747 "    B       loc_FF12A3E0 \n"
 748 
 749 "loc_FF12A4BC:\n"
 750 "    LDR     R0, [SP, #0x28] \n"
 751 "    MOV     R8, #1 \n"
 752 "    LDR     R1, [R0] \n"
 753 "    CMP     R1, #0x12 \n"
 754 "    CMPNE   R1, #0x13 \n"
 755 "    BNE     loc_FF12A524 \n"
 756 "    LDR     R1, [R0, #0x94] \n"
 757 "    ADD     R1, R1, R1, LSL#1 \n"
 758 "    ADD     R1, R0, R1, LSL#2 \n"
 759 "    SUB     R1, R1, #8 \n"
 760 "    LDMIA   R1, {R2,R3,R9} \n"
 761 "    STMIA   R5, {R2,R3,R9} \n"
 762 "    BL      sub_FF1283DC \n"
 763 "    LDR     R0, [SP, #0x28] \n"
 764 "    LDR     R1, [R0, #0x94] \n"
 765 "    LDR     R3, [R0, #0xA4] \n"
 766 "    LDR     R2, [R0, #0xA8] \n"
 767 "    ADD     R0, R0, #4 \n"
 768 "    BLX     R3 \n"
 769 "    LDR     R0, [SP, #0x28] \n"
 770 "    BL      sub_FF12BC64 \n"
 771 "    LDR     R0, [SP, #0x28] \n"
 772 "    LDR     R1, [R0, #0x94] \n"
 773 "    LDR     R2, [R0, #0xB0] \n"
 774 "    LDR     R3, [R0, #0xAC] \n"
 775 "    B       loc_FF12A83C \n"
 776 
 777 "loc_FF12A524:\n"
 778 "    CMP     R1, #0x14 \n"
 779 "    CMPNE   R1, #0x15 \n"
 780 "    CMPNE   R1, #0x16 \n"
 781 "    CMPNE   R1, #0x17 \n"
 782 "    BNE     loc_FF12A5DC \n"
 783 "    ADD     R3, SP, #0xC \n"
 784 "    MOV     R2, SP \n"
 785 "    ADD     R1, SP, #0x1C \n"
 786 "    BL      sub_FF128640 \n"
 787 "    CMP     R0, #1 \n"
 788 "    MOV     R9, R0 \n"
 789 "    CMPNE   R9, #5 \n"
 790 "    BNE     loc_FF12A578 \n"
 791 "    LDR     R0, [SP, #0x28] \n"
 792 "    MOV     R2, R9 \n"
 793 "    LDR     R1, [R0, #0x94]! \n"
 794 "    LDR     R12, [R0, #0x10]! \n"
 795 "    LDR     R3, [R0, #4] \n"
 796 "    MOV     R0, SP \n"
 797 "    BLX     R12 \n"
 798 "    B       loc_FF12A5B0 \n"
 799 
 800 "loc_FF12A578:\n"
 801 "    LDR     R0, [SP, #0x28] \n"
 802 "    CMP     R9, #2 \n"
 803 "    LDR     R3, [R0, #0xA8] \n"
 804 "    CMPNE   R9, #6 \n"
 805 "    BNE     loc_FF12A5C4 \n"
 806 "    LDR     R12, [R0, #0xA4] \n"
 807 "    MOV     R2, R9 \n"
 808 "    MOV     R1, #1 \n"
 809 "    MOV     R0, SP \n"
 810 "    BLX     R12 \n"
 811 "    LDR     R0, [SP, #0x28] \n"
 812 "    MOV     R2, SP \n"
 813 "    ADD     R1, SP, #0x1C \n"
 814 "    BL      sub_FF129F78 \n"
 815 
 816 "loc_FF12A5B0:\n"
 817 "    LDR     R0, [SP, #0x28] \n"
 818 "    LDR     R2, [SP, #0xC] \n"
 819 "    MOV     R1, R9 \n"
 820 "    BL      sub_FF12A240 \n"
 821 "    B       loc_FF12A844 \n"
 822 
 823 "loc_FF12A5C4:\n"
 824 "    LDR     R1, [R0, #0x94] \n"
 825 "    LDR     R12, [R0, #0xA4] \n"
 826 "    MOV     R2, R9 \n"
 827 "    ADD     R0, R0, #4 \n"
 828 "    BLX     R12 \n"
 829 "    B       loc_FF12A844 \n"
 830 
 831 "loc_FF12A5DC:\n"
 832 "    CMP     R1, #0x24 \n"
 833 "    CMPNE   R1, #0x25 \n"
 834 "    BNE     loc_FF12A628 \n"
 835 "    LDR     R1, [R0, #0x94] \n"
 836 "    ADD     R1, R1, R1, LSL#1 \n"
 837 "    ADD     R1, R0, R1, LSL#2 \n"
 838 "    SUB     R1, R1, #8 \n"
 839 "    LDMIA   R1, {R2,R3,R9} \n"
 840 "    STMIA   R5, {R2,R3,R9} \n"
 841 "    BL      sub_FF127130 \n"
 842 "    LDR     R0, [SP, #0x28] \n"
 843 "    LDR     R1, [R0, #0x94] \n"
 844 "    LDR     R3, [R0, #0xA4] \n"
 845 "    LDR     R2, [R0, #0xA8] \n"
 846 "    ADD     R0, R0, #4 \n"
 847 "    BLX     R3 \n"
 848 "    LDR     R0, [SP, #0x28] \n"
 849 "    BL      sub_FF127608 \n"
 850 "    B       loc_FF12A844 \n"
 851 
 852 "loc_FF12A628:\n"
 853 "    ADD     R1, R0, #4 \n"
 854 "    LDMIA   R1, {R2,R3,R9} \n"
 855 "    STMIA   R5, {R2,R3,R9} \n"
 856 "    LDR     R1, [R0] \n"
 857 "    CMP     R1, #0x28 \n"
 858 "    ADDCC   PC, PC, R1, LSL#2 \n"
 859 "    B       loc_FF12A82C \n"
 860 "    B       loc_FF12A6E4 \n"
 861 "    B       loc_FF12A6E4 \n"
 862 "    B       loc_FF12A6EC \n"
 863 "    B       loc_FF12A6F4 \n"
 864 "    B       loc_FF12A6F4 \n"
 865 "    B       loc_FF12A6F4 \n"
 866 "    B       loc_FF12A6E4 \n"
 867 "    B       loc_FF12A6EC \n"
 868 "    B       loc_FF12A6F4 \n"
 869 "    B       loc_FF12A6F4 \n"
 870 "    B       loc_FF12A70C \n"
 871 "    B       loc_FF12A70C \n"
 872 "    B       loc_FF12A818 \n"
 873 "    B       loc_FF12A820 \n"
 874 "    B       loc_FF12A820 \n"
 875 "    B       loc_FF12A820 \n"
 876 "    B       loc_FF12A820 \n"
 877 "    B       loc_FF12A828 \n"
 878 "    B       loc_FF12A82C \n"
 879 "    B       loc_FF12A82C \n"
 880 "    B       loc_FF12A82C \n"
 881 "    B       loc_FF12A82C \n"
 882 "    B       loc_FF12A82C \n"
 883 "    B       loc_FF12A82C \n"
 884 "    B       loc_FF12A6FC \n"
 885 "    B       loc_FF12A704 \n"
 886 "    B       loc_FF12A704 \n"
 887 "    B       loc_FF12A704 \n"
 888 "    B       loc_FF12A718 \n"
 889 "    B       loc_FF12A718 \n"
 890 "    B       loc_FF12A720 \n"
 891 "    B       loc_FF12A758 \n"
 892 "    B       loc_FF12A790 \n"
 893 "    B       loc_FF12A7C8 \n"
 894 "    B       loc_FF12A800 \n"
 895 "    B       loc_FF12A800 \n"
 896 "    B       loc_FF12A82C \n"
 897 "    B       loc_FF12A82C \n"
 898 "    B       loc_FF12A808 \n"
 899 "    B       loc_FF12A810 \n"
 900 
 901 "loc_FF12A6E4:\n"
 902 "    BL      sub_FF125728 \n"
 903 "    B       loc_FF12A82C \n"
 904 
 905 "loc_FF12A6EC:\n"
 906 "    BL      sub_FF125A6C \n"
 907 "    B       loc_FF12A82C \n"
 908 
 909 "loc_FF12A6F4:\n"
 910 "    BL      sub_FF125CD8 \n"
 911 "    B       loc_FF12A82C \n"
 912 
 913 "loc_FF12A6FC:\n"
 914 "    BL      sub_FF125FD4 \n"
 915 "    B       loc_FF12A82C \n"
 916 
 917 "loc_FF12A704:\n"
 918 "    BL      sub_FF1261F0 \n"
 919 "    B       loc_FF12A82C \n"
 920 
 921 "loc_FF12A70C:\n"
 922 "    BL      sub_FF1266F4_my \n"  // --> Patched. Old value = 0xFF1266F4.
 923 "    MOV     R8, #0 \n"
 924 "    B       loc_FF12A82C \n"
 925 
 926 "loc_FF12A718:\n"
 927 "    BL      sub_FF1268D4 \n"
 928 "    B       loc_FF12A82C \n"
 929 
 930 "loc_FF12A720:\n"
 931 "    LDRH    R1, [R0, #4] \n"
 932 "    STRH    R1, [SP, #0x1C] \n"
 933 "    LDRH    R1, [R4, #2] \n"
 934 "    STRH    R1, [SP, #0x1E] \n"
 935 "    LDRH    R1, [R4, #4] \n"
 936 "    STRH    R1, [SP, #0x20] \n"
 937 "    LDRH    R1, [R4, #6] \n"
 938 "    STRH    R1, [SP, #0x22] \n"
 939 "    LDRH    R1, [R0, #0xC] \n"
 940 "    STRH    R1, [SP, #0x24] \n"
 941 "    LDRH    R1, [R4, #0xA] \n"
 942 "    STRH    R1, [SP, #0x26] \n"
 943 "    BL      sub_FF12B954 \n"
 944 "    B       loc_FF12A82C \n"
 945 
 946 "loc_FF12A758:\n"
 947 "    LDRH    R1, [R0, #4] \n"
 948 "    STRH    R1, [SP, #0x1C] \n"
 949 "    LDRH    R1, [R4, #2] \n"
 950 "    STRH    R1, [SP, #0x1E] \n"
 951 "    LDRH    R1, [R4, #4] \n"
 952 "    STRH    R1, [SP, #0x20] \n"
 953 "    LDRH    R1, [R4, #6] \n"
 954 "    STRH    R1, [SP, #0x22] \n"
 955 "    LDRH    R1, [R4, #8] \n"
 956 "    STRH    R1, [SP, #0x24] \n"
 957 "    LDRH    R1, [R4, #0xA] \n"
 958 "    STRH    R1, [SP, #0x26] \n"
 959 "    BL      sub_FF12BA60 \n"
 960 "    B       loc_FF12A82C \n"
 961 
 962 "loc_FF12A790:\n"
 963 "    LDRH    R1, [R4] \n"
 964 "    STRH    R1, [SP, #0x1C] \n"
 965 "    LDRH    R1, [R0, #6] \n"
 966 "    STRH    R1, [SP, #0x1E] \n"
 967 "    LDRH    R1, [R4, #4] \n"
 968 "    STRH    R1, [SP, #0x20] \n"
 969 "    LDRH    R1, [R4, #6] \n"
 970 "    STRH    R1, [SP, #0x22] \n"
 971 "    LDRH    R1, [R4, #8] \n"
 972 "    STRH    R1, [SP, #0x24] \n"
 973 "    LDRH    R1, [R4, #0xA] \n"
 974 "    STRH    R1, [SP, #0x26] \n"
 975 "    BL      sub_FF12BB18 \n"
 976 "    B       loc_FF12A82C \n"
 977 
 978 "loc_FF12A7C8:\n"
 979 "    LDRH    R1, [R4] \n"
 980 "    STRH    R1, [SP, #0x1C] \n"
 981 "    LDRH    R1, [R4, #2] \n"
 982 "    STRH    R1, [SP, #0x1E] \n"
 983 "    LDRH    R1, [R4, #4] \n"
 984 "    STRH    R1, [SP, #0x20] \n"
 985 "    LDRH    R1, [R4, #6] \n"
 986 "    STRH    R1, [SP, #0x22] \n"
 987 "    LDRH    R1, [R0, #0xC] \n"
 988 "    STRH    R1, [SP, #0x24] \n"
 989 "    LDRH    R1, [R4, #0xA] \n"
 990 "    STRH    R1, [SP, #0x26] \n"
 991 "    BL      sub_FF12BBC0 \n"
 992 "    B       loc_FF12A82C \n"
 993 
 994 "loc_FF12A800:\n"
 995 "    BL      sub_FF126EE0 \n"
 996 "    B       loc_FF12A82C \n"
 997 
 998 "loc_FF12A808:\n"
 999 "    BL      sub_FF12770C \n"
1000 "    B       loc_FF12A82C \n"
1001 
1002 "loc_FF12A810:\n"
1003 "    BL      sub_FF127C7C \n"
1004 "    B       loc_FF12A82C \n"
1005 
1006 "loc_FF12A818:\n"
1007 "    BL      sub_FF127EA4 \n"
1008 "    B       loc_FF12A82C \n"
1009 
1010 "loc_FF12A820:\n"
1011 "    BL      sub_FF128064 \n"
1012 "    B       loc_FF12A82C \n"
1013 
1014 "loc_FF12A828:\n"
1015 "    BL      sub_FF1281D0 \n"
1016 
1017 "loc_FF12A82C:\n"
1018 "    LDR     R0, [SP, #0x28] \n"
1019 "    LDR     R1, [R0, #0x94] \n"
1020 "    LDR     R2, [R0, #0xA8] \n"
1021 "    LDR     R3, [R0, #0xA4] \n"
1022 
1023 "loc_FF12A83C:\n"
1024 "    ADD     R0, R0, #4 \n"
1025 "    BLX     R3 \n"
1026 
1027 "loc_FF12A844:\n"
1028 "    LDR     R0, [SP, #0x28] \n"
1029 "    LDR     R0, [R0] \n"
1030 "    CMP     R0, #0x10 \n"
1031 "    BEQ     loc_FF12A87C \n"
1032 "    BGT     loc_FF12A86C \n"
1033 "    CMP     R0, #1 \n"
1034 "    CMPNE   R0, #4 \n"
1035 "    CMPNE   R0, #0xE \n"
1036 "    BNE     loc_FF12A8B0 \n"
1037 "    B       loc_FF12A87C \n"
1038 
1039 "loc_FF12A86C:\n"
1040 "    CMP     R0, #0x13 \n"
1041 "    CMPNE   R0, #0x17 \n"
1042 "    CMPNE   R0, #0x1A \n"
1043 "    BNE     loc_FF12A8B0 \n"
1044 
1045 "loc_FF12A87C:\n"
1046 "    LDRSH   R0, [R4] \n"
1047 "    CMN     R0, #0xC00 \n"
1048 "    LDRNESH R1, [R4, #8] \n"
1049 "    CMNNE   R1, #0xC00 \n"
1050 "    STRNEH  R0, [SP, #0x1C] \n"
1051 "    STRNEH  R1, [SP, #0x24] \n"
1052 "    BNE     loc_FF12A8B0 \n"
1053 "    ADD     R0, SP, #0x10 \n"
1054 "    BL      sub_FF12BE98 \n"
1055 "    LDRH    R0, [SP, #0x10] \n"
1056 "    STRH    R0, [SP, #0x1C] \n"
1057 "    LDRH    R0, [SP, #0x18] \n"
1058 "    STRH    R0, [SP, #0x24] \n"
1059 
1060 "loc_FF12A8B0:\n"
1061 "    LDR     R0, [SP, #0x28] \n"
1062 "    CMP     R8, #1 \n"
1063 "    BNE     loc_FF12A900 \n"
1064 "    LDR     R1, [R0, #0x94] \n"
1065 "    MOV     R2, #0xC \n"
1066 "    ADD     R1, R1, R1, LSL#1 \n"
1067 "    ADD     R0, R0, R1, LSL#2 \n"
1068 "    SUB     R8, R0, #8 \n"
1069 "    LDR     R0, =0xF9D00 \n"
1070 "    ADD     R1, SP, #0x1C \n"
1071 "    BL      sub_006A90D8 \n"
1072 "    LDR     R0, =0xF9D0C \n"
1073 "    MOV     R2, #0xC \n"
1074 "    ADD     R1, SP, #0x1C \n"
1075 "    BL      sub_006A90D8 \n"
1076 "    LDR     R0, =0xF9D18 \n"
1077 "    MOV     R2, #0xC \n"
1078 "    MOV     R1, R8 \n"
1079 "    BL      sub_006A90D8 \n"
1080 "    B       loc_FF12A978 \n"
1081 
1082 "loc_FF12A900:\n"
1083 "    LDR     R0, [R0] \n"
1084 "    MOV     R3, #1 \n"
1085 "    CMP     R0, #0xB \n"
1086 "    BNE     loc_FF12A944 \n"
1087 "    MOV     R2, #0 \n"
1088 "    STRD    R2, [SP] \n"
1089 "    MOV     R2, R3 \n"
1090 "    MOV     R1, R3 \n"
1091 "    MOV     R0, #0 \n"
1092 "    BL      sub_FF125508 \n"
1093 "    MOV     R3, #1 \n"
1094 "    MOV     R2, #0 \n"
1095 "    STRD    R2, [SP] \n"
1096 "    MOV     R2, R3 \n"
1097 "    MOV     R1, R3 \n"
1098 "    MOV     R0, #0 \n"
1099 "    B       loc_FF12A974 \n"
1100 
1101 "loc_FF12A944:\n"
1102 "    MOV     R2, #1 \n"
1103 "    STRD    R2, [SP] \n"
1104 "    MOV     R3, R2 \n"
1105 "    MOV     R1, R2 \n"
1106 "    MOV     R0, R2 \n"
1107 "    BL      sub_FF125508 \n"
1108 "    MOV     R3, #1 \n"
1109 "    MOV     R2, R3 \n"
1110 "    MOV     R1, R3 \n"
1111 "    MOV     R0, R3 \n"
1112 "    STR     R3, [SP] \n"
1113 "    STR     R3, [SP, #4] \n"
1114 
1115 "loc_FF12A974:\n"
1116 "    BL      sub_FF125674 \n"
1117 
1118 "loc_FF12A978:\n"
1119 "    LDR     R0, [SP, #0x28] \n"
1120 "    BL      sub_FF12B8B0 \n"
1121 "    B       loc_FF12A310 \n"
1122 );
1123 }
1124 
1125 /*************************************************************/
1126 //** sub_FF1266F4_my @ 0xFF1266F4 - 0xFF1267B8, length=50
1127 void __attribute__((naked,noinline)) sub_FF1266F4_my() {
1128 asm volatile (
1129 "    STMFD   SP!, {R4-R8,LR} \n"
1130 "    LDR     R7, =0x4F28 \n"
1131 "    MOV     R4, R0 \n"
1132 "    LDR     R0, [R7, #0x1C] \n"
1133 "    MOV     R1, #0x3E \n"
1134 "    BL      sub_0068BB88 /*_ClearEventFlag*/ \n"
1135 "    MOV     R2, #0 \n"
1136 "    LDRSH   R0, [R4, #4] \n"
1137 "    MOV     R3, #1 \n"
1138 "    MOV     R1, R2 \n"
1139 "    BL      sub_FF125118 \n"
1140 "    MOV     R6, R0 \n"
1141 "    LDRSH   R0, [R4, #6] \n"
1142 "    BL      sub_FF125328 \n"
1143 "    LDRSH   R0, [R4, #8] \n"
1144 "    BL      sub_FF125380 \n"
1145 "    LDRSH   R0, [R4, #0xA] \n"
1146 "    BL      sub_FF1253D8 \n"
1147 "    LDRSH   R0, [R4, #0xC] \n"
1148 "    MOV     R1, #0 \n"
1149 "    BL      sub_FF125430 \n"
1150 "    MOV     R5, R0 \n"
1151 "    LDR     R0, [R4] \n"
1152 "    LDR     R8, =0xF9D18 \n"
1153 "    CMP     R0, #0xB \n"
1154 "    MOVEQ   R6, #0 \n"
1155 "    MOVEQ   R5, R6 \n"
1156 "    BEQ     loc_FF12678C \n"
1157 "    CMP     R6, #1 \n"
1158 "    BNE     loc_FF12678C \n"
1159 "    LDRSH   R0, [R4, #4] \n"
1160 "    LDR     R1, =0xFF125070 \n"
1161 "    MOV     R2, #2 \n"
1162 "    BL      sub_FF2312D0 \n"
1163 "    STRH    R0, [R4, #4] \n"
1164 "    MOV     R0, #0 \n"
1165 "    STR     R0, [R7, #0x28] \n"
1166 "    B       loc_FF126794 \n"
1167 
1168 "loc_FF12678C:\n"
1169 "    LDRH    R0, [R8] \n"
1170 "    STRH    R0, [R4, #4] \n"
1171 
1172 "loc_FF126794:\n"
1173 "    CMP     R5, #1 \n"
1174 "    LDRNEH  R0, [R8, #8] \n"
1175 "    BNE     loc_FF1267B0 \n"
1176 "    LDRSH   R0, [R4, #0xC] \n"
1177 "    LDR     R1, =0xFF1250F4 \n"
1178 "    MOV     R2, #0x20 \n"
1179 "    BL      sub_FF12B910 \n"
1180 
1181 "loc_FF1267B0:\n"
1182 "    STRH    R0, [R4, #0xC] \n"
1183 "    LDRSH   R0, [R4, #6] \n"
1184 "    BL      sub_FF113AE4_my \n"  // --> Patched. Old value = 0xFF113AE4.
1185 "    LDR     PC, =0xFF1267BC \n"  // Continue in firmware
1186 );
1187 }
1188 
1189 /*************************************************************/
1190 //** sub_FF113AE4_my @ 0xFF113AE4 - 0xFF113B24, length=17
1191 void __attribute__((naked,noinline)) sub_FF113AE4_my() {
1192 asm volatile (
1193 "    STMFD   SP!, {R4-R6,LR} \n"
1194 "    LDR     R5, =0x4B88 \n"
1195 "    MOV     R4, R0 \n"
1196 "    LDR     R0, [R5, #4] \n"
1197 "    CMP     R0, #1 \n"
1198 "    MOVNE   R1, #0x154 \n"
1199 "    LDRNE   R0, =0xFF11391C /*'Shutter.c'*/ \n"
1200 "    BLNE    _DebugAssert \n"
1201 "    CMN     R4, #0xC00 \n"
1202 "    LDREQSH R4, [R5, #2] \n"
1203 "    CMN     R4, #0xC00 \n"
1204 "    LDREQ   R1, =0x15A \n"
1205 "    LDREQ   R0, =0xFF11391C /*'Shutter.c'*/ \n"
1206 "    STRH    R4, [R5, #2] \n"
1207 "    BLEQ    _DebugAssert \n"
1208 "    MOV     R0, R4 \n"
1209 "    BL      apex2us \n"  // --> Patched. Old value = _apex2us.
1210 "    LDR     PC, =0xFF113B28 \n"  // Continue in firmware
1211 );
1212 }

/* [<][>][^][v][top][bottom][index][help] */