root/platform/a3000/sub/100b/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. taskCreateHook
  2. taskCreateHook2
  3. boot
  4. sub_FFC00358_my
  5. sub_FFC0119C_my
  6. sub_FFC05E5C_my
  7. taskcreate_Startup_my
  8. task_Startup_my
  9. spytask
  10. CreateTask_spytask
  11. CreateTask_PhySw
  12. init_file_modules_task
  13. sub_FFC6CF0C_my
  14. sub_FFC52014_my
  15. sub_FFC51C3C_my
  16. sub_FFC5195C_my

   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 #include "stdlib.h"
   5 #include "dryos31.h"
   6 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
   7 const char * const new_sa = &_end;
   8 
   9 
  10 // Forward declarations
  11 void CreateTask_PhySw();
  12 void CreateTask_spytask();
  13 void task_CaptSeqTask_my();
  14 
  15 void taskCreateHook(int *p) { 
  16 p-=17;
  17 if (p[0]==0xFFC73674)  p[0]=(int)init_file_modules_task;
  18 if (p[0]==0xFFC5C198)  p[0]=(int)task_CaptSeqTask_my;
  19 if (p[0]==0xFFC94FF8)  p[0]=(int)exp_drv_task;
  20 if (p[0]==0xFFD1381C)  p[0]=(int)movie_record_task;
  21 }
  22 
  23 void taskCreateHook2(int *p) { 
  24 p-=17;
  25 if (p[0]==0xFFC73674)  p[0]=(int)init_file_modules_task;
  26 if (p[0]==0xFFC94FF8)  p[0]=(int)exp_drv_task;
  27 }
  28 
  29 
  30 void __attribute__((naked,noinline)) boot() {
  31 
  32     asm volatile (
  33         "LDR     R1, =0xC0410000\n"
  34         "MOV     R0, #0\n"
  35         "STR     R0, [R1]\n"
  36         "MOV     R1, #0x78\n"
  37 "loc_FFC0001C:\n"
  38         "MCR     p15, 0, R1,c1,c0\n"
  39         "MOV     R1, #0\n"
  40         "MCR     p15, 0, R1,c7,c10, 4\n"
  41 "loc_FFC00028:\n"
  42         "MCR     p15, 0, R1,c7,c5\n"
  43         "MCR     p15, 0, R1,c7,c6\n"
  44         "MOV     R0, #0x3D\n"
  45         "MCR     p15, 0, R0,c6,c0\n"
  46         "MOV     R0, #0xC000002F\n"
  47         "MCR     p15, 0, R0,c6,c1\n"
  48         "MOV     R0, #0x31\n"
  49         "MCR     p15, 0, R0,c6,c2\n"
  50         "LDR     R0, =0x10000031\n"
  51         "MCR     p15, 0, R0,c6,c3\n"
  52         "MOV     R0, #0x40000017\n"
  53         "MCR     p15, 0, R0,c6,c4\n"
  54         "LDR     R0, =0xFFC0002B\n"
  55         "MCR     p15, 0, R0,c6,c5\n"
  56         "MOV     R0, #0x34\n"
  57         "MCR     p15, 0, R0,c2,c0\n"
  58         "MOV     R0, #0x34\n"
  59         "MCR     p15, 0, R0,c2,c0, 1\n"
  60         "MOV     R0, #0x34\n"
  61         "MCR     p15, 0, R0,c3,c0\n"
  62         "LDR     R0, =0x3333330\n"
  63         "MCR     p15, 0, R0,c5,c0, 2\n"
  64         "LDR     R0, =0x3333330\n"
  65         "MCR     p15, 0, R0,c5,c0, 3\n"
  66         "MRC     p15, 0, R0,c1,c0\n"
  67         "ORR     R0, R0, #0x1000\n"
  68         "ORR     R0, R0, #4\n"
  69         "ORR     R0, R0, #1\n"
  70         "MCR     p15, 0, R0,c1,c0\n"
  71         "MOV     R1, #0x40000006\n"
  72         "MCR     p15, 0, R1,c9,c1\n"
  73         "MOV     R1, #6\n"
  74         "MCR     p15, 0, R1,c9,c1, 1\n"
  75         "MRC     p15, 0, R1,c1,c0\n"
  76         "ORR     R1, R1, #0x50000\n"
  77         "MCR     p15, 0, R1,c1,c0\n"
  78         "LDR     R2, =0xC0200000\n"
  79         "MOV     R1, #1\n"
  80         "STR     R1, [R2,#0x10C]\n"
  81         "MOV     R1, #0xFF\n"
  82         "STR     R1, [R2,#0xC]\n"
  83         "STR     R1, [R2,#0x1C]\n"
  84         "STR     R1, [R2,#0x2C]\n"
  85         "STR     R1, [R2,#0x3C]\n"
  86         "STR     R1, [R2,#0x4C]\n"
  87         "STR     R1, [R2,#0x5C]\n"
  88         "STR     R1, [R2,#0x6C]\n"
  89         "STR     R1, [R2,#0x7C]\n"
  90         "STR     R1, [R2,#0x8C]\n"
  91         "STR     R1, [R2,#0x9C]\n"
  92         "STR     R1, [R2,#0xAC]\n"
  93         "STR     R1, [R2,#0xBC]\n"
  94         "STR     R1, [R2,#0xCC]\n"
  95         "STR     R1, [R2,#0xDC]\n"
  96         "STR     R1, [R2,#0xEC]\n"
  97         "STR     R1, [R2,#0xFC]\n"
  98         "LDR     R1, =0xC0400008\n"
  99         "LDR     R2, =0x430005\n"
 100         "STR     R2, [R1]\n"
 101         "MOV     R1, #1\n"
 102         "LDR     R2, =0xC0243100\n"
 103         "STR     R2, [R1]\n"
 104         "LDR     R2, =0xC0242010\n"
 105         "LDR     R1, [R2]\n"
 106         "ORR     R1, R1, #1\n"
 107         "STR     R1, [R2]\n"
 108         "LDR     R0, =0xFFF03608\n"
 109         "LDR     R1, =0x1900\n"
 110         "LDR     R3, =0xB294\n"
 111 "loc_FFC0013C:\n"
 112         "CMP     R1, R3\n"
 113         "LDRCC   R2, [R0],#4\n"
 114         "STRCC   R2, [R1],#4\n"
 115         "BCC     loc_FFC0013C\n"
 116         "LDR     R1, =0x133D38\n"
 117         "MOV     R2, #0\n"
 118 "loc_FFC00154:\n"
 119         "CMP     R3, R1\n"
 120         "STRCC   R2, [R3],#4\n"
 121         "BCC     loc_FFC00154\n"
 122 //        "B       loc_FFC00358\n"
 123                 "B       sub_FFC00358_my\n" // ---------------->
 124     );
 125 };
 126 
 127 void __attribute__((naked,noinline)) sub_FFC00358_my() {
 128     *(int*)0x1930=(int)taskCreateHook; 
 129     *(int*)0x1934=(int)taskCreateHook2; 
 130     *(int*)0x1938=(int)taskCreateHook;          
 131 
 132     /* Power ON/OFF detection */
 133         *(int*)(0x21B4)= (*(int*)0xC02200A8)&1 ? 0x200000 : 0x100000; // replacement  for correct power-on.
 134 
 135                 asm volatile (  
 136 "loc_FFC00358:\n"
 137         "LDR     R0, =0xFFC003D0\n"
 138         "MOV     R1, #0\n"
 139         "LDR     R3, =0xFFC00408\n"
 140 "loc_FFC00364:\n"
 141         "CMP     R0, R3\n"
 142         "LDRCC   R2, [R0],#4\n"
 143         "STRCC   R2, [R1],#4\n"
 144         "BCC     loc_FFC00364\n"
 145         "LDR     R0, =0xFFC00408\n"
 146         "MOV     R1, #0x4B0\n"
 147         "LDR     R3, =0xFFC0061C\n"
 148 "loc_FFC00380:\n"
 149         "CMP     R0, R3\n"
 150         "LDRCC   R2, [R0],#4\n"
 151         "STRCC   R2, [R1],#4\n"
 152         "BCC     loc_FFC00380\n"
 153         "MOV     R0, #0xD2\n"
 154         "MSR     CPSR_cxsf, R0\n"
 155         "MOV     SP, #0x1000\n"
 156         "MOV     R0, #0xD3\n"
 157         "MSR     CPSR_cxsf, R0\n"
 158         "MOV     SP, #0x1000\n"
 159         "LDR     R0, =0x6C4\n"
 160         "LDR     R2, =0xEEEEEEEE\n"
 161         "MOV     R3, #0x1000\n"
 162 "loc_FFC003B4:\n"
 163         "CMP     R0, R3\n"
 164         "STRCC   R2, [R0],#4\n"
 165         "BCC     loc_FFC003B4\n"
 166         //"BL      sub_FFC0119C\n"
 167         "BL      sub_FFC0119C_my\n"
 168 /*
 169 "loc_FFC003C4:\n"
 170         "ANDEQ   R0, R0, R4,ASR#13\n"
 171 "loc_FFC003C8:\n"
 172         "ANDEQ   R0, R0, R0,ROR R6\n"
 173 "loc_FFC003CC:\n"
 174         "ANDEQ   R0, R0, R4,ROR R6\n"
 175 "loc_FFC003D0:\n"
 176         "NOP\n"
 177         "LDR     PC, =0xFFC0061C\n"
 178 */
 179   );                            
 180 };
 181 
 182 
 183 void __attribute__((naked,noinline)) sub_FFC0119C_my() { 
 184         asm volatile (
 185         "STR     LR, [SP,#-4]!\n"
 186         "SUB     SP, SP, #0x74\n"
 187         "MOV     R0, SP\n"
 188         "MOV     R1, #0x74\n"
 189         "BL      sub_FFE8D778\n"
 190         "MOV     R0, #0x53000\n"
 191         "STR     R0, [SP,#4]\n"
 192 #if defined(CHDK_NOT_IN_CANON_HEAP)
 193         "LDR     R0, =0x133D38\n"
 194 #else
 195                  "LDR     R0, =new_sa\n"        // +
 196                  "LDR     R0, [R0]\n"           // +    
 197 #endif
 198         "LDR     R2, =0x279C00\n"
 199         "LDR     R1, =0x2724A8\n"
 200         "STR     R0, [SP,#8]\n"
 201         "SUB     R0, R1, R0\n"
 202         "ADD     R3, SP, #0xC\n"
 203         "STR     R2, [SP]\n"
 204         "STMIA   R3, {R0-R2}\n"
 205         "MOV     R0, #0x22\n"
 206         "STR     R0, [SP,#0x18]\n"
 207         "MOV     R0, #0x68\n"
 208         "STR     R0, [SP,#0x1C]\n"
 209         "LDR     R0, =0x19B\n"
 210         //"LDR     R1, =sub_FFC05E5C\n"
 211                 "LDR     R1, =sub_FFC05E5C_my\n"
 212         "LDR     PC, =0xffc011f0\n" // jump back to fw
 213 /*
 214         "STR     R0, [SP,#0x20]\n"
 215         "MOV     R0, #0x96\n"
 216         "STR     R0, [SP,#0x24]\n"
 217         "MOV     R0, #0x78\n"
 218         "STR     R0, [SP,#0x28]\n"
 219         "MOV     R0, #0x64\n"
 220         "STR     R0, [SP,#0x2C]\n"
 221         "MOV     R0, #0\n"
 222         "STR     R0, [SP,#0x30]\n"
 223         "STR     R0, [SP,#0x34]\n"
 224         "MOV     R0, #0x10\n"
 225         "STR     R0, [SP,#0x5C]\n"
 226         "MOV     R0, #0x800\n"
 227         "STR     R0, [SP,#0x60]\n"
 228         "MOV     R0, #0xA0\n"
 229         "STR     R0, [SP,#0x64]\n"
 230         "MOV     R0, #0x280\n"
 231         "STR     R0, [SP,#0x68]\n"
 232         "MOV     R0, SP\n"
 233         "MOV     R2, #0\n"
 234         "BL      sub_FFC03408\n"
 235         "ADD     SP, SP, #0x74\n"
 236         "LDR     PC, [SP],#4\n"
 237 */
 238         );
 239 }; 
 240 
 241 void __attribute__((naked,noinline)) sub_FFC05E5C_my() {
 242         asm volatile (
 243         "STMFD   SP!, {R4,LR}\n"
 244         "BL      sub_FFC00B24\n"
 245         "BL      sub_FFC0A838\n"
 246         "CMP     R0, #0\n"
 247         "LDRLT   R0, =0xFFC05F70\n"
 248         "BLLT    sub_FFC05F50\n"
 249         "BL      sub_FFC05A98\n"
 250         "CMP     R0, #0\n"
 251         "LDRLT   R0, =0xFFC05F78\n"
 252         "BLLT    sub_FFC05F50\n"
 253         "LDR     R0, =0xFFC05F88\n"
 254         "BL      sub_FFC05B80\n"
 255         "CMP     R0, #0\n"
 256         "LDRLT   R0, =0xFFC05F90\n"
 257         "BLLT    sub_FFC05F50\n"
 258         "LDR     R0, =0xFFC05F88\n"
 259         "BL      sub_FFC03BF4\n"
 260         "CMP     R0, #0\n"
 261         "LDRLT   R0, =0xFFC05FA4\n"
 262         "BLLT    sub_FFC05F50\n"
 263         "BL      sub_FFC0A230\n"
 264         "CMP     R0, #0\n"
 265         "LDRLT   R0, =0xFFC05FB0\n"
 266         "BLLT    sub_FFC05F50\n"
 267         "BL      sub_FFC01680\n"
 268         "CMP     R0, #0\n"
 269         "LDRLT   R0, =0xFFC05FBC\n"
 270         "BLLT    sub_FFC05F50\n"
 271         "LDMFD   SP!, {R4,LR}\n"
 272         //"B       sub_FFC105BC\n"
 273                 "B       taskcreate_Startup_my\n" //----------> 
 274         );
 275 }; 
 276 
 277 
 278 
 279 void __attribute__((naked,noinline)) taskcreate_Startup_my() { 
 280         asm volatile (  
 281         
 282         "STMFD   SP!, {R3,LR}\n"
 283         "BL      sub_FFC23A78\n"
 284         "BL      sub_FFC2AF84\n"
 285         "CMP     R0, #0\n"
 286         "BNE     loc_FFC105F8\n"
 287         "BL      sub_FFC2526C\n"
 288         "CMP     R0, #0\n"
 289         "BEQ     loc_FFC105F8\n"
 290         "BL      sub_FFC23A74\n"
 291         "CMP     R0, #0\n"
 292         "BNE     loc_FFC105F8\n"
 293         "LDR     R1, =0xC0220000\n"
 294         "MOV     R0, #0x44\n"
 295         "STR     R0, [R1,#0x48]\n"
 296 "loc_FFC105F4:\n"
 297         "B       loc_FFC105F4\n"
 298 "loc_FFC105F8:\n"
 299         //"BL      sub_FFC23A80\n" // removed, see boot() function              
 300         "BL      sub_FFC23A7C\n"
 301         "BL      sub_FFC293A8\n"
 302         "LDR     R1, =0x2CE000\n"
 303         "MOV     R0, #0\n"
 304         "BL      sub_FFC295F0\n"
 305         "BL      sub_FFC2959C    \n"
 306         "MOV     R3, #0\n"
 307         "STR     R3, [SP]\n"
 308         //"ADR     R3, sub_FFC10560\n"
 309         "LDR     R3, =task_Startup_my\n" //+ ----------->               
 310         "MOV     R2, #0\n"
 311         "MOV     R1, #0x19\n"
 312         "LDR     R0, =0xFFC10640\n"
 313         "BL      sub_FFC0F110    \n"
 314         "MOV     R0, #0\n"
 315         "LDMFD   SP!, {R12,PC}\n"
 316  );
 317 }; 
 318 
 319 void __attribute__((naked,noinline)) task_Startup_my() { 
 320         asm volatile (
 321         "STMFD   SP!, {R4,LR}\n"
 322         "BL      sub_FFC06228\n"
 323         "BL      sub_FFC24B7C\n"
 324         "BL      sub_FFC23414\n"
 325         "BL      sub_FFC2AFC4\n"
 326         "BL      sub_FFC2B1B0\n"
 327         //"BL      sub_FFC2B058\n" // Skip starting diskboot.bin again
 328         "BL      sub_FFC2B34C\n"
 329         "BL      sub_FFC2B1E0\n"
 330         "BL      sub_FFC28840\n"
 331         "BL      sub_FFC2B350\n"
 332                 //"BL      sub_FFC23968\n"
 333         );               
 334         CreateTask_PhySw(); // +
 335         CreateTask_spytask();  // +
 336     asm volatile (                      
 337         "BL      sub_FFC26EA8\n"
 338         "BL      sub_FFC2B368\n"
 339         "BL      sub_FFC222BC\n"
 340         "BL      sub_FFC22E6C    \n"
 341         "BL      sub_FFC2AD5C\n"
 342         "BL      sub_FFC233C8\n"
 343         "BL      sub_FFC22E08\n"
 344         "BL      sub_FFC2BDCC\n"
 345         "BL      sub_FFC22DE0\n"
 346         "LDMFD   SP!, {R4,LR}\n"
 347         "B       sub_FFC06128    \n"
 348         );
 349 }; 
 350 
 351 void spytask(long ua, long ub, long uc, long ud, long ue, long uf)
 352 {
 353     core_spytask();
 354 }
 355 void CreateTask_spytask() { 
 356         _CreateTask("SpyTask", 0x19, 0x2000, spytask, 0);
 357 };
 358 
 359 void __attribute__((naked,noinline)) CreateTask_PhySw() {
 360         asm volatile ( 
 361         "STMFD   SP!, {R3-R5,LR}\n"
 362         "LDR     R4, =0x1BE4\n"
 363         "LDR     R0, [R4,#0x10]\n"
 364         "CMP     R0, #0\n"
 365         "BNE     loc_FFC2399C\n"
 366         "MOV     R3, #0\n"
 367         "STR     R3, [SP]\n"
 368         //"LDR     R3, =0xFFC23934\n"
 369         //"MOV     R2, #0x800\n"
 370         "LDR     R3, =mykbd_task\n"  // task_phySw
 371             "MOV     R2, #0x2000\n"             // greater Stacksize
 372         "MOV     R1, #0x17\n"
 373         "LDR     R0, =0xFFC23B70 \n"
 374         "BL      sub_FFC0F3E8    \n"
 375         "STR     R0, [R4,#0x10]\n"
 376 "loc_FFC2399C:\n"
 377         "BL      sub_FFC6AA14\n"
 378         "BL      sub_FFC251E4\n"
 379         "CMP     R0, #0\n"
 380         "LDREQ   R1, =0x2EEE0\n"
 381         "LDMEQFD SP!, {R3-R5,LR}\n"
 382         "BEQ     sub_FFC6A99C\n"
 383         "LDMFD   SP!, {R3-R5,PC}\n"
 384         "CMP     R0, #3\n"
 385         );
 386 };
 387 
 388 void __attribute__((naked,noinline)) init_file_modules_task() { 
 389   asm volatile (
 390         "STMFD   SP!, {R4-R6,LR}\n"
 391         "BL      sub_FFC6CEE0\n"
 392         "LDR     R5, =0x5006\n"
 393         "MOVS    R4, R0\n"
 394         "MOVNE   R1, #0\n"
 395         "MOVNE   R0, R5\n"
 396         "BLNE    sub_FFC6F79C\n"
 397         // "BL      sub_FFC6CF0C\n"
 398         "BL      sub_FFC6CF0C_my\n"
 399                 "BL      core_spytask_can_start\n"      // +            
 400         "CMP     R4, #0\n"
 401         "MOVEQ   R0, R5\n"
 402         "LDMEQFD SP!, {R4-R6,LR}\n"
 403         "MOVEQ   R1, #0\n"
 404         "BEQ     sub_FFC6F79C\n"
 405         "LDMFD   SP!, {R4-R6,PC}\n"
 406  );
 407 }; 
 408 
 409 void __attribute__((naked,noinline)) sub_FFC6CF0C_my() { 
 410  asm volatile (
 411         "STMFD   SP!, {R4,LR}\n"
 412         "MOV     R0, #3\n"
 413         //"BL      sub_FFC52014    \n"
 414                 "BL      sub_FFC52014_my\n"
 415         "LDR     PC,=0xffc6cf18\n" // jump back to fw
 416 /*
 417         "BL      sub_FFCFE2E8\n"
 418         "LDR     R4, =0x2B70\n"
 419         "LDR     R0, [R4,#4]\n"
 420         "CMP     R0, #0\n"
 421         "BNE     loc_FFC6CF44\n"
 422         "BL      sub_FFC5125C\n"
 423         "BL      sub_FFCF48B8\n"
 424         "BL      sub_FFC5125C\n"
 425         "BL      sub_FFC4DCD4\n"
 426         "BL      sub_FFC5115C\n"
 427         "BL      sub_FFCF494C\n"
 428 "loc_FFC6CF44:\n"
 429         "MOV     R0, #1\n"
 430         "STR     R0, [R4]\n"
 431         "LDMFD   SP!, {R4,PC}\n"
 432 */
 433  );
 434 }; 
 435 
 436 
 437 void __attribute__((naked,noinline)) sub_FFC52014_my() {
 438  asm volatile (
 439          "STMFD   SP!, {R4-R8,LR}\n"
 440         "MOV     R8, R0\n"
 441         "BL      sub_FFC51F94    \n"
 442         "LDR     R1, =0x33688\n"
 443         "MOV     R6, R0\n"
 444         "ADD     R4, R1, R0,LSL#7\n"
 445         "LDR     R0, [R4,#0x6C]\n"
 446         "CMP     R0, #4\n"
 447         "LDREQ   R1, =0x817\n"
 448         "LDREQ   R0, =0xFFC51AD4\n"
 449         "BLEQ    sub_FFC0F5E8\n"
 450         "MOV     R1, R8\n"
 451         "MOV     R0, R6\n"
 452         "BL      sub_FFC5184C    \n"
 453         "LDR     R0, [R4,#0x38]\n"
 454         "BL      sub_FFC526B4\n"
 455         "CMP     R0, #0\n"
 456         "STREQ   R0, [R4,#0x6C]\n"
 457         "MOV     R0, R6\n"
 458         "BL      sub_FFC518DC\n"
 459         "MOV     R0, R6\n"
 460         //"BL      sub_FFC51C3C\n"
 461                 "BL      sub_FFC51C3C_my\n" //------------->            
 462         "LDR     PC, =0xffc5206c\n" // jump back to firmware
 463 /*
 464         "MOV     R5, R0\n"
 465         "MOV     R0, R6\n"
 466         "BL      sub_FFC51E6C    \n"
 467         "LDR     R6, [R4,#0x3C]\n"
 468         "AND     R7, R5, R0\n"
 469         "CMP     R6, #0\n"
 470         "LDR     R1, [R4,#0x38]\n"
 471         "MOVEQ   R0, #0x80000001\n"
 472         "MOV     R5, #0\n"
 473         "BEQ     loc_FFC520C4\n"
 474         "MOV     R0, R1\n"
 475         "BL      sub_FFC513C4\n"
 476         "CMP     R0, #0\n"
 477         "MOVNE   R5, #4\n"
 478         "CMP     R6, #5\n"
 479         "ORRNE   R0, R5, #1\n"
 480         "BICEQ   R0, R5, #1\n"
 481         "CMP     R7, #0\n"
 482         "BICEQ   R0, R0, #2\n"
 483         "ORREQ   R0, R0, #0x80000000\n"
 484         "BICNE   R0, R0, #0x80000000\n"
 485         "ORRNE   R0, R0, #2\n"
 486 "loc_FFC520C4:\n"
 487         "CMP     R8, #7\n"
 488         "STR     R0, [R4,#0x40]\n"
 489         "LDMNEFD SP!, {R4-R8,PC}\n"
 490         "MOV     R0, R8\n"
 491         "BL      sub_FFC51FE4\n"
 492         "CMP     R0, #0\n"
 493         "LDMEQFD SP!, {R4-R8,LR}\n"
 494         "LDREQ   R0, =0xFFC52110\n"
 495         "BEQ     sub_FFC01780\n"
 496         "LDMFD   SP!, {R4-R8,PC}\n"
 497 */
 498  );
 499 }; 
 500 
 501 void __attribute__((naked,noinline)) sub_FFC51C3C_my() {
 502 
 503  asm volatile (
 504         "STMFD   SP!, {R4-R6,LR}\n"
 505         "MOV     R5, R0\n"
 506         "LDR     R0, =0x33688\n"
 507         "ADD     R4, R0, R5,LSL#7\n"
 508         "LDR     R0, [R4,#0x6C]\n"
 509         "TST     R0, #2\n"
 510         "MOVNE   R0, #1\n"
 511         "LDMNEFD SP!, {R4-R6,PC}\n"
 512         "LDR     R0, [R4,#0x38]\n"
 513         "MOV     R1, R5\n"
 514         //"BL      sub_FFC5195C    \n"
 515         "BL      sub_FFC5195C_my\n" // ------------------>              
 516         "LDR     PC,=0xffc51c68\n" // jump back to fw
 517 /*
 518         "CMP     R0, #0\n"
 519         "LDRNE   R0, [R4,#0x38]\n"
 520         "MOVNE   R1, R5\n"
 521         "BLNE    sub_FFC51AF8    \n"
 522         "LDR     R2, =0x33708\n"
 523         "ADD     R1, R5, R5,LSL#4\n"
 524         "LDR     R1, [R2,R1,LSL#2]\n"
 525         "CMP     R1, #4\n"
 526         "BEQ     loc_FFC51C9C\n"
 527         "CMP     R0, #0\n"
 528         "LDMEQFD SP!, {R4-R6,PC}\n"
 529         "MOV     R0, R5\n"
 530         "BL      sub_FFC51454\n"
 531 "loc_FFC51C9C:\n"
 532         "CMP     R0, #0\n"
 533         "LDRNE   R1, [R4,#0x6C]\n"
 534         "ORRNE   R1, R1, #2\n"
 535         "STRNE   R1, [R4,#0x6C]\n"
 536         "LDMFD   SP!, {R4-R6,PC}\n"
 537 */
 538  );
 539 };
 540 
 541 
 542 void __attribute__((naked,noinline)) sub_FFC5195C_my() {
 543  asm volatile ( 
 544         "STMFD   SP!, {R4-R10,LR}\n"
 545         "MOV     R9, R0\n"
 546         "LDR     R0, =0x33688\n"
 547         "MOV     R8, #0\n"
 548         "ADD     R5, R0, R1,LSL#7\n"
 549         "LDR     R0, [R5,#0x3C]\n"
 550         "MOV     R7, #0\n"
 551         "CMP     R0, #7\n"
 552         "MOV     R6, #0\n"
 553         "ADDLS   PC, PC, R0,LSL#2\n"
 554         "B       loc_FFC51AB4\n"
 555 "loc_FFC51988:\n"
 556         "B       loc_FFC519C0\n"
 557 "loc_FFC5198C:\n"
 558         "B       loc_FFC519A8\n"
 559 "loc_FFC51990:\n"
 560         "B       loc_FFC519A8\n"
 561 "loc_FFC51994:\n"
 562         "B       loc_FFC519A8\n"
 563 "loc_FFC51998:\n"
 564         "B       loc_FFC519A8\n"
 565 "loc_FFC5199C:\n"
 566         "B       loc_FFC51AAC\n"
 567 "loc_FFC519A0:\n"
 568         "B       loc_FFC519A8\n"
 569 "loc_FFC519A4:\n"
 570         "B       loc_FFC519A8\n"
 571 "loc_FFC519A8:\n"
 572         "MOV     R2, #0\n"
 573         "MOV     R1, #0x200\n"
 574         "MOV     R0, #2\n"
 575         "BL      sub_FFC6710C\n"
 576         "MOVS    R4, R0\n"
 577         "BNE     loc_FFC519C8\n"
 578 "loc_FFC519C0:\n"
 579         "MOV     R0, #0\n"
 580         "LDMFD   SP!, {R4-R10,PC}\n"
 581 "loc_FFC519C8:\n"
 582         "LDR     R12, [R5,#0x50]\n"
 583         "MOV     R3, R4\n"
 584         "MOV     R2, #1\n"
 585         "MOV     R1, #0\n"
 586         "MOV     R0, R9\n"
 587         "BLX     R12\n"
 588         "CMP     R0, #1\n"
 589         "BNE     loc_FFC519F4\n"
 590         "MOV     R0, #2\n"
 591         "BL      sub_FFC67258    \n"
 592         "B       loc_FFC519C0\n"
 593 "loc_FFC519F4:\n"
 594         "LDR     R1, [R5,#0x64]\n"
 595         "MOV     R0, R9\n"
 596         "BLX     R1\n"
 597                 
 598                "MOV   R1, R4\n"           //  pointer to MBR in R1
 599 //                              "BL    mbr_read_dryos\n"   //  total sectors count in R0 before and after call
 600 
 601                 // Start of DataGhost's FAT32 autodetection code
 602                 // Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
 603                 // According to the code below, we can use R1, R2, R3 and R12.
 604                 // LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
 605                 // that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
 606                 "MOV     R12, R4\n"                    // Copy the MBR start address so we have something to work with
 607                 "MOV     LR, R4\n"                     // Save old offset for MBR signature
 608                 "MOV     R1, #1\n"                     // Note the current partition number
 609                 "B       dg_sd_fat32_enter\n"          // We actually need to check the first partition as well, no increments yet!
 610            "dg_sd_fat32:\n"
 611                 "CMP     R1, #4\n"                     // Did we already see the 4th partition?
 612                 "BEQ     dg_sd_fat32_end\n"            // Yes, break. We didn't find anything, so don't change anything.
 613                 "ADD     R12, R12, #0x10\n"            // Second partition
 614                 "ADD     R1, R1, #1\n"                 // Second partition for the loop
 615            "dg_sd_fat32_enter:\n"
 616                 "LDRB    R2, [R12, #0x1BE]\n"          // Partition status
 617                 "LDRB    R3, [R12, #0x1C2]\n"          // Partition type (FAT32 = 0xB)
 618                 "CMP     R3, #0xB\n"                   // Is this a FAT32 partition?
 619                 "CMPNE   R3, #0xC\n"                   // Not 0xB, is it 0xC (FAT32 LBA) then?
 620                 "BNE     dg_sd_fat32\n"                // No, it isn't.
 621                 "CMP     R2, #0x00\n"                  // It is, check the validity of the partition type
 622                 "CMPNE   R2, #0x80\n"
 623                 "BNE     dg_sd_fat32\n"                // Invalid, go to next partition
 624                                                        // This partition is valid, it's the first one, bingo!
 625                 "MOV     R4, R12\n"                    // Move the new MBR offset for the partition detection.
 626                 
 627            "dg_sd_fat32_end:\n"
 628                 // End of DataGhost's FAT32 autodetection code    
 629                                 
 630         "LDRB    R1, [R4,#0x1C9]\n"
 631         "LDRB    R3, [R4,#0x1C8]\n"
 632         "LDRB    R12, [R4,#0x1CC]\n"
 633         "MOV     R1, R1,LSL#24\n"
 634         "ORR     R1, R1, R3,LSL#16\n"
 635         "LDRB    R3, [R4,#0x1C7]\n"
 636         "LDRB    R2, [R4,#0x1BE]\n"
 637         //"LDRB    LR, [R4,#0x1FF]\n" // replaced, see below            
 638         "ORR     R1, R1, R3,LSL#8\n"
 639         "LDRB    R3, [R4,#0x1C6]\n"
 640         "CMP     R2, #0\n"
 641         "CMPNE   R2, #0x80\n"
 642         "ORR     R1, R1, R3\n"
 643         "LDRB    R3, [R4,#0x1CD]\n"
 644         "MOV     R3, R3,LSL#24\n"
 645         "ORR     R3, R3, R12,LSL#16\n"
 646         "LDRB    R12, [R4,#0x1CB]\n"
 647         "ORR     R3, R3, R12,LSL#8\n"
 648         "LDRB    R12, [R4,#0x1CA]\n"
 649         "ORR     R3, R3, R12\n"
 650         //"LDRB    R12, [R4,#0x1FE]\n" // replaced, see below
 651         "LDRB    R12, [LR,#0x1FE]\n"        // New! First MBR signature byte (0x55)
 652         "LDRB    LR, [LR,#0x1FF]\n"         //      Last MBR signature byte (0xAA)      
 653         "BNE     loc_FFC51A80\n"
 654         "CMP     R0, R1\n"
 655         "BCC     loc_FFC51A80\n"
 656         "ADD     R2, R1, R3\n"
 657         "CMP     R2, R0\n"
 658         "CMPLS   R12, #0x55\n"
 659         "CMPEQ   LR, #0xAA\n"
 660         "MOVEQ   R7, R1\n"
 661         "MOVEQ   R6, R3\n"
 662         "MOVEQ   R4, #1\n"
 663         "BEQ     loc_FFC51A84\n"
 664 "loc_FFC51A80:\n"
 665         "MOV     R4, R8\n"
 666 "loc_FFC51A84:\n"
 667         "MOV     R0, #2\n"
 668         "BL      sub_FFC67258    \n"
 669         "CMP     R4, #0\n"
 670         "BNE     loc_FFC51AC0\n"
 671         "LDR     R1, [R5,#0x64]\n"
 672         "MOV     R7, #0\n"
 673         "MOV     R0, R9\n"
 674         "BLX     R1\n"
 675         "MOV     R6, R0\n"
 676         "B       loc_FFC51AC0\n"
 677 "loc_FFC51AAC:\n"
 678         "MOV     R6, #0x40\n"
 679         "B       loc_FFC51AC0\n"
 680 "loc_FFC51AB4:\n"
 681         "LDR     R1, =0x572\n"
 682         "LDR     R0, =0xFFC51AD4\n"
 683         "BL      sub_FFC0F5E8\n"
 684 "loc_FFC51AC0:\n"
 685         "STR     R7, [R5,#0x44]!\n"
 686         "STMIB   R5, {R6,R8}\n"
 687         "MOV     R0, #1\n"
 688         "LDMFD   SP!, {R4-R10,PC}\n"
 689  );
 690 }; 
 691 

/* [<][>][^][v][top][bottom][index][help] */