fw 947 core/gui_draw.c unsigned int fw = FONT_WIDTH; fw 956 core/gui_draw.c draw_hline_simple(x, y+j, fw, 0); fw 957 core/gui_draw.c draw_hline_simple(x, y+j+1, fw, 0); fw 995 core/gui_draw.c draw_1pixel_simple(x+ii, yt, dsym>>(fw-1), 1); fw 998 core/gui_draw.c for (; ii<fw; ii+=2) fw 1000 core/gui_draw.c px = (dsym & ((3<<(fw-2))>>ii))>>(fw-2-ii); fw 1019 core/gui_draw.c draw_hline_simple(x, y+j, fw, 0); fw 1020 core/gui_draw.c draw_hline_simple(x, y+j+1, fw, 0); fw 1032 core/gui_draw.c unsigned int fw = FONT_REAL_WIDTH; fw 1039 core/gui_draw.c draw_hline_simple(x, y+i, fw, 0); fw 1064 core/gui_draw.c draw_1pixel_simple(x+ii, yt, dsym>>(fw-1), 0); fw 1067 core/gui_draw.c for (; ii<fw; ii+=2) fw 1069 core/gui_draw.c px = (dsym & ((3<<(fw-2))>>ii))>>(fw-2-ii); fw 1086 core/gui_draw.c draw_hline_simple(x, y+i, fw, 0); fw 298 tools/capdis.c static void describe_str(firmware *fw, char *comment, uint32_t adr) fw 301 tools/capdis.c char *s=(char *)adr2ptr_with_data(fw,adr); fw 306 tools/capdis.c if(!isASCIIstring(fw,adr)) { fw 311 tools/capdis.c s=(char *)adr2ptr_with_data(fw,adr2); fw 316 tools/capdis.c if(!isASCIIstring(fw,adr2)) { fw 396 tools/capdis.c void describe_const_op(firmware *fw, unsigned dis_opts, char *comment, uint32_t adr) fw 400 tools/capdis.c ostub = find_sig_val(fw->sv->stubs,adr); fw 402 tools/capdis.c uint32_t *p=(uint32_t *)adr2ptr(fw,adr); fw 404 tools/capdis.c ostub = find_sig_val(fw->sv->stubs,*p); fw 417 tools/capdis.c describe_str(fw,comment,adr); fw 421 tools/capdis.c void describe_prop_call(firmware *fw,iter_state_t *is, unsigned dis_opts, char *comment, uint32_t target) fw 429 tools/capdis.c if((get_call_const_args(fw,is,6,regs)&1)!=1) { fw 432 tools/capdis.c osig* ostub = find_sig_val(fw->sv->propcases,regs[0]); fw 440 tools/capdis.c void describe_simple_func(firmware *fw, unsigned dis_opts, char *comment, uint32_t target) fw 446 tools/capdis.c if(!check_simple_func(fw, target, MATCH_SIMPLE_FUNC_ANY, &info)) { fw 458 tools/capdis.c int do_dis_branch(firmware *fw, iter_state_t *is, unsigned dis_opts, char *ops, char *comment) fw 460 tools/capdis.c uint32_t target = B_target(fw,is->insn); fw 463 tools/capdis.c target = CBx_target(fw,is->insn); fw 474 tools/capdis.c ostub = find_sig_val(fw->sv->stubs,target|is->thumb); fw 483 tools/capdis.c if(fw_disasm_iter_single(fw,target|is->thumb)) { fw 484 tools/capdis.c j_target=get_direct_jump_target(fw,fw->is); fw 486 tools/capdis.c ostub = find_sig_val(fw->sv->stubs,j_target); fw 509 tools/capdis.c describe_prop_call(fw,is,dis_opts,comment,desc_adr | is->thumb); fw 510 tools/capdis.c describe_simple_func(fw,dis_opts,comment,desc_adr | is->thumb); fw 515 tools/capdis.c int do_dis_call(firmware *fw, iter_state_t *is, unsigned dis_opts, char *ops, char *comment) fw 522 tools/capdis.c uint32_t target = get_branch_call_insn_target(fw,is); // target with thumb bit set appropriately fw 527 tools/capdis.c ostub = find_sig_val(fw->sv->stubs,target); fw 536 tools/capdis.c if(fw_disasm_iter_single(fw,target)) { fw 537 tools/capdis.c j_target=get_direct_jump_target(fw,fw->is); fw 539 tools/capdis.c ostub = find_sig_val(fw->sv->stubs,j_target); fw 563 tools/capdis.c describe_prop_call(fw,is,dis_opts,comment,desc_adr); fw 564 tools/capdis.c describe_simple_func(fw,dis_opts,comment,desc_adr); fw 569 tools/capdis.c firmware *fw, fw 584 tools/capdis.c if(do_dis_branch(fw,is,dis_opts,ops,comment)) { fw 587 tools/capdis.c if(do_dis_call(fw,is,dis_opts,ops,comment)) { fw 592 tools/capdis.c uint32_t ad=LDR_PC2adr(fw,insn); fw 593 tools/capdis.c uint32_t *pv=(uint32_t *)adr2ptr(fw,ad); fw 608 tools/capdis.c describe_const_op(fw,dis_opts,comment,ad); fw 613 tools/capdis.c unsigned ad=ADRx2adr(fw,insn); fw 614 tools/capdis.c uint32_t *pv=(uint32_t *)adr2ptr(fw,ad); fw 650 tools/capdis.c describe_const_op(fw,dis_opts,comment,ad); fw 654 tools/capdis.c } else if(get_TBx_PC_info(fw,is,ti)) { fw 663 tools/capdis.c void do_adr_label(firmware *fw, struct llist **branch_list, iter_state_t *is, unsigned dis_opts) fw 671 tools/capdis.c ostub = find_sig_val(fw->sv->stubs,adr|is->thumb); fw 692 tools/capdis.c static void do_tbb_data(firmware *fw, iter_state_t *is, unsigned dis_opts, tbx_info_t *ti) fw 702 tools/capdis.c uint8_t *p=adr2ptr(fw,adr); fw 735 tools/capdis.c uint8_t *p=adr2ptr(fw,adr); fw 746 tools/capdis.c if(!disasm_iter_init(fw,is,adr | is->thumb)) { fw 754 tools/capdis.c static void do_tbh_data(firmware *fw, iter_state_t *is, unsigned dis_opts, tbx_info_t *ti) fw 764 tools/capdis.c uint16_t *p=(uint16_t *)adr2ptr(fw,adr); fw 791 tools/capdis.c if(!disasm_iter_init(fw,is,adr | is->thumb)) { fw 796 tools/capdis.c static void do_tbx_pass1(firmware *fw, iter_state_t *is, struct llist **branch_list, unsigned dis_opts, tbx_info_t *ti) fw 801 tools/capdis.c uint8_t *p=adr2ptr(fw,adr); fw 829 tools/capdis.c if(!disasm_iter_init(fw,is,adr | is->thumb)) { fw 835 tools/capdis.c static void do_tbx_data(firmware *fw, iter_state_t *is, unsigned dis_opts, tbx_info_t *ti) fw 838 tools/capdis.c do_tbb_data(fw,is,dis_opts,ti); fw 840 tools/capdis.c do_tbh_data(fw,is,dis_opts,ti); fw 844 tools/capdis.c static void do_dis_range(firmware *fw, fw 851 tools/capdis.c iter_state_t *is=disasm_iter_new(fw,dis_start); fw 860 tools/capdis.c if(disasm_iter(fw,is)) { fw 861 tools/capdis.c uint32_t b_tgt=get_branch_call_insn_target(fw,is); fw 865 tools/capdis.c } else if(get_TBx_PC_info(fw,is,&ti)) { fw 868 tools/capdis.c do_tbx_pass1(fw,is,branch_list,dis_opts,&ti); fw 871 tools/capdis.c if(!disasm_iter_init(fw,is,(is->adr+is->insn_min_size) | is->thumb)) { fw 880 tools/capdis.c disasm_iter_init(fw,is,dis_start); fw 882 tools/capdis.c if(disasm_iter(fw,is)) { fw 883 tools/capdis.c do_adr_label(fw,branch_list,is,dis_opts); fw 907 tools/capdis.c do_dis_insn(fw,is,dis_opts,insn_mnemonic,insn_ops,comment,&ti); fw 951 tools/capdis.c do_tbx_data(fw,is,dis_opts,&ti); fw 968 tools/capdis.c uint16_t *pv=(uint16_t *)adr2ptr(fw,is->adr); fw 979 tools/capdis.c if(!disasm_iter_init(fw,is,(is->adr+is->insn_min_size)|is->thumb)) { fw 1145 tools/capdis.c firmware fw; fw 1148 tools/capdis.c fw.sv = new_stub_values(); fw 1151 tools/capdis.c load_funcs(fw.sv, stubs_path); fw 1153 tools/capdis.c load_stubs(fw.sv, stubs_path, 1); fw 1155 tools/capdis.c load_stubs(fw.sv, stubs_path, 1); fw 1157 tools/capdis.c load_stubs(fw.sv, stubs_path, 1); // Load second so values override stubs_entry.S fw 1160 tools/capdis.c fw.sv->propcases = NULL; fw 1168 tools/capdis.c load_propcases(fw.sv, props_path); fw 1169 tools/capdis.c if(!fw.sv->propcases) { fw 1173 tools/capdis.c osig *ostub=find_sig(fw.sv->stubs,"SetPropertyCase"); fw 1180 tools/capdis.c ostub=find_sig(fw.sv->stubs,"GetPropertyCase"); fw 1198 tools/capdis.c osig *ostub=find_sig(fw.sv->stubs,dis_start_fn); fw 1248 tools/capdis.c firmware_load(&fw,dumpname,load_addr,dis_arch); fw 1249 tools/capdis.c firmware_init_capstone(&fw); fw 1251 tools/capdis.c firmware_init_data_ranges(&fw); fw 1255 tools/capdis.c if(dis_start < fw.base) { fw 1256 tools/capdis.c adr_range_t *ar=adr_get_range(&fw,dis_start); fw 1268 tools/capdis.c do_dis_range(&fw, dis_start, dis_count, dis_end, dis_end_ret_count, dis_opts); fw 1270 tools/capdis.c firmware_unload(&fw); fw 285 tools/chdk_dasm.c static char * print_ascii_str(firmware *fw, char *op, t_value w) fw 287 tools/chdk_dasm.c if (isASCIIstring(fw, w)) fw 290 tools/chdk_dasm.c char *p = adr2ptr(fw, w); fw 322 tools/chdk_dasm.c static char * xhex8(firmware *fw, char * op, t_value w) fw 354 tools/chdk_dasm.c op = print_ascii_str(fw, op, w); fw 363 tools/chdk_dasm.c static char * ahex8(firmware *fw, char * op, t_value w) fw 371 tools/chdk_dasm.c return xhex8(fw, op, w); fw 376 tools/chdk_dasm.c static char * yhex8(firmware *fw, char * op, t_value w) fw 384 tools/chdk_dasm.c op = print_ascii_str(fw, op, w); fw 390 tools/chdk_dasm.c static char * sub_hex8(firmware *fw, char * op, t_value w) fw 398 tools/chdk_dasm.c if (w >= fw->base) fw 399 tools/chdk_dasm.c w = followBranch(fw,w,1); fw 400 tools/chdk_dasm.c osig *o = find_sig_val_by_type(fw->sv->stubs, w, TYPE_NHSTUB); fw 426 tools/chdk_dasm.c t_value v = fwval(fw,adr2idx(fw,w)); fw 459 tools/chdk_dasm.c static char * sub_ahex8(firmware *fw, char * op, t_value w) fw 467 tools/chdk_dasm.c w = fwval(fw,adr2idx(fw,w)); fw 468 tools/chdk_dasm.c return sub_hex8(fw, op, w); fw 567 tools/chdk_dasm.c extern pInstruction instr_disassemble(firmware *fw, t_value instr, t_address addr, pDisOptions opts) { fw 994 tools/chdk_dasm.c op = sub_hex8(fw, op, result.instr); fw 997 tools/chdk_dasm.c op = yhex8(fw, op, result.instr); fw 1037 tools/chdk_dasm.c op = sub_hex8(fw, op, target); fw 1086 tools/chdk_dasm.c op = yhex8(fw, op, n); fw 1101 tools/chdk_dasm.c op = xhex8(fw, op, a); fw 1236 tools/chdk_dasm.c op = sub_ahex8(fw, result.addrstart, result.target); fw 1238 tools/chdk_dasm.c op = ahex8(fw, result.addrstart, result.target); fw 1283 tools/chdk_dasm.c void disassemble1(firmware *fw, t_address start, t_value length) fw 1302 tools/chdk_dasm.c w = fwval(fw,adr2idx(fw,addr)); fw 1314 tools/chdk_dasm.c w = fwval(fw,adr2idx(fw,addr)); fw 1315 tools/chdk_dasm.c instr_disassemble(fw, w, addr, &options); fw 1328 tools/chdk_dasm.c void disassemble(firmware *fw, FILE *outfile, t_address start, t_value length) fw 1340 tools/chdk_dasm.c w = fwval(fw,adr2idx(fw,addr)); fw 1342 tools/chdk_dasm.c pInstruction instr = instr_disassemble(fw, w, addr, &options); fw 1430 tools/chdk_dasm.c t_address find_end(firmware *fw, t_address start) fw 1433 tools/chdk_dasm.c start = adr2idx(fw,start); fw 1435 tools/chdk_dasm.c if ((fwval(fw,start+1) & 0xFFFF4000) == 0xE92D4000) // STMFD SP!, {...,LR} fw 1440 tools/chdk_dasm.c if ((fwval(fw,start) & 0xFF000000) == 0xEA000000) // B fw 1442 tools/chdk_dasm.c return idx2adr(fw,start); fw 1444 tools/chdk_dasm.c if ((fwval(fw,start) & 0xFFFF8000) == 0xE8BD8000) // LDMFD SP!, {...,PC} fw 1446 tools/chdk_dasm.c return idx2adr(fw,start); fw 1448 tools/chdk_dasm.c if ((fwval(fw,start) & 0xFFFFFFF0) == 0xE12FFF10) // BX fw 1450 tools/chdk_dasm.c return idx2adr(fw,start); fw 1452 tools/chdk_dasm.c if ((fwval(fw,start) & 0xFFFFF000) == 0xE49DF000) // LDR PC,[SP,... fw 1454 tools/chdk_dasm.c return idx2adr(fw,start); fw 88 tools/chdk_dasm.h t_address find_end(firmware *fw, t_address start); fw 89 tools/chdk_dasm.h void disassemble1(firmware *fw, t_address start, t_value length); fw 90 tools/chdk_dasm.h void disassemble(firmware *fw, FILE *outfile, t_address start, t_value length); fw 316 tools/code_gen.c firmware *fw; fw 616 tools/code_gen.c osig *sig = find_sig(fw->sv->stubs, largs[++n]); fw 889 tools/code_gen.c p->func_end = find_end(fw, p->func_start); fw 910 tools/code_gen.c disassemble1(fw, p->func_start, p->func_len); fw 944 tools/code_gen.c disassemble(fw, outfile, start_address, (end_address + 4 - start_address) / 4); fw 960 tools/code_gen.c disassemble(fw, outfile, addr, 1); fw 975 tools/code_gen.c disassemble(fw, outfile, addr, 1); fw 990 tools/code_gen.c disassemble(fw, outfile, addr, 1); fw 1168 tools/code_gen.c fw = malloc(sizeof(firmware)); fw 1169 tools/code_gen.c load_firmware(fw, av[3], av[1], (ac==5)?av[4]:0, OS_DRYOS); fw 1172 tools/code_gen.c fw->sv = new_stub_values(); fw 1173 tools/code_gen.c load_funcs(fw->sv, "funcs_by_name.csv"); fw 1174 tools/code_gen.c load_stubs(fw->sv, "stubs_entry.S", 0); fw 1175 tools/code_gen.c load_stubs(fw->sv, "stubs_entry_2.S", 0); // Load second so values override stubs_entry.S fw 165 tools/finsig_dryos.c void fwAddMatch(firmware *fw, uint32_t fadr, int s, int f, int sig) fw 167 tools/finsig_dryos.c if ((fadr >= fw->base_copied) && (fadr < (fw->base_copied + fw->size2*4))) fw 169 tools/finsig_dryos.c addMatch(fadr - fw->base_copied + fw->base2,s,f,sig); fw 602 tools/finsig_dryos.c int get_saved_sig(firmware *fw, const char *name) fw 616 tools/finsig_dryos.c find_matches(fw, name); fw 623 tools/finsig_dryos.c find_str_sig_matches(fw, name); fw 640 tools/finsig_dryos.c int search_saved_sig(firmware *fw, char *sig, int (*func)(firmware*, int, int), int v, int ofst, int len) fw 642 tools/finsig_dryos.c int k = get_saved_sig(fw, sig); fw 645 tools/finsig_dryos.c int idx = adr2idx(fw, func_names[k].val); fw 648 tools/finsig_dryos.c int rv = func(fw, k, v); fw 752 tools/finsig_dryos.c int match_apex2us(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 754 tools/finsig_dryos.c if (isLDR_PC(fw,k) && (LDR2val(fw,k) == v1) && ((fwRd(fw,k) == 1) || (fwRd(fw,k) == 2))) fw 756 tools/finsig_dryos.c k = find_inst_rev(fw, isSTMFD_LR, k, 200); fw 759 tools/finsig_dryos.c if (fwval(fw,k-2) == 0xE3700D09) // CMN R0, #0x240 fw 761 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw,k); fw 762 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,121); fw 768 tools/finsig_dryos.c int match_apex2us2(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) // r52+? fw 770 tools/finsig_dryos.c if (isLDR_PC(fw,k) && (LDR2val(fw,k) == v1) && ((fwRd(fw,k) == 1) || (fwRd(fw,k) == 2))) fw 772 tools/finsig_dryos.c k = find_inst_rev(fw, isSTMFD_LR, k, 200); fw 775 tools/finsig_dryos.c if (fwval(fw,k+1) != 0xe3700d0f) // CMN R0, #0x3c0 fw 777 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw,k); fw 778 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,121); fw 784 tools/finsig_dryos.c int find_apex2us(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 790 tools/finsig_dryos.c if (fwval(fw,j+i) != apex2us_test[i]) fw 798 tools/finsig_dryos.c return search_fw(fw, match_apex2us, idx2adr(fw,j), 0, 1); fw 803 tools/finsig_dryos.c if (fwval(fw,j+i) != apex2us_test2[i]) fw 808 tools/finsig_dryos.c return search_fw(fw, match_apex2us2, idx2adr(fw,j), 0, 1); fw 812 tools/finsig_dryos.c int find_mkdir(firmware *fw, __attribute__ ((unused))string_sig *sig, int k) fw 814 tools/finsig_dryos.c if (fwval(fw,k) == 0x12CEA600) fw 817 tools/finsig_dryos.c if (fw->dryos_ver > 58) fw 825 tools/finsig_dryos.c k = find_inst_rev(fw, isSTMFD_LR, kk, 200); fw 828 tools/finsig_dryos.c if ((((fwval(fw,k+12) & 0xFFF0FFFF) == 0xE350002F) && ((fwval(fw,k+15) & 0xFFF0FFFF) == 0xE3500021) && ((fwval(fw,k+19) & 0xFFF0FFFF) == 0xE3500020)) || fw 829 tools/finsig_dryos.c (((fwval(fw,k+11) & 0xFFF0FFFF) == 0xE350002F) && ((fwval(fw,k+14) & 0xFFF0FFFF) == 0xE3500021) && ((fwval(fw,k+18) & 0xFFF0FFFF) == 0xE3500020))) fw 832 tools/finsig_dryos.c if (isBL(fw,k+47)) fw 834 tools/finsig_dryos.c fadr = followBranch(fw, idx2adr(fw,k+47), 0x01000001); fw 836 tools/finsig_dryos.c else if (isBL(fw,k+48)) fw 838 tools/finsig_dryos.c fadr = followBranch(fw, idx2adr(fw,k+48), 0x01000001); fw 842 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,121); fw 852 tools/finsig_dryos.c int find_pow(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 855 tools/finsig_dryos.c if ((fwval(fw,j) == 0x00000000) && (fwval(fw,j+1) == 0x40000000) && (fwval(fw,j+2) == 0x00000000) && (fwval(fw,j+3) == 0x408F4000)) fw 857 tools/finsig_dryos.c uint32_t adr1 = idx2adr(fw,j); // address of 1st value fw 858 tools/finsig_dryos.c uint32_t adr2 = idx2adr(fw,j+2); // address of 2nd value fw 863 tools/finsig_dryos.c if (isADR_PC_cond(fw,j1) && // ADR ? fw 864 tools/finsig_dryos.c (fwval(fw,j1+1) == 0xE8900003) && // LDMIA R0,{R0,R1} fw 865 tools/finsig_dryos.c isBL(fw,j1+2) && // BL fw 866 tools/finsig_dryos.c isADR_PC_cond(fw,j1+4)) // ADR ? fw 868 tools/finsig_dryos.c if ((ADR2adr(fw,j1) == adr1) && (ADR2adr(fw,j1+4) == adr2)) fw 870 tools/finsig_dryos.c uint32_t fadr = followBranch(fw,idx2adr(fw,j1+2),0x01000001); fw 871 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,121); fw 876 tools/finsig_dryos.c if (isADR_PC_cond(fw,j1) && // ADR ? fw 877 tools/finsig_dryos.c (fwval(fw,j1+2) == 0xE8900003) && // LDMIA R0,{R0,R1} fw 878 tools/finsig_dryos.c isBL(fw,j1+3) && // BL fw 879 tools/finsig_dryos.c isADR_PC_cond(fw,j1+4)) // ADR ? fw 881 tools/finsig_dryos.c if ((ADR2adr(fw,j1) == adr1) && (ADR2adr(fw,j1+4) == adr2)) fw 883 tools/finsig_dryos.c uint32_t fadr = followBranch(fw,idx2adr(fw,j1+3),0x01000001); fw 884 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,121); fw 895 tools/finsig_dryos.c int find_rand(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 897 tools/finsig_dryos.c if (fwval(fw,j) == 0x41C64E6D) fw 903 tools/finsig_dryos.c if (isLDR_PC_cond(fw,j1) && // LDR Rx, =0x41C64E6D fw 904 tools/finsig_dryos.c (LDR2val(fw,j1) == 0x41C64E6D)) // LDMIA R0,{R0,R1} fw 906 tools/finsig_dryos.c int k = find_inst_rev(fw, isBX_LR,j1-1,15); fw 909 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw, k+1); fw 910 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,121); fw 920 tools/finsig_dryos.c int get_ptp_file_buf_id(firmware *fw) { fw 922 tools/finsig_dryos.c if(fw->dryos_ver >= 43 && fw->dryos_ver <= 52) { fw 930 tools/finsig_dryos.c int find_get_ptp_file_buf(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 940 tools/finsig_dryos.c if(!(isMOV_immed(fw,j) fw 941 tools/finsig_dryos.c && (fwRn(fw,j) == 0) fw 942 tools/finsig_dryos.c && isBL(fw,j+1) fw 943 tools/finsig_dryos.c && ((fwval(fw,j+2) & 0xFFF00000) == 0xe3C00000) // BIC fw 944 tools/finsig_dryos.c && (ALUop2(fw,j+2) == 1) fw 945 tools/finsig_dryos.c && isMOV_immed(fw,j+3) fw 946 tools/finsig_dryos.c && (fwRn(fw,j+3) == 0) fw 947 tools/finsig_dryos.c && isBL(fw,j+4))) { fw 950 tools/finsig_dryos.c uint32_t file_buf_id = get_ptp_file_buf_id(fw); fw 951 tools/finsig_dryos.c if(ALUop2(fw,j) != file_buf_id || ALUop2(fw,j+3) != file_buf_id) { fw 954 tools/finsig_dryos.c uint32_t f1 = followBranch(fw,idx2adr(fw,j+1),0x01000001); fw 955 tools/finsig_dryos.c int i = get_saved_sig(fw,"get_ptp_buf_size"); fw 967 tools/finsig_dryos.c int k = find_inst_rev(fw, isSTMFD_LR, j-1, 8); fw 973 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw, k); fw 974 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,121); fw 981 tools/finsig_dryos.c int find_closedir(firmware *fw) fw 983 tools/finsig_dryos.c int j = get_saved_sig(fw,"OpenFastDir"); fw 986 tools/finsig_dryos.c int k = find_inst(fw, isSTMFD_LR, adr2idx(fw,func_names[j].val)+1, 100); fw 987 tools/finsig_dryos.c if (isB(fw,k-1) && isBL(fw,k-2)) fw 989 tools/finsig_dryos.c uint32_t fadr = followBranch(fw, idx2adr(fw, k-2), 0x01000001); fw 990 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,121); fw 998 tools/finsig_dryos.c int find_GetTimeFromRTC_and_more(firmware *fw, int i) fw 1000 tools/finsig_dryos.c int j = fw->main_offs; fw 1002 tools/finsig_dryos.c while (j < fw->size) fw 1004 tools/finsig_dryos.c if (isLDR(fw, j) && LDR2val(fw, j) == 0x7FE8177F) fw 1008 tools/finsig_dryos.c k = find_inst(fw, isBL, j+1, 6); fw 1011 tools/finsig_dryos.c k = adr2idx(fw, followBranch(fw, idx2adr(fw, k), 0x01000001)); fw 1012 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw, k); fw 1013 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); // SetValidSystemCalender fw 1017 tools/finsig_dryos.c k = find_Nth_inst(fw, isBL, j+1, 6, 2); fw 1024 tools/finsig_dryos.c k = adr2idx(fw, followBranch(fw, idx2adr(fw, k), 0x01000001)); fw 1025 tools/finsig_dryos.c j = find_inst(fw, isBLEQ, k+1, 30); fw 1030 tools/finsig_dryos.c j = adr2idx(fw, followBranch(fw, idx2adr(fw, j), 0xe1000001)); fw 1031 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw, j); fw 1032 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); // GetTimeFromRTC fw 1035 tools/finsig_dryos.c k = find_Nth_inst_rev(fw, isBL, j-1, 14, 2); fw 1036 tools/finsig_dryos.c j = adr2idx(fw, followBranch(fw, idx2adr(fw, k), 0x01000001)); fw 1037 tools/finsig_dryos.c if (!isSTMFD_LR(fw,j)) fw 1039 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw, j); fw 1040 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); // GetValidSystemCalender fw 1045 tools/finsig_dryos.c k = find_Nth_inst(fw, isBL, k+1, 20, 2); fw 1050 tools/finsig_dryos.c j = adr2idx(fw, followBranch2(fw, idx2adr(fw, k), 0x01000001)); // followBranch2 to support s110 fw 1051 tools/finsig_dryos.c if (isSTMFD_LR(fw,j)) fw 1053 tools/finsig_dryos.c k = find_inst(fw, isBL, k+1, 8); fw 1058 tools/finsig_dryos.c j = adr2idx(fw, followBranch(fw, idx2adr(fw, k), 0x01000001)); fw 1060 tools/finsig_dryos.c if (isSTMFD_LR(fw,j)) fw 1066 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw, j); fw 1067 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); fw 1070 tools/finsig_dryos.c k = find_inst(fw, isBL, k+1, 8); fw 1075 tools/finsig_dryos.c j = adr2idx(fw, followBranch(fw, idx2adr(fw, k), 0x01000001)); fw 1076 tools/finsig_dryos.c if (i == 0 && isSTMFD_LR(fw,j)) // GetTimeFromRTC fw 1078 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw, j); fw 1079 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); fw 1087 tools/finsig_dryos.c int find_arm_cache_funcs(firmware *fw, int ii) fw 1097 tools/finsig_dryos.c j = get_saved_sig(fw,"cache_flush_range"); fw 1101 tools/finsig_dryos.c cfr = adr2idx(fw,func_names[j].val); fw 1105 tools/finsig_dryos.c if (fwval(fw,i) == 0xe3500000) // cmp r0, #0 fw 1122 tools/finsig_dryos.c if (fwval(fw,i) == 0xe3500000) // cmp r0, #0 fw 1141 tools/finsig_dryos.c j = get_saved_sig(fw,"cache_clean_range"); fw 1145 tools/finsig_dryos.c ccr = adr2idx(fw,func_names[j].val); fw 1149 tools/finsig_dryos.c if (fwval(fw,i) == 0xe3500000) // cmp r0, #0 fw 1185 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw, i); fw 1186 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); fw 1193 tools/finsig_dryos.c int find_arm_cache_funcs2(firmware *fw, int ii) fw 1201 tools/finsig_dryos.c j = get_saved_sig(fw,"dcache_flush_range"); fw 1204 tools/finsig_dryos.c dfr = adr2idx(fw,func_names[j].val); fw 1208 tools/finsig_dryos.c if (fwval(fw,i) == 0xe10f3000) // mrs r3, cpsr fw 1233 tools/finsig_dryos.c if (fwval(fw,i) == 0xe3510a02) // cmp r1, #0x2000 fw 1266 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw, i); fw 1267 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); fw 1274 tools/finsig_dryos.c int find_IsWirelessConnect(firmware *fw, __attribute__ ((unused))int ii) fw 1280 tools/finsig_dryos.c if (fw->dryos_ver < 53) { fw 1281 tools/finsig_dryos.c int j = find_str_ref(fw,"WiFiDisconnect"); fw 1285 tools/finsig_dryos.c int k = find_Nth_inst_rev(fw, isBL, j-1, 5, 1); fw 1289 tools/finsig_dryos.c uint32_t fadr = followBranch(fw, idx2adr(fw, k), 0x01000001); fw 1290 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); fw 1293 tools/finsig_dryos.c int j = find_str_ref(fw,"USBDisconnect"); fw 1297 tools/finsig_dryos.c int k = find_Nth_inst_rev(fw, isBL, j-1, 5, 1); fw 1301 tools/finsig_dryos.c uint32_t fadr = followBranch(fw, idx2adr(fw, k), 0x01000001); fw 1302 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); fw 1309 tools/finsig_dryos.c int find_get_fstype(firmware *fw) fw 1311 tools/finsig_dryos.c int j = get_saved_sig(fw,"OpenFastDir"); fw 1314 tools/finsig_dryos.c int k = find_Nth_inst(fw, isBL, adr2idx(fw,func_names[j].val)+1, 6, 2); fw 1318 tools/finsig_dryos.c if ( (fwval(fw, k+1) & 0xffff0fff) != 0xe1b00000 ) // movs rx, r0 fw 1321 tools/finsig_dryos.c uint32_t cmpinst = ((fwval(fw, k+1) & 0x0000f000)<<4) + 0xe3500004; // cmp rx, #4 fw 1326 tools/finsig_dryos.c if ( fwval(fw, k+1+l) == cmpinst ) fw 1332 tools/finsig_dryos.c uint32_t fadr = followBranch(fw, idx2adr(fw, k), 0x01000001); fw 1333 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); fw 1342 tools/finsig_dryos.c int find_Restart(firmware *fw) fw 1344 tools/finsig_dryos.c int j = get_saved_sig(fw,"reboot_fw_update"); fw 1347 tools/finsig_dryos.c int k = get_saved_sig(fw,"StopWDT_FW"); fw 1350 tools/finsig_dryos.c j = adr2idx(fw, func_names[j].val); fw 1354 tools/finsig_dryos.c if (isBL(fw,i) && isBL(fw,i+2)) fw 1357 tools/finsig_dryos.c uint32_t fadr = followBranch(fw, idx2adr(fw, i), 0x01000001); fw 1360 tools/finsig_dryos.c fadr = followBranch(fw, idx2adr(fw, i+2), 0x01000001); fw 1361 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); fw 1373 tools/finsig_dryos.c int find_add_ptp_handler(firmware *fw, __attribute__ ((unused))string_sig *sig, int k) fw 1379 tools/finsig_dryos.c while ((vals[i] != 0) && isLDR_PC(fw,k) && (fwRd(fw,k) == 0) && (LDR2val(fw,k) == vals[i])) fw 1381 tools/finsig_dryos.c k = find_inst(fw, isBL, k+1, 5); fw 1384 tools/finsig_dryos.c fadr = followBranch(fw, idx2adr(fw,k), 0x01000001); fw 1385 tools/finsig_dryos.c k = find_inst(fw, isLDR_PC, k+1, 5); fw 1392 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,121); fw 1400 tools/finsig_dryos.c int find_PT_PlaySound(firmware *fw) fw 1403 tools/finsig_dryos.c int k1 = get_saved_sig(fw,"LogCameraEvent"); fw 1407 tools/finsig_dryos.c j = find_str_ref(fw,"BufAccBeep"); fw 1410 tools/finsig_dryos.c k = find_inst(fw, isBL, j+1, 4); fw 1413 tools/finsig_dryos.c uint32_t fadr = followBranch(fw, idx2adr(fw,k), 0x01000001); fw 1416 tools/finsig_dryos.c k = find_inst(fw, isB, k+1, 10); fw 1417 tools/finsig_dryos.c fadr = followBranch(fw, idx2adr(fw, k), 1); fw 1418 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); fw 1429 tools/finsig_dryos.c int find_getImageDirName(firmware *fw) fw 1431 tools/finsig_dryos.c int k = find_str_ref(fw,"%3d_%02d%02d"); fw 1434 tools/finsig_dryos.c k = find_inst_rev(fw, isLDMFD_PC, k-1, 16); fw 1437 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw,k+1); fw 1438 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); fw 1444 tools/finsig_dryos.c k = find_str_ref(fw,"___%02d"); fw 1447 tools/finsig_dryos.c k = find_inst_rev(fw, isLDMFD_PC, k-1, 18); fw 1450 tools/finsig_dryos.c if (isMOV(fw,k+1) && isMOV(fw,k+2)) // sanity check fw 1452 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw,k+1); fw 1453 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,122); fw 1465 tools/finsig_dryos.c int match_GetImageFolder(firmware *fw, int k, uint32_t a_getImageDirName, uint32_t a_TakeSemaphore) fw 1469 tools/finsig_dryos.c if (isBL(fw,k)) fw 1471 tools/finsig_dryos.c uint32_t fadr = followBranch2(fw,idx2adr(fw,k),0x01000001); fw 1474 tools/finsig_dryos.c int s = find_inst_rev(fw, isSTMFD_LR, k-1, 80); fw 1475 tools/finsig_dryos.c int e = find_inst(fw, isLDMFD_PC, k+1, 80); fw 1481 tools/finsig_dryos.c if (isBL(fw,k1)) fw 1483 tools/finsig_dryos.c fadr = followBranch2(fw,idx2adr(fw,k1),0x01000001); fw 1495 tools/finsig_dryos.c if ((isLDR_PC(fw,k1) || isADR_PC(fw,k1)) && (idx2adr(fw,k1) == strGIF)) fw 1504 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,s),32,0,122); fw 1512 tools/finsig_dryos.c int find_GetImageFolder(firmware *fw) fw 1514 tools/finsig_dryos.c int j = find_str_ref(fw,"GetCameraObjectTmpPath ERROR[ID:%lx] [TRY:%lx]\n"); fw 1516 tools/finsig_dryos.c j = find_str_ref(fw,"_GetCameraObjectTmpPath ERROR[ID:%lx] [TRY:%lx]\n"); fw 1519 tools/finsig_dryos.c strGIF = idx2adr(fw,j); fw 1520 tools/finsig_dryos.c int j = get_saved_sig(fw,"TakeSemaphore"); fw 1521 tools/finsig_dryos.c int k = get_saved_sig(fw,"getImageDirName"); fw 1524 tools/finsig_dryos.c return search_fw(fw, match_GetImageFolder, func_names[k].val, func_names[j].val, 1); fw 1532 tools/finsig_dryos.c int match_GetDrive_ClusterSize(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 1534 tools/finsig_dryos.c if (isBL_cond(fw,k)) fw 1536 tools/finsig_dryos.c uint32_t fadr = followBranch2(fw,idx2adr(fw,k),0xF1000001); fw 1540 tools/finsig_dryos.c if (isLDR_cond(fw,k-1) && idx_valid(fw,adr2idx(fw,LDR2val(fw,k-1))) && (strcmp(adr2ptr(fw,LDR2val(fw,k-1)),"Mounter.c") == 0)) fw 1544 tools/finsig_dryos.c else if (isLDR_cond(fw,k-2) && idx_valid(fw,adr2idx(fw,LDR2val(fw,k-2))) && (strcmp(adr2ptr(fw,LDR2val(fw,k-2)),"Mounter.c") == 0)) fw 1548 tools/finsig_dryos.c else if (isLDR_cond(fw,k-3) && idx_valid(fw,adr2idx(fw,LDR2val(fw,k-3))) && (strcmp(adr2ptr(fw,LDR2val(fw,k-3)),"Mounter.c") == 0)) fw 1552 tools/finsig_dryos.c else if (isADR_PC_cond(fw,k-1) && (strcmp(adr2ptr(fw,ADR2adr(fw,k-1)),"Mounter.c") == 0)) fw 1556 tools/finsig_dryos.c else if (isADR_PC_cond(fw,k-2) && (strcmp(adr2ptr(fw,ADR2adr(fw,k-2)),"Mounter.c") == 0)) fw 1561 tools/finsig_dryos.c isLDR_PC(fw,k+1) && fw 1562 tools/finsig_dryos.c ((fwval(fw,k+2) & 0xFFF00FF0) == 0xE0800200) && ((fwval(fw,k+3) & 0xFFF00FF0) == 0xE0800100) && fw 1563 tools/finsig_dryos.c (fwval(fw,k+4) == 0xE5901004) && (fwval(fw,k+5) == 0xE5900008) && (fwval(fw,k+6) == 0xE0000091) && fw 1564 tools/finsig_dryos.c isLDMFD_PC(fw,k+7)) fw 1566 tools/finsig_dryos.c k = find_inst_rev(fw,isSTMFD_LR,k-1,8); fw 1569 tools/finsig_dryos.c if (fwval(fw,k-1) == 0xE3500001) // CMP R0, #1 fw 1571 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,k),32,0,122); fw 1580 tools/finsig_dryos.c int find_GetDrive_ClusterSize(firmware *fw) fw 1582 tools/finsig_dryos.c int k = get_saved_sig(fw,"DebugAssert"); fw 1585 tools/finsig_dryos.c return search_fw(fw, match_GetDrive_ClusterSize, func_names[k].val, 0, 16); fw 1591 tools/finsig_dryos.c int find_GetDrive_TotalClusters(firmware *fw) fw 1593 tools/finsig_dryos.c extern uint32_t find_str_bytes(firmware *fw, char *str); fw 1595 tools/finsig_dryos.c if (fw->dryos_ver < 52) fw 1597 tools/finsig_dryos.c uint32_t j = find_str_bytes(fw,"DriveLetterManager.c"); fw 1600 tools/finsig_dryos.c int k = adr2idx(fw,j); fw 1601 tools/finsig_dryos.c k = find_inst_rev(fw,isLDMFD_PC,k-1,2); fw 1602 tools/finsig_dryos.c if ((k > 0) && ( (fwval(fw,k-1)&0xfffff0f0)==0xe0810090 )) // umull r0, r1, rx, ry fw 1604 tools/finsig_dryos.c if (isBL(fw,k-2)) fw 1606 tools/finsig_dryos.c k = idxFollowBranch(fw,k-2,0x01000001); fw 1607 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,k),32,0,122); fw 1617 tools/finsig_dryos.c int find_srand(firmware *fw) fw 1619 tools/finsig_dryos.c int k = get_saved_sig(fw,"rand"); fw 1622 tools/finsig_dryos.c k = adr2idx(fw, func_names[k].val) - 3; fw 1623 tools/finsig_dryos.c if (isLDR_PC(fw,k) && isSTR(fw,k+1) && isBX_LR(fw,k+2)) fw 1624 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,k),32,0,122); fw 1630 tools/finsig_dryos.c int find_malloc_strictly(firmware *fw) fw 1633 tools/finsig_dryos.c int s1 = find_str(fw,"Size: %ld"); fw 1634 tools/finsig_dryos.c int s2 = find_str(fw,"Memory.c"); fw 1635 tools/finsig_dryos.c int f1 = get_saved_sig(fw,"malloc"); fw 1639 tools/finsig_dryos.c s1 = find_Nth_str(fw,"Size: %ld",2); // this string has multiple instances, try the next one fw 1640 tools/finsig_dryos.c f1 = adr2idx(fw, func_names[f1].val); fw 1642 tools/finsig_dryos.c int r1 = find_nxt_str_ref(fw, s1, 0); fw 1643 tools/finsig_dryos.c int r2 = find_nxt_str_ref(fw, s2, 0); fw 1649 tools/finsig_dryos.c int m1 = find_inst_rev(fw,isBL,r1,6); fw 1652 tools/finsig_dryos.c int m2 = idxFollowBranch(fw,m1,0x01000001); fw 1655 tools/finsig_dryos.c m1 = find_inst_rev(fw,isSTMFD_LR,m1,3); fw 1658 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,m1),32,0,122); fw 1664 tools/finsig_dryos.c r1 = find_nxt_str_ref(fw, s1, r1+1); fw 1665 tools/finsig_dryos.c r2 = find_nxt_str_ref(fw, s2, r2+1); fw 1673 tools/finsig_dryos.c int find_DisplayBusyOnScreen(firmware *fw) fw 1676 tools/finsig_dryos.c int s1 = find_str(fw,"ErrorMessageController.c"); fw 1677 tools/finsig_dryos.c int s2 = find_str(fw,"StrMan.c"); fw 1679 tools/finsig_dryos.c s1 = find_str(fw,"MessageController.c"); fw 1680 tools/finsig_dryos.c int j = find_str_ref(fw,"_PBBusyScrn"); fw 1682 tools/finsig_dryos.c j = find_str_ref(fw,"_PlayBusyScreen"); fw 1686 tools/finsig_dryos.c int m1 = find_Nth_inst(fw,isBL,j+1,12,fw->dryos_ver<54?4:fw->dryos_ver==59?2:3); fw 1689 tools/finsig_dryos.c if (fw->dryos_ver == 58) fw 1692 tools/finsig_dryos.c m1 = find_inst(fw,isB,j+1,12); fw 1695 tools/finsig_dryos.c m2 = idxFollowBranch(fw,m1,0x00000001); fw 1696 tools/finsig_dryos.c k = find_nxt_str_ref(fw, s1, m2); fw 1703 tools/finsig_dryos.c else if (fw->dryos_ver == 57) fw 1709 tools/finsig_dryos.c if ((fwval(fw,m1+k) & 0xFE1FF000) == 0xE41F0000) // ldr r0, =func fw 1711 tools/finsig_dryos.c uint32_t u1 = LDR2val(fw, m1+k); fw 1712 tools/finsig_dryos.c if ( u1 > fw->base ) fw 1714 tools/finsig_dryos.c if (isSTMFD_LR(fw, adr2idx(fw, u1))) fw 1717 tools/finsig_dryos.c m2 = adr2idx(fw, u1); fw 1718 tools/finsig_dryos.c k = find_nxt_str_ref(fw, s1, m2); fw 1731 tools/finsig_dryos.c m2 = idxFollowBranch(fw,m1,0x01000001); fw 1732 tools/finsig_dryos.c k = find_nxt_str_ref(fw, s1, m2); fw 1736 tools/finsig_dryos.c m1 = find_inst(fw,isBL,m1+1,4); fw 1737 tools/finsig_dryos.c m2 = idxFollowBranch(fw,m1,0x01000001); fw 1738 tools/finsig_dryos.c k = find_nxt_str_ref(fw, s1, m2); fw 1746 tools/finsig_dryos.c idx_createdialogbox = find_inst_rev(fw, isBL, k-1, 4); fw 1748 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,m2),32,0,122); fw 1750 tools/finsig_dryos.c idx_adduitodialog = find_inst(fw, isBL, k+1, 7); fw 1755 tools/finsig_dryos.c if (isBL(fw,m3)&&isBL(fw,m3+2)&& fw 1756 tools/finsig_dryos.c (((fwval(fw,m3+1)&0xfffff000)==0xe3a00000)||((fwval(fw,m3+1)&0xff7ff000)==0xe51f0000))) fw 1760 tools/finsig_dryos.c int m4 = idxFollowBranch(fw,m30,0x01000001); fw 1764 tools/finsig_dryos.c int m5 = find_inst(fw, isLDMFD_PC, m4+1, 64); fw 1765 tools/finsig_dryos.c int m6 = find_nxt_str_ref(fw, s2, m4); fw 1772 tools/finsig_dryos.c m5 = find_inst(fw, isADR_PC, m4+1, 10); fw 1775 tools/finsig_dryos.c uint32_t u1 = ADR2adr(fw, m5); fw 1776 tools/finsig_dryos.c if (fwval(fw, adr2idx(fw, u1)) == 0x00000020) fw 1785 tools/finsig_dryos.c if (fw->dryos_ver < 54) fw 1787 tools/finsig_dryos.c m3 = find_inst(fw, isLDMFD_PC, k+30, 64); fw 1790 tools/finsig_dryos.c m3 = find_Nth_inst_rev(fw, isBL, m3-1, 8, 2); fw 1799 tools/finsig_dryos.c m3 = find_inst(fw, isLDMFD, k+30, 20); fw 1802 tools/finsig_dryos.c m3 = find_inst_rev(fw, isBL, m3-1, 4); fw 1816 tools/finsig_dryos.c int find_UndisplayBusyOnScreen(firmware *fw) fw 1818 tools/finsig_dryos.c if (get_saved_sig(fw,"DisplayBusyOnScreen") < 0) return 0; fw 1820 tools/finsig_dryos.c if (fw->dryos_ver > 57) fw 1822 tools/finsig_dryos.c j = find_str_ref(fw,"_PBBusyScrnToCtrlSrvTask"); fw 1826 tools/finsig_dryos.c j = find_str_ref(fw,"_PBBusyScrn"); fw 1829 tools/finsig_dryos.c j = find_str_ref(fw,"_PlayBusyScreen"); fw 1831 tools/finsig_dryos.c if (fw->dryos_ver < 57) fw 1838 tools/finsig_dryos.c int n = find_Nth_inst(fw, isSTMFD_LR, idx_createdialogbox + 30, 140, m+1); fw 1841 tools/finsig_dryos.c uint32_t a1 = idx2adr(fw,n); fw 1847 tools/finsig_dryos.c if (isBL_cond(fw,k)&&(idx2adr(fw,idxFollowBranch(fw,k,0xe1000001))==a1)) // BLEQ fw 1849 tools/finsig_dryos.c fwAddMatch(fw,a1,32,0,122); fw 1860 tools/finsig_dryos.c int m1 = find_Nth_inst(fw,isBLEQ,j+1,20,1); fw 1867 tools/finsig_dryos.c if ((fwval(fw,m1+k) & 0xFE1FF000) == 0x041F0000) // ldreq r0, =func fw 1869 tools/finsig_dryos.c uint32_t u1 = LDR2val(fw, m1+k); fw 1870 tools/finsig_dryos.c if ( u1 > fw->base ) fw 1872 tools/finsig_dryos.c if (isSTMFD_LR(fw, adr2idx(fw, u1))) fw 1874 tools/finsig_dryos.c fwAddMatch(fw,u1,32,0,122); fw 1885 tools/finsig_dryos.c int find_CreateDialogBox(firmware *fw) fw 1887 tools/finsig_dryos.c if (get_saved_sig(fw,"DisplayBusyOnScreen") < 0) return 0; fw 1890 tools/finsig_dryos.c int n = idxFollowBranch(fw,idx_createdialogbox,0x01000001); fw 1893 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,n),32,0,122); fw 1899 tools/finsig_dryos.c int find_DisplayDialogBox(firmware *fw) fw 1901 tools/finsig_dryos.c if (get_saved_sig(fw,"DisplayBusyOnScreen") < 0) return 0; fw 1904 tools/finsig_dryos.c int n = idxFollowBranch(fw,idx_displaydialogbox,0x01000001); fw 1907 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,n),32,0,122); fw 1913 tools/finsig_dryos.c int find_add_ui_to_dialog(firmware *fw) fw 1915 tools/finsig_dryos.c if (get_saved_sig(fw,"DisplayBusyOnScreen") < 0) return 0; fw 1918 tools/finsig_dryos.c int n = idxFollowBranch(fw,idx_adduitodialog,0x01000001); fw 1921 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,n),32,0,122); fw 1927 tools/finsig_dryos.c int find_get_string_by_id(firmware *fw) fw 1929 tools/finsig_dryos.c if (get_saved_sig(fw,"DisplayBusyOnScreen") < 0) return 0; fw 1932 tools/finsig_dryos.c int n = idxFollowBranch(fw,idx_getstring,0x01000001); fw 1935 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,n),32,0,122); fw 1942 tools/finsig_dryos.c int find_get_self_task_errno_pointer(firmware *fw) fw 1944 tools/finsig_dryos.c int f1 = get_saved_sig(fw,"malloc"); fw 1945 tools/finsig_dryos.c int f2 = get_saved_sig(fw,"close"); fw 1948 tools/finsig_dryos.c f1 = adr2idx(fw, func_names[f1].val); fw 1949 tools/finsig_dryos.c f1 = find_inst(fw, isLDMFD_PC, f1, 24); fw 1952 tools/finsig_dryos.c f1 = find_inst_rev(fw, isBL, f1, 6); fw 1955 tools/finsig_dryos.c if (fwval(fw,f1+2) == 0xe5801000) // str r1, [r0] fw 1957 tools/finsig_dryos.c f1 = idxFollowBranch(fw,f1,0x01000001); fw 1958 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,f1),32,0,122); fw 1964 tools/finsig_dryos.c f1 = adr2idx(fw, func_names[f2].val); fw 1965 tools/finsig_dryos.c f1 = find_Nth_inst(fw, isBL, f1, 8, 2); // second BL fw 1968 tools/finsig_dryos.c if (fwval(fw,f1+2) == 0xe5801000) // str r1, [r0] fw 1970 tools/finsig_dryos.c f1 = idxFollowBranch(fw,f1,0x01000001); fw 1971 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,f1),32,0,122); fw 1978 tools/finsig_dryos.c int find_get_nd_value(firmware *fw) fw 1981 tools/finsig_dryos.c int f1 = get_saved_sig(fw,"PutInNdFilter_FW"); fw 1982 tools/finsig_dryos.c int f2 = get_saved_sig(fw,"ClearEventFlag"); fw 1988 tools/finsig_dryos.c f1 = adr2idx(fw, func_names[f1].val); fw 1989 tools/finsig_dryos.c f2 = adr2idx(fw, func_names[f2].val); fw 1990 tools/finsig_dryos.c int k1 = find_Nth_inst(fw,isBL,f1,10,2); fw 1991 tools/finsig_dryos.c int k2 = find_inst(fw,isBL,f1,6); fw 1996 tools/finsig_dryos.c if ( followBranch2(fw,idx2adr(fw,k2),0x01000001) != idx2adr(fw,f2) ) // ClearEventFlag? fw 1998 tools/finsig_dryos.c k1 = idxFollowBranch(fw,k1,0x01000001); // PutInNdFilter_low fw 1999 tools/finsig_dryos.c k2 = find_inst(fw,isBL,k1,6); fw 2007 tools/finsig_dryos.c uint32_t v1 = fwval(fw, k3); fw 2013 tools/finsig_dryos.c k2 = idxFollowBranch(fw,k2,0x01000001); fw 2014 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,k2),32,0,122); fw 2022 tools/finsig_dryos.c int find_get_current_nd_value_iris(firmware *fw) fw 2025 tools/finsig_dryos.c if(get_saved_sig(fw,"task_Nd") < 0 || get_saved_sig(fw,"task_IrisEvent") < 0) { fw 2028 tools/finsig_dryos.c int f1 = get_saved_sig(fw,"get_current_exp"); fw 2032 tools/finsig_dryos.c f1 = adr2idx(fw, func_names[f1].val); fw 2040 tools/finsig_dryos.c if(isBL_cond(fw,f1+i)) { fw 2042 tools/finsig_dryos.c } else if(isBL(fw,f1+i)) { fw 2047 tools/finsig_dryos.c if(!isBL(fw,f1+i)) { fw 2052 tools/finsig_dryos.c int f2 = idxFollowBranch(fw,f1+i,0x01000001); fw 2054 tools/finsig_dryos.c if(isMOV(fw,f2) && (fwRd(fw,f2) == 0) && (fwOp2(fw,f2) == 0)) // MOV R0, 0 fw 2057 tools/finsig_dryos.c if(isB(fw,f2)) { fw 2058 tools/finsig_dryos.c f2 = idxFollowBranch(fw,f2,0x00000001); fw 2060 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,f2),32,0,122); fw 2067 tools/finsig_dryos.c int find_get_current_nd_value(firmware *fw) fw 2071 tools/finsig_dryos.c if(find_str(fw, "IrisSpecification.c") < 0) { fw 2072 tools/finsig_dryos.c return find_get_current_nd_value_iris(fw); fw 2075 tools/finsig_dryos.c int f1 = get_saved_sig(fw,"GetCurrentAvValue"); fw 2079 tools/finsig_dryos.c f1 = adr2idx(fw, func_names[f1].val); fw 2084 tools/finsig_dryos.c int sadr = find_str(fw, "IrisController.c"); fw 2085 tools/finsig_dryos.c int j = find_nxt_str_ref(fw, sadr, f1); fw 2089 tools/finsig_dryos.c if(isBL_cond(fw,j+1) && isBL(fw,j+2)) { fw 2090 tools/finsig_dryos.c f1 = idxFollowBranch(fw,j+2,0x01000001); fw 2092 tools/finsig_dryos.c if(isB(fw,f1)) { fw 2093 tools/finsig_dryos.c f1 = idxFollowBranch(fw,f1,0x00000001); fw 2095 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,f1),32,0,122); fw 2103 tools/finsig_dryos.c int find_get_current_deltasv(firmware *fw) fw 2105 tools/finsig_dryos.c int f1 = get_saved_sig(fw,"get_current_exp"); fw 2109 tools/finsig_dryos.c f1 = adr2idx(fw, func_names[f1].val); fw 2117 tools/finsig_dryos.c if(isBL_cond(fw,f1+i)) { fw 2119 tools/finsig_dryos.c } else if(isBL(fw,f1+i)) { fw 2124 tools/finsig_dryos.c if(!isBL(fw,f1+i)) { fw 2129 tools/finsig_dryos.c int f2 = idxFollowBranch(fw,f1+i,0x01000001); fw 2131 tools/finsig_dryos.c if(isB(fw,f2)) { fw 2132 tools/finsig_dryos.c f2 = idxFollowBranch(fw,f2,0x00000001); fw 2134 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,f2),32,0,122); fw 2142 tools/finsig_dryos.c int find_getcurrentmachinetime(firmware *fw) fw 2144 tools/finsig_dryos.c int f1 = get_saved_sig(fw,"SetHPTimerAfterTimeout"); fw 2147 tools/finsig_dryos.c f1 = adr2idx(fw, func_names[f1].val); fw 2148 tools/finsig_dryos.c f1 = find_inst(fw, isBL, f1, 16); fw 2151 tools/finsig_dryos.c f1 = idxFollowBranch(fw,f1,0x01000001); fw 2152 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,f1),32,0,122); fw 2159 tools/finsig_dryos.c int find_sethptimeraftertimeout(firmware *fw) fw 2161 tools/finsig_dryos.c int sadr = find_str(fw, "FrameRateGenerator.c"); fw 2162 tools/finsig_dryos.c int j = find_nxt_str_ref(fw, sadr, -1); fw 2168 tools/finsig_dryos.c f1 = find_inst_rev(fw, isBL, j-1, 7); fw 2169 tools/finsig_dryos.c f2 = find_Nth_inst_rev(fw, isBL, j-1, 128, 2); fw 2173 tools/finsig_dryos.c j = find_nxt_str_ref(fw, sadr, j+1); fw 2179 tools/finsig_dryos.c f1 = idxFollowBranch(fw,f1,0x01000001); fw 2180 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,f1),32,0,122); fw 2191 tools/finsig_dryos.c int find_DoMovieFrameCapture(firmware *fw) fw 2196 tools/finsig_dryos.c search_saved_sig(fw, "FreeUncacheableMemory", match_CAM_UNCACHED_BIT, 0, 0, 8); fw 2198 tools/finsig_dryos.c int j = get_saved_sig(fw,"SetImageMode"); fw 2201 tools/finsig_dryos.c j = adr2idx(fw, func_names[j].val); fw 2207 tools/finsig_dryos.c j = find_inst(fw, isBL, j+1, 20); fw 2210 tools/finsig_dryos.c int j1 = idxFollowBranch(fw,j,0x01000001); fw 2216 tools/finsig_dryos.c if ((fwval(fw,j2) & 0xFF000000) == 0x1A000000) // bne fw 2218 tools/finsig_dryos.c int j3 = idxFollowBranch(fw,j2,0xF1000001); fw 2221 tools/finsig_dryos.c if (isBL(fw,j3)) fw 2224 tools/finsig_dryos.c k = idxFollowBranch(fw,j3,0x01000001); fw 2225 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,k),32,0,122); fw 2236 tools/finsig_dryos.c if ((fwval(fw,j3+m) & 0xFE1F0000) == 0xE41F0000) // ldr rx, fw 2238 tools/finsig_dryos.c frsp_argcnt = fwRd(fw,j3+m) + 1; // this should be loaded in the right register directly fw 2239 tools/finsig_dryos.c frsp_buf = LDR2val(fw,j3+m); fw 2240 tools/finsig_dryos.c frsp_buf_at = idx2adr(fw,j3+m); fw 2241 tools/finsig_dryos.c if (!((frsp_buf > fw->uncached_adr) && fw 2242 tools/finsig_dryos.c (fw->uncached_adr+fw->maxram))) // has to be uncached ram fw 2245 tools/finsig_dryos.c if ((fwval(fw,j3+m) & 0xFFF00000) == 0xE3A00000) // mov rx, fw 2247 tools/finsig_dryos.c uint32_t u1 = ALUop2a(fw,j3+m); fw 2248 tools/finsig_dryos.c if (u1>fw->uncached_adr && u1<(fw->uncached_adr+fw->maxram)) fw 2251 tools/finsig_dryos.c frsp_buf_at = idx2adr(fw,j3+m); fw 2252 tools/finsig_dryos.c frsp_argcnt = fwRd(fw,j3+m) + 1; // this should be loaded in the right register directly fw 2259 tools/finsig_dryos.c if (isBL(fw,j3+m)) fw 2261 tools/finsig_dryos.c k = idxFollowBranch(fw,j3+m,0x01000001); fw 2262 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,k),32,0,122); fw 2283 tools/finsig_dryos.c if (isLDR_PC(fw,k1)) fw 2285 tools/finsig_dryos.c uint32_t v = LDR2val(fw,k1); fw 2286 tools/finsig_dryos.c if (v>fw->uncached_adr && v<fw->uncached_adr+fw->maxram && (v&3)==0) fw 2290 tools/finsig_dryos.c frsp_buf_at = idx2adr(fw,k1); fw 2302 tools/finsig_dryos.c int find_get_ptp_buf_size(firmware *fw) fw 2304 tools/finsig_dryos.c int j = get_saved_sig(fw,"handle_PTP_OC_SendObject"); // same handler as CANON_SendObjectByPath fw 2309 tools/finsig_dryos.c int k=adr2idx(fw,func_names[j].val); fw 2312 tools/finsig_dryos.c uint32_t file_buf_id=get_ptp_file_buf_id(fw); fw 2318 tools/finsig_dryos.c if(isMOV_immed(fw,k) && fwRn(fw,k) == 0 && ALUop2(fw,k) == file_buf_id && isBL(fw, k+1)) { fw 2319 tools/finsig_dryos.c adr = followBranch(fw,idx2adr(fw,k+1),0x01000001); fw 2331 tools/finsig_dryos.c if(isMOV_immed(fw,k) && fwRn(fw,k) == 0 && ALUop2(fw,k) == file_buf_id && isBL(fw, k+1)) { fw 2332 tools/finsig_dryos.c uint32_t adr2 = followBranch(fw,idx2adr(fw,k+1),0x01000001); fw 2336 tools/finsig_dryos.c fwAddMatch(fw,adr,32,0,122); fw 2345 tools/finsig_dryos.c int find_GetBaseSv(firmware *fw) fw 2347 tools/finsig_dryos.c int j = get_saved_sig(fw,"SetPropertyCase"); fw 2350 tools/finsig_dryos.c j = adr2idx(fw, func_names[j].val); fw 2352 tools/finsig_dryos.c int sadr = find_str(fw, "Sensitive.c"); fw 2353 tools/finsig_dryos.c if (sadr < fw->lowest_idx) fw 2355 tools/finsig_dryos.c int s1 = find_nxt_str_ref(fw, sadr, -1/*fw->lowest_idx*/); fw 2369 tools/finsig_dryos.c if ( isBL(fw, n) ) fw 2372 tools/finsig_dryos.c k = idxFollowBranch(fw,n,0x01000001); fw 2373 tools/finsig_dryos.c if ( idx2adr(fw, k) == idx2adr(fw, j) ) fw 2376 tools/finsig_dryos.c k = find_inst(fw, isBL, s1+2, 6); fw 2380 tools/finsig_dryos.c int l = idxFollowBranch(fw,k,0x01000001); fw 2381 tools/finsig_dryos.c if ( isB(fw, l) ) fw 2385 tools/finsig_dryos.c k = idxFollowBranch(fw,l,0x01000001); fw 2386 tools/finsig_dryos.c if ( isB(fw, k) ) fw 2388 tools/finsig_dryos.c int m = idxFollowBranch(fw,k,0x01000001); fw 2389 tools/finsig_dryos.c add_func_name("j_j_GetBaseSv", idx2adr(fw,l), ""); fw 2390 tools/finsig_dryos.c add_func_name("j_GetBaseSv", idx2adr(fw,k), ""); fw 2391 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,m),32,0,122); fw 2395 tools/finsig_dryos.c add_func_name("j_GetBaseSv", idx2adr(fw,l), ""); fw 2396 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,k),32,0,122); fw 2401 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,l),32,0,122); fw 2410 tools/finsig_dryos.c s1 = find_nxt_str_ref(fw, sadr, s1+1); fw 2416 tools/finsig_dryos.c int find_Remove(firmware *fw) fw 2418 tools/finsig_dryos.c int f1 = get_saved_sig(fw,"Close"); fw 2422 tools/finsig_dryos.c f1 = adr2idx(fw, func_names[f1].val); fw 2424 tools/finsig_dryos.c f2 = find_str_ref(fw,"File Write Fail."); fw 2429 tools/finsig_dryos.c if(!isBL(fw,f2+i)) { fw 2433 tools/finsig_dryos.c if(idxFollowBranch(fw,f2+i,0x01000001)==f1) { fw 2437 tools/finsig_dryos.c else if(idxFollowBranch(fw,idxFollowBranch(fw,f2+i,0x01000001),0x01000001)==f1) { fw 2442 tools/finsig_dryos.c f2 = idxFollowBranch(fw,f2+i,0x01000001); fw 2443 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,f2),32,0,122); fw 2450 tools/finsig_dryos.c int find_dispatch_funcs(firmware *fw, int param) fw 2454 tools/finsig_dryos.c f1= get_saved_sig(fw,"EnableDispatch_low"); fw 2457 tools/finsig_dryos.c f1= get_saved_sig(fw,"DisableDispatch_low"); fw 2465 tools/finsig_dryos.c f1 = adr2idx(fw, func_names[f1].val); fw 2467 tools/finsig_dryos.c r0 = find_str(fw,"Booting"); // for sx230 (extra task on a few models) fw 2469 tools/finsig_dryos.c r0 = find_str(fw,"Startup"); // locating taskcreate_Startup fw 2470 tools/finsig_dryos.c r1 = find_str(fw,"Startup.c"); fw 2472 tools/finsig_dryos.c r0 = find_Nth_str(fw,"Startup",2); fw 2475 tools/finsig_dryos.c r0 = find_nxt_str_ref(fw,r0,r0-1024); fw 2478 tools/finsig_dryos.c r0 = adr2idx(fw,idx2adr(fw,r0)); // needed on cams with code copied to RAM fw 2481 tools/finsig_dryos.c r0 = find_inst_rev(fw,isBL,r0-1,10); fw 2482 tools/finsig_dryos.c int b1 = idxFollowBranch(fw,r0,0x01000001); fw 2483 tools/finsig_dryos.c b1 = adr2idx(fw,idx2adr(fw,b1)); // needed on cams with code copied to RAM fw 2484 tools/finsig_dryos.c if (isLDR_PC(fw,b1)) { // for s110 fw 2485 tools/finsig_dryos.c b1 = idxFollowBranch(fw,b1,0x01000001); fw 2488 tools/finsig_dryos.c r1 = find_nxt_str_ref_alt(fw, "KerSys.c", b1, 24); fw 2489 tools/finsig_dryos.c int i1 = find_inst(fw,isLDMFD_PC,b1,24); fw 2491 tools/finsig_dryos.c int j1 = find_Nth_inst(fw,isBL,b1,24,1); fw 2493 tools/finsig_dryos.c if (idx2adr(fw,idxFollowBranch(fw,j1,0x01000001))==idx2adr(fw,f1)) { fw 2494 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,b1),32,0,122); fw 2503 tools/finsig_dryos.c int b2 = find_Nth_inst(fw,isBL,b1,12,c); fw 2507 tools/finsig_dryos.c b2 = idxFollowBranch(fw,b2,0x01000001); fw 2508 tools/finsig_dryos.c b2 = adr2idx(fw,idx2adr(fw,b2)); // needed on cams with code copied to RAM fw 2509 tools/finsig_dryos.c r1 = find_nxt_str_ref_alt(fw, "KerSys.c", b2, 24); fw 2510 tools/finsig_dryos.c int i1 = find_inst(fw,isLDMFD_PC,b2,24); fw 2512 tools/finsig_dryos.c int j1 = find_Nth_inst(fw,isBL,b2,24,1); fw 2514 tools/finsig_dryos.c if (idx2adr(fw,idxFollowBranch(fw,j1,0x01000001))==idx2adr(fw,f1)) { fw 2515 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,b2),32,0,122); fw 3123 tools/finsig_dryos.c int dryos_offset(firmware *fw, string_sig *sig) fw 3125 tools/finsig_dryos.c switch (fw->dryos_ver) fw 3152 tools/finsig_dryos.c int fw_string_process(firmware *fw, string_sig *sig, int (*check_match)(firmware *fw, string_sig *sig, int j), int inc_eos) fw 3160 tools/finsig_dryos.c for (br = fw->br; br != 0; br = br->next) fw 3166 tools/finsig_dryos.c if (check_match(fw,sig,j)) fw 3177 tools/finsig_dryos.c int fw_string_process_unaligned(firmware *fw, string_sig *sig, int (*check_match)(firmware *fw, string_sig *sig, int j)) fw 3184 tools/finsig_dryos.c for (br = fw->br; br != 0; br = br->next) fw 3190 tools/finsig_dryos.c if (check_match(fw,sig,j+br->off*4)) fw 3202 tools/finsig_dryos.c int fw_process(firmware *fw, string_sig *sig, int (*check_match)(firmware *fw, string_sig *sig, int j)) fw 3208 tools/finsig_dryos.c for (br = fw->br; br != 0; br = br->next) fw 3212 tools/finsig_dryos.c if (check_match(fw,sig,j)) fw 3229 tools/finsig_dryos.c int match_strsig1(firmware *fw, string_sig *sig, int j) fw 3231 tools/finsig_dryos.c uint32_t fadr = fwval(fw,j-1); // function address fw 3232 tools/finsig_dryos.c if (idx_valid(fw,adr2idx(fw,fadr))) // is function address valid fw 3235 tools/finsig_dryos.c if (sig->offset > 1) fadr = followBranch(fw, fadr, 1); fw 3237 tools/finsig_dryos.c fadr = followBranch2(fw, fadr, sig->offset); fw 3238 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,101); fw 3251 tools/finsig_dryos.c int match_strsig2a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 3253 tools/finsig_dryos.c if (fwval(fw,k) == sadr) // pointer to string? fw 3255 tools/finsig_dryos.c uint32_t fadr = fwval(fw,k+1); // function address fw 3256 tools/finsig_dryos.c if (idx_valid(fw,adr2idx(fw,fadr))) // is function address valid fw 3258 tools/finsig_dryos.c uint32_t bfadr = followBranch2(fw, fadr, offset); fw 3261 tools/finsig_dryos.c fwAddMatch(fw,bfadr,32,0,102); fw 3268 tools/finsig_dryos.c int match_strsig2(firmware *fw, string_sig *sig, int j) fw 3271 tools/finsig_dryos.c return search_fw(fw, match_strsig2a, fw->base + j, sig->offset, 2); fw 3292 tools/finsig_dryos.c int match_strsig3a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 3294 tools/finsig_dryos.c if (isADR_PC(fw,k+1) && // ADR ? fw 3295 tools/finsig_dryos.c isBorBL(fw,k+2)) // B or BL ? fw 3297 tools/finsig_dryos.c uint32_t padr = ADR2adr(fw,k+1); // get address pointed to by 2nd ADR instructioin fw 3302 tools/finsig_dryos.c if (isADR_PC(fw,k)) // ADR ? fw 3309 tools/finsig_dryos.c if (isADR_PC(fw,j2) && // ADR ? fw 3310 tools/finsig_dryos.c isB(fw,j2+1)) // B fw 3312 tools/finsig_dryos.c uint32_t fa = idx2adr(fw,j2+1); fw 3313 tools/finsig_dryos.c fa = followBranch(fw,fa,1); fw 3314 tools/finsig_dryos.c if (adr2idx(fw,fa) == k+1) fw 3324 tools/finsig_dryos.c uint32_t fadr = ADR2adr(fw,j2); fw 3325 tools/finsig_dryos.c if (offset > 1) fadr = followBranch(fw, fadr, 1); fw 3326 tools/finsig_dryos.c fadr = followBranch2(fw, fadr, offset); fw 3327 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,103); fw 3334 tools/finsig_dryos.c int match_strsig3(firmware *fw, string_sig *sig, int j) fw 3336 tools/finsig_dryos.c return search_fw(fw, match_strsig3a, idx2adr(fw,j), sig->offset, 3); fw 3345 tools/finsig_dryos.c int match_strsig4a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 3347 tools/finsig_dryos.c if (isSTMFD(fw,k) && // STMFD fw 3348 tools/finsig_dryos.c isADR_PC(fw,k+offset)) // ADR ? fw 3350 tools/finsig_dryos.c uint32_t padr = ADR2adr(fw,k+offset); fw 3353 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw,k); fw 3354 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,104); fw 3360 tools/finsig_dryos.c int match_strsig4(firmware *fw, string_sig *sig, int j) fw 3362 tools/finsig_dryos.c return search_fw(fw, match_strsig4a, idx2adr(fw,j), sig->offset, sig->offset+1); fw 3381 tools/finsig_dryos.c int match_strsig5a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 3383 tools/finsig_dryos.c if ((isADR_PC(fw,k+1) || isLDR_PC(fw,k+1)) && // LDR or ADR ? fw 3384 tools/finsig_dryos.c isBorBL(fw,k+2)) // B or BL ? fw 3387 tools/finsig_dryos.c if (isLDR_PC(fw,k+1)) // LDR ? fw 3388 tools/finsig_dryos.c padr = LDR2val(fw,k+1); fw 3390 tools/finsig_dryos.c padr = ADR2adr(fw,k+1); fw 3395 tools/finsig_dryos.c if (isLDR_PC(fw,k)) // LDR ? fw 3401 tools/finsig_dryos.c if (isLDR_PC(fw,j2) && // LDR ? fw 3402 tools/finsig_dryos.c isB(fw,j2+1)) // B fw 3404 tools/finsig_dryos.c if (idxFollowBranch(fw,j2+1,1) == k+1) fw 3414 tools/finsig_dryos.c uint32_t fadr = LDR2val(fw,j2); fw 3415 tools/finsig_dryos.c if (offset > 1) fadr = followBranch(fw, fadr, 1); fw 3416 tools/finsig_dryos.c fadr = followBranch2(fw, fadr, offset); fw 3419 tools/finsig_dryos.c uint32_t fadr2 = followBranch(fw, fadr, dryos_ofst); fw 3423 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,105); fw 3430 tools/finsig_dryos.c int match_strsig5(firmware *fw, string_sig *sig, int j) fw 3432 tools/finsig_dryos.c dryos_ofst = dryos_offset(fw,sig); fw 3433 tools/finsig_dryos.c return search_fw(fw, match_strsig5a, idx2adr(fw,j), sig->offset, 3); fw 3438 tools/finsig_dryos.c int match_strsig6(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 3440 tools/finsig_dryos.c int j1 = find_inst_rev(fw, isSTMFD_LR, j-1, j-1); fw 3443 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw,j1); fw 3444 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,106); fw 3457 tools/finsig_dryos.c int match_strsig7a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 3459 tools/finsig_dryos.c if (isADR_PC_cond(fw,k) || isLDR_PC_cond(fw,k)) // LDR or ADR ? fw 3462 tools/finsig_dryos.c if (isLDR_PC_cond(fw,k)) // LDR ? fw 3463 tools/finsig_dryos.c padr = LDR2val(fw,k); fw 3465 tools/finsig_dryos.c padr = ADR2adr(fw,k); fw 3468 tools/finsig_dryos.c int j2 = find_inst(fw, isBL, k+1, 10); fw 3471 tools/finsig_dryos.c uint32_t fa = idx2adr(fw,j2); fw 3472 tools/finsig_dryos.c fa = followBranch2(fw,fa,offset); fw 3473 tools/finsig_dryos.c fwAddMatch(fw,fa,32,0,107); fw 3480 tools/finsig_dryos.c int match_strsig7(firmware *fw, string_sig *sig, int j) fw 3482 tools/finsig_dryos.c return search_fw(fw, match_strsig7a, idx2adr(fw,j), sig->offset, 2); fw 3488 tools/finsig_dryos.c int match_strsig8(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 3494 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw,j1); fw 3495 tools/finsig_dryos.c u1 = fwval(fw,j1); fw 3496 tools/finsig_dryos.c if ((u1 >= fw->base) || ((u1 >= fw->base2) && (u1 < fw->base2 + fw->size2*4))) // pointer ?? fw 3501 tools/finsig_dryos.c if (isLDR_PC(fw,j2) && (LDR2adr(fw,j2) == fadr)) // LDR ? fw 3503 tools/finsig_dryos.c if ((isSTR(fw,j2+1) && (fwOp2(fw,j2+1) == ofst)) || // STR ? fw 3504 tools/finsig_dryos.c (isSTR(fw,j2+2) && (fwOp2(fw,j2+2) == ofst))) // STR ? fw 3506 tools/finsig_dryos.c fadr = fwval(fw,j1); fw 3507 tools/finsig_dryos.c if (idx_valid(fw,adr2idx(fw,fadr))) fw 3509 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,108); fw 3520 tools/finsig_dryos.c int find_strsig8(firmware *fw, string_sig *sig) fw 3526 tools/finsig_dryos.c int j = get_saved_sig(fw,"UpdateMBROnFlash"); fw 3533 tools/finsig_dryos.c j = get_saved_sig(fw,"MakeSDCardBootable"); fw 3543 tools/finsig_dryos.c int idx = adr2idx(fw, fadr); fw 3548 tools/finsig_dryos.c if (isLDR(fw,j) && isLDR(fw,j+1) && isLDR(fw,j+2)) fw 3550 tools/finsig_dryos.c ofst = fwOp2(fw,j) + fwOp2(fw,j+1) + fwOp2(fw,j+2); fw 3557 tools/finsig_dryos.c return fw_string_process(fw, sig, match_strsig8, 1); fw 3565 tools/finsig_dryos.c int find_strsig9(firmware *fw, string_sig *sig) fw 3567 tools/finsig_dryos.c int j = get_saved_sig(fw,sig->ev_name); fw 3572 tools/finsig_dryos.c int ofst = dryos_offset(fw, sig); fw 3573 tools/finsig_dryos.c uint32_t fadr = followBranch(fw, func_names[j].val+ofst*4, 0xF1000001); fw 3577 tools/finsig_dryos.c if (sig->offset != -1) fadr2 = followBranch2(fw, fadr2, sig->offset); fw 3580 tools/finsig_dryos.c fwAddMatch(fw,fadr2,32,0,109); fw 3596 tools/finsig_dryos.c int match_strsig11(firmware *fw, string_sig *sig, int j) fw 3598 tools/finsig_dryos.c int ofst = dryos_offset(fw, sig); fw 3600 tools/finsig_dryos.c uint32_t sadr = idx2adr(fw,j); // string address fw 3604 tools/finsig_dryos.c if (isADR_PC_cond(fw,j1)) // ADR ? fw 3606 tools/finsig_dryos.c uint32_t padr = ADR2adr(fw,j1); fw 3609 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw,j1-ofst); fw 3610 tools/finsig_dryos.c uint32_t bfadr = followBranch(fw,fadr,sig->offset); fw 3616 tools/finsig_dryos.c if (isBL_cond(fw,j2) && // BLxx fw 3617 tools/finsig_dryos.c isLDR_SP(fw,j2+1) && (fwRd(fw,j2+1) == 0) && // LDR R0,[SP,x] fw 3618 tools/finsig_dryos.c isBL(fw,j2+2) && // BL fw 3619 tools/finsig_dryos.c isMOV(fw,j2+3) && (fwRd(fw,j2+3) == 4) && (fwRn(fw,j2+3) == 0)) // LDR R4, R0 fw 3628 tools/finsig_dryos.c fwAddMatch(fw,bfadr,32,0,111); fw 3643 tools/finsig_dryos.c int find_strsig12(firmware *fw, string_sig *sig) fw 3645 tools/finsig_dryos.c int j = get_saved_sig(fw,"CreateJumptable"); fw 3647 tools/finsig_dryos.c int ofst = dryos_offset(fw, sig); fw 3655 tools/finsig_dryos.c int idx = adr2idx(fw, func_names[j].val); fw 3656 tools/finsig_dryos.c for(; !isBX_LR(fw,idx); idx++) // BX LR fw 3658 tools/finsig_dryos.c if (((fwval(fw,idx+1) & 0xFFFFF000) == 0xE5801000) && // STR R1,[R0,nnn] fw 3659 tools/finsig_dryos.c (fwOp2(fw,idx+1) == ofst)) fw 3661 tools/finsig_dryos.c uint32_t fadr = LDR2val(fw,idx); fw 3662 tools/finsig_dryos.c uint32_t bfadr = followBranch2(fw,fadr,sig->offset); fw 3663 tools/finsig_dryos.c if ((sig->offset <= 1) || ((bfadr != fadr) && ((fw->buf[adr2idx(fw,fadr)] & 0xFFFF0000) == 0xE92D0000))) fw 3665 tools/finsig_dryos.c fwAddMatch(fw,bfadr,32,0,112); fw 3669 tools/finsig_dryos.c else if (isB(fw,idx)) // B fw 3671 tools/finsig_dryos.c idx = adr2idx(fw,followBranch(fw,idx2adr(fw,idx),1)) - 1; fw 3691 tools/finsig_dryos.c int match_strsig13a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 3693 tools/finsig_dryos.c if (fwval(fw,k) == sadr) // string ptr fw 3695 tools/finsig_dryos.c uint32_t padr = idx2adr(fw,k); // string ptr address fw 3699 tools/finsig_dryos.c if (fwval(fw,j2) == padr) // string ptr address fw 3701 tools/finsig_dryos.c uint32_t ppadr = idx2adr(fw,j2); // string ptr ptr address fw 3705 tools/finsig_dryos.c if (isLDR_PC(fw,j3) && (LDR2adr(fw,j3) == ppadr)) fw 3707 tools/finsig_dryos.c uint32_t fadr = idx2adr(fw,j3-offset); fw 3708 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,113); fw 3717 tools/finsig_dryos.c int match_strsig13(firmware *fw, string_sig *sig, int j) fw 3720 tools/finsig_dryos.c return search_fw(fw, match_strsig13a, fw->base + j, sig->offset, 1); fw 3730 tools/finsig_dryos.c int match_strsig15a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 3732 tools/finsig_dryos.c if (isADR_PC_cond(fw,k) || isLDR_PC_cond(fw,k)) // LDR or ADR ? fw 3735 tools/finsig_dryos.c if (isLDR_PC_cond(fw,k)) // LDR ? fw 3736 tools/finsig_dryos.c padr = LDR2val(fw,k); fw 3738 tools/finsig_dryos.c padr = ADR2adr(fw,k); fw 3741 tools/finsig_dryos.c int j2 = find_inst_rev(fw, isBL, k-1, dryos_ofst); fw 3745 tools/finsig_dryos.c j2 = idxcorr(fw, j2); fw 3746 tools/finsig_dryos.c uint32_t fa = idx2adr(fw,j2); fw 3747 tools/finsig_dryos.c fa = followBranch2(fw,fa,offset); fw 3748 tools/finsig_dryos.c fwAddMatch(fw,fa,32,0,115); fw 3755 tools/finsig_dryos.c int match_strsig15(firmware *fw, string_sig *sig, int j) fw 3757 tools/finsig_dryos.c dryos_ofst = dryos_offset(fw,sig); fw 3759 tools/finsig_dryos.c return search_fw(fw, match_strsig15a, idx2adr(fw,j), sig->offset, 1); fw 3764 tools/finsig_dryos.c int match_strsig16(firmware *fw, string_sig *sig, int j) fw 3768 tools/finsig_dryos.c if (isADR_PC_cond(fw,j) || isLDR_PC_cond(fw,j)) // LDR or ADR ? fw 3771 tools/finsig_dryos.c if (isLDR_PC_cond(fw,j)) // LDR ? fw 3772 tools/finsig_dryos.c padr = LDR2val(fw,j); fw 3774 tools/finsig_dryos.c padr = ADR2adr(fw,j); fw 3777 tools/finsig_dryos.c int j2 = find_inst_rev(fw, isSTMFD_LR, j-1, 50); fw 3780 tools/finsig_dryos.c uint32_t fa = idx2adr(fw,j2); fw 3781 tools/finsig_dryos.c fwAddMatch(fw,fa,32,0,116); fw 3792 tools/finsig_dryos.c int find_strsig17(firmware *fw, string_sig *sig) fw 3794 tools/finsig_dryos.c int j = get_saved_sig(fw,"StartRecModeMenu"); fw 3800 tools/finsig_dryos.c int idx = adr2idx(fw, func_names[j].val); fw 3802 tools/finsig_dryos.c if (fw->dryos_ver < 58) fw 3804 tools/finsig_dryos.c if (isLDR_PC(fw,idx-3) && isMOV_immed(fw,idx-2) && isB(fw,idx-1)) fw 3806 tools/finsig_dryos.c k = adr2idx(fw,LDR2val(fw,idx-3)); fw 3808 tools/finsig_dryos.c else if (isMOV_immed(fw,idx-3) && isADR_PC(fw,idx-2) && isB(fw,idx-1)) fw 3810 tools/finsig_dryos.c k = adr2idx(fw,ADR2adr(fw,idx-2)); fw 3815 tools/finsig_dryos.c int l = find_inst_rev(fw, isBL, idx-1, 4); fw 3818 tools/finsig_dryos.c if (isLDR_PC(fw,l-2) && isMOV_immed(fw,l-1)) fw 3820 tools/finsig_dryos.c k = adr2idx(fw,LDR2val(fw,l-2)); fw 3828 tools/finsig_dryos.c fadr = followBranch(fw,idx2adr(fw,k+1),0x01000001); fw 3831 tools/finsig_dryos.c k = find_inst(fw, isLDMFD, k+1, 60); fw 3832 tools/finsig_dryos.c if (fw->dryos_ver < 58) fw 3834 tools/finsig_dryos.c fadr = followBranch(fw,idx2adr(fw,k-1),0x01000001); fw 3838 tools/finsig_dryos.c k = find_inst_rev(fw, isBL, k-1, 4); fw 3841 tools/finsig_dryos.c fadr = followBranch(fw,idx2adr(fw,k),0x01000001); fw 3847 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,117); fw 3867 tools/finsig_dryos.c int find_strsig19(firmware *fw, string_sig *sig) fw 3869 tools/finsig_dryos.c int j = get_saved_sig(fw,sig->ev_name); fw 3874 tools/finsig_dryos.c int ofst = dryos_offset(fw, sig); fw 3886 tools/finsig_dryos.c case 0: k = isLDMFD_PC(fw, adr2idx(fw, fadr)-1-addoffs); break; fw 3887 tools/finsig_dryos.c case 1: k = isB(fw, adr2idx(fw, fadr)-1-addoffs); break; fw 3888 tools/finsig_dryos.c case 2: k = ((fwval(fw, adr2idx(fw, fadr)-1-addoffs) & 0x0f000000) == 0x0a000000); break; // B cond. fw 3889 tools/finsig_dryos.c case 3: k = (fwval(fw, adr2idx(fw, fadr)-1-addoffs) == 0xE1A0F00E); break; // mov pc, lr fw 3890 tools/finsig_dryos.c case 4: k = (fwval(fw, adr2idx(fw, fadr)-1-addoffs) == 0xE12FFF1E); break; // bx lr fw 3895 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,119); fw 3913 tools/finsig_dryos.c int match_strsig23a(firmware *fw, int k, uint32_t sadr, uint32_t maxdist) fw 3915 tools/finsig_dryos.c if (isADR_PC_cond(fw,k) || isLDR_PC_cond(fw,k)) // LDR or ADR ? fw 3918 tools/finsig_dryos.c if (isLDR_PC_cond(fw,k)) // LDR ? fw 3919 tools/finsig_dryos.c padr = LDR2val(fw,k); fw 3921 tools/finsig_dryos.c padr = ADR2adr(fw,k); fw 3927 tools/finsig_dryos.c j2 = find_Nth_inst_rev(fw, isBorBL, k, maxdist, -dryos_ofst); fw 3931 tools/finsig_dryos.c j2 = find_Nth_inst(fw, isBorBL, k+1, maxdist, dryos_ofst+1); fw 3935 tools/finsig_dryos.c uint32_t fa = idx2adr(fw,j2); fw 3936 tools/finsig_dryos.c fa = followBranch2(fw,fa,0x01000001); fw 3937 tools/finsig_dryos.c fwAddMatch(fw,fa,32,0,123); fw 3944 tools/finsig_dryos.c int match_strsig23(firmware *fw, string_sig *sig, int j) fw 3946 tools/finsig_dryos.c dryos_ofst = dryos_offset(fw,sig); fw 3951 tools/finsig_dryos.c return search_fw(fw, match_strsig23a, idx2adr(fw,j), sig->offset, 2); fw 3968 tools/finsig_dryos.c int match_strsig24(firmware *fw, string_sig *sig, int j) fw 3971 tools/finsig_dryos.c int ofst = dryos_offset(fw, sig); fw 3984 tools/finsig_dryos.c uint32_t sadr = idx2adr(fw,j); // string address fw 3988 tools/finsig_dryos.c if (isLDR(fw,j1)) // LDR ? fw 3990 tools/finsig_dryos.c uint32_t pval = LDR2val(fw,j1); fw 3993 tools/finsig_dryos.c int j2 = find_Nth_inst_rev(fw,instid,j1-1,sig->offset,ninst); fw 3996 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,j2-ofst),32,0,124); fw 4001 tools/finsig_dryos.c else if (isADR_PC(fw,j1)) // ADR ? fw 4003 tools/finsig_dryos.c uint32_t pval = ADR2adr(fw,j1); fw 4006 tools/finsig_dryos.c int j2 = find_Nth_inst_rev(fw,instid,j1-1,sig->offset,ninst); fw 4009 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,j2-ofst),32,0,124); fw 4020 tools/finsig_dryos.c int find_strsig(firmware *fw, string_sig *sig) fw 4024 tools/finsig_dryos.c case 1: return fw_string_process(fw, sig, match_strsig1, 1); fw 4025 tools/finsig_dryos.c case 2: return fw_string_process_unaligned(fw, sig, match_strsig2); fw 4026 tools/finsig_dryos.c case 3: return fw_string_process(fw, sig, match_strsig3, 1); fw 4027 tools/finsig_dryos.c case 4: return fw_string_process(fw, sig, match_strsig4, 1); fw 4028 tools/finsig_dryos.c case 5: return fw_string_process(fw, sig, match_strsig5, 1); fw 4029 tools/finsig_dryos.c case 6: return fw_string_process(fw, sig, match_strsig6, 1); fw 4030 tools/finsig_dryos.c case 7: return fw_string_process(fw, sig, match_strsig7, 1); fw 4031 tools/finsig_dryos.c case 8: return find_strsig8(fw, sig); fw 4032 tools/finsig_dryos.c case 9: return find_strsig9(fw, sig); fw 4033 tools/finsig_dryos.c case 11: return fw_string_process(fw, sig, match_strsig11, 0); fw 4034 tools/finsig_dryos.c case 12: return find_strsig12(fw, sig); fw 4035 tools/finsig_dryos.c case 13: return fw_string_process_unaligned(fw, sig, match_strsig13); fw 4036 tools/finsig_dryos.c case 15: return fw_string_process(fw, sig, match_strsig15, 1); fw 4037 tools/finsig_dryos.c case 16: return fw_process(fw, sig, match_strsig16); fw 4038 tools/finsig_dryos.c case 17: return find_strsig17(fw, sig); fw 4039 tools/finsig_dryos.c case 19: return find_strsig19(fw, sig); fw 4045 tools/finsig_dryos.c uint32_t fadr = followBranch2(fw,func_names[j].val,sig->offset); fw 4046 tools/finsig_dryos.c fwAddMatch(fw,fadr,32,0,120); fw 4051 tools/finsig_dryos.c case 21: return fw_process(fw, sig, (int (*)(firmware*, string_sig*, int))(sig->ev_name)); fw 4052 tools/finsig_dryos.c case 22: return ((int (*)(firmware*,int))(sig->ev_name))(fw,sig->offset); fw 4053 tools/finsig_dryos.c case 23: return fw_string_process(fw, sig, match_strsig23, 1); fw 4054 tools/finsig_dryos.c case 24: return fw_string_process(fw, sig, match_strsig24, 0); fw 4065 tools/finsig_dryos.c void find_str_sig_matches(firmware *fw, const char *curr_name) fw 4077 tools/finsig_dryos.c if (find_strsig(fw, &string_sigs[i])) fw 4098 tools/finsig_dryos.c void find_matches(firmware *fw, const char *curr_name) fw 4116 tools/finsig_dryos.c fwAddMatch(fw,func_names[i].val,32,0,120); fw 4127 tools/finsig_dryos.c if (find_strsig(fw, &string_sigs[i])) fw 4155 tools/finsig_dryos.c for (n = fw->br; n != 0; n = n->next) fw 4177 tools/finsig_dryos.c if ((fw->buf[n->off+i+s->value] & 0x0F000000) == 0x0A000000) // B fw 4179 tools/finsig_dryos.c idx = adr2idx(fw, followBranch2(fw, idx2adr(fw,n->off+i+s->value), 0xF0000001)); fw 4180 tools/finsig_dryos.c if ((idx >= 0) && (idx < fw->size)) fw 4183 tools/finsig_dryos.c p1 = &fw->buf[idx]; fw 4222 tools/finsig_dryos.c if (isLDR_PC_cond(fw,n->off+i+s->offs)) fw 4224 tools/finsig_dryos.c int m = adr2idx(fw,LDR2val(fw,n->off+i+s->offs)); fw 4225 tools/finsig_dryos.c if ((m >= 0) && (m < fw->size) && (strcmp((char*)(&fw->buf[m]),"Mounter.c") == 0)) fw 4230 tools/finsig_dryos.c else if (isADR_PC_cond(fw,n->off+i+s->offs)) fw 4232 tools/finsig_dryos.c int m = adr2idx(fw,ADR2adr(fw,n->off+i+s->offs)); fw 4233 tools/finsig_dryos.c if ((m >= 0) && (m < fw->size) && (strcmp((char*)(&fw->buf[m]),"Mounter.c") == 0)) fw 4244 tools/finsig_dryos.c fwAddMatch(fw,idx2adr(fw,i+n->off),success,fail,func_list[j].ver); fw 4275 tools/finsig_dryos.c void print_results(firmware *fw, const char *curr_name, int k) fw 4284 tools/finsig_dryos.c osig* ostub2 = find_sig(fw->sv->stubs,curr_name); fw 4381 tools/finsig_dryos.c void output_modemap(firmware *fw, int k) fw 4385 tools/finsig_dryos.c if (isLDR_PC(fw,k)) fw 4387 tools/finsig_dryos.c k = adr2idx(fw,LDR2val(fw,k)); fw 4388 tools/finsig_dryos.c bprintf("%08x\n",idx2adr(fw,k)); fw 4389 tools/finsig_dryos.c uint16_t *p = (uint16_t*)(&fw->buf[k]); fw 4393 tools/finsig_dryos.c if (((fw->dryos_ver < 47) && ((*p < 8000) || (*p > 8999))) || ((fw->dryos_ver >= 47) && ((*p < 4000) || (*p > 4999)))) fw 4395 tools/finsig_dryos.c osig *m = find_sig_val(fw->sv->modemap, *p); fw 4414 tools/finsig_dryos.c osig *m = fw->sv->modemap; fw 4430 tools/finsig_dryos.c int match_modelist(firmware *fw, int k, uint32_t fadr, __attribute__ ((unused))uint32_t v2) fw 4432 tools/finsig_dryos.c if (isBX_LR(fw,k) && (fw->buf[k+4] == fadr)) fw 4434 tools/finsig_dryos.c fadr = fwval(fw,k+1); fw 4438 tools/finsig_dryos.c if (isLDR_PC(fw,k1) && (LDR2val(fw,k1) == fadr)) fw 4440 tools/finsig_dryos.c bprintf("// Firmware modemap table found @%08x -> ",idx2adr(fw,k1)); fw 4441 tools/finsig_dryos.c output_modemap(fw,k1); fw 4452 tools/finsig_dryos.c int match_FlashParamsTable2(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 4454 tools/finsig_dryos.c if (fw->buf[k] == v1) fw 4456 tools/finsig_dryos.c FlashParamsTable_address = idx2adr(fw,k); fw 4462 tools/finsig_dryos.c int match_FlashParamsTable(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 4464 tools/finsig_dryos.c if ((fw->buf[k] > fw->base) && (fw->buf[k+1] == 0x00010000) && (fw->buf[k+2] == 0xFFFF0002)) fw 4466 tools/finsig_dryos.c if (search_fw(fw, match_FlashParamsTable2, idx2adr(fw,k), 0, 1)) fw 4472 tools/finsig_dryos.c void find_modemap(firmware *fw) fw 4477 tools/finsig_dryos.c search_fw(fw, match_FlashParamsTable, 0, 0, 1); fw 4483 tools/finsig_dryos.c search_fw(fw, match_modelist, FlashParamsTable_address, 0, 5); fw 4489 tools/finsig_dryos.c int match_CAM_UNCACHED_BIT(firmware *fw, int k, __attribute__ ((unused))int v) fw 4491 tools/finsig_dryos.c if ((fw->buf[k] & 0x0FFFF000) == 0x03C00000) // BIC fw 4493 tools/finsig_dryos.c fw->uncached_adr = ALUop2(fw,k); fw 4494 tools/finsig_dryos.c fw->uncached_adr_idx = k; fw 4500 tools/finsig_dryos.c int find_DebugAssert_argcount(firmware *fw) fw 4502 tools/finsig_dryos.c int s1 = find_str_ref(fw, "CameraLog.c"); fw 4505 tools/finsig_dryos.c int k = isADR_PC_cond(fw, s1); fw 4508 tools/finsig_dryos.c k = fwRd(fw, s1); fw 4515 tools/finsig_dryos.c void find_platform_vals(firmware *fw) fw 4524 tools/finsig_dryos.c if (fw->dryos_ver >= 39) fw 4526 tools/finsig_dryos.c if (fw->dryos_ver >= 47) fw 4528 tools/finsig_dryos.c if (fw->dryos_ver >= 59) fw 4536 tools/finsig_dryos.c k = find_str_ref(fw, "\r[%ld] AdjDrvType[%02ld] -> DrvType[%02"); fw 4542 tools/finsig_dryos.c if ((fw->buf[k1] & 0x0FFF0FFF) == 0x058D0034) // STRxx Rn, [SP,#0x34] fw 4544 tools/finsig_dryos.c if ((fw->buf[k1-1] & 0x0FFF0000) == 0x03A00000) // MOVxx Rn, #YYY fw 4546 tools/finsig_dryos.c raw_width = ALUop2(fw, k1-1); fw 4549 tools/finsig_dryos.c else if ((fw->buf[k1-2] & 0x0FFF0000) == 0x03A00000)// MOVxx Rn, #YYY fw 4551 tools/finsig_dryos.c raw_width = ALUop2(fw, k1-2); fw 4554 tools/finsig_dryos.c else if (isLDR_PC_cond(fw,k1-1)) fw 4556 tools/finsig_dryos.c raw_width = LDR2val(fw,k1-1); fw 4559 tools/finsig_dryos.c else if (isLDR_PC_cond(fw,k1-2)) fw 4561 tools/finsig_dryos.c raw_width = LDR2val(fw,k1-2); fw 4569 tools/finsig_dryos.c if ((fw->buf[k1] & 0x0FFF0FFF) == 0x058D0030) // STRxx Rn, [SP,#0x30] fw 4571 tools/finsig_dryos.c if ((fw->buf[k1-1] & 0x0FFF0000) == 0x03A00000) // MOVxx Rn, #YYY fw 4573 tools/finsig_dryos.c raw_height = ALUop2(fw, k1-1); fw 4576 tools/finsig_dryos.c else if ((fw->buf[k1-2] & 0x0FFF0000) == 0x03A00000)// MOVxx Rn, #YYY fw 4578 tools/finsig_dryos.c raw_height = ALUop2(fw, k1-2); fw 4581 tools/finsig_dryos.c else if (isLDR_PC_cond(fw,k1-1)) fw 4583 tools/finsig_dryos.c raw_height = LDR2val(fw,k1-1); fw 4586 tools/finsig_dryos.c else if (isLDR_PC_cond(fw,k1-2)) fw 4588 tools/finsig_dryos.c raw_height = LDR2val(fw,k1-2); fw 4591 tools/finsig_dryos.c if ((fw->buf[k1-1] & 0x0FFF0000) == 0x02400000) // SUBxx Rn, #YYY fw 4593 tools/finsig_dryos.c raw_height = raw_width - ALUop2(fw, k1-1); fw 4602 tools/finsig_dryos.c k = find_str_ref(fw, " CrwAddress %lx, CrwSize H %ld V %ld\r"); fw 4608 tools/finsig_dryos.c if ((fw->buf[k1] & 0xFFFFF000) == 0xE3A02000) // MOV R2, #nnn fw 4610 tools/finsig_dryos.c raw_width = ALUop2(fw,k1); fw 4614 tools/finsig_dryos.c if (isLDR_PC(fw,k1) && ((fw->buf[k1]& 0x0000F000) == 0x00002000)) // LDR R2, =nnn fw 4616 tools/finsig_dryos.c raw_width = LDR2val(fw,k1); fw 4623 tools/finsig_dryos.c if ((fw->buf[k1] & 0xFFFFF000) == 0xE3A03000) // MOV R3, #nnn fw 4625 tools/finsig_dryos.c raw_height = ALUop2(fw,k1); fw 4629 tools/finsig_dryos.c if (isLDR_PC(fw,k1) && ((fw->buf[k1]& 0x0000F000) == 0x00003000)) // LDR R3, =nnn fw 4631 tools/finsig_dryos.c raw_height = LDR2val(fw,k1); fw 4635 tools/finsig_dryos.c if ((fw->buf[k1] & 0xFFFFF000) == 0xE2423000) // SUB R3, R2, #nnn fw 4637 tools/finsig_dryos.c raw_height = raw_width - ALUop2(fw,k1); fw 4646 tools/finsig_dryos.c bprintf("//#define CAM_RAW_ROWPIX %d // Found @0x%08x\n",raw_width,idx2adr(fw,kw)); fw 4654 tools/finsig_dryos.c bprintf("//#define CAM_RAW_ROWS %d // Found @0x%08x\n",raw_height,idx2adr(fw,kh)); fw 4662 tools/finsig_dryos.c if (fw->uncached_adr_idx != 0) fw 4665 tools/finsig_dryos.c bprintf("//#define CAM_UNCACHED_BIT 0x%08x // Found @0x%08x\n",fw->uncached_adr,idx2adr(fw,fw->uncached_adr_idx)); fw 4669 tools/finsig_dryos.c k = get_saved_sig(fw,"GetImageFolder"); fw 4673 tools/finsig_dryos.c int s = adr2idx(fw,fadr); fw 4674 tools/finsig_dryos.c int e = find_inst(fw, isLDMFD_PC, s+1, 160); fw 4677 tools/finsig_dryos.c if (isMOV(fw,k1) && (fwRnMOV(fw,k1) == 2)) fw 4679 tools/finsig_dryos.c int r1 = fwRd(fw,k1); fw 4684 tools/finsig_dryos.c if (isMOV(fw,k2) && isBL(fw,k2+1) && (fwRnMOV(fw,k2) == r1)) fw 4686 tools/finsig_dryos.c else if (isMOV(fw,k2) && isBL(fw,k2+7) && (fwRnMOV(fw,k2) == r1)) fw 4690 tools/finsig_dryos.c int r2 = fwRd(fw,k2); fw 4691 tools/finsig_dryos.c fadr = followBranch2(fw,idx2adr(fw,k2+b),0x01000001); fw 4692 tools/finsig_dryos.c k = adr2idx(fw,fadr); fw 4696 tools/finsig_dryos.c if (isCMP(fw,k3) && (fwRn(fw,k3) == r2)) fw 4698 tools/finsig_dryos.c int val = ALUop2(fw,k3); fw 4699 tools/finsig_dryos.c bprintf("//#define CAM_DATE_FOLDER_NAMING 0x%03x // Found @0x%08x (pass as 3rd param to GetImageFolder)\n",val,idx2adr(fw,k3)); fw 4711 tools/finsig_dryos.c k1 = adr2idx(fw,FlashParamsTable_address); fw 4714 tools/finsig_dryos.c uint32_t fadr = fwval(fw,k); fw 4715 tools/finsig_dryos.c int k2 = adr2idx(fw,fadr); fw 4716 tools/finsig_dryos.c if (idx_valid(fw,k2)) fw 4718 tools/finsig_dryos.c uint32_t sadr = fwval(fw,k2); fw 4719 tools/finsig_dryos.c k2 = adr2idx(fw,sadr); fw 4720 tools/finsig_dryos.c if (idx_valid(fw,k2)) fw 4722 tools/finsig_dryos.c char *s = adr2ptr(fw,sadr); fw 4723 tools/finsig_dryos.c if (((fw->cam != 0) && (strcmp(s,fw->cam) == 0)) || (strcmp(s,"Unknown") == 0)) fw 4733 tools/finsig_dryos.c find_DebugAssert_argcount(fw); fw 4739 tools/finsig_dryos.c k = get_saved_sig(fw,"task_FileWrite"); fw 4743 tools/finsig_dryos.c k1 = adr2idx(fw, fadr); fw 4746 tools/finsig_dryos.c if ((fwval(fw, k1+k) & 0x0fffff00) == 0x008ff100) // add[cond] pc, pc, rx, lsl#2 fw 4748 tools/finsig_dryos.c for (k++;isB(fw,k1+k) && idxFollowBranch(fw,k1+k,1) != idxFollowBranch(fw,k1+k-1,1);k++); fw 4750 tools/finsig_dryos.c for (;isB(fw,k1+k) && idxFollowBranch(fw,k1+k,1) == idxFollowBranch(fw,k1+k-1,1);k++,c++); fw 4752 tools/finsig_dryos.c bprintf("//#define MAX_CHUNKS_FOR_FWT %d // Found @0x%08x\n",c,idx2adr(fw,k+k1)); fw 4761 tools/finsig_dryos.c uint32_t find_viewport_address(firmware *fw, int *kout) fw 4766 tools/finsig_dryos.c k = find_str_ref(fw, "VRAM Address : %p\r"); fw 4771 tools/finsig_dryos.c if (isLDR(fw,k1) && isLDR(fw,k1+1)) fw 4773 tools/finsig_dryos.c uint32_t v1 = LDR2val(fw,k1); fw 4774 tools/finsig_dryos.c uint32_t v2 = LDR2val(fw,k1+1); fw 4786 tools/finsig_dryos.c int match_vid_get_bitmap_fb(firmware *fw, int k, __attribute__ ((unused))int v) fw 4788 tools/finsig_dryos.c if (isBL(fw,k-1) && // BL fw 4789 tools/finsig_dryos.c isLDR_PC(fw,k)) fw 4791 tools/finsig_dryos.c uint32_t v1 = LDR2val(fw,k); fw 4792 tools/finsig_dryos.c bprintf("//void *vid_get_bitmap_fb() { return (void*)0x%08x; } // Found @0x%08x\n",v1,idx2adr(fw,k)); fw 4796 tools/finsig_dryos.c if (isBL(fw,k-1) && // BL fw 4797 tools/finsig_dryos.c (isLDR_PC(fw,k+1))) fw 4799 tools/finsig_dryos.c uint32_t v1 = LDR2val(fw,k+1); fw 4800 tools/finsig_dryos.c bprintf("//void *vid_get_bitmap_fb() { return (void*)0x%08x; } // Found @0x%08x\n",v1,idx2adr(fw,k)); fw 4807 tools/finsig_dryos.c int match_get_flash_params_count(firmware *fw, int k, __attribute__ ((unused))int v) fw 4809 tools/finsig_dryos.c if ((fw->buf[k] & 0xFFF00FFF) == 0xE3C00901) // BIC Rn, Rn, #0x4000 fw 4811 tools/finsig_dryos.c uint32_t r = fw->buf[k] & 0x000F0000; // Register fw 4812 tools/finsig_dryos.c if (((fw->buf[k+1] & 0xFFF00000) == 0xE3500000) && ((fw->buf[k+1] & 0x000F0000) == r)) // CMP, Rn #val fw 4814 tools/finsig_dryos.c bprintf("//int get_flash_params_count(void) { return 0x%02x; } // Found @0x%08x\n",fw->buf[k+1]&0xFFF,idx2adr(fw,k+1)); fw 4823 tools/finsig_dryos.c int match_uiprop_count(firmware *fw, int k, __attribute__ ((unused))int v) fw 4825 tools/finsig_dryos.c if ((fw->buf[k] & 0xFFF00FFF) == 0xe3c00902) // BIC Rn, Rn, #0x8000 fw 4827 tools/finsig_dryos.c uint32_t r = fw->buf[k] & 0x000F0000; // Register fw 4828 tools/finsig_dryos.c if (((fw->buf[k+1] & 0xFFF00000) == 0xE3500000) && ((fw->buf[k+1] & 0x000F0000) == r)) // CMP, Rn #val fw 4831 tools/finsig_dryos.c uint32_t fadr = fw->buf[k+1]&0xFFF; fw 4832 tools/finsig_dryos.c osig *o = find_sig(fw->sv->stubs_min,name); fw 4835 tools/finsig_dryos.c bprintf("//DEF_CONST(%-34s,0x%08x) // Found @0x%08x",name,fadr,idx2adr(fw,k+1)); fw 4847 tools/finsig_dryos.c bprintf("DEF_CONST(%-34s,0x%08x) // Found @0x%08x",name,fadr,idx2adr(fw,k+1)); fw 4857 tools/finsig_dryos.c int match_imager_active(firmware *fw, int k, __attribute__ ((unused))int v) fw 4863 tools/finsig_dryos.c if (isLDMFD_PC(fw,k)) fw 4865 tools/finsig_dryos.c int k1 = find_inst_rev(fw, isBL, k-1, 10); fw 4872 tools/finsig_dryos.c if (isLDR(fw,k1) || isADR(fw,k1)) fw 4874 tools/finsig_dryos.c if (isADR(fw,k1)) fw 4876 tools/finsig_dryos.c a = ADR2adr(fw, k1); fw 4880 tools/finsig_dryos.c a = LDR2val(fw, k1); fw 4882 tools/finsig_dryos.c if ((a>fw->base) && ((a&3) == 0)) fw 4884 tools/finsig_dryos.c int k3 = adr2idx(fw, a); fw 4885 tools/finsig_dryos.c if (isSTMFD_LR(fw,k3)) fw 4887 tools/finsig_dryos.c k3 = find_inst(fw, isBLX, k3+1, 6); fw 4893 tools/finsig_dryos.c if (isSTR_cond(fw,k3+k4)) fw 4895 tools/finsig_dryos.c reg = fwRn(fw,k3+k4); fw 4896 tools/finsig_dryos.c o = fwval(fw,k3+k4) & 0xff; // offset, should be around 4 fw 4897 tools/finsig_dryos.c where = idx2adr(fw,k3+k4); fw 4899 tools/finsig_dryos.c if (reg>=0 && isLDR_cond(fw,k3+k4) && fwRd(fw,k3+k4)==reg) fw 4901 tools/finsig_dryos.c adr = LDR2val(fw,k3+k4); fw 4902 tools/finsig_dryos.c if (adr < fw->memisostart) fw 4926 tools/finsig_dryos.c void find_lib_vals(firmware *fw) fw 4936 tools/finsig_dryos.c search_saved_sig(fw, "DispCon_ShowBitmapColorBar", match_vid_get_bitmap_fb, 0, 1, 30); fw 4939 tools/finsig_dryos.c uint32_t v = find_viewport_address(fw,&k); fw 4942 tools/finsig_dryos.c bprintf("//void *vid_get_viewport_fb() { return (void*)0x%08x; } // Found @0x%08x\n",v,idx2adr(fw,k)); fw 4952 tools/finsig_dryos.c int sadr = find_str(fw, "ImagePlayer.c"); fw 4953 tools/finsig_dryos.c k = find_nxt_str_ref(fw, sadr, -1); fw 4960 tools/finsig_dryos.c if (isLDR(fw,k+fbd[f][0]) && isLDR(fw,k+fbd[f][1]) && isLDR(fw,k+fbd[f][2])) fw 4962 tools/finsig_dryos.c uint32_t reg = fw->buf[k+fbd[f][2]] & 0x000F0000; // Index register used fw 4964 tools/finsig_dryos.c if (((fw->buf[k+fbd[f][0]] & 0x0000F000) << 4) == reg) { ka = k+fbd[f][0]; } fw 4965 tools/finsig_dryos.c else if (((fw->buf[k+fbd[f][1]] & 0x0000F000) << 4) == reg) { ka = k+fbd[f][1]; } fw 4968 tools/finsig_dryos.c uint32_t adr = LDR2val(fw,ka); fw 4971 tools/finsig_dryos.c if (isSTR(fw,k1) && ((fw->buf[k1] & 0x000F0000) == reg)) fw 4973 tools/finsig_dryos.c uint32_t ofst = fw->buf[k1] & 0x00000FFF; fw 4974 tools/finsig_dryos.c bprintf("DEF(%-40s,0x%08x) // Found 0x%04x (@0x%08x) + 0x%02x (@0x%08x)\n","viewport_fb_d",adr+ofst,adr,idx2adr(fw,ka),ofst,idx2adr(fw,k1)); fw 4975 tools/finsig_dryos.c bprintf("//void *vid_get_viewport_fb_d() { return (void*)(*(int*)(0x%04x+0x%02x)); } // Found @0x%08x & 0x%08x\n",adr,ofst,idx2adr(fw,ka),idx2adr(fw,k1)); fw 4983 tools/finsig_dryos.c k = find_nxt_str_ref(fw, sadr, k); fw 4987 tools/finsig_dryos.c k = find_str_ref(fw, "9999"); fw 4990 tools/finsig_dryos.c if (isLDR(fw,k-1) && isBL(fw,k+1)) fw 4992 tools/finsig_dryos.c uint32_t v1 = LDR2val(fw,k-1); fw 4993 tools/finsig_dryos.c bprintf("DEF(%-40s,0x%08x) // Found @0x%08x\n","jpeg_count_str",v1,idx2adr(fw,k-1)); fw 4994 tools/finsig_dryos.c bprintf("//char *camera_jpeg_count_str() { return (char*)0x%08x; } // Found @0x%08x\n",v1,idx2adr(fw,k-1)); fw 5010 tools/finsig_dryos.c search_saved_sig(fw, "GetParameterData", match_get_flash_params_count, 0, 0, 30); fw 5015 tools/finsig_dryos.c void print_stubs_min(firmware *fw, const char *name, uint32_t fadr, uint32_t atadr) fw 5017 tools/finsig_dryos.c osig *o = find_sig(fw->sv->stubs_min,name); fw 5038 tools/finsig_dryos.c int print_exmem_types(firmware *fw) fw 5043 tools/finsig_dryos.c int ii = adr2idx(fw, exm_typ_tbl); fw 5047 tools/finsig_dryos.c bprintf("// %s %i\n",adr2ptr(fw, fwval(fw,ii+n)),n); fw 5053 tools/finsig_dryos.c int find_exmem_alloc_table(firmware *fw) fw 5055 tools/finsig_dryos.c int i = get_saved_sig(fw,"ExMem.View_FW"); // s5 and earlier don't have this fw 5058 tools/finsig_dryos.c i = get_saved_sig(fw,"exmem_assert"); // s5 fw 5064 tools/finsig_dryos.c i = adr2idx(fw, func_names[i].val); fw 5071 tools/finsig_dryos.c if ( ((fwval(fw,i+n)&0xffff0000)==0xe59f0000) ) // ldr rx, [pc, #imm] fw 5073 tools/finsig_dryos.c u = LDR2val(fw, i+n); fw 5074 tools/finsig_dryos.c if (u>fw->data_start && u<fw->data_start+fw->data_len*4 && (fwRd(fw,i+n)>3)) fw 5077 tools/finsig_dryos.c u = u - fw->data_start + fw->data_init_start; fw 5080 tools/finsig_dryos.c else if (us==0 && u>fw->base && u<fw->base+fw->size*4-4 && (u&3)==0) fw 5095 tools/finsig_dryos.c int ii = adr2idx(fw, exm_typ_tbl); fw 5099 tools/finsig_dryos.c if ( (fwval(fw,ii+n)!=0) && isASCIIstring(fw, fwval(fw,ii+n)) ) fw 5101 tools/finsig_dryos.c extyp = adr2ptr(fw, fwval(fw,ii+n)); fw 5116 tools/finsig_dryos.c if ( ((fwval(fw,i+n)&0xffff0000)==0xe59f0000) ) // ldr rx, [pc, #imm] fw 5118 tools/finsig_dryos.c u = LDR2val(fw, i+n); fw 5119 tools/finsig_dryos.c if (u>fw->data_start+fw->data_len*4 && u<fw->memisostart && (fwRd(fw,i+n)>3)) fw 5128 tools/finsig_dryos.c print_stubs_min(fw,"exmem_alloc_table",u,idx2adr(fw,i+n)); fw 5132 tools/finsig_dryos.c print_stubs_min(fw,"exmem_types_table",exm_typ_tbl,exm_typ_tbl_orig); fw 5141 tools/finsig_dryos.c int match_levent_table(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 5143 tools/finsig_dryos.c if ((fw->buf[k] > fw->base) && (fw->buf[k+1] == 0x00000800) && (fw->buf[k+2] == 0x00000002)) fw 5145 tools/finsig_dryos.c print_stubs_min(fw,"levent_table",idx2adr(fw,k),idx2adr(fw,k)); fw 5147 tools/finsig_dryos.c uint32_t levent_tbl = idx2adr(fw,k); fw 5149 tools/finsig_dryos.c write_levent_table_dump(fw, levent_tbl); fw 5155 tools/finsig_dryos.c int match_movie_status(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 5157 tools/finsig_dryos.c if (isLDR_PC(fw, k) && // LDR R0, =base fw 5158 tools/finsig_dryos.c ((fw->buf[k+1] & 0xFE0F0000) == 0xE20F0000) && // ADR R1, =sub fw 5159 tools/finsig_dryos.c isSTR(fw, k+2) && // STR R1, [R0,N] fw 5160 tools/finsig_dryos.c (fw->buf[k+3] == 0xE3A01003) && // MOV R1, 3 fw 5161 tools/finsig_dryos.c isSTR(fw, k+4) && // STR R1, [R0,ofst] fw 5162 tools/finsig_dryos.c (LDR2val(fw,k) < fw->base)) fw 5164 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k); fw 5165 tools/finsig_dryos.c uint32_t ofst = fw->buf[k+4] & 0x00000FFF; fw 5166 tools/finsig_dryos.c print_stubs_min(fw,"movie_status",base+ofst,idx2adr(fw,k)); fw 5170 tools/finsig_dryos.c if (isLDR_PC(fw, k) && // LDR R1, =sub fw 5171 tools/finsig_dryos.c isLDR_PC(fw, k+1) && // LDR R0, =base fw 5172 tools/finsig_dryos.c isSTR(fw, k+2) && // STR R1, [R0,N] fw 5173 tools/finsig_dryos.c (fw->buf[k+3] == 0xE3A01003) && // MOV R1, 3 fw 5174 tools/finsig_dryos.c isSTR(fw, k+4) && // STR R1, [R0,ofst] fw 5175 tools/finsig_dryos.c (LDR2val(fw,k+1) < fw->base)) fw 5177 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k+1); fw 5178 tools/finsig_dryos.c uint32_t ofst = fw->buf[k+4] & 0x00000FFF; fw 5179 tools/finsig_dryos.c print_stubs_min(fw,"movie_status",base+ofst,idx2adr(fw,k)); fw 5183 tools/finsig_dryos.c if (isLDR_PC(fw, k) && // LDR Rx, =base fw 5184 tools/finsig_dryos.c isLDR(fw, k+1) && (fwRd(fw,k) == fwRn(fw,k+1)) && // LDR R0, [Rx, ...] fw 5185 tools/finsig_dryos.c isCMP(fw, k+2) && (fwRd(fw,k+2) == fwRd(fw,k+1)) && // CMP R0, #... fw 5186 tools/finsig_dryos.c (fwval(fw,k+3) == 0x03A00005) && fw 5187 tools/finsig_dryos.c isSTR_cond(fw, k+4) && (fwRn(fw,k+4) == fwRd(fw,k)) && // STRxx R0, [Rx,ofst] fw 5188 tools/finsig_dryos.c (LDR2val(fw,k) < fw->base)) fw 5190 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k); fw 5191 tools/finsig_dryos.c uint32_t ofst = fwOp2(fw,k+4); fw 5192 tools/finsig_dryos.c print_stubs_min(fw,"movie_status",base+ofst,idx2adr(fw,k)); fw 5198 tools/finsig_dryos.c int match_full_screen_refresh(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 5200 tools/finsig_dryos.c if (((fw->buf[k] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base fw 5201 tools/finsig_dryos.c (fw->buf[k+1] == 0xE5D01000) && // LDRB R1, [R0] fw 5202 tools/finsig_dryos.c (fw->buf[k+2] == 0xE3811002) && // ORR R1, R1, #2 fw 5203 tools/finsig_dryos.c (fw->buf[k+3] == 0xE5C01000) && // STRB R1, [R0] fw 5204 tools/finsig_dryos.c isBX_LR(fw,k+4)) // BX LR fw 5206 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k); fw 5207 tools/finsig_dryos.c print_stubs_min(fw,"full_screen_refresh",base,idx2adr(fw,k)); fw 5212 tools/finsig_dryos.c int match_canon_shoot_menu_active(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 5214 tools/finsig_dryos.c if (((fw->buf[k] & 0xFF1FF000) == 0xE51F1000) && // LDR R1, =base fw 5215 tools/finsig_dryos.c ((fw->buf[k+1] & 0xFFFFF000) == 0xE5D10000) && // LDRB R0, [R1, #n] fw 5216 tools/finsig_dryos.c (fw->buf[k+2] == 0xE2800001) && // ADD R0, R0, #1 fw 5217 tools/finsig_dryos.c ((fw->buf[k+3] & 0xFFFFF000) == 0xE5C10000) && // STRB R0, [R1, #n] fw 5218 tools/finsig_dryos.c (isB(fw,k+4))) // B fw 5220 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k); fw 5221 tools/finsig_dryos.c uint32_t ofst = fw->buf[k+1] & 0x00000FFF; fw 5222 tools/finsig_dryos.c print_stubs_min(fw,"canon_shoot_menu_active",base+ofst,idx2adr(fw,k)); fw 5225 tools/finsig_dryos.c if (((fw->buf[k] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base fw 5226 tools/finsig_dryos.c ((fw->buf[k+1] & 0xFFFFF000) == 0xE5D01000) && // LDRB R1, [R0, #n] fw 5227 tools/finsig_dryos.c (fw->buf[k+2] == 0xE2811001) && // ADD R1, R1, #1 fw 5228 tools/finsig_dryos.c ((fw->buf[k+3] & 0xFFFFF000) == 0xE5C01000) && // STRB R1, [R0, #n] fw 5229 tools/finsig_dryos.c (isB(fw,k+4))) // B fw 5231 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k); fw 5232 tools/finsig_dryos.c uint32_t ofst = fw->buf[k+1] & 0x00000FFF; fw 5233 tools/finsig_dryos.c print_stubs_min(fw,"canon_shoot_menu_active",base+ofst,idx2adr(fw,k)); fw 5238 tools/finsig_dryos.c int match_playrec_mode(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 5240 tools/finsig_dryos.c if (((fw->buf[k] & 0xFF1FF000) == 0xE51F1000) && // LDR R1, =base fw 5241 tools/finsig_dryos.c ((fw->buf[k+1] & 0xFFFFF000) == 0xE5810000) && // STR R0, [R1, #n] fw 5242 tools/finsig_dryos.c ((fw->buf[k+3] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base fw 5243 tools/finsig_dryos.c ((fw->buf[k+4] & 0xFFFFF000) == 0xE5900000) && // LDR R0, [R0, #n] fw 5244 tools/finsig_dryos.c ((fw->buf[k+6] & 0xFF1FF000) == 0xE51F1000) && // LDR R1, =base fw 5245 tools/finsig_dryos.c ((fw->buf[k+9] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base fw 5246 tools/finsig_dryos.c ((fw->buf[k+12] & 0xFF1FF000) == 0xE51F1000) && // LDR R1, =base fw 5247 tools/finsig_dryos.c ((fw->buf[k+15] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base fw 5248 tools/finsig_dryos.c ((fw->buf[k+18] & 0xFF1FF000) == 0xE51F1000) && // LDR R1, =base fw 5249 tools/finsig_dryos.c (LDR2val(fw,k) == LDR2val(fw,k+3)) && fw 5250 tools/finsig_dryos.c (LDR2val(fw,k) == LDR2val(fw,k+6)) && fw 5251 tools/finsig_dryos.c (LDR2val(fw,k) == LDR2val(fw,k+9)) && fw 5252 tools/finsig_dryos.c (LDR2val(fw,k) == LDR2val(fw,k+12)) && fw 5253 tools/finsig_dryos.c (LDR2val(fw,k) == LDR2val(fw,k+15)) && fw 5254 tools/finsig_dryos.c (LDR2val(fw,k) == LDR2val(fw,k+18))) fw 5256 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k); fw 5257 tools/finsig_dryos.c uint32_t ofst = fw->buf[k+1] & 0x00000FFF; fw 5258 tools/finsig_dryos.c print_stubs_min(fw,"playrec_mode",base+ofst,idx2adr(fw,k)); fw 5263 tools/finsig_dryos.c int match_some_flag_for_af_scan(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 5265 tools/finsig_dryos.c if (isB(fw,k) && // B loc fw 5266 tools/finsig_dryos.c isB(fw,k+1) && // B loc fw 5267 tools/finsig_dryos.c isB(fw,k+2) && // B loc fw 5268 tools/finsig_dryos.c isB(fw,k+3) && // B loc fw 5269 tools/finsig_dryos.c isB(fw,k+4) && // B loc fw 5270 tools/finsig_dryos.c isB(fw,k+5) && // B loc fw 5271 tools/finsig_dryos.c isB(fw,k+6) && // B loc fw 5272 tools/finsig_dryos.c isB(fw,k+7) && // B loc fw 5273 tools/finsig_dryos.c (followBranch(fw,idx2adr(fw,k),1) != followBranch(fw,idx2adr(fw,k+1),1)) && fw 5274 tools/finsig_dryos.c (followBranch(fw,idx2adr(fw,k),1) == followBranch(fw,idx2adr(fw,k+2),1)) && fw 5275 tools/finsig_dryos.c (followBranch(fw,idx2adr(fw,k),1) == followBranch(fw,idx2adr(fw,k+3),1)) && fw 5276 tools/finsig_dryos.c (followBranch(fw,idx2adr(fw,k),1) != followBranch(fw,idx2adr(fw,k+4),1)) && fw 5277 tools/finsig_dryos.c (followBranch(fw,idx2adr(fw,k),1) != followBranch(fw,idx2adr(fw,k+5),1)) && fw 5278 tools/finsig_dryos.c (followBranch(fw,idx2adr(fw,k),1) == followBranch(fw,idx2adr(fw,k+6),1)) && fw 5279 tools/finsig_dryos.c (followBranch(fw,idx2adr(fw,k),1) == followBranch(fw,idx2adr(fw,k+7),1)) && fw 5280 tools/finsig_dryos.c (isLDR_PC(fw,adr2idx(fw,followBranch(fw,idx2adr(fw,k),1))))) // LDR R0, =base fw 5282 tools/finsig_dryos.c uint32_t base = LDR2val(fw,adr2idx(fw,followBranch(fw,idx2adr(fw,k),1))); fw 5283 tools/finsig_dryos.c if (base < fw->base) fw 5284 tools/finsig_dryos.c print_stubs_min(fw,"some_flag_for_af_scan",base,followBranch(fw,idx2adr(fw,k),1)); fw 5289 tools/finsig_dryos.c int match_palette_data(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 5291 tools/finsig_dryos.c if ((fw->buf[k] == 0) && (fw->buf[k+1] == 0x00FF0000) && fw 5292 tools/finsig_dryos.c (fw->buf[k+577] == 1) && (fw->buf[k+578] == 0x00FF0000) && fw 5293 tools/finsig_dryos.c (fw->buf[k+1154] == 2) && (fw->buf[k+1155] == 0x00FF0000)) fw 5295 tools/finsig_dryos.c return idx2adr(fw,k); fw 5297 tools/finsig_dryos.c else if ((fw->buf[k] == 0) && (fw->buf[k+1] == 0x00FF0000) && fw 5298 tools/finsig_dryos.c (fw->buf[k+513] == 1) && (fw->buf[k+514] == 0x00FF0000) && fw 5299 tools/finsig_dryos.c (fw->buf[k+1026] == 2) && (fw->buf[k+1027] == 0x00FF0000)) fw 5301 tools/finsig_dryos.c return idx2adr(fw,k); fw 5306 tools/finsig_dryos.c int match_palette_buffer_offset(firmware *fw, int k) fw 5308 tools/finsig_dryos.c int idx2 = idxFollowBranch(fw, k, 0x01000001); fw 5309 tools/finsig_dryos.c if (isLDR(fw, idx2+2) && isBL(fw, idx2+3)) fw 5311 tools/finsig_dryos.c uint32_t palette_size = LDR2val(fw,idx2+2); fw 5314 tools/finsig_dryos.c bprintf("// Offset from start of palette_buffer to color data = %d (Found @0x%08x)\n",palette_size-0x400,idx2adr(fw,idx2+2)); fw 5318 tools/finsig_dryos.c else if (isADR(fw, idx2+2) && isBL(fw, idx2+3)) fw 5320 tools/finsig_dryos.c uint32_t palette_size = ALUop2(fw,idx2+2); fw 5323 tools/finsig_dryos.c bprintf("// Offset from start of palette_buffer to color data = %d (Found @0x%08x)\n",palette_size-0x400,idx2adr(fw,idx2+2)); fw 5330 tools/finsig_dryos.c int match_palette_data3(firmware *fw, int k, uint32_t palette_data, __attribute__ ((unused))uint32_t v2) fw 5332 tools/finsig_dryos.c if (isLDR_PC(fw, k) && (LDR2val(fw,k) == palette_data) && isLDR_PC(fw,k-1) && isLDR_PC(fw,k-6) && isLDR(fw,k-5)) fw 5334 tools/finsig_dryos.c uint32_t palette_control = LDR2val(fw,k-6); fw 5335 tools/finsig_dryos.c int ptr_offset = fwOp2(fw,k-5); fw 5336 tools/finsig_dryos.c uint32_t fadr = find_inst_rev(fw, isSTMFD_LR, k-7, 30); fw 5339 tools/finsig_dryos.c int k1 = search_fw(fw, find_B, fadr, 0, 1); fw 5340 tools/finsig_dryos.c if ((k1 > 0) && isLDR_PC(fw,k1-2) && isLDR(fw,k1-1) && (LDR2val(fw,k1-2) == palette_control)) fw 5342 tools/finsig_dryos.c int active_offset = fwOp2(fw,k1-1); fw 5343 tools/finsig_dryos.c print_stubs_min(fw,"active_palette_buffer",palette_control+active_offset,idx2adr(fw,k1-1)); fw 5344 tools/finsig_dryos.c print_stubs_min(fw,"palette_buffer_ptr",palette_control+ptr_offset,idx2adr(fw,k-5)); fw 5345 tools/finsig_dryos.c if (isBL(fw,k+8)) fw 5347 tools/finsig_dryos.c fadr = followBranch(fw, idx2adr(fw,k+8), 0x01000001); fw 5348 tools/finsig_dryos.c int idx = adr2idx(fw, fadr); fw 5349 tools/finsig_dryos.c if (isLDR(fw, idx+2) && isBL(fw, idx+3)) fw 5351 tools/finsig_dryos.c uint32_t palette_size = LDR2val(fw,idx+2); fw 5354 tools/finsig_dryos.c bprintf("// Offset from start of palette_buffer to color data = %d (Found @0x%08x)\n",palette_size-0x400,idx2adr(fw,idx+2)); fw 5365 tools/finsig_dryos.c int match_palette_data2(firmware *fw, int k, uint32_t v1, uint32_t v2) fw 5367 tools/finsig_dryos.c if (isLDR(fw,k) && (LDR2val(fw,k) == v1)) fw 5372 tools/finsig_dryos.c if (isBL(fw,k1) && isLDMFD(fw,k1+2)) fw 5374 tools/finsig_dryos.c uint32_t fadr = followBranch(fw, idx2adr(fw,k1), 0x01000001); fw 5375 tools/finsig_dryos.c int idx = adr2idx(fw, fadr); fw 5379 tools/finsig_dryos.c if (isSTR(fw,k2) && isLDMFD(fw,k2+1)) fw 5381 tools/finsig_dryos.c int ptr_offset = fwval(fw,k2) & 0xFFF; fw 5382 tools/finsig_dryos.c print_stubs_min(fw,"palette_buffer_ptr",v2+ptr_offset,idx2adr(fw,k2)); fw 5386 tools/finsig_dryos.c if (isBL(fw,k) && isCMP(fw,k+1) && isADR_PC(fw,k+2)) fw 5388 tools/finsig_dryos.c fadr = ADR2adr(fw,k+2); fw 5389 tools/finsig_dryos.c idx = adr2idx(fw, fadr); fw 5393 tools/finsig_dryos.c if (isBL(fw,k3)) fw 5395 tools/finsig_dryos.c if (match_palette_buffer_offset(fw,k3)) fw 5405 tools/finsig_dryos.c else if (isLDR_cond(fw,k1) && isLDMFD(fw,k1+2) && isBL(fw,k1-2)) fw 5407 tools/finsig_dryos.c int ptr_offset = fwval(fw,k1) & 0xFFF; fw 5408 tools/finsig_dryos.c print_stubs_min(fw,"palette_buffer_ptr",v2+ptr_offset,idx2adr(fw,k1)); fw 5409 tools/finsig_dryos.c match_palette_buffer_offset(fw, k1-2); fw 5417 tools/finsig_dryos.c int match_SavePaletteData(firmware *fw, int idx, int palette_data) fw 5419 tools/finsig_dryos.c if (isBL(fw,idx+13)) fw 5421 tools/finsig_dryos.c uint32_t fadr = followBranch(fw, idx2adr(fw,idx+13), 0x01000001); fw 5422 tools/finsig_dryos.c idx = adr2idx(fw, fadr); fw 5423 tools/finsig_dryos.c if (isLDR(fw,idx) && isLDR(fw,idx+1) && isB(fw,idx+2)) fw 5425 tools/finsig_dryos.c uint32_t palette_control = LDR2val(fw,idx); fw 5426 tools/finsig_dryos.c print_stubs_min(fw,"palette_control",palette_control,idx2adr(fw,idx)); fw 5427 tools/finsig_dryos.c int active_offset = fwval(fw,idx+1) & 0xFFF; fw 5428 tools/finsig_dryos.c print_stubs_min(fw,"active_palette_buffer",palette_control+active_offset,idx2adr(fw,idx+1)); fw 5429 tools/finsig_dryos.c fadr = followBranch(fw,idx2adr(fw,idx+2),1); fw 5430 tools/finsig_dryos.c idx = adr2idx(fw, fadr); fw 5431 tools/finsig_dryos.c if (isLDR(fw,idx+17) && isLDR(fw,idx+18) && isLDR(fw,idx+12) && (LDR2val(fw,idx+12) == palette_control)) fw 5433 tools/finsig_dryos.c if (isLDR(fw,idx+13)) fw 5435 tools/finsig_dryos.c int ptr_offset = fwval(fw,idx+13) & 0xFFF; fw 5436 tools/finsig_dryos.c print_stubs_min(fw,"palette_buffer_ptr",palette_control+ptr_offset,idx2adr(fw,idx+13)); fw 5439 tools/finsig_dryos.c if ((fwval(fw,idx+18) & 0x0000F000) == 0) fw 5441 tools/finsig_dryos.c palette_buffer = LDR2val(fw,idx+17); fw 5442 tools/finsig_dryos.c print_stubs_min(fw,"palette_buffer",palette_buffer,idx2adr(fw,idx+17)); fw 5446 tools/finsig_dryos.c palette_buffer = LDR2val(fw,idx+18); fw 5447 tools/finsig_dryos.c print_stubs_min(fw,"palette_buffer",palette_buffer,idx2adr(fw,idx+18)); fw 5449 tools/finsig_dryos.c if (isBL(fw,idx+26)) fw 5451 tools/finsig_dryos.c fadr = followBranch(fw, idx2adr(fw,idx+26), 0x01000001); fw 5452 tools/finsig_dryos.c idx = adr2idx(fw, fadr); fw 5453 tools/finsig_dryos.c if (isLDR(fw, idx+2) && isBL(fw, idx+3)) fw 5455 tools/finsig_dryos.c uint32_t palette_size = LDR2val(fw,idx+2); fw 5458 tools/finsig_dryos.c bprintf("// Offset from start of palette_buffer to color data = %d (Found @0x%08x)\n",palette_size-0x400,idx2adr(fw,idx+2)); fw 5464 tools/finsig_dryos.c else if (isLDR(fw,idx) && isLDR(fw,idx+6) && isLDR(fw,idx+7) && isBX(fw,idx+8)) fw 5467 tools/finsig_dryos.c if ((fwval(fw,idx+6) & 0x0000F000) == 0) fw 5468 tools/finsig_dryos.c active_offset = fwval(fw,idx+6) & 0xFFF; fw 5469 tools/finsig_dryos.c else if ((fwval(fw,idx+7) & 0x0000F000) == 0) fw 5470 tools/finsig_dryos.c active_offset = fwval(fw,idx+7) & 0xFFF; fw 5473 tools/finsig_dryos.c uint32_t palette_control = LDR2val(fw,idx); fw 5475 tools/finsig_dryos.c print_stubs_min(fw,"active_palette_buffer",palette_control+active_offset,idx2adr(fw,idx+1)); fw 5476 tools/finsig_dryos.c search_fw(fw, match_palette_data2, palette_data, palette_control, 1); fw 5485 tools/finsig_dryos.c int match_viewport_address3(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 5487 tools/finsig_dryos.c if (isLDR_PC(fw,k) && (LDR2val(fw,k) == v1)) fw 5490 tools/finsig_dryos.c int k1 = find_inst_rev(fw, isSTMFD_LR, k-1, 1000); fw 5494 tools/finsig_dryos.c if (isLDR_PC(fw,k1+1) && isLDR_PC(fw,k1+2) && isLDR(fw,k1+3) && fw 5495 tools/finsig_dryos.c (fwRd(fw,k1+1) == fwRn(fw,k1+3))) fw 5497 tools/finsig_dryos.c uint32_t a = LDR2val(fw,k1+1); fw 5498 tools/finsig_dryos.c print_stubs_min(fw,"viewport_buffers",v1,idx2adr(fw,k)); fw 5499 tools/finsig_dryos.c print_stubs_min(fw,"active_viewport_buffer",a,idx2adr(fw,k1+1)); fw 5503 tools/finsig_dryos.c if (isLDR_PC(fw,k1+1) && isLDR_PC(fw,k1+3) && isLDR(fw,k1+4) && fw 5504 tools/finsig_dryos.c (fwRd(fw,k1+1) == fwRn(fw,k1+4))) fw 5506 tools/finsig_dryos.c uint32_t a = LDR2val(fw,k1+1); fw 5507 tools/finsig_dryos.c print_stubs_min(fw,"viewport_buffers",v1,idx2adr(fw,k)); fw 5508 tools/finsig_dryos.c print_stubs_min(fw,"active_viewport_buffer",a,idx2adr(fw,k1+1)); fw 5512 tools/finsig_dryos.c if (isLDR_PC(fw,k1+1) && isLDR_PC(fw,k1+4) && isLDR(fw,k1+5) && fw 5513 tools/finsig_dryos.c (fwRd(fw,k1+1) == fwRn(fw,k1+5))) fw 5515 tools/finsig_dryos.c uint32_t a = LDR2val(fw,k1+1); fw 5516 tools/finsig_dryos.c print_stubs_min(fw,"viewport_buffers",v1,idx2adr(fw,k)); fw 5517 tools/finsig_dryos.c print_stubs_min(fw,"active_viewport_buffer",a,idx2adr(fw,k1+1)); fw 5525 tools/finsig_dryos.c int match_viewport_address2(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 5527 tools/finsig_dryos.c if (fw->buf[k] == v1) fw 5529 tools/finsig_dryos.c if (search_fw(fw, match_viewport_address3, v1, 0, 1)) fw 5535 tools/finsig_dryos.c int match_viewport_address(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 5537 tools/finsig_dryos.c if (fw->buf[k] == v1) fw 5540 tools/finsig_dryos.c if (search_fw(fw, match_viewport_address2, idx2adr(fw,k), 0, 1)) fw 5546 tools/finsig_dryos.c int match_physw_status(firmware *fw, int k, __attribute__ ((unused))int v) fw 5548 tools/finsig_dryos.c if (isLDR_PC(fw,k)) fw 5550 tools/finsig_dryos.c print_stubs_min(fw,"physw_status",LDR2val(fw,k),idx2adr(fw,k)); fw 5556 tools/finsig_dryos.c int match_physw_run(firmware *fw, int k, __attribute__ ((unused))int v) fw 5558 tools/finsig_dryos.c if (isLDR_PC(fw,k)) fw 5560 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k); fw 5561 tools/finsig_dryos.c uint32_t fadr = followBranch(fw, idx2adr(fw,k+1), 1); fw 5562 tools/finsig_dryos.c uint32_t ofst = fw->buf[adr2idx(fw,fadr)] & 0x00000FFF; fw 5563 tools/finsig_dryos.c print_stubs_min(fw,"physw_run",base+ofst,idx2adr(fw,k)); fw 5565 tools/finsig_dryos.c ofst = fw->buf[k+2] & 0x00000FFF; fw 5566 tools/finsig_dryos.c print_stubs_min(fw,"physw_sleep_delay",base+ofst,idx2adr(fw,k)); fw 5572 tools/finsig_dryos.c int match_canon_menu_active(firmware *fw, int k, __attribute__ ((unused))int v) fw 5574 tools/finsig_dryos.c if (isLDR_PC(fw,k)) fw 5576 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k); fw 5580 tools/finsig_dryos.c if (isLDR(fw,k1)) fw 5582 tools/finsig_dryos.c uint32_t ofst = fw->buf[k1] & 0x00000FFF; fw 5583 tools/finsig_dryos.c print_stubs_min(fw,"canon_menu_active",base+ofst,idx2adr(fw,k)); fw 5591 tools/finsig_dryos.c int match_zoom_busy(firmware *fw, int k, __attribute__ ((unused))int v) fw 5593 tools/finsig_dryos.c if (isBL(fw,k)) fw 5595 tools/finsig_dryos.c int idx1 = idxFollowBranch(fw,k,0x01000001); fw 5599 tools/finsig_dryos.c if ((fw->buf[k1] & 0xFFFF0000) == 0xE8BD0000) // LDMFD fw 5602 tools/finsig_dryos.c if (isADR_PC(fw,k1+1)) fw 5604 tools/finsig_dryos.c fadr = ADR2adr(fw,k1+1); fw 5606 tools/finsig_dryos.c else if (isADR_PC(fw,k1+2)) fw 5608 tools/finsig_dryos.c fadr = ADR2adr(fw,k1+2); fw 5610 tools/finsig_dryos.c else if (isADR_PC(fw,k1-3)) fw 5612 tools/finsig_dryos.c fadr = ADR2adr(fw,k1-3); fw 5614 tools/finsig_dryos.c else if (isLDR_PC(fw,k1+1)) fw 5616 tools/finsig_dryos.c fadr = LDR2val(fw,k1+1); fw 5618 tools/finsig_dryos.c else if (isLDR_PC(fw,k1+2)) fw 5620 tools/finsig_dryos.c fadr = LDR2val(fw,k1+2); fw 5624 tools/finsig_dryos.c int idx2 = adr2idx(fw,fadr); fw 5625 tools/finsig_dryos.c if (isLDR_PC(fw,idx2+1) && isLDR(fw,idx2+2)) fw 5627 tools/finsig_dryos.c int base = LDR2val(fw,idx2+1); fw 5628 tools/finsig_dryos.c int ofst = fw->buf[idx2+2] & 0xFFF; fw 5629 tools/finsig_dryos.c print_stubs_min(fw,"zoom_busy",base+ofst-4,fadr); fw 5640 tools/finsig_dryos.c int match_focus_busy(firmware *fw, int k, __attribute__ ((unused))int v) fw 5642 tools/finsig_dryos.c if ((fw->buf[k] & 0xFFFF0000) == 0xE8BD0000) // LDMFD fw 5645 tools/finsig_dryos.c if (isBL(fw,k-2)) fw 5647 tools/finsig_dryos.c k1 = idxFollowBranch(fw,k-2,0x01000001); fw 5649 tools/finsig_dryos.c if (isBL(fw,k-1)) fw 5651 tools/finsig_dryos.c k1 = idxFollowBranch(fw,k-1,0x01000001); fw 5655 tools/finsig_dryos.c if (isLDR_PC(fw,k1+1) && isLDR(fw,k1+3)) fw 5657 tools/finsig_dryos.c int base = LDR2val(fw,k1+1); fw 5658 tools/finsig_dryos.c int ofst = fw->buf[k1+3] & 0xFFF; fw 5659 tools/finsig_dryos.c print_stubs_min(fw,"focus_busy",base+ofst-4,idx2adr(fw,k1)); fw 5668 tools/finsig_dryos.c int match_bitmap_buffer2(firmware *fw, int k, int v) fw 5670 tools/finsig_dryos.c uint32_t screen_lock = idx2adr(fw,k); fw 5671 tools/finsig_dryos.c if (isBL(fw,v) && (followBranch(fw,idx2adr(fw,v),0x01000001) == screen_lock) && isBL(fw,v+2) && isBL(fw,v+3)) fw 5673 tools/finsig_dryos.c uint32_t fadr = followBranch2(fw,idx2adr(fw,v+3),0x01000001); fw 5674 tools/finsig_dryos.c int k1 = adr2idx(fw,fadr); fw 5675 tools/finsig_dryos.c if (isLDR_PC(fw,k1+1)) fw 5677 tools/finsig_dryos.c uint32_t reg = (fwval(fw,k1+1) & 0x0000F000) >> 12; fw 5678 tools/finsig_dryos.c uint32_t adr = LDR2val(fw,k1+1); fw 5682 tools/finsig_dryos.c if (isLDR_PC(fw,k2) && isLDR(fw,k2+1) && (((fwval(fw,k2+1) & 0x000F0000) >> 16) == reg)) fw 5684 tools/finsig_dryos.c uint32_t bitmap_buffer = LDR2val(fw,k2); fw 5687 tools/finsig_dryos.c uint32_t active_bitmap_buffer = adr + (fwval(fw,k2+1) & 0xFFF); fw 5688 tools/finsig_dryos.c print_stubs_min(fw,"bitmap_buffer",bitmap_buffer,idx2adr(fw,k2)); fw 5689 tools/finsig_dryos.c print_stubs_min(fw,"active_bitmap_buffer",active_bitmap_buffer,idx2adr(fw,k2+1)); fw 5699 tools/finsig_dryos.c int match_bitmap_buffer(firmware *fw, int k, __attribute__ ((unused))int v) fw 5701 tools/finsig_dryos.c search_saved_sig(fw, "ScreenLock", match_bitmap_buffer2, k, 0, 1); fw 5705 tools/finsig_dryos.c int match_raw_buffer(firmware *fw, int k, uint32_t rb1, __attribute__ ((unused))uint32_t v2) fw 5707 tools/finsig_dryos.c if (((fwval(fw,k) == rb1) && (fwval(fw,k+4) == rb1) && (fwval(fw,k-2) != 1) && (fwval(fw,k+2) >= fw->uncached_adr)) || fw 5708 tools/finsig_dryos.c ((fwval(fw,k) == rb1) && (fwval(fw,k+4) == rb1) && (fwval(fw,k+20) == rb1))) fw 5710 tools/finsig_dryos.c uint32_t rb2 = fwval(fw,k+1); fw 5713 tools/finsig_dryos.c bprintf("// Camera has 2 RAW buffers @ 0x%08x & 0x%08x\n", rb1, rb2, idx2adr(fw,k)); fw 5716 tools/finsig_dryos.c print_stubs_min(fw,"raw_buffers",idx2adr(fw,k),idx2adr(fw,k)); fw 5720 tools/finsig_dryos.c else if ((fwval(fw,k) == rb1) && (fwval(fw,k-2) == 2) && (fwval(fw,k-7) == rb1)) fw 5722 tools/finsig_dryos.c uint32_t rb2 = fwval(fw,k+3); fw 5725 tools/finsig_dryos.c bprintf("// Camera has 2 RAW buffers @ 0x%08x & 0x%08x\n", rb1, rb2, idx2adr(fw,k)); fw 5728 tools/finsig_dryos.c print_stubs_min(fw,"raw_buffers",idx2adr(fw,k),idx2adr(fw,k)); fw 5735 tools/finsig_dryos.c int match_fileiosem(firmware *fw, int k, uint32_t fadr, uint32_t nadr) fw 5737 tools/finsig_dryos.c if ((k > 5) && isADR_PC(fw, k) && isBL(fw,k+1) && (ADR2adr(fw,k) == nadr) && (followBranch2(fw, idx2adr(fw,k+1), 0x01000001) == fadr)) fw 5742 tools/finsig_dryos.c if (isLDR(fw,j)) fw 5744 tools/finsig_dryos.c if (fwRd(fw,j) == 0) fw 5745 tools/finsig_dryos.c rn = fwRn(fw, j); fw 5746 tools/finsig_dryos.c else if (fwRd(fw,j) == rn) fw 5748 tools/finsig_dryos.c int v = LDR2val(fw,j); fw 5749 tools/finsig_dryos.c print_stubs_min(fw,"fileio_semaphore",v,idx2adr(fw,j)); fw 5758 tools/finsig_dryos.c int match_cameracon_state(firmware *fw, int k, __attribute__ ((unused))int v) fw 5766 tools/finsig_dryos.c if (isLDR_PC(fw,k)) fw 5768 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k); fw 5772 tools/finsig_dryos.c if (isSTR(fw,k1)) fw 5774 tools/finsig_dryos.c uint32_t ofst = fw->buf[k1] & 0x00000FFF; fw 5775 tools/finsig_dryos.c if(ofst == 0x10 || (fw->dryos_ver == 45 && ofst == 0x1c)) { fw 5776 tools/finsig_dryos.c print_stubs_min(fw,"cameracon_state",base+ofst,idx2adr(fw,k)); fw 5787 tools/finsig_dryos.c void find_stubs_min(firmware *fw) fw 5797 tools/finsig_dryos.c search_saved_sig(fw, "kbd_read_keys", match_physw_status, 0, 0, 5); fw 5800 tools/finsig_dryos.c search_saved_sig(fw, "task_PhySw", match_physw_run, 0, 0, 5); fw 5803 tools/finsig_dryos.c search_fw(fw, match_levent_table, 0, 0, 1); fw 5807 tools/finsig_dryos.c print_stubs_min(fw,"FlashParamsTable",FlashParamsTable_address,FlashParamsTable_address); fw 5810 tools/finsig_dryos.c search_fw(fw, match_movie_status, 0, 0, 1); fw 5813 tools/finsig_dryos.c uint32_t sadr = find_str(fw, "CompressionRateAdjuster.c"); fw 5814 tools/finsig_dryos.c k = find_nxt_str_ref(fw, sadr, -1); fw 5818 tools/finsig_dryos.c int f = find_inst_rev(fw, isSTMFD_LR, k-1, 100); fw 5821 tools/finsig_dryos.c f = search_fw(fw, find_BL, f, 0, 1); fw 5825 tools/finsig_dryos.c if ((fwval(fw,f) & 0xFFF00000) == 0xE2400000) // SUB fw 5827 tools/finsig_dryos.c int src = fwRn(fw,f); fw 5830 tools/finsig_dryos.c if (isLDR_PC(fw,k1) && (fwRd(fw,k1) == src)) fw 5832 tools/finsig_dryos.c uint32_t v = LDR2val(fw,k1) - ALUop2(fw,f); fw 5833 tools/finsig_dryos.c print_stubs_min(fw,"video_compression_rate",v,idx2adr(fw,k1)); fw 5840 tools/finsig_dryos.c k = find_nxt_str_ref(fw, sadr, k); fw 5844 tools/finsig_dryos.c search_fw(fw, match_full_screen_refresh, 0, 0, 1); fw 5847 tools/finsig_dryos.c search_saved_sig(fw, "StartRecModeMenu", match_canon_menu_active, 0, 0, 5); fw 5850 tools/finsig_dryos.c search_fw(fw, match_canon_shoot_menu_active, 0, 0, 1); fw 5854 tools/finsig_dryos.c k = find_str_ref(fw, "AFFChg"); fw 5855 tools/finsig_dryos.c if ((k >= 0) && isBL(fw,k+6)) fw 5857 tools/finsig_dryos.c k = idxFollowBranch(fw, k+6, 0x01000001); fw 5858 tools/finsig_dryos.c if (isLDR_PC(fw,k) && isLDR(fw,k+1)) fw 5860 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k); fw 5861 tools/finsig_dryos.c uint32_t ofst = fw->buf[k+1] & 0x00000FFF; fw 5862 tools/finsig_dryos.c print_stubs_min(fw,"playrec_mode",base+ofst,idx2adr(fw,k)); fw 5868 tools/finsig_dryos.c search_fw(fw, match_playrec_mode, 0, 0, 1); fw 5874 tools/finsig_dryos.c k = find_str_ref(fw, "m_ZoomState :%d\n"); fw 5877 tools/finsig_dryos.c if (isLDR(fw,k-1)) fw 5879 tools/finsig_dryos.c uint32_t ofst = fw->buf[k-1] & 0x00000FFF; fw 5880 tools/finsig_dryos.c uint32_t reg = (fw->buf[k-1] & 0x000F0000) >> 16; fw 5884 tools/finsig_dryos.c if ((fw->buf[k1] & 0xFF1FF000) == ldr_inst) fw 5886 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k1); fw 5887 tools/finsig_dryos.c print_stubs_min(fw,"zoom_status",base+ofst,idx2adr(fw,k)); fw 5897 tools/finsig_dryos.c for (k=0; k<fw->size; k++) fw 5899 tools/finsig_dryos.c if (((fw->buf[k] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base fw 5900 tools/finsig_dryos.c (fw->buf[k+1] == 0xE5D00000) && // LDRB R0, [R0] fw 5901 tools/finsig_dryos.c (fw->buf[k+2] == 0xE1B00000) && // MOVS R0, R0 fw 5902 tools/finsig_dryos.c (fw->buf[k+3] == 0x13A00001) && // MOVNE R0, #1 fw 5903 tools/finsig_dryos.c isBX_LR(fw,k+4)) // BX LR fw 5905 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k); fw 5906 tools/finsig_dryos.c print_stubs_min(fw,"zoom_status",base,idx2adr(fw,k)); fw 5915 tools/finsig_dryos.c k = find_str_ref(fw, "TerminateDeliverToZoomController"); fw 5920 tools/finsig_dryos.c if (isLDR_PC(fw,k+k1)) fw 5922 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k+k1); fw 5923 tools/finsig_dryos.c print_stubs_min(fw,"zoom_status",base+0x20,idx2adr(fw,k+k1)); fw 5932 tools/finsig_dryos.c search_fw(fw, match_some_flag_for_af_scan, 0, 0, 1); fw 5935 tools/finsig_dryos.c if (fw->sv->min_focus_len != 0) fw 5938 tools/finsig_dryos.c for (k=0; k<fw->size; k++) fw 5940 tools/finsig_dryos.c if (fw->buf[k] == fw->sv->min_focus_len) fw 5943 tools/finsig_dryos.c if ((fw->buf[k+1] == 100) && (fw->buf[k+2] == 0)) mul = 3; fw 5944 tools/finsig_dryos.c if ((fw->buf[k+1] == 100) && (fw->buf[k+2] != 0)) mul = 2; fw 5945 tools/finsig_dryos.c if ((fw->buf[k+1] == 0) && (fw->buf[k+2] != 0)) mul = 2; fw 5946 tools/finsig_dryos.c for (k1 = k + mul; (k1 < fw->size) && (fw->buf[k1] > fw->buf[k1-mul]) && (fw->buf[k1] > fw->sv->min_focus_len) && (fw->buf[k1] < fw->sv->max_focus_len); k1 += mul) ; fw 5947 tools/finsig_dryos.c if (fw->buf[k1] == fw->sv->max_focus_len) fw 5970 tools/finsig_dryos.c print_stubs_min(fw,"focus_len_table",idx2adr(fw,pos),idx2adr(fw,pos)); fw 5975 tools/finsig_dryos.c search_saved_sig(fw, "ResetZoomLens", match_zoom_busy, 0, 0, 5); fw 5978 tools/finsig_dryos.c search_saved_sig(fw, "ResetFocusLens", match_focus_busy, 0, 0, 25); fw 5981 tools/finsig_dryos.c k = find_str_ref(fw, "ShootCon_NotifyStartReviewHold"); fw 5986 tools/finsig_dryos.c if (isLDR_PC(fw,k1) && ((fw->buf[k1+1] & 0xFFFF0FFF) == 0xE3A00001) && isSTR(fw,k1+2) && fw 5987 tools/finsig_dryos.c ((fw->buf[k1+1] & 0x0000F000) == (fw->buf[k1+2] & 0x0000F000)) && fw 5988 tools/finsig_dryos.c ((fw->buf[k1] & 0x0000F000) == ((fw->buf[k1+2] & 0x000F0000) >> 4))) fw 5990 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k1); fw 5991 tools/finsig_dryos.c int ofst = fw->buf[k1+2] & 0x00000FFF; fw 5992 tools/finsig_dryos.c print_stubs_min(fw,"recreview_hold",base+ofst,idx2adr(fw,k1)); fw 5999 tools/finsig_dryos.c uint32_t palette_data = search_fw(fw, match_palette_data, 0, 0, 1); fw 6005 tools/finsig_dryos.c if (search_saved_sig(fw, "SavePaletteData", match_SavePaletteData, palette_data, 0, 1) == 0) fw 6007 tools/finsig_dryos.c search_fw(fw, match_palette_data3, palette_data, 0, 1); fw 6012 tools/finsig_dryos.c search_saved_sig(fw, "GUISrv_StartGUISystem", match_bitmap_buffer, 0, 0, 50); fw 6015 tools/finsig_dryos.c uint32_t v = find_viewport_address(fw,&k); fw 6018 tools/finsig_dryos.c search_fw(fw, match_viewport_address, v, 0, 1); fw 6022 tools/finsig_dryos.c k = find_str_ref(fw, "CRAW BUFF %p"); fw 6027 tools/finsig_dryos.c if (isLDR(fw,k-1)) fw 6029 tools/finsig_dryos.c rb1 = LDR2val(fw,k-1); fw 6032 tools/finsig_dryos.c else if (isMOV_immed(fw,k-1)) fw 6034 tools/finsig_dryos.c rb1 = ALUop2(fw,k-1); fw 6037 tools/finsig_dryos.c else if (isMOV(fw,k-1) && (fwRd(fw,k-1) == 1)) fw 6039 tools/finsig_dryos.c int reg = fwval(fw,k-1) & 0xF; fw 6042 tools/finsig_dryos.c if (isLDR(fw,k1) && (fwRd(fw,k1) == reg)) fw 6044 tools/finsig_dryos.c rb1 = LDR2val(fw,k1); fw 6053 tools/finsig_dryos.c rb2 = search_fw(fw, match_raw_buffer, rb1, 0, 5); fw 6057 tools/finsig_dryos.c sadr = find_str(fw, "SsImgProcBuf.c"); fw 6058 tools/finsig_dryos.c k = find_nxt_str_ref(fw, sadr, -1); fw 6061 tools/finsig_dryos.c int f = find_inst_rev(fw, isSTMFD_LR, k-1, 100); fw 6064 tools/finsig_dryos.c int e = find_inst(fw, isLDMFD_PC, f+1, 200); fw 6069 tools/finsig_dryos.c ((fwval(fw,k1) & 0xFFF00FFF) == 0xE2400001) && // SUB Rx, Rn, #1 fw 6070 tools/finsig_dryos.c isLDR(fw,k1+1) && // LDR Ry, [Rz, fw 6071 tools/finsig_dryos.c ((fwval(fw,k1+2) & 0xFFF00000) == 0xE1500000) && // CMP Rx, Ry fw 6072 tools/finsig_dryos.c (((fwRd(fw,k1) == fwRd(fw,k1+2)) && (fwRd(fw,k1+1) == fwRn(fw,k1+2))) || fw 6073 tools/finsig_dryos.c ((fwRd(fw,k1) == fwRn(fw,k1+2)) && (fwRd(fw,k1+1) == fwRd(fw,k1+2)))) && fw 6074 tools/finsig_dryos.c ((fwval(fw,k1+3) & 0xFFF00FFF) == 0x12800001) && // ADDNE Ry, Ry, #1 fw 6075 tools/finsig_dryos.c ((fwRd(fw,k1+3) == fwRn(fw,k1+3)) && (fwRd(fw,k1+3) == fwRd(fw,k1+1))) && fw 6076 tools/finsig_dryos.c ((fwval(fw,k1+4) & 0xFFF00FFF) == 0x03A00000) && // MOVEQ Ry, #0 fw 6077 tools/finsig_dryos.c (fwRd(fw,k1+4) == fwRd(fw,k1+1)) && fw 6078 tools/finsig_dryos.c isSTR(fw,k1+5) && // STR Ry, [Rz, fw 6079 tools/finsig_dryos.c ((fwRd(fw,k1+5) == fwRd(fw,k1+1)) && (fwRn(fw,k1+5) == fwRn(fw,k1+1)) && (fwOp2(fw,k1+5) == fwOp2(fw,k1+1))) fw 6082 tools/finsig_dryos.c ((fwval(fw,k1) & 0xFFF00FFF) == 0xE2400001) && // SUB Rx, Rn, #1 fw 6083 tools/finsig_dryos.c isLDR(fw,k1+1) && // LDR Ry, [Rz, fw 6084 tools/finsig_dryos.c ((fwval(fw,k1+3) & 0xFFF00000) == 0xE1500000) && // CMP Rx, Ry fw 6085 tools/finsig_dryos.c (((fwRd(fw,k1) == fwRd(fw,k1+3)) && (fwRd(fw,k1+1) == fwRn(fw,k1+3))) || fw 6086 tools/finsig_dryos.c ((fwRd(fw,k1) == fwRn(fw,k1+3)) && (fwRd(fw,k1+1) == fwRd(fw,k1+3)))) && fw 6087 tools/finsig_dryos.c ((fwval(fw,k1+4) & 0xFFF00FFF) == 0x12800001) && // ADDNE Ry, Ry, #1 fw 6088 tools/finsig_dryos.c ((fwRd(fw,k1+4) == fwRn(fw,k1+4)) && (fwRd(fw,k1+4) == fwRd(fw,k1+1))) && fw 6089 tools/finsig_dryos.c ((fwval(fw,k1+5) & 0xFFF00FFF) == 0x03A00000) && // MOVEQ Ry, #0 fw 6090 tools/finsig_dryos.c (fwRd(fw,k1+5) == fwRd(fw,k1+1)) && fw 6091 tools/finsig_dryos.c isSTR(fw,k1+7) && // STR Ry, [Rz, fw 6092 tools/finsig_dryos.c ((fwRd(fw,k1+7) == fwRd(fw,k1+1)) && (fwRn(fw,k1+7) == fwRn(fw,k1+1)) && (fwOp2(fw,k1+7) == fwOp2(fw,k1+1))) fw 6096 tools/finsig_dryos.c int ofst = fwOp2(fw,k1+1); fw 6097 tools/finsig_dryos.c int reg = fwRn(fw,k1+1); fw 6101 tools/finsig_dryos.c if (isLDR_PC(fw,k2) && (fwRd(fw,k2) == reg)) fw 6103 tools/finsig_dryos.c uint32_t base = LDR2val(fw,k2); fw 6104 tools/finsig_dryos.c print_stubs_min(fw,"active_raw_buffer",base+ofst,idx2adr(fw,k1)); fw 6112 tools/finsig_dryos.c k = find_nxt_str_ref(fw, sadr, k); fw 6117 tools/finsig_dryos.c bprintf("// Camera appears to have only 1 RAW buffer @ 0x%08x (Found @0x%08x)\n", rb1, idx2adr(fw,rb1_idx)); fw 6123 tools/finsig_dryos.c k = get_saved_sig(fw, "TakeSemaphoreStrictly"); fw 6127 tools/finsig_dryos.c k = find_str(fw, "FileSem.c"); fw 6130 tools/finsig_dryos.c uint32_t nadr = idx2adr(fw, k); fw 6131 tools/finsig_dryos.c search_fw(fw, match_fileiosem, fadr, nadr, 3); fw 6136 tools/finsig_dryos.c find_exmem_alloc_table(fw); fw 6139 tools/finsig_dryos.c search_saved_sig(fw, "ImagerActivate", match_imager_active, 0/*v*/, 0, 30); fw 6149 tools/finsig_dryos.c search_saved_sig(fw, "PTM_SetCurrentItem", match_uiprop_count, 0, 0, 30); fw 6151 tools/finsig_dryos.c search_saved_sig(fw, "cameracon_set_state", match_cameracon_state, 0, 1, 1); fw 6156 tools/finsig_dryos.c int find_ctypes(firmware *fw, int k) fw 6170 tools/finsig_dryos.c if ((uint32_t)k < (fw->size*4 - sizeof(ctypes))) fw 6172 tools/finsig_dryos.c if (memcmp(((char*)fw->buf)+k,ctypes,sizeof(ctypes)) == 0) fw 6174 tools/finsig_dryos.c bprintf("DEF(ctypes, 0x%08x)\n", fw->base + k); fw 6181 tools/finsig_dryos.c int match_nrflag3(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 6183 tools/finsig_dryos.c if (isBL(fw,k) && (idxFollowBranch(fw,k,0x01000001) == (int)v1)) fw 6190 tools/finsig_dryos.c if ((fwval(fw,k3) & 0x0F0FF000) == 0x020D3000) // Dest = R3, Src = SP = skip fw 6192 tools/finsig_dryos.c if ((fwval(fw,k3) & 0xFF0FF000) == 0xE2033000) // ADD/SUB R3,R3,x fw 6195 tools/finsig_dryos.c if ((fwval(fw,k3) & 0x00F00000) == 0x00400000) // SUB fw 6196 tools/finsig_dryos.c ofst1 -= (fwval(fw,k3) & 0x00000FFF); fw 6198 tools/finsig_dryos.c ofst1 += (fwval(fw,k3) & 0x00000FFF); fw 6200 tools/finsig_dryos.c if (isLDR_PC(fw,k3) && (fwRd(fw,k3) == 3)) fw 6202 tools/finsig_dryos.c int ofst2 = LDR2val(fw,k3); fw 6206 tools/finsig_dryos.c bprintf("DEF(_nrflag,0x%04x) // Found @ %08x (0x%04x)\n",ofst2,idx2adr(fw,k3),ofst2); fw 6207 tools/finsig_dryos.c bprintf("//static long *nrflag = (long*)(0x%04x); // Found @ %08x\n",ofst2,idx2adr(fw,k3)); fw 6211 tools/finsig_dryos.c bprintf("DEF(_nrflag,0x%04x) // Found @ %08x (0x%04x) & %08x (-0x%02x)\n",ofst2+ofst1,idx2adr(fw,k3),ofst2,idx2adr(fw,k),-ofst1); fw 6212 tools/finsig_dryos.c bprintf("//static long *nrflag = (long*)(0x%04x-0x%02x); // Found @ %08x & %08x\n",ofst2,-ofst1,idx2adr(fw,k3),idx2adr(fw,k4)); fw 6216 tools/finsig_dryos.c bprintf("DEF(_nrflag,0x%04x) // Found @ %08x (0x%04x) & %08x (+0x%02x)\n",ofst2+ofst1,idx2adr(fw,k3),ofst2,idx2adr(fw,k),ofst1); fw 6217 tools/finsig_dryos.c bprintf("//static long *nrflag = (long*)(0x%04x+0x%02x); // Found @ %08x & %08x\n",ofst2,ofst1,idx2adr(fw,k3),idx2adr(fw,k4)); fw 6226 tools/finsig_dryos.c int match_nrflag(firmware *fw, int idx, __attribute__ ((unused))int v) fw 6231 tools/finsig_dryos.c if (isLDR(fw, idx+1) && isLDR(fw, idx+2)) fw 6234 tools/finsig_dryos.c int ofst2 = LDR2val(fw, k3); fw 6238 tools/finsig_dryos.c if (isB(fw, k1)) fw 6240 tools/finsig_dryos.c k2 = idxFollowBranch(fw,k1,0x01000001); fw 6241 tools/finsig_dryos.c if (isSTR(fw, k2)) fw 6247 tools/finsig_dryos.c if (isSTR(fw, k2)) fw 6257 tools/finsig_dryos.c int ofst1 = fw->buf[k2] & 0x00000FFF; fw 6259 tools/finsig_dryos.c bprintf("DEF(_nrflag,0x%04x) // Found @ %08x (0x%04x) & %08x (+0x%02x)\n",ofst2+ofst1,idx2adr(fw,k3),ofst2,idx2adr(fw,k2),ofst1); fw 6260 tools/finsig_dryos.c bprintf("//static long *nrflag = (long*)(0x%04x+0x%02x); // Found @ %08x & %08x\n",ofst2,ofst1,idx2adr(fw,k3),idx2adr(fw,k2)); fw 6268 tools/finsig_dryos.c int match_nrflag2(firmware *fw, int k, __attribute__ ((unused))int v) fw 6271 tools/finsig_dryos.c if (isBL(fw,k)) fw 6273 tools/finsig_dryos.c k = idxFollowBranch(fw,k,0x01000001); fw 6274 tools/finsig_dryos.c return search_fw(fw, match_nrflag3, k, 0, 1); fw 6283 tools/finsig_dryos.c int isSTRw(firmware *fw, int offset) fw 6285 tools/finsig_dryos.c if ((fwval(fw,offset) & 0xfff00000) == (0xe5800000)) // STR Rx, [Ry, #offs] fw 6292 tools/finsig_dryos.c int isSTRB(firmware *fw, int offset) fw 6294 tools/finsig_dryos.c if ((fwval(fw,offset) & 0xfff00000) == (0xe5c00000)) // STRB Rx, [Ry, #offs] fw 6311 tools/finsig_dryos.c int find_leds(firmware *fw) fw 6315 tools/finsig_dryos.c int k0 = find_str_ref(fw,"LEDCon"); fw 6318 tools/finsig_dryos.c int k1 = find_inst_rev(fw,isSTMFD_LR,k0,110); fw 6321 tools/finsig_dryos.c j1 = find_inst(fw,isBL,k1,80); fw 6322 tools/finsig_dryos.c j2 = find_Nth_inst(fw,isBL,k1,80,3); fw 6331 tools/finsig_dryos.c if (followBranch(fw,idx2adr(fw,j1),0x01000001) == followBranch(fw,idx2adr(fw,j2),0x01000001)) fw 6333 tools/finsig_dryos.c k1 = find_Nth_inst(fw,isBL,k1,80,2); fw 6335 tools/finsig_dryos.c k1 = idxFollowBranch(fw,k1,0x01000001); fw 6338 tools/finsig_dryos.c bprintf("\n// LED table init @ 0x%x\n",idx2adr(fw,k1)); fw 6347 tools/finsig_dryos.c if (isLDR_PC(fw,k1+j2)) fw 6349 tools/finsig_dryos.c uint32_t l1 = LDR2val(fw,k1+j2); fw 6353 tools/finsig_dryos.c leds[j3].reg = fwRd(fw,k1+j2); fw 6357 tools/finsig_dryos.c else if (isBX_LR(fw,k1+j2) || isB(fw,k1+j2)) fw 6392 tools/finsig_dryos.c if (isLDR_PC(fw,k1+j2)) fw 6396 tools/finsig_dryos.c uint32_t l1 = LDR2val(fw,k1+j2); fw 6399 tools/finsig_dryos.c if ((leds[j3].reg == fwRd(fw,k1+j2)) && (leds[j3].addr == LDR2val(fw,k1+j2))) fw 6408 tools/finsig_dryos.c if (leds[j3].reg == fwRd(fw,k1+j2)) fw 6414 tools/finsig_dryos.c else if (isBX_LR(fw,k1+j2) || isB(fw,k1+j2)) fw 6424 tools/finsig_dryos.c if (isADD(fw,k1+j2)) fw 6426 tools/finsig_dryos.c if (leds[j3].reg == fwRd(fw,k1+j2)) fw 6428 tools/finsig_dryos.c leds[j3].addr += ALUop2a(fw,k1+j2); fw 6431 tools/finsig_dryos.c else if (leds[j3].reg == fwRn(fw,k1+j2)) fw 6436 tools/finsig_dryos.c repeataddr = leds[j3].addr + ALUop2a(fw,k1+j2); fw 6437 tools/finsig_dryos.c repeatreg = fwRd(fw,k1+j2); fw 6442 tools/finsig_dryos.c else if (isSUB(fw,k1+j2)) fw 6444 tools/finsig_dryos.c if (leds[j3].reg == fwRd(fw,k1+j2)) fw 6446 tools/finsig_dryos.c leds[j3].addr -= ALUop2a(fw,k1+j2); fw 6449 tools/finsig_dryos.c else if (leds[j3].reg == fwRn(fw,k1+j2)) fw 6454 tools/finsig_dryos.c repeataddr = leds[j3].addr - ALUop2a(fw,k1+j2); fw 6455 tools/finsig_dryos.c repeatreg = fwRd(fw,k1+j2); fw 6460 tools/finsig_dryos.c else if (isSTR(fw,k1+j2)) fw 6464 tools/finsig_dryos.c if (leds[j3].reg == fwRd(fw,k1+j2)) fw 6466 tools/finsig_dryos.c leds[j3].offs = fwval(fw,k1+j2) & 0xfff; fw 6470 tools/finsig_dryos.c else if (isMOV_immed(fw,k1+j2) && (leds[j3].reg == fwRd(fw,k1+j2))) fw 6499 tools/finsig_dryos.c j2 = find_str_ref(fw,"\n\n Set LCD Driver: Address 0x%04x <-- Data 0x%04x\n"); fw 6502 tools/finsig_dryos.c j2 = find_inst_rev(fw, isBL, j2, 8); fw 6508 tools/finsig_dryos.c if ( !((fwval(fw,j2-1)&0xfffff000)==0xe3a01000) && !((fwval(fw,j2-2)&0xfffff000)==0xe3a01000) ) // MOV R1, #imm fw 6510 tools/finsig_dryos.c j2 = find_inst_rev(fw, isBL, j2-1, 6); fw 6521 tools/finsig_dryos.c j2 = idxFollowBranch(fw, j2, 0x01000001); fw 6522 tools/finsig_dryos.c if (isLDR_PC(fw,j2)) fw 6525 tools/finsig_dryos.c gpiotbladdr = adr2idx(fw, LDR2val(fw, j2)); fw 6545 tools/finsig_dryos.c if (isSTRw(fw,k1+j2)) fw 6547 tools/finsig_dryos.c uint32_t o1 = fwval(fw,k1+j2)&0xfff; // may not be the correct way of determining the offset fw 6553 tools/finsig_dryos.c if (isSTRB(fw,k1+n)) fw 6555 tools/finsig_dryos.c o2 = fwval(fw,k1+n)&0xfff; fw 6558 tools/finsig_dryos.c r1 = fwRd(fw,k1+j2); // dest. register fw 6561 tools/finsig_dryos.c else if (isBX_LR(fw,k1+n) || isB(fw,k1+n)) fw 6573 tools/finsig_dryos.c if (isMOV_immed(fw, n) && (fwRd(fw, n) == r1)) fw 6575 tools/finsig_dryos.c leds[j3].addr = ALUop2a(fw,n); fw 6584 tools/finsig_dryos.c else if (isBX_LR(fw,k1+j2) || isB(fw,k1+j2)) fw 6602 tools/finsig_dryos.c bprintf("// LED #%i: 0x%08x (#%d in GPIO table), offset 0x%x\n",j1, fwval(fw, leds[j3].addr + gpiotbladdr), leds[j3].addr, leds[j3].offs); fw 6612 tools/finsig_dryos.c bprintf("// GPIO table @ 0x%x\n",idx2adr(fw, gpiotbladdr)); fw 6623 tools/finsig_dryos.c int f1 = get_saved_sig(fw,"CreateMessageQueueStrictly"); fw 6626 tools/finsig_dryos.c f1 = adr2idx(fw, func_names[f1].val); fw 6632 tools/finsig_dryos.c k1 = find_inst_rev(fw,isBL,k1-1,80); fw 6635 tools/finsig_dryos.c if (idx2adr(fw,idxFollowBranch(fw,k1,0x01000001)) == idx2adr(fw,f1)) // BL CreateMessageQueueStrictly fw 6645 tools/finsig_dryos.c k1 = find_inst_rev(fw,isBL,k1-1,80); fw 6648 tools/finsig_dryos.c k1 = idxFollowBranch(fw,k1,0x01000001); fw 6651 tools/finsig_dryos.c bprintf("\n// LED table init @ 0x%x\n",idx2adr(fw,k1)); fw 6656 tools/finsig_dryos.c j2 = find_str_ref(fw,"\n\n Set LCD Driver: Address 0x%04x <-- Data 0x%04x\n"); fw 6659 tools/finsig_dryos.c j2 = find_inst_rev(fw, isBL, j2, 8); fw 6665 tools/finsig_dryos.c if ( !((fwval(fw,j2-1)&0xfffff000)==0xe3a00000) && !((fwval(fw,j2-2)&0xfffff000)==0xe3a00000) ) // MOV R0, #imm fw 6667 tools/finsig_dryos.c j2 = find_inst_rev(fw, isBL, j2-1, 6); fw 6678 tools/finsig_dryos.c j2 = idxFollowBranch(fw, j2, 0x01000001); fw 6679 tools/finsig_dryos.c if (isLDR_PC(fw,j2)) fw 6682 tools/finsig_dryos.c gpiotbladdr = adr2idx(fw, LDR2val(fw, j2)); fw 6702 tools/finsig_dryos.c if (isSTRw(fw,k1+j2)) fw 6704 tools/finsig_dryos.c uint32_t o1 = fwval(fw,k1+j2)&0xfff; // may not be the correct way of determining the offset fw 6710 tools/finsig_dryos.c if (isSTRB(fw,k1+n)) fw 6712 tools/finsig_dryos.c o2 = fwval(fw,k1+n)&0xfff; fw 6715 tools/finsig_dryos.c r1 = fwRd(fw,k1+j2); // dest. register fw 6718 tools/finsig_dryos.c else if (isBX_LR(fw,k1+n) || isB(fw,k1+n)) fw 6730 tools/finsig_dryos.c if (isMOV_immed(fw, n) && (fwRd(fw, n) == r1)) fw 6732 tools/finsig_dryos.c leds[j3].addr = ALUop2a(fw,n); fw 6741 tools/finsig_dryos.c else if (isBX_LR(fw,k1+j2) || isB(fw,k1+j2)) fw 6759 tools/finsig_dryos.c bprintf("// LED #%i: 0x%08x (#%d in GPIO table), offset 0x%x\n",j1, fwval(fw, leds[j3].addr + gpiotbladdr), leds[j3].addr, leds[j3].offs); fw 6769 tools/finsig_dryos.c bprintf("// GPIO table @ 0x%x\n",idx2adr(fw, gpiotbladdr)); fw 6775 tools/finsig_dryos.c int find_task_related_info(firmware *fw) fw 6777 tools/finsig_dryos.c int i = get_saved_sig(fw,"get_self_task_id"); fw 6783 tools/finsig_dryos.c i = adr2idx(fw, func_names[i].val); fw 6784 tools/finsig_dryos.c if ( (fwval(fw,i)&0xffff0000)==0xe59f0000 ) // ldr r0, [pc, #imm] fw 6787 tools/finsig_dryos.c u = LDR2val(fw, i); fw 6788 tools/finsig_dryos.c if ( (fwval(fw,i+3)&0xffff0000)==0x059f0000 ) // ldreq r0, [pc, #imm] fw 6791 tools/finsig_dryos.c v = LDR2val(fw, i+3); fw 6798 tools/finsig_dryos.c i = find_str(fw, "DRYOS version 2.3, release "); fw 6799 tools/finsig_dryos.c j = find_nxt_str_ref(fw, i, -1); fw 6803 tools/finsig_dryos.c u = idx2adr(fw,i); fw 6804 tools/finsig_dryos.c if ( (u > fw->base_copied) && ((u-fw->base_copied)/4 < (uint32_t)fw->size2)) fw 6806 tools/finsig_dryos.c i = adr2idx(fw, fw->base2 + (u-fw->base_copied)); fw 6807 tools/finsig_dryos.c j = find_nxt_str_ref(fw, i, -1); fw 6814 tools/finsig_dryos.c k = find_nxt_str_ref(fw, i, j+1); fw 6824 tools/finsig_dryos.c m = find_inst_rev(fw, isSTMFD_LR, j, 42); fw 6840 tools/finsig_dryos.c n = find_Nth_inst(fw, isBL, m, 6, 2); fw 6843 tools/finsig_dryos.c n = idxFollowBranch(fw,n,0x01000001); fw 6844 tools/finsig_dryos.c n = find_inst(fw, isSTR, n, 8); fw 6847 tools/finsig_dryos.c m = fwRn(fw, n); // this register holds the base address pointer of TCB area fw 6848 tools/finsig_dryos.c n = find_inst_rev(fw, isLDR_PC, n-1, 4); fw 6851 tools/finsig_dryos.c if (fwRd(fw, n) != m) fw 6853 tools/finsig_dryos.c n = find_inst_rev(fw, isLDR_PC, n-1, 3); fw 6854 tools/finsig_dryos.c if ((n != -1) && (fwRd(fw, n) == m)) fw 6856 tools/finsig_dryos.c u = LDR2val(fw, n); fw 6857 tools/finsig_dryos.c v = idx2adr(fw, n); fw 6870 tools/finsig_dryos.c void find_AdditionAgent_RAM(firmware *fw) fw 6872 tools/finsig_dryos.c int i = get_saved_sig(fw,"AdditionAgentRAM_FW"); fw 6878 tools/finsig_dryos.c int j1 = adr2idx(fw, func_names[i].val); fw 6882 tools/finsig_dryos.c if (fwval(fw,j1+n) == 0xe3500a32) // cmp r0, #0x32000 fw 6885 tools/finsig_dryos.c sizeloc = idx2adr(fw,j1+n); fw 6888 tools/finsig_dryos.c else if (fwval(fw,j1+n) == 0xe3500a22) // cmp r0, #0x22000 fw 6891 tools/finsig_dryos.c sizeloc = idx2adr(fw,j1+n); fw 6900 tools/finsig_dryos.c r = LDR2val(fw,j1+n); fw 6901 tools/finsig_dryos.c if ( isLDR_PC(fw,j1+n) && (r>fw->memisostart) && (r<fw->maxram) ) fw 6904 tools/finsig_dryos.c startloc = idx2adr(fw,j1+n); fw 7012 tools/finsig_dryos.c int match_propsig1a(firmware *fw, int k, uint32_t sadr, __attribute__ ((unused))uint32_t offset) fw 7014 tools/finsig_dryos.c if (isADR_PC_cond(fw,k) || isLDR_PC_cond(fw,k)) // LDR or ADR ? fw 7017 tools/finsig_dryos.c if (isLDR_PC_cond(fw,k)) // LDR ? fw 7018 tools/finsig_dryos.c padr = LDR2val(fw,k); fw 7020 tools/finsig_dryos.c padr = ADR2adr(fw,k); fw 7023 tools/finsig_dryos.c int j1 = find_inst_rev(fw, isBL, k-1, 16); fw 7026 tools/finsig_dryos.c int j = get_saved_sig(fw,"GetPropertyCase"); fw 7032 tools/finsig_dryos.c if (followBranch2(fw, idx2adr(fw,j1), 0x01000001) == fadr) fw 7048 tools/finsig_dryos.c if (a==0 && isLDR_PC(fw,j2) && fwRd(fw,j2)==j) fw 7050 tools/finsig_dryos.c a = LDR2val(fw,j2); fw 7057 tools/finsig_dryos.c if (isADD(fw,j2) && fwRd(fw,j2)==j) fw 7059 tools/finsig_dryos.c j = fwRn(fw, j2); // change the watched register on-the-fly fw 7060 tools/finsig_dryos.c a += ALUop2a(fw, j2); fw 7062 tools/finsig_dryos.c if (isMOV_immed(fw,j2) && fwRd(fw,j2)==j) fw 7064 tools/finsig_dryos.c a += ALUop2a(fw, j2); fw 7078 tools/finsig_dryos.c int match_propsig1(firmware *fw, string_sig *sig, int j) fw 7080 tools/finsig_dryos.c return search_fw(fw, match_propsig1a, idx2adr(fw,j), sig->offset, 1); fw 7084 tools/finsig_dryos.c int find_strsig2(firmware *fw, string_sig *sig) fw 7088 tools/finsig_dryos.c case 1: return fw_string_process(fw, sig, match_propsig1, 1); fw 7094 tools/finsig_dryos.c void find_prop_matches(firmware *fw) fw 7101 tools/finsig_dryos.c find_strsig2(fw, &prop_sigs[i]); fw 7106 tools/finsig_dryos.c void find_propset(firmware *fw) fw 7113 tools/finsig_dryos.c find_prop_matches(fw); fw 7160 tools/finsig_dryos.c if (fw->sv->propset == n+1) okay = 1; // if the propset equals to (one of) the complete propset matches fw 7174 tools/finsig_dryos.c if (fw->sv->propset == n+1) okay = 1; // if the propset equals to (one of) the most complete propset matches fw 7180 tools/finsig_dryos.c if (!okay && fw->sv->propset>0) fw 7183 tools/finsig_dryos.c bprintf("// Port's propset (%i) may be set incorrectly\n", fw->sv->propset); fw 7188 tools/finsig_dryos.c void find_other_vals(firmware *fw) fw 7195 tools/finsig_dryos.c if (!search_fw_bytes(fw, find_ctypes)) fw 7201 tools/finsig_dryos.c print_exmem_types(fw); fw 7202 tools/finsig_dryos.c find_task_related_info(fw); fw 7203 tools/finsig_dryos.c find_leds(fw); fw 7207 tools/finsig_dryos.c if (fw->dryos_ver >= 45) fw 7209 tools/finsig_dryos.c found = search_saved_sig(fw, "NR_SetDarkSubType", match_nrflag, 0, 0, 1); fw 7213 tools/finsig_dryos.c search_saved_sig(fw, "NR_GetDarkSubType", match_nrflag2, 0, 0, 20); fw 7219 tools/finsig_dryos.c void print_kval(firmware *fw, uint32_t tadr, int tsiz, int tlen, uint32_t ev, const char *name, char *sfx) fw 7221 tools/finsig_dryos.c int tidx = adr2idx(fw,tadr); fw 7225 tools/finsig_dryos.c if (fw->buf[tidx+k+1] == ev) fw 7227 tools/finsig_dryos.c kval = fw->buf[tidx+k]; fw 7228 tools/finsig_dryos.c tadr = idx2adr(fw,tidx+k); fw 7247 tools/finsig_dryos.c void print_physw_raw_vals(firmware *fw, uint32_t tadr, int tsiz, int tlen) fw 7249 tools/finsig_dryos.c int tidx = adr2idx(fw,tadr); fw 7257 tools/finsig_dryos.c ev = fw->buf[tidx+k+1]; fw 7258 tools/finsig_dryos.c kval = fw->buf[tidx+k]; fw 7259 tools/finsig_dryos.c tadr = idx2adr(fw,tidx+k); fw 7300 tools/finsig_dryos.c uint32_t add_kmval(firmware *fw, uint32_t tadr, int tsiz, int tlen, uint32_t ev, const char *name, uint32_t xtra) fw 7302 tools/finsig_dryos.c int tidx = adr2idx(fw,tadr); fw 7308 tools/finsig_dryos.c if (fw->buf[tidx+k+1] == ev) fw 7310 tools/finsig_dryos.c kval = fw->buf[tidx+k]; fw 7311 tools/finsig_dryos.c tadr = idx2adr(fw,tidx+k); fw 7398 tools/finsig_dryos.c int match_GetSDProtect(firmware *fw, int k, __attribute__ ((unused))int v) fw 7400 tools/finsig_dryos.c if (isB(fw,k)) // B fw 7402 tools/finsig_dryos.c k = idxFollowBranch(fw,k,1); fw 7403 tools/finsig_dryos.c if (isLDR_PC(fw,k)) fw 7405 tools/finsig_dryos.c return LDR2val(fw,k); fw 7412 tools/finsig_dryos.c void find_key_vals(firmware *fw) fw 7420 tools/finsig_dryos.c uint32_t tadr = search_saved_sig(fw, "GetSDProtect", match_GetSDProtect, 0, 1, 1); fw 7423 tools/finsig_dryos.c k = find_str_ref(fw,"SD Not Exist\n"); fw 7428 tools/finsig_dryos.c if (isBL(fw,k1)) // BL fw 7430 tools/finsig_dryos.c uint32_t fadr = followBranch(fw,idx2adr(fw,k1),0x01000001); fw 7431 tools/finsig_dryos.c int k2 = adr2idx(fw,fadr); fw 7432 tools/finsig_dryos.c if (isLDR_PC(fw,k2)) fw 7434 tools/finsig_dryos.c tadr = LDR2val(fw,k2); fw 7443 tools/finsig_dryos.c if (fw->buf[adr2idx(fw,tadr)+2] == 0) tsiz = 3; fw 7445 tools/finsig_dryos.c uint32_t madr = fw->base + (fw->size*4-4); fw 7446 tools/finsig_dryos.c for (k=0; k<(int)(tadr-fw->base)/4; k++) fw 7448 tools/finsig_dryos.c if (isLDR_PC(fw,k)) fw 7450 tools/finsig_dryos.c uint32_t adr = LDR2val(fw,k); fw 7460 tools/finsig_dryos.c k1 = adr2idx(fw,tadr); fw 7463 tools/finsig_dryos.c if ((fw->buf[k1+k+1] == 0xFFFFFFFF) && (fw->buf[k1+k+4] == 0xFFFFFFFF)) fw 7474 tools/finsig_dryos.c print_physw_raw_vals(fw, tadr, tsiz, tlen); fw 7477 tools/finsig_dryos.c if (fw->dryos_ver >= 58) fw 7480 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x30A,"SD_READONLY","_FLAG"); fw 7481 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x302,"USB","_MASK"); fw 7482 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x305,"BATTCOVER","_FLAG"); fw 7483 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x304,"HOTSHOE","_FLAG"); fw 7484 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x300,"ANALOG_AV","_FLAG"); fw 7486 tools/finsig_dryos.c else if (fw->dryos_ver >= 49) fw 7489 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x20A,"SD_READONLY","_FLAG"); fw 7490 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x202,"USB","_MASK"); fw 7491 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x205,"BATTCOVER","_FLAG"); fw 7492 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x204,"HOTSHOE","_FLAG"); fw 7493 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x200,"ANALOG_AV","_FLAG"); fw 7497 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x90A,"SD_READONLY","_FLAG"); fw 7498 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x902,"USB","_MASK"); fw 7499 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x905,"BATTCOVER","_FLAG"); fw 7500 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x904,"HOTSHOE","_FLAG"); fw 7501 tools/finsig_dryos.c print_kval(fw,tadr,tsiz,tlen,0x900,"ANALOG_AV","_FLAG"); fw 7504 tools/finsig_dryos.c uint32_t key_half = add_kmval(fw,tadr,tsiz,tlen,0,"KEY_SHOOT_HALF",0); fw 7505 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,1,"KEY_SHOOT_FULL",key_half); fw 7506 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,1,"KEY_SHOOT_FULL_ONLY",0); fw 7508 tools/finsig_dryos.c if (fw->dryos_ver == 52) // unclear if this applies any other ver fw 7510 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_IN",0); fw 7511 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,4,"KEY_ZOOM_OUT",0); fw 7512 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,6,"KEY_UP",0); fw 7513 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,7,"KEY_DOWN",0); fw 7514 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,8,"KEY_LEFT",0); fw 7515 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,9,"KEY_RIGHT",0); fw 7516 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_SET",0); fw 7517 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0xB,"KEY_MENU",0); fw 7518 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0xC,"KEY_DISPLAY",0); fw 7519 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0x12,"KEY_HELP",0); fw 7520 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0x19,"KEY_ERASE",0); fw 7521 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,2,"KEY_VIDEO",0); fw 7523 tools/finsig_dryos.c else if (fw->dryos_ver < 54) fw 7525 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,2,"KEY_ZOOM_IN",0); fw 7526 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_OUT",0); fw 7527 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,4,"KEY_UP",0); fw 7528 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,5,"KEY_DOWN",0); fw 7529 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,6,"KEY_LEFT",0); fw 7530 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,7,"KEY_RIGHT",0); fw 7531 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,8,"KEY_SET",0); fw 7532 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,9,"KEY_MENU",0); fw 7533 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_DISPLAY",0); fw 7535 tools/finsig_dryos.c else if (fw->dryos_ver < 55) fw 7537 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_IN",0); fw 7538 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,4,"KEY_ZOOM_OUT",0); fw 7539 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,6,"KEY_UP",0); fw 7540 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,7,"KEY_DOWN",0); fw 7541 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,8,"KEY_LEFT",0); fw 7542 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,9,"KEY_RIGHT",0); fw 7543 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_SET",0); fw 7544 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0xE,"KEY_MENU",0); fw 7545 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,2,"KEY_VIDEO",0); fw 7546 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0xD,"KEY_HELP",0); fw 7551 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_IN",0); fw 7552 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,4,"KEY_ZOOM_OUT",0); fw 7553 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,6,"KEY_UP",0); fw 7554 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,7,"KEY_DOWN",0); fw 7555 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,8,"KEY_LEFT",0); fw 7556 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,9,"KEY_RIGHT",0); fw 7557 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_SET",0); fw 7558 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0x14,"KEY_MENU",0); fw 7559 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,2,"KEY_VIDEO",0); fw 7560 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0xD,"KEY_HELP",0); fw 7563 tools/finsig_dryos.c if (fw->dryos_ver <= 47) fw 7565 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0x601,"KEY_PLAYBACK",0); fw 7566 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0x600,"KEY_POWER",0); fw 7567 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0x12,"KEY_VIDEO",0); fw 7571 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0x101,"KEY_PLAYBACK",0); fw 7572 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0x100,"KEY_POWER",0); fw 7573 tools/finsig_dryos.c if (fw->dryos_ver == 49) fw 7575 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0x19,"KEY_VIDEO",0); fw 7577 tools/finsig_dryos.c else if(fw->dryos_ver == 50) fw 7579 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0x1A,"KEY_VIDEO",0); fw 7580 tools/finsig_dryos.c add_kmval(fw,tadr,tsiz,tlen,0x14,"KEY_HELP",0); fw 7594 tools/finsig_dryos.c int get_eventproc_val(firmware *fw, int k) fw 7596 tools/finsig_dryos.c if (isADR_PC(fw,k) && (fwRd(fw,k) == 0)) fw 7597 tools/finsig_dryos.c nadr = ADR2adr(fw,k); fw 7598 tools/finsig_dryos.c else if (isADR_PC(fw,k) && (fwRd(fw,k) == 1)) fw 7599 tools/finsig_dryos.c eadr = ADR2adr(fw,k); fw 7600 tools/finsig_dryos.c else if (isLDR_PC(fw,k) && (fwRd(fw,k) == 0)) fw 7601 tools/finsig_dryos.c nadr = LDR2val(fw,k); fw 7602 tools/finsig_dryos.c else if (isLDR_PC(fw,k) && (fwRd(fw,k) == 1)) fw 7603 tools/finsig_dryos.c eadr = LDR2val(fw,k); fw 7646 tools/finsig_dryos.c void add_func_name2(firmware *fw, uint32_t nadr, uint32_t eadr, char *suffix) fw 7648 tools/finsig_dryos.c char *n = (char*)adr2ptr(fw,nadr); fw 7649 tools/finsig_dryos.c if (isB(fw,adr2idx(fw,eadr))) fw 7654 tools/finsig_dryos.c eadr = followBranch(fw,eadr,1); fw 7659 tools/finsig_dryos.c int match_eventproc(firmware *fw, int k, uint32_t fadr, __attribute__ ((unused))uint32_t v2) fw 7661 tools/finsig_dryos.c if (isBorBL(fw,k)) fw 7663 tools/finsig_dryos.c uint32_t adr = followBranch(fw,idx2adr(fw,k),0x01000001); fw 7669 tools/finsig_dryos.c if (get_eventproc_val(fw, k) == 0) fw 7671 tools/finsig_dryos.c int k1 = find_inst_rev(fw, isB, k, 500); fw 7675 tools/finsig_dryos.c get_eventproc_val(fw, k); fw 7679 tools/finsig_dryos.c if (get_eventproc_val(fw, k) == 0) fw 7681 tools/finsig_dryos.c int k1 = find_inst_rev(fw, isB, k, 500); fw 7685 tools/finsig_dryos.c get_eventproc_val(fw, k); fw 7690 tools/finsig_dryos.c add_func_name2(fw, nadr, eadr, "_FW"); fw 7697 tools/finsig_dryos.c int match_registerproc2(firmware *fw, int k, uint32_t fadr, __attribute__ ((unused))uint32_t v2) fw 7700 tools/finsig_dryos.c if (isBorBL(fw,k)) fw 7702 tools/finsig_dryos.c uint32_t adr = followBranch(fw,idx2adr(fw,k),0x01000001); fw 7708 tools/finsig_dryos.c if (get_eventproc_val(fw, k) == 0) fw 7710 tools/finsig_dryos.c int k1 = find_inst_rev(fw, isB, k, 500); fw 7714 tools/finsig_dryos.c get_eventproc_val(fw, k); fw 7718 tools/finsig_dryos.c if (get_eventproc_val(fw, k) == 0) fw 7720 tools/finsig_dryos.c int k1 = find_inst_rev(fw, isB, k, 500); fw 7724 tools/finsig_dryos.c get_eventproc_val(fw, k); fw 7729 tools/finsig_dryos.c add_func_name2(fw, nadr, eadr, "_FW"); fw 7735 tools/finsig_dryos.c int k1 = find_inst_rev(fw, isLDR_PC, k, 8); fw 7738 tools/finsig_dryos.c uint32_t k2 = LDR2val(fw,k1); fw 7739 tools/finsig_dryos.c if ((k2 > fw->base) && (k2 < (fw->base + fw->size*4 - 1))) fw 7744 tools/finsig_dryos.c if ( ((fwval(fw,k3) & 0xfff00ff0) == 0xe0800180) && // add rx, ry, rz, lsl #3 fw 7745 tools/finsig_dryos.c ((fwval(fw,k3) & 0x000f0000)>>16) == (unsigned)(fwRd(fw,k1)) ) // check register match fw 7748 tools/finsig_dryos.c k1 = adr2idx(fw,k2); fw 7749 tools/finsig_dryos.c while (fwval(fw,k1) != 0) fw 7751 tools/finsig_dryos.c add_func_name2(fw, fwval(fw,k1), fwval(fw,k1+1), "_FW"); fw 7766 tools/finsig_dryos.c int match_registerproc(firmware *fw, int k, uint32_t fadr, __attribute__ ((unused))uint32_t v2) fw 7768 tools/finsig_dryos.c if (isB(fw,k+1) && isMOV_immed(fw,k) && (fwRd(fw,k) == 2)) fw 7770 tools/finsig_dryos.c uint32_t adr = followBranch(fw,idx2adr(fw,k+1),1); fw 7773 tools/finsig_dryos.c search_fw(fw, match_registerproc2, idx2adr(fw,k), 0, 2); fw 7779 tools/finsig_dryos.c int match_registerlists(firmware *fw, int k, uint32_t fadr, __attribute__ ((unused))uint32_t v2) fw 7781 tools/finsig_dryos.c if (isBorBL(fw,k+1) && isLDR_PC(fw,k) && (fwRd(fw,k) == 0)) fw 7783 tools/finsig_dryos.c uint32_t adr = followBranch2(fw,idx2adr(fw,k+1),0x01000001); fw 7786 tools/finsig_dryos.c int j = adr2idx(fw,LDR2val(fw,k)); fw 7787 tools/finsig_dryos.c if (!idx_valid(fw,j)) fw 7789 tools/finsig_dryos.c j = adr2idx(fw,LDR2val(fw,k) - fw->data_start + fw->data_init_start); fw 7791 tools/finsig_dryos.c if (idx_valid(fw,j)) fw 7793 tools/finsig_dryos.c while (fwval(fw,j) != 0) fw 7795 tools/finsig_dryos.c add_func_name2(fw, fwval(fw,j), fwval(fw,j+1), "_FW"); fw 7801 tools/finsig_dryos.c else if (isBorBL(fw,k+1) && isLDMFD(fw,k) && isLDR_PC(fw,k-1) && (fwRd(fw,k-1) == 0)) fw 7803 tools/finsig_dryos.c uint32_t adr = followBranch2(fw,idx2adr(fw,k+1),0x01000001); fw 7806 tools/finsig_dryos.c int j = adr2idx(fw,LDR2val(fw,k-1)); fw 7807 tools/finsig_dryos.c if (!idx_valid(fw,j)) fw 7809 tools/finsig_dryos.c j = adr2idx(fw,LDR2val(fw,k-1) - fw->data_start + fw->data_init_start); fw 7811 tools/finsig_dryos.c if (idx_valid(fw,j)) fw 7813 tools/finsig_dryos.c while (fwval(fw,j) != 0) fw 7815 tools/finsig_dryos.c add_func_name2(fw, fwval(fw,j), fwval(fw,j+1), "_FW"); fw 7824 tools/finsig_dryos.c void find_eventprocs(firmware *fw) fw 7826 tools/finsig_dryos.c int j = get_saved_sig(fw,"ExportToEventProcedure_FW"); fw 7830 tools/finsig_dryos.c search_fw(fw, match_eventproc, fadr, 0, 1); fw 7832 tools/finsig_dryos.c if (isB(fw,adr2idx(fw,fadr)+2)) fw 7834 tools/finsig_dryos.c fadr = followBranch(fw, fadr+8, 1); fw 7836 tools/finsig_dryos.c search_fw(fw, match_registerproc, fadr, 0, 2); fw 7839 tools/finsig_dryos.c j = get_saved_sig(fw,"SS.Create_FW"); fw 7842 tools/finsig_dryos.c j = adr2idx(fw,func_names[j].val); fw 7847 tools/finsig_dryos.c if (isLDR_PC(fw,j+offsets[i]) && (fwRd(fw,j+offsets[i]) == 0) && isBL(fw,j+offsets[i]+1)) fw 7849 tools/finsig_dryos.c fadr = followBranch(fw,idx2adr(fw,j+offsets[i]+1),0x01000001); fw 7850 tools/finsig_dryos.c search_fw(fw, match_registerlists, fadr, 0, 2); fw 7858 tools/finsig_dryos.c j = find_strptr_ref(fw,"ResetZoomLens"); fw 7861 tools/finsig_dryos.c if (isBorBL(fw,j+1)) fw 7863 tools/finsig_dryos.c fadr = followBranch(fw,idx2adr(fw,j+1),0x01000001); fw 7864 tools/finsig_dryos.c search_fw(fw, match_registerlists, fadr, 0, 2); fw 7869 tools/finsig_dryos.c j = get_saved_sig(fw,"TerminateAdjustmentSystem_FW"); fw 7872 tools/finsig_dryos.c j = adr2idx(fw,func_names[j].val); fw 7876 tools/finsig_dryos.c if (isBL(fw,k)) fw 7878 tools/finsig_dryos.c int k1 = adr2idx(fw,followBranch(fw,idx2adr(fw,k),0x01000001)); fw 7882 tools/finsig_dryos.c if (isLDR_PC(fw,k2) && (fwRd(fw,k2) == 0) && isLDMFD(fw,k2+1)) fw 7884 tools/finsig_dryos.c int k3 = adr2idx(fw, LDR2val(fw,k2) - fw->data_start + fw->data_init_start); fw 7885 tools/finsig_dryos.c if (idx_valid(fw,k3)) fw 7887 tools/finsig_dryos.c while (fwval(fw,k3) != 0) fw 7889 tools/finsig_dryos.c add_func_name2(fw, fwval(fw,k3), fwval(fw,k3+1), "_FW"); fw 7901 tools/finsig_dryos.c uint32_t findTaskAddress(firmware *fw, int k, int reg) fw 7907 tools/finsig_dryos.c if (isLDR_PC(fw,k+o) && (fwRd(fw,k+o) == reg)) fw 7909 tools/finsig_dryos.c uint32_t adr = LDR2val(fw,k+o); fw 7913 tools/finsig_dryos.c if (fwval(fw,k+i) == (0xE5900000 | (reg << 12) | (reg << 16))) // LDR Rx,[Rx] fw 7915 tools/finsig_dryos.c adr = fwval(fw,adr2idx(fw,adr)); fw 7920 tools/finsig_dryos.c else if (isADR_PC(fw,k+o) && (fwRd(fw,k+o) == reg)) fw 7922 tools/finsig_dryos.c return(ADR2adr(fw,k+o)); fw 7929 tools/finsig_dryos.c int match_createtask(firmware *fw, int k, uint32_t fadr, __attribute__ ((unused))uint32_t v2) fw 7932 tools/finsig_dryos.c k = idxcorr(fw, k); fw 7933 tools/finsig_dryos.c if (isBorBL(fw,k)) fw 7935 tools/finsig_dryos.c uint32_t adr = followBranch2(fw,idx2adr(fw,k),0x01000001); fw 7938 tools/finsig_dryos.c fadr = findTaskAddress(fw, k, 3); fw 7941 tools/finsig_dryos.c uint32_t sadr = findTaskAddress(fw, k, 0); fw 7944 tools/finsig_dryos.c char *s = adr2ptr(fw,sadr); fw 7956 tools/finsig_dryos.c void find_tasks(firmware *fw) fw 7958 tools/finsig_dryos.c int k = get_saved_sig(fw,"CreateTask"); fw 7961 tools/finsig_dryos.c search_fw(fw, match_createtask, func_names[k].val, 0, 7); fw 7963 tools/finsig_dryos.c k = get_saved_sig(fw,"CreateTaskStrictly"); fw 7966 tools/finsig_dryos.c search_fw(fw, match_createtask, func_names[k].val, 0, 7); fw 7968 tools/finsig_dryos.c if (fw->dryos_ver >= 59) fw 7970 tools/finsig_dryos.c k = get_saved_sig(fw,"CreateTaskStrictly_alt"); // r59+ fw 7973 tools/finsig_dryos.c search_fw(fw, match_createtask, func_names[k].val, 0, 7); fw 7978 tools/finsig_dryos.c void find_builddate(firmware *fw) fw 7980 tools/finsig_dryos.c int j = get_saved_sig(fw,"GetBuildDate_FW"); fw 7983 tools/finsig_dryos.c int idx = adr2idx(fw, func_names[j].val); fw 7984 tools/finsig_dryos.c uint32_t adr = ADR2adr(fw, idx); fw 7985 tools/finsig_dryos.c idx = adr2idx(fw, adr); fw 7986 tools/finsig_dryos.c fw->fw_build_date = (char*)&fw->buf[idx]; fw 7989 tools/finsig_dryos.c fw->fw_build_date = 0; fw 7991 tools/finsig_dryos.c j = get_saved_sig(fw,"GetBuildTime_FW"); fw 7994 tools/finsig_dryos.c int idx = adr2idx(fw, func_names[j].val); fw 7995 tools/finsig_dryos.c uint32_t adr = ADR2adr(fw, idx); fw 7996 tools/finsig_dryos.c idx = adr2idx(fw, adr); fw 7997 tools/finsig_dryos.c fw->fw_build_time = (char*)&fw->buf[idx]; fw 8000 tools/finsig_dryos.c fw->fw_build_time = 0; fw 8020 tools/finsig_dryos.c int find_ptp_handler_imm(firmware *fw, int k) fw 8030 tools/finsig_dryos.c if (isLDR_PC(fw,k+o)) fw 8032 tools/finsig_dryos.c if(fwRd(fw,k+o) == 0) fw 8034 tools/finsig_dryos.c op = LDR2val(fw,k+o); fw 8036 tools/finsig_dryos.c else if(fwRd(fw,k+o) == 1){ fw 8037 tools/finsig_dryos.c handler = LDR2val(fw,k+o); fw 8041 tools/finsig_dryos.c else if (isADR_PC(fw,k+o) && (fwRd(fw,k+o) == 1)) fw 8043 tools/finsig_dryos.c handler=ADR2adr(fw,k+o); fw 8055 tools/finsig_dryos.c int match_ptp_handlers(firmware *fw, int k, uint32_t fadr, __attribute__ ((unused))uint32_t v2) fw 8058 tools/finsig_dryos.c if(fwval(fw,k) == 0x1004 fw 8059 tools/finsig_dryos.c && fwval(fw,k+2) == 0x1005 fw 8060 tools/finsig_dryos.c && fwval(fw,k+4) == 0x1006 fw 8061 tools/finsig_dryos.c && fwval(fw,k+1) > fw->base && !(fwval(fw,k+1) & 0x3) fw 8062 tools/finsig_dryos.c && fwval(fw,k+3) > fw->base && !(fwval(fw,k+1) & 0x3) fw 8063 tools/finsig_dryos.c && fwval(fw,k+5) > fw->base && !(fwval(fw,k+1) & 0x3)) fw 8069 tools/finsig_dryos.c uint32_t op=fwval(fw,k+i*2); fw 8070 tools/finsig_dryos.c uint32_t handler=fwval(fw,k+i*2+1); fw 8080 tools/finsig_dryos.c k = idxcorr(fw, k); fw 8081 tools/finsig_dryos.c if (!isBorBL(fw,k)) fw 8085 tools/finsig_dryos.c uint32_t adr = followBranch2(fw,idx2adr(fw,k),0x01000001); fw 8089 tools/finsig_dryos.c find_ptp_handler_imm(fw,k); fw 8095 tools/finsig_dryos.c void find_ptp_handlers(firmware *fw) fw 8097 tools/finsig_dryos.c int k = get_saved_sig(fw,"add_ptp_handler"); fw 8100 tools/finsig_dryos.c search_fw(fw, match_ptp_handlers, func_names[k].val, 0, 128); fw 8104 tools/finsig_dryos.c void write_levent_table_dump(firmware *fw, uint32_t tadr) fw 8119 tools/finsig_dryos.c val = *(uint32_t*)adr2ptr(fw, tadr); fw 8120 tools/finsig_dryos.c if ((val == 0xffffffff) || (val == 0) || (*(uint32_t*)adr2ptr(fw, tadr+4) < lid)) { fw 8123 tools/finsig_dryos.c lid = *(uint32_t*)adr2ptr(fw, tadr+4); fw 8124 tools/finsig_dryos.c str = (char*)adr2ptr(fw,val); fw 8126 tools/finsig_dryos.c fprintf(f,"0x%08x 0x%04x 0x%08x %s\n",tadr,lid,*(uint32_t*)adr2ptr(fw, tadr+8),str); fw 8135 tools/finsig_dryos.c void output_firmware_vals(firmware *fw) fw 8139 tools/finsig_dryos.c if (fw->dryos_ver == 0) fw 8145 tools/finsig_dryos.c if (fw->dryos_ver < fw->real_dryos_ver) // check for outdated finsig fw 8146 tools/finsig_dryos.c bprintf("// DRYOS R%d (%s) *** New DRYOS Version - please update finsig_dryos.c ***\n",fw->real_dryos_ver,fw->dryos_ver_str); fw 8148 tools/finsig_dryos.c bprintf("// DRYOS R%d (%s)\n",fw->dryos_ver,fw->dryos_ver_str); fw 8151 tools/finsig_dryos.c if (fw->firmware_ver_str == 0) fw 8157 tools/finsig_dryos.c uint32_t j = idx2adr(fw,fw->fwver_idx); fw 8158 tools/finsig_dryos.c char *c = strrchr(fw->firmware_ver_str,' ') + 1; // points after the last space char fw 8159 tools/finsig_dryos.c uint32_t k = j + c - fw->firmware_ver_str; fw 8162 tools/finsig_dryos.c bprintf("// %s // Found @ 0x%08x, \"%s\" @ 0x%08x\n",fw->firmware_ver_str,j,c,k); fw 8167 tools/finsig_dryos.c bprintf("// %s // Found @ 0x%08x, \"%s\" @ 0x%08x\n",fw->firmware_ver_str,j,fw->firmware_ver_str,j); fw 8171 tools/finsig_dryos.c if (fw->fw_build_date != 0) fw 8173 tools/finsig_dryos.c bprintf("// Firmware build timestamp: %s %s\n",fw->fw_build_date, (fw->fw_build_time==0)?"":fw->fw_build_time); fw 8176 tools/finsig_dryos.c if (fw->fsize > (fw->size + 256)) fw 8178 tools/finsig_dryos.c bprintf("// Possible corrupt firmware dump - file size too small for start address 0x%08x\n",fw->base); fw 8179 tools/finsig_dryos.c bprintf("// file size = %.2fMB, should be %.2fMB\n", ((double)fw->size*4.0)/(1024.0*1024.0),((double)fw->fsize*4.0)/(1024.0*1024.0)); fw 8182 tools/finsig_dryos.c if (fw->cam != 0) fw 8184 tools/finsig_dryos.c bprintf("// %s\n",fw->cam); fw 8196 tools/finsig_dryos.c if (fw->uncached_adr == 0x10000000) fw 8200 tools/finsig_dryos.c if (find_str(fw,"FaceFrame") != -1) // face recognition related task fw 8210 tools/finsig_dryos.c if (find_str(fw,"\xac\xd0\x22\xc0") != -1) // 0xc022d0ac, D4+ GPIO fw 8215 tools/finsig_dryos.c else if (find_str(fw,"\xac\xc0\x22\xc0") != -1) // 0xc022c0ac, D5 GPIO fw 8223 tools/finsig_dryos.c bprintf("// PLATFORMOSVER = %d\n",fw->real_dryos_ver); fw 8225 tools/finsig_dryos.c if (fw->pid != 0) fw 8227 tools/finsig_dryos.c bprintf("// PLATFORMID = %d# (0x%04x) Found @ 0x%08x\n",fw->pid,fw->pid,fw->pid_adr); fw 8231 tools/finsig_dryos.c bprintf("// PLATFORMID = ? // Not found @ 0x%08x\n",fw->pid_adr); fw 8234 tools/finsig_dryos.c if (fw->maxram != 0) fw 8235 tools/finsig_dryos.c bprintf("// MAXRAMADDR = 0x%08x\n",fw->maxram); fw 8237 tools/finsig_dryos.c if (fw->memisostart != 0) fw 8239 tools/finsig_dryos.c osig *o = find_match(fw->sv->makevals, "MEMISOSTART", fw->memisostart); fw 8240 tools/finsig_dryos.c if (o && (o->val == fw->memisostart)) fw 8241 tools/finsig_dryos.c bprintf("// MEMISOSTART = 0x%08x\n",fw->memisostart); fw 8243 tools/finsig_dryos.c bprintf("// MEMISOSTART = 0x%08x (*** DOES NOT MATCH MAKEFILE VALUE 0x%08x***)\n",fw->memisostart,(o)?o->val:0); fw 8246 tools/finsig_dryos.c if (fw->ksys != 0) fw 8248 tools/finsig_dryos.c bprintf("// KEYSYS = %s# Found @ 0x%08x\n",fw->ksys,idx2adr(fw,fw->ksys_idx)); fw 8250 tools/finsig_dryos.c if (fw->dancing_bits_idx != 0) fw 8252 tools/finsig_dryos.c if (fw->dancing_bits) fw 8254 tools/finsig_dryos.c bprintf("// NEED_ENCODED_DISKBOOT = %d# Found @ 0x%08x",fw->dancing_bits,idx2adr(fw,fw->dancing_bits_idx)); fw 8255 tools/finsig_dryos.c osig *o = find_sig(fw->sv->makevals,"NEED_ENCODED_DISKBOOT"); fw 8258 tools/finsig_dryos.c else if (o->val != fw->dancing_bits) fw 8264 tools/finsig_dryos.c bprintf("// NEED_ENCODED_DISKBOOT = ? Not found, possible new 'dancing bits' entry needed. // Found @ 0x%08x\n",idx2adr(fw,fw->dancing_bits_idx)); fw 8269 tools/finsig_dryos.c find_AdditionAgent_RAM(fw); fw 8273 tools/finsig_dryos.c uint32_t u = fw->base+fw->fsize*4; fw 8278 tools/finsig_dryos.c bprintf("// %-8s 0x%08x - 0x%08x (%7d bytes)\n","ROM",fw->base,u,fw->fsize*4); fw 8279 tools/finsig_dryos.c if ((fw->dryos_ver >= 50) && (fw->base2 != 0)) fw 8281 tools/finsig_dryos.c bprintf("// %-8s 0x%08x - 0x%08x copied from 0x%08x (%7d bytes)\n","RAM code",fw->base2,fw->base2+fw->size2*4,fw->base_copied,fw->size2*4); fw 8283 tools/finsig_dryos.c bprintf("// %-8s 0x%08x - 0x%08x copied from 0x%08x (%7d bytes)\n","RAM data",fw->data_start,fw->data_start+fw->data_len*4,fw->data_init_start,fw->data_len*4); fw 8312 tools/finsig_dryos.c void write_funcs(firmware *fw, char *filename, func_entry *fns[], int (*compare)(const func_entry **p1, const func_entry **p2)) fw 8327 tools/finsig_dryos.c osig* ostub2 = find_sig(fw->sv->stubs,fns[k]->name); fw 8348 tools/finsig_dryos.c firmware fw; fw 8364 tools/finsig_dryos.c fw.sv = new_stub_values(); fw 8365 tools/finsig_dryos.c load_stubs(fw.sv, "stubs_entry_2.S", 1); fw 8366 tools/finsig_dryos.c load_stubs_min(fw.sv); fw 8367 tools/finsig_dryos.c load_modemap(fw.sv); fw 8368 tools/finsig_dryos.c load_platform(fw.sv); fw 8369 tools/finsig_dryos.c load_makefile(fw.sv); fw 8374 tools/finsig_dryos.c load_firmware(&fw,argv[1],argv[2],(argc==5)?argv[4]:0, OS_DRYOS); fw 8375 tools/finsig_dryos.c fw.uncached_adr = 0; fw 8376 tools/finsig_dryos.c fw.uncached_adr_idx = 0; fw 8377 tools/finsig_dryos.c find_eventprocs(&fw); fw 8378 tools/finsig_dryos.c find_ptp_handlers(&fw); fw 8379 tools/finsig_dryos.c find_builddate(&fw); fw 8380 tools/finsig_dryos.c if (!fw.uncached_adr) fw 8381 tools/finsig_dryos.c search_saved_sig(&fw, "FreeUncacheableMemory", match_CAM_UNCACHED_BIT, 0, 0, 8); fw 8382 tools/finsig_dryos.c output_firmware_vals(&fw); fw 8391 tools/finsig_dryos.c find_tasks(&fw); fw 8392 tools/finsig_dryos.c if(get_saved_sig(&fw,"task_ComWireless") >= 0) { fw 8401 tools/finsig_dryos.c if ((fw.dryos_ver >= find_min_ver(curr_name)) && (fw.dryos_ver <= find_max_ver(curr_name))) fw 8403 tools/finsig_dryos.c find_matches(&fw, curr_name); fw 8404 tools/finsig_dryos.c print_results(&fw,curr_name,k); fw 8413 tools/finsig_dryos.c find_modemap(&fw); fw 8414 tools/finsig_dryos.c find_stubs_min(&fw); fw 8415 tools/finsig_dryos.c find_lib_vals(&fw); fw 8416 tools/finsig_dryos.c find_key_vals(&fw); fw 8417 tools/finsig_dryos.c find_platform_vals(&fw); fw 8418 tools/finsig_dryos.c find_propset(&fw); fw 8419 tools/finsig_dryos.c find_other_vals(&fw); fw 8429 tools/finsig_dryos.c write_funcs(&fw, "funcs_by_name.csv", fns, compare_func_names); fw 8430 tools/finsig_dryos.c write_funcs(&fw, "funcs_by_address.csv", fns, compare_func_addresses); fw 788 tools/finsig_thumb2.c void save_sig(firmware *fw, const char *name, uint32_t val) fw 797 tools/finsig_thumb2.c if(!adr_is_main_fw_code(fw,val)) { fw 807 tools/finsig_thumb2.c void add_func_name(firmware *fw, char *n, uint32_t eadr, char *suffix) fw 821 tools/finsig_thumb2.c if(!adr_is_main_fw_code(fw,eadr)) { fw 862 tools/finsig_thumb2.c uint32_t save_sig_veneers(firmware *fw, const char *name, uint32_t adr) fw 865 tools/finsig_thumb2.c if(!fw_disasm_iter_single(fw,adr)) { fw 873 tools/finsig_thumb2.c for(v_cnt = 0, b_adr = get_direct_jump_target(fw,fw->is); fw 875 tools/finsig_thumb2.c v_cnt++,b_adr = get_direct_jump_target(fw,fw->is)) { fw 883 tools/finsig_thumb2.c add_func_name(fw,buf,adr,NULL); // this is the orignal named address fw 885 tools/finsig_thumb2.c if(!fw_disasm_iter_single(fw,adr)) { fw 894 tools/finsig_thumb2.c int save_sig_with_j(firmware *fw, char *name, uint32_t adr) fw 900 tools/finsig_thumb2.c adr = save_sig_veneers(fw, name, adr); fw 902 tools/finsig_thumb2.c save_sig(fw,name,adr); fw 911 tools/finsig_thumb2.c int find_next_sig_call_ex(firmware *fw, iter_state_t *is, uint32_t max_offset, const char *name, uint32_t flags) fw 948 tools/finsig_thumb2.c return fw_search_insn(fw,is,search_fn,0,match_fns,is->adr + max_offset); fw 951 tools/finsig_thumb2.c int find_next_sig_call(firmware *fw, iter_state_t *is, uint32_t max_offset, const char *name) fw 953 tools/finsig_thumb2.c return find_next_sig_call_ex(fw,is,max_offset,name,0); fw 958 tools/finsig_thumb2.c int is_sig_call(firmware *fw, iter_state_t *is, const char *name) fw 960 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); fw 967 tools/finsig_thumb2.c osig* ostub2 = find_sig(fw->sv->stubs,name); fw 1005 tools/finsig_thumb2.c typedef int (*sig_match_fn)(firmware *fw, iter_state_t *is, sig_rule_t *rule); fw 1018 tools/finsig_thumb2.c int init_disasm_sig_ref(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1029 tools/finsig_thumb2.c if(!disasm_iter_init(fw,is,adr)) { fw 1036 tools/finsig_thumb2.c int sig_match_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule); fw 1037 tools/finsig_thumb2.c uint32_t find_str_arg_call(firmware *fw, iter_state_t *is, sig_rule_t *rule); fw 1043 tools/finsig_thumb2.c int sig_match_str_r0_call(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1045 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 1054 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 1055 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 1059 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,4,match_b_bl_blximm)) { fw 1060 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); fw 1062 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 1070 tools/finsig_thumb2.c int sig_match_reg_evp(firmware *fw, iter_state_t *is, __attribute__ ((unused))sig_rule_t *rule) fw 1088 tools/finsig_thumb2.c disasm_iter_init(fw,is,e_to_evp); fw 1089 tools/finsig_thumb2.c if(insn_match_seq(fw,is,reg_evp_match)) { fw 1092 tools/finsig_thumb2.c save_sig(fw,"RegisterEventProcedure",reg_evp); fw 1099 tools/finsig_thumb2.c int sig_match_reg_evp_table(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1102 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); // note this string may appear more than once, assuming want first fw 1110 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 1112 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 1116 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,2,match_b_bl)) { fw 1121 tools/finsig_thumb2.c save_sig(fw,"RegisterEventProcedure_alt1",reg_evp_alt1); fw 1126 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&3)==3) { fw 1131 tools/finsig_thumb2.c add_func_name(fw,"DispDev_EnableEventProc",dd_enable_p,NULL); fw 1138 tools/finsig_thumb2.c disasm_iter_init(fw,is,dd_enable_p); // start at found func fw 1139 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,4,match_b_bl)) { // find the first bl fw 1142 tools/finsig_thumb2.c if(get_call_const_args(fw,is,4,regs)&1) { fw 1145 tools/finsig_thumb2.c save_sig(fw,"RegisterEventProcTable",reg_evp_tbl); fw 1153 tools/finsig_thumb2.c int sig_match_reg_evp_alt2(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1157 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 1165 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 1166 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 1170 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_b_bl)) { fw 1175 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&3)==3) { fw 1183 tools/finsig_thumb2.c save_sig(fw,"RegisterEventProcedure_alt2",reg_evp_alt2); fw 1195 tools/finsig_thumb2.c int sig_match_unreg_evp_table(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1197 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 1207 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 1208 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 1213 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_b_bl)) { fw 1216 tools/finsig_thumb2.c uint32_t reg_call=get_branch_call_insn_target(fw,is); fw 1223 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&3)==3) { fw 1235 tools/finsig_thumb2.c disasm_iter_init(fw,is,mecha_unreg); fw 1237 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,7,match_b_bl)) { fw 1245 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,18,match_ldr_r0)) { fw 1248 tools/finsig_thumb2.c uint32_t tbl=LDR_PC2val(fw,is->insn); fw 1252 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 1256 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 1261 tools/finsig_thumb2.c int sig_match_evp_table_veneer(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1268 tools/finsig_thumb2.c disasm_iter_init(fw,is,ref_adr); // start at our known function fw 1271 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) { fw 1272 tools/finsig_thumb2.c disasm_iter_set(fw,is,(is->adr+2) | fw->thumb_default); fw 1276 tools/finsig_thumb2.c uint32_t b_adr = get_branch_call_insn_target(fw,is); fw 1279 tools/finsig_thumb2.c add_func_name(fw,rule->name,cadr | is->thumb,NULL); fw 1290 tools/finsig_thumb2.c int sig_match_createtaskstrictly_alt(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1292 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 1298 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 1299 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 1303 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,4,match_b_bl_blximm)) { fw 1304 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); fw 1316 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 1324 tools/finsig_thumb2.c int sig_match_createtask_alt(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1331 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1334 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { fw 1338 tools/finsig_thumb2.c uint32_t adr = get_branch_call_insn_target(fw,is); fw 1350 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 1354 tools/finsig_thumb2.c int sig_match_get_nd_value(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1361 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1364 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,16,"ClearEventFlag")) { fw 1368 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 1373 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 1374 tools/finsig_thumb2.c disasm_iter(fw,is); fw 1375 tools/finsig_thumb2.c if (B_target(fw,is->insn)) fw 1376 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 1378 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_bl_blximm)) { fw 1382 tools/finsig_thumb2.c uint32_t addr=get_branch_call_insn_target(fw,is); fw 1387 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,addr); fw 1390 tools/finsig_thumb2.c int sig_match_get_current_exp(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1392 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1395 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,2,match_bl_blximm)) { fw 1400 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 1401 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { fw 1406 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 1407 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { fw 1411 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 1414 tools/finsig_thumb2.c int sig_match_get_current_nd_value(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1420 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1423 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,36,"GetCurrentShutterSpeed_FW")) { fw 1434 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,10,match_bl_strh)) { fw 1439 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,1)); fw 1440 tools/finsig_thumb2.c disasm_iter(fw,is); fw 1441 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 1444 tools/finsig_thumb2.c int sig_match_get_current_deltasv(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1446 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1449 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,36,"GetCurrentShutterSpeed_FW")) { fw 1460 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,8,match_bl_strh)) { fw 1465 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,1)); fw 1466 tools/finsig_thumb2.c disasm_iter(fw,is); fw 1467 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 1471 tools/finsig_thumb2.c int sig_match_imager_active_callback(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1473 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1484 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,28,match_ldr_bl_mov_pop)) { fw 1489 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,3)); fw 1491 tools/finsig_thumb2.c disasm_iter(fw,is); fw 1492 tools/finsig_thumb2.c uint32_t f1=LDR_PC2val(fw,is->insn); fw 1495 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,f1); fw 1497 tools/finsig_thumb2.c int sig_match_imager_active(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1499 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1512 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,10,match_ldr_mov_str_pop)) { fw 1514 tools/finsig_thumb2.c init_disasm_sig_ref(fw,is,rule); fw 1522 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,10,match_mov_ldr_str_pop)) { fw 1529 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,backtrack)); fw 1530 tools/finsig_thumb2.c disasm_iter(fw,is); fw 1531 tools/finsig_thumb2.c uint32_t base=LDR_PC2val(fw,is->insn); fw 1536 tools/finsig_thumb2.c disasm_iter(fw,is); fw 1538 tools/finsig_thumb2.c disasm_iter(fw,is); fw 1550 tools/finsig_thumb2.c int sig_match_screenlock_helper(firmware *fw, iter_state_t *is, sig_rule_t *rule) { fw 1551 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1570 tools/finsig_thumb2.c if(insn_match_find_next_seq(fw,is,6,match_cmp_bne_bl)) { fw 1571 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,init_adr); fw 1577 tools/finsig_thumb2.c disasm_iter_init(fw,is,init_adr); fw 1578 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,1,match_ldrpc_mov_b)) { fw 1582 tools/finsig_thumb2.c disasm_iter_init(fw,is,init_adr); fw 1583 tools/finsig_thumb2.c disasm_iter(fw,is); fw 1584 tools/finsig_thumb2.c uint32_t adr = LDR_PC2val(fw,is->insn); fw 1589 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); fw 1591 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,6,match_cmp_bne_bl)) { fw 1595 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 1598 tools/finsig_thumb2.c int sig_match_fclose_low(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1600 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1604 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,24,"strlen")) { fw 1608 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,26,"malloc")) { fw 1612 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,14,"strcpy")) { fw 1617 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,12,3,match_bl_blximm)) { fw 1621 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 1624 tools/finsig_thumb2.c int sig_match_screenunlock(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1626 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1630 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,14,"ScreenLock")) { fw 1641 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,38,match_end)) { fw 1646 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 1650 tools/finsig_thumb2.c int sig_match_log_camera_event(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1652 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1655 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { fw 1660 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&3)!=3) { fw 1668 tools/finsig_thumb2.c const char *str=(char *)adr2ptr(fw,regs[1]); fw 1673 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 1677 tools/finsig_thumb2.c int sig_match_physw_misc(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1679 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1680 tools/finsig_thumb2.c osig* ostub2 = find_sig(fw->sv->stubs,rule->ref_name); fw 1683 tools/finsig_thumb2.c disasm_iter_init(fw,is,ostub2->val); fw 1693 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 1697 tools/finsig_thumb2.c physw_run=LDR_PC2val(fw,is->insn); fw 1699 tools/finsig_thumb2.c if(adr_is_var(fw,physw_run)) { fw 1713 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,7,match_bl_blximm)) { fw 1721 tools/finsig_thumb2.c uint32_t f=get_branch_call_insn_target(fw,is); fw 1725 tools/finsig_thumb2.c fw_disasm_iter_single(fw,f); fw 1726 tools/finsig_thumb2.c uint32_t f2=get_direct_jump_target(fw,fw->is); fw 1732 tools/finsig_thumb2.c save_sig_with_j(fw,"SleepTask",f); fw 1735 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,1)); fw 1736 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 1747 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 1753 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,2,match_bl_blximm)) { fw 1756 tools/finsig_thumb2.c save_sig(fw,"kbd_p1_f",get_branch_call_insn_target(fw,is)); fw 1759 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 1762 tools/finsig_thumb2.c save_sig(fw,"kbd_p2_f",get_branch_call_insn_target(fw,is)); fw 1766 tools/finsig_thumb2.c int sig_match_kbd_read_keys(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1768 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1772 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 1775 tools/finsig_thumb2.c save_sig(fw,"kbd_read_keys",get_branch_call_insn_target(fw,is)); fw 1776 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 1780 tools/finsig_thumb2.c uint32_t physw_status=LDR_PC2val(fw,is->insn); fw 1783 tools/finsig_thumb2.c save_sig(fw,"kbd_p1_f_cont",(uint32_t)(is->insn->address) | is->thumb); fw 1790 tools/finsig_thumb2.c int sig_match_get_kbd_state(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1792 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1802 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,11,match)) { fw 1805 tools/finsig_thumb2.c save_sig_with_j(fw,"GetKbdState",get_branch_call_insn_target(fw,is)); fw 1807 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_b_bl_blximm)) { fw 1810 tools/finsig_thumb2.c save_sig_with_j(fw,"kbd_read_keys_r2",get_branch_call_insn_target(fw,is)); fw 1814 tools/finsig_thumb2.c int sig_match_get_dial_hw_position(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1816 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1819 tools/finsig_thumb2.c uint32_t adr = find_last_call_from_func(fw,is,18,50); fw 1825 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); fw 1826 tools/finsig_thumb2.c adr = find_last_call_from_func(fw,is,16,32); fw 1832 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); fw 1834 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,30,match_bl_blximm)) { fw 1838 tools/finsig_thumb2.c uint32_t fadr = get_branch_call_insn_target(fw,is); fw 1840 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,4)); fw 1847 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_hw_dial_call)) { fw 1851 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,fadr); fw 1854 tools/finsig_thumb2.c int sig_match_create_jumptable(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1856 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1860 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,20,2,match_bl_blximm)) { fw 1864 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 1865 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,15,match_bl_blximm)) { fw 1869 tools/finsig_thumb2.c save_sig(fw,"CreateJumptable",get_branch_call_insn_target(fw,is)); fw 1874 tools/finsig_thumb2.c int sig_match_take_semaphore_strict(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1876 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 1880 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { fw 1884 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 1886 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,10,2,match_bl_blximm)) { fw 1890 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 1892 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,20,3,match_bl_blximm)) { fw 1895 tools/finsig_thumb2.c save_sig_with_j(fw,"DebugAssert",get_branch_call_insn_target(fw,is)); fw 1898 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,7,match_bl_blximm)) { fw 1901 tools/finsig_thumb2.c save_sig_with_j(fw,"TakeSemaphoreStrictly",get_branch_call_insn_target(fw,is)); fw 1907 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); fw 1908 tools/finsig_thumb2.c cs_insn *insn=fw->is->insn; fw 1921 tools/finsig_thumb2.c sem_adr=LDR_PC2val(fw,insn); fw 1931 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,10,match_bl_blximm)) { fw 1934 tools/finsig_thumb2.c return save_sig_with_j(fw,"GetDrive_FreeClusters",get_branch_call_insn_target(fw,is)); fw 1937 tools/finsig_thumb2.c int sig_match_get_semaphore_value(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1939 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 1945 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 1947 tools/finsig_thumb2.c if(!fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 1955 tools/finsig_thumb2.c if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) { fw 1959 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_bl_blximm)){ fw 1960 tools/finsig_thumb2.c fadr=get_branch_call_insn_target(fw,fw->is); fw 1969 tools/finsig_thumb2.c disasm_iter_init(fw,is,fadr); fw 1971 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,9,match_bl_blximm)) { fw 1975 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 1978 tools/finsig_thumb2.c int sig_match_stat(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 1980 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 1987 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 1988 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 1990 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,2,match_bl_blximm)) { fw 1991 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); fw 1993 tools/finsig_thumb2.c if(is_sig_call(fw,is,"Fopen_Fut_FW")) { fw 1997 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 2014 tools/finsig_thumb2.c int sig_match_open(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2016 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2019 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,48,match_open_mov_call)) { fw 2022 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2026 tools/finsig_thumb2.c int sig_match_umalloc(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2028 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2032 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,15,3,match_bl_blximm)) { fw 2036 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2038 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,14,3,match_bl_blximm)) { fw 2041 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2045 tools/finsig_thumb2.c int sig_match_ufree(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2047 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2051 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,60,"strcpy_FW")) { fw 2055 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,12,3,match_bl_blximm)) { fw 2059 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2061 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,40,"Close_FW")) { fw 2065 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 2068 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2071 tools/finsig_thumb2.c int sig_match_deletefile_fut(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2073 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 2079 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 2080 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 2082 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 2086 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); fw 2087 tools/finsig_thumb2.c if(!fw_disasm_iter_single(fw,adr)) { fw 2099 tools/finsig_thumb2.c if(!insn_match_any(fw->is->insn,match_mov_r1)){ fw 2102 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 2107 tools/finsig_thumb2.c uint32_t find_call_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule); fw 2109 tools/finsig_thumb2.c int sig_match_closedir(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2111 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 2117 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 2118 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 2119 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,60,"sprintf_FW")) { fw 2122 tools/finsig_thumb2.c if(insn_match_find_nth(fw,is,7,2,match_bl_blximm)) { fw 2123 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2127 tools/finsig_thumb2.c uint32_t call_adr = find_call_near_str(fw,is,rule); fw 2129 tools/finsig_thumb2.c disasm_iter_init(fw,is,call_adr); // reset to a bit before where the string was found fw 2136 tools/finsig_thumb2.c if(insn_match_seq(fw,is,match_closedir)){ fw 2137 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2145 tools/finsig_thumb2.c int save_sig_match_call(firmware* fw, sig_rule_t *rule, uint32_t call_adr) fw 2147 tools/finsig_thumb2.c disasm_iter_init(fw,fw->is,call_adr); // reset to a bit before where the string was found fw 2148 tools/finsig_thumb2.c disasm_iter(fw,fw->is); fw 2149 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,fw->is)); fw 2152 tools/finsig_thumb2.c int sig_match_readfastdir(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2155 tools/finsig_thumb2.c str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 2169 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 2170 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 2173 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,2)); fw 2174 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_bl_blximm)) { fw 2175 tools/finsig_thumb2.c uint32_t call_adr = iter_state_adr(fw->is); fw 2176 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,1)); fw 2177 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_cbnz_r0)) { fw 2178 tools/finsig_thumb2.c return save_sig_match_call(fw, rule, call_adr); fw 2184 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); fw 2185 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_bl_blximm)) { fw 2186 tools/finsig_thumb2.c uint32_t call_adr = iter_state_adr(fw->is); fw 2187 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i-1)); fw 2188 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_cbz_r0)) { fw 2189 tools/finsig_thumb2.c uint32_t b_adr = get_branch_call_insn_target(fw,fw->is); fw 2191 tools/finsig_thumb2.c return save_sig_match_call(fw, rule, call_adr); fw 2201 tools/finsig_thumb2.c int sig_match_strrchr(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2206 tools/finsig_thumb2.c uint32_t call_adr = find_call_near_str(fw,is,rule); fw 2208 tools/finsig_thumb2.c disasm_iter_init(fw,is,call_adr-4); // reset to a bit before where the string was found fw 2213 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,2,match_mov_r1_imm)){ fw 2214 tools/finsig_thumb2.c return save_sig_match_call(fw, rule, call_adr); fw 2221 tools/finsig_thumb2.c int sig_match_time(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2223 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 2230 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 2231 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 2233 tools/finsig_thumb2.c if(insn_match_find_nth(fw,is,6,2,match_bl_blximm)) { fw 2234 tools/finsig_thumb2.c fadr=get_branch_call_insn_target(fw,is); fw 2242 tools/finsig_thumb2.c disasm_iter_init(fw,is,fadr); fw 2244 tools/finsig_thumb2.c if(insn_match_find_nth(fw,is,11,2,match_bl_blximm)) { fw 2245 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2250 tools/finsig_thumb2.c int sig_match_strncpy(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2252 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2255 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,60,"strcpy_FW")) { fw 2258 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { fw 2261 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2264 tools/finsig_thumb2.c int sig_match_strncmp(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2266 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 2272 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 2273 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 2274 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { fw 2278 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&6)==6) { fw 2281 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2288 tools/finsig_thumb2.c int sig_match_strtolx(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2290 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2293 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,130,"strncpy")) { fw 2297 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { fw 2300 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); fw 2305 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); fw 2306 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 2320 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 2324 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2328 tools/finsig_thumb2.c int sig_match_exec_evp(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2330 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 2336 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 2337 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 2341 tools/finsig_thumb2.c if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) { fw 2344 tools/finsig_thumb2.c if(fw->is->insn->id == ARM_INS_PUSH && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0) { fw 2346 tools/finsig_thumb2.c uint32_t adr=(uint32_t)(fw->is->insn->address) | is->thumb; fw 2348 tools/finsig_thumb2.c if(find_next_sig_call(fw,is,28,"DebugAssert")) { fw 2351 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 2358 tools/finsig_thumb2.c int sig_match_fgets_fut(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2360 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2363 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,16,"Fopen_Fut_FW")) { fw 2366 tools/finsig_thumb2.c disasm_iter(fw,is); fw 2367 tools/finsig_thumb2.c disasm_iter(fw,is); fw 2368 tools/finsig_thumb2.c if (B_target(fw,is->insn) && (is->insn->detail->arm.cc == ARM_CC_NE)) { fw 2369 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2371 tools/finsig_thumb2.c if (B_target(fw,is->insn) && (is->insn->detail->arm.cc == ARM_CC_NE)) { fw 2372 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2375 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,20,1,match_bl_blximm)) { fw 2378 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2381 tools/finsig_thumb2.c int sig_match_log(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2383 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2391 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,38,3,match_pop6)) { fw 2395 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,24,3,match_bl_blximm)) { fw 2398 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2402 tools/finsig_thumb2.c int sig_match_pow_dry_52(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2404 tools/finsig_thumb2.c if (fw->dryos_ver != 52) { fw 2407 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2415 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,50,match_ldrd_r0_r1)) { fw 2422 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 2426 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); fw 2430 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 2434 tools/finsig_thumb2.c int sig_match_pow_dry_gt_52(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2436 tools/finsig_thumb2.c if (fw->dryos_ver <= 52) { fw 2439 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2462 tools/finsig_thumb2.c if(insn_match_find_next_seq(fw,is,50,match1[idx])) fw 2464 tools/finsig_thumb2.c init_disasm_sig_ref(fw,is,rule); fw 2470 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); fw 2475 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); fw 2492 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,15,match2[idx])) { fw 2495 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2498 tools/finsig_thumb2.c int sig_match_sqrt(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2500 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2504 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,12,3,match_bl_blximm)) { fw 2508 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2509 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 2513 tools/finsig_thumb2.c uint32_t j_tgt=get_direct_jump_target(fw,is); fw 2517 tools/finsig_thumb2.c disasm_iter_init(fw,is,j_tgt); fw 2518 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 2524 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,12,2,match_b_bl_blximm)) { fw 2527 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2529 tools/finsig_thumb2.c int sig_match_get_drive_cluster_size(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2531 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2535 tools/finsig_thumb2.c if(fw_search_insn(fw,is,search_disasm_str_ref,0,"A/OpLogErr.txt",(uint32_t)is->adr+260)) { fw 2537 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { fw 2542 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2544 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,13,2,match_bl_blximm)) { fw 2549 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2550 tools/finsig_thumb2.c disasm_iter(fw,is); fw 2551 tools/finsig_thumb2.c if (B_target(fw, is->insn)) fw 2552 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2554 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 2558 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2563 tools/finsig_thumb2.c int sig_match_mktime_ext(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2565 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 2571 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 2572 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 2574 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,12,"sscanf_FW")) { fw 2579 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,22,match_bl_blximm)) { fw 2584 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2585 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 2589 tools/finsig_thumb2.c uint32_t j_tgt=get_direct_jump_target(fw,is); fw 2593 tools/finsig_thumb2.c disasm_iter_init(fw,is,j_tgt); fw 2594 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 2606 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,54,match_pop4)) { fw 2610 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_b)) { fw 2614 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2620 tools/finsig_thumb2.c int sig_match_rec2pb(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2622 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 2628 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 2629 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 2635 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,10,match_ldr_cbnz_r0)) { fw 2640 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2641 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_b_bl_blximm)) { fw 2648 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2649 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,16,"LogCameraEvent")) { fw 2654 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&3)!=3) { fw 2659 tools/finsig_thumb2.c if(regs[0]==0x60 && adr2ptr(fw,regs[1]) && (strcmp((const char *)adr2ptr(fw,regs[1]),"AC:Rec2PB")==0)) { fw 2660 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 2670 tools/finsig_thumb2.c int sig_match_get_parameter_data(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2672 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2680 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,4,match_cmp_bhs)) { fw 2685 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2686 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_b)) { fw 2690 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2696 tools/finsig_thumb2.c int sig_match_prepdir_x(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2698 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2708 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_mov_r1_1)) { fw 2712 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_b)) { fw 2716 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2722 tools/finsig_thumb2.c int sig_match_prepdir_1(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2724 tools/finsig_thumb2.c uint32_t call_adr = find_call_near_str(fw,is,rule); fw 2726 tools/finsig_thumb2.c disasm_iter_init(fw,is,call_adr); fw 2727 tools/finsig_thumb2.c disasm_iter(fw,is); fw 2728 tools/finsig_thumb2.c disasm_iter(fw,is); fw 2729 tools/finsig_thumb2.c if (!CBx_target(fw,is->insn)) fw 2732 tools/finsig_thumb2.c call_adr = find_call_near_str(fw,is,rule); fw 2736 tools/finsig_thumb2.c disasm_iter_init(fw,is,call_adr); fw 2737 tools/finsig_thumb2.c disasm_iter(fw,is); fw 2738 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2743 tools/finsig_thumb2.c call_adr = find_call_near_str(fw,is,rule); fw 2747 tools/finsig_thumb2.c return save_sig_match_call(fw, rule, call_adr); fw 2750 tools/finsig_thumb2.c int sig_match_prepdir_0(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2752 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2761 tools/finsig_thumb2.c disasm_iter(fw,is); fw 2762 tools/finsig_thumb2.c disasm_iter(fw,is); fw 2772 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_mov_r1_1)) { fw 2776 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_b)) { fw 2780 tools/finsig_thumb2.c uint32_t pdx=get_branch_call_insn_target(fw,is); fw 2785 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 2787 tools/finsig_thumb2.c int sig_match_mkdir(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2789 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2799 tools/finsig_thumb2.c if(insn_match_find_next_seq(fw,is,148,match)) { fw 2800 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2803 tools/finsig_thumb2.c init_disasm_sig_ref(fw,is,rule); fw 2811 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,148,match2)) { fw 2815 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2818 tools/finsig_thumb2.c int sig_match_add_ptp_handler(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2820 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 2826 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 2827 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 2829 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,8,"CreateTaskStrictly")) { fw 2834 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,13,3,match_bl_blximm)) { fw 2840 tools/finsig_thumb2.c if((get_call_const_args(fw,is,5,regs)&7)!=7) { fw 2844 tools/finsig_thumb2.c if(regs[0] < 0x9000 || regs[0] > 0x10000 || !adr2ptr(fw,regs[1]) || regs[2] != 0) { fw 2848 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2852 tools/finsig_thumb2.c int sig_match_qsort(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2854 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 2857 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,90,"DebugAssert")) { fw 2861 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,38,3,match_bl_blximm)) { fw 2866 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2868 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 2869 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 2871 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,14,match_bl_blximm)) { fw 2877 tools/finsig_thumb2.c if((get_call_const_args(fw,is,5,regs)&0xe)!=0xe) { fw 2881 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2891 tools/finsig_thumb2.c int sig_match_deletedirectory_fut(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2893 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 2900 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - 2048) | fw->thumb_default); // reset to a bit before where the string was found fw 2902 tools/finsig_thumb2.c while(find_next_sig_call(fw,is,end_adr - (uint32_t)is->adr,"DeleteFile_Fut")) { fw 2903 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { fw 2907 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"strcpy")) { fw 2911 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 2915 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"strrchr")) { fw 2921 tools/finsig_thumb2.c if((get_call_const_args(fw,is,2,regs)&0x2)!=0x2) { fw 2929 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_bl_blximm)) { fw 2933 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2947 tools/finsig_thumb2.c int sig_match_set_control_event(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2949 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 2955 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 2956 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 2957 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 2961 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"LogCameraEvent")) { fw 2971 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,1,match_seq)) { fw 2975 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 2980 tools/finsig_thumb2.c int sig_match_displaybusyonscreen_52(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 2982 tools/finsig_thumb2.c if (fw->dryos_ver != 52) { fw 2985 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 2990 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 2991 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 2992 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { fw 2996 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"LogCameraEvent")) { fw 3000 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,4,"GUISrv_StartGUISystem_FW")) { fw 3004 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,5,2,match_bl_blximm)) { fw 3008 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3013 tools/finsig_thumb2.c int sig_match_undisplaybusyonscreen_52(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3015 tools/finsig_thumb2.c if (fw->dryos_ver != 52) { fw 3018 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 3023 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 3024 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 3026 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,24,"displaybusyonscreen")) { fw 3030 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,12,"GUISrv_StartGUISystem_FW")) { fw 3034 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,6,3,match_bl_blximm)) { fw 3038 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3043 tools/finsig_thumb2.c int sig_match_try_take_sem_dry_gt_57(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3045 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3048 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,24,"ReceiveMessageQueue")) { fw 3052 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,60,"bzero")) { fw 3056 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,3,match_bl_blximm)) { fw 3057 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3063 tools/finsig_thumb2.c int sig_match_wait_all_eventflag_strict(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3065 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3068 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,"EFTool.c"); fw 3073 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,60,"SleepTask")) { fw 3078 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,is->adr + 60)) { fw 3079 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { fw 3083 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3088 tools/finsig_thumb2.c int sig_match_get_num_posted_messages(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3090 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3093 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,50,"TakeSemaphore")) { fw 3098 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_bl_blximm)) { fw 3102 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3105 tools/finsig_thumb2.c int sig_match_set_hp_timer_after_now(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3107 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 3112 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 3113 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 3114 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,20,"ClearEventFlag")) { fw 3119 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,13,3,match_bl_blximm)) { fw 3125 tools/finsig_thumb2.c uint32_t found_regs = get_call_const_args(fw,is,6,regs); fw 3130 tools/finsig_thumb2.c if((found_regs & 0x2 && regs[1] > fw->rom_code_search_min_adr) fw 3131 tools/finsig_thumb2.c || (found_regs & 0x4 && regs[2] > fw->rom_code_search_min_adr)) { fw 3132 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3143 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3147 tools/finsig_thumb2.c int sig_match_transfer_src_overlay(firmware *fw, iter_state_t *is, sig_rule_t *rule) { fw 3148 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3152 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,32,"DebugAssert")) { fw 3157 tools/finsig_thumb2.c if(!find_and_get_var_ldr(fw, is, 20,4, ARM_REG_R0, &desc)) { fw 3162 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_bl_blximm)) { fw 3167 tools/finsig_thumb2.c uint32_t fadr = get_branch_call_insn_target(fw,is); fw 3180 tools/finsig_thumb2.c if(insn_match_find_next_seq(fw,is,1,bm_buf_match)) { fw 3195 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,fadr); fw 3199 tools/finsig_thumb2.c int sig_match_exmem_vars(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3202 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3207 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,15,match_ldr_pc)) { fw 3211 tools/finsig_thumb2.c adr[0]=LDR_PC2val(fw,is->insn); fw 3213 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_ldr_pc)) { fw 3217 tools/finsig_thumb2.c adr[1]=LDR_PC2val(fw,is->insn); fw 3222 tools/finsig_thumb2.c if (adr[n] < fw->data_start+fw->data_len) { fw 3223 tools/finsig_thumb2.c uint32_t ladr = adr[n]-fw->data_start+fw->data_init_start; fw 3228 tools/finsig_thumb2.c if ( (fw_u32(fw,ladr+m*4)!=0) && isASCIIstring(fw, fw_u32(fw,ladr+m*4)) ) fw 3230 tools/finsig_thumb2.c char *extyp = (char*)adr2ptr(fw, fw_u32(fw,ladr+m*4)); fw 3243 tools/finsig_thumb2.c else if (adr[n] < fw->memisostart) { fw 3251 tools/finsig_thumb2.c int sig_match_zicokick_52(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3253 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 3258 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 3261 tools/finsig_thumb2.c if(!fw_search_insn(fw,is,search_disasm_str_ref,0,rule->ref_name,(uint32_t)is->adr+SEARCH_NEAR_REF_RANGE)) { fw 3266 tools/finsig_thumb2.c if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,1))) { fw 3270 tools/finsig_thumb2.c if (!(isLDR_PC(fw->is->insn) && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0)) { fw 3275 tools/finsig_thumb2.c uint32_t adr=(uint32_t)(fw->is->insn->address) | is->thumb; fw 3277 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 3282 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 3287 tools/finsig_thumb2.c int sig_match_zicokick_gt52(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3289 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 3294 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 3297 tools/finsig_thumb2.c if(!fw_search_insn(fw,is,search_disasm_str_ref,0,rule->ref_name,(uint32_t)is->adr+SEARCH_NEAR_REF_RANGE)) { fw 3306 tools/finsig_thumb2.c if (!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) { fw 3310 tools/finsig_thumb2.c if (fw->is->insn->id == ARM_INS_PUSH && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R4) { fw 3311 tools/finsig_thumb2.c if (!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i+1))) { fw 3315 tools/finsig_thumb2.c if (isLDR_PC(fw->is->insn) && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0) { fw 3316 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,(uint32_t)(fw->is->insn->address) | is->thumb); fw 3323 tools/finsig_thumb2.c int sig_match_zicokick_copy(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3325 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3338 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,30,match_ldrs_bl)) { fw 3343 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3346 tools/finsig_thumb2.c int sig_match_zicokick_values(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3348 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3354 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,64,"zicokick_copy")) { fw 3360 tools/finsig_thumb2.c if((get_call_const_args(fw,is,7,regs)&0x7)==0x7) { fw 3365 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,8,"zicokick_copy")) { fw 3378 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) { fw 3383 tools/finsig_thumb2.c uint32_t u = LDR_PC2val(fw,is->insn); fw 3384 tools/finsig_thumb2.c if ((u<fw->base+fw->size8) && (u>fw->rom_code_search_max_adr)) { fw 3400 tools/finsig_thumb2.c u = fw_u32(fw, uv[j]); fw 3439 tools/finsig_thumb2.c int sig_match_init_ex_drivers(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3441 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3448 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) { fw 3452 tools/finsig_thumb2.c uint32_t b_tgt = get_branch_call_insn_target(fw,is); fw 3458 tools/finsig_thumb2.c disasm_iter_init(fw,is,b_tgt); fw 3459 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) { fw 3465 tools/finsig_thumb2.c if(find_next_sig_call(fw,is,30,"DebugAssert")) { fw 3467 tools/finsig_thumb2.c if((get_call_const_args(fw,is,5,regs)&0x2)==0x2) { fw 3468 tools/finsig_thumb2.c const char *str=(char *)adr2ptr(fw,regs[1]); fw 3470 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,b_tgt); fw 3475 tools/finsig_thumb2.c disasm_iter_init(fw,is,next_adr); fw 3480 tools/finsig_thumb2.c int sig_match_omar_init(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3482 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3485 tools/finsig_thumb2.c uint32_t fadr = find_last_call_from_func(fw,is,20,42); fw 3491 tools/finsig_thumb2.c disasm_iter_init(fw,is,fadr); fw 3492 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,44,"dry_memcpy")) { fw 3498 tools/finsig_thumb2.c if((get_call_const_args(fw,is,5,regs)&0x6)!=0x6) { fw 3502 tools/finsig_thumb2.c if(regs[2] != 0x18 || !adr2ptr(fw,regs[1])) { fw 3511 tools/finsig_thumb2.c uint32_t dst = fw_u32(fw,dadr + i*12); fw 3512 tools/finsig_thumb2.c uint32_t src = fw_u32(fw,dadr + i*12 + 4); fw 3513 tools/finsig_thumb2.c uint32_t bsize = fw_u32(fw,dadr + i*12 + 8); fw 3531 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,fadr); fw 3534 tools/finsig_thumb2.c int sig_match_init_error_handlers(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3536 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3539 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,64,"init_ex_drivers")) { fw 3543 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,4,2,match_bl_blximm)) { fw 3547 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3550 tools/finsig_thumb2.c int sig_match_default_assert_handler(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3552 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3555 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,14,"set_assert_handler")) { fw 3561 tools/finsig_thumb2.c if((get_call_const_args(fw,is,1,regs)&0x1)!=0x1) { fw 3565 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,regs[0]); fw 3568 tools/finsig_thumb2.c int sig_match_default_exception_handler(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3570 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3573 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,20,"set_exception_handler")) { fw 3579 tools/finsig_thumb2.c if((get_call_const_args(fw,is,1,regs)&0x1)!=0x1) { fw 3583 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,regs[0]); fw 3586 tools/finsig_thumb2.c int sig_match_default_panic_handler(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3588 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3591 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,28,"set_panic_handler")) { fw 3597 tools/finsig_thumb2.c if((get_call_const_args(fw,is,1,regs)&0x1)!=0x1) { fw 3601 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,regs[0]); fw 3604 tools/finsig_thumb2.c int sig_match_get_task_properties(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3606 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3609 tools/finsig_thumb2.c if(fw_search_insn(fw,is,search_disasm_str_ref,0,"Occured Time %s\n",(uint32_t)is->adr+170)) { fw 3611 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,16,"dry_error_printf")) { fw 3615 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 3619 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3625 tools/finsig_thumb2.c int sig_match_enable_hdmi_power(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3627 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3630 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,14,"CreateEventFlagStrictly")) { fw 3639 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,4,match_seq)) { fw 3644 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) { fw 3647 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3650 tools/finsig_thumb2.c int sig_match_disable_hdmi_power(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3652 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3655 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,24,"EnableHDMIPower")) { fw 3659 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,22,"ClearEventFlag")) { fw 3669 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,12,match_seq)) { fw 3674 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,2)); fw 3675 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) { fw 3678 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3681 tools/finsig_thumb2.c int sig_match_levent_table(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3683 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3686 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 3691 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 3694 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 3700 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 3703 tools/finsig_thumb2.c disasm_iter(fw,is); fw 3704 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); fw 3709 tools/finsig_thumb2.c uint32_t *p=(uint32_t *)adr2ptr(fw,adr); fw 3722 tools/finsig_thumb2.c int sig_match_flash_param_table(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3724 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3728 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,14,match_bl_blximm)) { fw 3732 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"DebugAssert")) { fw 3736 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,7,match_bl_blximm)) { fw 3740 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"DebugAssert")) { fw 3744 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,8,match_bl_blximm)) { fw 3748 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"DebugAssert")) { fw 3753 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,14,2,match_bl_blximm)) { fw 3758 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 3761 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,8,match_bl_blximm)) { fw 3767 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 3769 tools/finsig_thumb2.c disasm_iter(fw,is); fw 3770 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); fw 3778 tools/finsig_thumb2.c int sig_match_jpeg_count_str(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3780 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 3786 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 3787 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 3789 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { fw 3793 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"sprintf_FW")) { fw 3799 tools/finsig_thumb2.c if((get_call_const_args(fw,is,5,regs)&0x3)!=0x3) { fw 3807 tools/finsig_thumb2.c if(!adr_is_var(fw,regs[0])) { fw 3818 tools/finsig_thumb2.c int sig_match_misc_flag_named(__attribute__ ((unused))firmware *fw, __attribute__ ((unused))iter_state_t *is, sig_rule_t *rule) fw 3825 tools/finsig_thumb2.c int sig_match_dry_memset(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3827 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3830 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 3835 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 3836 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,12,3,match_bl_blximm)) { fw 3840 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3843 tools/finsig_thumb2.c int sig_match_dry_memzero(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3845 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3848 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { fw 3853 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 3854 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,7,match_bl_blximm)) { fw 3858 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3863 tools/finsig_thumb2.c int sig_match_dry_memzero(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3865 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3875 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,1,match_start)) { fw 3880 tools/finsig_thumb2.c uint32_t adr = get_branch_call_insn_target(fw,is) - 4; fw 3881 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); fw 3886 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_mov_r2_0)) { fw 3890 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 3894 tools/finsig_thumb2.c int sig_match_dry_memcpy_bytes(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3896 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3899 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,7,match_bl_blximm)) { fw 3904 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 3912 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,20,match_end)) { fw 3916 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3920 tools/finsig_thumb2.c int sig_match_cam_has_iris_diaphragm(__attribute__ ((unused))firmware *fw, __attribute__ ((unused))iter_state_t *is, sig_rule_t *rule) fw 3935 tools/finsig_thumb2.c int sig_match_cam_uncached_bit(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3937 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3944 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,4,match_bic_r0)) { fw 3951 tools/finsig_thumb2.c int sig_match_umalloc_strictly(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3953 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 3959 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 3960 tools/finsig_thumb2.c if(!fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 3968 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { fw 3972 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"CreateTaskStrictly")) { fw 3977 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_b_bl_blximm)) { fw 3982 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 3983 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,10,match_bl_blximm)) { fw 3987 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 3990 tools/finsig_thumb2.c int sig_match_dcache_clean_flush_and_disable(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 3992 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 3995 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,44,"GetSRAndDisableInterrupt")) { fw 3999 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,2,match_bl_blximm)) { fw 4003 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 4006 tools/finsig_thumb2.c int sig_match_get_rom_id(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4008 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4012 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4017 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4034 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,1,match_seq)) { fw 4042 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 4045 tools/finsig_thumb2.c int sig_match_dcache_flush_and_enable(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4047 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4050 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,12,"GetSRAndDisableInterrupt")) { fw 4054 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,8,"dcache_clean_flush_and_disable")) { fw 4060 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,112,"SetSR")) { fw 4065 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,2)); fw 4066 tools/finsig_thumb2.c disasm_iter(fw,is); fw 4067 tools/finsig_thumb2.c uint32_t adr = get_branch_call_insn_target(fw,is); fw 4072 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 4076 tools/finsig_thumb2.c int sig_match_physw_event_table(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4078 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4082 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_ldr_pc)) { fw 4086 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); fw 4091 tools/finsig_thumb2.c if(!adr2ptr(fw,adr)) { fw 4098 tools/finsig_thumb2.c int sig_match_uiprop_count(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4100 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4103 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,38,"DebugAssert")) { fw 4107 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,14,"DebugAssert")) { fw 4116 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,3,match_bic_cmp)) { fw 4124 tools/finsig_thumb2.c int sig_match_get_canon_mode_list(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4126 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); fw 4133 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 4134 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { fw 4136 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,4,"LogCameraEvent")) { fw 4141 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4153 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,2,2,match_bl_blximm)) { fw 4164 tools/finsig_thumb2.c adr=get_branch_call_insn_target(fw,is); fw 4171 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); fw 4172 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,40,"TakeSemaphoreStrictly")) { fw 4177 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,12,2,match_b_bl_blximm)) { fw 4182 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 4190 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,64,match_loop)) { fw 4194 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,2,match_bl_blximm)) { fw 4199 tools/finsig_thumb2.c adr=get_branch_call_insn_target(fw,is); fw 4201 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); fw 4207 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,1,match_ldr_r0_ret)) { fw 4211 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,adr); fw 4214 tools/finsig_thumb2.c int sig_match_zoom_busy(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4216 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4220 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_bl_blximm)) { fw 4225 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 4227 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_ldr_pc)) { fw 4231 tools/finsig_thumb2.c uint32_t base=LDR_PC2val(fw,is->insn); fw 4235 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,40,"TakeSemaphoreStrictly")) { fw 4239 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4254 tools/finsig_thumb2.c int sig_match_focus_busy(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4256 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4260 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,40,"TakeSemaphore")) { fw 4265 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_bl_blximm)) { fw 4270 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 4272 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_ldr_pc)) { fw 4276 tools/finsig_thumb2.c uint32_t base=LDR_PC2val(fw,is->insn); fw 4280 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,50,"TakeSemaphoreStrictly")) { fw 4289 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,10,match_ldr)) { fw 4294 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,1)); fw 4295 tools/finsig_thumb2.c disasm_iter(fw,is); fw 4304 tools/finsig_thumb2.c int sig_match_aram_size(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4306 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4315 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,15,match_ldr_r0_sp_cmp)) { fw 4327 tools/finsig_thumb2.c int sig_match_aram_size_gt58(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4329 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4344 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,15,match_ldrd_r0r1_mov)) { fw 4345 tools/finsig_thumb2.c init_disasm_sig_ref(fw,is,rule); // reset to start fw 4346 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,15,match_ldrd_r2r1_mov)) { fw 4359 tools/finsig_thumb2.c int sig_match_aram_start(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4361 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4365 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,50,"DebugAssert")) { fw 4375 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,15,match_cmp_bne_ldr)) { fw 4379 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); fw 4389 tools/finsig_thumb2.c int sig_match_aram_start2(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4394 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4398 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,60,"DebugAssert")) { fw 4409 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,15,match_cmp_bne_ldr)) { fw 4413 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); fw 4423 tools/finsig_thumb2.c int sig_match_icache_flush_range(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4425 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4429 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,60,"DebugAssert")) { fw 4433 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,44,"dcache_flush_range")) { fw 4437 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_bl_blximm)) { fw 4441 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); fw 4444 tools/finsig_thumb2.c int sig_match__nrflag(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4446 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4456 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,4,match_cmp_b) || is->insn->detail->arm.cc == ARM_CC_AL) { fw 4461 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 4462 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4467 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); fw 4473 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4488 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4505 tools/finsig_thumb2.c int sig_match_var_struct_get(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4507 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4512 tools/finsig_thumb2.c if(!find_and_get_var_ldr(fw, is, 1, 4, ARM_REG_R0, &desc)) { fw 4516 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4533 tools/finsig_thumb2.c int sig_match_ui_mem_func_ptr(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4535 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4540 tools/finsig_thumb2.c if(!find_and_get_var_ldr(fw, is, 1, 4, ARM_REG_R1, &desc)) { fw 4544 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4563 tools/finsig_thumb2.c int sig_match_func_ptr_val(firmware *fw, __attribute__ ((unused))iter_state_t *is, sig_rule_t *rule) fw 4569 tools/finsig_thumb2.c uint32_t *vp = (uint32_t *)adr2ptr_with_data(fw,adr); fw 4573 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,*vp); fw 4577 tools/finsig_thumb2.c int sig_match_av_over_sem(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4584 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4587 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,30,"TakeSemaphore")) { fw 4593 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,5)); fw 4595 tools/finsig_thumb2.c if(!find_and_get_var_ldr(fw, is, 3, 4, ARM_REG_R0, &desc)) { fw 4604 tools/finsig_thumb2.c int sig_match_canon_menu_active(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4606 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4610 tools/finsig_thumb2.c if(!find_and_get_var_ldr(fw, is, 2, 4, ARM_REG_R0, &desc)) { fw 4614 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4626 tools/finsig_thumb2.c int sig_match_file_counter_init(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4628 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4632 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { fw 4637 tools/finsig_thumb2.c if(check_simple_func(fw,get_branch_call_insn_target(fw,is),MATCH_SIMPLE_FUNC_NULLSUB,NULL)) { fw 4638 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { fw 4644 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 4645 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { fw 4649 tools/finsig_thumb2.c uint32_t fadr = get_branch_call_insn_target(fw,is); fw 4651 tools/finsig_thumb2.c disasm_iter_init(fw,is,fadr); fw 4652 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4662 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,fadr); fw 4664 tools/finsig_thumb2.c int sig_match_file_counter_var(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4666 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4669 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); fw 4678 tools/finsig_thumb2.c if(!adr_is_var(fw,adr)) { fw 4686 tools/finsig_thumb2.c int sig_match_palette_vars(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4688 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4691 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,70,"transfer_src_overlay")) { fw 4699 tools/finsig_thumb2.c if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) { fw 4703 tools/finsig_thumb2.c fadr=get_branch_call_insn_target(fw,fw->is); fw 4709 tools/finsig_thumb2.c printf("sig_match_palette_vars: no match bl 1 0x%"PRIx64"\n",fw->is->insn->address); fw 4713 tools/finsig_thumb2.c disasm_iter_init(fw,is,fadr); fw 4715 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl)) { fw 4720 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 4722 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_ldr_pc)) { fw 4727 tools/finsig_thumb2.c uint32_t pal_base=LDR_PC2val(fw,is->insn); fw 4728 tools/finsig_thumb2.c if(!pal_base || !adr_is_var(fw,pal_base)) { fw 4740 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4758 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,20,"PTM_RestoreUIProperty_FW")) { fw 4764 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4780 tools/finsig_thumb2.c int sig_match_live_free_cluster_count(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4782 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4787 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,22,3,match_bl_blximm)) { fw 4792 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 4794 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,20,"get_fstype")) { fw 4800 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,12,2,match_bl_blximm)) { fw 4806 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); fw 4809 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_ldr_pc)) { fw 4814 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_ldr_pc)) { fw 4818 tools/finsig_thumb2.c uint32_t base = LDR_PC2val(fw,is->insn); fw 4820 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,16,"takesemaphore_low")) { fw 4830 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,50,match_ldr_ldrd)) { fw 4840 tools/finsig_thumb2.c int sig_match_debug_logging_ptr(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4842 tools/finsig_thumb2.c uint32_t call_adr = find_str_arg_call(fw,is,rule); fw 4853 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); fw 4854 tools/finsig_thumb2.c cs_insn *insn=fw->is->insn; fw 4864 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); fw 4865 tools/finsig_thumb2.c uint32_t adr = LDR_PC2val(fw,fw->is->insn); fw 4866 tools/finsig_thumb2.c if(!adr || (arm_reg)fw->is->insn->detail->arm.operands[0].reg != base_reg) { fw 4867 tools/finsig_thumb2.c printf("sig_match_debug_logging_ptr: no match ldr2 0x%x 0x%"PRIx64"\n",adr,fw->is->insn->address); fw 4870 tools/finsig_thumb2.c save_misc_val(rule->name,adr + disp,disp,(uint32_t)fw->is->insn->address); fw 4873 tools/finsig_thumb2.c printf("sig_match_debug_logging_ptr: reg clobbered 0x%"PRIx64"\n",fw->is->insn->address); fw 4876 tools/finsig_thumb2.c printf("sig_match_debug_logging_ptr: no match ldr 0x%"PRIx64"\n",fw->is->insn->address); fw 4880 tools/finsig_thumb2.c int sig_match_debug_logging_flag(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4882 tools/finsig_thumb2.c if(!find_str_arg_call(fw,is,rule)) { fw 4886 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,8,match_ldr_pc)) { fw 4890 tools/finsig_thumb2.c uint32_t adr = LDR_PC2val(fw,is->insn); fw 4891 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4897 tools/finsig_thumb2.c if (fw->arch_flags & FW_ARCH_FL_VMSA) { fw 4913 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4924 tools/finsig_thumb2.c int sig_match_mzrm_sendmsg_ret_adr(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4926 tools/finsig_thumb2.c if(!find_str_arg_call(fw,is,rule)) { fw 4930 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4939 tools/finsig_thumb2.c int sig_match_fw_yuv_layer_buf_52(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4941 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4945 tools/finsig_thumb2.c if(!find_next_sig_call_ex(fw,is,54,"get_displaytype",FIND_SIG_CALL_NO_UNK_VENEER)) { fw 4950 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,14,2,match_bl_blximm)) { fw 4957 tools/finsig_thumb2.c if ((get_call_const_args(fw,is,8,regs)&2)!=2) { fw 4961 tools/finsig_thumb2.c save_misc_val(rule->name,regs[1],0,(uint32_t)fw->is->insn->address); // fw is has backtracked address fw 4965 tools/finsig_thumb2.c int sig_match_fw_yuv_layer_buf_gt52(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4967 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4970 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,170,"DebugAssert")) { fw 4974 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,12,match_bl_blximm)) { fw 4980 tools/finsig_thumb2.c if ((get_call_const_args(fw,is,8,regs)&2)!=2) { fw 4984 tools/finsig_thumb2.c save_misc_val(rule->name,regs[1],0,(uint32_t)fw->is->insn->address); // fw is has backtracked address fw 4988 tools/finsig_thumb2.c int sig_match_rom_ptr_get(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 4990 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { fw 4994 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 4998 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); fw 5007 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 5023 tools/finsig_thumb2.c uint32_t find_call_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 5027 tools/finsig_thumb2.c str_adr = find_str_bytes(fw,rule->ref_name); // indirect string could be in data area fw 5029 tools/finsig_thumb2.c str_adr = find_str_bytes_main_fw(fw,rule->ref_name); // direct string must be near actual code fw 5040 tools/finsig_thumb2.c search_adr=find_u32_adr_range(fw,str_adr,fw->rom_code_search_min_adr,fw->rom_code_search_max_adr); fw 5058 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(search_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 5059 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,search_adr+SEARCH_NEAR_REF_RANGE)) { fw 5065 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); fw 5066 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,insn_match)) { fw 5070 tools/finsig_thumb2.c return iter_state_adr(fw->is); fw 5074 tools/finsig_thumb2.c if(insn_match_find_nth(fw,is,max_insns,n,insn_match)) { fw 5084 tools/finsig_thumb2.c int sig_match_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 5088 tools/finsig_thumb2.c uint32_t call_adr = find_call_near_str(fw,is,rule); fw 5090 tools/finsig_thumb2.c return save_sig_match_call(fw, rule, call_adr); fw 5101 tools/finsig_thumb2.c uint32_t find_str_arg_call(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 5117 tools/finsig_thumb2.c uint32_t str_adr = find_str_bytes_main_fw(fw,rule->ref_name); // direct string must be near actual code fw 5124 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found fw 5125 tools/finsig_thumb2.c uint32_t call_adr = find_const_ref_match(fw, is, SEARCH_NEAR_REF_RANGE*2, 8, reg, str_adr, match, FIND_CONST_REF_MATCH_ANY); fw 5129 tools/finsig_thumb2.c str_adr = find_next_str_bytes_main_fw(fw,rule->ref_name, str_adr+strlen(rule->ref_name)); fw 5135 tools/finsig_thumb2.c int sig_match_str_arg_call(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 5137 tools/finsig_thumb2.c uint32_t call_adr = find_str_arg_call(fw,is,rule); fw 5139 tools/finsig_thumb2.c return save_sig_match_call(fw, rule, call_adr); fw 5144 tools/finsig_thumb2.c int sig_match_prop_string(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 5146 tools/finsig_thumb2.c uint32_t call_adr = find_call_near_str(fw, is, rule); fw 5152 tools/finsig_thumb2.c disasm_iter_init(fw,is,call_adr); fw 5153 tools/finsig_thumb2.c disasm_iter(fw,is); fw 5157 tools/finsig_thumb2.c if (is_sig_call(fw,is,"GetPropertyCase")) { fw 5168 tools/finsig_thumb2.c disasm_iter_init(fw,is,call_adr - hl*4); fw 5171 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) fw 5172 tools/finsig_thumb2.c disasm_iter_init(fw,is,(is->adr | is->thumb)+2); fw 5176 tools/finsig_thumb2.c if ((get_call_const_args(fw,is,hl,regs)&(1<<myreg))==(1<<myreg)) { fw 5185 tools/finsig_thumb2.c int is_immediate_ret_sub(firmware *fw,iter_state_t *is_init) fw 5187 tools/finsig_thumb2.c fw_disasm_iter_single(fw,is_init->adr | is_init->thumb); fw 5196 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_mov_r0_imm)) { fw 5197 tools/finsig_thumb2.c fw_disasm_iter(fw); fw 5199 tools/finsig_thumb2.c if(isRETx(fw->is->insn)) { fw 5216 tools/finsig_thumb2.c int sig_match_named_last(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 5225 tools/finsig_thumb2.c disasm_iter_init(fw,is,ref_adr); fw 5226 tools/finsig_thumb2.c if(is_immediate_ret_sub(fw,is)) { fw 5230 tools/finsig_thumb2.c uint32_t fadr = find_last_call_from_func(fw,is,min,max); fw 5232 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,fadr); fw 5263 tools/finsig_thumb2.c int sig_match_named_save_sig(firmware *fw,const char *name, uint32_t adr, uint32_t flags) fw 5265 tools/finsig_thumb2.c adr = save_sig_veneers(fw, name, adr); fw 5270 tools/finsig_thumb2.c save_sig(fw,name,adr); fw 5278 tools/finsig_thumb2.c int sig_match_named(firmware *fw, iter_state_t *is, sig_rule_t *rule) fw 5298 tools/finsig_thumb2.c return sig_match_named_save_sig(fw,rule->name,ref_adr,sig_flags); fw 5312 tools/finsig_thumb2.c disasm_iter_init(fw,is,ref_adr); fw 5314 tools/finsig_thumb2.c if(is_immediate_ret_sub(fw,is)) { fw 5322 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { fw 5327 tools/finsig_thumb2.c return sig_match_named_save_sig(fw,rule->name,iter_state_adr(is),sig_flags); fw 5331 tools/finsig_thumb2.c if(insn_match_find_nth(fw,is,15 + sig_nth_range*sig_nth,sig_nth,insn_match)) { fw 5332 tools/finsig_thumb2.c uint32_t adr = B_BL_BLXimm_target(fw,is->insn); fw 5344 tools/finsig_thumb2.c return sig_match_named_save_sig(fw,rule->name,adr,sig_flags); fw 5771 tools/finsig_thumb2.c int sig_rule_applies(firmware *fw, sig_rule_t *rule) fw 5774 tools/finsig_thumb2.c if((rule->dryos_min && fw->dryos_ver_full < rule->dryos_min) || (rule->dryos_max && fw->dryos_ver_full > rule->dryos_max)) { fw 5782 tools/finsig_thumb2.c if((rule->flags & SIG_NO_D7) && (fw->arch_flags & FW_ARCH_FL_VMSA)) { fw 5786 tools/finsig_thumb2.c if((rule->flags & SIG_NO_D6) && !(fw->arch_flags & FW_ARCH_FL_VMSA)) { fw 5792 tools/finsig_thumb2.c void run_sig_rules(firmware *fw, sig_rule_t *sig_rules) fw 5796 tools/finsig_thumb2.c iter_state_t *is=disasm_iter_new(fw,0); fw 5798 tools/finsig_thumb2.c if(!sig_rule_applies(fw,rule)) { fw 5804 tools/finsig_thumb2.c rule->match_fn(fw,is,rule); fw 5811 tools/finsig_thumb2.c void add_event_proc(firmware *fw, char *name, uint32_t adr) fw 5818 tools/finsig_thumb2.c if(!fw_disasm_iter_single(fw,adr)) { fw 5825 tools/finsig_thumb2.c uint32_t b_adr=get_direct_jump_target(fw,fw->is); fw 5829 tools/finsig_thumb2.c add_func_name(fw,buf,adr,NULL); // this is the orignal named address fw 5833 tools/finsig_thumb2.c add_func_name(fw,name,adr,"_FW"); fw 5837 tools/finsig_thumb2.c int process_reg_eventproc_call(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t unused) { fw 5840 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&3)==3) { fw 5842 tools/finsig_thumb2.c if(isASCIIstring(fw,regs[0])) { fw 5843 tools/finsig_thumb2.c char *nm=(char *)adr2ptr(fw,regs[0]); fw 5844 tools/finsig_thumb2.c add_event_proc(fw,nm,regs[1]); fw 5861 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,10)); fw 5864 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) break; fw 5867 tools/finsig_thumb2.c uint32_t u = LDR_PC2val(fw,is->insn); fw 5868 tools/finsig_thumb2.c if ((u<fw->base+fw->size8) && (u>adr) && (!isASCIIstring(fw,u))) { fw 5877 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) break; fw 5887 tools/finsig_thumb2.c uint32_t *p=(uint32_t*)adr2ptr_with_data(fw,tbla); fw 5893 tools/finsig_thumb2.c if(!isASCIIstring(fw,nm_adr)) { fw 5897 tools/finsig_thumb2.c char *nm=(char *)adr2ptr(fw,nm_adr); fw 5901 tools/finsig_thumb2.c add_event_proc(fw,nm,fn); fw 5911 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr | adr_thumb); fw 5912 tools/finsig_thumb2.c disasm_iter(fw,is); fw 5918 tools/finsig_thumb2.c int process_eventproc_table_call(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t unused) { fw 5922 tools/finsig_thumb2.c foundr0 = get_call_const_args(fw,is,4,regs) & 1; fw 5928 tools/finsig_thumb2.c disasm_iter_set(fw,is,ta); fw 5932 tools/finsig_thumb2.c disasm_iter(fw,is); fw 5934 tools/finsig_thumb2.c fw_disasm_iter_single(fw,sa); fw 5936 tools/finsig_thumb2.c uint32_t adr2 = get_branch_call_insn_target(fw,fw->is); fw 5937 tools/finsig_thumb2.c if (fw->is->insn->id == ARM_INS_BLX && adr1 == adr2) { fw 5938 tools/finsig_thumb2.c foundr0 = get_call_const_args(fw,is,8-2,regs) & 2; fw 5945 tools/finsig_thumb2.c disasm_iter_init(fw,is,ca); fw 5946 tools/finsig_thumb2.c disasm_iter(fw,is); fw 5950 tools/finsig_thumb2.c uint32_t *p=(uint32_t*)adr2ptr_with_data(fw,regs[0]); fw 5956 tools/finsig_thumb2.c if(!isASCIIstring(fw,nm_adr)) { fw 5960 tools/finsig_thumb2.c char *nm=(char *)adr2ptr(fw,nm_adr); fw 5965 tools/finsig_thumb2.c add_event_proc(fw,nm,fn); fw 5977 tools/finsig_thumb2.c int process_createtask_call(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t unused) { fw 5981 tools/finsig_thumb2.c if((get_call_const_args(fw,is,10,regs)&9)==9) { fw 5982 tools/finsig_thumb2.c if(isASCIIstring(fw,regs[0])) { fw 5985 tools/finsig_thumb2.c char *nm=(char *)adr2ptr(fw,regs[0]); fw 5988 tools/finsig_thumb2.c add_func_name(fw,buf,regs[3],NULL); fw 5998 tools/finsig_thumb2.c int save_ptp_handler_func(firmware *fw,uint32_t op,uint32_t handler) { fw 6008 tools/finsig_thumb2.c add_func_name(fw,buf,handler,NULL); fw 6014 tools/finsig_thumb2.c int process_add_ptp_handler_call(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t unused) { fw 6017 tools/finsig_thumb2.c if((get_call_const_args(fw,is,8,regs)&3)==3) { fw 6019 tools/finsig_thumb2.c if(!save_ptp_handler_func(fw,regs[0],regs[1])) { fw 6029 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); fw 6030 tools/finsig_thumb2.c cs_insn *insn=fw->is->insn; fw 6053 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); fw 6054 tools/finsig_thumb2.c cs_insn *insn=fw->is->insn; fw 6062 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,insn); fw 6064 tools/finsig_thumb2.c if(fw_u32(fw,adr) == 0x1004) { fw 6076 tools/finsig_thumb2.c uint32_t op=fw_u32(fw,op_table+i*8); fw 6077 tools/finsig_thumb2.c uint32_t handler=fw_u32(fw,op_table+i*8+4); fw 6079 tools/finsig_thumb2.c if(!save_ptp_handler_func(fw,op,handler)) { fw 6126 tools/finsig_thumb2.c void find_exception_handlers(firmware *fw, iter_state_t *is) fw 6130 tools/finsig_thumb2.c if (fw->arch_flags & FW_ARCH_FL_VMSA) { fw 6137 tools/finsig_thumb2.c disasm_iter_init(fw, is, fw->base + fw->main_offs + 12 + fw->thumb_default); fw 6138 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_mcr_vbar)) { fw 6142 tools/finsig_thumb2.c disasm_iter_init(fw, is, adr_hist_get(&is->ah,1)); fw 6143 tools/finsig_thumb2.c disasm_iter(fw, is); fw 6145 tools/finsig_thumb2.c ex_vec = LDR_PC2val(fw,is->insn); fw 6146 tools/finsig_thumb2.c if(!ex_vec || adr_get_range_type(fw,ex_vec) != ADR_RANGE_ROM) { fw 6153 tools/finsig_thumb2.c disasm_iter_init(fw, is, ex_vec); fw 6154 tools/finsig_thumb2.c disasm_iter(fw, is); fw 6167 tools/finsig_thumb2.c uint32_t addr=LDR_PC2val(fw,is->insn); fw 6169 tools/finsig_thumb2.c addr=get_branch_call_insn_target(fw,is); fw 6173 tools/finsig_thumb2.c add_func_name(fw,names[0],addr,NULL); fw 6175 tools/finsig_thumb2.c disasm_iter_init(fw, is, ADR_SET_THUMB(ex_vec + 4)); fw 6178 tools/finsig_thumb2.c disasm_iter(fw, is); fw 6181 tools/finsig_thumb2.c addr=LDR_PC2val(fw,is->insn); fw 6183 tools/finsig_thumb2.c add_func_name(fw,names[i],addr,NULL); fw 6192 tools/finsig_thumb2.c void find_generic_funcs(firmware *fw) { fw 6214 tools/finsig_thumb2.c iter_state_t *is=disasm_iter_new(fw,0); fw 6215 tools/finsig_thumb2.c disasm_iter_init(fw,is,fw->rom_code_search_min_adr | fw->thumb_default); // reset to start of fw fw 6216 tools/finsig_thumb2.c fw_search_insn(fw,is,search_disasm_calls_multi,0,match_fns,0); fw 6219 tools/finsig_thumb2.c for(i=0;i<fw->adr_range_count;i++) { fw 6220 tools/finsig_thumb2.c if(fw->adr_ranges[i].type != ADR_RANGE_RAM_CODE) { fw 6223 tools/finsig_thumb2.c disasm_iter_init(fw,is,fw->adr_ranges[i].start | fw->thumb_default); // reset to start of range fw 6225 tools/finsig_thumb2.c fw_search_insn(fw,is,search_disasm_calls_veneer_multi,0,match_fns,0); fw 6228 tools/finsig_thumb2.c find_exception_handlers(fw,is); fw 6233 tools/finsig_thumb2.c void find_ctypes(firmware *fw) fw 6248 tools/finsig_thumb2.c int match_count = find_bytes_all(fw,ctypes,sizeof(ctypes),fw->base,ctypes_matches,10); fw 6260 tools/finsig_thumb2.c uint32_t maxadr = (fw->rom_code_search_max_adr > fw->base + 0x400000)?fw->base + 0x100000:fw->rom_code_search_max_adr; fw 6261 tools/finsig_thumb2.c uint32_t adr = find_u32_adr_range(fw,ctypes_matches[i],fw->rom_code_search_min_adr,maxadr); fw 6296 tools/finsig_thumb2.c void output_firmware_vals(firmware *fw) fw 6299 tools/finsig_thumb2.c bprintf("// Main firmware start: 0x%08x\n",fw->base+fw->main_offs); fw 6300 tools/finsig_thumb2.c if (fw->dryos_ver == 0) fw 6305 tools/finsig_thumb2.c fw->dryos_ver, fw 6306 tools/finsig_thumb2.c fw->dryos_ver_str, fw 6307 tools/finsig_thumb2.c fw->dryos_ver_adr, fw 6308 tools/finsig_thumb2.c fw->dryos_ver_ref_adr); fw 6310 tools/finsig_thumb2.c if (fw->firmware_ver_str == 0) fw 6316 tools/finsig_thumb2.c char *c = strrchr(fw->firmware_ver_str,' ') + 1; // points after the last space char fw 6317 tools/finsig_thumb2.c uint32_t j = ptr2adr(fw,(uint8_t *)fw->firmware_ver_str); fw 6318 tools/finsig_thumb2.c uint32_t k = j + c - fw->firmware_ver_str; fw 6321 tools/finsig_thumb2.c bprintf("// %s // Found @ 0x%08x, \"%s\" @ 0x%08x\n",fw->firmware_ver_str,j,c,k); fw 6326 tools/finsig_thumb2.c bprintf("// %s // Found @ 0x%08x, \"%s\" @ 0x%08x\n",fw->firmware_ver_str,j,fw->firmware_ver_str,j); fw 6329 tools/finsig_thumb2.c if (fw->arch_flags & FW_ARCH_FL_VMSA) { fw 6334 tools/finsig_thumb2.c bprintf("// PLATFORMOSVER = %d\n",fw->dryos_ver); fw 6335 tools/finsig_thumb2.c if (fw->arch_flags & FW_ARCH_FL_VMSA) { fw 6342 tools/finsig_thumb2.c if (fw->memisostart) { fw 6343 tools/finsig_thumb2.c bprintf("// MEMISOSTART = 0x%x\n",fw->memisostart); fw 6347 tools/finsig_thumb2.c if (fw->data_init_start) fw 6349 tools/finsig_thumb2.c bprintf("// MEMBASEADDR = 0x%x\n",fw->data_start); fw 6356 tools/finsig_thumb2.c for(i=0; i<fw->adr_range_count; i++) { fw 6357 tools/finsig_thumb2.c if(fw->adr_ranges[i].type == ADR_RANGE_ROM) { fw 6359 tools/finsig_thumb2.c adr_range_desc_str(&fw->adr_ranges[i]), fw 6360 tools/finsig_thumb2.c fw->adr_ranges[i].start, fw 6361 tools/finsig_thumb2.c fw->adr_ranges[i].start+fw->adr_ranges[i].bytes, fw 6362 tools/finsig_thumb2.c fw->adr_ranges[i].bytes); fw 6365 tools/finsig_thumb2.c adr_range_desc_str(&fw->adr_ranges[i]), fw 6366 tools/finsig_thumb2.c fw->adr_ranges[i].start, fw 6367 tools/finsig_thumb2.c fw->adr_ranges[i].start+fw->adr_ranges[i].bytes, fw 6368 tools/finsig_thumb2.c fw->adr_ranges[i].src_start, fw 6369 tools/finsig_thumb2.c fw->adr_ranges[i].bytes); fw 6397 tools/finsig_thumb2.c if(fw->dryos_ver_count) { fw 6399 tools/finsig_thumb2.c for(i=0;i<(int)fw->dryos_ver_count;i++) { fw 6401 tools/finsig_thumb2.c fw->dryos_ver_list[i], (fw->dryos_ver_list[i] == fw->dryos_ver_adr) ? "main ":"other", fw 6402 tools/finsig_thumb2.c (char *)adr2ptr(fw,fw->dryos_ver_list[i])); fw 6410 tools/finsig_thumb2.c if(ct && adr_get_range_type(fw,ct->val) != ADR_RANGE_RAM_CODE) { fw 6414 tools/finsig_thumb2.c if(ctl && adr_get_range_type(fw,ctl->val) == ADR_RANGE_RAM_CODE) { fw 6434 tools/finsig_thumb2.c void output_platform_vals(firmware *fw) { fw 6437 tools/finsig_thumb2.c if (fw->dryos_ver >= 39) fw 6439 tools/finsig_thumb2.c if (fw->dryos_ver >= 47) fw 6441 tools/finsig_thumb2.c if (fw->dryos_ver >= 59) fw 6469 tools/finsig_thumb2.c void output_propcases(firmware *fw) { fw 6522 tools/finsig_thumb2.c if (fw->sv->propset == n+ps_offset) okay = 1; // if the propset equals to (one of) the complete propset matches fw 6536 tools/finsig_thumb2.c if (fw->sv->propset == n+ps_offset) okay = 1; // if the propset equals to (one of) the most complete propset matches fw 6542 tools/finsig_thumb2.c if (!okay && fw->sv->propset>0) fw 6545 tools/finsig_thumb2.c bprintf("// Port's propset (%i) may be set incorrectly\n", fw->sv->propset); fw 6551 tools/finsig_thumb2.c void output_exmem_types(firmware *fw) fw 6562 tools/finsig_thumb2.c char *extyp = (char*)adr2ptr(fw, fw_u32(fw,ett->val+n*4)); fw 6597 tools/finsig_thumb2.c void get_physw_table_entry(firmware *fw, uint32_t adr, physw_table_entry_t *vals) fw 6599 tools/finsig_thumb2.c uint32_t info=fw_u32(fw,adr); fw 6601 tools/finsig_thumb2.c vals->ev=fw_u32(fw,adr+4); fw 6608 tools/finsig_thumb2.c uint32_t find_physw_table_entry(firmware *fw, uint32_t tadr, int tcount, uint32_t ev) fw 6612 tools/finsig_thumb2.c if(fw_u32(fw,tadr+4) == ev) { fw 6619 tools/finsig_thumb2.c uint32_t find_physw_table_max(firmware *fw, uint32_t tadr, int max_count) fw 6624 tools/finsig_thumb2.c get_physw_table_entry(fw,tadr,&v); fw 6632 tools/finsig_thumb2.c void write_physw_event_table_dump(firmware *fw, uint32_t tadr, int tcount) fw 6644 tools/finsig_thumb2.c get_physw_table_entry(fw,tadr,&v); fw 6649 tools/finsig_thumb2.c void print_kval(firmware *fw, uint32_t tadr, int tcount, uint32_t ev, const char *name, const char *sfx) fw 6651 tools/finsig_thumb2.c uint32_t adr=find_physw_table_entry(fw,tadr,tcount,ev); fw 6656 tools/finsig_thumb2.c get_physw_table_entry(fw,adr,&v); fw 6695 tools/finsig_thumb2.c uint32_t add_kmval(firmware *fw, uint32_t tadr, __attribute__ ((unused))int tsiz, int tlen, uint32_t ev, const char *name, uint32_t xtra) fw 6697 tools/finsig_thumb2.c uint32_t adr=find_physw_table_entry(fw,tadr,tlen,ev); fw 6702 tools/finsig_thumb2.c get_physw_table_entry(fw,adr,&v); fw 6779 tools/finsig_thumb2.c void do_km_vals(firmware *fw, uint32_t tadr,int tsiz,int tlen) fw 6781 tools/finsig_thumb2.c uint32_t key_half = add_kmval(fw,tadr,tsiz,tlen,0,"KEY_SHOOT_HALF",0); fw 6782 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,1,"KEY_SHOOT_FULL",key_half); fw 6783 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,1,"KEY_SHOOT_FULL_ONLY",0); fw 6785 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0x101,"KEY_PLAYBACK",0); fw 6786 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0x100,"KEY_POWER",0); fw 6789 tools/finsig_thumb2.c if (fw->dryos_ver == 52) // unclear if this applies any other ver fw 6791 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_IN",0); fw 6792 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,4,"KEY_ZOOM_OUT",0); fw 6793 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,6,"KEY_UP",0); fw 6794 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,7,"KEY_DOWN",0); fw 6795 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,8,"KEY_LEFT",0); fw 6796 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,9,"KEY_RIGHT",0); fw 6797 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_SET",0); fw 6798 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0xB,"KEY_MENU",0); fw 6799 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0xC,"KEY_DISPLAY",0); fw 6800 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0x12,"KEY_HELP",0); fw 6801 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0x19,"KEY_ERASE",0); fw 6802 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,2,"KEY_VIDEO",0); fw 6805 tools/finsig_thumb2.c else if (fw->dryos_ver < 54) fw 6807 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,2,"KEY_ZOOM_IN",0); fw 6808 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_OUT",0); fw 6809 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,4,"KEY_UP",0); fw 6810 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,5,"KEY_DOWN",0); fw 6811 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,6,"KEY_LEFT",0); fw 6812 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,7,"KEY_RIGHT",0); fw 6813 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,8,"KEY_SET",0); fw 6814 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,9,"KEY_MENU",0); fw 6815 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_DISPLAY",0); fw 6817 tools/finsig_thumb2.c else if (fw->dryos_ver < 55) fw 6819 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_IN",0); fw 6820 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,4,"KEY_ZOOM_OUT",0); fw 6821 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,6,"KEY_UP",0); fw 6822 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,7,"KEY_DOWN",0); fw 6823 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,8,"KEY_LEFT",0); fw 6824 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,9,"KEY_RIGHT",0); fw 6825 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_SET",0); fw 6826 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0xE,"KEY_MENU",0); fw 6827 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,2,"KEY_VIDEO",0); fw 6828 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0xD,"KEY_DISPLAY",0); fw 6829 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0x103,"KEY_WIFI",0); fw 6833 tools/finsig_thumb2.c else if (fw->dryos_ver < 59) fw 6835 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_IN",0); fw 6836 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,4,"KEY_ZOOM_OUT",0); fw 6837 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,6,"KEY_UP",0); fw 6838 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,7,"KEY_DOWN",0); fw 6839 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,8,"KEY_LEFT",0); fw 6840 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,9,"KEY_RIGHT",0); fw 6841 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_SET",0); fw 6842 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0x14,"KEY_MENU",0); fw 6843 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,2,"KEY_VIDEO",0); fw 6844 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0xD,"KEY_DISPLAY",0); fw 6845 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0x103,"KEY_WIFI",0); fw 6851 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_IN",0); fw 6852 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,4,"KEY_ZOOM_OUT",0); fw 6853 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,6,"KEY_UP",0); fw 6854 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,7,"KEY_DOWN",0); fw 6855 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,8,"KEY_LEFT",0); fw 6856 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,9,"KEY_RIGHT",0); fw 6857 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_SET",0); fw 6858 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0x15,"KEY_MENU",0); fw 6859 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,2,"KEY_VIDEO",0); fw 6860 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0xB,"KEY_ERASE",0); // also framing assist etc fw 6861 tools/finsig_thumb2.c add_kmval(fw,tadr,tsiz,tlen,0x103,"KEY_WIFI",0); fw 6868 tools/finsig_thumb2.c void output_physw_vals(firmware *fw) { fw 6874 tools/finsig_thumb2.c int physw_tbl_len=find_physw_table_max(fw,physw_tbl,50); fw 6875 tools/finsig_thumb2.c write_physw_event_table_dump(fw,physw_tbl,physw_tbl_len); fw 6878 tools/finsig_thumb2.c if (fw->dryos_ver >= 58) fw 6881 tools/finsig_thumb2.c print_kval(fw,physw_tbl,physw_tbl_len,0x30A,"SD_READONLY","_FLAG"); fw 6882 tools/finsig_thumb2.c print_kval(fw,physw_tbl,physw_tbl_len,0x302,"USB","_MASK"); fw 6883 tools/finsig_thumb2.c print_kval(fw,physw_tbl,physw_tbl_len,0x305,"BATTCOVER","_FLAG"); fw 6884 tools/finsig_thumb2.c print_kval(fw,physw_tbl,physw_tbl_len,0x304,"HOTSHOE","_FLAG"); fw 6885 tools/finsig_thumb2.c print_kval(fw,physw_tbl,physw_tbl_len,0x300,"ANALOG_AV","_FLAG"); fw 6889 tools/finsig_thumb2.c print_kval(fw,physw_tbl,physw_tbl_len,0x20A,"SD_READONLY","_FLAG"); fw 6890 tools/finsig_thumb2.c print_kval(fw,physw_tbl,physw_tbl_len,0x202,"USB","_MASK"); fw 6891 tools/finsig_thumb2.c print_kval(fw,physw_tbl,physw_tbl_len,0x205,"BATTCOVER","_FLAG"); fw 6892 tools/finsig_thumb2.c print_kval(fw,physw_tbl,physw_tbl_len,0x204,"HOTSHOE","_FLAG"); fw 6893 tools/finsig_thumb2.c print_kval(fw,physw_tbl,physw_tbl_len,0x200,"ANALOG_AV","_FLAG"); fw 6895 tools/finsig_thumb2.c do_km_vals(fw,physw_tbl,2,physw_tbl_len); fw 6934 tools/finsig_thumb2.c void output_modemap(firmware *fw) { fw 6946 tools/finsig_thumb2.c uint16_t *pv=(uint16_t*)adr2ptr(fw,adr); fw 6953 tools/finsig_thumb2.c osig *m = find_sig_val(fw->sv->modemap, *pv); fw 6969 tools/finsig_thumb2.c osig *m = fw->sv->modemap; fw 7012 tools/finsig_thumb2.c void write_funcs(firmware *fw, char *filename, sig_entry_t *fns[], int (*compare)(const sig_entry_t **p1, const sig_entry_t **p2)) fw 7028 tools/finsig_thumb2.c osig* ostub2 = find_sig(fw->sv->stubs,fns[k]->name); fw 7046 tools/finsig_thumb2.c void write_func_lists(firmware *fw) { fw 7052 tools/finsig_thumb2.c write_funcs(fw, "funcs_by_name.csv", fns, compare_sig_names); fw 7053 tools/finsig_thumb2.c write_funcs(fw, "funcs_by_address.csv", fns, compare_func_addresses); fw 7056 tools/finsig_thumb2.c void print_other_stubs_min(firmware *fw, const char *name, uint32_t fadr, uint32_t atadr) fw 7058 tools/finsig_thumb2.c osig *o = find_sig(fw->sv->stubs_min,name); fw 7078 tools/finsig_thumb2.c void print_stubs_min_def(firmware *fw, misc_val_t *sig) fw 7084 tools/finsig_thumb2.c osig* ostub2=find_sig(fw->sv->stubs_min,sig->name); fw 7088 tools/finsig_thumb2.c ostub2=find_sig(fw->sv->stubs,sig->name); fw 7131 tools/finsig_thumb2.c void find_other_stubs_min(firmware *fw) fw 7138 tools/finsig_thumb2.c if (fw->sv->min_focus_len != 0) fw 7141 tools/finsig_thumb2.c for (k=0; k<fw->size32; k++) fw 7143 tools/finsig_thumb2.c if (fw->buf32[k] == fw->sv->min_focus_len) fw 7146 tools/finsig_thumb2.c if ((fw->buf32[k+1] == 100) && (fw->buf32[k+2] == 0)) mul = 3; fw 7147 tools/finsig_thumb2.c if ((fw->buf32[k+1] == 100) && (fw->buf32[k+2] != 0)) mul = 2; fw 7148 tools/finsig_thumb2.c if ((fw->buf32[k+1] == 0) && (fw->buf32[k+2] != 0)) mul = 2; fw 7149 tools/finsig_thumb2.c for (k1 = k + mul; (k1 < fw->size32) && (fw->buf32[k1] > fw->buf32[k1-mul]) && (fw->buf32[k1] > fw->sv->min_focus_len) && (fw->buf32[k1] < fw->sv->max_focus_len); k1 += mul) ; fw 7150 tools/finsig_thumb2.c if (fw->buf32[k1] == fw->sv->max_focus_len) fw 7164 tools/finsig_thumb2.c uint32_t adr = fw->base + (pos << 2); fw 7171 tools/finsig_thumb2.c print_other_stubs_min(fw,"focus_len_table",adr,adr); fw 7178 tools/finsig_thumb2.c void print_results(firmware *fw, sig_entry_t *sig) fw 7193 tools/finsig_thumb2.c osig* ostub2 = find_sig(fw->sv->stubs,sig->name); fw 7249 tools/finsig_thumb2.c fw_disasm_iter_single(fw,ostub2->val); fw 7250 tools/finsig_thumb2.c if(get_direct_jump_target(fw,fw->is) == sig->val) { fw 7253 tools/finsig_thumb2.c fw_disasm_iter_single(fw,sig->val); fw 7254 tools/finsig_thumb2.c if(get_direct_jump_target(fw,fw->is) == ostub2->val) { fw 7282 tools/finsig_thumb2.c void write_stubs(firmware *fw,int max_find_func) { fw 7287 tools/finsig_thumb2.c print_stubs_min_def(fw,stub_min); fw 7291 tools/finsig_thumb2.c find_other_stubs_min(fw); fw 7297 tools/finsig_thumb2.c print_results(fw,&sig_names[k]); fw 7305 tools/finsig_thumb2.c firmware fw; fw 7306 tools/finsig_thumb2.c memset(&fw,0,sizeof(firmware)); fw 7315 tools/finsig_thumb2.c fw.sv = new_stub_values(); fw 7316 tools/finsig_thumb2.c load_stubs(fw.sv, "stubs_entry_2.S", 1); fw 7317 tools/finsig_thumb2.c load_stubs_min(fw.sv); fw 7318 tools/finsig_thumb2.c load_modemap(fw.sv); fw 7319 tools/finsig_thumb2.c load_platform(fw.sv); fw 7324 tools/finsig_thumb2.c firmware_load(&fw,argv[1],strtoul(argv[2], NULL, 0),FW_ARCH_ARMv7); fw 7325 tools/finsig_thumb2.c if(!firmware_init_capstone(&fw)) { fw 7328 tools/finsig_thumb2.c firmware_init_data_ranges(&fw); fw 7338 tools/finsig_thumb2.c find_ctypes(&fw); fw 7340 tools/finsig_thumb2.c run_sig_rules(&fw,sig_rules_initial); fw 7341 tools/finsig_thumb2.c find_generic_funcs(&fw); fw 7342 tools/finsig_thumb2.c run_sig_rules(&fw,sig_rules_main); fw 7344 tools/finsig_thumb2.c output_firmware_vals(&fw); fw 7346 tools/finsig_thumb2.c output_platform_vals(&fw); fw 7347 tools/finsig_thumb2.c output_physw_vals(&fw); fw 7348 tools/finsig_thumb2.c output_modemap(&fw); fw 7350 tools/finsig_thumb2.c output_propcases(&fw); fw 7351 tools/finsig_thumb2.c output_exmem_types(&fw); fw 7353 tools/finsig_thumb2.c write_stubs(&fw,max_find_sig); fw 7358 tools/finsig_thumb2.c write_func_lists(&fw); fw 7360 tools/finsig_thumb2.c firmware_unload(&fw); fw 166 tools/finsig_vxworks.c void fwAddMatch(firmware *fw, uint32_t fadr, int s, int f, int sig) fw 168 tools/finsig_vxworks.c if ((fadr >= fw->base_copied) && (fadr < (fw->base_copied + fw->size2*4))) fw 170 tools/finsig_vxworks.c addMatch(fadr - fw->base_copied + fw->base2,s,f,sig); fw 564 tools/finsig_vxworks.c int get_saved_sig(firmware *fw, const char *name) fw 578 tools/finsig_vxworks.c find_matches(fw, name); fw 585 tools/finsig_vxworks.c find_str_sig_matches(fw, name); fw 602 tools/finsig_vxworks.c int search_saved_sig(firmware *fw, char *sig, int (*func)(firmware*, int, int), int v, int ofst, int len) fw 604 tools/finsig_vxworks.c int k = get_saved_sig(fw, sig); fw 607 tools/finsig_vxworks.c int idx = adr2idx(fw, func_names[k].val); fw 610 tools/finsig_vxworks.c int rv = func(fw, k, v); fw 642 tools/finsig_vxworks.c int match_apex2us(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 644 tools/finsig_vxworks.c if (isLDR_PC(fw,k) && (LDR2val(fw,k) == v1) && ((fwRd(fw,k) == 1) || (fwRd(fw,k) == 2))) fw 646 tools/finsig_vxworks.c k = find_inst_rev(fw, isSTMFD_LR, k, 200); fw 649 tools/finsig_vxworks.c if (fwval(fw,k-2) == 0xE3700D09) // CMN R0, #0x240 fw 651 tools/finsig_vxworks.c uint32_t fadr = idx2adr(fw,k); fw 652 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,121); fw 658 tools/finsig_vxworks.c int find_apex2us(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 662 tools/finsig_vxworks.c if (fwval(fw,j+i) != apex2us_test[i]) fw 665 tools/finsig_vxworks.c return search_fw(fw, match_apex2us, idx2adr(fw,j), 0, 1); fw 669 tools/finsig_vxworks.c int find_mkdir(firmware *fw, __attribute__ ((unused))string_sig *sig, int k) fw 671 tools/finsig_vxworks.c if (fwval(fw,k) == 0x12CEA600) fw 673 tools/finsig_vxworks.c k = find_inst_rev(fw, isSTMFD_LR, k-20, 200); fw 676 tools/finsig_vxworks.c if ((((fwval(fw,k+12) & 0xFFF0FFFF) == 0xE350002F) && ((fwval(fw,k+15) & 0xFFF0FFFF) == 0xE3500021) && ((fwval(fw,k+19) & 0xFFF0FFFF) == 0xE3500020)) || fw 677 tools/finsig_vxworks.c (((fwval(fw,k+11) & 0xFFF0FFFF) == 0xE350002F) && ((fwval(fw,k+14) & 0xFFF0FFFF) == 0xE3500021) && ((fwval(fw,k+18) & 0xFFF0FFFF) == 0xE3500020))) fw 680 tools/finsig_vxworks.c if (isBL(fw,k+47)) fw 682 tools/finsig_vxworks.c fadr = followBranch(fw, idx2adr(fw,k+47), 0x01000001); fw 684 tools/finsig_vxworks.c else if (isBL(fw,k+48)) fw 686 tools/finsig_vxworks.c fadr = followBranch(fw, idx2adr(fw,k+48), 0x01000001); fw 690 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,121); fw 700 tools/finsig_vxworks.c int find_pow(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 702 tools/finsig_vxworks.c if (!idx_valid(fw,j) || !idx_valid(fw,j+3)) return 0; fw 704 tools/finsig_vxworks.c if ((fwval(fw,j) == 0x00000000) && (fwval(fw,j+1) == 0x40000000) && (fwval(fw,j+2) == 0x00000000) && (fwval(fw,j+3) == 0x408F4000)) fw 706 tools/finsig_vxworks.c uint32_t adr1 = idx2adr(fw,j); // address of 1st value fw 707 tools/finsig_vxworks.c uint32_t adr2 = idx2adr(fw,j+2); // address of 2nd value fw 712 tools/finsig_vxworks.c if (isADR_PC_cond(fw,j1) && // ADR ? fw 713 tools/finsig_vxworks.c (fwval(fw,j1+1) == 0xE8900003) && // LDMIA R0,{R0,R1} fw 714 tools/finsig_vxworks.c isBL(fw,j1+2) && // BL fw 715 tools/finsig_vxworks.c isADR_PC_cond(fw,j1+4)) // ADR ? fw 717 tools/finsig_vxworks.c if ((ADR2adr(fw,j1) == adr1) && (ADR2adr(fw,j1+4) == adr2)) fw 719 tools/finsig_vxworks.c uint32_t fadr = followBranch(fw,idx2adr(fw,j1+2),0x01000001); fw 720 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,121); fw 725 tools/finsig_vxworks.c if (isADR_PC_cond(fw,j1) && // ADR ? fw 726 tools/finsig_vxworks.c (fwval(fw,j1+1) == 0xE8900003) && // LDMIA R0,{R0,R1} fw 727 tools/finsig_vxworks.c isBL(fw,j1+2) && // BL fw 728 tools/finsig_vxworks.c isADR_PC_cond(fw,j1+3)) // ADR ? fw 730 tools/finsig_vxworks.c if ((ADR2adr(fw,j1) == adr1) && (ADR2adr(fw,j1+3) == adr2)) fw 732 tools/finsig_vxworks.c uint32_t fadr = followBranch(fw,idx2adr(fw,j1+2),0x01000001); fw 733 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,121); fw 738 tools/finsig_vxworks.c if (isADR_PC_cond(fw,j1) && // ADR ? fw 739 tools/finsig_vxworks.c (fwval(fw,j1+2) == 0xE8900003) && // LDMIA R0,{R0,R1} fw 740 tools/finsig_vxworks.c isBL(fw,j1+3) && // BL fw 741 tools/finsig_vxworks.c isADR_PC_cond(fw,j1+4)) // ADR ? fw 743 tools/finsig_vxworks.c if ((ADR2adr(fw,j1) == adr1) && (ADR2adr(fw,j1+4) == adr2)) fw 745 tools/finsig_vxworks.c uint32_t fadr = followBranch(fw,idx2adr(fw,j1+3),0x01000001); fw 746 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,121); fw 757 tools/finsig_vxworks.c int find_log(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 760 tools/finsig_vxworks.c if (isBL(fw,j) && isLDR_PC(fw,j+1) && (LDR2val(fw,j+1) == 0x3FDBCB7B) && isLDR_PC(fw,j+2) && (LDR2val(fw,j+2) == 0x1526E50E)) fw 762 tools/finsig_vxworks.c uint32_t fadr = followBranch(fw,idx2adr(fw,j),0x01000001); fw 763 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,121); fw 769 tools/finsig_vxworks.c int find_log10(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 772 tools/finsig_vxworks.c if (isBL(fw,j) && isLDR_PC(fw,j+1) && (LDR2val(fw,j+1) == 0x3FDBCB7B) && isLDR_PC(fw,j+2) && (LDR2val(fw,j+2) == 0x1526E50E)) fw 774 tools/finsig_vxworks.c int k = find_inst_rev(fw, isSTMFD_LR, j-1, 100); fw 775 tools/finsig_vxworks.c uint32_t fadr = idx2adr(fw,k); fw 776 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,121); fw 783 tools/finsig_vxworks.c int find_get_ptp_file_buf(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 794 tools/finsig_vxworks.c if(!(isMOV_immed(fw,j) fw 795 tools/finsig_vxworks.c && (fwRn(fw,j) == 0) fw 796 tools/finsig_vxworks.c && ((fwval(fw,j+1) & 0xFF000000) == 0x1A000000) // BNE fw 797 tools/finsig_vxworks.c && isBL(fw,j+2) fw 798 tools/finsig_vxworks.c && ((fwval(fw,j+3) & 0xFFF00000) == 0xe3C00000) // BIC fw 799 tools/finsig_vxworks.c && (ALUop2(fw,j+3) == 1) fw 800 tools/finsig_vxworks.c && isMOV_immed(fw,j+4) fw 801 tools/finsig_vxworks.c && (fwRn(fw,j+4) == 0) fw 802 tools/finsig_vxworks.c && isBL(fw,j+5))) { fw 805 tools/finsig_vxworks.c if(ALUop2(fw,j) != 4 || ALUop2(fw,j+4) != 4) { fw 809 tools/finsig_vxworks.c uint32_t f1 = followBranch(fw,idx2adr(fw,j+2),0x01000001); fw 810 tools/finsig_vxworks.c int i = get_saved_sig(fw,"get_ptp_buf_size"); fw 821 tools/finsig_vxworks.c int k = find_inst_rev(fw, isSTMFD_LR, j-1, 8); fw 827 tools/finsig_vxworks.c uint32_t fadr = idx2adr(fw, k); fw 828 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,121); fw 835 tools/finsig_vxworks.c int find_closedir(firmware *fw) fw 837 tools/finsig_vxworks.c int j = get_saved_sig(fw,"OpenFastDir"); fw 840 tools/finsig_vxworks.c int k = find_inst(fw, isSTMFD_LR, adr2idx(fw,func_names[j].val)+1, 100); fw 841 tools/finsig_vxworks.c if (isB(fw,k-1) && isBL(fw,k-2)) fw 843 tools/finsig_vxworks.c uint32_t fadr = followBranch(fw, idx2adr(fw, k-2), 0x01000001); fw 844 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,121); fw 853 tools/finsig_vxworks.c int find_add_ptp_handler(firmware *fw, __attribute__ ((unused))string_sig *sig, int k) fw 859 tools/finsig_vxworks.c while ((vals[i] != 0) && isLDR_PC(fw,k) && (fwRd(fw,k) == 0) && (LDR2val(fw,k) == vals[i])) fw 861 tools/finsig_vxworks.c k = find_inst(fw, isBL, k+1, 5); fw 864 tools/finsig_vxworks.c fadr = followBranch(fw, idx2adr(fw,k), 0x01000001); fw 865 tools/finsig_vxworks.c k = find_inst(fw, isLDR_PC, k+1, 5); fw 872 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,121); fw 880 tools/finsig_vxworks.c int find_PT_PlaySound(firmware *fw) fw 883 tools/finsig_vxworks.c int k1 = get_saved_sig(fw,"LogCameraEvent"); fw 887 tools/finsig_vxworks.c j = find_str_ref(fw,"BufAccBeep"); fw 890 tools/finsig_vxworks.c k = find_inst(fw, isBL, j+1, 4); fw 893 tools/finsig_vxworks.c uint32_t fadr = followBranch(fw, idx2adr(fw,k), 0x01000001); fw 896 tools/finsig_vxworks.c k = find_inst(fw, isB, k+1, 10); fw 897 tools/finsig_vxworks.c fadr = followBranch(fw, idx2adr(fw, k), 1); fw 898 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,122); fw 909 tools/finsig_vxworks.c int find_ExportToEventProcedure(firmware *fw) fw 911 tools/finsig_vxworks.c int k = find_str_ref(fw,"ExportToEventProcedure"); fw 915 tools/finsig_vxworks.c if (isLDR_PC(fw,k+1) && (isBorBL(fw,k+2) || isBorBL(fw,k+3)) && (fwRd(fw,k+1) == 1)) fw 917 tools/finsig_vxworks.c uint32_t fadr = LDR2val(fw,k+1); fw 918 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,122); fw 927 tools/finsig_vxworks.c int find_RegisterEventProcedure(firmware *fw) fw 929 tools/finsig_vxworks.c int k = find_str_ref(fw,"CreateProxyOfEventProcedure"); fw 933 tools/finsig_vxworks.c if (isLDR_PC(fw,k+1) && (isBorBL(fw,k+2) || isBorBL(fw,k+3)) && (fwRd(fw,k) == 0)) fw 936 tools/finsig_vxworks.c if (isBorBL(fw,k+2)) fw 937 tools/finsig_vxworks.c fadr = followBranch(fw,idx2adr(fw,k+2),0x01000001); fw 939 tools/finsig_vxworks.c fadr = followBranch(fw,idx2adr(fw,k+3),0x01000001); fw 940 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,122); fw 949 tools/finsig_vxworks.c int find_set_control_event(firmware *fw) fw 952 tools/finsig_vxworks.c int k1 = get_saved_sig(fw,"IsControlEventActive"); fw 953 tools/finsig_vxworks.c int k2 = get_saved_sig(fw,"GetLogicalEventName"); fw 957 tools/finsig_vxworks.c j1 = adr2idx(fw, func_names[k1].val); fw 958 tools/finsig_vxworks.c j2 = adr2idx(fw, func_names[k2].val); fw 963 tools/finsig_vxworks.c if (isBL(fw,k)) fw 965 tools/finsig_vxworks.c if (j2 == idxFollowBranch(fw,k,0x01000001)) fw 977 tools/finsig_vxworks.c k = find_inst_rev(fw,isSTMFD_LR,k,60); fw 979 tools/finsig_vxworks.c j2 = find_inst(fw,isLDMFD_PC,k+1,128); fw 988 tools/finsig_vxworks.c k = find_inst(fw,isBL,k,32); fw 992 tools/finsig_vxworks.c j1 = idxFollowBranch(fw,k,0x01000001); fw 1005 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,j1),32,0,122); fw 1014 tools/finsig_vxworks.c int find_filesem_init(firmware *fw) fw 1016 tools/finsig_vxworks.c int s1 = find_str(fw, "FileSem.c"); fw 1019 tools/finsig_vxworks.c s1 = find_inst(fw, isLDR_PC, s1+2, 16); fw 1022 tools/finsig_vxworks.c s1 = find_inst_rev(fw, isSTMFD_LR, s1-1, 16); fw 1025 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,s1),32,0,122); fw 1029 tools/finsig_vxworks.c int find_getcurrentmachinetime(firmware *fw) fw 1031 tools/finsig_vxworks.c int f1 = get_saved_sig(fw,"SetHPTimerAfterNow"); fw 1034 tools/finsig_vxworks.c f1 = adr2idx(fw, func_names[f1].val); fw 1035 tools/finsig_vxworks.c f1 = find_inst(fw, isBL, f1, 16); fw 1038 tools/finsig_vxworks.c f1 = idxFollowBranch(fw,f1,0x01000001); fw 1039 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,f1),32,0,122); fw 1046 tools/finsig_vxworks.c int find_get_nd_value(firmware *fw) fw 1049 tools/finsig_vxworks.c if((get_saved_sig(fw,"task_NdActuator") < 0) || (get_saved_sig(fw,"task_IrisEvent") < 0)) { fw 1056 tools/finsig_vxworks.c f1 = get_saved_sig(fw,"PutInNdFilter_FW"); fw 1057 tools/finsig_vxworks.c int f2 = get_saved_sig(fw,"ClearEventFlag"); fw 1062 tools/finsig_vxworks.c f1 = adr2idx(fw, func_names[f1].val); fw 1063 tools/finsig_vxworks.c f2 = adr2idx(fw, func_names[f2].val); fw 1064 tools/finsig_vxworks.c int k1 = find_Nth_inst(fw,isBL,f1,10,2); fw 1065 tools/finsig_vxworks.c int k2 = find_inst(fw,isBL,f1,6); fw 1068 tools/finsig_vxworks.c if ( followBranch2(fw,idx2adr(fw,k2),0x01000001) != idx2adr(fw,f2) ) // ClearEventFlag? fw 1072 tools/finsig_vxworks.c k1 = idxFollowBranch(fw,k1,0x01000001); // PutInNdFilter_low veneer fw 1073 tools/finsig_vxworks.c k1 = find_inst(fw,isB,k1,3); // veneer fw 1077 tools/finsig_vxworks.c k1 = idxFollowBranch(fw,k1,0x00000001); // PutInNdFilter_low fw 1081 tools/finsig_vxworks.c k1 = find_inst(fw,isBL,k1,4); // get_nd_value wrapper fw 1085 tools/finsig_vxworks.c k1 = idxFollowBranch(fw,k1,0x01000001); // fw 1086 tools/finsig_vxworks.c k1 = find_inst(fw,isBL,k1,2); // get_nd_value fw 1090 tools/finsig_vxworks.c k1 = idxFollowBranch(fw,k1,0x01000001); fw 1091 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,k1),32,0,122); fw 1096 tools/finsig_vxworks.c int find_get_current_nd_value_iris(firmware *fw) fw 1099 tools/finsig_vxworks.c if((get_saved_sig(fw,"task_NdActuator") < 0) || (get_saved_sig(fw,"task_IrisEvent") < 0)) { fw 1102 tools/finsig_vxworks.c int f1 = get_saved_sig(fw,"get_current_exp"); fw 1106 tools/finsig_vxworks.c f1 = adr2idx(fw, func_names[f1].val); fw 1113 tools/finsig_vxworks.c if(!isBL(fw,f1+i)) { fw 1118 tools/finsig_vxworks.c int f2 = idxFollowBranch(fw,f1+i,0x01000001); fw 1120 tools/finsig_vxworks.c if(isMOV(fw,f2) && (fwRd(fw,f2) == 0) && (fwOp2(fw,f2) == 0)) // MOV R0, 0 fw 1123 tools/finsig_vxworks.c if(isBL(fw,f2+1)) { fw 1124 tools/finsig_vxworks.c f2 = idxFollowBranch(fw,f2+1,0x01000001); fw 1125 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,f2),32,0,122); fw 1134 tools/finsig_vxworks.c int find_get_current_nd_value(firmware *fw) fw 1138 tools/finsig_vxworks.c if(find_str(fw, "IrisSpecification.c") < 0) { fw 1139 tools/finsig_vxworks.c return find_get_current_nd_value_iris(fw); fw 1142 tools/finsig_vxworks.c int f1 = get_saved_sig(fw,"GetCurrentAvValue"); fw 1146 tools/finsig_vxworks.c f1 = adr2idx(fw, func_names[f1].val); fw 1148 tools/finsig_vxworks.c if (!isBL(fw,f1+1)) fw 1150 tools/finsig_vxworks.c f1 = idxFollowBranch(fw,f1+1,0x01000001); fw 1155 tools/finsig_vxworks.c int sadr = find_str(fw, "IrisController.c"); fw 1156 tools/finsig_vxworks.c int j = find_nxt_str_ref(fw, sadr, f1); fw 1160 tools/finsig_vxworks.c j = find_Nth_inst(fw,isBL,j,8,2); fw 1163 tools/finsig_vxworks.c f1 = idxFollowBranch(fw,j,0x01000001); fw 1164 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,f1),32,0,122); fw 1169 tools/finsig_vxworks.c int find_get_current_deltasv(firmware *fw) fw 1171 tools/finsig_vxworks.c int f1 = get_saved_sig(fw,"get_current_exp"); fw 1175 tools/finsig_vxworks.c f1 = adr2idx(fw, func_names[f1].val); fw 1182 tools/finsig_vxworks.c if(!isBL(fw,f1+i)) { fw 1187 tools/finsig_vxworks.c int f2 = idxFollowBranch(fw,f1+i,0x01000001); fw 1189 tools/finsig_vxworks.c if(isB(fw,f2)) { fw 1190 tools/finsig_vxworks.c f2 = idxFollowBranch(fw,f2,0x00000001); fw 1192 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,f2),32,0,122); fw 1199 tools/finsig_vxworks.c int find_exmem_ufree(firmware *fw) fw 1202 tools/finsig_vxworks.c int k = get_saved_sig(fw,"ExMem.FreeCacheable_FW"); // newer cam fw 1205 tools/finsig_vxworks.c k = get_saved_sig(fw,"memset_FW"); fw 1208 tools/finsig_vxworks.c k = adr2idx(fw, func_names[k].val); fw 1209 tools/finsig_vxworks.c int sadr = find_str(fw, "ComMemMan.c"); // always there fw 1210 tools/finsig_vxworks.c int j = find_nxt_str_ref(fw, sadr, sadr); fw 1213 tools/finsig_vxworks.c j = find_nxt_str_ref(fw, sadr, j+1); fw 1219 tools/finsig_vxworks.c if (isBL(fw,n)) fw 1221 tools/finsig_vxworks.c if (idx2adr(fw,idxFollowBranch(fw,n,0x01000001)) == idx2adr(fw,k)) fw 1223 tools/finsig_vxworks.c int m = find_inst_rev(fw,isBL,n-1,4); fw 1226 tools/finsig_vxworks.c m = idxFollowBranch(fw,m,0x01000001); fw 1227 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,m),32,0,122); fw 1234 tools/finsig_vxworks.c k = get_saved_sig(fw,"exmem_free_low"); fw 1237 tools/finsig_vxworks.c k = adr2idx(fw, func_names[k].val); fw 1239 tools/finsig_vxworks.c if (isBL(fw,k+n)) { fw 1240 tools/finsig_vxworks.c int m = idxFollowBranch(fw,k+n,0x01000001); fw 1241 tools/finsig_vxworks.c if (idx2adr(fw,m) == idx2adr(fw,k)) fw 1243 tools/finsig_vxworks.c j = find_inst_rev(fw,isSTMFD_LR,k+n,23); fw 1245 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,j),32,0,122); fw 1254 tools/finsig_vxworks.c int find_exmem_ualloc(firmware *fw) fw 1257 tools/finsig_vxworks.c int k = get_saved_sig(fw,"ExMem.AllocCacheable_FW"); // newer cam fw 1260 tools/finsig_vxworks.c k = get_saved_sig(fw,"DebugAssert"); // fw 1263 tools/finsig_vxworks.c k = adr2idx(fw, func_names[k].val); fw 1264 tools/finsig_vxworks.c int sadr = find_str(fw, "ComMemMan.c"); // always there fw 1265 tools/finsig_vxworks.c int j = find_nxt_str_ref(fw, sadr, sadr); fw 1268 tools/finsig_vxworks.c int m = find_inst(fw,isBorBL,j+3,10); fw 1271 tools/finsig_vxworks.c m = idxFollowBranch(fw,m,0x01000001); fw 1272 tools/finsig_vxworks.c if (idx2adr(fw,m) != idx2adr(fw,k)) fw 1274 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,m),32,0,122); fw 1279 tools/finsig_vxworks.c k = get_saved_sig(fw,"exmem_alloc_low"); fw 1282 tools/finsig_vxworks.c k = adr2idx(fw, func_names[k].val); fw 1285 tools/finsig_vxworks.c if (isBL(fw,k+n)) { fw 1286 tools/finsig_vxworks.c m = idxFollowBranch(fw,k+n,0x01000001); fw 1287 tools/finsig_vxworks.c if (idx2adr(fw,m) == idx2adr(fw,k)) fw 1289 tools/finsig_vxworks.c j = find_inst_rev(fw,isSTMFD_LR,k+n,14); fw 1291 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,j),32,0,122); fw 1300 tools/finsig_vxworks.c int find_exmem_free(firmware *fw) fw 1303 tools/finsig_vxworks.c int k = get_saved_sig(fw,"ExMem.FreeCacheable_FW"); // newer cam fw 1306 tools/finsig_vxworks.c k = get_saved_sig(fw,"exmem_free_low"); fw 1309 tools/finsig_vxworks.c k = adr2idx(fw, func_names[k].val); fw 1312 tools/finsig_vxworks.c if (isBL(fw,k+n)) { fw 1313 tools/finsig_vxworks.c int m = idxFollowBranch(fw,k+n,0x01000001); fw 1314 tools/finsig_vxworks.c if (idx2adr(fw,m) == idx2adr(fw,k)) fw 1319 tools/finsig_vxworks.c if ((fwval(fw,k+n-o)&0xfff00fff) == 0xe3c00201) { // bic rx, rx, 0x10000000 fw 1327 tools/finsig_vxworks.c int j = find_inst_rev(fw,isSTMFD_LR,k+n,30); fw 1329 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,j),32,0,122); fw 1338 tools/finsig_vxworks.c int find_exmem_alloc(firmware *fw) fw 1341 tools/finsig_vxworks.c int k = get_saved_sig(fw,"ExMem.AllocCacheable_FW"); // newer cam fw 1342 tools/finsig_vxworks.c k = get_saved_sig(fw,"exmem_alloc_low"); fw 1345 tools/finsig_vxworks.c k = adr2idx(fw, func_names[k].val); fw 1348 tools/finsig_vxworks.c if (isBL(fw,k+n)) { fw 1349 tools/finsig_vxworks.c int m = idxFollowBranch(fw,k+n,0x01000001); fw 1350 tools/finsig_vxworks.c if (idx2adr(fw,m) == idx2adr(fw,k)) fw 1355 tools/finsig_vxworks.c if ((fwval(fw,k+n+o)&0xfff00fff) == 0xe3c00201) { // bic rx, rx, 0x10000000 fw 1363 tools/finsig_vxworks.c int j = find_inst_rev(fw,isSTMFD_LR,k+n,16); fw 1365 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,j),32,0,122); fw 1374 tools/finsig_vxworks.c int find_get_ptp_buf_size(firmware *fw) fw 1376 tools/finsig_vxworks.c int j = get_saved_sig(fw,"handle_PTP_OC_SendObject"); // same handler as CANON_SendObjectByPath fw 1381 tools/finsig_vxworks.c int k=adr2idx(fw,func_names[j].val); fw 1392 tools/finsig_vxworks.c if(isMOV_immed(fw,k) && fwRn(fw,k) == 0 && ALUop2(fw,k) == file_buf_id && isBL(fw, k+1)) { fw 1393 tools/finsig_vxworks.c adr = followBranch(fw,idx2adr(fw,k+1),0x01000001); fw 1405 tools/finsig_vxworks.c if(isMOV_immed(fw,k) && fwRn(fw,k) == 0 && ALUop2(fw,k) == file_buf_id && isBL(fw, k+1)) { fw 1406 tools/finsig_vxworks.c uint32_t adr2 = followBranch(fw,idx2adr(fw,k+1),0x01000001); fw 1410 tools/finsig_vxworks.c fwAddMatch(fw,adr,32,0,122); fw 1419 tools/finsig_vxworks.c int find_GetBaseSv(firmware *fw) fw 1421 tools/finsig_vxworks.c int j = get_saved_sig(fw,"SetPropertyCase"); fw 1424 tools/finsig_vxworks.c j = adr2idx(fw, func_names[j].val); fw 1425 tools/finsig_vxworks.c int j2 = get_saved_sig(fw,"DebugAssert"); fw 1428 tools/finsig_vxworks.c j2 = adr2idx(fw, func_names[j2].val); fw 1430 tools/finsig_vxworks.c int sadr = find_str(fw, "Sensitive.c"); fw 1431 tools/finsig_vxworks.c if (sadr < fw->lowest_idx) fw 1433 tools/finsig_vxworks.c int s1 = find_nxt_str_ref(fw, sadr, -1/*fw->lowest_idx*/); fw 1447 tools/finsig_vxworks.c if ( isBL(fw, n) ) fw 1450 tools/finsig_vxworks.c k = idxFollowBranch(fw,n,0x01000001); fw 1451 tools/finsig_vxworks.c if ( idx2adr(fw, k) == idx2adr(fw, j) ) fw 1454 tools/finsig_vxworks.c k = find_inst(fw, isBL, s1+2, 6); fw 1457 tools/finsig_vxworks.c int l = idxFollowBranch(fw,k,0x01000001); fw 1458 tools/finsig_vxworks.c if (idx2adr(fw,l) == idx2adr(fw,j2)) // DebugAssert? fw 1460 tools/finsig_vxworks.c k = find_inst(fw, isBL, k+1, 6); fw 1463 tools/finsig_vxworks.c l = idxFollowBranch(fw,k,0x01000001); fw 1465 tools/finsig_vxworks.c if ( (fwval(fw,l)==0xe52de004) && fw 1466 tools/finsig_vxworks.c (fwval(fw,l+4)==0xe49df004) && fw 1467 tools/finsig_vxworks.c isBL(fw,l+1) ) fw 1470 tools/finsig_vxworks.c add_func_name("j_GetBaseSv", idx2adr(fw,l), ""); fw 1471 tools/finsig_vxworks.c k = idxFollowBranch(fw,l+1,0x01000001); fw 1472 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,k),32,0,122); fw 1481 tools/finsig_vxworks.c s1 = find_nxt_str_ref(fw, sadr, s1+1); fw 1488 tools/finsig_vxworks.c int find_GetCurrentDriveBaseSvValue(firmware *fw) fw 1490 tools/finsig_vxworks.c int f1 = get_saved_sig(fw,"ExpCtrlTool.OneShotAE_FW"); fw 1494 tools/finsig_vxworks.c f1 = adr2idx(fw, func_names[f1].val); fw 1498 tools/finsig_vxworks.c if(!isBL(fw,f1+i)) { fw 1503 tools/finsig_vxworks.c int f2 = idxFollowBranch(fw,f1+i,0x01000001); fw 1504 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,f2),32,0,122); fw 1511 tools/finsig_vxworks.c int find_Remove(firmware *fw) fw 1513 tools/finsig_vxworks.c int f1 = get_saved_sig(fw,"Close"); fw 1517 tools/finsig_vxworks.c f1 = adr2idx(fw, func_names[f1].val); fw 1519 tools/finsig_vxworks.c f2 = find_str_ref(fw,"File Write Fail."); fw 1524 tools/finsig_vxworks.c if(!isBL(fw,f2+i)) { fw 1528 tools/finsig_vxworks.c if(idxFollowBranch(fw,f2+i,0x01000001) == f1) { fw 1533 tools/finsig_vxworks.c f2 = idxFollowBranch(fw,f2+i,0x01000001); fw 1534 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,f2),32,0,122); fw 2055 tools/finsig_vxworks.c int vxworks_offset(__attribute__ ((unused))firmware *fw, string_sig *sig) fw 2065 tools/finsig_vxworks.c int fw_string_process(firmware *fw, string_sig *sig, int (*check_match)(firmware *fw, string_sig *sig, int j), int inc_eos) fw 2073 tools/finsig_vxworks.c for (br = fw->br; br != 0; br = br->next) fw 2079 tools/finsig_vxworks.c if (check_match(fw,sig,j)) fw 2090 tools/finsig_vxworks.c int fw_string_process_unaligned(firmware *fw, string_sig *sig, int (*check_match)(firmware *fw, string_sig *sig, int j)) fw 2097 tools/finsig_vxworks.c for (br = fw->br; br != 0; br = br->next) fw 2103 tools/finsig_vxworks.c if (check_match(fw,sig,j+br->off*4)) fw 2115 tools/finsig_vxworks.c int fw_process(firmware *fw, string_sig *sig, int (*check_match)(firmware *fw, string_sig *sig, int j)) fw 2121 tools/finsig_vxworks.c for (br = fw->br; br != 0; br = br->next) fw 2125 tools/finsig_vxworks.c if (check_match(fw,sig,j)) fw 2142 tools/finsig_vxworks.c int match_strsig1(firmware *fw, string_sig *sig, int j) fw 2144 tools/finsig_vxworks.c uint32_t fadr = fwval(fw,j-1); // function address fw 2145 tools/finsig_vxworks.c if (idx_valid(fw,adr2idx(fw,fadr))) // is function address valid fw 2148 tools/finsig_vxworks.c if (sig->offset > 1) fadr = followBranch(fw, fadr, 1); fw 2150 tools/finsig_vxworks.c fadr = followBranch2(fw, fadr, sig->offset); fw 2151 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,101); fw 2164 tools/finsig_vxworks.c int match_strsig2a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 2166 tools/finsig_vxworks.c if (fwval(fw,k) == sadr) // pointer to string? fw 2168 tools/finsig_vxworks.c uint32_t fadr = fwval(fw,k+1); // function address fw 2169 tools/finsig_vxworks.c if (idx_valid(fw,adr2idx(fw,fadr))) // is function address valid fw 2171 tools/finsig_vxworks.c uint32_t bfadr = followBranch2(fw, fadr, offset); fw 2174 tools/finsig_vxworks.c fwAddMatch(fw,bfadr,32,0,102); fw 2181 tools/finsig_vxworks.c int match_strsig2(firmware *fw, string_sig *sig, int j) fw 2184 tools/finsig_vxworks.c return search_fw(fw, match_strsig2a, fw->base + j, sig->offset, 2); fw 2205 tools/finsig_vxworks.c int match_strsig3a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 2207 tools/finsig_vxworks.c if (isADR_PC(fw,k+1) && // ADR ? fw 2208 tools/finsig_vxworks.c isBorBL(fw,k+2)) // B or BL ? fw 2210 tools/finsig_vxworks.c uint32_t padr = ADR2adr(fw,k+1); // get address pointed to by 2nd ADR instructioin fw 2215 tools/finsig_vxworks.c if (isADR_PC(fw,k)) // ADR ? fw 2222 tools/finsig_vxworks.c if (isADR_PC(fw,j2) && // ADR ? fw 2223 tools/finsig_vxworks.c isB(fw,j2+1)) // B fw 2225 tools/finsig_vxworks.c uint32_t fa = idx2adr(fw,j2+1); fw 2226 tools/finsig_vxworks.c fa = followBranch(fw,fa,1); fw 2227 tools/finsig_vxworks.c if (adr2idx(fw,fa) == k+1) fw 2237 tools/finsig_vxworks.c uint32_t fadr = ADR2adr(fw,j2); fw 2238 tools/finsig_vxworks.c if (offset > 1) fadr = followBranch(fw, fadr, 1); fw 2239 tools/finsig_vxworks.c fadr = followBranch2(fw, fadr, offset); fw 2240 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,103); fw 2247 tools/finsig_vxworks.c int match_strsig3(firmware *fw, string_sig *sig, int j) fw 2249 tools/finsig_vxworks.c return search_fw(fw, match_strsig3a, idx2adr(fw,j), sig->offset, 3); fw 2258 tools/finsig_vxworks.c int match_strsig4a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 2260 tools/finsig_vxworks.c if (isSTMFD(fw,k) && // STMFD fw 2261 tools/finsig_vxworks.c isADR_PC(fw,k+offset)) // ADR ? fw 2263 tools/finsig_vxworks.c uint32_t padr = ADR2adr(fw,k+offset); fw 2266 tools/finsig_vxworks.c uint32_t fadr = idx2adr(fw,k); fw 2267 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,104); fw 2273 tools/finsig_vxworks.c int match_strsig4(firmware *fw, string_sig *sig, int j) fw 2275 tools/finsig_vxworks.c return search_fw(fw, match_strsig4a, idx2adr(fw,j), sig->offset, sig->offset+1); fw 2294 tools/finsig_vxworks.c int match_strsig5a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 2296 tools/finsig_vxworks.c if ((isADR_PC(fw,k+1) || isLDR_PC(fw,k+1)) && // LDR or ADR ? fw 2297 tools/finsig_vxworks.c isBorBL(fw,k+2)) // B or BL ? fw 2300 tools/finsig_vxworks.c if (isLDR_PC(fw,k+1)) // LDR ? fw 2301 tools/finsig_vxworks.c padr = LDR2val(fw,k+1); fw 2303 tools/finsig_vxworks.c padr = ADR2adr(fw,k+1); fw 2308 tools/finsig_vxworks.c if (isLDR_PC(fw,k)) // LDR ? fw 2314 tools/finsig_vxworks.c if (isLDR_PC(fw,j2) && // LDR ? fw 2315 tools/finsig_vxworks.c isB(fw,j2+1)) // B fw 2317 tools/finsig_vxworks.c if (idxFollowBranch(fw,j2+1,1) == k+1) fw 2327 tools/finsig_vxworks.c uint32_t fadr = LDR2val(fw,j2); fw 2328 tools/finsig_vxworks.c if (offset > 1) fadr = followBranch(fw, fadr, 1); fw 2329 tools/finsig_vxworks.c fadr = followBranch2(fw, fadr, offset); fw 2332 tools/finsig_vxworks.c uint32_t fadr2 = followBranch(fw, fadr, dryos_ofst); fw 2336 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,105); fw 2343 tools/finsig_vxworks.c int match_strsig5(firmware *fw, string_sig *sig, int j) fw 2345 tools/finsig_vxworks.c dryos_ofst = vxworks_offset(fw,sig); fw 2346 tools/finsig_vxworks.c return search_fw(fw, match_strsig5a, idx2adr(fw,j), sig->offset, 3); fw 2351 tools/finsig_vxworks.c int match_strsig6(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 2353 tools/finsig_vxworks.c int j1 = find_inst_rev(fw, isSTMFD_LR, j-1, j-1); fw 2356 tools/finsig_vxworks.c uint32_t fadr = idx2adr(fw,j1); fw 2357 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,106); fw 2370 tools/finsig_vxworks.c int match_strsig7a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 2372 tools/finsig_vxworks.c if (isADR_PC_cond(fw,k) || isLDR_PC_cond(fw,k)) // LDR or ADR ? fw 2375 tools/finsig_vxworks.c if (isLDR_PC_cond(fw,k)) // LDR ? fw 2376 tools/finsig_vxworks.c padr = LDR2val(fw,k); fw 2378 tools/finsig_vxworks.c padr = ADR2adr(fw,k); fw 2381 tools/finsig_vxworks.c int j2 = find_inst(fw, isBL, k+1, 10); fw 2384 tools/finsig_vxworks.c uint32_t fa = idx2adr(fw,j2); fw 2385 tools/finsig_vxworks.c fa = followBranch2(fw,fa,offset); fw 2386 tools/finsig_vxworks.c fwAddMatch(fw,fa,32,0,107); fw 2393 tools/finsig_vxworks.c int match_strsig7(firmware *fw, string_sig *sig, int j) fw 2395 tools/finsig_vxworks.c return search_fw(fw, match_strsig7a, idx2adr(fw,j), sig->offset, 2); fw 2401 tools/finsig_vxworks.c int match_strsig8(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 2406 tools/finsig_vxworks.c uint32_t fadr = idx2adr(fw,j1); fw 2407 tools/finsig_vxworks.c if (fwval(fw,j1) >= fw->base) // pointer ?? fw 2412 tools/finsig_vxworks.c if (isLDR_PC(fw,j2) && (LDR2adr(fw,j2) == fadr)) // LDR ? fw 2414 tools/finsig_vxworks.c if ((isSTR(fw,j2+1) && (fwOp2(fw,j2+1) == ofst)) || // STR ? fw 2415 tools/finsig_vxworks.c (isSTR(fw,j2+2) && (fwOp2(fw,j2+2) == ofst))) // STR ? fw 2417 tools/finsig_vxworks.c fadr = fwval(fw,j1); fw 2418 tools/finsig_vxworks.c if (idx_valid(fw,adr2idx(fw,fadr))) fw 2420 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,108); fw 2431 tools/finsig_vxworks.c int find_strsig8(firmware *fw, string_sig *sig) fw 2437 tools/finsig_vxworks.c int j = get_saved_sig(fw,"UpdateMBROnFlash"); fw 2444 tools/finsig_vxworks.c j = get_saved_sig(fw,"MakeSDCardBootable"); fw 2454 tools/finsig_vxworks.c int idx = adr2idx(fw, fadr); fw 2459 tools/finsig_vxworks.c if (isLDR(fw,j) && isLDR(fw,j+1) && isLDR(fw,j+2)) fw 2461 tools/finsig_vxworks.c ofst = fwOp2(fw,j) + fwOp2(fw,j+1) + fwOp2(fw,j+2); fw 2468 tools/finsig_vxworks.c return fw_string_process(fw, sig, match_strsig8, 1); fw 2476 tools/finsig_vxworks.c int find_strsig9(firmware *fw, string_sig *sig) fw 2478 tools/finsig_vxworks.c int j = get_saved_sig(fw,sig->ev_name); fw 2483 tools/finsig_vxworks.c int ofst = vxworks_offset(fw, sig); fw 2484 tools/finsig_vxworks.c uint32_t fadr = followBranch(fw, func_names[j].val+ofst*4, 0xF1000001); fw 2488 tools/finsig_vxworks.c if (sig->offset != -1) fadr2 = followBranch2(fw, fadr2, sig->offset); fw 2491 tools/finsig_vxworks.c fwAddMatch(fw,fadr2,32,0,109); fw 2507 tools/finsig_vxworks.c int match_strsig11(firmware *fw, string_sig *sig, int j) fw 2509 tools/finsig_vxworks.c int ofst = vxworks_offset(fw, sig); fw 2511 tools/finsig_vxworks.c uint32_t sadr = idx2adr(fw,j); // string address fw 2515 tools/finsig_vxworks.c if (isADR_PC_cond(fw,j1)) // ADR ? fw 2517 tools/finsig_vxworks.c uint32_t padr = ADR2adr(fw,j1); fw 2520 tools/finsig_vxworks.c uint32_t fadr = idx2adr(fw,j1-ofst); fw 2521 tools/finsig_vxworks.c uint32_t bfadr = followBranch(fw,fadr,sig->offset); fw 2527 tools/finsig_vxworks.c if (isBL_cond(fw,j2) && // BLxx fw 2528 tools/finsig_vxworks.c isLDR_SP(fw,j2+1) && (fwRd(fw,j2+1) == 0) && // LDR R0,[SP,x] fw 2529 tools/finsig_vxworks.c isBL(fw,j2+2) && // BL fw 2530 tools/finsig_vxworks.c isMOV(fw,j2+3) && (fwRd(fw,j2+3) == 4) && (fwRn(fw,j2+3) == 0)) // LDR R4, R0 fw 2539 tools/finsig_vxworks.c fwAddMatch(fw,bfadr,32,0,111); fw 2602 tools/finsig_vxworks.c int match_strsig13a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 2604 tools/finsig_vxworks.c if (fwval(fw,k) == sadr) // string ptr fw 2606 tools/finsig_vxworks.c uint32_t padr = idx2adr(fw,k); // string ptr address fw 2610 tools/finsig_vxworks.c if (fwval(fw,j2) == padr) // string ptr address fw 2612 tools/finsig_vxworks.c uint32_t ppadr = idx2adr(fw,j2); // string ptr ptr address fw 2616 tools/finsig_vxworks.c if (isLDR_PC(fw,j3) && (LDR2adr(fw,j3) == ppadr)) fw 2618 tools/finsig_vxworks.c uint32_t fadr = idx2adr(fw,j3-offset); fw 2619 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,113); fw 2628 tools/finsig_vxworks.c int match_strsig13(firmware *fw, string_sig *sig, int j) fw 2631 tools/finsig_vxworks.c return search_fw(fw, match_strsig13a, fw->base + j, sig->offset, 1); fw 2641 tools/finsig_vxworks.c int match_strsig15a(firmware *fw, int k, uint32_t sadr, uint32_t offset) fw 2643 tools/finsig_vxworks.c if (isADR_PC_cond(fw,k) || isLDR_PC_cond(fw,k)) // LDR or ADR ? fw 2646 tools/finsig_vxworks.c if (isLDR_PC_cond(fw,k)) // LDR ? fw 2647 tools/finsig_vxworks.c padr = LDR2val(fw,k); fw 2649 tools/finsig_vxworks.c padr = ADR2adr(fw,k); fw 2652 tools/finsig_vxworks.c int j2 = find_inst_rev(fw, isBL, k-1, dryos_ofst); fw 2655 tools/finsig_vxworks.c uint32_t fa = idx2adr(fw,j2); fw 2656 tools/finsig_vxworks.c fa = followBranch2(fw,fa,offset); fw 2657 tools/finsig_vxworks.c fwAddMatch(fw,fa,32,0,115); fw 2664 tools/finsig_vxworks.c int match_strsig15(firmware *fw, string_sig *sig, int j) fw 2666 tools/finsig_vxworks.c dryos_ofst = vxworks_offset(fw,sig); fw 2668 tools/finsig_vxworks.c return search_fw(fw, match_strsig15a, idx2adr(fw,j), sig->offset, 1); fw 2673 tools/finsig_vxworks.c int match_strsig16(firmware *fw, string_sig *sig, int j) fw 2677 tools/finsig_vxworks.c if (isADR_PC_cond(fw,j) || isLDR_PC_cond(fw,j)) // LDR or ADR ? fw 2680 tools/finsig_vxworks.c if (isLDR_PC_cond(fw,j)) // LDR ? fw 2682 tools/finsig_vxworks.c int k = adr2idx(fw,LDR2adr(fw,j)); fw 2683 tools/finsig_vxworks.c if (idx_valid(fw,k)) fw 2684 tools/finsig_vxworks.c padr = fwval(fw,k); fw 2687 tools/finsig_vxworks.c padr = ADR2adr(fw,j); fw 2690 tools/finsig_vxworks.c int j2 = find_inst_rev(fw, isSTMFD_LR, j-1, 50); fw 2693 tools/finsig_vxworks.c uint32_t fa = idx2adr(fw,j2); fw 2694 tools/finsig_vxworks.c fwAddMatch(fw,fa,32,0,116); fw 2705 tools/finsig_vxworks.c int find_strsig17(firmware *fw, string_sig *sig) fw 2707 tools/finsig_vxworks.c int j = get_saved_sig(fw,"StartRecModeMenu"); fw 2713 tools/finsig_vxworks.c int idx = adr2idx(fw, func_names[j].val); fw 2715 tools/finsig_vxworks.c if (isLDR_PC(fw,idx-3) && isMOV_immed(fw,idx-2) && isB(fw,idx-1)) fw 2717 tools/finsig_vxworks.c k = adr2idx(fw,LDR2val(fw,idx-3)); fw 2719 tools/finsig_vxworks.c else if (isMOV_immed(fw,idx-3) && isADR_PC(fw,idx-2) && isB(fw,idx-1)) fw 2721 tools/finsig_vxworks.c k = adr2idx(fw,ADR2adr(fw,idx-2)); fw 2727 tools/finsig_vxworks.c fadr = followBranch(fw,idx2adr(fw,k+1),0x01000001); fw 2730 tools/finsig_vxworks.c k = find_inst(fw, isLDMFD, k+1, 60); fw 2731 tools/finsig_vxworks.c fadr = followBranch(fw,idx2adr(fw,k-1),0x01000001); fw 2733 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,117); fw 2752 tools/finsig_vxworks.c int find_strsig19(firmware *fw, string_sig *sig) fw 2754 tools/finsig_vxworks.c int j = get_saved_sig(fw,sig->ev_name); fw 2759 tools/finsig_vxworks.c int ofst = vxworks_offset(fw, sig); fw 2771 tools/finsig_vxworks.c case 0: k = isLDMFD_PC(fw, adr2idx(fw, fadr)-1-addoffs); break; fw 2772 tools/finsig_vxworks.c case 1: k = isB(fw, adr2idx(fw, fadr)-1-addoffs); break; fw 2776 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,119); fw 2793 tools/finsig_vxworks.c int match_strsig23a(firmware *fw, int k, uint32_t sadr, uint32_t maxdist) fw 2795 tools/finsig_vxworks.c if (isADR_PC_cond(fw,k) || isLDR_PC_cond(fw,k)) // LDR or ADR ? fw 2798 tools/finsig_vxworks.c if (isLDR_PC_cond(fw,k)) // LDR ? fw 2799 tools/finsig_vxworks.c padr = LDR2val(fw,k); fw 2801 tools/finsig_vxworks.c padr = ADR2adr(fw,k); fw 2807 tools/finsig_vxworks.c j2 = find_Nth_inst_rev(fw, isBorBL, k, maxdist, -dryos_ofst); fw 2811 tools/finsig_vxworks.c j2 = find_Nth_inst(fw, isBorBL, k+1, maxdist, dryos_ofst+1); fw 2815 tools/finsig_vxworks.c uint32_t fa = idx2adr(fw,j2); fw 2816 tools/finsig_vxworks.c fa = followBranch2(fw,fa,0x01000001); fw 2817 tools/finsig_vxworks.c fwAddMatch(fw,fa,32,0,123); fw 2824 tools/finsig_vxworks.c int match_strsig23(firmware *fw, string_sig *sig, int j) fw 2826 tools/finsig_vxworks.c dryos_ofst = vxworks_offset(fw,sig); fw 2831 tools/finsig_vxworks.c return search_fw(fw, match_strsig23a, idx2adr(fw,j), sig->offset, 2); fw 2841 tools/finsig_vxworks.c int match_strsig100(firmware *fw, string_sig *sig, int j) fw 2843 tools/finsig_vxworks.c int ofst = vxworks_offset(fw, sig); fw 2845 tools/finsig_vxworks.c uint32_t sadr = idx2adr(fw,j); // string address fw 2849 tools/finsig_vxworks.c if (isLDR(fw,j1)) // LDR ? fw 2851 tools/finsig_vxworks.c uint32_t pval = LDR2val(fw,j1); fw 2854 tools/finsig_vxworks.c uint32_t fadr = idx2adr(fw,j1-ofst); fw 2855 tools/finsig_vxworks.c uint32_t bfadr = followBranch(fw,fadr,sig->offset); fw 2858 tools/finsig_vxworks.c fwAddMatch(fw,bfadr,32,0,1100); fw 2875 tools/finsig_vxworks.c int match_strsig101(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 2877 tools/finsig_vxworks.c uint32_t sadr = idx2adr(fw,j); // string address fw 2881 tools/finsig_vxworks.c if (isLDR(fw,j1) && (fwRd(fw,j1)==0)) // LDR R0, fw 2883 tools/finsig_vxworks.c uint32_t pval = LDR2val(fw,j1); fw 2889 tools/finsig_vxworks.c if (isLDR(fw,j2) && (fwRd(fw,j2)==1)) // LDR R1, fw 2891 tools/finsig_vxworks.c uint32_t pval2 = LDR2val(fw,j2); fw 2892 tools/finsig_vxworks.c fwAddMatch(fw,pval2,32,0,1101); fw 2905 tools/finsig_vxworks.c int match_strsig102(firmware *fw, __attribute__ ((unused))string_sig *sig, int j) fw 2907 tools/finsig_vxworks.c uint32_t sadr = idx2adr(fw,j); // string address fw 2908 tools/finsig_vxworks.c char *n = (char*)adr2ptr(fw,sadr); fw 2914 tools/finsig_vxworks.c fwAddMatch(fw,sadr+nl,32,0,1102); fw 2925 tools/finsig_vxworks.c int match_strsig103(firmware *fw, string_sig *sig, int j) fw 2927 tools/finsig_vxworks.c int ofst = vxworks_offset(fw, sig); fw 2930 tools/finsig_vxworks.c if (isSTMFD_LR(fw,j1)) fw 2933 tools/finsig_vxworks.c j1 = find_Nth_inst(fw,isBL,j1+1,20,3); fw 2936 tools/finsig_vxworks.c j1 = idxFollowBranch(fw,j1,0x01000001); fw 2938 tools/finsig_vxworks.c j1 = find_Nth_inst(fw,isB,j1+1,32,1); fw 2941 tools/finsig_vxworks.c j1 = idxFollowBranch(fw,j1,0x01000001); fw 2942 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,j1),32,0,1103); fw 2962 tools/finsig_vxworks.c int match_strsig104(firmware *fw, string_sig *sig, int j) fw 2964 tools/finsig_vxworks.c int ofst = vxworks_offset(fw, sig); fw 2975 tools/finsig_vxworks.c uint32_t sadr = idx2adr(fw,j); // string address fw 2979 tools/finsig_vxworks.c if (isLDR(fw,j1)) // LDR ? fw 2981 tools/finsig_vxworks.c uint32_t pval = LDR2val(fw,j1); fw 2984 tools/finsig_vxworks.c int j2 = find_Nth_inst_rev(fw,instid,j1-1,sig->offset,ninst); fw 2987 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,j2-ofst),32,0,1104); fw 2998 tools/finsig_vxworks.c int find_strsig(firmware *fw, string_sig *sig) fw 3002 tools/finsig_vxworks.c case 1: return fw_string_process(fw, sig, match_strsig1, 1); fw 3003 tools/finsig_vxworks.c case 2: return fw_string_process_unaligned(fw, sig, match_strsig2); fw 3004 tools/finsig_vxworks.c case 3: return fw_string_process(fw, sig, match_strsig3, 1); fw 3005 tools/finsig_vxworks.c case 4: return fw_string_process(fw, sig, match_strsig4, 1); fw 3006 tools/finsig_vxworks.c case 5: return fw_string_process(fw, sig, match_strsig5, 1); fw 3007 tools/finsig_vxworks.c case 6: return fw_string_process(fw, sig, match_strsig6, 1); fw 3008 tools/finsig_vxworks.c case 7: return fw_string_process(fw, sig, match_strsig7, 1); fw 3009 tools/finsig_vxworks.c case 8: return find_strsig8(fw, sig); fw 3010 tools/finsig_vxworks.c case 9: return find_strsig9(fw, sig); fw 3011 tools/finsig_vxworks.c case 11: return fw_string_process(fw, sig, match_strsig11, 0); fw 3013 tools/finsig_vxworks.c case 13: return fw_string_process_unaligned(fw, sig, match_strsig13); fw 3014 tools/finsig_vxworks.c case 15: return fw_string_process(fw, sig, match_strsig15, 1); fw 3015 tools/finsig_vxworks.c case 16: return fw_process(fw, sig, match_strsig16); fw 3016 tools/finsig_vxworks.c case 17: return find_strsig17(fw, sig); fw 3017 tools/finsig_vxworks.c case 19: return find_strsig19(fw, sig); fw 3023 tools/finsig_vxworks.c uint32_t fadr = followBranch2(fw,func_names[j].val,sig->offset); fw 3024 tools/finsig_vxworks.c fwAddMatch(fw,fadr,32,0,120); fw 3029 tools/finsig_vxworks.c case 21: return fw_process(fw, sig, (int (*)(firmware*, string_sig*, int))(sig->ev_name)); fw 3030 tools/finsig_vxworks.c case 22: return ((int (*)(firmware*))(sig->ev_name))(fw); fw 3031 tools/finsig_vxworks.c case 23: return fw_string_process(fw, sig, match_strsig23, 1); fw 3032 tools/finsig_vxworks.c case 100: return fw_string_process(fw, sig, match_strsig100, 0); fw 3033 tools/finsig_vxworks.c case 101: return fw_string_process(fw, sig, match_strsig101, 0); fw 3034 tools/finsig_vxworks.c case 102: return fw_string_process(fw, sig, match_strsig102, 0); fw 3035 tools/finsig_vxworks.c case 103: return fw_string_process(fw, sig, match_strsig103, 0); fw 3036 tools/finsig_vxworks.c case 104: return fw_string_process(fw, sig, match_strsig104, 0); fw 3047 tools/finsig_vxworks.c void find_str_sig_matches(firmware *fw, const char *curr_name) fw 3059 tools/finsig_vxworks.c if (find_strsig(fw, &string_sigs[i])) fw 3080 tools/finsig_vxworks.c void find_matches(firmware *fw, const char *curr_name) fw 3098 tools/finsig_vxworks.c fwAddMatch(fw,func_names[i].val,32,0,120); fw 3109 tools/finsig_vxworks.c if (find_strsig(fw, &string_sigs[i])) fw 3137 tools/finsig_vxworks.c for (n = fw->br; n != 0; n = n->next) fw 3159 tools/finsig_vxworks.c if ((fw->buf[n->off+i+s->value] & 0x0F000000) == 0x0A000000) // B fw 3161 tools/finsig_vxworks.c idx = adr2idx(fw, followBranch2(fw, idx2adr(fw,n->off+i+s->value), 0xF0000001)); fw 3162 tools/finsig_vxworks.c if ((idx >= 0) && (idx < fw->size)) fw 3165 tools/finsig_vxworks.c p1 = &fw->buf[idx]; fw 3204 tools/finsig_vxworks.c if (isLDR_PC_cond(fw,n->off+i+s->offs)) fw 3206 tools/finsig_vxworks.c int m = adr2idx(fw,LDR2val(fw,n->off+i+s->offs)); fw 3207 tools/finsig_vxworks.c if ((m >= 0) && (m < fw->size) && (strcmp((char*)(&fw->buf[m]),"Mounter.c") == 0)) fw 3212 tools/finsig_vxworks.c else if (isADR_PC_cond(fw,n->off+i+s->offs)) fw 3214 tools/finsig_vxworks.c int m = adr2idx(fw,ADR2adr(fw,n->off+i+s->offs)); fw 3215 tools/finsig_vxworks.c if ((m >= 0) && (m < fw->size) && (strcmp((char*)(&fw->buf[m]),"Mounter.c") == 0)) fw 3226 tools/finsig_vxworks.c fwAddMatch(fw,idx2adr(fw,i+n->off),success,fail,func_list[j].ver); fw 3257 tools/finsig_vxworks.c void print_results(firmware *fw, const char *curr_name, int k) fw 3266 tools/finsig_vxworks.c osig* ostub2 = find_sig(fw->sv->stubs,curr_name); fw 3363 tools/finsig_vxworks.c void output_modemap(firmware *fw, int k, int l) fw 3367 tools/finsig_vxworks.c bprintf("%08x\n",idx2adr(fw,k)); fw 3369 tools/finsig_vxworks.c if (fw->buf[k] & 0xffff0000) fw 3372 tools/finsig_vxworks.c uint16_t *p = (uint16_t*)(&fw->buf[k]); fw 3376 tools/finsig_vxworks.c osig *m = find_sig_val(fw->sv->modemap, *p); fw 3397 tools/finsig_vxworks.c uint32_t *p = (uint32_t*)(&fw->buf[k]); fw 3401 tools/finsig_vxworks.c osig *m = find_sig_val(fw->sv->modemap, *p); fw 3404 tools/finsig_vxworks.c osig *m = find_sig_val(fw->sv->modemap, (*p)&0xffff); fw 3438 tools/finsig_vxworks.c osig *m = fw->sv->modemap; fw 3454 tools/finsig_vxworks.c int find_modelist(firmware *fw, uint32_t fadr) fw 3459 tools/finsig_vxworks.c j1 = fwval(fw,adr2idx(fw,fadr)); fw 3460 tools/finsig_vxworks.c k1 = adr2idx(fw,j1); fw 3463 tools/finsig_vxworks.c k2 = find_inst_rev(fw,isLDMFD_PC,k1-1,50); fw 3467 tools/finsig_vxworks.c k2 = find_Nth_inst_rev(fw,isMOV,k1-1,16,2); fw 3471 tools/finsig_vxworks.c k1 = find_inst_rev(fw,isLDR,k2,5); fw 3474 tools/finsig_vxworks.c j1 = LDR2val(fw,k1); fw 3475 tools/finsig_vxworks.c k1 = adr2idx(fw,j1); fw 3478 tools/finsig_vxworks.c j1 = fwval(fw,k1); fw 3479 tools/finsig_vxworks.c k1 = adr2idx(fw,j1); fw 3482 tools/finsig_vxworks.c k1 = find_inst_rev(fw,isMOV,k1-1,120); fw 3485 tools/finsig_vxworks.c if (fwval(fw,k1) != 0xe1a0f00e) // mov pc, lr fw 3488 tools/finsig_vxworks.c if (!(isLDR(fw,k1) && (fwRd(fw,k1)==0))) // ldr r0, fw 3491 tools/finsig_vxworks.c j1 = LDR2val(fw,k1); fw 3492 tools/finsig_vxworks.c k1 = adr2idx(fw,j1); fw 3496 tools/finsig_vxworks.c bprintf("// Firmware modemap table found @%08x -> ",idx2adr(fw,k1)); fw 3497 tools/finsig_vxworks.c output_modemap(fw,k1,k2-k1); fw 3504 tools/finsig_vxworks.c int match_FlashParamsTable2(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 3506 tools/finsig_vxworks.c if (fw->buf[k] == v1) fw 3508 tools/finsig_vxworks.c FlashParamsTable_address = idx2adr(fw,k); fw 3514 tools/finsig_vxworks.c int match_FlashParamsTable(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 3516 tools/finsig_vxworks.c if ((fw->buf[k] > fw->base) && (fw->buf[k+1] == 0x00010000) && ((fw->buf[k+2] == 0xFFFF0000)||(fw->buf[k+2] == 0xFFFF0002))) fw 3518 tools/finsig_vxworks.c if (search_fw(fw, match_FlashParamsTable2, idx2adr(fw,k), 0, 1)) fw 3522 tools/finsig_vxworks.c if ((fw->buf[k+1] > fw->base) && (fw->buf[k] == 0x00000000) && (fw->buf[k+2] == 0x00000001) && fw 3523 tools/finsig_vxworks.c (fw->buf[k+3] == 0x00000000) && (fw->buf[k+4] == 0xffffffff)) fw 3525 tools/finsig_vxworks.c if (search_fw(fw, match_FlashParamsTable2, idx2adr(fw,k), 0, 1)) fw 3531 tools/finsig_vxworks.c void find_modemap(firmware *fw) fw 3536 tools/finsig_vxworks.c search_fw(fw, match_FlashParamsTable, 0, 0, 1); fw 3547 tools/finsig_vxworks.c find_modelist(fw,FlashParamsTable_address); fw 3553 tools/finsig_vxworks.c int find_FileAccessSem(firmware *fw) fw 3555 tools/finsig_vxworks.c void print_stubs_min(firmware *fw, const char *name, uint32_t fadr, uint32_t atadr); fw 3556 tools/finsig_vxworks.c int s1 = find_str(fw, "FileSem.c"); fw 3559 tools/finsig_vxworks.c s1 = find_inst(fw, isLDR_PC, s1+2, 16); fw 3562 tools/finsig_vxworks.c uint32_t u1 = LDR2val(fw, s1); fw 3563 tools/finsig_vxworks.c if (u1 > fw->memisostart) fw 3565 tools/finsig_vxworks.c print_stubs_min(fw,"fileio_semaphore",u1,idx2adr(fw,s1)); fw 3571 tools/finsig_vxworks.c int find_DebugAssert_argcount(firmware *fw) fw 3573 tools/finsig_vxworks.c int s1 = find_str_ref(fw, "Memory.c"); fw 3576 tools/finsig_vxworks.c int k = isLDR_PC(fw, s1); fw 3579 tools/finsig_vxworks.c k = fwRd(fw, s1); fw 3600 tools/finsig_vxworks.c void find_platform_vals(firmware *fw) fw 3753 tools/finsig_vxworks.c k1 = adr2idx(fw,FlashParamsTable_address); fw 3756 tools/finsig_vxworks.c uint32_t fadr = fwval(fw,k); fw 3757 tools/finsig_vxworks.c int k2 = adr2idx(fw,fadr); fw 3758 tools/finsig_vxworks.c if (idx_valid(fw,k2)) fw 3760 tools/finsig_vxworks.c uint32_t sadr = fwval(fw,k2); fw 3761 tools/finsig_vxworks.c k2 = adr2idx(fw,sadr); fw 3762 tools/finsig_vxworks.c if (idx_valid(fw,k2)) fw 3764 tools/finsig_vxworks.c char *s = adr2ptr(fw,sadr); fw 3765 tools/finsig_vxworks.c if (((fw->cam != 0) && (strcmp(s,fw->cam) == 0)) || (strcmp(s,"Unknown") == 0)) fw 3775 tools/finsig_vxworks.c find_DebugAssert_argcount(fw); fw 3780 tools/finsig_vxworks.c uint32_t find_viewport_address(firmware *fw, int *kout) fw 3785 tools/finsig_vxworks.c k = find_str_ref(fw, "VRAM Address : %p\r"); fw 3790 tools/finsig_vxworks.c if (isLDR(fw,k1) && isLDR(fw,k1+1)) fw 3792 tools/finsig_vxworks.c uint32_t v1 = LDR2val(fw,k1); fw 3793 tools/finsig_vxworks.c uint32_t v2 = LDR2val(fw,k1+1); fw 3805 tools/finsig_vxworks.c int match_vid_get_bitmap_fb(firmware *fw, int k, __attribute__ ((unused))int v) fw 3807 tools/finsig_vxworks.c if (isBL(fw,k-1) && // BL fw 3808 tools/finsig_vxworks.c isLDR_PC(fw,k)) fw 3810 tools/finsig_vxworks.c uint32_t v1 = LDR2val(fw,k); fw 3811 tools/finsig_vxworks.c bprintf("//void *vid_get_bitmap_fb() { return (void*)0x%08x; } // Found @0x%08x\n",v1,idx2adr(fw,k)); fw 3815 tools/finsig_vxworks.c if (isBL(fw,k-1) && // BL fw 3816 tools/finsig_vxworks.c (isLDR_PC(fw,k+1))) fw 3818 tools/finsig_vxworks.c uint32_t v1 = LDR2val(fw,k+1); fw 3819 tools/finsig_vxworks.c bprintf("//void *vid_get_bitmap_fb() { return (void*)0x%08x; } // Found @0x%08x\n",v1,idx2adr(fw,k)); fw 3826 tools/finsig_vxworks.c int match_get_flash_params_count(firmware *fw, int k, __attribute__ ((unused))int v) fw 3828 tools/finsig_vxworks.c if ((fw->buf[k] & 0xFFF00FFF) == 0xE3C00901) // BIC Rn, Rn, #0x4000 fw 3830 tools/finsig_vxworks.c uint32_t r = (fw->buf[k] & 0x0000F000)<<4; // Register fw 3834 tools/finsig_vxworks.c if (((fw->buf[n] & 0xFFF00000) == 0xE3500000) && ((fw->buf[n] & 0x000F0000) == r)) // CMP, Rn #val fw 3837 tools/finsig_vxworks.c bprintf("//int get_flash_params_count(void) { return 0x%02x; } // Found @0x%08x\n",(fw->buf[n]&0xFFF)+1,idx2adr(fw,n)); fw 3847 tools/finsig_vxworks.c int match_uiprop_count(firmware *fw, int k, __attribute__ ((unused))int v) fw 3851 tools/finsig_vxworks.c if (isB(fw, k+6)) fw 3853 tools/finsig_vxworks.c j = idxFollowBranch(fw,k+6,0x01000001); fw 3860 tools/finsig_vxworks.c if (isLDMFD_PC(fw,m)) break; fw 3861 tools/finsig_vxworks.c if (isCMP(fw,m)) fw 3863 tools/finsig_vxworks.c uint32_t v1 = ALUop2(fw,m); fw 3877 tools/finsig_vxworks.c osig *o = find_sig(fw->sv->stubs_min,name); fw 3880 tools/finsig_vxworks.c bprintf("//DEF_CONST(%-34s,0x%08x) // Found @0x%08x",name,uic,idx2adr(fw,j)); fw 3892 tools/finsig_vxworks.c bprintf("DEF_CONST(%-34s,0x%08x) // Found @0x%08x",name,uic,idx2adr(fw,j)); fw 3898 tools/finsig_vxworks.c int isMOVLRPC(firmware *fw, int offset) fw 3900 tools/finsig_vxworks.c return (fwval(fw,offset) == 0xE1A0E00F); // MOV LR, PC fw 3903 tools/finsig_vxworks.c int match_imager_active(firmware *fw, int k, __attribute__ ((unused))int v) fw 3909 tools/finsig_vxworks.c if (fwval(fw,k) == 0xe49df004) // POP {PC} fw 3911 tools/finsig_vxworks.c int k1 = find_inst_rev(fw, isBL, k-1, 10); fw 3918 tools/finsig_vxworks.c if (isLDR(fw,k1) || isADR(fw,k1)) fw 3920 tools/finsig_vxworks.c if (isADR(fw,k1)) fw 3922 tools/finsig_vxworks.c a = ADR2adr(fw, k1); fw 3926 tools/finsig_vxworks.c a = LDR2val(fw, k1); fw 3928 tools/finsig_vxworks.c if ((a>fw->base) && ((a&3) == 0)) fw 3930 tools/finsig_vxworks.c int k3 = adr2idx(fw, a); fw 3931 tools/finsig_vxworks.c if (isSTMFD_LR(fw,k3)) fw 3933 tools/finsig_vxworks.c k3 = find_inst(fw, isMOVLRPC, k3+1, 6); fw 3939 tools/finsig_vxworks.c if (isSTR_cond(fw,k3+k4)) fw 3941 tools/finsig_vxworks.c reg = fwRn(fw,k3+k4); fw 3942 tools/finsig_vxworks.c o = fwval(fw,k3+k4) & 0xff; // offset, should be around 4 fw 3943 tools/finsig_vxworks.c where = idx2adr(fw,k3+k4); fw 3945 tools/finsig_vxworks.c if (reg>=0 && isLDR_cond(fw,k3+k4) && fwRd(fw,k3+k4)==reg) fw 3947 tools/finsig_vxworks.c adr = LDR2val(fw,k3+k4); fw 3948 tools/finsig_vxworks.c if (adr < fw->memisostart) fw 3972 tools/finsig_vxworks.c void find_lib_vals(firmware *fw) fw 4056 tools/finsig_vxworks.c search_saved_sig(fw, "GetParameterData", match_get_flash_params_count, 0, 0, 30); fw 4061 tools/finsig_vxworks.c void print_stubs_min(firmware *fw, const char *name, uint32_t fadr, uint32_t atadr) fw 4063 tools/finsig_vxworks.c osig *o = find_sig(fw->sv->stubs_min,name); fw 4084 tools/finsig_vxworks.c int print_exmem_types(firmware *fw) fw 4089 tools/finsig_vxworks.c int ii = adr2idx(fw, exm_typ_tbl); fw 4093 tools/finsig_vxworks.c bprintf("// %s %i\n",adr2ptr(fw, fwval(fw,ii+n)),n); fw 4099 tools/finsig_vxworks.c int find_exmem_alloc_table(firmware *fw) fw 4101 tools/finsig_vxworks.c int i = get_saved_sig(fw,"exmem_assert"); fw 4106 tools/finsig_vxworks.c i = adr2idx(fw, func_names[i].val); fw 4111 tools/finsig_vxworks.c if ( ((fwval(fw,i+n)&0xffff0000)==0xe59f0000) ) // ldr rx, [pc, #imm] fw 4113 tools/finsig_vxworks.c u = LDR2val(fw, i+n); fw 4114 tools/finsig_vxworks.c if (u>fw->base && u<fw->base+fw->size*4-4 && (u&3)==0) fw 4124 tools/finsig_vxworks.c int ii = adr2idx(fw, exm_typ_tbl); fw 4128 tools/finsig_vxworks.c if ( (fwval(fw,ii+n)!=0) && isASCIIstring(fw, fwval(fw,ii+n)) ) fw 4130 tools/finsig_vxworks.c extyp = adr2ptr(fw, fwval(fw,ii+n)); fw 4145 tools/finsig_vxworks.c if ( ((fwval(fw,i+n)&0xffff0000)==0xe59f0000) ) // ldr rx, [pc, #imm] fw 4147 tools/finsig_vxworks.c u = LDR2val(fw, i+n); fw 4148 tools/finsig_vxworks.c if (u>fw->data_start && u<fw->data_start+fw->data_len*4 && (fwRd(fw,i+n)>3)) fw 4157 tools/finsig_vxworks.c print_stubs_min(fw,"exmem_alloc_table",u,idx2adr(fw,i+n)); fw 4161 tools/finsig_vxworks.c print_stubs_min(fw,"exmem_types_table",exm_typ_tbl,exm_typ_tbl); fw 4170 tools/finsig_vxworks.c int match_levent_table(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 4172 tools/finsig_vxworks.c if ((fw->buf[k] > fw->base) && (fw->buf[k+1] == 0x00000800) && (fw->buf[k+2] == 0x00000002)) fw 4174 tools/finsig_vxworks.c print_stubs_min(fw,"levent_table",idx2adr(fw,k),idx2adr(fw,k)); fw 4176 tools/finsig_vxworks.c uint32_t levent_tbl = idx2adr(fw,k); fw 4178 tools/finsig_vxworks.c write_levent_table_dump(fw, levent_tbl); fw 4184 tools/finsig_vxworks.c int match_movie_status(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 4186 tools/finsig_vxworks.c if (isLDR_PC(fw, k) && // LDR R0, =base fw 4187 tools/finsig_vxworks.c ((fw->buf[k+1] & 0xFE0F0000) == 0xE20F0000) && // ADR R1, =sub fw 4188 tools/finsig_vxworks.c isSTR(fw, k+2) && // STR R1, [R0,N] fw 4189 tools/finsig_vxworks.c (fw->buf[k+3] == 0xE3A01003) && // MOV R1, 3 fw 4190 tools/finsig_vxworks.c isSTR(fw, k+4) && // STR R1, [R0,ofst] fw 4191 tools/finsig_vxworks.c (LDR2val(fw,k) < fw->base)) fw 4193 tools/finsig_vxworks.c uint32_t base = LDR2val(fw,k); fw 4194 tools/finsig_vxworks.c uint32_t ofst = fw->buf[k+4] & 0x00000FFF; fw 4195 tools/finsig_vxworks.c print_stubs_min(fw,"movie_status",base+ofst,idx2adr(fw,k)); fw 4199 tools/finsig_vxworks.c if (isLDR_PC(fw, k) && // LDR R1, =sub fw 4200 tools/finsig_vxworks.c isLDR_PC(fw, k+1) && // LDR R0, =base fw 4201 tools/finsig_vxworks.c isSTR(fw, k+2) && // STR R1, [R0,N] fw 4202 tools/finsig_vxworks.c (fw->buf[k+3] == 0xE3A01003) && // MOV R1, 3 fw 4203 tools/finsig_vxworks.c isSTR(fw, k+4) && // STR R1, [R0,ofst] fw 4204 tools/finsig_vxworks.c (LDR2val(fw,k+1) < fw->base)) fw 4206 tools/finsig_vxworks.c uint32_t base = LDR2val(fw,k+1); fw 4207 tools/finsig_vxworks.c uint32_t ofst = fw->buf[k+4] & 0x00000FFF; fw 4208 tools/finsig_vxworks.c print_stubs_min(fw,"movie_status",base+ofst,idx2adr(fw,k)); fw 4212 tools/finsig_vxworks.c if (isLDR_PC(fw, k) && // LDR Rx, =base fw 4213 tools/finsig_vxworks.c isLDR(fw, k+1) && (fwRd(fw,k) == fwRn(fw,k+1)) && // LDR R0, [Rx, ...] fw 4214 tools/finsig_vxworks.c isCMP(fw, k+2) && (fwRd(fw,k+2) == fwRd(fw,k+1)) && // CMP R0, #... fw 4215 tools/finsig_vxworks.c (fwval(fw,k+3) == 0x03A00005) && fw 4216 tools/finsig_vxworks.c isSTR_cond(fw, k+4) && (fwRn(fw,k+4) == fwRd(fw,k)) && // STRxx R0, [Rx,ofst] fw 4217 tools/finsig_vxworks.c (LDR2val(fw,k) < fw->base)) fw 4219 tools/finsig_vxworks.c uint32_t base = LDR2val(fw,k); fw 4220 tools/finsig_vxworks.c uint32_t ofst = fwOp2(fw,k+4); fw 4221 tools/finsig_vxworks.c print_stubs_min(fw,"movie_status",base+ofst,idx2adr(fw,k)); fw 4227 tools/finsig_vxworks.c int match_full_screen_refresh(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 4229 tools/finsig_vxworks.c if (((fw->buf[k] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base fw 4230 tools/finsig_vxworks.c (fw->buf[k+1] == 0xE5D01000) && // LDRB R1, [R0] fw 4231 tools/finsig_vxworks.c (fw->buf[k+2] == 0xE3811002) && // ORR R1, R1, #2 fw 4232 tools/finsig_vxworks.c (fw->buf[k+3] == 0xE5C01000) && // STRB R1, [R0] fw 4233 tools/finsig_vxworks.c isBX_LR(fw,k+4)) // BX LR fw 4235 tools/finsig_vxworks.c uint32_t base = LDR2val(fw,k); fw 4236 tools/finsig_vxworks.c print_stubs_min(fw,"full_screen_refresh",base,idx2adr(fw,k)); fw 4241 tools/finsig_vxworks.c int match_canon_shoot_menu_active(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 4243 tools/finsig_vxworks.c if (((fw->buf[k] & 0xFF1FF000) == 0xE51F1000) && // LDR R1, =base fw 4244 tools/finsig_vxworks.c ((fw->buf[k+1] & 0xFFFFF000) == 0xE5D10000) && // LDRB R0, [R1, #n] fw 4245 tools/finsig_vxworks.c (fw->buf[k+2] == 0xE2800001) && // ADD R0, R0, #1 fw 4246 tools/finsig_vxworks.c ((fw->buf[k+3] & 0xFFFFF000) == 0xE5C10000) && // STRB R0, [R1, #n] fw 4247 tools/finsig_vxworks.c (isB(fw,k+4))) // B fw 4249 tools/finsig_vxworks.c uint32_t base = LDR2val(fw,k); fw 4250 tools/finsig_vxworks.c uint32_t ofst = fw->buf[k+1] & 0x00000FFF; fw 4251 tools/finsig_vxworks.c print_stubs_min(fw,"canon_shoot_menu_active",base+ofst,idx2adr(fw,k)); fw 4254 tools/finsig_vxworks.c if (((fw->buf[k] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base fw 4255 tools/finsig_vxworks.c ((fw->buf[k+1] & 0xFFFFF000) == 0xE5D01000) && // LDRB R1, [R0, #n] fw 4256 tools/finsig_vxworks.c (fw->buf[k+2] == 0xE2811001) && // ADD R1, R1, #1 fw 4257 tools/finsig_vxworks.c ((fw->buf[k+3] & 0xFFFFF000) == 0xE5C01000) && // STRB R1, [R0, #n] fw 4258 tools/finsig_vxworks.c (isB(fw,k+4))) // B fw 4260 tools/finsig_vxworks.c uint32_t base = LDR2val(fw,k); fw 4261 tools/finsig_vxworks.c uint32_t ofst = fw->buf[k+1] & 0x00000FFF; fw 4262 tools/finsig_vxworks.c print_stubs_min(fw,"canon_shoot_menu_active",base+ofst,idx2adr(fw,k)); fw 4267 tools/finsig_vxworks.c int match_playrec_mode(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 4269 tools/finsig_vxworks.c if (((fw->buf[k] & 0xFF1FF000) == 0xE51F1000) && // LDR R1, =base fw 4270 tools/finsig_vxworks.c ((fw->buf[k+1] & 0xFFFFF000) == 0xE5810000) && // STR R0, [R1, #n] fw 4271 tools/finsig_vxworks.c ((fw->buf[k+3] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base fw 4272 tools/finsig_vxworks.c ((fw->buf[k+4] & 0xFFFFF000) == 0xE5900000) && // LDR R0, [R0, #n] fw 4273 tools/finsig_vxworks.c ((fw->buf[k+6] & 0xFF1FF000) == 0xE51F1000) && // LDR R1, =base fw 4274 tools/finsig_vxworks.c ((fw->buf[k+9] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base fw 4275 tools/finsig_vxworks.c ((fw->buf[k+12] & 0xFF1FF000) == 0xE51F1000) && // LDR R1, =base fw 4276 tools/finsig_vxworks.c ((fw->buf[k+15] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base fw 4277 tools/finsig_vxworks.c ((fw->buf[k+18] & 0xFF1FF000) == 0xE51F1000) && // LDR R1, =base fw 4278 tools/finsig_vxworks.c (LDR2val(fw,k) == LDR2val(fw,k+3)) && fw 4279 tools/finsig_vxworks.c (LDR2val(fw,k) == LDR2val(fw,k+6)) && fw 4280 tools/finsig_vxworks.c (LDR2val(fw,k) == LDR2val(fw,k+9)) && fw 4281 tools/finsig_vxworks.c (LDR2val(fw,k) == LDR2val(fw,k+12)) && fw 4282 tools/finsig_vxworks.c (LDR2val(fw,k) == LDR2val(fw,k+15)) && fw 4283 tools/finsig_vxworks.c (LDR2val(fw,k) == LDR2val(fw,k+18))) fw 4285 tools/finsig_vxworks.c uint32_t base = LDR2val(fw,k); fw 4286 tools/finsig_vxworks.c uint32_t ofst = fw->buf[k+1] & 0x00000FFF; fw 4287 tools/finsig_vxworks.c print_stubs_min(fw,"playrec_mode",base+ofst,idx2adr(fw,k)); fw 4292 tools/finsig_vxworks.c int match_some_flag_for_af_scan(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 4294 tools/finsig_vxworks.c if (isB(fw,k) && // B loc fw 4295 tools/finsig_vxworks.c isB(fw,k+1) && // B loc fw 4296 tools/finsig_vxworks.c isB(fw,k+2) && // B loc fw 4297 tools/finsig_vxworks.c isB(fw,k+3) && // B loc fw 4298 tools/finsig_vxworks.c isB(fw,k+4) && // B loc fw 4299 tools/finsig_vxworks.c isB(fw,k+5) && // B loc fw 4300 tools/finsig_vxworks.c isB(fw,k+6) && // B loc fw 4301 tools/finsig_vxworks.c isB(fw,k+7) && // B loc fw 4302 tools/finsig_vxworks.c (followBranch(fw,idx2adr(fw,k),1) != followBranch(fw,idx2adr(fw,k+1),1)) && fw 4303 tools/finsig_vxworks.c (followBranch(fw,idx2adr(fw,k),1) == followBranch(fw,idx2adr(fw,k+2),1)) && fw 4304 tools/finsig_vxworks.c (followBranch(fw,idx2adr(fw,k),1) == followBranch(fw,idx2adr(fw,k+3),1)) && fw 4305 tools/finsig_vxworks.c (followBranch(fw,idx2adr(fw,k),1) != followBranch(fw,idx2adr(fw,k+4),1)) && fw 4306 tools/finsig_vxworks.c (followBranch(fw,idx2adr(fw,k),1) != followBranch(fw,idx2adr(fw,k+5),1)) && fw 4307 tools/finsig_vxworks.c (followBranch(fw,idx2adr(fw,k),1) == followBranch(fw,idx2adr(fw,k+6),1)) && fw 4308 tools/finsig_vxworks.c (followBranch(fw,idx2adr(fw,k),1) == followBranch(fw,idx2adr(fw,k+7),1)) && fw 4309 tools/finsig_vxworks.c (isLDR_PC(fw,adr2idx(fw,followBranch(fw,idx2adr(fw,k),1))))) // LDR R0, =base fw 4311 tools/finsig_vxworks.c uint32_t base = LDR2val(fw,adr2idx(fw,followBranch(fw,idx2adr(fw,k),1))); fw 4312 tools/finsig_vxworks.c if (base < fw->base) fw 4313 tools/finsig_vxworks.c print_stubs_min(fw,"some_flag_for_af_scan",base,followBranch(fw,idx2adr(fw,k),1)); fw 4318 tools/finsig_vxworks.c int match_palette_data(firmware *fw, int k, __attribute__ ((unused))uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 4320 tools/finsig_vxworks.c if ((fw->buf[k] == 0) && (fw->buf[k+1] == 0x00FF0000) && fw 4321 tools/finsig_vxworks.c (fw->buf[k+577] == 1) && (fw->buf[k+578] == 0x00FF0000) && fw 4322 tools/finsig_vxworks.c (fw->buf[k+1154] == 2) && (fw->buf[k+1155] == 0x00FF0000)) fw 4324 tools/finsig_vxworks.c return idx2adr(fw,k); fw 4326 tools/finsig_vxworks.c else if ((fw->buf[k] == 0) && (fw->buf[k+1] == 0x00FF0000) && fw 4327 tools/finsig_vxworks.c (fw->buf[k+513] == 1) && (fw->buf[k+514] == 0x00FF0000) && fw 4328 tools/finsig_vxworks.c (fw->buf[k+1026] == 2) && (fw->buf[k+1027] == 0x00FF0000)) fw 4330 tools/finsig_vxworks.c return idx2adr(fw,k); fw 4335 tools/finsig_vxworks.c int match_palette_buffer_offset(firmware *fw, int k) fw 4337 tools/finsig_vxworks.c int idx2 = idxFollowBranch(fw, k, 0x01000001); fw 4338 tools/finsig_vxworks.c if (isLDR(fw, idx2+2) && isBL(fw, idx2+3)) fw 4340 tools/finsig_vxworks.c uint32_t palette_size = LDR2val(fw,idx2+2); fw 4343 tools/finsig_vxworks.c bprintf("// Offset from start of palette_buffer to color data = %d (Found @0x%08x)\n",palette_size-0x400,idx2adr(fw,idx2+2)); fw 4347 tools/finsig_vxworks.c else if (isADR(fw, idx2+2) && isBL(fw, idx2+3)) fw 4349 tools/finsig_vxworks.c uint32_t palette_size = ALUop2(fw,idx2+2); fw 4352 tools/finsig_vxworks.c bprintf("// Offset from start of palette_buffer to color data = %d (Found @0x%08x)\n",palette_size-0x400,idx2adr(fw,idx2+2)); fw 4359 tools/finsig_vxworks.c int match_palette_data3(firmware *fw, int k, uint32_t palette_data, __attribute__ ((unused))uint32_t v2) fw 4361 tools/finsig_vxworks.c if (isLDR_PC(fw, k) && (LDR2val(fw,k) == palette_data) && isLDR_PC(fw,k-1) && isLDR_PC(fw,k-6) && isLDR(fw,k-5)) fw 4363 tools/finsig_vxworks.c uint32_t palette_control = LDR2val(fw,k-6); fw 4364 tools/finsig_vxworks.c int ptr_offset = fwOp2(fw,k-5); fw 4365 tools/finsig_vxworks.c uint32_t fadr = find_inst_rev(fw, isSTMFD_LR, k-7, 30); fw 4368 tools/finsig_vxworks.c int k1 = search_fw(fw, find_B, fadr, 0, 1); fw 4369 tools/finsig_vxworks.c if ((k1 > 0) && isLDR_PC(fw,k1-2) && isLDR(fw,k1-1) && (LDR2val(fw,k1-2) == palette_control)) fw 4371 tools/finsig_vxworks.c int active_offset = fwOp2(fw,k1-1); fw 4372 tools/finsig_vxworks.c print_stubs_min(fw,"active_palette_buffer",palette_control+active_offset,idx2adr(fw,k1-1)); fw 4373 tools/finsig_vxworks.c print_stubs_min(fw,"palette_buffer_ptr",palette_control+ptr_offset,idx2adr(fw,k-5)); fw 4374 tools/finsig_vxworks.c if (isBL(fw,k+8)) fw 4376 tools/finsig_vxworks.c fadr = followBranch(fw, idx2adr(fw,k+8), 0x01000001); fw 4377 tools/finsig_vxworks.c int idx = adr2idx(fw, fadr); fw 4378 tools/finsig_vxworks.c if (isLDR(fw, idx+2) && isBL(fw, idx+3)) fw 4380 tools/finsig_vxworks.c uint32_t palette_size = LDR2val(fw,idx+2); fw 4383 tools/finsig_vxworks.c bprintf("// Offset from start of palette_buffer to color data = %d (Found @0x%08x)\n",palette_size-0x400,idx2adr(fw,idx+2)); fw 4394 tools/finsig_vxworks.c int match_palette_data2(firmware *fw, int k, uint32_t v1, uint32_t v2) fw 4396 tools/finsig_vxworks.c if (isLDR(fw,k) && (LDR2val(fw,k) == v1)) fw 4401 tools/finsig_vxworks.c if (isBL(fw,k1) && isLDMFD(fw,k1+2)) fw 4403 tools/finsig_vxworks.c uint32_t fadr = followBranch(fw, idx2adr(fw,k1), 0x01000001); fw 4404 tools/finsig_vxworks.c int idx = adr2idx(fw, fadr); fw 4408 tools/finsig_vxworks.c if (isSTR(fw,k2) && isLDMFD(fw,k2+1)) fw 4410 tools/finsig_vxworks.c int ptr_offset = fwval(fw,k2) & 0xFFF; fw 4411 tools/finsig_vxworks.c print_stubs_min(fw,"palette_buffer_ptr",v2+ptr_offset,idx2adr(fw,k2)); fw 4415 tools/finsig_vxworks.c if (isBL(fw,k) && isCMP(fw,k+1) && isADR_PC(fw,k+2)) fw 4417 tools/finsig_vxworks.c fadr = ADR2adr(fw,k+2); fw 4418 tools/finsig_vxworks.c idx = adr2idx(fw, fadr); fw 4422 tools/finsig_vxworks.c if (isBL(fw,k3)) fw 4424 tools/finsig_vxworks.c if (match_palette_buffer_offset(fw,k3)) fw 4434 tools/finsig_vxworks.c else if (isLDR_cond(fw,k1) && isLDMFD(fw,k1+2) && isBL(fw,k1-2)) fw 4436 tools/finsig_vxworks.c int ptr_offset = fwval(fw,k1) & 0xFFF; fw 4437 tools/finsig_vxworks.c print_stubs_min(fw,"palette_buffer_ptr",v2+ptr_offset,idx2adr(fw,k1)); fw 4438 tools/finsig_vxworks.c match_palette_buffer_offset(fw, k1-2); fw 4446 tools/finsig_vxworks.c int match_SavePaletteData(firmware *fw, int idx, int palette_data) fw 4448 tools/finsig_vxworks.c if (isBL(fw,idx+13)) fw 4450 tools/finsig_vxworks.c uint32_t fadr = followBranch(fw, idx2adr(fw,idx+13), 0x01000001); fw 4451 tools/finsig_vxworks.c idx = adr2idx(fw, fadr); fw 4452 tools/finsig_vxworks.c if (isLDR(fw,idx) && isLDR(fw,idx+1) && isB(fw,idx+2)) fw 4454 tools/finsig_vxworks.c uint32_t palette_control = LDR2val(fw,idx); fw 4455 tools/finsig_vxworks.c print_stubs_min(fw,"palette_control",palette_control,idx2adr(fw,idx)); fw 4456 tools/finsig_vxworks.c int active_offset = fwval(fw,idx+1) & 0xFFF; fw 4457 tools/finsig_vxworks.c print_stubs_min(fw,"active_palette_buffer",palette_control+active_offset,idx2adr(fw,idx+1)); fw 4458 tools/finsig_vxworks.c fadr = followBranch(fw,idx2adr(fw,idx+2),1); fw 4459 tools/finsig_vxworks.c idx = adr2idx(fw, fadr); fw 4460 tools/finsig_vxworks.c if (isLDR(fw,idx+17) && isLDR(fw,idx+18) && isLDR(fw,idx+12) && (LDR2val(fw,idx+12) == palette_control)) fw 4462 tools/finsig_vxworks.c if (isLDR(fw,idx+13)) fw 4464 tools/finsig_vxworks.c int ptr_offset = fwval(fw,idx+13) & 0xFFF; fw 4465 tools/finsig_vxworks.c print_stubs_min(fw,"palette_buffer_ptr",palette_control+ptr_offset,idx2adr(fw,idx+13)); fw 4468 tools/finsig_vxworks.c if ((fwval(fw,idx+18) & 0x0000F000) == 0) fw 4470 tools/finsig_vxworks.c palette_buffer = LDR2val(fw,idx+17); fw 4471 tools/finsig_vxworks.c print_stubs_min(fw,"palette_buffer",palette_buffer,idx2adr(fw,idx+17)); fw 4475 tools/finsig_vxworks.c palette_buffer = LDR2val(fw,idx+18); fw 4476 tools/finsig_vxworks.c print_stubs_min(fw,"palette_buffer",palette_buffer,idx2adr(fw,idx+18)); fw 4478 tools/finsig_vxworks.c if (isBL(fw,idx+26)) fw 4480 tools/finsig_vxworks.c fadr = followBranch(fw, idx2adr(fw,idx+26), 0x01000001); fw 4481 tools/finsig_vxworks.c idx = adr2idx(fw, fadr); fw 4482 tools/finsig_vxworks.c if (isLDR(fw, idx+2) && isBL(fw, idx+3)) fw 4484 tools/finsig_vxworks.c uint32_t palette_size = LDR2val(fw,idx+2); fw 4487 tools/finsig_vxworks.c bprintf("// Offset from start of palette_buffer to color data = %d (Found @0x%08x)\n",palette_size-0x400,idx2adr(fw,idx+2)); fw 4493 tools/finsig_vxworks.c else if (isLDR(fw,idx) && isLDR(fw,idx+6) && isLDR(fw,idx+7) && isBX(fw,idx+8)) fw 4496 tools/finsig_vxworks.c if ((fwval(fw,idx+6) & 0x0000F000) == 0) fw 4497 tools/finsig_vxworks.c active_offset = fwval(fw,idx+6) & 0xFFF; fw 4498 tools/finsig_vxworks.c else if ((fwval(fw,idx+7) & 0x0000F000) == 0) fw 4499 tools/finsig_vxworks.c active_offset = fwval(fw,idx+7) & 0xFFF; fw 4502 tools/finsig_vxworks.c uint32_t palette_control = LDR2val(fw,idx); fw 4504 tools/finsig_vxworks.c print_stubs_min(fw,"active_palette_buffer",palette_control+active_offset,idx2adr(fw,idx+1)); fw 4505 tools/finsig_vxworks.c search_fw(fw, match_palette_data2, palette_data, palette_control, 1); fw 4514 tools/finsig_vxworks.c int match_viewport_address3(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 4516 tools/finsig_vxworks.c if (isLDR_PC(fw,k) && (LDR2val(fw,k) == v1)) fw 4519 tools/finsig_vxworks.c int k1 = find_inst_rev(fw, isSTMFD_LR, k-1, 1000); fw 4523 tools/finsig_vxworks.c if (isLDR_PC(fw,k1+1) && isLDR_PC(fw,k1+2) && isLDR(fw,k1+3) && fw 4524 tools/finsig_vxworks.c (fwRd(fw,k1+1) == fwRn(fw,k1+3))) fw 4526 tools/finsig_vxworks.c uint32_t a = LDR2val(fw,k1+1); fw 4527 tools/finsig_vxworks.c print_stubs_min(fw,"viewport_buffers",v1,idx2adr(fw,k)); fw 4528 tools/finsig_vxworks.c print_stubs_min(fw,"active_viewport_buffer",a,idx2adr(fw,k1+1)); fw 4532 tools/finsig_vxworks.c if (isLDR_PC(fw,k1+1) && isLDR_PC(fw,k1+3) && isLDR(fw,k1+4) && fw 4533 tools/finsig_vxworks.c (fwRd(fw,k1+1) == fwRn(fw,k1+4))) fw 4535 tools/finsig_vxworks.c uint32_t a = LDR2val(fw,k1+1); fw 4536 tools/finsig_vxworks.c print_stubs_min(fw,"viewport_buffers",v1,idx2adr(fw,k)); fw 4537 tools/finsig_vxworks.c print_stubs_min(fw,"active_viewport_buffer",a,idx2adr(fw,k1+1)); fw 4541 tools/finsig_vxworks.c if (isLDR_PC(fw,k1+1) && isLDR_PC(fw,k1+4) && isLDR(fw,k1+5) && fw 4542 tools/finsig_vxworks.c (fwRd(fw,k1+1) == fwRn(fw,k1+5))) fw 4544 tools/finsig_vxworks.c uint32_t a = LDR2val(fw,k1+1); fw 4545 tools/finsig_vxworks.c print_stubs_min(fw,"viewport_buffers",v1,idx2adr(fw,k)); fw 4546 tools/finsig_vxworks.c print_stubs_min(fw,"active_viewport_buffer",a,idx2adr(fw,k1+1)); fw 4554 tools/finsig_vxworks.c int match_viewport_address2(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 4556 tools/finsig_vxworks.c if (fw->buf[k] == v1) fw 4558 tools/finsig_vxworks.c if (search_fw(fw, match_viewport_address3, v1, 0, 1)) fw 4564 tools/finsig_vxworks.c int match_viewport_address(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 4566 tools/finsig_vxworks.c if (fw->buf[k] == v1) fw 4569 tools/finsig_vxworks.c if (search_fw(fw, match_viewport_address2, idx2adr(fw,k), 0, 1)) fw 4575 tools/finsig_vxworks.c int match_physw_status(firmware *fw, int k, __attribute__ ((unused))int v) fw 4577 tools/finsig_vxworks.c if (isLDR_PC(fw,k)) fw 4579 tools/finsig_vxworks.c print_stubs_min(fw,"physw_status",LDR2val(fw,k),idx2adr(fw,k)); fw 4585 tools/finsig_vxworks.c int match_physw_run(firmware *fw, int k, __attribute__ ((unused))int v) fw 4587 tools/finsig_vxworks.c if (isLDR_PC(fw,k)) fw 4589 tools/finsig_vxworks.c uint32_t base = LDR2val(fw,k); fw 4590 tools/finsig_vxworks.c uint32_t fadr = followBranch(fw, idx2adr(fw,k+1), 1); fw 4591 tools/finsig_vxworks.c uint32_t ofst = fw->buf[adr2idx(fw,fadr)] & 0x00000FFF; fw 4592 tools/finsig_vxworks.c print_stubs_min(fw,"physw_run",base+ofst,idx2adr(fw,k)); fw 4594 tools/finsig_vxworks.c ofst = fw->buf[k+2] & 0x00000FFF; fw 4595 tools/finsig_vxworks.c print_stubs_min(fw,"physw_sleep_delay",base+ofst,idx2adr(fw,k)); fw 4601 tools/finsig_vxworks.c int match_canon_menu_active(firmware *fw, int k, __attribute__ ((unused))int v) fw 4603 tools/finsig_vxworks.c if (isLDR_PC(fw,k)) fw 4605 tools/finsig_vxworks.c uint32_t base = LDR2val(fw,k); fw 4609 tools/finsig_vxworks.c if (isLDR(fw,k1)) fw 4611 tools/finsig_vxworks.c uint32_t ofst = fw->buf[k1] & 0x00000FFF; fw 4612 tools/finsig_vxworks.c print_stubs_min(fw,"canon_menu_active",base+ofst,idx2adr(fw,k)); fw 4620 tools/finsig_vxworks.c int match_zoom_busy(firmware *fw, int k, __attribute__ ((unused))int v) fw 4622 tools/finsig_vxworks.c if (isBL(fw,k)) fw 4624 tools/finsig_vxworks.c int idx1 = idxFollowBranch(fw,k,0x01000001); fw 4628 tools/finsig_vxworks.c if ((fw->buf[k1] & 0xFFFF0000) == 0xE8BD0000) // LDMFD fw 4631 tools/finsig_vxworks.c if (isADR_PC(fw,k1+1)) fw 4633 tools/finsig_vxworks.c fadr = ADR2adr(fw,k1+1); fw 4635 tools/finsig_vxworks.c else if (isADR_PC(fw,k1+2)) fw 4637 tools/finsig_vxworks.c fadr = ADR2adr(fw,k1+2); fw 4639 tools/finsig_vxworks.c else if (isADR_PC(fw,k1-3)) fw 4641 tools/finsig_vxworks.c fadr = ADR2adr(fw,k1-3); fw 4643 tools/finsig_vxworks.c else if (isLDR_PC(fw,k1+1)) fw 4645 tools/finsig_vxworks.c fadr = LDR2val(fw,k1+1); fw 4647 tools/finsig_vxworks.c else if (isLDR_PC(fw,k1+2)) fw 4649 tools/finsig_vxworks.c fadr = LDR2val(fw,k1+2); fw 4653 tools/finsig_vxworks.c int idx2 = adr2idx(fw,fadr); fw 4654 tools/finsig_vxworks.c if (isLDR_PC(fw,idx2+1) && isLDR(fw,idx2+2)) fw 4656 tools/finsig_vxworks.c int base = LDR2val(fw,idx2+1); fw 4657 tools/finsig_vxworks.c int ofst = fw->buf[idx2+2] & 0xFFF; fw 4658 tools/finsig_vxworks.c print_stubs_min(fw,"zoom_busy",base+ofst-4,fadr); fw 4669 tools/finsig_vxworks.c int match_focus_busy(firmware *fw, int k, __attribute__ ((unused))int v) fw 4671 tools/finsig_vxworks.c if ((fw->buf[k] & 0xFFFF0000) == 0xE8BD0000) // LDMFD fw 4674 tools/finsig_vxworks.c if (isBL(fw,k-2)) fw 4676 tools/finsig_vxworks.c k1 = idxFollowBranch(fw,k-2,0x01000001); fw 4678 tools/finsig_vxworks.c if (isBL(fw,k-1)) fw 4680 tools/finsig_vxworks.c k1 = idxFollowBranch(fw,k-1,0x01000001); fw 4684 tools/finsig_vxworks.c if (isLDR_PC(fw,k1+1) && isLDR(fw,k1+3)) fw 4686 tools/finsig_vxworks.c int base = LDR2val(fw,k1+1); fw 4687 tools/finsig_vxworks.c int ofst = fw->buf[k1+3] & 0xFFF; fw 4688 tools/finsig_vxworks.c print_stubs_min(fw,"focus_busy",base+ofst-4,idx2adr(fw,k1)); fw 4697 tools/finsig_vxworks.c int match_bitmap_buffer2(firmware *fw, int k, int v) fw 4699 tools/finsig_vxworks.c uint32_t screen_lock = idx2adr(fw,k); fw 4700 tools/finsig_vxworks.c if (isBL(fw,v) && (followBranch(fw,idx2adr(fw,v),0x01000001) == screen_lock) && isBL(fw,v+2) && isBL(fw,v+3)) fw 4702 tools/finsig_vxworks.c uint32_t fadr = followBranch2(fw,idx2adr(fw,v+3),0x01000001); fw 4703 tools/finsig_vxworks.c int k1 = adr2idx(fw,fadr); fw 4704 tools/finsig_vxworks.c if (isLDR_PC(fw,k1+1)) fw 4706 tools/finsig_vxworks.c uint32_t reg = (fwval(fw,k1+1) & 0x0000F000) >> 12; fw 4707 tools/finsig_vxworks.c uint32_t adr = LDR2val(fw,k1+1); fw 4711 tools/finsig_vxworks.c if (isLDR_PC(fw,k2) && isLDR(fw,k2+1) && (((fwval(fw,k2+1) & 0x000F0000) >> 16) == reg)) fw 4713 tools/finsig_vxworks.c uint32_t bitmap_buffer = LDR2val(fw,k2); fw 4716 tools/finsig_vxworks.c uint32_t active_bitmap_buffer = adr + (fwval(fw,k2+1) & 0xFFF); fw 4717 tools/finsig_vxworks.c print_stubs_min(fw,"bitmap_buffer",bitmap_buffer,idx2adr(fw,k2)); fw 4718 tools/finsig_vxworks.c print_stubs_min(fw,"active_bitmap_buffer",active_bitmap_buffer,idx2adr(fw,k2+1)); fw 4728 tools/finsig_vxworks.c int match_bitmap_buffer(firmware *fw, int k, __attribute__ ((unused))int v) fw 4730 tools/finsig_vxworks.c search_saved_sig(fw, "ScreenLock", match_bitmap_buffer2, k, 0, 1); fw 4734 tools/finsig_vxworks.c int match_raw_buffer(firmware *fw, int k, uint32_t rb1, __attribute__ ((unused))uint32_t v2) fw 4736 tools/finsig_vxworks.c if (((fwval(fw,k) == rb1) && (fwval(fw,k+4) == rb1) && (fwval(fw,k-2) != 1)) || fw 4737 tools/finsig_vxworks.c ((fwval(fw,k) == rb1) && (fwval(fw,k+4) == rb1) && (fwval(fw,k+20) == rb1))) fw 4739 tools/finsig_vxworks.c uint32_t rb2 = fwval(fw,k+1); fw 4742 tools/finsig_vxworks.c bprintf("// Camera has 2 RAW buffers @ 0x%08x & 0x%08x\n", rb1, rb2, idx2adr(fw,k)); fw 4745 tools/finsig_vxworks.c print_stubs_min(fw,"raw_buffers",idx2adr(fw,k),idx2adr(fw,k)); fw 4749 tools/finsig_vxworks.c else if ((fwval(fw,k) == rb1) && (fwval(fw,k-2) == 2) && (fwval(fw,k-7) == rb1)) fw 4751 tools/finsig_vxworks.c uint32_t rb2 = fwval(fw,k+3); fw 4754 tools/finsig_vxworks.c bprintf("// Camera has 2 RAW buffers @ 0x%08x & 0x%08x\n", rb1, rb2, idx2adr(fw,k)); fw 4757 tools/finsig_vxworks.c print_stubs_min(fw,"raw_buffers",idx2adr(fw,k),idx2adr(fw,k)); fw 4764 tools/finsig_vxworks.c int match_cameracon_state(firmware *fw, int k, __attribute__ ((unused))int v) fw 4778 tools/finsig_vxworks.c if (isLDR_PC(fw,k)) fw 4780 tools/finsig_vxworks.c int rd = fwRd(fw,k); fw 4784 tools/finsig_vxworks.c uint32_t base = LDR2val(fw,k); fw 4786 tools/finsig_vxworks.c uint32_t ofst = fw->buf[k] & 0x00000FFF; fw 4787 tools/finsig_vxworks.c if (isSTR(fw,k) && fwRd(fw,k) == 5 && fwRn(fw,k) == rd && ofst == 0) fw 4789 tools/finsig_vxworks.c print_stubs_min(fw,"cameracon_state",base,idx2adr(fw,k)); fw 4799 tools/finsig_vxworks.c int find_DoMovieFrameCapture_buf(firmware *fw) fw 4802 tools/finsig_vxworks.c int k = get_saved_sig(fw,"DoMovieFrameCapture"); fw 4803 tools/finsig_vxworks.c int ka = get_saved_sig(fw,"ClearEventFlag"); fw 4806 tools/finsig_vxworks.c k = adr2idx(fw, func_names[k].val); fw 4807 tools/finsig_vxworks.c ka = adr2idx(fw, func_names[ka].val); fw 4810 tools/finsig_vxworks.c int k2 = find_inst(fw,isBL,k,14); fw 4811 tools/finsig_vxworks.c if (k2 == -1 || idxFollowBranch(fw,k2,0x01000001) != ka) fw 4818 tools/finsig_vxworks.c if (reg < 0 && isLDR_PC(fw,k1)) fw 4820 tools/finsig_vxworks.c uint32_t v = LDR2val(fw,k1); fw 4821 tools/finsig_vxworks.c if (v>uncached_adr && v<uncached_adr+fw->maxram && (v&3)==0) fw 4824 tools/finsig_vxworks.c frsp_buf_at = idx2adr(fw,k1); fw 4828 tools/finsig_vxworks.c if (isMOV_immed(fw,k1) && ALUop2a(fw,k1)>uncached_adr) fw 4830 tools/finsig_vxworks.c reg = fwRd(fw,k1); fw 4831 tools/finsig_vxworks.c frsp_buf = ALUop2a(fw,k1); fw 4832 tools/finsig_vxworks.c frsp_buf_at = idx2adr(fw, k1); fw 4836 tools/finsig_vxworks.c if ((fwval(fw,k1)&0xfffff000) == (0xe2800000+(reg<<12)+(reg<<16))) // ADD Rx, Rx, #imm fw 4838 tools/finsig_vxworks.c frsp_buf += ALUop2a(fw,k1); fw 4839 tools/finsig_vxworks.c frsp_buf_at = idx2adr(fw, k1); fw 4845 tools/finsig_vxworks.c k = get_saved_sig(fw,"WBInteg.DoCaptMovieFrame_FW"); fw 4848 tools/finsig_vxworks.c k = adr2idx(fw, func_names[k].val); fw 4849 tools/finsig_vxworks.c ka = find_inst(fw,isLDR_PC,k,6); fw 4852 tools/finsig_vxworks.c uint32_t v = LDR2val(fw,ka); fw 4853 tools/finsig_vxworks.c if (v>uncached_adr && v<uncached_adr+fw->maxram && (v&3)==0) fw 4856 tools/finsig_vxworks.c frsp_buf_at = idx2adr(fw,ka); fw 4863 tools/finsig_vxworks.c void find_stubs_min(firmware *fw) fw 4873 tools/finsig_vxworks.c search_fw(fw, match_levent_table, 0, 0, 1); fw 4877 tools/finsig_vxworks.c print_stubs_min(fw,"FlashParamsTable",FlashParamsTable_address,FlashParamsTable_address); fw 4879 tools/finsig_vxworks.c find_FileAccessSem(fw); fw 5199 tools/finsig_vxworks.c find_exmem_alloc_table(fw); fw 5202 tools/finsig_vxworks.c search_saved_sig(fw, "ImagerActivate", match_imager_active, 0/*v*/, 0, 30); fw 5212 tools/finsig_vxworks.c search_saved_sig(fw, "PTM_SetCurrentItem", match_uiprop_count, 0, 0, 30); fw 5214 tools/finsig_vxworks.c search_saved_sig(fw, "cameracon_set_state", match_cameracon_state, 0, 3, 1); fw 5219 tools/finsig_vxworks.c int find_ctypes(firmware *fw, int k) fw 5233 tools/finsig_vxworks.c if ((uint32_t)k < (fw->size*4 - sizeof(ctypes))) fw 5235 tools/finsig_vxworks.c if (memcmp(((char*)fw->buf)+k,ctypes,sizeof(ctypes)) == 0) fw 5237 tools/finsig_vxworks.c bprintf("DEF(ctypes, 0x%08x)\n", fw->base + k); fw 5244 tools/finsig_vxworks.c int match_nrflag3(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 5246 tools/finsig_vxworks.c if (isBL(fw,k) && (idxFollowBranch(fw,k,0x01000001) == (int)v1)) fw 5253 tools/finsig_vxworks.c if ((fwval(fw,k3) & 0x0F0FF000) == 0x020D3000) // Dest = R3, Src = SP = skip fw 5255 tools/finsig_vxworks.c if ((fwval(fw,k3) & 0xFF0FF000) == 0xE2033000) // ADD/SUB R3,R3,x fw 5258 tools/finsig_vxworks.c if ((fwval(fw,k3) & 0x00F00000) == 0x00400000) // SUB fw 5259 tools/finsig_vxworks.c ofst1 -= (fwval(fw,k3) & 0x00000FFF); fw 5261 tools/finsig_vxworks.c ofst1 += (fwval(fw,k3) & 0x00000FFF); fw 5263 tools/finsig_vxworks.c if (isLDR_PC(fw,k3) && (fwRd(fw,k3) == 3)) fw 5265 tools/finsig_vxworks.c uint32_t ofst2 = LDR2val(fw,k3); fw 5266 tools/finsig_vxworks.c if (ofst2 > (fw->data_len*4 + fw->data_start)) // has to be in the preinited data section fw 5271 tools/finsig_vxworks.c bprintf("DEF(_nrflag,0x%04x) // Found @ %08x (0x%04x)\n",ofst2,idx2adr(fw,k3),ofst2); fw 5272 tools/finsig_vxworks.c bprintf("//static long *nrflag = (long*)(0x%04x); // Found @ %08x\n",ofst2,idx2adr(fw,k3)); fw 5276 tools/finsig_vxworks.c bprintf("DEF(_nrflag,0x%04x) // Found @ %08x (0x%04x) & %08x (-0x%02x)\n",ofst2+ofst1,idx2adr(fw,k3),ofst2,idx2adr(fw,k),-ofst1); fw 5277 tools/finsig_vxworks.c bprintf("//static long *nrflag = (long*)(0x%04x-0x%02x); // Found @ %08x & %08x\n",ofst2,-ofst1,idx2adr(fw,k3),idx2adr(fw,k4)); fw 5281 tools/finsig_vxworks.c bprintf("DEF(_nrflag,0x%04x) // Found @ %08x (0x%04x) & %08x (+0x%02x)\n",ofst2+ofst1,idx2adr(fw,k3),ofst2,idx2adr(fw,k),ofst1); fw 5282 tools/finsig_vxworks.c bprintf("//static long *nrflag = (long*)(0x%04x+0x%02x); // Found @ %08x & %08x\n",ofst2,ofst1,idx2adr(fw,k3),idx2adr(fw,k4)); fw 5291 tools/finsig_vxworks.c int match_nrflag(firmware *fw, int idx, __attribute__ ((unused))int v) fw 5296 tools/finsig_vxworks.c if (isLDR(fw, idx+1) && isLDR(fw, idx+2)) fw 5299 tools/finsig_vxworks.c int ofst2 = LDR2val(fw, k3); fw 5303 tools/finsig_vxworks.c if (isB(fw, k1)) fw 5305 tools/finsig_vxworks.c k2 = idxFollowBranch(fw,k1,0x01000001); fw 5306 tools/finsig_vxworks.c if (isSTR(fw, k2)) fw 5312 tools/finsig_vxworks.c if (isSTR(fw, k2)) fw 5322 tools/finsig_vxworks.c int ofst1 = fw->buf[k2] & 0x00000FFF; fw 5324 tools/finsig_vxworks.c bprintf("DEF(_nrflag,0x%04x) // Found @ %08x (0x%04x) & %08x (+0x%02x)\n",ofst2+ofst1,idx2adr(fw,k3),ofst2,idx2adr(fw,k2),ofst1); fw 5325 tools/finsig_vxworks.c bprintf("//static long *nrflag = (long*)(0x%04x+0x%02x); // Found @ %08x & %08x\n",ofst2,ofst1,idx2adr(fw,k3),idx2adr(fw,k2)); fw 5333 tools/finsig_vxworks.c int match_nrflag2(firmware *fw, int k, __attribute__ ((unused))int v) fw 5336 tools/finsig_vxworks.c if (isBL(fw,k)) fw 5338 tools/finsig_vxworks.c k = idxFollowBranch(fw,k,0x01000001); fw 5339 tools/finsig_vxworks.c return search_fw(fw, match_nrflag3, k, 0, 1); fw 5348 tools/finsig_vxworks.c int isADD_0x220000(firmware *fw, int offset) fw 5350 tools/finsig_vxworks.c return ((fwval(fw,offset) & 0xfff00fff) == (0xe2800822)); fw 5359 tools/finsig_vxworks.c int find_leds(firmware *fw) fw 5363 tools/finsig_vxworks.c int k1 = find_str_ref(fw,"LEDCon"); fw 5366 tools/finsig_vxworks.c k1 = find_inst_rev(fw,isSTMFD_LR,k1,96); fw 5369 tools/finsig_vxworks.c j1 = find_inst(fw,isBL,k1,80); fw 5370 tools/finsig_vxworks.c j2 = find_Nth_inst(fw,isBL,k1,80,3); fw 5374 tools/finsig_vxworks.c if (followBranch(fw,idx2adr(fw,j1),0x01000001) != followBranch(fw,idx2adr(fw,j2),0x01000001)) fw 5376 tools/finsig_vxworks.c k1 = find_Nth_inst(fw,isBL,k1,80,2); fw 5378 tools/finsig_vxworks.c k1 = idxFollowBranch(fw,k1,0x01000001); fw 5381 tools/finsig_vxworks.c bprintf("// LED table init @ 0x%x\n",idx2adr(fw,k1)); fw 5385 tools/finsig_vxworks.c j1 = find_Nth_inst(fw,isADD_0x220000,k1,40,j2); fw 5388 tools/finsig_vxworks.c led.reg = fwRd(fw,j1); fw 5392 tools/finsig_vxworks.c while (!isSTMFD_LR(fw,n)) fw 5394 tools/finsig_vxworks.c if ((fwval(fw,n)&0xfffff000) == (0xe2800000+(led.reg<<12)+(led.reg<<16))) // ADD Rx, Rx, #0xc00000yz fw 5396 tools/finsig_vxworks.c if ( ALUop2a(fw,n) >= 0xc0000000 ) fw 5398 tools/finsig_vxworks.c led.addr += ALUop2a(fw,n); fw 5401 tools/finsig_vxworks.c else if ((fwval(fw,n)&0xfffff000) == (0xe3a00000+(led.reg<<12))) // MOV Rx, #imm fw 5403 tools/finsig_vxworks.c led.addr += ALUop2a(fw,n); fw 5405 tools/finsig_vxworks.c while (!isLDMFD_PC(fw,m)) fw 5407 tools/finsig_vxworks.c if ((fwval(fw,m)&0xfff0f000) == (0xe5800000+(led.reg<<12))) // STR Rx, [Ry, imm] fw 5409 tools/finsig_vxworks.c led.offs = fwval(fw,m) & 0xfff; fw 5436 tools/finsig_vxworks.c void find_other_vals(firmware *fw) fw 5443 tools/finsig_vxworks.c print_exmem_types(fw); fw 5444 tools/finsig_vxworks.c find_leds(fw); fw 5447 tools/finsig_vxworks.c search_saved_sig(fw, "NR_GetDarkSubType", match_nrflag2, 0, 0, 20); fw 5452 tools/finsig_vxworks.c void print_kval(firmware *fw, uint32_t tadr, int tsiz, int tlen, uint32_t ev, const char *name, char *sfx) fw 5454 tools/finsig_vxworks.c int tidx = adr2idx(fw,tadr); fw 5458 tools/finsig_vxworks.c if (fw->buf[tidx+k+1] == ev) fw 5460 tools/finsig_vxworks.c kval = fw->buf[tidx+k]; fw 5461 tools/finsig_vxworks.c tadr = idx2adr(fw,tidx+k); fw 5506 tools/finsig_vxworks.c uint32_t add_kmval(firmware *fw, uint32_t tadr, int tsiz, int tlen, uint32_t ev, const char *name, uint32_t xtra) fw 5508 tools/finsig_vxworks.c int tidx = adr2idx(fw,tadr); fw 5514 tools/finsig_vxworks.c if (fw->buf[tidx+k+1] == ev) fw 5516 tools/finsig_vxworks.c kval = fw->buf[tidx+k]; fw 5517 tools/finsig_vxworks.c tadr = idx2adr(fw,tidx+k); fw 5604 tools/finsig_vxworks.c int match_GetSDProtect(firmware *fw, int k, __attribute__ ((unused))int v) fw 5606 tools/finsig_vxworks.c if (isB(fw,k)) // B fw 5608 tools/finsig_vxworks.c k = idxFollowBranch(fw,k,1); fw 5609 tools/finsig_vxworks.c if (isLDR_PC(fw,k)) fw 5611 tools/finsig_vxworks.c return LDR2val(fw,k); fw 5618 tools/finsig_vxworks.c void find_key_vals(firmware *fw) fw 5626 tools/finsig_vxworks.c uint32_t tadr = search_saved_sig(fw, "GetSDProtect", match_GetSDProtect, 0, 1, 1); fw 5629 tools/finsig_vxworks.c k = find_str_ref(fw,"SD Not Exist\n"); fw 5634 tools/finsig_vxworks.c if (isBL(fw,k1)) // BL fw 5636 tools/finsig_vxworks.c uint32_t fadr = followBranch(fw,idx2adr(fw,k1),0x01000001); fw 5637 tools/finsig_vxworks.c int k2 = adr2idx(fw,fadr); fw 5638 tools/finsig_vxworks.c if (isLDR_PC(fw,k2)) fw 5640 tools/finsig_vxworks.c tadr = LDR2val(fw,k2); fw 5649 tools/finsig_vxworks.c if (fw->buf[adr2idx(fw,tadr)+2] == 0) tsiz = 3; fw 5651 tools/finsig_vxworks.c uint32_t madr = fw->base + (fw->size*4-4); fw 5652 tools/finsig_vxworks.c for (k=0; k<(int)(tadr-fw->base)/4; k++) fw 5654 tools/finsig_vxworks.c if (isLDR_PC(fw,k)) fw 5656 tools/finsig_vxworks.c uint32_t adr = LDR2val(fw,k); fw 5666 tools/finsig_vxworks.c k1 = adr2idx(fw,tadr); fw 5669 tools/finsig_vxworks.c if ((fw->buf[k1+k+1] == 0xFFFFFFFF) && (fw->buf[k1+k+4] == 0xFFFFFFFF)) fw 5679 tools/finsig_vxworks.c if (fw->dryos_ver >= 49) fw 5682 tools/finsig_vxworks.c print_kval(fw,tadr,tsiz,tlen,0x20A,"SD_READONLY","_FLAG"); fw 5683 tools/finsig_vxworks.c print_kval(fw,tadr,tsiz,tlen,0x202,"USB","_MASK"); fw 5687 tools/finsig_vxworks.c print_kval(fw,tadr,tsiz,tlen,0x90A,"SD_READONLY","_FLAG"); fw 5688 tools/finsig_vxworks.c print_kval(fw,tadr,tsiz,tlen,0x902,"USB","_MASK"); fw 5691 tools/finsig_vxworks.c uint32_t key_half = add_kmval(fw,tadr,tsiz,tlen,0,"KEY_SHOOT_HALF",0); fw 5692 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,1,"KEY_SHOOT_FULL",key_half); fw 5693 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,1,"KEY_SHOOT_FULL_ONLY",0); fw 5694 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,2,"KEY_ZOOM_IN",0); fw 5695 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_OUT",0); fw 5696 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,4,"KEY_UP",0); fw 5697 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,5,"KEY_DOWN",0); fw 5698 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,6,"KEY_LEFT",0); fw 5699 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,7,"KEY_RIGHT",0); fw 5700 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,8,"KEY_SET",0); fw 5701 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,9,"KEY_MENU",0); fw 5702 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_DISPLAY",0); fw 5703 tools/finsig_vxworks.c if (fw->dryos_ver <= 47) fw 5705 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,0x601,"KEY_PLAYBACK",0); fw 5706 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,0x600,"KEY_POWER",0); fw 5707 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,0x12,"KEY_VIDEO",0); fw 5711 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,0x101,"KEY_PLAYBACK",0); fw 5712 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,0x100,"KEY_POWER",0); fw 5713 tools/finsig_vxworks.c if (fw->dryos_ver == 49) fw 5715 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,0x19,"KEY_VIDEO",0); fw 5717 tools/finsig_vxworks.c else if(fw->dryos_ver == 50) fw 5719 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,0x1A,"KEY_VIDEO",0); fw 5720 tools/finsig_vxworks.c add_kmval(fw,tadr,tsiz,tlen,0x14,"KEY_HELP",0); fw 5734 tools/finsig_vxworks.c int get_eventproc_val(firmware *fw, int k) fw 5736 tools/finsig_vxworks.c if (isADR_PC(fw,k) && (fwRd(fw,k) == 0)) fw 5737 tools/finsig_vxworks.c nadr = ADR2adr(fw,k); fw 5738 tools/finsig_vxworks.c else if (isADR_PC(fw,k) && (fwRd(fw,k) == 1)) fw 5739 tools/finsig_vxworks.c eadr = ADR2adr(fw,k); fw 5740 tools/finsig_vxworks.c else if (isLDR_PC(fw,k) && (fwRd(fw,k) == 0)) fw 5741 tools/finsig_vxworks.c nadr = LDR2val(fw,k); fw 5742 tools/finsig_vxworks.c else if (isLDR_PC(fw,k) && (fwRd(fw,k) == 1)) fw 5743 tools/finsig_vxworks.c eadr = LDR2val(fw,k); fw 5779 tools/finsig_vxworks.c void add_func_name2(firmware *fw, uint32_t nadr, uint32_t eadr, char *suffix) fw 5781 tools/finsig_vxworks.c char *n = (char*)adr2ptr(fw,nadr); fw 5784 tools/finsig_vxworks.c if (isB(fw,adr2idx(fw,eadr))) fw 5789 tools/finsig_vxworks.c eadr = followBranch(fw,eadr,1); fw 5795 tools/finsig_vxworks.c int match_eventproc(firmware *fw, int k, uint32_t fadr, __attribute__ ((unused))uint32_t v2) fw 5798 tools/finsig_vxworks.c if (isBorBL(fw,k)) fw 5800 tools/finsig_vxworks.c uint32_t adr = followBranch(fw,idx2adr(fw,k),0x01000001); fw 5806 tools/finsig_vxworks.c get_eventproc_val(fw, k); fw 5808 tools/finsig_vxworks.c get_eventproc_val(fw, k); fw 5812 tools/finsig_vxworks.c get_eventproc_val(fw, k); fw 5817 tools/finsig_vxworks.c get_eventproc_val(fw, k); fw 5821 tools/finsig_vxworks.c add_func_name2(fw, nadr, eadr, "_FW"); fw 5831 tools/finsig_vxworks.c int k1 = find_Nth_inst_rev(fw, isLDR_PC, k, 15, c); fw 5834 tools/finsig_vxworks.c uint32_t k2 = LDR2val(fw,k1); fw 5835 tools/finsig_vxworks.c if ((k2 > fw->base) && (k2 < (fw->base + fw->size*4 - 1))) fw 5841 tools/finsig_vxworks.c if ((fwval(fw,k3) & 0xfff0fff0) == 0xe7901000) // ldr r1, [ry, rz] fw 5845 tools/finsig_vxworks.c if ((fwval(fw,k3) & 0xfff0fff0) == 0xe7900000) // ldr r0, [ry, rz] fw 5851 tools/finsig_vxworks.c if ((fwval(fw,k-1) & 0xfff00000) == 0xe2800000) // add fw 5858 tools/finsig_vxworks.c k1 = adr2idx(fw,k2); fw 5860 tools/finsig_vxworks.c while (fwval(fw,k1) != 0) fw 5863 tools/finsig_vxworks.c if (!idx_valid(fw,adr2idx(fw,fwval(fw,k1)))) break; fw 5864 tools/finsig_vxworks.c if (!idx_valid(fw,adr2idx(fw,fwval(fw,k1+1)))) break; fw 5865 tools/finsig_vxworks.c add_func_name2(fw, fwval(fw,k1), fwval(fw,k1+1), "_FW"); fw 5879 tools/finsig_vxworks.c else if (isLDR_PC(fw,k) && (fwRd(fw,k) == 0) && isLDR_PC(fw,k+1) && (fwRd(fw,k+1) == 1) && fw 5880 tools/finsig_vxworks.c (fwval(fw,k+2) == 0xE1A0E00F) && (fwval(fw,k+3) == 0xE1A0F004)) fw 5882 tools/finsig_vxworks.c nadr = LDR2val(fw,k); fw 5883 tools/finsig_vxworks.c eadr = LDR2val(fw,k+1); fw 5884 tools/finsig_vxworks.c add_func_name2(fw, nadr, eadr, "_FW"); fw 5889 tools/finsig_vxworks.c int match_registerlists(firmware *fw, int k, uint32_t fadr, __attribute__ ((unused))uint32_t v2) fw 5891 tools/finsig_vxworks.c if (isBorBL(fw,k)) fw 5893 tools/finsig_vxworks.c uint32_t adr = followBranch2(fw,idx2adr(fw,k),0x01000001); fw 5899 tools/finsig_vxworks.c if (isLDR_PC(fw,k1) && (fwRd(fw,k1) == 0)) fw 5901 tools/finsig_vxworks.c int j = adr2idx(fw,LDR2val(fw,k1)); fw 5902 tools/finsig_vxworks.c if (!idx_valid(fw,j)) fw 5904 tools/finsig_vxworks.c j = adr2idx(fw,LDR2val(fw,k1) - fw->data_start + fw->data_init_start); fw 5906 tools/finsig_vxworks.c if (idx_valid(fw,j)) fw 5908 tools/finsig_vxworks.c while (fwval(fw,j) != 0) fw 5910 tools/finsig_vxworks.c add_func_name2(fw, fwval(fw,j), fwval(fw,j+1), "_FW"); fw 5922 tools/finsig_vxworks.c int match_registerlistproc(firmware *fw, int k, uint32_t fadr, __attribute__ ((unused))uint32_t v2) fw 5924 tools/finsig_vxworks.c if (isSTMFD_LR(fw,k) && isBL(fw,k+6) && isLDMFD_PC(fw,k+11)) fw 5926 tools/finsig_vxworks.c uint32_t adr = followBranch2(fw,idx2adr(fw,k+6),0x01000001); fw 5929 tools/finsig_vxworks.c fadr = idx2adr(fw,k); fw 5930 tools/finsig_vxworks.c search_fw(fw, match_registerlists, fadr, 0, 6); fw 5937 tools/finsig_vxworks.c void find_eventprocs(firmware *fw) fw 5939 tools/finsig_vxworks.c int j = get_saved_sig(fw,"ExportToEventProcedure_FW"); fw 5943 tools/finsig_vxworks.c search_fw(fw, match_eventproc, fadr, 0, 1); fw 5945 tools/finsig_vxworks.c j = get_saved_sig(fw,"RegisterEventProcedure_FW"); fw 5949 tools/finsig_vxworks.c search_fw(fw, match_eventproc, fadr, 0, 1); fw 5950 tools/finsig_vxworks.c search_fw(fw, match_registerlistproc, fadr, 0, 12); fw 5955 tools/finsig_vxworks.c int isLDR_PC_r0(firmware *fw, int offset) fw 5957 tools/finsig_vxworks.c return ((fwval(fw,offset) & 0xFE1FF000) == (0xE41F0000)); fw 5961 tools/finsig_vxworks.c int isLDR_PC_r3(firmware *fw, int offset) fw 5963 tools/finsig_vxworks.c return ((fwval(fw,offset) & 0xFE1FF000) == (0xE41F3000)); fw 5966 tools/finsig_vxworks.c int match_createtask(firmware *fw, int k, uint32_t fadr, __attribute__ ((unused))uint32_t v2) fw 5968 tools/finsig_vxworks.c uint32_t adr = followBranch(fw,idx2adr(fw,k),0x01000001); fw 5973 tools/finsig_vxworks.c j1 = find_inst_rev(fw,isLDR_PC_r3,k,16); fw 5974 tools/finsig_vxworks.c j2 = find_inst_rev(fw,isLDR_PC_r0,k,16); fw 5979 tools/finsig_vxworks.c if ((find_inst(fw,isBL,j1,16)!=k) || (find_inst(fw,isBL,j2,16)!=k)) fw 5982 tools/finsig_vxworks.c uint32_t sadr = LDR2val(fw,j2); fw 5983 tools/finsig_vxworks.c uint32_t tadr = LDR2val(fw,j1); fw 5986 tools/finsig_vxworks.c char *s = adr2ptr(fw,sadr); fw 5988 tools/finsig_vxworks.c if ((isalnum(s[0])&&isalnum(s[1])) && (idx_valid(fw,adr2idx(fw,tadr)))) fw 6000 tools/finsig_vxworks.c void find_tasks(firmware *fw) fw 6002 tools/finsig_vxworks.c int k = get_saved_sig(fw,"CreateTask"); fw 6005 tools/finsig_vxworks.c search_fw(fw, match_createtask, func_names[k].val, 0, 5); fw 6007 tools/finsig_vxworks.c k = get_saved_sig(fw,"CreateTaskStrictly"); fw 6010 tools/finsig_vxworks.c search_fw(fw, match_createtask, func_names[k].val, 0, 5); fw 6014 tools/finsig_vxworks.c void find_builddate(firmware *fw) fw 6016 tools/finsig_vxworks.c int j = get_saved_sig(fw,"GetBuildDate_FW"); fw 6019 tools/finsig_vxworks.c int idx = adr2idx(fw, func_names[j].val); fw 6020 tools/finsig_vxworks.c idx = LDR2idx(fw, idx); fw 6021 tools/finsig_vxworks.c uint32_t adr = fwval(fw, idx); fw 6022 tools/finsig_vxworks.c idx = adr2idx(fw, adr); fw 6023 tools/finsig_vxworks.c fw->fw_build_date = (char*)&fw->buf[idx]; fw 6026 tools/finsig_vxworks.c fw->fw_build_date = 0; fw 6028 tools/finsig_vxworks.c j = get_saved_sig(fw,"GetBuildTime_FW"); fw 6031 tools/finsig_vxworks.c int idx = adr2idx(fw, func_names[j].val); fw 6032 tools/finsig_vxworks.c idx = LDR2idx(fw, idx); fw 6033 tools/finsig_vxworks.c uint32_t adr = fwval(fw, idx); fw 6034 tools/finsig_vxworks.c idx = adr2idx(fw, adr); fw 6035 tools/finsig_vxworks.c fw->fw_build_time = (char*)&fw->buf[idx]; fw 6038 tools/finsig_vxworks.c fw->fw_build_time = 0; fw 6058 tools/finsig_vxworks.c int find_ptp_handler_imm(firmware *fw, int k) fw 6068 tools/finsig_vxworks.c if (isLDR_PC(fw,k+o)) fw 6070 tools/finsig_vxworks.c if(fwRd(fw,k+o) == 0) fw 6072 tools/finsig_vxworks.c op = LDR2val(fw,k+o); fw 6074 tools/finsig_vxworks.c else if(fwRd(fw,k+o) == 1){ fw 6075 tools/finsig_vxworks.c handler = LDR2val(fw,k+o); fw 6079 tools/finsig_vxworks.c else if (isADR_PC(fw,k+o) && (fwRd(fw,k+o) == 1)) fw 6081 tools/finsig_vxworks.c handler=ADR2adr(fw,k+o); fw 6086 tools/finsig_vxworks.c if (isORR(fw,k+o) && (fwRd(fw,k+o) == 0) && (fwRn(fw,k+o) > 3)) fw 6088 tools/finsig_vxworks.c int reg = fwRn(fw,k+o); fw 6093 tools/finsig_vxworks.c if (isMOV_immed(fw,k1) && (fwRd(fw,k1) == reg)) fw 6095 tools/finsig_vxworks.c u1 = ALUop2a(fw,k1); fw 6106 tools/finsig_vxworks.c op = ALUop2a(fw,k+o) | u1; fw 6109 tools/finsig_vxworks.c else if (isADD(fw,k+o) && (fwRd(fw,k+o) == 0) && (fwRn(fw,k+o) <= 3)) fw 6111 tools/finsig_vxworks.c int reg = fwRn(fw,k+o); fw 6116 tools/finsig_vxworks.c if (isMOV_immed(fw,k1) && (fwRd(fw,k1) == reg)) fw 6118 tools/finsig_vxworks.c u1 = ALUop2a(fw,k1); fw 6128 tools/finsig_vxworks.c op = ALUop2a(fw,k+o) + u1; fw 6141 tools/finsig_vxworks.c int match_ptp_handlers(firmware *fw, int k, uint32_t fadr, __attribute__ ((unused))uint32_t v2) fw 6144 tools/finsig_vxworks.c if(fwval(fw,k) == 0x1004 fw 6145 tools/finsig_vxworks.c && fwval(fw,k+2) == 0x1005 fw 6146 tools/finsig_vxworks.c && fwval(fw,k+4) == 0x1006 fw 6147 tools/finsig_vxworks.c && fwval(fw,k+1) > fw->base fw 6148 tools/finsig_vxworks.c && fwval(fw,k+3) > fw->base fw 6149 tools/finsig_vxworks.c && fwval(fw,k+5) > fw->base) fw 6155 tools/finsig_vxworks.c uint32_t op=fwval(fw,k+i*2); fw 6156 tools/finsig_vxworks.c uint32_t handler=fwval(fw,k+i*2+1); fw 6165 tools/finsig_vxworks.c if (!isBorBL(fw,k)) fw 6169 tools/finsig_vxworks.c uint32_t adr = followBranch2(fw,idx2adr(fw,k),0x01000001); fw 6173 tools/finsig_vxworks.c find_ptp_handler_imm(fw,k); fw 6179 tools/finsig_vxworks.c void find_ptp_handlers(firmware *fw) fw 6181 tools/finsig_vxworks.c int k = get_saved_sig(fw,"add_ptp_handler"); fw 6184 tools/finsig_vxworks.c search_fw(fw, match_ptp_handlers, func_names[k].val, 0, 128); fw 6188 tools/finsig_vxworks.c void write_levent_table_dump(firmware *fw, uint32_t tadr) fw 6203 tools/finsig_vxworks.c val = *(uint32_t*)adr2ptr(fw, tadr); fw 6204 tools/finsig_vxworks.c if ((val == 0xffffffff) || (val == 0) || (*(uint32_t*)adr2ptr(fw, tadr+4) < lid)) { fw 6207 tools/finsig_vxworks.c lid = *(uint32_t*)adr2ptr(fw, tadr+4); fw 6208 tools/finsig_vxworks.c str = (char*)adr2ptr(fw,val); fw 6210 tools/finsig_vxworks.c fprintf(f,"0x%08x 0x%04x 0x%08x %s\n",tadr,lid,*(uint32_t*)adr2ptr(fw, tadr+8),str); fw 6219 tools/finsig_vxworks.c void output_firmware_vals(firmware *fw) fw 6223 tools/finsig_vxworks.c if (fw->firmware_ver_str == 0) fw 6229 tools/finsig_vxworks.c uint32_t j = idx2adr(fw,fw->fwver_idx); fw 6230 tools/finsig_vxworks.c char *c = strrchr(fw->firmware_ver_str,' ') + 1; // points after the last space char fw 6231 tools/finsig_vxworks.c uint32_t k = j + c - fw->firmware_ver_str; fw 6234 tools/finsig_vxworks.c bprintf("// %s // Found @ 0x%08x, \"%s\" @ 0x%08x\n",fw->firmware_ver_str,j,c,k); fw 6239 tools/finsig_vxworks.c bprintf("// %s // Found @ 0x%08x, \"%s\" @ 0x%08x\n",fw->firmware_ver_str,j,fw->firmware_ver_str,j); fw 6243 tools/finsig_vxworks.c if (fw->fw_build_date != 0) fw 6245 tools/finsig_vxworks.c bprintf("// Firmware build timestamp: %s %s\n",fw->fw_build_date, (fw->fw_build_time==0)?"":fw->fw_build_time); fw 6248 tools/finsig_vxworks.c if (fw->fsize > (fw->size + 256)) fw 6250 tools/finsig_vxworks.c bprintf("// Possible corrupt firmware dump - file size too small for start address 0x%08x\n",fw->base); fw 6251 tools/finsig_vxworks.c bprintf("// file size = %.2fMB, should be %.2fMB\n", ((double)fw->size*4.0)/(1024.0*1024.0),((double)fw->fsize*4.0)/(1024.0*1024.0)); fw 6254 tools/finsig_vxworks.c if (fw->cam != 0) fw 6256 tools/finsig_vxworks.c bprintf("// %s\n",fw->cam); fw 6268 tools/finsig_vxworks.c if (find_str(fw,"Fencing") != -1) // face recognition related task fw 6276 tools/finsig_vxworks.c if (fw->pid != 0) fw 6278 tools/finsig_vxworks.c bprintf("// PLATFORMID = %d# (0x%04x) Found @ 0x%08x\n",fw->pid,fw->pid,fw->pid_adr); fw 6281 tools/finsig_vxworks.c if (fw->maxram != 0) fw 6282 tools/finsig_vxworks.c bprintf("// MAXRAMADDR = 0x%08x\n",fw->maxram); fw 6284 tools/finsig_vxworks.c if (fw->memisostart != 0) fw 6286 tools/finsig_vxworks.c osig *o = find_match(fw->sv->makevals, "MEMISOSTART", fw->memisostart); fw 6287 tools/finsig_vxworks.c if (o && (o->val == fw->memisostart)) fw 6288 tools/finsig_vxworks.c bprintf("// MEMISOSTART = 0x%08x\n",fw->memisostart); fw 6290 tools/finsig_vxworks.c bprintf("// MEMISOSTART = 0x%08x (*** DOES NOT MATCH MAKEFILE VALUE 0x%08x***)\n",fw->memisostart,(o)?o->val:0); fw 6295 tools/finsig_vxworks.c uint32_t u = fw->base+fw->fsize*4; fw 6300 tools/finsig_vxworks.c bprintf("// %-8s 0x%08x - 0x%08x (%7d bytes)\n","ROM",fw->base,u,fw->fsize*4); fw 6301 tools/finsig_vxworks.c bprintf("// %-8s 0x%08x - 0x%08x copied from 0x%08x (%7d bytes)\n","RAM data",fw->data_start,fw->data_start+fw->data_len*4,fw->data_init_start,fw->data_len*4); fw 6323 tools/finsig_vxworks.c void write_funcs(firmware *fw, char *filename, func_entry *fns[], int (*compare)(const func_entry **p1, const func_entry **p2)) fw 6338 tools/finsig_vxworks.c osig* ostub2 = find_sig(fw->sv->stubs,fns[k]->name); fw 6359 tools/finsig_vxworks.c firmware fw; fw 6375 tools/finsig_vxworks.c fw.sv = new_stub_values(); fw 6376 tools/finsig_vxworks.c load_stubs(fw.sv, "stubs_entry_2.S", 1); fw 6377 tools/finsig_vxworks.c load_stubs_min(fw.sv); fw 6378 tools/finsig_vxworks.c load_modemap(fw.sv); fw 6379 tools/finsig_vxworks.c load_platform(fw.sv); fw 6380 tools/finsig_vxworks.c load_makefile(fw.sv); fw 6385 tools/finsig_vxworks.c load_firmware(&fw,argv[1],argv[2],(argc==5)?argv[4]:0, OS_VXWORKS); fw 6386 tools/finsig_vxworks.c find_eventprocs(&fw); fw 6387 tools/finsig_vxworks.c find_ptp_handlers(&fw); fw 6388 tools/finsig_vxworks.c find_builddate(&fw); fw 6389 tools/finsig_vxworks.c output_firmware_vals(&fw); fw 6398 tools/finsig_vxworks.c find_tasks(&fw); fw 6407 tools/finsig_vxworks.c find_matches(&fw, curr_name); fw 6408 tools/finsig_vxworks.c print_results(&fw,curr_name,k); fw 6416 tools/finsig_vxworks.c find_modemap(&fw); fw 6417 tools/finsig_vxworks.c find_stubs_min(&fw); fw 6418 tools/finsig_vxworks.c find_lib_vals(&fw); fw 6420 tools/finsig_vxworks.c find_platform_vals(&fw); fw 6421 tools/finsig_vxworks.c find_other_vals(&fw); fw 6431 tools/finsig_vxworks.c write_funcs(&fw, "funcs_by_name.csv", fns, compare_func_names); fw 6432 tools/finsig_vxworks.c write_funcs(&fw, "funcs_by_address.csv", fns, compare_func_addresses); fw 53 tools/firmware_load.c void addBufRange(firmware *fw, int o, int l) fw 56 tools/firmware_load.c n->p = fw->buf + o; fw 60 tools/firmware_load.c if (fw->br == 0) fw 62 tools/firmware_load.c fw->br = n; fw 66 tools/firmware_load.c fw->last->next = n; fw 68 tools/firmware_load.c fw->last = n; fw 72 tools/firmware_load.c void findRanges(firmware *fw) fw 77 tools/firmware_load.c fw->br = 0; fw->last = 0; fw 79 tools/firmware_load.c for (i = 0; i < fw->size; i++) fw 81 tools/firmware_load.c if (fw->buf[i] == 0xFFFFFFFF) // Possible start of block to skip fw 97 tools/firmware_load.c addBufRange(fw,j,k - j); fw 110 tools/firmware_load.c addBufRange(fw,j,k - j); fw 117 tools/firmware_load.c addBufRange(fw,j,i - j); fw 136 tools/firmware_load.c int idx_valid(firmware *fw, int i) fw 138 tools/firmware_load.c if ((i >= 0) && (i < fw->size)) fw 140 tools/firmware_load.c if ((fw->dryos_ver >= 51) && (fw->alt_base) && (i >= fw->size)) fw 142 tools/firmware_load.c i = ((i * 4) - (fw->alt_base - fw->base)) / 4; fw 143 tools/firmware_load.c if ((i >= 0) && (i < fw->size)) fw 146 tools/firmware_load.c if (fw->dryos_ver >= 50) fw 148 tools/firmware_load.c int i2 = ((i * 4) + (fw->base - fw->base2)) / 4; fw 149 tools/firmware_load.c if ((i2 >= 0) && (i2 < fw->size2)) fw 152 tools/firmware_load.c if (idx2adr(fw,i)>=fw->base && idx2adr(fw,i)<(fw->base+fw->size*4)) fw 159 tools/firmware_load.c uint32_t idx2adr(firmware *fw, int idx) fw 161 tools/firmware_load.c return fw->base + (idx << 2); fw 165 tools/firmware_load.c int adr2idx(firmware *fw, uint32_t adr) fw 167 tools/firmware_load.c if (adr < fw->base) fw 168 tools/firmware_load.c return -((fw->base - adr) >> 2); fw 170 tools/firmware_load.c return (adr - fw->base) >> 2; fw 174 tools/firmware_load.c char* adr2ptr(firmware *fw, uint32_t adr) fw 176 tools/firmware_load.c if ((fw->dryos_ver >= 51) && (fw->alt_base) && (adr >= fw->alt_base)) fw 178 tools/firmware_load.c return ((char*)fw->buf) + (adr - fw->alt_base); fw 180 tools/firmware_load.c if ((fw->dryos_ver >= 50) && (adr < fw->base)) fw 182 tools/firmware_load.c adr = (adr - fw->base2) + fw->base_copied; fw 184 tools/firmware_load.c return ((char*)fw->buf) + (adr - fw->base); fw 188 tools/firmware_load.c int idxcorr(firmware *fw, int idx) fw 194 tools/firmware_load.c b2oidx = adr2idx(fw, fw->base_copied); fw 195 tools/firmware_load.c b2idx = adr2idx(fw, fw->base2); fw 199 tools/firmware_load.c if (fw->base2) fw 201 tools/firmware_load.c if ((idx >= b2oidx) && (idx < b2oidx + fw->size2)) fw 223 tools/firmware_load.c uint32_t* fwadr(firmware *fw, int i) fw 225 tools/firmware_load.c if ((i >= 0) && (i < fw->size)) fw 226 tools/firmware_load.c return &fw->buf[i]; fw 227 tools/firmware_load.c if ((fw->dryos_ver >= 51) && (fw->alt_base) && (i >= fw->size)) fw 229 tools/firmware_load.c i = ((i * 4) - (fw->alt_base - fw->base)) / 4; fw 230 tools/firmware_load.c if ((i >= 0) && (i < fw->size)) fw 231 tools/firmware_load.c return &fw->buf[i]; fw 233 tools/firmware_load.c if ((fw->dryos_ver >= 50) && (i < 0)) fw 235 tools/firmware_load.c i = ((i * 4) + (fw->base - fw->base2)) / 4; fw 236 tools/firmware_load.c if ((i >= 0) && (i < fw->size2)) fw 237 tools/firmware_load.c return &fw->buf2[i]; fw 241 tools/firmware_load.c return &fw->buf[0]; fw 249 tools/firmware_load.c uint32_t fwval(firmware *fw, int i) fw 251 tools/firmware_load.c return *fwadr(fw,i); fw 255 tools/firmware_load.c int fwRd(firmware *fw, int i) fw 258 tools/firmware_load.c return (*fwadr(fw,i) & 0x0000F000) >> 12; fw 262 tools/firmware_load.c int fwRn(firmware *fw, int i) fw 265 tools/firmware_load.c return (*fwadr(fw,i) & 0x000F0000) >> 16; fw 269 tools/firmware_load.c int fwRnMOV(firmware *fw, int i) fw 272 tools/firmware_load.c return (*fwadr(fw,i) & 0x0000000F); fw 276 tools/firmware_load.c int fwOp2(firmware *fw, int i) fw 279 tools/firmware_load.c return (*fwadr(fw,i) & 0x00000FFF); fw 285 tools/firmware_load.c uint32_t LDR2adr(firmware *fw, int offset) fw 287 tools/firmware_load.c uint32_t inst = fwval(fw,offset); fw 289 tools/firmware_load.c uint32_t fadr = (inst & 0x00800000)?idx2adr(fw,offset+2)+offst:idx2adr(fw,offset+2)-offst; fw 294 tools/firmware_load.c uint32_t LDR2idx(firmware *fw, int offset) fw 296 tools/firmware_load.c return adr2idx(fw,LDR2adr(fw,offset)); fw 300 tools/firmware_load.c uint32_t LDR2val(firmware *fw, int offset) fw 302 tools/firmware_load.c return fwval(fw,adr2idx(fw,LDR2adr(fw,offset))); fw 309 tools/firmware_load.c uint32_t ADR2adr(firmware *fw, int offset) fw 311 tools/firmware_load.c uint32_t inst = fwval(fw,offset); fw 318 tools/firmware_load.c fadr = idx2adr(fw,offset+2)-offst; fw 321 tools/firmware_load.c fadr = idx2adr(fw,offset+2)+offst; fw 334 tools/firmware_load.c uint32_t ALUop2(firmware *fw, int offset) fw 336 tools/firmware_load.c uint32_t inst = fwval(fw,offset); fw 354 tools/firmware_load.c uint32_t ALUop2a(firmware *fw, int offset) fw 356 tools/firmware_load.c uint32_t inst = fwval(fw,offset); fw 383 tools/firmware_load.c int idxFollowBranch(firmware *fw, int fidx, int offset) fw 389 tools/firmware_load.c uint32_t inst = fwval(fw,fidx); fw 398 tools/firmware_load.c fidx = adr2idx(fw,LDR2val(fw,fidx)); fw 406 tools/firmware_load.c uint32_t followBranch(firmware *fw, uint32_t fadr, int offset) fw 411 tools/firmware_load.c uint32_t fidx = adr2idx(fw,fadr); // function index fw 413 tools/firmware_load.c uint32_t inst = fwval(fw,fidx); fw 418 tools/firmware_load.c if (idx_valid(fw,fidx+o+2)) fw 419 tools/firmware_load.c fadr = idx2adr(fw,fidx+o+2); fw 423 tools/firmware_load.c fadr = LDR2val(fw,fidx); fw 430 tools/firmware_load.c uint32_t followBranch2(firmware *fw, uint32_t fadr, int offset) fw 432 tools/firmware_load.c fadr = followBranch(fw, fadr, offset); fw 434 tools/firmware_load.c fadr = followBranch(fw, fadr, offset); fw 443 tools/firmware_load.c int isLDR_PC(firmware *fw, int offset) fw 445 tools/firmware_load.c return ((fwval(fw,offset) & 0xFE1F0000) == 0xE41F0000); fw 449 tools/firmware_load.c int isLDR_PC_cond(firmware *fw, int offset) fw 451 tools/firmware_load.c return ((fwval(fw,offset) & 0x0E1F0000) == 0x041F0000); fw 455 tools/firmware_load.c int isLDR_SP(firmware *fw, int offset) fw 457 tools/firmware_load.c return ((fwval(fw,offset) & 0xFFFF0000) == 0xE59D0000); fw 461 tools/firmware_load.c int isLDR(firmware *fw, int offset) fw 463 tools/firmware_load.c return ((fwval(fw,offset) & 0xFE100000) == 0xE4100000); fw 467 tools/firmware_load.c int isLDR_cond(firmware *fw, int offset) fw 469 tools/firmware_load.c return ((fwval(fw,offset) & 0x0E100000) == 0x04100000); fw 473 tools/firmware_load.c int isADR_PC(firmware *fw, int offset) fw 475 tools/firmware_load.c return ((fwval(fw,offset) & 0xFE0F0000) == 0xE20F0000); fw 479 tools/firmware_load.c int isADR_PC_cond(firmware *fw, int offset) fw 481 tools/firmware_load.c return ((fwval(fw,offset) & 0x0E0F0000) == 0x020F0000); fw 485 tools/firmware_load.c int isADR(firmware *fw, int offset) fw 487 tools/firmware_load.c return ((fwval(fw,offset) & 0xFE000000) == 0xE2000000); fw 491 tools/firmware_load.c int isLDMFD(firmware *fw, int offset) fw 493 tools/firmware_load.c return ((fwval(fw,offset) & 0xFFFF0000) == 0xE8BD0000); fw 497 tools/firmware_load.c int isLDMFD_PC(firmware *fw, int offset) fw 499 tools/firmware_load.c return ((fwval(fw,offset) & 0xFFFF8000) == 0xE8BD8000); fw 503 tools/firmware_load.c int isSTMFD(firmware *fw, int offset) fw 505 tools/firmware_load.c return ((fwval(fw,offset) & 0xFFFF0000) == 0xE92D0000); fw 509 tools/firmware_load.c int isSTMFD_LR(firmware *fw, int offset) fw 511 tools/firmware_load.c return ((fwval(fw,offset) & 0xFFFF4000) == 0xE92D4000); fw 515 tools/firmware_load.c int isSTR(firmware *fw, int offset) fw 517 tools/firmware_load.c return ((fwval(fw,offset) & 0xFE100000) == 0xE4000000); fw 521 tools/firmware_load.c int isSTR_cond(firmware *fw, int offset) fw 523 tools/firmware_load.c return ((fwval(fw,offset) & 0x0E100000) == 0x04000000); fw 527 tools/firmware_load.c int isBX(firmware *fw, int offset) fw 529 tools/firmware_load.c return ((fwval(fw,offset) & 0xFFFFFFF0) == 0xE12FFF10); fw 533 tools/firmware_load.c int isBX_cond(firmware *fw, int offset) fw 535 tools/firmware_load.c return ((fwval(fw,offset) & 0x0FFFFFF0) == 0x012FFF10); fw 539 tools/firmware_load.c int isBX_LR(firmware *fw, int offset) fw 541 tools/firmware_load.c return (fwval(fw,offset) == 0xE12FFF1E); fw 545 tools/firmware_load.c int isBLX(firmware *fw, int offset) fw 547 tools/firmware_load.c return ((fwval(fw,offset) & 0xFFFFFFF0) == 0xE12FFF30); fw 551 tools/firmware_load.c int isBL(firmware *fw, int offset) fw 553 tools/firmware_load.c return ((fwval(fw,offset) & 0xFF000000) == 0xEB000000); fw 557 tools/firmware_load.c int isBL_cond(firmware *fw, int offset) fw 559 tools/firmware_load.c return ((fwval(fw,offset) & 0x0F000000) == 0x0B000000); fw 563 tools/firmware_load.c int isBLEQ(firmware *fw, int offset) fw 565 tools/firmware_load.c return ((fwval(fw,offset) & 0xFF000000) == 0x0B000000); fw 569 tools/firmware_load.c int isB(firmware *fw, int offset) fw 571 tools/firmware_load.c return ((fwval(fw,offset) & 0xFF000000) == 0xEA000000); fw 575 tools/firmware_load.c int isBorBL(firmware *fw, int offset) fw 577 tools/firmware_load.c return ((fwval(fw,offset) & 0xFE000000) == 0xEA000000); fw 581 tools/firmware_load.c int isCMP(firmware *fw, int offset) fw 583 tools/firmware_load.c return ((fwval(fw,offset) & 0xFFF00000) == 0xE3500000); fw 587 tools/firmware_load.c int isMOV(firmware *fw, int offset) fw 589 tools/firmware_load.c return ((fwval(fw,offset) & 0xFFF00000) == 0xE1A00000); fw 593 tools/firmware_load.c int isMOV_immed(firmware *fw, int offset) fw 595 tools/firmware_load.c return ((fwval(fw,offset) & 0xFFF00000) == 0xE3A00000); fw 599 tools/firmware_load.c int isORR(firmware *fw, int offset) fw 601 tools/firmware_load.c return ((fwval(fw,offset) & 0xFFF00000) == 0xE3800000); fw 605 tools/firmware_load.c int isADD(firmware *fw, int offset) fw 607 tools/firmware_load.c return ((fwval(fw,offset) & 0xfff00000) == 0xe2800000); fw 611 tools/firmware_load.c int isSUB(firmware *fw, int offset) fw 613 tools/firmware_load.c return ((fwval(fw,offset) & 0xfff00000) == 0xe2400000); fw 618 tools/firmware_load.c int isASCIIstring(firmware *fw, uint32_t adr) fw 620 tools/firmware_load.c if (idx_valid(fw, adr2idx(fw, adr))) fw 622 tools/firmware_load.c unsigned char *p = (unsigned char*)adr2ptr(fw, adr); fw 642 tools/firmware_load.c int find_Nth_str(firmware *fw, char *str, int N) fw 649 tools/firmware_load.c BufRange *br = fw->br; fw 666 tools/firmware_load.c int find_str(firmware *fw, char *str) fw 668 tools/firmware_load.c return find_Nth_str(fw, str, 1); fw 673 tools/firmware_load.c uint32_t find_str_bytes(firmware *fw, char *str) fw 675 tools/firmware_load.c BufRange *p = fw->br; fw 681 tools/firmware_load.c if (strcmp(((char*)fw->buf)+k,str) == 0) fw 682 tools/firmware_load.c return fw->base+k; fw 692 tools/firmware_load.c int find_inst(firmware *fw, int (*inst)(firmware*,int), int idx, int len) fw 695 tools/firmware_load.c for (k = idx; (k < fw->size) && (k < idx + len); k++) fw 697 tools/firmware_load.c if (inst(fw, k)) fw 705 tools/firmware_load.c int find_inst_rev(firmware *fw, int (*inst)(firmware*,int), int idx, int len) fw 710 tools/firmware_load.c if (inst(fw, k)) fw 718 tools/firmware_load.c int find_Nth_inst(firmware *fw, int (*inst)(firmware*,int), int idx, int len, int N) fw 721 tools/firmware_load.c for (k = idx; (k < fw->size) && (k < idx + len); k++) fw 723 tools/firmware_load.c if (inst(fw, k)) fw 733 tools/firmware_load.c int find_Nth_inst_rev(firmware *fw, int (*inst)(firmware*,int), int idx, int len, int N) fw 738 tools/firmware_load.c if (inst(fw, k)) fw 753 tools/firmware_load.c int find_strptr_ref(firmware *fw, char *str) fw 755 tools/firmware_load.c uint32_t sadr = find_str_bytes(fw, str); // string address fw 759 tools/firmware_load.c for (k=0; k<fw->size; k++) fw 761 tools/firmware_load.c if (fwval(fw,k) == sadr) fw 763 tools/firmware_load.c uint32_t fadr = idx2adr(fw,k); // string pointer address fw 765 tools/firmware_load.c for (j=0; j<fw->size; j++) fw 767 tools/firmware_load.c if (isADR_PC_cond(fw,j) && (ADR2adr(fw,j) == fadr)) fw 771 tools/firmware_load.c else if (isLDR_PC_cond(fw,j) && (LDR2val(fw,j) == fadr)) fw 786 tools/firmware_load.c int find_str_ref(firmware *fw, char *str) fw 788 tools/firmware_load.c int k = find_str(fw, str); fw 789 tools/firmware_load.c if (k >= fw->lowest_idx) fw 791 tools/firmware_load.c uint32_t sadr = idx2adr(fw,k); // string address fw 792 tools/firmware_load.c for (k=0; k<fw->size; k++) fw 794 tools/firmware_load.c if (isADR_PC_cond(fw,k) && (ADR2adr(fw,k) == sadr)) fw 798 tools/firmware_load.c else if (isLDR_PC_cond(fw,k) && (LDR2val(fw,k) == sadr)) fw 808 tools/firmware_load.c int find_nxt_str_ref(firmware *fw, int str_adr, int ofst) fw 810 tools/firmware_load.c if (str_adr >= fw->lowest_idx) fw 813 tools/firmware_load.c uint32_t sadr = idx2adr(fw,str_adr); // string address fw 814 tools/firmware_load.c for (k=ofst+1; k<fw->size; k++) fw 816 tools/firmware_load.c if (isADR_PC_cond(fw,k) && (ADR2adr(fw,k) == sadr)) fw 820 tools/firmware_load.c else if (isLDR_PC_cond(fw,k) && (LDR2val(fw,k) == sadr)) fw 830 tools/firmware_load.c int find_nxt_str_ref_alt(firmware *fw, char *str, int ofst, int limit) fw 835 tools/firmware_load.c if (isADR_PC_cond(fw,k) && idx_valid(fw,adr2idx(fw,ADR2adr(fw,k))) && (strcmp(str,adr2ptr(fw,ADR2adr(fw,k))) == 0)) fw 839 tools/firmware_load.c else if (isLDR_PC_cond(fw,k) && idx_valid(fw,adr2idx(fw,LDR2val(fw,k))) && (strcmp(str,adr2ptr(fw,LDR2val(fw,k))) == 0)) fw 851 tools/firmware_load.c int find_BL(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 853 tools/firmware_load.c if (isBL(fw,k)) fw 855 tools/firmware_load.c uint32_t n = idxFollowBranch(fw, k, 0x01000001); fw 864 tools/firmware_load.c int find_B(firmware *fw, int k, uint32_t v1, __attribute__ ((unused))uint32_t v2) fw 866 tools/firmware_load.c if (isB(fw,k)) fw 868 tools/firmware_load.c uint32_t n = idxFollowBranch(fw, k, 0x00000001); fw 881 tools/firmware_load.c int search_fw(firmware *fw, int (*func)(firmware*, int, uint32_t, uint32_t), uint32_t v1, uint32_t v2, int len) fw 883 tools/firmware_load.c BufRange *p = fw->br; fw 889 tools/firmware_load.c int rv = func(fw,k,v1,v2); fw 903 tools/firmware_load.c int search_fw_bytes(firmware *fw, int (*func)(firmware*, int)) fw 905 tools/firmware_load.c BufRange *p = fw->br; fw 911 tools/firmware_load.c if (func(fw,k)) fw 923 tools/firmware_load.c void load_firmware(firmware *fw, const char *filename, const char *base_addr, const char *alt_base_addr, int os_type) fw 936 tools/firmware_load.c fw->buf2 = 0; fw 937 tools/firmware_load.c fw->base2 = 0; fw 938 tools/firmware_load.c fw->size2 = 0; fw 940 tools/firmware_load.c fw->os_type = os_type; fw 944 tools/firmware_load.c fw->size = (ftell(f)+3)/4; fw 948 tools/firmware_load.c fw->base = strtoul(base_addr, NULL, 0); fw 950 tools/firmware_load.c fw->alt_base = strtoul(alt_base_addr, NULL, 0); fw 952 tools/firmware_load.c fw->alt_base = 0; fw 956 tools/firmware_load.c fw->buf = malloc((fw->size+32)*4); fw 957 tools/firmware_load.c k = fread(fw->buf, 4, fw->size, f); fw 961 tools/firmware_load.c memset(&fw->buf[fw->size],0xff,32*4); fw 964 tools/firmware_load.c findRanges(fw); fw 968 tools/firmware_load.c fw->main_offs = 0; fw 971 tools/firmware_load.c k = find_str(fw, "gaonisoy"); fw 974 tools/firmware_load.c fw->main_offs = 0x10000 / 4; fw 978 tools/firmware_load.c fw->real_dryos_ver = fw->dryos_ver = 0; fw 981 tools/firmware_load.c k = find_str(fw, "DRYOS version 2.3, release #"); fw 984 tools/firmware_load.c fw->real_dryos_ver = fw->dryos_ver = atoi(((char*)&fw->buf[k])+28); fw 985 tools/firmware_load.c fw->dryos_ver_str = (char*)&fw->buf[k]; fw 990 tools/firmware_load.c fw->firmware_ver_str = 0; fw 991 tools/firmware_load.c k = find_str(fw, "Firmware Ver "); fw 996 tools/firmware_load.c k = find_str(fw, "Firmware Version GM"); // ixus700 fw 1000 tools/firmware_load.c k = find_str(fw, "Firmware Version "); // ixus30/40 fw 1005 tools/firmware_load.c fw->firmware_ver_str = (char*)&fw->buf[k]; fw 1006 tools/firmware_load.c fw->fwver_idx = k; fw 1010 tools/firmware_load.c fw->fsize = -((int)fw->base)/4; fw 1011 tools/firmware_load.c if (fw->alt_base) fw->fsize = -((int)fw->alt_base)/4; fw 1012 tools/firmware_load.c fw->cam_idx = -1; fw 1013 tools/firmware_load.c fw->pid_adr = 0xffffffff; fw 1014 tools/firmware_load.c fw->cam = 0; fw 1015 tools/firmware_load.c fw->pid = 0; fw 1018 tools/firmware_load.c if (fw->dryos_ver > 59) fw->dryos_ver = 59; // UPDATE when support is added for higher DryOS versions fw 1019 tools/firmware_load.c switch (fw->dryos_ver) fw 1025 tools/firmware_load.c fw->cam_idx = adr2idx(fw,0xFFFE0110); fw 1026 tools/firmware_load.c fw->pid_adr = 0xFFFE0130; fw 1030 tools/firmware_load.c fw->cam_idx = adr2idx(fw,0xFFFE00D0); fw 1031 tools/firmware_load.c fw->pid_adr = 0xFFFE0130; fw 1034 tools/firmware_load.c fw->cam_idx = adr2idx(fw,(fw->base==0xFF000000)?0xFFF40170:0xFFFE0170); fw 1035 tools/firmware_load.c fw->pid_adr = (fw->base==0xFF000000)?0xFFF40040:0xFFFE0040; fw 1041 tools/firmware_load.c if (fw->alt_base) fw 1043 tools/firmware_load.c fw->cam_idx = adr2idx(fw,(fw->alt_base==0xFF000000)?0xFFF40190:0xFFFE0170); fw 1044 tools/firmware_load.c fw->pid_adr = (fw->alt_base==0xFF000000)?0xFFF40040:0xFFFE0040; fw 1045 tools/firmware_load.c if (idx_valid(fw,fw->cam_idx) && (strncmp((char*)fwadr(fw,fw->cam_idx),"Canon ",6) != 0)) fw 1046 tools/firmware_load.c fw->cam_idx = adr2idx(fw,(fw->alt_base==0xFF000000)?0xFFF40170:0xFFFE0170); fw 1050 tools/firmware_load.c fw->cam_idx = adr2idx(fw,(fw->base==0xFF000000)?0xFFF40190:0xFFFE0170); fw 1051 tools/firmware_load.c fw->pid_adr = (fw->base==0xFF000000)?0xFFF40040:0xFFFE0040; fw 1052 tools/firmware_load.c if (idx_valid(fw,fw->cam_idx) && (strncmp((char*)fwadr(fw,fw->cam_idx),"Canon ",6) != 0)) fw 1053 tools/firmware_load.c fw->cam_idx = adr2idx(fw,(fw->base==0xFF000000)?0xFFF40170:0xFFFE0170); fw 1057 tools/firmware_load.c fw->cam_idx = adr2idx(fw,(fw->base==0xFF010000)?0xFFF40170:0xFFFF0170); fw 1058 tools/firmware_load.c fw->pid_adr = (fw->base==0xFF010000)?0xFFF40040:0xFFFF0040; fw 1062 tools/firmware_load.c fw->cam_idx = adr2idx(fw,(fw->base==0xFF010000)?0xFFFE0170:0xFFFF0170); fw 1063 tools/firmware_load.c fw->pid_adr = (fw->base==0xFF010000)?0xFFFE0040:0xFFFF0040; fw 1067 tools/firmware_load.c fw->cam_idx = adr2idx(fw,(fw->base==0xFF010000)?0xFFFE03A0:0xFFFF03A0); fw 1068 tools/firmware_load.c fw->pid_adr = (fw->base==0xFF010000)?0xFFFE0270:0xFFFF0270; fw 1079 tools/firmware_load.c int k = adr2idx(fw,vx_name_offsets[i]); fw 1080 tools/firmware_load.c if (idx_valid(fw,k) && (strncmp((char*)fwadr(fw,k),"Canon ",6) == 0)) fw 1082 tools/firmware_load.c fw->cam_idx = k; fw 1083 tools/firmware_load.c fw->pid_adr = vx_pid_offsets[i]; fw 1090 tools/firmware_load.c if (idx_valid(fw,fw->cam_idx) && (strncmp((char*)fwadr(fw,fw->cam_idx),"Canon ",6) == 0)) fw 1092 tools/firmware_load.c fw->cam = (char*)fwadr(fw,fw->cam_idx); fw 1096 tools/firmware_load.c if (idx_valid(fw,adr2idx(fw,fw->pid_adr)) && (fw->pid_adr != 0xffffffff)) fw 1099 tools/firmware_load.c fw->pid = (fwval(fw,adr2idx(fw,fw->pid_adr)) >> ((fw->pid_adr & 2)?16:0)) & 0xFFFF; fw 1103 tools/firmware_load.c fw->maxram = 0; fw 1106 tools/firmware_load.c if (((fw->buf[0x10 + fw->main_offs] & 0xFFFFFF00) == 0xE3A00000) && (fw->buf[0x11 + fw->main_offs] == 0xEE060F12)) fw 1108 tools/firmware_load.c fw->maxram = (1 << (((fw->buf[0x10 + fw->main_offs] & 0x3E) >> 1) + 1)) - 1; fw 1110 tools/firmware_load.c else if (((fw->buf[0x14 + fw->main_offs] & 0xFFFFFF00) == 0xE3A00000) && (fw->buf[0x15 + fw->main_offs] == 0xEE060F12)) fw 1112 tools/firmware_load.c fw->maxram = (1 << (((fw->buf[0x14 + fw->main_offs] & 0x3E) >> 1) + 1)) - 1; fw 1119 tools/firmware_load.c if ((fw->buf[k] & 0xFFFF0FFF) == 0xEE060F12) // mcr 15, 0, rx, cr6, cr2, {0} fw 1121 tools/firmware_load.c fw->maxram = (1 << (((fw->buf[k-1] & 0x3E) >> 1) + 1)) - 1; fw 1128 tools/firmware_load.c fw->memisostart = 0; fw 1131 tools/firmware_load.c for (k=0 + fw->main_offs; k<(100 + fw->main_offs); k++) fw 1133 tools/firmware_load.c if (isLDR_PC(fw,k) && (LDR2val(fw,k) == 0x1900) && isLDR_PC(fw,k+6)) fw 1135 tools/firmware_load.c fw->memisostart = LDR2val(fw,k+6); fw 1143 tools/firmware_load.c if (isMOV_immed(fw,k) && (ALUop2(fw,k) == 0x1900) && isLDR_PC(fw,k+11)) fw 1145 tools/firmware_load.c fw->memisostart = LDR2val(fw,k+11); fw 1147 tools/firmware_load.c if (isLDR_PC(fw,k-1) && isLDR_PC(fw,k-4) && ((fwval(fw,k-2) & 0xFFF0FFF0) == 0xE1500000)) fw 1149 tools/firmware_load.c uint32_t fadr = LDR2val(fw,k-1); fw 1151 tools/firmware_load.c uint32_t eadr = LDR2val(fw,k-4); fw 1152 tools/firmware_load.c if ((fadr > fw->base) && (dadr < fw->base)) fw 1154 tools/firmware_load.c fw->data_start = dadr; fw 1155 tools/firmware_load.c fw->data_init_start = fadr; fw 1156 tools/firmware_load.c fw->data_len = eadr / 4; fw 1161 tools/firmware_load.c else if (isMOV_immed(fw,k) && (ALUop2(fw,k) == 0x1900) && isLDR_PC(fw,k-2) && isLDR_PC(fw,k-3)) fw 1164 tools/firmware_load.c fw->maxram = 0x1FFFFFF; // 32MB, difficult to find fw 1165 tools/firmware_load.c fw->memisostart = 0x1900 + LDR2val(fw,k-3); fw 1167 tools/firmware_load.c fw->data_init_start = LDR2val(fw,k-2); fw 1168 tools/firmware_load.c fw->data_start = 0x1900; fw 1169 tools/firmware_load.c j = idxFollowBranch(fw, k+6, 1); fw 1172 tools/firmware_load.c k = idxFollowBranch(fw, j+1, 0x01000001); fw 1175 tools/firmware_load.c if ( isLDR_PC(fw,k+3) ) fw 1177 tools/firmware_load.c uint32_t eadr = LDR2val(fw,k+3); fw 1178 tools/firmware_load.c if ( (eadr>0x1000) && (eadr< fw->memisostart - 0x1900) ) fw 1180 tools/firmware_load.c fw->data_len = (eadr - 0x1900) / 4; fw 1187 tools/firmware_load.c else if (isMOV_immed(fw,k) && (ALUop2(fw,k) == 0x1900) && isLDR_PC(fw,k-2) && fw 1188 tools/firmware_load.c ((fwval(fw,k-1) & 0xFFFF0F00) == 0xE50B0000) && isLDR_PC(fw,k+28) && isLDR_PC(fw,k+4) fw 1192 tools/firmware_load.c fw->memisostart = LDR2val(fw,k+28); fw 1194 tools/firmware_load.c fw->data_init_start = LDR2val(fw,k-2); fw 1195 tools/firmware_load.c fw->data_start = 0x1900; fw 1196 tools/firmware_load.c fw->data_len = (LDR2val(fw,k+4) - 0x1900) / 4; fw 1203 tools/firmware_load.c fw->ksys_idx = 0; fw 1204 tools/firmware_load.c fw->ksys = 0; fw 1205 tools/firmware_load.c fw->dancing_bits_idx = 0; fw 1206 tools/firmware_load.c fw->dancing_bits = 0; fw 1209 tools/firmware_load.c uint32_t ofst = (fw->main_offs)?0:adr2idx(fw,0xFFFF0000); // Offset of area to find dancing bits fw 1210 tools/firmware_load.c if (idx_valid(fw,ofst) && isB(fw,ofst) && isLDR_PC(fw,ofst+1)) fw 1213 tools/firmware_load.c ofst = adr2idx(fw,LDR2val(fw,ofst+1)); // Address of firmware encryption key fw 1214 tools/firmware_load.c if (idx_valid(fw,ofst)) fw 1216 tools/firmware_load.c fw->ksys_idx = ofst; fw 1217 tools/firmware_load.c fw->ksys = "? Not found, possible new firmware encryption key."; fw 1218 tools/firmware_load.c switch (fwval(fw,ofst)) fw 1222 tools/firmware_load.c case 0x70726964: fw->ksys = "d3"; break; fw 1223 tools/firmware_load.c case 0x646C726F: fw->ksys = "d3enc"; break; fw 1224 tools/firmware_load.c case 0x774D450B: fw->ksys = "d4"; break; fw 1225 tools/firmware_load.c case 0x80751A95: fw->ksys = "d4a"; break; fw 1226 tools/firmware_load.c case 0x76894368: fw->ksys = "d4b"; break; fw 1227 tools/firmware_load.c case 0x50838EF7: fw->ksys = "d4c"; break; fw 1228 tools/firmware_load.c case 0xCCE4D2E6: fw->ksys = "d4d"; break; fw 1229 tools/firmware_load.c case 0x66E0C6D2: fw->ksys = "d4e"; break; fw 1230 tools/firmware_load.c case 0xE1268DB4: fw->ksys = "d4f"; break; fw 1231 tools/firmware_load.c case 0x216EA8C8: fw->ksys = "d4g"; break; fw 1232 tools/firmware_load.c case 0x45264974: fw->ksys = "d4h"; break; fw 1233 tools/firmware_load.c case 0x666363FC: fw->ksys = "d4i"; break; fw 1234 tools/firmware_load.c case 0xAE8DB5AF: fw->ksys = "d4j"; break; fw 1240 tools/firmware_load.c if (idx_valid(fw,ofst)) fw 1242 tools/firmware_load.c for (i=0; i<VITALY && !fw->dancing_bits; i++) fw 1244 tools/firmware_load.c fw->dancing_bits = i+1; fw 1245 tools/firmware_load.c for (j=0; j<8 && fw->dancing_bits; j++) fw 1247 tools/firmware_load.c if ((fwval(fw,ofst+j) & 0xFF) != _chr_[i][j]) fw 1249 tools/firmware_load.c fw->dancing_bits = 0; fw 1253 tools/firmware_load.c if (!fw->dancing_bits) fw 1257 tools/firmware_load.c for (i=0; i<VITALY && !fw->dancing_bits; i++) fw 1259 tools/firmware_load.c fw->dancing_bits = i+1; fw 1260 tools/firmware_load.c for (j=0; j<8 && fw->dancing_bits; j++) fw 1262 tools/firmware_load.c if ((fwval(fw,ofst+j) & 0xFF) != _chr_[i][j]) fw 1264 tools/firmware_load.c fw->dancing_bits = 0; fw 1269 tools/firmware_load.c if (fw->dancing_bits != 0) fw 1274 tools/firmware_load.c for (k = ofst; (k>adr2idx(fw,0xFFFF0000)) && need_dance; k--) fw 1276 tools/firmware_load.c if (isLDR_PC(fw,k) && (LDR2val(fw,k) == idx2adr(fw,ofst))) fw 1278 tools/firmware_load.c j = find_inst_rev(fw,isSTMFD_LR,k-1,10); fw 1281 tools/firmware_load.c uint32_t fadr = idx2adr(fw,j); fw 1284 tools/firmware_load.c if (isB(fw,i)) fw 1286 tools/firmware_load.c uint32_t badr = followBranch(fw,idx2adr(fw,i),1); fw 1292 tools/firmware_load.c if (isLDR(fw,l) && isCMP(fw,l+1) && isBX_cond(fw,l+2)) fw 1305 tools/firmware_load.c fw->dancing_bits_idx = ofst; fw 1307 tools/firmware_load.c fw->dancing_bits = 0; fw 1315 tools/firmware_load.c fw->lowest_idx = 0; fw 1320 tools/firmware_load.c if (fw->dryos_ver >= 50) fw 1324 tools/firmware_load.c for (i=3 + fw->main_offs; i<(100 + fw->main_offs); i++) fw 1326 tools/firmware_load.c if (isLDR_PC(fw,i) && isLDR_PC(fw,i+1) && (isLDR_PC(fw,i+2))) fw 1328 tools/firmware_load.c uint32_t fadr = LDR2val(fw,i); fw 1329 tools/firmware_load.c uint32_t dadr = LDR2val(fw,i+1); fw 1330 tools/firmware_load.c uint32_t eadr = LDR2val(fw,i+2); fw 1331 tools/firmware_load.c if ((fadr > fw->base) && (dadr < fw->base)) fw 1333 tools/firmware_load.c fw->buf2 = &fw->buf[adr2idx(fw,fadr)]; fw 1334 tools/firmware_load.c fw->base2 = dadr; fw 1335 tools/firmware_load.c fw->base_copied = fadr; fw 1336 tools/firmware_load.c fw->size2 = (eadr - dadr) / 4; fw 1337 tools/firmware_load.c fw->lowest_idx = adr2idx(fw,fw->base2); fw 1348 tools/firmware_load.c for (i=dx; i<(100 + fw->main_offs); i++) fw 1350 tools/firmware_load.c if (isLDR_PC(fw,i) && isLDR_PC(fw,i+1) && (isLDR_PC(fw,i+2))) fw 1352 tools/firmware_load.c uint32_t fadr = LDR2val(fw,i); fw 1353 tools/firmware_load.c uint32_t dadr = LDR2val(fw,i+1); fw 1354 tools/firmware_load.c uint32_t eadr = LDR2val(fw,i+2); fw 1355 tools/firmware_load.c if ((fadr > fw->base) && (dadr < fw->base)) fw 1357 tools/firmware_load.c fw->data_start = dadr; fw 1358 tools/firmware_load.c fw->data_init_start = fadr; fw 1359 tools/firmware_load.c fw->data_len = (eadr - dadr) / 4; fw 82 tools/firmware_load.h void load_firmware(firmware *fw, const char *filename, const char *base_addr, const char *alt_base_addr, int os_type); fw 87 tools/firmware_load.h int idx_valid(firmware *fw, int i); fw 90 tools/firmware_load.h uint32_t idx2adr(firmware *fw, int idx); fw 91 tools/firmware_load.h int adr2idx(firmware *fw, uint32_t adr); fw 92 tools/firmware_load.h char* adr2ptr(firmware *fw, uint32_t adr); fw 95 tools/firmware_load.h int idxcorr(firmware *fw, int idx); fw 98 tools/firmware_load.h uint32_t* fwadr(firmware *fw, int i); fw 100 tools/firmware_load.h uint32_t fwval(firmware *fw, int i); fw 102 tools/firmware_load.h int fwRd(firmware *fw, int i); fw 103 tools/firmware_load.h int fwRn(firmware *fw, int i); fw 104 tools/firmware_load.h int fwRnMOV(firmware *fw, int i); fw 105 tools/firmware_load.h int fwOp2(firmware *fw, int i); fw 108 tools/firmware_load.h int idxFollowBranch(firmware *fw, int fidx, int offset); fw 109 tools/firmware_load.h uint32_t followBranch(firmware *fw, uint32_t fadr, int offset); fw 110 tools/firmware_load.h uint32_t followBranch2(firmware *fw, uint32_t fadr, int offset); fw 113 tools/firmware_load.h uint32_t LDR2adr(firmware *fw, int offset); fw 114 tools/firmware_load.h uint32_t LDR2idx(firmware *fw, int offset); fw 115 tools/firmware_load.h uint32_t LDR2val(firmware *fw, int offset); fw 116 tools/firmware_load.h uint32_t ADR2adr(firmware *fw, int offset); fw 117 tools/firmware_load.h uint32_t ALUop2(firmware *fw, int offset); fw 118 tools/firmware_load.h uint32_t ALUop2a(firmware *fw, int offset); fw 121 tools/firmware_load.h int isLDR_PC(firmware *fw, int offset); fw 122 tools/firmware_load.h int isLDR_SP(firmware *fw, int offset); fw 123 tools/firmware_load.h int isLDR_PC_cond(firmware *fw, int offset); fw 124 tools/firmware_load.h int isADR_PC(firmware *fw, int offset); fw 125 tools/firmware_load.h int isADR_PC_cond(firmware *fw, int offset); fw 126 tools/firmware_load.h int isLDMFD(firmware *fw, int offset); fw 127 tools/firmware_load.h int isLDMFD_PC(firmware *fw, int offset); fw 128 tools/firmware_load.h int isLDR(firmware *fw, int offset); fw 129 tools/firmware_load.h int isLDR_cond(firmware *fw, int offset); fw 130 tools/firmware_load.h int isADR(firmware *fw, int offset); fw 131 tools/firmware_load.h int isSTMFD(firmware *fw, int offset); fw 132 tools/firmware_load.h int isSTMFD_LR(firmware *fw, int offset); fw 133 tools/firmware_load.h int isSTR(firmware *fw, int offset); fw 134 tools/firmware_load.h int isSTR_cond(firmware *fw, int offset); fw 135 tools/firmware_load.h int isBX(firmware *fw, int offset); fw 136 tools/firmware_load.h int isBX_LR(firmware *fw, int offset); fw 137 tools/firmware_load.h int isBLX(firmware *fw, int offset); fw 138 tools/firmware_load.h int isBL(firmware *fw, int offset); fw 139 tools/firmware_load.h int isBL_cond(firmware *fw, int offset); fw 140 tools/firmware_load.h int isBLEQ(firmware *fw, int offset); fw 141 tools/firmware_load.h int isB(firmware *fw, int offset); fw 142 tools/firmware_load.h int isBorBL(firmware *fw, int offset); fw 143 tools/firmware_load.h int isCMP(firmware *fw, int offset); fw 144 tools/firmware_load.h int isMOV(firmware *fw, int offset); fw 145 tools/firmware_load.h int isMOV_immed(firmware *fw, int offset); fw 146 tools/firmware_load.h int isORR(firmware *fw, int offset); fw 147 tools/firmware_load.h int isADD(firmware *fw, int offset); fw 148 tools/firmware_load.h int isSUB(firmware *fw, int offset); fw 150 tools/firmware_load.h int isASCIIstring(firmware *fw, uint32_t adr); fw 153 tools/firmware_load.h int find_str(firmware *fw, char *str); fw 154 tools/firmware_load.h int find_Nth_str(firmware *fw, char *str, int N); fw 156 tools/firmware_load.h int find_inst(firmware *fw, int (*inst)(firmware*,int), int idx, int len); fw 158 tools/firmware_load.h int find_inst_rev(firmware *fw, int (*inst)(firmware*,int), int idx, int len); fw 160 tools/firmware_load.h int find_Nth_inst(firmware *fw, int (*inst)(firmware*,int), int idx, int len, int N); fw 162 tools/firmware_load.h int find_Nth_inst_rev(firmware *fw, int (*inst)(firmware*,int), int idx, int len, int N); fw 165 tools/firmware_load.h int find_strptr_ref(firmware *fw, char *str); fw 166 tools/firmware_load.h int find_str_ref(firmware *fw, char *str); fw 167 tools/firmware_load.h int find_nxt_str_ref(firmware *fw, int str_adr, int ofst); fw 168 tools/firmware_load.h int find_nxt_str_ref_alt(firmware *fw, char *str, int ofst, int limit); fw 171 tools/firmware_load.h int find_BL(firmware *fw, int k, uint32_t v1, uint32_t v2); fw 172 tools/firmware_load.h int find_B(firmware *fw, int k, uint32_t v1, uint32_t v2); fw 175 tools/firmware_load.h int search_fw(firmware *fw, int (*func)(firmware*, int, uint32_t, uint32_t), uint32_t v1, uint32_t v2, int len); fw 176 tools/firmware_load.h int search_fw_bytes(firmware *fw, int (*func)(firmware*, int)); fw 13 tools/firmware_load_ng.c static void addBufRange(firmware *fw, int o, int l) fw 16 tools/firmware_load_ng.c n->p = fw->buf32 + o; fw 20 tools/firmware_load_ng.c if (fw->br == 0) fw 22 tools/firmware_load_ng.c fw->br = n; fw 26 tools/firmware_load_ng.c fw->last->next = n; fw 28 tools/firmware_load_ng.c fw->last = n; fw 32 tools/firmware_load_ng.c static void findRanges(firmware *fw) fw 37 tools/firmware_load_ng.c fw->br = 0; fw->last = 0; fw 39 tools/firmware_load_ng.c for (i = 0; i < fw->size32; i++) fw 41 tools/firmware_load_ng.c if (fw->buf32[i] == 0xFFFFFFFF) // Possible start of block to skip fw 57 tools/firmware_load_ng.c addBufRange(fw,j,k - j); fw 70 tools/firmware_load_ng.c addBufRange(fw,j,k - j); fw 77 tools/firmware_load_ng.c addBufRange(fw,j,i - j); fw 83 tools/firmware_load_ng.c BufRange *getBufRangeForIndex(firmware *fw,int i) fw 85 tools/firmware_load_ng.c BufRange *br = fw->br; fw 99 tools/firmware_load_ng.c int find_Nth_str(firmware *fw, char *str, int N) fw 106 tools/firmware_load_ng.c BufRange *br = fw->br; fw 123 tools/firmware_load_ng.c int find_str(firmware *fw, char *str) fw 125 tools/firmware_load_ng.c return find_Nth_str(fw, str, 1); fw 132 tools/firmware_load_ng.c uint32_t find_next_bytes_range(firmware *fw, const void *bytes, size_t len, uint32_t start_adr, uint32_t max_adr) fw 135 tools/firmware_load_ng.c start_adr = fw->base; fw 137 tools/firmware_load_ng.c if(start_adr < fw->base || start_adr >= fw->base + fw->size8) { fw 142 tools/firmware_load_ng.c max_adr = fw->base + fw->size8-1; fw 144 tools/firmware_load_ng.c if(max_adr < fw->base || max_adr >= fw->base + fw->size8) { fw 148 tools/firmware_load_ng.c int end_k = (max_adr - fw->base); fw 149 tools/firmware_load_ng.c BufRange *p = getBufRangeForIndex(fw,(start_adr - fw->base)/4); fw 153 tools/firmware_load_ng.c int k = start_adr - fw->base; fw 159 tools/firmware_load_ng.c if (memcmp(fw->buf8+k,bytes,len) == 0) { fw 160 tools/firmware_load_ng.c return fw->base+k; fw 174 tools/firmware_load_ng.c int find_bytes_all(firmware *fw, const void *bytes, size_t len, uint32_t adr, uint32_t *result, int max) fw 177 tools/firmware_load_ng.c for(i=0,adr=find_next_bytes_range(fw,bytes,len,0,0); adr && (i < max); adr=find_next_bytes_range(fw,bytes,len,adr+len,0),i++) { fw 183 tools/firmware_load_ng.c uint32_t find_next_substr_bytes(firmware *fw, const char *str, uint32_t adr) fw 187 tools/firmware_load_ng.c return find_next_bytes_range(fw,str,strlen(str),adr,0); fw 190 tools/firmware_load_ng.c uint32_t find_next_str_bytes_range(firmware *fw, const char *str, uint32_t adr,uint32_t max_adr) fw 193 tools/firmware_load_ng.c return find_next_bytes_range(fw,str,strlen(str)+1,adr,max_adr); fw 196 tools/firmware_load_ng.c uint32_t find_next_str_bytes_main_fw(firmware *fw, const char *str, uint32_t adr) fw 201 tools/firmware_load_ng.c if(fw->base + fw->size8 - 4096 > fw->rom_code_search_max_adr) { fw 202 tools/firmware_load_ng.c max_adr = fw->rom_code_search_max_adr + 4096; fw 204 tools/firmware_load_ng.c max_adr = fw->base + fw->size8; fw 206 tools/firmware_load_ng.c return find_next_bytes_range(fw,str,strlen(str)+1,adr,max_adr); fw 210 tools/firmware_load_ng.c uint32_t find_str_bytes_main_fw(firmware *fw, const char *str) fw 212 tools/firmware_load_ng.c return find_next_str_bytes_main_fw(fw,str,fw->rom_code_search_min_adr); fw 215 tools/firmware_load_ng.c uint32_t find_next_str_bytes(firmware *fw, const char *str, uint32_t adr) fw 218 tools/firmware_load_ng.c return find_next_bytes_range(fw,str,strlen(str)+1,adr,0); fw 223 tools/firmware_load_ng.c uint32_t find_str_bytes(firmware *fw, const char *str) fw 225 tools/firmware_load_ng.c return find_next_str_bytes(fw,str,fw->base); fw 228 tools/firmware_load_ng.c int isASCIIstring(firmware *fw, uint32_t adr) fw 230 tools/firmware_load_ng.c unsigned char *p = (unsigned char*)adr2ptr_with_data(fw, adr); fw 249 tools/firmware_load_ng.c adr_range_t *adr_get_range(firmware *fw, uint32_t adr) fw 252 tools/firmware_load_ng.c adr_range_t *r=fw->adr_ranges; fw 253 tools/firmware_load_ng.c for(i=0;i<fw->adr_range_count;i++) { fw 263 tools/firmware_load_ng.c int adr_get_range_type(firmware *fw, uint32_t adr) fw 265 tools/firmware_load_ng.c adr_range_t *r=adr_get_range(fw,adr); fw 272 tools/firmware_load_ng.c uint32_t ptr2adr(firmware *fw, uint8_t *ptr) fw 275 tools/firmware_load_ng.c return (ptr-fw->buf8)+fw->base; fw 278 tools/firmware_load_ng.c uint8_t* adr2ptr(firmware *fw, uint32_t adr) fw 280 tools/firmware_load_ng.c adr_range_t *r=adr_get_range(fw,adr); fw 293 tools/firmware_load_ng.c uint8_t* adr2ptr_with_data(firmware *fw, uint32_t adr) fw 295 tools/firmware_load_ng.c adr_range_t *r=adr_get_range(fw,adr); fw 349 tools/firmware_load_ng.c int adr_is_var(firmware *fw, uint32_t adr) fw 351 tools/firmware_load_ng.c return (adr > fw->data_start && adr < fw->memisostart); fw 355 tools/firmware_load_ng.c int adr_is_main_fw_code(firmware *fw, uint32_t adr) fw 357 tools/firmware_load_ng.c int adr_type = adr_get_range_type(fw,adr); fw 364 tools/firmware_load_ng.c if(adr < fw->rom_code_search_min_adr || adr > fw->rom_code_search_max_adr) { fw 373 tools/firmware_load_ng.c uint32_t find_u32_adr_range(firmware *fw, uint32_t val, uint32_t start,uint32_t maxadr) fw 377 tools/firmware_load_ng.c start=fw->base; fw 383 tools/firmware_load_ng.c uint32_t *p=(uint32_t *)adr2ptr(fw,start); fw 390 tools/firmware_load_ng.c p_end = (uint32_t *)adr2ptr(fw,maxadr); fw 392 tools/firmware_load_ng.c p_end = fw->buf32 + fw->size32 - 1; fw 397 tools/firmware_load_ng.c return ptr2adr(fw,(uint8_t *)p); fw 405 tools/firmware_load_ng.c uint32_t find_u32_adr(firmware *fw, uint32_t val, uint32_t start) fw 407 tools/firmware_load_ng.c return find_u32_adr_range(fw,val,start, fw->base + (fw->size8 -4)); fw 411 tools/firmware_load_ng.c uint32_t fw_u32(firmware *fw, uint32_t adr) fw 413 tools/firmware_load_ng.c uint32_t *p=(uint32_t *)adr2ptr(fw,adr); fw 422 tools/firmware_load_ng.c int fw_memcmp(firmware *fw, uint32_t adr,const void *cmp, size_t n) fw 424 tools/firmware_load_ng.c uint32_t *p=(uint32_t *)adr2ptr(fw,adr); fw 428 tools/firmware_load_ng.c if(n >= fw->size8 - (adr - fw->base)) { fw 662 tools/firmware_load_ng.c uint32_t* LDR_PC2valptr_thumb(firmware *fw, cs_insn *insn) fw 671 tools/firmware_load_ng.c return (uint32_t *)adr2ptr(fw,adr); fw 674 tools/firmware_load_ng.c uint32_t* LDR_PC2valptr_arm(firmware *fw, cs_insn *insn) fw 683 tools/firmware_load_ng.c return (uint32_t *)adr2ptr(fw,adr); fw 686 tools/firmware_load_ng.c uint32_t* LDR_PC2valptr(firmware *fw, cs_insn *insn) fw 689 tools/firmware_load_ng.c return LDR_PC2valptr_arm(fw,insn); fw 691 tools/firmware_load_ng.c return LDR_PC2valptr_thumb(fw,insn); fw 696 tools/firmware_load_ng.c uint32_t LDR_PC2adr(__attribute__ ((unused))firmware *fw, cs_insn *insn) fw 709 tools/firmware_load_ng.c uint32_t ADRx2adr(__attribute__ ((unused))firmware *fw, cs_insn *insn) fw 733 tools/firmware_load_ng.c uint32_t ADR2adr(__attribute__ ((unused))firmware *fw, cs_insn *insn) fw 748 tools/firmware_load_ng.c uint32_t* ADR2valptr(firmware *fw, cs_insn *insn) fw 750 tools/firmware_load_ng.c uint32_t adr=ADR2adr(fw,insn); fw 751 tools/firmware_load_ng.c return (uint32_t *)adr2ptr(fw,adr); fw 755 tools/firmware_load_ng.c uint32_t LDR_PC2val(firmware *fw, cs_insn *insn) fw 757 tools/firmware_load_ng.c uint32_t *p=LDR_PC2valptr(fw,insn); fw 765 tools/firmware_load_ng.c uint32_t LDR_PC_PC_target(firmware *fw, cs_insn *insn) fw 770 tools/firmware_load_ng.c return LDR_PC2val(fw,insn); fw 774 tools/firmware_load_ng.c uint32_t B_target(__attribute__ ((unused))firmware *fw, cs_insn *insn) fw 784 tools/firmware_load_ng.c uint32_t CBx_target(__attribute__ ((unused))firmware *fw, cs_insn *insn) fw 793 tools/firmware_load_ng.c uint32_t BLXimm_target(__attribute__ ((unused))firmware *fw, cs_insn *insn) fw 803 tools/firmware_load_ng.c uint32_t BL_target(__attribute__ ((unused))firmware *fw, cs_insn *insn) fw 812 tools/firmware_load_ng.c uint32_t B_BL_target(__attribute__ ((unused))firmware *fw, cs_insn *insn) fw 822 tools/firmware_load_ng.c uint32_t B_BL_BLXimm_target(__attribute__ ((unused))firmware *fw, cs_insn *insn) fw 833 tools/firmware_load_ng.c uint32_t BX_PC_target(__attribute__ ((unused))firmware *fw, cs_insn *insn) fw 855 tools/firmware_load_ng.c int get_TBx_PC_info(firmware *fw,iter_state_t *is, tbx_info_t *ti) fw 885 tools/firmware_load_ng.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); // thumb state comes from hist fw 886 tools/firmware_load_ng.c if(fw->is->insn->id == ARM_INS_B && fw->is->insn->detail->arm.cc == ARM_CC_HS) { fw 891 tools/firmware_load_ng.c if(found_bhs && fw->is->insn->id == ARM_INS_CMP) { fw 893 tools/firmware_load_ng.c if((arm_reg)fw->is->insn->detail->arm.operands[0].reg == i_reg fw 894 tools/firmware_load_ng.c || fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM) { fw 895 tools/firmware_load_ng.c max_count = fw->is->insn->detail->arm.operands[1].imm; fw 907 tools/firmware_load_ng.c uint8_t *p=adr2ptr(fw,adr); fw 952 tools/firmware_load_ng.c iter_state_t *disasm_iter_new(firmware *fw, uint32_t adr) fw 957 tools/firmware_load_ng.c is->insn=cs_malloc(fw->cs_handle_arm); fw 958 tools/firmware_load_ng.c disasm_iter_init(fw,is,adr); fw 972 tools/firmware_load_ng.c int disasm_iter_set(firmware *fw, iter_state_t *is, uint32_t adr) fw 976 tools/firmware_load_ng.c is->cs_handle=fw->cs_handle_thumb; fw 981 tools/firmware_load_ng.c is->cs_handle=fw->cs_handle_arm; fw 992 tools/firmware_load_ng.c uint8_t *p=adr2ptr(fw,adr); fw 1003 tools/firmware_load_ng.c is->size=fw->size8 - (p-fw->buf8); fw 1009 tools/firmware_load_ng.c int disasm_iter_init(__attribute__ ((unused))firmware *fw, iter_state_t *is, uint32_t adr) fw 1012 tools/firmware_load_ng.c return disasm_iter_set(fw,is,adr); fw 1018 tools/firmware_load_ng.c int disasm_iter(__attribute__ ((unused))firmware *fw, iter_state_t *is) fw 1032 tools/firmware_load_ng.c int disasm_iter_redo(firmware *fw,iter_state_t *is) { fw 1049 tools/firmware_load_ng.c int fw_disasm_iter_start(firmware *fw, uint32_t adr) fw 1051 tools/firmware_load_ng.c return disasm_iter_init(fw,fw->is,adr); fw 1055 tools/firmware_load_ng.c int fw_disasm_iter(firmware *fw) fw 1057 tools/firmware_load_ng.c return disasm_iter(fw,fw->is); fw 1062 tools/firmware_load_ng.c int fw_disasm_iter_single(firmware *fw, uint32_t adr) fw 1064 tools/firmware_load_ng.c fw_disasm_iter_start(fw,adr); fw 1065 tools/firmware_load_ng.c return fw_disasm_iter(fw); fw 1075 tools/firmware_load_ng.c size_t fw_disasm_adr(firmware *fw, uint32_t adr, unsigned count, cs_insn **insn) fw 1077 tools/firmware_load_ng.c uint8_t *p=adr2ptr(fw,adr); fw 1082 tools/firmware_load_ng.c return cs_disasm(fw->cs_handle, p, fw->size8 - (p-fw->buf8), adr, count, insn); fw 1096 tools/firmware_load_ng.c uint32_t fw_search_insn(firmware *fw, iter_state_t *is, search_insn_fn f, uint32_t v1, void *udata, uint32_t adr_end) fw 1099 tools/firmware_load_ng.c adr_range_t *r_start=adr_get_range(fw,adr_start); fw 1108 tools/firmware_load_ng.c adr_end = fw->rom_code_search_max_adr; fw 1113 tools/firmware_load_ng.c adr_range_t *r_end=adr_get_range(fw,adr_end); fw 1131 tools/firmware_load_ng.c if(disasm_iter(fw,is)) { fw 1132 tools/firmware_load_ng.c uint32_t r=f(fw,is,v1,udata); fw 1141 tools/firmware_load_ng.c if(!disasm_iter_init(fw,is,adr|is->thumb)) { fw 1149 tools/firmware_load_ng.c BufRange *br=fw->br; fw 1153 tools/firmware_load_ng.c uint32_t *p_adr=(uint32_t *)adr2ptr(fw,(uint32_t)adr); fw 1155 tools/firmware_load_ng.c uint32_t adr_chunk_end = ptr2adr(fw,(uint8_t*)br_end); fw 1161 tools/firmware_load_ng.c adr=ptr2adr(fw,(uint8_t *)br->p); fw 1162 tools/firmware_load_ng.c if(!disasm_iter_init(fw,is,(uint32_t)adr | is->thumb)) { fw 1165 tools/firmware_load_ng.c p_adr=(uint32_t *)adr2ptr(fw,(uint32_t)adr); fw 1169 tools/firmware_load_ng.c if(disasm_iter(fw,is)) { fw 1170 tools/firmware_load_ng.c uint32_t r=f(fw,is,v1,udata); fw 1179 tools/firmware_load_ng.c if(!disasm_iter_init(fw,is,adr|is->thumb)) { fw 1194 tools/firmware_load_ng.c uint32_t search_disasm_const_ref(firmware *fw, iter_state_t *is, uint32_t val, __attribute__ ((unused))void *unused) fw 1197 tools/firmware_load_ng.c uint32_t av=ADRx2adr(fw,is->insn); fw 1205 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,is->insn); fw 1216 tools/firmware_load_ng.c uint32_t search_disasm_str_ref(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t val, void *udata) fw 1220 tools/firmware_load_ng.c uint32_t av=ADRx2adr(fw,is->insn); fw 1223 tools/firmware_load_ng.c char *cmp=(char *)adr2ptr_with_data(fw,av); fw 1229 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,is->insn); fw 1232 tools/firmware_load_ng.c char *cmp=(char *)adr2ptr_with_data(fw,*pv); fw 1243 tools/firmware_load_ng.c uint32_t search_disasm_calls(firmware *fw, iter_state_t *is, uint32_t val, __attribute__ ((unused))void *unused) fw 1246 tools/firmware_load_ng.c uint32_t sub=get_branch_call_insn_target(fw,is); fw 1256 tools/firmware_load_ng.c int search_calls_multi_end(__attribute__ ((unused))firmware *fw, __attribute__ ((unused))iter_state_t *is, __attribute__ ((unused))uint32_t adr) { fw 1264 tools/firmware_load_ng.c uint32_t search_disasm_calls_multi(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t unused, void *userdata) fw 1267 tools/firmware_load_ng.c uint32_t sub=get_branch_call_insn_target(fw,is); fw 1271 tools/firmware_load_ng.c return data->fn(fw,is,sub); fw 1280 tools/firmware_load_ng.c uint32_t search_disasm_calls_veneer_multi(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t unused, void *userdata) fw 1283 tools/firmware_load_ng.c uint32_t sub=get_branch_call_insn_target(fw,is); fw 1287 tools/firmware_load_ng.c return data->fn(fw,is,sub); fw 1292 tools/firmware_load_ng.c fw_disasm_iter_single(fw,sub); fw 1293 tools/firmware_load_ng.c veneer=get_branch_call_insn_target(fw,fw->is); fw 1297 tools/firmware_load_ng.c return data->fn(fw,is,sub); fw 1315 tools/firmware_load_ng.c int get_call_const_args(firmware *fw, iter_state_t *is_init, int max_backtrack, uint32_t *res) fw 1350 tools/firmware_load_ng.c fw_disasm_iter_single(fw,adr_hist_get(&is_init->ah,i)); // thumb state comes from hist fw 1357 tools/firmware_load_ng.c arm_insn insn_id = fw->is->insn->id; fw 1363 tools/firmware_load_ng.c && fw->is->insn->detail->arm.cc == ARM_CC_AL) { fw 1369 tools/firmware_load_ng.c if(fw->is->insn->detail->arm.operands[0].type != ARM_OP_REG) { fw 1372 tools/firmware_load_ng.c arm_reg rd = fw->is->insn->detail->arm.operands[0].reg; fw 1387 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,fw->is->insn); fw 1394 tools/firmware_load_ng.c uint32_t v=ADRx2adr(fw,fw->is->insn); // assumes ADR doesn't generate 0, probably safe fw 1403 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM) { fw 1404 tools/firmware_load_ng.c res[rd_i] += fw->is->insn->detail->arm.operands[1].imm; fw 1407 tools/firmware_load_ng.c } else if(isADDx_imm(fw->is->insn)) { fw 1408 tools/firmware_load_ng.c res[rd_i] += fw->is->insn->detail->arm.operands[1].imm; fw 1413 tools/firmware_load_ng.c } else if(isSUBx_imm(fw->is->insn)) { fw 1414 tools/firmware_load_ng.c res[rd_i] = (int)(res[rd_i]) - fw->is->insn->detail->arm.operands[1].imm; fw 1441 tools/firmware_load_ng.c uint32_t get_direct_jump_target(firmware *fw, iter_state_t *is_init) fw 1443 tools/firmware_load_ng.c uint32_t adr=B_target(fw,is_init->insn); fw 1448 tools/firmware_load_ng.c adr=LDR_PC_PC_target(fw,is_init->insn); fw 1454 tools/firmware_load_ng.c adr=BX_PC_target(fw,is_init->insn); fw 1469 tools/firmware_load_ng.c if(!fw_disasm_iter_single(fw,is_init->adr | is_init->thumb)) { fw 1470 tools/firmware_load_ng.c fprintf(stderr,"get_direct_jump_target: disasm single failed at 0x%"PRIx64"\n",fw->is->insn->address); fw 1474 tools/firmware_load_ng.c if(!(fw->is->insn->id == ARM_INS_MOVT fw 1475 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_IP fw 1476 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM)) { fw 1482 tools/firmware_load_ng.c adr = (fw->is->insn->detail->arm.operands[1].imm << 16) | (adr&0xFFFF); fw 1483 tools/firmware_load_ng.c if(!fw_disasm_iter(fw)) { fw 1484 tools/firmware_load_ng.c fprintf(stderr,"get_direct_jump_target: disasm 2 failed at 0x%"PRIx64"\n",fw->is->insn->address); fw 1488 tools/firmware_load_ng.c if(fw->is->insn->id == ARM_INS_BX fw 1489 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[0].type == ARM_OP_REG fw 1490 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_IP) { fw 1502 tools/firmware_load_ng.c uint32_t get_branch_call_insn_target(firmware *fw, iter_state_t *is) fw 1504 tools/firmware_load_ng.c uint32_t adr=B_BL_target(fw,is->insn); fw 1510 tools/firmware_load_ng.c adr=CBx_target(fw,is->insn); fw 1516 tools/firmware_load_ng.c adr=BLXimm_target(fw,is->insn); fw 1525 tools/firmware_load_ng.c adr=LDR_PC_PC_target(fw,is->insn); fw 1529 tools/firmware_load_ng.c adr=BX_PC_target(fw,is->insn); fw 1557 tools/firmware_load_ng.c int find_and_get_var_ldr(firmware *fw, fw 1565 tools/firmware_load_ng.c if(!insn_match_find_next(fw,is,max_search_insns,match_ldr_pc)) { fw 1572 tools/firmware_load_ng.c r.adr_base=LDR_PC2val(fw,is->insn); fw 1577 tools/firmware_load_ng.c if(!disasm_iter(fw,is)) { fw 1598 tools/firmware_load_ng.c if(!disasm_iter(fw,is)) { fw 1644 tools/firmware_load_ng.c int find_const_ref_match(firmware *fw, fw 1661 tools/firmware_load_ng.c int (*match_fn)(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match); fw 1671 tools/firmware_load_ng.c while(fw_search_insn(fw,is,search_disasm_const_ref,val,NULL,(uint32_t)(is->adr+max_search_bytes))) { fw 1676 tools/firmware_load_ng.c if(match_fn(fw,is,max_gap_insns,match)) { fw 1682 tools/firmware_load_ng.c if((get_call_const_args(fw,is,max_gap_insns,regs)®_bit)==reg_bit) { fw 1690 tools/firmware_load_ng.c disasm_iter_init(fw,is,next_adr | is->thumb); fw 1701 tools/firmware_load_ng.c int find_const_ref_call(firmware *fw, fw 1709 tools/firmware_load_ng.c return find_const_ref_match(fw,is,max_search_bytes,max_gap_insns,match_reg,val,match_bl_blximm,FIND_CONST_REF_MATCH_ANY); fw 1728 tools/firmware_load_ng.c int check_simple_func(firmware *fw, uint32_t adr, int match_ftype, simple_func_desc_t *info) fw 1744 tools/firmware_load_ng.c if(!fw_disasm_iter_single(fw,adr)) { fw 1750 tools/firmware_load_ng.c if(insn_match_any(fw->is->insn,match_mov_r0_imm)) { fw 1751 tools/firmware_load_ng.c found_val = fw->is->insn->detail->arm.operands[1].imm; fw 1754 tools/firmware_load_ng.c if(!fw_disasm_iter(fw)) { fw 1760 tools/firmware_load_ng.c if(!isRETx(fw->is->insn)) { fw 1787 tools/firmware_load_ng.c uint32_t find_last_call_from_func(firmware *fw, iter_state_t *is,int min_insns, int max_insns) fw 1793 tools/firmware_load_ng.c if(!disasm_iter(fw,is)) { fw 1815 tools/firmware_load_ng.c last_adr=get_branch_call_insn_target(fw,is); fw 1834 tools/firmware_load_ng.c if(!disasm_iter(fw,is)) { fw 1853 tools/firmware_load_ng.c if(!disasm_iter(fw,is)) { fw 1860 tools/firmware_load_ng.c return get_branch_call_insn_target(fw,is); fw 1927 tools/firmware_load_ng.c int insn_match_seq(firmware *fw, iter_state_t *is, const insn_match_t *match) fw 1930 tools/firmware_load_ng.c while(match->id != ARM_INS_ENDING && disasm_iter(fw,is) && insn_match(is->insn,match)) { fw 2073 tools/firmware_load_ng.c int insn_match_find_next(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match) fw 2078 tools/firmware_load_ng.c if(!disasm_iter(fw,is)) { fw 2092 tools/firmware_load_ng.c int insn_match_find_nth(firmware *fw, iter_state_t *is, int max_insns, int num_to_match, const insn_match_t *match) fw 2098 tools/firmware_load_ng.c if(!disasm_iter(fw,is)) { fw 2120 tools/firmware_load_ng.c int insn_match_find_next_seq(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match) fw 2126 tools/firmware_load_ng.c while(m->id != ARM_INS_ENDING && disasm_iter(fw,is) && insn_match(is->insn,m)) { fw 2145 tools/firmware_load_ng.c int fw_search_bytes(firmware *fw, search_bytes_fn func) fw 2147 tools/firmware_load_ng.c BufRange *p = fw->br; fw 2153 tools/firmware_load_ng.c if (func(fw,k)) fw 2164 tools/firmware_load_ng.c void fw_add_adr_range(firmware *fw, uint32_t start, uint32_t end, uint32_t src_start, int type, int flags) fw 2166 tools/firmware_load_ng.c if(fw->adr_range_count == FW_MAX_ADR_RANGES) { fw 2170 tools/firmware_load_ng.c if(src_start < fw->base) { fw 2171 tools/firmware_load_ng.c fprintf(stderr,"fw_add_adr_range: src_start 0x%08x < base 0x%08x\n",src_start,fw->base); fw 2174 tools/firmware_load_ng.c if(src_start >= fw->base+fw->size8) { fw 2175 tools/firmware_load_ng.c fprintf(stderr,"fw_add_adr_range: src_start 0x%08x outside dump end 0x%08x\n",src_start,fw->base+fw->size8); fw 2187 tools/firmware_load_ng.c if(len > fw->size8 - (start - fw->base)) { fw 2191 tools/firmware_load_ng.c adr_range_t *r=&fw->adr_ranges[fw->adr_range_count]; fw 2198 tools/firmware_load_ng.c r->buf=fw->buf8 + (r->src_start - fw->base); fw 2200 tools/firmware_load_ng.c fw->adr_range_count++; fw 2203 tools/firmware_load_ng.c void find_dryos_vers(firmware *fw) fw 2206 tools/firmware_load_ng.c fw->dryos_ver_count = find_bytes_all(fw,sig,strlen(sig),fw->base,fw->dryos_ver_list,FW_MAX_DRYOS_VERS); fw 2216 tools/firmware_load_ng.c if(fw->dryos_ver_count) { fw 2217 tools/firmware_load_ng.c if(fw->dryos_ver_count == FW_MAX_DRYOS_VERS) { fw 2225 tools/firmware_load_ng.c uint32_t maxadr = (fw->rom_code_search_max_adr - 0x800000 > fw->base)?fw->base + 0x800000:fw->rom_code_search_max_adr; fw 2228 tools/firmware_load_ng.c for(i=0; i<fw->dryos_ver_count; i++) { fw 2231 tools/firmware_load_ng.c uint32_t adr = find_u32_adr_range(fw,fw->dryos_ver_list[i],fw->rom_code_search_min_adr,maxadr); fw 2242 tools/firmware_load_ng.c fw->dryos_ver_str = (const char *)adr2ptr(fw,fw->dryos_ver_list[match_i]); fw 2243 tools/firmware_load_ng.c const char *s = (const char *)adr2ptr(fw,fw->dryos_ver_list[match_i]+strlen(sig)); fw 2244 tools/firmware_load_ng.c fw->dryos_ver = atoi(s); fw 2246 tools/firmware_load_ng.c fw->dryos_ver_patch = atoi(s+6); fw 2247 tools/firmware_load_ng.c if(fw->dryos_ver_patch >= FW_DRYOS_VER_MUL) { fw 2248 tools/firmware_load_ng.c fprintf(stderr,"WARNING unexpected patch revision %d\n",fw->dryos_ver_patch); fw 2251 tools/firmware_load_ng.c fw->dryos_ver_patch = 0; fw 2253 tools/firmware_load_ng.c fw->dryos_ver_full = fw->dryos_ver * FW_DRYOS_VER_MUL + fw->dryos_ver_patch; fw 2254 tools/firmware_load_ng.c fw->dryos_ver_adr = fw->dryos_ver_list[match_i]; fw 2255 tools/firmware_load_ng.c fw->dryos_ver_ref_adr = min_adr; fw 2258 tools/firmware_load_ng.c fw->dryos_ver = 0; fw 2259 tools/firmware_load_ng.c fw->dryos_ver_patch = 0; fw 2260 tools/firmware_load_ng.c fw->dryos_ver_full = 0; fw 2261 tools/firmware_load_ng.c fw->dryos_ver_str = NULL; fw 2262 tools/firmware_load_ng.c fw->dryos_ver_adr = 0; fw 2267 tools/firmware_load_ng.c void firmware_load(firmware *fw, const char *filename, uint32_t base_adr,int fw_arch) fw 2276 tools/firmware_load_ng.c fw->size8 = ftell(f); fw 2280 tools/firmware_load_ng.c if(fw->size8&3) { fw 2281 tools/firmware_load_ng.c fprintf(stderr,"WARNING: dump size %d is not divisible by 4, truncating\n",fw->size8); fw 2282 tools/firmware_load_ng.c fw->size8 &= ~3; fw 2286 tools/firmware_load_ng.c if((int)(0xFFFFFFFF - base_adr) < fw->size8) { fw 2287 tools/firmware_load_ng.c fprintf(stderr,"adjusted dump size 0x%08x->",fw->size8); fw 2288 tools/firmware_load_ng.c fw->size8 = 0xFFFFFFFC - base_adr; fw 2289 tools/firmware_load_ng.c fprintf(stderr,"0x%08x\n",fw->size8); fw 2292 tools/firmware_load_ng.c fw->arch=fw_arch; fw 2293 tools/firmware_load_ng.c fw->size32=fw->size8/4; fw 2295 tools/firmware_load_ng.c fw->base = base_adr; fw 2297 tools/firmware_load_ng.c fw->buf8 = malloc(fw->size8); fw 2298 tools/firmware_load_ng.c if(!fw->buf8) { fw 2299 tools/firmware_load_ng.c fprintf(stderr,"malloc %d failed\n",fw->size8); fw 2302 tools/firmware_load_ng.c fread(fw->buf8, 1, fw->size8, f); fw 2304 tools/firmware_load_ng.c findRanges(fw); fw 2306 tools/firmware_load_ng.c fw->adr_range_count=0; fw 2308 tools/firmware_load_ng.c fw_add_adr_range(fw,fw->base, fw->base+fw->size8, fw->base, ADR_RANGE_ROM, ADR_RANGE_FL_NONE); fw 2310 tools/firmware_load_ng.c fw->main_offs = 0; fw 2311 tools/firmware_load_ng.c int k = find_str(fw, "gaonisoy"); fw 2315 tools/firmware_load_ng.c if(find_str(fw,"VxWorks") == -1) { fw 2320 tools/firmware_load_ng.c if(fw_memcmp(fw,fw->base+0x20004,"gaonisoy",8) == 0) { fw 2321 tools/firmware_load_ng.c fw->main_offs = 0x20000; fw 2322 tools/firmware_load_ng.c } else if (fw_memcmp(fw,fw->base+0x10004,"gaonisoy",8) == 0) { // newer armv5 firmwares base ff81000 start at ff820000 fw 2323 tools/firmware_load_ng.c fw->main_offs = 0x10000; fw 2329 tools/firmware_load_ng.c fw->rom_code_search_min_adr = fw->base + fw->main_offs; // 0 if not found fw 2330 tools/firmware_load_ng.c fw->rom_code_search_max_adr=fw->base+fw->size8 - 4; // default == end of fw, may be adjusted by firmware_init_data_ranges fw 2332 tools/firmware_load_ng.c find_dryos_vers(fw); fw 2334 tools/firmware_load_ng.c fw->firmware_ver_str = 0; fw 2335 tools/firmware_load_ng.c k = find_str(fw, "Firmware Ver "); fw 2338 tools/firmware_load_ng.c fw->firmware_ver_str = (char *)fw->buf8 + k*4; fw 2341 tools/firmware_load_ng.c if(fw->arch==FW_ARCH_ARMv5) { fw 2342 tools/firmware_load_ng.c fw->thumb_default = 0; fw 2343 tools/firmware_load_ng.c } else if(fw->arch==FW_ARCH_ARMv7) { fw 2344 tools/firmware_load_ng.c fw->thumb_default = 1; fw 2351 tools/firmware_load_ng.c int do_blx_check(firmware *fw) fw 2378 tools/firmware_load_ng.c count = cs_disasm(fw->cs_handle_thumb, code, sizeof(code), 0xFF000000, 3, &insn); fw 2396 tools/firmware_load_ng.c int firmware_init_capstone(firmware *fw) fw 2398 tools/firmware_load_ng.c if (cs_open(CS_ARCH_ARM, CS_MODE_ARM, &fw->cs_handle_arm) != CS_ERR_OK) { fw 2402 tools/firmware_load_ng.c cs_option(fw->cs_handle_arm, CS_OPT_DETAIL, CS_OPT_ON); fw 2403 tools/firmware_load_ng.c if (cs_open(CS_ARCH_ARM, CS_MODE_THUMB, &fw->cs_handle_thumb) != CS_ERR_OK) { fw 2407 tools/firmware_load_ng.c cs_option(fw->cs_handle_thumb, CS_OPT_DETAIL, CS_OPT_ON); fw 2408 tools/firmware_load_ng.c fw->is=disasm_iter_new(fw,0); fw 2409 tools/firmware_load_ng.c do_blx_check(fw); fw 2421 tools/firmware_load_ng.c int find_startup_copy(firmware *fw, fw 2436 tools/firmware_load_ng.c while(disasm_iter(fw,is) && count < max_search) { fw 2437 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,is->insn); fw 2444 tools/firmware_load_ng.c if(*pv > fw->base) { fw 2448 tools/firmware_load_ng.c if(*pv < fw->base) { fw 2454 tools/firmware_load_ng.c if(*pv < fw->base && *pv > *dptr) { fw 2472 tools/firmware_load_ng.c void find_exception_vec(firmware *fw, iter_state_t *is) fw 2476 tools/firmware_load_ng.c if(fw->arch != FW_ARCH_ARMv7) { fw 2488 tools/firmware_load_ng.c disasm_iter_init(fw, is, fw->base + fw->main_offs + 12 + fw->thumb_default); fw 2489 tools/firmware_load_ng.c if(!insn_match_find_next(fw,is,4,match_bl_mcr)) { fw 2494 tools/firmware_load_ng.c uint32_t faddr = get_branch_call_insn_target(fw,is); fw 2497 tools/firmware_load_ng.c disasm_iter_init(fw, is, faddr); fw 2498 tools/firmware_load_ng.c disasm_iter(fw, is); fw 2506 tools/firmware_load_ng.c disasm_iter(fw, is); fw 2515 tools/firmware_load_ng.c if(adr_get_range_type(fw,va) != ADR_RANGE_ROM) { fw 2518 tools/firmware_load_ng.c disasm_iter(fw, is); fw 2524 tools/firmware_load_ng.c disasm_iter(fw, is); fw 2532 tools/firmware_load_ng.c if(adr_get_range_type(fw,vb) != ADR_RANGE_ROM) { fw 2538 tools/firmware_load_ng.c fw_add_adr_range(fw,0,vb - va, va, ADR_RANGE_RAM_CODE, ADR_RANGE_FL_EVEC | ADR_RANGE_FL_TCM); fw 2543 tools/firmware_load_ng.c fw->arch_flags |= FW_ARCH_FL_VMSA; fw 2545 tools/firmware_load_ng.c disasm_iter_init(fw, is, adr_hist_get(&is->ah,1)); fw 2546 tools/firmware_load_ng.c disasm_iter(fw, is); fw 2553 tools/firmware_load_ng.c void firmware_init_data_ranges(firmware *fw) fw 2560 tools/firmware_load_ng.c iter_state_t *is=disasm_iter_new(fw, fw->base + fw->main_offs + 12 + fw->thumb_default); fw 2562 tools/firmware_load_ng.c fw->data_init_start=0; fw 2563 tools/firmware_load_ng.c fw->data_start=0; fw 2564 tools/firmware_load_ng.c fw->data_len=0; fw 2566 tools/firmware_load_ng.c fw->memisostart=0; fw 2573 tools/firmware_load_ng.c while(find_startup_copy(fw,is,max_search,&src_start,&dst_start,&dst_end)) { fw 2577 tools/firmware_load_ng.c if(fw->data_init_start) { fw 2588 tools/firmware_load_ng.c fw->data_init_start=src_start; fw 2589 tools/firmware_load_ng.c fw->data_start=dst_start; fw 2590 tools/firmware_load_ng.c fw->data_len=dst_end-dst_start; fw 2591 tools/firmware_load_ng.c fw_add_adr_range(fw,dst_start,dst_end,src_start, ADR_RANGE_INIT_DATA, ADR_RANGE_FL_NONE); fw 2614 tools/firmware_load_ng.c fw_add_adr_range(fw,dst_start,dst_end,src_start,ADR_RANGE_RAM_CODE, ADR_RANGE_FL_NONE); fw 2628 tools/firmware_load_ng.c fw_add_adr_range(fw,dst_start,dst_end,src_start,ADR_RANGE_RAM_CODE, ADR_RANGE_FL_TCM); fw 2630 tools/firmware_load_ng.c if(fw->data_start && base2_found && base3_found) { fw 2642 tools/firmware_load_ng.c disasm_iter_init(fw,is,(data_found_copy-4) | fw->thumb_default); fw 2643 tools/firmware_load_ng.c while(disasm_iter(fw,is) && count < 20) { fw 2644 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,is->insn); fw 2651 tools/firmware_load_ng.c if(*pv == fw->data_start + fw->data_len) { fw 2655 tools/firmware_load_ng.c if(*pv < fw->base) { fw 2656 tools/firmware_load_ng.c if(*pv != fw->data_start + fw->data_len) { fw 2665 tools/firmware_load_ng.c fw->memisostart=*eptr; fw 2672 tools/firmware_load_ng.c find_exception_vec(fw,is); fw 2676 tools/firmware_load_ng.c if(fw->data_start) { fw 2677 tools/firmware_load_ng.c fw->rom_code_search_max_adr=fw->data_init_start; fw 2680 tools/firmware_load_ng.c if(fw->dryos_ver_adr) { fw 2681 tools/firmware_load_ng.c if(fw->dryos_ver_adr < fw->rom_code_search_max_adr) { fw 2682 tools/firmware_load_ng.c fw->rom_code_search_max_adr = fw->dryos_ver_adr; fw 2689 tools/firmware_load_ng.c void firmware_unload(firmware *fw) fw 2691 tools/firmware_load_ng.c if(!fw) { fw 2694 tools/firmware_load_ng.c if(fw->is) { fw 2695 tools/firmware_load_ng.c disasm_iter_free(fw->is); fw 2697 tools/firmware_load_ng.c if(fw->cs_handle_arm) { fw 2698 tools/firmware_load_ng.c cs_close(&fw->cs_handle_arm); fw 2700 tools/firmware_load_ng.c if(fw->cs_handle_thumb) { fw 2701 tools/firmware_load_ng.c cs_close(&fw->cs_handle_thumb); fw 2703 tools/firmware_load_ng.c free(fw->buf8); fw 2704 tools/firmware_load_ng.c memset(fw,0,sizeof(firmware)); fw 139 tools/firmware_load_ng.h uint8_t* adr2ptr(firmware *fw, uint32_t adr); fw 142 tools/firmware_load_ng.h uint8_t* adr2ptr_with_data(firmware *fw, uint32_t adr); fw 152 tools/firmware_load_ng.h uint32_t ptr2adr(firmware *fw, uint8_t *ptr); fw 155 tools/firmware_load_ng.h adr_range_t *adr_get_range(firmware *fw, uint32_t adr); fw 158 tools/firmware_load_ng.h int adr_get_range_type(firmware *fw, uint32_t adr); fw 161 tools/firmware_load_ng.h int adr_is_var(firmware *fw, uint32_t adr); fw 164 tools/firmware_load_ng.h int adr_is_main_fw_code(firmware *fw, uint32_t adr); fw 171 tools/firmware_load_ng.h int find_Nth_str(firmware *fw, char *str, int N); fw 174 tools/firmware_load_ng.h int find_str(firmware *fw, char *str); fw 180 tools/firmware_load_ng.h uint32_t find_next_bytes_range(firmware *fw, const void *bytes, size_t len, uint32_t start_adr, uint32_t max_adr); fw 184 tools/firmware_load_ng.h int find_bytes_all(firmware *fw, const void *bytes, size_t len, uint32_t adr, uint32_t *result, int maxmatch); fw 190 tools/firmware_load_ng.h uint32_t find_next_str_bytes(firmware *fw, const char *str, uint32_t adr); fw 193 tools/firmware_load_ng.h uint32_t find_next_str_bytes_main_fw(firmware *fw, const char *str, uint32_t adr); fw 196 tools/firmware_load_ng.h uint32_t find_next_substr_bytes(firmware *fw, const char *str, uint32_t adr); fw 200 tools/firmware_load_ng.h uint32_t find_str_bytes_main_fw(firmware *fw, const char *str); fw 203 tools/firmware_load_ng.h uint32_t find_str_bytes(firmware *fw, const char *str); fw 205 tools/firmware_load_ng.h int isASCIIstring(firmware *fw, uint32_t adr); fw 210 tools/firmware_load_ng.h uint32_t find_u32_adr_range(firmware *fw, uint32_t val, uint32_t start, uint32_t maxadr); fw 215 tools/firmware_load_ng.h uint32_t find_u32_adr(firmware *fw, uint32_t val, uint32_t start); fw 218 tools/firmware_load_ng.h uint32_t fw_u32(firmware *fw, uint32_t adr); fw 221 tools/firmware_load_ng.h int fw_memcmp(firmware *fw, uint32_t adr,const void *cmp, size_t n); fw 266 tools/firmware_load_ng.h uint32_t* LDR_PC2valptr_thumb(firmware *fw, cs_insn *insn); fw 267 tools/firmware_load_ng.h uint32_t* LDR_PC2valptr_arm(firmware *fw, cs_insn *insn); fw 268 tools/firmware_load_ng.h uint32_t* LDR_PC2valptr(firmware *fw, cs_insn *insn); fw 271 tools/firmware_load_ng.h uint32_t LDR_PC2adr(firmware *fw, cs_insn *insn); fw 307 tools/firmware_load_ng.h uint32_t ADRx2adr(firmware *fw, cs_insn *insn); fw 311 tools/firmware_load_ng.h uint32_t ADR2adr(firmware *fw, cs_insn *insn); fw 314 tools/firmware_load_ng.h uint32_t* ADR2valptr(firmware *fw, cs_insn *insn); fw 317 tools/firmware_load_ng.h uint32_t LDR_PC2val(firmware *fw, cs_insn *insn); fw 322 tools/firmware_load_ng.h uint32_t B_target(firmware *fw, cs_insn *insn); fw 325 tools/firmware_load_ng.h uint32_t CBx_target(firmware *fw, cs_insn *insn); fw 328 tools/firmware_load_ng.h uint32_t BLXimm_target(firmware *fw, cs_insn *insn); fw 333 tools/firmware_load_ng.h uint32_t BL_target(firmware *fw, cs_insn *insn); fw 336 tools/firmware_load_ng.h uint32_t B_BL_target(firmware *fw, cs_insn *insn); fw 339 tools/firmware_load_ng.h uint32_t B_BL_BLXimm_target(firmware *fw, cs_insn *insn); fw 342 tools/firmware_load_ng.h uint32_t BX_PC_target(__attribute__ ((unused))firmware *fw, cs_insn *insn); fw 354 tools/firmware_load_ng.h int get_TBx_PC_info(firmware *fw,iter_state_t *is, tbx_info_t *ti); fw 358 tools/firmware_load_ng.h iter_state_t *disasm_iter_new(firmware *fw, uint32_t adr); fw 365 tools/firmware_load_ng.h int disasm_iter_set(firmware *fw, iter_state_t *is, uint32_t adr); fw 369 tools/firmware_load_ng.h int disasm_iter_init(firmware *fw, iter_state_t *is, uint32_t adr); fw 376 tools/firmware_load_ng.h int disasm_iter(firmware *fw, iter_state_t *is); fw 384 tools/firmware_load_ng.h int fw_disasm_iter_start(firmware *fw, uint32_t adr); fw 387 tools/firmware_load_ng.h int fw_disasm_iter(firmware *fw); fw 391 tools/firmware_load_ng.h int fw_disasm_iter_single(firmware *fw, uint32_t adr); fw 411 tools/firmware_load_ng.h typedef uint32_t (*search_insn_fn)(firmware *fw, iter_state_t *is, uint32_t v1, void *udata); fw 422 tools/firmware_load_ng.h uint32_t fw_search_insn(firmware *fw, iter_state_t *is, search_insn_fn f,uint32_t v1, void *udata, uint32_t adr_end); fw 426 tools/firmware_load_ng.h uint32_t search_disasm_const_ref(firmware *fw, iter_state_t *is, uint32_t val, void *unused); fw 429 tools/firmware_load_ng.h uint32_t search_disasm_str_ref(firmware *fw, iter_state_t *is, uint32_t val, void *str); fw 434 tools/firmware_load_ng.h uint32_t search_disasm_calls(firmware *fw, iter_state_t *is, uint32_t val, void *unused); fw 438 tools/firmware_load_ng.h typedef int (*search_calls_multi_fn)(firmware *fw, iter_state_t *is, uint32_t adr); fw 448 tools/firmware_load_ng.h int search_calls_multi_end(firmware *fw, iter_state_t *is, uint32_t adr); fw 453 tools/firmware_load_ng.h uint32_t search_disasm_calls_multi(firmware *fw, iter_state_t *is, uint32_t unused, void *userdata); fw 456 tools/firmware_load_ng.h uint32_t search_disasm_calls_veneer_multi(firmware *fw, iter_state_t *is, uint32_t unused, void *userdata); fw 468 tools/firmware_load_ng.h int get_call_const_args(firmware *fw, iter_state_t *is_init, int max_backtrack, uint32_t *res); fw 483 tools/firmware_load_ng.h uint32_t get_direct_jump_target(firmware *fw, iter_state_t *is_init); fw 490 tools/firmware_load_ng.h uint32_t get_branch_call_insn_target(firmware *fw, iter_state_t *is); fw 518 tools/firmware_load_ng.h int find_and_get_var_ldr(firmware *fw, fw 545 tools/firmware_load_ng.h int check_simple_func(firmware *fw, uint32_t adr, int match_ftype, simple_func_desc_t *info); fw 556 tools/firmware_load_ng.h uint32_t find_last_call_from_func(firmware *fw, iter_state_t *is,int min_insns, int max_insns); fw 639 tools/firmware_load_ng.h int insn_match_find_next(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match); fw 642 tools/firmware_load_ng.h int insn_match_find_nth(firmware *fw, iter_state_t *is, int max_insns, int num_to_match, const insn_match_t *match); fw 645 tools/firmware_load_ng.h int insn_match_seq(firmware *fw, iter_state_t *is, const insn_match_t *match); fw 648 tools/firmware_load_ng.h int insn_match_find_next_seq(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match); fw 659 tools/firmware_load_ng.h int find_const_ref_match(firmware *fw, fw 675 tools/firmware_load_ng.h int find_const_ref_call(firmware *fw, fw 691 tools/firmware_load_ng.h int fw_search_bytes(firmware *fw, search_bytes_fn func); fw 695 tools/firmware_load_ng.h void fw_add_adr_range(firmware *fw, uint32_t start, uint32_t end, uint32_t src_start, int type, int flags); fw 698 tools/firmware_load_ng.h void firmware_load(firmware *fw, const char *filename, uint32_t base_adr,int fw_arch); fw 701 tools/firmware_load_ng.h int firmware_init_capstone(firmware *fw); fw 704 tools/firmware_load_ng.h void firmware_init_data_ranges(firmware *fw); fw 707 tools/firmware_load_ng.h void firmware_unload(firmware *fw);