#include "lolevel.h"
#include "platform.h"
#include "core.h"

Include-Abhängigkeitsdiagramm für boot.c:

Funktionen
void	createHook (void *pNewTcb)

void	deleteHook (void *pTcb)

void	boot ()

void	__attribute__ ((naked, noinline))
	*-------------------------------------------------------------------— Mehr ...

void	h_usrInit ()

void	h_usrKernelInit ()

void	h_usrRoot ()

Variablen
long	wrs_kernel_bss_start

long	wrs_kernel_bss_end

const char *const	new_sa = &_end

Dokumentation der Funktionen

void __attribute__ ( (naked, noinline) )

*-------------------------------------------------------------------—

!!

IS_ERROR( hSoundHandle )

IS_ERROR( RetCode )

Definiert in Zeile 21 der Datei boot.c.

 {
     long *canon_data_src = (void*)0xffad76d0; // This is the address of the "Startofdata" string on the firmware
     long *canon_data_dst = (void*)MEMBASEADDR; // This is where the boot data is copiedduring firmware update
     long canon_data_len = 0xEB60; // This is the length of data from "Startofdata" to the end of the firmware dump
     long *canon_bss_start = (void*) (canon_data_len + MEMBASEADDR); //  = 0xEB60 + 0x1900,  just after data
     long canon_bss_len = MEMISOSTART - (long) canon_bss_start; // The original address of h_usrKernelInit - bss start
     long i;
 
     asm volatile (
     "MRC     p15, 0, R0,c1,c0\n"
     "ORR     R0, R0, #0x1000\n"
     "ORR     R0, R0, #4\n"
     "ORR     R0, R0, #1\n"
     "MCR     p15, 0, R0,c1,c0\n"
     :::"r0");
 
 
     for(i=0;i<canon_data_len/4;i++)
     canon_data_dst[i]=canon_data_src[i];
 
     for(i=0;i<canon_bss_len/4;i++)
     canon_bss_start[i]=0;
 
     asm volatile (
     "MRC     p15, 0, R0,c1,c0\n"
     "ORR     R0, R0, #0x1000\n"
     "BIC     R0, R0, #4\n"
     "ORR     R0, R0, #1\n"
     "MCR     p15, 0, R0,c1,c0\n"
     :::"r0");
     
     h_usrInit();
 }

void boot ( )

Definiert in Zeile 43 der Datei boot.c.

             {
 
     long *canon_data_src = (void*)0xFFEDAC70;   // value taken at ROM:FFC00188
     long *canon_data_dst = (void*)0x1900;
     long canon_data_len = 0xDF84 - 0x1900; // data_end - data_start 0xDF7C taken at ROM:FFC00138
     long *canon_bss_start = (void*)0xDF84; // just after data 
     long canon_bss_len = 0xD4F38 - 0xDF84; // d4ec8 taken at ROM:FFC00FB4
 
     long i;
 
     // enable caches and write buffer...
     // this is a carryover from old dryos ports, may not be useful
     asm volatile (
             "MRC     p15, 0, R0,c1,c0\n"
             "ORR     R0, R0, #0x1000\n"
             "ORR     R0, R0, #4\n"
             "ORR     R0, R0, #1\n"
             "MCR     p15, 0, R0,c1,c0\n"
         :::"r0"
       );
 
     for(i=0;i<canon_data_len/4;i++)
             canon_data_dst[i]=canon_data_src[i];
 
     for(i=0;i<canon_bss_len/4;i++)
             canon_bss_start[i]=0;
 
     asm volatile ("B      sub_FFC001A4_my\n");
 };

void createHook ( void * pNewTcb)

Definiert in Zeile 110 der Datei main.c.

 {
     char *name = (char*)(*(long*)((char*)pNewTcb+0x34));
     long *entry = (long*)((char*)pNewTcb+0x74);
 
     // always hook first task creation
     // to create SpyProc
     if (!stop_hooking){
         task_prev = (void*)(*entry);
         *entry = (long)task_start_hook;
         stop_hooking = 1;
     } else {
         // hook/replace another tasks
         if (my_ncmp(name, "tPhySw", 6) == 0){
             *entry = (long)physw_hook;
         }
 
         if (my_ncmp(name, "tInitFileM", 10) == 0){
             init_file_modules_prev = (void*)(*entry);
 #if CAM_MULTIPART
             *entry = (long)init_file_modules_task;
 #else
             *entry = (long)init_file_modules_hook;
 #endif
         }
 
         if (my_ncmp(name, "tCaptSeqTa", 10) == 0){
             *entry = (long)capt_seq_hook;
         }
 
 #if CAM_CHDK_HAS_EXT_VIDEO_MENU
         if (my_ncmp(name, "tMovieReco", 10) == 0){
             *entry = (long)movie_record_hook;
         }
 #endif
 
 #if CAM_EXT_TV_RANGE
         if (my_ncmp(name, "tExpDrvTas", 10) == 0){
             *entry = (long)exp_drv_task;
         }
 #endif
 
 #if CAM_HAS_FILEWRITETASK_HOOK
         if (my_ncmp(name, "tFileWrite", 10) == 0){
             *entry = (long)filewritetask;
         }
 #endif
 
 // for cameras that have a "touch control dial" with 'TouchW' task.
 // some cameras may use a different task name
 #ifdef HOOK_TOUCHW
         if (my_ncmp(name, "tTouchW", 7) == 0){
             *entry = (long)my_touchw_task;
         }
 #endif
 
         core_hook_task_create(pNewTcb);
     }
 }

void deleteHook ( void * pTcb)

Definiert in Zeile 170 der Datei main.c.

 {
     core_hook_task_delete(pTcb);
 }

void h_usrInit ( )

Definiert in Zeile 63 der Datei boot.c.

 {
     asm volatile (
     "STR     LR, [SP,#-4]!\n"
     "BL      sub_FF811B20\n"
     "MOV     R0, #2\n"
     "MOV     R1, R0\n"
     "BL      sub_ffabdc74\n"
     "BL      sub_ffaaa210\n"
     "BL      sub_FF81125C\n"
     "BL      sub_FF811838\n"
     "LDR     LR, [SP],#4\n"
     "B       h_usrKernelInit\n"
     );
 
 }

void h_usrKernelInit ( )

Definiert in Zeile 81 der Datei boot.c.

 {
     asm volatile (
     "STMFD   SP!, {R4,LR}\n"
     "SUB     SP, SP, #8\n"
     "BL      sub_ffabe140\n"
     "BL      sub_ffad0c00\n"
     "LDR     R3, =0xF88C\n"
     "LDR     R2, =0x704A0\n"
     "LDR     R1, [R3]\n"
     "LDR     R0, =0x7278C\n"
     "MOV     R3, #0x100\n"
     "BL      sub_ffacc43c\n"
     "LDR     R3, =0xF84C\n"
     "LDR     R0, =0xFC6C\n"
     "LDR     R1, [R3]\n"
     "BL      sub_ffacc43c\n"
     "LDR     R3, =0xF908\n"
     "LDR     R0, =0x72760\n"
     "LDR     R1, [R3]\n"
     "BL      sub_ffacc43c\n"
     "BL      sub_ffad5780\n"
     "BL      sub_FF811348\n"
     "MOV     R4, #0\n"
     "MOV     R3, R0\n"
     "MOV     R12, #0x800\n"
     "LDR     R0, =h_usrRoot\n"
     "MOV     R1, #0x4000\n"
     );
 
     //"LDR     R2, =0xB2DC0\n" // 0x72DC0 + 0x40000
     asm volatile (
     "LDR     R2, =new_sa\n"
     "LDR     R2, [R2]\n"
     );
 
     asm volatile (
     "STR     R12, [SP]\n"
     "STR     R4, [SP,#4]\n"
     "BL      sub_ffacde40\n"
     "ADD     SP, SP, #8\n"
     "LDMFD   SP!, {R4,PC}\n"
     );
  
 }

void h_usrRoot ( )

Definiert in Zeile 128 der Datei boot.c.

 {
 //  volatile long *p;
     
     asm volatile (
     "STMFD   SP!, {R4,R5,LR}\n"
     "MOV     R5, R0\n"
     "MOV     R4, R1\n"
     "BL      sub_FF811BA0\n"
     "MOV     R1, R4\n"
     "MOV     R0, R5\n"
     "BL      sub_ffac4428\n" // memInit
     "MOV     R1, R4\n"
     "MOV     R0, R5\n"
     "BL      sub_ffac4ea0\n" // mmPartLibInit <----- OK up to here!!
     
     //"BL      sub_FF811928\n" // Here something BAD happens! It initializes the MMU, but SD500 has this replaced by a NULLSUB call...
 
     "BL      sub_FF811814\n"
     "MOV     R0, #0x32\n"
     "BL      sub_ffac6910\n" // selectInit
     "BL      sub_FF811BE4\n"
     "BL      sub_FF811BC4\n"
     "BL      sub_FF811C10\n"
     "BL      sub_ffac61d0\n" //selTaskDeleteHookAdd
     "BL      sub_FF811B94\n"
     );
     
     _taskCreateHookAdd(createHook);
     _taskDeleteHookAdd(deleteHook);
 
     drv_self_hide();
 
     asm volatile (
     "LDMFD   SP!, {R4,R5,LR}\n"
     "B       sub_FF811408\n"
     );
 
 }

Variablen-Dokumentation

const char* const new_sa = &_end

Definiert in Zeile 16 der Datei boot.c.

long wrs_kernel_bss_end

long wrs_kernel_bss_start

this code completely copied from ../100k + adapted to the 100j firmware