CHDK_DE Vorschauversion  Trunk Rev. 5573
 Alle Datenstrukturen Dateien Funktionen Variablen Typdefinitionen Aufzählungen Aufzählungswerte Makrodefinitionen
finsig_dryos.c-Dateireferenz
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <time.h>
#include <stdarg.h>
#include "stubs_load.h"
#include "firmware_load.h"
#include "ptp_op_names.h"
#include "signatures_dryos.h"
+ Include-Abhängigkeitsdiagramm für finsig_dryos.c:

gehe zum Quellcode dieser Datei

Datenstrukturen

struct  Match
 
struct  FuncSig
 
struct  FuncsList
 
struct  func_entry
 
struct  sig_stuff
 
struct  string_sig
 
struct  ModeMapName
 
struct  LED_s
 
struct  known_prop_struct
 
struct  kinfo
 

Makrodefinitionen

#define MAX_MATCHES   (8192)
 
#define DONT_EXPORT   1
 
#define OPTIONAL   2
 
#define UNUSED   4
 
#define BAD_MATCH   8
 
#define EV_MATCH   16
 
#define LIST_ALWAYS   32
 
#define MAX_FUNC_ENTRY   5000
 
#define LEDMAX   16
 
#define KNOWN_PROPSET_COUNT   10
 

Aufzählungen

enum  {
  PROPCASE_AFSTEP = 0, PROPCASE_FOCUS_STATE, PROPCASE_AV, PROPCASE_BV,
  PROPCASE_DELTA_DIGITALGAIN, PROPCASE_DELTA_SV, PROPCASE_DELTA_ND, PROPCASE_EV_CORRECTION_2,
  PROPCASE_ORIENTATION_SENSOR, PROPCASE_SV_MARKET, PROPCASE_SVFIX, PROPCASE_TV,
  PROPCASE_HANDLED_COUNT
}
 

Funktionen

void bprintf (char *fmt,...)
 
void add_blankline ()
 
void write_output ()
 
void usage (char *err)
 
void error (char *fmt, int n)
 
int match_compare (const Match *p1, const Match *p2)
 
void addMatch (uint32_t fadr, int s, int f, int sig)
 
void fwAddMatch (firmware *fw, uint32_t fadr, int s, int f, int sig)
 
int find_saved_sig (const char *name)
 
void save_sig (const char *name, uint32_t val)
 
int get_saved_sig (firmware *fw, const char *name)
 
int search_saved_sig (firmware *fw, char *sig, int(*func)(firmware *, int, int), int v, int ofst, int len)
 
int find_min_ver (const char *name)
 
int find_max_ver (const char *name)
 
int match_apex2us (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_apex2us2 (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int find_apex2us (firmware *fw, string_sig *sig, int j)
 
int find_mkdir (firmware *fw, string_sig *sig, int k)
 
int find_pow (firmware *fw, string_sig *sig, int j)
 
int find_rand (firmware *fw, string_sig *sig, int j)
 
int get_ptp_file_buf_id (firmware *fw)
 
int find_get_ptp_file_buf (firmware *fw, string_sig *sig, int j)
 
int find_closedir (firmware *fw)
 
int find_get_fstype (firmware *fw)
 
int find_Restart (firmware *fw)
 
int find_add_ptp_handler (firmware *fw, string_sig *sig, int k)
 
int find_PT_PlaySound (firmware *fw)
 
int find_getImageDirName (firmware *fw)
 
int match_GetImageFolder (firmware *fw, int k, uint32_t a_getImageDirName, uint32_t a_TakeSemaphore)
 
int find_GetImageFolder (firmware *fw)
 
int match_GetDrive_ClusterSize (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int find_GetDrive_ClusterSize (firmware *fw)
 
int find_GetDrive_TotalClusters (firmware *fw)
 
int find_srand (firmware *fw)
 
int find_malloc_strictly (firmware *fw)
 
int find_DisplayBusyOnScreen (firmware *fw)
 
int find_UndisplayBusyOnScreen (firmware *fw)
 
int find_CreateDialogBox (firmware *fw)
 
int find_DisplayDialogBox (firmware *fw)
 
int find_add_ui_to_dialog (firmware *fw)
 
int find_get_string_by_id (firmware *fw)
 
int find_get_self_task_errno_pointer (firmware *fw)
 
int find_get_nd_value (firmware *fw)
 
int find_get_current_nd_value_iris (firmware *fw)
 
int find_get_current_nd_value (firmware *fw)
 
int find_getcurrentmachinetime (firmware *fw)
 
int find_sethptimeraftertimeout (firmware *fw)
 
int find_DoMovieFrameCapture (firmware *fw)
 
int find_get_ptp_buf_size (firmware *fw)
 
int find_GetBaseSv (firmware *fw)
 
int find_Remove (firmware *fw)
 
int find_dispatch_funcs (firmware *fw, int param)
 
int find_func (const char *name)
 
int dryos_offset (firmware *fw, string_sig *sig)
 
int fw_string_process (firmware *fw, string_sig *sig, int(*check_match)(firmware *fw, string_sig *sig, int j), int inc_eos)
 
int fw_string_process_unaligned (firmware *fw, string_sig *sig, int(*check_match)(firmware *fw, string_sig *sig, int j))
 
int fw_process (firmware *fw, string_sig *sig, int(*check_match)(firmware *fw, string_sig *sig, int j))
 
int match_strsig1 (firmware *fw, string_sig *sig, int j)
 
int match_strsig2a (firmware *fw, int k, uint32_t sadr, uint32_t offset)
 
int match_strsig2 (firmware *fw, string_sig *sig, int j)
 
int match_strsig3a (firmware *fw, int k, uint32_t sadr, uint32_t offset)
 
int match_strsig3 (firmware *fw, string_sig *sig, int j)
 
int match_strsig4a (firmware *fw, int k, uint32_t sadr, uint32_t offset)
 
int match_strsig4 (firmware *fw, string_sig *sig, int j)
 
int match_strsig5a (firmware *fw, int k, uint32_t sadr, uint32_t offset)
 
int match_strsig5 (firmware *fw, string_sig *sig, int j)
 
int match_strsig6 (firmware *fw, string_sig *sig, int j)
 
int match_strsig7a (firmware *fw, int k, uint32_t sadr, uint32_t offset)
 
int match_strsig7 (firmware *fw, string_sig *sig, int j)
 
int match_strsig8 (firmware *fw, string_sig *sig, int j)
 
int find_strsig8 (firmware *fw, string_sig *sig)
 
int find_strsig9 (firmware *fw, string_sig *sig)
 
int match_strsig11 (firmware *fw, string_sig *sig, int j)
 
int find_strsig12 (firmware *fw, string_sig *sig)
 
int match_strsig13a (firmware *fw, int k, uint32_t sadr, uint32_t offset)
 
int match_strsig13 (firmware *fw, string_sig *sig, int j)
 
int match_strsig15a (firmware *fw, int k, uint32_t sadr, uint32_t offset)
 
int match_strsig15 (firmware *fw, string_sig *sig, int j)
 
int match_strsig16 (firmware *fw, string_sig *sig, int j)
 
int find_strsig17 (firmware *fw, string_sig *sig)
 
int find_strsig19 (firmware *fw, string_sig *sig)
 
int match_strsig23a (firmware *fw, int k, uint32_t sadr, uint32_t maxdist)
 
int match_strsig23 (firmware *fw, string_sig *sig, int j)
 
int match_strsig24 (firmware *fw, string_sig *sig, int j)
 
int find_strsig (firmware *fw, string_sig *sig)
 
void find_str_sig_matches (firmware *fw, const char *curr_name)
 
void find_matches (firmware *fw, const char *curr_name)
 
void print_results (firmware *fw, const char *curr_name, int k)
 
char * mode_name (uint16_t v)
 
void output_modemap (firmware *fw, int k)
 
int match_modelist (firmware *fw, int k, uint32_t fadr, uint32_t v2)
 
int match_FlashParamsTable2 (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_FlashParamsTable (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
void find_modemap (firmware *fw)
 
int match_CAM_UNCACHED_BIT (firmware *fw, int k, int v)
 
int find_DebugAssert_argcount (firmware *fw)
 
void find_platform_vals (firmware *fw)
 
uint32_t find_viewport_address (firmware *fw, int *kout)
 
int match_vid_get_bitmap_fb (firmware *fw, int k, int v)
 
int match_get_flash_params_count (firmware *fw, int k, int v)
 
int match_uiprop_count (firmware *fw, int k, int v)
 
int match_imager_active (firmware *fw, int k, int v)
 
void find_lib_vals (firmware *fw)
 
void print_stubs_min (firmware *fw, const char *name, uint32_t fadr, uint32_t atadr)
 
int print_exmem_types (firmware *fw)
 
int find_exmem_alloc_table (firmware *fw)
 
int match_levent_table (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_movie_status (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_full_screen_refresh (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_canon_shoot_menu_active (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_playrec_mode (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_some_flag_for_af_scan (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_palette_data (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_palette_buffer_offset (firmware *fw, int k)
 
int match_palette_data3 (firmware *fw, int k, uint32_t palette_data, uint32_t v2)
 
int match_palette_data2 (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_SavePaletteData (firmware *fw, int idx, int palette_data)
 
int match_viewport_address3 (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_viewport_address2 (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_viewport_address (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_physw_status (firmware *fw, int k, int v)
 
int match_physw_run (firmware *fw, int k, int v)
 
int match_canon_menu_active (firmware *fw, int k, int v)
 
int match_zoom_busy (firmware *fw, int k, int v)
 
int match_focus_busy (firmware *fw, int k, int v)
 
int match_bitmap_buffer2 (firmware *fw, int k, int v)
 
int match_bitmap_buffer (firmware *fw, int k, int v)
 
int match_raw_buffer (firmware *fw, int k, uint32_t rb1, uint32_t v2)
 
int match_fileiosem (firmware *fw, int k, uint32_t fadr, uint32_t nadr)
 
void find_stubs_min (firmware *fw)
 
int find_ctypes (firmware *fw, int k)
 
int match_nrflag3 (firmware *fw, int k, uint32_t v1, uint32_t v2)
 
int match_nrflag (firmware *fw, int idx, int v)
 
int match_nrflag2 (firmware *fw, int k, int v)
 
int isSTRw (firmware *fw, int offset)
 
int isSTRB (firmware *fw, int offset)
 
int find_leds (firmware *fw)
 
int find_task_related_info (firmware *fw)
 
void find_AdditionAgent_RAM (firmware *fw)
 
void add_prop_hit (int id, uintptr_t name)
 
int match_propsig1a (firmware *fw, int k, uint32_t sadr, uint32_t offset)
 
int match_propsig1 (firmware *fw, string_sig *sig, int j)
 
int find_strsig2 (firmware *fw, string_sig *sig)
 
void find_prop_matches (firmware *fw)
 
void find_propset (firmware *fw)
 
void find_other_vals (firmware *fw)
 
void print_kval (firmware *fw, uint32_t tadr, int tsiz, int tlen, uint32_t ev, const char *name, char *sfx)
 
void print_physw_raw_vals (firmware *fw, uint32_t tadr, int tsiz, int tlen)
 
void add_kinfo (int r, uint32_t b, const char *nm, uint32_t adr, uint32_t ev, int inv)
 
uint32_t add_kmval (firmware *fw, uint32_t tadr, int tsiz, int tlen, uint32_t ev, const char *name, uint32_t xtra)
 
int kinfo_compare (const kinfo *p1, const kinfo *p2)
 
void print_kmvals ()
 
int match_GetSDProtect (firmware *fw, int k, int v)
 
void find_key_vals (firmware *fw)
 
int get_eventproc_val (firmware *fw, int k)
 
void add_func_name (char *n, uint32_t eadr, char *suffix)
 
void add_func_name2 (firmware *fw, uint32_t nadr, uint32_t eadr, char *suffix)
 
int match_eventproc (firmware *fw, int k, uint32_t fadr, uint32_t v2)
 
int match_registerproc2 (firmware *fw, int k, uint32_t fadr, uint32_t v2)
 
int match_registerproc (firmware *fw, int k, uint32_t fadr, uint32_t v2)
 
int match_registerlists (firmware *fw, int k, uint32_t fadr, uint32_t v2)
 
void find_eventprocs (firmware *fw)
 
uint32_t findTaskAddress (firmware *fw, int k, int reg)
 
int match_createtask (firmware *fw, int k, uint32_t fadr, uint32_t v2)
 
void find_tasks (firmware *fw)
 
void find_builddate (firmware *fw)
 
int save_ptp_handler_func (uint32_t op, uint32_t handler)
 
int find_ptp_handler_imm (firmware *fw, int k)
 
int match_ptp_handlers (firmware *fw, int k, uint32_t fadr, uint32_t v2)
 
void find_ptp_handlers (firmware *fw)
 
void write_levent_table_dump (firmware *fw, uint32_t tadr)
 
void output_firmware_vals (firmware *fw)
 
int compare_func_names (const func_entry **p1, const func_entry **p2)
 
int compare_func_addresses (const func_entry **p1, const func_entry **p2)
 
void write_funcs (firmware *fw, char *filename, func_entry *fns[], int(*compare)(const func_entry **p1, const func_entry **p2))
 
int main (int argc, char **argv)
 

Variablen

FILEout_fp
 
char out_buf [32 *1024] = ""
 
int out_len = 0
 
char hdr_buf [32 *1024] = ""
 
int hdr_len = 0
 
int out_hdr = 1
 
Match matches [MAX_MATCHES]
 
int count
 
int next_func_entry = 0
 
func_entry func_names [MAX_FUNC_ENTRY]
 
sig_stuff min_ver []
 
sig_stuff max_ver []
 
uint32_t apex2us_test [] = { 0x3D09000, 0x3BBA304, 0x3A728D2, 0x3931EF4, 0x37F8303, 0x36C52A2, 0x3598B85, 0x3472B6A, 0 }
 
uint32_t apex2us_test2 [] = { 0x3d090000, 0x3bba3040, 0x3a728d1f, 0x3931ef45, 0x37f8302c, 0x36c52a26, 0x3598b852, 0x3472b699, 0 }
 
uint32_t strGIF = 0
 
static int idx_createdialogbox =-1
 
static int idx_displaydialogbox =-1
 
static int idx_adduitodialog =-1
 
static int idx_getstring =-1
 
uint32_t frsp_buf = 0
 
uint32_t frsp_buf_at = 0
 
int frsp_param = -1
 
int frsp_argcnt = 0
 
uint32_t log_test []
 
uint32_t DeleteDirectory_Fut_test [] = { 0x09400017 }
 
uint32_t MakeDirectory_Fut_test [] = { 0x09400015 }
 
uint32_t RenameFile_Fut_test [] = { 0x09400013 }
 
string_sig string_sigs []
 
static int dryos_ofst
 
int ofst
 
ModeMapName mmnames []
 
static uint32_t FlashParamsTable_address = 0
 
uint32_t exm_typ_tbl =0
 
uint32_t exm_typ_cnt =0
 
char * prop_names [PROPCASE_HANDLED_COUNT]
 
string_sig prop_sigs []
 
known_prop_struct knownprops [PROPCASE_HANDLED_COUNT]
 
static uintptr_t curr_prop_name
 
int kmask [3]
 
kinfo key_info [100]
 
int kcount = 0
 
uint32_t kshutter_min_bits = 0xFFFFFFFF
 
uint32_t nadr
 
uint32_t eadr
 

Makro-Dokumentation

#define BAD_MATCH   8

Definiert in Zeile 200 der Datei finsig_dryos.c.

#define DONT_EXPORT   1

Definiert in Zeile 197 der Datei finsig_dryos.c.

#define EV_MATCH   16

Definiert in Zeile 201 der Datei finsig_dryos.c.

#define KNOWN_PROPSET_COUNT   10

Definiert in Zeile 6535 der Datei finsig_dryos.c.

#define LEDMAX   16

Definiert in Zeile 5858 der Datei finsig_dryos.c.

#define LIST_ALWAYS   32

Definiert in Zeile 202 der Datei finsig_dryos.c.

#define MAX_FUNC_ENTRY   5000

Definiert in Zeile 212 der Datei finsig_dryos.c.

#define MAX_MATCHES   (8192)

Definiert in Zeile 149 der Datei finsig_dryos.c.

#define OPTIONAL   2

Definiert in Zeile 198 der Datei finsig_dryos.c.

#define UNUSED   4

Definiert in Zeile 199 der Datei finsig_dryos.c.

Dokumentation der Aufzählungstypen

anonymous enum
Aufzählungswerte
PROPCASE_AFSTEP 
PROPCASE_FOCUS_STATE 
PROPCASE_AV 
PROPCASE_BV 
PROPCASE_DELTA_DIGITALGAIN 
PROPCASE_DELTA_SV 
PROPCASE_DELTA_ND 
PROPCASE_EV_CORRECTION_2 
PROPCASE_ORIENTATION_SENSOR 
PROPCASE_SV_MARKET 
PROPCASE_SVFIX 
PROPCASE_TV 
PROPCASE_HANDLED_COUNT 

Definiert in Zeile 6467 der Datei finsig_dryos.c.

Dokumentation der Funktionen

void add_blankline ( )

Definiert in Zeile 40 der Datei finsig_dryos.c.

41 {
42  if (strcmp(hdr_buf+hdr_len-2,"\n\n") != 0)
43  {
44  hdr_buf[hdr_len++] = '\n';
45  hdr_buf[hdr_len] = 0;
46  }
47 }
void add_func_name ( char *  n,
uint32_t  eadr,
char *  suffix 
)

Definiert in Zeile 7158 der Datei finsig_dryos.c.

7159 {
7160  int k;
7161 
7162  char *s = n;
7163  if (suffix != 0)
7164  {
7165  s = malloc(strlen(n) + strlen(suffix) + 1);
7166  sprintf(s, "%s%s", n, suffix);
7167  }
7168 
7169  for (k=0; func_names[k].name != 0; k++)
7170  {
7171  if (strcmp(func_names[k].name, s) == 0)
7172  {
7173  if (func_names[k].val == 0) // same name, no address
7174  {
7175  func_names[k].val = eadr;
7176  func_names[k].flags |= EV_MATCH;
7177  if (s != n) free(s);
7178  return;
7179  }
7180  else if (func_names[k].val == eadr) // same name, same address
7181  {
7182  if (s != n) free(s);
7183  return;
7184  }
7185  }
7186  }
7187 
7191  next_func_entry++;
7193 }
void add_func_name2 ( firmware fw,
uint32_t  nadr,
uint32_t  eadr,
char *  suffix 
)

Definiert in Zeile 7195 der Datei finsig_dryos.c.

7196 {
7197  char *n = (char*)adr2ptr(fw,nadr);
7198  if (isB(fw,adr2idx(fw,eadr)))
7199  {
7200  char *s = malloc(strlen(n) + 3);
7201  sprintf(s,"j_%s",n);
7202  add_func_name(s, eadr, suffix);
7203  eadr = followBranch(fw,eadr,1);
7204  }
7205  add_func_name(n, eadr, suffix);
7206 }
void add_kinfo ( int  r,
uint32_t  b,
const char *  nm,
uint32_t  adr,
uint32_t  ev,
int  inv 
)

Definiert in Zeile 6836 der Datei finsig_dryos.c.

6837 {
6838  key_info[kcount].reg = r;
6839  key_info[kcount].bits = b;
6840  strcpy(key_info[kcount].nm, nm);
6841  key_info[kcount].fadr = adr;
6842  key_info[kcount].ev = ev;
6843  key_info[kcount].inv = inv;
6844  kcount++;
6845  kmask[r] |= b;
6846  if ((ev <= 1) && (b < kshutter_min_bits)) kshutter_min_bits = b;
6847 }
uint32_t add_kmval ( firmware fw,
uint32_t  tadr,
int  tsiz,
int  tlen,
uint32_t  ev,
const char *  name,
uint32_t  xtra 
)

Definiert in Zeile 6849 der Datei finsig_dryos.c.

6850 {
6851  int tidx = adr2idx(fw,tadr);
6852  int r, k, kval = 0;
6853  uint32_t b = 0;
6854  int inv = 0;
6855  for (k=0; k<tlen; k+=tsiz)
6856  {
6857  if (fw->buf[tidx+k+1] == ev)
6858  {
6859  kval = fw->buf[tidx+k];
6860  tadr = idx2adr(fw,tidx+k);
6861  break;
6862  }
6863  }
6864  if (kval > 0)
6865  {
6866  r = (kval >> 5) & 7;
6867  b = (1 << (kval & 0x1F));
6868  inv = ((kval&0xff0000)==0x10000)?0:1;
6869 
6870  add_kinfo(r,b|xtra,name,tadr,ev,inv);
6871  }
6872 
6873  return b;
6874 }
void add_prop_hit ( int  id,
uintptr_t  name 
)

Definiert in Zeile 6555 der Datei finsig_dryos.c.

6556 {
6557  knownprops[name].id = (int)id;
6558 }
void addMatch ( uint32_t  fadr,
int  s,
int  f,
int  sig 
)

Definiert in Zeile 155 der Datei finsig_dryos.c.

156 {
157  matches[count].ptr = fadr;
158  matches[count].success = s;
159  matches[count].fail = f;
160  matches[count].sig = sig;
161  count++;
162 }
void bprintf ( char *  fmt,
  ... 
)

Definiert in Zeile 27 der Datei finsig_dryos.c.

28 {
29  va_list argp;
30  va_start(argp, fmt);
31 
32  if (out_hdr)
33  hdr_len += vsprintf(hdr_buf+hdr_len,fmt,argp);
34  else
35  out_len += vsprintf(out_buf+out_len,fmt,argp);
36 
37  va_end(argp);
38 }
int compare_func_addresses ( const func_entry **  p1,
const func_entry **  p2 
)

Definiert in Zeile 7852 der Datei finsig_dryos.c.

7853 {
7854  if ((*p1)->val < (*p2)->val)
7855  return -1;
7856  else if ((*p1)->val > (*p2)->val)
7857  return 1;
7858  return compare_func_names(p1,p2);
7859 }
int compare_func_names ( const func_entry **  p1,
const func_entry **  p2 
)

Definiert in Zeile 7837 der Datei finsig_dryos.c.

7838 {
7839  int rv = strcasecmp((*p1)->name, (*p2)->name); // Case insensitive
7840  if (rv != 0)
7841  return rv;
7842  rv = strcmp((*p1)->name, (*p2)->name); // Case sensitive (if equal with insensitive test)
7843  if (rv != 0)
7844  return rv;
7845  if ((*p1)->val < (*p2)->val)
7846  return -1;
7847  else if ((*p1)->val > (*p2)->val)
7848  return 1;
7849  return 0;
7850 }
int dryos_offset ( firmware fw,
string_sig sig 
)

Definiert in Zeile 2706 der Datei finsig_dryos.c.

2707 {
2708  switch (fw->dryos_ver)
2709  {
2710  case 20: return sig->dryos20_offset;
2711  case 23: return sig->dryos23_offset;
2712  case 31: return sig->dryos31_offset;
2713  case 39: return sig->dryos39_offset;
2714  case 43: return sig->dryos43_offset;
2715  case 45: return sig->dryos45_offset;
2716  case 47: return sig->dryos47_offset;
2717  case 49: return sig->dryos49_offset;
2718  case 50: return sig->dryos50_offset;
2719  case 51: return sig->dryos51_offset;
2720  case 52: return sig->dryos52_offset;
2721  case 54: return sig->dryos54_offset;
2722  case 55: return sig->dryos55_offset;
2723  case 57: return sig->dryos57_offset;
2724  case 58: return sig->dryos58_offset;
2725  case 59: return sig->dryos59_offset;
2726  }
2727  return 0;
2728 }
void error ( char *  fmt,
int  n 
)

Definiert in Zeile 69 der Datei finsig_dryos.c.

70 {
71  bprintf(fmt, n);
72  write_output();
73  exit(1);
74 }
int find_add_ptp_handler ( firmware fw,
string_sig sig,
int  k 
)

Definiert in Zeile 1027 der Datei finsig_dryos.c.

1028 {
1029  uint32_t vals[] = { 0x9801, 0x9802, 0x9803, 0x9804, 0x9805, 0 };
1030  uint32_t fadr = 0;
1031 
1032  int i = 0;
1033  while ((vals[i] != 0) && isLDR_PC(fw,k) && (fwRd(fw,k) == 0) && (LDR2val(fw,k) == vals[i]))
1034  {
1035  k = find_inst(fw, isBL, k+1, 5);
1036  if (k == -1) return 0;
1037  if (fadr == 0)
1038  fadr = followBranch(fw, idx2adr(fw,k), 0x01000001);
1039  k = find_inst(fw, isLDR_PC, k+1, 5);
1040  i++;
1041  if (k == -1 && vals[i] != 0) return 0;
1042  }
1043 
1044  if (fadr != 0)
1045  {
1046  fwAddMatch(fw,fadr,32,0,121);
1047  return 1;
1048  }
1049 
1050  return 0;
1051 }
int find_add_ui_to_dialog ( firmware fw)

Definiert in Zeile 1567 der Datei finsig_dryos.c.

1568 {
1569  if (get_saved_sig(fw,"DisplayBusyOnScreen") < 0) return 0;
1570  if (idx_adduitodialog > 0)
1571  {
1572  int n = idxFollowBranch(fw,idx_adduitodialog,0x01000001);
1573  if (n>0)
1574  {
1575  fwAddMatch(fw,idx2adr(fw,n),32,0,122);
1576  return 1;
1577  }
1578  }
1579  return 0;
1580 }
void find_AdditionAgent_RAM ( firmware fw)

Definiert in Zeile 6419 der Datei finsig_dryos.c.

6420 {
6421  int i = get_saved_sig(fw,"AdditionAgentRAM_FW");
6422  uint32_t r, sizeloc = 0, startloc = 0;
6423  uint32_t ramsize = 0;
6424  uint32_t ramstart = 0;
6425  if (i >= 0)
6426  {
6427  int j1 = adr2idx(fw, func_names[i].val);
6428  int n;
6429  for (n=1; n<16; n++)
6430  {
6431  if (fwval(fw,j1+n) == 0xe3500a32) // cmp r0, #0x32000
6432  {
6433  ramsize = 0x32000;
6434  sizeloc = idx2adr(fw,j1+n);
6435  break;
6436  }
6437  else if (fwval(fw,j1+n) == 0xe3500a22) // cmp r0, #0x22000
6438  {
6439  ramsize = 0x22000;
6440  sizeloc = idx2adr(fw,j1+n);
6441  break;
6442  }
6443  }
6444  if (n >= 15)
6445  n = 0;
6446  j1 += n;
6447  for (n=0; n<=16; n++)
6448  {
6449  r = LDR2val(fw,j1+n);
6450  if ( isLDR_PC(fw,j1+n) && (r>fw->memisostart) && (r<fw->maxram) )
6451  {
6452  ramstart = r;
6453  startloc = idx2adr(fw,j1+n);
6454  }
6455  }
6456  if (ramstart>0)
6457  {
6458  bprintf("// ARAM_HEAP_START = 0x%x# Found @ 0x%08x\n",ramstart,startloc);
6459  bprintf("// ARAM_HEAP_SIZE = 0x%x# Found @ 0x%08x\n",ramsize,sizeloc);
6460  }
6461  }
6462 }
int find_apex2us ( firmware fw,
string_sig sig,
int  j 
)

Definiert in Zeile 748 der Datei finsig_dryos.c.

749 {
750  int i;
751  int fnd = 1;
752  for (i=0; apex2us_test[i] != 0; i++)
753  {
754  if (fwval(fw,j+i) != apex2us_test[i])
755  {
756  fnd = 0;
757  break;
758  }
759  }
760  if (fnd)
761  {
762  return search_fw(fw, match_apex2us, idx2adr(fw,j), 0, 1);
763  }
764 
765  for (i=0; apex2us_test2[i] != 0; i++)
766  {
767  if (fwval(fw,j+i) != apex2us_test2[i])
768  {
769  return 0;
770  }
771  }
772  return search_fw(fw, match_apex2us2, idx2adr(fw,j), 0, 1);
773 }
void find_builddate ( firmware fw)

Definiert in Zeile 7527 der Datei finsig_dryos.c.

7528 {
7529  int j = get_saved_sig(fw,"GetBuildDate_FW");
7530  if (j >= 0)
7531  {
7532  int idx = adr2idx(fw, func_names[j].val);
7533  uint32_t adr = ADR2adr(fw, idx);
7534  idx = adr2idx(fw, adr);
7535  fw->fw_build_date = (char*)&fw->buf[idx];
7536  }
7537  else
7538  fw->fw_build_date = 0;
7539 
7540  j = get_saved_sig(fw,"GetBuildTime_FW");
7541  if (j >= 0)
7542  {
7543  int idx = adr2idx(fw, func_names[j].val);
7544  uint32_t adr = ADR2adr(fw, idx);
7545  idx = adr2idx(fw, adr);
7546  fw->fw_build_time = (char*)&fw->buf[idx];
7547  }
7548  else
7549  fw->fw_build_time = 0;
7550 }
int find_closedir ( firmware fw)

Definiert in Zeile 945 der Datei finsig_dryos.c.

946 {
947  int j = get_saved_sig(fw,"OpenFastDir");
948  if (j >= 0)
949  {
950  int k = find_inst(fw, isSTMFD_LR, adr2idx(fw,func_names[j].val)+1, 100);
951  if (isB(fw,k-1) && isBL(fw,k-2))
952  {
953  uint32_t fadr = followBranch(fw, idx2adr(fw, k-2), 0x01000001);
954  fwAddMatch(fw,fadr,32,0,121);
955  return 1;
956  }
957  }
958 
959  return 0;
960 }
int find_CreateDialogBox ( firmware fw)

Definiert in Zeile 1539 der Datei finsig_dryos.c.

1540 {
1541  if (get_saved_sig(fw,"DisplayBusyOnScreen") < 0) return 0;
1542  if (idx_createdialogbox > 0)
1543  {
1544  int n = idxFollowBranch(fw,idx_createdialogbox,0x01000001);
1545  if (n>0)
1546  {
1547  fwAddMatch(fw,idx2adr(fw,n),32,0,122);
1548  return 1;
1549  }
1550  }
1551  return 0;
1552 }
int find_ctypes ( firmware fw,
int  k 
)

Definiert in Zeile 5705 der Datei finsig_dryos.c.

5706 {
5707  static unsigned char ctypes[] =
5708  {
5709  0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x60, 0x60, 0x60, 0x60, 0x60, 0x20, 0x20,
5710  0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
5711  0x48, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
5712  0x84, 0x84, 0x84, 0x84, 0x84, 0x84, 0x84, 0x84, 0x84, 0x84, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
5713  0x10, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5714  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0x10, 0x10, 0x10, 0x10, 0x10,
5715  0x10, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 2, 2, 2, 2, 2, 2, 2, 2, 2,
5716  2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 0x10, 0x10, 0x10, 0x10, 0x20
5717  };
5718 
5719  if (k < (fw->size*4 - sizeof(ctypes)))
5720  {
5721  if (memcmp(((char*)fw->buf)+k,ctypes,sizeof(ctypes)) == 0)
5722  {
5723  bprintf("DEF(ctypes, 0x%08x)\n", fw->base + k);
5724  return 1;
5725  }
5726  }
5727  return 0;
5728 }
int find_DebugAssert_argcount ( firmware fw)

Definiert in Zeile 4083 der Datei finsig_dryos.c.

4084 {
4085  int s1 = find_str_ref(fw, "CameraLog.c");
4086  if (s1 < 0)
4087  return 0;
4088  int k = isADR_PC_cond(fw, s1);
4089  if (!k)
4090  return 0;
4091  k = fwRd(fw, s1);
4092  if (k > 0)
4093  bprintf("//#define CAM_3ARG_DebugAssert 1\n");
4094  return 1;
4095 }
int find_dispatch_funcs ( firmware fw,
int  param 
)

Definiert in Zeile 2064 der Datei finsig_dryos.c.

2065 {
2066  int f1;
2067  if (param==0) {
2068  f1= get_saved_sig(fw,"EnableDispatch_low");
2069  }
2070  else if (param==1) {
2071  f1= get_saved_sig(fw,"DisableDispatch_low");
2072  }
2073  else {
2074  return 0;
2075  }
2076  if(f1 < 0)
2077  return 0;
2078 
2079  f1 = adr2idx(fw, func_names[f1].val);
2080  int r0, r1, cnt;
2081  r0 = find_str(fw,"Booting"); // for sx230 (extra task on a few models)
2082  if (r0 == -1) {
2083  r0 = find_str(fw,"Startup"); // locating taskcreate_Startup
2084  r1 = find_str(fw,"Startup.c");
2085  if (r0 == r1) { // for s5is
2086  r0 = find_Nth_str(fw,"Startup",2);
2087  }
2088  }
2089  r0 = find_nxt_str_ref(fw,r0,r0-1024);
2090  if(r0 < 0)
2091  return 0;
2092  r0 = adr2idx(fw,idx2adr(fw,r0)); // needed on cams with code copied to RAM
2093  cnt = 0;
2094  while (r0!=-1 && cnt<5) {
2095  r0 = find_inst_rev(fw,isBL,r0-1,10);
2096  int b1 = idxFollowBranch(fw,r0,0x01000001);
2097  b1 = adr2idx(fw,idx2adr(fw,b1)); // needed on cams with code copied to RAM
2098  if (isLDR_PC(fw,b1)) { // for s110
2099  b1 = idxFollowBranch(fw,b1,0x01000001);
2100  }
2101  if (param==0) { // EnableDispatch
2102  r1 = find_nxt_str_ref_alt(fw, "KerSys.c", b1, 24);
2103  int i1 = find_inst(fw,isLDMFD_PC,b1,24);
2104  if (r1!=-1 && i1>r1) {
2105  int j1 = find_Nth_inst(fw,isBL,b1,24,1);
2106  if (j1 != -1) {
2107  if (idx2adr(fw,idxFollowBranch(fw,j1,0x01000001))==idx2adr(fw,f1)) {
2108  fwAddMatch(fw,idx2adr(fw,b1),32,0,122);
2109  return 1;
2110  }
2111  }
2112  }
2113  }
2114  else if (param==1) { // DisableDispatch
2115  int c = 1;
2116  while (c<3) {
2117  int b2 = find_Nth_inst(fw,isBL,b1,12,c);
2118  if (b2 == -1) {
2119  break;
2120  }
2121  b2 = idxFollowBranch(fw,b2,0x01000001);
2122  b2 = adr2idx(fw,idx2adr(fw,b2)); // needed on cams with code copied to RAM
2123  r1 = find_nxt_str_ref_alt(fw, "KerSys.c", b2, 24);
2124  int i1 = find_inst(fw,isLDMFD_PC,b2,24);
2125  if (r1!=-1 && i1>r1) {
2126  int j1 = find_Nth_inst(fw,isBL,b2,24,1);
2127  if (j1 != -1) {
2128  if (idx2adr(fw,idxFollowBranch(fw,j1,0x01000001))==idx2adr(fw,f1)) {
2129  fwAddMatch(fw,idx2adr(fw,b2),32,0,122);
2130  return 1;
2131  }
2132  }
2133  }
2134  c++;
2135  }
2136  }
2137  cnt++;
2138  }
2139  return 0;
2140 }
int find_DisplayBusyOnScreen ( firmware fw)

Definiert in Zeile 1327 der Datei finsig_dryos.c.

1328 {
1329 
1330  int s1 = find_str(fw,"ErrorMessageController.c");
1331  int s2 = find_str(fw,"StrMan.c");
1332  if (s1 < 0)
1333  s1 = find_str(fw,"MessageController.c");
1334  int j = find_str_ref(fw,"_PBBusyScrn");
1335  if (j < 0)
1336  j = find_str_ref(fw,"_PlayBusyScreen");
1337 
1338  if ((j>=0)&&(s1>=0)&&(s2>=0))
1339  {
1340  int m1 = find_Nth_inst(fw,isBL,j+1,12,fw->dryos_ver<54?4:fw->dryos_ver==59?2:3);
1341  int m2, k;
1342 
1343  if (fw->dryos_ver == 58)
1344  {
1345  // 1st B after str ref branches to DisplayBusyOnScreen
1346  m1 = find_inst(fw,isB,j+1,12);
1347  if (m1 > 0)
1348  {
1349  m2 = idxFollowBranch(fw,m1,0x00000001);
1350  k = find_nxt_str_ref(fw, s1, m2);
1351  }
1352  else
1353  {
1354  return 0;
1355  }
1356  }
1357  else if (fw->dryos_ver == 57)
1358  {
1359  // these functions are called indirectly in this part of fw on r57
1360  int found = 0;
1361  for (k=-1; k>-3; k--)
1362  {
1363  if ((fwval(fw,m1+k) & 0xFE1FF000) == 0xE41F0000) // ldr r0, =func
1364  {
1365  uint32_t u1 = LDR2val(fw, m1+k);
1366  if ( u1 > fw->base )
1367  {
1368  if (isSTMFD_LR(fw, adr2idx(fw, u1)))
1369  {
1370  found = 1;
1371  m2 = adr2idx(fw, u1);
1372  k = find_nxt_str_ref(fw, s1, m2);
1373  break;
1374  }
1375  }
1376  }
1377  }
1378  if (!found)
1379  {
1380  return 0;
1381  }
1382  }
1383  else
1384  {
1385  m2 = idxFollowBranch(fw,m1,0x01000001);
1386  k = find_nxt_str_ref(fw, s1, m2);
1387  if ((k <= 0)||(k-m2 >= 22))
1388  {
1389  // not found, try the next BL
1390  m1 = find_inst(fw,isBL,m1+1,4);
1391  m2 = idxFollowBranch(fw,m1,0x01000001);
1392  k = find_nxt_str_ref(fw, s1, m2);
1393  }
1394  }
1395 
1396 
1397  if ((k > 0)&&(k-m2 < 22))
1398  {
1399  // the string is referenced near enough
1400  idx_createdialogbox = find_inst_rev(fw, isBL, k-1, 4);
1401  // DisplayBusyOnScreen is found
1402  fwAddMatch(fw,idx2adr(fw,m2),32,0,122);
1403  // find additional stuff
1404  idx_adduitodialog = find_inst(fw, isBL, k+1, 7);
1405  int m3;
1406  for (m3=k; m3<k+128; m3++)
1407  {
1408  // mov r0, #imm or ldr r0, [pc,... between two BLs
1409  if (isBL(fw,m3)&&isBL(fw,m3+2)&&
1410  (((fwval(fw,m3+1)&0xfffff000)==0xe3a00000)||((fwval(fw,m3+1)&0xff7ff000)==0xe51f0000)))
1411  {
1412  // further check
1413  int m30 = m3+2;
1414  int m4 = idxFollowBranch(fw,m30,0x01000001);
1415  if (m4 > 0)
1416  {
1417  // search for ref. to assert string
1418  int m5 = find_inst(fw, isLDMFD_PC, m4+1, 64);
1419  int m6 = find_nxt_str_ref(fw, s2, m4);
1420  if ((m6 > 0)&&(m6 < m5))
1421  {
1422  idx_getstring = m30;
1423  break;
1424  }
1425  // no string, search for reference to 0x00000020 (string consisting of a single space char)
1426  m5 = find_inst(fw, isADR_PC, m4+1, 10);
1427  if (m5>0)
1428  {
1429  uint32_t u1 = ADR2adr(fw, m5);
1430  if (fwval(fw, adr2idx(fw, u1)) == 0x00000020)
1431  {
1432  idx_getstring = m30;
1433  break;
1434  }
1435  }
1436  }
1437  }
1438  }
1439  if (fw->dryos_ver < 54)
1440  {
1441  m3 = find_inst(fw, isLDMFD_PC, k+30, 64);
1442  if (m3>0)
1443  {
1444  m3 = find_Nth_inst_rev(fw, isBL, m3-1, 8, 2);
1445  if (m3>0)
1446  {
1447  idx_displaydialogbox = m3;
1448  }
1449  }
1450  }
1451  else
1452  {
1453  m3 = find_inst(fw, isLDMFD, k+30, 20);
1454  if (m3>0)
1455  {
1456  m3 = find_inst_rev(fw, isBL, m3-1, 4);
1457  if (m3>0)
1458  {
1459  idx_displaydialogbox = m3;
1460  }
1461  }
1462  }
1463  return 1;
1464  }
1465  }
1466 
1467  return 0;
1468 }
int find_DisplayDialogBox ( firmware fw)

Definiert in Zeile 1553 der Datei finsig_dryos.c.

1554 {
1555  if (get_saved_sig(fw,"DisplayBusyOnScreen") < 0) return 0;
1556  if (idx_displaydialogbox > 0)
1557  {
1558  int n = idxFollowBranch(fw,idx_displaydialogbox,0x01000001);
1559  if (n>0)
1560  {
1561  fwAddMatch(fw,idx2adr(fw,n),32,0,122);
1562  return 1;
1563  }
1564  }
1565  return 0;
1566 }
int find_DoMovieFrameCapture ( firmware fw)

Definiert in Zeile 1805 der Datei finsig_dryos.c.

1806 {
1807  void add_func_name(char*, uint32_t, char*);
1808  // we need the uncached bit
1809  int match_CAM_UNCACHED_BIT(firmware*, int, int);
1810  search_saved_sig(fw, "FreeUncacheableMemory", match_CAM_UNCACHED_BIT, 0, 0, 8);
1811 
1812  int j = get_saved_sig(fw,"SetImageMode");
1813  if (j < 0)
1814  return 0;
1815  j = adr2idx(fw, func_names[j].val);
1816  int k = 0;
1817  int k1 = 0;
1818  int l = j + 20;
1819  while (j < l)
1820  {
1821  j = find_inst(fw, isBL, j+1, 20);
1822  if (j == -1)
1823  break;
1824  int j1 = idxFollowBranch(fw,j,0x01000001);
1825  if (j != j1)
1826  {
1827  int j2;
1828  for (j2=j1; j2<j1+6; j2++)
1829  {
1830  if ((fwval(fw,j2) & 0xFF000000) == 0x1A000000) // bne
1831  {
1832  int j3 = idxFollowBranch(fw,j2,0xF1000001);
1833  if (j3-j2>0 && j3-j2<5)
1834  {
1835  if (isBL(fw,j3))
1836  {
1837  // buffer adr is embedded in routine, evaluate later
1838  k = idxFollowBranch(fw,j3,0x01000001);
1839  fwAddMatch(fw,idx2adr(fw,k),32,0,122);
1840  // add_func_name("DoMovieFrameCapture_helper1", idx2adr(fw,k), ""); // for visual verification
1841  k1 = 1;
1842  break;
1843  }
1844  else
1845  {
1846  // buffer and param are func args, evaluate here
1847  int m = 0;
1848  while (m < 4)
1849  {
1850  if ((fwval(fw,j3+m) & 0xFE1F0000) == 0xE41F0000) // ldr rx,
1851  {
1852  frsp_argcnt = fwRd(fw,j3+m) + 1; // this should be loaded in the right register directly
1853  frsp_buf = LDR2val(fw,j3+m);
1854  frsp_buf_at = idx2adr(fw,j3+m);
1855  if (!((frsp_buf > fw->uncached_adr) &&
1856  (fw->uncached_adr+fw->maxram))) // has to be uncached ram
1857  frsp_buf = 0;
1858  }
1859  if ((fwval(fw,j3+m) & 0xFFF00000) == 0xE3A00000) // mov rx,
1860  {
1861  uint32_t u1 = ALUop2a(fw,j3+m);
1862  if (u1>fw->uncached_adr && u1<(fw->uncached_adr+fw->maxram))
1863  {
1864  frsp_buf = u1;
1865  frsp_buf_at = idx2adr(fw,j3+m);
1866  frsp_argcnt = fwRd(fw,j3+m) + 1; // this should be loaded in the right register directly
1867  }
1868  else
1869  {
1870  frsp_param = u1;
1871  }
1872  }
1873  if (isBL(fw,j3+m))
1874  {
1875  k = idxFollowBranch(fw,j3+m,0x01000001);
1876  fwAddMatch(fw,idx2adr(fw,k),32,0,122);
1877  // add_func_name("DoMovieFrameCapture_helper2", idx2adr(fw,j1), ""); // for visual verification
1878  break;
1879  }
1880  m++;
1881  }
1882  if (k)
1883  break;
1884  }
1885  }
1886  }
1887  }
1888  if (k)
1889  break;
1890  }
1891  }
1892  if (k && k1)
1893  {
1894  k1 = k+1;
1895  while (k1>0 && k1<k+20)
1896  {
1897  if (isLDR_PC(fw,k1))
1898  {
1899  uint32_t v = LDR2val(fw,k1);
1900  if (v>fw->uncached_adr && v<fw->uncached_adr+fw->maxram && (v&3)==0)
1901  {
1902  frsp_buf = v;
1903  frsp_param = 0;
1904  frsp_buf_at = idx2adr(fw,k1);
1905  break;
1906  }
1907  }
1908  k1++;
1909  }
1910  }
1911  if (k)
1912  return 1;
1913  return 0;
1914 }
void find_eventprocs ( firmware fw)

Definiert in Zeile 7373 der Datei finsig_dryos.c.

7374 {
7375  int j = get_saved_sig(fw,"ExportToEventProcedure_FW");
7376  if (j >= 0)
7377  {
7378  uint32_t fadr = func_names[j].val;
7379  search_fw(fw, match_eventproc, fadr, 0, 1);
7380 
7381  if (isB(fw,adr2idx(fw,fadr)+2))
7382  {
7383  fadr = followBranch(fw, fadr+8, 1);
7384  add_func_name("RegisterEventProcedure", fadr, 0);
7385  search_fw(fw, match_registerproc, fadr, 0, 2);
7386  }
7387 
7388  j = get_saved_sig(fw,"SS.Create_FW");
7389  if (j >= 0)
7390  {
7391  j = adr2idx(fw,func_names[j].val);
7392  int offsets[] = { 1, 3, 7, 8 };
7393  int i;
7394  for (i=0; i<4; i++)
7395  {
7396  if (isLDR_PC(fw,j+offsets[i]) && (fwRd(fw,j+offsets[i]) == 0) && isBL(fw,j+offsets[i]+1))
7397  {
7398  fadr = followBranch(fw,idx2adr(fw,j+offsets[i]+1),0x01000001);
7399  search_fw(fw, match_registerlists, fadr, 0, 2);
7400  break;
7401  }
7402  }
7403  }
7404  else
7405  {
7406  // S5IS
7407  j = find_strptr_ref(fw,"ResetZoomLens");
7408  if (j >= 0)
7409  {
7410  if (isBorBL(fw,j+1))
7411  {
7412  fadr = followBranch(fw,idx2adr(fw,j+1),0x01000001);
7413  search_fw(fw, match_registerlists, fadr, 0, 2);
7414  }
7415  }
7416  }
7417 
7418  j = get_saved_sig(fw,"TerminateAdjustmentSystem_FW");
7419  if (j >= 0)
7420  {
7421  j = adr2idx(fw,func_names[j].val);
7422  int k;
7423  for (k=j; k<j+8; k++)
7424  {
7425  if (isBL(fw,k))
7426  {
7427  int k1 = adr2idx(fw,followBranch(fw,idx2adr(fw,k),0x01000001));
7428  int k2;
7429  for (k2=k1; k2<k1+20; k2++)
7430  {
7431  if (isLDR_PC(fw,k2) && (fwRd(fw,k2) == 0) && isLDMFD(fw,k2+1))
7432  {
7433  int k3 = adr2idx(fw, LDR2val(fw,k2) - fw->data_start + fw->data_init_start);
7434  if (idx_valid(fw,k3))
7435  {
7436  while (fwval(fw,k3) != 0)
7437  {
7438  add_func_name2(fw, fwval(fw,k3), fwval(fw,k3+1), "_FW");
7439  k3 += 2;
7440  }
7441  }
7442  }
7443  }
7444  }
7445  }
7446  }
7447  }
7448 }
int find_exmem_alloc_table ( firmware fw)

Definiert in Zeile 4632 der Datei finsig_dryos.c.

4633 {
4634  int i = get_saved_sig(fw,"ExMem.View_FW"); // s5 and earlier don't have this
4635  if (i < 0)
4636  {
4637  i = get_saved_sig(fw,"exmem_assert"); // s5
4638  }
4639  if (i < 0)
4640  {
4641  return 0;
4642  }
4643  i = adr2idx(fw, func_names[i].val);
4644  uint32_t u, us;
4645  uint32_t exm_typ_tbl_orig = 0;
4646  int n;
4647  us = 0;
4648  for (n=1; n<16; n++)
4649  {
4650  if ( ((fwval(fw,i+n)&0xffff0000)==0xe59f0000) ) // ldr rx, [pc, #imm]
4651  {
4652  u = LDR2val(fw, i+n);
4653  if (u>fw->data_start && u<fw->data_start+fw->data_len*4 && (fwRd(fw,i+n)>3))
4654  {
4655  exm_typ_tbl_orig = u;
4656  u = u - fw->data_start + fw->data_init_start;
4657  break;
4658  }
4659  else if (us==0 && u>fw->base && u<fw->base+fw->size*4-4 && (u&3)==0)
4660  {
4661  us = u;
4662  }
4663  }
4664  u = 0;
4665  }
4666  if (!u && us)
4667  {
4668  u = us;
4669  exm_typ_tbl_orig = u;
4670  }
4671  if (u)
4672  {
4673  exm_typ_tbl = u;
4674  int ii = adr2idx(fw, exm_typ_tbl);
4675  char* extyp;
4676  for (n=0; n<32; n++)
4677  {
4678  if ( (fwval(fw,ii+n)!=0) && isASCIIstring(fw, fwval(fw,ii+n)) )
4679  {
4680  extyp = adr2ptr(fw, fwval(fw,ii+n));
4681  if ( strncmp(extyp,"EXMEM",5)==0 )
4682  {
4683  exm_typ_cnt++;
4684  }
4685  }
4686  else
4687  {
4688  break;
4689  }
4690  }
4691  }
4692 
4693  for (n=1; n<42; n++)
4694  {
4695  if ( ((fwval(fw,i+n)&0xffff0000)==0xe59f0000) ) // ldr rx, [pc, #imm]
4696  {
4697  u = LDR2val(fw, i+n);
4698  if (u>fw->data_start+fw->data_len*4 && u<fw->memisostart && (fwRd(fw,i+n)>3))
4699  {
4700  break;
4701  }
4702  }
4703  u = 0;
4704  }
4705  if (u)
4706  {
4707  print_stubs_min(fw,"exmem_alloc_table",u,idx2adr(fw,i+n));
4708  }
4709  if (exm_typ_tbl)
4710  {
4711  print_stubs_min(fw,"exmem_types_table",exm_typ_tbl,exm_typ_tbl_orig);
4712  }
4713  if (exm_typ_cnt)
4714  {
4715  bprintf("DEF_CONST(%-34s,0x%08x)\n","exmem_type_count",exm_typ_cnt);
4716  }
4717  return 0;
4718 }
int find_func ( const char *  name)

Definiert in Zeile 2692 der Datei finsig_dryos.c.

2693 {
2694  int i;
2695  for (i=0; func_list[i].name != 0; i++)
2696  {
2697  if (strcmp(name, func_list[i].name) == 0)
2698  {
2699  return i;
2700  }
2701  }
2702  return -1; // Not found
2703 }
int find_get_current_nd_value ( firmware fw)

Definiert in Zeile 1721 der Datei finsig_dryos.c.

1722 {
1723 
1724  // string only present on ND-only cameres
1725  if(find_str(fw, "IrisSpecification.c") < 0) {
1726  return find_get_current_nd_value_iris(fw);
1727  }
1728 
1729  int f1 = get_saved_sig(fw,"GetCurrentAvValue");
1730  if(f1 < 0)
1731  return 0;
1732 
1733  f1 = adr2idx(fw, func_names[f1].val);
1734  // expect
1735  // adreq r0, "IrisController.c"
1736  // bleq DebugAssert
1737  // bl j_get_current_nd_value
1738  int sadr = find_str(fw, "IrisController.c");
1739  int j = find_nxt_str_ref(fw, sadr, f1);
1740  if (j < 0)
1741  return 0;
1742 
1743  if(isBL_cond(fw,j+1) && isBL(fw,j+2)) {
1744  f1 = idxFollowBranch(fw,j+2,0x01000001);
1745  // veneer
1746  if(isB(fw,f1)) {
1747  f1 = idxFollowBranch(fw,f1,0x00000001);
1748  }
1749  fwAddMatch(fw,idx2adr(fw,f1),32,0,122);
1750  return 1;
1751  }
1752 
1753  return 0;
1754 }
int find_get_current_nd_value_iris ( firmware fw)

Definiert in Zeile 1676 der Datei finsig_dryos.c.

1677 {
1678  // match is only for cams with both, task is mostly a good indicator
1679  if(get_saved_sig(fw,"task_Nd") < 0 || get_saved_sig(fw,"task_IrisEvent") < 0) {
1680  return 0;
1681  }
1682  int f1 = get_saved_sig(fw,"get_current_exp");
1683  if(f1 < 0)
1684  return 0;
1685 
1686  f1 = adr2idx(fw, func_names[f1].val);
1687  int blcnt, i;
1688  // expect
1689  // bleq DebugAssert
1690  // followed by 5 bl with other instruction between
1691  // looking for 5th
1692  for(i=0, blcnt=0; i<16 && blcnt < 7; i++) {
1693  if(!blcnt) {
1694  if(isBL_cond(fw,f1+i)) {
1695  blcnt++;
1696  } else if(isBL(fw,f1+i)) {
1697  return 0;
1698  }
1699  continue;
1700  }
1701  if(!isBL(fw,f1+i)) {
1702  continue;
1703  }
1704  blcnt++;
1705  if(blcnt == 6) {
1706  int f2 = idxFollowBranch(fw,f1+i,0x01000001);
1707  // non-ND cameras have a call to return 0
1708  if(isMOV(fw,f2) && (fwRd(fw,f2) == 0) && (fwOp2(fw,f2) == 0)) // MOV R0, 0
1709  return 0;
1710  // veneer (might be better to require veneer)
1711  if(isB(fw,f2)) {
1712  f2 = idxFollowBranch(fw,f2,0x00000001);
1713  }
1714  fwAddMatch(fw,idx2adr(fw,f2),32,0,122);
1715  return 1;
1716  }
1717  }
1718  return 0;
1719 }
int find_get_fstype ( firmware fw)

Definiert in Zeile 963 der Datei finsig_dryos.c.

964 {
965  int j = get_saved_sig(fw,"OpenFastDir");
966  if (j >= 0)
967  {
968  int k = find_Nth_inst(fw, isBL, adr2idx(fw,func_names[j].val)+1, 6, 2);
969  if (k > 0)
970  {
971  // sanity check 1
972  if ( (fwval(fw, k+1) & 0xffff0fff) != 0xe1b00000 ) // movs rx, r0
973  return 0;
974  // sanity check 2
975  uint32_t cmpinst = ((fwval(fw, k+1) & 0x0000f000)<<4) + 0xe3500004; // cmp rx, #4
976  int l;
977  int m = 0;
978  for (l=0; l<32; l++)
979  {
980  if ( fwval(fw, k+1+l) == cmpinst )
981  m++;
982  }
983  if (m != 2)
984  return 0;
985  // confirmed
986  uint32_t fadr = followBranch(fw, idx2adr(fw, k), 0x01000001);
987  fwAddMatch(fw,fadr,32,0,122);
988  return 1;
989  }
990  }
991 
992  return 0;
993 }
int find_get_nd_value ( firmware fw)

Definiert in Zeile 1632 der Datei finsig_dryos.c.

1633 {
1634 
1635  int f1 = get_saved_sig(fw,"PutInNdFilter_FW");
1636  int f2 = get_saved_sig(fw,"ClearEventFlag");
1637  int f3 = find_saved_sig("get_nd_value");
1638  if ((f3 >= 0) && (func_names[f3].val != 0)) // return if func already found
1639  return 0;
1640  if ((f1 < 0) || (f2 < 0))
1641  return 0;
1642  f1 = adr2idx(fw, func_names[f1].val);
1643  f2 = adr2idx(fw, func_names[f2].val);
1644  int k1 = find_Nth_inst(fw,isBL,f1,10,2);
1645  int k2 = find_inst(fw,isBL,f1,6);
1646  if ((k1 == -1) || (k2 == -1))
1647  return 0;
1648  // note for the following line: same address can have different index on cams with multiple fw regions
1649  // followBranch2 is for veneer support (s110)
1650  if ( followBranch2(fw,idx2adr(fw,k2),0x01000001) != idx2adr(fw,f2) ) // ClearEventFlag?
1651  return 0;
1652  k1 = idxFollowBranch(fw,k1,0x01000001); // PutInNdFilter_low
1653  k2 = find_inst(fw,isBL,k1,6);
1654  if (k2 == -1)
1655  return 0;
1656  // check for signs of other functions (GetUsableAvRange, etc)
1657  int k3;
1658  int k4 = 0;
1659  for (k3=k2-1;k3>k2-3;k3--)
1660  {
1661  uint32_t v1 = fwval(fw, k3);
1662  k4 += (v1 == 0xe28d0004)?1:(v1 == 0xe1a0100d)?4: // add r0,sp,#4 ; mov r1,sp - GetUsableAvRange
1663  ((v1 & 0xffffff00) == 0xe3a00000)?0x10:0; // mov r0, #small_imm - sx400
1664  }
1665  if (k4 == 0) // probably get_nd_value
1666  {
1667  k2 = idxFollowBranch(fw,k2,0x01000001);
1668  fwAddMatch(fw,idx2adr(fw,k2),32,0,122);
1669  return 1;
1670  }
1671 
1672  return 0;
1673 }
int find_get_ptp_buf_size ( firmware fw)

Definiert in Zeile 1916 der Datei finsig_dryos.c.

1917 {
1918  int j = get_saved_sig(fw,"handle_PTP_OC_SendObject"); // same handler as CANON_SendObjectByPath
1919  if(j < 0) {
1920  // fprintf(stderr,"find_get_ptp_buf_size missing handle_PTP_OC_SendObject\n");
1921  return 0;
1922  }
1923  int k=adr2idx(fw,func_names[j].val);
1924  int k_max=k+80;
1925  uint32_t adr=0;
1926  int file_buf_id=get_ptp_file_buf_id(fw);
1927 
1928  for(; k < k_max;k++) {
1929  // look for
1930  // mov r0,#file_buf_id
1931  // bl ...
1932  if(isMOV_immed(fw,k) && fwRn(fw,k) == 0 && ALUop2(fw,k) == file_buf_id && isBL(fw, k+1)) {
1933  adr = followBranch(fw,idx2adr(fw,k+1),0x01000001);
1934  // fprintf(stderr,"find_get_ptp_buf_size match 1 0x%08x @0x%08x\n",adr,idx2adr(fw,k+1));
1935  break;
1936  }
1937  }
1938  if(!adr) {
1939  // fprintf(stderr,"find_get_ptp_buf_size no match\n");
1940  return 0;
1941  }
1942  // look for same seq again, within 6 ins
1943  k_max = k+6;
1944  for(; k < k_max;k++) {
1945  if(isMOV_immed(fw,k) && fwRn(fw,k) == 0 && ALUop2(fw,k) == file_buf_id && isBL(fw, k+1)) {
1946  uint32_t adr2 = followBranch(fw,idx2adr(fw,k+1),0x01000001);
1947  // is it the same address?
1948  if(adr2 == adr) {
1949  // fprintf(stderr,"find_get_ptp_buf_size match 2 @0x%08x\n",idx2adr(fw,k+1));
1950  fwAddMatch(fw,adr,32,0,122);
1951  return 0;
1952  }
1953  // fprintf(stderr,"find_get_ptp_buf_size match 2 mismatch 0x%08x != 0x%08x @0x%08x\n",adr,adr2,idx2adr(fw,k+1));
1954  }
1955  }
1956  return 0;
1957 }
int find_get_ptp_file_buf ( firmware fw,
string_sig sig,
int  j 
)

Definiert in Zeile 894 der Datei finsig_dryos.c.

895 {
896  /*
897  * looking for
898  * MOV r0,#ptp_file_buf_id
899  * bl get_ptp_buf_size
900  * bic r1, r0, #1
901  * MOV r0,#ptp_file_buf_id
902  * bl sub...
903  */
904  if(!(isMOV_immed(fw,j)
905  && (fwRn(fw,j) == 0)
906  && isBL(fw,j+1)
907  && ((fwval(fw,j+2) & 0xFFF00000) == 0xe3C00000) // BIC
908  && (ALUop2(fw,j+2) == 1)
909  && isMOV_immed(fw,j+3)
910  && (fwRn(fw,j+3) == 0)
911  && isBL(fw,j+4))) {
912  return 0;
913  }
914  int file_buf_id = get_ptp_file_buf_id(fw);
915  if(ALUop2(fw,j) != file_buf_id || ALUop2(fw,j+3) != file_buf_id) {
916  return 0;
917  }
918  uint32_t f1 = followBranch(fw,idx2adr(fw,j+1),0x01000001);
919  int i = get_saved_sig(fw,"get_ptp_buf_size");
920  // if sig not found, end search completely
921  if(i < 0) {
922  // fprintf(stderr,"find_get_ptp_file_buf func missing @0x%08x\n",idx2adr(fw,j));
923  return 1;
924  }
925  if(f1 != func_names[i].val) {
926  // fprintf(stderr,"find_get_ptp_file_buf func mismatch @0x%08x\n",idx2adr(fw,j));
927  return 0;
928  }
929 
930  // search backwards for push
931  int k = find_inst_rev(fw, isSTMFD_LR, j-1, 8);
932  if(k < 0) {
933  // fprintf(stderr,"find_get_ptp_file_buf failed to find push @0x%08x\n",idx2adr(fw,j));
934  return 0;
935  }
936  // functions could have a MOV, LDR etc before the push, but not seen for this function
937  uint32_t fadr = idx2adr(fw, k);
938  fwAddMatch(fw,fadr,32,0,121);
939  // fprintf(stderr,"find_get_ptp_file_buf match @0x%08x\n",fadr);
940 
941  return 1;
942 }
int find_get_self_task_errno_pointer ( firmware fw)

Definiert in Zeile 1596 der Datei finsig_dryos.c.

1597 {
1598  int f1 = get_saved_sig(fw,"malloc");
1599  int f2 = get_saved_sig(fw,"close");
1600  if ((f1<0) && (f2<0))
1601  return 0;
1602  f1 = adr2idx(fw, func_names[f1].val);
1603  f1 = find_inst(fw, isLDMFD_PC, f1, 24);
1604  if (f1>0)
1605  {
1606  f1 = find_inst_rev(fw, isBL, f1, 6);
1607  if (f1>0)
1608  {
1609  if (fwval(fw,f1+2) == 0xe5801000) // str r1, [r0]
1610  {
1611  f1 = idxFollowBranch(fw,f1,0x01000001);
1612  fwAddMatch(fw,idx2adr(fw,f1),32,0,122);
1613  return 1;
1614  }
1615  }
1616  }
1617  // older cams don't set errno on malloc failure
1618  f1 = adr2idx(fw, func_names[f2].val);
1619  f1 = find_Nth_inst(fw, isBL, f1, 8, 2); // second BL
1620  if (f1>0)
1621  {
1622  if (fwval(fw,f1+2) == 0xe5801000) // str r1, [r0]
1623  {
1624  f1 = idxFollowBranch(fw,f1,0x01000001);
1625  fwAddMatch(fw,idx2adr(fw,f1),32,0,122);
1626  return 1;
1627  }
1628  }
1629  return 0;
1630 }
int find_get_string_by_id ( firmware fw)

Definiert in Zeile 1581 der Datei finsig_dryos.c.

1582 {
1583  if (get_saved_sig(fw,"DisplayBusyOnScreen") < 0) return 0;
1584  if (idx_getstring > 0)
1585  {
1586  int n = idxFollowBranch(fw,idx_getstring,0x01000001);
1587  if (n>0)
1588  {
1589  fwAddMatch(fw,idx2adr(fw,n),32,0,122);
1590  return 1;
1591  }
1592  }
1593  return 0;
1594 }
int find_GetBaseSv ( firmware fw)

Definiert in Zeile 1959 der Datei finsig_dryos.c.

1960 {
1961  int j = get_saved_sig(fw,"SetPropertyCase");
1962  if (j < 0)
1963  return 0;
1964  j = adr2idx(fw, func_names[j].val);
1965 
1966  int sadr = find_str(fw, "Sensitive.c");
1967  if (sadr < fw->lowest_idx)
1968  return 0;
1969  int s1 = find_nxt_str_ref(fw, sadr, -1/*fw->lowest_idx*/);
1970  int hist[3] = {0, 0, 0};
1971  while (s1 >= 0)
1972  {
1973  hist[2] = hist[1];
1974  hist[1] = hist[0];
1975  hist[0] = s1;
1976  if (hist[0] && hist[1] && hist[2])
1977  {
1978  if ((hist[0]-hist[1]<6) && (hist[1]-hist[2]<7))
1979  {
1980  int n;
1981  for (n=s1+1; n<s1+26; n++)
1982  {
1983  if ( isBL(fw, n) )
1984  {
1985  int k;
1986  k = idxFollowBranch(fw,n,0x01000001);
1987  if ( idx2adr(fw, k) == idx2adr(fw, j) )
1988  {
1989  // SetPropertyCase call found
1990  k = find_inst(fw, isBL, s1+2, 6);
1991  if (k != -1)
1992  {
1993  // first BL following BLEQ DebugAssert
1994  int l = idxFollowBranch(fw,k,0x01000001);
1995  if ( isB(fw, l) )
1996  {
1997  // in most cases there's a veneer (exception: sx1)
1998  void add_func_name(char*, uint32_t, char*);
1999  k = idxFollowBranch(fw,l,0x01000001);
2000  if ( isB(fw, k) )
2001  {
2002  int m = idxFollowBranch(fw,k,0x01000001);
2003  add_func_name("j_j_GetBaseSv", idx2adr(fw,l), "");
2004  add_func_name("j_GetBaseSv", idx2adr(fw,k), "");
2005  fwAddMatch(fw,idx2adr(fw,m),32,0,122);
2006  }
2007  else
2008  {
2009  add_func_name("j_GetBaseSv", idx2adr(fw,l), "");
2010  fwAddMatch(fw,idx2adr(fw,k),32,0,122);
2011  }
2012  }
2013  else
2014  {
2015  fwAddMatch(fw,idx2adr(fw,l),32,0,122);
2016  }
2017  return 1;
2018  }
2019  }
2020  }
2021  }
2022  }
2023  }
2024  s1 = find_nxt_str_ref(fw, sadr, s1+1);
2025  }
2026 
2027  return 0;
2028 }
int find_getcurrentmachinetime ( firmware fw)

Definiert in Zeile 1756 der Datei finsig_dryos.c.

1757 {
1758  int f1 = get_saved_sig(fw,"SetHPTimerAfterTimeout");
1759  if (f1 < 0)
1760  return 0;
1761  f1 = adr2idx(fw, func_names[f1].val);
1762  f1 = find_inst(fw, isBL, f1, 16);
1763  if (f1>0)
1764  {
1765  f1 = idxFollowBranch(fw,f1,0x01000001);
1766  fwAddMatch(fw,idx2adr(fw,f1),32,0,122);
1767  return 1;
1768  }
1769  return 0;
1770 }
int find_GetDrive_ClusterSize ( firmware fw)

Definiert in Zeile 1234 der Datei finsig_dryos.c.

1235 {
1236  int k = get_saved_sig(fw,"DebugAssert");
1237  if (k >= 0)
1238  {
1239  return search_fw(fw, match_GetDrive_ClusterSize, func_names[k].val, 0, 16);
1240  }
1241 
1242  return 0;
1243 }
int find_GetDrive_TotalClusters ( firmware fw)

Definiert in Zeile 1245 der Datei finsig_dryos.c.

1246 {
1247  extern uint32_t find_str_bytes(firmware *fw, char *str);
1248  // restrict usage (we rely on a function preceding a string)
1249  if (fw->dryos_ver < 52)
1250  return 0;
1251  uint32_t j = find_str_bytes(fw,"DriveLetterManager.c");
1252  if (j > 0)
1253  {
1254  int k = adr2idx(fw,j);
1255  k = find_inst_rev(fw,isLDMFD_PC,k-1,2);
1256  if ((k > 0) && ( (fwval(fw,k-1)&0xfffff0f0)==0xe0810090 )) // umull r0, r1, rx, ry
1257  {
1258  if (isBL(fw,k-2))
1259  {
1260  k = idxFollowBranch(fw,k-2,0x01000001);
1261  fwAddMatch(fw,idx2adr(fw,k),32,0,122);
1262  return 1;
1263  }
1264  }
1265  }
1266 
1267  return 0;
1268 }
int find_getImageDirName ( firmware fw)

Definiert in Zeile 1083 der Datei finsig_dryos.c.

1084 {
1085  int k = find_str_ref(fw,"%3d_%02d%02d");
1086  if (k >= 0)
1087  {
1088  k = find_inst_rev(fw, isLDMFD_PC, k-1, 16);
1089  if (k >= 0)
1090  {
1091  uint32_t fadr = idx2adr(fw,k+1);
1092  fwAddMatch(fw,fadr,32,0,122);
1093  return 1;
1094  }
1095  }
1096  else
1097  {
1098  k = find_str_ref(fw,"___%02d");
1099  if (k >= 0)
1100  {
1101  k = find_inst_rev(fw, isLDMFD_PC, k-1, 18);
1102  if (k >= 0)
1103  {
1104  if (isMOV(fw,k+1) && isMOV(fw,k+2)) // sanity check
1105  {
1106  uint32_t fadr = idx2adr(fw,k+1);
1107  fwAddMatch(fw,fadr,32,0,122);
1108  return 1;
1109  }
1110  }
1111  }
1112  }
1113 
1114  return 0;
1115 }
int find_GetImageFolder ( firmware fw)

Definiert in Zeile 1166 der Datei finsig_dryos.c.

1167 {
1168  int j = find_str_ref(fw,"GetCameraObjectTmpPath ERROR[ID:%lx] [TRY:%lx]\n");
1169  if (j < 0)
1170  j = find_str_ref(fw,"_GetCameraObjectTmpPath ERROR[ID:%lx] [TRY:%lx]\n");
1171  if (j >= 0)
1172  {
1173  strGIF = idx2adr(fw,j);
1174  int j = get_saved_sig(fw,"TakeSemaphore");
1175  int k = get_saved_sig(fw,"getImageDirName");
1176  if ((k >= 0) && (j >= 0))
1177  {
1178  return search_fw(fw, match_GetImageFolder, func_names[k].val, func_names[j].val, 1);
1179  }
1180  }
1181 
1182  return 0;
1183 }
void find_key_vals ( firmware fw)

Definiert in Zeile 6961 der Datei finsig_dryos.c.

6962 {
6963  int k,k1;
6964 
6965  out_hdr = 1;
6966  add_blankline();
6967 
6968  // find 'SD_READONLY_FLAG'
6969  uint32_t tadr = search_saved_sig(fw, "GetSDProtect", match_GetSDProtect, 0, 1, 1);
6970  if (tadr == 0)
6971  {
6972  k = find_str_ref(fw,"SD Not Exist\n");
6973  if (k >= 0)
6974  {
6975  for (k1=k-1; k1>k-5; k1--)
6976  {
6977  if (isBL(fw,k1)) // BL
6978  {
6979  uint32_t fadr = followBranch(fw,idx2adr(fw,k1),0x01000001);
6980  int k2 = adr2idx(fw,fadr);
6981  if (isLDR_PC(fw,k2))
6982  {
6983  tadr = LDR2val(fw,k2);
6984  }
6985  }
6986  }
6987  }
6988  }
6989  if (tadr != 0)
6990  {
6991  int tsiz = 2;
6992  if (fw->buf[adr2idx(fw,tadr)+2] == 0) tsiz = 3;
6993 
6994  uint32_t madr = fw->base + (fw->size*4-4);
6995  for (k=0; k<(tadr-fw->base)/4; k++)
6996  {
6997  if (isLDR_PC(fw,k))
6998  {
6999  uint32_t adr = LDR2val(fw,k);
7000  if ((adr > tadr) && (adr < madr))
7001  {
7002  madr = adr;
7003  }
7004  }
7005  }
7006  int tlen = (madr - tadr) / 4;
7007  if (tsiz == 2)
7008  {
7009  k1 = adr2idx(fw,tadr);
7010  for (k=0; k<tlen/3; k+=3)
7011  {
7012  if ((fw->buf[k1+k+1] == 0xFFFFFFFF) && (fw->buf[k1+k+4] == 0xFFFFFFFF))
7013  {
7014  tsiz = 3;
7015  break;
7016  }
7017  }
7018  }
7019  if (tlen > 50*tsiz) tlen = 50*tsiz;
7020 
7021 #ifdef LIST_PHYSW_TABLE
7022  // output all physw events from the table if enabled
7023  print_physw_raw_vals(fw, tadr, tsiz, tlen);
7024 #endif
7025  bprintf("// Bitmap masks and physw_status index values for SD_READONLY and USB power flags (for kbd.c).\n");
7026  if (fw->dryos_ver >= 58)
7027  {
7028  // Event ID's have changed again in DryOS 58 **********
7029  print_kval(fw,tadr,tsiz,tlen,0x30A,"SD_READONLY","_FLAG");
7030  print_kval(fw,tadr,tsiz,tlen,0x302,"USB","_MASK");
7031  print_kval(fw,tadr,tsiz,tlen,0x305,"BATTCOVER","_FLAG");
7032  print_kval(fw,tadr,tsiz,tlen,0x304,"HOTSHOE","_FLAG");
7033  print_kval(fw,tadr,tsiz,tlen,0x300,"ANALOG_AV","_FLAG");
7034  }
7035  else if (fw->dryos_ver >= 49)
7036  {
7037  // Event ID's have changed in DryOS R49 **********
7038  print_kval(fw,tadr,tsiz,tlen,0x20A,"SD_READONLY","_FLAG");
7039  print_kval(fw,tadr,tsiz,tlen,0x202,"USB","_MASK");
7040  print_kval(fw,tadr,tsiz,tlen,0x205,"BATTCOVER","_FLAG");
7041  print_kval(fw,tadr,tsiz,tlen,0x204,"HOTSHOE","_FLAG");
7042  print_kval(fw,tadr,tsiz,tlen,0x200,"ANALOG_AV","_FLAG");
7043  }
7044  else
7045  {
7046  print_kval(fw,tadr,tsiz,tlen,0x90A,"SD_READONLY","_FLAG");
7047  print_kval(fw,tadr,tsiz,tlen,0x902,"USB","_MASK");
7048  print_kval(fw,tadr,tsiz,tlen,0x905,"BATTCOVER","_FLAG");
7049  print_kval(fw,tadr,tsiz,tlen,0x904,"HOTSHOE","_FLAG");
7050  print_kval(fw,tadr,tsiz,tlen,0x900,"ANALOG_AV","_FLAG");
7051  }
7052 
7053  uint32_t key_half = add_kmval(fw,tadr,tsiz,tlen,0,"KEY_SHOOT_HALF",0);
7054  add_kmval(fw,tadr,tsiz,tlen,1,"KEY_SHOOT_FULL",key_half);
7055  add_kmval(fw,tadr,tsiz,tlen,1,"KEY_SHOOT_FULL_ONLY",0);
7056 
7057  if (fw->dryos_ver == 52) // unclear if this applies any other ver
7058  {
7059  add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_IN",0);
7060  add_kmval(fw,tadr,tsiz,tlen,4,"KEY_ZOOM_OUT",0);
7061  add_kmval(fw,tadr,tsiz,tlen,6,"KEY_UP",0);
7062  add_kmval(fw,tadr,tsiz,tlen,7,"KEY_DOWN",0);
7063  add_kmval(fw,tadr,tsiz,tlen,8,"KEY_LEFT",0);
7064  add_kmval(fw,tadr,tsiz,tlen,9,"KEY_RIGHT",0);
7065  add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_SET",0);
7066  add_kmval(fw,tadr,tsiz,tlen,0xB,"KEY_MENU",0);
7067  add_kmval(fw,tadr,tsiz,tlen,0xC,"KEY_DISPLAY",0);
7068  add_kmval(fw,tadr,tsiz,tlen,0x12,"KEY_HELP",0);
7069  add_kmval(fw,tadr,tsiz,tlen,0x19,"KEY_ERASE",0);
7070  add_kmval(fw,tadr,tsiz,tlen,2,"KEY_VIDEO",0);
7071  }
7072  else if (fw->dryos_ver < 54)
7073  {
7074  add_kmval(fw,tadr,tsiz,tlen,2,"KEY_ZOOM_IN",0);
7075  add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_OUT",0);
7076  add_kmval(fw,tadr,tsiz,tlen,4,"KEY_UP",0);
7077  add_kmval(fw,tadr,tsiz,tlen,5,"KEY_DOWN",0);
7078  add_kmval(fw,tadr,tsiz,tlen,6,"KEY_LEFT",0);
7079  add_kmval(fw,tadr,tsiz,tlen,7,"KEY_RIGHT",0);
7080  add_kmval(fw,tadr,tsiz,tlen,8,"KEY_SET",0);
7081  add_kmval(fw,tadr,tsiz,tlen,9,"KEY_MENU",0);
7082  add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_DISPLAY",0);
7083  }
7084  else if (fw->dryos_ver < 55)
7085  {
7086  add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_IN",0);
7087  add_kmval(fw,tadr,tsiz,tlen,4,"KEY_ZOOM_OUT",0);
7088  add_kmval(fw,tadr,tsiz,tlen,6,"KEY_UP",0);
7089  add_kmval(fw,tadr,tsiz,tlen,7,"KEY_DOWN",0);
7090  add_kmval(fw,tadr,tsiz,tlen,8,"KEY_LEFT",0);
7091  add_kmval(fw,tadr,tsiz,tlen,9,"KEY_RIGHT",0);
7092  add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_SET",0);
7093  add_kmval(fw,tadr,tsiz,tlen,0xE,"KEY_MENU",0);
7094  add_kmval(fw,tadr,tsiz,tlen,2,"KEY_VIDEO",0);
7095  add_kmval(fw,tadr,tsiz,tlen,0xD,"KEY_HELP",0);
7096  //add_kmval(fw,tadr,tsiz,tlen,?,"KEY_DISPLAY",0);
7097  }
7098  else
7099  {
7100  add_kmval(fw,tadr,tsiz,tlen,3,"KEY_ZOOM_IN",0);
7101  add_kmval(fw,tadr,tsiz,tlen,4,"KEY_ZOOM_OUT",0);
7102  add_kmval(fw,tadr,tsiz,tlen,6,"KEY_UP",0);
7103  add_kmval(fw,tadr,tsiz,tlen,7,"KEY_DOWN",0);
7104  add_kmval(fw,tadr,tsiz,tlen,8,"KEY_LEFT",0);
7105  add_kmval(fw,tadr,tsiz,tlen,9,"KEY_RIGHT",0);
7106  add_kmval(fw,tadr,tsiz,tlen,0xA,"KEY_SET",0);
7107  add_kmval(fw,tadr,tsiz,tlen,0x14,"KEY_MENU",0);
7108  add_kmval(fw,tadr,tsiz,tlen,2,"KEY_VIDEO",0);
7109  add_kmval(fw,tadr,tsiz,tlen,0xD,"KEY_HELP",0);
7110  //add_kmval(fw,tadr,tsiz,tlen,?,"KEY_DISPLAY",0);
7111  }
7112  if (fw->dryos_ver <= 47)
7113  {
7114  add_kmval(fw,tadr,tsiz,tlen,0x601,"KEY_PLAYBACK",0);
7115  add_kmval(fw,tadr,tsiz,tlen,0x600,"KEY_POWER",0);
7116  add_kmval(fw,tadr,tsiz,tlen,0x12,"KEY_VIDEO",0);
7117  }
7118  else
7119  {
7120  add_kmval(fw,tadr,tsiz,tlen,0x101,"KEY_PLAYBACK",0);
7121  add_kmval(fw,tadr,tsiz,tlen,0x100,"KEY_POWER",0);
7122  if (fw->dryos_ver == 49)
7123  {
7124  add_kmval(fw,tadr,tsiz,tlen,0x19,"KEY_VIDEO",0);
7125  }
7126  else if(fw->dryos_ver == 50)
7127  {
7128  add_kmval(fw,tadr,tsiz,tlen,0x1A,"KEY_VIDEO",0);
7129  add_kmval(fw,tadr,tsiz,tlen,0x14,"KEY_HELP",0);
7130  }
7131  }
7132 
7133  bprintf("\n// Keymap values for kbd.c. Additional keys may be present, only common values included here.\n");
7134  print_kmvals();
7135  }
7136 }
int find_leds ( firmware fw)

Definiert in Zeile 5860 der Datei finsig_dryos.c.

5861 {
5862  int j1, j2, j3;
5863  LED_s leds[LEDMAX];
5864  int k0 = find_str_ref(fw,"LEDCon");
5865  if (k0<0)
5866  return 0;
5867  int k1 = find_inst_rev(fw,isSTMFD_LR,k0,110);
5868  if (k1<0)
5869  return 0;
5870  j1 = find_inst(fw,isBL,k1,80);
5871  j2 = find_Nth_inst(fw,isBL,k1,80,3);
5872  if ((j1<0) || (j2<0))
5873  return 0;
5874  j3 = 0; // highest leds[] index
5875  int found;
5876 
5877  memset(leds, 0, sizeof(LED_s)*LEDMAX);
5878 
5879  // in older versions of the routine, 1st and 3rd BL is memory allocation
5880  if (followBranch(fw,idx2adr(fw,j1),0x01000001) == followBranch(fw,idx2adr(fw,j2),0x01000001))
5881  {
5882  k1 = find_Nth_inst(fw,isBL,k1,80,2);
5883  // LED table initializer func
5884  k1 = idxFollowBranch(fw,k1,0x01000001);
5885  if (k1<0)
5886  return 0;
5887  bprintf("\n// LED table init @ 0x%x\n",idx2adr(fw,k1));
5888 
5889  // scan for MMIO addresses loaded via LDR, should work on DIGIC 4 and III cams
5890  // some cameras may have specially handled LEDs, they will not be found
5891  // DIGIC 5 cams will get no hits here
5892  j2 = 0;
5893  j1 = 0;
5894  while (j2 < 32)
5895  {
5896  if (isLDR_PC(fw,k1+j2))
5897  {
5898  uint32_t l1 = LDR2val(fw,k1+j2);
5899  if (l1 >= 0xc0220000)
5900  {
5901  leds[j3].addr = l1;
5902  leds[j3].reg = fwRd(fw,k1+j2);
5903  j3++;
5904  }
5905  }
5906  else if (isBX_LR(fw,k1+j2) || isB(fw,k1+j2))
5907  {
5908  break;
5909  }
5910  j2++;
5911  if (j3>=LEDMAX)
5912  break;
5913  }
5914 
5915  j3--;
5916  j1 = 0;
5917  if (j3 >= 0)
5918  {
5919  int repeatfrom = 0;
5920  int repeatreg = 0;
5921  int repeataddr = 0;
5922  while (j3 >= 0)
5923  {
5924  // main cycle to parse the LED table init function
5925  // tries to work out the LED MMIO addresses
5926 
5927  j2 = 0;
5928  int gotit = 0;
5929  if (repeatfrom)
5930  {
5931  j2 = repeatfrom;
5932  leds[j3].reg = repeatreg;
5933  leds[j3].addr = repeataddr;
5934  leds[j3].done = 0;
5935  gotit = 1;
5936  repeatfrom = 0;
5937  }
5938  while (j2 < 32)
5939  {
5940  found = 0;
5941  if (isLDR_PC(fw,k1+j2))
5942  {
5943  if (!gotit)
5944  {
5945  uint32_t l1 = LDR2val(fw,k1+j2);
5946  if (l1 >= 0xc0220000)
5947  {
5948  if ((leds[j3].reg == fwRd(fw,k1+j2)) && (leds[j3].addr == LDR2val(fw,k1+j2)))
5949  {
5950  leds[j3].done = 0;
5951  gotit = 1;
5952  }
5953  }
5954  }
5955  else
5956  {
5957  if (leds[j3].reg == fwRd(fw,k1+j2))
5958  {
5959  break;
5960  }
5961  }
5962  }
5963  else if (isBX_LR(fw,k1+j2) || isB(fw,k1+j2))
5964  {
5965  break;
5966  }
5967  if (!gotit)
5968  {
5969  // fast forward until the LDR in question is found
5970  j2++;
5971  continue;
5972  }
5973  if (isADD(fw,k1+j2))
5974  {
5975  if (leds[j3].reg == fwRd(fw,k1+j2))
5976  {
5977  leds[j3].addr += ALUop2a(fw,k1+j2);
5978  leds[j3].done = 0;
5979  }
5980  else if (leds[j3].reg == fwRn(fw,k1+j2))
5981  {
5982  // MMIO address passed to another register, schedule re-entry if possible
5983  if (!repeatfrom)
5984  {
5985  repeataddr = leds[j3].addr + ALUop2a(fw,k1+j2);
5986  repeatreg = fwRd(fw,k1+j2);
5987  repeatfrom = j2 + 1;
5988  }
5989  }
5990  }
5991  else if (isSUB(fw,k1+j2))
5992  {
5993  if (leds[j3].reg == fwRd(fw,k1+j2))
5994  {
5995  leds[j3].addr -= ALUop2a(fw,k1+j2);
5996  leds[j3].done = 0;
5997  }
5998  else if (leds[j3].reg == fwRn(fw,k1+j2))
5999  {
6000  // MMIO address passed to another register, schedule re-entry if possible
6001  if (!repeatfrom)
6002  {
6003  repeataddr = leds[j3].addr - ALUop2a(fw,k1+j2);
6004  repeatreg = fwRd(fw,k1+j2);
6005  repeatfrom = j2 + 1;
6006  }
6007  }
6008  }
6009  else if (isSTR(fw,k1+j2))
6010  {
6011  // LED references are always stored with STR, not STRB or STRH
6012  // check for matching register
6013  if (leds[j3].reg == fwRd(fw,k1+j2))
6014  {
6015  leds[j3].offs = fwval(fw,k1+j2) & 0xfff;
6016  found = 1;
6017  }
6018  }
6019  else if (isMOV_immed(fw,k1+j2) && (leds[j3].reg == fwRd(fw,k1+j2)))
6020  {
6021  // the register holding the MMIO address gets a new value, start again with the next MMIO, if any
6022  break;
6023  }
6024  j2++;
6025  // output data if valid
6026  if (found && (!leds[j3].done))
6027  {
6028  j1++;
6029  bprintf("// LED #%i: 0x%08x, offset 0x%x\n",j1, leds[j3].addr, leds[j3].offs);
6030  leds[j3].done = 1;
6031  }
6032  }
6033  if (!repeatfrom)
6034  {
6035  j3--;
6036  }
6037  }
6038  }
6039  else
6040  {
6041  // DIGIC 5
6042  // LEDs are identified by their location in the GPIO table, not their address
6043  // some LEDs might be "special cased" and not appear in the GPIO table or the LED table init function
6044  // those special cases are not currently handled
6045 
6046  // locate GPIO table first
6047  int gpiotbladdr = 0;
6048  j2 = find_str_ref(fw,"\n\n Set LCD Driver: Address 0x%04x <-- Data 0x%04x\n");
6049  if (j2 > 0)
6050  {
6051  j2 = find_inst_rev(fw, isBL, j2, 8);
6052  if (j2 > 0)
6053  {
6054  j3 = 2;
6055  while (j3 > 0)
6056  {
6057  if ( !((fwval(fw,j2-1)&0xfffff000)==0xe3a01000) && !((fwval(fw,j2-2)&0xfffff000)==0xe3a01000) ) // MOV R1, #imm
6058  {
6059  j2 = find_inst_rev(fw, isBL, j2-1, 6);
6060  }
6061  else
6062  {
6063  break;
6064  }
6065  j3--;
6066  }
6067  if (j2 > 0)
6068  {
6069  // j2 points to a function that is used to poke GPIOs, based on a GPIO table
6070  j2 = idxFollowBranch(fw, j2, 0x01000001);
6071  if (isLDR_PC(fw,j2))
6072  {
6073  // 1st instruction references the table's address (could change in the future?)
6074  gpiotbladdr = adr2idx(fw, LDR2val(fw, j2));
6075  }
6076  }
6077  }
6078  }
6079  // identify the LED(s)
6080  /*
6081  * r0 is a pointer to the LED struct array
6082  * below pattern inits an LED:
6083  * mov rx, #imm
6084  * ...
6085  * strb ry, [r0, #imm2]
6086  * str rx, [r0, #imm2+4]
6087  * the strb pair might be at a different location
6088  */
6089  j2 = 0;
6090  j3 = 0;
6091  while (j2 < 32)
6092  {
6093  // find str rx, [r0, #imm2+4]
6094  if (isSTRw(fw,k1+j2))
6095  {
6096  uint32_t o1 = fwval(fw,k1+j2)&0xfff; // may not be the correct way of determining the offset
6097  uint32_t o2 = 0;
6098  int n = 1;
6099  int r1 = -1;
6100  while (n < 32)
6101  {
6102  if (isSTRB(fw,k1+n))
6103  {
6104  o2 = fwval(fw,k1+n)&0xfff;
6105  if (o1-4 == o2)
6106  {
6107  r1 = fwRd(fw,k1+j2); // dest. register
6108  }
6109  }
6110  else if (isBX_LR(fw,k1+n) || isB(fw,k1+n))
6111  {
6112  break;
6113  }
6114  n++;
6115  }
6116  if (r1 >= 0)
6117  {
6118  // search for that register's content
6119  n = k1+j2-1;
6120  while (n >= k1)
6121  {
6122  if (isMOV_immed(fw, n) && (fwRd(fw, n) == r1))
6123  {
6124  leds[j3].addr = ALUop2a(fw,n);
6125  leds[j3].offs = o1;
6126  j3++;
6127  break;
6128  }
6129  n--;
6130  }
6131  }
6132  }
6133  else if (isBX_LR(fw,k1+j2) || isB(fw,k1+j2))
6134  {
6135  break;
6136  }
6137  j2++;
6138  if (j3 >= LEDMAX)
6139  break;
6140  }
6141  j3--;
6142  while (j3 >= 0)
6143  {
6144  j1++;
6145  if (leds[j3].addr > 0xfff)
6146  {
6147  bprintf("// LED #%i: unknown (index: 0x%08x), offset 0x%x\n",j1, leds[j3].addr, leds[j3].offs);
6148  }
6149  else if (gpiotbladdr)
6150  {
6151  bprintf("// LED #%i: 0x%08x (#%d in GPIO table), offset 0x%x\n",j1, fwval(fw, leds[j3].addr + gpiotbladdr), leds[j3].addr, leds[j3].offs);
6152  }
6153  else
6154  {
6155  bprintf("// LED #%i: #%d in GPIO table, offset 0x%x\n",j1, leds[j3].addr, leds[j3].offs);
6156  }
6157  j3--;
6158  }
6159  if (gpiotbladdr)
6160  {
6161  bprintf("// GPIO table @ 0x%x\n",idx2adr(fw, gpiotbladdr));
6162  }
6163  }
6164  }
6165  else
6166  {
6167  // DIGIC 4+
6168  // LEDs are identified by their location in the GPIO table, not their address
6169  // some LEDs might be "special cased" and not appear in the GPIO table or the LED table init function
6170  // those special cases are not currently handled
6171 
6172  int f1 = get_saved_sig(fw,"CreateMessageQueueStrictly");
6173  if (f1 < 0)
6174  return 0;
6175  f1 = adr2idx(fw, func_names[f1].val);
6176 
6177  int n;
6178  k1 = k0; // ref. to "LEDCon"
6179  for (n=0; n<5; n++)
6180  {
6181  k1 = find_inst_rev(fw,isBL,k1-1,80);
6182  if (k1 > 0)
6183  {
6184  if (idx2adr(fw,idxFollowBranch(fw,k1,0x01000001)) == idx2adr(fw,f1)) // BL CreateMessageQueueStrictly
6185  {
6186  n = -1;
6187  break;
6188  }
6189  }
6190  }
6191  if (n >= 0)
6192  return 0;
6193  // LED table initializer func, right before CreateMessageQueueStrictly
6194  k1 = find_inst_rev(fw,isBL,k1-1,80);
6195  if (k1<0)
6196  return 0;
6197  k1 = idxFollowBranch(fw,k1,0x01000001);
6198  if (k1<0)
6199  return 0;
6200  bprintf("\n// LED table init @ 0x%x\n",idx2adr(fw,k1));
6201 
6202  // locate GPIO table
6203  j1 = 0;
6204  int gpiotbladdr = 0;
6205  j2 = find_str_ref(fw,"\n\n Set LCD Driver: Address 0x%04x <-- Data 0x%04x\n");
6206  if (j2 > 0)
6207  {
6208  j2 = find_inst_rev(fw, isBL, j2, 8);
6209  if (j2 > 0)
6210  {
6211  j3 = 2;
6212  while (j3 > 0)
6213  {
6214  if ( !((fwval(fw,j2-1)&0xfffff000)==0xe3a00000) && !((fwval(fw,j2-2)&0xfffff000)==0xe3a00000) ) // MOV R0, #imm
6215  {
6216  j2 = find_inst_rev(fw, isBL, j2-1, 6);
6217  }
6218  else
6219  {
6220  break;
6221  }
6222  j3--;
6223  }
6224  if (j2 > 0)
6225  {
6226  // j2 points to a function that is used to poke GPIOs, based on a GPIO table
6227  j2 = idxFollowBranch(fw, j2, 0x01000001);
6228  if (isLDR_PC(fw,j2))
6229  {
6230  // 1st instruction references the table's address (could change in the future?)
6231  gpiotbladdr = adr2idx(fw, LDR2val(fw, j2));
6232  }
6233  }
6234  }
6235  }
6236  // identify the LED(s)
6237  /*
6238  * r0 is a pointer to the LED struct array
6239  * below pattern inits an LED:
6240  * mov rx, #imm
6241  * ...
6242  * strb ry, [r0, #imm2]
6243  * str rx, [r0, #imm2+4]
6244  * the strb pair might be at a different location
6245  */
6246  j2 = 0;
6247  j3 = 0;
6248  while (j2 < 32)
6249  {
6250  // find str rx, [r0, #imm2+4]
6251  if (isSTRw(fw,k1+j2))
6252  {
6253  uint32_t o1 = fwval(fw,k1+j2)&0xfff; // may not be the correct way of determining the offset
6254  uint32_t o2 = 0;
6255  int n = 1;
6256  int r1 = -1;
6257  while (n < 32)
6258  {
6259  if (isSTRB(fw,k1+n))
6260  {
6261  o2 = fwval(fw,k1+n)&0xfff;
6262  if (o1-4 == o2)
6263  {
6264  r1 = fwRd(fw,k1+j2); // dest. register
6265  }
6266  }
6267  else if (isBX_LR(fw,k1+n) || isB(fw,k1+n))
6268  {
6269  break;
6270  }
6271  n++;
6272  }
6273  if (r1 >= 0)
6274  {
6275  // search for that register's content
6276  n = k1+j2-1;
6277  while (n >= k1)
6278  {
6279  if (isMOV_immed(fw, n) && (fwRd(fw, n) == r1))
6280  {
6281  leds[j3].addr = ALUop2a(fw,n);
6282  leds[j3].offs = o1;
6283  j3++;
6284  break;
6285  }
6286  n--;
6287  }
6288  }
6289  }
6290  else if (isBX_LR(fw,k1+j2) || isB(fw,k1+j2))
6291  {
6292  break;
6293  }
6294  j2++;
6295  if (j3 >= LEDMAX)
6296  break;
6297  }
6298  j3--;
6299  while (j3 >= 0)
6300  {
6301  j1++;
6302  if (leds[j3].addr > 0xfff)
6303  {
6304  bprintf("// LED #%i: unknown (index: 0x%08x), offset 0x%x\n",j1, leds[j3].addr, leds[j3].offs);
6305  }
6306  else if (gpiotbladdr)
6307  {
6308  bprintf("// LED #%i: 0x%08x (#%d in GPIO table), offset 0x%x\n",j1, fwval(fw, leds[j3].addr + gpiotbladdr), leds[j3].addr, leds[j3].offs);
6309  }
6310  else
6311  {
6312  bprintf("// LED #%i: #%d in GPIO table, offset 0x%x\n",j1, leds[j3].addr, leds[j3].offs);
6313  }
6314  j3--;
6315  }
6316  if (gpiotbladdr)
6317  {
6318  bprintf("// GPIO table @ 0x%x\n",idx2adr(fw, gpiotbladdr));
6319  }
6320  }
6321  return 0;
6322 }
void find_lib_vals ( firmware fw)

Definiert in Zeile 4505 der Datei finsig_dryos.c.

4506 {
4507  int k,k1;
4508 
4509  out_hdr = 1;
4510  add_blankline();
4511 
4512  bprintf("// Values below go in 'lib.c':\n");
4513 
4514  // Find 'vid_get_bitmap_fb'
4515  search_saved_sig(fw, "DispCon_ShowBitmapColorBar", match_vid_get_bitmap_fb, 0, 1, 30);
4516 
4517  // find 'vid_get_viewport_fb'
4518  uint32_t v = find_viewport_address(fw,&k);
4519  if (k >= 0)
4520  {
4521  bprintf("//void *vid_get_viewport_fb() { return (void*)0x%08x; } // Found @0x%08x\n",v,idx2adr(fw,k));
4522  }
4523 
4524  // find 'vid_get_viewport_fb_d'
4525  static int fbd[3][3] =
4526  {
4527  { -2, -3, 1 },
4528  { 1, 3, 4 },
4529  { -1, -2, 1 },
4530  };
4531  int sadr = find_str(fw, "ImagePlayer.c");
4532  k = find_nxt_str_ref(fw, sadr, -1);
4533  int found = 0;
4534  while ((k >= 0) && !found)
4535  {
4536  int f;
4537  for (f=0; f<3 && !found; f++)
4538  {
4539  if (isLDR(fw,k+fbd[f][0]) && isLDR(fw,k+fbd[f][1]) && isLDR(fw,k+fbd[f][2]))
4540  {
4541  int reg = fw->buf[k+fbd[f][2]] & 0x000F0000; // Index register used
4542  int ka = 0;
4543  if (((fw->buf[k+fbd[f][0]] & 0x0000F000) << 4) == reg) { ka = k+fbd[f][0]; }
4544  else if (((fw->buf[k+fbd[f][1]] & 0x0000F000) << 4) == reg) { ka = k+fbd[f][1]; }
4545  if (ka > 0)
4546  {
4547  uint32_t adr = LDR2val(fw,ka);
4548  for (k1=k+2; k1<k+20; k1++)
4549  {
4550  if (isSTR(fw,k1) && ((fw->buf[k1] & 0x000F0000) == reg))
4551  {
4552  uint32_t ofst = fw->buf[k1] & 0x00000FFF;
4553  bprintf("DEF(%-40s,0x%08x) // Found 0x%04x (@0x%08x) + 0x%02x (@0x%08x)\n","viewport_fb_d",adr+ofst,adr,idx2adr(fw,ka),ofst,idx2adr(fw,k1));
4554  bprintf("//void *vid_get_viewport_fb_d() { return (void*)(*(int*)(0x%04x+0x%02x)); } // Found @0x%08x & 0x%08x\n",adr,ofst,idx2adr(fw,ka),idx2adr(fw,k1));
4555  found = 1;
4556  break;
4557  }
4558  }
4559  }
4560  }
4561  }
4562  k = find_nxt_str_ref(fw, sadr, k);
4563  }
4564 
4565  // find 'camera_jpeg_count_str'
4566  k = find_str_ref(fw, "9999");
4567  if (k >= 0)
4568  {
4569  if (isLDR(fw,k-1) && isBL(fw,k+1))
4570  {
4571  uint32_t v1 = LDR2val(fw,k-1);
4572  bprintf("DEF(%-40s,0x%08x) // Found @0x%08x\n","jpeg_count_str",v1,idx2adr(fw,k-1));
4573  bprintf("//char *camera_jpeg_count_str() { return (char*)0x%08x; } // Found @0x%08x\n",v1,idx2adr(fw,k-1));
4574  }
4575  }
4576 
4577 // // find 'hook_raw_size'
4578 // k = find_str_ref(fw, "CRAW BUFF SIZE %p");
4579 // if (k >= 0)
4580 // {
4581 // if (isLDR(fw,k-1))
4582 // {
4583 // uint32_t craw_bufsize = LDR2val(fw,k-1);
4584 // bprintf("//long hook_raw_size() { return 0x%08x; } // Found @0x%08x\n",craw_bufsize,idx2adr(fw,k-1));
4585 // }
4586 // }
4587 
4588  // Find value for 'get_flash_params_count'
4589  search_saved_sig(fw, "GetParameterData", match_get_flash_params_count, 0, 0, 30);
4590 }
int find_malloc_strictly ( firmware fw)

Definiert in Zeile 1284 der Datei finsig_dryos.c.

1285 {
1286 
1287  int s1 = find_str(fw,"Size: %ld");
1288  int s2 = find_str(fw,"Memory.c");
1289  int f1 = get_saved_sig(fw,"malloc");
1290  if ((s1 < 0)||(s2 < 0)||(f1 < 0))
1291  return 0;
1292  if (s1 < s2-16) // the two strings should be close
1293  s1 = find_Nth_str(fw,"Size: %ld",2); // this string has multiple instances, try the next one
1294  f1 = adr2idx(fw, func_names[f1].val);
1295 
1296  int r1 = find_nxt_str_ref(fw, s1, 0);
1297  int r2 = find_nxt_str_ref(fw, s2, 0);
1298  int l1 = 0;
1299  while((r1>0) && (r2>0) && (l1<2))
1300  {
1301  if (r2 == r1 + 3)
1302  {
1303  int m1 = find_inst_rev(fw,isBL,r1,6);
1304  if (m1 > 0)
1305  {
1306  int m2 = idxFollowBranch(fw,m1,0x01000001);
1307  if (m2 == f1)
1308  {
1309  m1 = find_inst_rev(fw,isSTMFD_LR,m1,3);
1310  if (m1 > 0)
1311  {
1312  fwAddMatch(fw,idx2adr(fw,m1),32,0,122);
1313  return 1;
1314  }
1315  }
1316  }
1317  }
1318  r1 = find_nxt_str_ref(fw, s1, r1+1);
1319  r2 = find_nxt_str_ref(fw, s2, r2+1);
1320  l1++;
1321  }
1322  return 0;
1323 }
void find_matches ( firmware fw,
const char *  curr_name 
)

Definiert in Zeile 3681 der Datei finsig_dryos.c.

3682 {
3683  FuncSig *sig, *s;
3684  BufRange *n;
3685  uint32_t *p;
3686  int i, j;
3687  int fail, success;
3688 
3689  int found_ev = 0;
3690 
3691  count = 0;
3692 
3693  // Already found (eventproc)?
3694  i = find_saved_sig(curr_name);
3695  if (i >= 0)
3696  {
3697  if ((func_names[i].val != 0) && (func_names[i].flags & EV_MATCH) != 0)
3698  {
3699  fwAddMatch(fw,func_names[i].val,32,0,120);
3700  found_ev = 1;
3701  }
3702  }
3703 
3704 
3705  // Try and match using 'string' based signature matching first
3706  for (i = 0; string_sigs[i].ev_name != 0 && !found_ev; i++)
3707  {
3708  if (strcmp(curr_name, string_sigs[i].name) == 0)
3709  {
3710  if (find_strsig(fw, &string_sigs[i]))
3711  {
3712  found_ev = 1;
3713  break;
3714  }
3715  }
3716  }
3717 
3718  // If not found see if the name is in the old style instruction compare match table
3719  // Set start value for j in next section if found
3720  if (!found_ev)
3721  {
3722  found_ev = 1;
3723  for (j=0; func_list[j].name; j++)
3724  {
3725  if (strcmp(curr_name,func_list[j].name) == 0)
3726  {
3727  found_ev = 0;
3728  break;
3729  }
3730  }
3731  }
3732 
3733  // Not found so far, try instruction comparison matching
3734  while (!found_ev)
3735  {
3736  sig = func_list[j].sig;
3737 
3738  for (n = fw->br; n != 0; n = n->next)
3739  {
3740  for (p = n->p, i = 0; i < n->len; p++, i++)
3741  {
3742  fail = 0;
3743  success = 0;
3744  for (s = sig; s->offs != -1; s++)
3745  {
3746  if ((p[s->offs] & s->mask) != s->value)
3747  fail++;
3748  else
3749  success++;
3750  }
3751  // If sig starts with STMFD and first instruction does not match ignore it
3752  if (((p[sig->offs] & sig->mask) != sig->value) && (sig->offs == 0) && (sig->value == 0xe92d0000)) success = 0;
3753  if (success > fail)
3754  {
3755  if (s->mask == -2)
3756  {
3757  int end_branch = 0;
3758  int idx = 0;
3759  uint32_t *p1 = 0;
3760  if ((fw->buf[n->off+i+s->value] & 0x0F000000) == 0x0A000000) // B
3761  {
3762  idx = adr2idx(fw, followBranch2(fw, idx2adr(fw,n->off+i+s->value), 0xF0000001));
3763  if ((idx >= 0) && (idx < fw->size))
3764  {
3765  end_branch = 1;
3766  p1 = &fw->buf[idx];
3767  }
3768  }
3769  int fail2 = 0;
3770  int success2 = 0;
3771  //fprintf(stderr,"\t%s %d %08x %08x %d %d\n",curr_name,idx,idx2adr(fw,idx),idx2adr(fw,i+n->off),success,fail);
3772  s++;
3773  for (; s->offs != -1; s++)
3774  {
3775  if (!end_branch || (p1[s->offs] & s->mask) != s->value){
3776  fail2++;
3777  } else {
3778  success2++;
3779  }
3780  }
3781  if (fail2 == 0)
3782  {
3783  success = success + fail + success2;
3784  fail = 0;
3785  }
3786  else
3787  {
3788  success = success + success2;
3789  fail = fail + fail2;
3790  }
3791  //fprintf(stderr,"\t%s %d %08x %08x %d %d\n",curr_name,idx,idx2adr(fw,idx),idx2adr(fw,i+n->off),success,fail);
3792  }
3793  }
3794  if (success > fail)
3795  {
3796  // Special case for drive space functions, see if there is a refernce to "Mounter.c" in the function
3797  // Increase match % if so, increase fail count if not
3798  if ((strcmp(curr_name, "GetDrive_ClusterSize") == 0) ||
3799  (strcmp(curr_name, "GetDrive_FreeClusters") == 0) ||
3800  (strcmp(curr_name, "GetDrive_TotalClusters") == 0))
3801  {
3802  int fnd = 0;
3803  for (s = sig; s->offs != -1; s++)
3804  {
3805  if (isLDR_PC_cond(fw,n->off+i+s->offs))
3806  {
3807  int m = adr2idx(fw,LDR2val(fw,n->off+i+s->offs));
3808  if ((m >= 0) && (m < fw->size) && (strcmp((char*)(&fw->buf[m]),"Mounter.c") == 0))
3809  {
3810  fnd = 1;
3811  }
3812  }
3813  else if (isADR_PC_cond(fw,n->off+i+s->offs))
3814  {
3815  int m = adr2idx(fw,ADR2adr(fw,n->off+i+s->offs));
3816  if ((m >= 0) && (m < fw->size) && (strcmp((char*)(&fw->buf[m]),"Mounter.c") == 0))
3817  {
3818  fnd = 1;
3819  }
3820  }
3821  }
3822  if (fnd)
3823  success++;
3824  else
3825  fail++;
3826  }
3827  fwAddMatch(fw,idx2adr(fw,i+n->off),success,fail,func_list[j].ver);
3828  if (count >= MAX_MATCHES)
3829  {
3830  bprintf("// WARNING: too many matches for %s!\n", func_list[j].name);
3831  break;
3832  }
3833  }
3834  }
3835  }
3836 
3837  // same name, so we have another version of the same function
3838  if ((func_list[j+1].name == NULL) || (strcmp(curr_name, func_list[j+1].name) != 0))
3839  {
3840  found_ev = 1;
3841  break;
3842  }
3843  j++;
3844  }
3845 
3846  if (count > 1)
3847  {
3848  qsort(matches, count, sizeof(Match), (void*)match_compare);
3849  }
3850 
3851  if (count > 0)
3852  {
3853  save_sig(curr_name, matches->ptr);
3854  }
3855 }
int find_max_ver ( const char *  name)

Definiert in Zeile 663 der Datei finsig_dryos.c.

664 {
665  int i;
666  for (i=0; max_ver[i].name != 0; i++)
667  {
668  if (strcmp(name,max_ver[i].name) == 0)
669  {
670  return max_ver[i].val;
671  }
672  }
673  return 99999;
674 }
int find_min_ver ( const char *  name)

Definiert in Zeile 650 der Datei finsig_dryos.c.

651 {
652  int i;
653  for (i=0; min_ver[i].name != 0; i++)
654  {
655  if (strcmp(name,min_ver[i].name) == 0)
656  {
657  return min_ver[i].val;
658  }
659  }
660  return 0;
661 }
int find_mkdir ( firmware fw,
string_sig sig,
int  k 
)

Definiert in Zeile 776 der Datei finsig_dryos.c.

777 {
778  if (fwval(fw,k) == 0x12CEA600)
779  {
780  int kk;
781  if (fw->dryos_ver > 58)
782  {
783  kk = k-26;
784  }
785  else
786  {
787  kk = k-20;
788  }
789  k = find_inst_rev(fw, isSTMFD_LR, kk, 200);
790  if (k != -1)
791  {
792  if ((((fwval(fw,k+12) & 0xFFF0FFFF) == 0xE350002F) && ((fwval(fw,k+15) & 0xFFF0FFFF) == 0xE3500021) && ((fwval(fw,k+19) & 0xFFF0FFFF) == 0xE3500020)) ||
793  (((fwval(fw,k+11) & 0xFFF0FFFF) == 0xE350002F) && ((fwval(fw,k+14) & 0xFFF0FFFF) == 0xE3500021) && ((fwval(fw,k+18) & 0xFFF0FFFF) == 0xE3500020)))
794  {
795  uint32_t fadr = 0;
796  if (isBL(fw,k+47))
797  {
798  fadr = followBranch(fw, idx2adr(fw,k+47), 0x01000001);
799  }
800  else if (isBL(fw,k+48))
801  {
802  fadr = followBranch(fw, idx2adr(fw,k+48), 0x01000001);
803  }
804  if (fadr != 0)
805  {
806  fwAddMatch(fw,fadr,32,0,121);
807  return 1;
808  }
809  }
810  }
811  }
812  return 0;
813 }
void find_modemap ( firmware fw)

Definiert in Zeile 4055 der Datei finsig_dryos.c.

4056 {
4057  out_hdr = 1;
4058 
4059  // Find 'FlashParamsTable'
4060  search_fw(fw, match_FlashParamsTable, 0, 0, 1);
4061  // Find 'modelist'
4062  if (FlashParamsTable_address != 0)
4063  {
4064  add_blankline();
4065  bprintf("// Check of modemap from 'platform/CAMERA/shooting.c':\n");
4067  }
4068 }
void find_other_vals ( firmware fw)

Definiert in Zeile 6737 der Datei finsig_dryos.c.

6738 {
6739  out_hdr = 1;
6740  add_blankline();
6741 
6742  bprintf("// Misc stuff\n");
6743 
6744  if (!search_fw_bytes(fw, find_ctypes))
6745  {
6746  bprintf("//DEF(ctypes, *** Not Found ***)\n");
6747  }
6748 
6749  add_blankline();
6750  print_exmem_types(fw);
6752  find_leds(fw);
6753 
6754  // Look for nrflag (for capt_seq.c)
6755  int found = 0;
6756  if (fw->dryos_ver >= 45)
6757  {
6758  found = search_saved_sig(fw, "NR_SetDarkSubType", match_nrflag, 0, 0, 1);
6759  }
6760  if (!found)
6761  {
6762  search_saved_sig(fw, "NR_GetDarkSubType", match_nrflag2, 0, 0, 20);
6763  }
6764 }
void find_platform_vals ( firmware fw)

Definiert in Zeile 4098 der Datei finsig_dryos.c.

4099 {
4100  int k,k1;
4101 
4102  out_hdr = 1;
4103  add_blankline();
4104 
4105  bprintf("// Values below go in 'platform_camera.h':\n");
4106  bprintf("//#define CAM_DRYOS 1\n");
4107  if (fw->dryos_ver >= 39)
4108  bprintf("//#define CAM_DRYOS_2_3_R39 1 // Defined for cameras with DryOS version R39 or higher\n");
4109  if (fw->dryos_ver >= 47)
4110  bprintf("//#define CAM_DRYOS_2_3_R47 1 // Defined for cameras with DryOS version R47 or higher\n");
4111  if (fw->dryos_ver >= 59)
4112  bprintf("//#define CAM_DRYOS_2_3_R59 1 // Defined for cameras with DryOS version R59 or higher\n");
4113 
4114  // Find 'RAW' image size
4115  uint32_t raw_width = 0;
4116  uint32_t raw_height = 0;
4117  uint32_t kw=0, kh=0;
4118 
4119  k = find_str_ref(fw, "\r[%ld] AdjDrvType[%02ld] -> DrvType[%02");
4120  if (k >= 0)
4121  {
4122  // Width
4123  for (k1 = k-1; k1 >= k-20; k1--)
4124  {
4125  if ((fw->buf[k1] & 0x0FFF0FFF) == 0x058D0034) // STRxx Rn, [SP,#0x34]
4126  {
4127  if ((fw->buf[k1-1] & 0x0FFF0000) == 0x03A00000) // MOVxx Rn, #YYY
4128  {
4129  raw_width = ALUop2(fw, k1-1);
4130  kw = k1-1;
4131  }
4132  else if ((fw->buf[k1-2] & 0x0FFF0000) == 0x03A00000)// MOVxx Rn, #YYY
4133  {
4134  raw_width = ALUop2(fw, k1-2);
4135  kw = k1-2;
4136  }
4137  else if (isLDR_PC_cond(fw,k1-1))
4138  {
4139  raw_width = LDR2val(fw,k1-1);
4140  kw = k1-1;
4141  }
4142  else if (isLDR_PC_cond(fw,k1-2))
4143  {
4144  raw_width = LDR2val(fw,k1-2);
4145  kw = k1-2;
4146  }
4147  }
4148  }
4149  // Height
4150  for (k1 = k-1; k1 >= k-20; k1--)
4151  {
4152  if ((fw->buf[k1] & 0x0FFF0FFF) == 0x058D0030) // STRxx Rn, [SP,#0x30]
4153  {
4154  if ((fw->buf[k1-1] & 0x0FFF0000) == 0x03A00000) // MOVxx Rn, #YYY
4155  {
4156  raw_height = ALUop2(fw, k1-1);
4157  kh = k1-1;
4158  }
4159  else if ((fw->buf[k1-2] & 0x0FFF0000) == 0x03A00000)// MOVxx Rn, #YYY
4160  {
4161  raw_height = ALUop2(fw, k1-2);
4162  kh = k1-2;
4163  }
4164  else if (isLDR_PC_cond(fw,k1-1))
4165  {
4166  raw_height = LDR2val(fw,k1-1);
4167  kh = k1-1;
4168  }
4169  else if (isLDR_PC_cond(fw,k1-2))
4170  {
4171  raw_height = LDR2val(fw,k1-2);
4172  kh = k1-2;
4173  }
4174  if ((fw->buf[k1-1] & 0x0FFF0000) == 0x02400000) // SUBxx Rn, #YYY
4175  {
4176  raw_height = raw_width - ALUop2(fw, k1-1);
4177  kh = k1-1;
4178  }
4179  }
4180  }
4181  }
4182 
4183  if ((raw_width == 0) && (raw_height == 0))
4184  {
4185  k = find_str_ref(fw, " CrwAddress %lx, CrwSize H %ld V %ld\r");
4186  if (k >= 0)
4187  {
4188  // Width
4189  for (k1=k-1; k1>=k-5; k1--)
4190  {
4191  if ((fw->buf[k1] & 0xFFFFF000) == 0xE3A02000) // MOV R2, #nnn
4192  {
4193  raw_width = ALUop2(fw,k1);
4194  kw = k1;
4195  }
4196  else
4197  if (isLDR_PC(fw,k1) && ((fw->buf[k1]& 0x0000F000) == 0x00002000)) // LDR R2, =nnn
4198  {
4199  raw_width = LDR2val(fw,k1);
4200  kw = k1;
4201  }
4202  }
4203  // Height
4204  for (k1=k-1; k1>=k-5; k1--)
4205  {
4206  if ((fw->buf[k1] & 0xFFFFF000) == 0xE3A03000) // MOV R3, #nnn
4207  {
4208  raw_height = ALUop2(fw,k1);
4209  kh = k1;
4210  }
4211  else
4212  if (isLDR_PC(fw,k1) && ((fw->buf[k1]& 0x0000F000) == 0x00003000)) // LDR R3, =nnn
4213  {
4214  raw_height = LDR2val(fw,k1);
4215  kh = k1;
4216  }
4217  else
4218  if ((fw->buf[k1] & 0xFFFFF000) == 0xE2423000) // SUB R3, R2, #nnn
4219  {
4220  raw_height = raw_width - ALUop2(fw,k1);
4221  kh = k1;
4222  }
4223  }
4224  }
4225  }
4226 
4227  if (raw_width != 0)
4228  {
4229  bprintf("//#define CAM_RAW_ROWPIX %d // Found @0x%08x\n",raw_width,idx2adr(fw,kw));
4230  }
4231  else
4232  {
4233  bprintf("//#define CAM_RAW_ROWPIX *** Not Found ***\n");
4234  }
4235  if (raw_height != 0)
4236  {
4237  bprintf("//#define CAM_RAW_ROWS %d // Found @0x%08x\n",raw_height,idx2adr(fw,kh));
4238  }
4239  else
4240  {
4241  bprintf("//#define CAM_RAW_ROWS *** Not Found ***\n");
4242  }
4243 
4244  // Find 'CAM_UNCACHED_BIT'
4245  if (fw->uncached_adr_idx != 0)
4246  {
4247  bprintf("//#undef CAM_UNCACHED_BIT\n");
4248  bprintf("//#define CAM_UNCACHED_BIT 0x%08x // Found @0x%08x\n",fw->uncached_adr,idx2adr(fw,fw->uncached_adr_idx));
4249  }
4250 
4251  // Look for CAM_DATE_FOLDER_NAMING value
4252  k = get_saved_sig(fw,"GetImageFolder");
4253  if (k >= 0)
4254  {
4255  uint32_t fadr = func_names[k].val;
4256  int s = adr2idx(fw,fadr);
4257  int e = find_inst(fw, isLDMFD_PC, s+1, 160);
4258  for (k1=s+1; k1<s+16; k1++)
4259  {
4260  if (isMOV(fw,k1) && (fwRnMOV(fw,k1) == 2))
4261  {
4262  int r1 = fwRd(fw,k1);
4263  int k2;
4264  for (k2=e-32; k2<e; k2++)
4265  {
4266  int b = 0;
4267  if (isMOV(fw,k2) && isBL(fw,k2+1) && (fwRnMOV(fw,k2) == r1))
4268  b = 1;
4269  else if (isMOV(fw,k2) && isBL(fw,k2+7) && (fwRnMOV(fw,k2) == r1))
4270  b = 7;
4271  if (b != 0)
4272  {
4273  int r2 = fwRd(fw,k2);
4274  fadr = followBranch2(fw,idx2adr(fw,k2+b),0x01000001);
4275  k = adr2idx(fw,fadr);
4276  int k3;
4277  for (k3=k; k3<k+8; k3++)
4278  {
4279  if (isCMP(fw,k3) && (fwRn(fw,k3) == r2))
4280  {
4281  int val = ALUop2(fw,k3);
4282  bprintf("//#define CAM_DATE_FOLDER_NAMING 0x%03x // Found @0x%08x (pass as 3rd param to GetImageFolder)\n",val,idx2adr(fw,k3));
4283  }
4284  }
4285  }
4286  }
4287  }
4288  }
4289  }
4290 
4291  // Find 'PARAM_CAMERA_NAME'
4292  if (FlashParamsTable_address != 0)
4293  {
4295  for (k=k1; k<k1+20; k++)
4296  {
4297  uint32_t fadr = fwval(fw,k);
4298  int k2 = adr2idx(fw,fadr);
4299  if (idx_valid(fw,k2))
4300  {
4301  uint32_t sadr = fwval(fw,k2);
4302  k2 = adr2idx(fw,sadr);
4303  if (idx_valid(fw,k2))
4304  {
4305  char *s = adr2ptr(fw,sadr);
4306  if (((fw->cam != 0) && (strcmp(s,fw->cam) == 0)) || (strcmp(s,"Unknown") == 0))
4307  {
4308  bprintf("//#define PARAM_CAMERA_NAME %d // Found @0x%08x\n",k-k1,fadr);
4309  break;
4310  }
4311  }
4312  }
4313  }
4314  }
4315 
4317 
4318  k = get_saved_sig(fw,"task_FileWrite");
4319  if (k >= 0)
4320  {
4321  uint32_t fadr = func_names[k].val;
4322  k1 = adr2idx(fw, fadr);
4323  for (k=1; k<32; k++)
4324  {
4325  if ((fwval(fw, k1+k) & 0x0fffff00) == 0x008ff100) // add[cond] pc, pc, rx, lsl#2
4326  {
4327  for (k++;isB(fw,k1+k) && idxFollowBranch(fw,k1+k,1) != idxFollowBranch(fw,k1+k-1,1);k++);
4328  int c = 1;
4329  for (;isB(fw,k1+k) && idxFollowBranch(fw,k1+k,1) == idxFollowBranch(fw,k1+k-1,1);k++,c++);
4330  bprintf("\n// Below goes in 'filewrite.c' or 'platform_camera.h':\n");
4331  bprintf("//#define MAX_CHUNKS_FOR_FWT %d // Found @0x%08x\n",c,idx2adr(fw,k+k1));
4332  break;
4333  }
4334  }
4335  }
4336 }
int find_pow ( firmware fw,
string_sig sig,
int  j 
)

Definiert in Zeile 816 der Datei finsig_dryos.c.

817 {
818  // Find values passed to _pow
819  if ((fwval(fw,j) == 0x00000000) && (fwval(fw,j+1) == 0x40000000) && (fwval(fw,j+2) == 0x00000000) && (fwval(fw,j+3) == 0x408F4000))
820  {
821  uint32_t adr1 = idx2adr(fw,j); // address of 1st value
822  uint32_t adr2 = idx2adr(fw,j+2); // address of 2nd value
823  int j1;
824 
825  for (j1 = j-5; j1>0; j1--)
826  {
827  if (isADR_PC_cond(fw,j1) && // ADR ?
828  (fwval(fw,j1+1) == 0xE8900003) && // LDMIA R0,{R0,R1}
829  isBL(fw,j1+2) && // BL
830  isADR_PC_cond(fw,j1+4)) // ADR ?
831  {
832  if ((ADR2adr(fw,j1) == adr1) && (ADR2adr(fw,j1+4) == adr2))
833  {
834  uint32_t fadr = followBranch(fw,idx2adr(fw,j1+2),0x01000001);
835  fwAddMatch(fw,fadr,32,0,121);
836  return 1;
837  }
838  }
839  else
840  if (isADR_PC_cond(fw,j1) && // ADR ?
841  (fwval(fw,j1+2) == 0xE8900003) && // LDMIA R0,{R0,R1}
842  isBL(fw,j1+3) && // BL
843  isADR_PC_cond(fw,j1+4)) // ADR ?
844  {
845  if ((ADR2adr(fw,j1) == adr1) && (ADR2adr(fw,j1+4) == adr2))
846  {
847  uint32_t fadr = followBranch(fw,idx2adr(fw,j1+3),0x01000001);
848  fwAddMatch(fw,fadr,32,0,121);
849  return 1;
850  }
851  }
852  }
853  }
854 
855  return 0;
856 }
void find_prop_matches ( firmware fw)

Definiert in Zeile 6643 der Datei finsig_dryos.c.

6644 {
6645  int i;
6646 
6647  for (i = 0; prop_sigs[i].type > -1; i++)
6648  {
6649  curr_prop_name = (uintptr_t)prop_sigs[i].name; // name (enum) has to be passed via a global
6650  find_strsig2(fw, &prop_sigs[i]);
6651  }
6652 
6653 }
void find_propset ( firmware fw)

Definiert in Zeile 6655 der Datei finsig_dryos.c.

6656 {
6657  uint32_t used=0;
6659 
6660  memset(hits, 0, KNOWN_PROPSET_COUNT*sizeof(uint32_t));
6661 
6662  find_prop_matches(fw);
6663 
6664  bprintf("\n// Known propcases\n");
6665 
6666  int n;
6667  for (n=0; n<PROPCASE_HANDLED_COUNT; n++)
6668  {
6669  used += knownprops[n].use>0?1:0;
6670  if (knownprops[n].id >= 0)
6671  {
6672  if (knownprops[n].use)
6673  {
6674  if (knownprops[n].id == knownprops[n].id_ps2) hits[2-1] += 1;
6675  if (knownprops[n].id == knownprops[n].id_ps3) hits[3-1] += 1;
6676  if (knownprops[n].id == knownprops[n].id_ps4) hits[4-1] += 1;
6677  if (knownprops[n].id == knownprops[n].id_ps5) hits[5-1] += 1;
6678  if (knownprops[n].id == knownprops[n].id_ps6) hits[6-1] += 1;
6679  if (knownprops[n].id == knownprops[n].id_ps7) hits[7-1] += 1;
6680  if (knownprops[n].id == knownprops[n].id_ps8) hits[8-1] += 1;
6681  if (knownprops[n].id == knownprops[n].id_ps9) hits[9-1] += 1;
6682  if (knownprops[n].id == knownprops[n].id_ps10) hits[10-1] += 1;
6683  }
6684  if (knownprops[n].use == 1)
6685  {
6686  bprintf("// #define %s %i\n", prop_names[n], knownprops[n].id);
6687  }
6688  else
6689  {
6690  // propcases not used by CHDK, name may be made up
6691  bprintf("// // %s %i\n", prop_names[n], knownprops[n].id);
6692  }
6693  }
6694  else
6695  {
6696  bprintf("// %s not found\n", prop_names[n]);
6697  }
6698  }
6699  bprintf("// Guessed propset: ");
6700  int m = 0;
6701  int fmax = 0;
6702  int okay = 0;
6703  for (n=1; n<KNOWN_PROPSET_COUNT; n++)
6704  {
6705  if (hits[n] == used)
6706  {
6707  if (m) bprintf(", ");
6708  bprintf("%i", n+1);
6709  if (fw->sv->propset == n+1) okay = 1; // if the propset equals to (one of) the complete propset matches
6710  m += 1;
6711  }
6712  if (hits[n] > fmax) fmax = hits[n];
6713  }
6714  if (m == 0)
6715  {
6716  bprintf("uncertain (%i of %u match), closest to ",fmax,used);
6717  for (n=1; n<KNOWN_PROPSET_COUNT; n++)
6718  {
6719  if (hits[n] == fmax)
6720  {
6721  if (m) bprintf(", ");
6722  bprintf("%i", n+1);
6723  if (fw->sv->propset == n+1) okay = 1; // if the propset equals to (one of) the most complete propset matches
6724  m += 1;
6725  }
6726  }
6727  }
6728  bprintf("\n");
6729  if (!okay && fw->sv->propset>0)
6730  {
6731  // only shown when there's a clear mismatch
6732  bprintf("// Port's propset (%i) may be set incorrectly\n", fw->sv->propset);
6733  }
6734 }
int find_PT_PlaySound ( firmware fw)

Definiert in Zeile 1054 der Datei finsig_dryos.c.

1055 {
1056  int j, k;
1057  int k1 = get_saved_sig(fw,"LogCameraEvent");
1058 
1059  if (k1 >= 0)
1060  {
1061  j = find_str_ref(fw,"BufAccBeep");
1062  if (j >= 0)
1063  {
1064  k = find_inst(fw, isBL, j+1, 4);
1065  if (k >= 0)
1066  {
1067  uint32_t fadr = followBranch(fw, idx2adr(fw,k), 0x01000001);
1068  if (func_names[k1].val == fadr)
1069  {
1070  k = find_inst(fw, isB, k+1, 10);
1071  fadr = followBranch(fw, idx2adr(fw, k), 1);
1072  fwAddMatch(fw,fadr,32,0,122);
1073  return 1;
1074  }
1075  }
1076  }
1077  }
1078 
1079  return 0;
1080 }
int find_ptp_handler_imm ( firmware fw,
int  k 
)

Definiert in Zeile 7569 der Datei finsig_dryos.c.

7570 {
7571  int o;
7572 
7573  uint32_t op=0;
7574  uint32_t handler=0;
7575 
7576 // fprintf(stderr,"find_ptp_handler_imm 0x%x\n",idx2adr(fw,k));
7577  for (o=-1; o>-7; o--)
7578  {
7579  if (isLDR_PC(fw,k+o))
7580  {
7581  if(fwRd(fw,k+o) == 0)
7582  {
7583  op = LDR2val(fw,k+o);
7584  }
7585  else if(fwRd(fw,k+o) == 1){
7586  handler = LDR2val(fw,k+o);
7587  }
7588  }
7589  // only expect handler to come from adr
7590  else if (isADR_PC(fw,k+o) && (fwRd(fw,k+o) == 1))
7591  {
7592  handler=ADR2adr(fw,k+o);
7593  }
7594  // TODO op can also be genrated by shifts and bit operations
7595  if(op && handler) {
7596 // fprintf(stderr,"find_ptp_handler_imm found 0x%x 0x%x\n",op,handler);
7597  return save_ptp_handler_func(op,handler);
7598  }
7599  }
7600 // fprintf(stderr,"find_ptp_handler_imm not found\n");
7601  return 0;
7602 }
void find_ptp_handlers ( firmware fw)

Definiert in Zeile 7644 der Datei finsig_dryos.c.

7645 {
7646  int k = get_saved_sig(fw,"add_ptp_handler");
7647  if (k >= 0)
7648  {
7649  search_fw(fw, match_ptp_handlers, func_names[k].val, 0, 128);
7650  }
7651 }
int find_rand ( firmware fw,
string_sig sig,
int  j 
)

Definiert in Zeile 859 der Datei finsig_dryos.c.

860 {
861  if (fwval(fw,j) == 0x41C64E6D)
862  {
863  int j1;
864 
865  for (j1 = j-1; j1>j-30; j1--)
866  {
867  if (isLDR_PC_cond(fw,j1) && // LDR Rx, =0x41C64E6D
868  (LDR2val(fw,j1) == 0x41C64E6D)) // LDMIA R0,{R0,R1}
869  {
870  int k = find_inst_rev(fw, isBX_LR,j1-1,15);
871  if (k >= 0)
872  {
873  uint32_t fadr = idx2adr(fw, k+1);
874  fwAddMatch(fw,fadr,32,0,121);
875  return 1;
876  }
877  }
878  }
879  }
880 
881  return 0;
882 }
int find_Remove ( firmware fw)

Definiert in Zeile 2030 der Datei finsig_dryos.c.

2031 {
2032  int f1 = get_saved_sig(fw,"Close");
2033  if(f1 < 0)
2034  return 0;
2035 
2036  f1 = adr2idx(fw, func_names[f1].val);
2037  int f2, blcnt, i;
2038  f2 = find_str_ref(fw,"File Write Fail.");
2039  if(f2 == -1)
2040  return 0;
2041  // looking for 1st bl after Close
2042  for(i=1, blcnt=0; i<8 && blcnt < 2; i++) {
2043  if(!isBL(fw,f2+i)) {
2044  continue;
2045  }
2046  // is it Close?
2047  if(idxFollowBranch(fw,f2+i,0x01000001)==f1) {
2048  blcnt++;
2049  continue;
2050  }
2051  else if(idxFollowBranch(fw,idxFollowBranch(fw,f2+i,0x01000001),0x01000001)==f1) {
2052  blcnt++;
2053  continue;
2054  }
2055  if (blcnt == 1) {
2056  f2 = idxFollowBranch(fw,f2+i,0x01000001);
2057  fwAddMatch(fw,idx2adr(fw,f2),32,0,122);
2058  return 1;
2059  }
2060  }
2061  return 0;
2062 }
int find_Restart ( firmware fw)

Definiert in Zeile 996 der Datei finsig_dryos.c.

997 {
998  int j = get_saved_sig(fw,"reboot_fw_update");
999  if (j >= 0)
1000  {
1001  int k = get_saved_sig(fw,"StopWDT_FW");
1002  if (k >= 0)
1003  {
1004  j = adr2idx(fw, func_names[j].val);
1005  int i;
1006  for (i=j+1; i<j+100; i++)
1007  {
1008  if (isBL(fw,i) && isBL(fw,i+2))
1009  {
1010  // find call to StopWDT_FW
1011  uint32_t fadr = followBranch(fw, idx2adr(fw, i), 0x01000001);
1012  if (func_names[k].val == fadr)
1013  {
1014  fadr = followBranch(fw, idx2adr(fw, i+2), 0x01000001);
1015  fwAddMatch(fw,fadr,32,0,122);
1016  return 1;
1017  }
1018  }
1019  }
1020  }
1021  }
1022 
1023  return 0;
1024 }
int find_saved_sig ( const char *  name)

Definiert in Zeile 544 der Datei finsig_dryos.c.

545 {
546  int i;
547  for (i=0; func_names[i].name != 0; i++)
548  {
549  if (strcmp(name,func_names[i].name) == 0)
550  {
551  return i;
552  }
553  }
554  return -1;
555 }
int find_sethptimeraftertimeout ( firmware fw)

Definiert in Zeile 1773 der Datei finsig_dryos.c.

1774 {
1775  int sadr = find_str(fw, "FrameRateGenerator.c");
1776  int j = find_nxt_str_ref(fw, sadr, -1);
1777  if (j < 0)
1778  return 0;
1779  int f1, f2, n;
1780  for (n=0; n<2; n++)
1781  {
1782  f1 = find_inst_rev(fw, isBL, j-1, 7);
1783  f2 = find_Nth_inst_rev(fw, isBL, j-1, 128, 2);
1784  // check whether previous BL is too close
1785  if ((f1 < 1) || (f1-f2<8))
1786  {
1787  j = find_nxt_str_ref(fw, sadr, j+1);
1788  if (j < 0)
1789  return 0;
1790  }
1791  else
1792  {
1793  f1 = idxFollowBranch(fw,f1,0x01000001);
1794  fwAddMatch(fw,idx2adr(fw,f1),32,0,122);
1795  return 1;
1796  }
1797  }
1798  return 0;
1799 }
int find_srand ( firmware fw)

Definiert in Zeile 1271 der Datei finsig_dryos.c.

1272 {
1273  int k = get_saved_sig(fw,"rand");
1274  if (k >= 0)
1275  {
1276  k = adr2idx(fw, func_names[k].val) - 3;
1277  if (isLDR_PC(fw,k) && isSTR(fw,k+1) && isBX_LR(fw,k+2))
1278  fwAddMatch(fw,idx2adr(fw,k),32,0,122);
1279  }
1280 
1281  return 0;
1282 }
void find_str_sig_matches ( firmware fw,
const char *  curr_name 
)

Definiert in Zeile 3648 der Datei finsig_dryos.c.

3649 {
3650  int i;
3651 
3652  int found_ev = 0;
3653 
3654  count = 0;
3655 
3656  for (i = 0; string_sigs[i].ev_name != 0 && !found_ev; i++)
3657  {
3658  if (strcmp(curr_name, string_sigs[i].name) == 0)
3659  {
3660  if (find_strsig(fw, &string_sigs[i]))
3661  {
3662  found_ev = 1;
3663  break;
3664  }
3665  }
3666  }
3667 
3668  if (count > 1)
3669  {
3670  qsort(matches, count, sizeof(Match), (void*)match_compare);
3671  }
3672 
3673  if (count > 0)
3674  {
3675  save_sig(curr_name, matches->ptr);
3676  }
3677 }
int find_strsig ( firmware fw,
string_sig sig 
)

Definiert in Zeile 3603 der Datei finsig_dryos.c.

3604 {
3605  switch (sig->type)
3606  {
3607  case 1: return fw_string_process(fw, sig, match_strsig1, 1);
3608  case 2: return fw_string_process_unaligned(fw, sig, match_strsig2);
3609  case 3: return fw_string_process(fw, sig, match_strsig3, 1);
3610  case 4: return fw_string_process(fw, sig, match_strsig4, 1);
3611  case 5: return fw_string_process(fw, sig, match_strsig5, 1);
3612  case 6: return fw_string_process(fw, sig, match_strsig6, 1);
3613  case 7: return fw_string_process(fw, sig, match_strsig7, 1);
3614  case 8: return find_strsig8(fw, sig);
3615  case 9: return find_strsig9(fw, sig);
3616  case 11: return fw_string_process(fw, sig, match_strsig11, 0);
3617  case 12: return find_strsig12(fw, sig);
3618  case 13: return fw_string_process_unaligned(fw, sig, match_strsig13);
3619  case 15: return fw_string_process(fw, sig, match_strsig15, 1);
3620  case 16: return fw_process(fw, sig, match_strsig16);
3621  case 17: return find_strsig17(fw, sig);
3622  case 19: return find_strsig19(fw, sig);
3623  case 20:
3624  {
3625  int j = find_saved_sig(sig->ev_name);
3626  if (j >= 0)
3627  {
3628  uint32_t fadr = followBranch2(fw,func_names[j].val,sig->offset);
3629  fwAddMatch(fw,fadr,32,0,120);
3630  return 1;
3631  }
3632  return 0;
3633  }
3634  case 21: return fw_process(fw, sig, (int (*)(firmware*, string_sig*, int))(sig->ev_name));
3635  case 22: return ((int (*)(firmware*,int))(sig->ev_name))(fw,sig->offset);
3636  case 23: return fw_string_process(fw, sig, match_strsig23, 1);
3637  case 24: return fw_string_process(fw, sig, match_strsig24, 0);
3638  }
3639 
3640  return 0;
3641 }
int find_strsig12 ( firmware fw,
string_sig sig 
)

Definiert in Zeile 3226 der Datei finsig_dryos.c.

3227 {
3228  int j = get_saved_sig(fw,"CreateJumptable");
3229 
3230  int ofst = dryos_offset(fw, sig);
3231 
3232  if (ofst == 0) return 0;
3233 
3234  if (j >= 0)
3235  {
3236  if (func_names[j].val != 0)
3237  {
3238  int idx = adr2idx(fw, func_names[j].val);
3239  for(; !isBX_LR(fw,idx); idx++) // BX LR
3240  {
3241  if (((fwval(fw,idx+1) & 0xFFFFF000) == 0xE5801000) && // STR R1,[R0,nnn]
3242  (fwOp2(fw,idx+1) == ofst))
3243  {
3244  uint32_t fadr = LDR2val(fw,idx);
3245  uint32_t bfadr = followBranch2(fw,fadr,sig->offset);
3246  if ((sig->offset <= 1) || ((bfadr != fadr) && ((fw->buf[adr2idx(fw,fadr)] & 0xFFFF0000) == 0xE92D0000)))
3247  {
3248  fwAddMatch(fw,bfadr,32,0,112);
3249  return 1;
3250  }
3251  }
3252  else if (isB(fw,idx)) // B
3253  {
3254  idx = adr2idx(fw,followBranch(fw,idx2adr(fw,idx),1)) - 1;
3255  }
3256  }
3257  }
3258  }
3259 
3260  return 0;
3261 }
int find_strsig17 ( firmware fw,
string_sig sig 
)

Definiert in Zeile 3375 der Datei finsig_dryos.c.

3376 {
3377  int j = get_saved_sig(fw,"StartRecModeMenu");
3378 
3379  if (j >= 0)
3380  {
3381  if (func_names[j].val != 0)
3382  {
3383  int idx = adr2idx(fw, func_names[j].val);
3384  int k = 0;
3385  if (fw->dryos_ver < 58)
3386  {
3387  if (isLDR_PC(fw,idx-3) && isMOV_immed(fw,idx-2) && isB(fw,idx-1))
3388  {
3389  k = adr2idx(fw,LDR2val(fw,idx-3));
3390  }
3391  else if (isMOV_immed(fw,idx-3) && isADR_PC(fw,idx-2) && isB(fw,idx-1))
3392  {
3393  k = adr2idx(fw,ADR2adr(fw,idx-2));
3394  }
3395  }
3396  else
3397  {
3398  int l = find_inst_rev(fw, isBL, idx-1, 4);
3399  if (l > 0)
3400  {
3401  if (isLDR_PC(fw,l-2) && isMOV_immed(fw,l-1))
3402  {
3403  k = adr2idx(fw,LDR2val(fw,l-2));
3404  }
3405  }
3406  }
3407  if (k != 0)
3408  {
3409  uint32_t fadr = 0;
3410  if (strcmp(sig->name,"ScreenLock") == 0)
3411  fadr = followBranch(fw,idx2adr(fw,k+1),0x01000001);
3412  else
3413  {
3414  k = find_inst(fw, isLDMFD, k+1, 60);
3415  if (fw->dryos_ver < 58)
3416  {
3417  fadr = followBranch(fw,idx2adr(fw,k-1),0x01000001);
3418  }
3419  else
3420  {
3421  k = find_inst_rev(fw, isBL, k-1, 4);
3422  if (k > 0)
3423  {
3424  fadr = followBranch(fw,idx2adr(fw,k),0x01000001);
3425  }
3426  }
3427  }
3428  if (fadr > 0)
3429  {
3430  fwAddMatch(fw,fadr,32,0,117);
3431  return 1;
3432  }
3433  }
3434  }
3435  }
3436 
3437  return 0;
3438 }
int find_strsig19 ( firmware fw,
string_sig sig 
)

Definiert in Zeile 3450 der Datei finsig_dryos.c.

3451 {
3452  int j = get_saved_sig(fw,sig->ev_name);
3453  if (j >= 0)
3454  {
3455  if (func_names[j].val != 0) // address, not idx
3456  {
3457  int ofst = dryos_offset(fw, sig);
3458  int neg = 1;
3459  if (ofst<0)
3460  {
3461  neg=-1;
3462  ofst=-ofst;
3463  }
3464  int addoffs = (ofst & 0xf00)>>8;
3465  uint32_t fadr = func_names[j].val+neg*(ofst&0xff)*4;
3466  int k = 0;
3467  switch ((ofst&0xf000)>>12)
3468  {
3469  case 0: k = isLDMFD_PC(fw, adr2idx(fw, fadr)-1-addoffs); break;
3470  case 1: k = isB(fw, adr2idx(fw, fadr)-1-addoffs); break;
3471  case 2: k = ((fwval(fw, adr2idx(fw, fadr)-1-addoffs) & 0x0f000000) == 0x0a000000); break; // B cond.
3472  case 3: k = (fwval(fw, adr2idx(fw, fadr)-1-addoffs) == 0xE1A0F00E); break; // mov pc, lr
3473  case 4: k = (fwval(fw, adr2idx(fw, fadr)-1-addoffs) == 0xE12FFF1E); break; // bx lr
3474  default: return 0;
3475  }
3476  if (k)
3477  {
3478  fwAddMatch(fw,fadr,32,0,119);
3479  return 1;
3480  }
3481  }
3482  }
3483 
3484  return 0;
3485 }
int find_strsig2 ( firmware fw,
string_sig sig 
)

Definiert in Zeile 6633 der Datei finsig_dryos.c.

6634 {
6635  switch (sig->type)
6636  {
6637  case 1: return fw_string_process(fw, sig, match_propsig1, 1);
6638  }
6639 
6640  return 0;
6641 }
int find_strsig8 ( firmware fw,
string_sig sig 
)

Definiert in Zeile 3103 der Datei finsig_dryos.c.

3104 {
3105  uint32_t fadr = 0;
3106  int srch = 20;
3107 
3108  // Find "UpdateMBROnFlash" code
3109  int j = get_saved_sig(fw,"UpdateMBROnFlash");
3110  if (j >= 0)
3111  {
3112  fadr = func_names[j].val;
3113  }
3114  else
3115  {
3116  j = get_saved_sig(fw,"MakeSDCardBootable");
3117  if (j >= 0)
3118  {
3119  fadr = func_names[j].val;
3120  srch = 32;
3121  }
3122  }
3123 
3124  if (fadr == 0) return 0;
3125 
3126  int idx = adr2idx(fw, fadr);
3127  ofst = -1;
3128 
3129  for (j=idx+srch; j<idx+srch+12; j++)
3130  {
3131  if (isLDR(fw,j) && isLDR(fw,j+1) && isLDR(fw,j+2))
3132  {
3133  ofst = fwOp2(fw,j) + fwOp2(fw,j+1) + fwOp2(fw,j+2);
3134  break;
3135  }
3136  }
3137 
3138  if (ofst == -1) return 0;
3139 
3140  return fw_string_process(fw, sig, match_strsig8, 1);
3141 }
int find_strsig9 ( firmware fw,
string_sig sig 
)

Definiert in Zeile 3148 der Datei finsig_dryos.c.

3149 {
3150  int j = get_saved_sig(fw,sig->ev_name);
3151  if (j >= 0)
3152  {
3153  if (func_names[j].val != 0)
3154  {
3155  int ofst = dryos_offset(fw, sig);
3156  uint32_t fadr = followBranch(fw, func_names[j].val+ofst*4, 0xF1000001);
3157  if ((sig->offset == -1) || (fadr != func_names[j].val+ofst*4))
3158  {
3159  uint32_t fadr2 = fadr;
3160  if (sig->offset != -1) fadr2 = followBranch2(fw, fadr2, sig->offset);
3161  if ((sig->offset <= 0) || (fadr2 != fadr))
3162  {
3163  fwAddMatch(fw,fadr2,32,0,109);
3164  return 1;
3165  }
3166  }
3167  }
3168  }
3169 
3170  return 0;
3171 }
void find_stubs_min ( firmware fw)

Definiert in Zeile 5338 der Datei finsig_dryos.c.

5339 {
5340  int k,k1;
5341 
5342  out_hdr = 1;
5343  add_blankline();
5344 
5345  bprintf("// Values below can be overridden in 'stubs_min.S':\n");
5346 
5347  // Find 'physw_status'
5348  search_saved_sig(fw, "kbd_read_keys", match_physw_status, 0, 0, 5);
5349 
5350  // Find 'physw_run' & 'physw_sleep_delay'
5351  search_saved_sig(fw, "task_PhySw", match_physw_run, 0, 0, 5);
5352 
5353  // Find 'levent_table'
5354  search_fw(fw, match_levent_table, 0, 0, 1);
5355 
5356  // Find 'FlashParamsTable'
5357  if (FlashParamsTable_address != 0)
5359 
5360  // Find 'movie_status'
5361  search_fw(fw, match_movie_status, 0, 0, 1);
5362 
5363  // Find 'video_compression_rate'
5364  uint32_t sadr = find_str(fw, "CompressionRateAdjuster.c");
5365  k = find_nxt_str_ref(fw, sadr, -1);
5366  int found = 0;
5367  while ((k >= 0) && !found)
5368  {
5369  int f = find_inst_rev(fw, isSTMFD_LR, k-1, 100);
5370  if (f != -1)
5371  {
5372  f = search_fw(fw, find_BL, f, 0, 1);
5373  if (f > 0)
5374  {
5375  f--;
5376  if ((fwval(fw,f) & 0xFFF00000) == 0xE2400000) // SUB
5377  {
5378  int src = fwRn(fw,f);
5379  for (k1 = f-1; (k1 > f-10) && !found; k1--)
5380  {
5381  if (isLDR_PC(fw,k1) && (fwRd(fw,k1) == src))
5382  {
5383  uint32_t v = LDR2val(fw,k1) - ALUop2(fw,f);
5384  print_stubs_min(fw,"video_compression_rate",v,idx2adr(fw,k1));
5385  found = 1;
5386  }
5387  }
5388  }
5389  }
5390  }
5391  k = find_nxt_str_ref(fw, sadr, k);
5392  }
5393 
5394  // Find 'full_screen_refresh'
5395  search_fw(fw, match_full_screen_refresh, 0, 0, 1);
5396 
5397  // Find 'canon_menu_active'
5398  search_saved_sig(fw, "StartRecModeMenu", match_canon_menu_active, 0, 0, 5);
5399 
5400  // Find 'canon_shoot_menu_active'
5402 
5403  // Find 'playrec_mode'
5404  int found_playrec_mode = 0;
5405  k = find_str_ref(fw, "AFFChg");
5406  if ((k >= 0) && isBL(fw,k+6))
5407  {
5408  k = idxFollowBranch(fw, k+6, 0x01000001);
5409  if (isLDR_PC(fw,k) && isLDR(fw,k+1))
5410  {
5411  uint32_t base = LDR2val(fw,k);
5412  uint32_t ofst = fw->buf[k+1] & 0x00000FFF;
5413  print_stubs_min(fw,"playrec_mode",base+ofst,idx2adr(fw,k));
5414  found_playrec_mode = 1;
5415  }
5416  }
5417  if (!found_playrec_mode)
5418  {
5419  search_fw(fw, match_playrec_mode, 0, 0, 1);
5420  }
5421 
5422  // Find 'zoom_status'
5423  int found_zoom_status = 0;
5424 
5425  k = find_str_ref(fw, "m_ZoomState :%d\n");
5426  if (k >= 0)
5427  {
5428  if (isLDR(fw,k-1))
5429  {
5430  uint32_t ofst = fw->buf[k-1] & 0x00000FFF;
5431  uint32_t reg = (fw->buf[k-1] & 0x000F0000) >> 16;
5432  uint32_t ldr_inst = 0xE51F0000 | (reg << 12);
5433  for (k1=k-2; k1>k-20; k1--)
5434  {
5435  if ((fw->buf[k1] & 0xFF1FF000) == ldr_inst)
5436  {
5437  uint32_t base = LDR2val(fw,k1);
5438  print_stubs_min(fw,"zoom_status",base+ofst,idx2adr(fw,k));
5439  found_zoom_status = 1;
5440  break;
5441  }
5442  }
5443  }
5444  }
5445 
5446  if (!found_zoom_status)
5447  {
5448  for (k=0; k<fw->size; k++)
5449  {
5450  if (((fw->buf[k] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base
5451  (fw->buf[k+1] == 0xE5D00000) && // LDRB R0, [R0]
5452  (fw->buf[k+2] == 0xE1B00000) && // MOVS R0, R0
5453  (fw->buf[k+3] == 0x13A00001) && // MOVNE R0, #1
5454  isBX_LR(fw,k+4)) // BX LR
5455  {
5456  uint32_t base = LDR2val(fw,k);
5457  print_stubs_min(fw,"zoom_status",base,idx2adr(fw,k));
5458  found_zoom_status = 1;
5459  //break;
5460  }
5461  }
5462  }
5463 
5464  if (!found_zoom_status)
5465  {
5466  k = find_str_ref(fw, "TerminateDeliverToZoomController");
5467  if (k >= 0)
5468  {
5469  for (k1=0; k1<5; k1++)
5470  {
5471  if (isLDR_PC(fw,k+k1))
5472  {
5473  uint32_t base = LDR2val(fw,k+k1);
5474  print_stubs_min(fw,"zoom_status",base+0x20,idx2adr(fw,k+k1));
5475  found_zoom_status = 1;
5476  break;
5477  }
5478  }
5479  }
5480  }
5481 
5482  // Find 'some_flag_for_af_scan'
5483  search_fw(fw, match_some_flag_for_af_scan, 0, 0, 1);
5484 
5485  // focus_len_table
5486  if (fw->sv->min_focus_len != 0)
5487  {
5488  int found = 0, pos = 0, len = 0, size = 0;
5489  for (k=0; k<fw->size; k++)
5490  {
5491  if (fw->buf[k] == fw->sv->min_focus_len)
5492  {
5493  int mul = 1;
5494  if ((fw->buf[k+1] == 100) && (fw->buf[k+2] == 0)) mul = 3;
5495  if ((fw->buf[k+1] == 100) && (fw->buf[k+2] != 0)) mul = 2;
5496  if ((fw->buf[k+1] == 0) && (fw->buf[k+2] != 0)) mul = 2;
5497  for (k1 = k + mul; (k1 < fw->size) && (fw->buf[k1] > fw->buf[k1-mul]) && (fw->buf[k1] > fw->sv->min_focus_len) && (fw->buf[k1] < fw->sv->max_focus_len); k1 += mul) ;
5498  if (fw->buf[k1] == fw->sv->max_focus_len)
5499  {
5500  int nlen = ((k1 - k) / mul) + 1;
5501  // printf("FOCUS_LEN_TABLE: %08x %d %d %d %d %d\n", k+fw->base, found, size, mul, len, nlen);
5502  // Record first table found, or update if better table found - prefer longer entries or longer table with same size entries
5503  if ((found == 0) || (size < mul) || ((size == mul) && (len < nlen)))
5504  {
5505  found = 1;
5506  pos = k;
5507  len = nlen;
5508  size = mul;
5509  }
5510  }
5511  }
5512  }
5513  if (found == 1)
5514  {
5515  bprintf("// focus_len_table contains zoom focus lengths for use in 'get_focal_length' (main.c).\n");
5516  if (size == 1)
5517  bprintf("// each entry contains 1 int value, which is the the zoom focus length.\n",size);
5518  else
5519  bprintf("// each entry contains %d int value(s), the first is the zoom focus length.\n",size);
5520  bprintf("// there are %d entries in the table - set NUM_FL to %d\n",len,len);
5521  print_stubs_min(fw,"focus_len_table",idx2adr(fw,pos),idx2adr(fw,pos));
5522  }
5523  }
5524 
5525  // Find 'zoom_busy'
5526  search_saved_sig(fw, "ResetZoomLens", match_zoom_busy, 0, 0, 5);
5527 
5528  // Find 'focus_busy'
5529  search_saved_sig(fw, "ResetFocusLens", match_focus_busy, 0, 0, 25);
5530 
5531  // Find 'recreview_hold'
5532  k = find_str_ref(fw, "ShootCon_NotifyStartReviewHold");
5533  if (k >= 0)
5534  {
5535  for (k1=k; k1<k+20; k1++)
5536  {
5537  if (isLDR_PC(fw,k1) && ((fw->buf[k1+1] & 0xFFFF0FFF) == 0xE3A00001) && isSTR(fw,k1+2) &&
5538  ((fw->buf[k1+1] & 0x0000F000) == (fw->buf[k1+2] & 0x0000F000)) &&
5539  ((fw->buf[k1] & 0x0000F000) == ((fw->buf[k1+2] & 0x000F0000) >> 4)))
5540  {
5541  uint32_t base = LDR2val(fw,k1);
5542  int ofst = fw->buf[k1+2] & 0x00000FFF;
5543  print_stubs_min(fw,"recreview_hold",base+ofst,idx2adr(fw,k1));
5544  break;
5545  }
5546  }
5547  }
5548 
5549  // Find palette colour data
5550  uint32_t palette_data = search_fw(fw, match_palette_data, 0, 0, 1);
5551 
5552  // Find 'palette buffer' info
5553  if (palette_data)
5554  {
5555  bprintf("// Palette colour tables found @ 0x%08x\n", palette_data);
5556  if (search_saved_sig(fw, "SavePaletteData", match_SavePaletteData, palette_data, 0, 1) == 0)
5557  {
5558  search_fw(fw, match_palette_data3, palette_data, 0, 1);
5559  }
5560  }
5561 
5562  // Find 'bitmap buffer' info
5563  search_saved_sig(fw, "GUISrv_StartGUISystem", match_bitmap_buffer, 0, 0, 50);
5564 
5565  // Get viewport address
5566  uint32_t v = find_viewport_address(fw,&k);
5567  if (k >= 0)
5568  {
5569  search_fw(fw, match_viewport_address, v, 0, 1);
5570  }
5571 
5572  // find 1st RAW buffer address
5573  k = find_str_ref(fw, "CRAW BUFF %p");
5574  if (k >= 0)
5575  {
5576  int rb1_idx;
5577  uint32_t rb1 =0, rb2 = 0;
5578  if (isLDR(fw,k-1))
5579  {
5580  rb1 = LDR2val(fw,k-1);
5581  rb1_idx = k - 1;
5582  }
5583  else if (isMOV_immed(fw,k-1))
5584  {
5585  rb1 = ALUop2(fw,k-1);
5586  rb1_idx = k - 1;
5587  }
5588  else if (isMOV(fw,k-1) && (fwRd(fw,k-1) == 1))
5589  {
5590  int reg = fwval(fw,k-1) & 0xF;
5591  for (k1=k-2; k1>k-50; k1--)
5592  {
5593  if (isLDR(fw,k1) && (fwRd(fw,k1) == reg))
5594  {
5595  rb1 = LDR2val(fw,k1);
5596  rb1_idx = k1;
5597  break;
5598  }
5599  }
5600  }
5601  if (rb1 > 0)
5602  {
5603  found = 0;
5604  rb2 = search_fw(fw, match_raw_buffer, rb1, 0, 5);
5605  if ((rb2 > 0) && (rb1 != rb2))
5606  {
5607  // Find 'active_raw_buffer'
5608  sadr = find_str(fw, "SsImgProcBuf.c");
5609  k = find_nxt_str_ref(fw, sadr, -1);
5610  while ((k >= 0) && !found)
5611  {
5612  int f = find_inst_rev(fw, isSTMFD_LR, k-1, 100);
5613  if (f != -1)
5614  {
5615  int e = find_inst(fw, isLDMFD_PC, f+1, 200);
5616  for (k1 = f+1; k1 < e; k1++)
5617  {
5618  if (
5619  (
5620  ((fwval(fw,k1) & 0xFFF00FFF) == 0xE2400001) && // SUB Rx, Rn, #1
5621  isLDR(fw,k1+1) && // LDR Ry, [Rz,
5622  ((fwval(fw,k1+2) & 0xFFF00000) == 0xE1500000) && // CMP Rx, Ry
5623  (((fwRd(fw,k1) == fwRd(fw,k1+2)) && (fwRd(fw,k1+1) == fwRn(fw,k1+2))) ||
5624  ((fwRd(fw,k1) == fwRn(fw,k1+2)) && (fwRd(fw,k1+1) == fwRd(fw,k1+2)))) &&
5625  ((fwval(fw,k1+3) & 0xFFF00FFF) == 0x12800001) && // ADDNE Ry, Ry, #1
5626  ((fwRd(fw,k1+3) == fwRn(fw,k1+3)) && (fwRd(fw,k1+3) == fwRd(fw,k1+1))) &&
5627  ((fwval(fw,k1+4) & 0xFFF00FFF) == 0x03A00000) && // MOVEQ Ry, #0
5628  (fwRd(fw,k1+4) == fwRd(fw,k1+1)) &&
5629  isSTR(fw,k1+5) && // STR Ry, [Rz,
5630  ((fwRd(fw,k1+5) == fwRd(fw,k1+1)) && (fwRn(fw,k1+5) == fwRn(fw,k1+1)) && (fwOp2(fw,k1+5) == fwOp2(fw,k1+1)))
5631  ) ||
5632  (
5633  ((fwval(fw,k1) & 0xFFF00FFF) == 0xE2400001) && // SUB Rx, Rn, #1
5634  isLDR(fw,k1+1) && // LDR Ry, [Rz,
5635  ((fwval(fw,k1+3) & 0xFFF00000) == 0xE1500000) && // CMP Rx, Ry
5636  (((fwRd(fw,k1) == fwRd(fw,k1+3)) && (fwRd(fw,k1+1) == fwRn(fw,k1+3))) ||
5637  ((fwRd(fw,k1) == fwRn(fw,k1+3)) && (fwRd(fw,k1+1) == fwRd(fw,k1+3)))) &&
5638  ((fwval(fw,k1+4) & 0xFFF00FFF) == 0x12800001) && // ADDNE Ry, Ry, #1
5639  ((fwRd(fw,k1+4) == fwRn(fw,k1+4)) && (fwRd(fw,k1+4) == fwRd(fw,k1+1))) &&
5640  ((fwval(fw,k1+5) & 0xFFF00FFF) == 0x03A00000) && // MOVEQ Ry, #0
5641  (fwRd(fw,k1+5) == fwRd(fw,k1+1)) &&
5642  isSTR(fw,k1+7) && // STR Ry, [Rz,
5643  ((fwRd(fw,k1+7) == fwRd(fw,k1+1)) && (fwRn(fw,k1+7) == fwRn(fw,k1+1)) && (fwOp2(fw,k1+7) == fwOp2(fw,k1+1)))
5644  )
5645  )
5646  {
5647  int ofst = fwOp2(fw,k1+1);
5648  int reg = fwRn(fw,k1+1);
5649  int k2;
5650  for (k2 = f+1; (k2 < e) && !found; k2++)
5651  {
5652  if (isLDR_PC(fw,k2) && (fwRd(fw,k2) == reg))
5653  {
5654  uint32_t base = LDR2val(fw,k2);
5655  print_stubs_min(fw,"active_raw_buffer",base+ofst,idx2adr(fw,k1));
5656  found = 1;
5657  break;
5658  }
5659  }
5660  }
5661  }
5662  }
5663  k = find_nxt_str_ref(fw, sadr, k);
5664  }
5665  }
5666  if (!found)
5667  {
5668  bprintf("// Camera appears to have only 1 RAW buffer @ 0x%08x (Found @0x%08x)\n", rb1, idx2adr(fw,rb1_idx));
5669  }
5670  }
5671  }
5672 
5673  // Find 'fileio_semaphore'
5674  k = get_saved_sig(fw, "TakeSemaphoreStrictly");
5675  if (k >= 0)
5676  {
5677  uint32_t fadr = func_names[k].val;
5678  k = find_str(fw, "FileSem.c");
5679  if (k >= 0)
5680  {
5681  uint32_t nadr = idx2adr(fw, k);
5682  search_fw(fw, match_fileiosem, fadr, nadr, 3);
5683  }
5684  }
5685 
5686  // Find exmem allocation table
5688 
5689  // Find imager_active
5690  search_saved_sig(fw, "ImagerActivate", match_imager_active, 0/*v*/, 0, 30);
5691 
5692 // if (frsp_buf && frsp_param!=-1)
5693 // {
5694 // print_stubs_min(fw,"frsp_buf",frsp_buf,frsp_buf_at);
5695 // bprintf("DEF_CONST(%-34s,0x%08x)\n","frsp_param",frsp_param);
5696 // bprintf("DEF_CONST(%-34s,0x%08x)\n","frsp_argcnt",frsp_argcnt);
5697 // }
5698 
5699  // Find UI property count
5700  search_saved_sig(fw, "PTM_SetCurrentItem", match_uiprop_count, 0, 0, 30);
5701 }
int find_task_related_info ( firmware fw)

Definiert in Zeile 6324 der Datei finsig_dryos.c.

6325 {
6326  int i = get_saved_sig(fw,"get_self_task_id");
6327  uint32_t u, v;
6328  if (i < 0)
6329  {
6330  return 0;
6331  }
6332  i = adr2idx(fw, func_names[i].val);
6333  if ( (fwval(fw,i)&0xffff0000)==0xe59f0000 ) // ldr r0, [pc, #imm]
6334  {
6335  // "interrupt service routine" flag
6336  u = LDR2val(fw, i);
6337  if ( (fwval(fw,i+3)&0xffff0000)==0x059f0000 ) // ldreq r0, [pc, #imm]
6338  {
6339  // pointer to current task's control block
6340  v = LDR2val(fw, i+3);
6341  bprintf("// ISR flag: 0x%x, pointer to current task's control block: 0x%x\n",u, v);
6342  }
6343  }
6344  // part 2, find the TCB area
6345  int j, k, n, fnd;
6346  int m = 0;
6347  i = find_str(fw, "DRYOS version 2.3, release ");
6348  j = find_nxt_str_ref(fw, i, -1);
6349  if (j == -1)
6350  {
6351  // special case: some r50 cams have the string in RAM and all references point there
6352  u = idx2adr(fw,i);
6353  if ( (u > fw->base_copied) && ((u-fw->base_copied)/4 < fw->size2))
6354  {
6355  i = adr2idx(fw, fw->base2 + (u-fw->base_copied));
6356  j = find_nxt_str_ref(fw, i, -1);
6357  }
6358  }
6359  fnd = 0;
6360  while (!fnd) {
6361  if (j != -1)
6362  {
6363  k = find_nxt_str_ref(fw, i, j+1);
6364  if (k != -1)
6365  {
6366  if (k-j>5)
6367  {
6368  // refs too far, try again
6369  j = k;
6370  }
6371  else
6372  {
6373  m = find_inst_rev(fw, isSTMFD_LR, j, 42);
6374  if (j-m>24)
6375  {
6376  fnd = 1;
6377  }
6378  }
6379  }
6380  }
6381  else
6382  {
6383  break;
6384  }
6385  }
6386  u = 0;
6387  if (fnd)
6388  {
6389  n = find_Nth_inst(fw, isBL, m, 6, 2);
6390  if (n != -1)
6391  {
6392  n = idxFollowBranch(fw,n,0x01000001);
6393  n = find_inst(fw, isSTR, n, 8);
6394  if (n != -1)
6395  {
6396  m = fwRn(fw, n); // this register holds the base address pointer of TCB area
6397  n = find_inst_rev(fw, isLDR_PC, n-1, 4);
6398  if (n != -1)
6399  {
6400  if (fwRd(fw, n) != m)
6401  {
6402  n = find_inst_rev(fw, isLDR_PC, n-1, 3);
6403  if ((n != -1) && (fwRd(fw, n) == m))
6404  {
6405  u = LDR2val(fw, n);
6406  v = idx2adr(fw, n);
6407  bprintf("// pointer to TCB area: 0x%x, found @ 0x%x\n",u,v);
6408  }
6409  }
6410  }
6411  }
6412  }
6413  }
6414 
6415 
6416  return 0;
6417 }
void find_tasks ( firmware fw)

Definiert in Zeile 7505 der Datei finsig_dryos.c.

7506 {
7507  int k = get_saved_sig(fw,"CreateTask");
7508  if (k >= 0)
7509  {
7510  search_fw(fw, match_createtask, func_names[k].val, 0, 7);
7511  }
7512  k = get_saved_sig(fw,"CreateTaskStrictly");
7513  if (k >= 0)
7514  {
7515  search_fw(fw, match_createtask, func_names[k].val, 0, 7);
7516  }
7517  if (fw->dryos_ver >= 59)
7518  {
7519  k = get_saved_sig(fw,"CreateTaskStrictly_alt"); // r59+
7520  if (k >= 0)
7521  {
7522  search_fw(fw, match_createtask, func_names[k].val, 0, 7);
7523  }
7524  }
7525 }
int find_UndisplayBusyOnScreen ( firmware fw)

Definiert in Zeile 1470 der Datei finsig_dryos.c.

1471 {
1472  if (get_saved_sig(fw,"DisplayBusyOnScreen") < 0) return 0;
1473  int j;
1474  if (fw->dryos_ver > 57)
1475  {
1476  j = find_str_ref(fw,"_PBBusyScrnToCtrlSrvTask");
1477  }
1478  else
1479  {
1480  j = find_str_ref(fw,"_PBBusyScrn");
1481  }
1482  if (j < 0)
1483  j = find_str_ref(fw,"_PlayBusyScreen");
1484 
1485  if (fw->dryos_ver < 57)
1486  {
1487  if (idx_createdialogbox > 0)
1488  {
1489  int m;
1490  for (m=0; m<2; m++)
1491  {
1492  int n = find_Nth_inst(fw, isSTMFD_LR, idx_createdialogbox + 30, 140, m+1);
1493  if (n>0)
1494  {
1495  uint32_t a1 = idx2adr(fw,n);
1496  if (j > 0)
1497  {
1498  int k;
1499  for (k=j; k<j+24; k++)
1500  {
1501  if (isBL_cond(fw,k)&&(idx2adr(fw,idxFollowBranch(fw,k,0xe1000001))==a1)) // BLEQ
1502  {
1503  fwAddMatch(fw,a1,32,0,122);
1504  return 1;
1505  }
1506  }
1507  }
1508  }
1509  }
1510  }
1511  }
1512  else
1513  {
1514  int m1 = find_Nth_inst(fw,isBLEQ,j+1,20,1);
1515  if (m1 > 0)
1516  {
1517  // these functions are called indirectly in this part of fw on r57+
1518  int k;
1519  for (k=-1; k>-3; k--)
1520  {
1521  if ((fwval(fw,m1+k) & 0xFE1FF000) == 0x041F0000) // ldreq r0, =func
1522  {
1523  uint32_t u1 = LDR2val(fw, m1+k);
1524  if ( u1 > fw->base )
1525  {
1526  if (isSTMFD_LR(fw, adr2idx(fw, u1)))
1527  {
1528  fwAddMatch(fw,u1,32,0,122);
1529  return 1;
1530  }
1531  }
1532  }
1533  }
1534  }
1535  }
1536  return 0;
1537 }
uint32_t find_viewport_address ( firmware fw,
int *  kout 
)

Definiert in Zeile 4340 der Datei finsig_dryos.c.

4341 {
4342  int k, k1;
4343 
4344  // find viewwport address for 'vid_get_viewport_fb'
4345  k = find_str_ref(fw, "VRAM Address : %p\r");
4346  if (k >= 0)
4347  {
4348  for (k1=k-1; k1>k-8; k1--)
4349  {
4350  if (isLDR(fw,k1) && isLDR(fw,k1+1))
4351  {
4352  uint32_t v1 = LDR2val(fw,k1);
4353  uint32_t v2 = LDR2val(fw,k1+1);
4354  if (v2 > v1) v1 = v2;
4355  *kout = k1;
4356  return v1;
4357  }
4358  }
4359  }
4360 
4361  *kout = -1;
4362  return 0;
4363 }
uint32_t findTaskAddress ( firmware fw,
int  k,
int  reg 
)

Definiert in Zeile 7450 der Datei finsig_dryos.c.

7451 {
7452  int o;
7453 
7454  for (o=-1; o>-7; o--)
7455  {
7456  if (isLDR_PC(fw,k+o) && (fwRd(fw,k+o) == reg))
7457  {
7458  uint32_t adr = LDR2val(fw,k+o);
7459  int i;
7460  for (i=o+1; i<0; i++)
7461  {
7462  if (fwval(fw,k+i) == (0xE5900000 | (reg << 12) | (reg << 16))) // LDR Rx,[Rx]
7463  {
7464  adr = fwval(fw,adr2idx(fw,adr));
7465  }
7466  }
7467  return adr;
7468  }
7469  else if (isADR_PC(fw,k+o) && (fwRd(fw,k+o) == reg))
7470  {
7471  return(ADR2adr(fw,k+o));
7472  }
7473  }
7474 
7475  return 0;
7476 }
int fw_process ( firmware fw,
string_sig sig,
int(*)(firmware *fw, string_sig *sig, int j)  check_match 
)

Definiert in Zeile 2785 der Datei finsig_dryos.c.

2786 {
2787  uint32_t *p;
2788  int j;
2789  BufRange *br;
2790 
2791  for (br = fw->br; br != 0; br = br->next)
2792  {
2793  for (p = br->p, j = br->off; j < br->off+br->len; p++, j++)
2794  {
2795  if (check_match(fw,sig,j))
2796  return 1;
2797  }
2798  }
2799 
2800  return 0;
2801 }
int fw_string_process ( firmware fw,
string_sig sig,
int(*)(firmware *fw, string_sig *sig, int j)  check_match,
int  inc_eos 
)

Definiert in Zeile 2735 der Datei finsig_dryos.c.

2736 {
2737  int nlen = strlen(sig->ev_name);
2738  uint32_t nm0 = *((uint32_t*)sig->ev_name);
2739  uint32_t *p;
2740  int j;
2741  BufRange *br;
2742 
2743  for (br = fw->br; br != 0; br = br->next)
2744  {
2745  for (p = br->p, j = br->off; j < br->off+br->len-nlen/4; p++, j++)
2746  {
2747  if ((nm0 == *p) && (memcmp(p+1,sig->ev_name+4,nlen-4+inc_eos) == 0))
2748  {
2749  if (check_match(fw,sig,j))
2750  return 1;
2751  }
2752  }
2753  }
2754 
2755  return 0;
2756 }
int fw_string_process_unaligned ( firmware fw,
string_sig sig,
int(*)(firmware *fw, string_sig *sig, int j)  check_match 
)

Definiert in Zeile 2760 der Datei finsig_dryos.c.

2761 {
2762  int nlen = strlen(sig->ev_name);
2763  char *p;
2764  int j;
2765  BufRange *br;
2766 
2767  for (br = fw->br; br != 0; br = br->next)
2768  {
2769  for (p = (char*)br->p, j = 0; j < br->len*4-nlen; p++, j++)
2770  {
2771  if (strcmp(p,sig->ev_name) == 0)
2772  {
2773  if (check_match(fw,sig,j+br->off*4))
2774  return 1;
2775  }
2776  }
2777  }
2778 
2779  return 0;
2780 }
void fwAddMatch ( firmware fw,
uint32_t  fadr,
int  s,
int  f,
int  sig 
)

Definiert in Zeile 165 der Datei finsig_dryos.c.

166 {
167  if ((fadr >= fw->base_copied) && (fadr < (fw->base_copied + fw->size2*4)))
168  {
169  addMatch(fadr - fw->base_copied + fw->base2,s,f,sig);
170  }
171  else
172  {
173  addMatch(fadr,s,f,sig);
174  }
175 }
int get_eventproc_val ( firmware fw,
int  k 
)

Definiert in Zeile 7143 der Datei finsig_dryos.c.

7144 {
7145  if (isADR_PC(fw,k) && (fwRd(fw,k) == 0))
7146  nadr = ADR2adr(fw,k);
7147  else if (isADR_PC(fw,k) && (fwRd(fw,k) == 1))
7148  eadr = ADR2adr(fw,k);
7149  else if (isLDR_PC(fw,k) && (fwRd(fw,k) == 0))
7150  nadr = LDR2val(fw,k);
7151  else if (isLDR_PC(fw,k) && (fwRd(fw,k) == 1))
7152  eadr = LDR2val(fw,k);
7153  else
7154  return 0;
7155  return 1;
7156 }
int get_ptp_file_buf_id ( firmware fw)

Definiert in Zeile 884 der Datei finsig_dryos.c.

884  {
885  // ID of the file buffer appears to be 5 for r43-r52
886  if(fw->dryos_ver >= 43 && fw->dryos_ver <= 52) {
887  return 5;
888  } else {
889  return 4;
890  }
891 }
int get_saved_sig ( firmware fw,
const char *  name 
)

Definiert in Zeile 569 der Datei finsig_dryos.c.

570 {
571  int i = find_saved_sig(name);
572  if (i >= 0)
573  {
574  if (func_names[i].val == 0)
575  {
576  // See if the function is in the 'func_list' array below
577  int find_func(const char* name);
578  int k1 = find_func(name);
579  if (k1 >= 0)
580  {
581  // if found do full search
582  void find_matches(firmware*,const char*);
583  find_matches(fw, name);
584  count = 0;
585  }
586  else
587  {
588  // not found, only do string matching search
589  void find_str_sig_matches(firmware*,const char*);
590  find_str_sig_matches(fw, name);
591  count = 0;
592  }
593  }
594  if (func_names[i].val == 0)
595  {
596  // If not found return invalid index
597  i = -1;
598  }
599  }
600  return i;
601 }
int isSTRB ( firmware fw,
int  offset 
)

Definiert in Zeile 5841 der Datei finsig_dryos.c.

5842 {
5843  if ((fwval(fw,offset) & 0xfff00000) == (0xe5c00000)) // STRB Rx, [Ry, #offs]
5844  {
5845  return 1;
5846  }
5847  return 0;
5848 }
int isSTRw ( firmware fw,
int  offset 
)

Definiert in Zeile 5832 der Datei finsig_dryos.c.

5833 {
5834  if ((fwval(fw,offset) & 0xfff00000) == (0xe5800000)) // STR Rx, [Ry, #offs]
5835  {
5836  return 1;
5837  }
5838  return 0;
5839 }
int kinfo_compare ( const kinfo p1,
const kinfo p2 
)

Definiert in Zeile 6876 der Datei finsig_dryos.c.

6877 {
6878  if (p1->reg > p2->reg)
6879  {
6880  return 1;
6881  }
6882  else if (p1->reg < p2->reg)
6883  {
6884  return -1;
6885  }
6886  if ((p1->ev <= 1) && (p2->ev <= 1)) // output shutter entries in reverse order
6887  {
6888  if (p1->bits > p2->bits)
6889  {
6890  return -1;
6891  }
6892  else if (p1->bits < p2->bits)
6893  {
6894  return 1;
6895  }
6896  }
6897  // if one entry is shutter then compare to min shutter bits
6898  if (p1->ev <= 1)
6899  {
6900  if (kshutter_min_bits > p2->bits)
6901  {
6902  return 1;
6903  }
6904  else if (kshutter_min_bits < p2->bits)
6905  {
6906  return -1;
6907  }
6908  }
6909  if (p2->ev <= 1)
6910  {
6911  if (p1->bits > kshutter_min_bits)
6912  {
6913  return 1;
6914  }
6915  else if (p1->bits < kshutter_min_bits)
6916  {
6917  return -1;
6918  }
6919  }
6920  if (p1->bits > p2->bits)
6921  {
6922  return 1;
6923  }
6924  else if (p1->bits < p2->bits)
6925  {
6926  return -1;
6927  }
6928 
6929  return 0;
6930 }
int main ( int  argc,
char **  argv 
)

Definiert in Zeile 7895 der Datei finsig_dryos.c.

7896 {
7897  firmware fw;
7898  int k;
7899  int ret = 0;
7900  const char *curr_name;
7901 
7902  clock_t t1 = clock();
7903 
7904  if ((argc < 4) || (argc > 5))
7905  usage("args");
7906 
7907  out_fp = fopen(argv[3],"w");
7908  if (out_fp == NULL) usage("failed to open outputfile");
7909 
7911  int max_find_func = next_func_entry;
7912 
7913  fw.sv = new_stub_values();
7914  load_stubs(fw.sv, "stubs_entry_2.S", 1);
7915  load_stubs_min(fw.sv);
7916  load_modemap(fw.sv);
7917  load_platform(fw.sv);
7918  load_makefile(fw.sv);
7919 
7920  bprintf("// !!! THIS FILE IS GENERATED. DO NOT EDIT. !!!\n");
7921  bprintf("#include \"stubs_asm.h\"\n\n");
7922 
7923  load_firmware(&fw,argv[1],argv[2],(argc==5)?argv[4]:0, OS_DRYOS);
7924  fw.uncached_adr = 0;
7925  fw.uncached_adr_idx = 0;
7926  find_eventprocs(&fw);
7927  find_ptp_handlers(&fw);
7928  find_builddate(&fw);
7929  if (!fw.uncached_adr)
7930  search_saved_sig(&fw, "FreeUncacheableMemory", match_CAM_UNCACHED_BIT, 0, 0, 8);
7931  output_firmware_vals(&fw);
7932 
7933  out_hdr = 1;
7934  bprintf("// Stubs below should be checked. Stub not matched 100%%, or difference found to current 'stubs_entry_2.S'\n");
7935  bprintf("// Name Address Rule %% Comp to stubs_entry_2.S\n");
7936  out_hdr = 0;
7937  bprintf("// Stubs below matched 100%%.\n");
7938  bprintf("// Name Address Comp to stubs_entry_2.S\n");
7939 
7940  find_tasks(&fw);
7941 
7942  for (k = 0; k < max_find_func; k++)
7943  {
7944  count = 0;
7945  curr_name = func_names[k].name;
7946 
7947  if ((fw.dryos_ver >= find_min_ver(curr_name)) && (fw.dryos_ver <= find_max_ver(curr_name)))
7948  {
7949  find_matches(&fw, curr_name);
7950  print_results(&fw,curr_name,k);
7951 
7952  if (count == 0)
7953  {
7954  ret = 1;
7955  }
7956  }
7957  }
7958 
7959  find_modemap(&fw);
7960  find_stubs_min(&fw);
7961  find_lib_vals(&fw);
7962  find_key_vals(&fw);
7963  find_platform_vals(&fw);
7964  find_propset(&fw);
7965  find_other_vals(&fw);
7966 
7967  write_output();
7968 
7969  fclose(out_fp);
7970 
7971  func_entry *fns[MAX_FUNC_ENTRY];
7972  for (k=0; k<next_func_entry; k++)
7973  fns[k] = &func_names[k];
7974 
7975  write_funcs(&fw, "funcs_by_name.csv", fns, compare_func_names);
7976  write_funcs(&fw, "funcs_by_address.csv", fns, compare_func_addresses);
7977 
7978  clock_t t2 = clock();
7979 
7980  printf("Time to generate stubs %.2f seconds\n",(double)(t2-t1)/(double)CLOCKS_PER_SEC);
7981 
7982  return ret;
7983 }
int match_apex2us ( firmware fw,
int  k,
uint32_t  v1,
uint32_t  v2 
)

Definiert in Zeile 716 der Datei finsig_dryos.c.

717 {
718  if (isLDR_PC(fw,k) && (LDR2val(fw,k) == v1) && ((fwRd(fw,k) == 1) || (fwRd(fw,k) == 2)))
719  {
720  k = find_inst_rev(fw, isSTMFD_LR, k, 200);
721  if (k != -1)
722  {
723  if (fwval(fw,k-2) == 0xE3700D09) // CMN R0, #0x240
724  k -= 2;
725  uint32_t fadr = idx2adr(fw,k);
726  fwAddMatch(fw,fadr,32,0,121);
727  return 1;
728  }
729  }
730  return 0;
731 }
int match_apex2us2 ( firmware fw,
int  k,
uint32_t  v1,
uint32_t  v2 
)

Definiert in Zeile 732 der Datei finsig_dryos.c.

733 {
734  if (isLDR_PC(fw,k) && (LDR2val(fw,k) == v1) && ((fwRd(fw,k) == 1) || (fwRd(fw,k) == 2)))
735  {
736  k = find_inst_rev(fw, isSTMFD_LR, k, 200);
737  if (k != -1)
738  {
739  if (fwval(fw,k+1) != 0xe3700d0f) // CMN R0, #0x3c0
740  return 0;
741  uint32_t fadr = idx2adr(fw,k);
742  fwAddMatch(fw,fadr,32,0,121);
743  return 1;
744  }
745  }
746  return 0;
747 }
int match_bitmap_buffer ( firmware fw,
int  k,
int  v 
)

Definiert in Zeile 5278 der Datei finsig_dryos.c.

5279 {
5280  search_saved_sig(fw, "ScreenLock", match_bitmap_buffer2, k, 0, 1);
5281  return 0;
5282 }
int match_bitmap_buffer2 ( firmware fw,
int  k,
int  v 
)

Definiert in Zeile 5247 der Datei finsig_dryos.c.

5248 {
5249  uint32_t screen_lock = idx2adr(fw,k);
5250  if (isBL(fw,v) && (followBranch(fw,idx2adr(fw,v),0x01000001) == screen_lock) && isBL(fw,v+2) && isBL(fw,v+3))
5251  {
5252  uint32_t fadr = followBranch2(fw,idx2adr(fw,v+3),0x01000001);
5253  int k1 = adr2idx(fw,fadr);
5254  if (isLDR_PC(fw,k1+1))
5255  {
5256  int reg = (fwval(fw,k1+1) & 0x0000F000) >> 12;
5257  uint32_t adr = LDR2val(fw,k1+1);
5258  int k2;
5259  for (k2=k1; k2<k1+32; k2++)
5260  {
5261  if (isLDR_PC(fw,k2) && isLDR(fw,k2+1) && (((fwval(fw,k2+1) & 0x000F0000) >> 16) == reg))
5262  {
5263  uint32_t bitmap_buffer = LDR2val(fw,k2);
5264  if (bitmap_buffer == (adr + 0x1C))
5265  {
5266  uint32_t active_bitmap_buffer = adr + (fwval(fw,k2+1) & 0xFFF);
5267  print_stubs_min(fw,"bitmap_buffer",bitmap_buffer,idx2adr(fw,k2));
5268  print_stubs_min(fw,"active_bitmap_buffer",active_bitmap_buffer,idx2adr(fw,k2+1));
5269  }
5270  }
5271  }
5272  }
5273  }
5274 
5275  return 0;
5276 }
int match_CAM_UNCACHED_BIT ( firmware fw,
int  k,
int  v 
)

Definiert in Zeile 4072 der Datei finsig_dryos.c.

4073 {
4074  if ((fw->buf[k] & 0x0FFFF000) == 0x03C00000) // BIC
4075  {
4076  fw->uncached_adr = ALUop2(fw,k);
4077  fw->uncached_adr_idx = k;
4078  }
4079 
4080  return 0;
4081 }
int match_canon_menu_active ( firmware fw,
int  k,
int  v 
)

Definiert in Zeile 5151 der Datei finsig_dryos.c.

5152 {
5153  if (isLDR_PC(fw,k))
5154  {
5155  uint32_t base = LDR2val(fw,k);
5156  int k1;
5157  for (k1=k+1; k1<k+5; k1++)
5158  {
5159  if (isLDR(fw,k1))
5160  {
5161  uint32_t ofst = fw->buf[k1] & 0x00000FFF;
5162  print_stubs_min(fw,"canon_menu_active",base+ofst,idx2adr(fw,k));
5163  }
5164  }
5165  }
5166 
5167  return 0;
5168 }
int match_canon_shoot_menu_active ( firmware fw,
int  k,
uint32_t  v1,
uint32_t  v2 
)

Definiert in Zeile 4791 der Datei finsig_dryos.c.

4792 {
4793  if (((fw->buf[k] & 0xFF1FF000) == 0xE51F1000) && // LDR R1, =base
4794  ((fw->buf[k+1] & 0xFFFFF000) == 0xE5D10000) && // LDRB R0, [R1, #n]
4795  (fw->buf[k+2] == 0xE2800001) && // ADD R0, R0, #1
4796  ((fw->buf[k+3] & 0xFFFFF000) == 0xE5C10000) && // STRB R0, [R1, #n]
4797  (isB(fw,k+4))) // B
4798  {
4799  uint32_t base = LDR2val(fw,k);
4800  uint32_t ofst = fw->buf[k+1] & 0x00000FFF;
4801  print_stubs_min(fw,"canon_shoot_menu_active",base+ofst,idx2adr(fw,k));
4802  }
4803  else
4804  if (((fw->buf[k] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base
4805  ((fw->buf[k+1] & 0xFFFFF000) == 0xE5D01000) && // LDRB R1, [R0, #n]
4806  (fw->buf[k+2] == 0xE2811001) && // ADD R1, R1, #1
4807  ((fw->buf[k+3] & 0xFFFFF000) == 0xE5C01000) && // STRB R1, [R0, #n]
4808  (isB(fw,k+4))) // B
4809  {
4810  uint32_t base = LDR2val(fw,k);
4811  uint32_t ofst = fw->buf[k+1] & 0x00000FFF;
4812  print_stubs_min(fw,"canon_shoot_menu_active",base+ofst,idx2adr(fw,k));
4813  }
4814  return 0;
4815 }
int match_compare ( const Match p1,
const Match p2 
)

Definiert in Zeile 89 der Datei finsig_dryos.c.

90 {
91  /* NOTE: If a function has *more* matches, it will be prefered, even if it has a lower percent matches */
92  if (p1->success > p2->success)
93  {
94  if ((p2->fail == 0) && (p1->fail > 0))
95  {
96  return 1;
97  }
98  else
99  {
100  return -1;
101  }
102  }
103  else if (p1->success < p2->success)
104  {
105  if ((p1->fail == 0) && (p2->fail > 0))
106  {
107  return -1;
108  }
109  else
110  {
111  return 1;
112  }
113  }
114  else
115  {
116  if (p1->fail < p2->fail)
117  {
118  return -1;
119  }
120  else if (p1->fail > p2->fail)
121  {
122  return 1;
123  }
124  }
125 
126  if (p1->sig < p2->sig)
127  {
128  return -1;
129  }
130  else if (p1->sig > p2->sig)
131  {
132  return 1;
133  }
134 
135  /* scores are equal. prefer lower address */
136 
137  if (p1->ptr < p2->ptr)
138  {
139  return -1;
140  }
141  else if (p1->ptr > p2->ptr)
142  {
143  return 1;
144  }
145 
146  return 0;
147 }
int match_createtask ( firmware fw,
int  k,
uint32_t  fadr,
uint32_t  v2 
)

Definiert in Zeile 7478 der Datei finsig_dryos.c.

7479 {
7480  // cams with code copied to RAM: use RAM address
7481  k = idxcorr(fw, k);
7482  if (isBorBL(fw,k))
7483  {
7484  uint32_t adr = followBranch2(fw,idx2adr(fw,k),0x01000001);
7485  if (adr == fadr)
7486  {
7487  fadr = findTaskAddress(fw, k, 3);
7488  if (fadr != 0)
7489  {
7490  uint32_t sadr = findTaskAddress(fw, k, 0);
7491  if (sadr != 0)
7492  {
7493  char *s = adr2ptr(fw,sadr);
7494  char *nm = malloc(strlen(s)+6);
7495  sprintf(nm,"task_%s",s);
7496  add_func_name(nm, fadr, 0);
7497  }
7498  }
7499  }
7500  }
7501 
7502  return 0;
7503 }
int match_eventproc ( firmware fw,
int  k,
uint32_t  fadr,
uint32_t  v2 
)

Definiert in Zeile 7208 der Datei finsig_dryos.c.

7209 {
7210  if (isBorBL(fw,k))
7211  {
7212  uint32_t adr = followBranch(fw,idx2adr(fw,k),0x01000001);
7213  if (adr == fadr)
7214  {
7215  nadr = 0;
7216  eadr = 0;
7217  k--;
7218  if (get_eventproc_val(fw, k) == 0)
7219  {
7220  int k1 = find_inst_rev(fw, isB, k, 500);
7221  if (k1 >= 0)
7222  {
7223  k = k1 - 1;
7224  get_eventproc_val(fw, k);
7225  }
7226  }
7227  k--;
7228  if (get_eventproc_val(fw, k) == 0)
7229  {
7230  int k1 = find_inst_rev(fw, isB, k, 500);
7231  if (k1 >= 0)
7232  {
7233  k = k1 - 1;
7234  get_eventproc_val(fw, k);
7235  }
7236  }
7237  if ((nadr != 0) && (eadr != 0))
7238  {
7239  add_func_name2(fw, nadr, eadr, "_FW");
7240  }
7241  }
7242  }
7243  return 0;
7244 }
int match_fileiosem ( firmware fw,
int  k,
uint32_t  fadr,
uint32_t  nadr 
)

Definiert in Zeile 5314 der Datei finsig_dryos.c.

5315 {
5316  if ((k > 5) && isADR_PC(fw, k) && isBL(fw,k+1) && (ADR2adr(fw,k) == nadr) && (followBranch2(fw, idx2adr(fw,k+1), 0x01000001) == fadr))
5317  {
5318  int j, rn = -1;
5319  for (j = k-1; j > k-5; j++)
5320  {
5321  if (isLDR(fw,j))
5322  {
5323  if (fwRd(fw,j) == 0)
5324  rn = fwRn(fw, j);
5325  else if (fwRd(fw,j) == rn)
5326  {
5327  int v = LDR2val(fw,j);
5328  print_stubs_min(fw,"fileio_semaphore",v,idx2adr(fw,j));
5329  return 1;
5330  }
5331  }
5332  }
5333  }
5334  return 0;
5335 }
int match_FlashParamsTable ( firmware fw,
int  k,
uint32_t  v1,
uint32_t  v2 
)

Definiert in Zeile 4045 der Datei finsig_dryos.c.

4046 {
4047  if ((fw->buf[k] > fw->base) && (fw->buf[k+1] == 0x00010000) && (fw->buf[k+2] == 0xFFFF0002))
4048  {
4049  if (search_fw(fw, match_FlashParamsTable2, idx2adr(fw,k), 0, 1))
4050  return 1;
4051  }
4052  return 0;
4053 }
int match_FlashParamsTable2 ( firmware fw,
int  k,
uint32_t  v1,
uint32_t  v2 
)

Definiert in Zeile 4035 der Datei finsig_dryos.c.

4036 {
4037  if (fw->buf[k] == v1)
4038  {
4040  return 1;
4041  }
4042  return 0;
4043 }
int match_focus_busy ( firmware fw,
int  k,
int  v 
)

Definiert in Zeile 5219 der Datei finsig_dryos.c.

5220 {
5221  if ((fw->buf[k] & 0xFFFF0000) == 0xE8BD0000) // LDMFD
5222  {
5223  int k1 = 0;
5224  if (isBL(fw,k-2))
5225  {
5226  k1 = idxFollowBranch(fw,k-2,0x01000001);
5227  }
5228  if (isBL(fw,k-1))
5229  {
5230  k1 = idxFollowBranch(fw,k-1,0x01000001);
5231  }
5232  if (k1 != 0)
5233  {
5234  if (isLDR_PC(fw,k1+1) && isLDR(fw,k1+3))
5235  {
5236  int base = LDR2val(fw,k1+1);
5237  int ofst = fw->buf[k1+3] & 0xFFF;
5238  print_stubs_min(fw,"focus_busy",base+ofst-4,idx2adr(fw,k1));
5239  return 1;
5240  }
5241  }
5242  }
5243 
5244  return 0;
5245 }
int match_full_screen_refresh ( firmware fw,
int  k,
uint32_t  v1,
uint32_t  v2 
)

Definiert in Zeile 4777 der Datei finsig_dryos.c.

4778 {
4779  if (((fw->buf[k] & 0xFF1FF000) == 0xE51F0000) && // LDR R0, =base
4780  (fw->buf[k+1] == 0xE5D01000) && // LDRB R1, [R0]
4781  (fw->buf[k+2] == 0xE3811002) && // ORR R1, R1, #2
4782  (fw->buf[k+3] == 0xE5C01000) && // STRB R1, [R0]
4783  isBX_LR(fw,k+4)) // BX LR
4784  {
4785  uint32_t base = LDR2val(fw,k);
4786  print_stubs_min(fw,"full_screen_refresh",base,idx2adr(fw,k));
4787  }
4788  return 0;
4789 }
int match_get_flash_params_count ( firmware fw,
int  k,
int  v 
)

Definiert in Zeile 4386 der Datei finsig_dryos.c.

4387 {
4388  if ((fw->buf[k] & 0xFFF00FFF) == 0xE3C00901) // BIC Rn, Rn, #0x4000
4389  {
4390  uint32_t r = fw->buf[k] & 0x000F0000; // Register
4391  if (((fw->buf[k+1] & 0xFFF00000) == 0xE3500000) && ((fw->buf[k+1] & 0x000F0000) == r)) // CMP, Rn #val
4392  {
4393  bprintf("//int get_flash_params_count(void) { return 0x%02x; } // Found @0x%08x\n",fw->buf[k+1]&0xFFF,idx2adr(fw,k+1));
4394  return 1;
4395  }
4396  }
4397 
4398  return 0;
4399 }
int match_GetDrive_ClusterSize ( firmware fw,
int  k,
uint32_t  v1,
uint32_t  v2 
)

Definiert in Zeile 1186 der Datei finsig_dryos.c.

1187 {
1188  if (isBL_cond(fw,k))
1189  {
1190  uint32_t fadr = followBranch2(fw,idx2adr(fw,k),0xF1000001);
1191  if (fadr == v1)
1192  {
1193  int fnd = 0;
1194  if (isLDR_cond(fw,k-1) && idx_valid(fw,adr2idx(fw,LDR2val(fw,k-1))) && (strcmp(adr2ptr(fw,LDR2val(fw,k-1)),"Mounter.c") == 0))
1195  {
1196  fnd = 1;
1197  }
1198  else if (isLDR_cond(fw,k-2) && idx_valid(fw,adr2idx(fw,LDR2val(fw,k-2))) && (strcmp(adr2ptr(fw,LDR2val(fw,k-2)),"Mounter.c") == 0))
1199  {
1200  fnd = 1;
1201  }
1202  else if (isLDR_cond(fw,k-3) && idx_valid(fw,adr2idx(fw,LDR2val(fw,k-3))) && (strcmp(adr2ptr(fw,LDR2val(fw,k-3)),"Mounter.c") == 0))
1203  {
1204  fnd = 1;
1205  }
1206  else if (isADR_PC_cond(fw,k-1) && (strcmp(adr2ptr(fw,ADR2adr(fw,k-1)),"Mounter.c") == 0))
1207  {
1208  fnd = 1;
1209  }
1210  else if (isADR_PC_cond(fw,k-2) && (strcmp(adr2ptr(fw,ADR2adr(fw,k-2)),"Mounter.c") == 0))
1211  {
1212  fnd = 1;
1213  }
1214  if ((fnd == 1) &&
1215  isLDR_PC(fw,k+1) &&
1216  ((fwval(fw,k+2) & 0xFFF00FF0) == 0xE0800200) && ((fwval(fw,k+3) & 0xFFF00FF0) == 0xE0800100) &&
1217  (fwval(fw,k+4) == 0xE5901004) && (fwval(fw,k+5) == 0xE5900008) && (fwval(fw,k+6) == 0xE0000091) &&
1218  isLDMFD_PC(fw,k+7))
1219  {
1220  k = find_inst_rev(fw,isSTMFD_LR,k-1,8);
1221  if (k >= 0)
1222  {
1223  if (fwval(fw,k-1) == 0xE3500001) // CMP R0, #1
1224  k--;
1225  fwAddMatch(fw,idx2adr(fw,k),32,0,122);
1226  return 1;
1227  }
1228  }
1229  }
1230  }
1231 
1232  return 0;
1233 }
int match_GetImageFolder ( firmware fw,
int  k,
uint32_t  a_getImageDirName,
uint32_t  a_TakeSemaphore 
)

Definiert in Zeile 1119 der Datei finsig_dryos.c.

1120 {
1121  int k1, fnd;
1122 
1123  if (isBL(fw,k))
1124  {
1125  uint32_t fadr = followBranch2(fw,idx2adr(fw,k),0x01000001);
1126  if (fadr == a_getImageDirName)
1127  {
1128  int s = find_inst_rev(fw, isSTMFD_LR, k-1, 80);
1129  int e = find_inst(fw, isLDMFD_PC, k+1, 80);
1130  if ((s >= 0) && (e >= 0))
1131  {
1132  fnd = 0;
1133  for (k1=s+1; k1<k-1; k1++)
1134  {
1135  if (isBL(fw,k1))
1136  {
1137  fadr = followBranch2(fw,idx2adr(fw,k1),0x01000001);
1138  if (fadr == a_TakeSemaphore)
1139  {
1140  fnd++;
1141  break;
1142  }
1143  }
1144  }
1145  if (fnd != 0)
1146  {
1147  for (k1=k+1; k1<e-1; k1++)
1148  {
1149  if ((isLDR_PC(fw,k1) || isADR_PC(fw,k1)) && (idx2adr(fw,k1) == strGIF))
1150  {
1151  fnd--;
1152  break;
1153  }
1154  }
1155  }
1156  if (fnd != 0)
1157  {
1158  fwAddMatch(fw,idx2adr(fw,s),32,0,122);
1159  return 1;
1160  }
1161  }
1162  }
1163  }
1164  return 0;
1165 }
int match_GetSDProtect ( firmware fw,
int  k,
int  v 
)

Definiert in Zeile 6947 der Datei finsig_dryos.c.

6948 {
6949  if (isB(fw,k)) // B
6950  {
6951  k = idxFollowBranch(fw,k,1);
6952  if (isLDR_PC(fw,k))
6953  {
6954  return LDR2val(fw,k);
6955  }
6956  }
6957 
6958  return 0;
6959 }
int match_imager_active ( firmware fw,
int  k,
int  v 
)

Definiert in Zeile 4436 der Datei finsig_dryos.c.

4437 {
4438  int gotit = 0;
4439  int reg = -1;
4440  int o = 0;
4441  uint32_t adr,where;
4442  if (isLDMFD_PC(fw,k))
4443  {
4444  int k1 = find_inst_rev(fw, isBL, k-1, 10);
4445  if (k1 == -1)
4446  return 0;
4447  uint32_t a;
4448  int k2 = k1 - 8;
4449  for (k1=k1-1;k1>=k2;k1--)
4450  {
4451  if (isLDR(fw,k1) || isADR(fw,k1))
4452  {
4453  if (isADR(fw,k1))
4454  {
4455  a = ADR2adr(fw, k1);
4456  }
4457  else
4458  {
4459  a = LDR2val(fw, k1);
4460  }
4461  if ((a>fw->base) && ((a&3) == 0))
4462  {
4463  int k3 = adr2idx(fw, a);
4464  if (isSTMFD_LR(fw,k3))
4465  {
4466  k3 = find_inst(fw, isBLX, k3+1, 6);
4467  if (k3 != -1)
4468  {
4469  int k4;
4470  for(k4=5; k4>0; k4--)
4471  {
4472  if (isSTR_cond(fw,k3+k4))
4473  {
4474  reg = fwRn(fw,k3+k4);
4475  o = fwval(fw,k3+k4) & 0xff; // offset, should be around 4
4476  where = idx2adr(fw,k3+k4);
4477  }
4478  if (reg>=0 && isLDR_cond(fw,k3+k4) && fwRd(fw,k3+k4)==reg)
4479  {
4480  adr = LDR2val(fw,k3+k4);
4481  if (adr < fw->memisostart)
4482  {
4483  gotit = 1;
4484  break;
4485  }
4486  }
4487  }
4488  if (gotit)
4489  break;
4490  }
4491  }
4492  }
4493  }
4494  }
4495  }
4496  if (gotit)
4497  {
4498  bprintf("DEF(%-40s,0x%08x) // Found @0x%08x (0x%x + %i)\n","imager_active",adr+o,where,adr,o);
4499  return 1;
4500  }
4501  return 0;
4502 }
int match_levent_table ( firmware fw,
int  k,
uint32_t  v1,
uint32_t  v2 
)

Definiert in Zeile 4720 der Datei finsig_dryos.c.

4721 {
4722  if ((fw->buf[k] > fw->base) && (fw->buf[k+1] == 0x00000800) && (fw->buf[k+2] == 0x00000002))
4723  {
4724  print_stubs_min(fw,"levent_table",idx2adr(fw,k),idx2adr(fw,k));
4725 #ifdef PRINT_LEVENT_TABLE
4726  uint32_t levent_tbl = idx2adr(fw,k);
4728  write_levent_table_dump(fw, levent_tbl);
4729 #endif
4730  }
4731  return 0;
4732 }
int match_modelist ( firmware fw,
int  k,
uint32_t  fadr,
uint32_t  v2 
)

Definiert in Zeile 4013 der Datei finsig_dryos.c.

4014 {
4015  if (isBX_LR(fw,k) && (fw->buf[k+4] == fadr))
4016  {
4017  fadr = fwval(fw,k+1);
4018  int k1;
4019  for (k1=k-1; k1>k-20; k1--)
4020  {
4021  if (isLDR_PC(fw,k1) && (LDR2val(fw,k1) == fadr))