Assembla home | Assembla project page

My Start Page

Context Navigation

source: trunk/platform/a470/sub/100e/boot.c @ 785

Revision 785, 53.8 KB checked in by reyalp, 4 years ago (diff)
a470 100e from MrSpoon?: http://chdk.setepontos.com/index.php/topic,3368.msg35776.html#msg35776
Property svn:eol-style set to `native`

Line
1	#include "lolevel.h"
2	#include "platform.h"
3	#include "core.h"
4
5	const char * const new_sa = &_end;
6
7	/* Ours stuff */
8	extern long wrs_kernel_bss_start;
9	extern long wrs_kernel_bss_end;
10
11	// Forward declarations
12	void CreateTask_PhySw();
13	void CreateTask_spytask();
14
15	void boot();
16
17	void boot() { //#fs
18	long canon_data_src = (void)0xFFEAB38C; //found with "romdata start" string
19	long canon_data_dst = (void)0x1900;
20	long canon_data_len = 0xEBA8 - 0x1900; // data_end - data_start
21	long canon_bss_start = (void)0xEBA8; // just after data
22	long canon_bss_len = 0xA5718 - 0xEBA8; // found using heapstart
23
24	long i;
25
26	// Code taken from VxWorks CHDK. Changes CPU speed?
27	asm volatile (
28	"MRC p15, 0, R0,c1,c0\n"
29	"ORR R0, R0, #0x1000\n"
30	"ORR R0, R0, #4\n"
31	"ORR R0, R0, #1\n"
32	"MCR p15, 0, R0,c1,c0\n"
33	:::"r0");
34
35	for(i=0;i<canon_data_len/4;i++)
36	canon_data_dst[i]=canon_data_src[i];
37
38	for(i=0;i<canon_bss_len/4;i++)
39	canon_bss_start[i]=0;
40
41	/* asm volatile (
42	"MRC p15, 0, R0,c1,c0\n"
43	"ORR R0, R0, #0x1000\n"
44	"BIC R0, R0, #4\n"
45	"ORR R0, R0, #1\n"
46	"MCR p15, 0, R0,c1,c0\n"
47	:::"r0");
48	*/
49
50	// jump to init-sequence that follows the data-copy-routine
51	asm volatile ("B sub_FFC001a4_my\n");
52	}; //#fe
53
54
55	// init
56	void __attribute__((naked,noinline)) sub_FFC001a4_my() { //#fs
57	asm volatile (
58	"LDR R0, =0xFFC0021C\n"
59	"MOV R1, #0\n"
60	"LDR R3, =0xFFC00254\n"
61	"loc_FFC001B0:\n"
62	"CMP R0, R3\n"
63	"LDRCC R2, [R0],#4\n"
64	"STRCC R2, [R1],#4\n"
65	"BCC loc_FFC001B0\n"
66	"LDR R0, =0xFFC00254\n"
67	"MOV R1, #0x4B0\n"
68	"LDR R3, =0xFFC00468\n"
69	"loc_FFC001CC:\n"
70	"CMP R0, R3\n"
71	"LDRCC R2, [R0],#4\n"
72	"STRCC R2, [R1],#4\n"
73	"BCC loc_FFC001CC\n"
74	"MOV R0, #0xD2\n"
75	"MSR CPSR_cxsf, R0\n"
76	"MOV SP, #0x1000\n"
77	"MOV R0, #0xD3\n"
78	"MSR CPSR_cxsf, R0\n"
79	"MOV SP, #0x1000\n"
80	"LDR R0, =0xFFC00210\n"
81	"LDR R2, =0xEEEEEEEE\n"
82	"MOV R3, #0x1000\n"
83	"loc_FFC00200:\n"
84	"CMP R0, R3\n"
85	"STRCC R2, [R0],#4\n"
86	"BCC loc_FFC00200\n"
87	//"BL sub_FFC00FA0\n"
88	"BL sub_FFC00FA0_my\n"
89	);
90	} //#fe
91
92	void __attribute__((naked,noinline)) sub_FFC00FA0_my() { //#fs
93	asm volatile (
94	//"STR LR, [SP,#0xFFFFFFFC]!\n"
95	"STR LR, [SP,#-4]!\n" // inspired by original CHDK-code
96	"SUB SP, SP, #0x74\n"
97	"MOV R0, SP\n"
98	"MOV R1, #0x74\n"
99	"BL sub_FFE4E264\n"
100	"MOV R0, #0x53000\n"
101	"STR R0, [SP,#0x74-0x70]\n"
102	);
103	// "LDR R0, =0xA5718\n"
104	asm volatile (
105	"LDR R0, =new_sa\n"
106	"LDR R0, [R0]\n"
107	);
108	asm volatile (
109	"LDR R2, =0x279C00\n"
110	"LDR R1, =0x272968\n"
111	"STR R0, [SP,#0x74-0x6C]\n"
112	"SUB R0, R1, R0\n"
113	"ADD R3, SP, #0x74-0x68\n"
114	"STR R2, [SP,#0x74-0x74]\n"
115	"STMIA R3, {R0-R2}\n"
116	"MOV R0, #0x22\n"
117	"STR R0, [SP,#0x74-0x5C]\n"
118	"MOV R0, #0x68\n"
119	"STR R0, [SP,#0x74-0x58]\n"
120	"LDR R0, =0x19B\n"
121	"MOV R1, #0x64\n"
122	//"STRD R0, [SP,#0x74-0x54]\n" // "strd not supported by cpu" claims gcc
123	"STR R0, [SP,#0x74-0x54]\n" // split in two single-word STRs
124	"STR R1, [SP,#0x74-0x50]\n"
125	"MOV R0, #0x78\n"
126	//"STRD R0, [SP,#0x74-0x4C]\n" // "strd not supported by cpu" claims gcc
127	"STR R0, [SP,#0x74-0x4C]\n" // split in two single-word STRs
128	"STR R1, [SP,#0x74-0x48]\n"
129	"MOV R0, #0\n"
130	"STR R0, [SP,#0x74-0x44]\n"
131	"STR R0, [SP,#0x74-0x40]\n"
132	"MOV R0, #0x10\n"
133	"STR R0, [SP,#0x74-0x18]\n"
134	"MOV R0, #0x800\n"
135	"STR R0, [SP,#0x74-0x14]\n"
136	"MOV R0, #0xA0\n"
137	"STR R0, [SP,#0x74-0x10]\n"
138	"MOV R0, #0x280\n"
139	"STR R0, [SP,#0x74-0x0C]\n"
140	//"LDR R1, =0xFFC04DA4\n" // uHwSetup
141	"LDR R1, =uHwSetup_my\n" // followup to own function
142	"MOV R0, SP\n"
143	"MOV R2, #0\n"
144	"BL sub_FFC02D58\n"
145	"ADD SP, SP, #0x74\n"
146	"LDR PC, [SP],#4\n"
147	);
148	}; //#fe
149
150	void __attribute__((naked,noinline)) uHwSetup_my() { //#fs
151	asm volatile (
152	"STMFD SP!, {R4,LR}\n"
153	"BL sub_FFC0094C\n"
154	"BL sub_FFC0972C\n" // _dmSetup
155	"CMP R0, #0\n"
156	"LDRLT R0, =0xFFC04EB8\n" // aDmsetup
157	"BLLT sub_FFC04E98\n" // _err_init_task
158	"BL sub_FFC049C8\n" // _termDriverInit
159	"CMP R0, #0\n"
160	"LDRLT R0, =0xFFC04EC0\n" // aTermdriverinit
161	"BLLT sub_FFC04E98\n" // _err_init_task
162	"LDR R0, =0xFFC04ED0\n" // a_term
163	"BL sub_FFC04AB4\n" // _termDeviceCreate
164	"CMP R0, #0\n"
165	"LDRLT R0, =0xFFC04ED8\n" // aTermdevicecrea
166	"BLLT sub_FFC04E98\n" // _err_init_task
167	"LDR R0, =0xFFC04ED0\n" // a_term
168	"BL sub_FFC03564\n" // _stdioSetup
169	"CMP R0, #0\n"
170	"LDRLT R0, =0xFFC04EEC\n" // aStdiosetup
171	"BLLT sub_FFC04E98\n" // _err_init_task
172	"BL sub_FFC092B4\n" // _stdlibSetup
173	"CMP R0, #0\n"
174	"LDRLT R0, =0xFFC04EF8\n" // aStdlibsetup
175	"BLLT sub_FFC04E98\n" // _err_init_task
176	"BL sub_FFC014B8\n" // _armlib_setup
177	"CMP R0, #0\n"
178	"LDRLT R0, =0xFFC04F04\n" // aArmlib_setup
179	"BLLT sub_FFC04E98\n" // _err_init_task
180	"LDMFD SP!, {R4,LR}\n"
181	//"B _CreateTaskStartup\n" // FFC0CD84
182	"B CreateTask_Startup_my\n"
183	);
184	}; //#fe
185
186	void __attribute__((naked,noinline)) CreateTask_Startup_my() { //#fs
187	asm volatile (
188	"STMFD SP!, {R3,LR}\n"
189	//"BL nullsub_201\n"
190	"BL sub_FFC1978C\n"
191	"CMP R0, #0\n"
192	"BNE loc_FFC0CDB4\n"
193	"BL sub_FFC119C0\n"
194	"CMP R0, #0\n"
195	"BNE loc_FFC0CDB4\n"
196	"LDR R1, =0xC0220000\n"
197	"MOV R0, #0x44\n"
198	"STR R0, [R0,#0xA0]\n"
199	"loc_FFC0CDB0:\n"
200	"B loc_FFC0CDB0\n"
201	"loc_FFC0CDB4:\n"
202	//"BL nullsub_203\n"
203	//"BL nullsub_202\n"
204	"BL sub_FFC17B14\n"
205	"LDR R1, =0x2CE000\n"
206	"MOV R0, #0\n"
207	"BL sub_FFC17D5C\n"
208	"BL sub_FFC17D08\n"
209	"MOV R3, #0\n"
210	"STR R3, [SP,#8-8]\n"
211	//"LDR R3, =0xFFC0CD28\n" // Startup
212	"LDR R3, =task_Startup_my\n" // followup to own function
213	"MOV R2, #0\n"
214	"MOV R1, #0x19\n"
215	"LDR R0, =0xFFC0CDFC\n" // aStartup
216	"BL sub_FFC0B8E0\n" // CreateTask
217	"MOV R0, #0\n"
218	"LDMFD SP!, {R12,PC}\n"
219	);
220	}; //#fe
221
222	void __attribute__((naked,noinline)) task_Startup_my() { //#fs
223	asm volatile (
224	"STMFD SP!, {R4,LR}\n"
225	"BL sub_FFC051BC\n" // uRegClockSave
226	"BL sub_FFC12B1C\n"
227	"BL sub_FFC0FDFC\n"
228	"BL sub_FFC197CC\n"
229	"BL sub_FFC19994\n"
230	//"BL sub_FFC19854\n" // StartDiskboot
231	);
232
233	CreateTask_spytask();
234
235	asm volatile (
236	"BL sub_FFC19B48\n"
237	"BL sub_FFC199E4\n"
238
239	"BL sub_FFC17054\n"
240	"BL sub_FFC19B4C\n"
241	);
242
243	CreateTask_PhySw();
244
245	asm volatile (
246	//"BL sub_FFC118D8\n" // CreateTask_PhySw - checks buttons and acts accordingly
247	"BL sub_FFC14A18_my\n" // divert to intercept task_ShootSeqTask
248	"BL sub_FFC19B64\n"
249	//"BL nullsub_2\n"
250	"BL sub_FFC10DAC\n"
251	"BL sub_FFC19554\n" // taskCreate_bye
252	"BL sub_FFC11408\n"
253	"BL sub_FFC10CAC\n"
254	//"BL sub_FFC1A4CC\n"
255	"BL sub_FFC1A4CC_my\n" // divert for SDHC-bootdisk-support
256	"BL sub_FFC10C68\n"
257
258	// modification: BL instead of B to last function to control action after its return
259	"BL sub_FFC05070\n"
260	"LDMFD SP!, {R4,PC}\n" // restore stack to PC instead of LR to return to caller
261	);
262	}; //#fe
263
264	void CreateTask_spytask() { //#fs
265	_CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
266
267	}; //#fe
268
269	void CreateTask_PhySw() { //#fs
270	_CreateTask("PhySw", 0x18, 0x800, mykbd_task, 0);
271	}; //#fe
272
273	void __attribute__((naked,noinline)) sub_FFC14A18_my() { //#fs
274	asm volatile (
275	"STMFD SP!, {R4,LR}\n"
276	"LDR R4, =0x1C04\n"
277	"MOV R0, #0\n"
278	"MOV R1, #4\n"
279	"STR R0, [R4,#0xC]\n"
280	"BL sub_FFC0BC10\n"
281	"STR R0, [R4,#4]\n"
282	"MOV R0, #0\n"
283	"MOV R1, #1\n"
284	"BL sub_FFC0BC34\n"
285	"STR R0, [R4,#8]\n"
286	"BL sub_FFC4B714\n"
287	"BL sub_FFC4C8E8\n"
288	"BL sub_FFC4A828\n"
289	//"BL sub_FFC47814\n"
290	"BL sub_FFC47814_my\n" // divert this for ShootSeqTask
291	"BL sub_FFC4B9D4\n"
292	"LDR R0, [R4,#4]\n"
293	"LDMFD SP!, {R4,LR}\n"
294	"MOV R1, #0x1000\n"
295	"B sub_FFC173B8\n"
296	);
297	}; //#fe
298
299	void __attribute__((naked,noinline)) sub_FFC47814_my() { //#fs
300	asm volatile (
301	"STMFD SP!, {R4,LR}\n"
302	"LDR R4, =0x5298\n"
303	"LDR R0, [R4,#4]\n"
304	"CMP R0, #0\n"
305	"BNE loc_FFC47880\n"
306	//"BL nullsub_5\n"
307	"MOV R1, #1\n"
308	"MOV R0, #0\n"
309	"BL sub_FFC0BC34\n"
310	"STR R0, [R4,#0xC]\n"
311	"MOV R0, #0\n"
312	"MOV R1, #0\n"
313	"BL sub_FFC0BC10\n"
314	"STR R0, [R4,#0x10]\n"
315	"BL sub_FFC47B10\n"
316	"BL sub_FFC48060\n" // continue here for task_ShootSeqTask (this is nonsense. We just need CaptSeqTask)
317	"MOV R0, #0\n"
318	"STR R0, [R4,#0x8]\n"
319	"ADD R0, R4, #0x14\n"
320	"MOV R1, #0\n"
321	"STR R1, [R0],#4\n"
322	"STR R1, [R0]\n"
323	"BL sub_FFC48200\n"
324	"BL sub_FFC4BB80\n"
325	"BL sub_FFC4A1F8\n"
326	//"BL sub_FFC48B2C\n"
327	"BL sub_FFC48B2C_my\n" // continue here for task_CaptSeqTask
328	"BL sub_FFC49D40\n"
329	"loc_FFC47880:\n"
330	"MOV R0, #1\n"
331	"STR R0, [R4,#4]\n"
332	"LDMFD SP!, {R4,PC}\n"
333	);
334	}; //#fe
335
336	void __attribute__((naked,noinline)) sub_FFC48B2C_my() { //#fs // CreateTask_CaptSeqTask
337	asm volatile (
338	"STMFD SP!, {R3-R5,LR}\n"
339	"LDR R2, =0x1961C\n"
340	"MOV R0, #0\n"
341	"MOV R1, #0\n"
342	"loc_FFC48B3C:\n"
343	"ADD R3, R2, R0,LSL#4\n"
344	"ADD R0, R0, #1\n"
345	"CMP R0, #5\n"
346	"STR R1, [R3,#8]\n"
347	"BCC loc_FFC48B3C\n"
348	"BL sub_FFD0B9C0\n"
349	"BL sub_FFD0D598\n"
350	"MOV R1, #5\n"
351	"MOV R0, #0\n"
352	"BL sub_FFC0BBEC\n"
353	"LDR R4, =0x52D0\n"
354	"LDR R1, =0x1001FF\n"
355	"STR R0, [R4,#8]\n"
356	"MOV R0, #0\n"
357	"BL sub_FFC0BC10\n"
358	"STR R0, [R4,#4]\n"
359	"MOV R0, #0\n"
360	"MOV R1, #1\n"
361	"BL sub_FFC0BC34\n"
362	"STR R0, [R4,#0xC]\n"
363	"MOV R3, #0\n"
364	//"STR R3, [SP,#0x10+var_10]\n"
365	"STR R3, [SP]\n"
366	//"LDR R3, =0xFFC488A4\n" // task_CaptSeqTask
367	"LDR R3, =task_CaptSeqTask_my\n" // task_CaptSeqTask
368	"LDR R0, =0xFFC48C60\n" // aCaptseqtask ; "CaptSeqTask"
369	"MOV R2, #0x1000\n"
370	"MOV R1, #0x17\n"
371	"BL sub_FFC0BBB8\n" // uKernelMiscCreateTask o. CreateTaskStrict
372	"LDMFD SP!, {R3-R5,PC}\n"
373	".ltorg\n"
374	);
375	}; //#fe
376
377	// -----------------
378	// SDHC-Boot-Support
379	// -----------------
380	// Required subs:
381	// Startup -> FFC1A4CC -> FFC1A080 -> FFC5DFE0 -> uAC_Boot -> CreateTask_InitFileModules -> task_InitFileModules -> FFC577C0 -> FFC3CA60 -> FFC3C380 -> FFC3C62C
382	// \->FFC5E924 -> FFC5F410 ->/\|
383	// -> StartFactoryModeController =>\|\|
384	//
385	// uAC_Boot: FFC5D48C
386	// CreateTask_InitFileModules: FFC5EC48
387	// task_InitFileModules: FFC5F754
388
389
390	void __attribute__((naked,noinline)) sub_FFC1A4CC_my() { //#fs
391	asm volatile (
392	"STMFD SP!, {R4,LR}\n"
393	"BL sub_FFC5BFB4\n"
394	"BL sub_FFC33B48\n"
395	"CMP R0, #1\n"
396	"BNE loc_FFC1A4EC\n"
397	"BL sub_FFC5ED54\n"
398	"LDMFD SP!, {R4,LR}\n"
399	"B sub_FFC33BB8\n"
400	"loc_FFC1A4EC:\n"
401	"BL sub_FFC5DD9C\n"
402	"LDR R4, =0x1D18\n"
403	"LDR R0, [R4,#4]\n"
404	"CMP R0, #0\n"
405	"LDMNEFD SP!, {R4,PC}\n"
406	"MOV R1, #0\n"
407	"LDR R0, =sub_FFC1A080_my\n" //------->
408	"BL sub_FFC5A41C\n"
409	"STR R0, [R4,#4]\n"
410	"LDMFD SP!, {R4,PC}\n"
411	);
412	}; //#fe
413
414	void __attribute__((naked,noinline)) sub_FFC1A080_my() { //#fs
415	asm volatile (
416	"STMFD SP!, {R3-R11,LR}\n"
417	"LDR R6, =0x1D18\n"
418	"MOV R5, R1\n"
419	"LDR R0, [R6,#0x14]\n"
420	"MOV R4, R3\n"
421	"CMP R0, #1\n"
422	"BNE loc_FFC1A0A4\n"
423	"BL sub_FFC5C7D8\n"
424	"B loc_FFC1A13C\n"
425	"loc_FFC1A0A4:\n"
426	"LDR R11, =0x1167\n"
427	"MOV R7, #0\n"
428	"SUB R12, R11, #5\n"
429	"CMP R5, R12\n"
430	"MOV R9, #1\n"
431	"BEQ loc_FFC1A3D8\n"
432	"BGT loc_FFC1A1D4\n"
433	"LDR R3, =0x1063\n"
434	"CMP R5, R3\n"
435	"SUB LR, R3, #0xD\n"
436	"SUB R1, R3, #8\n"
437	"SUB R8, R3, #5\n"
438	"SUB R2, R3, #2\n"
439	"SUB R0, R3, #1\n"
440	"BEQ loc_FFC1A470\n"
441	"BGT loc_FFC1A15C\n"
442	"CMP R5, LR\n"
443	"BEQ loc_FFC1A470\n"
444	"BGT loc_FFC1A144\n"
445	"SUB R12, R5, #0x800\n"
446	"SUBS R12, R12, #3\n"
447	"BEQ loc_FFC1A2F4\n"
448	"SUB R12, R5, #0x800\n"
449	"SUBS R12, R12, #0x144\n"
450	"BEQ loc_FFC1A4A8\n"
451	"SUB R12, R5, #0x900\n"
452	"SUBS R12, R12, #0xA3\n"
453	"SUBNE R12, R5, #0x900\n"
454	"SUBNES R12, R12, #0xA5\n"
455	"BNE loc_FFC1A4C4\n"
456	"LDR R0, [R6,#0xC]\n"
457	"SUB R12, R0, #0x8000\n"
458	"SUBS R12, R12, #2\n"
459	"BEQ loc_FFC1A13C\n"
460	"LDR R0, =0x10A5\n"
461	"BL sub_FFC5B294\n"
462	"CMP R0, #0\n"
463	"BEQ loc_FFC1A4C4\n"
464	"loc_FFC1A13C:\n"
465	"MOV R0, #0\n"
466	"LDMFD SP!, {R3-R11,PC}\n"
467	"loc_FFC1A144:\n"
468	"CMP R5, R1\n"
469	"CMPNE R5, R8\n"
470	"CMPNE R5, R2\n"
471	"CMPNE R5, R0\n"
472	"BNE loc_FFC1A4C4\n"
473	"B loc_FFC1A470\n"
474	"loc_FFC1A15C:\n"
475	"LDR R12, =0x10AE\n"
476	"CMP R5, R12\n"
477	"BEQ loc_FFC1A40C\n"
478	"BGT loc_FFC1A1A4\n"
479	"SUB R12, R5, #0x1000\n"
480	"SUBS R12, R12, #0x65\n"
481	"BEQ loc_FFC1A470\n"
482	"SUB R12, R5, #0x1000\n"
483	"LDR R0, =0x10A3\n"
484	"SUBS R12, R12, #0xA9\n"
485	"BEQ loc_FFC1A3E8\n"
486	"SUB R12, R5, #0x1000\n"
487	"SUBS R12, R12, #0xAA\n"
488	"BEQ loc_FFC1A400\n"
489	"SUB R12, R5, #0x1000\n"
490	"SUBS R12, R12, #0xAD\n"
491	"BNE loc_FFC1A4C4\n"
492	"B loc_FFC1A3F4\n"
493	"loc_FFC1A1A4:\n"
494	"SUB R12, R5, #0x1000\n"
495	"SUBS R12, R12, #0xAF\n"
496	"BEQ loc_FFC1A3F4\n"
497	"SUB R12, R5, #0x1000\n"
498	"SUBS R12, R12, #0xB0\n"
499	"BEQ loc_FFC1A40C\n"
500	"SUB R12, R5, #0x1000\n"
501	"SUBS R12, R12, #0xB2\n"
502	"BNE loc_FFC1A4C4\n"
503	"LDR R0, =0x1008\n"
504	"MOV R1, R4\n"
505	"B loc_FFC1A3D0\n"
506	"loc_FFC1A1D4:\n"
507	"LDR R10, =0x201B\n"
508	"LDR R0, =0x1D18\n"
509	"CMP R5, R10\n"
510	"LDR R2, [R0,#0x10]!\n"
511	"LDR R1, [R0,#0x10]\n"
512	"SUB R8, R10, #0x17\n"
513	"BEQ loc_FFC1A3AC\n"
514	"BGT loc_FFC1A290\n"
515	"LDR R10, =0x116A\n"
516	"CMP R5, R10\n"
517	"BEQ loc_FFC1A398\n"
518	"BGT loc_FFC1A24C\n"
519	"SUB R12, R5, #0x1100\n"
520	"SUBS R12, R12, #0x63\n"
521	"MOVEQ R1, #0\n"
522	"MOVEQ R0, #0x82\n"
523	"BEQ loc_FFC1A3C4\n"
524	"SUB R12, R5, #0x1100\n"
525	"SUBS R12, R12, #0x65\n"
526	"BEQ loc_FFC1A3BC\n"
527	"LDR R4, =0x1168\n"
528	"CMP R5, R11\n"
529	"CMPNE R5, R4\n"
530	"BNE loc_FFC1A4C4\n"
531	"STR R9, [R6,#0x10]\n"
532	"LDR R6, =0x4508\n"
533	"CMP R1, #0\n"
534	"BEQ loc_FFC1A380\n"
535	"BL sub_FFC5C80C\n"
536	"B loc_FFC1A38C\n"
537	"loc_FFC1A24C:\n"
538	"SUB R12, R5, #0x2000\n"
539	"SUBS R12, R12, #2\n"
540	"BEQ loc_FFC1A43C\n"
541	"CMP R5, R8\n"
542	"MOV R0, R8\n"
543	"BEQ loc_FFC1A448\n"
544	"SUB R12, R5, #0x2000\n"
545	"SUBS R12, R12, #5\n"
546	"BEQ loc_FFC1A43C\n"
547	"SUB R12, R5, #0x2000\n"
548	"SUBS R12, R12, #0x19\n"
549	"BNE loc_FFC1A4C4\n"
550	"CMP R1, #0\n"
551	"BEQ loc_FFC1A13C\n"
552	"CMP R2, #0\n"
553	"BNE loc_FFC1A13C\n"
554	"B loc_FFC1A4A0\n"
555	"loc_FFC1A290:\n"
556	"LDR R12, =0x3111\n"
557	"CMP R5, R12\n"
558	"BEQ loc_FFC1A410\n"
559	"BGT loc_FFC1A2D0\n"
560	"SUB R12, R5, #0x2000\n"
561	"SUBS R12, R12, #0x1D\n"
562	"BEQ loc_FFC1A43C\n"
563	"LDR R0, =0x2027\n"
564	"CMP R5, R0\n"
565	"BEQ loc_FFC1A418\n"
566	"SUB R12, R5, #0x3000\n"
567	"SUBS R12, R12, #6\n"
568	"SUBNE R12, R5, #0x3000\n"
569	"SUBNES R12, R12, #0x110\n"
570	"BNE loc_FFC1A4C4\n"
571	"B loc_FFC1A410\n"
572	"loc_FFC1A2D0:\n"
573	"CMP R5, #0x3140\n"
574	"BEQ loc_FFC1A464\n"
575	"SUB R12, R5, #0x3200\n"
576	"SUBS R12, R12, #1\n"
577	"BEQ loc_FFC1A4C4\n"
578	"SUB R12, R5, #0x3200\n"
579	"SUBS R12, R12, #2\n"
580	"BNE loc_FFC1A4C4\n"
581	"B loc_FFC1A410\n"
582	"loc_FFC1A2F4:\n"
583	"MOV R4, #1\n"
584	"MOV R0, #2\n"
585	"BL sub_FFC5C048\n"
586	"CMP R0, #1\n"
587	"MOVEQ R4, #2\n"
588	"MOV R0, R4\n"
589	"BL sub_FFC11030\n"
590	"CMP R0, #0\n"
591	"STRNE R9, [R6,#0x14]\n"
592	"BNE loc_FFC1A34C\n"
593	"BL sub_FFC61810\n"
594	"BL sub_FFC5F6AC\n"
595	"BL sub_FFC601B0\n"
596	"BL sub_FFC5EFFC\n"
597	"BL sub_FFC60808\n"
598	"CMP R0, #0\n"
599	"BEQ loc_FFC1A354\n"
600	"BL sub_FFC19DA4\n"
601	"BL sub_FFC6076C\n"
602	"MOV R1, R0\n"
603	"MOV R0, R11\n"
604	"BL sub_FFC5AC24\n"
605	"loc_FFC1A34C:\n"
606	"MOV R0, R7\n"
607	"LDMFD SP!, {R3-R11,PC}\n"
608	"loc_FFC1A354:\n"
609	"BL sub_FFC1507C\n"
610	"CMP R0, #1\n"
611	"LDRNE R0, =0x310B\n"
612	"LDREQ R0, =0x310C\n"
613	"MOV R1, #0\n"
614	"BL sub_FFC5AC24\n"
615	"BL sub_FFC5E924_my\n" // Continue here (possibility 1) for SDHC-boot
616	"B loc_FFC1A34C\n"
617	"loc_FFC1A374:\n"
618	"MOV R0, R6\n"
619	"BL sub_FFC46100\n"
620	"B loc_FFC1A13C\n"
621	"loc_FFC1A380:\n"
622	"BL sub_FFC5F924\n"
623	"BL sub_FFC5F888\n"
624	"BL sub_FFC14D5C\n"
625	"loc_FFC1A38C:\n"
626	"CMP R5, R4\n"
627	"BNE loc_FFC1A13C\n"
628	"B loc_FFC1A374\n"
629	"loc_FFC1A398:\n"
630	"MOV R0, #1\n"
631	"BL sub_FFC5C938\n"
632	"LDR R0, =0x1005\n"
633	"MOV R1, R10\n"
634	"B loc_FFC1A3D0\n"
635	"loc_FFC1A3AC:\n"
636	"CMP R2, #1\n"
637	"BNE loc_FFC1A410\n"
638	"BL sub_FFC5C80C\n"
639	"B loc_FFC1A13C\n"
640	"loc_FFC1A3BC:\n"
641	"MOV R1, #0\n"
642	"MOV R0, #0x83\n"
643	"loc_FFC1A3C4:\n"
644	"BL sub_FFC60288\n"
645	"B loc_FFC1A13C\n"
646	"loc_FFC1A3CC:\n"
647	"MOV R0, R5\n"
648	"loc_FFC1A3D0:\n"
649	"BL sub_FFC5DAC4_my\n" // Continue here (possibility 2) for SDHC-boot
650	"LDMFD SP!, {R3-R11,PC}\n"
651	"loc_FFC1A3D8:\n"
652	"BL sub_FFC637A8\n"
653	"CMP R0, #0\n"
654	"BLNE sub_FFC626DC\n"
655	"B loc_FFC1A410\n"
656	"loc_FFC1A3E8:\n"
657	"BL sub_FFC5B294\n"
658	"CMP R0, #0\n"
659	"BNE loc_FFC1A13C\n"
660	"loc_FFC1A3F4:\n"
661	"MOV R0, R5\n"
662	"BL sub_FFC19E70\n"
663	"LDMFD SP!, {R3-R11,PC}\n"
664	"loc_FFC1A400:\n"
665	"BL sub_FFC5B294\n"
666	"CMP R0, #0\n"
667	"BNE loc_FFC1A13C\n"
668	"loc_FFC1A40C:\n"
669	"BL sub_FFC1A8CC\n"
670	"loc_FFC1A410:\n"
671	"MOV R1, R4\n"
672	"B loc_FFC1A3CC\n"
673	"loc_FFC1A418:\n"
674	"MOV R1, #0\n"
675	"BL sub_FFC5DAC4_my\n" // Continue here (possibility 2) for SDHC-boot
676	"MOV R1, #0\n"
677	"MOV R0, R10\n"
678	"BL sub_FFC5DAC4_my\n" // Continue here (possibility 2) for SDHC-boot
679	"MOV R1, #0\n"
680	"MOV R0, R8\n"
681	"loc_FFC1A434:\n"
682	"BL sub_FFC5DAC4_my\n" // Continue here (possibility 2) for SDHC-boot
683	"B loc_FFC1A13C\n"
684	"loc_FFC1A43C:\n"
685	"STR R7, [R6,#0x20]\n"
686	"BL sub_FFC1A690\n"
687	"B loc_FFC1A410\n"
688	"loc_FFC1A448:\n"
689	"STR R7, [R6,#0x20]\n"
690	"BL sub_FFC1A690\n"
691	"LDR R0, [R6,#0x10]\n"
692	"CMP R0, #1\n"
693	"BNE loc_FFC1A410\n"
694	"BL sub_FFC5C850\n"
695	"B loc_FFC1A13C\n"
696	"loc_FFC1A464:\n"
697	"CMP R1, #0\n"
698	"BLEQ sub_FFC1A690\n"
699	"B loc_FFC1A13C\n"
700	"loc_FFC1A470:\n"
701	"CMP R5, R2\n"
702	"MOVEQ R0, R2\n"
703	"BEQ loc_FFC1A4A0\n"
704	"BGT loc_FFC1A490\n"
705	"CMP R5, LR\n"
706	"CMPNE R5, R8\n"
707	"BEQ loc_FFC1A4A0\n"
708	"B loc_FFC1A49C\n"
709	"loc_FFC1A490:\n"
710	"CMP R5, R0\n"
711	"CMPNE R5, R3\n"
712	"BEQ loc_FFC1A4A0\n"
713	"loc_FFC1A49C:\n"
714	"MOV R0, R1\n"
715	"loc_FFC1A4A0:\n"
716	"MOV R1, #0\n"
717	"B loc_FFC1A434\n"
718	"loc_FFC1A4A8:\n"
719	"TST R4, #0x80000000\n"
720	"MOVNE R0, #1\n"
721	"LDMNEFD SP!, {R3-R11,PC}\n"
722	"BL sub_FFC64C74\n"
723	"CMP R0, #0\n"
724	"BLEQ sub_FFC16F6C\n"
725	"B loc_FFC1A13C\n"
726	"loc_FFC1A4C4:\n"
727	"MOV R1, #0\n"
728	"B loc_FFC1A3CC\n"
729	);
730	}; //#fe
731
732	void __attribute__((naked,noinline)) sub_FFC5E924_my() { //#fs
733	asm volatile (
734	"STMFD SP!, {R4,LR}\n"
735	"BL sub_FFC1A644\n"
736	"CMP R0, #0\n"
737	"LDRNE R0, =0x1061\n"
738	"BNE loc_FFC5E94C\n"
739	"BL sub_FFC1A62C\n"
740	"CMP R0, #0\n"
741	"LDRNE R0, =0x105B\n"
742	"BNE loc_FFC5E94C\n"
743	"BL sub_FFC1A65C\n"
744	"loc_FFC5E94C:\n"
745	"MOV R4, R0\n"
746	"BL sub_FFC5EAAC\n"
747	"MOV R0, R4\n"
748	"BL sub_FFC5EB4C\n"
749	"LDR R0, =0x581C\n"
750	"LDR R0, [R0]\n"
751	"TST R0, #1\n"
752	"TSTEQ R0, #0x10\n"
753	"BEQ loc_FFC5E97C\n"
754	"loc_FFC5E970:\n"
755	"MOV R1, R4\n"
756	"MOV R0, #2\n"
757	"B loc_FFC5E9C0\n"
758	"loc_FFC5E97C:\n"
759	"TST R0, #0x40\n"
760	"BEQ loc_FFC5E990\n"
761	"loc_FFC5E984:\n"
762	"MOV R1, R4\n"
763	"MOV R0, #1\n"
764	"B loc_FFC5E9C0\n"
765	"loc_FFC5E990:\n"
766	"TST R0, #0x20\n"
767	"BEQ loc_FFC5E9AC\n"
768	"TST R0, #0x4000\n"
769	"BNE loc_FFC5E9AC\n"
770	"loc_FFC5E9A0:\n"
771	"MOV R1, R4\n"
772	"MOV R0, #0\n"
773	"B loc_FFC5E9C0\n"
774	"loc_FFC5E9AC:\n"
775	"LDR R1, =0x102\n"
776	"BICS R1, R1, R0\n"
777	"BNE loc_FFC5E9C8\n"
778	"MOV R1, R4\n"
779	"MOV R0, #6\n"
780	"loc_FFC5E9C0:\n"
781	"LDMFD SP!, {R4,LR}\n"
782	"B sub_FFC5E8C0_my\n" // cont. for SDHC-boot
783	"loc_FFC5E9C8:\n"
784	"TST R0, #0x100\n"
785	"BNE loc_FFC5E970\n"
786	"TST R0, #0x400\n"
787	"BNE loc_FFC5E984\n"
788	"TST R0, #0x200\n"
789	"TSTEQ R0, #2\n"
790	"BNE loc_FFC5E9A0\n"
791	"TST R0, #0x40000\n"
792	"BEQ loc_FFC5E970\n"
793	"TST R0, #0x200000\n"
794	"MOVEQ R1, R4\n"
795	"MOVEQ R0, #1\n"
796	"BLEQ sub_FFC5E8C0_my\n" // cont. for SDHC-boot
797	"B loc_FFC5E970\n"
798	);
799	}; //#fe
800
801	void __attribute__((naked,noinline)) sub_FFC5E8C0_my() { //#fs
802	asm volatile (
803	"STMFD SP!, {R4-R6,LR}\n"
804	"MOVS R4, R0\n"
805	"MOV R0, #1\n"
806	"MOV R5, R1\n"
807	"BNE loc_FFC5E900\n"
808	"MOV R1, #0\n"
809	"MOV R0, #0\n"
810	"BL sub_FFC5BFD8\n"
811	"BL sub_FFC1A65C\n"
812	"SUB R12, R0, #0x1000\n"
813	"SUBS R12, R12, #0x5B\n"
814	"BNE loc_FFC5E8F8\n"
815	"loc_FFC5E8F0:\n"
816	"BL sub_FFC5E7F4\n"
817	"B loc_FFC5E908\n"
818	"loc_FFC5E8F8:\n"
819	"BL sub_FFC5E854\n"
820	"B loc_FFC5E908\n"
821	"loc_FFC5E900:\n"
822	"CMP R4, #5\n"
823	"BEQ loc_FFC5E8F0\n"
824	"loc_FFC5E908:\n"
825	"CMP R0, #0\n"
826	"LDREQ R5, =0x1162\n"
827	"MOVEQ R4, #2\n"
828	"MOV R0, R4\n"
829	"MOV R1, R5\n"
830	"LDMFD SP!, {R4-R6,LR}\n"
831	"B sub_FFC5DAC4_my\n" //------>
832	);
833	}; //#fe
834
835	void __attribute__((naked,noinline)) sub_FFC5DAC4_my() { //#fs
836	asm volatile (
837	"STMFD SP!, {R4-R8,LR}\n"
838	"MOV R7, R1\n"
839	"MOV R6, R0\n"
840	"BL sub_FFC60808\n"
841	"CMP R0, #0\n"
842	"BNE loc_FFC5DD94\n"
843	"MOV R1, R7\n"
844	"MOV R0, R6\n"
845	"BL sub_FFC5CB08\n"
846	"LDR R4, =0x5760\n"
847	"MOV R5, #0\n"
848	"LDR R0, [R4,#0x10]\n"
849	"CMP R0, #0x16\n"
850	"ADDLS PC, PC, R0,LSL#2\n"
851	"B loc_FFC5DD94\n"
852	"loc_FFC5DB00:\n"
853	"B loc_FFC5DB5C\n"
854	"loc_FFC5DB04:\n"
855	"B loc_FFC5DB78\n"
856	"loc_FFC5DB08:\n"
857	"B loc_FFC5DBAC\n"
858	"loc_FFC5DB0C:\n"
859	"B loc_FFC5DC5C\n"
860	"loc_FFC5DB10:\n"
861	"B loc_FFC5DC6C\n"
862	"loc_FFC5DB14:\n"
863	"B loc_FFC5DD94\n"
864	"loc_FFC5DB18:\n"
865	"B loc_FFC5DD94\n"
866	"loc_FFC5DB1C:\n"
867	"B loc_FFC5DCF0\n"
868	"loc_FFC5DB20:\n"
869	"B loc_FFC5DB6C\n"
870	"loc_FFC5DB24:\n"
871	"B loc_FFC5DD94\n"
872	"loc_FFC5DB28:\n"
873	"B loc_FFC5DCF0\n"
874	"loc_FFC5DB2C:\n"
875	"B loc_FFC5DBA0\n"
876	"loc_FFC5DB30:\n"
877	"B loc_FFC5DD94\n"
878	"loc_FFC5DB34:\n"
879	"B loc_FFC5DD94\n"
880	"loc_FFC5DB38:\n"
881	"B loc_FFC5DBB8\n"
882	"loc_FFC5DB3C:\n"
883	"B loc_FFC5DBC4\n"
884	"loc_FFC5DB40:\n"
885	"B loc_FFC5DC34\n"
886	"loc_FFC5DB44:\n"
887	"B loc_FFC5DB84\n"
888	"loc_FFC5DB48:\n"
889	"B loc_FFC5DD7C\n"
890	"loc_FFC5DB4C:\n"
891	"B loc_FFC5DCFC\n"
892	"loc_FFC5DB50:\n"
893	"B loc_FFC5DD2C\n"
894	"loc_FFC5DB54:\n"
895	"B loc_FFC5DD2C\n"
896	"loc_FFC5DB58:\n"
897	"B loc_FFC5DC78\n"
898	"loc_FFC5DB5C:\n"
899	"MOV R1, R7\n"
900	"MOV R0, R6\n"
901	"LDMFD SP!, {R4-R8,LR}\n"
902	"B sub_FFC5D48C_my\n" // uAC_Boot // divert for SDHC-boot
903	"loc_FFC5DB6C:\n"
904	"MOV R0, R6\n"
905	"LDMFD SP!, {R4-R8,LR}\n"
906	"B sub_FFC5E4C0\n"
907	"loc_FFC5DB78:\n"
908	"MOV R0, R6\n"
909	"LDMFD SP!, {R4-R8,LR}\n"
910	"B sub_FFC5D12C\n"
911	"loc_FFC5DB84:\n"
912	"SUB R12, R6, #0x3000\n"
913	"SUBS R12, R12, #6\n"
914	"BNE loc_FFC5DD94\n"
915	"MOV R0, #0\n"
916	"BL sub_FFC19C3C\n"
917	"BL sub_FFC5E3BC\n"
918	"B loc_FFC5DD8C\n"
919	"loc_FFC5DBA0:\n"
920	"MOV R0, R6\n"
921	"LDMFD SP!, {R4-R8,LR}\n"
922	"B sub_FFC5E3F4\n"
923	"loc_FFC5DBAC:\n"
924	"MOV R0, R6\n"
925	"LDMFD SP!, {R4-R8,LR}\n"
926	"B sub_FFC5D2BC\n"
927	"loc_FFC5DBB8:\n"
928	"MOV R0, R6\n"
929	"LDMFD SP!, {R4-R8,LR}\n"
930	"B sub_FFC5D864\n"
931	"loc_FFC5DBC4:\n"
932	"SUB R12, R6, #0x3200\n"
933	"SUBS R12, R12, #2\n"
934	"BNE loc_FFC5DD94\n"
935	"MOV R0, #3\n"
936	"BL sub_FFC5CA14\n"
937	"MOV R0, #8\n"
938	"BL sub_FFC19B9C\n"
939	"MOV R1, #0\n"
940	"MOV R0, #0x19\n"
941	"BL sub_FFC2795C\n"
942	"BL sub_FFC5F924\n"
943	"BL sub_FFC5FBBC\n"
944	"BL sub_FFC5F06C\n"
945	"B loc_FFC5DD8C\n"
946	"loc_FFC5DC34:\n"
947	"SUB R12, R6, #0x3300\n"
948	"SUBS R12, R12, #1\n"
949	"BNE loc_FFC5DD94\n"
950	"LDR R0, =0x4010\n"
951	"BL sub_FFC19B9C\n"
952	"BL sub_FFD5A3CC\n"
953	"BL sub_FFC5F06C\n"
954	"MOV R0, #4\n"
955	"BL sub_FFC5CA14\n"
956	"B loc_FFC5DD8C\n"
957	"loc_FFC5DC5C:\n"
958	"MOV R1, R7\n"
959	"MOV R0, R6\n"
960	"LDMFD SP!, {R4-R8,LR}\n"
961	"B sub_FFC5D9C0\n"
962	"loc_FFC5DC6C:\n"
963	"MOV R0, R6\n"
964	"LDMFD SP!, {R4-R8,LR}\n"
965	"B sub_FFC5E604\n"
966	"loc_FFC5DC78:\n"
967	"LDR R7, =0x1182\n"
968	"MOV R0, R6\n"
969	"CMP R0, R7\n"
970	"MOV R6, #1\n"
971	"STREQ R6, [R4,#0xA8]\n"
972	"BEQ loc_FFC5DD8C\n"
973	"SUB R12, R0, #0x1000\n"
974	"SUBS R12, R12, #0x1AC\n"
975	"BEQ loc_FFC5DCD8\n"
976	"SUB R12, R0, #0x3000\n"
977	"SUBS R12, R12, #0x224\n"
978	"BNE loc_FFC5DD94\n"
979	"MOV R0, #8\n"
980	"BL sub_FFC19B9C\n"
981	"MOV R0, #3\n"
982	"BL sub_FFC5CA14\n"
983	"STR R5, [R4,#0xAC]\n"
984	"LDR R0, [R4,#0xA8]\n"
985	"CMP R0, #0\n"
986	"MOVNE R1, #0\n"
987	"MOVNE R0, R7\n"
988	"STRNE R5, [R4,#0xA8]\n"
989	"BLNE sub_FFC5D9C0\n"
990	"B loc_FFC5DD8C\n"
991	"loc_FFC5DCD8:\n"
992	"LDR R0, [R4,#0xAC]\n"
993	"CMP R0, #0\n"
994	"BNE loc_FFC5DD8C\n"
995	"BL sub_FFD582F4\n"
996	"STR R6, [R4,#0xAC]\n"
997	"B loc_FFC5DD8C\n"
998	"loc_FFC5DCF0:\n"
999	"MOV R0, R6\n"
1000	"LDMFD SP!, {R4-R8,LR}\n"
1001	"B sub_FFC5D784_my\n" //----------> movie_rec.c
1002	"loc_FFC5DCFC:\n"
1003	"LDR R12, =0x10B0\n"
1004	"CMP R6, R12\n"
1005	"BEQ loc_FFC5DD28\n"
1006	"BGT loc_FFC5DD34\n"
1007	"CMP R6, #4\n"
1008	"BEQ loc_FFC5DD5C\n"
1009	"SUB R12, R6, #0x1000\n"
1010	"SUBS R12, R12, #0xAA\n"
1011	"SUBNE R12, R6, #0x1000\n"
1012	"SUBNES R12, R12, #0xAE\n"
1013	"BNE loc_FFC5DD94\n"
1014	"loc_FFC5DD28:\n"
1015	"BL sub_FFC5C6F4\n"
1016	"loc_FFC5DD2C:\n"
1017	"MOV R0, R5\n"
1018	"LDMFD SP!, {R4-R8,PC}\n"
1019	"loc_FFC5DD34:\n"
1020	"SUB R12, R6, #0x2000\n"
1021	"SUBS R12, R12, #4\n"
1022	"BEQ loc_FFC5DD74\n"
1023	"SUB R12, R6, #0x5000\n"
1024	"SUBS R12, R12, #1\n"
1025	"SUBNE R12, R6, #0x5000\n"
1026	"SUBNES R12, R12, #6\n"
1027	"BNE loc_FFC5DD94\n"
1028	"BL sub_FFC5D098\n"
1029	"B loc_FFC5DD8C\n"
1030	"loc_FFC5DD5C:\n"
1031	"LDR R0, [R4,#0x2C]\n"
1032	"CMP R0, #0\n"
1033	"BNE loc_FFC5DD74\n"
1034	"BL sub_FFC5DF50\n"
1035	"BL sub_FFC14BF8\n"
1036	"B loc_FFC5DD8C\n"
1037	"loc_FFC5DD74:\n"
1038	"BL sub_FFC5C730\n"
1039	"B loc_FFC5DD8C\n"
1040	"loc_FFC5DD7C:\n"
1041	"SUB R12, R6, #0x3000\n"
1042	"SUBS R12, R12, #0x130\n"
1043	"BNE loc_FFC5DD94\n"
1044	"BL sub_FFC5C7D8\n"
1045	"loc_FFC5DD8C:\n"
1046	"MOV R0, #0\n"
1047	"LDMFD SP!, {R4-R8,PC}\n"
1048	"loc_FFC5DD94:\n"
1049	"MOV R0, #1\n"
1050	"LDMFD SP!, {R4-R8,PC}\n"
1051	);
1052	}; //#fe
1053
1054	void __attribute__((naked,noinline)) sub_FFC5D48C_my() { //#fs uAC_Boot
1055	asm volatile (
1056	"STMFD SP!, {R4-R8,LR}\n"
1057	"LDR R7, =0x8002\n"
1058	"LDR R4, =0x5760\n"
1059	"CMP R0, #2\n"
1060	"MOV R6, R1\n"
1061	"MOV R5, #1\n"
1062	"BEQ loc_FFC5D518\n"
1063	"BGT loc_FFC5D500\n"
1064	"CMP R0, #0\n"
1065	"BEQ loc_FFC5D544\n"
1066	"CMP R0, #1\n"
1067	"BNE loc_FFC5D5DC\n"
1068	"MOV R0, #8\n"
1069	"BL sub_FFC5CA14\n"
1070	"BL sub_FFC5EC84\n"
1071	"BL sub_FFC5F78C\n"
1072	"LDR R1, =0xFFC5D73C\n"
1073	"MOV R0, #0x20\n"
1074	"BL sub_FFC542D8\n"
1075	"BL sub_FFC5EC48_my\n" //------>
1076	"BL sub_FFC5ED54\n"
1077	"BL sub_FFC1A5BC\n"
1078	"LDR R0, =0x4004\n"
1079	"BL sub_FFC19B9C\n"
1080	"LDR R0, [R4,#0x68]\n"
1081	"CMP R0, #0\n"
1082	"BNE loc_FFC5D5BC\n"
1083	"BL sub_FFC19D80\n"
1084	"B loc_FFC5D5C0\n"
1085	"loc_FFC5D500:\n"
1086	"CMP R0, #6\n"
1087	"STREQ R5, [R4,#0x28]\n"
1088	"BEQ loc_FFC5D5D0\n"
1089	"SUB R12, R0, #0x2000\n"
1090	"SUBS R12, R12, #4\n"
1091	"BNE loc_FFC5D5DC\n"
1092	"loc_FFC5D518:\n"
1093	"SUB R12, R6, #0x1100\n"
1094	"SUBS R12, R12, #0x62\n"
1095	"BNE loc_FFC5D534\n"
1096	"MOV R1, R7\n"
1097	"MOV R0, #0\n"
1098	"BL sub_FFC60288\n"
1099	"STR R5, [R4,#0x60]\n"
1100	"loc_FFC5D534:\n"
1101	"BL sub_FFC5F924\n"
1102	"BL sub_FFC5FBBC\n"
1103	"BL sub_FFC5D038\n"
1104	"B loc_FFC5D5D4\n"
1105	"loc_FFC5D544:\n"
1106	"MOV R0, #7\n"
1107	"BL sub_FFC5CA14\n"
1108	"MOV R0, R7\n"
1109	"BL sub_FFC19B9C\n"
1110	"BL sub_FFC5EC84\n"
1111	"BL sub_FFC5F78C\n"
1112	"LDR R1, =0xFFC5D74C\n"
1113	"MOV R0, #0x20\n"
1114	"STR R6, [R4,#0x18]\n"
1115	"BL sub_FFC542D8\n"
1116	"LDR R1, =0xFFC5D758\n"
1117	"MOV R0, #0x20\n"
1118	"BL sub_FFC542D8\n"
1119	"STR R5, [R4,#0x28]\n"
1120	"BL sub_FFC19D10\n"
1121	"BL sub_FFC19C64\n"
1122	"LDR R0, [R4,#0x1C]\n"
1123	"LDR R1, [R4,#0x20]\n"
1124	"ORRS R0, R0, R1\n"
1125	"BLNE sub_FFC5DF2C\n"
1126	"LDR R0, [R4,#0x68]\n"
1127	"CMP R0, #0\n"
1128	"BNE loc_FFC5D5A8\n"
1129	"BL sub_FFC19D80\n"
1130	"B loc_FFC5D5B0\n"
1131	"loc_FFC5D5A8:\n"
1132	"BL sub_FFC14A7C\n"
1133	"BL sub_FFC1A5F4\n"
1134	"loc_FFC5D5B0:\n"
1135	"BL sub_FFC5EC48_my\n" //------>
1136	"BL sub_FFC5ECC0\n"
1137	"B loc_FFC5D5D4\n"
1138	"loc_FFC5D5BC:\n"
1139	"BL sub_FFC14A7C\n"
1140	"loc_FFC5D5C0:\n"
1141	"BL sub_FFC5ECF0\n"
1142	"LDR R0, [R4,#0x30]\n"
1143	"CMP R0, #0\n"
1144	"BEQ loc_FFC5D5D4\n"
1145	"loc_FFC5D5D0:\n"
1146	"BL sub_FFC5DF74\n"
1147	"loc_FFC5D5D4:\n"
1148	"MOV R0, #0\n"
1149	"LDMFD SP!, {R4-R8,PC}\n"
1150	"loc_FFC5D5DC:\n"
1151	"MOV R0, #1\n"
1152	"LDMFD SP!, {R4-R8,PC}\n"
1153	);
1154	}; //#fe
1155
1156	void __attribute__((naked,noinline)) sub_FFC5EC48_my() { //#fs CreateTask_InitFileModules
1157	asm volatile (
1158	"LDR R0, =0x5828\n"
1159	"STMFD SP!, {R3,LR}\n"
1160	"LDR R1, [R0,#4]\n"
1161	"CMP R1, #0\n"
1162	"BNE locret_FFC5EC80\n"
1163	"MOV R1, #1\n"
1164	"STR R1, [R0,#4]\n"
1165	"MOV R3, #0\n"
1166	"STR R3, [SP,#8-0x8]\n"
1167	"LDR R3, =task_InitFileModules_my\n" // continue for SDHC-boot (orig: FFC5EBF8)
1168	"MOV R1, #0x19\n"
1169	"LDR R0, =0xFFC5EDAC\n"
1170	"MOV R2, #0x1000\n"
1171	"BL sub_FFC0B8E0\n"
1172	"locret_FFC5EC80:\n"
1173	"LDMFD SP!, {R12,PC}\n"
1174	);
1175	}; //#fe
1176
1177	void __attribute__((naked,noinline)) task_InitFileModules_my() { //#fs
1178	asm volatile (
1179	"STMFD SP!, {R4-R6,LR}\n"
1180	"BL sub_FFC57794\n"
1181	"LDR R5, =0x5006\n"
1182	"MOVS R4, R0\n"
1183	"MOVNE R1, #0\n"
1184	"MOVNE R0, R5\n"
1185	"BLNE sub_FFC5AC24\n"
1186	"BL sub_FFC577C0_my\n" // continue to SDHC-hook here!
1187	"BL core_spytask_can_start\n" // CHDK: Set "it's-save-to-start"-Flag for spytask
1188	"CMP R4, #0\n"
1189	"MOVEQ R0, R5\n"
1190	"LDMEQFD SP!, {R4-R6,LR}\n"
1191	"MOVEQ R1, #0\n"
1192	"BEQ sub_FFC5AC24\n"
1193	"LDMFD SP!, {R4-R6,PC}\n"
1194	);
1195	}; //#fe
1196
1197	void __attribute__((naked,noinline)) sub_FFC577C0_my() { //#fs
1198	asm volatile (
1199	"STMFD SP!, {R4,LR}\n"
1200	"BL sub_FFC3C544_my\n" // continue to SDHC-hook here!
1201	"LDR R4, =0x55A8\n"
1202	"LDR R0, [R4,#4]\n"
1203	"CMP R0, #0\n"
1204	"BNE loc_FFC577F0\n"
1205	"BL sub_FFC65B88\n"
1206	"BL sub_FFCDC234\n"
1207	"BL sub_FFC65B88\n"
1208	"BL sub_FFC39F34\n"
1209	"BL sub_FFC65B98\n"
1210	"BL sub_FFCDC300\n"
1211	"loc_FFC577F0:\n"
1212	"MOV R0, #1\n"
1213	"STR R0, [R4]\n"
1214	"LDMFD SP!, {R4,PC}\n"
1215	);
1216	}; //#fe
1217
1218	void __attribute__((naked,noinline)) sub_FFC3C544_my() { //#fs
1219	asm volatile (
1220	"STMFD SP!, {R4-R6,LR}\n"
1221	"MOV R6, #0\n"
1222	"MOV R0, R6\n"
1223	"BL sub_FFC3C004\n"
1224	"LDR R4, =0x11168\n"
1225	"MOV R5, #0\n"
1226	"LDR R0, [R4,#0x38]\n"
1227	"BL sub_FFC3CA38\n"
1228	"CMP R0, #0\n"
1229	"LDREQ R0, =0x2858\n"
1230	"STREQ R5, [R0,#0x10]\n"
1231	"STREQ R5, [R0,#0x14]\n"
1232	"STREQ R5, [R0,#0x18]\n"
1233	"MOV R0, R6\n"
1234	"BL sub_FFC3C044\n"
1235	"MOV R0, R6\n"
1236	"BL sub_FFC3C380_my\n" // continue to SDHC-hook here!
1237	"MOV R5, R0\n"
1238	"MOV R0, R6\n"
1239	"BL sub_FFC3C3EC\n"
1240	"LDR R1, [R4,#0x3C]\n"
1241	"AND R2, R5, R0\n"
1242	"CMP R1, #0\n"
1243	"MOV R0, #0\n"
1244	"MOVEQ R0, #0x80000001\n"
1245	"BEQ loc_FFC3C5D8\n"
1246	"LDR R3, [R4,#0x2C]\n"
1247	"CMP R3, #2\n"
1248	"MOVEQ R0, #4\n"
1249	"CMP R1, #5\n"
1250	"ORRNE R0, R0, #1\n"
1251	"BICEQ R0, R0, #1\n"
1252	"CMP R2, #0\n"
1253	"BICEQ R0, R0, #2\n"
1254	"ORREQ R0, R0, #0x80000000\n"
1255	"BICNE R0, R0, #0x80000000\n"
1256	"ORRNE R0, R0, #2\n"
1257	"loc_FFC3C5D8:\n"
1258	"STR R0, [R4,#0x40]\n"
1259	"LDMFD SP!, {R4-R6,PC}\n"
1260	);
1261	}; //#fe
1262
1263
1264	void __attribute__((naked,noinline)) sub_FFC3C380_my() { //#fs
1265	asm volatile (
1266	"STMFD SP!, {R4-R6,LR}\n"
1267	"LDR R5, =0x2858\n"
1268	"MOV R6, R0\n"
1269	"LDR R0, [R5,#0x14]\n"
1270	"CMP R0, #0\n"
1271	"MOVNE R0, #1\n"
1272	"LDMNEFD SP!, {R4-R6,PC}\n"
1273	"MOV R0, #0x17\n"
1274	"MUL R1, R0, R6\n"
1275	"LDR R0, =0x11168\n"
1276	"ADD R4, R0, R1,LSL#2\n"
1277	"LDR R0, [R4,#0x38]\n"
1278	"MOV R1, R6\n"
1279	"BL sub_FFC3C110_my\n" // continue to SDHC-hook here!
1280	"CMP R0, #0\n"
1281	"LDMEQFD SP!, {R4-R6,PC}\n"
1282	"LDR R0, [R4,#0x38]\n"
1283	"MOV R1, R6\n"
1284	"BL sub_FFC3C278\n"
1285	"CMP R0, #0\n"
1286	"LDMEQFD SP!, {R4-R6,PC}\n"
1287	"MOV R0, R6\n"
1288	"BL sub_FFC3BC0C\n"
1289	"CMP R0, #0\n"
1290	"MOVNE R1, #1\n"
1291	"STRNE R1, [R5,#0x14]\n"
1292	"LDMFD SP!, {R4-R6,PC}\n"
1293	);
1294	}; //#fe
1295
1296	void __attribute__((naked,noinline)) sub_FFC3C110_my() { //#fs ; Partition table parse takes place here. => SDHC-boot
1297	asm volatile (
1298	"STMFD SP!, {R4-R8,LR}\n"
1299	"MOV R8, R0\n"
1300	"MOV R0, #0x17\n"
1301	"MUL R1, R0, R1\n"
1302	"LDR R0, =0x11168\n"
1303	"MOV R6, #0\n"
1304	"ADD R7, R0, R1,LSL#2\n"
1305	"LDR R0, [R7,#0x3C]\n"
1306	"MOV R5, #0\n"
1307	"CMP R0, #6\n"
1308	"ADDLS PC, PC, R0,LSL#2\n"
1309	"B loc_FFC3C25C\n"
1310	"loc_FFC3C140:\n"
1311	"B loc_FFC3C174\n"
1312	"loc_FFC3C144:\n"
1313	"B loc_FFC3C15C\n"
1314	"loc_FFC3C148:\n"
1315	"B loc_FFC3C15C\n"
1316	"loc_FFC3C14C:\n"
1317	"B loc_FFC3C15C\n"
1318	"loc_FFC3C150:\n"
1319	"B loc_FFC3C15C\n"
1320	"loc_FFC3C154:\n"
1321	"B loc_FFC3C254\n"
1322	"loc_FFC3C158:\n"
1323	"B loc_FFC3C15C\n"
1324	"loc_FFC3C15C:\n"
1325	"MOV R2, #0\n"
1326	"MOV R1, #0x200\n"
1327	"MOV R0, #3\n"
1328	"BL sub_FFC51940\n"
1329	"MOVS R4, R0\n"
1330	"BNE loc_FFC3C17C\n"
1331	"loc_FFC3C174:\n"
1332	"MOV R0, #0\n"
1333	"LDMFD SP!, {R4-R8,PC}\n"
1334	"loc_FFC3C17C:\n"
1335	"LDR R12, [R7,#0x4C]\n"
1336	"MOV R3, R4\n"
1337	"MOV R2, #1\n"
1338	"MOV R1, #0\n"
1339	"MOV R0, R8\n"
1340	//"BLX R12\n" // !! Workaround !!
1341	"MOV LR, PC\n" // gcc won't compile "BLX R12" nor "BL R12".
1342	"MOV PC, R12\n" // workaround: make your own "BL" and hope we don't need the change to thumb-mode
1343
1344	"CMP R0, #1\n"
1345	"BNE loc_FFC3C1A8\n"
1346	"MOV R0, #3\n"
1347	"BL sub_FFC51A80\n"
1348	"B loc_FFC3C174\n"
1349	"loc_FFC3C1A8:\n"
1350	"MOV R0, R8\n"
1351	"BL sub_FFCF8D9C\n" // Add FAT32 autodetect-code after this line\n"
1352
1353	// Start of DataGhost's FAT32 autodetection code
1354	// Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
1355	// According to the code below, we can use R1, R2, R3 and R12.
1356	// LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
1357	// that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
1358	"MOV R12, R4\n" // Copy the MBR start address so we have something to work with
1359	"MOV LR, R4\n" // Save old offset for MBR signature
1360	"MOV R1, #1\n" // Note the current partition number
1361	"B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
1362	"dg_sd_fat32:\n"
1363	"CMP R1, #4\n" // Did we already see the 4th partition?
1364	"BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
1365	"ADD R12, R12, #0x10\n" // Second partition
1366	"ADD R1, R1, #1\n" // Second partition for the loop
1367	"dg_sd_fat32_enter:\n"
1368	"LDRB R2, [R12, #0x1BE]\n" // Partition status
1369	"LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
1370	"CMP R3, #0xB\n" // Is this a FAT32 partition?
1371	"CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
1372	"BNE dg_sd_fat32\n" // No, it isn't.
1373	"CMP R2, #0x00\n" // It is, check the validity of the partition type
1374	"CMPNE R2, #0x80\n"
1375	"BNE dg_sd_fat32\n" // Invalid, go to next partition
1376	// This partition is valid, it's the first one, bingo!
1377	"MOV R4, R12\n" // Move the new MBR offset for the partition detection.
1378
1379	"dg_sd_fat32_end:\n"
1380	// End of DataGhost's FAT32 autodetection code
1381	// Continue with firmware
1382	"LDRB R1, [R4,#0x1C9]\n"
1383	"LDRB R3, [R4,#0x1C8]\n"
1384	"LDRB R12, [R4,#0x1CC]\n"
1385	"MOV R1, R1,LSL#24\n"
1386	"ORR R1, R1, R3,LSL#16\n"
1387	"LDRB R3, [R4,#0x1C7]\n"
1388	"LDRB R2, [R4,#0x1BE]\n"
1389	"LDRB LR, [R4,#0x1FF]\n" // replaced, see below
1390	"ORR R1, R1, R3,LSL#8\n"
1391	"LDRB R3, [R4,#0x1C6]\n"
1392	"CMP R2, #0\n"
1393	"CMPNE R2, #0x80\n"
1394	"ORR R1, R1, R3\n"
1395	"LDRB R3, [R4,#0x1CD]\n"
1396	"MOV R3, R3,LSL#24\n"
1397	"ORR R3, R3, R12,LSL#16\n"
1398	"LDRB R12, [R4,#0x1CB]\n"
1399	"ORR R3, R3, R12,LSL#8\n"
1400	"LDRB R12, [R4,#0x1CA]\n"
1401	"ORR R3, R3, R12\n"
1402	"LDRB R12, [R4,#0x1FE]\n" // replaced, see below
1403	//"LDRB R12, [LR,#0x1FE]\n" // New! First MBR signature byte (0x55)
1404	//"LDRB LR, [LR,#0x1FF]\n" // Last MBR signature byte (0xAA)
1405	"MOV R4, #0\n"
1406	"BNE loc_FFC3C230\n"
1407	"CMP R0, R1\n"
1408	"BCC loc_FFC3C230\n"
1409	"ADD R2, R1, R3\n"
1410	"CMP R2, R0\n"
1411	"CMPLS R12, #0x55\n"
1412	"CMPEQ LR, #0xAA\n"
1413	"MOVEQ R6, R1\n"
1414	"MOVEQ R5, R3\n"
1415	"MOVEQ R4, #1\n"
1416	"loc_FFC3C230:\n"
1417	"MOV R0, #3\n"
1418	"BL sub_FFC51A80\n"
1419	"CMP R4, #0\n"
1420	"BNE loc_FFC3C268\n"
1421	"MOV R6, #0\n"
1422	"MOV R0, R8\n"
1423	"BL sub_FFCF8D9C\n"
1424	"MOV R5, R0\n"
1425	"B loc_FFC3C268\n"
1426	"loc_FFC3C254:\n"
1427	"MOV R5, #0x40\n"
1428	"B loc_FFC3C268\n"
1429	"loc_FFC3C25C:\n"
1430	"MOV R1, #0x374\n"
1431	"LDR R0, =0xFFC3C104\n"
1432	"BL sub_FFC0BDB8\n"
1433	"loc_FFC3C268:\n"
1434	"STR R6, [R7,#0x44]!\n"
1435	"MOV R0, #1\n"
1436	"STR R5, [R7,#4]\n"
1437	"LDMFD SP!, {R4-R8,PC}\n"
1438	);
1439	}; //#fe
1440
1441

Note: See TracBrowser for help on using the repository browser.

Download in other formats: