Assembla home | Assembla project page

My Start Page

Context Navigation

source: trunk/platform/g9/sub/100d/boot.c @ 647

Revision 647, 64.0 KB checked in by EWAVR, 4 years ago (diff)

G9:

fixed bugs in CHDK RAW shooting (http://chdk.kernreaktor.org/mantis/view.php?id=112)
camera can power-on in record mode (http://chdk.kernreaktor.org/mantis/view.php?id=145)

Property svn:eol-style set to native

Rev	Line
[586]	1	#include "lolevel.h"
	2	#include "platform.h"
	3	#include "core.h"
	4	#include "stdlib.h"
	5
	6	//extern void draw_txt_string(int col, int row, const char *str, color cl);
	7
[634]	8	const char * const new_sa = &_end;
[586]	9
	10	/* Ours stuff */
	11	extern long wrs_kernel_bss_start;
	12	extern long wrs_kernel_bss_end;
	13
	14	// Forward declarations
	15	void CreateTask_PhySw();
	16	void CreateTask_spytask();
	17
[647]	18	/*
[586]	19	void CreateTask_blinker();
	20	void task_blinker();
	21	void dump_chdk();
	22
	23
	24	void boot();
	25
	26
	27	#define DPs (void*)0xC022006C // direct-print (blue)
	28	#define LED_AF (void*)0xC0220094 //LED_AF
	29	#define LED_ISO (void*)0xC02200B0 //LED_ISO
	30	#define LED_PWR (void*)0xC0220068 //LED_PWR
	31	#define LED_BLUE (void*)0xC022006C //LED_BLUE
	32	#define DELAYs 3000000
	33
	34	void debug_my_blink_green()
	35	{
	36	volatile long p = (void)LED_AF; // turned off later, so assumed to be power
	37	int counter;
	38
	39	// DEBUG: blink led
	40	counter = DELAYs; *p = 0x46;
	41	while (counter--) { asm("nop\n nop\n"); };
	42	counter = DELAYs; *p = 0x44;
	43	while (counter--) { asm("nop\n nop\n"); };
	44	}
	45
	46	void debug_my_pause()
	47	{
	48	int counter;
	49
	50	// DEBUG: blink led
	51	counter = DELAYs;
	52	while (counter--) { asm("nop\n nop\n"); };
	53	counter = DELAYs;
	54	while (counter--) { asm("nop\n nop\n"); };
	55	}
	56
	57	void debug_my_blink_blue()
	58	{
	59	volatile long p = (void)LED_BLUE; // turned off later, so assumed to be power
	60	int counter;
	61
	62	// DEBUG: blink led
	63	counter = DELAYs; *p = 0x46;
	64	while (counter--) { asm("nop\n nop\n"); };
	65	counter = DELAYs; *p = 0x44;
	66	while (counter--) { asm("nop\n nop\n"); };
	67	}
	68
	69
	70
	71
	72	#define DP (void*)0xC0220068 // led_pwr DEBUG
	73
	74	#define DEBUG_LED 0xC022006C //ok //used iso blue, was 0xc02200C4 +++
	75
	76
	77	#define DELAY 5000000 // DEBUG
	78
[647]	79	*/
	80
[586]	81	void boot() { //#fs
	82
	83
	84	long canon_data_src = (void)0xFFB2E384; // OK //canon_data_src!!! @FF810130
	85	long canon_data_dst = (void)0x1900; // OK //MEMBASEADDR @FF810134
	86	long canon_data_len = 0x140E4- 0x1900; // data_end - data_start
	87	long canon_bss_start = (void)0x140e4; // just after data // OK //@FF810138
	88	long canon_bss_len = 0xb0b68 - 0x140e4; // MEMISOSTART -
	89
	90	long i;
	91
	92
	93	// Code taken from VxWorks CHDK. Changes CPU speed?
	94	asm volatile (
	95	"MRC p15, 0, R0,c1,c0\n"
	96	"ORR R0, R0, #0x1000\n"
	97	"ORR R0, R0, #4\n"
	98	"ORR R0, R0, #1\n"
	99	"MCR p15, 0, R0,c1,c0\n"
	100	:::"r0");
	101
	102	for(i=0;i<canon_data_len/4;i++)
	103	canon_data_dst[i]=canon_data_src[i];
	104
	105	for(i=0;i<canon_bss_len/4;i++)
	106	canon_bss_start[i]=0;
	107
[647]	108	(int)(0x261C+8)= ((int)0xC02200C0)&1 ? 1 : 2; // replacement of sub_FF822E10
	109
[586]	110	/*
	111	asm volatile (
	112	"MRC p15, 0, R0,c1,c0\n"
	113	"ORR R0, R0, #0x1000\n"
	114	"BIC R0, R0, #4\n"
	115	"ORR R0, R0, #1\n"
	116	"MCR p15, 0, R0,c1,c0\n"
	117	:::"r0");
	118	*/
	119
	120	// jump to init-sequence that follows the data-copy-routine
	121
	122
	123	asm volatile ("B sub_FF8101a4_my\n");
	124	//asm volatile ("B sub_FF8101a4\n");
	125
	126	}; //#fe
	127
	128
	129	// init //OK
	130	void __attribute__((naked,noinline)) sub_FF8101a4_my() { //#fs OK
	131
	132
	133	asm volatile (
	134	"LDR R0, =0xFF81021C\n"
	135	"MOV R1, #0\n"
	136	"LDR R3, =0xFF810254\n"
	137	"loc_FF8101B0:\n"
	138	"CMP R0, R3\n"
	139	"LDRCC R2, [R0],#4\n"
	140	"STRCC R2, [R1],#4\n"
	141	"BCC loc_FF8101B0\n"
	142	"LDR R0, =0xFF810254\n"
	143	"MOV R1, #0x4B0\n"
	144	"LDR R3, =0xFF810468\n"
	145	"loc_FF8101CC:\n"
	146	"CMP R0, R3\n"
	147	"LDRCC R2, [R0],#4\n"
	148	"STRCC R2, [R1],#4\n"
	149	"BCC loc_FF8101CC\n"
	150	"MOV R0, #0xD2\n"
	151	"MSR CPSR_cxsf, R0\n"
	152	"MOV SP, #0x1000\n"
	153	"MOV R0, #0xD3\n"
	154	"MSR CPSR_cxsf, R0\n"
	155	"MOV SP, #0x1000\n"
	156	"LDR R0, =0x6C4\n"
	157	"LDR R2, =0xEEEEEEEE\n"
	158	"MOV R3, #0x1000\n"
	159	"loc_FF810200:\n"
	160	"CMP R0, R3\n"
	161	"STRCC R2, [R0],#4\n"
	162	"BCC loc_FF810200\n"
	163	"BL sub_FF810FB8_my\n"
	164	);
	165
	166	}; //#fe
	167
	168
	169	//OK
	170	void __attribute__((naked,noinline)) sub_FF810FB8_my() { //#fs OK h_usrKernelInit
	171
	172
	173	asm volatile (
	174	"STR LR, [SP,#-4]!\n"
	175	"SUB SP, SP, #0x74\n"
	176	"MOV R0, SP\n"
	177	"MOV R1, #0x74\n"
	178	"BL sub_FFABD388\n"
	179	"MOV R0, #0x53000\n"
	180	"STR R0, [SP,#0x74-0x70]\n"
	181
	182	);
	183	//"LDR R0, =0xB0B68"
	184	asm volatile (
	185	"LDR R0, =new_sa\n"
	186	"LDR R0, [R0]\n"
	187	);
	188	asm volatile (
	189	"LDR R2, =0x2ABC00\n"
	190	"LDR R1, =0x2A4968\n"
	191	"STR R0, [SP,#0x74-0x6C]\n"
	192	"SUB R0, R1, R0\n"
	193	"ADD R3, SP, #0x74-0x68\n"
	194	"STR R2, [SP,#0x74-0x74]\n"
	195	"STMIA R3, {R0-R2}\n"
	196	"MOV R0, #0x22\n"
	197	"STR R0, [SP,#0x74-0x5C]\n"
	198	"MOV R0, #0x68\n"
	199	"STR R0, [SP,#0x74-0x58]\n"
	200	"LDR R0, =0x19B\n"
	201	"MOV R1, #0x64\n"
	202	//"STRD R0, [SP,#0x74-0x54]\n" // "strd not supported by cpu" claims gcc
	203	"STR R0, [SP,#0x74-0x54]\n" // split in two single-word STRs
	204	"STR R1, [SP,#0x74-0x50]\n"
	205	"MOV R0, #0x78\n"
	206	//"STRD R0, [SP,#0x74-0x4C]\n" // "strd not supported by cpu" claims gcc
	207	"STR R0, [SP,#0x74-0x4C]\n" // split in two single-word STRs
	208	"STR R1, [SP,#0x74-0x48]\n"
	209	"MOV R0, #0\n"
	210	"STR R0, [SP,#0x74-0x44]\n"
	211	"STR R0, [SP,#0x74-0x40]\n"
	212	"MOV R0, #0x10\n"
	213	"STR R0, [SP,#0x74-0x18]\n"
	214	"MOV R0, #0x800\n"
	215	"STR R0, [SP,#0x74-0x14]\n"
	216	"MOV R0, #0xA0\n"
	217	"STR R0, [SP,#0x74-0x10]\n"
	218	"MOV R0, #0x280\n"
	219	"STR R0, [SP,#0x74-0xC]\n"
	220	//"LDR R1, =0xFF814DBC\n"
	221	"LDR R1, =uHwSetup_my\n" //<---------------------------------------chdk
	222	"MOV R0, SP\n"
	223	"MOV R2, #0\n"
	224	"BL sub_FF812D70\n"
	225	"ADD SP, SP, #0x74\n"
	226	"LDR PC, [SP],#4\n"
	227	);
	228
	229	}; //#fe
	230
	231
	232	//OK
	233	void __attribute__((naked,noinline)) uHwSetup_my() { //#fs FF814DBC
	234
	235	asm volatile (
	236	//debug ok
	237
	238	"STMFD SP!, {R4,LR}\n"
	239	"BL sub_FF81095C\n"
	240	"BL sub_FF819948\n"
	241	"CMP R0, #0\n"
	242	"LDRLT R0, =0xFF814ED0\n"
	243	"BLLT sub_FF814EB0\n"
	244	"BL sub_FF8149E0\n" // _termDriverInit
	245	"CMP R0, #0\n"
	246	"LDRLT R0, =0xFF814ED8\n" // aTermdriverinit
	247	"BLLT sub_FF814EB0\n"
	248	"LDR R0, =0xFF814EE8\n" // a_term
	249
	250	"BL sub_FF814ACC\n" // _termDeviceCreate
	251	"CMP R0, #0\n"
	252	"LDRLT R0, =0xFF814EF0\n" // aTermdevicecrea
	253	"BLLT sub_FF814EB0\n"
	254	"LDR R0, =0xFF814EE8\n" // a_term
	255	"BL sub_FF81357C\n" // _stdioSetup
	256	"CMP R0, #0\n"
	257	"LDRLT R0, =0xFF814F04\n" // aStdiosetup
	258	"BLLT sub_FF814EB0\n"
	259	"BL sub_FF8194D0\n" // _stdlibSetup
	260	"CMP R0, #0\n"
	261	"LDRLT R0, =0xFF814F10\n" // aStdlibsetup
	262	"BLLT sub_FF814EB0\n"
	263	"BL sub_FF8114D0\n" // _armlib_setup
	264	"CMP R0, #0\n"
	265	"LDRLT R0, =0xFF814F1C\n" // aArmlib_setup
	266	"BLLT sub_FF814EB0\n" // _err_init_task
	267	"LDMFD SP!, {R4,LR}\n"
	268	"B CreateTask_Startup_my\n" //<---------------------------------------chdk
	269
	270	);
	271	}; //#fe
	272
	273
	274	//OK
	275	void __attribute__((naked,noinline)) CreateTask_Startup_my() { //#fs FF81DC0C
	276
	277	asm volatile (
	278	"STMFD SP!, {R3,LR}\n"
	279	//"BL nullsub_3\n"
	280	"BL sub_FF82C8FC\n"
	281	"CMP R0, #0\n"
	282	"BNE loc_FF81DC4C\n"
	283	"BL sub_FF824568\n"
	284	"CMP R0, #0\n"
	285	"LDREQ R2, =0xC0220000\n"
	286	"LDREQ R0, [R2,#0xC0]\n"
	287	"LDREQ R1, [R2,#0xC4]\n"
	288	"ORREQ R0, R0, R1\n"
	289	"TSTEQ R0, #1\n"
	290	"BNE loc_FF81DC4C\n"
	291	"MOV R0, #0x44\n"
	292	"STR R0, [R2,#0x4C]\n"
	293	"loc_FF81DC48:\n"
	294	"B loc_FF81DC48\n"
	295	"loc_FF81DC4C:\n"
[647]	296	// "BL sub_FF822E10\n" // removed, see boot() function
[586]	297	//"BL nullsub_4\n"
	298	"BL sub_FF82A488\n"
	299	"MOV R1, #0x300000\n"
	300	"MOV R0, #0\n"
	301	"BL sub_FF82A6D0\n"
	302	"BL sub_FF82A67C\n"
	303	"MOV R3, #0\n"
	304	"STR R3, [SP,#8-0x08]\n"
	305	"LDR R3, =task_Startup_my\n" // originally FF81DBB0 <---------------------------------------chdk
	306	"MOV R2, #0\n"
	307	"MOV R1, #0x19\n"
	308	"LDR R0, =0xFF81DC90\n" //"Startup"
	309	"BL sub_FF81BAF0\n"
	310	"MOV R0, #0\n"
	311	"LDMFD SP!, {R12,PC}\n"
	312	);
	313
	314	//OK
	315	}; //#fe
	316
	317
	318
	319
	320
	321	//OK
	322	void __attribute__((naked,noinline)) task_Startup_my() { //#fs originally FF81DBB0
	323
	324	asm volatile (
	325	"STMFD SP!, {R4,LR}\n"
	326	"BL sub_FF81517C\n"
	327	"BL sub_FF823FA0\n"
	328	"BL sub_FF820E60\n"
	329	//"BL j_nullsub_177\n"
	330	"BL sub_FF82CADC\n"
	331	//"BL sub_FF82C9C4\n" // skip diskboot
	332	);
	333	CreateTask_spytask(); // <------------
	334	asm volatile (
	335	"BL sub_FF82CCA4\n"
	336	"BL sub_FF82CB2C\n"
	337	"BL sub_FF8299CC\n"
	338	"BL sub_FF82CCA8\n"
	339	);
	340	CreateTask_PhySw(); //<---------------
	341	asm volatile (
	342	//"BL sub_FF822DA8\n" // (taskcreate_PhySw)
	343	//"BL sub_FF82629C\n"
	344	"BL sub_FF82629C_my\n" // divert to intercept task_ShootSeqTask------------------------------>
	345	"BL sub_FF82CCC0\n"
	346	//"BL nullsub_2\n"
	347	"BL sub_FF822130\n"
	348	"BL sub_FF82C6A8\n" // taskcreate_Bye\n"
	349	"BL sub_FF8228D4\n"
	350	"BL sub_FF82203C\n" // taskcreate_TempCheck\n"
	351	//"BL sub_FF82D720\n"
	352	"BL sub_FF82D720_my\n" // divert for SDHC-bootdisk-support<---------------------------------
	353	"BL sub_FF821FF8\n"
	354	"LDMFD SP!, {R4,LR}\n"
	355	"B sub_FF815088\n"
	356	);
	357
	358	}; //#fe
	359
	360
	361	void CreateTask_spytask() { //#fs
	362	_CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
	363
	364	}; //#fe
	365
	366	void CreateTask_PhySw() { //#fs
	367	_CreateTask("PhySw", 0x18, 0x800, mykbd_task, 0);
	368	asm volatile (
	369	"BL sub_FF84962C\n" //taskcreate_JogDial
	370	);
	371	}; //#fe
	372
	373
	374	//OK
	375	void __attribute__((naked,noinline)) sub_FF82629C_my() { //#fs
	376
	377	asm volatile (
	378	"STMFD SP!, {R4,LR}\n"
	379	"LDR R4, =0x1D38\n"
	380	"MOV R0, #0\n"
	381	"MOV R1, #4\n"
	382	"STR R0, [R4,#0xC]\n"
	383	"BL sub_FF81BE20\n"
	384	"STR R0, [R4,#4]\n"
	385	"MOV R0, #0\n"
	386	"MOV R1, #1\n"
	387	"BL sub_FF81BE44\n"
	388	"STR R0, [R4,#8]\n"
	389	"BL sub_FF864A14\n"
	390	"BL sub_FF86383C\n"
	391	"BL sub_FF8601A0_my\n" // divert this for ShootSeqTask <------------------
	392	"BL sub_FF864CFC\n"
	393	"LDR R0, [R4,#4]\n"
	394	"LDMFD SP!, {R4,LR}\n"
	395	"MOV R1, #0x1000\n"
	396	"B sub_FF829D2C\n"
	397	);
	398	}; //#fe
	399	//OK
	400	void __attribute__((naked,noinline)) sub_FF8601A0_my() { //#fs
	401
	402	asm volatile (
	403	"STMFD SP!, {R4,LR}\n"
	404	"LDR R4, =0x57EC\n"
	405	"LDR R0, [R4,#8]\n"
	406	"CMP R0, #0\n"
	407	"BNE loc_FF86020C\n"
	408	//"BL nullsub_30\n"
	409	"MOV R1, #1\n"
	410	"MOV R0, #0\n"
	411	"BL sub_FF81BE44\n"
	412	"STR R0, [R4,#0x20]\n"
	413	"MOV R0, #0\n"
	414	"MOV R1, #0\n"
	415	"BL sub_FF81BE20\n"
	416	"STR R0,[R4,#0x24]\n"
	417	"BL sub_FF860584\n"
	418	"BL sub_FF860370\n"
	419	"MOV R0, #0\n"
	420	"STR R0, [R4,#0x1C]\n"
	421	"ADD R0, R4, #0x28\n"
	422	"MOV R1, #0\n"
	423	"STR R1, [R0],#4\n"
	424	"STR R1, [R0]\n"
	425	"BL sub_FF86089C\n"
	426	"BL sub_FF864EA8\n"
	427	"BL sub_FF8631AC\n"
	428	"BL sub_FF8614E8_my\n" // continue here for task_CaptSeqTask <----------------------------
	429
	430	"BL sub_FF862CA8\n"
	431	"loc_FF86020C:\n"
	432	"MOV R0, #1\n"
	433	"STR R0, [R4,#8]\n"
	434	"LDMFD SP!, {R4,PC}\n"
	435	);
	436	}; //#fe
	437
	438	//OK ****
	439	void __attribute__((naked,noinline)) sub_FF8614E8_my() { //#fs
	440	asm volatile (
	441	"STMFD SP!, {R3-R5,LR}\n"
	442	"LDR R2, =0x1E3C0\n"
	443	"MOV R0, #0\n"
	444	"MOV R1, #0\n"
	445	"loc_FF8614F8:\n"
	446	"ADD R3, R2, R0,LSL#4\n"
	447	"ADD R0, R0, #1\n"
	448	"CMP R0, #5\n"
	449	"STR R1, [R3,#8]\n"
	450	"BCC loc_FF8614F8\n"
	451	"LDR R0, =0x1E410\n"
	452	"STR R1, [R0,#8]\n"
	453	"ADD R0, R0, #0x10\n"
	454	"STR R1, [R0,#8]\n"
	455	"BL sub_FF942928\n"
	456	"BL sub_FF944F7C\n"
	457	"MOV R1, #5\n"
	458	"MOV R0, #0\n"
	459	"BL sub_FF81BDFC\n"
	460	"LDR R4, =0x583C\n"
	461	"LDR R1, =0x1001FF\n"
	462	"STR R0, [R4,#0x14]\n"
	463	"MOV R0, #0\n"
	464	"BL sub_FF81BE20\n"
	465	"STR R0, [R4,#0x10]\n"
	466	"MOV R3, #0\n"
	467	// "STR R3, [SP,#0x10+var_10]\n"
	468	"STR R3, [SP]\n"
	469	// "LDR R3, =0xFF861210\n"
	470	"LDR R3, =task_CaptSeqTask_my\n" // task_CaptSeqTask <-------------------------
	471	"LDR R0, =0xFF861710\n" // aCaptseqtask ; "CaptSeqTask"
	472	"MOV R2, #0x1000\n"
	473	"MOV R1, #0x17\n"
	474	"BL sub_FF81BDC8\n"
	475	"LDMFD SP!, {R3-R5,PC}\n"
	476	".ltorg\n"
	477	);
	478	}; //#fe
	479
	480
	481
	482	// -----------------
	483	// SDHC-Boot-Support
	484	// -----------------
	485	// Required subs:
	486	// Startup -> FFC1C6C4 -> FFC1C294 -> FFC5E6C0 -> uAC_Boot -> CreateTask_InitFileModules -> task_InitFileModules -> FFC5A4E8 -> FFC3F0CC -> FFC3EF08 -> FFC3EDA0
	487	// \->FFC5F474 -> FFC5F410 ->/\|
	488	// -> StartFactoryModeController =>\|\|
	489	//
	490	// uAC_Boot: FFC5E06C
	491	// CreateTask_InitFileModules: FFC5F7A4
	492	// task_InitFileModules: FFC5F754
	493
	494	//OK
	495	void __attribute__((naked,noinline)) sub_FF82D720_my() { //#fs
	496	asm volatile (
	497	"STMFD SP!, {R4,LR}\n"
	498	"BL sub_FF873F90\n"
	499	"BL sub_FF824504\n" // IsFactoryMode"
	500	"CMP R0, #1\n"
	501	"BNE loc_FF82D740\n"
	502	"BL sub_FF8773E0\n"
	503	"LDMFD SP!, {R4,LR}\n"
	504	"B sub_FF82457C\n" // StartFactoryModeController"
	505	"loc_FF82D740:\n"
	506	"BL sub_FF876264\n"
	507	"LDR R4, =0x1E50\n"
	508	"LDR R0, [R4,#4]\n"
	509	"CMP R0, #0\n"
	510	"LDMNEFD SP!, {R4,PC}\n"
	511	"MOV R1, #0\n"
	512	//"LDR R0, =0xFF82D250\n"
	513	"LDR R0, =sub_FF82D250_my\n" // continue here for SDHC-boot-support <------------------
	514	"BL sub_FF8709DC\n"
	515	"STR R0, [R4,#4]\n"
	516	"LDMFD SP!, {R4,PC}\n"
	517	);
	518	}; //#fe
	519
	520	//OK
	521	void __attribute__((naked,noinline)) sub_FF82D250_my() { //#fs
	522	asm volatile (
	523
	524	"STMFD SP!, {R3-R11,LR}\n"
	525	"LDR R6, =0x1E50\n"
	526	"MOV R5, R1\n"
	527	"LDR R0, [R6,#0x14]\n"
	528	"MOV R4, R3\n"
	529	"CMP R0, #1\n"
	530	"BNE loc_FF82D274\n"
	531	"BL sub_FF87486C\n"
	532	"B loc_FF82D65C\n"
	533	"loc_FF82D274:\n"
	534	"LDR R12, =0x1162\n"
	535	"LDR R10, =0x1005\n"
	536	"CMP R5, R12\n"
	537	"MOV R7, #0\n"
	538	"MOV R8, #1\n"
	539	"BEQ loc_FF82D67C\n"
	540	"BGT loc_FF82D3C8\n"
	541	"LDR R12, =0x1062\n"
	542	"CMP R5, R12\n"
	543	"BEQ loc_FF82D718\n"
	544	"BGT loc_FF82D33C\n"
	545	"CMP R5, R10\n"
	546	"BEQ loc_FF82D6A8\n"
	547	"BGT loc_FF82D314\n"
	548	"LDR R9, =0x9A3\n"
	549	"CMP R5, R9\n"
	550	"BEQ loc_FF82D63C\n"
	551	"BGT loc_FF82D2F0\n"
	552	"SUB R12, R5, #0x800\n"
	553	"SUBS R12, R12, #3\n"
	554	"BEQ loc_FF82D4D8\n"
	555	"SUB R12, R5, #0x800\n"
	556	"SUBS R12, R12, #0x158\n"
	557	"BNE loc_FF82D66C\n"
	558	"TST R4, #0x80000000\n"
	559	"MOVNE R0, #1\n"
	560	"BNE locret_FF82D534\n"
	561	"BL sub_FF87DA3C\n"
	562	"CMP R0, #0\n"
	563	"BLEQ sub_FF829828\n"
	564	"B loc_FF82D65C\n"
	565	"loc_FF82D2F0:\n"
	566	"SUB R12, R5, #0x900\n"
	567	"SUBS R12, R12, #0xA5\n"
	568	"BEQ loc_FF82D63C\n"
	569	"SUB R12, R5, #0x1000\n"
	570	"SUBS R12, R12, #3\n"
	571	"BNE loc_FF82D66C\n"
	572	"BL sub_FF82D1B4\n"
	573	"MOV R1, R4\n"
	574	"B loc_FF82D674\n"
	575	"loc_FF82D314:\n"
	576	"SUB R12, R5, #0x1000\n"
	577	"SUBS R12, R12, #0x56\n"
	578	"SUBNE R12, R5, #0x1000\n"
	579	"SUBNES R12, R12, #0x5B\n"
	580	"SUBNE R12, R5, #0x1000\n"
	581	"SUBNES R12, R12, #0x5E\n"
	582	"SUBNE R12, R5, #0x1000\n"
	583	"SUBNES R12, R12, #0x61\n"
	584	"BNE loc_FF82D66C\n"
	585	"B loc_FF82D718\n"
	586	"loc_FF82D33C:\n"
	587	"LDR R12, =0x10AD\n"
	588	"CMP R5, R12\n"
	589	"BEQ loc_FF82D698\n"
	590	"BGT loc_FF82D38C\n"
	591	"SUB R12, R5, #0x1000\n"
	592	"SUBS R12, R12, #0x63\n"
	593	"SUBNE R12, R5, #0x1000\n"
	594	"SUBNES R12, R12, #0x65\n"
	595	"BEQ loc_FF82D718\n"
	596	"SUB R12, R5, #0x1000\n"
	597	"LDR R0, =0x10A3\n"
	598	"SUBS R12, R12, #0xA9\n"
	599	"BEQ loc_FF82D68C\n"
	600	"SUB R12, R5, #0x1000\n"
	601	"SUBS R12, R12, #0xAA\n"
	602	"BNE loc_FF82D66C\n"
	603	"BL sub_FF872EB8\n"
	604	"CMP R0, #0\n"
	605	"BEQ loc_FF82D6A4\n"
	606	"B loc_FF82D65C\n"
	607	"loc_FF82D38C:\n"
	608	"SUB R12, R5, #0x1000\n"
	609	"SUBS R12, R12, #0xAE\n"
	610	"BEQ loc_FF82D6A4\n"
	611	"SUB R12, R5, #0x1000\n"
	612	"SUBS R12, R12, #0xAF\n"
	613	"BEQ loc_FF82D698\n"
	614	"SUB R12, R5, #0x1000\n"
	615	"SUBS R12, R12, #0xB0\n"
	616	"BEQ loc_FF82D6A4\n"
	617	"SUB R12, R5, #0x1000\n"
	618	"SUBS R12, R12, #0xB2\n"
	619	"BNE loc_FF82D66C\n"
	620	"LDR R0, =0x1008\n"
	621	"MOV R1, R4\n"
	622	"B loc_FF82D674\n"
	623	"loc_FF82D3C8:\n"
	624	"LDR R11, =0x201B\n"
	625	"LDR R0, =0x1E50\n"
	626	"CMP R5, R11\n"
	627	"LDR R2, [R0,#0x10]!\n"
	628	"LDR R1, [R0,#0x10]\n"
	629	"SUB R9, R11, #0x17\n"
	630	"BEQ loc_FF82D610\n"
	631	"BGT loc_FF82D460\n"
	632	"LDR R11, =0x116A\n"
	633	"CMP R5, R11\n"
	634	"BEQ loc_FF82D5FC\n"
	635	"BGT loc_FF82D424\n"
	636	"SUB R0, R5, #0x1100\n"
	637	"SUB R0, R0, #0x63\n"
	638	"CMP R0, #5\n"
	639	"ADDLS PC, PC, R0,LSL#2\n"
	640	"B loc_FF82D66C\n"
	641	"loc_FF82D40C:\n"
	642	"B loc_FF82D634\n"
	643	"loc_FF82D410:\n"
	644	"B loc_FF82D628\n"
	645	"loc_FF82D414:\n"
	646	"B loc_FF82D620\n"
	647	"loc_FF82D418:\n"
	648	"B loc_FF82D66C\n"
	649	"loc_FF82D41C:\n"
	650	"B loc_FF82D5BC\n"
	651	"loc_FF82D420:\n"
	652	"B loc_FF82D5BC\n"
	653	"loc_FF82D424:\n"
	654	"SUB R12, R5, #0x2000\n"
	655	"SUBS R12, R12, #2\n"
	656	"BEQ loc_FF82D6E4\n"
	657	"CMP R5, R9\n"
	658	"MOV R0, R9\n"
	659	"BEQ loc_FF82D6F0\n"
	660	"SUB R12, R5, #0x2000\n"
	661	"SUBS R12, R12, #5\n"
	662	"BEQ loc_FF82D6E4\n"
	663	"SUB R12, R5, #0x2000\n"
	664	"SUBS R12, R12, #0x19\n"
	665	"BNE loc_FF82D66C\n"
	666	"CMP R1, #0\n"
	667	"BNE loc_FF82D6D0\n"
	668	"B loc_FF82D65C\n"
	669	"loc_FF82D460:\n"
	670	"LDR R12, =0x3110\n"
	671	"CMP R5, R12\n"
	672	"BEQ loc_FF82D6A8\n"
	673	"BGT loc_FF82D4A8\n"
	674	"SUB R12, R5, #0x2000\n"
	675	"SUBS R12, R12, #0x1D\n"
	676	"BEQ loc_FF82D6E4\n"
	677	"LDR R0, =0x2027\n"
	678	"CMP R5, R0\n"
	679	"BEQ loc_FF82D6B0\n"
	680	"SUB R12, R5, #0x3000\n"
	681	"SUBS R12, R12, #6\n"
	682	"BEQ loc_FF82D6A8\n"
	683	"SUB R12, R5, #0x3000\n"
	684	"SUBS R12, R12, #0x10\n"
	685	"BNE loc_FF82D66C\n"
	686	"BL sub_FF893354\n"
	687	"B loc_FF82D65C\n"
	688	"loc_FF82D4A8:\n"
	689	"SUB R12, R5, #0x3100\n"
	690	"SUBS R12, R12, #0x11\n"
	691	"BEQ loc_FF82D6A8\n"
	692	"CMP R5, #0x3140\n"
	693	"BEQ loc_FF82D70C\n"
	694	"SUB R12, R5, #0x3200\n"
	695	"SUBS R12, R12, #1\n"
	696	"BEQ loc_FF82D66C\n"
	697	"SUB R12, R5, #0x3200\n"
	698	"SUBS R12, R12, #2\n"
	699	"BNE loc_FF82D66C\n"
	700	"B loc_FF82D6A8\n"
	701	"loc_FF82D4D8:\n"
	702	"MOV R4, #1\n"
	703	"MOV R0, #2\n"
	704	"BL sub_FF874024\n"
	705	"CMP R0, #1\n"
	706	"MOVEQ R4, #2\n"
	707	"MOV R0, R4\n"
	708	"BL sub_FF8224B0\n"
	709	"CMP R0, #0\n"
	710	"STRNE R8, [R6,#0x14]\n"
	711	"BNE loc_FF82D530\n"
	712	"BL sub_FF879F0C\n"
	713	"BL sub_FF877D84\n"
	714	"BL sub_FF8789D8\n"
	715	"BL sub_FF877670\n"
	716	"BL sub_FF878F88\n"
	717	"CMP R0, #0\n"
	718	"BEQ loc_FF82D59C\n"
	719	"BL sub_FF82CF20\n"
	720	"BL sub_FF878EEC\n"
	721	"MOV R1, R0\n"
	722	"LDR R0, =0x1167\n"
	723	"BL sub_FF8711D8\n"
	724	"loc_FF82D530:\n"
	725	"MOV R0, R7\n"
	726
	727	"locret_FF82D534:\n"
	728	"LDMFD SP!, {R3-R11,PC}\n"
	729	"loc_FF82D59C:\n"
	730	"BL sub_FF8268E8\n"
	731	"CMP R0, #1\n"
	732	"LDRNE R0, =0x310B\n"
	733	"LDREQ R0, =0x310C\n"
	734	"MOV R1, #0\n"
	735	"BL sub_FF8711D8\n"
	736	"BL sub_FF8770A8_my\n" // Continue here (possibility 1) for SDHC-boot //<------------------------------------------
	737	"B loc_FF82D530\n"
	738	"loc_FF82D5BC:\n"
	739	"STR R8, [R6,#0x10]\n"
	740	"LDR R6, =0x4508\n"
	741	"LDR R4, =0x1168\n"
	742	"CMP R1, #0\n"
	743	"BEQ loc_FF82D5E4\n"
	744	"BL sub_FF8748A0\n"
	745	"B loc_FF82D5F0\n"
	746	"loc_FF82D5D8:\n"
	747	"MOV R0, R6\n"
	748	"BL sub_FF85E5B0\n"
	749	"B loc_FF82D65C\n"
	750
	751	"loc_FF82D5E4:\n"
	752	"BL sub_FF8781CC\n"
	753	"BL sub_FF877F94\n"
	754	"BL sub_FF826590\n"
	755	"loc_FF82D5F0:\n"
	756	"CMP R5, R4\n"
	757	"BEQ loc_FF82D5D8\n"
	758	"B loc_FF82D65C\n"
	759	"loc_FF82D5FC:\n"
	760	"MOV R0, #1\n"
	761	"BL sub_FF8749CC\n"
	762	"MOV R1, R11\n"
	763	"MOV R0, R10\n"
	764	"B loc_FF82D674\n"
	765	"loc_FF82D610:\n"
	766	"CMP R2, #1\n"
	767	"BNE loc_FF82D6A8\n"
	768	"BL sub_FF8748A0\n"
	769	"B loc_FF82D65C\n"
	770	"loc_FF82D620:\n"
	771	"MOV R0, #2\n"
	772	"B loc_FF82D62C\n"
	773	"loc_FF82D628:\n"
	774	"MOV R0, #1\n"
	775	"loc_FF82D62C:\n"
	776	"BL sub_FF82DC30\n"
	777	"B loc_FF82D65C\n"
	778	"loc_FF82D634:\n"
	779	"MOV R0, #0\n"
	780	"B loc_FF82D62C\n"
	781	"loc_FF82D63C:\n"
	782	"LDR R0, [R6,#0xC]\n"
	783	"SUB R12, R0, #0x8000\n"
	784	"SUBS R12, R12, #2\n"
	785	"BEQ loc_FF82D65C\n"
	786	"LDR R0, =0x10A5\n"
	787	"BL sub_FF872EB8\n" // eventproc_export_IsControlEventActive
	788
	789	"CMP R0, #0\n"
	790	"BEQ loc_FF82D664\n"
	791	"loc_FF82D65C:\n"
	792	"MOV R0, #0\n"
	793	"LDMFD SP!, {R3-R11,PC}\n"
	794	"loc_FF82D664:\n"
	795	"CMP R5, R9\n"
	796	"STREQ R8, [R6,#0x30]\n"
	797
	798	"loc_FF82D66C:\n"
	799	"MOV R1, #0\n"
	800	"loc_FF82D670:\n"
	801	"MOV R0, R5\n"
	802
	803	"loc_FF82D674:\n"
	804	"BL sub_FF875F98_My\n" // Continue here (possibility 2) for SDHC-boot //<-----------------------------
	805
	806	"LDMFD SP!, {R3-R11,PC}\n"
	807	"loc_FF82D67C:\n"
	808	"BL sub_FF87C4A0\n"
	809	"CMP R0, #0\n"
	810	"BLNE sub_FF87B1FC\n"
	811	"B loc_FF82D6A8\n"
	812	"loc_FF82D68C:\n"
	813	"BL sub_FF872EB8\n" //eventproc_export_IsControlEventActive
	814	"CMP R0, #0\n"
	815	"BNE loc_FF82D65C\n"
	816
	817	"loc_FF82D698:\n"
	818	"MOV R0, R5\n"
	819	"BL sub_FF82D040\n"
	820	"LDMFD SP!, {R3-R11,PC}\n"
	821	"loc_FF82D6A4:\n"
	822	"BL sub_FF82DC00\n"
	823	"loc_FF82D6A8:\n"
	824	"MOV R1, R4\n"
	825	"B loc_FF82D670\n"
	826	"loc_FF82D6B0:\n"
	827	"MOV R1, #0\n"
	828	"BL sub_FF875F98_My\n" //Continue here (possibility 2) for SDHC-boot // <--------------------------------
	829	"MOV R1, #0\n"
	830	"MOV R0, R11\n"
	831	"BL sub_FF875F98_My\n" // Continue here (possibility 2) for SDHC-boot // <----------------------------------
	832	"MOV R1, #0\n"
	833	"MOV R0, R9\n"
	834	"B loc_FF82D6DC\n"
	835	"loc_FF82D6D0:\n"
	836	"CMP R2, #0\n"
	837	"BNE loc_FF82D65C\n"
	838	"loc_FF82D6D8:\n"
	839	"MOV R1, #0\n"
	840	"loc_FF82D6DC:\n"
	841	"BL sub_FF875F98_My\n" //Continue here (possibility 2) for SDHC-boot // <------------------------------------
	842	"B loc_FF82D65C\n"
	843	"loc_FF82D6E4:\n"
	844	"STR R7, [R6,#0x20]\n"
	845	"BL sub_FF82D900\n"
	846	"B loc_FF82D6A8\n"
	847	"loc_FF82D6F0:\n"
	848	"STR R7, [R6,#0x20]\n"
	849	"BL sub_FF82D900\n"
	850	"LDR R0, [R6,#0x10]\n"
	851	"CMP R0, #1\n"
	852	"BNE loc_FF82D6A8\n"
	853	"BL sub_FF8748E4\n"
	854	"B loc_FF82D65C\n"
	855	"loc_FF82D70C:\n"
	856	"CMP R1, #0\n"
	857	"BLEQ sub_FF82D900\n"
	858	"B loc_FF82D65C\n"
	859	"loc_FF82D718:\n"
	860	"LDR R0, =0xFFFFFFFF\n" // was MOVL tryed MVN provare pure LDR
	861	"B loc_FF82D6D8\n"
	862	);
	863	}; //#fe
	864
	865
	866	// Continue here (possibility 1) for SDHC-boot //OK
	867	void __attribute__((naked,noinline)) sub_FF8770A8_my() { //#fs
	868	asm volatile (
	869	"STMFD SP!, {R4,LR}\n"
	870	"BL sub_FF82D8CC\n"
	871	"MOV R4, R0\n"
	872	"BL sub_FF8771C4\n"
	873	"MOV R0, R4\n"
	874	"BL sub_FF876F5C\n"
	875	"BL sub_FF82D8CC\n"
	876	"MOV R4, R0\n"
	877	"LDR R0, =0x60D8\n"
	878	"LDR R0, [R0]\n"
	879	"TST R0, #1\n"
	880	"BEQ loc_FF8770E4\n"
	881	"loc_FF8770D8:\n"
	882	"MOV R1, R4\n"
	883	"MOV R0, #2\n"
	884	"B loc_FF87714C\n"
	885	"loc_FF8770E4:\n"
	886	"TST R0, #0x2000\n"
	887	"BEQ loc_FF877100\n"
	888	"TST R0, #0x200\n"
	889	"LDREQ R1, =0x4004\n"
	890	"LDRNE R1, =0x8002\n"
	891	"MOV R0, #3\n"
	892	"B loc_FF87714C\n"
	893	"loc_FF877100:\n"
	894	"TST R0, #0x10\n"
	895	"BNE loc_FF8770D8\n"
	896	"TST R0, #0x40\n"
	897	"BEQ loc_FF87711C\n"
	898	"loc_FF877110:\n"
	899	"MOV R1, R4\n"
	900	"MOV R0, #1\n"
	901	"B loc_FF87714C\n"
	902	"loc_FF87711C:\n"
	903	"TST R0, #0x20\n"
	904	"BEQ loc_FF877138\n"
	905	"TST R0, #0x4000\n"
	906	"BNE loc_FF877138\n"
	907	"loc_FF87712C:\n"
	908	"MOV R1, R4\n"
	909	"MOV R0, #0\n"
	910	"B loc_FF87714C\n"
	911	"loc_FF877138:\n"
	912	"LDR R1, =0x102\n"
	913	"BICS R1, R1, R0\n"
	914	"BNE loc_FF877154\n"
	915	"MOV R1, R4\n"
	916	"MOV R0, #6\n"
	917	"loc_FF87714C:\n"
	918	"LDMFD SP!, {R4,LR}\n"
	919	"B sub_FF876EF8_my\n" // cont. for SDHC-boot <------------------------------------
	920	"loc_FF877154:\n"
	921	"TST R0, #0x100\n"
	922	"BNE loc_FF8770D8\n"
	923	"TST R0, #0x4000\n"
	924	"TSTEQ R0, #0x400\n"
	925	"BNE loc_FF877110\n"
	926	"TST R0, #0x200\n"
	927	"TSTEQ R0, #2\n"
	928	"BNE loc_FF87712C\n"
	929	"TST R0, #0x40000\n"
	930	"BEQ loc_FF8770D8\n"
	931	"TST R0, #0x200000\n"
	932	"MOVEQ R1, R4\n"
	933	"MOVEQ R0, #1\n"
	934	"BLEQ sub_FF876EF8_my\n" // cont. for SDHC-boot <------------------------------------
	935	"B loc_FF8770D8\n"
	936	);
	937	}; //#fe
	938	//OK
	939	void __attribute__((naked,noinline)) sub_FF876EF8_my() { //#fs
	940	asm volatile (
	941	"STMFD SP!, {R4-R6,LR}\n"
	942	"MOVS R4, R0\n"
	943	"MOV R0, #1\n"
	944	"MOV R5, R1\n"
	945	"BNE loc_FF876F38\n"
	946	"MOV R1, #0\n"
	947	"MOV R0, #0\n"
	948	"BL sub_FF873FB4\n"
	949	"BL sub_FF82D8CC\n"
	950	"SUB R12, R0, #0x1000\n"
	951	"SUBS R12, R12, #0x5B\n"
	952	"BNE loc_FF876F30\n"
	953	"loc_FF876F28:\n"
	954	"BL sub_FF876E4C\n"
	955	"B loc_FF876F40\n"
	956	"loc_FF876F30:\n"
	957	"BL sub_FF876E8C\n"
	958	"B loc_FF876F40\n"
	959	"loc_FF876F38:\n"
	960	"CMP R4, #5\n"
	961	"BEQ loc_FF876F28\n"
	962	"loc_FF876F40:\n"
	963	"CMP R0, #0\n"
	964	"LDREQ R5, =0x1162\n"
	965	"MOVEQ R4, #2\n"
	966	"MOV R0, R4\n"
	967	"MOV R1, R5\n"
	968	"LDMFD SP!, {R4-R6,LR}\n"
	969	"B sub_FF875F98_My\n" // Continue here (possibility 2) for SDHC-boot <-------------------------
	970	);
	971	}; //#fe
	972
	973
	974	//NEW OK
	975	void __attribute__((naked,noinline)) sub_FF875F98_My() { //#fs
	976	asm volatile (
	977	"STMFD SP!, {R4-R8,LR}\n"
	978	"MOV R8, R1\n"
	979	"MOV R4, R0\n"
	980	"BL sub_FF878F88\n"
	981	"CMP R0, #0\n"
	982	"BNE loc_FF87625C\n"
	983	"MOV R1, R8\n"
	984	"MOV R0, R4\n"
	985	"BL sub_FF874B90\n"
	986	"LDR R5, =0x6008\n"
	987	"MOV R7, #1\n"
	988	"LDR R0, [R5,#0x10]\n"
	989	"MOV R6, #0\n"
	990	"CMP R0, #0x16\n"
	991	"ADDLS PC, PC, R0,LSL#2\n"
	992	"B loc_FF87625C\n"
	993	"loc_FF875FD8:\n"
	994	"B loc_FF876034\n"
	995	"loc_FF875FDC:\n"
	996	"B loc_FF87605C\n"
	997	"loc_FF875FE0:\n"
	998	"B loc_FF8760A0\n"
	999	"loc_FF875FE4:\n"
	1000	"B loc_FF87611C\n"
	1001	"loc_FF875FE8:\n"
	1002	"B loc_FF87612C\n"
	1003	"loc_FF875FEC:\n"
	1004	"B loc_FF87625C\n"
	1005	"loc_FF875FF0:\n"
	1006	"B loc_FF8761A8\n"
	1007	"loc_FF875FF4:\n"
	1008	"B loc_FF8761B8\n"
	1009	"loc_FF875FF8:\n"
	1010	"B loc_FF876044\n"
	1011	"loc_FF875FFC:\n"
	1012	"B loc_FF876050\n"
	1013	"loc_FF876000:\n"
	1014	"B loc_FF8761B8\n"
	1015	"loc_FF876004:\n"
	1016	"B loc_FF876094\n"
	1017	"loc_FF876008:\n"
	1018	"B loc_FF87625C\n"
	1019	"loc_FF87600C:\n"
	1020	"B loc_FF87625C\n"
	1021	"loc_FF876010:\n"
	1022	"B loc_FF8760AC\n"
	1023	"loc_FF876014:\n"
	1024	"B loc_FF8760B8\n"
	1025	"loc_FF876018:\n"
	1026	"B loc_FF8760F0\n"
	1027	"loc_FF87601C:\n"
	1028	"B loc_FF876068\n"
	1029	"loc_FF876020:\n"
	1030	"B loc_FF876244\n"
	1031	"loc_FF876024:\n"
	1032	"B loc_FF8761C4\n"
	1033	"loc_FF876028:\n"
	1034	"B loc_FF8761F4\n"
	1035	"loc_FF87602C:\n"
	1036	"B loc_FF8761F4\n"
	1037	"loc_FF876030:\n"
	1038	"B loc_FF876138\n"
	1039	"loc_FF876034:\n"
	1040	"MOV R1, R8\n"
	1041	"MOV R0, R4\n"
	1042	"LDMFD SP!, {R4-R8,LR}\n"
	1043	"B sub_FF875648_my\n" // uAC_Boot // divert for <-------------------------
	1044	"loc_FF876044:\n"
	1045	"MOV R0, R4\n"
	1046	"LDMFD SP!, {R4-R8,LR}\n"
	1047	"B sub_FF8769B0\n"
	1048	"loc_FF876050:\n"
	1049	"MOV R0, R4\n"
	1050	"LDMFD SP!, {R4-R8,LR}\n"
	1051	"B sub_FF875B14\n"
	1052	"loc_FF87605C:\n"
	1053	"MOV R0, R4\n"
	1054	"LDMFD SP!, {R4-R8,LR}\n"
	1055	"B sub_FF87522C\n"
	1056	"loc_FF876068:\n"
	1057	"SUB R12, R4, #0x1000\n"
	1058	"SUBS R12, R12, #0xA5\n"
	1059	"STREQ R7, [R5,#0x88]\n"
	1060	"BEQ loc_FF876254\n"
	1061	"SUB R12, R4, #0x3000\n"
	1062	"SUBS R12, R12, #6\n"
	1063	"BNE loc_FF87625C\n"
	1064	"MOV R0, #0\n"
	1065	"BL sub_FF82CDA8\n"
	1066	"BL sub_FF876890\n" // uAC_InitPB
	1067	"B loc_FF876254\n"
	1068	"loc_FF876094:\n"
	1069	"MOV R0, R4\n"
	1070	"LDMFD SP!, {R4-R8,LR}\n"
	1071	"B sub_FF8768C8\n"
	1072	"loc_FF8760A0:\n"
	1073	"MOV R0, R4\n"
	1074	"LDMFD SP!, {R4-R8,LR}\n"
	1075	"B sub_FF875404\n"
	1076	"loc_FF8760AC:\n"
	1077	"MOV R0, R4\n"
	1078	"LDMFD SP!, {R4-R8,LR}\n"
	1079	"B sub_FF875CC0\n"
	1080	"loc_FF8760B8:\n"
	1081	"SUB R12, R4, #0x3200\n"
	1082	"SUBS R12, R12, #2\n"
	1083	"BNE loc_FF87625C\n"
	1084	"MOV R0, #3\n"
	1085	"BL sub_FF874A74\n" // uCameraConState
	1086	"MOV R0, #8\n"
	1087	"BL sub_FF82CD04\n"
	1088	"MOV R1, #0\n"
	1089	"MOV R0, #0x19\n"
	1090	"BL sub_FF83EEE0\n"
	1091	"BL sub_FF8781CC\n"
	1092	"BL sub_FF878018\n"
	1093	"BL sub_FF8776E0\n"
	1094	"B loc_FF876254\n"
	1095	"loc_FF8760F0:\n"
	1096	"SUB R12, R4, #0x3300\n"
	1097	"SUBS R12, R12, #1\n"
	1098	"BNE loc_FF87625C\n"
	1099	"LDR R0, =0x4010\n"
	1100	"STR R6, [R5,#0x80]\n"
	1101	"BL sub_FF82CD04\n"
	1102	"BL sub_FF9A90CC\n"
	1103	"BL sub_FF8776E0\n"
	1104	"MOV R0, #4\n"
	1105	"BL sub_FF874A74\n" // uCameraConState
	1106	"B loc_FF876254\n"
	1107	"loc_FF87611C:\n"
	1108	"MOV R1, R8\n"
	1109	"MOV R0, R4\n"
	1110	"LDMFD SP!, {R4-R8,LR}\n"
	1111	"B sub_FF875E1C\n"
	1112	"loc_FF87612C:\n"
	1113	"MOV R0, R4\n"
	1114	"LDMFD SP!, {R4-R8,LR}\n"
	1115	"B sub_FF876AF8\n"
	1116	"loc_FF876138:\n"
	1117	"LDR R8, =0x1182\n"
	1118	"CMP R4, R8\n"
	1119	"STREQ R7, [R5,#0xB8]\n"
	1120	"BEQ loc_FF876254\n"
	1121	"SUB R12, R4, #0x1000\n"
	1122	"SUBS R12, R12, #0x1AC\n"
	1123	"BEQ loc_FF876190\n"
	1124	"SUB R12, R4, #0x3000\n"
	1125	"SUBS R12, R12, #0x224\n"
	1126	"BNE loc_FF87625C\n"
	1127	"MOV R0, #8\n"
	1128	"BL sub_FF82CD04\n"
	1129	"MOV R0, #3\n"
	1130	"BL sub_FF874A74\n" // uCameraConState
	1131	"STR R6, [R5,#0xBC]\n"
	1132	"LDR R0, [R5,#0xB8]\n"
	1133	"CMP R0, #0\n"
	1134	"MOVNE R1, #0\n"
	1135	"MOVNE R0, R8\n"
	1136	"STRNE R6, [R5,#0xB8]\n"
	1137	"BLNE sub_FF875E1C\n"
	1138	"B loc_FF876254\n"
	1139	"loc_FF876190:\n"
	1140	"LDR R0, [R5,#0xBC]\n"
	1141	"CMP R0, #0\n"
	1142	"BNE loc_FF876254\n"
	1143	"BL sub_FF9A71E4\n"
	1144	"STR R7, [R5,#0xBC]\n"
	1145	"B loc_FF876254\n"
	1146	"loc_FF8761A8:\n"
	1147	"MOV R1, R8\n"
	1148	"MOV R0, R4\n"
	1149	"LDMFD SP!, {R4-R8,LR}\n"
	1150	"B sub_FF876BD8\n"
	1151	"loc_FF8761B8:\n"
	1152	"MOV R0, R4\n"
	1153	"LDMFD SP!, {R4-R8,LR}\n"
	1154	//"B sub_FF875A0C\n"
	1155	"B sub_FF875A0C_my\n" //----------> movies_rec.c
	1156	"loc_FF8761C4:\n"
	1157	"LDR R12, =0x10B0\n"
	1158	"CMP R4, R12\n"
	1159	"BEQ loc_FF8761F0\n"
	1160	"BGT loc_FF8761FC\n"
	1161	"CMP R4, #4\n"
	1162	"BEQ loc_FF876224\n"
	1163	"SUB R12, R4, #0x1000\n"
	1164	"SUBS R12, R12, #0xAA\n"
	1165	"SUBNE R12, R4, #0x1000\n"
	1166	"SUBNES R12, R12, #0xAE\n"
	1167	"BNE loc_FF87625C\n"
	1168	"loc_FF8761F0:\n"
	1169	"BL sub_FF874770\n"
	1170	"loc_FF8761F4:\n"
	1171	"MOV R0, R6\n"
	1172	"LDMFD SP!, {R4-R8,PC}\n"
	1173	"loc_FF8761FC: \n"
	1174	"SUB R12, R4, #0x2000\n"
	1175	"SUBS R12, R12, #4\n"
	1176	"BEQ loc_FF87623C\n"
	1177	"SUB R12, R4, #0x5000\n"
	1178	"SUBS R12, R12, #1\n"
	1179	"SUBNE R12, R4, #0x5000\n"
	1180	"SUBNES R12, R12, #6\n"
	1181	"BNE loc_FF87625C\n"
	1182	"BL sub_FF8751CC\n"
	1183	"B loc_FF876254\n"
	1184	"loc_FF876224:\n"
	1185	"LDR R0, [R5,#0x2C]\n"
	1186	"CMP R0, #0\n"
	1187	"BNE loc_FF87623C\n"
	1188	"BL sub_FF87643C\n"
	1189	"BL sub_FF826548\n"
	1190	"B loc_FF876254\n"
	1191	"loc_FF87623C:\n"
	1192	"BL sub_FF8747AC\n"
	1193	"B loc_FF876254\n"
	1194	"loc_FF876244:\n"
	1195	"SUB R12, R4, #0x3000\n"
	1196	"SUBS R12, R12, #0x130\n"
	1197	"BNE loc_FF87625C\n"
	1198	"BL sub_FF87486C\n"
	1199	"loc_FF876254:\n"
	1200	"MOV R0, #0\n"
	1201	"LDMFD SP!, {R4-R8,PC}\n"
	1202	"loc_FF87625C:\n"
	1203	"MOV R0, #1\n"
	1204	"LDMFD SP!, {R4-R8,PC}\n"
	1205	);
	1206	}; //#fe
	1207
	1208
	1209	//OK
	1210	void __attribute__((naked,noinline)) sub_FF875648_my() { //#fs uAC_Boot
	1211	asm volatile (
	1212	"STMFD SP!, {R4-R8,LR}\n"
	1213	"LDR R7, =0x8002\n"
	1214	"LDR R4, =0x6008\n"
	1215	"CMP R0, #3\n"
	1216	"MOV R6, R1\n"
	1217	"MOV R5, #1\n"
	1218	"BEQ loc_FF8757BC\n"
	1219	"BGT loc_FF875684\n"
	1220	"CMP R0, #0\n"
	1221	"BEQ loc_FF8756C8\n"
	1222	"CMP R0, #1\n"
	1223	"BEQ loc_FF87574C\n"
	1224	"CMP R0, #2\n"
	1225	"BNE loc_FF875844\n"
	1226	"B loc_FF87569C\n"
	1227	"loc_FF875684:\n"
	1228	"CMP R0, #6\n"
	1229	"STREQ R5, [R4,#0x28]\n"
	1230	"BEQ loc_FF8757B4\n"
	1231	"SUB R12, R0, #0x2000\n"
	1232	"SUBS R12, R12, #4\n"
	1233	"BNE loc_FF875844\n"
	1234
	1235	"loc_FF87569C:\n"
	1236	"SUB R12, R6, #0x1100\n"
	1237	"SUBS R12, R12, #0x62\n"
	1238	"BNE loc_FF8756B8\n"
	1239	"MOV R1, R7\n"
	1240	"MOV R0, #0\n"
	1241	"BL sub_FF878AB0\n"
	1242	"STR R5, [R4,#0x60]\n"
	1243
	1244	"loc_FF8756B8:\n"
	1245	"BL sub_FF8781CC\n"
	1246	"BL sub_FF878018\n"
	1247	"BL sub_FF875130\n"
	1248	"B loc_FF87583C\n"
	1249	"loc_FF8756C8:\n"
	1250	"MOV R0, #7\n"
	1251	"BL sub_FF874A74\n"
	1252	"MOV R0, R7\n"
	1253	"BL sub_FF82CD04\n"
	1254	"BL sub_FF877310\n" // taskcreate_CommonDrivers
	1255	"BL sub_FF877E68\n"
	1256	"MOV R1, R7\n"
	1257	"MOV R0, #0\n"
	1258	"BL sub_FF878AB0\n"
	1259	"LDR R1, =0xFF87587C\n"
	1260	"MOV R0, #0x20\n"
	1261	"STR R6, [R4,#0x18]\n"
	1262	"BL sub_FF86DA00\n"
	1263	"LDR R1, =0xFF875888\n"
	1264	"MOV R0, #0x20\n"
	1265	"BL sub_FF86DA00\n"
	1266	"STR R5, [R4,#0x28]\n"
	1267	"BL sub_FF82CE8C\n"
	1268	"BL sub_FF82CDD0\n"
	1269	"LDR R0, [R4,#0x1C]\n"
	1270	"LDR R1, [R4,#0x20]\n"
	1271	"ORRS R0, R0, R1\n"
	1272	"BLNE sub_FF876418\n"
	1273	"LDR R0, [R4,#0x68]\n"
	1274	"CMP R0, #0\n"
	1275	"BNE loc_FF875738\n"
	1276	"BL sub_FF82CEFC\n" // taskcreate_StartupImage
	1277	"B loc_FF875740\n"
	1278	"loc_FF875738:\n"
	1279	"BL sub_FF8262FC\n"
	1280	"BL sub_FF82D864\n"
	1281
	1282	"loc_FF875740:\n"
	1283	"BL sub_FF8772D4_my\n" // taskcreate_InitFileModules<----------------------
	1284	"BL sub_FF87734C\n"
	1285	"B loc_FF87583C\n"
	1286	"loc_FF87574C:\n"
	1287	"MOV R0, #8\n"
	1288	"BL sub_FF874A74\n"
	1289	"BL sub_FF877310\n"
	1290	"BL sub_FF877E68\n"
	1291	"LDR R5, =0x4004\n"
	1292	"MOV R0, #0\n"
	1293	"MOV R1, R5\n"
	1294	"BL sub_FF878AB0\n"
	1295	"LDR R1, =0xFF875898\n"
	1296	"MOV R0, #0x20\n"
	1297	"BL sub_FF86DA00\n"
	1298
	1299	"BL sub_FF8772D4_my\n" // taskcreate_InitFileModules ----------------------------->
	1300
	1301	"BL sub_FF8773E0\n"
	1302	"BL sub_FF82D828\n"
	1303	"MOV R0, R5\n"
	1304	"BL sub_FF82CD04\n"
	1305	"LDR R0, [R4,#0x68]\n"
	1306	"CMP R0, #0\n"
	1307	"BNE loc_FF8757A0\n"
	1308	"BL sub_FF82CEFC\n" // taskcreate_StartupImage
	1309	"B loc_FF8757A4\n"
	1310	"loc_FF8757A0:\n"
	1311	"BL sub_FF8262FC\n"
	1312
	1313	"loc_FF8757A4:\n"
	1314	"BL sub_FF87737C\n"
	1315	"LDR R0, [R4,#0x30]\n"
	1316	"CMP R0, #0\n"
	1317	"BEQ loc_FF87583C\n"
	1318
	1319	"loc_FF8757B4:\n"
	1320	"BL sub_FF876460\n"
	1321	"B loc_FF87583C\n"
	1322	"loc_FF8757BC:\n"
	1323	"MOV R1, R6\n"
	1324	"MOV R0, #0\n"
	1325	"BL sub_FF878AB0\n"
	1326	"LDR R1, =0xFF8758A4\n"
	1327	"MOV R0, #0x20\n"
	1328	"BL sub_FF86DA00\n"
	1329	"STR R5, [R4,#0x68]\n"
	1330	"BL sub_FF8773E0\n"
	1331	"BL sub_FF82D828\n"
	1332	"BL sub_FF8763F4\n"
	1333	"BL sub_FF82D8C0\n"
	1334	"CMP R0, #0\n"
	1335	"LDRNE R0, =0x804B\n"
	1336	"MOVNE R1, #0\n"
	1337	"BLNE sub_FF873C90\n" // eventproc_export_PTM_SetCurrentItem
	1338	"BL sub_FF8788CC\n"
	1339	"MOV R0, #0x80\n"
	1340	"BL sub_FF82CD04\n"
	1341	"BL sub_FF878310\n"
	1342	"BL sub_FF895AD0\n" // eventproc_export_StartGUISystem
	1343	"BL sub_FF957B60\n"
	1344	"BL sub_FF9ABF4C\n"
	1345	"BL sub_FF877B4C\n"
	1346	"BL sub_FF878204\n"
	1347	"MOV R0, #9\n"
	1348	"BL sub_FF874A74\n"
	1349	"LDR R0, =0x300E\n"
	1350	"MOV R1, R6\n"
	1351	"BL sub_FF8711D8\n"
	1352	"MOV R1, #0\n"
	1353	"MOV R0, #1\n"
	1354	"BL sub_FF878AB0\n"
	1355
	1356	"loc_FF87583C:\n"
	1357	"MOV R0, #0\n"
	1358	"LDMFD SP!, {R4-R8,PC}\n"
	1359	"loc_FF875844:\n"
	1360	"MOV R0, #1\n"
	1361	"LDMFD SP!, {R4-R8,PC}\n"
	1362	);
	1363	}; //#fe
	1364
	1365	//OK
	1366	void __attribute__((naked,noinline)) sub_FF8772D4_my() { //#fs CreateTask_InitFileModules
	1367	asm volatile (
	1368	"LDR R0, =0x60E4\n"
	1369	"STMFD SP!, {R3,LR}\n"
	1370	"LDR R1, [R0,#4]\n"
	1371	"CMP R1, #0\n"
	1372	"BNE locret_FF87730C\n"
	1373	"MOV R1, #1\n"
	1374	"STR R1, [R0,#4]\n"
	1375	"MOV R3, #0\n"
	1376	"STR R3, [SP]\n"
	1377
	1378	"LDR R3, =task_InitFileModules_my\n" // continue for SDHC-boot (orig: FFC5F754)-g9 = FF877284 "LDR R3, =task_InitFileModules_my\n"
	1379
	1380	"MOV R1, #0x19\n"
	1381	"LDR R0, =0xFF877438\n" // aInitfilemodule
	1382	"MOV R2, #0x1000\n"
	1383	"BL sub_FF81BAF0\n" // CreateTask
	1384	"locret_FF87730C:\n"
	1385	"LDMFD SP!, {R12,PC}\n"
	1386	);
	1387	}; //#fe
	1388
	1389	//OK
	1390	void __attribute__((naked,noinline)) task_InitFileModules_my() { //#fs task_InitFileModules_my
	1391	asm volatile (
	1392	"STMFD SP!, {R4-R6,LR}\n"
	1393	"BL sub_FF86FFF8\n"
	1394	"LDR R5, =0x5006\n"
	1395	"MOVS R4, R0\n"
	1396	"MOVNE R1, #0\n"
	1397	"MOVNE R0, R5\n"
	1398	"BLNE sub_FF8711D8\n"
	1399	"BL sub_FF870024_my\n" // continue to SDHC-hook here! was FFC5A4E8
	1400
	1401	"BL core_spytask_can_start\n" // CHDK: Set "it's-save-to-start"-Flag for spytask
	1402
	1403	"CMP R4, #0\n"
	1404	"MOVEQ R0, R5\n"
	1405	"LDMEQFD SP!, {R4-R6,LR}\n"
	1406	"MOVEQ R1, #0\n"
	1407	"BEQ sub_FF8711D8\n"
	1408	"LDMFD SP!, {R4-R6,PC}\n"
	1409	);
	1410	}; //#fe
	1411
	1412	//OK
	1413	void __attribute__((naked,noinline)) sub_FF870024_my() { //#fs
	1414
	1415	asm volatile (
	1416	"STMFD SP!, {R4,LR}\n"
	1417
	1418	"BL sub_FF85235C_my\n" // continue to SDHC-hook here! was FFC3F0CC --------------------------------------->
	1419
	1420	"LDR R4, =0x5AC4\n"
	1421	"LDR R0, [R4,#4]\n"
	1422	"CMP R0, #0\n"
	1423	"BNE loc_FF870054\n"
	1424	"BL sub_FF87FD60\n"
	1425	"BL sub_FF90B938\n"
	1426	"BL sub_FF87FD60\n"
	1427	"BL sub_FF91848C\n"
	1428	"BL sub_FF87FD70\n"
	1429	"BL sub_FF90B9E0\n"
	1430	"loc_FF870054:\n"
	1431	"MOV R0, #1\n"
	1432	"STR R0, [R4]\n"
	1433	"LDMFD SP!, {R4,PC}\n"
	1434	);
	1435	}; //#fe
	1436	//OK
	1437	void __attribute__((naked,noinline)) sub_FF85235C_my() { //#fs
	1438
	1439	asm volatile (
	1440	"STMFD SP!, {R4-R6,LR}\n"
	1441	"MOV R6, #0\n"
	1442	"MOV R0, R6\n"
	1443	"BL sub_FF851F2C\n"
	1444	"LDR R4, =0x168D0\n"
	1445	"MOV R5, #0\n"
	1446	"LDR R0, [R4,#0x38]\n"
	1447	"BL sub_FF8528F4\n"
	1448	"CMP R0, #0\n"
	1449	"LDREQ R0, =0x2D34\n"
	1450	"STREQ R5, [R0,#0xC]\n"
	1451	"STREQ R5, [R0,#0x10]\n"
	1452	"STREQ R5, [R0,#0x14]\n"
	1453	"MOV R0, R6\n"
	1454	"BL sub_FF851F6C\n" // uMounter (u=unknown, just to prevent misunderstandings)
	1455	"MOV R0, R6\n"
	1456
	1457	"BL sub_FF852198_my\n" // continue to SDHC-hook here! <---------------------
	1458
	1459	"MOV R5, R0\n"
	1460	"MOV R0, R6\n"
	1461	"BL sub_FF852204\n"
	1462	"LDR R1, [R4,#0x3C]\n"
	1463	"AND R2, R5, R0\n"
	1464	"CMP R1, #0\n"
	1465	"MOV R0, #0\n"
	1466	"MOVEQ R0, #0x80000001\n"
	1467	"BEQ loc_FF8523F0\n"
	1468	"LDR R3, [R4,#0x2C]\n"
	1469	"CMP R3, #2\n"
	1470	"MOVEQ R0, #4\n"
	1471	"CMP R1, #5\n"
	1472	"ORRNE R0, R0, #1\n"
	1473	"BICEQ R0, R0, #1\n"
	1474	"CMP R2, #0\n"
	1475	"BICEQ R0, R0, #2\n"
	1476	"ORREQ R0, R0, #0x80000000\n"
	1477	"BICNE R0, R0, #0x80000000\n"
	1478	"ORRNE R0, R0, #2\n"
	1479	"loc_FF8523F0:\n"
	1480	"STR R0, [R4,#0x40]\n"
	1481	"LDMFD SP!, {R4-R6,PC}\n"
	1482	);
	1483	}; //#fe
	1484	//OK
	1485	void __attribute__((naked,noinline)) sub_FF852198_my() { //#fs
	1486	asm volatile (
	1487	"STMFD SP!, {R4-R6,LR}\n"
	1488	"LDR R5, =0x2D34\n"
	1489	"MOV R6, R0\n"
	1490	"LDR R0, [R5,#0x10]\n"
	1491	"CMP R0, #0\n"
	1492	"MOVNE R0, #1\n"
	1493	"LDMNEFD SP!, {R4-R6,PC}\n"
	1494	"MOV R0, #0x17\n"
	1495	"MUL R1, R0, R6\n"
	1496	"LDR R0, =0x168D0\n"
	1497	"ADD R4, R0, R1,LSL#2\n"
	1498	"LDR R0, [R4,#0x38]\n"
	1499	"MOV R1, R6\n"
	1500
	1501	"BL sub_FF852030_my\n" // continue to SDHC-hook here! --------------------------------------------------->
	1502
	1503	"CMP R0, #0\n"
	1504	"LDMEQFD SP!, {R4-R6,PC}\n"
	1505	"LDR R0, [R4,#0x38]\n"
	1506	"MOV R1, R6\n"
	1507	"BL sub_FF852A0C\n"
	1508	"CMP R0, #0\n"
	1509	"LDMEQFD SP!, {R4-R6,PC}\n"
	1510	"MOV R0, R6\n"
	1511	"BL sub_FF851B4C\n"
	1512	"CMP R0, #0\n"
	1513	"MOVNE R1, #1\n"
	1514	"STRNE R1, [R5,#0x10]\n"
	1515	"LDMFD SP!, {R4-R6,PC}\n"
	1516	);
	1517	}; //#fe
	1518
	1519	//OK
	1520	void __attribute__((naked,noinline)) sub_FF852030_my() { //#fs ; Partition table parse takes place here. => SDHC-boot
	1521	asm volatile (
	1522
	1523	"STMFD SP!, {R4-R8,LR} \n"
	1524	"MOV R8, R0\n"
	1525	"MOV R0, #0x17\n"
	1526	"MUL R1, R0, R1\n"
	1527	"LDR R0, =0x168D0\n"
	1528	"MOV R6, #0\n"
	1529	"ADD R7, R0, R1,LSL#2\n"
	1530	"LDR R0, [R7,#0x3C]\n"
	1531	"MOV R5, #0\n"
	1532	"CMP R0, #6\n"
	1533	"ADDLS PC, PC, R0,LSL#2\n"
	1534	"B loc_FF85217C\n"
	1535	"loc_FF852060:\n"
	1536	"B loc_FF852094\n"
	1537	"loc_FF852064:\n"
	1538	"B loc_FF85207C\n"
	1539	"loc_FF852068:\n"
	1540	"B loc_FF85207C\n"
	1541	"loc_FF85206C:\n"
	1542	"B loc_FF85207C\n"
	1543	"loc_FF852070:\n"
	1544	"B loc_FF85207C\n"
	1545	"loc_FF852074:\n"
	1546	"B loc_FF852174\n"
	1547	"loc_FF852078:\n"
	1548	"B loc_FF85207C\n"
	1549	"loc_FF85207C:\n"
	1550	"MOV R2, #0\n"
	1551	"MOV R1, #0x200\n"
	1552	"MOV R0, #3\n"
	1553	"BL sub_FF86C4D0\n"
	1554	"MOVS R4, R0\n"
	1555	"BNE loc_FF85209C\n"
	1556	"loc_FF852094:\n"
	1557	"MOV R0, #0\n"
	1558	"LDMFD SP!, {R4-R8,PC}\n"
	1559	"loc_FF85209C:\n"
	1560	"LDR R12, [R7,#0x4C]\n"
	1561	"MOV R3, R4\n"
	1562	"MOV R2, #1\n"
	1563	"MOV R1, #0\n"
	1564	"MOV R0, R8\n"
	1565
	1566	//"BLX R12\n" // !! Workaround !! attenzione
	1567	//".long 0xE12FFF3C\n"
	1568	"MOV LR, PC\n" // gcc won't compile "BLX R12" nor "BL R12".
	1569	"MOV PC, R12\n" // workaround: make your own "BL" and hope we don't need the change to thumb-mode
	1570
	1571	"CMP R0, #1\n"
	1572	"BNE loc_FF8520C8\n"
	1573	"MOV R0, #3\n"
	1574	"BL sub_FF86C610\n"
	1575	"B loc_FF852094\n"
	1576	"loc_FF8520C8:\n"
	1577	"MOV R0, R8\n"
	1578	"BL sub_FF929040\n" // Add FAT32 autodetect-code after this line\n"
	1579
	1580	// Start of DataGhost's FAT32 autodetection code
	1581	// Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
	1582	// According to the code below, we can use R1, R2, R3 and R12.
	1583	// LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
	1584	// that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
	1585	"MOV R12, R4\n" // Copy the MBR start address so we have something to work with
	1586	"MOV LR, R4\n" // Save old offset for MBR signature
	1587	"MOV R1, #1\n" // Note the current partition number
	1588	"B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
	1589	"dg_sd_fat32:\n"
	1590	"CMP R1, #4\n" // Did we already see the 4th partition?
	1591	"BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
	1592	"ADD R12, R12, #0x10\n" // Second partition
	1593	"ADD R1, R1, #1\n" // Second partition for the loop
	1594	"dg_sd_fat32_enter:\n"
	1595	"LDRB R2, [R12, #0x1BE]\n" // Partition status
	1596	"LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
	1597	"CMP R3, #0xB\n" // Is this a FAT32 partition?
	1598	"CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
	1599	"BNE dg_sd_fat32\n" // No, it isn't.
	1600	"CMP R2, #0x00\n" // It is, check the validity of the partition type
	1601	"CMPNE R2, #0x80\n"
	1602	"BNE dg_sd_fat32\n" // Invalid, go to next partition
	1603	// This partition is valid, it's the first one, bingo!
	1604	"MOV R4, R12\n" // Move the new MBR offset for the partition detection.
	1605
	1606	"dg_sd_fat32_end:\n"
	1607	// End of DataGhost's FAT32 autodetection code
	1608	"LDRB R1, [R4,#0x1C9]\n" // Continue with firmware
	1609	"LDRB R3, [R4,#0x1C8]\n"
	1610	"LDRB R12, [R4,#0x1CC]\n"
	1611	"MOV R1, R1,LSL#24\n"
	1612	"ORR R1, R1, R3,LSL#16\n"
	1613	"LDRB R3, [R4,#0x1C7]\n"
	1614	"LDRB R2, [R4,#0x1BE]\n"
	1615	//"LDRB LR, [R4,#0x1FF]\n" // replaced, see below
	1616	"ORR R1, R1, R3,LSL#8\n"
	1617	"LDRB R3, [R4,#0x1C6]\n"
	1618	"CMP R2, #0\n"
	1619	"CMPNE R2, #0x80\n"
	1620	"ORR R1, R1, R3\n"
	1621	"LDRB R3, [R4,#0x1CD]\n"
	1622	"MOV R3, R3,LSL#24\n"
	1623	"ORR R3, R3, R12,LSL#16\n"
	1624	"LDRB R12, [R4,#0x1CB]\n"
	1625	"ORR R3, R3, R12,LSL#8\n"
	1626	"LDRB R12, [R4,#0x1CA]\n"
	1627	"ORR R3, R3, R12\n"
	1628	//"LDRB R12, [R4,#0x1FE]\n" // replaced, see below
	1629
	1630	"LDRB R12, [LR,#0x1FE]\n" // New! First MBR signature byte (0x55)
	1631	"LDRB LR, [LR,#0x1FF]\n" // Last MBR signature byte (0xAA)
	1632
	1633	"MOV R4, #0\n"
	1634	"BNE loc_FF852150\n"
	1635	"CMP R0, R1\n"
	1636	"BCC loc_FF852150\n"
	1637	"ADD R2, R1, R3\n"
	1638	"CMP R2, R0\n"
	1639	"CMPLS R12, #0x55\n"
	1640	"CMPEQ LR, #0xAA\n"
	1641	"MOVEQ R6, R1\n"
	1642	"MOVEQ R5, R3\n"
	1643	"MOVEQ R4, #1\n"
	1644	"loc_FF852150:\n"
	1645	"MOV R0, #3\n"
	1646	"BL sub_FF86C610\n"
	1647	"CMP R4, #0\n"
	1648	"BNE loc_FF852188\n"
	1649	"MOV R6, #0\n"
	1650	"MOV R0, R8\n"
	1651	"BL sub_FF929040\n"
	1652	"MOV R5, R0\n"
	1653	"B loc_FF852188\n"
	1654	"loc_FF852174:\n"
	1655	"MOV R5, #0x40\n"
	1656	"B loc_FF852188\n"
	1657	"loc_FF85217C:\n"
	1658	"LDR R1, =0x365\n"
	1659	"LDR R0, =0XFF852024\n" //aMounter_c ; "Mounter.c"
	1660	"BL sub_FF81BFC8\n" //DebugAssert
	1661	"loc_FF852188:\n"
	1662	"STR R6, [R7,#0x44]!\n"
	1663	"MOV R0, #1\n"
	1664	"STR R5, [R7,#4]\n"
	1665	"LDMFD SP!, {R4-R8,PC}\n"
	1666	);
	1667	}; //#fe
	1668
	1669
	1670	//*********************************************
	1671
	1672	// I could not manually find this function in the S5IS firmware, possibly signatures
	1673	// might find it. Until that moment, I hooked it here (copied from another camera)
	1674	unsigned long __attribute__((naked,noinline)) _time(unsigned long *timer) {
	1675	asm volatile (
	1676	"STMFD SP!, {R3-R5,LR}\n"
	1677	"MOV R4, R0\n"
	1678	"MVN R0, #0\n"
	1679	"STR R0, [SP,#0x10-0x10]\n"
	1680	"MOV R0, SP\n"
	1681	"BL sub_FF86BAEC\n" // _GetTimeOfSystem\n"
	1682	"CMP R0, #0\n"
	1683	"BNE loc_FFC55EC8\n"
	1684	"CMP R4, #0\n"
	1685	"LDRNE R0, [SP,#0x10-0x10]\n"
	1686	"STRNE R0, [R4]\n"
	1687
	1688	"loc_FFC55EC8:\n"
	1689	"LDR R0, [SP,#0x10-0x10]\n"
	1690	"LDMFD SP!, {R3-R5,PC}\n"
	1691	);
[647]	1692	return 0; // shut up the compiler
[586]	1693	}
	1694
[647]	1695	/*
[586]	1696
	1697
	1698
	1699	void CreateTask_blinker() {
	1700	_CreateTask("Blinker", 0x1, 0x200, task_blinker, 0);
	1701	};
	1702
	1703
	1704	void __attribute__((naked,noinline)) task_blinker() {
	1705	int ledstate;
	1706
	1707	int counter = 0;
	1708
	1709	long led = (void) 0xC022006C; // AF led
	1710
	1711	long *anypointer; // multi-purpose pointer to poke around in memory
	1712	long v1, v2, v3, v4; // multi-purpose vars
	1713
	1714	ledstate = 0; // init: led off
	1715	*led = 0x46; // led on
	1716
	1717	while (1) {
	1718	counter++;
	1719
	1720	if (ledstate == 1) { // toggle LED
	1721	ledstate = 0;
	1722	*led = 0x44; // LED off
	1723	//core_test(1);
	1724	} else {
	1725	ledstate = 1;
	1726	*led = 0x46; // LED on
	1727	//core_test(0);
	1728	}
	1729
	1730	if (counter == 2) {
	1731	//dump_chdk();
	1732	// gui_init();
	1733	//_ExecuteEventProcedure("UIFS_WriteFirmInfoToFile");
	1734	//_UIFS_WriteFirmInfoToFile(0);
	1735	}
	1736
	1737	if (counter == 10) {
	1738	// draw_txt_string(2, 2, "test");
	1739	}
	1740
	1741	msleep(500);
	1742	}
	1743	};
	1744
	1745
	1746	//extern long _Fopen_Fut(const char filename, const char mode);
	1747	//extern void _Fclose_Fut(long file);
	1748	//extern long _Fwrite_Fut(const void *buf, long elsize, long count, long f);
	1749	//extern long Fread_Fut(void *buf, long elsize, long count, long f);
	1750	//extern long Fseek_Fut(long file, long offset, long whence);
	1751	//extern long _qDump(char* filename, long unused, long write_p2, long write_p3);
[647]	1752
[586]	1753	void dump_chdk() { //#fs
	1754	int fd;
	1755	long dirnum;
	1756
	1757	volatile long led = (void) 0xC0220094; // yellow led
	1758	volatile long led_blue = (void) 0xC022006c; // yellow led
	1759
	1760	*led = 0x46; //on
	1761
	1762	// _qDump("A/qdump", 0, (void*) 0x01900, 0xb0000);
	1763	//_qDump("A/firmdump", 0, (void*) 0xFFC00000, 0x00400000);
	1764	//_qDump("A/firmlower", 0, (void*) 0xff800000, 0x00400000); // identical to 0xfc000000
	1765
	1766	//started();
	1767
	1768	//dirnum = get_target_dir_num();
	1769	//sprintf(fn, FN_RAWDIR, dirnum);
	1770	//mkdir(fn);
	1771
	1772	//sprintf(fn, FN_RAWDIR "/" "DMP_%04d.JPG", dirnum, ++ramdump_num);
	1773
	1774	*led_blue = 0x46; //on
	1775	*led_blue = 0x44; //off
	1776	msleep(500);
	1777	*led_blue = 0x46; //on
	1778	fd = _Fopen_Fut("A/dump", "w");
	1779	*led_blue = 0x44; //off
	1780	if (fd >= 0) {
	1781	*led_blue = 0x46; //on
	1782	write(fd, (void*)0, 0x1900);
	1783	*led_blue = 0x44; //off
	1784	//write(fd, (void)0x1900, 321024*1024-0x1900);
	1785	//_Fwrite_Fut((void*)0x9D000, 0x20000, 0x20000, fd);
	1786	*led_blue = 0x46; //on
	1787	_Fclose_Fut(fd);
	1788	*led_blue = 0x44; //off
	1789	}
	1790	*led = 0x44; //off
	1791	//finished();
	1792	} //#fe
	1793
[647]	1794	*/
[586]	1795
	1796	//*********************************************
	1797

Note: See TracBrowser for help on using the repository browser.

Download in other formats: