Context Navigation

boot.c @ 837

Revision 837, 64.7 KB checked in by reyalp, 4 years ago (diff)
add extra long exposure for G9. 100g is tested, others are not.
Property svn:eol-style set to `native`

Line
1	#include "lolevel.h"
2	#include "platform.h"
3	#include "core.h"
4	#include "stdlib.h"
5
6	//extern void draw_txt_string(int col, int row, const char *str, color cl);
7
8	const char * const new_sa = &_end;
9
10	/* Ours stuff */
11	extern long wrs_kernel_bss_start;
12	extern long wrs_kernel_bss_end;
13
14	// Forward declarations
15	void CreateTask_PhySw();
16	void CreateTask_spytask();
17
18	void taskCreateHook(int *p) {
19	p-=16;
20	// TODO can save some memory by hooking other tasks this way
21	// if (p[0]==0x) p[0]=(int)capt_seq_task;
22	// if (p[0]==0x) p[0]=(int)movie_record_task;
23	// if (p[0]==0x) p[0]=(int)init_file_modules_task;
24	if (p[0]==0xFF8B8B90) p[0]=(int)exp_drv_task;
25	}
26
27	void taskCreateHook2(int *p) {
28	p-=16;
29	// if (p[0]==0x) p[0]=(int)init_file_modules_task;
30	if (p[0]==0xFF8B8B90) p[0]=(int)exp_drv_task;
31	}
32
33	/*
34	void CreateTask_blinker();
35	void task_blinker();
36	void dump_chdk();
37
38
39	void boot();
40
41
42	#define DPs (void*)0xC022006C // direct-print (blue)
43	#define LED_AF (void*)0xC0220094 //LED_AF
44	#define LED_ISO (void*)0xC02200B0 //LED_ISO
45	#define LED_PWR (void*)0xC0220068 //LED_PWR
46	#define LED_BLUE (void*)0xC022006C //LED_BLUE
47	#define DELAYs 3000000
48
49	void debug_my_blink_green()
50	{
51	volatile long p = (void)LED_AF; // turned off later, so assumed to be power
52	int counter;
53
54	// DEBUG: blink led
55	counter = DELAYs; *p = 0x46;
56	while (counter--) { asm("nop\n nop\n"); };
57	counter = DELAYs; *p = 0x44;
58	while (counter--) { asm("nop\n nop\n"); };
59	}
60
61	void debug_my_pause()
62	{
63	int counter;
64
65	// DEBUG: blink led
66	counter = DELAYs;
67	while (counter--) { asm("nop\n nop\n"); };
68	counter = DELAYs;
69	while (counter--) { asm("nop\n nop\n"); };
70	}
71
72	void debug_my_blink_blue()
73	{
74	volatile long p = (void)LED_BLUE; // turned off later, so assumed to be power
75	int counter;
76
77	// DEBUG: blink led
78	counter = DELAYs; *p = 0x46;
79	while (counter--) { asm("nop\n nop\n"); };
80	counter = DELAYs; *p = 0x44;
81	while (counter--) { asm("nop\n nop\n"); };
82	}
83
84
85
86
87	#define DP (void*)0xC0220068 // led_pwr DEBUG
88
89	#define DEBUG_LED 0xC022006C //ok //used iso blue, was 0xc02200C4 +++
90
91
92	#define DELAY 5000000 // DEBUG
93
94	*/
95
96	void boot() { //#fs
97
98
99	long canon_data_src = (void)0xFFB2E384; // OK //canon_data_src!!! @FF810130
100	long canon_data_dst = (void)0x1900; // OK //MEMBASEADDR @FF810134
101	long canon_data_len = 0x140E4- 0x1900; // data_end - data_start
102	long canon_bss_start = (void)0x140e4; // just after data // OK //@FF810138
103	long canon_bss_len = 0xb0b68 - 0x140e4; // MEMISOSTART -
104
105	long i;
106
107
108	// Code taken from VxWorks CHDK. turns caches on
109	asm volatile (
110	"MRC p15, 0, R0,c1,c0\n"
111	"ORR R0, R0, #0x1000\n"
112	"ORR R0, R0, #4\n"
113	"ORR R0, R0, #1\n"
114	"MCR p15, 0, R0,c1,c0\n"
115	:::"r0");
116
117	for(i=0;i<canon_data_len/4;i++)
118	canon_data_dst[i]=canon_data_src[i];
119
120	for(i=0;i<canon_bss_len/4;i++)
121	canon_bss_start[i]=0;
122
123	(int)(0x261C+8)= ((int)0xC02200C0)&1 ? 1 : 2; // replacement of sub_FF822E10
124
125	/*
126	asm volatile (
127	"MRC p15, 0, R0,c1,c0\n"
128	"ORR R0, R0, #0x1000\n"
129	"BIC R0, R0, #4\n"
130	"ORR R0, R0, #1\n"
131	"MCR p15, 0, R0,c1,c0\n"
132	:::"r0");
133	*/
134
135	(int)0x1930=(int)taskCreateHook;
136	(int)0x1934=(int)taskCreateHook2;
137
138	// jump to init-sequence that follows the data-copy-routine
139
140
141	asm volatile ("B sub_FF8101a4_my\n");
142	//asm volatile ("B sub_FF8101a4\n");
143
144	}; //#fe
145
146
147	// init //OK
148	void __attribute__((naked,noinline)) sub_FF8101a4_my() { //#fs OK
149
150
151	asm volatile (
152	"LDR R0, =0xFF81021C\n"
153	"MOV R1, #0\n"
154	"LDR R3, =0xFF810254\n"
155	"loc_FF8101B0:\n"
156	"CMP R0, R3\n"
157	"LDRCC R2, [R0],#4\n"
158	"STRCC R2, [R1],#4\n"
159	"BCC loc_FF8101B0\n"
160	"LDR R0, =0xFF810254\n"
161	"MOV R1, #0x4B0\n"
162	"LDR R3, =0xFF810468\n"
163	"loc_FF8101CC:\n"
164	"CMP R0, R3\n"
165	"LDRCC R2, [R0],#4\n"
166	"STRCC R2, [R1],#4\n"
167	"BCC loc_FF8101CC\n"
168	"MOV R0, #0xD2\n"
169	"MSR CPSR_cxsf, R0\n"
170	"MOV SP, #0x1000\n"
171	"MOV R0, #0xD3\n"
172	"MSR CPSR_cxsf, R0\n"
173	"MOV SP, #0x1000\n"
174	"LDR R0, =0x6C4\n"
175	"LDR R2, =0xEEEEEEEE\n"
176	"MOV R3, #0x1000\n"
177	"loc_FF810200:\n"
178	"CMP R0, R3\n"
179	"STRCC R2, [R0],#4\n"
180	"BCC loc_FF810200\n"
181	"BL sub_FF810FB8_my\n"
182	);
183
184	}; //#fe
185
186
187	//OK
188	void __attribute__((naked,noinline)) sub_FF810FB8_my() { //#fs OK h_usrKernelInit
189
190
191	asm volatile (
192	"STR LR, [SP,#-4]!\n"
193	"SUB SP, SP, #0x74\n"
194	"MOV R0, SP\n"
195	"MOV R1, #0x74\n"
196	"BL sub_FFABD388\n"
197	"MOV R0, #0x53000\n"
198	"STR R0, [SP,#0x74-0x70]\n"
199
200	);
201	//"LDR R0, =0xB0B68"
202	asm volatile (
203	"LDR R0, =new_sa\n"
204	"LDR R0, [R0]\n"
205	);
206	asm volatile (
207	"LDR R2, =0x2ABC00\n"
208	"LDR R1, =0x2A4968\n"
209	"STR R0, [SP,#0x74-0x6C]\n"
210	"SUB R0, R1, R0\n"
211	"ADD R3, SP, #0x74-0x68\n"
212	"STR R2, [SP,#0x74-0x74]\n"
213	"STMIA R3, {R0-R2}\n"
214	"MOV R0, #0x22\n"
215	"STR R0, [SP,#0x74-0x5C]\n"
216	"MOV R0, #0x68\n"
217	"STR R0, [SP,#0x74-0x58]\n"
218	"LDR R0, =0x19B\n"
219	"MOV R1, #0x64\n"
220	//"STRD R0, [SP,#0x74-0x54]\n" // "strd not supported by cpu" claims gcc
221	"STR R0, [SP,#0x74-0x54]\n" // split in two single-word STRs
222	"STR R1, [SP,#0x74-0x50]\n"
223	"MOV R0, #0x78\n"
224	//"STRD R0, [SP,#0x74-0x4C]\n" // "strd not supported by cpu" claims gcc
225	"STR R0, [SP,#0x74-0x4C]\n" // split in two single-word STRs
226	"STR R1, [SP,#0x74-0x48]\n"
227	"MOV R0, #0\n"
228	"STR R0, [SP,#0x74-0x44]\n"
229	"STR R0, [SP,#0x74-0x40]\n"
230	"MOV R0, #0x10\n"
231	"STR R0, [SP,#0x74-0x18]\n"
232	"MOV R0, #0x800\n"
233	"STR R0, [SP,#0x74-0x14]\n"
234	"MOV R0, #0xA0\n"
235	"STR R0, [SP,#0x74-0x10]\n"
236	"MOV R0, #0x280\n"
237	"STR R0, [SP,#0x74-0xC]\n"
238	//"LDR R1, =0xFF814DBC\n"
239	"LDR R1, =uHwSetup_my\n" //<---------------------------------------chdk
240	"MOV R0, SP\n"
241	"MOV R2, #0\n"
242	"BL sub_FF812D70\n"
243	"ADD SP, SP, #0x74\n"
244	"LDR PC, [SP],#4\n"
245	);
246
247	}; //#fe
248
249
250	//OK
251	void __attribute__((naked,noinline)) uHwSetup_my() { //#fs FF814DBC
252
253	asm volatile (
254	//debug ok
255
256	"STMFD SP!, {R4,LR}\n"
257	"BL sub_FF81095C\n"
258	"BL sub_FF819948\n"
259	"CMP R0, #0\n"
260	"LDRLT R0, =0xFF814ED0\n"
261	"BLLT sub_FF814EB0\n"
262	"BL sub_FF8149E0\n" // _termDriverInit
263	"CMP R0, #0\n"
264	"LDRLT R0, =0xFF814ED8\n" // aTermdriverinit
265	"BLLT sub_FF814EB0\n"
266	"LDR R0, =0xFF814EE8\n" // a_term
267
268	"BL sub_FF814ACC\n" // _termDeviceCreate
269	"CMP R0, #0\n"
270	"LDRLT R0, =0xFF814EF0\n" // aTermdevicecrea
271	"BLLT sub_FF814EB0\n"
272	"LDR R0, =0xFF814EE8\n" // a_term
273	"BL sub_FF81357C\n" // _stdioSetup
274	"CMP R0, #0\n"
275	"LDRLT R0, =0xFF814F04\n" // aStdiosetup
276	"BLLT sub_FF814EB0\n"
277	"BL sub_FF8194D0\n" // _stdlibSetup
278	"CMP R0, #0\n"
279	"LDRLT R0, =0xFF814F10\n" // aStdlibsetup
280	"BLLT sub_FF814EB0\n"
281	"BL sub_FF8114D0\n" // _armlib_setup
282	"CMP R0, #0\n"
283	"LDRLT R0, =0xFF814F1C\n" // aArmlib_setup
284	"BLLT sub_FF814EB0\n" // _err_init_task
285	"LDMFD SP!, {R4,LR}\n"
286	"B CreateTask_Startup_my\n" //<---------------------------------------chdk
287
288	);
289	}; //#fe
290
291
292	//OK
293	void __attribute__((naked,noinline)) CreateTask_Startup_my() { //#fs FF81DC0C
294
295	asm volatile (
296	"STMFD SP!, {R3,LR}\n"
297	//"BL nullsub_3\n"
298	"BL sub_FF82C8FC\n"
299	"CMP R0, #0\n"
300	"BNE loc_FF81DC4C\n"
301	"BL sub_FF824568\n"
302	"CMP R0, #0\n"
303	"LDREQ R2, =0xC0220000\n"
304	"LDREQ R0, [R2,#0xC0]\n"
305	"LDREQ R1, [R2,#0xC4]\n"
306	"ORREQ R0, R0, R1\n"
307	"TSTEQ R0, #1\n"
308	"BNE loc_FF81DC4C\n"
309	"MOV R0, #0x44\n"
310	"STR R0, [R2,#0x4C]\n"
311	"loc_FF81DC48:\n"
312	"B loc_FF81DC48\n"
313	"loc_FF81DC4C:\n"
314	// "BL sub_FF822E10\n" // removed, see boot() function
315	//"BL nullsub_4\n"
316	"BL sub_FF82A488\n"
317	"MOV R1, #0x300000\n"
318	"MOV R0, #0\n"
319	"BL sub_FF82A6D0\n"
320	"BL sub_FF82A67C\n"
321	"MOV R3, #0\n"
322	"STR R3, [SP,#8-0x08]\n"
323	"LDR R3, =task_Startup_my\n" // originally FF81DBB0 <---------------------------------------chdk
324	"MOV R2, #0\n"
325	"MOV R1, #0x19\n"
326	"LDR R0, =0xFF81DC90\n" //"Startup"
327	"BL sub_FF81BAF0\n"
328	"MOV R0, #0\n"
329	"LDMFD SP!, {R12,PC}\n"
330	);
331
332	//OK
333	}; //#fe
334
335
336
337
338
339	//OK
340	void __attribute__((naked,noinline)) task_Startup_my() { //#fs originally FF81DBB0
341
342	asm volatile (
343	"STMFD SP!, {R4,LR}\n"
344	"BL sub_FF81517C\n"
345	"BL sub_FF823FA0\n"
346	"BL sub_FF820E60\n"
347	//"BL j_nullsub_177\n"
348	"BL sub_FF82CADC\n"
349	//"BL sub_FF82C9C4\n" // skip diskboot
350	);
351	CreateTask_spytask(); // <------------
352	asm volatile (
353	"BL sub_FF82CCA4\n"
354	"BL sub_FF82CB2C\n"
355	"BL sub_FF8299CC\n"
356	"BL sub_FF82CCA8\n"
357	);
358	CreateTask_PhySw(); //<---------------
359	asm volatile (
360	//"BL sub_FF822DA8\n" // (taskcreate_PhySw)
361	//"BL sub_FF82629C\n"
362	"BL sub_FF82629C_my\n" // divert to intercept task_ShootSeqTask------------------------------>
363	"BL sub_FF82CCC0\n"
364	//"BL nullsub_2\n"
365	"BL sub_FF822130\n"
366	"BL sub_FF82C6A8\n" // taskcreate_Bye\n"
367	"BL sub_FF8228D4\n"
368	"BL sub_FF82203C\n" // taskcreate_TempCheck\n"
369	//"BL sub_FF82D720\n"
370	"BL sub_FF82D720_my\n" // divert for SDHC-bootdisk-support<---------------------------------
371	"BL sub_FF821FF8\n"
372	"LDMFD SP!, {R4,LR}\n"
373	"B sub_FF815088\n"
374	);
375
376	}; //#fe
377
378
379	void CreateTask_spytask() { //#fs
380	_CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
381
382	}; //#fe
383
384	void CreateTask_PhySw() { //#fs
385	_CreateTask("PhySw", 0x18, 0x800, mykbd_task, 0);
386	asm volatile (
387	"BL sub_FF84962C\n" //taskcreate_JogDial
388	);
389	}; //#fe
390
391
392	//OK
393	void __attribute__((naked,noinline)) sub_FF82629C_my() { //#fs
394
395	asm volatile (
396	"STMFD SP!, {R4,LR}\n"
397	"LDR R4, =0x1D38\n"
398	"MOV R0, #0\n"
399	"MOV R1, #4\n"
400	"STR R0, [R4,#0xC]\n"
401	"BL sub_FF81BE20\n"
402	"STR R0, [R4,#4]\n"
403	"MOV R0, #0\n"
404	"MOV R1, #1\n"
405	"BL sub_FF81BE44\n"
406	"STR R0, [R4,#8]\n"
407	"BL sub_FF864A14\n"
408	"BL sub_FF86383C\n"
409	"BL sub_FF8601A0_my\n" // divert this for ShootSeqTask <------------------
410	"BL sub_FF864CFC\n"
411	"LDR R0, [R4,#4]\n"
412	"LDMFD SP!, {R4,LR}\n"
413	"MOV R1, #0x1000\n"
414	"B sub_FF829D2C\n"
415	);
416	}; //#fe
417	//OK
418	void __attribute__((naked,noinline)) sub_FF8601A0_my() { //#fs
419
420	asm volatile (
421	"STMFD SP!, {R4,LR}\n"
422	"LDR R4, =0x57EC\n"
423	"LDR R0, [R4,#8]\n"
424	"CMP R0, #0\n"
425	"BNE loc_FF86020C\n"
426	//"BL nullsub_30\n"
427	"MOV R1, #1\n"
428	"MOV R0, #0\n"
429	"BL sub_FF81BE44\n"
430	"STR R0, [R4,#0x20]\n"
431	"MOV R0, #0\n"
432	"MOV R1, #0\n"
433	"BL sub_FF81BE20\n"
434	"STR R0,[R4,#0x24]\n"
435	"BL sub_FF860584\n"
436	"BL sub_FF860370\n"
437	"MOV R0, #0\n"
438	"STR R0, [R4,#0x1C]\n"
439	"ADD R0, R4, #0x28\n"
440	"MOV R1, #0\n"
441	"STR R1, [R0],#4\n"
442	"STR R1, [R0]\n"
443	"BL sub_FF86089C\n"
444	"BL sub_FF864EA8\n"
445	"BL sub_FF8631AC\n"
446	"BL sub_FF8614E8_my\n" // continue here for task_CaptSeqTask <----------------------------
447
448	"BL sub_FF862CA8\n"
449	"loc_FF86020C:\n"
450	"MOV R0, #1\n"
451	"STR R0, [R4,#8]\n"
452	"LDMFD SP!, {R4,PC}\n"
453	);
454	}; //#fe
455
456	//OK ****
457	void __attribute__((naked,noinline)) sub_FF8614E8_my() { //#fs
458	asm volatile (
459	"STMFD SP!, {R3-R5,LR}\n"
460	"LDR R2, =0x1E3C0\n"
461	"MOV R0, #0\n"
462	"MOV R1, #0\n"
463	"loc_FF8614F8:\n"
464	"ADD R3, R2, R0,LSL#4\n"
465	"ADD R0, R0, #1\n"
466	"CMP R0, #5\n"
467	"STR R1, [R3,#8]\n"
468	"BCC loc_FF8614F8\n"
469	"LDR R0, =0x1E410\n"
470	"STR R1, [R0,#8]\n"
471	"ADD R0, R0, #0x10\n"
472	"STR R1, [R0,#8]\n"
473	"BL sub_FF942928\n"
474	"BL sub_FF944F7C\n"
475	"MOV R1, #5\n"
476	"MOV R0, #0\n"
477	"BL sub_FF81BDFC\n"
478	"LDR R4, =0x583C\n"
479	"LDR R1, =0x1001FF\n"
480	"STR R0, [R4,#0x14]\n"
481	"MOV R0, #0\n"
482	"BL sub_FF81BE20\n"
483	"STR R0, [R4,#0x10]\n"
484	"MOV R3, #0\n"
485	// "STR R3, [SP,#0x10+var_10]\n"
486	"STR R3, [SP]\n"
487	// "LDR R3, =0xFF861210\n"
488	"LDR R3, =task_CaptSeqTask_my\n" // task_CaptSeqTask <-------------------------
489	"LDR R0, =0xFF861710\n" // aCaptseqtask ; "CaptSeqTask"
490	"MOV R2, #0x1000\n"
491	"MOV R1, #0x17\n"
492	"BL sub_FF81BDC8\n"
493	"LDMFD SP!, {R3-R5,PC}\n"
494	".ltorg\n"
495	);
496	}; //#fe
497
498
499
500	// -----------------
501	// SDHC-Boot-Support
502	// -----------------
503	// Required subs:
504	// Startup -> FFC1C6C4 -> FFC1C294 -> FFC5E6C0 -> uAC_Boot -> CreateTask_InitFileModules -> task_InitFileModules -> FFC5A4E8 -> FFC3F0CC -> FFC3EF08 -> FFC3EDA0
505	// \->FFC5F474 -> FFC5F410 ->/\|
506	// -> StartFactoryModeController =>\|\|
507	//
508	// uAC_Boot: FFC5E06C
509	// CreateTask_InitFileModules: FFC5F7A4
510	// task_InitFileModules: FFC5F754
511
512	//OK
513	void __attribute__((naked,noinline)) sub_FF82D720_my() { //#fs
514	asm volatile (
515	"STMFD SP!, {R4,LR}\n"
516	"BL sub_FF873F90\n"
517	"BL sub_FF824504\n" // IsFactoryMode"
518	"CMP R0, #1\n"
519	"BNE loc_FF82D740\n"
520	"BL sub_FF8773E0\n"
521	"LDMFD SP!, {R4,LR}\n"
522	"B sub_FF82457C\n" // StartFactoryModeController"
523	"loc_FF82D740:\n"
524	"BL sub_FF876264\n"
525	"LDR R4, =0x1E50\n"
526	"LDR R0, [R4,#4]\n"
527	"CMP R0, #0\n"
528	"LDMNEFD SP!, {R4,PC}\n"
529	"MOV R1, #0\n"
530	//"LDR R0, =0xFF82D250\n"
531	"LDR R0, =sub_FF82D250_my\n" // continue here for SDHC-boot-support <------------------
532	"BL sub_FF8709DC\n"
533	"STR R0, [R4,#4]\n"
534	"LDMFD SP!, {R4,PC}\n"
535	);
536	}; //#fe
537
538	//OK
539	void __attribute__((naked,noinline)) sub_FF82D250_my() { //#fs
540	asm volatile (
541
542	"STMFD SP!, {R3-R11,LR}\n"
543	"LDR R6, =0x1E50\n"
544	"MOV R5, R1\n"
545	"LDR R0, [R6,#0x14]\n"
546	"MOV R4, R3\n"
547	"CMP R0, #1\n"
548	"BNE loc_FF82D274\n"
549	"BL sub_FF87486C\n"
550	"B loc_FF82D65C\n"
551	"loc_FF82D274:\n"
552	"LDR R12, =0x1162\n"
553	"LDR R10, =0x1005\n"
554	"CMP R5, R12\n"
555	"MOV R7, #0\n"
556	"MOV R8, #1\n"
557	"BEQ loc_FF82D67C\n"
558	"BGT loc_FF82D3C8\n"
559	"LDR R12, =0x1062\n"
560	"CMP R5, R12\n"
561	"BEQ loc_FF82D718\n"
562	"BGT loc_FF82D33C\n"
563	"CMP R5, R10\n"
564	"BEQ loc_FF82D6A8\n"
565	"BGT loc_FF82D314\n"
566	"LDR R9, =0x9A3\n"
567	"CMP R5, R9\n"
568	"BEQ loc_FF82D63C\n"
569	"BGT loc_FF82D2F0\n"
570	"SUB R12, R5, #0x800\n"
571	"SUBS R12, R12, #3\n"
572	"BEQ loc_FF82D4D8\n"
573	"SUB R12, R5, #0x800\n"
574	"SUBS R12, R12, #0x158\n"
575	"BNE loc_FF82D66C\n"
576	"TST R4, #0x80000000\n"
577	"MOVNE R0, #1\n"
578	"BNE locret_FF82D534\n"
579	"BL sub_FF87DA3C\n"
580	"CMP R0, #0\n"
581	"BLEQ sub_FF829828\n"
582	"B loc_FF82D65C\n"
583	"loc_FF82D2F0:\n"
584	"SUB R12, R5, #0x900\n"
585	"SUBS R12, R12, #0xA5\n"
586	"BEQ loc_FF82D63C\n"
587	"SUB R12, R5, #0x1000\n"
588	"SUBS R12, R12, #3\n"
589	"BNE loc_FF82D66C\n"
590	"BL sub_FF82D1B4\n"
591	"MOV R1, R4\n"
592	"B loc_FF82D674\n"
593	"loc_FF82D314:\n"
594	"SUB R12, R5, #0x1000\n"
595	"SUBS R12, R12, #0x56\n"
596	"SUBNE R12, R5, #0x1000\n"
597	"SUBNES R12, R12, #0x5B\n"
598	"SUBNE R12, R5, #0x1000\n"
599	"SUBNES R12, R12, #0x5E\n"
600	"SUBNE R12, R5, #0x1000\n"
601	"SUBNES R12, R12, #0x61\n"
602	"BNE loc_FF82D66C\n"
603	"B loc_FF82D718\n"
604	"loc_FF82D33C:\n"
605	"LDR R12, =0x10AD\n"
606	"CMP R5, R12\n"
607	"BEQ loc_FF82D698\n"
608	"BGT loc_FF82D38C\n"
609	"SUB R12, R5, #0x1000\n"
610	"SUBS R12, R12, #0x63\n"
611	"SUBNE R12, R5, #0x1000\n"
612	"SUBNES R12, R12, #0x65\n"
613	"BEQ loc_FF82D718\n"
614	"SUB R12, R5, #0x1000\n"
615	"LDR R0, =0x10A3\n"
616	"SUBS R12, R12, #0xA9\n"
617	"BEQ loc_FF82D68C\n"
618	"SUB R12, R5, #0x1000\n"
619	"SUBS R12, R12, #0xAA\n"
620	"BNE loc_FF82D66C\n"
621	"BL sub_FF872EB8\n"
622	"CMP R0, #0\n"
623	"BEQ loc_FF82D6A4\n"
624	"B loc_FF82D65C\n"
625	"loc_FF82D38C:\n"
626	"SUB R12, R5, #0x1000\n"
627	"SUBS R12, R12, #0xAE\n"
628	"BEQ loc_FF82D6A4\n"
629	"SUB R12, R5, #0x1000\n"
630	"SUBS R12, R12, #0xAF\n"
631	"BEQ loc_FF82D698\n"
632	"SUB R12, R5, #0x1000\n"
633	"SUBS R12, R12, #0xB0\n"
634	"BEQ loc_FF82D6A4\n"
635	"SUB R12, R5, #0x1000\n"
636	"SUBS R12, R12, #0xB2\n"
637	"BNE loc_FF82D66C\n"
638	"LDR R0, =0x1008\n"
639	"MOV R1, R4\n"
640	"B loc_FF82D674\n"
641	"loc_FF82D3C8:\n"
642	"LDR R11, =0x201B\n"
643	"LDR R0, =0x1E50\n"
644	"CMP R5, R11\n"
645	"LDR R2, [R0,#0x10]!\n"
646	"LDR R1, [R0,#0x10]\n"
647	"SUB R9, R11, #0x17\n"
648	"BEQ loc_FF82D610\n"
649	"BGT loc_FF82D460\n"
650	"LDR R11, =0x116A\n"
651	"CMP R5, R11\n"
652	"BEQ loc_FF82D5FC\n"
653	"BGT loc_FF82D424\n"
654	"SUB R0, R5, #0x1100\n"
655	"SUB R0, R0, #0x63\n"
656	"CMP R0, #5\n"
657	"ADDLS PC, PC, R0,LSL#2\n"
658	"B loc_FF82D66C\n"
659	"loc_FF82D40C:\n"
660	"B loc_FF82D634\n"
661	"loc_FF82D410:\n"
662	"B loc_FF82D628\n"
663	"loc_FF82D414:\n"
664	"B loc_FF82D620\n"
665	"loc_FF82D418:\n"
666	"B loc_FF82D66C\n"
667	"loc_FF82D41C:\n"
668	"B loc_FF82D5BC\n"
669	"loc_FF82D420:\n"
670	"B loc_FF82D5BC\n"
671	"loc_FF82D424:\n"
672	"SUB R12, R5, #0x2000\n"
673	"SUBS R12, R12, #2\n"
674	"BEQ loc_FF82D6E4\n"
675	"CMP R5, R9\n"
676	"MOV R0, R9\n"
677	"BEQ loc_FF82D6F0\n"
678	"SUB R12, R5, #0x2000\n"
679	"SUBS R12, R12, #5\n"
680	"BEQ loc_FF82D6E4\n"
681	"SUB R12, R5, #0x2000\n"
682	"SUBS R12, R12, #0x19\n"
683	"BNE loc_FF82D66C\n"
684	"CMP R1, #0\n"
685	"BNE loc_FF82D6D0\n"
686	"B loc_FF82D65C\n"
687	"loc_FF82D460:\n"
688	"LDR R12, =0x3110\n"
689	"CMP R5, R12\n"
690	"BEQ loc_FF82D6A8\n"
691	"BGT loc_FF82D4A8\n"
692	"SUB R12, R5, #0x2000\n"
693	"SUBS R12, R12, #0x1D\n"
694	"BEQ loc_FF82D6E4\n"
695	"LDR R0, =0x2027\n"
696	"CMP R5, R0\n"
697	"BEQ loc_FF82D6B0\n"
698	"SUB R12, R5, #0x3000\n"
699	"SUBS R12, R12, #6\n"
700	"BEQ loc_FF82D6A8\n"
701	"SUB R12, R5, #0x3000\n"
702	"SUBS R12, R12, #0x10\n"
703	"BNE loc_FF82D66C\n"
704	"BL sub_FF893354\n"
705	"B loc_FF82D65C\n"
706	"loc_FF82D4A8:\n"
707	"SUB R12, R5, #0x3100\n"
708	"SUBS R12, R12, #0x11\n"
709	"BEQ loc_FF82D6A8\n"
710	"CMP R5, #0x3140\n"
711	"BEQ loc_FF82D70C\n"
712	"SUB R12, R5, #0x3200\n"
713	"SUBS R12, R12, #1\n"
714	"BEQ loc_FF82D66C\n"
715	"SUB R12, R5, #0x3200\n"
716	"SUBS R12, R12, #2\n"
717	"BNE loc_FF82D66C\n"
718	"B loc_FF82D6A8\n"
719	"loc_FF82D4D8:\n"
720	"MOV R4, #1\n"
721	"MOV R0, #2\n"
722	"BL sub_FF874024\n"
723	"CMP R0, #1\n"
724	"MOVEQ R4, #2\n"
725	"MOV R0, R4\n"
726	"BL sub_FF8224B0\n"
727	"CMP R0, #0\n"
728	"STRNE R8, [R6,#0x14]\n"
729	"BNE loc_FF82D530\n"
730	"BL sub_FF879F0C\n"
731	"BL sub_FF877D84\n"
732	"BL sub_FF8789D8\n"
733	"BL sub_FF877670\n"
734	"BL sub_FF878F88\n"
735	"CMP R0, #0\n"
736	"BEQ loc_FF82D59C\n"
737	"BL sub_FF82CF20\n"
738	"BL sub_FF878EEC\n"
739	"MOV R1, R0\n"
740	"LDR R0, =0x1167\n"
741	"BL sub_FF8711D8\n"
742	"loc_FF82D530:\n"
743	"MOV R0, R7\n"
744
745	"locret_FF82D534:\n"
746	"LDMFD SP!, {R3-R11,PC}\n"
747	"loc_FF82D59C:\n"
748	"BL sub_FF8268E8\n"
749	"CMP R0, #1\n"
750	"LDRNE R0, =0x310B\n"
751	"LDREQ R0, =0x310C\n"
752	"MOV R1, #0\n"
753	"BL sub_FF8711D8\n"
754	"BL sub_FF8770A8_my\n" // Continue here (possibility 1) for SDHC-boot //<------------------------------------------
755	"B loc_FF82D530\n"
756	"loc_FF82D5BC:\n"
757	"STR R8, [R6,#0x10]\n"
758	"LDR R6, =0x4508\n"
759	"LDR R4, =0x1168\n"
760	"CMP R1, #0\n"
761	"BEQ loc_FF82D5E4\n"
762	"BL sub_FF8748A0\n"
763	"B loc_FF82D5F0\n"
764	"loc_FF82D5D8:\n"
765	"MOV R0, R6\n"
766	"BL sub_FF85E5B0\n"
767	"B loc_FF82D65C\n"
768
769	"loc_FF82D5E4:\n"
770	"BL sub_FF8781CC\n"
771	"BL sub_FF877F94\n"
772	"BL sub_FF826590\n"
773	"loc_FF82D5F0:\n"
774	"CMP R5, R4\n"
775	"BEQ loc_FF82D5D8\n"
776	"B loc_FF82D65C\n"
777	"loc_FF82D5FC:\n"
778	"MOV R0, #1\n"
779	"BL sub_FF8749CC\n"
780	"MOV R1, R11\n"
781	"MOV R0, R10\n"
782	"B loc_FF82D674\n"
783	"loc_FF82D610:\n"
784	"CMP R2, #1\n"
785	"BNE loc_FF82D6A8\n"
786	"BL sub_FF8748A0\n"
787	"B loc_FF82D65C\n"
788	"loc_FF82D620:\n"
789	"MOV R0, #2\n"
790	"B loc_FF82D62C\n"
791	"loc_FF82D628:\n"
792	"MOV R0, #1\n"
793	"loc_FF82D62C:\n"
794	"BL sub_FF82DC30\n"
795	"B loc_FF82D65C\n"
796	"loc_FF82D634:\n"
797	"MOV R0, #0\n"
798	"B loc_FF82D62C\n"
799	"loc_FF82D63C:\n"
800	"LDR R0, [R6,#0xC]\n"
801	"SUB R12, R0, #0x8000\n"
802	"SUBS R12, R12, #2\n"
803	"BEQ loc_FF82D65C\n"
804	"LDR R0, =0x10A5\n"
805	"BL sub_FF872EB8\n" // eventproc_export_IsControlEventActive
806
807	"CMP R0, #0\n"
808	"BEQ loc_FF82D664\n"
809	"loc_FF82D65C:\n"
810	"MOV R0, #0\n"
811	"LDMFD SP!, {R3-R11,PC}\n"
812	"loc_FF82D664:\n"
813	"CMP R5, R9\n"
814	"STREQ R8, [R6,#0x30]\n"
815
816	"loc_FF82D66C:\n"
817	"MOV R1, #0\n"
818	"loc_FF82D670:\n"
819	"MOV R0, R5\n"
820
821	"loc_FF82D674:\n"
822	"BL sub_FF875F98_My\n" // Continue here (possibility 2) for SDHC-boot //<-----------------------------
823
824	"LDMFD SP!, {R3-R11,PC}\n"
825	"loc_FF82D67C:\n"
826	"BL sub_FF87C4A0\n"
827	"CMP R0, #0\n"
828	"BLNE sub_FF87B1FC\n"
829	"B loc_FF82D6A8\n"
830	"loc_FF82D68C:\n"
831	"BL sub_FF872EB8\n" //eventproc_export_IsControlEventActive
832	"CMP R0, #0\n"
833	"BNE loc_FF82D65C\n"
834
835	"loc_FF82D698:\n"
836	"MOV R0, R5\n"
837	"BL sub_FF82D040\n"
838	"LDMFD SP!, {R3-R11,PC}\n"
839	"loc_FF82D6A4:\n"
840	"BL sub_FF82DC00\n"
841	"loc_FF82D6A8:\n"
842	"MOV R1, R4\n"
843	"B loc_FF82D670\n"
844	"loc_FF82D6B0:\n"
845	"MOV R1, #0\n"
846	"BL sub_FF875F98_My\n" //Continue here (possibility 2) for SDHC-boot // <--------------------------------
847	"MOV R1, #0\n"
848	"MOV R0, R11\n"
849	"BL sub_FF875F98_My\n" // Continue here (possibility 2) for SDHC-boot // <----------------------------------
850	"MOV R1, #0\n"
851	"MOV R0, R9\n"
852	"B loc_FF82D6DC\n"
853	"loc_FF82D6D0:\n"
854	"CMP R2, #0\n"
855	"BNE loc_FF82D65C\n"
856	"loc_FF82D6D8:\n"
857	"MOV R1, #0\n"
858	"loc_FF82D6DC:\n"
859	"BL sub_FF875F98_My\n" //Continue here (possibility 2) for SDHC-boot // <------------------------------------
860	"B loc_FF82D65C\n"
861	"loc_FF82D6E4:\n"
862	"STR R7, [R6,#0x20]\n"
863	"BL sub_FF82D900\n"
864	"B loc_FF82D6A8\n"
865	"loc_FF82D6F0:\n"
866	"STR R7, [R6,#0x20]\n"
867	"BL sub_FF82D900\n"
868	"LDR R0, [R6,#0x10]\n"
869	"CMP R0, #1\n"
870	"BNE loc_FF82D6A8\n"
871	"BL sub_FF8748E4\n"
872	"B loc_FF82D65C\n"
873	"loc_FF82D70C:\n"
874	"CMP R1, #0\n"
875	"BLEQ sub_FF82D900\n"
876	"B loc_FF82D65C\n"
877	"loc_FF82D718:\n"
878	"LDR R0, =0xFFFFFFFF\n" // was MOVL tryed MVN provare pure LDR
879	"B loc_FF82D6D8\n"
880	);
881	}; //#fe
882
883
884	// Continue here (possibility 1) for SDHC-boot //OK
885	void __attribute__((naked,noinline)) sub_FF8770A8_my() { //#fs
886	asm volatile (
887	"STMFD SP!, {R4,LR}\n"
888	"BL sub_FF82D8CC\n"
889	"MOV R4, R0\n"
890	"BL sub_FF8771C4\n"
891	"MOV R0, R4\n"
892	"BL sub_FF876F5C\n"
893	"BL sub_FF82D8CC\n"
894	"MOV R4, R0\n"
895	"LDR R0, =0x60D8\n"
896	"LDR R0, [R0]\n"
897	"TST R0, #1\n"
898	"BEQ loc_FF8770E4\n"
899	"loc_FF8770D8:\n"
900	"MOV R1, R4\n"
901	"MOV R0, #2\n"
902	"B loc_FF87714C\n"
903	"loc_FF8770E4:\n"
904	"TST R0, #0x2000\n"
905	"BEQ loc_FF877100\n"
906	"TST R0, #0x200\n"
907	"LDREQ R1, =0x4004\n"
908	"LDRNE R1, =0x8002\n"
909	"MOV R0, #3\n"
910	"B loc_FF87714C\n"
911	"loc_FF877100:\n"
912	"TST R0, #0x10\n"
913	"BNE loc_FF8770D8\n"
914	"TST R0, #0x40\n"
915	"BEQ loc_FF87711C\n"
916	"loc_FF877110:\n"
917	"MOV R1, R4\n"
918	"MOV R0, #1\n"
919	"B loc_FF87714C\n"
920	"loc_FF87711C:\n"
921	"TST R0, #0x20\n"
922	"BEQ loc_FF877138\n"
923	"TST R0, #0x4000\n"
924	"BNE loc_FF877138\n"
925	"loc_FF87712C:\n"
926	"MOV R1, R4\n"
927	"MOV R0, #0\n"
928	"B loc_FF87714C\n"
929	"loc_FF877138:\n"
930	"LDR R1, =0x102\n"
931	"BICS R1, R1, R0\n"
932	"BNE loc_FF877154\n"
933	"MOV R1, R4\n"
934	"MOV R0, #6\n"
935	"loc_FF87714C:\n"
936	"LDMFD SP!, {R4,LR}\n"
937	"B sub_FF876EF8_my\n" // cont. for SDHC-boot <------------------------------------
938	"loc_FF877154:\n"
939	"TST R0, #0x100\n"
940	"BNE loc_FF8770D8\n"
941	"TST R0, #0x4000\n"
942	"TSTEQ R0, #0x400\n"
943	"BNE loc_FF877110\n"
944	"TST R0, #0x200\n"
945	"TSTEQ R0, #2\n"
946	"BNE loc_FF87712C\n"
947	"TST R0, #0x40000\n"
948	"BEQ loc_FF8770D8\n"
949	"TST R0, #0x200000\n"
950	"MOVEQ R1, R4\n"
951	"MOVEQ R0, #1\n"
952	"BLEQ sub_FF876EF8_my\n" // cont. for SDHC-boot <------------------------------------
953	"B loc_FF8770D8\n"
954	);
955	}; //#fe
956	//OK
957	void __attribute__((naked,noinline)) sub_FF876EF8_my() { //#fs
958	asm volatile (
959	"STMFD SP!, {R4-R6,LR}\n"
960	"MOVS R4, R0\n"
961	"MOV R0, #1\n"
962	"MOV R5, R1\n"
963	"BNE loc_FF876F38\n"
964	"MOV R1, #0\n"
965	"MOV R0, #0\n"
966	"BL sub_FF873FB4\n"
967	"BL sub_FF82D8CC\n"
968	"SUB R12, R0, #0x1000\n"
969	"SUBS R12, R12, #0x5B\n"
970	"BNE loc_FF876F30\n"
971	"loc_FF876F28:\n"
972	"BL sub_FF876E4C\n"
973	"B loc_FF876F40\n"
974	"loc_FF876F30:\n"
975	"BL sub_FF876E8C\n"
976	"B loc_FF876F40\n"
977	"loc_FF876F38:\n"
978	"CMP R4, #5\n"
979	"BEQ loc_FF876F28\n"
980	"loc_FF876F40:\n"
981	"CMP R0, #0\n"
982	"LDREQ R5, =0x1162\n"
983	"MOVEQ R4, #2\n"
984	"MOV R0, R4\n"
985	"MOV R1, R5\n"
986	"LDMFD SP!, {R4-R6,LR}\n"
987	"B sub_FF875F98_My\n" // Continue here (possibility 2) for SDHC-boot <-------------------------
988	);
989	}; //#fe
990
991
992	//NEW OK
993	void __attribute__((naked,noinline)) sub_FF875F98_My() { //#fs
994	asm volatile (
995	"STMFD SP!, {R4-R8,LR}\n"
996	"MOV R8, R1\n"
997	"MOV R4, R0\n"
998	"BL sub_FF878F88\n"
999	"CMP R0, #0\n"
1000	"BNE loc_FF87625C\n"
1001	"MOV R1, R8\n"
1002	"MOV R0, R4\n"
1003	"BL sub_FF874B90\n"
1004	"LDR R5, =0x6008\n"
1005	"MOV R7, #1\n"
1006	"LDR R0, [R5,#0x10]\n"
1007	"MOV R6, #0\n"
1008	"CMP R0, #0x16\n"
1009	"ADDLS PC, PC, R0,LSL#2\n"
1010	"B loc_FF87625C\n"
1011	"loc_FF875FD8:\n"
1012	"B loc_FF876034\n"
1013	"loc_FF875FDC:\n"
1014	"B loc_FF87605C\n"
1015	"loc_FF875FE0:\n"
1016	"B loc_FF8760A0\n"
1017	"loc_FF875FE4:\n"
1018	"B loc_FF87611C\n"
1019	"loc_FF875FE8:\n"
1020	"B loc_FF87612C\n"
1021	"loc_FF875FEC:\n"
1022	"B loc_FF87625C\n"
1023	"loc_FF875FF0:\n"
1024	"B loc_FF8761A8\n"
1025	"loc_FF875FF4:\n"
1026	"B loc_FF8761B8\n"
1027	"loc_FF875FF8:\n"
1028	"B loc_FF876044\n"
1029	"loc_FF875FFC:\n"
1030	"B loc_FF876050\n"
1031	"loc_FF876000:\n"
1032	"B loc_FF8761B8\n"
1033	"loc_FF876004:\n"
1034	"B loc_FF876094\n"
1035	"loc_FF876008:\n"
1036	"B loc_FF87625C\n"
1037	"loc_FF87600C:\n"
1038	"B loc_FF87625C\n"
1039	"loc_FF876010:\n"
1040	"B loc_FF8760AC\n"
1041	"loc_FF876014:\n"
1042	"B loc_FF8760B8\n"
1043	"loc_FF876018:\n"
1044	"B loc_FF8760F0\n"
1045	"loc_FF87601C:\n"
1046	"B loc_FF876068\n"
1047	"loc_FF876020:\n"
1048	"B loc_FF876244\n"
1049	"loc_FF876024:\n"
1050	"B loc_FF8761C4\n"
1051	"loc_FF876028:\n"
1052	"B loc_FF8761F4\n"
1053	"loc_FF87602C:\n"
1054	"B loc_FF8761F4\n"
1055	"loc_FF876030:\n"
1056	"B loc_FF876138\n"
1057	"loc_FF876034:\n"
1058	"MOV R1, R8\n"
1059	"MOV R0, R4\n"
1060	"LDMFD SP!, {R4-R8,LR}\n"
1061	"B sub_FF875648_my\n" // uAC_Boot // divert for <-------------------------
1062	"loc_FF876044:\n"
1063	"MOV R0, R4\n"
1064	"LDMFD SP!, {R4-R8,LR}\n"
1065	"B sub_FF8769B0\n"
1066	"loc_FF876050:\n"
1067	"MOV R0, R4\n"
1068	"LDMFD SP!, {R4-R8,LR}\n"
1069	"B sub_FF875B14\n"
1070	"loc_FF87605C:\n"
1071	"MOV R0, R4\n"
1072	"LDMFD SP!, {R4-R8,LR}\n"
1073	"B sub_FF87522C\n"
1074	"loc_FF876068:\n"
1075	"SUB R12, R4, #0x1000\n"
1076	"SUBS R12, R12, #0xA5\n"
1077	"STREQ R7, [R5,#0x88]\n"
1078	"BEQ loc_FF876254\n"
1079	"SUB R12, R4, #0x3000\n"
1080	"SUBS R12, R12, #6\n"
1081	"BNE loc_FF87625C\n"
1082	"MOV R0, #0\n"
1083	"BL sub_FF82CDA8\n"
1084	"BL sub_FF876890\n" // uAC_InitPB
1085	"B loc_FF876254\n"
1086	"loc_FF876094:\n"
1087	"MOV R0, R4\n"
1088	"LDMFD SP!, {R4-R8,LR}\n"
1089	"B sub_FF8768C8\n"
1090	"loc_FF8760A0:\n"
1091	"MOV R0, R4\n"
1092	"LDMFD SP!, {R4-R8,LR}\n"
1093	"B sub_FF875404\n"
1094	"loc_FF8760AC:\n"
1095	"MOV R0, R4\n"
1096	"LDMFD SP!, {R4-R8,LR}\n"
1097	"B sub_FF875CC0\n"
1098	"loc_FF8760B8:\n"
1099	"SUB R12, R4, #0x3200\n"
1100	"SUBS R12, R12, #2\n"
1101	"BNE loc_FF87625C\n"
1102	"MOV R0, #3\n"
1103	"BL sub_FF874A74\n" // uCameraConState
1104	"MOV R0, #8\n"
1105	"BL sub_FF82CD04\n"
1106	"MOV R1, #0\n"
1107	"MOV R0, #0x19\n"
1108	"BL sub_FF83EEE0\n"
1109	"BL sub_FF8781CC\n"
1110	"BL sub_FF878018\n"
1111	"BL sub_FF8776E0\n"
1112	"B loc_FF876254\n"
1113	"loc_FF8760F0:\n"
1114	"SUB R12, R4, #0x3300\n"
1115	"SUBS R12, R12, #1\n"
1116	"BNE loc_FF87625C\n"
1117	"LDR R0, =0x4010\n"
1118	"STR R6, [R5,#0x80]\n"
1119	"BL sub_FF82CD04\n"
1120	"BL sub_FF9A90CC\n"
1121	"BL sub_FF8776E0\n"
1122	"MOV R0, #4\n"
1123	"BL sub_FF874A74\n" // uCameraConState
1124	"B loc_FF876254\n"
1125	"loc_FF87611C:\n"
1126	"MOV R1, R8\n"
1127	"MOV R0, R4\n"
1128	"LDMFD SP!, {R4-R8,LR}\n"
1129	"B sub_FF875E1C\n"
1130	"loc_FF87612C:\n"
1131	"MOV R0, R4\n"
1132	"LDMFD SP!, {R4-R8,LR}\n"
1133	"B sub_FF876AF8\n"
1134	"loc_FF876138:\n"
1135	"LDR R8, =0x1182\n"
1136	"CMP R4, R8\n"
1137	"STREQ R7, [R5,#0xB8]\n"
1138	"BEQ loc_FF876254\n"
1139	"SUB R12, R4, #0x1000\n"
1140	"SUBS R12, R12, #0x1AC\n"
1141	"BEQ loc_FF876190\n"
1142	"SUB R12, R4, #0x3000\n"
1143	"SUBS R12, R12, #0x224\n"
1144	"BNE loc_FF87625C\n"
1145	"MOV R0, #8\n"
1146	"BL sub_FF82CD04\n"
1147	"MOV R0, #3\n"
1148	"BL sub_FF874A74\n" // uCameraConState
1149	"STR R6, [R5,#0xBC]\n"
1150	"LDR R0, [R5,#0xB8]\n"
1151	"CMP R0, #0\n"
1152	"MOVNE R1, #0\n"
1153	"MOVNE R0, R8\n"
1154	"STRNE R6, [R5,#0xB8]\n"
1155	"BLNE sub_FF875E1C\n"
1156	"B loc_FF876254\n"
1157	"loc_FF876190:\n"
1158	"LDR R0, [R5,#0xBC]\n"
1159	"CMP R0, #0\n"
1160	"BNE loc_FF876254\n"
1161	"BL sub_FF9A71E4\n"
1162	"STR R7, [R5,#0xBC]\n"
1163	"B loc_FF876254\n"
1164	"loc_FF8761A8:\n"
1165	"MOV R1, R8\n"
1166	"MOV R0, R4\n"
1167	"LDMFD SP!, {R4-R8,LR}\n"
1168	"B sub_FF876BD8\n"
1169	"loc_FF8761B8:\n"
1170	"MOV R0, R4\n"
1171	"LDMFD SP!, {R4-R8,LR}\n"
1172	//"B sub_FF875A0C\n"
1173	"B sub_FF875A0C_my\n" //----------> movies_rec.c
1174	"loc_FF8761C4:\n"
1175	"LDR R12, =0x10B0\n"
1176	"CMP R4, R12\n"
1177	"BEQ loc_FF8761F0\n"
1178	"BGT loc_FF8761FC\n"
1179	"CMP R4, #4\n"
1180	"BEQ loc_FF876224\n"
1181	"SUB R12, R4, #0x1000\n"
1182	"SUBS R12, R12, #0xAA\n"
1183	"SUBNE R12, R4, #0x1000\n"
1184	"SUBNES R12, R12, #0xAE\n"
1185	"BNE loc_FF87625C\n"
1186	"loc_FF8761F0:\n"
1187	"BL sub_FF874770\n"
1188	"loc_FF8761F4:\n"
1189	"MOV R0, R6\n"
1190	"LDMFD SP!, {R4-R8,PC}\n"
1191	"loc_FF8761FC: \n"
1192	"SUB R12, R4, #0x2000\n"
1193	"SUBS R12, R12, #4\n"
1194	"BEQ loc_FF87623C\n"
1195	"SUB R12, R4, #0x5000\n"
1196	"SUBS R12, R12, #1\n"
1197	"SUBNE R12, R4, #0x5000\n"
1198	"SUBNES R12, R12, #6\n"
1199	"BNE loc_FF87625C\n"
1200	"BL sub_FF8751CC\n"
1201	"B loc_FF876254\n"
1202	"loc_FF876224:\n"
1203	"LDR R0, [R5,#0x2C]\n"
1204	"CMP R0, #0\n"
1205	"BNE loc_FF87623C\n"
1206	"BL sub_FF87643C\n"
1207	"BL sub_FF826548\n"
1208	"B loc_FF876254\n"
1209	"loc_FF87623C:\n"
1210	"BL sub_FF8747AC\n"
1211	"B loc_FF876254\n"
1212	"loc_FF876244:\n"
1213	"SUB R12, R4, #0x3000\n"
1214	"SUBS R12, R12, #0x130\n"
1215	"BNE loc_FF87625C\n"
1216	"BL sub_FF87486C\n"
1217	"loc_FF876254:\n"
1218	"MOV R0, #0\n"
1219	"LDMFD SP!, {R4-R8,PC}\n"
1220	"loc_FF87625C:\n"
1221	"MOV R0, #1\n"
1222	"LDMFD SP!, {R4-R8,PC}\n"
1223	);
1224	}; //#fe
1225
1226
1227	//OK
1228	void __attribute__((naked,noinline)) sub_FF875648_my() { //#fs uAC_Boot
1229	asm volatile (
1230	"STMFD SP!, {R4-R8,LR}\n"
1231	"LDR R7, =0x8002\n"
1232	"LDR R4, =0x6008\n"
1233	"CMP R0, #3\n"
1234	"MOV R6, R1\n"
1235	"MOV R5, #1\n"
1236	"BEQ loc_FF8757BC\n"
1237	"BGT loc_FF875684\n"
1238	"CMP R0, #0\n"
1239	"BEQ loc_FF8756C8\n"
1240	"CMP R0, #1\n"
1241	"BEQ loc_FF87574C\n"
1242	"CMP R0, #2\n"
1243	"BNE loc_FF875844\n"
1244	"B loc_FF87569C\n"
1245	"loc_FF875684:\n"
1246	"CMP R0, #6\n"
1247	"STREQ R5, [R4,#0x28]\n"
1248	"BEQ loc_FF8757B4\n"
1249	"SUB R12, R0, #0x2000\n"
1250	"SUBS R12, R12, #4\n"
1251	"BNE loc_FF875844\n"
1252
1253	"loc_FF87569C:\n"
1254	"SUB R12, R6, #0x1100\n"
1255	"SUBS R12, R12, #0x62\n"
1256	"BNE loc_FF8756B8\n"
1257	"MOV R1, R7\n"
1258	"MOV R0, #0\n"
1259	"BL sub_FF878AB0\n"
1260	"STR R5, [R4,#0x60]\n"
1261
1262	"loc_FF8756B8:\n"
1263	"BL sub_FF8781CC\n"
1264	"BL sub_FF878018\n"
1265	"BL sub_FF875130\n"
1266	"B loc_FF87583C\n"
1267	"loc_FF8756C8:\n"
1268	"MOV R0, #7\n"
1269	"BL sub_FF874A74\n"
1270	"MOV R0, R7\n"
1271	"BL sub_FF82CD04\n"
1272	"BL sub_FF877310\n" // taskcreate_CommonDrivers
1273	"BL sub_FF877E68\n"
1274	"MOV R1, R7\n"
1275	"MOV R0, #0\n"
1276	"BL sub_FF878AB0\n"
1277	"LDR R1, =0xFF87587C\n"
1278	"MOV R0, #0x20\n"
1279	"STR R6, [R4,#0x18]\n"
1280	"BL sub_FF86DA00\n"
1281	"LDR R1, =0xFF875888\n"
1282	"MOV R0, #0x20\n"
1283	"BL sub_FF86DA00\n"
1284	"STR R5, [R4,#0x28]\n"
1285	"BL sub_FF82CE8C\n"
1286	"BL sub_FF82CDD0\n"
1287	"LDR R0, [R4,#0x1C]\n"
1288	"LDR R1, [R4,#0x20]\n"
1289	"ORRS R0, R0, R1\n"
1290	"BLNE sub_FF876418\n"
1291	"LDR R0, [R4,#0x68]\n"
1292	"CMP R0, #0\n"
1293	"BNE loc_FF875738\n"
1294	"BL sub_FF82CEFC\n" // taskcreate_StartupImage
1295	"B loc_FF875740\n"
1296	"loc_FF875738:\n"
1297	"BL sub_FF8262FC\n"
1298	"BL sub_FF82D864\n"
1299
1300	"loc_FF875740:\n"
1301	"BL sub_FF8772D4_my\n" // taskcreate_InitFileModules<----------------------
1302	"BL sub_FF87734C\n"
1303	"B loc_FF87583C\n"
1304	"loc_FF87574C:\n"
1305	"MOV R0, #8\n"
1306	"BL sub_FF874A74\n"
1307	"BL sub_FF877310\n"
1308	"BL sub_FF877E68\n"
1309	"LDR R5, =0x4004\n"
1310	"MOV R0, #0\n"
1311	"MOV R1, R5\n"
1312	"BL sub_FF878AB0\n"
1313	"LDR R1, =0xFF875898\n"
1314	"MOV R0, #0x20\n"
1315	"BL sub_FF86DA00\n"
1316
1317	"BL sub_FF8772D4_my\n" // taskcreate_InitFileModules ----------------------------->
1318
1319	"BL sub_FF8773E0\n"
1320	"BL sub_FF82D828\n"
1321	"MOV R0, R5\n"
1322	"BL sub_FF82CD04\n"
1323	"LDR R0, [R4,#0x68]\n"
1324	"CMP R0, #0\n"
1325	"BNE loc_FF8757A0\n"
1326	"BL sub_FF82CEFC\n" // taskcreate_StartupImage
1327	"B loc_FF8757A4\n"
1328	"loc_FF8757A0:\n"
1329	"BL sub_FF8262FC\n"
1330
1331	"loc_FF8757A4:\n"
1332	"BL sub_FF87737C\n"
1333	"LDR R0, [R4,#0x30]\n"
1334	"CMP R0, #0\n"
1335	"BEQ loc_FF87583C\n"
1336
1337	"loc_FF8757B4:\n"
1338	"BL sub_FF876460\n"
1339	"B loc_FF87583C\n"
1340	"loc_FF8757BC:\n"
1341	"MOV R1, R6\n"
1342	"MOV R0, #0\n"
1343	"BL sub_FF878AB0\n"
1344	"LDR R1, =0xFF8758A4\n"
1345	"MOV R0, #0x20\n"
1346	"BL sub_FF86DA00\n"
1347	"STR R5, [R4,#0x68]\n"
1348	"BL sub_FF8773E0\n"
1349	"BL sub_FF82D828\n"
1350	"BL sub_FF8763F4\n"
1351	"BL sub_FF82D8C0\n"
1352	"CMP R0, #0\n"
1353	"LDRNE R0, =0x804B\n"
1354	"MOVNE R1, #0\n"
1355	"BLNE sub_FF873C90\n" // eventproc_export_PTM_SetCurrentItem
1356	"BL sub_FF8788CC\n"
1357	"MOV R0, #0x80\n"
1358	"BL sub_FF82CD04\n"
1359	"BL sub_FF878310\n"
1360	"BL sub_FF895AD0\n" // eventproc_export_StartGUISystem
1361	"BL sub_FF957B60\n"
1362	"BL sub_FF9ABF4C\n"
1363	"BL sub_FF877B4C\n"
1364	"BL sub_FF878204\n"
1365	"MOV R0, #9\n"
1366	"BL sub_FF874A74\n"
1367	"LDR R0, =0x300E\n"
1368	"MOV R1, R6\n"
1369	"BL sub_FF8711D8\n"
1370	"MOV R1, #0\n"
1371	"MOV R0, #1\n"
1372	"BL sub_FF878AB0\n"
1373
1374	"loc_FF87583C:\n"
1375	"MOV R0, #0\n"
1376	"LDMFD SP!, {R4-R8,PC}\n"
1377	"loc_FF875844:\n"
1378	"MOV R0, #1\n"
1379	"LDMFD SP!, {R4-R8,PC}\n"
1380	);
1381	}; //#fe
1382
1383	//OK
1384	void __attribute__((naked,noinline)) sub_FF8772D4_my() { //#fs CreateTask_InitFileModules
1385	asm volatile (
1386	"LDR R0, =0x60E4\n"
1387	"STMFD SP!, {R3,LR}\n"
1388	"LDR R1, [R0,#4]\n"
1389	"CMP R1, #0\n"
1390	"BNE locret_FF87730C\n"
1391	"MOV R1, #1\n"
1392	"STR R1, [R0,#4]\n"
1393	"MOV R3, #0\n"
1394	"STR R3, [SP]\n"
1395
1396	"LDR R3, =task_InitFileModules_my\n" // continue for SDHC-boot (orig: FFC5F754)-g9 = FF877284 "LDR R3, =task_InitFileModules_my\n"
1397
1398	"MOV R1, #0x19\n"
1399	"LDR R0, =0xFF877438\n" // aInitfilemodule
1400	"MOV R2, #0x1000\n"
1401	"BL sub_FF81BAF0\n" // CreateTask
1402	"locret_FF87730C:\n"
1403	"LDMFD SP!, {R12,PC}\n"
1404	);
1405	}; //#fe
1406
1407	//OK
1408	void __attribute__((naked,noinline)) task_InitFileModules_my() { //#fs task_InitFileModules_my
1409	asm volatile (
1410	"STMFD SP!, {R4-R6,LR}\n"
1411	"BL sub_FF86FFF8\n"
1412	"LDR R5, =0x5006\n"
1413	"MOVS R4, R0\n"
1414	"MOVNE R1, #0\n"
1415	"MOVNE R0, R5\n"
1416	"BLNE sub_FF8711D8\n"
1417	"BL sub_FF870024_my\n" // continue to SDHC-hook here! was FFC5A4E8
1418
1419	"BL core_spytask_can_start\n" // CHDK: Set "it's-save-to-start"-Flag for spytask
1420
1421	"CMP R4, #0\n"
1422	"MOVEQ R0, R5\n"
1423	"LDMEQFD SP!, {R4-R6,LR}\n"
1424	"MOVEQ R1, #0\n"
1425	"BEQ sub_FF8711D8\n"
1426	"LDMFD SP!, {R4-R6,PC}\n"
1427	);
1428	}; //#fe
1429
1430	//OK
1431	void __attribute__((naked,noinline)) sub_FF870024_my() { //#fs
1432
1433	asm volatile (
1434	"STMFD SP!, {R4,LR}\n"
1435
1436	"BL sub_FF85235C_my\n" // continue to SDHC-hook here! was FFC3F0CC --------------------------------------->
1437
1438	"LDR R4, =0x5AC4\n"
1439	"LDR R0, [R4,#4]\n"
1440	"CMP R0, #0\n"
1441	"BNE loc_FF870054\n"
1442	"BL sub_FF87FD60\n"
1443	"BL sub_FF90B938\n"
1444	"BL sub_FF87FD60\n"
1445	"BL sub_FF91848C\n"
1446	"BL sub_FF87FD70\n"
1447	"BL sub_FF90B9E0\n"
1448	"loc_FF870054:\n"
1449	"MOV R0, #1\n"
1450	"STR R0, [R4]\n"
1451	"LDMFD SP!, {R4,PC}\n"
1452	);
1453	}; //#fe
1454	//OK
1455	void __attribute__((naked,noinline)) sub_FF85235C_my() { //#fs
1456
1457	asm volatile (
1458	"STMFD SP!, {R4-R6,LR}\n"
1459	"MOV R6, #0\n"
1460	"MOV R0, R6\n"
1461	"BL sub_FF851F2C\n"
1462	"LDR R4, =0x168D0\n"
1463	"MOV R5, #0\n"
1464	"LDR R0, [R4,#0x38]\n"
1465	"BL sub_FF8528F4\n"
1466	"CMP R0, #0\n"
1467	"LDREQ R0, =0x2D34\n"
1468	"STREQ R5, [R0,#0xC]\n"
1469	"STREQ R5, [R0,#0x10]\n"
1470	"STREQ R5, [R0,#0x14]\n"
1471	"MOV R0, R6\n"
1472	"BL sub_FF851F6C\n" // uMounter (u=unknown, just to prevent misunderstandings)
1473	"MOV R0, R6\n"
1474
1475	"BL sub_FF852198_my\n" // continue to SDHC-hook here! <---------------------
1476
1477	"MOV R5, R0\n"
1478	"MOV R0, R6\n"
1479	"BL sub_FF852204\n"
1480	"LDR R1, [R4,#0x3C]\n"
1481	"AND R2, R5, R0\n"
1482	"CMP R1, #0\n"
1483	"MOV R0, #0\n"
1484	"MOVEQ R0, #0x80000001\n"
1485	"BEQ loc_FF8523F0\n"
1486	"LDR R3, [R4,#0x2C]\n"
1487	"CMP R3, #2\n"
1488	"MOVEQ R0, #4\n"
1489	"CMP R1, #5\n"
1490	"ORRNE R0, R0, #1\n"
1491	"BICEQ R0, R0, #1\n"
1492	"CMP R2, #0\n"
1493	"BICEQ R0, R0, #2\n"
1494	"ORREQ R0, R0, #0x80000000\n"
1495	"BICNE R0, R0, #0x80000000\n"
1496	"ORRNE R0, R0, #2\n"
1497	"loc_FF8523F0:\n"
1498	"STR R0, [R4,#0x40]\n"
1499	"LDMFD SP!, {R4-R6,PC}\n"
1500	);
1501	}; //#fe
1502	//OK
1503	void __attribute__((naked,noinline)) sub_FF852198_my() { //#fs
1504	asm volatile (
1505	"STMFD SP!, {R4-R6,LR}\n"
1506	"LDR R5, =0x2D34\n"
1507	"MOV R6, R0\n"
1508	"LDR R0, [R5,#0x10]\n"
1509	"CMP R0, #0\n"
1510	"MOVNE R0, #1\n"
1511	"LDMNEFD SP!, {R4-R6,PC}\n"
1512	"MOV R0, #0x17\n"
1513	"MUL R1, R0, R6\n"
1514	"LDR R0, =0x168D0\n"
1515	"ADD R4, R0, R1,LSL#2\n"
1516	"LDR R0, [R4,#0x38]\n"
1517	"MOV R1, R6\n"
1518
1519	"BL sub_FF852030_my\n" // continue to SDHC-hook here! --------------------------------------------------->
1520
1521	"CMP R0, #0\n"
1522	"LDMEQFD SP!, {R4-R6,PC}\n"
1523	"LDR R0, [R4,#0x38]\n"
1524	"MOV R1, R6\n"
1525	"BL sub_FF852A0C\n"
1526	"CMP R0, #0\n"
1527	"LDMEQFD SP!, {R4-R6,PC}\n"
1528	"MOV R0, R6\n"
1529	"BL sub_FF851B4C\n"
1530	"CMP R0, #0\n"
1531	"MOVNE R1, #1\n"
1532	"STRNE R1, [R5,#0x10]\n"
1533	"LDMFD SP!, {R4-R6,PC}\n"
1534	);
1535	}; //#fe
1536
1537	//OK
1538	void __attribute__((naked,noinline)) sub_FF852030_my() { //#fs ; Partition table parse takes place here. => SDHC-boot
1539	asm volatile (
1540
1541	"STMFD SP!, {R4-R8,LR} \n"
1542	"MOV R8, R0\n"
1543	"MOV R0, #0x17\n"
1544	"MUL R1, R0, R1\n"
1545	"LDR R0, =0x168D0\n"
1546	"MOV R6, #0\n"
1547	"ADD R7, R0, R1,LSL#2\n"
1548	"LDR R0, [R7,#0x3C]\n"
1549	"MOV R5, #0\n"
1550	"CMP R0, #6\n"
1551	"ADDLS PC, PC, R0,LSL#2\n"
1552	"B loc_FF85217C\n"
1553	"loc_FF852060:\n"
1554	"B loc_FF852094\n"
1555	"loc_FF852064:\n"
1556	"B loc_FF85207C\n"
1557	"loc_FF852068:\n"
1558	"B loc_FF85207C\n"
1559	"loc_FF85206C:\n"
1560	"B loc_FF85207C\n"
1561	"loc_FF852070:\n"
1562	"B loc_FF85207C\n"
1563	"loc_FF852074:\n"
1564	"B loc_FF852174\n"
1565	"loc_FF852078:\n"
1566	"B loc_FF85207C\n"
1567	"loc_FF85207C:\n"
1568	"MOV R2, #0\n"
1569	"MOV R1, #0x200\n"
1570	"MOV R0, #3\n"
1571	"BL sub_FF86C4D0\n"
1572	"MOVS R4, R0\n"
1573	"BNE loc_FF85209C\n"
1574	"loc_FF852094:\n"
1575	"MOV R0, #0\n"
1576	"LDMFD SP!, {R4-R8,PC}\n"
1577	"loc_FF85209C:\n"
1578	"LDR R12, [R7,#0x4C]\n"
1579	"MOV R3, R4\n"
1580	"MOV R2, #1\n"
1581	"MOV R1, #0\n"
1582	"MOV R0, R8\n"
1583
1584	//"BLX R12\n" // !! Workaround !! attenzione
1585	//".long 0xE12FFF3C\n"
1586	"MOV LR, PC\n" // gcc won't compile "BLX R12" nor "BL R12".
1587	"MOV PC, R12\n" // workaround: make your own "BL" and hope we don't need the change to thumb-mode
1588
1589	"CMP R0, #1\n"
1590	"BNE loc_FF8520C8\n"
1591	"MOV R0, #3\n"
1592	"BL sub_FF86C610\n"
1593	"B loc_FF852094\n"
1594	"loc_FF8520C8:\n"
1595	"MOV R0, R8\n"
1596	"BL sub_FF929040\n" // Add FAT32 autodetect-code after this line\n"
1597
1598	"MOV R1, R4\n" // pointer to MBR in R1
1599	"BL mbr_read_dryos\n" // total sectors count in R0 before and after call
1600
1601
1602	// Start of DataGhost's FAT32 autodetection code
1603	// Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
1604	// According to the code below, we can use R1, R2, R3 and R12.
1605	// LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
1606	// that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
1607	"MOV R12, R4\n" // Copy the MBR start address so we have something to work with
1608	"MOV LR, R4\n" // Save old offset for MBR signature
1609	"MOV R1, #1\n" // Note the current partition number
1610	"B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
1611	"dg_sd_fat32:\n"
1612	"CMP R1, #4\n" // Did we already see the 4th partition?
1613	"BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
1614	"ADD R12, R12, #0x10\n" // Second partition
1615	"ADD R1, R1, #1\n" // Second partition for the loop
1616	"dg_sd_fat32_enter:\n"
1617	"LDRB R2, [R12, #0x1BE]\n" // Partition status
1618	"LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
1619	"CMP R3, #0xB\n" // Is this a FAT32 partition?
1620	"CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
1621	"BNE dg_sd_fat32\n" // No, it isn't.
1622	"CMP R2, #0x00\n" // It is, check the validity of the partition type
1623	"CMPNE R2, #0x80\n"
1624	"BNE dg_sd_fat32\n" // Invalid, go to next partition
1625	// This partition is valid, it's the first one, bingo!
1626	"MOV R4, R12\n" // Move the new MBR offset for the partition detection.
1627
1628	"dg_sd_fat32_end:\n"
1629	// End of DataGhost's FAT32 autodetection code
1630	"LDRB R1, [R4,#0x1C9]\n" // Continue with firmware
1631	"LDRB R3, [R4,#0x1C8]\n"
1632	"LDRB R12, [R4,#0x1CC]\n"
1633	"MOV R1, R1,LSL#24\n"
1634	"ORR R1, R1, R3,LSL#16\n"
1635	"LDRB R3, [R4,#0x1C7]\n"
1636	"LDRB R2, [R4,#0x1BE]\n"
1637	//"LDRB LR, [R4,#0x1FF]\n" // replaced, see below
1638	"ORR R1, R1, R3,LSL#8\n"
1639	"LDRB R3, [R4,#0x1C6]\n"
1640	"CMP R2, #0\n"
1641	"CMPNE R2, #0x80\n"
1642	"ORR R1, R1, R3\n"
1643	"LDRB R3, [R4,#0x1CD]\n"
1644	"MOV R3, R3,LSL#24\n"
1645	"ORR R3, R3, R12,LSL#16\n"
1646	"LDRB R12, [R4,#0x1CB]\n"
1647	"ORR R3, R3, R12,LSL#8\n"
1648	"LDRB R12, [R4,#0x1CA]\n"
1649	"ORR R3, R3, R12\n"
1650	//"LDRB R12, [R4,#0x1FE]\n" // replaced, see below
1651
1652	"LDRB R12, [LR,#0x1FE]\n" // New! First MBR signature byte (0x55)
1653	"LDRB LR, [LR,#0x1FF]\n" // Last MBR signature byte (0xAA)
1654
1655	"MOV R4, #0\n"
1656	"BNE loc_FF852150\n"
1657	"CMP R0, R1\n"
1658	"BCC loc_FF852150\n"
1659	"ADD R2, R1, R3\n"
1660	"CMP R2, R0\n"
1661	"CMPLS R12, #0x55\n"
1662	"CMPEQ LR, #0xAA\n"
1663	"MOVEQ R6, R1\n"
1664	"MOVEQ R5, R3\n"
1665	"MOVEQ R4, #1\n"
1666	"loc_FF852150:\n"
1667	"MOV R0, #3\n"
1668	"BL sub_FF86C610\n"
1669	"CMP R4, #0\n"
1670	"BNE loc_FF852188\n"
1671	"MOV R6, #0\n"
1672	"MOV R0, R8\n"
1673	"BL sub_FF929040\n"
1674	"MOV R5, R0\n"
1675	"B loc_FF852188\n"
1676	"loc_FF852174:\n"
1677	"MOV R5, #0x40\n"
1678	"B loc_FF852188\n"
1679	"loc_FF85217C:\n"
1680	"LDR R1, =0x365\n"
1681	"LDR R0, =0XFF852024\n" //aMounter_c ; "Mounter.c"
1682	"BL sub_FF81BFC8\n" //DebugAssert
1683	"loc_FF852188:\n"
1684	"STR R6, [R7,#0x44]!\n"
1685	"MOV R0, #1\n"
1686	"STR R5, [R7,#4]\n"
1687	"LDMFD SP!, {R4-R8,PC}\n"
1688	);
1689	}; //#fe
1690
1691
1692	//*********************************************
1693
1694	// I could not manually find this function in the S5IS firmware, possibly signatures
1695	// might find it. Until that moment, I hooked it here (copied from another camera)
1696	unsigned long __attribute__((naked,noinline)) _time(unsigned long *timer) {
1697	asm volatile (
1698	"STMFD SP!, {R3-R5,LR}\n"
1699	"MOV R4, R0\n"
1700	"MVN R0, #0\n"
1701	"STR R0, [SP,#0x10-0x10]\n"
1702	"MOV R0, SP\n"
1703	"BL sub_FF86BAEC\n" // _GetTimeOfSystem\n"
1704	"CMP R0, #0\n"
1705	"BNE loc_FFC55EC8\n"
1706	"CMP R4, #0\n"
1707	"LDRNE R0, [SP,#0x10-0x10]\n"
1708	"STRNE R0, [R4]\n"
1709
1710	"loc_FFC55EC8:\n"
1711	"LDR R0, [SP,#0x10-0x10]\n"
1712	"LDMFD SP!, {R3-R5,PC}\n"
1713	);
1714	return 0; // shut up the compiler
1715	}
1716
1717	/*
1718
1719
1720
1721	void CreateTask_blinker() {
1722	_CreateTask("Blinker", 0x1, 0x200, task_blinker, 0);
1723	};
1724
1725
1726	void __attribute__((naked,noinline)) task_blinker() {
1727	int ledstate;
1728
1729	int counter = 0;
1730
1731	long led = (void) 0xC022006C; // AF led
1732
1733	long *anypointer; // multi-purpose pointer to poke around in memory
1734	long v1, v2, v3, v4; // multi-purpose vars
1735
1736	ledstate = 0; // init: led off
1737	*led = 0x46; // led on
1738
1739	while (1) {
1740	counter++;
1741
1742	if (ledstate == 1) { // toggle LED
1743	ledstate = 0;
1744	*led = 0x44; // LED off
1745	//core_test(1);
1746	} else {
1747	ledstate = 1;
1748	*led = 0x46; // LED on
1749	//core_test(0);
1750	}
1751
1752	if (counter == 2) {
1753	//dump_chdk();
1754	// gui_init();
1755	//_ExecuteEventProcedure("UIFS_WriteFirmInfoToFile");
1756	//_UIFS_WriteFirmInfoToFile(0);
1757	}
1758
1759	if (counter == 10) {
1760	// draw_txt_string(2, 2, "test");
1761	}
1762
1763	msleep(500);
1764	}
1765	};
1766
1767
1768	//extern long _Fopen_Fut(const char filename, const char mode);
1769	//extern void _Fclose_Fut(long file);
1770	//extern long _Fwrite_Fut(const void *buf, long elsize, long count, long f);
1771	//extern long Fread_Fut(void *buf, long elsize, long count, long f);
1772	//extern long Fseek_Fut(long file, long offset, long whence);
1773	//extern long _qDump(char* filename, long unused, long write_p2, long write_p3);
1774
1775	void dump_chdk() { //#fs
1776	int fd;
1777	long dirnum;
1778
1779	volatile long led = (void) 0xC0220094; // yellow led
1780	volatile long led_blue = (void) 0xC022006c; // yellow led
1781
1782	*led = 0x46; //on
1783
1784	// _qDump("A/qdump", 0, (void*) 0x01900, 0xb0000);
1785	//_qDump("A/firmdump", 0, (void*) 0xFFC00000, 0x00400000);
1786	//_qDump("A/firmlower", 0, (void*) 0xff800000, 0x00400000); // identical to 0xfc000000
1787
1788	//started();
1789
1790	//dirnum = get_target_dir_num();
1791	//sprintf(fn, FN_RAWDIR, dirnum);
1792	//mkdir(fn);
1793
1794	//sprintf(fn, FN_RAWDIR "/" "DMP_%04d.JPG", dirnum, ++ramdump_num);
1795
1796	*led_blue = 0x46; //on
1797	*led_blue = 0x44; //off
1798	msleep(500);
1799	*led_blue = 0x46; //on
1800	fd = _Fopen_Fut("A/dump", "w");
1801	*led_blue = 0x44; //off
1802	if (fd >= 0) {
1803	*led_blue = 0x46; //on
1804	write(fd, (void*)0, 0x1900);
1805	*led_blue = 0x44; //off
1806	//write(fd, (void)0x1900, 321024*1024-0x1900);
1807	//_Fwrite_Fut((void*)0x9D000, 0x20000, 0x20000, fd);
1808	*led_blue = 0x46; //on
1809	_Fclose_Fut(fd);
1810	*led_blue = 0x44; //off
1811	}
1812	*led = 0x44; //off
1813	//finished();
1814	} //#fe
1815
1816	*/
1817
1818	//*********************************************
1819

Note: See TracBrowser for help on using the repository browser.

chdk

Context Navigation

source: trunk/platform/g9/sub/100d/boot.c @ 837

Download in other formats: