Context Navigation

boot.c @ 1385

Revision 1385, 30.6 KB checked in by philmoz, 19 months ago (diff)

Update for DRYOS signature finder (finsig_dryos.c):

Fix camera name finder for R49 cameras
Add PLATFORMID and MAXRAMADDR values in camera info section

Also fix SVN properties for IXUS 1000 files & folders.

Property svn:eol-style set to native

Line
1	#include "lolevel.h"
2	#include "platform.h"
3	#include "core.h"
4	#include "dryos31.h"
5	//#include "stdlib.h"
6
7	//IXUS 1000 100F
8
9	#define LED_PR 0xC0220138 // -> ASM1989 08.24.2010 found at FF91E080 in sx200 was FF8E73D0
10	void __attribute__((naked,noinline)) blink()
11	{
12	volatile long p=(void)LED_PR;
13	int i;
14	int cnt =100;
15	for(;cnt>0;cnt--){
16	p[0]=0x46;
17
18	for(i=0;i<0x200000;i++){
19	asm ("nop\n");
20	asm ("nop\n");
21	}
22	p[0]=0x44;
23	for(i=0;i<0x200000;i++){
24	asm ("nop\n");
25	asm ("nop\n");
26	}
27	}
28	shutdown();
29	}
30
31	#define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
32
33	void JogDial_task_my(void);
34
35	const char * const new_sa = &_end;
36
37	void taskHook(context_t **context) {
38
39	task_t tcb=(task_t)((char*)context-offsetof(task_t, context));
40
41	if(!_strcmp(tcb->name, "PhySw")) tcb->entry = (void*)mykbd_task; //JHARP - Verified name - Sept 5, 2010
42	if(!_strcmp(tcb->name, "CaptSeqTask")) tcb->entry = (void*)capt_seq_task; //JHARP - Verified name - Sept 5, 2010
43	if(!_strcmp(tcb->name, "InitFileModules")) tcb->entry = (void*)init_file_modules_task; //JHARP - Verified name - Sept 5, 2010
44	if(!_strcmp(tcb->name, "MovieRecord")) tcb->entry = (void*)movie_record_task; //JHARP - Verified name - Sept 5, 2010
45	if(!_strcmp(tcb->name, "ExpDrvTask")) tcb->entry = (void*)exp_drv_task; //JHARP - Verified name - Sept 5, 2010
46	if(!_strcmp(tcb->name, "RotarySw")) tcb->entry = (void*)JogDial_task_my; //JHARP - Must verify the code in use - Sept 5, 2010
47
48	}
49
50	void CreateTask_spytask() {
51	_CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
52	};
53
54
55	void __attribute__((naked,noinline)) boot() {
56	asm volatile (
57	//"B sub_FF81000C\n" // work
58	"LDR R1, =0xC0410000\n"
59	"MOV R0, #0\n"
60	"STR R0, [R1]\n"
61	"MOV R1, #0x78\n"
62	"MCR p15, 0, R1,c1,c0\n" // control reg
63	"MOV R1, #0\n"
64	"MCR p15, 0, R1,c7,c10, 4\n" // drain write buffer
65	"MCR p15, 0, R1,c7,c5\n" // flush instruction cache
66	"MCR p15, 0, R1,c7,c6\n" // flush data cache
67	"MOV R0, #0x3D\n" // size 2GB base 0x00000000
68	"MCR p15, 0, R0,c6,c0\n"
69	"MOV R0, #0xC000002F\n" // size 16M base 0xc0000000
70	"MCR p15, 0, R0,c6,c1\n"
71	"MOV R0, #0x35\n" // size 128M base 0x00000000 (s90 is 64M)
72	"MCR p15, 0, R0,c6,c2\n"
73	"MOV R0, #0x40000035\n" // size 128M base 0x40000000 (s90 is 64M)
74	"MCR p15, 0, R0,c6,c3\n"
75	"MOV R0, #0x80000017\n" // size 4k base 0x80000000
76	"MCR p15, 0, R0,c6,c4\n"
77	"LDR R0, =0xFF80002D\n" // size 8M base 0xff800000
78	"MCR p15, 0, R0,c6,c5\n"
79	"MOV R0, #0x34\n"
80	"MCR p15, 0, R0,c2,c0\n"
81	"MOV R0, #0x34\n"
82	"MCR p15, 0, R0,c2,c0, 1\n"
83	"MOV R0, #0x34\n"
84	"MCR p15, 0, R0,c3,c0\n"
85	"LDR R0, =0x3333330\n"
86	"MCR p15, 0, R0,c5,c0, 2\n"
87	"LDR R0, =0x3333330\n"
88	"MCR p15, 0, R0,c5,c0, 3\n"
89	"MRC p15, 0, R0,c1,c0\n"
90	"ORR R0, R0, #0x1000\n"
91	"ORR R0, R0, #4\n"
92	"ORR R0, R0, #1\n"
93	"MCR p15, 0, R0,c1,c0\n"
94	"MOV R1, #0x80000006\n"
95	"MCR p15, 0, R1,c9,c1\n"
96	"MOV R1, #6\n"
97	"MCR p15, 0, R1,c9,c1, 1\n"
98	"MRC p15, 0, R1,c1,c0\n"
99	"ORR R1, R1, #0x50000\n"
100	"MCR p15, 0, R1,c1,c0\n"
101	"LDR R2, =0xC0200000\n"
102	"MOV R1, #1\n"
103	"STR R1, [R2,#0x10C]\n"
104	"MOV R1, #0xFF\n"
105	"STR R1, [R2,#0xC]\n"
106	"STR R1, [R2,#0x1C]\n"
107	"STR R1, [R2,#0x2C]\n"
108	"STR R1, [R2,#0x3C]\n"
109	"STR R1, [R2,#0x4C]\n"
110	"STR R1, [R2,#0x5C]\n"
111	"STR R1, [R2,#0x6C]\n"
112	"STR R1, [R2,#0x7C]\n"
113	"STR R1, [R2,#0x8C]\n"
114	"STR R1, [R2,#0x9C]\n"
115	"STR R1, [R2,#0xAC]\n"
116	"STR R1, [R2,#0xBC]\n"
117	"STR R1, [R2,#0xCC]\n"
118	"STR R1, [R2,#0xDC]\n"
119	"STR R1, [R2,#0xEC]\n"
120	"STR R1, [R2,#0xFC]\n"
121	"LDR R1, =0xC0400008\n"
122	"LDR R2, =0x430005\n"
123	"STR R2, [R1]\n"
124	"MOV R1, #1\n"
125	"LDR R2, =0xC0243100\n"
126	"STR R2, [R1]\n"
127	"LDR R2, =0xC0242010\n"
128	"LDR R1, [R2]\n"
129	"ORR R1, R1, #1\n"
130	"STR R1, [R2]\n"
131	"LDR R0, =0xFFC56CD0\n" // changed from 100 was FFC56CC8
132	"LDR R1, =0x1900\n"
133	"LDR R3, =0x10728\n" //changed from 100D
134	"loc_FF81013C:\n"
135
136	"CMP R1, R3\n"
137	"LDRCC R2, [R0],#4\n"
138	"STRCC R2, [R1],#4\n"
139	"BCC loc_FF81013C\n"
140	"LDR R1, =0x172BF8\n"
141	"MOV R2, #0\n"
142	"loc_FF810154:\n"
143	"CMP R3, R1\n"
144	"STRCC R2, [R3],#4\n"
145	"BCC loc_FF810154\n"
146	"B sub_FF810354_my\n"
147	//---------->
148	);
149	}
150
151
152	void __attribute__((naked,noinline)) sub_FF810354_my() { // ASM1989 -> In sx200 was: sub_FF8101A0_my
153
154
155
156	(int)0x1938=(int)taskHook; //was 1934 in sx200 if 1938 hangs
157	(int)0x193C=(int)taskHook;
158
159
160	if (((int) 0xC022010C) & 1) // look at play switch
161	(int)(0x254C) = 0x400000; // start in play mode
162	else
163	(int)(0x254C) = 0x200000; // start in rec mode
164
165	asm volatile (
166	"LDR R0, =0xFF8103CC\n"
167	"MOV R1, #0\n"
168	"LDR R3, =0xFF810404\n"
169	"loc_FF810360:\n"
170	"CMP R0, R3\n"
171	"LDRCC R2, [R0],#4\n"
172	"STRCC R2, [R1],#4\n"
173	"BCC loc_FF810360\n"
174	"LDR R0, =0xFF810404\n"
175	"MOV R1, #0x4B0\n"
176	"LDR R3, =0xFF810618\n"
177	"loc_FF81037C:\n"
178	"CMP R0, R3\n"
179	"LDRCC R2, [R0],#4\n"
180	"STRCC R2, [R1],#4\n"
181	"BCC loc_FF81037C\n"
182	"MOV R0, #0xD2\n"
183	"MSR CPSR_cxsf, R0\n"
184	"MOV SP, #0x1000\n"
185	"MOV R0, #0xD3\n"
186	"MSR CPSR_cxsf, R0\n"
187	"MOV SP, #0x1000\n"
188	"LDR R0, =0x6C4\n" // in 100D was: diferent "LDR R0, =0xFF8103C0\n"
189	"LDR R2, =0xEEEEEEEE\n"
190	"MOV R3, #0x1000\n"
191	"loc_FF8103B0:\n"
192	"CMP R0, R3\n"
193	"STRCC R2, [R0],#4\n"
194	"BCC loc_FF8103B0\n"
195	"BL sub_FF811198_my\n"
196	//------------>
197
198	//this is not disasmbled in 100F asuming is like 100D
199
200	"loc_FF8103C0:\n"
201	"ANDEQ R0, R0, R4,ASR#13\n"
202	"loc_FF8103C4:\n"
203	"ANDEQ R0, R0, R0,ROR R6\n"
204	"loc_FF8103C8:\n"
205	"ANDEQ R0, R0, R4,ROR R6\n"
206	"loc_FF8103CC:\n"
207	"NOP\n"
208	"LDR PC, =0xFF810618\n"
209	);
210	}
211
212	void __attribute__((naked,noinline)) sub_FF811198_my() {
213	asm volatile (
214	"STR LR, [SP,#-4]!\n"
215	"SUB SP, SP, #0x74\n"
216	"MOV R0, SP\n"
217	"MOV R1, #0x74\n"
218	"BL sub_FFB87550\n" // sub_FFB8754C 100D
219	//v4 stuff all copied from s95 its the same in principle
220	/*
221	" MOV R0, #0x53000 \n"
222	" STR R0, [SP,#4] \n"
223
224	//" LDR R0, =0x172BF8 \n" // old code
225	" LDR R0, =new_sa \n" // chdk patched
226	" LDR R0, [R0] \n" // chdk patched
227
228	" LDR R1, =0x379C00 \n"
229	" STR R0, [SP,#8] \n"
230	" RSB R0, R0, #0x1F80 \n"
231	" ADD R0, R0, #0x370000 \n"
232	" STR R0, [SP,#0x0c] \n"
233	" LDR R0, =0x371F80 \n"
234	" STR R1, [SP,#0] \n"
235	" STRD R0, [SP,#0x10] \n"
236	" MOV R0, #0x22 \n"
237	" STR R0, [SP,#0x18] \n"
238	" MOV R0, #0x68 \n"
239	" STR R0, [SP,#0x1c] \n"
240	" LDR R0, =0x19B \n"
241
242	*/
243
244
245
246	//v3 stuff
247
248	"MOV R0, #0x53000\n"
249	"STR R0, [SP,#4]\n"
250	"LDR R0, =new_sa\n" // +
251	"LDR R0, [R0]\n" // +
252	//"LDR R2, =0x172BF8\n"
253	"LDR R1, =0x379C00\n"
254	"STR R0, [SP,#8]\n"
255	//"SUB R0, R1, R0\n"
256	"RSB R0, R0, #0x1F80\n" // new in this cam
257	"ADD R0, R0, #0x370000\n" // new in this cam
258	"STR R0, [SP,#0x0c]\n" //changed
259	"LDR R0, =0x371F80\n"// new in this cam
260	//copied from s95
261	"STR R1, [SP,#0] \n"
262	"STRD R0, [SP,#0x10] \n"
263	"MOV R0, #0x22 \n"
264	"STR R0, [SP,#0x18] \n"
265	"MOV R0, #0x68 \n"
266	"STR R0, [SP,#0x1c] \n"
267	"LDR R0, =0x19B \n"
268
269
270
271
272	"LDR R1, =sub_FF815EE0_my\n" // chdk patched
273
274	//"LDR R1, =0xFF815EE0\n" // old code
275
276
277	//------------>
278
279
280
281	"STR R0, [SP,#0x20]\n"
282	"MOV R0, #0x96\n"
283	"STR R0, [SP,#0x24]\n"
284	//"MOV R0, #0x78\n" // looks like its not in 100F
285	"STR R0, [SP,#0x28]\n"
286	"MOV R0, #0x64\n"
287	"STR R0, [SP,#0x2C]\n"
288	"MOV R0, #0\n"
289	"STR R0, [SP,#0x30]\n"
290	"STR R0, [SP,#0x34]\n"
291	"MOV R0, #0x10\n"
292	"STR R0, [SP,#0x5C]\n"
293	"MOV R0, #0x800\n"
294	"STR R0, [SP,#0x60]\n"
295	"MOV R0, #0xA0\n"
296	"STR R0, [SP,#0x64]\n"
297	"MOV R0, #0x280\n"
298	"STR R0, [SP,#0x68]\n"
299	"MOV R0, SP\n"
300	"MOV R2, #0\n"
301
302
303	/*
304	//copied from s95 // not work
305	" MOV R0, #0x96 \n"
306	" STR R0, [SP,#0x24] \n"
307	" STR R0, [SP,#0x28] \n"
308	" MOV R0, #0x64 \n"
309	" STR R0, [SP,#0x2c] \n"
310	" MOV R0, #0 \n"
311	" STR R0, [SP,#0x30] \n"
312	" STR R0, [SP,#0x34] \n"
313	" MOV R0, #0x10 \n"
314	" STR R0, [SP,#0x5c] \n"
315	" MOV R0, #0x800 \n"
316	" STR R0, [SP,#0x60] \n"
317	" MOV R0, #0xA0 \n"
318	" STR R0, [SP,#0x64] \n"
319	" MOV R0, #0x280 \n"
320	" STR R0, [SP,#0x68] \n"
321	" MOV R0, SP \n"
322	" MOV R2, #0 \n"
323	*/
324	"BL sub_FF8134B8\n"
325
326	"ADD SP, SP, #0x74\n"
327	"LDR PC, [SP],#4\n"
328	);
329	}
330
331	//Almost till here maybe checked
332
333	void __attribute__((naked,noinline)) sub_FF815EE0_my() {
334
335	//v4 testing full s95 code
336	/*
337	asm volatile (
338	" STMFD SP!, {R4,LR} \n"
339	" BL sub_FF810B20 \n"
340	" BL sub_FF81A33C \n" // dmSetup
341	" CMP R0, #0 \n"
342
343	//" ADRLT R0, aDmsetup \n" // "dmSetup"
344	" LDRLT r0, =0xFF815FF4 \n"
345
346	" BLLT sub_FF815FD4 \n" // err_init_task
347
348	" BL sub_FF815B1C \n"
349	" CMP R0, #0 \n"
350
351	//" ADRLT R0, aTermdriverinit \n" // "termDriverInit"
352	" LDRLT R0, =0xFF815FFC \n"
353
354	" BLLT sub_FF815FD4 \n" // err_init_task
355
356	//" ADR R0, a_term \n" // "/_term"
357	" LDR R0, =0xFF81600C \n"
358
359	" BL sub_FF815C04 \n" // termDeviceCreate
360	" CMP R0, #0 \n"
361
362	//" ADRLT R0, aTermdevicecrea \n" // "termDeviceCreate"
363	" LDRLT R0, =0xFF816014 \n"
364
365	" BLLT sub_FF815FD4 \n" // err_init_task
366
367	//" ADR R0, a_term \n" // "/_term"
368	" LDR R0, =0xFF81600C \n"
369
370	" BL sub_FF813CA4 \n"
371	" CMP R0, #0 \n"
372
373	//" ADRLT R0, aStdiosetup \n" // "stdioSetup"
374	" LDRLT R0, =0xFF816028 \n"
375
376	" BLLT sub_FF815FD4 \n" // err_init_task
377	" BL sub_FF819CC4 \n"
378	" CMP R0, #0 \n"
379
380	//" ADRLT R0, aStdlibsetup \n" // "stdlibSetup"
381	" LDRLT R0, =0xFF816034 \n"
382
383	" BLLT sub_FF815FD4 \n" // err_init_task
384	" BL sub_FF81167C \n"
385	" CMP R0, #0 \n"
386
387	//" ADRLT R0, aArmlib_setup \n" // "armlib_setup"
388	" LDRLT R0, =0xFF816040 \n"
389
390	" BLLT sub_FF815FD4 \n" // err_init_task
391
392	" LDMFD SP!, {R4,LR} \n"
393
394	//" B sub_FF81FB54 \n" // taskcreate_Startup
395	" B taskcreate_Startup_my \n" // patched
396
397	" MOV R0, #0 \n"
398	" LDMFD SP!, {R3-R5,PC} \n"
399	);
400	*/
401
402	//v3
403
404	asm volatile (
405	"STMFD SP!, {R4,LR}\n"
406	"BL sub_FF810B20\n"
407	"BL sub_FF81A33C\n" // BL dmSetup
408	"CMP R0, #0\n"
409	"LDRLT R0, =0xFF815FF4\n" //Mising ; "dmSetup"
410	"BLLT sub_FF815FD4\n" //Mising err_init_task
411	"BL sub_FF815B1C\n"
412	"CMP R0, #0\n"
413	"LDRLT R0, =0xFF815FFC\n" // "termDriverInit"
414	"BLLT sub_FF815FD4\n" // err_init_task
415	"LDR R0, =0xFF81600C\n" // "/_term"
416	"BL sub_FF815C04\n" // termDeviceCreate
417	"CMP R0, #0\n"
418	"LDRLT R0, =0xFF816014\n" // "termDeviceCreate"
419	"BLLT sub_FF815FD4\n" // err_init_task
420	"LDR R0, =0xFF81600C\n" // "/_term"
421	"BL sub_FF813CA4\n"
422	"CMP R0, #0\n"
423	"LDRLT R0, =0xFF816028\n" // "stdioSetup"
424	"BLLT sub_FF815FD4\n" // err_init_task
425	"BL sub_FF819CC4\n"
426	"CMP R0, #0\n"
427	"LDRLT R0, =0xFF816034\n" //"stdlibSetup"
428	"BLLT sub_FF815FD4\n" // err_init_task
429	"BL sub_FF81167C\n"
430	"CMP R0, #0\n"
431	"LDRLT R0, =0xFF816040\n" // "armlib_setup"
432	"BLLT sub_FF815FD4\n" // err_init_task
433	"LDMFD SP!, {R4,LR}\n"
434	"B taskcreate_Startup_my\n" // ASM1989 -> at FF81FBA8
435	//---------->
436	//copied from s95
437	" MOV R0, #0 \n"
438	" LDMFD SP!, {R3-R5,PC} \n"
439
440	);
441	};
442
443
444	// ASM1989 -> Here starts the diferences with SX200
445
446	void __attribute__((naked,noinline)) taskcreate_Startup_my() {
447	asm volatile (
448
449	"STMFD SP!, {R3-R5,LR}\n"
450	"BL sub_FF8348CC\n" //j_nullsub_267
451	"BL sub_FF83D1D4\n"
452	"CMP R0, #0\n"
453
454	"BNE loc_FF81FBFC\n"
455
456
457	"BL sub_FF8370E8\n"
458	"CMP R0, #0\n"
459	"BEQ loc_FF81FBFC\n"
460
461
462	"LDR R4, =0xC0220000\n"
463
464
465
466	"LDR R0, [R4,#0x120]\n"
467	"TST R0, #1\n"
468	"MOVEQ R0, #0x12C\n"
469
470
471
472
473	"BLEQ sub_FF83B574\n" //ASM1989 -> eventproc_export_SleepTask
474
475
476
477	"BL sub_FF8348C8\n"
478	"CMP R0, #0\n"
479	"BNE loc_FF81FBFC\n"
480	"BL sub_FF833F34\n"
481	"MOV R0, #0x44\n"
482	"STR R0, [R4,#0x1C]\n"
483	"BL sub_FF834120\n"
484	"loc_FF81FBF8:\n"
485	"B loc_FF81FBF8\n"
486
487
488	"loc_FF81FBFC:\n"
489	//"BL sub_FF8348D4\n" // ASM1989 -> -- replaced for power button startup
490
491	"BL sub_FF8348D0\n"//ASM1989 -> j_nullsub_268
492	"BL sub_FF83B3EC\n"
493
494	"LDR R1, =0x3CE000\n"
495	"MOV R0, #0\n"
496
497	"BL sub_FF83B834\n"
498	"BL sub_FF83B5E0\n"
499	"MOV R3, #0\n"
500
501	"STR R3, [SP]\n"
502
503	"LDR R3, =task_Startup_my\n" // ASM1989 -> original is FF81FAF0 task_Startup // LDR instead of ADR
504	//---------------->
505	//ASM_SAFE("BL blink\n")
506	"MOV R2, #0\n"
507	"MOV R1, #0x19\n"
508	"LDR R0, =0xFF81FC60\n" //aStartup // LDR instead of ADR
509
510
511	"BL sub_FF81E8A0\n" //eventproc_export_CreateTask
512	"MOV R0, #0\n"
513	"LDMFD SP!, {R3-R5,PC}\n"
514
515
516
517
518	);
519	}
520
521	// TESTING S95 Code style
522
523
524	void __attribute__((naked,noinline)) task_Startup_my() {
525	asm volatile (
526
527	"STMFD SP!, {R4,LR}\n"
528
529	"BL sub_FF816594\n" // taskcreate_ClockSave
530	"BL sub_FF835A30\n"
531	"BL sub_FF833B3C\n"
532	"BL sub_FF83D218\n" //j_nullsub_271
533	"BL sub_FF83D404\n"
534	// "BL sub_FF83D2AC\n" // start diskboot.bin
535	"BL sub_FF83D5AC\n"
536	"BL sub_FF81648C\n"
537	"BL sub_FF836754\n"
538	"LDR R1, =0x7C007C00\n"
539	"LDR R0, =0xC0F1800C\n"
540	"BL sub_FF835A3C\n"
541	"LDR R0, =0xC0F18010\n"
542	"MOV R1, #0\n"
543	//OK
544	"BL sub_FF835A3C\n"
545	"LDR R0, =0xC0F18018\n"
546	"MOV R1, #0\n"
547	"BL sub_FF835A3C\n"
548	"LDR R0, =0xC0F1801C\n"
549	"MOV R1, #0x1000\n"
550	"BL sub_FF835A3C\n"
551	"LDR R0, =0xC0F18020\n"
552	"MOV R1, #8\n"
553	"BL sub_FF835A3C\n"
554	//OK
555
556
557	"LDR R0, =0xC022D06C\n"
558	"MOV R1, #0xE000000\n"
559	"BL sub_FF835A3C\n"
560	"BL sub_FF8164CC\n"
561	//OK
562
563	"BL sub_FF8324F4\n"
564
565
566	//FAILS
567	//ASM_SAFE("BL blink\n")
568	"BL sub_FF83D434\n"
569
570
571
572
573
574	"BL sub_FF83AB90\n"
575	"BL sub_FF83D5B0\n"
576
577	"BL CreateTask_spytask\n" // +
578	//---------------->
579	"BL sub_FF834788\n" //taskcreate_PhySw
580	);
581
582	// CreateTask_PhySw(); // our keyboard task
583
584	// CreateTask_spytask(); // chdk initialization
585
586
587	// "BL CreateTask_spytask\n" // +
588	//---------------->
589
590
591	asm volatile (
592
593
594	"BL sub_FF838CF0\n"
595	"BL sub_FF83D5C8\n"
596	"BL sub_FF8318F8\n" //nullsub_2
597	"BL sub_FF8334A0\n"
598	"BL sub_FF83CF9C\n" //taskcreate_Bye
599	"BL sub_FF833AF0\n"
600	"BL sub_FF83343C\n" //taskcreate_BatteryTask
601	"BL sub_FF832528\n"
602	"BL sub_FF83E1D0\n"
603	"BL sub_FF8333F8\n"
604	"LDMFD SP!, {R4,LR}\n"
605	"B sub_FF8166B4\n"
606	);
607	}
608
609
610	/*void __attribute__((naked,noinline)) CreateTask_PhySw() {
611	asm volatile (
612	" STMFD SP!, {R3-R5,LR} \n"
613	" LDR R4, =0x1C34 \n"
614	" LDR R0, [R4,#0x10] \n"
615	" CMP R0, #0 \n"
616	" BNE loc_FF8347BC \n"
617	" MOV R3, #0 \n"
618	" STR R3, [SP] \n"
619
620	//" ADR R3, task_PhySw \n"
621	//" LDR R3, =sub_FF834754 \n"
622	//" MOV R2, #0x800 \n"
623
624	" LDR R3, =mykbd_task \n" // PhySw Task patch
625	" MOV R2, #0x2000 \n" // larger stack
626
627	" MOV R1, #0x17 \n"
628
629	//" ADR R0, aPhysw \n"
630	" LDR R0, =0xFF8349DC \n" // "PhySw"
631
632	" BL sub_FF83B634 \n" // KernelCreateTask
633	" STR R0, [R4,#0x10] \n"
634	"loc_FF8347BC: \n"
635	" BL sub_FF863968 \n" //taskcreate_RotaryEncoder
636	" BL sub_FF8941DC \n"
637	" BL sub_FF837060 \n" //IsFactoryMode
638	" CMP R0, #0 \n"
639	" LDREQ R1, =0x34414 \n"
640	" LDMEQFD SP!, {R3-R5,LR} \n"
641	" BEQ sub_FF894164 \n" // eventproc_export_OpLog.Start
642	" LDMFD SP!, {R3-R5,PC} \n"
643	);
644	}
645
646	*/
647
648	/*----------------------------------------------------------------------
649	JogDial_task_my()
650
651	Patched jog dial task at FF86363C
652	-----------------------------------------------------------------------*/
653	void __attribute__((naked,noinline)) JogDial_task_my() {
654	asm volatile (
655	" STMFD SP!, {R4-R11,LR} \n"
656	" SUB SP, SP, #0x1C \n"
657	" BL sub_FF863A68 \n"
658	" LDR R1, =0x2560 \n"
659	" LDR R6, =0xFFB8D5F4 \n" //100D --- FFB8D5F0
660	" MOV R0, #0 \n"
661	" ADD R3, SP, #0x10 \n"
662	" ADD R12, SP, #0x14 \n"
663	" ADD R10, SP, #0x08 \n"
664	" MOV R2, #0 \n"
665	" ADD R9, SP, #0xC \n"
666
667	"loc_FF863668: \n"
668	" ADD R12, SP, #0x14 \n"
669	" ADD LR, R12, R0,LSL#1 \n"
670	" MOV R2, #0 \n"
671	" ADD R3, SP, #0x10 \n"
672	" STRH R2, [LR] \n"
673	" ADD LR, R3, R0,LSL#1 \n"
674	" STRH R2, [LR] \n"
675	" STR R2, [R9,R0,LSL#2] \n"
676	" STR R2, [R10,R0,LSL#2] \n"
677	" ADD R0, R0, #1 \n"
678	" CMP R0, #2 \n"
679	" BLT loc_FF863668 \n"
680
681	"loc_FF863698: \n"
682	" LDR R0, =0x2560 \n"
683	" MOV R2, #0 \n"
684	" LDR R0, [R0,#0xC] \n"
685	" MOV R1, SP \n"
686	" BL sub_FF83AE20 \n"
687	" CMP R0, #0 \n"
688	" LDRNE R1, =0x262 \n"
689
690	//" ADRNE R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
691	" LDRNE R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
692
693	" BLNE sub_FF81EB78 \n" // DebugAssert
694
695	//------------------ begin added code ---------------
696	"labelA:\n"
697	"LDR R0, =jogdial_stopped\n"
698	"LDR R0, [R0]\n"
699	"CMP R0, #1\n"
700	"BNE labelB\n" // continue on if jogdial_stopped = 0
701	"MOV R0, #40\n"
702	"BL _SleepTask\n" // jogdial_stopped=1 -- give time back to OS and suspend jogdial task
703	"B labelA\n"
704	"labelB:\n"
705	//------------------ end added code -----------------
706
707	" LDR R0, [SP] \n"
708	" AND R4, R0, #0xFF \n"
709	" AND R0, R0, #0xFF00 \n"
710	" CMP R0, #0x100 \n"
711	" BEQ loc_FF863708 \n"
712	" CMP R0, #0x200 \n"
713	" BEQ loc_FF863740 \n"
714	" CMP R0, #0x300 \n"
715	" BEQ loc_FF863938 \n"
716	" CMP R0, #0x400 \n"
717	" BNE loc_FF863698 \n"
718	" CMP R4, #0 \n"
719	" LDRNE R1, =0x2ED \n"
720
721	//" ADRNE R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
722	" LDRNE R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
723
724	" BLNE sub_FF81EB78 \n" // DebugAssert
725	" RSB R0, R4, R4,LSL#3 \n"
726	" LDR R0, [R6,R0,LSL#2] \n"
727
728	"loc_FF863700: \n"
729	" BL sub_FF863A40 \n"
730	" B loc_FF863698 \n"
731
732	"loc_FF863708: \n"
733	" LDR R7, =0x2570 \n"
734	" LDR R0, [R7,R4,LSL#2] \n"
735	" BL sub_FF83BDB8 \n"
736
737	//" ADR R2, 0xFF863588 \n"
738	" LDR R2, =0xFF863588 \n"
739
740	" ADD R1, R2, #0 \n"
741	" ORR R3, R4, #0x200 \n"
742	" MOV R0, #0x28 \n"
743	" BL sub_FF83BCD4 \n"
744	" TST R0, #1 \n"
745	" CMPNE R0, #0x15 \n"
746	" STR R0, [R10,R4,LSL#2] \n"
747	" BEQ loc_FF863698 \n"
748	" MOV R1, #0x274 \n"
749	" B loc_FF8638E4 \n"
750
751	"loc_FF863740: \n"
752	" RSB R5, R4, R4,LSL#3 \n"
753	" LDR R0, [R6,R5,LSL#2] \n"
754	" LDR R1, =0xC0240104 \n"
755	" LDR R0, [R1,R0,LSL#8] \n"
756	" MOV R2, R0,ASR#16 \n"
757	" ADD R0, SP, #0x14 \n"
758	" ADD R0, R0, R4,LSL#1 \n"
759	" STR R0, [SP,#0x18] \n"
760	" STRH R2, [R0] \n"
761	" ADD R0, SP, #0x10 \n"
762	" ADD R11, R0, R4,LSL#1 \n"
763	" LDRSH R3, [R11] \n"
764	" SUB R0, R2, R3 \n"
765	" CMP R0, #0 \n"
766	" BNE loc_FF8637C0 \n"
767	" LDR R0, [R9,R4,LSL#2] \n"
768	" CMP R0, #0 \n"
769	" BEQ loc_FF8638A0 \n"
770	" LDR R7, =0x2570 \n"
771	" LDR R0, [R7,R4,LSL#2] \n"
772	" BL sub_FF83BDB8 \n"
773
774	//" ADR R2, 0xFF863594 \n"
775	" LDR R2, =0xFF863594 \n"
776
777	" ADD R1, R2, #0 \n"
778	" ORR R3, R4, #0x300 \n"
779	" MOV R0, #0x1F4 \n"
780	" BL sub_FF83BCD4 \n"
781	" TST R0, #1 \n"
782	" CMPNE R0, #0x15 \n"
783	" STR R0, [R7,R4,LSL#2] \n"
784	" BEQ loc_FF8638A0 \n"
785	" LDR R1, =0x28D \n"
786	" B loc_FF863898 \n"
787
788	"loc_FF8637C0: \n"
789	" MOV R1, R0 \n"
790	" RSBLT R0, R0, #0 \n"
791	" MOVLE R7, #0 \n"
792	" MOVGT R7, #1 \n"
793	" CMP R0, #0xFF \n"
794	" BLS loc_FF863800 \n"
795	" CMP R1, #0 \n"
796	" RSBLE R0, R3, #0xFF \n"
797	" ADDLE R0, R0, #0x7F00 \n"
798	" ADDLE R0, R0, R2 \n"
799	" RSBGT R0, R2, #0xFF \n"
800	" ADDGT R0, R0, #0x7F00 \n"
801	" ADDGT R0, R0, R3 \n"
802	" ADD R0, R0, #0x8000 \n"
803	" ADD R0, R0, #1 \n"
804	" EOR R7, R7, #1 \n"
805
806	"loc_FF863800: \n"
807	" STR R0, [SP,#0x04] \n"
808	" LDR R0, [R9,R4,LSL#2] \n"
809	" CMP R0, #0 \n"
810	" ADDEQ R0, R6, R5,LSL#2 \n"
811	" LDREQ R0, [R0,#8] \n"
812	" BEQ loc_FF863838 \n"
813	" ADD R8, R6, R5,LSL#2 \n"
814	" ADD R1, R8, R7,LSL#2 \n"
815	" LDR R1, [R1,#0x10] \n"
816	" CMP R1, R0 \n"
817	" BEQ loc_FF86383C \n"
818	" LDR R0, [R8,#0xC] \n"
819	" BL sub_FF89C2E4 \n"
820	" LDR R0, [R8,#8] \n"
821
822	"loc_FF863838: \n"
823	" BL sub_FF89C2E4 \n"
824
825	"loc_FF86383C: \n"
826	" ADD R0, R6, R5,LSL#2 \n"
827	" ADD R7, R0, R7,LSL#2 \n"
828	" LDR R0, [R7,#0x10] \n"
829	" LDR R1, [SP,#0x04] \n"
830	" BL sub_FF89C20C \n"
831	" LDR R0, [R7,#0x10] \n"
832	" LDR R7, =0x2570 \n"
833	" STR R0, [R9,R4,LSL#2] \n"
834	" LDR R0, [SP,#0x18] \n"
835	" LDRH R0, [R0] \n"
836	" STRH R0, [R11] \n"
837	" LDR R0, [R7,R4,LSL#2] \n"
838	" BL sub_FF83BDB8 \n"
839
840	//" ADR R2, 0xFF863594 \n"
841	" LDR R2, =0xFF863594 \n"
842
843	" ADD R1, R2, #0 \n"
844	" ORR R3, R4, #0x300 \n"
845	" MOV R0, #0x1F4 \n"
846	" BL sub_FF83BCD4 \n"
847	" TST R0, #1 \n"
848	" CMPNE R0, #0x15 \n"
849	" STR R0, [R7,R4,LSL#2] \n"
850	" BEQ loc_FF8638A0 \n"
851	" LDR R1, =0x2CF \n"
852
853	"loc_FF863898: \n"
854	//" ADR R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
855	" LDR R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
856
857	" BL sub_FF81EB78 \n" // DebugAssert
858
859	"loc_FF8638A0: \n"
860	" ADD R0, R6, R5,LSL#2 \n"
861	" LDR R0, [R0,#0x18] \n"
862	" CMP R0, #1 \n"
863	" BNE loc_FF863930 \n"
864	" LDR R0, =0x2560 \n"
865	" LDR R0, [R0,#0x14] \n"
866	" CMP R0, #0 \n"
867	" BEQ loc_FF863930 \n"
868
869	//" ADR R2, 0xFF863588 \n"
870	" LDR R2, =0xFF863588 \n"
871
872	" ADD R1, R2, #0 \n"
873	" ORR R3, R4, #0x400 \n"
874	" BL sub_FF83BCD4 \n"
875	" TST R0, #1 \n"
876	" CMPNE R0, #0x15 \n"
877	" STR R0, [R10,R4,LSL#2] \n"
878	" BEQ loc_FF863698 \n"
879	" LDR R1, =0x2D6 \n"
880
881	"loc_FF8638E4: \n"
882	//" ADR R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
883	" LDR R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
884
885	" BL sub_FF81EB78 \n" // DebugAssert
886	" B loc_FF863698 \n"
887
888	"NOP \n"
889
890
891	"loc_FF863930: \n"
892	" LDR R0, [R6,R5,LSL#2] \n"
893	" B loc_FF863700 \n"
894
895	"loc_FF863938: \n"
896	" LDR R0, [R9,R4,LSL#2] \n"
897	" CMP R0, #0 \n"
898	" MOVEQ R1, #0x2E0 \n"
899
900	//" ADREQ R0, 0xFF8638F8 \n" // "RotaryEncoder.c"
901	" LDREQ R0, =0xFF8638F8 \n" // "RotaryEncoder.c"
902
903	" BLEQ sub_FF81EB78 \n" // DebugAssert
904	" RSB R0, R4, R4,LSL#3 \n"
905	" ADD R0, R6, R0,LSL#2 \n"
906	" LDR R0, [R0,#0xC] \n"
907	" BL sub_FF89C2E4 \n"
908	" MOV R2, #0 \n"
909	" STR R2, [R9,R4,LSL#2] \n"
910	" B loc_FF863698 \n"
911	);
912	};
913
914
915	//FILE INIT STUFF
916	void __attribute__((naked,noinline)) init_file_modules_task() {
917	asm volatile(
918	"STMFD SP!, {R4-R6,LR}\n"
919	"BL sub_FF896688\n"
920	"LDR R5, =0x5006\n"
921	"MOVS R4, R0\n"
922	"MOVNE R1, #0\n"
923	"MOVNE R0, R5\n"
924	"BLNE sub_FF89A464\n" //PostLogicalEventToUI
925	// "BL sub_FF8966B4\n"
926	"BL sub_FF8966B4_my\n"
927	//----------------------->
928	"BL core_spytask_can_start\n" // + safe to start spytask S95 new stuff to speed up chdk load
929
930	"CMP R4, #0\n"
931	"MOVEQ R0, R5\n"
932	"LDMEQFD SP!, {R4-R6,LR}\n"
933	"MOVEQ R1, #0\n"
934	"BEQ sub_FF89A464\n" //PostLogicalEventToUI
935	"LDMFD SP!, {R4-R6,PC}\n"
936	);
937	};
938
939	void __attribute__((naked,noinline)) sub_FF8966B4_my() {
940	asm volatile(
941	"STMFD SP!, {R4,LR}\n"
942	"MOV R0, #3\n"
943	// "BL sub_FF87538C\n" //__Mounter.c__0
944	"BL sub_FF87538C_my\n" //__Mounter.c__0
945
946	"B sub_FF8966C0\n" // continue in firmware
947	);
948	};
949
950	void __attribute__((naked,noinline)) sub_FF87538C_my() {
951	asm volatile(
952	"STMFD SP!, {R4-R8,LR}\n"
953	"MOV R8, R0\n"
954	"BL sub_FF87530C\n" //__Mounter.c__0
955	"LDR R1, =0x3A068\n"
956	"MOV R6, R0\n"
957	"ADD R4, R1, R0,LSL#7\n"
958	"LDR R0, [R4,#0x6C]\n"
959	"CMP R0, #4\n"
960	"LDREQ R1, =0x83F\n"
961	"LDREQ R0, =0xFF874E4C\n" //aMounter_c
962	"BLEQ sub_FF81EB78\n" //DebugAssert
963	"MOV R1, R8\n"
964	"MOV R0, R6\n"
965	"BL sub_FF874BC0\n"
966	"LDR R0, [R4,#0x38]\n"
967	"BL sub_FF875A30\n"
968	"CMP R0, #0\n"
969	"STREQ R0, [R4,#0x6C]\n"
970	"MOV R0, R6\n"
971	"BL sub_FF874C50\n"
972	"MOV R0, R6\n"
973	// "BL sub_FF874FB4\n"
974	"BL sub_FF874FB4_my\n"
975	//------------------->
976	"B sub_FF8753E4 \n" //continue in firmware
977	);
978
979	};
980	void __attribute__((naked,noinline)) sub_FF874FB4_my() {
981	asm volatile(
982	"STMFD SP!, {R4-R6,LR}\n"
983	"MOV R5, R0\n"
984	"LDR R0, =0x3A068\n"
985	"ADD R4, R0, R5,LSL#7\n"
986	"LDR R0, [R4,#0x6C]\n"
987	"TST R0, #2\n"
988	"MOVNE R0, #1\n"
989	"LDMNEFD SP!, {R4-R6,PC}\n"
990	"LDR R0, [R4,#0x38]\n"
991	"MOV R1, R5\n"
992	// "BL sub_FF874CD4\n"
993	"BL sub_FF874CD4_my\n"
994	//------------------->
995
996	"B sub_FF874FE0\n" //continue in firmware
997
998	);
999
1000	};
1001
1002	void __attribute__((naked,noinline)) sub_FF874CD4_my() {
1003	asm volatile(
1004	" STMFD SP!, {R4-R10,LR}\n"
1005	" MOV R9, R0\n"
1006	" LDR R0, =0x3A068\n"
1007	" MOV R8, #0\n"
1008	" ADD R5, R0, R1,LSL#7\n"
1009	" LDR R0, [R5,#0x3C]\n"
1010	" MOV R7, #0\n"
1011	" CMP R0, #7\n"
1012	" MOV R6, #0\n"
1013	" ADDLS PC, PC, R0,LSL#2\n"
1014	" B loc_FF874E2C\n"
1015	"loc_FF874D00:\n"
1016	" B loc_FF874D38\n"
1017	"loc_FF874D04:\n"
1018	" B loc_FF874D20\n"
1019	"loc_FF874D08:\n"
1020	" B loc_FF874D20\n"
1021	"loc_FF874D0C:\n"
1022	" B loc_FF874D20\n"
1023	"loc_FF874D10:\n"
1024	" B loc_FF874D20\n"
1025	"loc_FF874D14:\n"
1026	" B loc_FF874E24\n"
1027	"loc_FF874D18:\n"
1028	" B loc_FF874D20\n"
1029	"loc_FF874D1C:\n"
1030	" B loc_FF874D20\n"
1031	"loc_FF874D20:\n"
1032	" MOV R2, #0\n"
1033	" MOV R1, #0x200\n"
1034	" MOV R0, #2\n"
1035	" BL sub_FF890738\n"
1036	" MOVS R4, R0\n"
1037	" BNE loc_FF874D40\n"
1038	"loc_FF874D38:\n"
1039	" MOV R0, #0\n"
1040	" LDMFD SP!, {R4-R10,PC}\n"
1041	"loc_FF874D40:\n"
1042	" LDR R12, [R5,#0x50]\n"
1043	" MOV R3, R4\n"
1044	" MOV R2, #1\n"
1045	" MOV R1, #0\n"
1046	" MOV R0, R9\n"
1047	" BLX R12\n"
1048	" CMP R0, #1\n"
1049	" BNE loc_FF874D6C\n"
1050	" MOV R0, #2\n"
1051	" BL sub_FF890888\n" //__ExMemMan.c__0 ; LOCATION: ExMemMan.c:0
1052	" B loc_FF874D38\n"
1053	"loc_FF874D6C:\n"
1054	" LDR R1, [R5,#0x64]\n"
1055	" MOV R0, R9\n"
1056	" BLX R1\n"
1057	//Allready inserted code
1058
1059	"MOV R1, R4\n" // pointer to MBR in R1
1060	"BL mbr_read_dryos\n" // total sectors count in R0 before and after call
1061
1062	// Start of DataGhost's FAT32 autodetection code
1063	// Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
1064	// According to the code below, we can use R1, R2, R3 and R12.
1065	// LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
1066	// that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
1067	"MOV R12, R4\n" // Copy the MBR start address so we have something to work with
1068	"MOV LR, R4\n" // Save old offset for MBR signature
1069	"MOV R1, #1\n" // Note the current partition number
1070	"B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
1071	"dg_sd_fat32:\n"
1072	"CMP R1, #4\n" // Did we already see the 4th partition?
1073	"BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
1074	"ADD R12, R12, #0x10\n" // Second partition
1075	"ADD R1, R1, #1\n" // Second partition for the loop
1076	"dg_sd_fat32_enter:\n"
1077	"LDRB R2, [R12, #0x1BE]\n" // Partition status
1078	"LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
1079	"CMP R3, #0xB\n" // Is this a FAT32 partition?
1080	"CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
1081	"BNE dg_sd_fat32\n" // No, it isn't. Loop again.
1082	"CMP R2, #0x00\n" // It is, check the validity of the partition type
1083	"CMPNE R2, #0x80\n"
1084	"BNE dg_sd_fat32\n" // Invalid, go to next partition
1085	// This partition is valid, it's the first one, bingo!
1086	"MOV R4, R12\n" // Move the new MBR offset for the partition detection.
1087
1088	"dg_sd_fat32_end:\n"
1089	// End of DataGhost's FAT32 autodetection code
1090
1091
1092
1093
1094
1095	" LDRB R1, [R4,#0x1C9]\n"
1096	" LDRB R3, [R4,#0x1C8]\n"
1097	" LDRB R12, [R4,#0x1CC]\n"
1098	" MOV R1, R1,LSL#24\n"
1099	" ORR R1, R1, R3,LSL#16\n"
1100	" LDRB R3, [R4,#0x1C7]\n"
1101	" LDRB R2, [R4,#0x1BE]\n"
1102	//" LDRB LR, [R4,#0x1FF]\n" //remains commented as in sx200
1103	" ORR R1, R1, R3,LSL#8\n"
1104	" LDRB R3, [R4,#0x1C6]\n"
1105	" CMP R2, #0\n"
1106	" CMPNE R2, #0x80\n"
1107	" ORR R1, R1, R3\n"
1108	" LDRB R3, [R4,#0x1CD]\n"
1109	" MOV R3, R3,LSL#24\n"
1110	" ORR R3, R3, R12,LSL#16\n"
1111	" LDRB R12, [R4,#0x1CB]\n"
1112	" ORR R3, R3, R12,LSL#8\n"
1113	" LDRB R12, [R4,#0x1CA]\n"
1114	" ORR R3, R3, R12\n"
1115	//" LDRB R12, [R4,#0x1FE]\n" //remains commented as in sx200
1116	// Left as in sx200
1117	"LDRB R12, [LR,#0x1FE]\n" // + First MBR signature byte (0x55), LR is original offset.
1118	"LDRB LR, [LR,#0x1FF]\n" // + Last MBR signature byte (0xAA), LR is original offset.
1119
1120
1121	" BNE loc_FF874DF8\n"
1122	" CMP R0, R1\n"
1123	" BCC loc_FF874DF8\n"
1124	" ADD R2, R1, R3\n"
1125	" CMP R2, R0\n"
1126	" CMPLS R12, #0x55\n"
1127	" CMPEQ LR, #0xAA\n"
1128	" MOVEQ R7, R1\n"
1129	" MOVEQ R6, R3\n"
1130	" MOVEQ R4, #1\n"
1131	" BEQ loc_FF874DFC\n"
1132	"loc_FF874DF8:\n"
1133	" MOV R4, R8\n"
1134	"loc_FF874DFC:\n"
1135	" MOV R0, #2\n"
1136	" BL sub_FF890888\n" //__ExMemMan.c__0 ; LOCATION: ExMemMan.c:0
1137	" CMP R4, #0\n"
1138	" BNE loc_FF874E38\n"
1139	" LDR R1, [R5,#0x64]\n"
1140	" MOV R7, #0\n"
1141	" MOV R0, R9\n"
1142	" BLX R1\n"
1143	" MOV R6, R0\n"
1144	" B loc_FF874E38\n"
1145	"loc_FF874E24:\n"
1146	" MOV R6, #0x40\n"
1147	" B loc_FF874E38\n"
1148	"loc_FF874E2C:\n"
1149	" LDR R1, =0x597\n"
1150	" LDR R0, =0xFF874E4C\n" //aMounter_c ; Mounter.c
1151	" BL sub_FF81EB78\n" //DebugAssert
1152
1153	"loc_FF874E38:\n"
1154	" STR R7, [R5,#0x44]!\n"
1155	" STMIB R5, {R6,R8}\n"
1156	" MOV R0, #1\n"
1157	" LDMFD SP!, {R4-R10,PC}\n"
1158
1159	);
1160
1161	};

Note: See TracBrowser for help on using the repository browser.

chdk

Context Navigation

source: trunk/platform/ixus1000_sd4500/sub/100f/boot.c @ 1385

Download in other formats: