Assembla home | Assembla project page

My Start Page

Context Navigation

source: trunk/platform/ixus100_sd780/sub/100c/boot.c @ 1120

Revision 1120, 33.5 KB checked in by reyalP, 2 years ago (diff)
fix ixus100_sd780 build from last change

Line
1	#include "lolevel.h"
2	#include "platform.h"
3	#include "core.h"
4	#include "stdlib.h"
5	#include "gui.h"
6	#include "../../../../core/gui_draw.h"
7
8	const char * const new_sa = &_end;
9
10	/* Ours stuff */
11	extern long wrs_kernel_bss_start;
12	extern long wrs_kernel_bss_end;
13	int* aHookList[128];
14	long aHookNum=0;
15
16
17	// Forward declarations
18	void CreateTask_spytask();
19	void boot();
20
21	//void __attribute__((naked,noinline)) sub_STUB_my() {
22	// asm volatile (
23	// "nop\n"
24	// );
25	//}
26
27	void taskCreateHook(int *p) {
28
29	int i;
30	int found=0;
31
32	if (aHookNum < 126)
33	{
34	if (*(p-17) > 0xff810000)
35	{
36	found=0;
37	for (i=0;i<aHookNum;i++)
38	{
39	if (aHookList[i]==p)
40	{
41	found=1;
42	}
43	}
44	if (found==0)
45	{
46	aHookList[aHookNum]=p;
47	aHookNum++;
48	}
49	}
50
51	}
52	p-=17;
53
54	//VERIFY_SD780 - MORE?
55	// if (p[0]==0x) p[0]=(int)capt_seq_task;
56	//Corrected by JHARP - if (p[0]==0xFF91A6AC) p[0]=(int)movie_record_task;
57	// task_InitFileModules
58	//if (p[0]==0xFF85D754) p[0]=(int)capt_seq_task;
59	if (p[0]==0xFF899CC4) p[0]=(int)exp_drv_task;
60	if (p[0]==0xFF91A6AC) p[0]=(int)movie_record_task;
61	if (p[0]==0xFF877DD0) p[0]=(int)init_file_modules_task;
62	//if (p[0]==0xFF877F84) p[0]=(int)init_file_modules_task;
63	/*
64	loc: 2f34f4 - data:ff8a6368 - *data: AFTask
65	loc: 2f2d14 - data:ff845914 - *data: ASIF
66	loc: 2f34a - data:ff8a57b8 - *data: AfIntSrvTask
67	loc: 2f287c - data:ff843884 - *data: AudioTsk
68	loc: 2f2d68 - data:ff8411cc - *data: BeepTask
69	loc: 2f36ec - data:ff8944f - *data: BrtMsrTask
70	loc: 2f2f6 - data:ff828c7c - *data: Bye
71	loc: 2f2bc4 - data:ff916cc - *data: CZ
72	loc: 2f2fc - data:ff85dc98 - *data: CaptSeqTask
73	loc: 2f3adc - data:ff8a12f - *data: ChaceFace
74	loc: 2f38 - data:ff877f94 - *data: CommonDrivers
75	loc: 2f3c8 - data:ff81be8 - *data: ConsoleSvr
76	loc: 2f2e1 - data:ff8733 - *data: CtrlSrv
77	loc: 2f314 - data:ff8f449 - *data: DPOFTask
78	loc: 2f3f2 - data:ff87fd1c - *data: DSITask
79	loc: 2f3b84 - data:ff89f48 - *data: DetectMoveTask
80	loc: 2f33a4 - data:ff9a473c - *data: DetectVerticalWound
81	loc: 2f335 - data:ff8a32ac - *data: DevelopModule
82	loc: 2f3b3 - data:ff8a12fc - *data: DispFace
83	loc: 2f3bd8 - data:ff86de34 - *data: EvShel
84	loc: 2f3698 - data:ff9ad1d8 - *data: ExpDrvSubTask
85	loc: 2f3644 - data:ff89b12c - *data: ExpDrvTask
86	loc: 2f3f74 - data:ff87fb4c - *data: FaceFrame
87	loc: 2f32 - data:ff8e3848 - *data: Fencing
88	loc: 2f2a74 - data:ff9115bc - *data: FocusLens
89	loc: 2f389 - data:ff8ef34 - *data: FolderCreateCheckTask
90	loc: 2f3b - data:ff84f6dc - *data: FsIoNotifyTask
91	loc: 2f28d - data:ff8419fc - *data: HdmiDriverTask
92	loc: 2f2c18 - data:ff917acc - *data: ISComTask
93	loc: 2f3cd4 - data:ff858aac - *data: ISMainTask
94	loc: 2f2924 - data:ff834e - *data: ImageSensorTask
95	loc: 2f2cc - data:ff855d8 - *data: ImgPlayDrv
96	loc: 2f35c - data:ff877f84 - *data: InitFileModules
97	loc: 2f2c6c - data:ff8426d - *data: LEDCon
98	loc: 2f32fc - data:ff9e365 - *data: LiveImageTask
99	loc: 2f3c2c - data:ff81bdfc - *data: LowConsole
100	loc: 2f3938 - data:ff8f1814 - *data: MetaCtg
101	loc: 2f3254 - data:ff8cd67 - *data: MotionVector
102	loc: 2f359c - data:ff89e178 - *data: OBCtrlTask
103	loc: 2f2e64 - data:ff821c78 - *data: PhySw
104	loc: 2f3a88 - data:ff8b24d8 - *data: PrcssFil
105	loc: 2f272c - data:ff852fc - *data: SD1stInit
106	loc: 2f32a8 - data:ff8cedd4 - *data: SceneDetectTask
107	loc: 2f3d28 - data:ff85cbf - *data: SsStartupTask
108	loc: 2f2eb8 - data:ff86391 - *data: SsTask
109	loc: 2f3e24 - data:ff8ab714 - *data: SsgMainTask
110	loc: 2f3e78 - data:ff8ab72 - *data: SsgPeriodTask
111	loc: 2f35f - data:ff829574 - *data: StartupImage
112	loc: 2f344c - data:ff8b2a1c - *data: SyncPeriod
113	loc: 2f33f8 - data:ff8b2a1 - *data: SynchTask
114	loc: 2f2fb4 - data:ff82984 - *data: TempCheck
115	loc: 2f3dd - data:ff8af358 - *data: TgTask
116	loc: 2f2978 - data:ff8462 - *data: Thermometer
117	loc: 2f3a34 - data:ff89d334 - *data: WBCtrl
118	loc: 2f3548 - data:ff88e4c - *data: WBIntegTask
119	loc: 2f3ecc - data:ff9bde7 - *data: WBLPFace
120	loc: 2f2828 - data:ff86d9 - *data: WdtPrint
121	loc: 2f27d4 - data:ff86d84 - *data: WdtReset
122	loc: 2f29cc - data:ff9168ac - *data: ZoomLens
123	loc: 2f2dbc - data:ff8645b - *data: errLogTask
124	*/
125
126	}
127
128	// ??? from sx10
129	void taskCreateHook2(int *p) {
130	p-=17;
131	//VERIFY_SD780 - Does this need to be here at all anymore?
132	//Uncomment if (p[0]==0xFF881534) p[0]=(int)init_file_modules_task;
133	if (p[0]==0xFF877DD0) p[0]=(int)init_file_modules_task;
134	}
135
136	int dumpCF90_SD7802() {
137
138	#define START_ADDRESS 0xCF00
139	#define START_ADDRESS2 0x1900
140	#define FWSIZE 0x3FF
141	char j[32];
142	int jF;
143
144	long l;
145	char filen[32];
146
147	l = _Fopen_Fut("A/0xCF90a.bin","ab");
148	_Fwrite_Fut((void*)(START_ADDRESS),1,FWSIZE,l);
149	_Fflush_Fut(l);
150	_Fclose_Fut(l);
151	l = _Fopen_Fut("A/0xCF90b.bin","ab");
152	_Fwrite_Fut((void*)(START_ADDRESS2),1,FWSIZE,l);
153	_Fflush_Fut(l);
154	_Fclose_Fut(l);
155
156	//jF = open("/_term", O_RDONLY,0777);
157	//getc()
158	//sprintf(filen, "open(%8x)", jF);
159
160	//draw_txt_string(20, 12, filen, conf.osd_color);
161
162	// int fd;
163
164	// script_console_add_line(buf);
165	// script_console_draw();
166
167	//char filen=malloc(16);
168	//int i;
169	//for (i=0x4; i>0; i = i << 1) {
170	// sprintf(filen, "A/crash_%i_.log", i);
171	// fd = open("A/crash.log", O_WRONLY\|O_CREAT\|O_APPEND, 0777);
172	// write(fd, buf, len);
173	// close(jF);
174
175
176
177	// char Tfilename = (char) 0xFF814E64;
178
179
180	// l=(void*)Fopen_Fut(Tfilename,"r");
181	// Fread_Fut(j,1,31,l);
182	// draw_txt_string(26, 14, j, conf.osd_color);
183	//Fclose_Fut(l);
184	//save_rom_log();
185	return 0;
186	}
187
188
189	void __attribute__((naked,noinline)) task_blinker() {
190
191	int i;
192	_SleepTask(5000);
193	while(1){
194	draw_txt_string(27, 12, "Str_ShowAllTaskInfo", 200);
195	dumpCF90_SD7802();
196	_SleepTask(1000);
197	draw_txt_string(27, 12, "End_ShowAllTaskInfo", 200);
198	}
199	};
200
201	void CreateTask_blinker() {
202	_CreateTask("Blinker", 0x1, 0x200, task_blinker, 0);
203	};
204
205
206	void boot() { //#fs
207	long canon_data_src = (void)0xFFB513B0; //From end of first function
208	long canon_data_dst = (void)0x1900; //From end of first function
209	long canon_data_len = 0xCDAC - 0x1900; // data_end - data_start
210	long canon_bss_start = (void)0xCDAC; // just after data
211	long canon_bss_len = 0x146B8C - 0xCDAC; //In loop at end of first function
212
213	long i;
214
215
216	// enable caches and write buffer... this is a carryover from old dryos ports, may not be useful
217	// SD780 still has this in first function VERIFY_SD780
218	asm volatile (
219	"MRC p15, 0, R0,c1,c0\n"
220	"ORR R0, R0, #0x1000\n"
221	"ORR R0, R0, #4\n"
222	"ORR R0, R0, #1\n"
223	"MCR p15, 0, R0,c1,c0\n"
224	:::"r0");
225
226	for(i=0;i<canon_data_len/4;i++)
227	canon_data_dst[i]=canon_data_src[i];
228
229	for(i=0;i<canon_bss_len/4;i++)
230	canon_bss_start[i]=0;
231
232	// see http://chdk.setepontos.com/index.php/topic,2972.msg30712.html#msg30712
233
234	(int)0x1934=(int)taskCreateHook;
235	(int)0x1938=(int)taskCreateHook2; //VERIFY_SD780
236
237	/*
238	// ROM:FF842A90 sub_FF842A90 ; CODE XREF: sub_FF821B7Cj
239	// ROM:FF842A90 STMFD SP!, {R4,LR}
240	// ROM:FF842A94 LDR R4, =0x2278
241	// ROM:FF842A98 MOV R0, #0
242	// ROM:FF842A9C STR R0, [R4,#4]
243	// ROM:FF842AA0 BL sub_FF828C8C
244	// ROM:FF842AA4 CMP R0, #0
245	// ROM:FF842AA8 LDRNE R0, [R4,#4]
246	// ROM:FF842AAC ORRNE R0, R0, #0x800000
247	// ROM:FF842AB0 STRNE R0, [R4,#4]
248	// ROM:FF842AB4 LDR R0, =0xC02200C0
249	// ROM:FF842AB8 BL sub_FF84321C
250	// ROM:FF842ABC CMP R0, #0
251	// ROM:FF842AC0 LDREQ R0, [R4,#4]
252	// ROM:FF842AC4 ORREQ R0, R0, #0x200000
253	// ROM:FF842AC8 STREQ R0, [R4,#4]
254	// ROM:FF842ACC LDR R0, =0xC02200CC
255	// ROM:FF842AD0 BL sub_FF84321C
256	// ROM:FF842AD4 CMP R0, #0
257	// ROM:FF842AD8 LDREQ R0, [R4,#4]
258	// ROM:FF842ADC ORREQ R0, R0, #0x400000
259	// ROM:FF842AE0 STREQ R0, [R4,#4]
260	// ROM:FF842AE4 LDMFD SP!, {R4,PC}
261	// ROM:FF842AE4 ; End of function sub_FF842A90
262	*/
263
264	// Search on 0x12345678 finds function that is called from function with this code (SD780 0xFF842A90)
265	(int)(0x227C)= ((int)0xC02200C0)&1 ? 0x400000 : 0x200000; //VERIFY_SD780 replacement of sub_FF842A90/sub_FF821B7C for correct power-on.
266
267	// jump to init-sequence that follows the data-copy-routine
268	asm volatile ("B sub_FF8101A0_my\n");
269	}
270
271	//SD780 - ASM matches but comments are unknown if correct....
272	void __attribute__((naked,noinline)) sub_FF8101A0_my() {
273	asm volatile (
274	" LDR R0, =0xFF810218\n" // exception handler code
275	" MOV R1, #0\n"
276	" LDR R3, =0xFF810250\n"
277	"loc_FF8101AC:\n"
278	" CMP R0, R3\n" // load exception vector
279	" LDRCC R2, [R0],#4\n"
280	" STRCC R2, [R1],#4\n"
281	" BCC loc_FF8101AC\n"
282	" LDR R0, =0xFF810250\n"
283	" MOV R1, #0x4B0\n"
284	" LDR R3, =0xFF810464\n"
285	"loc_FF8101C8:\n"
286	" CMP R0, R3\n" // copy IRQ handler to ITCM starting at 0x4b0, 532 bytes up to 0x6C4
287	" LDRCC R2, [R0],#4\n"
288	" STRCC R2, [R1],#4\n"
289	" BCC loc_FF8101C8\n"
290	" MOV R0, #0xD2\n"
291	" MSR CPSR_cxsf, R0\n" // set CPSR mode = IRQ, ints disabled
292	" MOV SP, #0x1000\n" // irq mode SP
293	" MOV R0, #0xD3\n"
294	" MSR CPSR_cxsf, R0\n" // set CPSR mode = Super, ints disabled
295	" MOV SP, #0x1000\n" // super mode SP
296	" LDR R0, =0x6C4\n"
297	" LDR R2, =0xEEEEEEEE\n"
298	" MOV R3, #0x1000\n"
299	"loc_FF8101FC:\n"
300	" CMP R0, R3\n" // clear ITCM 0x6C4-end with EEEEEEEE
301	" STRCC R2, [R0],#4\n"
302	" BCC loc_FF8101FC\n"
303	" BL sub_FF810FC4_my\n" //->my
304	);
305	}
306
307	//SD780 - ASM matches
308	void __attribute__((naked,noinline)) sub_FF810FC4_my() {
309	asm volatile (
310	" STR LR, [SP,#-4]!\n"
311	" SUB SP, SP, #0x74\n"
312	" MOV R0, SP\n"
313	" MOV R1, #0x74\n"
314	" BL sub_FFAC7EFC\n"
315	" MOV R0, #0x53000\n"
316	" STR R0, [SP,#4]\n"
317
318	" LDR R0, =new_sa\n" //Replaces original start location 0x146B8C
319	" LDR R0, [R0]\n" //
320
321	" LDR R2, =0x2F9C00\n"
322	" LDR R1, =0x2F24A8\n"
323	" STR R0, [SP,#8]\n"
324	" SUB R0, R1, R0\n"
325	" ADD R3, SP, #0xC\n"
326	" STR R2, [SP]\n"
327	" STMIA R3, {R0-R2}\n"
328	" MOV R0, #0x22\n"
329	" STR R0, [SP,#0x18]\n"
330	" MOV R0, #0x68\n"
331	" STR R0, [SP,#0x1C]\n"
332	" LDR R0, =0x19B\n"
333	" LDR R1, =sub_FF814D38_my\n"
334	" STR R0, [SP,#0x20]\n"
335	" MOV R0, #0x96\n"
336	" STR R0, [SP,#0x24]\n"
337	" MOV R0, #0x78\n"
338	" STR R0, [SP,#0x28]\n"
339	" MOV R0, #0x64\n"
340	" STR R0, [SP,#0x2C]\n"
341	" MOV R0, #0\n"
342	" STR R0, [SP,#0x30]\n"
343	" STR R0, [SP,#0x34]\n"
344	" MOV R0, #0x10\n"
345	" STR R0, [SP,#0x5C]\n"
346	" MOV R0, #0x800\n"
347	" STR R0, [SP,#0x60]\n"
348	" MOV R0, #0xA0\n"
349	" STR R0, [SP,#0x64]\n"
350	" MOV R0, #0x280\n"
351	" STR R0, [SP,#0x68]\n"
352	" MOV R0, SP\n"
353	" MOV R2, #0\n"
354	" BL sub_FF812D68\n"
355	" ADD SP, SP, #0x74\n"
356	" LDR PC, [SP],#4\n"
357	);
358	}
359
360	//SD780 - ASM matches
361	void __attribute__((naked,noinline)) sub_FF814D38_my() {
362	asm volatile (
363	" STMFD SP!, {R4,LR}\n"
364	" BL sub_FF810954\n"
365	" BL sub_FF8190B4\n" // dmSetup
366	" CMP R0, #0\n"
367	" LDRLT R0, =0xFF814E4C\n" // "dmSetup"
368	" BLLT sub_FF814E2C\n" // err_init_task
369	" BL sub_FF814974\n"
370	" CMP R0, #0\n"
371	" LDRLT R0, =0xFF814E54\n" // "termDriverInit"
372	" BLLT sub_FF814E2C\n" // err_init_task
373	" LDR R0, =0xFF814E64\n" // "/_term"
374	" BL sub_FF814A5C\n" // termDeviceCreate
375	" CMP R0, #0\n"
376	" LDRLT R0, =0xFF814E6C\n" // "termDeviceCreate"
377	" BLLT sub_FF814E2C\n" // err_init_task
378	" LDR R0, =0xFF814E64\n" // "/_term"
379	" BL sub_FF813578\n" // stdioSetup //VERIFY_SD780 testing
380	" CMP R0, #0\n"
381	" LDRLT R0, =0xFF814E80\n" // "stdioSetup"
382	" BLLT sub_FF814E2C\n" // err_init_task
383	" BL sub_FF818BCC\n" // stdlibSetup
384	" CMP R0, #0\n"
385	" LDRLT R0, =0xFF814E8C\n" // "stdlibSetup"
386	" BLLT sub_FF814E2C\n" // err_init_task
387	" BL sub_FF8114A8\n"
388	" CMP R0, #0\n"
389	" LDRLT R0, =0xFF814E98\n" // "armlib_setup"
390	" BLLT sub_FF814E2C\n" // err_init_task
391	" LDMFD SP!, {R4,LR}\n"
392	" B taskcreate_Startup_my\n"
393	);
394	}
395
396	//SD780 - ASM matches
397	void __attribute__((naked,noinline)) taskcreate_Startup_my() { //0xFF81C260
398	asm volatile (
399	" STMFD SP!, {R3,LR}\n"
400	" BL sub_FF821B74\n" //nullsub
401	" BL sub_FF828C8C\n"
402	" CMP R0, #0\n"
403	" BNE loc_FF81C298\n"
404	" BL sub_FF821B70\n"
405	" CMP R0, #0\n"
406	" BNE loc_FF81C298\n"
407	" BL sub_FF82123C\n"
408	" LDR R1, =0xC0220000\n"
409	" MOV R0, #0x44\n"
410	" STR R0, [R1,#0x1C]\n"
411	" BL sub_FF821428\n"
412	"loc_FF81C294:\n"
413	" B loc_FF81C294\n"
414	"loc_FF81C298:\n"
415	//" BL sub_FF821B7C\n" // VERIFY_SD780 is this true? - removed for correct power-on on 'on/off' button. Hmm seems fine...
416	" BL sub_FF821B78\n" //nullsub
417	" BL sub_FF826F44\n"
418	" LDR R1, =0x34E000\n"
419	" MOV R0, #0\n"
420	" BL sub_FF82738C\n"
421	" BL sub_FF827138\n" // LOCATION: KerSys.c:548
422	" MOV R3, #0\n"
423	" STR R3, [SP]\n"
424	" LDR R3, =task_Startup_my\n" // ->
425	" MOV R2, #0\n"
426	" MOV R1, #0x19\n"
427	" LDR R0, =0xFF81C2E0\n" // "Startup"
428	" BL sub_FF81AFAC\n" // eventproc_export_CreateTask ; LOCATION: KerTask.c:163\n"
429	" MOV R0, #0\n"
430	" LDMFD SP!, {R12,PC}\n"
431	);
432	}
433
434
435	//SD780 - ASM matches - Original location 0xFF81C1FC
436	void __attribute__((naked,noinline)) task_Startup_my() {
437	asm volatile (
438	" STMFD SP!, {R4,LR}\n"
439	" BL sub_FF815394\n" // taskcreate_ClockSave
440	" BL sub_FF822C58\n"
441	" BL sub_FF820F04\n"
442	" BL sub_FF828CCC\n" // j_nullsub
443	" BL sub_FF828EB0\n"
444	//" BL sub_FF828D60\n" //diskboot loop - VERIFY_SD780
445	);
446
447	CreateTask_spytask();
448	// CreateTask_blinker();
449
450	asm volatile (
451	" BL sub_FF829054\n"
452	" BL sub_FF81FB90\n"
453	" BL sub_FF828EE0\n"
454	" BL sub_FF826544\n"
455	" BL sub_FF829058\n"
456	" BL sub_FF821A70_my\n" // taskcreate_PhySw
457	" BL sub_FF824A98_my\n" // taskcreate_SsTask -> for shoot seq stuff
458	" BL sub_FF829070\n"
459	" BL sub_FF81EFB0\n" // nullsub
460	" BL sub_FF820808\n"
461	" BL sub_FF828A68\n" // taskcreate_Bye
462	" BL sub_FF820EB4\n"
463	" BL sub_FF820714\n" // taskcreate_TempCheck
464	" BL sub_FF81FBC4\n"
465	" BL sub_FF829AEC\n"
466	" BL sub_FF8206EC\n"
467	" LDMFD SP!, {R4,LR}\n"
468	" B sub_FF8154B4\n" // _sub_FF8154B4__MLHClock_c__0 ; LOCATION: MLHClock.c:0
469	);
470	}
471
472	//SD780 - ASM matches
473	void __attribute__((naked,noinline)) sub_FF824A98_my() {
474	asm volatile (
475	" STMFD SP!, {R4,LR}\n"
476	" MOV R0, #0\n"
477	" MOV R1, #0\n"
478	" BL sub_FF8271E4\n" // KernelMisc.c:43
479	" LDR R4, =0x1C48\n"
480	" STR R0, [R4,#4]\n"
481	" BL sub_FF862108\n"
482	" BL sub_FF863818\n" // -> taskcreate_SsTask
483	" BL sub_FF861238\n"
484	" BL sub_FF85C228_my\n"
485	" BL sub_FF8623EC\n"
486	" LDR R0, [R4,#4]\n"
487	" LDMFD SP!, {R4,LR}\n"
488	" MOV R1, #0x1000\n"
489	" B sub_FF866178\n"
490	);
491	}
492
493	//SD780 - ASM matches
494	void __attribute__((naked,noinline)) sub_FF85C228_my() {
495	asm volatile (
496	" STMFD SP!, {R4,LR}\n"
497	" LDR R4, =0x28E4\n"
498	" LDR R0, [R4,#0xC]\n"
499	" CMP R0, #0\n"
500	" BNE loc_FF85C294\n"
501	" BL sub_FF85FA38\n" // nullsub
502	" MOV R1, #1\n"
503	" MOV R0, #0\n"
504	" BL sub_FF827208\n" // KernelMisc.c:55
505	" STR R0, [R4,#4]\n"
506	" MOV R0, #0\n"
507	" MOV R1, #8\n"
508	" BL sub_FF8271E4\n" // KernelMisc.c:43
509	" STR R0, [R4,#0x8]\n"
510	" BL sub_FF85C590\n"
511	" BL sub_FF85CD18\n"
512	" MOV R0, #0\n"
513	" STR R0, [R4]\n"
514	" ADD R0, R4, #0x10\n"
515	" MOV R1, #0\n"
516	" STR R1, [R0],#4\n"
517	" STR R1, [R0]\n"
518	" BL sub_FF85CF20\n"
519	" BL sub_FF8625F4\n"
520	" BL sub_FF85FD7C\n"
521	" BL sub_FF85DA4C_my\n" // ->taskcreate_CaptSeqTask
522	" BL sub_FF85EA10\n"
523
524	"loc_FF85C294:\n"
525	" MOV R0, #1\n"
526	" STR R0, [R4,#0xC]\n"
527	" LDMFD SP!, {R4,PC}\n"
528	);
529	}
530
531	//SD780 - ASM matches
532	void __attribute__((naked,noinline)) sub_FF85DA4C_my() {
533	asm volatile (
534	" STMFD SP!, {R3-R5,LR}\n"
535	" LDR R2, =0x1446C\n"
536	" MOV R0, #0\n"
537	" MOV R1, #0\n"
538
539	"loc_FF85DA5C:\n"
540	" ADD R3, R2, R0,LSL#4\n"
541	" ADD R0, R0, #1\n"
542	" CMP R0, #5\n"
543	" STR R1, [R3,#8]\n"
544	" BCC loc_FF85DA5C\n"
545	" BL sub_FF85E55C\n"
546	" BL sub_FF9202C4\n"
547	" MOV R1, #5\n"
548	" MOV R0, #0\n"
549	" BL sub_FF8271C0\n" // KernelMisc.c:31
550	" LDR R4, =0x291C\n"
551	" LDR R1, =0x101DFF\n"
552	" STR R0, [R4,#0x4]\n"
553	" MOV R0, #0\n"
554	" BL sub_FF8271E4\n" // KernelMisc.c:43
555	" STR R0, [R4]\n"
556	" MOV R0, #0\n"
557	" MOV R1, #1\n"
558	" BL sub_FF827208\n" // KernelMisc.c:55
559	" STR R0, [R4,#0x8]\n"
560	" MOV R3, #0\n"
561	" STR R3, [SP]\n"
562	" LDR R3, =task_CaptSeqTask_my\n"
563	" LDR R0, =0xFF85DC98\n" // "CaptSeqTask"
564	" MOV R2, #0x1000\n"
565	" MOV R1, #0x17\n"
566	" BL sub_FF82718C\n"// KernelCreateTask ; LOCATION: KernelMisc.c:19
567	" LDMFD SP!, {R3-R5,PC}\n"
568	);
569	}
570
571	//SD780 - ASM matches
572	void __attribute__((naked,noinline)) sub_FF821A70_my() {
573	asm volatile (
574	" STMFD SP!, {R3-R5,LR}\n"
575	" LDR R4, =0x1C28\n"
576	" LDR R0, [R4,#0x10]\n"
577	" CMP R0, #0\n"
578	" BNE loc_FF821AA4\n"
579	" MOV R3, #0\n"
580	" STR R3, [SP]\n"
581	" LDR R3, =mykbd_task\n" // task_PhySw
582	" MOV R2, #0x2000\n" // Increate stack size from 0x800 to 0x2000 for new task_PhySw so we don't have to do stack switch
583	" MOV R1, #0x17\n"
584	" LDR R0, =0xFF821C78\n" // "PhySw"
585	" BL sub_FF82718C\n" // KernelCreateTask
586	" STR R0, [R4,#0x10]\n"
587
588	"loc_FF821AA4:\n"
589	" BL sub_FF86C714\n"
590	" BL sub_FF846654\n" // IsFactoryMode
591	" CMP R0, #0\n"
592	" LDREQ R1, =0xE244\n"
593	" LDMEQFD SP!, {R3-R5,LR}\n"
594	" BEQ sub_FF86C69C\n" // eventproc_export_OpLog_Start
595	" LDMFD SP!, {R3-R5,PC}\n"
596	);
597	}
598
599	//VERIFY_SD780 - What does this do for us?
600	void CreateTask_spytask() {
601	_CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
602	}
603
604
605	//SD780 - ASM Matches - Original location 0xFF877DD0
606	void __attribute__((naked,noinline)) init_file_modules_task() {
607	asm volatile (
608	" STMFD SP!, {R4-R6,LR}\n"
609	" BL sub_FF86EB24\n"
610	" LDR R5, =0x5006\n"
611	" MOVS R4, R0\n"
612	" MOVNE R1, #0\n"
613	" MOVNE R0, R5\n"
614	" BLNE sub_FF873978\n" // PostLogicalEventToUI
615	" BL sub_FF86EB50_my\n" // ->
616	" BL core_spytask_can_start\n" // + safe to start spytask
617	" CMP R4, #0\n"
618	" MOVEQ R0, R5\n"
619	" LDMEQFD SP!, {R4-R6,LR}\n"
620	" MOVEQ R1, #0\n"
621	" BEQ sub_FF873978\n" // PostLogicalEventToUI
622	" LDMFD SP!, {R4-R6,PC}\n"
623	);
624	}
625
626	//SD780 - ASM matches
627	void __attribute__((naked,noinline)) sub_FF86EB50_my() {
628	asm volatile (
629	" STMFD SP!, {R4,LR}\n"
630	" MOV R0, #3\n"
631	" BL sub_FF852020_my\n" // -> //Mounter.c
632	//" BL nullsub_95\n"
633	" LDR R4, =0x2C94\n"
634	" LDR R0, [R4,#4]\n"
635	" CMP R0, #0\n"
636	" BNE loc_FF86EB88\n"
637	" BL sub_FF8513E4\n"
638	" BL sub_FF8ED998\n"
639	" BL sub_FF8513E4\n"
640	" BL sub_FF84D438\n"
641	" BL sub_FF8512E4\n"
642	" BL sub_FF8EDA64\n"
643	"loc_FF86EB88:\n"
644	" MOV R0, #1\n"
645	" STR R0, [R4]\n"
646	" LDMFD SP!, {R4,PC}\n"
647	);
648	}
649
650	//SD780 - ASM matches
651	void __attribute__((naked,noinline)) sub_FF852020_my() {
652	asm volatile (
653
654	" STMFD SP!, {R4-R8,LR}\n"
655	" MOV R6, R0\n"
656	" BL sub_FF851F88\n"
657	" LDR R1, =0x10938\n"
658	" MOV R5, R0\n"
659	" ADD R4, R1, R0, LSL#7\n"
660	" LDR R0, [R4,#0x70]\n"
661	" CMP R0, #4\n"
662	" LDREQ R1, =0x6D8\n"
663	" LDREQ R0, =0xFF851AAC\n"
664	" BLEQ sub_FF81B284\n"
665	" MOV R1, R6\n"
666	" MOV R0, R5\n"
667	" BL sub_FF8519F4\n" // LOCATION: Mounter.c:824// Original
668	" LDR R0, [R4,#0x38]\n"
669	" BL sub_FF85254C\n"
670	" CMP R0, #0\n"
671	" STREQ R0, [R4,#0x70]\n"
672	" MOV R0, R5\n"
673	" BL sub_FF851ACC\n"
674	" MOV R0, R5\n"
675	" BL sub_FF851DC0_my\n"
676	" MOV R7, R0\n"
677	" MOV R0, R5\n"
678	" BL sub_FF851E24\n" // LOCATION: Mounter.c:8// Original
679	" LDR R1, [R4,#0x3C]\n"
680	" AND R2, R7, R0\n"
681	" CMP R1, #0\n"
682	" MOV R0, #0\n"
683	" MOVEQ R0, #0x80000001\n"
684	" BEQ loc_FF8520C8\n"
685	" LDR R3, [R4,#0x2C]\n"
686	" CMP R3, #2\n"
687	" MOVEQ R0, #4\n"
688	" CMP R1, #5\n"
689	" ORRNE R0, R0, #1\n"
690	" BICEQ R0, R0, #1\n"
691	" CMP R2, #0\n"
692	" BICEQ R0, R0, #2\n"
693	" ORREQ R0, R0, #0x80000000\n"
694	" BICNE R0, R0, #0x80000000\n"
695	" ORRNE R0, R0, #2\n"
696	"loc_FF8520C8:\n"
697	" CMP R6, #7\n"
698	" STR R0, [R4,#0x40]\n"
699	" LDMNEFD SP!, {R4-R8,PC}\n"
700	" MOV R0, R6\n"
701	" BL sub_FF851FD8\n"
702	" CMP R0, #0\n"
703	" LDMEQFD SP!, {R4-R8,LR}\n"
704	" LDREQ R0,=0xFF8522C4\n"
705	" BEQ sub_FF8115A8\n"
706	" LDMFD SP!, {R4-R6,PC}\n"
707	);
708	}
709
710	//SD780 - ASM matches - Note support of FAT32 is OFF
711	void __attribute__((naked,noinline)) sub_FF851DC0_my() {
712	asm volatile (
713	" STMFD SP!, {R4-R6,LR}\n"
714	" MOV R5, R0\n"
715	" LDR R0, =0x10938\n"
716	" ADD R4, R0, R5,LSL#7\n"
717	" LDR R0, [R4,#0x70]\n"
718	" TST R0, #2\n"
719	" MOVNE R0, #1\n"
720	" LDMNEFD SP!, {R4-R6,PC}\n"
721	" LDR R0, [R4,#0x38]\n"
722	" MOV R1, R5\n"
723	" BL sub_FF851B50_my\n" // -> FAT32 Support //VERIFY_SD780
724	//" BL sub_FF851B50\n" // -> is Mounter.c
725	" CMP R0, #0\n"
726	" LDMEQFD SP!, {R4-R6,PC}\n"
727	" LDR R0, [R4,#0x38]\n"
728	" MOV R1, R5\n"
729	" BL sub_FF851CBC\n" // LOCATION: Mounter.c:0
730	" CMP R0, #0\n"
731	" LDMEQFD SP!, {R4-R6,PC}\n"
732	" MOV R0, R5\n"
733	" BL sub_FF8515DC\n"
734	" CMP R0, #0\n"
735	" LDRNE R1, [R4,#0x70]\n"
736	" ORRNE R1, R1, #2\n"
737	" STRNE R1, [R4,#0x70]\n"
738	" LDMFD SP!, {R4-R6,PC}\n"
739	);
740	}
741
742
743	//VERIFY_SD780 - FAT32 is OFF
744	void __attribute__((naked,noinline)) sub_FF851B50_my() { //Need to fix
745	asm volatile (
746	" STMFD SP!, {R4-R8,LR}\n"
747	" MOV R8, R0\n"
748	//" MOV R0, #0x17\n"
749	//" MUL R1, R0, R1\n"
750	" LDR R0, =0x10938\n"
751	" MOV R7, #0\n"
752	" ADD R5, R0, R1,LSL#7\n"
753	" LDR R0, [R5,#0x3C]\n"
754	" MOV R6, #0\n"
755	" CMP R0, #7\n"
756	" ADDLS PC, PC, R0,LSL#2\n"
757	" B loc_FF851CA0\n"
758	" B loc_FF851BB0\n"
759	" B loc_FF851B98\n"
760	" B loc_FF851B98\n"
761	" B loc_FF851B98\n"
762	" B loc_FF851B98\n"
763	" B loc_FF851C98\n"
764	" B loc_FF851B98\n"
765	" B loc_FF851B98\n"
766	"loc_FF851B98:\n"
767	// jumptable FF851B70 entries 1-4,6,7
768	" MOV R2, #0\n"
769	" MOV R1, #0x200\n"
770	" MOV R0, #2\n"
771	" BL sub_FF868C1C\n"
772	" MOVS R4, R0\n"
773	" BNE loc_FF851BB8\n"
774	"loc_FF851BB0:\n"
775	// jumptable FF851B70 entry 0
776	" MOV R0, #0\n"
777	" LDMFD SP!, {R4-R8,PC}\n"
778	"loc_FF851BB8:\n"
779	" LDR R12, [R5,#0x4C]\n"
780	" MOV R3, R4\n"
781	" MOV R2, #1\n"
782	" MOV R1, #0\n"
783	" MOV R0, R8\n"
784	//" BLX R12\n" //-
785	" MOV LR, PC\n" //+
786	" MOV PC, R12\n" //+
787	" CMP R0, #1\n"
788	" BNE loc_FF851BE4\n"
789	" MOV R0, #2\n"
790	" BL sub_FF868D68\n" // LOCATION: ExMemMan.c:0
791	" B loc_FF851BB0\n"
792	"loc_FF851BE4:\n"
793	" LDR R1, [R5,#0x68]\n"
794	" MOV R0, R8\n"
795	//" BLX R1\n" //FF851BEC //-
796	" MOV LR, PC\n" //+
797	" MOV PC, R1\n" //+
798
799
800
801	"MOV R1, R4\n" // pointer to MBR in R1
802	"BL mbr_read_dryos\n" // total sectors count in R0 before and after call
803
804	// Start of DataGhost's FAT32 autodetection code
805	// Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
806	// According to the code below, we can use R1, R2, R3 and R12.
807	// LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
808	// that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
809	"MOV R12, R4\n" // Copy the MBR start address so we have something to work with
810	"MOV LR, R4\n" // Save old offset for MBR signature
811	"MOV R1, #1\n" // Note the current partition number
812	"B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
813	"dg_sd_fat32:\n"
814	"CMP R1, #4\n" // Did we already see the 4th partition?
815	"BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
816	"ADD R12, R12, #0x10\n" // Second partition
817	"ADD R1, R1, #1\n" // Second partition for the loop
818	"dg_sd_fat32_enter:\n"
819	"LDRB R2, [R12, #0x1BE]\n" // Partition status
820	"LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
821	"CMP R3, #0xB\n" // Is this a FAT32 partition?
822	"CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
823	"BNE dg_sd_fat32\n" // No, it isn't. Loop again.
824	"CMP R2, #0x00\n" // It is, check the validity of the partition type
825	"CMPNE R2, #0x80\n"
826	"BNE dg_sd_fat32\n" // Invalid, go to next partition
827	// This partition is valid, it's the first one, bingo!
828	// "LDR R0, =0xC0223000\n"
829	// "MOV R7, #0x46\n"
830	// "STR R7, [R0, #0x30]\n"
831	"MOV R4, R12\n" // Move the new MBR offset for the partition detection.
832
833	"dg_sd_fat32_end:\n"
834	// End of DataGhost's FAT32 autodetection code
835	//FF851BF0
836	" LDRB R1, [R4,#0x1C9]\n"
837	" LDRB R3, [R4,#0x1C8]\n"
838	" LDRB R12, [R4,#0x1CC]\n"
839	" MOV R1, R1,LSL#24\n"
840	" ORR R1, R1, R3,LSL#16\n"
841	" LDRB R3, [R4,#0x1C7]\n"
842	" LDRB R2, [R4,#0x1BE]\n"
843	//" LDRB LR, [R4,#0x1FF]\n" // -
844	" ORR R1, R1, R3,LSL#8\n"
845	" LDRB R3, [R4,#0x1C6]\n"
846	" CMP R2, #0\n"
847	" CMPNE R2, #0x80\n"
848	" ORR R1, R1, R3\n"
849	" LDRB R3, [R4,#0x1CD]\n"
850	" MOV R3, R3,LSL#24\n"
851	" ORR R3, R3, R12,LSL#16\n"
852	" LDRB R12, [R4,#0x1CB]\n"
853	" ORR R3, R3, R12,LSL#8\n"
854	" LDRB R12, [R4,#0x1CA]\n"
855	" ORR R3, R3, R12\n"
856
857	//fix below
858	//" LDRB R12, [R4,#0x1FE]\n" // -
859	" LDRB R12, [LR,#0x1FE]\n" // +
860	" LDRB LR, [LR,#0x1FF]\n" // +
861	//At ff851c44
862	" MOV R4, #0\n"
863	" BNE loc_FF851C70\n"
864	" CMP R0, R1\n"
865	" BCC loc_FF851C70\n"
866	" ADD R2, R1, R3\n"
867	" CMP R2, R0\n"
868	" CMPLS R12, #0x55\n"
869	" CMPEQ LR, #0xAA\n"
870	" MOVEQ R7, R1\n"
871	" MOVEQ R6, R3\n"
872	" MOVEQ R4, #1\n"
873	"loc_FF851C70:\n"
874	" MOV R0, #2\n"
875	" BL sub_FF868D68\n" // LOCATION: ExMemMan.c:0
876	" CMP R4, #0\n"
877	" BNE loc_FF851CAC\n"
878	//was a non-comment LDR R1, [R5,#0x68]
879	" LDR R1, [R5,#0x68]\n"
880	" MOV R7, #0\n"
881	" MOV R0, R8\n"
882	//" BL sub_FF9214E8\n"
883	//" BLX R1\n" //-
884	" MOV LR, PC\n" //+
885	" MOV PC, R1\n" //+
886
887	" MOV R6, R0\n"
888	" B loc_FF851CAC\n"
889	"loc_FF851C98:\n"
890	// jumptable FF851B70 entry 5
891	" MOV R6, #0x40\n"
892	" B loc_FF851CAC\n"
893	"loc_FF851CA0:\n"
894	// jumptable FF851B70 default entry
895	" LDR R1, =0x5C9\n"
896	" LDR R0, =0xFF851AAC\n" // "Mounter.c"
897	" BL sub_FF81B284\n" // DebugAssert
898	" loc_FF851CAC:\n"
899	" STR R7, [R5,#0x44]!\n"
900	" MOV R0, #1\n"
901	" STR R6, [R5,#4]\n"
902	" LDMFD SP!, {R4-R8,PC}\n"
903	);
904	}
905

Note: See TracBrowser for help on using the repository browser.

Download in other formats: