Context Navigation

boot.c @ 750

Revision 750, 57.9 KB (checked in by phyrephox, 4 years ago)
+ extra long exposure for a570 (ewavr, fudgey - 101a unverified) s5is (ewavr, both unverified) ixus70 (quietschi, 100c & 101b unverified) test and report here: http://chdk.setepontos.com/index.php/topic,3461.0.html
Property svn:eol-style set to `native`

Line
1	#include "lolevel.h"
2	#include "platform.h"
3	#include "core.h"
4
5	const char * const new_sa = &_end;
6
7	/* Our stuff */
8	extern long wrs_kernel_bss_start;
9	extern long wrs_kernel_bss_end;
10
11	// Forward declarations
12	void CreateTask_blinker();
13	void CreateTask_PhySw();
14	void CreateTask_spytask();
15
16	void boot();
17	void __attribute__((naked,noinline)) task_blinker();
18	void dump_chdk();
19
20	void taskCreateHook(int *p) {
21	p-=16;
22	if (p[0]==0xFF862F10) p[0]=(int)movie_record_task;
23	if (p[0]==0xFF8D3888) p[0]=(int)exp_drv_task;
24	}
25
26	////////////////////////////////////////////////////////////////////////////////
27	// Note to developers:
28	// The code below is just somewhat annotated in an attempt to figure out what
29	// the camera does. I left it in, it might be of some use to someone someday.
30	// Occasionally, I added the .ltorg directive, because the compiler/assembler
31	// isn't smart enough to place it somewhere sensible. Remember to bypass
32	// (B new_location) that directive if you really MUST place it in the middle
33	// of your code.
34	////////////////////////////////////////////////////////////////////////////////
35
36
37	#define DEBUG_LED 0xC02200D4 // Red led (lower-right corner) normally indicating SD read/write
38
39	void boot() {
40	asm volatile ("B sub_FF81000C_my\n");
41	};
42
43
44	void __attribute__((naked,noinline)) sub_FF81000C_my() {
45	asm volatile (
46	"LDR R1, =0xC0400004\n"
47	"LDR R2, [R1]\n"
48	"ORR R2, R2, #2\n"
49	"STR R2, [R1]\n"
50	"LDR R1, =0xC0410000\n"
51	"MOV R0, #0\n"
52	"STR R0, [R1]\n"
53	"MOV R1, #0x78\n"
54	"MCR p15, 0, R1,c1,c0\n"
55	"MOV R1, #0\n"
56	"MCR p15, 0, R1,c7,c10, 4\n"
57	"MCR p15, 0, R1,c7,c5\n"
58	"MCR p15, 0, R1,c7,c6\n"
59	"MOV R0, #0x3D\n"
60	"MCR p15, 0, R0,c6,c0\n"
61	"MOV R0, #0xC000002F\n"
62	"MCR p15, 0, R0,c6,c1\n"
63	"MOV R0, #0x33\n"
64	"MCR p15, 0, R0,c6,c2\n"
65	"LDR R0, =0x10000033\n"
66	"MCR p15, 0, R0,c6,c3\n"
67	"MOV R0, #0x40000017\n"
68	"MCR p15, 0, R0,c6,c4\n"
69	"LDR R0, =0xFF80002D\n"
70	"MCR p15, 0, R0,c6,c5\n"
71	"MOV R0, #0x34\n"
72	"MCR p15, 0, R0,c2,c0\n"
73	"MOV R0, #0x34\n"
74	"MCR p15, 0, R0,c2,c0, 1\n"
75	"MOV R0, #0x34\n"
76	"MCR p15, 0, R0,c3,c0\n"
77	"LDR R0, =0x3333330\n"
78	"MCR p15, 0, R0,c5,c0, 2\n"
79	"LDR R0, =0x3333330\n"
80	"MCR p15, 0, R0,c5,c0, 3\n"
81	"MRC p15, 0, R0,c1,c0\n"
82	"ORR R0, R0, #0x1000\n"
83	"ORR R0, R0, #4\n"
84	"ORR R0, R0, #1\n"
85	"MCR p15, 0, R0,c1,c0\n"
86	"MOV R1, #0x40000006\n"
87	"MCR p15, 0, R1,c9,c1\n"
88	"MOV R1, #6\n"
89	"MCR p15, 0, R1,c9,c1, 1\n"
90	"MRC p15, 0, R1,c1,c0\n"
91	"ORR R1, R1, #0x50000\n"
92	"MCR p15, 0, R1,c1,c0\n"
93	"LDR R2, =0xC0200000\n"
94	"MOV R1, #1\n"
95	"STR R1, [R2,#0x10C]\n"
96	"MOV R1, #0xFF\n"
97	"STR R1, [R2,#0xC]\n"
98	"STR R1, [R2,#0x1C]\n"
99	"STR R1, [R2,#0x2C]\n"
100	"STR R1, [R2,#0x3C]\n"
101	"STR R1, [R2,#0x4C]\n"
102	"STR R1, [R2,#0x5C]\n"
103	"STR R1, [R2,#0x6C]\n"
104	"STR R1, [R2,#0x7C]\n"
105	"STR R1, [R2,#0x8C]\n"
106	"STR R1, [R2,#0x9C]\n"
107	"STR R1, [R2,#0xAC]\n"
108	"STR R1, [R2,#0xBC]\n"
109	"STR R1, [R2,#0xCC]\n"
110	"STR R1, [R2,#0xDC]\n"
111	"STR R1, [R2,#0xEC]\n"
112	"STR R1, [R2,#0xFC]\n"
113	"LDR R1, =0xC0400008\n"
114	"LDR R2, =0x430005\n"
115	"STR R2, [R1]\n"
116	"MOV R1, #1\n"
117	"LDR R2, =0xC0243100\n"
118	"STR R2, [R1]\n"
119	"LDR R2, =0xC0242010\n"
120	"LDR R1, [R2]\n"
121	"ORR R1, R1, #1\n"
122	"STR R1, [R2]\n"
123	"LDR R0, =0xFFB07FA8\n"
124	"LDR R1, =0x1900\n"
125	"LDR R3, =0x1056C\n"
126
127	"loc_FF81014C:\n"
128	"CMP R1, R3\n" // Copy code from 0xFFB07FA8(inc) onwards to 0x1900(inc) .. 0x1056C (ex)
129	"LDRCC R2, [R0],#4\n"
130	"STRCC R2, [R1],#4\n"
131	"BCC loc_FF81014C\n" // loop
132	"LDR R1, =0x9B610\n"
133	"MOV R2, #0\n"
134
135	"loc_FF810164:\n"
136	"CMP R3, R1\n" // Zerofill from 0x1056C(inc) .. 0x9B610(exc)
137	"STRCC R2, [R3],#4\n"
138	"BCC loc_FF810164\n" // loop
139	// "B sub_FF8101B8\n"
140	"B sub_FF8101B8_my\n" // +---------------------> Hook
141	".ltorg\n"
142	);
143	}
144
145
146	void __attribute__((naked,noinline)) sub_FF8101B8_my() {
147	(int)0x1930=(int)taskCreateHook;
148	(int)0x1934=(int)taskCreateHook;
149	asm volatile (
150	"loc_FF8101B8:\n"
151	"LDR R0, =0xFF810230\n"
152	"MOV R1, #0\n"
153	"LDR R3, =0xFF810268\n"
154
155	"loc_FF8101C4:\n"
156	"CMP R0, R3\n" // Copy code from 0xFF810230(inc) .. 0xFF810268(exc) to 0x0 .. 0x38
157	"LDRCC R2, [R0],#4\n"
158	"STRCC R2, [R1],#4\n"
159	"BCC loc_FF8101C4\n" // loop
160	"LDR R0, =0xFF810268\n"
161	"MOV R1, #0x4B0\n"
162	"LDR R3, =0xFF81047C\n"
163
164	"loc_FF8101E0:\n"
165	"CMP R0, R3\n" // Copy code from 0xFF810268(inc) .. 0xFF81047C(exc) to 0x4B0 .. 0x6C4
166	"LDRCC R2, [R0],#4\n"
167	"STRCC R2, [R1],#4\n"
168	"BCC loc_FF8101E0\n" // loop
169	"MOV R0, #0xD2\n"
170	"MSR CPSR_cxsf, R0\n"
171	"MOV SP, #0x1000\n"
172	"MOV R0, #0xD3\n"
173	"MSR CPSR_cxsf, R0\n"
174	"MOV SP, #0x1000\n"
175	"LDR R0, =0x6C4\n"
176	"LDR R2, =0xEEEEEEEE\n"
177	"MOV R3, #0x1000\n"
178
179	"loc_FF810214:\n"
180	"CMP R0, R3\n" // Fill 0x6C4 .. 0x1000 with 0xEEEEEEEE
181	"STRCC R2, [R0],#4\n"
182	"BCC loc_FF810214\n" // loop
183	// "BL sub_FF810FCC\n"
184	"BL sub_FF810FCC_my\n" // +---------------------> Hook
185	".ltorg\n"
186	);
187	}
188
189	void __attribute__((naked,noinline)) sub_FF810FCC_my() {
190	asm volatile (
191	"STR LR, [SP,#-0x4]!\n"
192	"SUB SP, SP, #0x74\n"
193	"MOV R0, SP\n"
194	"MOV R1, #0x74\n"
195	"BL sub_FFA92D04\n"
196	"MOV R0, #0x53000\n"
197	"STR R0, [SP,#0x74-0x70]\n"
198	// "LDR R0, =0x9B610\n"
199	);
200	// "LDR R0, =0xDB610\n" // 0x9B610 + 0x40000 (memsize) = 0xDB610
201	asm volatile (
202	"LDR R0, =new_sa\n"
203	"LDR R0, [R0]\n"
204	);
205	asm volatile (
206	"LDR R2, =0x2ABC00\n"
207	"LDR R1, =0x2A4968\n"
208	"STR R0, [SP,#0x74-0x6C]\n"
209	"SUB R0, R1, R0\n"
210	"ADD R3, SP, #0x74-0x68\n"
211	"STR R2, [SP,#0x74-0x74]\n"
212	"STMIA R3, {R0-R2}\n"
213	"MOV R0, #0x22\n"
214	"STR R0, [SP,#0x74-0x5C]\n"
215	"MOV R0, #0x68\n"
216	"STR R0, [SP,#0x74-0x58]\n"
217	"LDR R0, =0x19B\n"
218	"MOV R1, #0x64\n"
219	// "STRD R0, [SP,#0x74-0x54]\n" // WORKSFORME, configure gcc WITHOUT --with-cpu=arm9
220	"STR R0, [SP,#0x74-0x54]\n" // Though use the old, 2-line version
221	"STR R1, [SP,#0x74-0x50]\n" // for the final until everyone uses 'new' gcc
222	"MOV R0, #0x78\n"
223	// "STRD R0, [SP,#0x74-0x4C]\n" // Idem
224	"STR R0, [SP,#0x74-0x4C]\n" // Idem
225	"STR R1, [SP,#0x74-0x48]\n" // Idem
226	"MOV R0, #0\n"
227	"STR R0, [SP,#0x74-0x44]\n"
228	"STR R0, [SP,#0x74-0x40]\n"
229	"MOV R0, #0x10\n"
230	"STR R0, [SP,#0x74-0x18]\n"
231	"MOV R0, #0x800\n"
232	"STR R0, [SP,#0x74-0x14]\n"
233	"MOV R0, #0xA0\n"
234	"STR R0, [SP,#0x74-0x10]\n"
235	"MOV R0, #0x280\n"
236	"STR R0, [SP,#0x74-0xC]\n"
237	// "LDR R1, =sub_FF814E0C\n"
238	"LDR R1, =sub_FF814E0C_my\n" // +---------------------> Hook
239	"MOV R0, SP\n"
240	"MOV R2, #0\n"
241	"BL sub_FF812D84\n"
242	"ADD SP, SP, #0x74\n"
243	"LDR PC, [SP],#4\n"
244	".ltorg\n"
245	);
246	}
247
248
249	void __attribute__((naked,noinline)) sub_FF814E0C_my() {
250	asm volatile (
251	"STMFD SP!, {R4,LR}\n"
252	"BL sub_FF810970\n"
253	"BL sub_FF819898\n" // dmSetup
254	"CMP R0, #0\n"
255	// "ADRLT R0, aDmsetup\n"
256	"LDRLT R0, =0xFF814F20\n"
257	"BLLT sub_FF814F00\n" // err_init_task
258	"BL sub_FF814A30\n" // termDriverInit
259	"CMP R0, #0\n"
260	// "ADRLT R0, aTermdriverinit\n"
261	"LDRLT R0, =0xFF814F28\n"
262	"BLLT sub_FF814F00\n" // err_init_task
263	// "ADR R0, a_term\n"
264	"LDR R0, =0xFF814F38\n"
265	"BL sub_FF814B1C\n" // termDeviceCreate
266	"CMP R0, #0\n"
267	// "ADRLT R0, aTermdevicecrea\n"
268	"LDRLT R0, =0xFF814F40\n"
269	"BLLT sub_FF814F00\n" // err_init_task
270	// "ADR R0, a_term\n"
271	"LDR R0, =0xFF814F38\n"
272	"BL sub_FF813594\n" // stdioSetup
273	"CMP R0, #0\n"
274	// "ADRLT R0, aStdiosetup\n"
275	"LDRLT R0, =0xFF814F54\n"
276	"BLLT sub_FF814F00\n" // err_init_task
277	"BL sub_FF819580\n" // stdlibSetup
278	"CMP R0, #0\n"
279	// "ADRLT R0, aStdlibsetup\n"
280	"LDRLT R0, =0xFF814F60\n"
281	"BLLT sub_FF814F00\n" // err_init_task
282	"BL sub_FF8114E4\n" // armlib_setup
283	"CMP R0, #0\n"
284	// "ADRLT R0, aArmlib_setup\n"
285	"LDRLT R0, =0xFF814F6C\n"
286	"BLLT sub_FF814F00\n" // err_init_task
287	"LDMFD SP!, {R4,LR}\n"
288	//"B sub_FF81DAB8\n" // CreateTaskStartup
289	"B sub_FF81DAB8_my\n" // +---------------------> Hook
290	".ltorg\n"
291	);
292	};
293
294
295	void __attribute__((naked,noinline)) sub_FF81DAB8_my() {
296	asm volatile (
297	"STMFD SP!, {R3,LR}\n"
298	"BL sub_FF82CEF0\n"
299	"CMP R0, #0\n"
300	"BNE loc_FF81DAF4\n"
301	"BL sub_FF824DCC\n"
302	"CMP R0, #0\n"
303	"LDREQ R2, =0xC0220000\n"
304	"LDREQ R0, [R2,#0x10C]\n"
305	"LDREQ R1, [R2,#0x108]\n"
306	"ORREQ R0, R0, R1\n"
307	"TSTEQ R0, #1\n"
308	"BNE loc_FF81DAF4\n"
309	"MOV R0, #0x44\n"
310	"STR R0, [R2,#0x4C]\n"
311
312	"loc_FF81DAF0:\n"
313	"B loc_FF81DAF0\n"
314
315
316	"loc_FF81DAF4:\n"
317	"BL sub_FF8236F8\n"
318	"BL sub_FF82AA98\n"
319	"MOV R1, #0x300000\n"
320	"MOV R0, #0\n"
321	"BL sub_FF82ACE0\n"
322	"BL sub_FF82AC8C\n"
323	"MOV R3, #0\n"
324	"STR R3, [SP,#8-8]\n"
325	// "LDR R3, sub_FF81DA18\n" // Startup, 0xFF81DA18
326	"LDR R3, =sub_FF81DA18_my\n" // +---------------------> Hook
327	"MOV R2, #0\n"
328	"MOV R1, #0x19\n"
329	// "ADR R0, aStartup\n"
330	"LDR R0, =0xFF81DB44\n"
331	"BL sub_FF81B9C4\n" // CreateTask
332	"MOV R0, #0\n"
333	"LDMFD SP!, {R12,PC}\n"
334	".ltorg\n"
335	);
336	}
337
338	void __attribute__((naked,noinline)) sub_FF81DA18_my() {
339	asm volatile (
340	"STMFD SP!, {R4,LR}\n"
341	"BL sub_FF81521C\n"
342	"BL sub_FF824840\n"
343	"BL sub_FF820E14\n"
344	//"BL j_nullsub_163\n"
345	"BL sub_FF82D0E0\n"
346	// "BL sub_FF82CFC8\n" // Apparently responsible for
347	// diskboot. Bypassing it does
348	// not seem to affect the camera
349	// negatively.
350	);
351
352	CreateTask_spytask();
353
354	asm volatile (
355	"LDR R4, =0x66A8\n"
356	"B loc_FF81DA44\n"
357
358	"loc_FF81DA3C:\n"
359	"SUBS R4, R4, #1\n"
360	"BEQ loc_FF81DA54\n"
361
362	"loc_FF81DA44:\n"
363	"MOV R0, #5\n"
364	"BL sub_FF820F1C\n"
365	"CMP R0, #1\n"
366	"BEQ loc_FF81DA3C\n"
367
368	"loc_FF81DA54:\n"
369	"MOV R0, #5\n"
370	"BL sub_FF821314\n"
371	"SUBS R12, R0, #0x300\n"
372	"SUBGES R12, R12, #0xF6\n"
373	"BLE loc_FF81DA78\n"
374	"BL sub_FF829FD4\n"
375	"MOV R1, #0xB5\n"
376	// "ADR R0, aStartup_c\n"
377	"LDR R0, =0xFF81DB34\n"
378	"BL sub_FF81BD94\n" // Assert, 0xFF81BD94
379
380	"loc_FF81DA78:\n"
381	"BL sub_FF82DB84\n"
382	"BL sub_FF82D130\n"
383	"BL sub_FF829FD4\n"
384	"BL sub_FF82DB94\n"
385	//"BL sub_FF82369C\n" // PhySw, bypass and create own
386	);
387
388	CreateTask_PhySw();
389
390	asm volatile (
391	// "BL sub_FF826A50\n" // CaptSeqTask and lots of other stuff
392	"BL sub_FF826A50_my\n" // +---------------------> Hook (in capt_seq.c)
393	"BL sub_FF82DBB4\n"
394	//"BL nullsub_2\n"
395	"BL sub_FF822A60\n"
396	"BL sub_FF82CCBC\n"
397	"BL sub_FF823188\n"
398	"BL sub_FF82296C\n"
399	//"BL sub_FF82E638\n"
400	"BL sub_FF82E638_my\n" // +---> MAJOR HOOK (SDHC boot)
401	"BL sub_FF8227F0\n"
402	"LDMFD SP!, {R4,LR}\n"
403	"B sub_FF8150D8\n"
404	".ltorg\n"
405	);
406	}
407
408
409	/////////////////////////////////////////////////////////////////////////////////////
410	// Major SDHC boot fix hook starts here
411	//
412	// Paths that certainly do not (by itself) get the SDHC booting going:
413	// sub_FF82E638 -> sub_FF824DE0 -> sub_FF824B28 -> sub_FF87C040 (entire 'right subtree')
414	// sub_FF82E638 -> sub_FF82E1E8 -> sub_FF87AD50 -> sub_FF87A408 -> sub_FF87C040 (shortest path (subroutine-count-wise) through 'left subtree')
415	// sub_FF82E638 -> sub_FF82E1E8 -> sub_FF87AD50 -> sub_FF87A8D4 -> sub_FF87A408 -> sub_FF87C040 (sub_FF87A8D4 does not appear to be called)
416	//
417	// Unexplored:
418	// sub_FF82E638 -> sub_FF82E1E8 -> sub_FF87BE10 -> sub_FF87BC5C -> sub_FF87AD50 -> -> sub_FF87A408 -> sub_FF87C040
419	// -> sub_FF87A8D4 ->
420	//
421	// Final, working path:
422	// sub_FF82E638 -> sub_FF82E1E8 -> sub_FF87BE10 -> sub_FF87BC5C -> sub_FF87AD50 -> sub_FF87A408 -> sub_FF87C040
423	//
424	// That's the 'tree'-part, the rest of the subroutines are just straight on down, no junctions.
425	// -> sub_FF87BFF0 -> sub_FF8750A4 -> sub_FF8569D8 -> sub_FF856814 -> sub_FF8566AC
426	/////////////////////////////////////////////////////////////////////////////////////
427
428	void __attribute__((naked,noinline)) sub_FF82E638_my() {
429	asm volatile (
430	"STMFD SP!, {R4,LR}\n"
431	"BL sub_FF878E50\n"
432	"BL sub_FF824DA0\n"
433	"CMP R0, #1\n"
434	"BNE loc_FF82E658\n"
435	"BL sub_FF87C154\n"
436	"LDMFD SP!, {R4,LR}\n"
437	"B sub_FF824DE0\n"
438
439	"loc_FF82E658:\n"
440	"BL sub_FF87AFF8\n"
441	"LDR R4, =0x1E80\n"
442	"LDR R0, [R4,#4]\n"
443	"CMP R0, #0\n"
444	"LDMNEFD SP!, {R4,PC}\n"
445	"MOV R1, #0\n"
446	//"LDR R0, =0xFF82E1E8\n"
447	"LDR R0, =sub_FF82E1E8_my\n" // +----> Hook for SDHC booting
448	"BL sub_FF875A00\n"
449	"STR R0, [R4,#4]\n"
450	"LDMFD SP!, {R4,PC}\n"
451	);
452	}
453
454	void __attribute__((naked,noinline)) sub_FF82E1E8_my() {
455	asm volatile (
456	"STMFD SP!, {R3-R11,LR}\n"
457	"LDR R6, =0x1E80\n"
458	"MOV R5, R1\n"
459	"LDR R0, [R6,#0x14]\n"
460	"MOV R4, R3\n"
461	"CMP R0, #1\n"
462	"BNE loc_FF82E20C\n"
463	"BL sub_FF8796A8\n"
464	"B loc_FF82E290\n"
465
466	"loc_FF82E20C:\n"
467	"LDR R12, =0x1162\n"
468	"LDR R10, =0x1005\n"
469	"CMP R5, R12\n"
470	"MOV R7, #0\n"
471	"MOV R8, #1\n"
472	"BEQ loc_FF82E58C\n"
473	"BGT loc_FF82E354\n"
474	"LDR R12, =0x1062\n"
475	"CMP R5, R12\n"
476	"BEQ loc_FF82E614\n"
477	"BGT loc_FF82E2C0\n"
478	"CMP R5, R10\n"
479	"BEQ loc_FF82E310\n"
480	"BGT loc_FF82E298\n"
481	"SUB R12, R5, #0x800\n"
482	"SUBS R12, R12, #3\n"
483	"BEQ loc_FF82E494\n"
484	"SUB R12, R5, #0x800\n"
485	"SUBS R12, R12, #0x158\n"
486	"BEQ loc_FF82E61C\n"
487	"LDR R4, =0x9A3\n"
488	"CMP R5, R4\n"
489	"ADD R7, R4, #2\n"
490	"CMPNE R5, R7\n"
491	"BNE loc_FF82E57C\n"
492	"LDR R0, [R6,#0xC]\n"
493	"SUB R12, R0, #0x8000\n"
494	"SUBS R12, R12, #2\n"
495	"BEQ loc_FF82E290\n"
496	"LDR R0, =0x10A5\n"
497	"BL sub_FF877B44\n"
498	"CMP R0, #0\n"
499	"BEQ loc_FF82E568\n"
500
501	"loc_FF82E290:\n"
502	"MOV R0, #0\n"
503	"LDMFD SP!, {R3-R11,PC}\n"
504
505	"loc_FF82E298:\n"
506	"SUB R12, R5, #0x1000\n"
507	"SUBS R12, R12, #0x56\n"
508	"SUBNE R12, R5, #0x1000\n"
509	"SUBNES R12, R12, #0x5B\n"
510	"SUBNE R12, R5, #0x1000\n"
511	"SUBNES R12, R12, #0x5E\n"
512	"SUBNE R12, R5, #0x1000\n"
513	"SUBNES R12, R12, #0x61\n"
514	"BNE loc_FF82E57C\n"
515	"B loc_FF82E614\n"
516
517	"loc_FF82E2C0:\n"
518	"LDR R12, =0x10AD\n"
519	"CMP R5, R12\n"
520	"BEQ loc_FF82E5B4\n"
521	"BGT loc_FF82E318\n"
522	"SUB R12, R5, #0x1000\n"
523	"SUBS R12, R12, #0x63\n"
524	"SUBNE R12, R5, #0x1000\n"
525	"SUBNES R12, R12, #0x65\n"
526	"BEQ loc_FF82E614\n"
527	"SUB R12, R5, #0x1000\n"
528	"LDR R0, =0x10A3\n"
529	"SUBS R12, R12, #0xA9\n"
530	"BEQ loc_FF82E5A8\n"
531	"SUB R12, R5, #0x1000\n"
532	"SUBS R12, R12, #0xAA\n"
533	"BNE loc_FF82E57C\n"
534	"BL sub_FF877B44\n"
535	"CMP R0, #0\n"
536	"BNE loc_FF82E290\n"
537
538	"loc_FF82E30C:\n"
539	"BL sub_FF82EBCC\n"
540
541	"loc_FF82E310:\n"
542	"MOV R1, R4\n"
543	"B loc_FF82E580\n"
544
545	"loc_FF82E318:\n"
546	"SUB R12, R5, #0x1000\n"
547	"SUBS R12, R12, #0xAE\n"
548	"BEQ loc_FF82E30C\n"
549	"SUB R12, R5, #0x1000\n"
550	"SUBS R12, R12, #0xAF\n"
551	"BEQ loc_FF82E5B4\n"
552	"SUB R12, R5, #0x1000\n"
553	"SUBS R12, R12, #0xB0\n"
554	"BEQ loc_FF82E30C\n"
555	"SUB R12, R5, #0x1000\n"
556	"SUBS R12, R12, #0xB2\n"
557	"BNE loc_FF82E57C\n"
558	"LDR R0, =0x1008\n"
559	"MOV R1, R4\n"
560	"B loc_FF82E584\n"
561
562	"loc_FF82E354:\n"
563	"LDR R11, =0x201B\n"
564	"LDR R0, =0x1E80\n"
565	"CMP R5, R11\n"
566	"LDR R2, [R0,#0x10]!\n"
567	"LDR R1, [R0,#0x10]\n"
568	"SUB R9, R11, #0x17\n"
569	"BEQ loc_FF82E548\n"
570	"BGT loc_FF82E41C\n"
571	"LDR R11, =0x116A\n"
572	"CMP R5, R11\n"
573	"BEQ loc_FF82E534\n"
574	"BGT loc_FF82E3D0\n"
575	"SUB R12, R5, #0x1100\n"
576	"SUBS R12, R12, #0x63\n"
577	"MOVEQ R1, #0\n"
578	"MOVEQ R0, #0x82\n"
579	"BEQ loc_FF82E560\n"
580	"SUB R12, R5, #0x1100\n"
581	"SUBS R12, R12, #0x65\n"
582	"BEQ loc_FF82E558\n"
583	"LDR R4, =0x1168\n"
584	"SUB R12, R5, #0x1100\n"
585	"SUBS R12, R12, #0x67\n"
586	"CMPNE R5, R4\n"
587	"BNE loc_FF82E57C\n"
588	"STR R8, [R6,#0x10]\n"
589	"LDR R6, =0x4508\n"
590	"CMP R1, #0\n"
591	"BEQ loc_FF82E524\n"
592	"BL sub_FF8796DC\n"
593	"B loc_FF82E528\n"
594
595	"loc_FF82E3D0:\n"
596	"SUB R12, R5, #0x2000\n"
597	"SUBS R12, R12, #2\n"
598	"BEQ loc_FF82E5E0\n"
599	"CMP R5, R9\n"
600	"MOV R0, R9\n"
601	"BEQ loc_FF82E5EC\n"
602	"SUB R12, R5, #0x2000\n"
603	"SUBS R12, R12, #5\n"
604	"BEQ loc_FF82E5E0\n"
605	"SUB R12, R5, #0x2000\n"
606	"SUBS R12, R12, #0x19\n"
607	"BNE loc_FF82E57C\n"
608	"CMP R1, #0\n"
609	"BEQ loc_FF82E290\n"
610	"CMP R2, #0\n"
611	"BNE loc_FF82E290\n"
612
613	"loc_FF82E410:\n"
614	"MOV R1, #0\n"
615
616	"loc_FF82E414:\n"
617	"BL sub_FF87AD50\n"
618	"B loc_FF82E290\n"
619
620	"loc_FF82E41C:\n"
621	"LDR R12, =0x3110\n"
622	"CMP R5, R12\n"
623	"BEQ loc_FF82E310\n"
624	"BGT loc_FF82E464\n"
625	"SUB R12, R5, #0x2000\n"
626	"SUBS R12, R12, #0x1D\n"
627	"BEQ loc_FF82E5E0\n"
628	"LDR R0, =0x2027\n"
629	"CMP R5, R0\n"
630	"BEQ loc_FF82E5C0\n"
631	"SUB R12, R5, #0x3000\n"
632	"SUBS R12, R12, #6\n"
633	"BEQ loc_FF82E310\n"
634	"SUB R12, R5, #0x3000\n"
635	"SUBS R12, R12, #0x10\n"
636	"BNE loc_FF82E57C\n"
637	"BL sub_FF89A6F0\n"
638	"B loc_FF82E290\n"
639
640	"loc_FF82E464:\n"
641	"SUB R12, R5, #0x3100\n"
642	"SUBS R12, R12, #0x11\n"
643	"BEQ loc_FF82E310\n"
644	"CMP R5, #0x3140\n"
645	"BEQ loc_FF82E608\n"
646	"SUB R12, R5, #0x3200\n"
647	"SUBS R12, R12, #1\n"
648	"BEQ loc_FF82E57C\n"
649	"SUB R12, R5, #0x3200\n"
650	"SUBS R12, R12, #2\n"
651	"BEQ loc_FF82E310\n"
652	"B loc_FF82E57C\n"
653
654	"loc_FF82E494:\n"
655	"MOV R4, #1\n"
656	"MOV R0, #2\n"
657	"BL sub_FF878EE4\n"
658	"CMP R0, #1\n"
659	"MOVEQ R4, #2\n"
660	"MOV R0, R4\n"
661	"BL sub_FF822D8C\n"
662	"CMP R0, #0\n"
663	"STRNE R8, [R6,#0x14]\n"
664	"BNE loc_FF82E4F0\n"
665	"BL sub_FF87F8DC\n"
666	"BL sub_FF87CE00\n"
667	"BL sub_FF87DCA0\n"
668	"BL sub_FF87E1B0\n"
669	"BL sub_FF87C3D8\n"
670	"BL sub_FF87E5AC\n"
671	"CMP R0, #0\n"
672	"BEQ loc_FF82E4F8\n"
673	"BL sub_FF82DF54\n"
674	"BL sub_FF87E5A0\n"
675	"MOV R1, R0\n"
676	"LDR R0, =0x1167\n"
677	"BL sub_FF8761C8\n"
678
679	"loc_FF82E4F0:\n"
680	"MOV R0, R7\n"
681	"LDMFD SP!, {R3-R11,PC}\n"
682
683	"loc_FF82E4F8:\n"
684	"BL sub_FF827068\n"
685	"CMP R0, #1\n"
686	"LDRNE R0, =0x310B\n"
687	"LDREQ R0, =0x310C\n"
688	"MOV R1, #0\n"
689	"BL sub_FF8761C8\n"
690	//"BL sub_FF87BE10\n"
691	"BL sub_FF87BE10_my\n" // +----> Hook for SDHC booting
692	"B loc_FF82E4F0\n"
693
694	"loc_FF82E518:\n"
695	"MOV R0, R6\n"
696	"BL sub_FF864270\n"
697	"B loc_FF82E290\n"
698
699	"loc_FF82E524:\n"
700	"BL sub_FF826D60\n"
701
702	"loc_FF82E528:\n"
703	"CMP R5, R4\n"
704	"BNE loc_FF82E290\n"
705	"B loc_FF82E518\n"
706
707	"loc_FF82E534:\n"
708	"MOV R0, #1\n"
709	"BL sub_FF8797F4\n"
710	"MOV R1, R11\n"
711	"MOV R0, R10\n"
712	"B loc_FF82E584\n"
713
714	"loc_FF82E548:\n"
715	"CMP R2, #1\n"
716	"BNE loc_FF82E310\n"
717	"BL sub_FF8796DC\n"
718	"B loc_FF82E290\n"
719
720	"loc_FF82E558:\n"
721	"MOV R1, #0\n"
722	"MOV R0, #0x83\n"
723
724	"loc_FF82E560:\n"
725	"BL sub_FF87E284\n"
726	"B loc_FF82E290\n"
727
728	"loc_FF82E568:\n"
729	"CMP R5, R4\n"
730	"STREQ R8, [R6,#0x34]\n"
731	"BEQ loc_FF82E57C\n"
732	"CMP R5, R7\n"
733	"STREQ R8, [R6,#0x30]\n"
734
735	"loc_FF82E57C:\n"
736	"MOV R1, #0\n"
737
738	"loc_FF82E580:\n"
739	"MOV R0, R5\n"
740
741	"loc_FF82E584:\n"
742	"BL sub_FF87AD50\n"
743	"LDMFD SP!, {R3-R11,PC}\n"
744
745	"loc_FF82E58C:\n"
746	"BL sub_FF882328\n"
747	"CMP R0, #0\n"
748	"BEQ loc_FF82E310\n"
749	"BL sub_FF882C38\n"
750	"CMP R0, #0\n"
751	"BLEQ sub_FF88105C\n"
752	"B loc_FF82E310\n"
753
754	"loc_FF82E5A8:\n"
755	"BL sub_FF877B44\n"
756	"CMP R0, #0\n"
757	"BNE loc_FF82E290\n"
758
759	"loc_FF82E5B4:\n"
760	"MOV R0, R5\n"
761	"BL sub_FF82E074\n"
762	"LDMFD SP!, {R3-R11,PC}\n"
763
764	"loc_FF82E5C0:\n"
765	"MOV R1, #0\n"
766	"BL sub_FF87AD50\n"
767	"MOV R1, #0\n"
768	"MOV R0, R11\n"
769	"BL sub_FF87AD50\n"
770	"MOV R1, #0\n"
771	"MOV R0, R9\n"
772	"B loc_FF82E414\n"
773
774	"loc_FF82E5E0:\n"
775	"STR R7, [R6,#0x20]\n"
776	"BL sub_FF82E86C\n"
777	"B loc_FF82E310\n"
778
779	"loc_FF82E5EC:\n"
780	"STR R7, [R6,#0x20]\n"
781	"BL sub_FF82E86C\n"
782	"LDR R0, [R6,#0x10]\n"
783	"CMP R0, #1\n"
784	"BNE loc_FF82E310\n"
785	"BL sub_FF879708\n"
786	"B loc_FF82E290\n"
787
788	"loc_FF82E608:\n"
789	"CMP R1, #0\n"
790	"BLEQ sub_FF82E86C\n"
791	"B loc_FF82E290\n"
792
793	"loc_FF82E614:\n"
794	"MVN R0, #0\n"
795	"B loc_FF82E410\n"
796
797	"loc_FF82E61C:\n"
798	"TST R4, #0x80000000\n"
799	"MOVNE R0, #1\n"
800	"LDMNEFD SP!, {R3-R11,PC}\n"
801	"BL sub_FF883DD0\n"
802	"CMP R0, #0\n"
803	"BLEQ sub_FF829DA0\n"
804	"B loc_FF82E290\n"
805	);
806	}
807
808	void __attribute__((naked,noinline)) sub_FF87BE10_my() {
809	asm volatile (
810	"STMFD SP!, {R4,LR}\n"
811	"BL sub_FF82E838\n"
812	"MOV R4, R0\n"
813	"BL sub_FF87BF2C\n"
814	"MOV R0, R4\n"
815	"BL sub_FF87BCC0\n"
816	"BL sub_FF82E838\n"
817	"MOV R4, R0\n"
818	"LDR R0, =0x6374\n"
819	"LDR R0, [R0]\n"
820	"TST R0, #1\n"
821	"BEQ loc_FF87BE4C\n"
822
823	"loc_FF87BE40:\n"
824	"MOV R1, R4\n"
825	"MOV R0, #2\n"
826	"B loc_FF87BEB4\n"
827
828	"loc_FF87BE4C:\n"
829	"TST R0, #0x2000\n"
830	"BEQ loc_FF87BE68\n"
831	"TST R0, #0x200\n"
832	"LDREQ R1, =0x4004\n"
833	"LDRNE R1, =0x8002\n"
834	"MOV R0, #3\n"
835	"B loc_FF87BEB4\n"
836
837	"loc_FF87BE68:\n"
838	"TST R0, #0x10\n"
839	"BNE loc_FF87BE40\n"
840	"TST R0, #0x40\n"
841	"BEQ loc_FF87BE84\n"
842
843	"loc_FF87BE78:\n"
844	"MOV R1, R4\n"
845	"MOV R0, #1\n"
846	"B loc_FF87BEB4\n"
847
848	"loc_FF87BE84:\n"
849	"TST R0, #0x20\n"
850	"BEQ loc_FF87BEA0\n"
851	"TST R0, #0x4000\n"
852	"BNE loc_FF87BEA0\n"
853
854	"loc_FF87BE94:\n"
855	"MOV R1, R4\n"
856	"MOV R0, #0\n"
857	"B loc_FF87BEB4\n"
858
859	"loc_FF87BEA0:\n"
860	"LDR R1, =0x102\n"
861	"BICS R1, R1, R0\n"
862	"BNE loc_FF87BEBC\n"
863	"MOV R1, R4\n"
864	"MOV R0, #6\n"
865
866	"loc_FF87BEB4:\n"
867	"LDMFD SP!, {R4,LR}\n"
868	//"B sub_FF87BC5C\n"
869	"B sub_FF87BC5C_my\n" // +----> Hook for SDHC booting
870
871	"loc_FF87BEBC:\n"
872	"TST R0, #0x100\n"
873	"BNE loc_FF87BE40\n"
874	"TST R0, #0x4000\n"
875	"TSTEQ R0, #0x400\n"
876	"BNE loc_FF87BE78\n"
877	"TST R0, #0x200\n"
878	"TSTEQ R0, #2\n"
879	"BNE loc_FF87BE94\n"
880	"TST R0, #0x40000\n"
881	"BEQ loc_FF87BE40\n"
882	"TST R0, #0x200000\n"
883	"MOVEQ R1, R4\n"
884	"MOVEQ R0, #1\n"
885	//"BLEQ sub_FF87BC5C\n"
886	"BLEQ sub_FF87BC5C_my\n" // +----> Hook for SDHC booting
887	"B loc_FF87BE40\n"
888	);
889	}
890
891
892	void __attribute__((naked,noinline)) sub_FF87BC5C_my() {
893	asm volatile (
894	"STMFD SP!, {R4-R6,LR}\n"
895	"MOVS R4, R0\n"
896	"MOV R0, #1\n"
897	"MOV R5, R1\n"
898	"BNE loc_FF87BC9C\n"
899	"MOV R1, #0\n"
900	"MOV R0, #0\n"
901	"BL sub_FF878E74\n"
902	"BL sub_FF82E838\n"
903	"SUB R12, R0, #0x1000\n"
904	"SUBS R12, R12, #0x5B\n"
905	"BNE loc_FF87BC94\n"
906
907	"loc_FF87BC8C:\n"
908	"BL sub_FF87BBA4\n"
909	"B loc_FF87BCA4\n"
910
911	"loc_FF87BC94:\n"
912	"BL sub_FF87BBE4\n"
913	"B loc_FF87BCA4\n"
914
915	"loc_FF87BC9C:\n"
916	"CMP R4, #5\n"
917	"BEQ loc_FF87BC8C\n"
918
919	"loc_FF87BCA4:\n"
920	"CMP R0, #0\n"
921	"LDREQ R5, =0x1162\n"
922	"MOVEQ R4, #2\n"
923	"MOV R0, R4\n"
924	"MOV R1, R5\n"
925	"LDMFD SP!, {R4-R6,LR}\n"
926	//"B sub_FF87AD50\n"
927	"B sub_FF87AD50_my\n" // +----> Hook for SDHC booting
928	);
929	}
930
931	void __attribute__((naked,noinline)) sub_FF87AD50_my() {
932	asm volatile (
933	"STMFD SP!, {R4-R8,LR}\n"
934	"MOV R8, R1\n"
935	"MOV R4, R0\n"
936	"BL sub_FF8799F0\n"
937	"LDR R5, =0x62AC\n"
938	"MOV R7, #1\n"
939	"LDR R0, [R5,#0x10]\n"
940	"MOV R6, #0\n"
941	"CMP R0, #0x15\n"
942	"ADDLS PC, PC, R0,LSL#2\n"
943	"B loc_FF87AFF0\n"
944
945	"loc_FF87AD7C:\n"
946	"B loc_FF87ADD4\n"
947
948	"loc_FF87AD80:\n"
949	"B loc_FF87ADFC\n"
950
951	"loc_FF87AD84:\n"
952	"B loc_FF87AE40\n"
953
954	"loc_FF87AD88:\n"
955	"B loc_FF87AEB4\n"
956
957	"loc_FF87AD8C:\n"
958	"B loc_FF87AEC4\n"
959
960	"loc_FF87AD90:\n"
961	"B loc_FF87AED0\n"
962
963	"loc_FF87AD94:\n"
964	"B loc_FF87AF40\n"
965
966	"loc_FF87AD98:\n"
967	"B loc_FF87AF50\n"
968
969	"loc_FF87AD9C:\n"
970	"B loc_FF87ADE4\n"
971
972	"loc_FF87ADA0:\n"
973	"B loc_FF87ADF0\n"
974
975	"loc_FF87ADA4:\n"
976	"B loc_FF87AF50\n"
977
978	"loc_FF87ADA8:\n"
979	"B loc_FF87AE34\n"
980
981	"loc_FF87ADAC:\n"
982	"B loc_FF87AFF0\n"
983
984	"loc_FF87ADB0:\n"
985	"B loc_FF87AFF0\n"
986
987	"loc_FF87ADB4:\n"
988	"B loc_FF87AE4C\n"
989
990	"loc_FF87ADB8:\n"
991	"B loc_FF87AE58\n"
992
993	"loc_FF87ADBC:\n"
994	"B loc_FF87AE8C\n"
995
996	"loc_FF87ADC0:\n"
997	"B loc_FF87AE08\n"
998
999	"loc_FF87ADC4:\n"
1000	"B loc_FF87AFD8\n"
1001
1002	"loc_FF87ADC8:\n"
1003	"B loc_FF87AF5C\n"
1004
1005	"loc_FF87ADCC:\n"
1006	"B loc_FF87AF8C\n"
1007
1008	"loc_FF87ADD0:\n"
1009	"B loc_FF87AF8C\n"
1010
1011	"loc_FF87ADD4:\n"
1012	"MOV R1, R8\n"
1013	"MOV R0, R4\n"
1014	"LDMFD SP!, {R4-R8,LR}\n"
1015	//"B sub_FF87A408\n"
1016	"B sub_FF87A408_my\n" // +----> Hook for SDHC booting
1017
1018	"loc_FF87ADE4:\n"
1019	"MOV R0, R4\n"
1020	"LDMFD SP!, {R4-R8,LR}\n"
1021	"B sub_FF87B720\n"
1022
1023	"loc_FF87ADF0:\n"
1024	"MOV R0, R4\n"
1025	"LDMFD SP!, {R4-R8,LR}\n"
1026	"B sub_FF87A8D4\n"
1027
1028	"loc_FF87ADFC:\n"
1029	"MOV R0, R4\n"
1030	"LDMFD SP!, {R4-R8,LR}\n"
1031	"B sub_FF879FD0\n"
1032
1033	"loc_FF87AE08:\n"
1034	"SUB R12, R4, #0x1000\n"
1035	"SUBS R12, R12, #0xA5\n"
1036	"STREQ R7, [R5,#0x84]\n"
1037	"BEQ loc_FF87AFE8\n"
1038	"SUB R12, R4, #0x3000\n"
1039	"SUBS R12, R12, #6\n"
1040	"BNE loc_FF87AFF0\n"
1041	"MOV R0, #0\n"
1042	"BL sub_FF82DDAC\n"
1043	"BL sub_FF87B644\n"
1044	"B loc_FF87AFE8\n"
1045
1046	"loc_FF87AE34:\n"
1047	"MOV R0, R4\n"
1048	"LDMFD SP!, {R4-R8,LR}\n"
1049	"B sub_FF87B680\n"
1050
1051	"loc_FF87AE40:\n"
1052	"MOV R0, R4\n"
1053	"LDMFD SP!, {R4-R8,LR}\n"
1054	"B sub_FF87A1CC\n"
1055
1056	"loc_FF87AE4C:\n"
1057	"MOV R0, R4\n"
1058	"LDMFD SP!, {R4-R8,LR}\n"
1059	"B sub_FF87AA80\n"
1060
1061	"loc_FF87AE58:\n"
1062	"SUB R12, R4, #0x3200\n"
1063	"SUBS R12, R12, #2\n"
1064	"BNE loc_FF87AFF0\n"
1065	"MOV R0, #3\n"
1066	"BL sub_FF8798D4\n"
1067	"MOV R0, #8\n"
1068	"BL sub_FF82DD18\n"
1069	"MOV R0, #6\n"
1070	"BL sub_FF842464\n"
1071	"BL sub_FF87D210\n"
1072	"BL sub_FF87D06C\n"
1073	"BL sub_FF87C448\n"
1074	"B loc_FF87AFE8\n"
1075
1076	"loc_FF87AE8C:\n"
1077	"SUB R12, R4, #0x3300\n"
1078	"SUBS R12, R12, #1\n"
1079	"BNE loc_FF87AFF0\n"
1080	"LDR R0, =0x4010\n"
1081	"BL sub_FF82DD18\n"
1082	"BL sub_FF89F050\n"
1083	"BL sub_FF87C448\n"
1084	"MOV R0, #4\n"
1085	"BL sub_FF8798D4\n"
1086	"B loc_FF87AFE8\n"
1087
1088	"loc_FF87AEB4:\n"
1089	"MOV R1, R8\n"
1090	"MOV R0, R4\n"
1091	"LDMFD SP!, {R4-R8,LR}\n"
1092	"B sub_FF87ABE8\n"
1093
1094	"loc_FF87AEC4:\n"
1095	"MOV R0, R4\n"
1096	"LDMFD SP!, {R4-R8,LR}\n"
1097	"B sub_FF87B850\n"
1098
1099	"loc_FF87AED0:\n"
1100	"LDR R8, =0x1182\n"
1101	"CMP R4, R8\n"
1102	"STREQ R7, [R5,#0xB0]\n"
1103	"BEQ loc_FF87AFE8\n"
1104	"SUB R12, R4, #0x1100\n"
1105	"SUBS R12, R12, #0x86\n"
1106	"BEQ loc_FF87AF28\n"
1107	"SUB R12, R4, #0x3200\n"
1108	"SUBS R12, R12, #0x16\n"
1109	"BNE loc_FF87AFF0\n"
1110	"MOV R0, #8\n"
1111	"BL sub_FF82DD18\n"
1112	"MOV R0, #3\n"
1113	"BL sub_FF8798D4\n"
1114	"STR R6, [R5,#0xB4]\n"
1115	"LDR R0, [R5,#0xB0]\n"
1116	"CMP R0, #0\n"
1117	"MOVNE R1, #0\n"
1118	"MOVNE R0, R8\n"
1119	"STRNE R6, [R5,#0xB0]\n"
1120	"BLNE sub_FF87ABE8\n"
1121	"B loc_FF87AFE8\n"
1122
1123	"loc_FF87AF28:\n"
1124	"LDR R0, [R5,#0xB4]\n"
1125	"CMP R0, #0\n"
1126	"BNE loc_FF87AFE8\n"
1127	"BL sub_FF89C720\n"
1128	"STR R7, [R5,#0xB4]\n"
1129	"B loc_FF87AFE8\n"
1130
1131	"loc_FF87AF40:\n"
1132	"MOV R1, R8\n"
1133	"MOV R0, R4\n"
1134	"LDMFD SP!, {R4-R8,LR}\n"
1135	"B sub_FF87B930\n"
1136
1137	"loc_FF87AF50:\n"
1138	"MOV R0, R4\n"
1139	"LDMFD SP!, {R4-R8,LR}\n"
1140	"B sub_FF87A7CC\n"
1141
1142	"loc_FF87AF5C:\n"
1143	"LDR R12, =0x10B0\n"
1144	"CMP R4, R12\n"
1145	"BEQ loc_FF87AF88\n"
1146	"BGT loc_FF87AF94\n"
1147	"CMP R4, #4\n"
1148	"BEQ loc_FF87AFBC\n"
1149	"SUB R12, R4, #0x1000\n"
1150	"SUBS R12, R12, #0xAA\n"
1151	"SUBNE R12, R4, #0x1000\n"
1152	"SUBNES R12, R12, #0xAE\n"
1153	"BNE loc_FF87AFF0\n"
1154
1155	"loc_FF87AF88:\n"
1156	"BL sub_FF8795D0\n"
1157
1158	"loc_FF87AF8C:\n"
1159	"MOV R0, R6\n"
1160	"LDMFD SP!, {R4-R8,PC}\n"
1161
1162	"loc_FF87AF94:\n"
1163	"SUB R12, R4, #0x2000\n"
1164	"SUBS R12, R12, #4\n"
1165	"BEQ loc_FF87AFD0\n"
1166	"SUB R12, R4, #0x5000\n"
1167	"SUBS R12, R12, #1\n"
1168	"SUBNE R12, R4, #0x5000\n"
1169	"SUBNES R12, R12, #6\n"
1170	"BNE loc_FF87AFF0\n"
1171	"BL sub_FF879F70\n"
1172	"B loc_FF87AFE8\n"
1173
1174	"loc_FF87AFBC:\n"
1175	"LDR R0, [R5,#0x2C]\n"
1176	"CMP R0, #0\n"
1177	"BNE loc_FF87AFD0\n"
1178	"BL sub_FF826D18\n"
1179	"B loc_FF87AFE8\n"
1180
1181	"loc_FF87AFD0:\n"
1182	"BL sub_FF879608\n"
1183	"B loc_FF87AFE8\n"
1184
1185	"loc_FF87AFD8:\n"
1186	"SUB R12, R4, #0x3000\n"
1187	"SUBS R12, R12, #0x130\n"
1188	"BNE loc_FF87AFF0\n"
1189	"BL sub_FF8796A8\n"
1190
1191	"loc_FF87AFE8:\n"
1192	"MOV R0, #0\n"
1193	"LDMFD SP!, {R4-R8,PC}\n"
1194
1195	"loc_FF87AFF0:\n"
1196	"MOV R0, #1\n"
1197	"LDMFD SP!, {R4-R8,PC}\n"
1198	);
1199	}
1200
1201	void __attribute__((naked,noinline)) sub_FF87A408_my() {
1202	asm volatile (
1203	"STMFD SP!, {R4-R8,LR}\n"
1204	"LDR R7, =0x8002\n"
1205	"LDR R4, =0x62AC\n"
1206	"CMP R0, #3\n"
1207	"MOV R6, R1\n"
1208	"MOV R5, #1\n"
1209	"BEQ loc_FF87A57C\n"
1210	"BGT loc_FF87A444\n"
1211	"CMP R0, #0\n"
1212	"BEQ loc_FF87A488\n"
1213	"CMP R0, #1\n"
1214	"BEQ loc_FF87A50C\n"
1215	"CMP R0, #2\n"
1216	"BNE loc_FF87A604\n"
1217	"B loc_FF87A45C\n"
1218
1219	"loc_FF87A444:\n"
1220	"CMP R0, #6\n"
1221	"STREQ R5, [R4,#0x28]\n"
1222	"BEQ loc_FF87A574\n"
1223	"SUB R12, R0, #0x2000\n"
1224	"SUBS R12, R12, #4\n"
1225	"BNE loc_FF87A604\n"
1226
1227	"loc_FF87A45C:\n"
1228	"SUB R12, R6, #0x1100\n"
1229	"SUBS R12, R12, #0x62\n"
1230	"BNE loc_FF87A478\n"
1231	"MOV R1, R7\n"
1232	"MOV R0, #0\n"
1233	"BL sub_FF87E284\n"
1234	"STR R5, [R4,#0x60]\n"
1235
1236	"loc_FF87A478:\n"
1237	"BL sub_FF87D210\n"
1238	"BL sub_FF87D06C\n"
1239	"BL sub_FF879F10\n"
1240	"B loc_FF87A5FC\n"
1241
1242	"loc_FF87A488:\n"
1243	"MOV R0, #7\n"
1244	"BL sub_FF8798D4\n"
1245	"MOV R0, R7\n"
1246	"BL sub_FF82DD18\n"
1247	"BL sub_FF87C07C\n"
1248	"BL sub_FF87CEE4\n"
1249	"MOV R1, R7\n"
1250	"MOV R0, #0\n"
1251	"BL sub_FF87E284\n"
1252	//"ADR R1, aAcBootrec\n" // \"AC:BootRec\"
1253	"LDR R1, =0xFF87A63C\n" // \"AC:BootRec\"
1254	"MOV R0, #0x20\n"
1255	"STR R6, [R4,#0x18]\n"
1256	"BL sub_FF872B20\n"
1257	//"ADR R1, aAcInitlens\n" // \"AC:InitLens\"
1258	"LDR R1, =0xFF87A648\n" // \"AC:InitLens\"
1259	"MOV R0, #0x20\n"
1260	"BL sub_FF872B20\n"
1261	"STR R5, [R4,#0x28]\n"
1262	"BL sub_FF82DEC0\n"
1263	"BL sub_FF82DE04\n"
1264	"LDR R0, [R4,#0x1C]\n"
1265	"LDR R1, [R4,#0x20]\n"
1266	"ORRS R0, R0, R1\n"
1267	"BLNE sub_FF87B1AC\n"
1268	"LDR R0, [R4,#0x68]\n"
1269	"CMP R0, #0\n"
1270	"BNE loc_FF87A4F8\n"
1271	"BL sub_FF82DF30\n"
1272	"B loc_FF87A500\n"
1273
1274	"loc_FF87A4F8:\n"
1275	"BL sub_FF826AB0\n"
1276	"BL sub_FF82E7C8\n"
1277
1278	"loc_FF87A500:\n"
1279	//"BL sub_FF87C040\n"
1280	"BL sub_FF87C040_my\n" // +----> Hook for SDHC booting
1281	"BL sub_FF87C0B8\n"
1282	"B loc_FF87A5FC\n"
1283
1284	"loc_FF87A50C:\n"
1285	"MOV R0, #8\n"
1286	"BL sub_FF8798D4\n"
1287	"BL sub_FF87C07C\n"
1288	"BL sub_FF87CEE4\n"
1289	"LDR R5, =0x4004\n"
1290	"MOV R0, #0\n"
1291	"MOV R1, R5\n"
1292	"BL sub_FF87E284\n"
1293	//"ADR R1, aAcBootpb\n" // \"AC:BootPB\"
1294	"LDR R1, =0xFF87A658\n" // \"AC:BootPB\"
1295	"MOV R0, #0x20\n"
1296	"BL sub_FF872B20\n"
1297	//"BL sub_FF87C040\n"
1298	"BL sub_FF87C040_my\n" // +----> Hook for SDHC booting
1299	"BL sub_FF87C154\n"
1300	"BL sub_FF82E758\n"
1301	"MOV R0, R5\n"
1302	"BL sub_FF82DD18\n"
1303	"LDR R0, [R4,#0x68]\n"
1304	"CMP R0, #0\n"
1305	"BNE loc_FF87A560\n"
1306	"BL sub_FF82DF30\n"
1307	"B loc_FF87A564\n"
1308
1309	"loc_FF87A560:\n"
1310	"BL sub_FF826AB0\n"
1311
1312	"loc_FF87A564:\n"
1313	"BL sub_FF87C0E8\n"
1314	"LDR R0, [R4,#0x30]\n"
1315	"CMP R0, #0\n"
1316	"BEQ loc_FF87A5FC\n"
1317
1318	"loc_FF87A574:\n"
1319	"BL sub_FF87B1D0\n"
1320	"B loc_FF87A5FC\n"
1321
1322	"loc_FF87A57C:\n"
1323	"MOV R1, R6\n"
1324	"MOV R0, #0\n"
1325	"BL sub_FF87E284\n"
1326	//"ADR R1, aAcBootclock\n" // \"AC:BootClock\"
1327	"LDR R1, =0xFF87A664\n" // \"AC:BootClock\"
1328	"MOV R0, #0x20\n"
1329	"BL sub_FF872B20\n"
1330	"STR R5, [R4,#0x68]\n"
1331	"BL sub_FF87C154\n"
1332	"BL sub_FF82E758\n"
1333	"BL sub_FF87B17C\n"
1334	"BL sub_FF82E82C\n"
1335	"CMP R0, #0\n"
1336	"LDRNE R0, =0x8045\n"
1337	"MOVNE R1, #0\n"
1338	"BLNE sub_FF878A9C\n"
1339	"BL sub_FF87E098\n"
1340	"MOV R0, #0x80\n"
1341	"BL sub_FF82DD18\n"
1342	"BL sub_FF87D3A0\n"
1343	"BL sub_FF8B0F7C\n"
1344	"BL sub_FF9732E0\n"
1345	"BL sub_FF8AF7D0\n"
1346	"BL sub_FF87CAAC\n"
1347	"BL sub_FF87D248\n"
1348	"MOV R0, #9\n"
1349	"BL sub_FF8798D4\n"
1350	"LDR R0, =0x300E\n"
1351	"MOV R1, R6\n"
1352	"BL sub_FF8761C8\n"
1353	"MOV R1, #0\n"
1354	"MOV R0, #1\n"
1355	"BL sub_FF87E284\n"
1356
1357	"loc_FF87A5FC:\n"
1358	"MOV R0, #0\n"
1359	"LDMFD SP!, {R4-R8,PC}\n"
1360
1361	"loc_FF87A604:\n"
1362	"MOV R0, #1\n"
1363	"LDMFD SP!, {R4-R8,PC}\n"
1364	);
1365	}
1366
1367	void __attribute__((naked,noinline)) sub_FF87C040_my() {
1368	asm volatile (
1369
1370	"LDR R0, =0x6380\n"
1371	"STMFD SP!, {R3,LR}\n"
1372	"LDR R1, [R0,#0x10]\n"
1373	"CMP R1, #1\n"
1374	"BEQ locret_FF87BFB0\n"
1375	"MOV R1, #1\n"
1376	"STR R1, [R0,#0x10]\n"
1377	"MOV R3, #0\n"
1378	"STR R3, [SP,#8-8]\n"
1379	//"LDR R3, =sub_FF87BFF0\n"
1380	"LDR R3, =sub_FF87BFF0_my\n" // +----> Hook for SDHC booting
1381	"MOV R1, #0x19\n"
1382	//"LDR R0, =aInitfilemodule\n" // \"InitFileModules\"
1383	"LDR R0, =0xFF87C1C0\n"
1384	"MOV R2, #0x1000\n"
1385	"BL sub_FF81B9C4\n"
1386
1387	"locret_FF87BFB0:\n"
1388	"LDMFD SP!, {R12,PC}\n"
1389	);
1390	}
1391
1392	void __attribute__((naked,noinline)) sub_FF87BFF0_my() {
1393	asm volatile (
1394	"STMFD SP!, {R4-R6,LR}\n"
1395	"BL sub_FF875078\n"
1396	"LDR R5, =0x5006\n"
1397	"MOVS R4, R0\n"
1398	"MOVNE R1, #0\n"
1399	"MOVNE R0, R5\n"
1400	"BLNE sub_FF8761C8\n"
1401	//"BL sub_FF8750A4\n"
1402	"BL sub_FF8750A4_my\n" // +----> Hook for SDHC booting
1403
1404	"BL core_spytask_can_start\n" // +----> CHDK: Set "it's-safe-to-start"-Flag for spytask
1405
1406	"CMP R4, #0\n"
1407	"MOVEQ R0, R5\n"
1408	"LDMEQFD SP!, {R4-R6,LR}\n"
1409	"MOVEQ R1, #0\n"
1410	"BEQ sub_FF8761C8\n"
1411	"LDMFD SP!, {R4-R6,PC}\n"
1412	);
1413	}
1414
1415	void __attribute__((naked,noinline)) sub_FF8750A4_my() {
1416	asm volatile (
1417	"STMFD SP!, {R4,LR}\n"
1418	//"BL sub_FF8569D8\n"
1419	"BL sub_FF8569D8_my\n" // +----> Hook for SDHC booting
1420	"LDR R4, =0x5C88\n"
1421	"LDR R0, [R4,#4]\n"
1422	"CMP R0, #0\n"
1423	"BNE loc_FF8750D4\n"
1424	"BL sub_FF888240\n"
1425	"BL sub_FF9275B4\n"
1426	"BL sub_FF888240\n"
1427	"BL sub_FF933D88\n"
1428	"BL sub_FF888250\n"
1429	"BL sub_FF92765C\n"
1430
1431	"loc_FF8750D4:\n"
1432	"MOV R0, #1\n"
1433	"STR R0, [R4]\n"
1434	"LDMFD SP!, {R4,PC}\n"
1435	);
1436	}
1437
1438	void __attribute__((naked,noinline)) sub_FF8569D8_my() {
1439	asm volatile (
1440	"STMFD SP!, {R4-R6,LR}\n"
1441	"MOV R6, #0\n"
1442	"MOV R0, R6\n"
1443	"BL sub_FF8565A8\n"
1444	"LDR R4, =0x131E4\n"
1445	"MOV R5, #0\n"
1446	"LDR R0, [R4,#0x38]\n"
1447	"BL sub_FF856F70\n"
1448	"CMP R0, #0\n"
1449	"LDREQ R0, =0x2EB4\n"
1450	"STREQ R5, [R0,#0xC]\n"
1451	"STREQ R5, [R0,#0x10]\n"
1452	"STREQ R5, [R0,#0x14]\n"
1453	"MOV R0, R6\n"
1454	"BL sub_FF8565E8\n"
1455	"MOV R0, R6\n"
1456	//"BL sub_FF856814\n"
1457	"BL sub_FF856814_my\n" // +----> Hook for SDHC booting
1458	"MOV R5, R0\n"
1459	"MOV R0, R6\n"
1460	"BL sub_FF856880\n"
1461	"LDR R1, [R4,#0x3C]\n"
1462	"AND R2, R5, R0\n"
1463	"CMP R1, #0\n"
1464	"MOV R0, #0\n"
1465	"MOVEQ R0, #0x80000001\n"
1466	"BEQ loc_FF856A6C\n"
1467	"LDR R3, [R4,#0x2C]\n"
1468	"CMP R3, #2\n"
1469	"MOVEQ R0, #4\n"
1470	"CMP R1, #5\n"
1471	"ORRNE R0, R0, #1\n"
1472	"BICEQ R0, R0, #1\n"
1473	"CMP R2, #0\n"
1474	"BICEQ R0, R0, #2\n"
1475	"ORREQ R0, R0, #0x80000000\n"
1476	"BICNE R0, R0, #0x80000000\n"
1477	"ORRNE R0, R0, #2\n"
1478
1479	"loc_FF856A6C:\n"
1480	"STR R0, [R4,#0x40]\n"
1481	"LDMFD SP!, {R4-R6,PC}\n"
1482	);
1483	}
1484
1485	void __attribute__((naked,noinline)) sub_FF856814_my() {
1486	asm volatile (
1487	"STMFD SP!, {R4-R6,LR}\n"
1488	"LDR R5, =0x2EB4\n"
1489	"MOV R6, R0\n"
1490	"LDR R0, [R5,#0x10]\n"
1491	"CMP R0, #0\n"
1492	"MOVNE R0, #1\n"
1493	"LDMNEFD SP!, {R4-R6,PC}\n"
1494	"MOV R0, #0x17\n"
1495	"MUL R1, R0, R6\n"
1496	"LDR R0, =0x131E4\n"
1497	"ADD R4, R0, R1,LSL#2\n"
1498	"LDR R0, [R4,#0x38]\n"
1499	"MOV R1, R6\n"
1500	//"BL sub_FF8566AC\n"
1501	"BL sub_FF8566AC_my\n" // +----> Hook for SDHC booting
1502	"CMP R0, #0\n"
1503	"LDMEQFD SP!, {R4-R6,PC}\n"
1504	"LDR R0, [R4,#0x38]\n"
1505	"MOV R1, R6\n"
1506	"BL sub_FF857088\n"
1507	"CMP R0, #0\n"
1508	"LDMEQFD SP!, {R4-R6,PC}\n"
1509	"MOV R0, R6\n"
1510	"BL sub_FF8561C8\n"
1511	"CMP R0, #0\n"
1512	"MOVNE R1, #1\n"
1513	"STRNE R1, [R5,#0x10]\n"
1514	"LDMFD SP!, {R4-R6,PC}\n"
1515	);
1516	}
1517
1518	void __attribute__((naked,noinline)) sub_FF8566AC_my() {
1519	asm volatile (
1520	"STMFD SP!, {R4-R8,LR}\n"
1521	"MOV R8, R0\n"
1522	"MOV R0, #0x17\n"
1523	"MUL R1, R0, R1\n"
1524	"LDR R0, =0x131E4\n"
1525	"MOV R6, #0\n"
1526	"ADD R7, R0, R1,LSL#2\n"
1527	"LDR R0, [R7,#0x3C]\n"
1528	"MOV R5, #0\n"
1529	"CMP R0, #6\n"
1530	"ADDLS PC, PC, R0,LSL#2\n"
1531	"B loc_FF8567F8\n"
1532
1533	"loc_FF8566DC:\n"
1534	"B loc_FF856710\n"
1535
1536	"loc_FF8566E0:\n"
1537	"B loc_FF8566F8\n"
1538
1539	"loc_FF8566E4:\n"
1540	"B loc_FF8566F8\n"
1541
1542	"loc_FF8566E8:\n"
1543	"B loc_FF8566F8\n"
1544
1545	"loc_FF8566EC:\n"
1546	"B loc_FF8566F8\n"
1547
1548	"loc_FF8566F0:\n"
1549	"B loc_FF8567F0\n"
1550
1551	"loc_FF8566F4:\n"
1552	"B loc_FF8566F8\n"
1553
1554	"loc_FF8566F8:\n"
1555	"MOV R2, #0\n"
1556	"MOV R1, #0x200\n"
1557	"MOV R0, #3\n"
1558	"BL sub_FF87178C\n"
1559	"MOVS R4, R0\n"
1560	"BNE loc_FF856718\n"
1561
1562	"loc_FF856710:\n"
1563	"MOV R0, #0\n"
1564	"LDMFD SP!, {R4-R8,PC}\n"
1565
1566	"loc_FF856718:\n"
1567	"LDR R12, [R7,#0x4C]\n"
1568	"MOV R3, R4\n"
1569	"MOV R2, #1\n"
1570	"MOV R1, #0\n"
1571	"MOV R0, R8\n"
1572	//"BLX R12\n" // WORKSFORME, configure gcc WITHOUT --with-cpu=arm9
1573	"MOV LR, PC\n" // 2-op workaround for 'normal' compiler
1574	"MOV PC, R12\n" // Does the same thing, effectively, because PC is always 8 bytes ahead.
1575	"CMP R0, #1\n"
1576	"BNE loc_FF856744\n"
1577	"MOV R0, #3\n"
1578	"BL sub_FF87160C\n"
1579	"B loc_FF856710\n"
1580
1581	///////
1582	// Offsets are fixed from here on, everything +0x10 for the second entry
1583	///////
1584
1585	"loc_FF856744:\n"
1586	"MOV R0, R8\n"
1587	"BL sub_FF9445D4\n"
1588
1589	// Start of DataGhost's FAT32 autodetection code
1590	// Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
1591	// According to the code below, we can use R1, R2, R3 and R12.
1592	// LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
1593	// that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
1594	"MOV R12, R4\n" // Copy the MBR start address so we have something to work with
1595	"MOV LR, R4\n" // Save old offset for MBR signature
1596	"MOV R1, #1\n" // Note the current partition number
1597	"B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
1598	"dg_sd_fat32:\n"
1599	"CMP R1, #4\n" // Did we already see the 4th partition?
1600	"BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
1601	"ADD R12, R12, #0x10\n" // Second partition
1602	"ADD R1, R1, #1\n" // Second partition for the loop
1603	"dg_sd_fat32_enter:\n"
1604	"LDRB R2, [R12, #0x1BE]\n" // Partition status
1605	"LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
1606	"CMP R3, #0xB\n" // Is this a FAT32 partition?
1607	"CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
1608	"BNE dg_sd_fat32\n" // No, it isn't. Loop again.
1609	"CMP R2, #0x00\n" // It is, check the validity of the partition type
1610	"CMPNE R2, #0x80\n"
1611	"BNE dg_sd_fat32\n" // Invalid, go to next partition
1612	// This partition is valid, it's the first one, bingo!
1613	"MOV R4, R12\n" // Move the new MBR offset for the partition detection.
1614
1615	"dg_sd_fat32_end:\n"
1616	// End of DataGhost's FAT32 autodetection code
1617
1618	"LDRB R1, [R4,#0x1C9]\n" // 4th byte of LBA
1619	"LDRB R3, [R4,#0x1C8]\n" // 3rd byte of LBA
1620	"LDRB R12, [R4,#0x1CC]\n" // 3rd byte of partition length
1621	"MOV R1, R1,LSL#24\n" // Shift and...
1622	"ORR R1, R1, R3,LSL#16\n" // combine LBA bytes (endianness fix)
1623	"LDRB R3, [R4,#0x1C7]\n" // 2nd byte of LBA
1624	"LDRB R2, [R4,#0x1BE]\n" // Partition status (0x00=nonboot, 0x80=boot, other=bad)
1625	// "LDRB LR, [R4,#0x1FF]\n" // Last MBR signature byte (0xAA)
1626	"ORR R1, R1, R3,LSL#8\n" // Combine more LBA bytes
1627	"LDRB R3, [R4,#0x1C6]\n" // 1st byte of LBA
1628	"CMP R2, #0\n" // Check partition status
1629	"CMPNE R2, #0x80\n" // and again
1630	"ORR R1, R1, R3\n" // Combine LBA into final value
1631	"LDRB R3, [R4,#0x1CD]\n" // 4th byte of partition length
1632	"MOV R3, R3,LSL#24\n" // Shift and...
1633	"ORR R3, R3, R12,LSL#16\n" // combine partition length bytes
1634	"LDRB R12, [R4,#0x1CB]\n" // 2nd byte of partition length
1635	"ORR R3, R3, R12,LSL#8\n" // Combine partition length bytes
1636	"LDRB R12, [R4,#0x1CA]\n" // 1st byte of partition length
1637	"ORR R3, R3, R12\n" // Combine partition length bytes into final value
1638	// "LDRB R12, [R4,#0x1FE]\n" // First MBR signature byte (0x55)
1639	"LDRB R12, [LR,#0x1FE]\n" // + First MBR signature byte (0x55), LR is original offset.
1640	"LDRB LR, [LR,#0x1FF]\n" // + Last MBR signature byte (0xAA), LR is original offset.
1641	"MOV R4, #0\n" // This value previously held a pointer to the partition table :(
1642	"BNE loc_FF8567CC\n" // Jump out if the partition is malformed (partition status \'other\')
1643	"CMP R0, R1\n"
1644	"BCC loc_FF8567CC\n" // Jump out if R0 < R1 (probably checking for a valid LBA addr)
1645	"ADD R2, R1, R3\n" // R2 = partition start address + length = partition end address
1646	"CMP R2, R0\n" // Guess: CMPLS is used to check for an overflow, the partition end address cannot be negative.
1647	"CMPLS R12, #0x55\n" // Check MBR signature with original offset
1648	"CMPEQ LR, #0xAA\n" // Check MBR signature with original offset
1649	"MOVEQ R6, R1\n"
1650	"MOVEQ R5, R3\n"
1651	"MOVEQ R4, #1\n"
1652
1653	"loc_FF8567CC:\n"
1654	"MOV R0, #3\n"
1655	"BL sub_FF87160C\n"
1656	"CMP R4, #0\n"
1657	"BNE loc_FF856804\n"
1658	"MOV R6, #0\n"
1659	"MOV R0, R8\n"
1660	"BL sub_FF9445D4\n"
1661	"MOV R5, R0\n"
1662	"B loc_FF856804\n"
1663
1664	"loc_FF8567F0:\n"
1665	"MOV R5, #0x40\n"
1666	"B loc_FF856804\n"
1667
1668	"loc_FF8567F8:\n"
1669	"LDR R1, =0x365\n"
1670	//"ADR R0, aMounter_c\n" // \"Mounter.c\"
1671	"LDR R0, =0xFF8566A0\n"
1672	//"BL Assert\n"
1673	"BL sub_FF81BD94\n"
1674
1675	"loc_FF856804:\n"
1676	"STR R6, [R7,#0x44]!\n"
1677	"MOV R0, #1\n"
1678	"STR R5, [R7,#4]\n"
1679	"LDMFD SP!, {R4-R8,PC}\n"
1680	);
1681	}
1682
1683	////////////////////////////////////////////////////////////////////////////////
1684	// SDHC HOOK ENDS HERE
1685	////////////////////////////////////////////////////////////////////////////////
1686
1687
1688	// I could not manually find this function in the S5IS firmware, possibly signatures
1689	// might find it. Until that moment, I hooked it here (copied from another camera)
1690	unsigned long __attribute__((naked,noinline)) _time(unsigned long *timer) {
1691	asm volatile (
1692	"STMFD SP!, {R3-R5,LR}\n"
1693	"MOV R4, R0\n"
1694	"MVN R0, #0\n"
1695	"STR R0, [SP,#0x10-0x10]\n"
1696	"MOV R0, SP\n"
1697	"BL sub_FF870C80\n" // _GetTimeOfSystem\n"
1698	"CMP R0, #0\n"
1699	"BNE loc_FFC55F38\n"
1700	"CMP R4, #0\n"
1701	"LDRNE R0, [SP,#0x10-0x10]\n"
1702	"STRNE R0, [R4]\n"
1703
1704	"loc_FFC55F38:\n"
1705	"LDR R0, [SP,#0x10-0x10]\n"
1706	"LDMFD SP!, {R3-R5,PC}\n"
1707	);
1708	}
1709
1710
1711
1712	void CreateTask_blinker() {
1713	_CreateTask("Blinker", 0x1, 0x200, task_blinker, 0);
1714	};
1715
1716
1717	void __attribute__((naked,noinline)) task_blinker() {
1718	int ledstate;
1719
1720	int counter = 0;
1721
1722	long led = (void) 0xC02200E0; // AF led
1723
1724	long *anypointer; // multi-purpose pointer to poke around in memory
1725	long v1, v2, v3, v4; // multi-purpose vars
1726
1727	ledstate = 0; // init: led off
1728	*led = 0x46; // led on
1729
1730	while (1) {
1731	counter++;
1732
1733	if (ledstate == 1) { // toggle LED
1734	ledstate = 0;
1735	*led = 0x44; // LED off
1736	//core_test(1);
1737	} else {
1738	ledstate = 1;
1739	*led = 0x46; // LED on
1740	//core_test(0);
1741	}
1742
1743	if (counter == 2) {
1744	//dump_chdk();
1745	//gui_init();
1746	//_ExecuteEventProcedure("UIFS_WriteFirmInfoToFile");
1747	//_UIFS_WriteFirmInfoToFile(0);
1748	}
1749
1750	if (counter == 10) {
1751	//draw_txt_string(2, 2, "test");
1752	}
1753
1754	msleep(500);
1755	}
1756	};
1757
1758
1759	void CreateTask_spytask() {
1760	_CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
1761	};
1762
1763
1764	void CreateTask_PhySw() {
1765	_CreateTask("PhySw", 0x17, 0x800, mykbd_task, 0);
1766	};
1767
1768
1769	//extern long _Fopen_Fut(const char filename, const char mode);
1770	//extern void _Fclose_Fut(long file);
1771	//extern long _Fwrite_Fut(const void *buf, long elsize, long count, long f);
1772	//extern long Fread_Fut(void *buf, long elsize, long count, long f);
1773	//extern long Fseek_Fut(long file, long offset, long whence);
1774	//extern long _qDump(char* filename, long unused, long write_p2, long write_p3);
1775	void dump_chdk() { //#fs
1776	int fd;
1777	long dirnum;
1778
1779	volatile long led = (void) 0xC02200D0; // yellow led
1780
1781	*led = 0x46; //on
1782
1783	// _qDump("A/qdump", 0, (void*) 0x01900, 0xb0000);
1784	//_qDump("A/firmdump", 0, (void*) 0xFFC00000, 0x00400000);
1785	//_qDump("A/firmlower", 0, (void*) 0xff800000, 0x00400000); // identical to 0xfc000000
1786
1787	//started();
1788
1789	//dirnum = get_target_dir_num();
1790	//sprintf(fn, FN_RAWDIR, dirnum);
1791	//mkdir(fn);
1792
1793	//sprintf(fn, FN_RAWDIR "/" "DMP_%04d.JPG", dirnum, ++ramdump_num);
1794
1795	//fd = _Fopen_Fut("A/dump", "w");
1796	//if (fd >= 0) {
1797	//write(fd, (void*)0, 0x1900);
1798	//write(fd, (void)0x1900, 321024*1024-0x1900);
1799	//_Fwrite_Fut((void*)0x9D000, 0x20000, 0x20000, fd);
1800	//_Fclose_Fut(fd);
1801	//}
1802	*led = 0x44; //off
1803	//finished();
1804	} //#fe

Note: See TracBrowser for help on using the browser.

chdk

Context Navigation

root/trunk/platform/s5is/sub/101a/boot.c @ 750

Download in other formats: