Assembla home | Assembla project page

My Start Page

Context Navigation

source: trunk/platform/s5is/sub/101b/boot.c @ 380

Revision 380, 57.5 KB checked in by DataGhost, 5 years ago (diff)

+ (sand): Added S5IS 1.01a

(DataGhost?): Cleaned up unnecessary stuff from S5IS 1.01a/b boot.c boot() and updated Makefile for 1.01a

Line
1	#include "lolevel.h"
2	#include "platform.h"
3	#include "core.h"
4
5	/* Our stuff */
6	extern long wrs_kernel_bss_start;
7	extern long wrs_kernel_bss_end;
8
9	// Forward declarations
10	void CreateTask_blinker();
11	void CreateTask_PhySw();
12	void CreateTask_spytask();
13
14	void boot();
15	void __attribute__((naked,noinline)) task_blinker();
16	void dump_chdk();
17
18	////////////////////////////////////////////////////////////////////////////////
19	// Note to developers:
20	// The code below is just somewhat annotated in an attempt to figure out what
21	// the camera does. I left it in, it might be of some use to someone someday.
22	// Occasionally, I added the .ltorg directive, because the compiler/assembler
23	// isn't smart enough to place it somewhere sensible. Remember to bypass
24	// (B new_location) that directive if you really MUST place it in the middle
25	// of your code.
26	////////////////////////////////////////////////////////////////////////////////
27
28
29	#define DEBUG_LED 0xC02200D4 // Red led (lower-right corner) normally indicating SD read/write
30
31	void boot() {
32
33	asm volatile ("B sub_FF81000C_my\n");
34
35	};
36
37
38	void __attribute__((naked,noinline)) sub_FF81000C_my() {
39	asm volatile (
40	"LDR R1, =0xC0400004\n"
41	"LDR R2, [R1]\n"
42	"ORR R2, R2, #2\n"
43	"STR R2, [R1]\n"
44	"LDR R1, =0xC0410000\n"
45	"MOV R0, #0\n"
46	"STR R0, [R1]\n"
47	"MOV R1, #0x78\n"
48	"MCR p15, 0, R1,c1,c0\n"
49	"MOV R1, #0\n"
50	"MCR p15, 0, R1,c7,c10, 4\n"
51	"MCR p15, 0, R1,c7,c5\n"
52	"MCR p15, 0, R1,c7,c6\n"
53	"MOV R0, #0x3D\n"
54	"MCR p15, 0, R0,c6,c0\n"
55	"MOV R0, #0xC000002F\n"
56	"MCR p15, 0, R0,c6,c1\n"
57	"MOV R0, #0x33\n"
58	"MCR p15, 0, R0,c6,c2\n"
59	"LDR R0, =0x10000033\n"
60	"MCR p15, 0, R0,c6,c3\n"
61	"MOV R0, #0x40000017\n"
62	"MCR p15, 0, R0,c6,c4\n"
63	"LDR R0, =0xFF80002D\n"
64	"MCR p15, 0, R0,c6,c5\n"
65	"MOV R0, #0x34\n"
66	"MCR p15, 0, R0,c2,c0\n"
67	"MOV R0, #0x34\n"
68	"MCR p15, 0, R0,c2,c0, 1\n"
69	"MOV R0, #0x34\n"
70	"MCR p15, 0, R0,c3,c0\n"
71	"LDR R0, =0x3333330\n"
72	"MCR p15, 0, R0,c5,c0, 2\n"
73	"LDR R0, =0x3333330\n"
74	"MCR p15, 0, R0,c5,c0, 3\n"
75	"MRC p15, 0, R0,c1,c0\n"
76	"ORR R0, R0, #0x1000\n"
77	"ORR R0, R0, #4\n"
78	"ORR R0, R0, #1\n"
79	"MCR p15, 0, R0,c1,c0\n"
80	"MOV R1, #0x40000006\n"
81	"MCR p15, 0, R1,c9,c1\n"
82	"MOV R1, #6\n"
83	"MCR p15, 0, R1,c9,c1, 1\n"
84	"MRC p15, 0, R1,c1,c0\n"
85	"ORR R1, R1, #0x50000\n"
86	"MCR p15, 0, R1,c1,c0\n"
87	"LDR R2, =0xC0200000\n"
88	"MOV R1, #1\n"
89	"STR R1, [R2,#0x10C]\n"
90	"MOV R1, #0xFF\n"
91	"STR R1, [R2,#0xC]\n"
92	"STR R1, [R2,#0x1C]\n"
93	"STR R1, [R2,#0x2C]\n"
94	"STR R1, [R2,#0x3C]\n"
95	"STR R1, [R2,#0x4C]\n"
96	"STR R1, [R2,#0x5C]\n"
97	"STR R1, [R2,#0x6C]\n"
98	"STR R1, [R2,#0x7C]\n"
99	"STR R1, [R2,#0x8C]\n"
100	"STR R1, [R2,#0x9C]\n"
101	"STR R1, [R2,#0xAC]\n"
102	"STR R1, [R2,#0xBC]\n"
103	"STR R1, [R2,#0xCC]\n"
104	"STR R1, [R2,#0xDC]\n"
105	"STR R1, [R2,#0xEC]\n"
106	"STR R1, [R2,#0xFC]\n"
107	"LDR R1, =0xC0400008\n"
108	"LDR R2, =0x430005\n"
109	"STR R2, [R1]\n"
110	"MOV R1, #1\n"
111	"LDR R2, =0xC0243100\n"
112	"STR R2, [R1]\n"
113	"LDR R2, =0xC0242010\n"
114	"LDR R1, [R2]\n"
115	"ORR R1, R1, #1\n"
116	"STR R1, [R2]\n"
117	"LDR R0, =0xFFB07EB8\n"
118	"LDR R1, =0x1900\n"
119	"LDR R3, =0x1056C\n"
120
121	"loc_FF81014C:\n"
122	"CMP R1, R3\n" // Copy code from 0xFFB07EB8(inc) onwards to 0x1900(inc) .. 0x1056C (ex)
123	"LDRCC R2, [R0],#4\n"
124	"STRCC R2, [R1],#4\n"
125	"BCC loc_FF81014C\n" // loop
126	"LDR R1, =0x9B610\n"
127	"MOV R2, #0\n"
128
129	"loc_FF810164:\n"
130	"CMP R3, R1\n" // Zerofill from 0x1056C(inc) .. 0x9B610(exc)
131	"STRCC R2, [R3],#4\n"
132	"BCC loc_FF810164\n" // loop
133	// "B sub_FF8101B8\n"
134	"B sub_FF8101B8_my\n" // +---------------------> Hook
135	".ltorg\n"
136	);
137	}
138
139
140	void __attribute__((naked,noinline)) sub_FF8101B8_my() {
141	asm volatile (
142	"loc_FF8101B8:\n"
143	"LDR R0, =0xFF810230\n"
144	"MOV R1, #0\n"
145	"LDR R3, =0xFF810268\n"
146
147	"loc_FF8101C4:\n"
148	"CMP R0, R3\n" // Copy code from 0xFF810230(inc) .. 0xFF810268(exc) to 0x0 .. 0x38
149	"LDRCC R2, [R0],#4\n"
150	"STRCC R2, [R1],#4\n"
151	"BCC loc_FF8101C4\n" // loop
152	"LDR R0, =0xFF810268\n"
153	"MOV R1, #0x4B0\n"
154	"LDR R3, =0xFF81047C\n"
155
156	"loc_FF8101E0:\n"
157	"CMP R0, R3\n" // Copy code from 0xFF810268(inc) .. 0xFF81047C(exc) to 0x4B0 .. 0x6C4
158	"LDRCC R2, [R0],#4\n"
159	"STRCC R2, [R1],#4\n"
160	"BCC loc_FF8101E0\n" // loop
161	"MOV R0, #0xD2\n"
162	"MSR CPSR_cxsf, R0\n"
163	"MOV SP, #0x1000\n"
164	"MOV R0, #0xD3\n"
165	"MSR CPSR_cxsf, R0\n"
166	"MOV SP, #0x1000\n"
167	"LDR R0, =0x6C4\n"
168	"LDR R2, =0xEEEEEEEE\n"
169	"MOV R3, #0x1000\n"
170
171	"loc_FF810214:\n"
172	"CMP R0, R3\n" // Fill 0x6C4 .. 0x1000 with 0xEEEEEEEE
173	"STRCC R2, [R0],#4\n"
174	"BCC loc_FF810214\n" // loop
175	// "BL sub_FF810FCC\n"
176	"BL sub_FF810FCC_my\n" // +---------------------> Hook
177	".ltorg\n"
178	);
179	}
180
181	void __attribute__((naked,noinline)) sub_FF810FCC_my() {
182	asm volatile (
183	"STR LR, [SP,#-0x4]!\n"
184	"SUB SP, SP, #0x74\n"
185	"MOV R0, SP\n"
186	"MOV R1, #0x74\n"
187	"BL sub_FFA92C10\n"
188	"MOV R0, #0x53000\n"
189	"STR R0, [SP,#0x74-0x70]\n"
190	// "LDR R0, =0x9B610\n"
191	"LDR R0, =0xDB610\n" // 0x9B610 + 0x40000 (memsize) = 0xDB610
192	"LDR R2, =0x2ABC00\n"
193	"LDR R1, =0x2A4968\n"
194	"STR R0, [SP,#0x74-0x6C]\n"
195	"SUB R0, R1, R0\n"
196	"ADD R3, SP, #0x74-0x68\n"
197	"STR R2, [SP,#0x74-0x74]\n"
198	"STMIA R3, {R0-R2}\n"
199	"MOV R0, #0x22\n"
200	"STR R0, [SP,#0x74-0x5C]\n"
201	"MOV R0, #0x68\n"
202	"STR R0, [SP,#0x74-0x58]\n"
203	"LDR R0, =0x19B\n"
204	"MOV R1, #0x64\n"
205	// "STRD R0, [SP,#0x74-0x54]\n" // WORKSFORME, configure gcc WITHOUT --with-cpu=arm9
206	"STR R0, [SP,#0x74-0x54]\n" // Though use the old, 2-line version
207	"STR R1, [SP,#0x74-0x50]\n" // for the final until everyone uses 'new' gcc
208	"MOV R0, #0x78\n"
209	// "STRD R0, [SP,#0x74-0x4C]\n" // Idem
210	"STR R0, [SP,#0x74-0x4C]\n" // Idem
211	"STR R1, [SP,#0x74-0x48]\n" // Idem
212	"MOV R0, #0\n"
213	"STR R0, [SP,#0x74-0x44]\n"
214	"STR R0, [SP,#0x74-0x40]\n"
215	"MOV R0, #0x10\n"
216	"STR R0, [SP,#0x74-0x18]\n"
217	"MOV R0, #0x800\n"
218	"STR R0, [SP,#0x74-0x14]\n"
219	"MOV R0, #0xA0\n"
220	"STR R0, [SP,#0x74-0x10]\n"
221	"MOV R0, #0x280\n"
222	"STR R0, [SP,#0x74-0xC]\n"
223	// "LDR R1, =sub_FF814E0C\n"
224	"LDR R1, =sub_FF814E0C_my\n" // +---------------------> Hook
225	"MOV R0, SP\n"
226	"MOV R2, #0\n"
227	"BL sub_FF812D84\n"
228	"ADD SP, SP, #0x74\n"
229	"LDR PC, [SP],#4\n"
230	".ltorg\n"
231	);
232	}
233
234
235	void __attribute__((naked,noinline)) sub_FF814E0C_my() {
236	asm volatile (
237	"STMFD SP!, {R4,LR}\n"
238	"BL sub_FF810970\n"
239	"BL sub_FF8197D0\n" // dmSetup
240	"CMP R0, #0\n"
241	// "ADRLT R0, aDmsetup\n"
242	"LDRLT R0, =0xFF814F20\n"
243	"BLLT sub_FF814F00\n" // err_init_task
244	"BL sub_FF814A30\n" // termDriverInit
245	"CMP R0, #0\n"
246	// "ADRLT R0, aTermdriverinit\n"
247	"LDRLT R0, =0xFF814F28\n"
248	"BLLT sub_FF814F00\n" // err_init_task
249	// "ADR R0, a_term\n"
250	"LDR R0, =0xFF814F38\n"
251	"BL sub_FF814B1C\n" // termDeviceCreate
252	"CMP R0, #0\n"
253	// "ADRLT R0, aTermdevicecrea\n"
254	"LDRLT R0, =0xFF814F40\n"
255	"BLLT sub_FF814F00\n" // err_init_task
256	// "ADR R0, a_term\n"
257	"LDR R0, =0xFF814F38\n"
258	"BL sub_FF813594\n" // stdioSetup
259	"CMP R0, #0\n"
260	// "ADRLT R0, aStdiosetup\n"
261	"LDRLT R0, =0xFF814F54\n"
262	"BLLT sub_FF814F00\n" // err_init_task
263	"BL sub_FF8194B8\n" // stdlibSetup
264	"CMP R0, #0\n"
265	// "ADRLT R0, aStdlibsetup\n"
266	"LDRLT R0, =0xFF814F60\n"
267	"BLLT sub_FF814F00\n" // err_init_task
268	"BL sub_FF8114E4\n" // armlib_setup
269	"CMP R0, #0\n"
270	// "ADRLT R0, aArmlib_setup\n"
271	"LDRLT R0, =0xFF814F6C\n"
272	"BLLT sub_FF814F00\n" // err_init_task
273	"LDMFD SP!, {R4,LR}\n"
274	//"B sub_FF81D9F0\n" // CreateTaskStartup
275	"B sub_FF81D9F0_my\n" // +---------------------> Hook
276	".ltorg\n"
277	);
278	};
279
280
281	void __attribute__((naked,noinline)) sub_FF81D9F0_my() {
282	asm volatile (
283	"STMFD SP!, {R3,LR}\n"
284	"BL sub_FF82CE28\n"
285	"CMP R0, #0\n"
286	"BNE loc_FF81DA2C\n"
287	"BL sub_FF824D04\n"
288	"CMP R0, #0\n"
289	"LDREQ R2, =0xC0220000\n"
290	"LDREQ R0, [R2,#0x10C]\n"
291	"LDREQ R1, [R2,#0x108]\n"
292	"ORREQ R0, R0, R1\n"
293	"TSTEQ R0, #1\n"
294	"BNE loc_FF81DA2C\n"
295	"MOV R0, #0x44\n"
296	"STR R0, [R2,#0x4C]\n"
297
298	"loc_FF81DA28:\n"
299	"B loc_FF81DA28\n"
300
301
302	"loc_FF81DA2C:\n"
303	"BL sub_FF823630\n"
304	"BL sub_FF82A9D0\n"
305	"MOV R1, #0x300000\n"
306	"MOV R0, #0\n"
307	"BL sub_FF82AC18\n"
308	"BL sub_FF82ABC4\n"
309	"MOV R3, #0\n"
310	"STR R3, [SP,#8-8]\n"
311	// "LDR R3, sub_FF81D950\n" // Startup, 0xFF81D950
312	"LDR R3, =sub_FF81D950_my\n" // +---------------------> Hook
313	"MOV R2, #0\n"
314	"MOV R1, #0x19\n"
315	// "ADR R0, aStartup\n"
316	"LDR R0, =0xFF81DA7C\n"
317	"BL sub_FF81B8FC\n" // CreateTask
318	"MOV R0, #0\n"
319	"LDMFD SP!, {R12,PC}\n"
320	".ltorg\n"
321	);
322	}
323
324	void __attribute__((naked,noinline)) sub_FF81D950_my() {
325	asm volatile (
326	"STMFD SP!, {R4,LR}\n"
327	"BL sub_FF8151CC\n"
328	"BL sub_FF824778\n"
329	"BL sub_FF820D4C\n"
330	//"BL j_nullsub_163\n"
331	"BL sub_FF82D018\n"
332	// "BL sub_FF82CF00\n" // Apparently responsible for
333	// diskboot. Bypassing it does
334	// not seem to affect the camera
335	// negatively.
336	);
337
338	CreateTask_spytask();
339
340	asm volatile (
341	"LDR R4, =0x66A8\n"
342	"B loc_FF81D97C\n"
343
344	"loc_FF81D974:\n"
345	"SUBS R4, R4, #1\n"
346	"BEQ loc_FF81D98C\n"
347
348	"loc_FF81D97C:\n"
349	"MOV R0, #5\n"
350	"BL sub_FF820E54\n"
351	"CMP R0, #1\n"
352	"BEQ loc_FF81D974\n"
353
354	"loc_FF81D98C:\n"
355	"MOV R0, #5\n"
356	"BL sub_FF82124C\n"
357	"SUBS R12, R0, #0x300\n"
358	"SUBGES R12, R12, #0xF6\n"
359	"BLE loc_FF81D9B0\n"
360	"BL sub_FF829F0C\n"
361	"MOV R1, #0xB5\n"
362	// "ADR R0, aStartup_c\n"
363	"LDR R0, =0xFF81DA6C\n"
364	"BL sub_FF81BCCC\n" // Assert, 0xFF81BCCC
365
366	"loc_FF81D9B0:\n"
367	"BL sub_FF82DABC\n"
368	"BL sub_FF82D068\n"
369	"BL sub_FF829F0C\n"
370	"BL sub_FF82DACC\n"
371	//"BL sub_FF8235D4\n" // PhySw, bypass and create own
372	);
373
374	CreateTask_PhySw();
375
376	asm volatile (
377	// "BL sub_FF826988\n" // CaptSeqTask and lots of other stuff
378	"BL sub_FF826988_my\n" // +---------------------> Hook (in capt_seq.c)
379	"BL sub_FF82DAEC\n"
380	//"BL nullsub_2\n"
381	"BL sub_FF822998\n"
382	"BL sub_FF82CBF4\n"
383	"BL sub_FF8230C0\n"
384	"BL sub_FF8228A4\n"
385	//"BL sub_FF82E570\n"
386	"BL sub_FF82E570_my\n" // +---> MAJOR HOOK (SDHC boot)
387	"BL sub_FF822728\n"
388	"LDMFD SP!, {R4,LR}\n"
389	"B sub_FF8150D8\n"
390	".ltorg\n"
391	);
392	}
393
394
395	/////////////////////////////////////////////////////////////////////////////////////
396	// Major SDHC boot fix hook starts here
397	//
398	// Paths that certainly do not (by itself) get the SDHC booting going:
399	// sub_FF82E570 -> sub_FF824D18 -> sub_FF824A60 -> sub_FF87BF78 (entire 'right subtree')
400	// sub_FF82E570 -> sub_FF82E120 -> sub_FF87AC88 -> sub_FF87A340 -> sub_FF87BF78 (shortest path (subroutine-count-wise) through 'left subtree')
401	// sub_FF82E570 -> sub_FF82E120 -> sub_FF87AC88 -> sub_FF87A80C -> sub_FF87A340 -> sub_FF87BF78 (sub_FF87A80C does not appear to be called)
402	//
403	// Unexplored:
404	// sub_FF82E570 -> sub_FF82E120 -> sub_FF87BD48 -> sub_FF87BB94 -> sub_FF87AC88 -> -> sub_FF87A340 -> sub_FF87BF78
405	// -> sub_FF87A80C ->
406	//
407	// Final, working path:
408	// sub_FF82E570 -> sub_FF82E120 -> sub_FF87BD48 -> sub_FF87BB94 -> sub_FF87AC88 -> sub_FF87A340 -> sub_FF87BF78
409	//
410	// That's the 'tree'-part, the rest of the subroutines are just straight on down, no junctions.
411	// -> sub_FF87BF28 -> sub_FF874FDC -> sub_FF856910 -> sub_FF85674C -> sub_FF8565E4
412	/////////////////////////////////////////////////////////////////////////////////////
413
414	void __attribute__((naked,noinline)) sub_FF82E570_my() {
415	asm volatile (
416	"STMFD SP!, {R4,LR}\n"
417	"BL sub_FF878D88\n"
418	"BL sub_FF824CD8\n"
419	"CMP R0, #1\n"
420	"BNE loc_FF82E590\n"
421	"BL sub_FF87C08C\n"
422	"LDMFD SP!, {R4,LR}\n"
423	"B sub_FF824D18\n"
424
425	"loc_FF82E590:\n"
426	"BL sub_FF87AF30\n"
427	"LDR R4, =0x1E80\n"
428	"LDR R0, [R4,#4]\n"
429	"CMP R0, #0\n"
430	"LDMNEFD SP!, {R4,PC}\n"
431	"MOV R1, #0\n"
432	//"LDR R0, =0xFF82E120\n"
433	"LDR R0, =sub_FF82E120_my\n" // +----> Hook for SDHC booting
434	"BL sub_FF875938\n"
435	"STR R0, [R4,#4]\n"
436	"LDMFD SP!, {R4,PC}\n"
437	);
438	}
439
440	void __attribute__((naked,noinline)) sub_FF82E120_my() {
441	asm volatile (
442	"STMFD SP!, {R3-R11,LR}\n"
443	"LDR R6, =0x1E80\n"
444	"MOV R5, R1\n"
445	"LDR R0, [R6,#0x14]\n"
446	"MOV R4, R3\n"
447	"CMP R0, #1\n"
448	"BNE loc_FF82E144\n"
449	"BL sub_FF8795E0\n"
450	"B loc_FF82E1C8\n"
451
452	"loc_FF82E144:\n"
453	"LDR R12, =0x1162\n"
454	"LDR R10, =0x1005\n"
455	"CMP R5, R12\n"
456	"MOV R7, #0\n"
457	"MOV R8, #1\n"
458	"BEQ loc_FF82E4C4\n"
459	"BGT loc_FF82E28C\n"
460	"LDR R12, =0x1062\n"
461	"CMP R5, R12\n"
462	"BEQ loc_FF82E54C\n"
463	"BGT loc_FF82E1F8\n"
464	"CMP R5, R10\n"
465	"BEQ loc_FF82E248\n"
466	"BGT loc_FF82E1D0\n"
467	"SUB R12, R5, #0x800\n"
468	"SUBS R12, R12, #3\n"
469	"BEQ loc_FF82E3CC\n"
470	"SUB R12, R5, #0x800\n"
471	"SUBS R12, R12, #0x158\n"
472	"BEQ loc_FF82E554\n"
473	"LDR R4, =0x9A3\n"
474	"CMP R5, R4\n"
475	"ADD R7, R4, #2\n"
476	"CMPNE R5, R7\n"
477	"BNE loc_FF82E4B4\n"
478	"LDR R0, [R6,#0xC]\n"
479	"SUB R12, R0, #0x8000\n"
480	"SUBS R12, R12, #2\n"
481	"BEQ loc_FF82E1C8\n"
482	"LDR R0, =0x10A5\n"
483	"BL sub_FF877A7C\n"
484	"CMP R0, #0\n"
485	"BEQ loc_FF82E4A0\n"
486
487	"loc_FF82E1C8:\n"
488	"MOV R0, #0\n"
489	"LDMFD SP!, {R3-R11,PC}\n"
490
491	"loc_FF82E1D0:\n"
492	"SUB R12, R5, #0x1000\n"
493	"SUBS R12, R12, #0x56\n"
494	"SUBNE R12, R5, #0x1000\n"
495	"SUBNES R12, R12, #0x5B\n"
496	"SUBNE R12, R5, #0x1000\n"
497	"SUBNES R12, R12, #0x5E\n"
498	"SUBNE R12, R5, #0x1000\n"
499	"SUBNES R12, R12, #0x61\n"
500	"BNE loc_FF82E4B4\n"
501	"B loc_FF82E54C\n"
502
503	"loc_FF82E1F8:\n"
504	"LDR R12, =0x10AD\n"
505	"CMP R5, R12\n"
506	"BEQ loc_FF82E4EC\n"
507	"BGT loc_FF82E250\n"
508	"SUB R12, R5, #0x1000\n"
509	"SUBS R12, R12, #0x63\n"
510	"SUBNE R12, R5, #0x1000\n"
511	"SUBNES R12, R12, #0x65\n"
512	"BEQ loc_FF82E54C\n"
513	"SUB R12, R5, #0x1000\n"
514	"LDR R0, =0x10A3\n"
515	"SUBS R12, R12, #0xA9\n"
516	"BEQ loc_FF82E4E0\n"
517	"SUB R12, R5, #0x1000\n"
518	"SUBS R12, R12, #0xAA\n"
519	"BNE loc_FF82E4B4\n"
520	"BL sub_FF877A7C\n"
521	"CMP R0, #0\n"
522	"BNE loc_FF82E1C8\n"
523
524	"loc_FF82E244:\n"
525	"BL sub_FF82EB04\n"
526
527	"loc_FF82E248:\n"
528	"MOV R1, R4\n"
529	"B loc_FF82E4B8\n"
530
531	"loc_FF82E250:\n"
532	"SUB R12, R5, #0x1000\n"
533	"SUBS R12, R12, #0xAE\n"
534	"BEQ loc_FF82E244\n"
535	"SUB R12, R5, #0x1000\n"
536	"SUBS R12, R12, #0xAF\n"
537	"BEQ loc_FF82E4EC\n"
538	"SUB R12, R5, #0x1000\n"
539	"SUBS R12, R12, #0xB0\n"
540	"BEQ loc_FF82E244\n"
541	"SUB R12, R5, #0x1000\n"
542	"SUBS R12, R12, #0xB2\n"
543	"BNE loc_FF82E4B4\n"
544	"LDR R0, =0x1008\n"
545	"MOV R1, R4\n"
546	"B loc_FF82E4BC\n"
547
548	"loc_FF82E28C:\n"
549	"LDR R11, =0x201B\n"
550	"LDR R0, =0x1E80\n"
551	"CMP R5, R11\n"
552	"LDR R2, [R0,#0x10]!\n"
553	"LDR R1, [R0,#0x10]\n"
554	"SUB R9, R11, #0x17\n"
555	"BEQ loc_FF82E480\n"
556	"BGT loc_FF82E354\n"
557	"LDR R11, =0x116A\n"
558	"CMP R5, R11\n"
559	"BEQ loc_FF82E46C\n"
560	"BGT loc_FF82E308\n"
561	"SUB R12, R5, #0x1100\n"
562	"SUBS R12, R12, #0x63\n"
563	"MOVEQ R1, #0\n"
564	"MOVEQ R0, #0x82\n"
565	"BEQ loc_FF82E498\n"
566	"SUB R12, R5, #0x1100\n"
567	"SUBS R12, R12, #0x65\n"
568	"BEQ loc_FF82E490\n"
569	"LDR R4, =0x1168\n"
570	"SUB R12, R5, #0x1100\n"
571	"SUBS R12, R12, #0x67\n"
572	"CMPNE R5, R4\n"
573	"BNE loc_FF82E4B4\n"
574	"STR R8, [R6,#0x10]\n"
575	"LDR R6, =0x4508\n"
576	"CMP R1, #0\n"
577	"BEQ loc_FF82E45C\n"
578	"BL sub_FF879614\n"
579	"B loc_FF82E460\n"
580
581	"loc_FF82E308:\n"
582	"SUB R12, R5, #0x2000\n"
583	"SUBS R12, R12, #2\n"
584	"BEQ loc_FF82E518\n"
585	"CMP R5, R9\n"
586	"MOV R0, R9\n"
587	"BEQ loc_FF82E524\n"
588	"SUB R12, R5, #0x2000\n"
589	"SUBS R12, R12, #5\n"
590	"BEQ loc_FF82E518\n"
591	"SUB R12, R5, #0x2000\n"
592	"SUBS R12, R12, #0x19\n"
593	"BNE loc_FF82E4B4\n"
594	"CMP R1, #0\n"
595	"BEQ loc_FF82E1C8\n"
596	"CMP R2, #0\n"
597	"BNE loc_FF82E1C8\n"
598
599	"loc_FF82E348:\n"
600	"MOV R1, #0\n"
601
602	"loc_FF82E34C:\n"
603	"BL sub_FF87AC88\n"
604	"B loc_FF82E1C8\n"
605
606	"loc_FF82E354:\n"
607	"LDR R12, =0x3110\n"
608	"CMP R5, R12\n"
609	"BEQ loc_FF82E248\n"
610	"BGT loc_FF82E39C\n"
611	"SUB R12, R5, #0x2000\n"
612	"SUBS R12, R12, #0x1D\n"
613	"BEQ loc_FF82E518\n"
614	"LDR R0, =0x2027\n"
615	"CMP R5, R0\n"
616	"BEQ loc_FF82E4F8\n"
617	"SUB R12, R5, #0x3000\n"
618	"SUBS R12, R12, #6\n"
619	"BEQ loc_FF82E248\n"
620	"SUB R12, R5, #0x3000\n"
621	"SUBS R12, R12, #0x10\n"
622	"BNE loc_FF82E4B4\n"
623	"BL sub_FF89A628\n"
624	"B loc_FF82E1C8\n"
625
626	"loc_FF82E39C:\n"
627	"SUB R12, R5, #0x3100\n"
628	"SUBS R12, R12, #0x11\n"
629	"BEQ loc_FF82E248\n"
630	"CMP R5, #0x3140\n"
631	"BEQ loc_FF82E540\n"
632	"SUB R12, R5, #0x3200\n"
633	"SUBS R12, R12, #1\n"
634	"BEQ loc_FF82E4B4\n"
635	"SUB R12, R5, #0x3200\n"
636	"SUBS R12, R12, #2\n"
637	"BEQ loc_FF82E248\n"
638	"B loc_FF82E4B4\n"
639
640	"loc_FF82E3CC:\n"
641	"MOV R4, #1\n"
642	"MOV R0, #2\n"
643	"BL sub_FF878E1C\n"
644	"CMP R0, #1\n"
645	"MOVEQ R4, #2\n"
646	"MOV R0, R4\n"
647	"BL sub_FF822CC4\n"
648	"CMP R0, #0\n"
649	"STRNE R8, [R6,#0x14]\n"
650	"BNE loc_FF82E428\n"
651	"BL sub_FF87F814\n"
652	"BL sub_FF87CD38\n"
653	"BL sub_FF87DBD8\n"
654	"BL sub_FF87E0E8\n"
655	"BL sub_FF87C310\n"
656	"BL sub_FF87E4E4\n"
657	"CMP R0, #0\n"
658	"BEQ loc_FF82E430\n"
659	"BL sub_FF82DE8C\n"
660	"BL sub_FF87E4D8\n"
661	"MOV R1, R0\n"
662	"LDR R0, =0x1167\n"
663	"BL sub_FF876100\n"
664
665	"loc_FF82E428:\n"
666	"MOV R0, R7\n"
667	"LDMFD SP!, {R3-R11,PC}\n"
668
669	"loc_FF82E430:\n"
670	"BL sub_FF826FA0\n"
671	"CMP R0, #1\n"
672	"LDRNE R0, =0x310B\n"
673	"LDREQ R0, =0x310C\n"
674	"MOV R1, #0\n"
675	"BL sub_FF876100\n"
676	//"BL sub_FF87BD48\n"
677	"BL sub_FF87BD48_my\n" // +----> Hook for SDHC booting
678	"B loc_FF82E428\n"
679
680	"loc_FF82E450:\n"
681	"MOV R0, R6\n"
682	"BL sub_FF8641A8\n"
683	"B loc_FF82E1C8\n"
684
685	"loc_FF82E45C:\n"
686	"BL sub_FF826C98\n"
687
688	"loc_FF82E460:\n"
689	"CMP R5, R4\n"
690	"BNE loc_FF82E1C8\n"
691	"B loc_FF82E450\n"
692
693	"loc_FF82E46C:\n"
694	"MOV R0, #1\n"
695	"BL sub_FF87972C\n"
696	"MOV R1, R11\n"
697	"MOV R0, R10\n"
698	"B loc_FF82E4BC\n"
699
700	"loc_FF82E480:\n"
701	"CMP R2, #1\n"
702	"BNE loc_FF82E248\n"
703	"BL sub_FF879614\n"
704	"B loc_FF82E1C8\n"
705
706	"loc_FF82E490:\n"
707	"MOV R1, #0\n"
708	"MOV R0, #0x83\n"
709
710	"loc_FF82E498:\n"
711	"BL sub_FF87E1BC\n"
712	"B loc_FF82E1C8\n"
713
714	"loc_FF82E4A0:\n"
715	"CMP R5, R4\n"
716	"STREQ R8, [R6,#0x34]\n"
717	"BEQ loc_FF82E4B4\n"
718	"CMP R5, R7\n"
719	"STREQ R8, [R6,#0x30]\n"
720
721	"loc_FF82E4B4:\n"
722	"MOV R1, #0\n"
723
724	"loc_FF82E4B8:\n"
725	"MOV R0, R5\n"
726
727	"loc_FF82E4BC:\n"
728	"BL sub_FF87AC88\n"
729	"LDMFD SP!, {R3-R11,PC}\n"
730
731	"loc_FF82E4C4:\n"
732	"BL sub_FF882260\n"
733	"CMP R0, #0\n"
734	"BEQ loc_FF82E248\n"
735	"BL sub_FF882B70\n"
736	"CMP R0, #0\n"
737	"BLEQ sub_FF880F94\n"
738	"B loc_FF82E248\n"
739
740	"loc_FF82E4E0:\n"
741	"BL sub_FF877A7C\n"
742	"CMP R0, #0\n"
743	"BNE loc_FF82E1C8\n"
744
745	"loc_FF82E4EC:\n"
746	"MOV R0, R5\n"
747	"BL sub_FF82DFAC\n"
748	"LDMFD SP!, {R3-R11,PC}\n"
749
750	"loc_FF82E4F8:\n"
751	"MOV R1, #0\n"
752	"BL sub_FF87AC88\n"
753	"MOV R1, #0\n"
754	"MOV R0, R11\n"
755	"BL sub_FF87AC88\n"
756	"MOV R1, #0\n"
757	"MOV R0, R9\n"
758	"B loc_FF82E34C\n"
759
760	"loc_FF82E518:\n"
761	"STR R7, [R6,#0x20]\n"
762	"BL sub_FF82E7A4\n"
763	"B loc_FF82E248\n"
764
765	"loc_FF82E524:\n"
766	"STR R7, [R6,#0x20]\n"
767	"BL sub_FF82E7A4\n"
768	"LDR R0, [R6,#0x10]\n"
769	"CMP R0, #1\n"
770	"BNE loc_FF82E248\n"
771	"BL sub_FF879640\n"
772	"B loc_FF82E1C8\n"
773
774	"loc_FF82E540:\n"
775	"CMP R1, #0\n"
776	"BLEQ sub_FF82E7A4\n"
777	"B loc_FF82E1C8\n"
778
779	"loc_FF82E54C:\n"
780	"MVN R0, #0\n"
781	"B loc_FF82E348\n"
782
783	"loc_FF82E554:\n"
784	"TST R4, #0x80000000\n"
785	"MOVNE R0, #1\n"
786	"LDMNEFD SP!, {R3-R11,PC}\n"
787	"BL sub_FF883D08\n"
788	"CMP R0, #0\n"
789	"BLEQ sub_FF829CD8\n"
790	"B loc_FF82E1C8\n"
791	);
792	}
793
794	void __attribute__((naked,noinline)) sub_FF87BD48_my() {
795	asm volatile (
796	"STMFD SP!, {R4,LR}\n"
797	"BL sub_FF82E770\n"
798	"MOV R4, R0\n"
799	"BL sub_FF87BE64\n"
800	"MOV R0, R4\n"
801	"BL sub_FF87BBF8\n"
802	"BL sub_FF82E770\n"
803	"MOV R4, R0\n"
804	"LDR R0, =0x6374\n"
805	"LDR R0, [R0]\n"
806	"TST R0, #1\n"
807	"BEQ loc_FF87BD84\n"
808
809	"loc_FF87BD78:\n"
810	"MOV R1, R4\n"
811	"MOV R0, #2\n"
812	"B loc_FF87BDEC\n"
813
814	"loc_FF87BD84:\n"
815	"TST R0, #0x2000\n"
816	"BEQ loc_FF87BDA0\n"
817	"TST R0, #0x200\n"
818	"LDREQ R1, =0x4004\n"
819	"LDRNE R1, =0x8002\n"
820	"MOV R0, #3\n"
821	"B loc_FF87BDEC\n"
822
823	"loc_FF87BDA0:\n"
824	"TST R0, #0x10\n"
825	"BNE loc_FF87BD78\n"
826	"TST R0, #0x40\n"
827	"BEQ loc_FF87BDBC\n"
828
829	"loc_FF87BDB0:\n"
830	"MOV R1, R4\n"
831	"MOV R0, #1\n"
832	"B loc_FF87BDEC\n"
833
834	"loc_FF87BDBC:\n"
835	"TST R0, #0x20\n"
836	"BEQ loc_FF87BDD8\n"
837	"TST R0, #0x4000\n"
838	"BNE loc_FF87BDD8\n"
839
840	"loc_FF87BDCC:\n"
841	"MOV R1, R4\n"
842	"MOV R0, #0\n"
843	"B loc_FF87BDEC\n"
844
845	"loc_FF87BDD8:\n"
846	"LDR R1, =0x102\n"
847	"BICS R1, R1, R0\n"
848	"BNE loc_FF87BDF4\n"
849	"MOV R1, R4\n"
850	"MOV R0, #6\n"
851
852	"loc_FF87BDEC:\n"
853	"LDMFD SP!, {R4,LR}\n"
854	//"B sub_FF87BB94\n"
855	"B sub_FF87BB94_my\n" // +----> Hook for SDHC booting
856
857	"loc_FF87BDF4:\n"
858	"TST R0, #0x100\n"
859	"BNE loc_FF87BD78\n"
860	"TST R0, #0x4000\n"
861	"TSTEQ R0, #0x400\n"
862	"BNE loc_FF87BDB0\n"
863	"TST R0, #0x200\n"
864	"TSTEQ R0, #2\n"
865	"BNE loc_FF87BDCC\n"
866	"TST R0, #0x40000\n"
867	"BEQ loc_FF87BD78\n"
868	"TST R0, #0x200000\n"
869	"MOVEQ R1, R4\n"
870	"MOVEQ R0, #1\n"
871	//"BLEQ sub_FF87BB94\n"
872	"BLEQ sub_FF87BB94_my\n" // +----> Hook for SDHC booting
873	"B loc_FF87BD78\n"
874	);
875	}
876
877
878	void __attribute__((naked,noinline)) sub_FF87BB94_my() {
879	asm volatile (
880	"STMFD SP!, {R4-R6,LR}\n"
881	"MOVS R4, R0\n"
882	"MOV R0, #1\n"
883	"MOV R5, R1\n"
884	"BNE loc_FF87BBD4\n"
885	"MOV R1, #0\n"
886	"MOV R0, #0\n"
887	"BL sub_FF878DAC\n"
888	"BL sub_FF82E770\n"
889	"SUB R12, R0, #0x1000\n"
890	"SUBS R12, R12, #0x5B\n"
891	"BNE loc_FF87BBCC\n"
892
893	"loc_FF87BBC4:\n"
894	"BL sub_FF87BADC\n"
895	"B loc_FF87BBDC\n"
896
897	"loc_FF87BBCC:\n"
898	"BL sub_FF87BB1C\n"
899	"B loc_FF87BBDC\n"
900
901	"loc_FF87BBD4:\n"
902	"CMP R4, #5\n"
903	"BEQ loc_FF87BBC4\n"
904
905	"loc_FF87BBDC:\n"
906	"CMP R0, #0\n"
907	"LDREQ R5, =0x1162\n"
908	"MOVEQ R4, #2\n"
909	"MOV R0, R4\n"
910	"MOV R1, R5\n"
911	"LDMFD SP!, {R4-R6,LR}\n"
912	//"B sub_FF87AC88\n"
913	"B sub_FF87AC88_my\n" // +----> Hook for SDHC booting
914	);
915	}
916
917	void __attribute__((naked,noinline)) sub_FF87AC88_my() {
918	asm volatile (
919	"STMFD SP!, {R4-R8,LR}\n"
920	"MOV R8, R1\n"
921	"MOV R4, R0\n"
922	"BL sub_FF879928\n"
923	"LDR R5, =0x62AC\n"
924	"MOV R7, #1\n"
925	"LDR R0, [R5,#0x10]\n"
926	"MOV R6, #0\n"
927	"CMP R0, #0x15\n"
928	"ADDLS PC, PC, R0,LSL#2\n"
929	"B loc_FF87AF28\n"
930
931	"loc_FF87ACB4:\n"
932	"B loc_FF87AD0C\n"
933
934	"loc_FF87ACB8:\n"
935	"B loc_FF87AD34\n"
936
937	"loc_FF87ACBC:\n"
938	"B loc_FF87AD78\n"
939
940	"loc_FF87ACC0:\n"
941	"B loc_FF87ADEC\n"
942
943	"loc_FF87ACC4:\n"
944	"B loc_FF87ADFC\n"
945
946	"loc_FF87ACC8:\n"
947	"B loc_FF87AE08\n"
948
949	"loc_FF87ACCC:\n"
950	"B loc_FF87AE78\n"
951
952	"loc_FF87ACD0:\n"
953	"B loc_FF87AE88\n"
954
955	"loc_FF87ACD4:\n"
956	"B loc_FF87AD1C\n"
957
958	"loc_FF87ACD8:\n"
959	"B loc_FF87AD28\n"
960
961	"loc_FF87ACDC:\n"
962	"B loc_FF87AE88\n"
963
964	"loc_FF87ACE0:\n"
965	"B loc_FF87AD6C\n"
966
967	"loc_FF87ACE4:\n"
968	"B loc_FF87AF28\n"
969
970	"loc_FF87ACE8:\n"
971	"B loc_FF87AF28\n"
972
973	"loc_FF87ACEC:\n"
974	"B loc_FF87AD84\n"
975
976	"loc_FF87ACF0:\n"
977	"B loc_FF87AD90\n"
978
979	"loc_FF87ACF4:\n"
980	"B loc_FF87ADC4\n"
981
982	"loc_FF87ACF8:\n"
983	"B loc_FF87AD40\n"
984
985	"loc_FF87ACFC:\n"
986	"B loc_FF87AF10\n"
987
988	"loc_FF87AD00:\n"
989	"B loc_FF87AE94\n"
990
991	"loc_FF87AD04:\n"
992	"B loc_FF87AEC4\n"
993
994	"loc_FF87AD08:\n"
995	"B loc_FF87AEC4\n"
996
997	"loc_FF87AD0C:\n"
998	"MOV R1, R8\n"
999	"MOV R0, R4\n"
1000	"LDMFD SP!, {R4-R8,LR}\n"
1001	//"B sub_FF87A340\n"
1002	"B sub_FF87A340_my\n" // +----> Hook for SDHC booting
1003
1004	"loc_FF87AD1C:\n"
1005	"MOV R0, R4\n"
1006	"LDMFD SP!, {R4-R8,LR}\n"
1007	"B sub_FF87B658\n"
1008
1009	"loc_FF87AD28:\n"
1010	"MOV R0, R4\n"
1011	"LDMFD SP!, {R4-R8,LR}\n"
1012	"B sub_FF87A80C\n"
1013
1014	"loc_FF87AD34:\n"
1015	"MOV R0, R4\n"
1016	"LDMFD SP!, {R4-R8,LR}\n"
1017	"B sub_FF879F08\n"
1018
1019	"loc_FF87AD40:\n"
1020	"SUB R12, R4, #0x1000\n"
1021	"SUBS R12, R12, #0xA5\n"
1022	"STREQ R7, [R5,#0x84]\n"
1023	"BEQ loc_FF87AF20\n"
1024	"SUB R12, R4, #0x3000\n"
1025	"SUBS R12, R12, #6\n"
1026	"BNE loc_FF87AF28\n"
1027	"MOV R0, #0\n"
1028	"BL sub_FF82DCE4\n"
1029	"BL sub_FF87B57C\n"
1030	"B loc_FF87AF20\n"
1031
1032	"loc_FF87AD6C:\n"
1033	"MOV R0, R4\n"
1034	"LDMFD SP!, {R4-R8,LR}\n"
1035	"B sub_FF87B5B8\n"
1036
1037	"loc_FF87AD78:\n"
1038	"MOV R0, R4\n"
1039	"LDMFD SP!, {R4-R8,LR}\n"
1040	"B sub_FF87A104\n"
1041
1042	"loc_FF87AD84:\n"
1043	"MOV R0, R4\n"
1044	"LDMFD SP!, {R4-R8,LR}\n"
1045	"B sub_FF87A9B8\n"
1046
1047	"loc_FF87AD90:\n"
1048	"SUB R12, R4, #0x3200\n"
1049	"SUBS R12, R12, #2\n"
1050	"BNE loc_FF87AF28\n"
1051	"MOV R0, #3\n"
1052	"BL sub_FF87980C\n"
1053	"MOV R0, #8\n"
1054	"BL sub_FF82DC50\n"
1055	"MOV R0, #6\n"
1056	"BL sub_FF84239C\n"
1057	"BL sub_FF87D148\n"
1058	"BL sub_FF87CFA4\n"
1059	"BL sub_FF87C380\n"
1060	"B loc_FF87AF20\n"
1061
1062	"loc_FF87ADC4:\n"
1063	"SUB R12, R4, #0x3300\n"
1064	"SUBS R12, R12, #1\n"
1065	"BNE loc_FF87AF28\n"
1066	"LDR R0, =0x4010\n"
1067	"BL sub_FF82DC50\n"
1068	"BL sub_FF89EF88\n"
1069	"BL sub_FF87C380\n"
1070	"MOV R0, #4\n"
1071	"BL sub_FF87980C\n"
1072	"B loc_FF87AF20\n"
1073
1074	"loc_FF87ADEC:\n"
1075	"MOV R1, R8\n"
1076	"MOV R0, R4\n"
1077	"LDMFD SP!, {R4-R8,LR}\n"
1078	"B sub_FF87AB20\n"
1079
1080	"loc_FF87ADFC:\n"
1081	"MOV R0, R4\n"
1082	"LDMFD SP!, {R4-R8,LR}\n"
1083	"B sub_FF87B788\n"
1084
1085	"loc_FF87AE08:\n"
1086	"LDR R8, =0x1182\n"
1087	"CMP R4, R8\n"
1088	"STREQ R7, [R5,#0xB0]\n"
1089	"BEQ loc_FF87AF20\n"
1090	"SUB R12, R4, #0x1100\n"
1091	"SUBS R12, R12, #0x86\n"
1092	"BEQ loc_FF87AE60\n"
1093	"SUB R12, R4, #0x3200\n"
1094	"SUBS R12, R12, #0x16\n"
1095	"BNE loc_FF87AF28\n"
1096	"MOV R0, #8\n"
1097	"BL sub_FF82DC50\n"
1098	"MOV R0, #3\n"
1099	"BL sub_FF87980C\n"
1100	"STR R6, [R5,#0xB4]\n"
1101	"LDR R0, [R5,#0xB0]\n"
1102	"CMP R0, #0\n"
1103	"MOVNE R1, #0\n"
1104	"MOVNE R0, R8\n"
1105	"STRNE R6, [R5,#0xB0]\n"
1106	"BLNE sub_FF87AB20\n"
1107	"B loc_FF87AF20\n"
1108
1109	"loc_FF87AE60:\n"
1110	"LDR R0, [R5,#0xB4]\n"
1111	"CMP R0, #0\n"
1112	"BNE loc_FF87AF20\n"
1113	"BL sub_FF89C658\n"
1114	"STR R7, [R5,#0xB4]\n"
1115	"B loc_FF87AF20\n"
1116
1117	"loc_FF87AE78:\n"
1118	"MOV R1, R8\n"
1119	"MOV R0, R4\n"
1120	"LDMFD SP!, {R4-R8,LR}\n"
1121	"B sub_FF87B868\n"
1122
1123	"loc_FF87AE88:\n"
1124	"MOV R0, R4\n"
1125	"LDMFD SP!, {R4-R8,LR}\n"
1126	"B sub_FF87A704\n"
1127
1128	"loc_FF87AE94:\n"
1129	"LDR R12, =0x10B0\n"
1130	"CMP R4, R12\n"
1131	"BEQ loc_FF87AEC0\n"
1132	"BGT loc_FF87AECC\n"
1133	"CMP R4, #4\n"
1134	"BEQ loc_FF87AEF4\n"
1135	"SUB R12, R4, #0x1000\n"
1136	"SUBS R12, R12, #0xAA\n"
1137	"SUBNE R12, R4, #0x1000\n"
1138	"SUBNES R12, R12, #0xAE\n"
1139	"BNE loc_FF87AF28\n"
1140
1141	"loc_FF87AEC0:\n"
1142	"BL sub_FF879508\n"
1143
1144	"loc_FF87AEC4:\n"
1145	"MOV R0, R6\n"
1146	"LDMFD SP!, {R4-R8,PC}\n"
1147
1148	"loc_FF87AECC:\n"
1149	"SUB R12, R4, #0x2000\n"
1150	"SUBS R12, R12, #4\n"
1151	"BEQ loc_FF87AF08\n"
1152	"SUB R12, R4, #0x5000\n"
1153	"SUBS R12, R12, #1\n"
1154	"SUBNE R12, R4, #0x5000\n"
1155	"SUBNES R12, R12, #6\n"
1156	"BNE loc_FF87AF28\n"
1157	"BL sub_FF879EA8\n"
1158	"B loc_FF87AF20\n"
1159
1160	"loc_FF87AEF4:\n"
1161	"LDR R0, [R5,#0x2C]\n"
1162	"CMP R0, #0\n"
1163	"BNE loc_FF87AF08\n"
1164	"BL sub_FF826C50\n"
1165	"B loc_FF87AF20\n"
1166
1167	"loc_FF87AF08:\n"
1168	"BL sub_FF879540\n"
1169	"B loc_FF87AF20\n"
1170
1171	"loc_FF87AF10:\n"
1172	"SUB R12, R4, #0x3000\n"
1173	"SUBS R12, R12, #0x130\n"
1174	"BNE loc_FF87AF28\n"
1175	"BL sub_FF8795E0\n"
1176
1177	"loc_FF87AF20:\n"
1178	"MOV R0, #0\n"
1179	"LDMFD SP!, {R4-R8,PC}\n"
1180
1181	"loc_FF87AF28:\n"
1182	"MOV R0, #1\n"
1183	"LDMFD SP!, {R4-R8,PC}\n"
1184	);
1185	}
1186
1187	void __attribute__((naked,noinline)) sub_FF87A340_my() {
1188	asm volatile (
1189	"STMFD SP!, {R4-R8,LR}\n"
1190	"LDR R7, =0x8002\n"
1191	"LDR R4, =0x62AC\n"
1192	"CMP R0, #3\n"
1193	"MOV R6, R1\n"
1194	"MOV R5, #1\n"
1195	"BEQ loc_FF87A4B4\n"
1196	"BGT loc_FF87A37C\n"
1197	"CMP R0, #0\n"
1198	"BEQ loc_FF87A3C0\n"
1199	"CMP R0, #1\n"
1200	"BEQ loc_FF87A444\n"
1201	"CMP R0, #2\n"
1202	"BNE loc_FF87A53C\n"
1203	"B loc_FF87A394\n"
1204
1205	"loc_FF87A37C:\n"
1206	"CMP R0, #6\n"
1207	"STREQ R5, [R4,#0x28]\n"
1208	"BEQ loc_FF87A4AC\n"
1209	"SUB R12, R0, #0x2000\n"
1210	"SUBS R12, R12, #4\n"
1211	"BNE loc_FF87A53C\n"
1212
1213	"loc_FF87A394:\n"
1214	"SUB R12, R6, #0x1100\n"
1215	"SUBS R12, R12, #0x62\n"
1216	"BNE loc_FF87A3B0\n"
1217	"MOV R1, R7\n"
1218	"MOV R0, #0\n"
1219	"BL sub_FF87E1BC\n"
1220	"STR R5, [R4,#0x60]\n"
1221
1222	"loc_FF87A3B0:\n"
1223	"BL sub_FF87D148\n"
1224	"BL sub_FF87CFA4\n"
1225	"BL sub_FF879E48\n"
1226	"B loc_FF87A534\n"
1227
1228	"loc_FF87A3C0:\n"
1229	"MOV R0, #7\n"
1230	"BL sub_FF87980C\n"
1231	"MOV R0, R7\n"
1232	"BL sub_FF82DC50\n"
1233	"BL sub_FF87BFB4\n"
1234	"BL sub_FF87CE1C\n"
1235	"MOV R1, R7\n"
1236	"MOV R0, #0\n"
1237	"BL sub_FF87E1BC\n"
1238	//"ADR R1, aAcBootrec\n" // \"AC:BootRec\"
1239	"LDR R1, =0xFF87A574\n" // \"AC:BootRec\"
1240	"MOV R0, #0x20\n"
1241	"STR R6, [R4,#0x18]\n"
1242	"BL sub_FF872A58\n"
1243	//"ADR R1, aAcInitlens\n" // \"AC:InitLens\"
1244	"LDR R1, =0xFF87A580\n" // \"AC:InitLens\"
1245	"MOV R0, #0x20\n"
1246	"BL sub_FF872A58\n"
1247	"STR R5, [R4,#0x28]\n"
1248	"BL sub_FF82DDF8\n"
1249	"BL sub_FF82DD3C\n"
1250	"LDR R0, [R4,#0x1C]\n"
1251	"LDR R1, [R4,#0x20]\n"
1252	"ORRS R0, R0, R1\n"
1253	"BLNE sub_FF87B0E4\n"
1254	"LDR R0, [R4,#0x68]\n"
1255	"CMP R0, #0\n"
1256	"BNE loc_FF87A430\n"
1257	"BL sub_FF82DE68\n"
1258	"B loc_FF87A438\n"
1259
1260	"loc_FF87A430:\n"
1261	"BL sub_FF8269E8\n"
1262	"BL sub_FF82E700\n"
1263
1264	"loc_FF87A438:\n"
1265	//"BL sub_FF87BF78\n"
1266	"BL sub_FF87BF78_my\n" // +----> Hook for SDHC booting
1267	"BL sub_FF87BFF0\n"
1268	"B loc_FF87A534\n"
1269
1270	"loc_FF87A444:\n"
1271	"MOV R0, #8\n"
1272	"BL sub_FF87980C\n"
1273	"BL sub_FF87BFB4\n"
1274	"BL sub_FF87CE1C\n"
1275	"LDR R5, =0x4004\n"
1276	"MOV R0, #0\n"
1277	"MOV R1, R5\n"
1278	"BL sub_FF87E1BC\n"
1279	//"ADR R1, aAcBootpb\n" // \"AC:BootPB\"
1280	"LDR R1, =0xFF87A590\n" // \"AC:BootPB\"
1281	"MOV R0, #0x20\n"
1282	"BL sub_FF872A58\n"
1283	//"BL sub_FF87BF78\n"
1284	"BL sub_FF87BF78_my\n" // +----> Hook for SDHC booting
1285	"BL sub_FF87C08C\n"
1286	"BL sub_FF82E690\n"
1287	"MOV R0, R5\n"
1288	"BL sub_FF82DC50\n"
1289	"LDR R0, [R4,#0x68]\n"
1290	"CMP R0, #0\n"
1291	"BNE loc_FF87A498\n"
1292	"BL sub_FF82DE68\n"
1293	"B loc_FF87A49C\n"
1294
1295	"loc_FF87A498:\n"
1296	"BL sub_FF8269E8\n"
1297
1298	"loc_FF87A49C:\n"
1299	"BL sub_FF87C020\n"
1300	"LDR R0, [R4,#0x30]\n"
1301	"CMP R0, #0\n"
1302	"BEQ loc_FF87A534\n"
1303
1304	"loc_FF87A4AC:\n"
1305	"BL sub_FF87B108\n"
1306	"B loc_FF87A534\n"
1307
1308	"loc_FF87A4B4:\n"
1309	"MOV R1, R6\n"
1310	"MOV R0, #0\n"
1311	"BL sub_FF87E1BC\n"
1312	//"ADR R1, aAcBootclock\n" // \"AC:BootClock\"
1313	"LDR R1, =0xFF87A59C\n" // \"AC:BootClock\"
1314	"MOV R0, #0x20\n"
1315	"BL sub_FF872A58\n"
1316	"STR R5, [R4,#0x68]\n"
1317	"BL sub_FF87C08C\n"
1318	"BL sub_FF82E690\n"
1319	"BL sub_FF87B0B4\n"
1320	"BL sub_FF82E764\n"
1321	"CMP R0, #0\n"
1322	"LDRNE R0, =0x8045\n"
1323	"MOVNE R1, #0\n"
1324	"BLNE sub_FF8789D4\n"
1325	"BL sub_FF87DFD0\n"
1326	"MOV R0, #0x80\n"
1327	"BL sub_FF82DC50\n"
1328	"BL sub_FF87D2D8\n"
1329	"BL sub_FF8B0EB4\n"
1330	"BL sub_FF973218\n"
1331	"BL sub_FF8AF708\n"
1332	"BL sub_FF87C9E4\n"
1333	"BL sub_FF87D180\n"
1334	"MOV R0, #9\n"
1335	"BL sub_FF87980C\n"
1336	"LDR R0, =0x300E\n"
1337	"MOV R1, R6\n"
1338	"BL sub_FF876100\n"
1339	"MOV R1, #0\n"
1340	"MOV R0, #1\n"
1341	"BL sub_FF87E1BC\n"
1342
1343	"loc_FF87A534:\n"
1344	"MOV R0, #0\n"
1345	"LDMFD SP!, {R4-R8,PC}\n"
1346
1347	"loc_FF87A53C:\n"
1348	"MOV R0, #1\n"
1349	"LDMFD SP!, {R4-R8,PC}\n"
1350	);
1351	}
1352
1353	void __attribute__((naked,noinline)) sub_FF87BF78_my() {
1354	asm volatile (
1355
1356	"LDR R0, =0x6380\n"
1357	"STMFD SP!, {R3,LR}\n"
1358	"LDR R1, [R0,#0x10]\n"
1359	"CMP R1, #1\n"
1360	"BEQ locret_FF87BFB0\n"
1361	"MOV R1, #1\n"
1362	"STR R1, [R0,#0x10]\n"
1363	"MOV R3, #0\n"
1364	"STR R3, [SP,#8-8]\n"
1365	//"LDR R3, =sub_FF87BF28\n"
1366	"LDR R3, =sub_FF87BF28_my\n" // +----> Hook for SDHC booting
1367	"MOV R1, #0x19\n"
1368	//"LDR R0, =aInitfilemodule\n" // \"InitFileModules\"
1369	"LDR R0, =0xFF87C0F8\n"
1370	"MOV R2, #0x1000\n"
1371	"BL sub_FF81B8FC\n"
1372
1373	"locret_FF87BFB0:\n"
1374	"LDMFD SP!, {R12,PC}\n"
1375	);
1376	}
1377
1378	void __attribute__((naked,noinline)) sub_FF87BF28_my() {
1379	asm volatile (
1380	"STMFD SP!, {R4-R6,LR}\n"
1381	"BL sub_FF874FB0\n"
1382	"LDR R5, =0x5006\n"
1383	"MOVS R4, R0\n"
1384	"MOVNE R1, #0\n"
1385	"MOVNE R0, R5\n"
1386	"BLNE sub_FF876100\n"
1387	//"BL sub_FF874FDC\n"
1388	"BL sub_FF874FDC_my\n" // +----> Hook for SDHC booting
1389
1390	"BL core_spytask_can_start\n" // +----> CHDK: Set "it's-safe-to-start"-Flag for spytask
1391
1392	"CMP R4, #0\n"
1393	"MOVEQ R0, R5\n"
1394	"LDMEQFD SP!, {R4-R6,LR}\n"
1395	"MOVEQ R1, #0\n"
1396	"BEQ sub_FF876100\n"
1397	"LDMFD SP!, {R4-R6,PC}\n"
1398	);
1399	}
1400
1401	void __attribute__((naked,noinline)) sub_FF874FDC_my() {
1402	asm volatile (
1403	"STMFD SP!, {R4,LR}\n"
1404	//"BL sub_FF856910\n"
1405	"BL sub_FF856910_my\n" // +----> Hook for SDHC booting
1406	"LDR R4, =0x5C88\n"
1407	"LDR R0, [R4,#4]\n"
1408	"CMP R0, #0\n"
1409	"BNE loc_FF87500C\n"
1410	"BL sub_FF888178\n"
1411	"BL sub_FF9274EC\n"
1412	"BL sub_FF888178\n"
1413	"BL sub_FF933CC0\n"
1414	"BL sub_FF888188\n"
1415	"BL sub_FF927594\n"
1416
1417	"loc_FF87500C:\n"
1418	"MOV R0, #1\n"
1419	"STR R0, [R4]\n"
1420	"LDMFD SP!, {R4,PC}\n"
1421	);
1422	}
1423
1424	void __attribute__((naked,noinline)) sub_FF856910_my() {
1425	asm volatile (
1426	"STMFD SP!, {R4-R6,LR}\n"
1427	"MOV R6, #0\n"
1428	"MOV R0, R6\n"
1429	"BL sub_FF8564E0\n"
1430	"LDR R4, =0x131E4\n"
1431	"MOV R5, #0\n"
1432	"LDR R0, [R4,#0x38]\n"
1433	"BL sub_FF856EA8\n"
1434	"CMP R0, #0\n"
1435	"LDREQ R0, =0x2EB4\n"
1436	"STREQ R5, [R0,#0xC]\n"
1437	"STREQ R5, [R0,#0x10]\n"
1438	"STREQ R5, [R0,#0x14]\n"
1439	"MOV R0, R6\n"
1440	"BL sub_FF856520\n"
1441	"MOV R0, R6\n"
1442	//"BL sub_FF85674C\n"
1443	"BL sub_FF85674C_my\n" // +----> Hook for SDHC booting
1444	"MOV R5, R0\n"
1445	"MOV R0, R6\n"
1446	"BL sub_FF8567B8\n"
1447	"LDR R1, [R4,#0x3C]\n"
1448	"AND R2, R5, R0\n"
1449	"CMP R1, #0\n"
1450	"MOV R0, #0\n"
1451	"MOVEQ R0, #0x80000001\n"
1452	"BEQ loc_FF8569A4\n"
1453	"LDR R3, [R4,#0x2C]\n"
1454	"CMP R3, #2\n"
1455	"MOVEQ R0, #4\n"
1456	"CMP R1, #5\n"
1457	"ORRNE R0, R0, #1\n"
1458	"BICEQ R0, R0, #1\n"
1459	"CMP R2, #0\n"
1460	"BICEQ R0, R0, #2\n"
1461	"ORREQ R0, R0, #0x80000000\n"
1462	"BICNE R0, R0, #0x80000000\n"
1463	"ORRNE R0, R0, #2\n"
1464
1465	"loc_FF8569A4:\n"
1466	"STR R0, [R4,#0x40]\n"
1467	"LDMFD SP!, {R4-R6,PC}\n"
1468	);
1469	}
1470
1471	void __attribute__((naked,noinline)) sub_FF85674C_my() {
1472	asm volatile (
1473	"STMFD SP!, {R4-R6,LR}\n"
1474	"LDR R5, =0x2EB4\n"
1475	"MOV R6, R0\n"
1476	"LDR R0, [R5,#0x10]\n"
1477	"CMP R0, #0\n"
1478	"MOVNE R0, #1\n"
1479	"LDMNEFD SP!, {R4-R6,PC}\n"
1480	"MOV R0, #0x17\n"
1481	"MUL R1, R0, R6\n"
1482	"LDR R0, =0x131E4\n"
1483	"ADD R4, R0, R1,LSL#2\n"
1484	"LDR R0, [R4,#0x38]\n"
1485	"MOV R1, R6\n"
1486	//"BL sub_FF8565E4\n"
1487	"BL sub_FF8565E4_my\n" // +----> Hook for SDHC booting
1488	"CMP R0, #0\n"
1489	"LDMEQFD SP!, {R4-R6,PC}\n"
1490	"LDR R0, [R4,#0x38]\n"
1491	"MOV R1, R6\n"
1492	"BL sub_FF856FC0\n"
1493	"CMP R0, #0\n"
1494	"LDMEQFD SP!, {R4-R6,PC}\n"
1495	"MOV R0, R6\n"
1496	"BL sub_FF856100\n"
1497	"CMP R0, #0\n"
1498	"MOVNE R1, #1\n"
1499	"STRNE R1, [R5,#0x10]\n"
1500	"LDMFD SP!, {R4-R6,PC}\n"
1501	);
1502	}
1503
1504	void __attribute__((naked,noinline)) sub_FF8565E4_my() {
1505	asm volatile (
1506	"STMFD SP!, {R4-R8,LR}\n"
1507	"MOV R8, R0\n"
1508	"MOV R0, #0x17\n"
1509	"MUL R1, R0, R1\n"
1510	"LDR R0, =0x131E4\n"
1511	"MOV R6, #0\n"
1512	"ADD R7, R0, R1,LSL#2\n"
1513	"LDR R0, [R7,#0x3C]\n"
1514	"MOV R5, #0\n"
1515	"CMP R0, #6\n"
1516	"ADDLS PC, PC, R0,LSL#2\n"
1517	"B loc_FF856730\n"
1518
1519	"loc_FF856614:\n"
1520	"B loc_FF856648\n"
1521
1522	"loc_FF856618:\n"
1523	"B loc_FF856630\n"
1524
1525	"loc_FF85661C:\n"
1526	"B loc_FF856630\n"
1527
1528	"loc_FF856620:\n"
1529	"B loc_FF856630\n"
1530
1531	"loc_FF856624:\n"
1532	"B loc_FF856630\n"
1533
1534	"loc_FF856628:\n"
1535	"B loc_FF856728\n"
1536
1537	"loc_FF85662C:\n"
1538	"B loc_FF856630\n"
1539
1540	"loc_FF856630:\n"
1541	"MOV R2, #0\n"
1542	"MOV R1, #0x200\n"
1543	"MOV R0, #3\n"
1544	"BL sub_FF8716C4\n"
1545	"MOVS R4, R0\n"
1546	"BNE loc_FF856650\n"
1547
1548	"loc_FF856648:\n"
1549	"MOV R0, #0\n"
1550	"LDMFD SP!, {R4-R8,PC}\n"
1551
1552	"loc_FF856650:\n"
1553	"LDR R12, [R7,#0x4C]\n"
1554	"MOV R3, R4\n"
1555	"MOV R2, #1\n"
1556	"MOV R1, #0\n"
1557	"MOV R0, R8\n"
1558	//"BLX R12\n" // WORKSFORME, configure gcc WITHOUT --with-cpu=arm9
1559	"MOV LR, PC\n" // 2-op workaround for 'normal' compiler
1560	"MOV PC, R12\n" // Does the same thing, effectively, because PC is always 8 bytes ahead.
1561	"CMP R0, #1\n"
1562	"BNE loc_FF85667C\n"
1563	"MOV R0, #3\n"
1564	"BL sub_FF871544\n"
1565	"B loc_FF856648\n"
1566
1567	///////
1568	// Offsets are fixed from here on, everything +0x10 for the second entry
1569	///////
1570
1571	"loc_FF85667C:\n"
1572	"MOV R0, R8\n"
1573	"BL sub_FF94450C\n"
1574
1575	// Start of DataGhost's FAT32 autodetection code
1576	// Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
1577	// According to the code below, we can use R1, R2, R3 and R12.
1578	// LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
1579	// that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
1580	"MOV R12, R4\n" // Copy the MBR start address so we have something to work with
1581	"MOV LR, R4\n" // Save old offset for MBR signature
1582	"MOV R1, #1\n" // Note the current partition number
1583	"B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
1584	"dg_sd_fat32:\n"
1585	"CMP R1, #4\n" // Did we already see the 4th partition?
1586	"BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
1587	"ADD R12, R12, #0x10\n" // Second partition
1588	"ADD R1, R1, #1\n" // Second partition for the loop
1589	"dg_sd_fat32_enter:\n"
1590	"LDRB R2, [R12, #0x1BE]\n" // Partition status
1591	"LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
1592	"CMP R3, #0xB\n" // Is this a FAT32 partition?
1593	"CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
1594	"BNE dg_sd_fat32\n" // No, it isn't. Loop again.
1595	"CMP R2, #0x00\n" // It is, check the validity of the partition type
1596	"CMPNE R2, #0x80\n"
1597	"BNE dg_sd_fat32\n" // Invalid, go to next partition
1598	// This partition is valid, it's the first one, bingo!
1599	"MOV R4, R12\n" // Move the new MBR offset for the partition detection.
1600
1601	"dg_sd_fat32_end:\n"
1602	// End of DataGhost's FAT32 autodetection code
1603
1604	"LDRB R1, [R4,#0x1C9]\n" // 4th byte of LBA
1605	"LDRB R3, [R4,#0x1C8]\n" // 3rd byte of LBA
1606	"LDRB R12, [R4,#0x1CC]\n" // 3rd byte of partition length
1607	"MOV R1, R1,LSL#24\n" // Shift and...
1608	"ORR R1, R1, R3,LSL#16\n" // combine LBA bytes (endianness fix)
1609	"LDRB R3, [R4,#0x1C7]\n" // 2nd byte of LBA
1610	"LDRB R2, [R4,#0x1BE]\n" // Partition status (0x00=nonboot, 0x80=boot, other=bad)
1611	// "LDRB LR, [R4,#0x1FF]\n" // Last MBR signature byte (0xAA)
1612	"ORR R1, R1, R3,LSL#8\n" // Combine more LBA bytes
1613	"LDRB R3, [R4,#0x1C6]\n" // 1st byte of LBA
1614	"CMP R2, #0\n" // Check partition status
1615	"CMPNE R2, #0x80\n" // and again
1616	"ORR R1, R1, R3\n" // Combine LBA into final value
1617	"LDRB R3, [R4,#0x1CD]\n" // 4th byte of partition length
1618	"MOV R3, R3,LSL#24\n" // Shift and...
1619	"ORR R3, R3, R12,LSL#16\n" // combine partition length bytes
1620	"LDRB R12, [R4,#0x1CB]\n" // 2nd byte of partition length
1621	"ORR R3, R3, R12,LSL#8\n" // Combine partition length bytes
1622	"LDRB R12, [R4,#0x1CA]\n" // 1st byte of partition length
1623	"ORR R3, R3, R12\n" // Combine partition length bytes into final value
1624	// "LDRB R12, [R4,#0x1FE]\n" // First MBR signature byte (0x55)
1625	"LDRB R12, [LR,#0x1FE]\n" // + First MBR signature byte (0x55), LR is original offset.
1626	"LDRB LR, [LR,#0x1FF]\n" // + Last MBR signature byte (0xAA), LR is original offset.
1627	"MOV R4, #0\n" // This value previously held a pointer to the partition table :(
1628	"BNE loc_FF856704\n" // Jump out if the partition is malformed (partition status \'other\')
1629	"CMP R0, R1\n"
1630	"BCC loc_FF856704\n" // Jump out if R0 < R1 (probably checking for a valid LBA addr)
1631	"ADD R2, R1, R3\n" // R2 = partition start address + length = partition end address
1632	"CMP R2, R0\n" // Guess: CMPLS is used to check for an overflow, the partition end address cannot be negative.
1633	"CMPLS R12, #0x55\n" // Check MBR signature with original offset
1634	"CMPEQ LR, #0xAA\n" // Check MBR signature with original offset
1635	"MOVEQ R6, R1\n"
1636	"MOVEQ R5, R3\n"
1637	"MOVEQ R4, #1\n"
1638
1639	"loc_FF856704:\n"
1640	"MOV R0, #3\n"
1641	"BL sub_FF871544\n"
1642	"CMP R4, #0\n"
1643	"BNE loc_FF85673C\n"
1644	"MOV R6, #0\n"
1645	"MOV R0, R8\n"
1646	"BL sub_FF94450C\n"
1647	"MOV R5, R0\n"
1648	"B loc_FF85673C\n"
1649
1650	"loc_FF856728:\n"
1651	"MOV R5, #0x40\n"
1652	"B loc_FF85673C\n"
1653
1654	"loc_FF856730:\n"
1655	"LDR R1, =0x365\n"
1656	//"ADR R0, aMounter_c\n" // \"Mounter.c\"
1657	"LDR R0, =0xFF8565D8\n"
1658	//"BL Assert\n"
1659	"BL sub_FF81BCCC\n"
1660
1661	"loc_FF85673C:\n"
1662	"STR R6, [R7,#0x44]!\n"
1663	"MOV R0, #1\n"
1664	"STR R5, [R7,#4]\n"
1665	"LDMFD SP!, {R4-R8,PC}\n"
1666	);
1667	}
1668
1669	////////////////////////////////////////////////////////////////////////////////
1670	// SDHC HOOK ENDS HERE
1671	////////////////////////////////////////////////////////////////////////////////
1672
1673
1674	// I could not manually find this function in the S5IS firmware, possibly signatures
1675	// might find it. Until that moment, I hooked it here (copied from another camera)
1676	unsigned long __attribute__((naked,noinline)) _time(unsigned long *timer) {
1677	asm volatile (
1678	"STMFD SP!, {R3-R5,LR}\n"
1679	"MOV R4, R0\n"
1680	"MVN R0, #0\n"
1681	"STR R0, [SP,#0x10-0x10]\n"
1682	"MOV R0, SP\n"
1683	"BL sub_FF870BB8\n" // _GetTimeOfSystem\n"
1684	"CMP R0, #0\n"
1685	"BNE loc_FFC55F38\n"
1686	"CMP R4, #0\n"
1687	"LDRNE R0, [SP,#0x10-0x10]\n"
1688	"STRNE R0, [R4]\n"
1689
1690	"loc_FFC55F38:\n"
1691	"LDR R0, [SP,#0x10-0x10]\n"
1692	"LDMFD SP!, {R3-R5,PC}\n"
1693	);
1694	}
1695
1696
1697
1698	void CreateTask_blinker() {
1699	_CreateTask("Blinker", 0x1, 0x200, task_blinker, 0);
1700	};
1701
1702
1703	void __attribute__((naked,noinline)) task_blinker() {
1704	int ledstate;
1705
1706	int counter = 0;
1707
1708	long led = (void) 0xC02200E0; // AF led
1709
1710	long *anypointer; // multi-purpose pointer to poke around in memory
1711	long v1, v2, v3, v4; // multi-purpose vars
1712
1713	ledstate = 0; // init: led off
1714	*led = 0x46; // led on
1715
1716	while (1) {
1717	counter++;
1718
1719	if (ledstate == 1) { // toggle LED
1720	ledstate = 0;
1721	*led = 0x44; // LED off
1722	//core_test(1);
1723	} else {
1724	ledstate = 1;
1725	*led = 0x46; // LED on
1726	//core_test(0);
1727	}
1728
1729	if (counter == 2) {
1730	//dump_chdk();
1731	//gui_init();
1732	//_ExecuteEventProcedure("UIFS_WriteFirmInfoToFile");
1733	//_UIFS_WriteFirmInfoToFile(0);
1734	}
1735
1736	if (counter == 10) {
1737	//draw_txt_string(2, 2, "test");
1738	}
1739
1740	msleep(500);
1741	}
1742	};
1743
1744
1745	void CreateTask_spytask() {
1746	_CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
1747	};
1748
1749
1750	void CreateTask_PhySw() {
1751	_CreateTask("PhySw", 0x17, 0x800, mykbd_task, 0);
1752	};
1753
1754
1755	//extern long _Fopen_Fut(const char filename, const char mode);
1756	//extern void _Fclose_Fut(long file);
1757	//extern long _Fwrite_Fut(const void *buf, long elsize, long count, long f);
1758	//extern long Fread_Fut(void *buf, long elsize, long count, long f);
1759	//extern long Fseek_Fut(long file, long offset, long whence);
1760	//extern long _qDump(char* filename, long unused, long write_p2, long write_p3);
1761	void dump_chdk() { //#fs
1762	int fd;
1763	long dirnum;
1764
1765	volatile long led = (void) 0xC02200D0; // yellow led
1766
1767	*led = 0x46; //on
1768
1769	// _qDump("A/qdump", 0, (void*) 0x01900, 0xb0000);
1770	//_qDump("A/firmdump", 0, (void*) 0xffc00000, 0x00400000);
1771	//_qDump("A/firmlower", 0, (void*) 0xff800000, 0x00400000); // identical to 0xfc000000
1772
1773	//started();
1774
1775	//dirnum = get_target_dir_num();
1776	//sprintf(fn, FN_RAWDIR, dirnum);
1777	//mkdir(fn);
1778
1779	//sprintf(fn, FN_RAWDIR "/" "DMP_%04d.JPG", dirnum, ++ramdump_num);
1780
1781	//fd = _Fopen_Fut("A/dump", "w");
1782	//if (fd >= 0) {
1783	//write(fd, (void*)0, 0x1900);
1784	//write(fd, (void)0x1900, 321024*1024-0x1900);
1785	//_Fwrite_Fut((void*)0x9D000, 0x20000, 0x20000, fd);
1786	//_Fclose_Fut(fd);
1787	//}
1788	*led = 0x44; //off
1789	//finished();
1790	} //#fe

Note: See TracBrowser for help on using the repository browser.

Download in other formats: