New firmware feature guide in the wiki

[fudgey]

Entry points to EnterToCompensationEVF and ExitFromCompensationEVF for some firmwares. Needless to say most haven't been tested.

Code: [Select]

platform sub EnterToC* ExitFromC*
-----------------------------------------
a450 100d ffe8b110 ffe8b194
a540 100b ffd43ac8 ffd43b28
a560 100a ffe90258 ffe902dc
a570 100e ffea4f84 ffea5008
a570 101a ffea4ff8 ffea507c
a610 100e ffd34f38 ffd34f98
a610 100f ffd352c0 ffd35320
a620 100f ffd35c44 ffd35ca4
a630 100c ffd4fd90 ffd5337c
a640 100b ffd5235c ffd55be0
a700 100b ffd4424c ffd442ac
a710 100a ffd58f08 ffd5c524
ixus70_sd1000 100c ffafaa6c ffafaaf0
ixus70_sd1000 101b ffafaae0 ffafaae0
ixus70_sd1000 100c ffafab60 ffafabe4
s3is 100a ff978b78 ff978bd8
s5is 101b ff827fa8 ff82809c
tx1 101b ffb26938 ffb269bc


[PhyrePhoX]

confirmed for a620. thanks! i assume the other adresses also are correct, as you have proven multiple times now that you know your way around in a firmware disass
will cook a patch tonight, along with some other stuff.

[fudgey]

confirmed for a620. thanks! i assume the other adresses also are correct, as you have proven multiple times now that you know your way around in a firmware disass
will cook a patch tonight, along with some other stuff.

There may very well be stupid mistakes in copy-pasting things to that list from the disassemblies, I didn't triple check them. But each one of the addresses I ment to add to the list looked like a proper function.

There's probably no reason why all others couldn't be found as well, I just got plenty bored and tired of it and stopped... btw some disassemblies turned out bad, I guess I have unaligned firmware dumps...? I ran Chr's gpl disassembly script recursively (modified my old disassemble all bash script) using start addresses from makefile.inc ROMBASEADDR and dumps collected from the fw dump thread...

a460 100d, a530 100a, a650 100d, a720 100c, s5is 100a were among the bad ones.

[PhyrePhoX]

yeah, a bunch of these dumps dont have stripped zeros afaik. we will see what people will say. i guess when the adresses are wrong, camera will freeze or shutdown.

[fudgey]

yeah, a bunch of these dumps dont have stripped zeros afaik. we will see what people will say. i guess when the adresses are wrong, camera will freeze or shutdown.

Hmm.. I took a look at the a530 disassembly and it's aligned properly...kind of... it works now and I wrote about it here: http://chdk.setepontos.com/index.php/topic,1918.msg20564.html#msg20564.

[fudgey]

A few more...:

Code: [Select]

platform sub EnterToC* ExitFromC*
-----------------------------------------
a460 100d ffe6b0f8 ffe6b17c
a530 100a ffd33148 ffd331a8
a650 100d ffc17108 ffc17158
a720 100c ffc170a4 ffc170f4
ixus40_sd300 100k ff93e1e0 ff93e220
ixus50_sd400 101a ff959074 ff9590c8
ixus50_sd400 101b ff9590c8 ff95911c
ixus55_sd450 100b ff94c0f8 ff94c158
ixus55_sd450 100c (dump missing)
ixus55_sd450 100d ff94c3ac ff94c40c
g7 100g ff99b204 ff99b244
g7 100i ff99b204 ff99b244
g7 100j ff99b204 ff99b244
s5is 101a ff828070 ff828164
tx1 100g ffb268b8 ffb2693c


[PhyrePhoX]

added in #493

[fudgey]

added in #493

Goodie... Your mom reads assembla changelogs?

[fudgey]

Oh, there was a tiny typo in the first list, 100c was listed twice for ixus70. Apparently you guessed or checked that the latter was supposed to be 102a since your patch seems to be good. But 101b was not in the patch if I'm not mistaken. Just to be sure, here's all of ixus70 again, along with s2is:

Code: [Select]

ixus70_sd1000 100c ffafaa6c ffafaaf0
ixus70_sd1000 101b/101a ffafaae0 ffafab64
ixus70_sd1000 102a ffafab60 ffafabe4

s2is 100e ff968150 ff9681a4
s2is 100f ff968128 ff96817c
s2is 100g/100i ff967eb4 ff967f08

edit: krhm, fixed 101b/101a ExitFrom* address...now it's actually different from EnterTo*

[PhyrePhoX]

included in next version. thx!