EDMAC (was Re: CHDK UI version 2.0 ?) - page 3 - General Discussion and Assistance - CHDK Forum
« previous next »
Pages: 1 2 [3] 4   Go Down

EDMAC (was Re: CHDK UI version 2.0 ?)

  • 32 Replies
  • 15180 Views
*

Offline srsa_4c

  • ******
  • 4451
Re: EDMAC (was Re: CHDK UI version 2.0 ?)
« Reply #20 on: 04 / April / 2017, 12:08:10 »
Advertisements
Quote from: 62ndidiot on 04 / April / 2017, 00:55:50
I'm not making much progress for Sx60hs stubs unless I have example signatures to compare to.
You really do need an annotated disassembly of the 101a version of the M3 firmware. When calls to the edmac functions are visible, it's quite easy to identify them by surrounding code, constants, and string references.
Logged
*

Offline 62ndidiot

  • *****
  • 596
Re: EDMAC (was Re: CHDK UI version 2.0 ?)
« Reply #21 on: 04 / April / 2017, 16:33:38 »
Quote
You really do need an annotated disassembly of the 101a version of the M3 firmware
Yes. Exactly!  Is there a disassembler and associated stub finder (hopefully Linux) that can do this?

I did find a listing of stubs on the internet but it's not clear what firmware they're for, and even if I find the firmware, what starting address etc for disassembly.
Logged
*

Offline reyalp

  • ******
  • 14082
Re: EDMAC (was Re: CHDK UI version 2.0 ?)
« Reply #22 on: 04 / April / 2017, 16:56:44 »
Quote from: 62ndidiot on 04 / April / 2017, 16:33:38
Quote
You really do need an annotated disassembly of the 101a version of the M3 firmware
Yes. Exactly!  Is there a disassembler and associated stub finder (hopefully Linux) that can do this?
capdis and finsig_thumb2 work fine

You can make an annotated disassembly using the examples on
http://chdk.wikia.com/wiki/Capdis_Disassembly_Tool#Disassembling_a_full_firmware_dump

If you want functions that aren't found by default to appear in the disassembly, you can add them to stubs_entry_2.S
Logged
Don't forget what the H stands for.
*

Offline 62ndidiot

  • *****
  • 596
Re: EDMAC (was Re: CHDK UI version 2.0 ?)
« Reply #23 on: 04 / April / 2017, 17:43:41 »
Perhaps I misunderstand, but in order to find them for say the m3-101A, I have to already know where the entry points are before adding to stubs entry 2.S I don't think this would find the various Edmac functions that I don't have a signature already in finsig.  That's the problem.  I need them already found in some firmware as srsa_4c says.  And then it's a bit tedious, but, totally doable to find the ten or so addresses by hand. 
« Last Edit: 04 / April / 2017, 18:45:46 by 62ndidiot »
Logged
*

Offline reyalp

  • ******
  • 14082
Re: EDMAC (was Re: CHDK UI version 2.0 ?)
« Reply #24 on: 04 / April / 2017, 23:08:07 »
Quote from: 62ndidiot on 04 / April / 2017, 17:43:41
Perhaps I misunderstand, but in order to find them for say the m3-101A, I have to already know where the entry points are before adding to stubs entry 2.S I don't think this would find the various Edmac functions that I don't have a signature already in finsig.
Maybe I'm the one who misunderstood, I thought that the functions you were looking for had been found in M3 but not your camera.
Logged
Don't forget what the H stands for.
*

Offline 62ndidiot

  • *****
  • 596
Re: EDMAC (was Re: CHDK UI version 2.0 ?)
« Reply #25 on: 04 / April / 2017, 23:17:54 »
Well a few were found for m3 as you can see above in this thread, and using that I could easily find them for my firmware (sx60hs 100f).  But I need several more: mostly various packmemxxxxxxxx functions which are used in Magic lantern lv_rec.c.
I'm wondering how the m3 functions above were found and how to expand on them. 
Logged
*

Offline a1ex

  • *****
  • 671
  • ML dev
Re: EDMAC (was Re: CHDK UI version 2.0 ?)
« Reply #26 on: 05 / April / 2017, 13:07:52 »
You are probably looking for a way to enable raw image data in LiveView, correct?

In this case, I'm not sure lv_rec is the best place to start (as it's quite complex and I don't remember it ever working reliably) - but it did capture the first raw image.

I'd say the first steps are to understand how the current EDMAC transfers are used - besides the current status of EDMAC channels (I remember seeing some screenshots on PowerShots, just not sure where), you can try to log each pointer periodically (as it reads from or writes to the main memory). Something like this:

http://www.magiclantern.fm/forum/index.php?topic=18315.msg176347#msg176347

The graphs were created from logs saved with this code (log_edmac_usage):
https://bitbucket.org/hudson/magic-lantern/src/edmac/modules/edmac/edmac.c

On EOS, the raw stream in LiveView is always available from connection 0. Whether this connection is hardwired to deliver raw image data, or it's just the EOS software configuring the DIGIC that way, I have no idea.

Rather than porting lv_rec, it's probably best to port just the EDMAC_RAW_SLURP backend (which is basically raw_lv_vsync in raw.c and edmac_raw_slurp in edmac-memcpy.c). These two functions simply bring the raw data in a buffer in the main memory, and the raw recording modules just take it from there.

Then, you could look at mlv_lite, since it's a bit simpler.
« Last Edit: 05 / April / 2017, 13:10:15 by a1ex »
Logged
*

Offline 62ndidiot

  • *****
  • 596
Re: EDMAC (was Re: CHDK UI version 2.0 ?)
« Reply #27 on: 06 / April / 2017, 19:33:34 »
Thanks @a1ex.  I'll look at what you suggest in more detail. mlv, as you suggest looks like it would be a very nice addition to CHDK modules. But it may be beyond my capabilities....there's a lot to understand in there.  :blink:

Quote
I'd say the first steps are to understand how the current EDMAC transfers are used - besides the current status of EDMAC channels (I remember seeing some screenshots on PowerShots, just not sure where)

Maybe here, I was playing with @srsa_4c 's version of edmac_info.c.   
Logged
*

Offline a1ex

  • *****
  • 671
  • ML dev
Re: EDMAC (was Re: CHDK UI version 2.0 ?)
« Reply #28 on: 07 / April / 2017, 08:41:08 »
The hardest part is getting the raw stream into the main RAM (two very short functions in raw.c and edmac-memcpy.c).

The rest is high-level code, most likely easy to port (maybe with some wrappers).
Logged
*

Offline 62ndidiot

  • *****
  • 596
Re: EDMAC (was Re: CHDK UI version 2.0 ?)
« Reply #29 on: 16 / September / 2017, 16:36:18 »
 @Ant wrote:
Quote
" I use EOS M3 fw101a. Here you can find some EDMAC functions:
 
I have tried to find corresponding SX60HS/100f addresses, but I think perhaps some functions just are not present.  For example, I see in the M3/100a case, many strings with "safari", these are not present in my disassembly of 100f.

Code: [Select]

                                                       M3 101a SX60 100f offst
EDmacCompleteCBR_0x1E                     FC1538C4
EDmacCompleteCBR_0x02                     FC153938
CaptureSystem.c_02_EDMAC_0x02_0x1E     FC1539AE
EDmacCompleteCBR_0                             FC213866
StartEDmac                                      FC36946A fc32831a 266576
edmac_set_flags_0x7                            FC3694CA fc32837a 266576
edmac_set_addr                                    FC369540 fc3283f0 266576
edmac_set_size                                    FC36956A fc32841a 266576
edmac_set_flags_0x40000000            FC36973E fc3285ee 266576
edmac_set_flags_0x1000                    FC369756
edmac_set_flags_0x800000                    FC36979E
edmac_set_flags_0x400000                FC3697D0
edmac_set_flags_0xC00000                FC369838
edmac_set_flags_0x800000_0        FC369860
edmac_set_flags_0x400000_0        FC36988A
ConnectWriteEDmac                        FC369DB6 fc328c66 266576
ConnectReadEDmac                        FC369DC8 fc328c78 266576
RegisterEDmacCompleteCBR                FC369DFA fc328caa 266576
EDmacCompleteCBR                        FC369FFE fc328e6e 266640
WriteEDmacCompleteCBR_SAFRAW FC5439FC
ReadEDmacCompleteCBR_SAFRAW FC543A1A
ReadEDmacCompleteCBR_SHOOT FC544004
ReadEDmac1LoadMicroCodeCompleteCBR FC57FFE4
ReadEDmac1WRSramCompleteCBR(B)         FC580010
ReadEDmac1WRSramCompleteCBR(A)         FC58003E
WriteEDmacCORCompleteCBR                 FC5800B8
TestReadEDmac1WRSramCompleteCBR FC580BF8
TestWriteEDmacRDSramCompleteCBR FC580D4A
WriteEDmacCompleteCBR                 FC581028
edmac_struct                                 FC6AF930 fc6fc908 -315352
edmac_struct_10C                         FC6AFA3C fc6fca14 -315352
 

Probably with more effort I could find a few more...I don't know.
It sure would be nice to understand how to modify sigfinder. Is there a document on this? Or to create a sigfind util that takes one firmware found signature address, and uses that to find it in the target firmware.

Also
Quote
    I see you have added additional bases...that's useful information for me.

IMO these bases no more needed. Now they use addresses from the structure. See "edmac_struct"
But the edmac_struct is not used in edmac_info.c as yet.
Logged
Pages: 1 2 [3] 4   Go Up
« previous next »
 

Related Topics