void __attribute__((naked,noinline)) sub_FF8111B0_my() { //TODO: Patch code (see SX130 code example below) and add branch to return to firmware // Note code was found manually in IDA (CHDK-PT could not find it) asm volatile ("STR LR, [SP,#var_4]! \n""SUB SP, SP, #0x74 \n""MOV R1, #0x74 \n""MOV R0, SP \n""BL sub_FFB8BA64 \n""MOV R0, #0x57000 \n""STR R0, [SP,#0x78+var_74] \n"//"LDR R0, =0x175CE0 \n"" LDR R0, =new_sa \n" // added -------------->" LDR R0, [R0] \n" // added -------------->"LDR R2, =0x2EDAD0 \n""STR R0, [SP,#0x78+var_70] \n""SUB R0, R2, R0 \n""STR R0, [SP,#0x78+var_6C] \n""MOV R0, #0x22 \n"
I have attached an incomplete boot.c file in case others feel like helping with the patches. I have added "TODO" comments in the sections that have not been patched yet.
I see now you have some copy paste errors. In IDA you have to press the Q key to calculate this values:[SP,#0x78+var_74]
void __attribute__((naked,noinline)) sub_FF8111B0_my() { //TODO: Patch code (see SX130 code example below) and add branch to return to firmware //Note code was found manually in IDA (CHDK-PT could not find it) asm volatile ("STR LR, [SP,#var_4]! \n""SUB SP, SP, #0x74 \n"
I put LED blinking code in taskcreate_Startup_my() but unfortunately the camera never reaches this subroutine. If I put the blinking code in boot() the LED flashes. Can anyone take a quick look at the subroutines before taskcreate_Startup_my() to see if I've made a mistake in the patches?
Also, do I need the "power on (hold pwr button for rec)" patch that is in the sx130 code? Not sure where to apply that either.
//** sub_FF815F2C_my @ 0xFF815F2Cvoid __attribute__((naked,noinline)) sub_FF815F2C_my() { asm volatile (" STMFD SP!, {R4,LR} \n" " BL sub_FF810B28 \n" " BL sub_FF81A384 \n" " CMP R0, #0 \n" " LDRLT R0, =0xFF816040 \n" " BLLT sub_FF816020 \n" " BL sub_FF815B64 \n" " CMP R0, #0 \n" " LDRLT R0, =0xFF816048 \n" " BLLT sub_FF816020 \n" " LDR R0, =0xFF816058 \n" " BL sub_FF815C4C \n" " CMP R0, #0 \n" " LDRLT R0, =0xFF816060 \n" " BLLT sub_FF816020 \n" " LDR R0, =0xFF816058 \n" " BL sub_FF813CA8 \n" " CMP R0, #0 \n" " LDRLT R0, =0xFF816074 \n" " BLLT sub_FF816020 \n" " BL sub_FF819CEC \n" " CMP R0, #0 \n" " LDRLT R0, =0xFF816080 \n" " BLLT sub_FF816020 \n" " BL sub_FF811690 \n" " CMP R0, #0 \n" " LDRLT R0, =0xFF81608C \n" " BLLT sub_FF816020 \n" " LDMFD SP!, {R4,LR} \n" " B sub_FF81FD8C_my\n" //patched );}void __attribute__((naked,noinline)) sub_FF81FD8C_my( ) {asm volatile (" STMFD SP!, {R4,LR} \n" " BL sub_FF8342BC \n" //" BL sub_FF81FDA0 \n" " B taskcreate_Startup_my \n" //patched" MOV R0, #0 \n" " LDMFD SP!, {R4,PC} \n" );}
void taskCreateHook(context_t **context) { task_t *tcb=(task_t*)((char*)context-offsetof(task_t, context)); // Replace firmware task addresses with ours //if(tcb->entry == (void*)task_CaptSeq) tcb->entry = (void*)capt_seq_task; //if(tcb->entry == (void*)task_InitFileModules) tcb->entry = (void*)init_file_modules_task; //if(tcb->entry == (void*)task_RotaryEncoder) tcb->entry = (void*)JogDial_task_my; //if(tcb->entry == (void*)task_MovieRecord) tcb->entry = (void*)movie_record_task; //if(tcb->entry == (void*)task_ExpDrv) tcb->entry = (void*)exp_drv_task;}
Started by pizzicat Firmware Dumping
Started by hiker_jon General Discussion and Assistance
Started by slyth999 General Discussion and Assistance
Started by gtoonstra « 1 2 ... 5 6 » General Discussion and Assistance
Started by rdx1968 General Help and Assistance on using CHDK stable releases
