So, here's a first draft of the patch:
https://github.com/c10ud/CHDK/commit/ae854c34fd300d1e68254aa2fe61185fe24dbae6 I had this idea for a while and thought of just keeping the whole functions since they seemed similar in every r51 camera.
But after talking with reyalp (and discovering that sx160 had them slightly different) I moved to his suggested approach of just jumping back to original function after manipulating the registers and restoring the original instructions.
I added a new define CAM_DRYOS_NEW_TASK_HOOK that will enable code from platform/generic/boot.c (which must be included in platform/cameramodel/sub/firm/boot.c).
Two new defs must be put in stubs_min.S:
DEF(CreateTask2_hook, 0x0068AF04)
DEF(CreateTask_hook, 0x0068AB8C)
CreateTask_hook is just the address of the CreateTask function finsig already finds
CreateTask2_hook is a bogus name I gave to what seems a wrapper of "our" CreateTask function
After following a wrong path while trying to get finsig to find the CreateTask2 address (and bothering Phil about it
) I found out that a number of tasks (every?) are created calling a function that simply loads the address we need in the PC.
Example for S110 102b:
ROM:F8648314 sub_F8648314
ROM:F8648314 LDR PC, =0x68AF04
And a number of tasks:
ROM:F801FD8C MOV R2, #0x400
ROM:F801FD90 MOV R1, #0x1D
ROM:F801FD94 ADR R0, aBatterytask ; "BatteryTask"
ROM:F801FD98 BL sub_F8648314
----------------------------------------------------------------------------------
ROM:F80210B4 MOV R2, #0x800
ROM:F80210B8 MOV R1, #0x17
ROM:F80210BC ADR R0, aPhysw ; "PhySw"
ROM:F80210C0 BL sub_F8648314
Some others call it a bit differently but you get the idea. I will look into finsig but probably Phil can recognize such pattern in no time...? (We could just force recognition on the PhySw call, since it's quite early in ROM..)
Also: it looks like that all cameras now share those addresses (some kind of fixed address syscall) so probably we won't really need to find them but just add them as defines in generic/boot.c?
Ideas? Remarks? Comments?
Ofcourse credits to ERR99 who first implemented the new hooks for r51 cameras in SX50