RFC - Generic task hook for DryOS r51 (and higher?)

  • 19 Replies
  • 2473 Views
*

Offline c10ud

  • ***
  • 245
RFC - Generic task hook for DryOS r51 (and higher?)
« on: 11 / June / 2013, 05:56:00 »
Advertisements
So, here's a first draft of the patch:
https://github.com/c10ud/CHDK/commit/ae854c34fd300d1e68254aa2fe61185fe24dbae6

I had this idea for a while and thought of just keeping the whole functions since they seemed similar in every r51 camera.
But after talking with reyalp (and discovering that sx160 had them slightly different) I moved to his suggested approach of just jumping back to original function after manipulating the registers and restoring the original instructions.

I added a new define CAM_DRYOS_NEW_TASK_HOOK that will enable code from platform/generic/boot.c (which must be included in platform/cameramodel/sub/firm/boot.c).
Two new defs must be put in stubs_min.S:
DEF(CreateTask2_hook,                       0x0068AF04)
DEF(CreateTask_hook,                        0x0068AB8C)

CreateTask_hook is just the address of the CreateTask function finsig already finds
CreateTask2_hook is a bogus name I gave to what seems a wrapper of "our" CreateTask function

After following a wrong path while trying to get finsig to find the CreateTask2 address (and bothering Phil about it :)) I found out that a number of tasks (every?) are created calling a function that simply loads the address we need in the PC.

Example for S110 102b:
Code: [Select]
ROM:F8648314 sub_F8648314
ROM:F8648314                 LDR     PC, =0x68AF04

And a number of tasks:
Code: [Select]
ROM:F801FD8C                 MOV     R2, #0x400
ROM:F801FD90                 MOV     R1, #0x1D
ROM:F801FD94                 ADR     R0, aBatterytask ; "BatteryTask"
ROM:F801FD98                 BL      sub_F8648314
----------------------------------------------------------------------------------
ROM:F80210B4                 MOV     R2, #0x800
ROM:F80210B8                 MOV     R1, #0x17
ROM:F80210BC                 ADR     R0, aPhysw      ; "PhySw"
ROM:F80210C0                 BL      sub_F8648314
Some others call it a bit differently but you get the idea. I will look into finsig but probably Phil can recognize such pattern in no time...? (We could just force recognition on the PhySw call, since it's quite early in ROM..)

Also: it looks like that all cameras now share those addresses (some kind of fixed address syscall) so probably we won't really need to find them but just add them as defines in generic/boot.c?

Ideas? Remarks? Comments?

Ofcourse credits to ERR99 who first implemented the new hooks for r51 cameras in SX50 :)
« Last Edit: 11 / June / 2013, 05:59:15 by c10ud »

*

Offline c10ud

  • ***
  • 245
Re: RFC - Generic task hook for DryOS r51 (and higher?)
« Reply #1 on: 12 / June / 2013, 10:02:44 »
All right, here's a patch against finsig that finds the CreateTask2 address and adds it to DEFs (along with CreateTask value):

https://github.com/c10ud/CHDK/commit/2221d8203c50e0c6300b884995d25043b3f3f1c2


Comments, ideas, welcome

*

Offline philmoz

  • *****
  • 3061
    • Photos
Re: RFC - Generic task hook for DryOS r51 (and higher?)
« Reply #2 on: 12 / June / 2013, 18:34:08 »
All right, here's a patch against finsig that finds the CreateTask2 address and adds it to DEFs (along with CreateTask value):

https://github.com/c10ud/CHDK/commit/2221d8203c50e0c6300b884995d25043b3f3f1c2


Comments, ideas, welcome

This doesn't work for the SX50HS which doesn't have the extra LDR PC,... bit.
I think there's a simpler way to find it - just need a bit of time to look at it.

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)

*

Offline philmoz

  • *****
  • 3061
    • Photos
Re: RFC - Generic task hook for DryOS r51 (and higher?)
« Reply #3 on: 12 / June / 2013, 23:20:41 »
All right, here's a patch against finsig that finds the CreateTask2 address and adds it to DEFs (along with CreateTask value):

https://github.com/c10ud/CHDK/commit/2221d8203c50e0c6300b884995d25043b3f3f1c2


Comments, ideas, welcome

This doesn't work for the SX50HS which doesn't have the extra LDR PC,... bit.
I think there's a simpler way to find it - just need a bit of time to look at it.

Phil.

Try this version.

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)


*

Offline c10ud

  • ***
  • 245
Re: RFC - Generic task hook for DryOS r51 (and higher?)
« Reply #4 on: 13 / June / 2013, 06:54:17 »
All right, here's a patch against finsig that finds the CreateTask2 address and adds it to DEFs (along with CreateTask value):

https://github.com/c10ud/CHDK/commit/2221d8203c50e0c6300b884995d25043b3f3f1c2


Comments, ideas, welcome

This doesn't work for the SX50HS which doesn't have the extra LDR PC,... bit.
I think there's a simpler way to find it - just need a bit of time to look at it.

Phil.

Try this version.

Phil.
ah! less intrusive and working as expected ;) I knew you could come up with a more elegant solution
I did not think of using sig7 :)

*

Offline philmoz

  • *****
  • 3061
    • Photos
Re: RFC - Generic task hook for DryOS r51 (and higher?)
« Reply #5 on: 13 / June / 2013, 07:05:08 »
I did not think of using sig7 :)

That's because it's an all new sig7 :)

7 & 10 did almost exactly the same thing so I merged them together (into 10).
Then I added a new version of 7 for your hook.

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)

*

Offline c10ud

  • ***
  • 245
Re: RFC - Generic task hook for DryOS r51 (and higher?)
« Reply #6 on: 13 / June / 2013, 07:25:27 »
I did not think of using sig7 :)

That's because it's an all new sig7 :)

7 & 10 did almost exactly the same thing so I merged them together (into 10).
Then I added a new version of 7 for your hook.

Phil.
oh all right, unfortunately something is messed up in that file and the diff against current trunk is too big to see what's different....or you kind of rewrote the whole file (?)

I guess I'll find out once you push the modification to trunk :)

*

Offline philmoz

  • *****
  • 3061
    • Photos
Re: RFC - Generic task hook for DryOS r51 (and higher?)
« Reply #7 on: 15 / June / 2013, 19:43:09 »
Here's an alternative approach using my code_gen tool.

It uses your simpler approach to hooking the CreateTask functions; but gets all the necessary instructions from the firmware.

Waterwingz has tested this on the SX50, so I thought you might like to try it on the S110.

I noticed a difference in the two versions.
1.01b has
Code: [Select]
    if ( (*(int*)0xC022F48C & 0x800000) )
        *(int*)(0x2FF0+0x4) = 0x200000;     // Playmode "PhySwConfig.c" @f807b174
    else
        *(int*)(0x2FF0+0x4) = 0x100000;     // Shootingmode
while 1.02b has
Code: [Select]
    if ( (*(int*)0xC022F48C & 0x4) )
        *(int*)(0x2FF0+0x4) = 0x200000;     // Playmode "PhySwConfig.c" @f807b174
    else
        *(int*)(0x2FF0+0x4) = 0x100000;     // Shootingmode

Also you may notice some differences in some sub_XXXXXXXX call addresses.
This is because the code_gen program follows unnecessary branches in the firmware disassembly.
For example, if the firmware code is
Code: [Select]
    BL sub_AAAAAAAA        // instruction to disassemble
    ...
sub_AAAAAAAA:
    B  sub_BBBBBBBB
    ...
sub_BBBBBBBB:
is output as
Code: [Select]
    BL  sub_BBBBBBBB

Phil.
« Last Edit: 15 / June / 2013, 19:44:47 by philmoz »
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)


*

Offline c10ud

  • ***
  • 245
Re: RFC - Generic task hook for DryOS r51 (and higher?)
« Reply #8 on: 16 / June / 2013, 06:32:48 »
neat, I will try the generated version later today

also about the power-on trick: the 101b version is probably a leftover (I have 102b and tried with that), I will double check what the correct version is

since I still have access to the g15, if it works ok I will try code_gen on that (someone with sx50 could check that too..so we can go further with the generic HookIntoCreateTask function..which I see you modified to be simpler :))

*

Offline c10ud

  • ***
  • 245
Re: RFC - Generic task hook for DryOS r51 (and higher?)
« Reply #9 on: 16 / June / 2013, 10:29:31 »
it seems to work good, and the correct power on trick is from 102b

however I'm not really sure on where we are heading because those new files in sub...I think we could move most of that stuff to generic and avoid unnecessary duplication

note that the patch won't apply to trunk and given your recent modifications (stubs diffs clashing) i think I'll wait until you settle things down and merge everything in one place before cleaning up a bit s110 and hopefully g15 with the new stubs and bring the ports on par with yours :)

 

Related Topics