supplierdeeply

Porting chdk to the G9

  • 245 Replies
  • 62650 Views
*

Offline GrAnd

  • ****
  • 916
  • [A610, S3IS]
    • CHDK
Re: Porting chdk to the G9
« Reply #60 on: 23 / April / 2008, 14:44:09 »
Advertisements
GrAnd, I want to try to analyze the a720 dump, which are the addresses to load it in Ida?

0xFFC00000 - as any camera of A-series.
CHDK Developer.

Re: Porting chdk to the G9
« Reply #61 on: 23 / April / 2008, 14:50:04 »
a little help please:  :-X

I could comile A720 and G9 1.00F (test) successfully but not 1.00D.

This is the end of the log:

-> main.elf
../platform/g9/libplatform.a(wrappers.o): In function `camera_shutdown_in_a_second':
wrappers.c:(.text+0x780): undefined reference to `_SetAutoShutdownTime'
collect2: ld returned 1 exit status
d:\chdk\gcc\bin\gmake[1]: *** [main.elf] Error 1
gmake: *** [all-recursive] Error 1

I was just wondering how jeff666 could compile it.

What I changed in the source are the LED addresses and RAW parameters in camera.h nothing else.


Edit1: I could correct it. No need help. :D
« Last Edit: 23 / April / 2008, 14:55:13 by Titan_G9 »

Re: Porting chdk to the G9
« Reply #62 on: 23 / April / 2008, 15:47:25 »
hello,

I used the LED method to find where the boot code stop.
So, in : /platform/g9/sub/100d/boot.c

Code: [Select]
    // Code taken from VxWorks CHDK. Changes CPU speed?
    asm volatile (
"MRC     p15, 0, R0,c1,c0\n"
"ORR     R0, R0, #0x1000\n"
"ORR     R0, R0, #4\n"
"ORR     R0, R0, #1\n"
"MCR     p15, 0, R0,c1,c0\n"
    :::"r0");

    for(i=0;i<canon_data_len/4;i++)
canon_data_dst[i]=canon_data_src[i];

    for(i=0;i<canon_bss_len/4;i++)
canon_bss_start[i]=0;

/*    asm volatile (
"MRC     p15, 0, R0,c1,c0\n"
"ORR     R0, R0, #0x1000\n"
"BIC     R0, R0, #4\n"
"ORR     R0, R0, #1\n"
"MCR     p15, 0, R0,c1,c0\n"
    :::"r0");
*/
      on();   
    // jump to init-sequence that follows the data-copy-routine
    asm volatile ("B      sub_FF8101a4_my\n");

}; //#fe

before  asm volatile ("B      sub_FF8101a4_my\n");   the led light but after it does NOT.

So what is the next step?

1. Compare the "base A720" and the g9 firmware in IDA? or something else? How to find the correct function for it?
2. Or just leave it out commented?

Cheers

Edit 1: Probably the function sub_FF8101a4 is not good for it.  How to find the address of it?
« Last Edit: 23 / April / 2008, 15:51:07 by Titan_G9 »

Re: Porting chdk to the G9
« Reply #63 on: 23 / April / 2008, 16:50:52 »
Titan_G9,
could you post a copy of your (100d, I mean) ida's names and functions and/or the log of figsig.exe?
« Last Edit: 23 / April / 2008, 17:24:32 by bongo_bingo »


Re: Porting chdk to the G9
« Reply #64 on: 23 / April / 2008, 17:25:49 »
Titan_G9,
could you post a copy of yours (100d, I mean) ida's names and functions and/or the log of figsig.exe?

Here they are...

Re: Porting chdk to the G9
« Reply #65 on: 23 / April / 2008, 17:33:23 »
thanks!

Re: Porting chdk to the G9
« Reply #66 on: 23 / April / 2008, 17:58:58 »
before  asm volatile ("B      sub_FF8101a4_my\n");   the led light but after it does NOT.

I was wrong.  >:(
The code continue to execute still :

void __attribute__((naked,noinline)) sub_FF810FB8_my() { //#fs
        asm volatile (
              //"STR     LR, [SP,#0xFFFFFFFC]!\n"
              "STR     LR, [SP,#-4]!\n"         // inspired by original CHDK-code
              "SUB     SP, SP, #0x74\n"
              "MOV     R0, SP\n"
              "MOV     R1, #0x74\n"
              "BL      sub_FFABD388\n"
              "MOV     R0, #0x53000\n"
              "STR     R0, [SP,#0x74-0x70]\n"
        );
//              "LDR     R0, =0xDD024\n"          // 0x9d024 + 0x40000, note: 0x20000 *should* have been enough, but our code was overwritten...
                                               // ...thus we push the memory pool a little more up (0x30000 = 192k)
        asm volatile (
              "LDR     R0, =new_sa\n"
              "LDR     R0, [R0]\n"
        );
on();   Still this point
        asm volatile (
              "LDR     R2, =0x2ABC00\n"
              "LDR     R1, =0x2A4968\n"
              "STR     R0, [SP,#0x74-0x6C]\n"
              "SUB     R0, R1, R0\n"

Slowly I started to undersand the how it wokrs. (very slowly...)
Continued tomorrow...

Re: Porting chdk to the G9
« Reply #67 on: 28 / April / 2008, 18:53:34 »
Wow - I haven't checked the progress on this in a few weeks and all of a sudden lots of people are hard at work! Great job everyone, especially Titan G9, pgm, boingo_bingo, GrAnd and V3RTEX!


Re: Porting chdk to the G9
« Reply #68 on: 29 / April / 2008, 02:41:01 »
Hi all,
I've been away for a few days (shooting in Rome!  :D ).
Now I'm back, but have to go to work  :'(

Happy to see that g9 users group is growing!

Edit 1:

- no work for this morning!  :D
- I'm dumping with cardtrick, I'll post my whole g9 dump soon

Questions:
- analyzing the card tricks dump with ida:
1) can I use the same tail-head procedure as in the uduper tool?
2) In Ida: can I use the same addresses used for the uduper dump analisys?

Edit 2:

- here is the link to the g9 100f done with cardtricks zSHARE - g9_100f_cardtricks.zip
« Last Edit: 29 / April / 2008, 06:11:49 by bongo_bingo »

Re: Porting chdk to the G9
« Reply #69 on: 30 / April / 2008, 07:42:54 »
Hello,
I'm working on sub/100f/boot.c trying to found analogies between the g9  and the 720 dump.
I've found something, but the compiler gives me this errors:

c:\Temp/ccueaaaa.s: Assembler messages:
c:\Temp/ccueaaaa.s:484: Error: bad instruction `loc_ff82d274'
c:\Temp/ccueaaaa.s:521: Error: bad instruction `loc_ff82d65c'
c:\Temp/ccueaaaa.s:641: Error: bad instruction `loc_ff82d4d8'
c:\Temp/ccueaaaa.s:710: Error: bad instruction `loc_ff82d68c'
c:\CHDK\gcc\bin\gmake[4]: *** [boot.o] Error 1
c:\CHDK\gcc\bin\gmake[3]: *** [all-recursive] Error 1
c:\CHDK\gcc\bin\gmake[2]: *** [all-recursive] Error 1
c:\CHDK\gcc\bin\gmake[1]: *** [all-recursive] Error 1
gmake: *** [all-recursive] Error 1


I'm posting the actual boot.c for an eventual help.


Also I'm not able to find a lot of things, I'm posting what I cannot find (I'm at the half of boot.c analisys).

Please help !

 

Related Topics