Porting a camera sx530hs - page 9 - DryOS Development - CHDK Forum

Porting a camera sx530hs

  • 300 Replies
  • 153489 Views
*

Offline srsa_4c

  • ******
  • 4451
Re: Porting a camera sx530hs
« Reply #80 on: 09 / April / 2016, 15:26:25 »
Advertisements
Suggestions are always welcome, I'd appreciate it.
I am not a programmer and do not fully understand all precesses.All I know about the firmware and modifications of the same I've learned by reading this forum and advice of people who know much more than me. One can say that I understand C code, assembler is much larger problem. I understand some basic things about the work of ASM code, but a deeper analysis and tracking within the ASM code is a problem.
I understand. Fortunately you're more than able to compile CHDK and make changes to the code. I'll try to come up with ideas.

Here's the first:

In case you know how to run Canon Basic scripts, here's a RAM dumper script that will dump the first 16MB.
Code: [Select]
' RAM dumper
dim f,a,startadr=0,romsize=0x1000000,msgstr=0

private sub mydump(c, d)
        sprintf(msgstr,"A/%0X.BIN",c)
        LCDMsg_SetStr(a,msgstr)
        f=Fopen_Fut(msgstr,"w")
        Fwrite_Fut(c,d,1,f)
        Fclose_Fut(f)
end sub

private sub Initialize()
UI.CreatePublic()
a=LCDMsg_Create()
LCDMsg_SetStr(a,"Running")
System.Create()
if ExecuteEventProcedure("UI_RegistDebugEventProc") = -1 then
ExecuteEventProcedure("UI.CreatePublic")
end if
msgstr = AllocateMemory(80)

        mydump(0,0x1000000)

        LCDMsg_SetStr(a,"Done")
FreeMemory(msgstr)
end sub
Prepare a card for Canon Basic scripts, make sure it's unlocked and there's no CHDK on it.
Start the cam in playback mode and press SET. The messages will not appear as intended, but it will finish in a few seconds (the camera user interface will freeze for that time).
It would be great if this could be used for taking a RAM snapshot in the other mode you've mentioned (wireless AP, I assume this is a separate operating mode you can switch the camera on with a dedicated button). But more than likely scripts will only run when cam was started in playback mode directly.
The file will be named "0.bin". This dump will allow us to see some firmware variables that are getting lost when CHDK is started.

*

Offline blackhole

  • *****
  • 946
  • A590IS 101b
    • Planetary astrophotography
Re: Porting a camera sx530hs
« Reply #81 on: 09 / April / 2016, 16:20:40 »
Quote
In case you know how to run Canon Basic scripts, here's a RAM dumper script that will dump the first 16MB.
No problem about RAM dump, I'll do it but probably not before Monday, I do not have a camera with me right now.

*

Offline blackhole

  • *****
  • 946
  • A590IS 101b
    • Planetary astrophotography
Re: Porting a camera sx530hs
« Reply #82 on: 10 / April / 2016, 13:01:16 »

*

Offline srsa_4c

  • ******
  • 4451
Re: Porting a camera sx530hs
« Reply #83 on: 10 / April / 2016, 18:47:03 »
Here is a RAM dump.
Thanks.
The SD card related flag is 2 (it's a byte at 0x3618).
The startup flag (word at 0x2cf4 + 8 = 0x2cfc) is 0x400000. That means 0x400000 is playback mode, my guess for booting in rec mode is still 0x200000 (from sub_ff073c68).

Would be interesting to see if these 2 variables remain the same when using a card that behaves differently in diskboot. Can you make another dump and tell which dump was made on a 'good' and which on a 'bad' card?

*

Offline blackhole

  • *****
  • 946
  • A590IS 101b
    • Planetary astrophotography
Re: Porting a camera sx530hs
« Reply #84 on: 11 / April / 2016, 13:23:12 »
Quote
The SD card related flag is 2 (it's a byte at 0x3618).
The startup flag (word at 0x2cf4 + 8 = 0x2cfc) is 0x400000. That means 0x400000 is playback mode, my guess for booting in rec mode is still 0x200000 (from sub_ff073c68).
Yes, I see now.
Code for normal start is :
*(int*)(0x2cf4+0x8) = (*(int*)0xc022f48c) & 0x80000 ? 0x400000 : 0x200000;
short press - play mode, long press - rec mode.
Start in the play mode with a short press leads to an error on the memory card.
Start in the rec mode with a long press works well with all cards. There is no memory card error.
I now use this:
*(int*)(0x2cf4+0x8) = (*(int*)0xc022f48c) & 0x80000 ? 0x200000 : 0x200000;
Of course, the consequence is that the camera is now always starts in rec mode, but all cards work flawlessly.

*

Offline srsa_4c

  • ******
  • 4451
Re: Porting a camera sx530hs
« Reply #85 on: 11 / April / 2016, 15:20:42 »
Yes, I see now.
Code for normal start is :
*(int*)(0x2cf4+0x8) = (*(int*)0xc022f48c) & 0x80000 ? 0x400000 : 0x200000;
short press - play mode, long press - rec mode.
Start in the play mode with a short press leads to an error on the memory card.
Start in the rec mode with a long press works well with all cards. There is no memory card error.
You could experiment with combining (AKA ORing/adding) one of the remaining flags with 0x400000 for playback mode. These are: 0x40000, 0x800000, 0x100000. Per your earlier observations, 0x100000 might be related to that separate operating mode. You could also try combining 0x400000 and 0x200000 and see what happens.
But I'm guessing that the playback and ON/OFF buttons might be also sampled somewhere else in the boot process, in which case the above advice won't be effective.

*

Offline blackhole

  • *****
  • 946
  • A590IS 101b
    • Planetary astrophotography
Re: Porting a camera sx530hs
« Reply #86 on: 11 / April / 2016, 17:16:04 »
Quote
Would be interesting to see if these 2 variables remain the same when using a card that behaves differently in diskboot. Can you make another dump and tell which dump was made on a 'good' and which on a 'bad' card?
Here is RAM dump from "bad" card,if it is still important.
https://drive.google.com/open?id=0B2NRqqO9AOURTkhIUFpOWTR6ODg
RAM dump in reply#82 is from "good" card.
Quote
You could experiment with combining (AKA ORing/adding) one of the remaining flags with 0x400000 for playback mode. These are: 0x40000, 0x800000, 0x100000. Per your earlier observations, 0x100000 might be related to that separate operating mode. You could also try combining 0x400000 and 0x200000 and see what happens.
But I'm guessing that the playback and ON/OFF buttons might be also sampled somewhere else in the boot process, in which case the above advice won't be effective.
Thanks.
Of course I will try.

*

Offline srsa_4c

  • ******
  • 4451
Re: Porting a camera sx530hs
« Reply #87 on: 11 / April / 2016, 18:41:17 »
Here is RAM dump from "bad" card,if it is still important.
(...)
RAM dump in reply#82 is from "good" card.
Interesting. Can you take some more samples (512kB size is enough in this case) of the good and bad card? Wait a few seconds before starting the dumper.

I was looking for differences around the SD card related area and found that the 'bad' dump has two variables 0 where the good has them filled. At 0x35ac and 0x35b0. These happen to be used by routines in the firmware's "SpeedClass.c" (yes, that seems card speed related).

It's possible of course that the firmware needs some time to fill them or that the cards' speed is much different, so this might very well be a false lead.

*

Offline blackhole

  • *****
  • 946
  • A590IS 101b
    • Planetary astrophotography
Re: Porting a camera sx530hs
« Reply #88 on: 11 / April / 2016, 19:18:55 »
Quote
Interesting. Can you take some more samples (512kB size is enough in this case) of the good and bad card? Wait a few seconds before starting the dumper.
good:
https://drive.google.com/open?id=0B2NRqqO9AOURRUFINnBxWTkxUEk

bad:
https://drive.google.com/open?id=0B2NRqqO9AOURblVOalZnSmpQVXc

One more set.
bad:
https://drive.google.com/open?id=0B2NRqqO9AOURczNPQkRUWGlVMzg

good:
https://drive.google.com/open?id=0B2NRqqO9AOURQ3d6OUtlWG1VSkU
« Last Edit: 11 / April / 2016, 19:51:04 by blackhole »

*

Offline srsa_4c

  • ******
  • 4451
Re: Porting a camera sx530hs
« Reply #89 on: 12 / April / 2016, 11:15:07 »
good:
https://drive.google.com/open?id=0B2NRqqO9AOURRUFINnBxWTkxUEk

bad:
https://drive.google.com/open?id=0B2NRqqO9AOURblVOalZnSmpQVXc

One more set.
bad:
https://drive.google.com/open?id=0B2NRqqO9AOURczNPQkRUWGlVMzg

good:
https://drive.google.com/open?id=0B2NRqqO9AOURQ3d6OUtlWG1VSkU
Thanks, that will be enough. To complete the memory samples, try making another set, but this time with running CHDK (start in playback mode).

It's possible of course that the firmware needs some time to fill them or that the cards' speed is much different, so this might very well be a false lead.
An it does seem a false lead, unfortunately. Probably related to file system activity.

Another idea:
Set the ALT button to a button other than the playback button. Start the camera (with CHDK) by pressing and holding the playback button (let it go when CHDK has started). And check if you get card error when trying to shoot.

 

Related Topics


SimplePortal © 2008-2014, SimplePortal