IIRC on G7x, rmem'ing MMIO works for single words, but not larger ranges. rmem passes the address range directly to the PTP transfer function, which probably tries to use DMA
Exception!! Vector 0x10Occured Time 2017:01:06 04:31:47Task ID: 53149815Task name: PTPBulkState4Exc Registers:0x425B700C0xD98550000x000000200xFC3380800xFC3380800x000000400xFC41D85F0x0059C1700xFC41D85F0xD98550000x0059C3B40x0059E1C00x000000000x006F9FA80xFC41CA5B0x01100A980x20000053StackDump:0x0059C3A00xFC41CA5B0x0059C3A00x000000400xD98550000xFC41D85F0x0059E1C00x0059C170
NSTUB(dry_memcpy, 0x1100a8c):1100a8c: push {r4, lr}1100a90: subs r2, r2, #321100a94: bcc loc_1100ab0loc_1100a98:1100a98: ldm r1!, {r3, r4, ip, lr}
I can confirm that on M3 chdkptp and ptpcam allow to read MMIO registers and sometimes allow to read memory ranges(for example "m 0xC0F07000 192")
So, it looks like the DIGIC / ARM core of this camera doesn't tolerate LDMing MMIO data.
Your CPUINFO exactly matches with mine. But your DryOS version...
Do you guys still need a Firmware Dump from v1.1.0?I could make and upload mine, if needed.
You can modify CPUINFO to show more information about data abort exception.
P.S. do you have access to memory-mapped debug registers?It can be useful to intercept ROM code execution(like cache hacks).
I then modified the memory copy routine used in my mw module to use only single LDRs, and it suddenly started to work - I can now look at MMIOs.So, it looks like the DIGIC / ARM core of this camera doesn't tolerate LDMing MMIO data.
Have any suggestions?
As reported on recent models, manipulating the halfshoot and full-shoot bits is no longer effective (that means, CHDK can't simulate button presses on these).
The A bit is set automatically by certain exceptions and is written by privileged software. It disables asynchronous Data Aborts.
Started by axman « 1 2 3 » Firmware Dumping
Started by burglar Creative Uses of CHDK
Started by reyalp DryOS Development
Started by David475 DryOS Development