Ok, will look at them, they can do a full disassembly at once?
Yes. For the perl script, see the comments at the top of the script.
For the capstone tools, you must use a patched version of capstone 3.0.4. Windows library and patch in
https://chdk.setepontos.com/index.php?topic=12714.msg126351#msg126351(the fix was accepted into the current capstone dev branch, but there are other incompatibilities)
For capdis, I suggest
1) create a minimal platform tree, with makefiles
2) run make rebuild-stubs for your platform, to generate csvs and stubs_entry.S.err (because not everything will be found)
3) Rename stubs_entry.S.err to stubs_entry.S so capdis will see it.
4) run something like
./capdis.exe ../../dumps/sx720/sub/100e/PRIMARY.BIN 0xfc000000 -stubs=../platform/sx720/sub/100e -s=0xfc020001 -e=0xfc5b97a0 -f=objdump -d-const -d-addr -d-bin > ../../dumps/sx720/sub/100e/ROMCODE.DIS
This example assumes it was run from the tools directory, and in my setup where dumps are in a separate tree from the CHDK source. Adjust paths to taste. The -e address above is the address of ctypes from stubs_entry.S
This gives you a pretty complete disassembly of the ROM code, with all the functions found by the sig finder named. It will take some time to run.
There is also some code that is copied from ROM to RAM. You can disassemble these in the same way, using address ranges from stubs_entry.S, like
./capdis.exe ../../dumps/sx720/sub/100e/PRIMARY.BIN 0xfc000000 -stubs=../platform/sx720/sub/100e -s=0x010e1001 -e=0x010fce10 -f=objdump -d-const -d-addr -d-bin > ../../dumps/sx720/sub/100e/RAMCODE1.DIS
You can also use capdis to extract disassembly for use in chdk code, like
./capdis.exe ../../dumps/sx720/sub/100e/PRIMARY.BIN 0xfc000000 -stubs=../platform/sx720/sub/100e -s=task_CaptSeq -c=100 -f=chdk
I use some shell scripts to set the path options.
If you pass capdis an address rather than a function name for the start, the thumb bit (lsb) determines whether the code is disassembled as arm or thumb. Almost everything is thumb, except for some "veneers" that jump between the RAM and ROM code.
Both capdis and the perl script can produce some incorrect disassembly. They don't automatically detect arm/thumb transitions, and because thumb2 code is variable instruction size, it can get out of alignment if there some data that would be jumped over.