« previous next »
Pages: 1 [2] 3 4 5 6 7 ... 20   Go Down

ixus175_elph180_100c porting attempt

  • 197 Replies
  • 51538 Views
*

Offline srsa_4c

  • ******
  • 3728
Re: ixus175_elph180_100c porting attempt
« Reply #10 on: 06 / March / 2017, 15:48:15 »
Advertisements
Quote from: tsamma on 06 / March / 2017, 09:53:40
This function in boot.c difference from ixus160. It's the last function able to blink led, can't call to task_Startup_my().
Your CreateTask_my() function is incorrect - it was made for the low level CreateTask, but you can hook the high level CreateTask in the ixus175. As such, the asm part uses wrong registers and you've left out the STMFD instruction from its beginning. The result is that the firmware's first CreateTask call will crash the camera - which is what you are seeing.
Choose another recent port (one that hooks the real CreateTask, such as ixus150, sx530) and use its taskhook.S/code_gen.txt file as starting point for your CreateTask_my function.

You'll need to modify the following line too:
*(int*)(0x2A04 + 4) = (*(int*)0xC022F484)&0x20000 ? 0x400000 : 0x200000;
The firmware variable can be found in (sub_FF82BE10 ->) sub_FF86B864: 0x2bd4 + 4. The magic constants are also there. The 0xc022xxxx GPIO is referenced in sub_FF82BE10 somewhere.

For now, you can just remove filewritetask from the makefile (platform/ixus175/sub/100c) and CreateTask_my . It can be dealt with later.
Logged
*

Offline tsamma

  • *
  • 29
Re: ixus175_elph180_100c porting attempt
« Reply #11 on: 07 / March / 2017, 00:14:27 »
From tail of boot()
Code: [Select]
"    LDR     R0, =patch_CreateTask\n"   // Patch data
"    LDM     R0, {R1,R2}\n"             // Get two patch instructions
"    LDR     R0, =hook_CreateTask\n"    // Address to patch
"    STM     R0, {R1,R2}\n"             // Store patch instructions

"    B       sub_FF8203C4_my \n"  // --> Patched. Old value = 0xFF8203C4.

"patch_CreateTask:\n"
"    LDR     PC, [PC,#-0x4]\n"          // Do jump to absolute address CreateTask_my
"    .long   CreateTask_my\n"
copy task_hook.S from ixus150 and comment
Code: [Select]
/*** INSTALL liveimage_task() hook ***/
/*"    LDR     R0, =task_LiveImageTask\n"
"    CMP     R0, R3\n"
"    LDREQ   R3, =liveimage_task\n"
"    BEQ     exitHook\n"
*/
I'm not sure what is &0x20000 but at FF812630 look as same as ixus160
   
Code: [Select]
*(int*)(firmware variable + 4) = (*(int*)GPIO )&magic constants ? 0x400000 : 0x200000;//format
    *(int*)(0x2BD4 + 4) = (*(int*)0xC022F484)&0x20000 ? 0x400000 : 0x200000;
insert blink code at first line of sub
Code: [Select]
boot()//led blink
|-CreateTask_my()//led blink
|-init_file_modules_task()//led not blink *****
|
|-sub_FF8203C4_my()//led blink
|-sub_FF822914_my()//led blink
|-sub_FF824734_my()//led blink
|-sub_FF827DB8_my()//led blink
|-task_Startup_my()//led blink
|-taskcreatePhySw_my()//led blink
|-init_required_fw_features(void)//led blink
Does it means my CreateTask_my() doesn't work but remainder sub may be work fine?
boot.c:  https://drive.google.com/open?id=0B4ujGHeVgSW0WkE5blViUGQ1WFk
« Last Edit: 07 / March / 2017, 00:51:53 by tsamma »
Logged
*

Offline srsa_4c

  • ******
  • 3728
Re: ixus175_elph180_100c porting attempt
« Reply #12 on: 07 / March / 2017, 21:08:26 »
Quote from: tsamma on 07 / March / 2017, 00:14:27
copy task_hook.S from ixus150 and comment
At this point, comment out all task replacements except init_file_modules_task. You can re-add them one by one later, when doing those parts.
Quote
I'm not sure what is &0x20000
That's for selecting a bit from an 'aggregated GPIO' word. That bit carries the state of either the ON/OFF or the playback button (on that camera). This trick allows starting the camera in rec mode when the implementation is correct.
You can find that bit by finding either button in the 'keyboard' (physw_status) bits. Other ports query the non-aggregated version of the same GPIO, like I said
Quote
The 0xc022xxxx GPIO is referenced in sub_FF82BE10 somewhere.
If you don't know which is the right GPIO/bit yet, choose the constant that lets the cam start in playback mode and write it into (0x2BD4 + 4).
Quote
insert blink code at first line of sub
Code: [Select]
boot()//led blink
|-CreateTask_my()//led blink
|-init_file_modules_task()//led not blink *****
|
|-sub_FF8203C4_my()//led blink
|-sub_FF822914_my()//led blink
|-sub_FF824734_my()//led blink
|-sub_FF827DB8_my()//led blink
|-task_Startup_my()//led blink
|-taskcreatePhySw_my()//led blink
|-init_required_fw_features(void)//led blink
Does it means my CreateTask_my() doesn't work but remainder sub may be work fine?
Did you find the correct stubs for the functions called in init_required_fw_features()? If not, you're crashing the camera (which would explain why you get no blink in init_file_modules_task() ).
Your boot.c looks reasonable otherwise.
Logged
*

Offline fe50

  • ******
  • 3094
  • IXUS50 & 860, SX10 Star WARs-Star RAWs
    • fe50
Re: ixus175_elph180_100c porting attempt
« Reply #13 on: 11 / March / 2017, 03:24:19 »
Quote from: fe50 on 11 / March / 2017, 03:23:59
Added the
  • IXUS 175 / ELPH 180 1.00C
full 8MB dump by tsamma from this forum post to the CHDK P&S FW dumps repository.
@blackhole- thanks for the hint !
Logged
*

Offline tsamma

  • *
  • 29
Re: ixus175_elph180_100c porting attempt
« Reply #14 on: 11 / March / 2017, 10:20:40 »
With
Code: [Select]
*(int*)(0x2BD4 + 4) = 0x400000; and in task_Startup_my()
Code: [Select]
"    BL      CreateTask_spytask\n" // added
"    BL      taskcreatePhySw_my \n"  // --> Patched. Old value = 0xFF82BCBC.
"    BL      init_required_fw_features\n" // addedif comment  CreateTask_spytask and  init_required_fw_features it boot properly, take image, preview and scale without CHDK menu. if comment CreateTask_spytask only, it show Canon page and crash.
Thank you.
https://drive.google.com/open?id=0B4ujGHeVgSW0TGwtUkVYdkVobW8
Logged
*

Offline srsa_4c

  • ******
  • 3728
Re: ixus175_elph180_100c porting attempt
« Reply #15 on: 11 / March / 2017, 19:02:20 »
Quote from: tsamma on 11 / March / 2017, 10:20:40
if comment  CreateTask_spytask and  init_required_fw_features it boot properly, take image, preview and scale without CHDK menu. if comment CreateTask_spytask only, it show Canon page and crash.
For CHDK to work, you must also complete stubs_entry_2.S, stubs_min.S. If you have ixus160 addresses in any of them, you're risking to crash the camera by either executing garbage or corrupting memory. I also would not trust the sigfinder completely - check at least addresses you find inside DEF macros in stubs_entry.S .
Dumping camera's RAM can also be useful when searching for Canon variables and frame buffers. You can do that by modifying the Canon Basic dumper to dump from address 0 (cam has 128 MB of RAM).
Logged
*

Offline blackhole

  • *****
  • 642
  • A590IS 101b
    • Planetary astrophotography
Re: ixus175_elph180_100c porting attempt
« Reply #16 on: 12 / March / 2017, 04:17:01 »
@tsamma
Put this in stubs_entry_2.S, this is required for "init_required_fw_features".
Code: [Select]
NHSTUB(init_focus_eventflag,                0xFFB97BD8)
NHSTUB(init_nd_eventflag,                   0xFFAB76DC)
NHSTUB(init_nd_semaphore,                   0xFFAE6424)If you are in trouble with any other items in stubs_entry_2.S and stubs_min.S just ask.
Logged
*

Offline tsamma

  • *
  • 29
Re: ixus175_elph180_100c porting attempt
« Reply #17 on: 12 / March / 2017, 10:07:58 »
@blackhole Thank you for your kindly. Now, 
Code: [Select]
"    BL      CreateTask_spytask\n" // added   is the main problem. it's make my canon show startup screen then silent.

@srsa_4c Thank you for your recommendation and techniques. I will try to fix my stub_entry_2.s.

I don't understand why CreateTask_spytask crash. Need some hint, Please.
My boot.c, stub_entry.S, stub_entry_2.s and ROMLOG.txt
https://drive.google.com/open?id=0B4ujGHeVgSW0d0Ewc3lFNkE3aTg
Logged
*

Offline waterwingz

  • ******
  • 11623
    • Waterwingz
Re: ixus175_elph180_100c porting attempt
« Reply #18 on: 12 / March / 2017, 12:23:59 »
Quote from: tsamma on 12 / March / 2017, 10:07:58
I don't understand why CreateTask_spytask crash. Need some hint, Please.
When you execute CreateTask_spytask you enable the CHDK spytask to run.  Most likely it's spytask itself that's crashing.

Spytask can be found in core/main.c - look for
Code: [Select]
void core_spytask()
Note that spytask does most of the run time setup & configuration for CHDK.  So if you have memory regions defined incorrectly (for example) that's were it will crash.  Try commenting out sections of the code to narrow down where it's crashing (or blink the LED at various points).
Logged
Ported :   A1200    SD940   G10    Powershot N    G16
*

Offline blackhole

  • *****
  • 642
  • A590IS 101b
    • Planetary astrophotography
Re: ixus175_elph180_100c porting attempt
« Reply #19 on: 12 / March / 2017, 12:29:03 »
Put this in stubs_entry_2.S
Code: [Select]
NHSTUB(open,  0xFF823CB0)
NHSTUB(close, 0xFF823D60)Are you until now edited anything in stubs_min.S?
Logged
Pages: 1 [2] 3 4 5 6 7 ... 20   Go Up
« previous next »
 

Related Topics