code you HAVE RUN on your dslr

Seklth

54
400D

Re: code you HAVE RUN on your dslr

« Reply #40 on: 19 / May / 2008, 10:11:49 »

Advertisements

@owerlord
run native eventproc_GenerateDDD don't create file too?

@jeff666
eventproc_EdLedBlink, what store dword to mem - not worked.

@owerlord
maybe need find over code, what working with led. you find hook buttons? button "direct print" have led)

Logged

jeff666

181
A720IS

Re: code you HAVE RUN on your dslr

« Reply #41 on: 19 / May / 2008, 11:36:36 »

Quote from: Seklth on 19 / May / 2008, 10:11:49

eventproc_EdLedBlink, what store dword to mem - not worked.

Ever thought that Event Procedures might not work?

The P&S-cams clear the OS when "Firm Update" is selected. Close to nothing works then.

To light up an LED we write directly to MMIO-addresses. Read eventproc_EdLedBlink and check for write access between 0xC000000 and 0xC2000000. Chances are, that you find the correct MMIO-address and are able to control an led. Have a look at the camera-specific articles in CHDK-wiki to see a list of typical addresses.

Once you have an address, the LED should turn on if you write 0x46 or off if you write 0x44 to the location.

Cheers.

Logged

DataGhost

314
EOS 40D, S5IS

Re: code you HAVE RUN on your dslr

« Reply #42 on: 19 / May / 2008, 12:27:39 »

Ok, I'm new here (in the DSLR section) so I started looking at this stuff about 15 minutes ago.

Quote from: Seklth on 19 / May / 2008, 10:11:49

@jeff666
eventproc_EdLedBlink, what store dword to mem - not worked.

What is the exact address you found for that function or how do you call it? I don't have that particular name in my IDA dump, maybe this was done by your signatures or scripts but I'm not sure. Anyway, I may know how to call it or what it does, unless you already use that method.
Oh and.. how many LEDs are on the camera and how many are lit while running your code?

Logged

owerlord

115

Re: code you HAVE RUN on your dslr

« Reply #43 on: 19 / May / 2008, 12:33:40 »

the function list is exported with Seklth idc scripts, and imported by them also. (see attachments in this thread). on the body of 400D are only 3 leds: power led, CompactFlash access led, PTP (print direct) led.

I do not know witch is the EdLed - from the source - becose it didn't work.
while running the code the power led is led. and when I initialize the system the CF led blinks a bit.

Logged

DataGhost

314
EOS 40D, S5IS

Re: code you HAVE RUN on your dslr

« Reply #44 on: 19 / May / 2008, 12:41:03 »

Okay.... I guess I'm a little bit blind then, I still don't see eventproc_EdLedBlink in the function lists I found in this thread and the idc files don't really look like they're going to identify it. Can you verify that you have that function in your list and export it or tell me the address?

Logged

owerlord

115

Re: code you HAVE RUN on your dslr

« Reply #45 on: 19 / May / 2008, 12:58:35 »

Sorry - accidently they are not functions - so idc didn't export them. here thy are:

ROM:FFAFCC78 eventproc_EdLedOff
ROM:FFAFCCA4 eventproc_EdLedOn
ROM:FFAFCCD0 eventproc_EdLedBlink

Logged

DataGhost

314
EOS 40D, S5IS

Re: code you HAVE RUN on your dslr

« Reply #46 on: 19 / May / 2008, 13:10:36 »

Ah, ok. Yes, those are the same ones I found and IDA identified them as loc_.... so indeed not a function. Anyway, did you also try EdLedOn and EdLedOff or did you only try EdLedBlink? If you tried them all, they probably confirm my theory. Those functions give me a PostLEDMessage (present on compact cameras) feeling, so they probably tell the OS to turn on/off or blink a specific LED. If the OS isn't running anymore... well.. do the math. I guess you'll have to search for the addresses 0xCAF0 and 0xCAD8 (or 0xC0210014 and 0xC0220000, their respective values), as they seem to tell the OS what to do.

Equivalent, abbreviated C:
void EdLedOff() {
*((long *) 0xC0210014) = 0;
*((long *) 0xC0220000) = 0x44;
}

void EdLedOn() {
*((long *) 0xC0220000) = 0x48;
*((long *) 0xC0210014) = 1;
}

void EdLedBlink() {
*((long *) 0xC0220000) = 0x48;
*((long *) 0xC0210014) = 3;
}

Logged

owerlord

115

Re: code you HAVE RUN on your dslr

« Reply #47 on: 19 / May / 2008, 13:23:30 »

yes. I know what it does. I done the asigments in memory without calling the functions.
It didn't blink or lit anything. Before or after OS rewriten procedures. Even after the EdLed register procedures and memory initializations.

Logged

Seklth

54
400D

Re: code you HAVE RUN on your dslr

« Reply #48 on: 19 / May / 2008, 15:35:08 »

test other addresses from this function: sub_FFAFCAF0

Logged

DataGhost

314
EOS 40D, S5IS

Re: code you HAVE RUN on your dslr

« Reply #49 on: 19 / May / 2008, 15:37:18 »

They might do other things, though. Anyway, Maybe you could try setting 0x46 into 0xC0220000 (or another addresses) since that's the value other cameras usually use to turn on a LED.

Logged

Subject / Started by	Replies	Last post
Run arbitrary non-CHDK ASM code Started by flarn2006 General Discussion and Assistance	3 Replies 3862 Views	by reyalp
How to run 3rd party code on EOS 450D? Started by netsky1 DSLR Hack development	2 Replies 7462 Views	by netsky1
Can you run multiple scripts? Started by imagecatcher Creative Uses of CHDK	2 Replies 4201 Views	by Microfunguy
how do you review your images in camera when chdk takes alt button Started by Merie Hello, I'm a NEWBIE - HELP!! (Newbies assistance, User Guides and thank you notes)	4 Replies 5033 Views	by Merie
Creating A Soft that Can Get Shutter Count for Canon DSLR?How would you make it? Started by itaa General Discussion and Assistance	1 Replies 3437 Views	by reyalp