code you HAVE RUN on your dslr - page 9 - DSLR Hack development - CHDK Forum
« previous next »
Pages: 1 ... 4 5 6 7 8 [9] 10 11 12 13 14 15   Go Down

code you HAVE RUN on your dslr

  • 141 Replies
  • 62548 Views
*

Offline _MAG_

  • *
  • 47
Re: code you HAVE RUN on your dslr
« Reply #80 on: 27 / May / 2008, 10:46:32 »
Advertisements
hmm i see you press ALL keys. Hard analyse why they key not work or what they do.
I sink
MC ot is Main control (button pressed)
PM - power message (ignor him i dont know why need switch porer mode many times)
FC - flash card control

in 162 and 165 use sw operator outher used by control or action.
i sink 0160 work too (they use sw too) but i dont know how.
You can post outher keys adress (if you know?). Some key do something but i dont know what key..
« Last Edit: 27 / May / 2008, 12:24:17 by _MAG_ »
Logged
*

Offline owerlord

  • ***
  • 115
Re: code you HAVE RUN on your dslr
« Reply #81 on: 27 / May / 2008, 17:10:19 »
mainControl is a task. It controls nearly all activities. It have a message queue with messages like (T=something, arg1 , arg2). T=2 is sent by pressed keys. arg1 with T=2 is the key number within 160 to 191. The message sw: ... is the effect of the message sent to the MainControl. Thing is, that I steped up the ladder looking where it is sent and I end up on some class instance. I don't know what calls it.
The other keys (sw: ...) are called by other instances (they are emulations of key presses).
Logged
*

Offline _MAG_

  • *
  • 47
Re: code you HAVE RUN on your dslr
« Reply #82 on: 28 / May / 2008, 07:07:22 »
350D and 400d have A-DEP mode who set fied of deep. Elder models have more advanced mode DEP.
First half-press shutter button measure (by central sensor) distance to first object, second distance to second object, third halfpress set needed focus distance and diaphragm, that both object been in DOF
You sink possible to add this feature to 350d and 400d?
Logged
*

Offline mx3

  • ****
  • 372
Re: code you HAVE RUN on your dslr
« Reply #83 on: 28 / May / 2008, 08:58:03 »
Quote from: _MAG_ on 28 / May / 2008, 07:07:22
You sink possible to add this feature to 350d and 400d?
lets port CHDK first


owerlord can you check if autoexec.bin is launched on 400D?

it seems it is a way to run code on dslrs without packing and encryption. see my comments

can you confirm it?
Logged
skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler
*

Offline owerlord

  • ***
  • 115
Re: code you HAVE RUN on your dslr
« Reply #84 on: 28 / May / 2008, 15:15:05 »
:\ I totaly got stuck. Mayby anybody can help. There are three things I traced and end up in a dead end:

1. When the data is copied from rom to ram.

the 0xC0A100xx are initialized with data-in-rom-adr, data-in-ram-adr, lenght-of-data - when it is copied ??

2. What code is runned when the battery compartment is closed?

I searched the booloader and firmware and haven't see anything.

3. What is done before firmware-loader is started?

Do we know anything ?
Logged
*

Offline mx3

  • ****
  • 372
Re: code you HAVE RUN on your dslr
« Reply #85 on: 28 / May / 2008, 18:27:30 »
Quote from: owerlord on 28 / May / 2008, 15:15:05
:\ I totaly got stuck. Mayby anybody can help. There are three things I traced and end up in a dead end:

1. When the data is copied from rom to ram.

the 0xC0A100xx are initialized with data-in-rom-adr, data-in-ram-adr, lenght-of-data - when it is copied ??

2. What code is runned when the battery compartment is closed?

I searched the booloader and firmware and haven't see anything.

3. What is done before firmware-loader is started?

Do we know anything ?

0xC0XXXXXX - it is devices IO address space.
be carefull with it
what are you going to do with it?

I had impression that jeff666 and dataghost have given you details about how powershots are started
theirs comments were unhelpful?

you can try to analize powershot's firmware and boot procedure of CHDK and find similarities
Logged
skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler
*

Offline owerlord

  • ***
  • 115
Re: code you HAVE RUN on your dslr
« Reply #86 on: 28 / May / 2008, 18:51:11 »

Quote from: mx3 on 28 / May / 2008, 18:27:30
0xC0XXXXXX - it is devices IO address space.
be carefull with it
what are you going to do with it?

The firmware at romStart puts an adres of data saved in ROM, place do copy it in RAM and its lenght to the 0xC0A100xx. I'm not planing to do anything with it - I just want to know where it is used. Propably the data is copied when the battery are closed or something - but I cannot find it.

Quote from: mx3 on 28 / May / 2008, 18:27:30
I had impression that jeff666 and dataghost have given you details about how powershots are started
theirs comments were unhelpful?
you can try to analize powershot's firmware and boot procedure of CHDK and find similarities
I think DSLR are totaly diffrent here. For instance - they're loading CF cards even when they have the power swich to Off. In DSLR one thing is what happens at battery closing, and other is at switch on.
Logged
*

Offline owerlord

  • ***
  • 115
Re: code you HAVE RUN on your dslr
« Reply #87 on: 30 / May / 2008, 15:00:56 »
I dumped the 0x0-... section. And:
When the loader is started:
0x0 interupts are set to the values from 0xFFFF0000 - so bootloader propably loads the program.
0x1900++ section is totaly empty. It is cleared before run.
Logged
*

Offline owerlord

  • ***
  • 115
Re: code you HAVE RUN on your dslr
« Reply #88 on: 30 / May / 2008, 18:03:59 »
jump to 0xFFFF0000: Loading ... Loading ... Loading ... Loading ...
Logged
*

Offline Seklth

  • **
  • 54
  • 400D
Re: code you HAVE RUN on your dslr
« Reply #89 on: 30 / May / 2008, 23:08:46 »
try start autoexec.bin with this jump =)
no, it is incorrect)) it is repeat start bootloader and  loading autoexec.bin..
« Last Edit: 31 / May / 2008, 01:30:59 by Seklth »
Logged
Pages: 1 ... 4 5 6 7 8 [9] 10 11 12 13 14 15   Go Up
« previous next »
 

Related Topics