code you HAVE RUN on your dslr - page 7 - DSLR Hack development - CHDK Forum
supplierdeeply
« previous next »
Pages: 1 2 3 4 5 6 [7] 8 9 10 11 12 ... 15   Go Down

code you HAVE RUN on your dslr

  • 141 Replies
  • 83518 Views
*

Offline owerlord

  • ***
  • 115
Re: code you HAVE RUN on your dslr
« Reply #60 on: 20 / May / 2008, 07:17:08 »
Advertisements
anybody know how to actualize xrefs in IDA? When I add a segment of memory and so. some times IDA don't print all the xrefs to the place in memory.
Logged
*

Offline Seklth

  • **
  • 54
  • 400D
Re: code you HAVE RUN on your dslr
« Reply #61 on: 20 / May / 2008, 15:26:08 »
Maybe run this IDC function help:
AnalyseArea(MinEA(),MaxEA());
Logged
*

Offline owerlord

  • ***
  • 115
Re: code you HAVE RUN on your dslr
« Reply #62 on: 21 / May / 2008, 20:17:12 »
Found a vary important thing:
ROM:FFB06868                   RegisterListOfEvents

It registers events from a list like
"Name"
eventproc_Name
...

NEW: at the end of Startup_Task functions is called with starts a console - it waits for input - that why I think startup don't return.
« Last Edit: 22 / May / 2008, 11:21:27 by owerlord »
Logged
*

Offline owerlord

  • ***
  • 115
Re: code you HAVE RUN on your dslr
« Reply #63 on: 24 / May / 2008, 14:06:48 »
I blink-tested the my rewriten romstart->task_startup path. It's not working.

Everything is executed until the
kernelInit( my_usrRoot, ...)

I call the firmware kernelInit procedure - And the my_usrRoot is never runned.

option a) the kernelInit haven't run the my_usrRoot, but restarted something - and that why the menu apears.

option b) the system clock is changed so much that my led blinking isn't recordable.

NEW: checked twice - when I comment out the my_usrRoot or my_AppInit  - the menu don't start. My blinking don't work after kernelInit.

NEW: the clock is fastened 2^4 times - with that modyfication - the blinking works. whole path works perfectly.
The best thing now would be propably to rewrite the startup task :\

NEW: 1. all functions up to Startup task are runned imediatly - so the delay have to be in the startup.

I found the CF installation procedure:

ROM:FFABCAD4                   CFBigFunction

It install's the filesystem. but is runned throu an adres from the memory (0000BFDC+4)

NEW: Problem. blinking isn't working when started later in the Startup task. I don't know why exacly - but I think it's becose interrupts take place or the clock time is changed in backgroud. in efekt led blinks delays are unreadable.
« Last Edit: 24 / May / 2008, 19:51:23 by owerlord »
Logged
*

Offline owerlord

  • ***
  • 115
Re: code you HAVE RUN on your dslr
« Reply #64 on: 25 / May / 2008, 12:20:26 »
I wrote a driver for the led-output, and redirected the stdout and stderr on it. problem is that the sending is with errors. (changed characters and so).

Here is a log of messages from loading until the menu apears (where the errors begin) and then I press "jump" couple of times. Read on :-)

Code: [Select]
Begin
Begin
Begin
Begin
?oFDromStart
usrInit
usrKernelInit
class
task
qInit1
qInit2
qInit3
workqinit
sysmemtop
usrRoot
blDrv()
DrvInstall...
malloc...
DevAdd...
blDrv Installed
AppInit
Startup - start
Starting test
/blink/0 tes/blink/0 test - 2/2
Redirecting stdout and stderr
Redirection succesfull
test exit
InitializeIntercom
[TFT-OLC] Notify Change.
-- ----------------
--- Change OLC ---
------------------
 String   :
 Mode   : 0
 Tv     :
 Av     : F00
 ISO    : AUTO
 WBMode : 0
 MesMode: 0
 AFMode : 0
 Drive  : 0
 AFPoint: 0
 format : 0
 size   : 0
 quality: 0
 Battery: 0
x-x--v-----c--
/ t Ilrto; zi*x-----r----b---c--
Mea?e   anO4cDIALxiweei 1
Byc x   5D9 --- --r-h--u---c-MCngWRvvWtetnuctn
x   6:  3046 [D-GI]ReuetR=0x0
x   7:  n0460 [DP-UInDigipCaabiit=00
   x8:m  30460 [-UInCL PM_Enilog FmF1  30&70[D-GUI] Free PinerPoprt
    1: n 3k47;[MC],T:0007nS:00, 9T    1z n 3470[M] GUInChage| :
 F 3:   347 [AIN] EnabteStDwnz m14:  n38970 [CM]InitilizComContrl
    17:x 979 [TOM]ROMegisteqLsTrnserBR{   18:  3970 [RTOM]TO_RBiRequeetransfeCBR

 x  J9:   380 [ATr]nitilizFATrasmissinLineecker n 20:  3900VB:0
n  2J: k 3910aRM]T_egistNotiyCnnetDT
   22: c 3910[GI] DTDIxO?Eh
m   36:  39920 [F]AccessTimngh I 250n
 m 4: a4020[M] T:008S:000, 0
    1:  4420 [MAI] DivStte0
    &9:F 40450 [F]FP_etFilSize :nFI{GetFieSizerr (A/MSiUTPRINTMRK
   0:   4051{[AIN] RmanCuser : 5799W    1: c 4510[SM]evnt:22,n0000:000, 04   52q
  400 SBn: -----FF, ,   5:  40510[STM]event:10,00:0000 0  54[  x4010 SB: -----FF
, d   51 x 40510[STM]evnt:12,,000000, 0zF   56  x4010 SBa m-----FF,
   5  4010[SM]mevet:12,x0q00:000, 0)   58[  m4050 iSB: -----FF,    59 n4010[MA :
000,S:001_ J
   40:mn 451 [C]:001 S0001,12
  c614  4050 MAIN]xileCountvr  0(0)
x{  62:  40510 [AI] BurCntr p0_  63[  x40510 MAN]nFull CF
 , 6:  4520 [MAIN] TFTk.Ccn  65p 40520 ZAIN]nFULL C WRNINGT    66: x 40520aMIg (
gi_nicomp)
a 7:   40520 [AI] aIntializ Cmpltep
n 68:a 4052 [C];T:012, S:100,x13,  69h  m4050 MCg T0002, l:100  14
   70:  4020  sw:060000)
F  1:  4052 [TM e*n: 1 0:000,
 F 72: n 4020[M] T:004 S:100, 5
    z3: 52      act:0129
   4:a 40530 [C]T:000, S:1000,16b  7[  m0530 g crl008
 x{ 76:  453 [MAIN] FLLCFWARNING.
  80  4050 C{T0006, :10017W  mn85:  4040 [M] T006,mS:000 1
   86: ;m4k54 [M] T:012, S1000, 19
m   7:a 4054 [UI PstQR  0000000
  k88t 40540 MCLT:000, :100) 20
  8   40540      ctrl?080
    x6:  4j55 [C],T:007 S[010,21
  m97  4050 MC G Chanhdm:7
  c98F  4050 STM] een:L 0:00:00,0
 n 12:  62 [DISPOW TrnOnmtat
x  4  0620 [UI] GetQ :00000000
a 08  4060 C T:01, :00022| 109  k400 [MAN] PLY BUSY EN.
  116   4060 mMA] 8680002 < 8680340b  24p 4070 mP FP_GetFileSze  FIO_eetFileiznE
r (:/IS/ATXERMR
 .1n3:x{ 4087 [LCD] EablLcdCotrolle
 m 1:  4k70[DSPOW Trn On omwe
   19:x{ 489 [9]nT:0007 S010,23
  a40:  4080 LCD EabeL+dBackLgh  a4: m 4090[MN FaceSens/ fz1)
  a42n  0890 MC GI hangedx2
   43h 40890 mSTM ent:21, 0:0:00,,0
 14c  90 [FM eent: 1W0000:00,  14:  4900[FCE Stp
ceensroReady stte= DLE[5T   15:  4530[MC] :0029, S:10, 4
  1v0:{ 7610 [pC]nT:000 S:010,5
   161h   7060 g4ctl:09T   162: x{70610[Sc]event:21,,0000:000, 0z,  163  50 [MC]
 T002, S:040 26  x16   9590x     sw:0162000)
   165[  m9890 MC T0002, S:0040, 27 n6:   98890  sw:062x0000)
,  167t J01490 MC T:0002, S:040_ 28
  16:  01490     sw:0162000)
   69[  J4 0n[MC] T?0, S:040)F29
  17  0490i sw:062&000)
   171[  J7440 MC T00, :040 30
n x17  07z0 sw:0620000)
,  173[  J10740 MC T?0, S:040) 3  17z 110_40     w:062B0000)
   175[  3d90 [MC] T[0002,:0040 32
  174: 1890      w:62(000)_,  177  J8390 [MC] T0k2, S:0040 33'  1n: 118390 w:160
00)z   179t J1690 MC T000, :040 34
  c18 12190,     sw:062000)
  82[  470 MC T002, :0040, 35
  c18 24790      sw:062&0000)


And don't you dare say that the errors are too bad to read it! I tried many algoritms to make it better - it's the best I can get!

NEW: The problem is that the led-output is so slow that the output of the diffrent tasks merge (even with semaphores aplied). If I would have a function witch would give me some actual-task-identyfier - I would disect it. the second option is to make a biiig buffor - I will test it tomorow.
« Last Edit: 25 / May / 2008, 18:21:10 by owerlord »
Logged
*

Offline owerlord

  • ***
  • 115
Re: code you HAVE RUN on your dslr
« Reply #65 on: 26 / May / 2008, 06:38:10 »
Ok, done. I got the blocking mechanizm right. Now it's readable.

As earlyer - here's a log of messages from loading the program until the menu apears and couple of "JUMP" press (other buttons don't do anything.

Code: [Select]
Begin
Begin
Begin
Begin
sbanromStart
usrInit
usrKernelInit
class
task
qInit1
qInit2
qInit3
workqinit
sysmemtop
usrRoot
blDrv()
DrvInstall...
malloc...
DevAdd...
blDrv Installed
AppInit
Startup - start
Starting test
/blink/0 tes/blink/0 test - 2/2
Redirecting stdout and stderr
Redirection succesfull
test exit
InitializeIntercom
vTFT-OLC] Notify Change.
------------------
--- Change OLC ---
------------------
 String   :
 Mode   : 0
 Tv     :
 Av     : F00
 ISO    : AUTO
 WBMode : 0
 MesMode: 0
 AFMode : 0
 Drive  : 0
 AFPoint: 0
 format : 0
 size   : 0
 quality: 0
 Battery: 0

? --------------------------------------
? /*         ICU Information          */
? --------------------------------------
? ModelName       : Canon EOS 400D DIGITAL
? FirmwareVersion : 1.1.1
? BodyID          : (hmmm - it's a bit risky :-)
? --------------------------------------
[CmndMgr]WARNING: OverWrite Operation Function?
[DM] dmStart
     6:   30120 [DP-GUI] RequestRet=0x0
a    7:a  30120 [DP-GUI] DigipCapabirity=0x0/v    8:a  30120 [DP-GUI] CALL DPM_EndDialog
    10:   30130 [DP-GUI] Free PrinterProperty
    b1,V  30130 [MC] T:0007, S:0001, 9/v   b2:   30130 [MC] GUI Changed :1
a   13:   30130 [MAIN] EnableShutDown
    17:   30280 [CM]InitializeComControl
    18:   30290 [RTOM]RTOM_RegistRequesetTransferCBR
    19:   30290 [RTOM]RTOM_RegistRequesetTransferCBR
    20:   30290 [FATr]InitializeFATransmissionLineChecker
    21:   30290 VBUS:0
    22:   30290 [RTOM]RTOM_RegistNotifyConnectDT
    23:   30290 [GUI] DT_DISCONNECT
    36:   30300 [CF] AccessTiming: I/O 250nS
    40:   30340 [MC] T:0008, S:0001, 10
    41:   30340 [MAIN] DriveState:0
    49:   30340 [FP] FP_GetFileSize : FIO_GetFileSize Err (A:/MISC/AUTPRINT.MRK)

    50:   30350 [MAIN] RemainCluster : 57991
    51:   30350 [STM] event:22, 00:00:000, 0
    52:   30350         SB : r-----FF, 3
    53:   30350 [STM] event:10, 00:00:000, 0
    54:   30350         SB : r-----FF, 3
    55:   30350 [STM] event:12, 00:00:000, 0
    56:   30350         SB : r-----FF, 3
    57:   30350 [STM] event:12, 00:00:000, 0
    58:   30350         SB : r-----FF, 3
    59:   30350 [MC] T:0010, S:0001, 11
    60:   30350 [MC] T:0011, S:0001, 12
    61:   30350 [MAIN] FileCounter : 0(0)
    62:   30350 [MAIN] BurstCounter : 0
    63:   30350 [MAIN] Full CF
    64:   30350 [MAIN] TFT OLC
    65:   30350 [MAIN] FULL CF WARNING.
    66:   30350 [MAIN] (gui_initcomp)
    67:   30350 [MAIN] (Initialize Complete.)
    68:   30350 [MC] T:0012, S:1000, 13
    69:   30350 [MC] T:0002, S:1000, 14
    70:   30350          sw:0160(0000)
    71:   30350 [STM] event: 1, 00:00:000, 0
    72:   30350 [MC] T:0004, S:1000, 15
    73:   30350          act:0129
    74:   30350 [MC] T:0001, S:1000, 16
    75:   30350          ctrl:0080
    76:   30350 [MAIN] FULL CF WARNING.
    80:   30350 [MC] T:0006, S:1000, 17
    85:   30350 [MC] T:0006, S:1000, 18
    86:   30350 [MC] T:0012, S:1000, 19
    87:   30350 [GUI] PostQR : 00000000
    89:   30350 [MC] T:0001, S:1000, 20
    90:   30350          ctrl:0080
    96:   30350 [MC] T:0007, S:0100, 21
    97:   30350 [MC] GUI Changed :7
    98:   30350 [STM] event: 1, 00:00:000, 0
   102:   30350 [DISPPOW] Turn On Start
   104:   30350 [GUI] GetQR : 00000000
   111:   30350 [MC] T:0018, S:0100, 22
   112:   30350 [MAIN] PLAY BUSY END.
   119:   30350 [MAIN]  868003024 < 868003040
   127:   30360 [FP] FP_GetFileSize : FIO_GetFileSize Err (A:/MISC/AUTXFER.MRK)
   136:   30380 [LCD] EnableLcdController
   137:   30380 [DISPPOW] Turn On Complete
   142:   30380 [MC] T:0007, S:0100, 23
   143:   30380 [LCD] EnableLcdBackLight
   144:   30380 [MAIN] FaceSensor Off(1)
   145:   30380 [MC] GUI Changed :2
   146:   30380 [STM] event:21, 00:00:000, 0
   147:   30380 [STM] event: 1, 00:00:000, 0
   148:   30380 [FACE] StopFaceSensorToReady: state = IDLE[5]
   161:   30670 [MC] T:0001, S:0100, 24
   162:   30670          ctrl:0092
   163:   30670 [STM] event:21, 00:00:000, 0
   164:   35360 [MC] T:0029, S:0040, 25
a  166:   45640 [MC] T:0002, S:0040, 26
   167:   45640          sw:0162(0000)
a  168:   49090 [MC] T:0002, S:0040, 27
   169:   49090          sw:0162(0000)
   170:   53390 [MC] T:0002, S:0040, 28
   171:   53390          sw:0162(0000)
   172:   57690 [MC] T:0002, S:0040, 29
   173:   57690          sw:0162(0000)
« Last Edit: 26 / May / 2008, 06:40:47 by owerlord »
Logged
*

Offline brainwash

  • **
  • 95
  • Nikon D40x & A460
Re: code you HAVE RUN on your dslr
« Reply #66 on: 26 / May / 2008, 07:30:29 »
Great find!
Are those printfs used by developers for debugging purposes? If that's true then there must be some debug interface attachable to it (USB?). I'm working with an embedded device (VxWorks) that takes commands on serial port and also is able to install a USB driver.
Unfortunately my line of expertise is not C but Java, but maybe I can help.
Logged
*

Offline owerlord

  • ***
  • 115
Re: code you HAVE RUN on your dslr
« Reply #67 on: 26 / May / 2008, 08:04:05 »
the messages are debug. propably the camera have a serial port (I think its in the battery slot. But I wasn't able to connect to it (I'm better at software then hardware :-), so I decided to redirect the output on the blinking led. The camera have even a shell - but the led is one direction protocol ;-)
Logged
*

Offline _MAG_

  • *
  • 47
Re: code you HAVE RUN on your dslr
« Reply #68 on: 26 / May / 2008, 09:35:06 »
--- Change OLC --- info block wery intresting. I think it is "default" value.
so if ist safe try change him. Example:
 Tv     : 1.8
AFPoint: 1 (i think 0 if off. other in number of AF point selected by default)
AFMode : 1 (0 off 1 on)
//////
i sink Drive  : 0 - is manual or AF mode switch.

I sink we can cumunicate with camera by FaceSensor. They have 2 Pos on and off
so we can transfer binary data 1 & 0 from PC by simple led.
I sink sensor state if 0 (face not present - light detected) and 1 (face close light - face present). To transfer data maybe need invert 1 and 0 before transfer - becouse in normal state Led on is 1, Led off -0.


« Last Edit: 26 / May / 2008, 09:47:19 by _MAG_ »
Logged
*

ASalina

Re: code you HAVE RUN on your dslr
« Reply #69 on: 26 / May / 2008, 11:52:52 »
Quote from: owerlord on 26 / May / 2008, 08:04:05
the messages are debug. propably the camera have a serial port (I think its in the battery slot. But I wasn't able to connect to it (I'm better at software then hardware :-), so I decided to redirect the output on the blinking led. The camera have even a shell - but the led is one direction protocol ;-)

I wish I had a battery grip for your camera. I would take it apart and trace the wiring for you.

Can you see if the pins on the battery grip (from that photo I posted) match all of the pins inside your camera? Does the camera have more pins than the battery grip?
Logged
Pages: 1 2 3 4 5 6 [7] 8 9 10 11 12 ... 15   Go Up
« previous next »
 

Related Topics