Force HDMI output outside of Play mode (G15) - Script Writing - CHDK Forum

Force HDMI output outside of Play mode (G15)

  • 5 Replies
  • 305 Views
Force HDMI output outside of Play mode (G15)
« on: 23 / July / 2020, 20:49:05 »
Advertisements
Hello all,

I'm trying to use my G15 as a webcam; it has a HDMI output that only works in Play mode, not in pointing or recording.  Is there a _hardware_ restriction that would make it impossible?  I'm deep into the firmware right now, trying to trace where the mode is tested when receiving EnableHDMIPower and the such, but I'd like to make sure first that there is no known hardware limit to that approach.

Thanks!

*

Offline reyalp

  • ******
  • 12795
Re: Force HDMI output outside of Play mode (G15)
« Reply #1 on: 23 / July / 2020, 22:40:25 »
Hello all,

I'm trying to use my G15 as a webcam; it has a HDMI output that only works in Play mode, not in pointing or recording.  Is there a _hardware_ restriction that would make it impossible?
It's unknown if there's a hardware restriction, but the firmware does not appear to contain code to drive all the display and sensor stuff through HDMI out when rec mode is active on most cameras. A few Digic 6 cameras (the EOS M3/M10 and G5X) do support HDMI out, which might provide some clues, though the hardware may be different from earlier models and D6 models that don't support it, like G7X.

You can find related code around SetVideoOutType / GetVideoOutType and the code related to the displaytype (found by the sig finder in digic 6 cams).

I did manage to set some higher res undocumented modes, but both the live view and Canon UI were garbled https://chdk.setepontos.com/index.php?topic=12788.msg142286#msg142286
Don't forget what the H stands for.

Re: Force HDMI output outside of Play mode (G15)
« Reply #2 on: 24 / July / 2020, 00:28:25 »
Super interesting, cheers buddy.  The function called by DispCon_SetDisplayType on G15 is:

Code: [Select]
void doThingsIfArg=0OtherwiseTurnOffDisplay(undefined4 param_1)

{
  switch(param_1) {
  case 0:
  default:
switchD_ff167a48_caseD_a:
    Unclear1(param_1);
    FUN_ff05747c();
    return;
  case 1:
    break;
  case 2:
    break;
  case 3:
    goto switchD_ff167a48_caseD_a;
  case 4:
    goto switchD_ff167a48_caseD_a;
  case 5:
    goto switchD_ff167a48_caseD_a;
  case 6:
    break;
  case 7:
    break;
  case 8:
    break;
  case 9:
  }
  turnOffDisplayInternal();
  Unclear1(param_1);
  return;
}

(Sorry for my poor naming convention.)  As far as I can see, calling this function with any value makes the camera crash.  I'll keep investigating!

EDIT: As a newbie question, is the code in memory write-protected?  I can't seem to be able to poke() it.  I have, say:

Code: [Select]
        print (string.format ("before: %x", peek(0xff0a4aa8)))
        if not poke (0xff0a4aa8, 0x00, 1) then
                print ("poke failed.")
        end
        print (string.format ("after: %x", peek(0xff0a4aa8)))
        call_func_ptr (0xff0a4aa8)

This never prints "poke failed."  Sometimes, the "after" IS correct, but even then, the call_func_ptr fails to crash.   If I rerun the script, the "before" peek shows the original values.  Is that expected?  I do apologize if this is extensively covered some place that I missed!

EDIT2: Apologies, this thread covers already what can and can't be poked, and the different approaches to modifying the behavior of the firmware: https://chdk.setepontos.com/index.php?topic=6197.10 
« Last Edit: 24 / July / 2020, 13:39:26 by cadilhac »

*

Offline reyalp

  • ******
  • 12795
Re: Force HDMI output outside of Play mode (G15)
« Reply #3 on: 24 / July / 2020, 13:39:26 »
Super interesting, cheers buddy.  The function called by DispCon_SetDisplayType on G15 is:

Code: [Select]
void doThingsIfArg=0OtherwiseTurnOffDisplay(undefined4 param_1)

{
  switch(param_1) {
  case 0:
  default:
switchD_ff167a48_caseD_a:
    Unclear1(param_1);
    FUN_ff05747c();
    return;
  case 1:
    break;
  case 2:
    break;
  case 3:
    goto switchD_ff167a48_caseD_a;
  case 4:
    goto switchD_ff167a48_caseD_a;
  case 5:
    goto switchD_ff167a48_caseD_a;
  case 6:
    break;
  case 7:
    break;
  case 8:
    break;
  case 9:
  }
  turnOffDisplayInternal();
  Unclear1(param_1);
  return;
}

(Sorry for my poor naming convention.)  As far as I can see, calling this function with any value makes the camera crash.  I'll keep investigating!
I would check the ROMLOG first https://chdk.fandom.com/wiki/Debugging#Camera_crash_logs_.28romlog.29

It's possible this function doesn't like to be called when the display is active, or that CHDK refreshing the display around when it's called causes problems, or something needs to be initialized first. The eventproc registration functions that would normally register  DispCon_SetDisplayType might create semaphores etc.

Note there is also SetVideoOutType, which is what we've used to force analog AV out. See discussion around https://chdk.setepontos.com/index.php?topic=13451.msg142423#msg142423

Another place to look is around the code related to the LivePathParamCommon.c assert mentioned in that thread (https://chdk.setepontos.com/index.php?topic=13451.70) elph180 function ffa686bc seems to be setting a struct with various resolution related values.


Quote
EDIT: As a newbie question, is the code in memory write-protected?  I can't seem to be able to poke() it.  I have, say:
Not protected per se, but 0xff... is in ROM, so poking it will not change the value. The changed value *may* end up in cache, but without cache lockdown hacks you definitely can't rely on it.

poke Lua wouldn't fail in any case, if memory were write protected by the MPU, it would just crash with a data abort or something.

Don't forget what the H stands for.


Re: Force HDMI output outside of Play mode (G15)
« Reply #4 on: 24 / July / 2020, 14:00:19 »
Very appreciated, that's really helpful, thanks for unearthing these threads!

My goal with the poking was to identify the role of some calls within a lengthy function X — basically, shotgun debugging.  Is there a (well established) way to do this, maybe by duplicating function X in CHDK (somewhere), and modifying it there?

Thanks again, I really appreciate your time.

*

Offline reyalp

  • ******
  • 12795
Re: Force HDMI output outside of Play mode (G15)
« Reply #5 on: 24 / July / 2020, 16:17:06 »
My goal with the poking was to identify the role of some calls within a lengthy function X — basically, shotgun debugging.  Is there a (well established) way to do this, maybe by duplicating function X in CHDK (somewhere), and modifying it there?
It really depends. If the function is called from a specific task, you can hook the task and copy (with codegen or capdis) and modify up to the relevant calls, like we do for capt_seq etc.

If it's something you want to call from CHDK (say, you want to call your own modified version of SetVideoOutType) you can just copy the code somewhere (like boot.c) and call it. Of course, that will only affect your own calls to the function, any calls in the native firmware code will go to the original.

If it's a function called from various parts of the firmware and you want to change the behavior any time it's calld, you'd have to do something like cache hacks, or find some method specific to the function like if the Canon firmware provides a hook of some kind, or catching asserts like srsa_4c did for video out override, or modifying code the canon firmware copies to ram, like we do for CreateTask in some ports.

For the last item, you could find something common like the semaphore or eventflag functions, and modify it to detect when a specific return address is on the stack and jump to your own code instead.

FWIW, for this kind of exploration, I find it helpful to use chdkptp (https://app.assembla.com/spaces/chdkptp/wiki)

You can read memory with rmem or peek, interactively call functions functions and see the results using call_func_ptr / call_event_proc, and can also inspect the camera log using devutil (https://chdk.setepontos.com/index.php?topic=6231.msg142083#msg142083)
Don't forget what the H stands for.

 

Related Topics