To get into things I would like to start with something simpler that is already kind of identified. What I would like to test is to disable formatting the SD card when CHDK is loaded (no matter if in ALT mode or not).
I curiously grepped and found some already identified addresses:
Will I have to then save the PRIMARY.BIN, put it in the sub dir, re-build CHDK, and install it on my CAM to test it? Ideally I would like to test it on the emulator first.
b *0xFFC090B4commands set MEM(0x2234) = 0x200000 cend
Moreover, I thought if ever I am able to identify the code to disable the SD card's lock check, how will I be able to test it on the emulator? Maybe some QEMU setting like read-only=on on the QEMU need to be translated to a ro SD card or this can only be tested directly on the cam?
... case 0x3024: msg = "A1100: SD card lock settting"; // https://chdk.setepontos.com/index.php?topic=14826.msg150122#msg150122 // echo $(printf "0x%X\n" $((0xC0223024 & 0xFFFF))) ret = 0; break;...
Thanks for the reply.How did you figure out that 0xC0223024 is the lock status for A1100?
// "BL sub_FFC18754\n" // //start diskboot.bin, //StartDiskboot --> removed
My Ghidra is showing ?? on that address
(I have lots of bookmarks with errors anyhow).
I could not figure out how to use your QEMU option while using your branch to make the SD card lock.
-M A1100,firmware=boot=0
Code: [Select]... case 0x3024: msg = "A1100: SD card lock settting"; // https://chdk.setepontos.com/index.php?topic=14826.msg150122#msg150122 // echo $(printf "0x%X\n" $((0xC0223024 & 0xFFFF))) ret = 0; break;...
One thing I observed is that when I press backspace (to correct a command for example) in the QEMU serial console, it gets stuck and I have to restart QEMU. Do you also have the same problem? I am not using Putty as I am on Linux directly.
So if we had to do it for srsa_4c's cam, how would the GDB script look like?
b *0xFFC00000commands set MEM(0xFFC2ACAC) = 0x0 cend
Also a question regarding the boot process. In your A1100 machine, I was copying the firmware dump to the DISKBOOT.BIN file in a hope that the emulator will get stuck in a boot loop but it did not. What is preventing that?
The firmware dump and diskboot.bin are entirely different things.
Started by cosmograph General Discussion and Assistance
Started by Bagger288 Completed and Working Scripts
Started by Sess RAW Shooting and Processing
Started by flarn2006 Feature Requests
Started by cantain Hotwire! Hardware Mods, Accessories and Insights