I Got My 40D's LED to Light Up! - page 2 - DSLR Hack development - CHDK Forum

I Got My 40D's LED to Light Up!

  • 22 Replies
  • 20240 Views
*

ASalina

Re: I Got My 40D's LED to Light Up!
« Reply #10 on: 02 / June / 2008, 07:40:00 »
Advertisements
@mx3

>   long *base = (long*)0xC0220000, *addr;
>   long k;

sizeof(long) = 8 bytes. sizeof(int) = 4 bytes.

ARM works with 32 bits.

*

ASalina

Re: I Got My 40D's LED to Light Up!
« Reply #11 on: 02 / June / 2008, 07:41:15 »
I spend a bit of IDA analysing code from my compilations, and ended with something like that:

entryadr=0x800030

CFLAGS=-nostdlib -march=armv5te -fno-builtin
LDFLAGS=-Wl,-Ttext,$(entryadr)

You can add -O2 if you want - but it is no fun when you analyse the code, becose it just erase all the code that don't do anything. - it can erase your delay also !!

Ok, I'll fix those things and post a new version.

*

ASalina

Re: I Got My 40D's LED to Light Up!
« Reply #12 on: 02 / June / 2008, 07:48:51 »
I've tried a few changes to scanled.c to slow the blinking down, but I still only get one blink on each LED. The two LED's addresses must be close together because they blink close to the same time. The addresses must also be down close to the base address because they blink soon after the program starts (a second or two).

I don't know why they only blink once.

*

Offline mx3

  • ****
  • 372
Re: I Got My 40D's LED to Light Up!
« Reply #13 on: 02 / June / 2008, 07:56:55 »
>why do you need "j" loop?

It blinks out the offset from the base address. You count the blinks and add that to the base address to get the LED's address.

Code: [Select]
int *base = 0xC0220000;
for(i = 0; i < 0x100; i++)
for(j = 0; j < i; j++){
k = *(base+i);
}
this code means that :
 work with address 0xC0220000 will be done 0x99 times ( first time skipped due to i=0;j=0; j<i==false)
 work with address 0xC0220004 will be done 0x98 times ( etc)
 work with address 0xC0220008 will be done 0x97 times
 work with address 0xC0220010 will be done 0x96 times

I don't think you need this


>why to use weird addresses (X1,X2,X3)? (ARM architecture >does not support well such data alligments)
I'm not sure what you mean?
it is my mistake. ignore it
skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

*

Offline mx3

  • ****
  • 372
Re: I Got My 40D's LED to Light Up!
« Reply #14 on: 02 / June / 2008, 08:11:01 »
this code means that :
 work with address 0xC0220000 will be done 0x99 times ( first time skipped due to i=0;j=0; j<i==false)
 work with address 0xC0220004 will be done 0x98 times ( etc)
 work with address 0xC0220008 will be done 0x97 times
 work with address 0xC0220010 will be done 0x96 times

update: wrong one more my mistake... :-)
actually first address will be scanned 0x99*0x100(?) times....


update: I 'm quiting now.
my beer takes my mind away
« Last Edit: 02 / June / 2008, 08:14:12 by mx3 »
skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

*

ASalina

Re: I Got My 40D's LED to Light Up!
« Reply #15 on: 02 / June / 2008, 08:43:23 »

update: I 'm quiting now.
my beer takes my mind away


I very tired too. :-)

I've been narrowing down the location of the LEDs. What I've gotten to so far is that the Direct Print LED is between 0xC022003A and 0xC022003C, and the Drive Activity LED is right below it.

I'll continue narrowing it down after I've had some sleep.

Re: I Got My 40D's LED to Light Up!
« Reply #16 on: 02 / June / 2008, 09:08:57 »
remember: (int *) 0xC0220000 + 1 = 0xC0220004 !!
I used:

for (i=0;i<d; i++)
{ asm("NOP");asm("NOP");asm("NOP");asm("NOP"); }

for delay. and no -O2 !

*

ASalina

Re: I Got My 40D's LED to Light Up!
« Reply #17 on: 03 / June / 2008, 08:45:33 »
I spend a bit of IDA analysing code from my compilations, and ended with something like that:

entryadr=0x800030

CFLAGS=-nostdlib -march=armv5te -fno-builtin
LDFLAGS=-Wl,-Ttext,$(entryadr)


I tried with these values and they don't seem to work properly. My little blinker program just lights up one LED and seems to hang.

Using:

CFLAGS=-fno-builtin -Ilib -mcpu=arm9

(Actually, a string in the flasher says "ARM946ES" but arm-elf-gcc won't accept "-mcpu=arm946e-s" like it says in the info file)

LDFLAGS=-fno-builtin -nostdlib -Wl,-Ttext,1900

is what currently works. I don't know why.

I'm going to try to make the dummy firmware section much smaller next, so it will load faster and leave more free memory.

*

Offline mx3

  • ****
  • 372
Re: I Got My 40D's LED to Light Up!
« Reply #18 on: 03 / June / 2008, 08:53:34 »

LDFLAGS=-fno-builtin -nostdlib -Wl,-Ttext,1900

is what currently works. I don't know why.


I suggest you to use  -fpic  option:
arm-elf-gcc -fno-builtin -O2 -Ilib -nostdlib  -fpic  -o scanled.exec entry.o scanled.o -lgcc

it will generate position independent code.
it is does not matter at wich address code will be loaded and executed
skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

*

ASalina

Re: I Got My 40D's LED to Light Up!
« Reply #19 on: 03 / June / 2008, 09:00:52 »

I'm going to try to make the dummy firmware section much smaller next, so it will load faster and leave more free memory.


Ok, that works. The dummy firmware payload is now only ~8K bytes long.

Here's the diff file for mkfir.c

Code: [Select]
--- mkfir.c~    2008-06-03 08:32:31.000000000 -0400
+++ mkfir.c     2008-06-03 08:47:26.000000000 -0400
@@ -109,7 +109,7 @@
        }
        fclose(pht);

-       for(q = 0; q < 8192000/sizeof(payload); q++)
+       for(q = 0; q < 8192/sizeof(payload); q++)
                fwrite(payload, sizeof(payload), 1, tmp);

        fseek(tmp, 0, SEEK_END);

It's strange though. When I tried to remove the for() loop and just write one "RET" instruction as the payload, the camera hung. If the payload has 2k RET's the program runs ok.
« Last Edit: 03 / June / 2008, 09:03:07 by ASalina »

 

Related Topics


SimplePortal © 2008-2014, SimplePortal