My projects - page 2 - DSLR Hack development - CHDK Forum

My projects

  • 25 Replies
  • 18354 Views
*

Offline Seklth

  • **
  • 54
  • 400D
Re: My projects
« Reply #10 on: 26 / June / 2008, 04:50:30 »
Advertisements

Create task, wait 5 sec, and dump ram! :-)
http://seklth.ru/chdk/autoexec.bin.dump.rar
 
And my idb file (without loaded ram)
http://seklth.ru/chdk/400D_E4KR3111_FF810000_20080626.rar

*

Offline _MAG_

  • *
  • 47
Re: My projects
« Reply #11 on: 26 / June / 2008, 05:29:18 »
Seklth - good work!
« Last Edit: 29 / June / 2008, 02:45:46 by _MAG_ »

*

Offline Seklth

  • **
  • 54
  • 400D
Re: My projects
« Reply #12 on: 28 / June / 2008, 17:36:42 »
Up) with ram
http://seklth.ru/chdk/400D_E4KR3111_FF810000_20080629.rar

@ASalina
you can post you idb?

*

ASalina

Re: My projects
« Reply #13 on: 29 / June / 2008, 15:38:16 »
Up) with ram
http://seklth.ru/chdk/400D_E4KR3111_FF810000_20080629.rar

@ASalina
you can post you idb?

Thanks, and here is mine:
RapidShare: Easy Filehosting

I've been comparing owerlord's IDB for the 400D to mine, trying to duplicate what he did. The two firmwares are structured very differently begining with romStart(), so it is hard to identify the other functions that come after romStart(). I have applied all of mx3's function names (with _ADDRESS appended to them).

I can make a FUNCLIST.TXT file with the addresses stripped off at any time if you would like. Let me know.


*

Offline Seklth

  • **
  • 54
  • 400D
Re: My projects
« Reply #14 on: 01 / July / 2008, 23:32:59 »
yes, 40d - K190, 400d - K236 =)
But system functions - it is compare, example CreateTask...

tip: see romStart_FF8100DC - it is copy from 0xFFD89CE0 to 0x1900, size 0x25530, load it)

and test autoexec.bin with code LDR PC, =0xFF810054
on 40d if jump to FF810000 - not work, if to FF810054 - all ok, loaded

also i think need some signature search for transfer functions =)


and about 400d - if call function dumpf() - it's dump current log-messages to CF =)
« Last Edit: 01 / July / 2008, 23:41:33 by Seklth »

Re: My projects
« Reply #15 on: 02 / July / 2008, 06:58:10 »
Hi,

I uploaded my analyses of 40D FW 1.08. I use IDA Pro Advanced 5.2 64 bits version
RapidShare: Easy Filehosting


Unfortunately I can't get the correct C compiler for Cygwin working so I can't build my own autoexec.bin.

Can someone help me and make dump of the 40D memory from 0x00000 to 0xFFFFF.
This is where I think that (parts) of the RAM is located

(or tell me how to install the compiler)


*

Offline Seklth

  • **
  • 54
  • 400D
Re: My projects
« Reply #16 on: 02 / July / 2008, 10:18:42 »
Can someone help me and make dump of the 40D memory from 0x00000 to 0xFFFFF.
This is where I think that (parts) of the RAM is located
tip: see romStart_FF8100DC - it is copy from 0xFFD89CE0 to 0x1900, size 0x25530, load it)

*

ASalina

Re: My projects
« Reply #17 on: 02 / July / 2008, 13:38:33 »
Hi,

I uploaded my analyses of 40D FW 1.08. I use IDA Pro Advanced 5.2 64 bits version
RapidShare: Easy Filehosting


Unfortunately I can't get the correct C compiler for Cygwin working so I can't build my own autoexec.bin.

Do you mean the memory dumper that I was using? If so, you won't find too much interesting in low memory with it. The problem is that it runs while the camera is in "firmware update mode" and most of the OS is shut down.

I did a dump of that area myself and didn't much there.

Did you follow the instructions on the Wiki page?

Compiling CHDK under Windows - CHDK Wiki

If that doesn't help maybe you can ask in one of the bigger developer forums like the parent of this one. I'm a Linux guy and I don't know much about Windows :-)



Re: My projects
« Reply #18 on: 03 / July / 2008, 02:52:28 »
Hi, thanks for your response,

I will try compiling under window. I haven't tried that yet.

I have a hard time understanding the section where the code is supposed to be copied. I don't see the copy action itself?
And I think the size of the block is 25530-1900
« Last Edit: 03 / July / 2008, 07:00:41 by emklap »

*

Offline Seklth

  • **
  • 54
  • 400D
Re: My projects
« Reply #19 on: 03 / July / 2008, 12:51:40 »
see my or owerlord idb for 400d:
Code: [Select]
FW:FF8100A0 romStart
FW:FF8100A0
FW:FF8100A0 arg_1900        =  0x1900
FW:FF8100A0
FW:FF8100A0                 LDR     R2, =0xC6B0 - size
FW:FF8100A4                 STMFD   SP!, {R4,LR}
FW:FF8100A8                 MOV     R2, R2,LSR#2
FW:FF8100AC                 MOV     R4, R0
FW:FF8100B0                 MOV     R1, #addr_0x1900 - this is 0x1900
FW:FF8100B4                 LDR     R0, =cache_0x1900 - this it 0xFFB602F0
FW:FF8100B8                 BL      unknown_cache_  ; (src, dst, size);
FW:FF8100BC                 MOV     R0, R4
FW:FF8100C0                 LDMFD   SP!, {R4,LR}
FW:FF8100C4                 B       usrInit
FW:FF8100C4 ; End of function romStart

that unknown_cache_ doing - copied data from ROM 0xFFB602F0 to RAM 0x1900.

sorry, my english is bad))

 

SimplePortal 2.3.6 © 2008-2014, SimplePortal