Right now, the thing I want to figure out is how to get the camera to run AUTOEXEC.BIN properly
CreateBinarySemaphore ROM FFD439AC 000000DC R . . . . . . CreateEventFlag ROM FFD41E20 000000D0 R . . . . . . CreateMessageQueue ROM FFD4286C 00000110 R . . . . . . CreateTask ROM FFD44660 000001CC R . . . . . . DeleteSemaphore ROM FFD43BA0 00000144 R . . . . . . FIO_CreateFile_maybe ROM FFD1690C 000000BC R . . . . . . FIO_Open ROM FFD16840 000000C4 R . . . . . . FIO_ReadFile ROM FFD16A94 000000B0 R . . . . . . FSUmkdir ROM FFD0F564 00000118 R . . . . . . OpenLogFile ROM FFD4E518 000000C8 R . . . . . . UPD_DecryptoFir_maybe ROM FFBC4A5C 00000070 R . . . . . . __sflags ROM FFD80C14 00000114 R . . . . . . __sseek ROM FFD7F240 0000003C R . . . . . . assert ROM FFD4C200 000000CC R . . . . . . checksum ROM FFD57890 00000018 R . . . . . . close ROM FFD77C58 00000060 R . . . . . . create ROM FFD77FFC 00000014 R . . . . . . create_2 ROM FFD1D368 0000000C R . . . . . . d ROM FFD57728 000000A8 R . . . . . . dump ROM FFD4CCC8 00000074 R . . . . . . dumpentire ROM FFD4D0DC 00000058 R . . . . . . errnoSet ROM FFD7A924 00000010 R . . . . . . filewrite ROM FFD5734C 00000130 R . . . . . . fopen ROM FFD80B80 00000090 R . . . . . . free ROM FFD7509C 00000014 R . . . . . . gang ROM FFD577E4 0000009C R . . . . . . gpioread ROM FFD578D0 0000001C R . . . . . . grep ROM FFD4CED4 00000064 R . . . . . . harbint ROM FFD57A18 00000010 R . . . . . . i ROM FFD59484 000000F8 R . . . . . . ioCreateOrOpen ROM FFD77DA4 00000238 R . . . . . . ioFullFileNameGet ROM FFD77884 00000078 R . . . . . . ioctl ROM FFD77AE0 0000000C R . . . . . . ioctl_2 ROM FFD1D3B0 0000000C R . . . . . . iosClose ROM FFD76B98 000000BC R . . . . . . iosCreate_maybe ROM FFD76C60 00000034 R . . . . . . iosDelete ROM FFD76C98 00000034 R . . . . . . iosDevFind ROM FFD7713C 00000058 R . . . . . . iosDevMatch ROM FFD770CC 0000006C R . . . . . . iosFdFree ROM FFD76EE4 000000D0 R . . . . . . iosFdNew ROM FFD76D04 00000124 R . . . . . . iosFdSet ROM FFD76E34 000000AC R . . . . . . iosOpen_maybe ROM FFD76CD0 00000030 R . . . . . . iosWrite ROM FFD769F0 000000C8 R . . . . . . log1 ROM FFD5A028 0000004C R . . . . . . log3 ROM FFD7A610 00000028 R . . . . . . lseek ROM FFD77A20 000000BC R . . . . . . memShow ROM FFD578F0 000000A0 R . . . . . . mem_fn ROM FFD56D40 0000001C R . . . . . . mem_fn_0 ROM FFD5B3FC 00000034 R . . . . . . mem_fn_1 ROM FFD5B43C 00000018 R . . . . . . mem_fn_2 ROM FFD56CFC 00000044 R . . . . . . olddump ROM FFD4CD4C 00000074 R . . . . . . open ROM FFD77FEC 00000010 R . . . . . . open_2 ROM FFD1D35C 0000000C R . . . . . . read_mb_r0_to_0x21020 ROM FFD1D440 0000000C R . . . . . . stdioFpCreate ROM FFD7F114 00000084 R . . . . . . stdioFpDestroy ROM FFD7F0F0 00000020 R . . . . . . strcmp ROM FFD7D680 0000003C R . . . . . . strcpy ROM FFD7D4F8 00000024 R . . . . . . strlen ROM FFD7D348 0000002C R . . . . . . strncpy ROM FFD7D24C 00000060 R . . . . . . taskShow ROM FFD578A8 00000014 R . . . . . . task_1stCapture ROM FF8149DC 00000370 . . . . . . . task_CSMgrTask ROM FFD17E7C 0000023C R . . . . . . task_CapPower ROM FF815394 00000054 . . . . . . . task_CmdShell ROM FFD4ED0C 00000084 R . . . . . . task_Develop ROM FF817A48 00000418 . . . . . . . task_DpsReceiveTask ROM FFAEB368 00000808 R . . . . . . task_GuiLockTask ROM FF859EBC 00000220 R . . . . . . task_GuiMainTask ROM FF85B84C 00000338 R . . . . . . task_HotPlug ROM FF812CB0 0000048C R . . . . . . task_MainCtrl ROM FF8134A4 00000120 R . . . . . . task_Marker ROM FF8127F4 0000003C . . . . . . . task_PostCapture ROM FF814D8C 000000D4 . . . . . . . task_PowerMgr ROM FFD5A4A4 000000B4 . . . . . . . task_RelSchemer ROM FF853F00 000002B8 R . . . . . . task_TaskMain ROM FF811720 00000558 R . . . . . . task_TaskTuneData ROM FF812758 00000070 R . . . . . . task_Terminate ROM FF818DBC 000002FC R . . . . . . taskcreate_CSMgrTask ROM FFD177A0 000001F0 R . . . . . . taskcreate_CapPower ROM FF81454C 0000010C R . . . . . . taskcreate_CmdShell ROM FFD4EC80 00000044 R . . . . . . taskcreate_Develop ROM FF8182A0 00000098 R . . . . . . taskcreate_EvntExec.c___Error_Line____d__ ROM FFC70700 000000BC R . . . . . . taskcreate_GuiLockTask ROM FF85A19C 00000120 R . . . . . . taskcreate_GuiMainTask ROM FF85BBCC 000000C8 R . . . . . . taskcreate_HotPlug ROM FF8128B0 00000240 R . . . . . . taskcreate_MainCtrl ROM FF81382C 00000094 R . . . . . . taskcreate_Marker ROM FF8126E4 00000030 R . . . . . . taskcreate_PowerMgr ROM FFD5A39C 00000040 R . . . . . . taskcreate_RelSchemer ROM FF853C24 0000017C R . . . . . . taskcreate_TaskMain ROM FF81131C 00000164 R . . . . . . taskcreate_Terminate ROM FF8189DC 0000034C R . . . . . . vfprintf ROM FFD79564 00000C6C R . . . . . . write ROM FFD77AEC 00000070 R . . . . . . write_2 ROM FFD1D398 0000000C R . . . . . .
hoa. stop the music.was there some successfull experiment with autoexec.bin?
I suggest you to use old firmware update option until autoexec.bin thing will be clear
How did you make it bootable?
What filesystem are you using?
I don't exactly know what triggers it yet, but the structure of the code looks very similar to the code on the 400D, so if there is anything special that needs to be done with AUTOEXEC.BIN, owerlord already did it for his 400D and it's probably the same for the 40D.
Oh and what is the exact code you tried to execute,
#define RED_LED (int *)0xC02200E0#define BLUE_LED (int *)0xC02200E8#define LONG_PAUSE 350000#define SHORT_PAUSE 150000#define ON 0x46#define OFF 0x48delay(int i){ while(--i) { asm("NOP"); asm("NOP"); asm("NOP"); asm("NOP"); }}blueled(int onoff){ *(BLUE_LED) = onoff;}redled(int onoff){ *(RED_LED) = onoff;}scan(){ int j, red_val, blue_val; blue_val = *(BLUE_LED); red_val = *(RED_LED); for(j = 0; j < 100000; j++){ delay(SHORT_PAUSE); redled(ON); delay(SHORT_PAUSE); redled(red_val); delay(SHORT_PAUSE); blueled(ON); delay(SHORT_PAUSE); blueled(blue_val); }}
how did you compile it?
arm-elf-gcc -fno-builtin -Ilib -nostdinc -c entry.s arm-elf-gcc -fno-builtin -Ilib -mcpu=arm9 -c autoexec.c arm-elf-gcc -fno-builtin -nostdlib -Wl,-N,-Ttext,800000 -o autoexec.exec entry.o autoexec.o arm-elf-objcopy -O binary autoexec.exec autoexec.bin
What exactly is 'No joy', camera didn't turn on or did something else happen?
The other thing I noticed is that it could also start at 0x10800000 but I'm not exactly sure when that happens. I also see some reference to a checksum so it may need one.
Started by ASalina DSLR Hack development
Started by mantra « 1 2 » DSLR Hack development
Started by Gil He « 1 2 » Firmware Dumping
Started by pittguy578 General Help and Assistance on using CHDK stable releases