I haven't had a chance to trace it all out yet, but there seems to be other tests taking place in the function that looks for "EOS_DEVELOP" and "BOOTDISK". In fact, it looks for those strings several times, doing other tests each time.
Can you check if the "EOS_DEVELOP" is in the right place ? in raw editor? If it is - you'll propably have to dump FFFF0000 to see what is checked."... "BOOTDISK" at 0x40, and "EOS_DEVELOP" at 0x2B ..."
00000000 EB 3C 90 43 61 6E 6F 6E 45 4F 53 00 02 04 01 00 02 00 02 00 .<.CanonEOS.........00000014 00 F8 F5 00 20 00 08 00 20 00 00 00 E0 D2 03 00 80 00 29 00 .... ... .........).00000028 00 00 00 45 4F 53 5F 44 45 56 45 4C 4F 50 46 41 54 31 36 20 ...EOS_DEVELOPFAT160000003C 20 20 00 00 42 4F 4F 54 44 49 53 4B 00 00 00 00 00 00 00 00 ..BOOTDISK........
You're correct that it wants a value to be -1, indeed. Specifically at 0xF8000004, not 0xF8000000. At least, that's on the 105 firmware, I haven't loaded 108 into IDA yet.
You're correct that it wants a value to be -1, indeed.
Quote from: DataGhost on 12 / June / 2008, 15:41:11You're correct that it wants a value to be -1, indeed. Just to keep the record straight. It want's the value to not be -1.CMN R0, 1 ; equivalent to saying "CMP R0, -1"BNE loc_......
you could try overwriting byte 4 of the MBR and partition header with 0xFFFFFFFF (of course, backup first) and see if that helps.
Started by ASalina DSLR Hack development
Started by mantra « 1 2 » DSLR Hack development
Started by Gil He « 1 2 » Firmware Dumping
Started by pittguy578 General Help and Assistance on using CHDK stable releases