During the last days I poked around a bit in DryOS. This posting reports what I did and what works.
After making sure that the restart-function does actually restarts the cam (and provoke a boot-loop by reloading diskboot.bin) I took the original CHDK-Loader-framework and duplicated parts of the original firmware into the loader.
Copying data and bss is done using the existing CHDK-functions. I didn't relocate anything, yet.
I had to duplicate more than previously necessary (6 functions, till now) since the SD is initialized right before diskboot.bin is loaded. So I had to change the diskboot-loader which is called later than in VxWorks.
Right now I control the boot-process until right after my modified diskboot-loader is called. Right after that I return control to the firmware which does the rest of the start.
What needs to be done:
- Hook own code so it is called during normal operation. There is a function called "CreateProxyOfEventProcedure". Maybe this can be used as a hook. The other thought is to register a Task using "CreateTask" (and hope it gets called regularly).
- turn off the card lock.
- find the location of useful functions, create signature-files for findsig
I duplicated the function that calls the diskboot-loader. This function calls about 20 other subs. My copy called a modified diskboot-loader that just initializes the SD. For some unknown reason one of the following calls doesn't return.
However if I jump into the original function, the camera starts correctly. Is it possible that my code is overwritten?
Here is my progress so far: http://www.zshare.net/download/5952071a9847ef/
The interesting file is platform/a720/sub/101c/boot.c
To demonstrate that something happens, the blue LED blinks and is turned on at the start.
The code works on a A720IS ver. 1.01C