DryOS - some success

  • 220 Replies
  • 106198 Views
*

Offline DataGhost

  • ****
  • 314
  • EOS 40D, S5IS
    • DataGhost.com
  • Publish
    Re: DryOS - some success
    « Reply #40 on: 05 / January / 2008, 15:03:55 »
    Advertisements
    @DataGhost
    I just remember that I encountered some strange behaviour that's similar to what you get. It happens in the firmwares own copy_data-code. It fails when executed from boot.c. I didn't find out why and was satisfied when the CHDK-copy-function worked. You can try to rewrite or skip a section of code.

    Another thing I had to think hard about was a "STRD"-command which is called in the firmware. GCC complains about "command not supported on this processor" and I had to find out what it does and rewrote it to two single "STR" commands. I left a comment in the source file, so you should see it.

    If you have absolutely no clue what's going wrong, it's never a bad idea to load the binary in IDA and look if the code got changed by gcc.
    Yes, I also suspected that might be a problem while I was walking to my room again, after not having touched any code for several hours. I'm going to make a note and see when I get to it, I think that either IDA is disassembling stuff differently (which assembles in different code) or that the compiler isn't producing proper code... I'm just going to duplicate the functions and compare them on the byte-level, no disassemblers whatsoever (well, to help me find out where I need to look :p ). I think they must be different, since the code I'm using is 100% the same for the biggest part and fails at totally unexpected locations.

  • Publish
    Re: DryOS - some success
    « Reply #41 on: 05 / January / 2008, 15:21:56 »
    Hi,

    I'm currently trying to dump the firmware of my SD870IS. I think the blinker of the S5IS or the A720 would work great with the SD870. I'm wonder if someone could tell me where I can get this blinker.

    Thanks !

    *

    Offline DataGhost

    • ****
    • 314
    • EOS 40D, S5IS
      • DataGhost.com
  • Publish
    Re: DryOS - some success
    « Reply #42 on: 05 / January / 2008, 16:27:34 »
    mlaprise: I think you should look in this thread: http://chdk.setepontos.com/index.php/topic,263.0.html. I can probably help you with some stuff, but I don't have a standard diode, standard output and standard tools, so beware ;)

    Ontopic: Strange, though... STRD seems to work fine for me, at least the compiler doesn't complain. I'm now just documenting some code, maybe I'll try running it again today. Anyway, not sure if it's useful, but I do remember seeing the compiler complain about it, though I just can't find where anymore: IDA disassembles 'MVN' as 'MOVL'. The latter is not known to the compiler, it should be replaced with MVN, which is the proper identification.
    « Last Edit: 05 / January / 2008, 17:43:53 by DataGhost »

  • Publish
    Re: DryOS - some success
    « Reply #43 on: 05 / January / 2008, 19:55:47 »
    To find out the rough location of a function use the DRYOS-IDA-function-list.txt file in my zip and look at the a720-firmware. I did the same using the stubs_entry.S from the a710 to find some of the functions in dryos.

    Ah, clever. I started to do this, but got tired and went to bed :D

    Quote
    In general I find it a good idea to put the IDA-function-list into the archives we post. It helps the other developers to reproduce and/or check our success.

    No problem, I would even offer my IDA files to someone if they wanted a head start with my firmware.. I hate to think how many hours I have spent walking that file to mark functions and data.

    Quote
    Actually such things can be found out by using text search. Have IDA search the disassembly of a known camera...

    I began down this path last night. I grabbed your firmware and started to disassemble it as well in an attempt to match things up.

    Quote
    Quote
    Basically, everything you put in "used during init"

    Forget this! That was an idea I had when I started, but it turns out that it's nonsense. These are addresses used in uHwSetup. It is one of the duplicated functions in boot.c. These names are used only in boot.c and the code itself is just a duplicate from the original firmware. So just stick to sub_XXXXXXXX and write descriptive names in the comment.

    Duly noted. Thanks for the heads-up on that.

    Quote
    I think "SetupTask_x" is misleading. The code you found are the tasks itself.

    This is only half true. I located as many "task_x" procedures as I could (I think I named them the same way), but then I also tagged the call site which performed the CreateTask as "SetupTask_x" (who knows why I chose that..). In matching names, I think what I called "SetupTask_x", you called "CreateTaskx"; IOW, SetupTask_Startup is your CreateTaskStartup.. bleh naming! I'll move to your naming scheme since you have already published code and it makes more sense anyways.

    Quote
    For the keyboard you will only need one name: "PhySw".

    I figured that out shortly after I posted that. However, your code block showing the naming scheme is priceless, thank you. I'll look into the differences with the keyboard.. I'll keep you posted.

    Quote
    Quote
    So, I have been working against GrAnd's branch..

    Hell! That causes some major headaches :)

    No, actually it's useful if we get a branch that's current. You may just have to figure out some things on your own as you are the first one to do it.

    I suspect there are some extra functions used and names changed.. but I'm not sure yet whether fixing the Makefile for the trunk is less work than working against GrAnd's branch ;)

    As always, thanks for the info.

    -Scott


    *

    Offline mx3

    • ****
    • 372
  • Publish
    Re: DryOS - some success
    « Reply #44 on: 05 / January / 2008, 23:12:04 »

    The entry-points for Open, Close, Read and Write need to be found as they are called from platform/generic/wrappers.c.


    Code: [Select]
    ROM:FFDD8114                 LDR     R1, =sub_FFC15004
    ROM:FFDD8118                 ADR     R0, aOpen       ; "Open"
    ROM:FFDD811C                 BL      ExportToEventProcedure
    ROM:FFDD8120                 LDR     R1, =sub_FFC150D4
    ROM:FFDD8124                 ADR     R0, aRead       ; "Read"
    ROM:FFDD8128                 BL      ExportToEventProcedure
    ROM:FFDD812C                 LDR     R1, =sub_FFC150D8
    ROM:FFDD8130                 ADR     R0, aWrite      ; "Write"
    ROM:FFDD8134                 BL      ExportToEventProcedure
    ROM:FFDD8138                 LDR     R1, =sub_FFC1502C
    ROM:FFDD813C                 ADR     R0, aClose      ; "Close"
    ROM:FFDD8140                 BL      ExportToEventProcedure
    ROM:FFDD8144                 LDR     R1, =sub_FFC15234
    ROM:FFDD8148                 ADR     R0, aLseek      ; "Lseek"
    ROM:FFDD814C                 BL      ExportToEventProcedure

    skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

    *

    Offline GrAnd

    • ****
    • 916
    • [A610, S3IS]
      • CHDK
  • Publish
    Re: DryOS - some success
    « Reply #45 on: 06 / January / 2008, 02:44:14 »
    Anyway, not sure if it's useful, but I do remember seeing the compiler complain about it, though I just can't find where anymore: IDA disassembles 'MVN' as 'MOVL'. The latter is not known to the compiler, it should be replaced with MVN, which is the proper identification.

    IDA uses some macros (by default) which replace some native asm commands. You can switch this option off in the 'Options'->'General'->'Analysis'->'Processor specific analysis options'->'Enable Macros'.
    CHDK Developer.

    *

    Offline jeff666

    • ****
    • 181
    • A720IS
  • Publish
    Re: DryOS - some success
    « Reply #46 on: 06 / January / 2008, 09:21:54 »
    Quote
    Ah, clever. I started to do this, but got tired and went to bed :D

    Yeah, that's the spirit! Just run away when problems arise :D

    Quote
    No problem, I would even offer my IDA files to someone if they wanted a head start with my firmware..
    There's a function to export the database to an .idc file.

    Quote
    I grabbed your firmware and started to disassemble it as well in an attempt to match things up.
    After a while every developer will have a zoo of different firmware-versions he uses to match things.

    Quote
    This is only half true. I located as many "task_x" procedures as I could (I think I named them the same way),
    Some things are just *to* obvious :D

    Quote
    but then I also tagged the call site which performed the CreateTask as "SetupTask_x" (who knows why I chose that..). In matching names, I think what I called "SetupTask_x", you called "CreateTaskx"; IOW, SetupTask_Startup is your CreateTaskStartup.. bleh naming! I'll move to your naming scheme since you have already published code and it makes more sense anyways.

    You picked the only exception of my naming scheme. Those things around "task_Startup" were found quite at the beginning and I didn't have a proper scheme, than. In fact "CreateTaskStartup" has to be named "CreateTask_Startup" and "Startup" has to be named "task_Startup".

    I recently noticed, that in VxWorks-Firmwares the scheme is "taskcreate_X" instead of "CreateTask_X". Although I don't have any specific preference of one over the other I still think we should keep the difference to indicate the OS. Everything with "task" in its name is platform-dependent, anyway.

    Quote
    I suspect there are some extra functions used and names changed.. but I'm not sure yet whether fixing the Makefile for the trunk is less work than working against GrAnd's branch ;)

    We need the port matched to a more recent branch, anyway, as trunk is just the basic framework with no funny features to show-off :D

    Cheers.

    *

    Offline obsidian

    • *
    • 31
    • A710IS
  • Publish
    Re: DryOS - some success
    « Reply #47 on: 06 / January / 2008, 11:14:42 »
    I am glad to see your progress.I read every post with pleasure.  Before this topic started, I ordered A710IS. Pity. If there were to chance cancel it , I would order A650 or A720 instead.
    Can you send me the idb to explore it?

    I make elf programs for my phone(Benq-Siemens E71). What about the idea to make elf-loader for the Canon? Is it possible?Do you think it will furher enhance cameras' abilities?
    « Last Edit: 06 / January / 2008, 11:17:36 by obsidian »
    A710IS + 4GB SanDisk Ultra II


    *

    Offline jeff666

    • ****
    • 181
    • A720IS
  • Publish
    Re: DryOS - some success
    « Reply #48 on: 06 / January / 2008, 11:47:43 »
    Quote
    Before this topic started, I ordered A710IS.

    I thought they don't produce them, anymore. That's why I got an A720. At that time I was optimistic that someone would port CHDK to Digic 3. Nobody knew about a changed OS at this time. Fortunately it was simple enough so I could do the port myself (even though some things are still missing).

    Quote
    Can you send me the idb to explore it?

    Sure.
    Here you are: http://www.zshare.net/download/6245436559b92d/

    You need the firmware itself, too. If you don't have it, yet: http://www.zshare.net/download/4675310ed272ee/

    Quote
    I make elf programs for my phone(Benq-Siemens E71). What about the idea to make elf-loader for the Canon? Is it possible?Do you think it will furher enhance cameras' abilities?

    I find the current approach of adding run-time-features by uBasic-scripts pretty much ideal. Adding features to load arbitrary binary code would probably very device-dependent (including the additional programs) and thus not usable for most people (i.e. non-developers).

    If a feature is added that enhances the controllability of the camera, it should go into uBasic. If you want to do something entirely different (like running a webserver, or such) you would want to load binary code.

    Cheers.

    *

    Offline obsidian

    • *
    • 31
    • A710IS
  • Publish
    Re: DryOS - some success
    « Reply #49 on: 06 / January / 2008, 13:19:43 »
    I won it in auction-sale(1 year old).
    It is right it is device dependent. For each model and firmware exists Function library with ~200 functions.
    A710IS + 4GB SanDisk Ultra II

     

    Related Topics