Are there any CHDK headers that have the layout of the task and context structures used by DryOS? The chdk code that I see that overloads the dispatch hook just uses hard-coded offsets based on the pointer passed in.
Based on my work in reversing the 5D Mark 2 firmware, they look like this:
struct context
{
uint32_t cpsr;
uint32_t r[13];
uint32_t lr;
uint32_t pc;
};struct task
{
uint32_t off_0x00; // always 0?
uint32_t off_0x04; // stack maybe?
uint32_t off_0x08; // flags?
void * entry; // off 0x0c
uint32_t off_0x10;
uint32_t off_0x14;
uint32_t off_0x18;
uint32_t off_0x1c;
uint32_t off_0x20;
char * name; // off_0x24;
uint32_t off_0x28;
uint32_t off_0x2c;
uint32_t off_0x30;
uint32_t off_0x34;
uint32_t off_0x38;
uint32_t off_0x3c;
uint32_t off_0x40;
uint32_t off_0x44;
uint32_t off_0x48;
struct context * context; // off 0x4C
uint32_t pad_1[12];
};
My dispatch hook looks like this:
void
task_dispatch_hook(
struct context ** context
)
{
if( !context )
return;
// Determine the task address
struct task * task =
((uint32_t)context) - offsetof(struct task, context);
// Do nothing unless a new task is starting via the trampoile
if( task->context->pc != (uint32_t) task_trampoline )
return;
// Try to replace the sound device task
// The trampoline will run our entry point instead
if( task->entry == (uint32_t) sound_dev_task )
task->entry = (uint32_t) my_sound_dev_task;
}
