Resuming activity from the LED blinker program - General Discussion and Assistance - CHDK Forum
« previous next »
Pages: [1] 2 3 4   Go Down

Resuming activity from the LED blinker program

  • 37 Replies
  • 11457 Views
*

Offline RaduP

  • *****
  • 908
Resuming activity from the LED blinker program
« on: 26 / August / 2009, 18:26:38 »
Advertisements
I am trying to make a program that would modify the firmware code so that it can be relocatable.
The idea is to move the firmware in RAM, then jump at the beginning of the firmware and let the camera do the normal stuff.
I am not interested for now in any of the hacks CHDK does, and I do not care about what happens with my program or my data once the execution is passed to the firmware.

As a base I am using the LED blinker (removing all the blinking stuff), and trying to jump at the beginning of the firmware, but it does not work. Any help on how to give the control to the firmware would be appreciated.

P.S. I am using a broken a530 as my test platform, and for the time being I don't care about portability, I just want to test some ideas I have.
Logged
*

Offline reyalp

  • ******
  • 14000
Re: Resuming activity from the LED blinker program
« Reply #1 on: 26 / August / 2009, 18:59:41 »
Quote from: RaduP on 26 / August / 2009, 18:26:38
The idea is to move the firmware in RAM, then jump at the beginning of the firmware and let the camera do the normal stuff.
You mean copy the firmware code from ROM to RAM, and then execute it from RAM ?
Quote
As a base I am using the LED blinker (removing all the blinking stuff), and trying to jump at the beginning of the firmware, but it does not work. Any help on how to give the control to the firmware would be appreciated.
Are you just jumping to the start of the firmware ? (FF81000/FFC00000) or are you "moving" it as suggested above ? In the former case, it should work AFAIK, but you can look at the initial loader code (at FFFF0000 to see if there is any special setup)
Logged
Don't forget what the H stands for.
*

Offline RaduP

  • *****
  • 908
Re: Resuming activity from the LED blinker program
« Reply #2 on: 26 / August / 2009, 19:12:17 »
The idea is to copy the firmware from ROM to RAM then execute it.
However, at this stage, I am just trying to jump to the ROM address, which should be at FF800000, but it does not work for some reason. I am assuming that probably some additional setup must be done or something.

How would I look at the code at FFFF0000? Is it somewhere in the firmware, or does it have to be dumped separately?

One strange thing about the A530 is that at ff8000c8 there is a long jump at ffc000e0.
From the wiki page for a530:
0xff800000: firmware flash data (probably)
0xffc00000: mirror copy of firmware flash? (to be determined)

So it appears to jump at the second copy of the firmware, I wonder if they are actually the same memory area logically mapped as two different addresses, or maybe something else.
Logged
*

Offline reyalp

  • ******
  • 14000
Re: Resuming activity from the LED blinker program
« Reply #3 on: 26 / August / 2009, 19:21:10 »
Quote from: RaduP on 26 / August / 2009, 19:12:17
The idea is to copy the firmware from ROM to RAM then execute it.
This will be very difficult. If you don't understand why, you need to spend some time with the arm technical docs and firmware code. Just copying the ROM will *not* work. Spend some time reading about how linkers (edit: static and dynamic linkers and program loaders too) do relocation, especially on platforms without an MMU.
Quote
However, at this stage, I am just trying to jump to the ROM address, which should be at FF800000, but it does not work for some reason. I am assuming that probably some additional setup must be done or something.
The firmware starts at FF810000 or FFC00000. The latter is used on (almost ?) all A series cams, including the A530.
Quote
How would I look at the code at FFFF0000? Is it somewhere in the firmware, or does it have to be dumped separately?
If you have a full dump, it's there. If  you don't then you need to get one.
Logged
Don't forget what the H stands for.
*

Offline RaduP

  • *****
  • 908
Re: Resuming activity from the LED blinker program
« Reply #4 on: 26 / August / 2009, 19:33:50 »
Quote from: reyalp on 26 / August / 2009, 19:21:10
This will be very difficult. If you don't understand why, you need to spend some time with the arm technical docs and firmware code. Just copying the ROM will *not* work. Spend some time reading about how linkers (edit: static and dynamic linkers and program loaders too) do relocation, especially on platforms without an MMU.

Yes, I know. Some jumps and some data must be replaced with the new start address. That's what I am trying to do, but first I want to make sure I can execute the normal firmware from my program.

Quote
The firmware starts at FF810000 or FFC00000. The latter is used on (almost ?) all A series cams, including the A530.

The wiki page and the disassembly disagree. For example: ldr r0,=0xff80002d

Quote
If you have a full dump, it's there. If  you don't then you need to get one.
My dump only goes to ffc00000 :/
Logged
*

Offline reyalp

  • ******
  • 14000
Re: Resuming activity from the LED blinker program
« Reply #5 on: 26 / August / 2009, 19:40:06 »
Quote from: RaduP on 26 / August / 2009, 19:33:50
The wiki page and the disassembly disagree. For example: ldr r0,=0xff80002d
Your disassembly is loaded at the wrong address then.

edit: actually, that is odd, since  =0xff80002d should be a literal.
From the A550 makefile.inc
Quote
ROMBASEADDR=0xffc00000
If this was incorrect, the A550 port would not run at all. If you look at the stubs* files, they are all FFC based too. I strongly suggest you take advantage of the work already done on this platform.

Quote
My dump only goes to ffc00000 :/
Your dump is loaded at the wrong address.
Logged
Don't forget what the H stands for.
*

Offline RaduP

  • *****
  • 908
Re: Resuming activity from the LED blinker program
« Reply #6 on: 26 / August / 2009, 19:53:40 »
Well, could it be that A530 and A550 use some different addresses?
Logged
*

Offline reyalp

  • ******
  • 14000
Re: Resuming activity from the LED blinker program
« Reply #7 on: 26 / August / 2009, 20:07:55 »
Quote from: RaduP on 26 / August / 2009, 19:53:40
Well, could it be that A530 and A550 use some different addresses?
Oops, don't know why I thought you were using 550. but in any case..
No, they don't. Again, there's a working A530 port of CHDK. A530 loads at FFC00000 like the other A series cams.
Logged
Don't forget what the H stands for.
*

Offline RaduP

  • *****
  • 908
Re: Resuming activity from the LED blinker program
« Reply #8 on: 26 / August / 2009, 21:08:06 »
Well, either way, I jumped at FFC00000 as well, and no luck :/
Logged
*

Offline reyalp

  • ******
  • 14000
Re: Resuming activity from the LED blinker program
« Reply #9 on: 26 / August / 2009, 21:15:48 »
Quote from: RaduP on 26 / August / 2009, 21:08:06
Well, either way, I jumped at FFC00000 as well, and no luck :/
Jumping back into the firmware is a fairly standard thing to do in the porting process, and works from very early on using the CHDK loader.  You might want to look at that.

How are you jumping to the ROM ?

edit:
and are you are sure your code is loading and running correctly ?
Logged
Don't forget what the H stands for.
Pages: [1] 2 3 4   Go Up
« previous next »
 

Related Topics