I am going to get an SD980 soon - page 3 - Firmware Dumping - CHDK Forum

I am going to get an SD980 soon

  • 28 Replies
  • 17645 Views
*

Offline RaduP

  • *****
  • 926
Re: I am going to get an SD980 soon
« Reply #20 on: 09 / September / 2009, 22:15:10 »
Advertisements
Well, I did see that there are some issues when the loader overwrites the table with the pointers, but no one really elaborated what exactly happens there.
You were mentioning in the firmware relocation thread that the functions table is created by the first loop at the start of the firmware. I couldn't find the code you mentioned, but if that's the case, would it be possible to restore the function table based on that function, if it is found?

Something like this:
Relocate the diskbooter code to a higher address.
Continue execution there.
Find the function that creates the magic function table.
Analyze it to extract the information needed
Recreate the table.
Find the sdwrite function in there
Call the function
« Last Edit: 09 / September / 2009, 22:17:42 by RaduP »

*

Offline RaduP

  • *****
  • 926
Re: I am going to get an SD980 soon
« Reply #21 on: 10 / September / 2009, 19:20:24 »
Well, I am going to try the serial and blinker way, I am setting up the hardware to be ready for when the camera comes tomorrow :)

Re: I am going to get an SD980 soon
« Reply #22 on: 10 / September / 2009, 22:52:42 »
Oh, I know that, of course the IO addresses must be defined for each camera (or maybe camera family).
But from reading that thread it seems that the sd write function is designed so it won't have to rely much on the OS, which is the reason why it was chosen to do the job at hand.
No, it was chosen because it happens to work after some parts of the OS have been blown away by diskboot. Important difference.

LOL - That explains a lot.  I've never understood the purpose of the zero (and thus have always nuked it as unneeded)  So the corruption of that area makes the wr() work.  I love it.

Harpo
Canon Models - SD300, SD780, & SX210

*

Offline reyalp

  • ******
  • 14118
Re: I am going to get an SD980 soon
« Reply #23 on: 10 / September / 2009, 23:34:31 »
LOL - That explains a lot.  I've never understood the purpose of the zero (and thus have always nuked it as unneeded)  So the corruption of that area makes the wr() work.  I love it.
As ewavr posted in the original udumper thread http://chdk.setepontos.com/index.php/topic,221.msg3314.html#msg3314

I don't see anything I'm doing wrong...
All is correct, but...
WriteSDCard() is complex function, it uses different memory locations, semaphores etc - I was surprised that it could work after OS death.

See sig ;)
Don't forget what the H stands for.


*

Offline RaduP

  • *****
  • 926
Re: I am going to get an SD980 soon
« Reply #24 on: 12 / September / 2009, 19:02:33 »
Now that I got the platform ID, I tried to compile the LED blinker, into the PS.FIR file.
After switching the camera on in the play menu, I can't even get a "firmware update" option :/
Any ideas?

*

Offline fe50

  • ******
  • 3152
  • IXUS50 & 860, SX10 Star WARs-Star RAWs
    • fe50
Re: I am going to get an SD980 soon
« Reply #25 on: 12 / September / 2009, 19:17:33 »
Now that I got the platform ID, I tried to compile the LED blinker, into the PS.FIR file.
After switching the camera on in the play menu, I can't even get a "firmware update" option :/
Any ideas?
--> PS.FI2, not PS.FIR (that's the old vxworks style) !

*

Offline RaduP

  • *****
  • 926
Re: I am going to get an SD980 soon
« Reply #26 on: 12 / September / 2009, 20:19:41 »
Ok, I read the other thread and realized that.
But I have a question I can't find the answer for, maybe you can help.
What is the diskboot.bin thing? Is it what the compiler compiled (main) ? Or what?

*

Offline fe50

  • ******
  • 3152
  • IXUS50 & 860, SX10 Star WARs-Star RAWs
    • fe50
Re: I am going to get an SD980 soon
« Reply #27 on: 12 / September / 2009, 20:33:23 »
Ok, I read the other thread and realized that.
But I have a question I can't find the answer for, maybe you can help.
What is the diskboot.bin thing? Is it what the compiler compiled (main) ? Or what?
Basically it's a binary file accepted as firmware update code by the camera's fw update mechansim ;)

--> Look to the CHDK Makefile to see the whole story...

...a sample win batch file, should make things more clear (it's for my old SX10 blinker app):
 del diskboot.org
 del diskboot.bin
 arm-elf-gcc -fno-builtin -O2 -Ilib -nostdinc -c entry.s
 arm-elf-gcc -fno-builtin -O1 -Ilib -c main.c
 arm-elf-gcc -fno-builtin -O2 -Ilib -nostdlib -Wl,-N,-Ttext,1900,-Map,main.map -o main.exec entry.o main.o -lc -lgcc
 arm-elf-objcopy -O binary main.exec main
 arm-elf-objdump -d main.exec > main.dump
 zero | dd bs=1k count=100 >>main
 copy main diskboot.org
 rem fe50 - old   pakwif PS.FIR main 0x3125
 encode diskboot.org diskboot.bin


*

Offline RaduP

  • *****
  • 926
Re: I am going to get an SD980 soon
« Reply #28 on: 12 / September / 2009, 20:36:14 »
copy main diskboot.org
Oh, ok, so the main file. Thanks, will give it a try!

 

Related Topics


SimplePortal 2.3.6 © 2008-2014, SimplePortal