The bootflag.fir and scanled.fir files are located here:
http://www.mediafire.com/?sharekey=78ee45b97520ae1308f8df73f2072ed62590fcdbf5f0ba1af7e866bfb1230ce0This file has bootflag: bootflag-20090921.zip
and this file has scanled: 350d_bootflag_update_20090914.zip
But I've made a bit of progress in figuring out exactly what these files do, and so far the result is a bit disturbing. So I gave up on trying to figure out the C, and did an object file dump to look at the actual assembler code, which is what my programming background is. And I found some helpful pdf's on the arm instruction set and register structure.
So here's one thing I found so far. This is the bootflag C code for a subroutine called Zero:
// zero memory
void Zero(int* buf, int size) {
int i = 0;
for (; i < size; i++)
buf = 0;
}
And here is how that was compiled:
00000060 <Zero>:
60: e3a03000 mov r3, #0 ; 0x0
64: e1530001 cmp r3, r1
68: a1a0f00e movge pc, lr
6c: e2833001 add r3, r3, #1 ; 0x1
70: e1530001 cmp r3, r1
74: bafffffc blt 6c <Zero+0xc>
78: e1a0f00e mov pc, lr
So, in assembler, you enter the routine with the pointer to the block in r0 and the count in r1. You then go into a loop incrementing r3 from zero to the value in r1, then you return from the routine (mov pc,lr). But, at no point does anything in memory get zeroed. So the C entry "buf = 0" appears to do nothing. It's the same in scanled.fir. The OP who gave us these boot flag programs isn't around anymore to ask about this, so it's hard to know whether anything needs to be zeroed at all. It seems to work for most people without that, but then we have these cases of bricked cameras. So I don't know whether to fix it or not.
What I'm trying to figure out now, in bootflag.c, is exactly what is being compared in this line:
if (buf1[0] != boot_flag[0] || buf1[1] != boot_flag[1] || buf1[2] != boot_flag[2]) {
LEDRED = LEDON;
} else {
but it's hard going trying to make sure I understand the assembler.
I'd still like to add the v1.0.3 test if that's possible.