the sx20 porting thread

yakabmarci

16
sx20is

Re: the sx20 porting thread

« Reply #20 on: 15 / October / 2009, 16:19:19 »

Advertisements

Hello reyalp,

How can one tell whether a dump is corrupt or not?
Why do you say that the string "\nStartDiskBoot\n" should be at FF83AFE8 address?

I am new to CHDK so any hints are wellcome.

Logged

reyalp

14080

Re: the sx20 porting thread

« Reply #21 on: 15 / October / 2009, 16:32:34 »

Quote from: yakabmarci on 15 / October / 2009, 16:19:19

Hello reyalp,

How can one tell whether a dump is corrupt or not?

It does things that don't make sense, like BL instructions that would jump to the middle of an ASCII string.

Quote

Why do you say that the string "\nStartDiskBoot\n" should be at FF83AFE8 address?

Because I am familiar with that part of the ROM on other cameras, and the part of the string is there but obviously corrupted.

edit:
http://chdk.setepontos.com/index.php/topic,288.msg41638.html#msg41638

« Last Edit: 15 / October / 2009, 17:07:43 by reyalp »

Logged

Don't forget what the H stands for.

neszt

174

Re: the sx20 porting thread

« Reply #22 on: 15 / October / 2009, 17:26:21 »

Quote from: reyalp on 15 / October / 2009, 16:00:23

I downloaded the sx20 dump linked here http://chdk.setepontos.com/index.php/topic,288.msg41607.html#msg41607

It is definitely corrupted in some way.

Yes, that dump is corrupt, i see. But that dump is a only PART of my dump by fe50, because i didn't tell anyone, how to gain a good PRIMARY.BIN from my unprocessed dump, because even i didn't know that.

Afterwards RaduP told me, that there is a modified version of dec.exe named a.exe witch creates probably good PRIMARY.BIN.

Now i created this one, to see the different: http://neszt.hu/sx20_GM1.00F_v02_processed.zip

I don't know how to create the Strings.txt, but i will include it, if someone helps me.

Logged

reyalp

14080

Re: the sx20 porting thread

« Reply #23 on: 15 / October / 2009, 17:31:22 »

strings is not a big deal. Anyone with a unix-like strings program can create one. A mingw version is included with the win32 toolchain.

edit:
Your processed dump looks ok to me.

« Last Edit: 15 / October / 2009, 17:36:26 by reyalp »

Logged

Don't forget what the H stands for.

neszt

174

Re: the sx20 porting thread

« Reply #24 on: 15 / October / 2009, 17:47:11 »

Quote from: reyalp on 15 / October / 2009, 17:31:22

edit:
Your processed dump looks ok to me.

Well, this is very good news. I sent message to fe50 to replace to uploaded one with my processed one.

Logged

neszt

174

Re: the sx20 porting thread

« Reply #25 on: 15 / October / 2009, 18:02:50 »

Quote from: reyalp on 15 / October / 2009, 15:57:48

You cannot just copy a port and expect it to work. Please read http://chdk.wikia.com/wiki/Adding_support_of_a_new_camera carefully.

It's needless to say i don't expect to work.

Can you please give me a hint, how to find those signatures functions less the 100% match?

The mentioned manual only says:

1. Any function with less than 100% match in stubs_entry.S should be manually checked
2. functions that are completely missed by the automatic detection .... These should also be manually added to stubs_entry_2.S

Here is my stubs_entry.S after autodetection:

// !!! THIS FILE IS GENERATED. DO NOT EDIT. !!!
#include "stubs_asm.h"

NSTUB(AllocateMemory, 0xffa9b5e0)
// Best match: 56%
NSTUB(AllocateUncacheableMemory, 0xff838df4)
// ERROR: Close is not found!
NSTUB(CreateTask, 0xff81e5b4)
NSTUB(DeleteFile_Fut, 0xff834c08)
// ERROR: EnterToCompensationEVF is not found!
NSTUB(ExecuteEventProcedure, 0xff88b5c0)
// ERROR: ExitFromCompensationEVF is not found!
// Best match: 57%
NSTUB(ExitTask, 0xff81e844)
NSTUB(Fclose_Fut, 0xff834d84)
NSTUB(Feof_Fut, 0xff834f70)
NSTUB(Fflush_Fut, 0xff834fac)
NSTUB(Fgets_Fut, 0xff834ed8)
NSTUB(Fopen_Fut, 0xff834d44)
NSTUB(Fread_Fut, 0xff834e30)
NSTUB(FreeMemory, 0xffa9b5d8)
// Best match: 91%
NSTUB(FreeUncacheableMemory, 0xff838e28)
NSTUB(Fseek_Fut, 0xff834f24)
NSTUB(Fwrite_Fut, 0xff834e84)
// ERROR: GetBatteryTemperature is not found!
// ERROR: GetCCDTemperature is not found!
// Best match: 85%
NSTUB(GetCurrentAvValue, 0xff952548)
// Best match: 64%
NSTUB(GetCurrentTargetDistance, 0xff950a3c)
// ERROR: GetDrive_ClusterSize is not found!
// ERROR: GetDrive_FreeClusters is not found!
// ERROR: GetDrive_TotalClusters is not found!
// Best match: 56%
NSTUB(GetFocusLensSubjectDistance, 0xffa96d98)
// ERROR: GetOpticalTemperature is not found!
// Best match: 66%
NSTUB(GetParameterData, 0xff990610)
// Best match: 68%
NSTUB(GetPropertyCase, 0xff88f2dc)
// Best match: 96%
NSTUB(GetSystemTime, 0xffa9b638)
// ERROR: GetZoomLensCurrentPoint is not found!
// ERROR: GetZoomLensCurrentPosition is not found!
// Best match: 58%
NSTUB(IsStrobeChargeCompleted, 0xff8ce3ac)
NSTUB(LocalTime, 0xff888ebc)
// Best match: 93%
NSTUB(LockMainPower, 0xff896eac)
// ERROR: Lseek is not found!
// Best match: 92%
NSTUB(MakeDirectory_Fut, 0xff834c7c)
// Best match: 69%
NSTUB(MoveFocusLensToDistance, 0xffaff4c8)
// Best match: 58%
NSTUB(MoveZoomLensWithPoint, 0xffa97688)
// Best match: 62%
NSTUB(NewTaskShell, 0xff88eda0)
// ERROR: Open is not found!
// ERROR: PT_PlaySound is not found!
NSTUB(Read, 0xff81ab78)
// ERROR: ReadFastDir is not found!
// ERROR: RefreshPhysicalScreen is not found!
// ERROR: Remove is not found!
// Best match: 53%
NSTUB(RenameFile_Fut, 0xff834d40)
// ALT: NSTUB(RenameFile_Fut, 0xffa697d4) // 8/7
// ALT: NSTUB(RenameFile_Fut, 0xffa69824) // 8/7
// Best match: 93%
NSTUB(SetAutoShutdownTime, 0xff896f20)
// Best match: 55%
NSTUB(SetFileTimeStamp, 0xff93fd38)
// Best match: 68%
NSTUB(SetParameterData, 0xff9904ec)
// Best match: 84%
NSTUB(SetPropertyCase, 0xff879530)
// Best match: 92%
NSTUB(SleepTask, 0xff838a6c)
// Best match: 60%
NSTUB(TakeSemaphore, 0xff838734)
// ERROR: TurnOffBackLight is not found!
// Best match: 54%
NSTUB(TurnOnBackLight, 0xff8a5ac8)
// ERROR: UIFS_WriteFirmInfoToFile is not found!
// Best match: 93%
NSTUB(UnlockMainPower, 0xff896e00)
// ERROR: UpdateMBROnFlash is not found!
// ERROR: VbattGet is not found!
// ERROR: Write is not found!
NSTUB(_log, 0xffb37c90)
NSTUB(_log10, 0xffb36bd4)
NSTUB(_pow, 0xffb36d44)
NSTUB(_sqrt, 0xffb38ff8)
NSTUB(close, 0xff81a990)
// Best match: 71%
NSTUB(closedir, 0xffa7d628)
// Best match: 71%
NSTUB(closefastdir, 0xffa7d628)
// ERROR: free is not found!
// Best match: 86%
NSTUB(kbd_p1_f, 0xff833498)
// Best match: 86%
NSTUB(kbd_p1_f_cont, 0xff8334a4)
// ERROR: kbd_p2_f is not found!
// ERROR: kbd_pwr_off is not found!
// ERROR: kbd_pwr_on is not found!
// ERROR: kbd_read_keys is not found!
// Best match: 69%
NSTUB(kbd_read_keys_r2, 0xff85e86c)
// ERROR: lseek is not found!
// ERROR: malloc is not found!
NSTUB(memcmp, 0xff8203d8)
NSTUB(memcpy, 0xff83e458)
NSTUB(memset, 0xffa07108)
// ERROR: mkdir is not found!
NSTUB(mktime_ext, 0xff8ad0d0)
NSTUB(open, 0xff81a8e0)
// ERROR: opendir is not found!
// ERROR: openfastdir is not found!
// ERROR: qsort is not found!
// Best match: 95%
NSTUB(rand, 0xff8204e0)
NSTUB(read, 0xff81ab78)
// ERROR: readfastdir is not found!
// ERROR: rename is not found!
// Best match: 95%
NSTUB(srand, 0xff8204d4)
// ERROR: stat is not found!
// Best match: 61%
NSTUB(strcat, 0xff813f38)
// Best match: 56%
NSTUB(strchr, 0xff813fc0)
// ERROR: strcmp is not found!
// Best match: 77%
NSTUB(strcpy, 0xff813f20)
NSTUB(strftime, 0xff8acad8)
// Best match: 79%
NSTUB(strlen, 0xff8203b4)
NSTUB(strncmp, 0xff813f74)
// Best match: 73%
NSTUB(strncpy, 0xff813f38)
// Best match: 71%
NSTUB(strrchr, 0xff83e430)
// ALT: NSTUB(strrchr, 0xff8ac8a0) // 18/8
// Best match: 96%
NSTUB(strtol, 0xff83e738)
// Best match: 86%
NSTUB(time, 0xff889434)
// ERROR: vsprintf is not found!
NSTUB(write, 0xff81abd8)

Logged

reyalp

14080

Re: the sx20 porting thread

« Reply #26 on: 15 / October / 2009, 19:08:19 »

Quote from: neszt on 15 / October / 2009, 18:02:50

It's needless to say i don't expect to work.

Right, but what I'm saying is that things like MEMISOSTART have to be found and corrected. There's no point in trying without doing this, which is why I personally suggest not even starting with a direct copy. Stuff slips through the cracks, and you end up with obscure bugs down the road due to copy/paste.

Quote

Can you please give me a hint, how to find those signatures functions less the 100% match?

Look up the function in the disassembly of a known working firmware, using the address found in that cameras stubs_entry_2.s or (if and only if it doesn't exist in _2) stubs_entry.S. Find some identifiable feature (a string, a sequence of function calls, whatever... ) that allows you to identify that function. Find the corresponding feature in your own dump, and use that to locate the corresponding function.

In some cases, the function is simple enough that you can recognize it by what it does.

Your camera appears to be one with the new revision of dryos, like the SD980, which has many functions changed. I'm going to make a reference firmware for the SD980, which will make automatic detection work a lot better. I'll try to get some work in on that today.

In the mean time, you might want to refer to radups work and the dump of that camera.

SD980 thread http://chdk.setepontos.com/index.php/topic,4228.0.html There are some examples of how to find unknown functions there.
SD980 WIP source http://chdk.setepontos.com/index.php/topic,4310.msg41188.html#msg41188 (note, the only thing you are interested in here is stubs_entry_2.s, to allow you to identify functions that are similar in your firmware)

Logged

Don't forget what the H stands for.

fe50

3147
IXUS50 & 860, SX10 Star WARs-Star RAWs

Re: the sx20 porting thread

« Reply #27 on: 16 / October / 2009, 01:13:36 »

FYI - the SX20 100f dump in the chdkdumps2 drop is updated now.

Logged

-->FIRMWARE DUMPS<-- * Manual * Lua * me

RaduP

926

Re: the sx20 porting thread

« Reply #28 on: 16 / October / 2009, 03:26:30 »

The cleaned dump he sent me (had the right size, and from a cursory look did not appear corrupt, but I did not investigate much) made no sense. The beginning was totally different than anything that I've seen (and I've seen quite a few dumps while testing my disassembler. Of course, maybe he got a newer dump since then.

Anyway, assuming that you have a correct dump, you do not need to bother finding functions until you get to the part where the spy task is started. To get there, you just have to take a look at how your reference port does it, and then copy the ASM code from your dump (via IDA or something similar) that corresponds with the reference port. Then you modify that code to match the changes in the reference port.

One more hint, you should really take it one step at a time, and add debug code (LED blinking) at every stage, to make sure your code gets to that location. Once you start the spy task, the fun begins

Logged

neszt

174

Re: the sx20 porting thread

« Reply #29 on: 17 / October / 2009, 06:08:43 »

Just a question.

Why do we need to find functions like strcpy, strcmp, rand, vsprintf? These functions are well known and available from anywhere, and including to CHDK build environment would make porting easier. Definitely there is a reason, and i'am just wondering.

Logged