A1100 IS Porting thread - page 6 - DryOS Development - CHDK Forum
supplierdeeply

A1100 IS Porting thread

  • 647 Replies
  • 229023 Views
Re: A1100 IS Porting thread
« Reply #50 on: 19 / April / 2010, 02:52:16 »
Advertisements
Not clear if you have done this, but all the ASM in boot.c needs adjusted for each camera. Most needs to come for your own cameras firmware, not another port.
Now I am sure I run into the boot() method and before the asm code.Because my test print led blinked before the asm().But when code run into the asm() code,the camera down.
Here is my code. I think the reason is because I have not adjust the asm code.This asm code is copied from A480.
Then now,How can I get the asm code from my camera's firmware?
Code: [Select]
void __attribute__((naked,noinline)) boot() {
           volatile long *p = (void*)DP;       // turned off later, so assumed to be power  DEBUG
        int counter;  // DEBUG

         //DEBUG: blink led // DEBUG
        counter = DELAY; *p = 0x46;  while (counter--) { asm("nop\n nop\n"); }; // DEBUG
        counter = DELAY; *p = 0x44;  while (counter--) { asm("nop\n nop\n"); };// DEBUG




 
  //DEBUG: blink led // DEBUG
        counter = DELAY; *p = 0x46;  while (counter--) { asm("nop\n nop\n"); }; // DEBUG
        counter = DELAY; *p = 0x44;  while (counter--) { asm("nop\n nop\n"); };// DEBUG          --------->worked
--------------->then down.
    asm volatile (
                 "LDR     R1, =0xC0410000\n"
                 "MOV     R0, #0\n"
                 "STR     R0, [R1]\n"
                 "MOV     R1, #0x78\n"
                 "MCR     p15, 0, R1,c1,c0\n"
                 "MOV     R1, #0\n"
                 "MCR     p15, 0, R1,c7,c10, 4\n"
 "loc_FFC00028:\n"
                 "MCR     p15, 0, R1,c7,c5\n"
                 "MCR     p15, 0, R1,c7,c6\n"
                 "MOV     R0, #0x3D\n"
                 "MCR     p15, 0, R0,c6,c0\n"
                 "MOV     R0, #0xC000002F\n"
                 "MCR     p15, 0, R0,c6,c1\n"
                 "MOV     R0, #0x31\n"
                 "MCR     p15, 0, R0,c6,c2\n"
                 "LDR     R0, =0x10000031\n"
                 "MCR     p15, 0, R0,c6,c3\n"
                 "MOV     R0, #0x40000017\n"
                 "MCR     p15, 0, R0,c6,c4\n"
                 "LDR     R0, =0xFFC0002B\n"
                 "MCR     p15, 0, R0,c6,c5\n"
                 "MOV     R0, #0x34\n"
                 "MCR     p15, 0, R0,c2,c0\n"
                 "MOV     R0, #0x34\n"
                 "MCR     p15, 0, R0,c2,c0, 1\n"
                 "MOV     R0, #0x34\n"
                 "MCR     p15, 0, R0,c3,c0\n"
                 "LDR     R0, =0x3333330\n"
                 "MCR     p15, 0, R0,c5,c0, 2\n"
                 "LDR     R0, =0x3333330\n"
                 "MCR     p15, 0, R0,c5,c0, 3\n"
                 "MRC     p15, 0, R0,c1,c0\n"
                 "ORR     R0, R0, #0x1000\n"
                 "ORR     R0, R0, #4\n"
                 "ORR     R0, R0, #1\n"
                 "MCR     p15, 0, R0,c1,c0\n"
                 "MOV     R1, #0x40000006\n"
                 "MCR     p15, 0, R1,c9,c1\n"
                 "MOV     R1, #6\n"
                 "MCR     p15, 0, R1,c9,c1, 1\n"
                 "MRC     p15, 0, R1,c1,c0\n"
                 "ORR     R1, R1, #0x50000\n"
                 "MCR     p15, 0, R1,c1,c0\n"
                 "LDR     R2, =0xC0200000\n"
                 "MOV     R1, #1\n"
                 "STR     R1, [R2,#0x10C]\n"
                 "MOV     R1, #0xFF\n"
                 "STR     R1, [R2,#0xC]\n"
                 "STR     R1, [R2,#0x1C]\n"
                 "STR     R1, [R2,#0x2C]\n"
                 "STR     R1, [R2,#0x3C]\n"
                 "STR     R1, [R2,#0x4C]\n"
                 "STR     R1, [R2,#0x5C]\n"
                 "STR     R1, [R2,#0x6C]\n"
                 "STR     R1, [R2,#0x7C]\n"
                 "STR     R1, [R2,#0x8C]\n"
                 "STR     R1, [R2,#0x9C]\n"
                 "STR     R1, [R2,#0xAC]\n"
                 "STR     R1, [R2,#0xBC]\n"
                 "STR     R1, [R2,#0xCC]\n"
                 "STR     R1, [R2,#0xDC]\n"
                 "STR     R1, [R2,#0xEC]\n"
                 "STR     R1, [R2,#0xFC]\n"
                 "LDR     R1, =0xC0400008\n"
                 "LDR     R2, =0x430005\n"
                 "STR     R2, [R1]\n"
                 "MOV     R1, #1\n"
                 "LDR     R2, =0xC0243100\n"
                 "STR     R2, [R1]\n"
                 "LDR     R2, =0xC0242010\n"
                 "LDR     R1, [R2]\n"
                 "ORR     R1, R1, #1\n"
                 "STR     R1, [R2]\n"
                 "LDR     R0, =0xFFE88E20\n"
                 "LDR     R1, =0x1900\n"
                 "LDR     R3, =0xBA68\n"
 "loc_FFC0013C:\n"
                 "CMP     R1, R3\n"
                 "LDRCC   R2, [R0],#4\n"
                 "STRCC   R2, [R1],#4\n"
                 "BCC     loc_FFC0013C\n"
                 "LDR     R1, =0x102438\n"
                 "MOV     R2, #0\n"
 "loc_FFC00154:\n"
                 "CMP     R3, R1\n"
                 "STRCC   R2, [R3],#4\n"
                 "BCC     loc_FFC00154\n"
                 "B       sub_FFC001A4_my\n"  //--------->
    );

Re: A1100 IS Porting thread
« Reply #51 on: 19 / April / 2010, 11:39:34 »
hello,reyalp.
I get the asm code from camera's firmware.But get compile err.How to correct it?
Like this code in the firmware.
I copy it into one asm().

Code: [Select]
sub_FFC00FC4                            ; CODE XREF: sub_FFC00000+208p
ROM:FFC00FC4
ROM:FFC00FC4 var_78          = -0x78
ROM:FFC00FC4 var_74          = -0x74
ROM:FFC00FC4 var_70          = -0x70
ROM:FFC00FC4 var_6C          = -0x6C
ROM:FFC00FC4 var_60          = -0x60
ROM:FFC00FC4 var_5C          = -0x5C
ROM:FFC00FC4 var_58          = -0x58
ROM:FFC00FC4 var_54          = -0x54
ROM:FFC00FC4 var_50          = -0x50
ROM:FFC00FC4 var_4C          = -0x4C
ROM:FFC00FC4 var_48          = -0x48
ROM:FFC00FC4 var_44          = -0x44
ROM:FFC00FC4 var_1C          = -0x1C
ROM:FFC00FC4 var_18          = -0x18
ROM:FFC00FC4 var_14          = -0x14
ROM:FFC00FC4 var_10          = -0x10
ROM:FFC00FC4 var_4           = -4
ROM:FFC00FC4
ROM:FFC00FC4                 STR     LR, [SP,#unk_FFFFFFFC]!
ROM:FFC00FC8                 SUB     SP, SP, #0x74
ROM:FFC00FCC                 MOV     R0, SP
ROM:FFC00FD0                 MOV     R1, #0x74
ROM:FFC00FD4                 BL      sub_FFE6C5B0
ROM:FFC00FD8                 MOV     R0, #0x53000
ROM:FFC00FDC                 STR     R0, [SP,#0x78+var_74]
ROM:FFC00FE0                 LDR     R0, =0x12ED1C
ROM:FFC00FE4                 LDR     R2, =0x2F9C00
ROM:FFC00FE8                 LDR     R1, =0x2F24A8
ROM:FFC00FEC                 STR     R0, [SP,#0x78+var_70]
ROM:FFC00FF0                 SUB     R0, R1, R0
ROM:FFC00FF4                 ADD     R3, SP, #0x78+var_6C
ROM:FFC00FF8                 STR     R2, [SP,#0x78+var_78]
ROM:FFC00FFC                 STMIA   R3, {R0-R2}
ROM:FFC01000                 MOV     R0, #0x22
ROM:FFC01004                 STR     R0, [SP,#0x78+var_60]
ROM:FFC01008                 MOV     R0, #0x68
ROM:FFC0100C                 STR     R0, [SP,#0x78+var_5C]
ROM:FFC01010                 LDR     R0, =0x19B
ROM:FFC01014                 LDR     R1, =sub_FFC04D38
ROM:FFC01018                 STR     R0, [SP,#0x78+var_58]
ROM:FFC0101C                 MOV     R0, #0x96
ROM:FFC01020                 STR     R0, [SP,#0x78+var_54]
ROM:FFC01024                 MOV     R0, #0x78
ROM:FFC01028                 STR     R0, [SP,#0x78+var_50]
ROM:FFC0102C                 MOV     R0, #0x64
ROM:FFC01030                 STR     R0, [SP,#0x78+var_4C]
ROM:FFC01034                 MOV     R0, #0
ROM:FFC01038                 STR     R0, [SP,#0x78+var_48]
ROM:FFC0103C                 STR     R0, [SP,#0x78+var_44]
ROM:FFC01040                 MOV     R0, #0x10
ROM:FFC01044                 STR     R0, [SP,#0x78+var_1C]
ROM:FFC01048                 MOV     R0, #0x800
ROM:FFC0104C                 STR     R0, [SP,#0x78+var_18]
ROM:FFC01050                 MOV     R0, #0xA0
ROM:FFC01054                 STR     R0, [SP,#0x78+var_14]
ROM:FFC01058                 MOV     R0, #0x280
ROM:FFC0105C                 STR     R0, [SP,#0x78+var_10]
ROM:FFC01060                 MOV     R0, SP
ROM:FFC01064                 MOV     R2, #0
ROM:FFC01068                 BL      sub_FFC02D68
ROM:FFC0106C                 ADD     SP, SP, #0x74
ROM:FFC01070                 LDR     PC, [SP+4+var_4],#4
compile err like "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cc44UrWs.s:237: Error: ']' expected -- `ldr P
C,[SP+4+var_4],#4'"

Re: A1100 IS Porting thread
« Reply #52 on: 19 / April / 2010, 11:47:44 »
Also confused by this.
Code: [Select]

sub_FFC04D38                            ; DATA XREF: sub_FFC00FC4+50o
ROM:FFC04D38                                         ; ROM:off_FFC01084o

ROM:FFC04D38                 STMFD   SP!, {R4,LR}
ROM:FFC04D3C                 BL      sub_FFC00954
ROM:FFC04D40                 BL      dmSetup
ROM:FFC04D44                 CMP     R0, #0
ROM:FFC04D48                 ADRLT   R0, aDmsetup    ; "dmSetup"
ROM:FFC04D4C                 BLLT    err_init_task
ROM:FFC04D50                 BL      sub_FFC04974
ROM:FFC04D54                 CMP     R0, #0
ROM:FFC04D58                 ADRLT   R0, aTermdriverinit ; "termDriverInit"
......................
How can I get the dmSetup real value.
I copy it into asm(),then get compile err.It says  dmSetup is not referenced.
In the a2000 it like this. How can I get my dmSteup's real value like a2000's sub_FFC09708.
Code: [Select]
"STMFD   SP!, {R4,LR}\n"
              "BL      sub_FFC00944\n"
              "BL      sub_FFC09708\n"           // _dmSetup
              "CMP     R0, #0\n"
              "LDRLT   R0, =0xFFC04EA4\n"
              "BLLT    sub_FFC04E84\n"           // err_init_task
              "BL      sub_FFC049B8\n"           // termDriverInit

*

Offline reyalp

  • ******
  • 14086
Re: A1100 IS Porting thread
« Reply #53 on: 20 / April / 2010, 02:04:10 »
You need to to find the address and replace the ADR* pseudo instructions with the equivalent LDR Rx,=0x...
In IDA, you can just double click on aDmsetup and copy the address.

You also want to look at asmify.sh in the tools directory.

For the VAR stuff, just leave that out of the ASM and convert
e.g.
STR     R1, [SP,#0x30+var_30+4]
to
STR     R1, [SP,#4]
You can use q key in ida to do this.
Don't forget what the H stands for.


Re: A1100 IS Porting thread
« Reply #54 on: 20 / April / 2010, 02:17:16 »
You need to to find the address and replace the ADR* pseudo instructions with the equivalent LDR Rx,=0x...
In IDA, you can just double click on aDmsetup and copy the address.

You also want to look at asmify.sh in the tools directory.

For the VAR stuff, just leave that out of the ASM and convert
e.g.
STR     R1, [SP,#0x30+var_30+4]
to
STR     R1, [SP,#4]
You can use q key in ida to do this.
Thanks,reyalp,I will continue to do it.

Now I am confused how to get my own firmware's
 correct value for "correct power-on".

Code: [Select]
     *(int*)0x1934=(int)taskHook;
     *(int*)0x1938=(int)taskHook;
     *(int*)(0x2164)= (*(int*)0xC022005C)&1 ? 0x400000 : 0x200000; // replacement of sub_FFC2C2FC for correct power-on.

*

Offline reyalp

  • ******
  • 14086
Re: A1100 IS Porting thread
« Reply #55 on: 20 / April / 2010, 02:42:13 »
"correct power on" is to start in record mode if the power button is held down, on cameras that can start with play or power button. Otherwise CHDK always starts in play mode.

In the SD990 boot.c, I made the following notes, maybe they will help.
Quote
   // similar to SX10 (but no +4 and values are >> 8) via sub_FF849EB0.
   // Search on 0x12345678 finds function called by this
    *(int*)(0x2588)= (*(int*)0xC02200F8)&1 ? 0x200000 : 0x100000; // replacement of sub_FF8219D8 for correct power-on.
Don't forget what the H stands for.

Re: A1100 IS Porting thread
« Reply #56 on: 20 / April / 2010, 03:09:40 »
thanks reyalp.I have know this.
Now I copy some asm() from firmware like this.
Get compile  err like this " undefined reference to sub_sub_FFE6C5B0"
So I  comment it.(It is right?)
After compile,I run it.
The camera's  lens come out.Work led light forever.keyboard is disabled.

Now I want to know how to resove the compile err,If I do not comment the code.
Code: [Select]
                "STR     LR, [SP,#-4]!\n"
                 "SUB     SP, SP, #0x74\n"
                 "MOV     R0, SP\n"
                 "MOV     R1, #0x74\n"
                //"BL      sub_FFE6C5B0\n"    //where I confused  
                    "BL      0xFFC090B4\n"
                 "MOV     R0, #0x53000\n"
                 "STR     R0, [SP,#4]\n"
             //    "LDR     R0, =0x12ED1C\n"
              // Replacement
            "LDR     R0, =new_sa\n"
                "LDR     R0, [R0]\n"
                         ......

*

Offline reyalp

  • ******
  • 14086
Re: A1100 IS Porting thread
« Reply #57 on: 20 / April / 2010, 22:27:55 »
Code: [Select]
    "BL      0xFFC090B4\n"This doesn't do what you want. BL takes a signed, 24 bit PC relative offset.

If you want to BL to an absolute address, you want something like
Code: [Select]
MOV LR, PC
LDR PC, =0xFFC090B4
But you should use BL sub_FFE6C5B0 because the build process takes care of those for you.

The error like sub_sub_FFE6C5B0 sounds like something is wrong in the asm or build process. Not sure how that would happen.
Don't forget what the H stands for.


Re: A1100 IS Porting thread
« Reply #58 on: 21 / April / 2010, 02:56:29 »
How to solve this problem:
Code: [Select]
E:\chdk\trunk>make fir
**** Build: 0.9.9
>> Entering to tools
<< Leaving tools
>> Entering to lib
>> Entering to lib/font
<< Leaving lib/font
>> Entering to lib/math
<< Leaving lib/math
>> Entering to lib/ubasic
<< Leaving lib/ubasic
>> Entering to lib/lang
<< Leaving lib/lang
>> Entering to lib/lua
<< Leaving lib/lua
>> Entering to lib/armutil
<< Leaving lib/armutil
<< Leaving lib
>> Entering to platform
>> Entering to platform/a1100
>> Entering to platform/a1100/sub
>> Entering to platform/a1100/sub/100c
boot.c \-> boot.o
boot.c capt_seq.c movie_rec.c \-> stubs_auto.S
stubs_auto.S \-> stubs_auto.o
stubs_auto.S:246:1: error: unterminated argument list invoking macro "STUB"
make[4]: *** [stubs_auto.o] Error 1
make[3]: *** [all-recursive] Error 1
make[2]: *** [all-recursive] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all-recursive] Error 1

E:\chdk\trunk>

Re: A1100 IS Porting thread
« Reply #59 on: 21 / April / 2010, 03:07:53 »
But you should use BL sub_FFE6C5B0 because the build process takes care of those for you.
The error like sub_sub_FFE6C5B0 sounds like something is wrong in the asm or build process. Not sure how that would happen.
The sub_sub_FFE6C5B0 is copied from a1100's firmware.I think it is right.But I do not why it  cause compile error.
And how to find the function like
Code: [Select]
   
   "STMFD   SP!, {R4,LR}\n"
                 "BL      sub_FFC00954\n"
                 "BL      dmSetup\n"   --->how to find dmSetup.I double click the dmSetup,then IDA go   to       it's         definition.I want to know how to get the function like "sub_FFC097EC" to replace the dmSetup.
The code   like "BL subxxxxx",it always bring the compile error like  " undefined reference to sub_sub_xxxxx".So how to correct it?
Thank.

 

Related Topics


SimplePortal 2.3.6 © 2008-2014, SimplePortal