supplierdeeply

Help about dump EOS 450D fireware,THANKS.

  • 5 Replies
  • 19432 Views
  • Publish
    Help about dump EOS 450D fireware,THANKS.
    « on: 26 / March / 2010, 12:21:12 »
    Advertisements
    I use following code to dump 450D 1.0.9 firmware ,but it now worked.Can somebody give me some advice? thanks.

    I load flasher of firmware to ida ,and see the pointer address is not a function entry. Can the code really run right?

    ROM:00916964                 BEQ     loc_916950
    ROM:00916968                 MOV     R0, R5
    ROM:0091696C                 BL      sub_974A50
    ROM:00916970                 LDR     R3, [R6]
    ROM:00916974                 MOV     R0, R4

    ?????so sad.... :'(

    ---------
    //      canon 450d fw 1.0.9
    //--------------------------------------
    #define FW_ADDRESS      0xFF800000
    #define FW_SIZE         0x800000

    #define LEDBLUE         0xC02200E8
    #define O_WRONLY        1


    typedef int (*ft_open)(const char *name, int flags, int mode);
    typedef int (*ft_close)(int fd);
    typedef int (*ft_write)(int fd, void *buffer, long nbytes);
    typedef int (*ft_creat)(char *nm,int flg);
    typedef int (*ft_shdn)(void);


    int main()
    {

            ft_open open;
            ft_creat create;
            ft_write write;
            ft_close close;
          ft_shdn   shdn;
            int f = 0;


    //   0x00807128 - tUpdMgr

            open    = (ft_open)     0x00916964;
            create    = (ft_creat)    0x00916a30;
            write   = (ft_write)    0x00916d28;
            close   = (ft_close)    0x00916de0;
          shdn   = (ft_shdn)   0x00807874;



       f = open("A:", 1, 0644);
       close(f);
       if (f>=0) {
          //create on A:
          f = create( "A:/DUMPA.DMP", O_WRONLY );
          if ( f>=0 ) {
                       write(f, (void*)FW_ADDRESS, FW_SIZE);
                       close(f);
                   shdn();
          }

       }else{
          f = open("B:", 1, 0644);
          close(f);
          if (f>=0) {
             //create on B:
             f = create( "B:/DUMPB.DMP", O_WRONLY );
             if ( f>=0 ) {
                          write(f, (void*)FW_ADDRESS, FW_SIZE);
                          close(f);
                      shdn();
             }
          }
          
       }



       *((int *)LEDBLUE) = 0x46; //ON
       while(1){};


       return 0;
    }

    *

    Offline Ant

    • ****
    • 257
  • Publish
    Re: Help about dump EOS 450D fireware,THANKS.
    « Reply #1 on: 13 / April / 2010, 06:06:19 »
    Here you can find my dumper for 450D, which was tested with FW v.1.0.9.
    It works as a task under main FW and uses fileIO functions from it.

    To create RAM, ROM, stdout dumps and system log you need run firmware update and wait until blue led will be turned on and SD writing operations will complete(~20 seconds).
    « Last Edit: 13 / April / 2010, 06:41:14 by Ant »

    *

    Offline Ant

    • ****
    • 257
    « Last Edit: 21 / December / 2010, 14:01:35 by Ant »

  • Publish
    Re: Help about dump EOS 450D fireware,THANKS.
    « Reply #3 on: 15 / April / 2010, 08:47:56 »
    Thank you so much!!


  • Publish
    Re: Help about dump EOS 450D fireware,THANKS.
    « Reply #4 on: 17 / April / 2010, 08:46:58 »
    HI, use "EnableBootDisk" will enable bootdisk on 450d,i think it also work on 40d :)

    but,450d arch is different with 400d , so autoexec.bin will  be different....

  • Publish
    Re: Help about dump EOS 450D fireware,THANKS.
    « Reply #5 on: 16 / April / 2012, 20:37:46 »
    The link for the two files above are no longer available. if anyone who has a copy can reattach them i'd love to have a look over them

    thanks

     

    Related Topics