Triggering flashlight from code in A470/102C - page 2 - General Discussion and Assistance - CHDK Forum supplierdeeply

Triggering flashlight from code in A470/102C

  • 28 Replies
  • 13808 Views
*

Offline vi

  • *
  • 26
Re: Triggering flashlight from code in A470/102C
« Reply #10 on: 16 / July / 2010, 04:20:00 »
Advertisements
Does it allow you to call StartInternalPreFlash after power savings has drawn the lens back in after switching from REC back to PLAY + waiting a while?
Yes, rapidly switching to Record and immediately back "unlocks" it. StartInternalPreFlash will work until rebooted. Lens is configured to draw back immediately when switching to Play mode.

*

Offline vi

  • *
  • 26
Re: Triggering flashlight from code in A470/102C
« Reply #11 on: 16 / July / 2010, 04:36:38 »
It looks like there are some variables you could try poking.

1. Make memory dump before playing with mode changing wheel (StartInternalPreFlash failing)
2. Make memory dump after playing with mode changing wheel (StartInternalPreFlash is unlocked now)
3. Find all addresses that has changed values, but not inside CHDK, i.e. act like if I'm hacking something with ArtMoney.
4. Add poking for all variables to the new values in a flashing script
[5. Bisect and detect which variables do actually matter]

Is it optimal way of doing it or it can be done faster/better/safer?

*

Offline reyalp

  • ******
  • 14114
Re: Triggering flashlight from code in A470/102C
« Reply #12 on: 16 / July / 2010, 16:41:41 »
1. Make memory dump before playing with mode changing wheel (StartInternalPreFlash failing)
2. Make memory dump after playing with mode changing wheel (StartInternalPreFlash is unlocked now)
3. Find all addresses that has changed values, but not inside CHDK, i.e. act like if I'm hacking something with ArtMoney.
4. Add poking for all variables to the new values in a flashing script
[5. Bisect and detect which variables do actually matter]

Is it optimal way of doing it or it can be done faster/better/safer?
Depends on what you like to do. You should be able to narrow down the likely address ranges a lot by examining the disassembly of the functions I mentioned. As far as I can tell (see below) most of them are offsets into a single structure at a fixed address (0x6B10 on your camera). The other is the first argument to the function, whose value isn't obvious since it's passed in through several layers of functions.

If the value you end up needing to poke turns out to be on the stack, this method is unlikely to work.

Getting past this assert of course may get just get you to the next one, or something worse.

An alternate approach would be to try to figure out which of the functions in the play->rec process setup the required variables, and and try call or emulate them. Bonus of this is if the variables indicate that some required hardware setup has been performed, you are more likely to catch it. You can still get addresses from the stuff related to the assert and look for other references to find out where they are set up.

As for safer... I hear lloyds will insure anything  :haha

In 102c, the assert function is sub_FFCA2D1C called at FFD88720

Code: [Select]
ROM:FFD88720                 BL      sub_FFCA2D1C
ROM:FFD88724                 CMP     R0, #0
ROM:FFD88728                 LDRNE   R1, =0x2AB
ROM:FFD8872C                 ADRNE   R0, aCntflash_c ; "CntFlash.c"
ROM:FFD88730                 BLNE    DebugAssert

Code: [Select]
ROM:FFCA2D1C                 STMFD   SP!, {R0-R11,LR}
ROM:FFCA2D20                 LDR     R10, =0x6B10
ROM:FFCA2D24                 MOV     R7, R0
ROM:FFCA2D28                 LDR     R0, [R10,#4]  ; <- first interesting address 0x6B10+4
ROM:FFCA2D2C                 SUB     SP, SP, #4
ROM:FFCA2D30                 CMP     R0, #0 ; must != 0
ROM:FFCA2D34                 LDR     R11, [SP,#0x38]
ROM:FFCA2D38                 MOVEQ   R0, #0x17
ROM:FFCA2D3C                 MOV     R9, R3
ROM:FFCA2D40                 MOV     R8, R1
ROM:FFCA2D44                 BEQ     loc_FFCA2DD8
ROM:FFCA2D48                 CMP     R7, #0  ; <- first argument of function is checked, must != 0
ROM:FFCA2D4C                 MOVEQ   R0, #3
ROM:FFCA2D50                 BEQ     loc_FFCA2DD8
ROM:FFCA2D54                 LDRB    R0, [R10]
ROM:FFCA2D58                 CMP     R0, #3 ; <- byte at 0x6B10 must == 3
ROM:FFCA2D5C                 MOVNE   R0, #0x11
ROM:FFCA2D60                 BNE     loc_FFCA2DD8
ROM:FFCA2D64                 LDR     R0, [R10,#0x30] ; <- more references to 0x6B10 +n
ROM:FFCA2D68                 LDR     R1, [R10,#0x34]
ROM:FFCA2D6C                 ADD     R6, R0, R1
ROM:FFCA2D70                 LDR     R0, [R10,#0x14]
ROM:FFCA2D74                 CMP     R0, R6  ; <- compare *(0x6B10 + 0x14) to *(0x6B10 + 0x30) + *(0x6B10 + 0x34)
ROM:FFCA2D78                 MOVHI   R0, #0x1D
ROM:FFCA2D7C                 BHI     loc_FFCA2DD8
ROM:FFCA2D80                 MOV     R0, SP
ROM:FFCA2D84                 BL      sub_FFC9D868
Don't forget what the H stands for.

*

Offline vi

  • *
  • 26
Re: Triggering flashlight from code in A470/102C
« Reply #13 on: 16 / July / 2010, 20:40:51 »
Looks like all this is too complicated to bother with (until I find some real use of it) and I can just do the manual initialisation every time. Combined with the fact that AFAIK my A470 cannot wake on clock or on USB it makes efforts of making the manual flash work unattended futile.

But anyway I don't like that the device don't just do that I want (even if it is simple) and requires all that magic.


Re: Triggering flashlight from code in A470/102C
« Reply #14 on: 13 / September / 2010, 19:10:35 »
Hello,
I don't understand the main of this topic, i really don't code...but i think you can answer to my question:
Is it possible to make a script that allows to trigger several flashes in a long exposure shot (from 2 sec to...more)? For sure, i think that more than 1flash/sec should be dangerous...
2 flashes in a 2 sec picture, or flashes every 5 sec in a 64sec picture should be really useful and maybe nice...?
thanks
bye
590
S90

*

Offline vi

  • *
  • 26
Re: Triggering flashlight from code in A470/102C
« Reply #15 on: 14 / September / 2010, 02:17:19 »
Quote
For sure, i think that more than 1flash/sec should be dangerous
At my camera I cannot trigger flash light more that once per second. It suspends while flashing.
Also maximum power flash requires more than second to charge, and it skips flashes it they are too fast. At minimum power it can flash once per second over and over without trouble.

Going to experiment with flashing while long exposure...

*

Offline vi

  • *
  • 26
Re: Triggering flashlight from code in A470/102C
« Reply #16 on: 22 / September / 2010, 19:44:43 »
Is it possible to make a script that allows to trigger several flashes in a long exposure shot?
Yes, I've experimented.

Script: http://vi-server.org/vi/d/multiflash.lua
Example image:

It charges the flash once, then triggers it periodically.
You need to configure timing so that flash is not triggered while it preparing for shot or finishing it.

The more powerful flash is - the less flashes can be on one charge.

presleep - sleep after charging and pressing "shot_full".
sleep - sleep between flashes - minimum is about 700 (faster it can't)
charge - whether to charge the flash before use. Just leave it 1
power - flash power. 0 means maximum (flap!). 1 - minimum (silent tick). 5 - small, can be many flashes, 15 - can handle about ten flashes, first will be more powerful; 50 - only three flashes; 100 - only one flash. // for every second flash
For every-five-second flashes it can do pow100 flashes quite well

*-order means how many times to multiple the value by 10.

Feel free to experiment and hack the script. It shouldn't spoil the flash or the camera (at least if it is like mine). Worst thing while I experimented is a need of rebooting.
« Last Edit: 22 / September / 2010, 19:56:47 by vi »

*

Offline vi

  • *
  • 26
Re: Triggering flashlight from code in A470/102C
« Reply #17 on: 16 / October / 2010, 23:08:27 »
One more useful feature: I can start flashing script (not "multiflash.lua", simpler one) while capturing video.
It can do about 5 flashes per second in this mode (unlike usual capture or play modes). Now I can capture the video in the dark using flash as sort of torch.


Re: Triggering flashlight from code in A470/102C
« Reply #18 on: 16 / January / 2011, 20:10:21 »
oooh!
I just read your posts...it's strange, i didn't receive mails...
Thanks for your work, i will try as soon as possible...
great!!! i'll say how it works...
great
590
S90

Re: Triggering flashlight from code in A470/102C
« Reply #19 on: 15 / February / 2011, 12:10:07 »
Hello!
The script does't run on my S90:
:34: attempt to call glob
al 'call_event_proc' (a n
il values)
PRESS SHUTTER TO CLOSE

I don't know if you are able to do the script for the S90...
thx again for the beginning!!!
590
S90

 

Related Topics


SimplePortal 2.3.6 © 2008-2014, SimplePortal