CreateTask patch doesn't work

  • 5 Replies
  • 661 Views
*

Offline alvm

  • ***
  • 116
CreateTask patch doesn't work
« on: 08 / October / 2014, 11:06:32 »
Advertisements
Hi,

Does CreateTask patch work if hook_CreateTask() is placed at ROM?

Thanks,
Alex.
« Last Edit: 08 / October / 2014, 11:08:58 by alvm »

*

Offline srsa_4c

  • ******
  • 3165
Re: CreateTask patch doesn't work
« Reply #1 on: 08 / October / 2014, 13:13:07 »
Does CreateTask patch work if hook_CreateTask() is placed at ROM?
I suppose you mean this code snippet:
Code: [Select]
// Install CreateTask patch
"    LDR     R0, =patch_CreateTask\n"   // Patch data
"    LDM     R0, {R1,R2}\n"             // Get two patch instructions
"    LDR     R0, =hook_CreateTask\n"    // Address to patch
"    STM     R0, {R1,R2}\n"             // Store patch instructions
You can't write to the flash ROM directly (and you surely don't want to break the firmware like that), so the answer is no.

*

Offline alvm

  • ***
  • 116
Re: CreateTask patch doesn't work
« Reply #2 on: 09 / October / 2014, 07:38:51 »
Yes, you are right I mean this code. Thanks.

CreateTask() function in SX400 is placed in ROM. So how to create hook for it?  Using old hook method like
*(int*)0x1938 = (int)taskCreateHook is not successful.

*

Offline srsa_4c

  • ******
  • 3165
Re: CreateTask patch doesn't work
« Reply #3 on: 09 / October / 2014, 10:48:14 »
Yes, you are right I mean this code. Thanks.

CreateTask() function in SX400 is placed in ROM. So how to create hook for it?  Using old hook method like
*(int*)0x1938 = (int)taskCreateHook is not successful.
In that case your best choice is to "dig down" to the routines that start the tasks you'd like to replace - as it was done in the first DryOS ports. Can you share the fw dump?


*

Offline alvm

  • ***
  • 116

*

Offline srsa_4c

  • ******
  • 3165
Re: CreateTask patch doesn't work
« Reply #5 on: 10 / October / 2014, 13:04:39 »
http://chdk.setepontos.com/index.php?topic=11973.0
Thanks. Fortunately, the DryOS r55+p6 kernel is still located in RAM.
Even though CreateTask() got put back into ROM, you still have the possibility to patch its low level function (let's call it CreateTask_low for example), because that is still in RAM.
CreateTask (0xff824a2c) calls CreateTask_low (0x6b15a4) @ 0xff824abc. Note that the low level function has different arguments and return value, but you'll still be able to replace the task function's pointer.

 

Related Topics