"BNE loc_FF81FD2C"
"B loc_FF81FD18"
" STRNE R1, [R3, #4] \n"
" LDR R0, =0x19F4 \n"
Grr, I'm not getting very far with my S5... In the function where wHwSetup_my is hookedCode: [Select]"LDR R1, =uHwSetup_my\n" // followup to own functiona call to sub_FF812D84 is made, which calls ... which calls .. and so on, until I reach sub_FF818BB0 (A720 equiv sub_FFC08C98, identical in both cameras). For some reason execution stops atCode: [Select]"STRNE R1, [R2,#4]\n"and I don't know why. The addresses it's referencing look quite alike in both firmwares but for some reason it's acting up in the S5. If anyone has any ideas, please In the meantime, I guess I'll look over the complete code again to make sure I didn't make an error anywhere.
"LDR R1, =uHwSetup_my\n" // followup to own function
"STRNE R1, [R2,#4]\n"
One thing I forgot to mention is that you will need to change platform/<dev>/sub/<rev>/makefile.incYou need to change* MEMISOSTART, CHDK gets relocated thereand* ROMBASEADDR...What happens is: the firmware copies an amount of memory from ROM to RAM. This happens at FFC00130 (A720). Check the declarations at the beginning of boot() and you will recognize the numbers. The firmware code that copies this memory is skipped and instead copied in boot(). The main memory pool (originally) starts right above this limit. Its address is indicated by R0 in the shown code. We move the memory pool a little up by adding 196k (0x30000), thus creating room for CHDK to live. This room is referred to in MEMISOSTARTOriginally only 128k were added, but as reported in this thread my code was overwritten. Thus everything is moved up a little more.So before anything can work, you have to adjust these numbers.
I found another discussion about exactly the same issue which I have:
As I don't really know which values have to be used, I would like to ask if someone could review my attached makefile.inc file or tell me how I can find out the correct values by myself.
"B sub_FF810358\n" //original //"B sub_FF810358_my\n" //patched
Hello Phil,thanks, I reduced the DISKBOOT.BIN size from 200KB to 104KB.I also disabled the EXMEM feature.But I still have no different behaviour yet.I was wondering if I would be able to start original firmware via my DISKBOOT.BIN to verify if it is working in general.Because currently I only verify my local code from boot.c when I look at LEDs blinking.I tried to use direct firmware call very early in boot.c but I'm still at black screen and no further reaction:Code: [Select] "BL sub_FF8111B0\n" //original //"BL sub_FF8111B0_my\n" //patchedHow can I start the original firmware from ROM via my DISKBOOT.BIN to verify my stuff at the very beginning?
"BL sub_FF8111B0\n" //original //"BL sub_FF8111B0_my\n" //patched
void __attribute__((naked,noinline)) taskcreatePhySw_my() {asm volatile (" STMFD SP!, {R3-R5,LR}\n"" LDR R4, =0x1C3C\n"" LDR R0, [R4,#0x4]\n"" CMP R0, #0\n"" BNE sub_FF834A20\n" // continue in firmware" MOV R3, #0\n"" STR R3, [SP]\n"" LDR R3, =mykbd_task\n" // task_PhySw" MOV R2, #0x2000\n" // stack size for new task_PhySw so we don't have to do stack switch // this line was reached, verified by LED blinker "B sub_FF834A10 \n" // continue in firmware );}
Started by acseven General Discussion and Assistance
Started by ELPH300 « 1 2 » Hello, I'm a NEWBIE - HELP!! (Newbies assistance, User Guides and thank you notes)
Started by VincentD « 1 2 3 » General Help and Assistance on using CHDK stable releases
Started by yoshiharra General Help and Assistance on using CHDK stable releases
Started by igb General Help and Assistance on using CHDK stable releases