New stubs/signature finder (gensig2/finsig2) for DryOS cameras. - page 7 - General Discussion and Assistance - CHDK Forum
supplierdeeply

New stubs/signature finder (gensig2/finsig2) for DryOS cameras.

  • 103 Replies
  • 37761 Views
*

Offline philmoz

  • *****
  • 3442
    • Photos
Re: New stubs/signature finder (gensig2/finsig2) for DryOS cameras.
« Reply #60 on: 28 / May / 2013, 04:14:41 »
Advertisements
I'd like to suggest adding a few functions which could be useful in the future.

EngDrv* (EngDrvIn, EngDrvOut, EngDrvRead, EngDrvBits). I have a possible use for EngDrvRead at the moment.

exmem_free (its real name is probably ExMem.FreeCacheable), it could be useful sometimes to allocate a bigger chunk of memory, and be able to free it. To be able to actually use these, the list of exmem categories is also needed.

realloc (hint here: http://chdk.wikia.com/wiki/User:Srsa_4c/Additional_firmware_routines), some routines depend on it.

Of course the same would be needed for VxWorks, but I'm a bit concerned about that sigfinder. For example the EngDrv event procedures have known names, but their implementation differs somewhat - it would probably be better to find these by name.

Added for DryOS in revision 2809 - trunk only.

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)
  g5x (1.00c, 1.01a, 1.01b)
  g7x2 (1.01a, 1.01b, 1.10b)

*

Offline srsa_4c

  • ******
  • 4450
Re: New stubs/signature finder (gensig2/finsig2) for DryOS cameras.
« Reply #61 on: 28 / May / 2013, 13:41:23 »
Added for DryOS in revision 2809 - trunk only.
Thank you.
Is there a method in sigfinder to identify the first called (BL) subroutine in a certain function (without using generated signatures)?

Hmm. Looks like a slightly butchered finsig_dryos does find some things in VxWorks dumps (mostly eventprocs) :)
« Last Edit: 28 / May / 2013, 14:10:08 by srsa_4c »

*

Offline philmoz

  • *****
  • 3442
    • Photos
Re: New stubs/signature finder (gensig2/finsig2) for DryOS cameras.
« Reply #62 on: 28 / May / 2013, 16:02:55 »
Added for DryOS in revision 2809 - trunk only.
Thank you.
Is there a method in sigfinder to identify the first called (BL) subroutine in a certain function (without using generated signatures)?

Yes, if it's at a constant offset from the start of the function.
For example, exmem_free is actually the function called in the 3rd instruction of the ExMem.FreeCacheable function.
There are some things found at variable offsets; but this is done using custom code for the special cases.

Quote
Hmm. Looks like a slightly butchered finsig_dryos does find some things in VxWorks dumps (mostly eventprocs) :)

It should be possible to convert some of what finsig_dryos does to finsig_vxworks.
But it will require a fair amount of work.

I chose not to do this because, Canon don't make VxWorks cameras anymore so I'm not sure how much benefit it would be, and I only have one VxWorks camera to test with.

When I initially developed the new finsig_dryos, I set it up to save a copy of the existing stubs_entry.S file, and then compare the results to the new values found. Without this you don't know if a function address may have changed using the new signature matching. It took months of test runs, comparisons and digging into firmware dumps to iron out the discrepancies.

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)
  g5x (1.00c, 1.01a, 1.01b)
  g7x2 (1.01a, 1.01b, 1.10b)

*

Offline srsa_4c

  • ******
  • 4450
Re: New stubs/signature finder (gensig2/finsig2) for DryOS cameras.
« Reply #63 on: 28 / May / 2013, 20:31:59 »
It should be possible to convert some of what finsig_dryos does to finsig_vxworks.
But it will require a fair amount of work.

I chose not to do this because, Canon don't make VxWorks cameras anymore so I'm not sure how much benefit it would be, and I only have one VxWorks camera to test with.

When I initially developed the new finsig_dryos, I set it up to save a copy of the existing stubs_entry.S file, and then compare the results to the new values found. Without this you don't know if a function address may have changed using the new signature matching. It took months of test runs, comparisons and digging into firmware dumps to iron out the discrepancies.
My intention is not to replace finsig_vxworks, I'd like to find some "new" functions in those old firmwares in a way that's relatively painless. Since the original sigfinder is IMHO really just what its name suggests, I'll try to make use of the added intelligence of your sigfinder.



we would need get some task synchronization object functions (semaphore, message queue, event flag) in the sig fingers.
I fully support this idea. I have worked out some of these in various DryOS firmwares (using known parts of code and comparison to VxWorks equivalents), but I don't have a way to automate the identification. Knowing these functions makes exploring unknown parts of the firmware easier.


Re: New stubs/signature finder (gensig2/finsig2) for DryOS cameras.
« Reply #64 on: 28 / May / 2013, 20:53:32 »
Quote
we would need get some task synchronization object functions (semaphore, message queue, event flag) in the sig fingers.
I fully support this idea. I have worked out some of these in various DryOS firmwares (using known parts of code and comparison to VxWorks equivalents), but I don't have a way to automate the identification. Knowing these functions makes exploring unknown parts of the firmware easier.
If you happen to be wading through all that and notice a way to lock out Canon display updates while the CHDK menu is active ... don't be shy about pointing that out ?   :xmas
Ported :   A1200    SD940   G10    Powershot N    G16

*

Offline srsa_4c

  • ******
  • 4450
Re: New stubs/signature finder (gensig2/finsig2) for DryOS cameras.
« Reply #65 on: 28 / May / 2013, 21:12:13 »
If you happen to be wading through all that and notice a way to lock out Canon display updates while the CHDK menu is active ... don't be shy about pointing that out ?   :xmas
I know a theoretical way: by bringing up a full-screen Canon "dialog" (I think that ML is/was doing something similar). Problem is that the functions to achieve this are not really known and that Canon's GUI functions are evolving constantly.

Re: New stubs/signature finder (gensig2/finsig2) for DryOS cameras.
« Reply #66 on: 28 / May / 2013, 21:35:02 »
If you happen to be wading through all that and notice a way to lock out Canon display updates while the CHDK menu is active ... don't be shy about pointing that out ?   :xmas
I know a theoretical way: by bringing up a full-screen Canon "dialog" (I think that ML is/was doing something similar). Problem is that the functions to achieve this are not really known and that Canon's GUI functions are evolving constantly.
So the idea is to induce a Canon menu/dialog that covers the whole screen and thus does not update and overwrite the CHDK menus while the Canon f/w thinks its dialog is active.  That could work but finding a non-camera specific way to do that would be interesting.   Maybe a porting option that allows the person doing the port to provide a key click sequence (shooting mode only?)  that would invoke the dialog on entry to <ALT> mode and one to cancel it on exit?  Cameras without the option just work like they do today - cameras where someone cared enough to take the time would get the benefit.
Ported :   A1200    SD940   G10    Powershot N    G16

*

Offline srsa_4c

  • ******
  • 4450
Re: New stubs/signature finder (gensig2/finsig2) for DryOS cameras.
« Reply #67 on: 30 / May / 2013, 20:31:21 »
EngDrv* (EngDrvIn, EngDrvOut, EngDrvRead, EngDrvBits). I have a possible use for EngDrvRead at the moment.

Added for DryOS in revision 2809 - trunk only.
I've been thinking about this. I should not have mentioned EngDrvIn, as it's pretty trivial. EngDrvOut and EngDrvBits can be potentially useful, but not at the moment, so IMHO they can get the UNUSED flag.
As for the functions: they are the event procedure versions, and they take pointers. That means, their usage needs some local storage, we can't just pass them #defined constants.
It should be possible to make the sigfinder find their non-eventproc versions (I've been experimenting with this, by adjusting the 'offset'). Question is, is it worth it?


*

Offline philmoz

  • *****
  • 3442
    • Photos
Re: New stubs/signature finder (gensig2/finsig2) for DryOS cameras.
« Reply #68 on: 31 / May / 2013, 06:43:39 »
EngDrv* (EngDrvIn, EngDrvOut, EngDrvRead, EngDrvBits). I have a possible use for EngDrvRead at the moment.

Added for DryOS in revision 2809 - trunk only.
I've been thinking about this. I should not have mentioned EngDrvIn, as it's pretty trivial. EngDrvOut and EngDrvBits can be potentially useful, but not at the moment, so IMHO they can get the UNUSED flag.
As for the functions: they are the event procedure versions, and they take pointers. That means, their usage needs some local storage, we can't just pass them #defined constants.
It should be possible to make the sigfinder find their non-eventproc versions (I've been experimenting with this, by adjusting the 'offset'). Question is, is it worth it?

Updated in revision 2815:
 - marked as UNUSED
 - fund the non-eventproc version

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)
  g5x (1.00c, 1.01a, 1.01b)
  g7x2 (1.01a, 1.01b, 1.10b)

*

Offline srsa_4c

  • ******
  • 4450
Re: New stubs/signature finder (gensig2/finsig2) for DryOS cameras.
« Reply #69 on: 17 / June / 2013, 15:38:20 »
@philmoz
When you have some time, can you explain some of the functions (return value, arguments) you used in your latest (2877) finsig_dryos.c changeset? I'd like to understand "the basics" better.

 

Related Topics