IXUS 230 HS - Porting Thread

  • 167 Replies
  • 22760 Views
  • Publish
    Re: IXUS 230 HS - Porting Thread
    « Reply #60 on: 26 / February / 2012, 10:47:48 »
    Advertisements
    I will try to port the 100b code to 100e.
    Welcome onboard!

    Here's a starting point : CHKD-PT

    Also, you will want to study the pages linked at the bottom of here :  For Developers

    *

    Offline mrks

    • *
    • 17
  • Publish
    Re: IXUS 230 HS - Porting Thread
    « Reply #61 on: 26 / February / 2012, 12:40:37 »
    I am trying the CHDK-PT approach, but when I get to "Converting stubs_entry_2.S" I don't get anything. The converted file just contains the two lines
    Code: [Select]
    // Note : This file generated by CHDK-PT.
    #include "stubs_asm.h"

    Is this a reasonable output?
    The input file has two lines with "NHSTUB( ... )" so I assumed I would get something similar in the output.

  • Publish
    Re: IXUS 230 HS - Porting Thread
    « Reply #62 on: 26 / February / 2012, 13:51:30 »
    The input file has two lines with "NHSTUB( ... )" so I assumed I would get something similar in the output.
    Cut & paste the input file here ?

    *

    Offline mrks

    • *
    • 17
  • Publish
    Re: IXUS 230 HS - Porting Thread
    « Reply #63 on: 26 / February / 2012, 14:08:38 »
    I'm working with trunk 1700 and here is the stubs_entry_2.S file that I have in the 100b folder
    Code: [Select]
    #include "stubs_asm.h"
    #define NULL_SUB 0xFF000B20

    // Override stubs_entry.S
    NHSTUB(kbd_pwr_on,                  NULL_SUB)

    // These don't exist
    NHSTUB(SetZoomActuatorSpeedPercent, NULL_SUB)

    // Additional



  • Publish
    Re: IXUS 230 HS - Porting Thread
    « Reply #64 on: 26 / February / 2012, 14:12:18 »
    I'm working with trunk 1700 and here is the stubs_entry_2.S file that I have in the 100b folder
    Just copy the stub_entry_2.S file directly from the sub/100b directory into the sub/100e directory.  Those two entries don't really do anything - they are just needed to so that the code builds without errors.

    *

    Offline mrks

    • *
    • 17
  • Publish
    Re: IXUS 230 HS - Porting Thread
    « Reply #65 on: 26 / February / 2012, 15:43:42 »
    I'm trying to do the addresses_ctasks.txt
    Starting with boot.c
    My first two entries:
    --------
    boot 0xFF00000C 89
    sub_FF000358_my 0xFF000358 27
    --------

    Am I on the right path here?

    I'm having problems with the third function "sub_FF0011B0_my"
    In boot.c that function ends with:
    Code: [Select]
                " MOV R0, #0x280 \n"
                " STR R0, [SP, #0x68] \n"
                //" LDR R1, =0xFF005F2C \n" // original
                " LDR R1, =sub_FF005F2C_my \n" // patched
                "   B       sub_FF00124C \n" // continue in firmware

    and in the disassembly it ends with:
    Code: [Select]
    "    MOV     R0, #0x280 \n"
    "    STR     R0, [SP, #0x68] \n"
    "    LDR     R1, =0xFF005F2C \n"
    "    MOV     R2, #0 \n"
    "    MOV     R0, SP \n"
    "    BL      sub_FF0034C4 \n"
    "    ADD     SP, SP, #0x74 \n"
    "    LDR     PC, [SP], #4 \n"
    "dword_FF001260  DCD 0x375C00 \n"
    "dword_FF001264  DCD 0x181A9C \n"

    Where does that function actually end in the firmware? Seeing the modified LDR is obvious, but I'm not good enough with assembly to know what the other differences mean.

  • Publish
    Re: IXUS 230 HS - Porting Thread
    « Reply #66 on: 26 / February / 2012, 15:51:09 »
    Am I on the right path here?
    Pretty much !

    Quote
    Where does that function actually end in the firmware? Seeing the modified LDR is obvious, but I'm not good enough with assembly to know what the other differences mean.
    After the modified LDR,  the boot.c task just jumps back to the Canon firmware - the CHDK hacks are done so the code can go back to what it was doing.    The   "   B  sub_FF00124C \n" goes to the next address in the firmware where the code was taken from.

    *

    Offline mrks

    • *
    • 17
  • Publish
    Re: IXUS 230 HS - Porting Thread
    « Reply #67 on: 03 / March / 2012, 11:25:25 »
    Progress update.

    I have converted boot.c to 100e firmware.
    It boots properly and I can enter the menu.

    It differs from 100b version in only 2 places.
    I have attached boot.c with comments on the changed lines


    *

    Offline mrks

    • *
    • 17
  • Publish
    Re: IXUS 230 HS - Porting Thread
    « Reply #68 on: 04 / March / 2012, 10:52:19 »
    I have run in to a problem while converting the movie_rec.c functions

    Code: [Select]
    ../platform/ixus230_elph310hs/sub/100e/libplatformsub.a(movie_rec.o): In function `loc_FF185F80':
    movie_rec.c:(.text+0x400): undefined reference to `loc_FF186020'
    collect2: ld returned 1 exit status

    CHDK-PT has generated a stubs file where loc_FF186020 is referenced but this location is never defined. It is not in stubs_auto.S where I guess it should be.
    When looking at the assembly code in chdk-pt I can see that label where it should be.
    The location 0xFF186020 is just after the current function.

    When looking at the 100b files I can see that the corresponding location in that firmware is defined in stubs_auto.S

    Can I manually fix this?
    Also, why is it not in stubs_auto.S?

    *

    Offline mrks

    • *
    • 17
  • Publish
    Re: IXUS 230 HS - Porting Thread
    « Reply #69 on: 04 / March / 2012, 13:20:19 »
    I figured out the undefined reference problem. After looking at how the stubs are generated I fixed it by replacing loc_ with sub_

    So now I have all 3 files converted. Photos work fine but camera crashes when I stop shooting a video.

    Video bug is possibly related to disassembly problem I have noticed. At the end of the last function in movie_rec.c
    The stub generated by chdk-pt has this in it:
    Code: [Select]
    "    STR     R0, [R1, #0x8C] \n"
    "    LDMFD   SP!, {R0-R12,PC} \n"
    "    STRVSBT R7, [R8], #-0x66D \n"
    Error: [undefined instr     C4B0] Undefined instruction j
    "    MULEQ   R0, R10, SP \n"
    "dword_FF2E3594  DCD 0xFF2E20E0 \n"
    "dword_FF2E3598  DCD 0xEA3 \n"
    "dword_FF2E359C  DCD 0x2710 \n"
    "dword_FF2E35A0  DCD 0xC318 \n"
    "dword_FF2E35A4  DCD 0xFF2E303C \n"
    "dword_FF2E35A8  DCD 0x57766F4D \n"
    "dword_FF2E35AC  DCD 0x65746972 \n"
    "dword_FF2E35B0  DCD 0x0 \n"
    "dword_FF2E35B4  DCD 0x346 \n"
    "dword_FF2E35B8  DCD 0x7530 \n"
    "dword_FF2E35BC  DCD 0x5DC0 \n"
    "dword_FF2E35C0  DCD 0x5DC \n"
    "dword_FF2E35C4  DCD 0xBB8 \n"
    "dword_FF2E35C8  DCD 0x1770 \n"
    "dword_FF2E35CC  DCD 0x3A980 \n"
    "dword_FF2E35D0  DCD 0x1D4C0 \n"
    "dword_FF2E35D4  DCD 0x377 \n"
    "dword_FF2E35D8  DCD 0xE0F \n"
    "dword_FF2E35DC  DCD 0x7A760 \n"
    "dword_FF2E35E0  DCD 0x257 \n"
    "dword_FF2E35E4  DCD 0x11DA50 \n"
    "dword_FF2E35E8  DCD 0x39F \n"
    "dword_FF2E35EC  DCD 0x138D \n"
    "dword_FF2E35F0  DCD 0xC498 \n"
    "dword_FF2E35F4  DCD 0x15E4BC \n"
    "loc_FF2E35F8:\n"
    "    ADD     R2, R2, #0x1F \n"

    It looks the same in the 100b dump, and the function in the c-file there has just removed the problem parts, so I did the same.

    I'm not sure how to continue from here...

    I include the two files I have updated since last post

     

    Related Topics