I'm trying to do the addresses_ctasks.txt
Starting with boot.c
My first two entries:
--------
boot 0xFF00000C 89
sub_FF000358_my 0xFF000358 27
--------
Am I on the right path here?
I'm having problems with the third function "sub_FF0011B0_my"
In boot.c that function ends with:
" MOV R0, #0x280 \n"
" STR R0, [SP, #0x68] \n"
//" LDR R1, =0xFF005F2C \n" // original
" LDR R1, =sub_FF005F2C_my \n" // patched
" B sub_FF00124C \n" // continue in firmware
and in the disassembly it ends with:
" MOV R0, #0x280 \n"
" STR R0, [SP, #0x68] \n"
" LDR R1, =0xFF005F2C \n"
" MOV R2, #0 \n"
" MOV R0, SP \n"
" BL sub_FF0034C4 \n"
" ADD SP, SP, #0x74 \n"
" LDR PC, [SP], #4 \n"
"dword_FF001260 DCD 0x375C00 \n"
"dword_FF001264 DCD 0x181A9C \n"
Where does that function actually end in the firmware? Seeing the modified LDR is obvious, but I'm not good enough with assembly to know what the other differences mean.