SX260 HS Porting Thread - page 3 - DryOS Development - CHDK Forum supplierdeeply

SX260 HS Porting Thread

  • 642 Replies
  • 119745 Views
*

Offline asm1989

  • *****
  • 527
  • SX720, SX260, SX210 & SX200
Re: SX260 HS Porting Thread
« Reply #20 on: 05 / April / 2012, 02:20:41 »
Advertisements
Thanks, the exisiting ones, dosnt do a very good job, only found 400 refs or so, and a  lot of broken code,

what are you using instead of IDA?


*

Offline asm1989

  • *****
  • 527
  • SX720, SX260, SX210 & SX200
Re: SX260 HS Porting Thread
« Reply #21 on: 05 / April / 2012, 06:56:14 »
also I have problems with some subs not well identified like:

BL      0x690448

Instead of BL sub_FF.....

any tip's on how to fix it?

*

Online philmoz

  • *****
  • 3156
    • Photos
Re: SX260 HS Porting Thread
« Reply #22 on: 05 / April / 2012, 07:14:39 »
also I have problems with some subs not well identified like:

BL      0x690448

Instead of BL sub_FF.....

any tip's on how to fix it?

Unfortunately they are correct - at startup the firmware copies a chunk of itself to RAM and then uses the RAM version of the routines copied.

If you look at the output of the latest version of finsig_dryos (stubs_entry.S) you will see the functions it detects have been relocated.

You can load a portion of the firmware file into IDA at the correct RAM address to help it disassemble correctly.

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)
  g5x (1.00c, 1.01a, 1.01b)

*

Offline asm1989

  • *****
  • 527
  • SX720, SX260, SX210 & SX200
Re: SX260 HS Porting Thread
« Reply #23 on: 05 / April / 2012, 07:20:54 »
Thanks philmoz

So I cant use this directly  "BL      0x690448" in boot.c or other files then?

How can I do that:

Quote
You can load a portion of the firmware file into IDA at the correct RAM address to help it disassemble correctly.

Thanks for the directions



Re: SX260 HS Porting Thread
« Reply #24 on: 05 / April / 2012, 07:39:21 »
what are you using instead of IDA?
see my sig line below -->
         
Ported :   A1200    SD940   G10    Powershot N    G16

*

Online philmoz

  • *****
  • 3156
    • Photos
Re: SX260 HS Porting Thread
« Reply #25 on: 05 / April / 2012, 08:26:33 »
Thanks philmoz

So I cant use this directly  "BL      0x690448" in boot.c or other files then?


You should still be able to use "BL sub_00690448".

Quote
How can I do that:

Quote
You can load a portion of the firmware file into IDA at the correct RAM address to help it disassemble correctly.

Thanks for the directions


In firmware 100b the code that copies the ROM starts a 0xFF000138.
It copies 0x1044C bytes from 0xFF680924 to 0x685000 (end address is 0x69544C).

This is what I did, may not be the best way.

In IDA select File --> Load File --> Add additional binary file.
Select the firmware PRIMARY.BIN.
Set the Loading segment to 0, loading offset to 0x685000, file offset to 0x680924 and number of bytes to 0x1044C.

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)
  g5x (1.00c, 1.01a, 1.01b)

*

Offline asm1989

  • *****
  • 527
  • SX720, SX260, SX210 & SX200
Re: SX260 HS Porting Thread
« Reply #26 on: 05 / April / 2012, 08:42:27 »
thanks philmoz , Looks like that way matches calls with code, will try to confirm

First I will attempt to use the ram ones using 00... unless I need to modify one.

@waterwingz  didnt try yet CHDK-PT, but will.


Re: SX260 HS Porting Thread
« Reply #27 on: 05 / April / 2012, 09:34:08 »
@waterwingz  didnt try yet CHDK-PT, but will.
Has some limitations for "cracking" a new camera but is quite useful for porting between different firmware versions.   And the price is right.

Ported :   A1200    SD940   G10    Powershot N    G16


*

Offline asm1989

  • *****
  • 527
  • SX720, SX260, SX210 & SX200
Re: SX260 HS Porting Thread
« Reply #28 on: 05 / April / 2012, 13:36:31 »
Ok, worked on boot.c and here it is

http://www.4shared.com/zip/GD6zJSh1/sx260-100b-bootc-v1.html


Final check & test is needed, And I use Ram address since are not related to chdk

There are two things I'm not sure

1) this numbers look ok to me cross comparing SX230 & SX40, someone could verify?

Code: [Select]
void __attribute__((naked,noinline)) sub_FF00038C_my() {
   *(int*)0x1938=(int)taskHook;
   *(int*)0x193C=(int)taskHook;
//SX260:  FF00B23C   +    FF04D3EC  -> Must be verified
if ((*(int*) 0xC022C30C) & 1)               //asm1989 FF00B23C -> 0xC022C000 + 0x30C not sure ??  ,  look at play switch
        *(int*)(0x2618+0x4) = 0x200000;         // asm1989 0x2618 @ FF04D3EC - not pressed - start in rec mode
    else
        *(int*)(0x2618+0x4) = 0x100000;         // power pressed - start in play mode

2) I was unable to find sleeptask  for the patch in JogDial_task_my(), Is it OK?

Code: [Select]
//PATCH BEGIN
"labelA:\n"
             "LDR     R0, =jogdial_stopped\n"
             "LDR     R0, [R0]\n"
             "CMP     R0, #1\n"
             "BNE     labelB\n"
             "MOV     R0, #40\n"
//asm1989 Maybe wrong!!!
             "LDR     R1, =0x68C2E8\n"       //asm1989 couldnt find sleeptask useg
             "LDR     R0, =0xFF1BA27C\n"       //asm1989 couldnt find sleeptask useg
             //sx230 code
             //"BL      sub_FF02B91C\n"       //sleeptask
             "B       labelA\n"
"labelB:\n"
//PATCH END

Thanks for the tips
« Last Edit: 05 / April / 2012, 14:07:29 by asm1989 »

*

Online philmoz

  • *****
  • 3156
    • Photos
Re: SX260 HS Porting Thread
« Reply #29 on: 05 / April / 2012, 18:40:17 »

2) I was unable to find sleeptask  for the patch in JogDial_task_my(), Is it OK?

Code: [Select]
//PATCH BEGIN
"labelA:\n"
             "LDR     R0, =jogdial_stopped\n"
             "LDR     R0, [R0]\n"
             "CMP     R0, #1\n"
             "BNE     labelB\n"
             "MOV     R0, #40\n"
//asm1989 Maybe wrong!!!
             "LDR     R1, =0x68C2E8\n"       //asm1989 couldnt find sleeptask useg
             "LDR     R0, =0xFF1BA27C\n"       //asm1989 couldnt find sleeptask useg
             //sx230 code
             //"BL      sub_FF02B91C\n"       //sleeptask
             "B       labelA\n"
"labelB:\n"
//PATCH END


SleepTask is found at address 0x0068c2e8 in stubs_entry.S.

Why are you loading R1 & R0 and then not calling sleep?
Can't you use 'BL sub_0068c2e8'?

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)
  g5x (1.00c, 1.01a, 1.01b)

 

Related Topics