addresses.txt and line numbers - DSLR Hack development - CHDK Forum supplierdeeply

addresses.txt and line numbers

  • 2 Replies
addresses.txt and line numbers
« on: 29 / March / 2012, 08:54:12 »

sorry i did not find the answer with the wiki search

so i have a reference fw with the "C" code in boot.c for example

Code: [Select]
void __attribute__((naked,noinline)) taskcreate_SsTask_my() {
asm volatile (
"                 STMFD   SP!, {R4,LR}\n"
"                 MOV     R1, #0\n"
"                 MOV     R0, #0\n"
"                 BL      sub_FFC17024\n" // KernelMisc.c:43
"                 LDR     R4, =0x1C48\n"
"                 STR     R0, [R4,#4]\n"
"                 BL      sub_FFC4E494\n"
"                 BL      sub_FFC4FB6C\n"
"                 BL      sub_FFC4D624\n"
"                 BL      sub_FFC48B54_my\n"
"                 BL      sub_FFC4E750\n"
"                 LDR     R0, [R4,#4]\n"
"                 LDMFD   SP!, {R4,LR}\n"
"                 MOV     R1, #0x1000\n"
"                 B       sub_FFC524CC\n"

that makes 15 asm instructions with the last one returning ...

the disasm from the dumped (new) firmware is
Code: [Select]
ROM:FCC49284 taskcreate_SsStartupTask                ; CODE XREF: sub_FCC14A7C+2Cp
ROM:FCC49284 var_10          = -0x10
ROM:FCC49284                 STMFD   SP!, {R3-R5,LR}
ROM:FCC49288                 MOV     R5, R0
ROM:FCC4928C                 BL      sub_FCC4E8E4
ROM:FCC49290                 BL      sub_FCC4E4C4
ROM:FCC49294                 MOV     R0, #1
ROM:FCC49298                 BL      sub_FCC4E4E0
ROM:FCC4929C                 MOV     R1, #0
ROM:FCC492A0                 ADR     R0, sub_FCC49264
ROM:FCC492A4                 BL      sub_FCC44D18
ROM:FCC492A8                 LDR     R0, =0xFFC49490
ROM:FCC492AC                 MOV     R1, #0
ROM:FCC492B0                 BL      sub_FCC44DD8
ROM:FCC492B4                 MOV     R1, #0
ROM:FCC492B8                 ADR     R0, sub_FCC4922C
ROM:FCC492BC                 BL      sub_FCC44E94
ROM:FCC492C0                 MOV     R1, #0
ROM:FCC492C4                 ADR     R0, loc_FCC4921C
ROM:FCC492C8                 BL      sub_FCC45000
ROM:FCC492CC                 LDR     R4, =0x2830
ROM:FCC492D0                 MOV     R0, #0
ROM:FCC492D4                 STR     R0, [R4,#0xC]
ROM:FCC492D8                 MOV     R0, #1
ROM:FCC492DC                 STR     R0, [R4]
ROM:FCC492E0                 LDR     R0, [R4,#4]
ROM:FCC492E4                 MOV     R1, #0x1040
ROM:FCC492E8                 BL      sub_FCC52500
ROM:FCC492EC                 LDR     R3, =0xFFC48EBC
ROM:FCC492F0                 MOV     R2, #0x1000
ROM:FCC492F4                 MOV     R1, #0x17
ROM:FCC492F8                 ADR     R0, aSsstartuptask ; "SsStartupTask"
ROM:FCC492FC                 STR     R5, [SP,#0x10+var_10]
ROM:FCC49300                 BL      KernelCreateTask
ROM:FCC49304                 LDR     R1, =0xEA60
ROM:FCC49308                 LDR     R0, [R4,#8]
ROM:FCC4930C                 MOV     R3, #0xE8
ROM:FCC49310                 ADR     R2, aSsstartuptask_ ; "SsStartupTask.c"
ROM:FCC49314                 BL      sub_FCC170B4
ROM:FCC49318                 CMP     R0, #0
ROM:FCC4931C                 LDMNEFD SP!, {R3-R5,LR}
ROM:FCC49320                 MOVNE   R1, #0xE8
ROM:FCC49324                 ADRNE   R0, aSsstartuptask_ ; "SsStartupTask.c"
ROM:FCC49328                 BNE     DebugAssert
ROM:FCC4932C                 LDMFD   SP!, {R3-R5,PC}
ROM:FCC4932C ; End of function taskcreate_SsStartupTask

now my question, the adress.txt line should be
Code: [Select]
taskcreate_SsTask_my FCC49284 15
? i am not sure about the number,
do i count the instruction number from the reference boot.c or the number
of instructions from the disassembly


Re: addresses.txt and line numbers
« Reply #1 on: 29 / March / 2012, 12:23:50 »
I suggest you to post this question in the development thread in google groups:!forum/ml-devel
It will probably seen by more people over there.


Offline srsa_4c

  • ******
  • 4451
Re: addresses.txt and line numbers
« Reply #2 on: 29 / March / 2012, 17:03:35 »

sorry i did not find the answer with the wiki search
Your reference camera is a P&S model, so I guess you'd like to port CHDK to another point&shoot model. This part of the forum is dedicated to DSLRs, and the author of CHDK-PT rarely takes a visit here.
CHDK-PT's wiki page is this one:

To your question:
The reference and your target seem to differ (so it's a different model, not just a new firmware variant). In this case, request more disassembled lines (you can erase the surplus lines later). Another note: I recommend you to look at fresh DryOS ports which use taskCreateHook() calls to replace Canon tasks. Digging into taskcreate routines is usually not necessary anymore.

If you still have questions about CHDK-PT, try to ask the author:


Related Topics