IXUS75/SD750 1.01a | 1.00b | 1.02a - Update 09Nov2008 - Passing the Torch - page 4 - General Discussion and Assistance - CHDK Forum

IXUS75/SD750 1.01a | 1.00b | 1.02a - Update 09Nov2008 - Passing the Torch

  • 381 Replies

Offline TPC

  • *
  • 46
  • SD750 1.01a
Re: IXUS75/SD750 1.01a - Port (Maybe) Finished
« Reply #30 on: 09 / April / 2008, 15:10:20 »
Finally, the last function in capt_seq.c:

void __attribute__((naked,noinline)) capt_seq_task()
   asm volatile (
                     "STMFD   SP!, {R4,LR}\n"
                     "SUB     SP, SP, #4\n"
                     "MOV     R4, SP\n"
                     "B       loc_FFB0AD2C\n"
                     "LDR     R2, [SP]\n"
                     "LDR     R3, [R2]\n"
                     "MOV     R0, R2\n"
                     "CMP     R3, #0x15\n"
                     "LDRLS   PC, [PC,R3,LSL#2]\n"
                     "B       loc_FFB0AD00\n"
                     ".long   loc_FFB0AC20\n"
                     ".long   loc_FFB0AC40\n"
                     ".long   loc_FFB0AC54\n"
                     ".long   loc_FFB0AC68\n"
                     ".long   loc_FFB0AC60\n"
                     ".long   loc_FFB0AC70\n"
                     ".long   loc_FFB0AC78\n"
                     ".long   loc_FFB0AC84\n"
                     ".long   loc_FFB0AC8C\n"
                     ".long   loc_FFB0AC98\n"
                     ".long   loc_FFB0ACA0\n"
                     ".long   loc_FFB0ACA8\n"
                     ".long   loc_FFB0ACB0\n"
                     ".long   loc_FFB0ACB8\n"
                     ".long   loc_FFB0ACC0\n"
                     ".long   loc_FFB0ACCC\n"
                     ".long   loc_FFB0ACD4\n"
                     ".long   loc_FFB0ACDC\n"
                     ".long   loc_FFB0ACE4\n"
                     ".long   loc_FFB0ACF0\n"
                     ".long   loc_FFB0ACF8\n"
                     ".long   loc_FFB0AD14\n"
                     "BL      sub_FFB0B214\n"
              "BL      shooting_expo_param_override\n" // +    <-- ADD THIS LINE                  
                     "BL      sub_FFB08924\n"
                     "LDR     R3, =0xBE160\n"
                     "LDR     R2, [R3,#0x24]\n"
                     "CMP     R2, #0\n"
                     "BEQ     loc_FFB0AD10\n"
                     "BL      sub_FFB0A7D0\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0A6F4_my\n"   //------------> <-- FIX THIS LINE, MAKE SURE THE FUNCTION NAMES MATCH
                     "LDR     R2, =0xBE160\n"
                     "MOV     R3, #0\n"
                     "STR     R3, [R2,#0x24]\n"
                     "B       loc_FFB0AD10\n"
                     "MOV     R0, #1\n"
                     "BL      sub_FFB0B434\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0AE14\n"
                     "B       loc_FFB0AC44\n"
                     "BL      sub_FFB0B1CC\n"      // BackLightDrv_LcdBackLightOff_15
                     "B       loc_FFB0AC44\n"
                     "BL      sub_FFB0B1DC\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0B32C\n"
                     "BL      sub_FFB08924\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0A8AC\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0B39C\n"
                     "BL      sub_FFB08924\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0B1CC\n"      // BackLightDrv_LcdBackLightOff_15
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0CB04\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0CCD8\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0CD6C\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0CE68\n"
                     "B       loc_FFB0AD10\n"
                     "MOV     R0, #0\n"
                     "BL      sub_FFB0D0D4\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0D2A8\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0D344\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0D404\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0B588\n"
                     "BL      sub_FFB0A618\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0CFA8\n"
                     "B       loc_FFB0AD10\n"
                     "BL      sub_FFB0D004\n"
                     "B       loc_FFB0AD10\n"
                     "MOV     R1, #0x4C0\n"
                     "LDR     R0, =0xFFB0A474\n"      // aSsshoottask_c
                     "ADD     R1, R1, #0xE\n"
                     "BL      sub_FFB2C138\n"      // DebugAssert
                     "LDR     R2, [SP]\n"
                     "LDR     R3, =0x97A30\n"
                     "LDR     R1, [R2,#4]\n"
                     "LDR     R0, [R3]\n"
                     "BL      sub_FFB1E910\n"      // SetEventFlag
                     "LDR     R0, [SP]\n"
                     "BL      sub_FFB0A4F4\n"
                     "LDR     R3, =0x97A34\n"
                     "MOV     R1, R4\n"
                     "LDR     R0, [R3]\n"
                     "MOV     R2, #0\n"
                     "BL      sub_FFB1F028\n"      // ReceiveMessageQueue
                     "TST     R0, #1\n"
                     "BEQ     loc_FFB0ABB0\n"
                     "LDR     R0, =0xFFB0A474\n"      // aSsshoottask_C
                     "MOV     R1, #0x400\n"
                     "BL      sub_FFB2C138\n"      // DebugAssert
                     "BL      sub_FFB205EC\n"
                     "ADD     SP, SP, #4\n"
                     "LDMFD   SP!, {R4,PC}\n"               


Comments: I changed the following lines. Your addresses may vary. Everything else was left alone.

// Found at 0xFFA6F66C
char *hook_raw_image_addr()
    return (char*)0x10E706A0;

// Found at 0xFFA6499C
long hook_raw_size()
    return 0x8CAE10;

void *vid_get_viewport_live_fb()
    return (void*)0;

// Found at FFA302E0, aBmpddev_c
void *vid_get_bitmap_fb()
    return (void*)0x10361000;

// Found at FFA2ED70, aImgddev_c
void *vid_get_viewport_fb()
    return (void*)(0x1065BA50);

// Found at , aImageplayer_c
void *vid_get_viewport_fb_d()
    return (void*)(*(int*)0x94AE8);


Comments: I changed these lines to what you see now. The PLATFORMID line is the decimal value of "0x314E". It may be different for your camera.





Comments: This file took the longest for me to do, because of all the formatting that needed to done. Fear not, changing the addresses isn't anymore difficult than changing the other files, it just takes forever.

This file was modified in the following ways:

void __attribute__((naked,noinline)) movie_record_task(){
 asm volatile(               
                "STMFD   SP!, {R4,R5,LR}\n"
                        "SUB     SP, SP, #4\n"
                        "MOV     R5, SP\n"
                        "MOV     R4, #0\n"
                        "LDR     R3, =0xBBB10\n"
                        "MOV     R2, #0\n"
                        "LDR     R0, [R3]\n"
                        "MOV     R1, R5\n"
                        "BL      sub_FFB1F028\n" // ReceiveMessageQueue
                        "LDR     R3, =0xBBC30\n"
                        "LDR     R2, [R3]\n"
                        "CMP     R2, #0\n"
                        "BNE     loc_FFB8EA54\n"
                        "LDR     R1, [SP]\n"      // ,#0x10+var_10 <-- REMOVE EXTRA ARGUMENTS LIKE THESE
                        "LDR     R3, [R1]\n"
                        "SUB     R3, R3, #2\n"
                        "MOV     R0, R1\n"
                        "CMP     R3, #9\n"
                        "LDRLS   PC, [PC,R3,LSL#2]\n"
                        "B       loc_FFB8EA58\n"
                        ".long loc_FFB8EA18\n"
                        ".long loc_FFB8EA30\n"
                        ".long loc_FFB8EA38\n"
                        ".long loc_FFB8EA40\n"
                        ".long loc_FFB8EA20\n"
                        ".long loc_FFB8EA48\n"
                        ".long loc_FFB8EA28\n"
                        ".long loc_FFB8EA58\n"
                        ".long loc_FFB8EA50\n"
                        ".long loc_FFB8EA10\n"
                        "BL      sub_FFB8EAC4\n"
                        "B       loc_FFB8EA54\n"
                "BL      unlock_optical_zoom\n"
                        "BL      sub_FFB8ECCC\n"
                        "B       loc_FFB8EA54\n"
                        "BL      sub_FFB8F0AC_my\n"  //-----------> <-- CHANGE THIS LINE, MAKE SURE THE NAMES MATCH
                        "B       loc_FFB8EA54\n"
                        "BL      sub_FFB8F93C\n"
                        "B       loc_FFB8EA54\n"
                        "BL      sub_FFB8F3F0\n"
                        "B       loc_FFB8EA54\n"
                        "BL      sub_FFB8FAD8\n"
                        "B       loc_FFB8EA54\n"
                        "BL      sub_FFB8FCB8\n"
                        "B       loc_FFB8EA54\n"
                        "BL      sub_FFB8F9C4\n"
                        "B       loc_FFB8EA54\n"
                        "BL      sub_FFB8F440\n"
                        "LDR     R1, [SP]\n"      // ,#0x10+var_10 <-- REMOVE
                        "LDR     R3, =0xBBB14\n"
                        "STR     R4, [R1]\n"
                        "LDR     R0, [R3]\n"
                        "MOV     R2, R4\n"
                        "BL      sub_FFB1F440\n"      // PostMessageQueue
                        "B       loc_FFB8E9A8\n"


Offline TPC

  • *
  • 46
  • SD750 1.01a
Re: IXUS75/SD750 1.01a - Port (Maybe) Finished
« Reply #31 on: 09 / April / 2008, 15:10:49 »
This is sub_FFB8F0AC from IDA. Your sub address may be different, search for similair lines nearby to find it.

void __attribute__((naked,noinline)) sub_FFB8F0AC_my(){ <-- ADD "_my" TO THE END OF THIS
 asm volatile(
                        "STMFD   SP!, {R4-R11,LR}\n"
                        "LDR     R7, =0xBBC48\n"
                        "SUB     SP, SP, #0x3C\n"
                        "LDR     R3, [R7]\n"
                        "MOV     R5, #0\n"
                        "CMP     R3, #3\n"
                        "MOV     R4, R0\n"
                        "STR     R5, [SP,#0x34]\n"      // #0x60+var_2C <-- FIND var_2c (TOP OF FUNCTION), ADD TO ARGUMENT #0x60 (OR WHATEVER IT IS) IN HEX
                        "STR     R5, [SP,#0x2C]\n"      // #0x60+var_34 <-- FIND VAR, ADD IN HEX (#0x60 + var_34 = #0x2C)
                        "MOV     R6, #1\n"
                        "MOVEQ   R3, #4\n"
                        "STREQ   R3, [R7]\n"
                        "LDR     R3, =0xBBCF4\n"
                        "MOV     LR, PC\n"
                        "LDR     PC, [R3]\n"
                        "LDR     R2, [R7]\n"
                        "CMP     R2, #4\n"
                        "BNE     loc_FFB8F308\n"
                        "LDR     R3, =0xBBD36\n"
                        "LDRH    R2, [R3]\n"
                        "CMP     R2, #1\n"
                        "BNE     loc_FFB8F13C\n"
                        "LDR     R2, =0xBBC58\n"
                        "LDR     R1, =0xBBD38\n"
                        "LDR     R0, [R2]\n"
                        "LDRH    R3, [R1]\n"
                        "MUL     R12, R3, R0\n"
                        "LDR     R2, =0x10624DD3\n"
                        "UMULL   R3, R1, R2, R12\n"
                        "LDR     R3, =0xBBC74\n"
                        "MOV     R1, R1,LSR#6\n"
                        "LDR     R0, [R3]\n"
                        "BL      sub_FF91EA44\n"      // __umodsi3
                        "CMP     R0, #0\n"
                        "MOVNE   R6, #0\n"
                        "MOVEQ   R6, #1\n"
                        "CMP     R6, #1\n"
                        "BNE     loc_FFB8F15C\n"
                        "ADD     R0, SP, #0x38\n"      // #0x60+var_28 <-- FIND VAR, ADD IN HEX
                        "ADD     R1, SP, #0x34\n"      // #0x60+var_2C <-- FIND VAR, ADD IN HEX
                        "ADD     R2, SP, #0x30\n"      // #0x60+var_30 <-- FIND VAR, ADD IN HEX
                        "ADD     R3, SP, #0x2C\n"      // #0x60+var_34 <-- FIND VAR, ADD IN HEX
                        "BL      sub_FFB90874\n"
                        "MOV     R5, R0\n"
                        "CMP     R5, #0\n"
                        "BNE     loc_FFB8F18C\n"
                        "LDR     R3, =0xBBC38\n"
                        "LDR     R2, [R3]\n"
                        "CMP     R2, #1\n"
                        "BNE     loc_FFB8F1A0\n"
                        "LDR     R2, =0xBBC74\n"
                        "LDR     R1, =0xBBC4C\n"
                        "LDR     R0, [R2]\n"
                        "LDR     R3, [R1]\n"
                        "CMP     R0, R3\n"
                        "BCC     loc_FFB8F1A0\n"
                        "MOV     R0, R5\n"
                        "BL      sub_FFB8F368\n"
                        "BL      sub_FFB8F8FC\n"
                        "MOV     R3, #5\n"
                        "B       loc_FFB8F304\n"
                        "LDR     R9, [SP,#0x34]\n"      // #0x60+var_2C <-- FIND VAR, ADD IN HEX
                        "CMP     R9, #0\n"
                        "BEQ     loc_FFB8F288\n"
                        "LDR     R7, =0xBBC90\n"
                        "LDR     R12, =0xBBC7C\n"
                        "LDMIB   R4, {R0-R2}\n"
                        "LDR     R10, [R4,#0x18]\n"
                        "LDR     R6, [R7]\n"
                        "LDR     R7, [R4,#0x14]\n"
                        "LDR     R4, =0xBBC3C\n"
                        "LDR     R8, [R12]\n"
                        "ADD     R5, SP, #0x2C\n"         // #0x60+var_34 <-- FIND VAR, ADD IN HEX
                        "LDMIA   R5, {R5,LR}\n"
                        "MOV     R11, #1\n"
                        "LDR     R3, [SP,#0x38]\n"      // #0x60+var_28 <-- FIND VAR, ADD IN HEX
                        "ADD     R12, SP, #0x28\n"      // #0x60+var_38 <-- FIND VAR, ADD IN HEX
                        "STR     R11, [R4]\n"
                        "ADD     R4, SP, #0x24\n"         // #0x60+var_3C <-- FIND VAR, ADD IN HEX
                        "STMEA   SP, {R9,LR}\n"
                        "STR     R5, [SP,#0x8]\n"      // #0x60+var_58 <-- FIND VAR, ADD IN HEX
                        "STR     R12, [SP,#0xC]\n"      // #0x60+var_54 <-- FIND VAR, ADD IN HEX
                        "STR     R8, [SP,#0x10]\n"      // #0x60+var_50 <-- FIND VAR, ADD IN HEX
                        "STR     R6, [SP,#0x14]\n"      // #0x60+var_4C <-- FIND VAR, ADD IN HEX
                        "STR     R7, [SP,#0x18]\n"      // #0x60+var_48 <-- FIND VAR, ADD IN HEX
                        "STR     R10, [SP,#0x1C]\n"      // #0x60+var_44 <-- FIND VAR, ADD IN HEX
                        "STR     R4, [SP,#0x20]\n"      // #0x60+var_40 <-- FIND VAR, ADD IN HEX
                        "BL      sub_FFB93920\n"
                        "LDR     R3, =0xBBB08\n"
                        "MOV     R1, #0x3E8\n"
                        "LDR     R0, [R3]\n"
                        "BL      sub_FFB1FBF0\n"
                        "CMP     R0, #9\n"
                        "BNE     loc_FFB8F234\n"
                        "BL      sub_FFB91104\n"
                        "LDR     R3, =0xBBC48\n"
                        "LDR     R0, =0xFFB8F094\n"      // aJpegtimeout_5
                        "B       loc_FFB8F24C\n"
                        "LDR     R4, [SP,#0x24]\n"      // #0x60+var_3C <-- FIND VAR, ADD IN HEX
                        "CMP     R4, #0\n"
                        "BEQ     loc_FFB8F258\n"
                        "BL      sub_FFB91104\n"
                        "LDR     R3, =0xBBC48\n"
                        "LDR     R0, =0xFFB8F0A0\n"      // aJpegicerror_5
                        "STR     R11, [R3]\n"
                        "BL      sub_FFB42BB8\n"      // HardwareDefect
                        "B       loc_FFB8F308\n"
                        "BL      sub_FFB93A9C\n"
                        "LDR     R0, [SP,#0x38]\n"      // #0x60+var_28 <-- FIND VAR, ADD IN HEX
                        "LDR     R1, [SP,#0x28]\n"      // #0x60+var_38 <-- FIND VAR, ADD IN HEX
                        "BL      sub_FFB90D5C\n"
                        "LDR     R12, =0xBBC70\n"
                        "LDR     R3, [R12]\n"
                        "ADD     R3, R3, #1\n"
                        "LDR     R0, [SP,#0x28]\n"      // #0x60+var_38 <-- FIND VAR, ADD IN HEX
                        "LDR     R1, =0xBBC90\n"
                        "MOV     R2, R4\n"
                        "STR     R3, [R12]\n"
                        "BL      sub_FFAFE5AC_my\n"  //--------------> <-- CHANGE THIS LINE, MAKE SURE THE NAMES MATCH
                        "LDR     R4, =0xBBC74\n"
                        "LDR     R2, =0xBBC9C\n"
                        "LDR     R3, [R4]\n"
                        "LDR     R1, [R2]\n"
                        "LDR     R12, =0xBBC98\n"
                        "ADD     R3, R3, #1\n"
                        "MUL     R0, R1, R3\n"
                        "LDR     R1, [R12]\n"
                        "STR     R3, [R4]\n"
                        "BL      sub_FF91E9AC\n"      // __udivis3
                        "LDR     R6, =0xBBC94\n"
                        "MOV     R4, R0\n"
                        "BL      sub_FFB91140\n"
                        "LDR     R3, [R6]\n"
                        "CMP     R3, R4\n"
                        "BNE     loc_FFB8F2DC\n"
                        "LDR     R5, =0xBBC40\n"
                        "LDR     R3, [R5]\n"
                        "CMP     R3, #1\n"
                        "BNE     loc_FFB8F2FC\n"
                        "B       loc_FFB8F2E0\n"
                        "LDR     R5, =0xBBC40\n"
                        "LDR     R2, =0xBBCD8\n"
                        "MOV     R0, R4\n"
                        "MOV     LR, PC\n"
                        "LDR     PC, [R2]\n"
                        "MOV     R3, #0\n"
                        "STR     R3, [R5]\n"
                        "STR     R4, [R6]\n"
                        "LDR     R7, =0xBBC3C\n"
                        "MOV     R3, #0\n"
                        "STR     R3, [R7]\n"
                        "ADD     SP, SP, #0x3C\n"
                        "LDMFD   SP!, {R4-R11,PC}\n"


Almost done! (With this particular file)

void __attribute__((naked,noinline)) sub_FFAFE5AC_my(){ <-- CHANGE THIS LINE, ADD "_my" TO THE END
 asm volatile(
                        "STMFD   SP!, {R4-R8,LR}\n"
                        "LDR     R12, =0x975B4\n"
                        "LDR     R4, [R12]\n"
                        "LDR     R3, =0x975BC\n"
                        "CMP     R4, #0\n"
                        "MOV     R8, R1\n"
                        "MOV     R7, R0\n"
                        "LDR     R1, [R3]\n"
                        "BEQ     loc_FFAFE5E4\n"
                        "LDR     R2, =0x975C0\n"
                        "LDR     R3, [R2]\n"
                        "CMP     R3, #1\n"
                        "BNE     loc_FFAFE5F8\n"
                        "B       loc_FFAFE5E8\n"
                        "LDR     R2, =0x975C0\n"
                        "MOV     R3, #0\n"
                        "STR     R3, [R2]\n"
                        "STR     R7, [R12]\n"
                        "B       loc_FFAFE6B0\n"
                        "LDR     R2, =0x975B8\n"
                        "LDR     R3, [R2]\n"
                        "LDR     R6, =table1\n"      // unk_FFAFE4B0 <-- CHANGE THIS
                        "ADD     R3, R3, R3,LSL#1\n"
                        "MOV     LR, R3,LSL#2\n"
                        "LDR     R2, [R6,LR]\n"
                        "LDR     R5, =table2\n"      // unk_FFAFE4D4 <-- CHANGE THIS
                        "RSB     R12, R2, R4\n"
                        "LDR     R3, [R5,LR]\n"
                        "CMP     R12, #0\n"
                        "RSB     R0, R3, R4\n"
                        "BLE     loc_FFAFE65C\n"
                        "ADD     R3, R6, #4\n"
                        "LDR     R2, [R3,LR]\n"
                        "CMP     R2, R12\n"
                        "ADDGE   R1, R1, #1\n"
                        "BGE     loc_FFAFE650\n"
                        "ADD     R3, R6, #8\n"
                        "LDR     R2, [R3,LR]\n"
                        "CMP     R2, R12\n"
                        "ADDGE   R1, R1, #2\n"
                        "ADDLT   R1, R1, #3\n"
                   // "CMP     R1, #0x16\n" <-- COMMENT OUT THIS LINE
                   // "MOVGE   R1, #0x16\n" <-- COMMENT OUT THIS LINE
                "CMP     R1, #0x1A\n"     // + <-- ADD THIS LINE
                "MOVGE   R1, #0x1A\n"     // + <-- ADD THIS LINE                        

                        "B       loc_FFAFE694\n"
                        "CMP     R0, #0\n"
                        "BGE     loc_FFAFE694\n"
                        "ADD     R3, R5, #4\n"
                        "LDR     R2, [R3,LR]\n"
                        "CMP     R2, R0\n"
                        "SUBLE   R1, R1, #1\n"
                        "BLE     loc_FFAFE68C\n"
                        "ADD     R3, R5, #8\n"
                        "LDR     R2, [R3,LR]\n"
                        "CMP     R2, R0\n"
                        "SUBLE   R1, R1, #2\n"
                        "SUBGT   R1, R1, #3\n"
                        "CMP     R1, #0\n"
                        "MOVLT   R1, #0\n"
                        "LDR     R0, =0x975BC\n"
                        "LDR     R3, [R0]\n"
                        "CMP     R1, R3\n"
                        "LDRNE   R2, =0x975C0\n"
                        "MOVNE   R3, #1\n"
                        "STRNE   R1, [R0]\n"
                        "STRNE   R3, [R2]\n"
                        "LDR     R3, =0x975BC\n"
                        "LDR     R2, =CompressionRateTable\n"      // unk_FFAFE454 <-- CHANGE THIS LINE
                        "LDR     R1, [R3]\n"
                        "LDR     R0, =0x975B4\n"
                        "LDR     R3, [R2,R1,LSL#2]\n"
                "LDR     R1, =video_mode\n"      // + <-- ADD THIS LINE
                "LDR     R1, [R1]\n"             // + <-- ADD THIS LINE
                "LDR     R1, [R1]\n"             // + <-- ADD THIS LINE
                "CMP     R1, #1\n"               // + <-- ADD THIS LINE
                "LDREQ   R1, =video_quality\n"   // + <-- ADD THIS LINE
                "LDREQ   R1, [R1]\n"             // + <-- ADD THIS LINE
                "LDREQ   R3, [R1]\n"             // + <-- ADD THIS LINE

                        "STR     R7, [R0]\n"
                        "STR     R3, [R8]\n"
                        "LDMFD   SP!, {R4-R8,PC}\n"
« Last Edit: 09 / April / 2008, 18:26:20 by TPC »


Offline TPC

  • *
  • 46
  • SD750 1.01a
Re: IXUS75/SD750 1.01a - Port (Maybe) Finished
« Reply #32 on: 09 / April / 2008, 15:11:45 »

Comments: This file was already laid out nice and neat for me, I only searched for the strings/functions and changed the corresponding values.

#include "stubs_asm.h"

// Actually found this in ShowPhySwStatus
DEF(physw_status, 0x56908) // find in "PhySw"

// Actually found this at 0xFFA3954C
DEF(physw_run, 0x88C4) // find in "PhySw"

DEF(zoom_busy, 0x96EE4) // find in "ZoomLens"
DEF(focus_busy, 0x96630) // find in "FocusLens"
DEF(playrec_mode,0xCFD8) // BL      unknown_libname_797 found in "taskcreate_SsStartupTask"
DEF(canon_menu_active,0x3850) // found in "StartRecModeMenu"
DEF(canon_shoot_menu_active,0x27FD) // (0x2800 - 0x4 + 0x1) found in "taskcreate_DSITask"
DEF(recreview_hold, 0x25E4) // (0x25E8 - 0x4) found in "AR:Snd:0x%04x"


Comments: Normally this file is short, while the stubs_entry.S file is long. However in a moment of desperation, I added every single required function to this file as a way of verifying that they were correct.

This file will require alot of work, like move_rec.c did, but you'll spend most of your time searching for addresses instead of formatting ASM code. In your case, you probably won't need to do what I did, but it does help to comb the stubs_entry files a few times to make absolutely sure that all of the addresses are correct.

I'm not going to post stubs_entry.S, as that file is generated.

#include "stubs_asm.h"

NHSTUB(AllocateMemory, 0xFF818678)
NHSTUB(AllocateUncacheableMemory, 0xFF81E5B8)
NHSTUB(Close,   0xFFAA59F0)      // aClose
NHSTUB(CreatePhysicalVram, 0xffa3026c) // Not completely verified
NHSTUB(CreateTask, 0xffb2022c)
NHSTUB(CreateTaskStrict, 0xffb212cc)
NHSTUB(DisableDispatch, 0xffb20050) // Not completely verified
NHSTUB(DisplayImagePhysicalScreen,   0xFFA2F4C8) // Near "ImgDDev.c"
NHSTUB(EnableDispatch, 0xffb200dc) // Not completely verified
NHSTUB(ExecuteEventProcedure, 0xff814a6c)
NHSTUB(ExitTask, 0xffb205ec)
NHSTUB(Fclose_Fut, 0xffaa1138)
NHSTUB(Fopen_Fut, 0xffaa10f8)
NHSTUB(Fread_Fut, 0xffaa11f4)
NHSTUB(FreeMemory,   0xFF818664)
NHSTUB(FreeUncacheableMemory, 0xff81e5ec)
NHSTUB(Fseek_Fut, 0xffaa12e8)
NHSTUB(Fwrite_Fut, 0xffaa1248)
// NHSTUB(GetCurrentAvValue, 0xffa58520)   // aGetcurrentavva
// NHSTUB(GetCurrentTargetDistance, 0xffa5e0a8)   // aGetcurrenttarg
// NHSTUB(GetFocusLensSubjectDistance, 0xFFAE09A4)   // Wrong, corrected
// NHSTUB(GetFocusLensSubjectDistanceFromLens, 0xFFAE09C8)   // Wrong, corrected
NHSTUB(GetParameterData, 0xffb45910)   // Not completely verified
NHSTUB(GetPropertyCase, 0xff81bcac)   // Verified as working
NHSTUB(GetSystemTime, 0xff813700)
NHSTUB(GetZoomLensCurrentPoint, 0xffaf18cc)
NHSTUB(GetZoomLensCurrentPosition, 0xffaf18e0)
NHSTUB(IsStrobeChargeCompleted, 0xff9ae7d4) // EF.IsChargeFull
NHSTUB(LockMainPower, 0xffb42824)
NHSTUB(MakeDirectory, 0xffaa5d20)
NHSTUB(Mount_FileSystem,   0xFFAA4D14)
NHSTUB(MoveFocusLensToDistance, 0xFFAE01B8)   // MoveFocusLensWithDistance (might be wrong), corrected
NHSTUB(MoveZoomLensWithPoint, 0xffaf17a4)
NHSTUB(Open, 0xffaa59c8)   // Not completely verified
NHSTUB(PhySw_testgpio, 0xffa3b2bc)
NHSTUB(ProtectFile, 0xffaa061c)
NHSTUB(PutInNdFilter, 0xffa5bd14)   // Not completely verified
NHSTUB(PutOutNdFilter, 0xffa5bd5c)   // Not completely verified
NHSTUB(Read,      0xFFAA5A84)   // aRead
NHSTUB(RefreshPhysicalScreen, 0xff915ffc)
NHSTUB(Remove,      0xFFAA5A10)   // Not completely verified
NHSTUB(SetAutoShutdownTime, 0xFFB42728)
NHSTUB(SetParameterData, 0xffb45830)      // Not completely verified
NHSTUB(SetPropertyCase, 0xFF81BB74)   // Wrong, corrected
NHSTUB(SleepTask, 0xffb20140)      // Not completely verified
NHSTUB(TakeSemaphore, 0xffb1fbf8)      // Not completely verified
NHSTUB(UnlockMainPower, 0xffb428bc)
NHSTUB(Unmount_FileSystem, 0xffaa4dbc)      // Not completely verified
NHSTUB(UnsetZoomForMovie, 0xff8369cc)      // Not completely verified
NHSTUB(UpdateMBROnFlash, 0xffaa4f10)      // Not completely verified
NHSTUB(VbattGet, 0xffa37158)
NHSTUB(Write,      0xFFAA5A90)

NHSTUB(_log, 0xff91d198)
NHSTUB(_log10, 0xff919f40)
NHSTUB(_pow, 0xff91a0c0)
NHSTUB(_sqrt, 0xff91bf80)
NHSTUB(chdir, 0xff927c24)
NHSTUB(close, 0xff927564)
NHSTUB(closedir, 0xffb5fa38)
NHSTUB(free,      0xFF92A5B0)
NHSTUB(ints_disable, 0xffb1e2dc)
NHSTUB(ints_enable, 0xffb1e2e8)
NHSTUB(ioctl, 0xff9276a4)
NHSTUB(iosDevAdd, 0xff928784)
NHSTUB(iosDrvInstall, 0xff928a48)
NHSTUB(iosDevFind, 0xff928710)
NHSTUB(isalpha, 0xff91eb3c)
NHSTUB(isdigit, 0xff91eb6c)
NHSTUB(islower, 0xff91eb9c)
NHSTUB(isspace, 0xff91ebe4)
NHSTUB(isupper, 0xff91ebfc)
NHSTUB(kbd_p1_f, 0xffa3964c)
NHSTUB(kbd_p1_f_cont, 0xffa39658)
NHSTUB(kbd_p2_f, 0xffa39a7c)
NHSTUB(kbd_pwr_off, 0xFFA3B230)
NHSTUB(kbd_pwr_on, 0xFFA3B1F0)
NHSTUB(localtime, 0xff9233bc)
NHSTUB(lseek, 0xff9276a8)
NHSTUB(malloc, 0xff92a5a4)
NHSTUB(memcmp, 0xff92279c)
NHSTUB(memcpy, 0xff9227d8)
NHSTUB(memset, 0xff922850)
NHSTUB(mkdir, 0xffaa5c58)
NHSTUB(open, 0xff927ba8)
NHSTUB(opendir, 0xffb5fa6c)
NHSTUB(qsort, 0xff921ffc)
NHSTUB(rand, 0xff922020)
NHSTUB(read, 0xff9275c4)
NHSTUB(readdir, 0xffb5fa04)
NHSTUB(rename, 0xff927bb0)
NHSTUB(rewinddir, 0xffb5fa2c)
NHSTUB(srand, 0xff922044)
NHSTUB(stat, 0xffb5fb00)
NHSTUB(strcat, 0xff922870)
NHSTUB(strchr, 0xff92289c)
NHSTUB(strcmp, 0xff9228c0)
NHSTUB(strcpy, 0xff922a54)
NHSTUB(strlen, 0xff922bb8)
NHSTUB(strncmp, 0xff922c1c)
NHSTUB(strncpy, 0xff922c60)
NHSTUB(strpbrk, 0xff922ca8)
NHSTUB(strrchr, 0xff922ce4)
NHSTUB(strtol, 0xff922438)
NHSTUB(taskCreateHookAdd, 0xff92d204)
NHSTUB(taskDeleteHookAdd, 0xff92d140)
NHSTUB(taskIdListGet, 0xff9346ec)
NHSTUB(taskLock, 0xff934da8)
NHSTUB(taskName, 0xff9345e4)
NHSTUB(taskResume, 0xff9349c8)
NHSTUB(taskSuspend, 0xff9347f4)
NHSTUB(taskUnlock, 0xff934e50)
NHSTUB(time, 0xff924108)
NHSTUB(utime, 0xffb5fb94)
NHSTUB(vsprintf, 0xff92630c)
NHSTUB(fprintf, 0xff91f49c)
NHSTUB(fputs, 0xff91f5bc)
NHSTUB(puts, 0xFF9208B4)   // Wrong, corrected

NHSTUB(SetZoomActuatorSpeedPercent,   0xFF9B7BA8) // null
NHSTUB(GetDrive_ClusterSize,   0xFFAA51DC)   // Wrong, corrected
NHSTUB(GetDrive_TotalClusters,   0xFFAA5218)   // Wrong, corrected
NHSTUB(GetDrive_FreeClusters,   0xFFAA5254)   // Wrong, corrected
NHSTUB(kbd_read_keys_r2,   0xFFA3ACC0)

NHSTUB(Close,      0xFFAA59F0)
NHSTUB(Mount_FileSystem,   0xFFAA4D14)
NHSTUB(AllocateMemory,   0xFF818678)
//NHSTUB(GetFreeCardSpaceKb,   0xFF9B7BA8) // null
//NHSTUB(GetTotalCardSpaceKb,   0xFF9B7BA8) // null

Whew! And that's it! Doesn't seem like much for three weeks of work. Good luck with your port guys.


Offline TPC

  • *
  • 46
  • SD750 1.01a
Re: IXUS75/SD750 1.01a - Port (Maybe) Finished
« Reply #33 on: 09 / April / 2008, 15:12:20 »
Also, here's a link to my trunk source, could someone review it and possibly add it to the repository?

zSHARE - trunk.zip

Re: IXUS75/SD750 1.01a - Port (Maybe) Finished
« Reply #34 on: 09 / April / 2008, 22:48:21 »
Thanks for this. I've already done most of what you've done. I'm on the last one, movie_rec.c. Dear god I thought capt_seq took forever, even though i got it done in about 45 minutes.

One question, where did you find platformid in IDA? I can't seem to locate it.

Also, the addresses in 1.02a seem to differ by just a few addresses, so it means I have to change almost EVERYTHING. Agh.


Offline TPC

  • *
  • 46
  • SD750 1.01a
Re: IXUS75/SD750 1.01a - Port (Maybe) Finished
« Reply #35 on: 10 / April / 2008, 00:41:53 »
The platform ID number came from the camera information screen. Add vers.req to your SD card, start the camera in play mode, and then hit "FUNCSET" and "DISP" at the same time. You'll get a "PID" number on that screen - it's in hex though, you'll have to convert it to decimal (Windows Calc).

Keep at it, and don't get discouraged if you make all those changes and then get the black screen of death (or the camera just bursts into flames).
« Last Edit: 10 / April / 2008, 00:45:43 by TPC »

Re: IXUS75/SD750 1.01a - Port (Maybe) Finished
« Reply #36 on: 10 / April / 2008, 07:45:45 »
Holy [admin: avoid swearing please] I'm finally done with movie_rec.c. I found the platform ID, same as yours. Thanks for that info.

Now I just have to wade through the stubs entries and I might be okay.

Latest test: Camera reboots still, but no CHDK.

Re: IXUS75/SD750 1.01a - Port (Maybe) Finished
« Reply #37 on: 10 / April / 2008, 12:57:20 »
Same here with my sd450, somacore.  I've checked and double checked everything.  I'm not getting discouraged because of a black screen of death, but because nothing changes!


Offline stalker

  • *
  • 5
  • DaPIMP
Re: IXUS75/SD750 1.01a - Port (Maybe) Finished
« Reply #38 on: 11 / April / 2008, 10:06:19 »
Hi, I'm new!
I've uploaded the latest "working" CHDK into my Cam. It asked me if i want to change my firmware v from to    does it mean, its going to change the original cameras firmware? also i couldnt find a way to get my firmware V. like 1.02A or B,   the cam showed code only. I have a US version, got from BestBuy.
Sorry for my English if smth wrong!
Canon SD 750


Offline whim

  • ******
  • 2041
  • A495/590/620/630 ixus70/115/220/230/300/870 S95
Re: IXUS75/SD750 1.01a - Port (Maybe) Finished
« Reply #39 on: 11 / April / 2008, 10:51:15 »

Welcome to the forum.

Go here and your questions should be answered: FAQ - CHDK Wiki
There's plenty more useful info on that site as well

A couple more tips:
- for general questions, goto Using CHDK -> Releases, you are now at:
   CHDK Development -> General Discussion and Assistance (this is the developers area)

also, never just say 'my cam', how do you want other users to know what you're talking about ?
Many users add their cam's name to their Profile, which makes it show up to the left of any post
you're making (or at the bottom if you use the 'signature' for it)

good luck and have fun,

« Last Edit: 11 / April / 2008, 10:55:52 by whim »


Related Topics