Firmware (asm) calls from bootdisk.bin (c), how? - Firmware Dumping - CHDK Forum

Firmware (asm) calls from bootdisk.bin (c), how?

  • 5 Replies
  • 4337 Views
*

Offline jeff666

  • ****
  • 181
  • A720IS
Firmware (asm) calls from bootdisk.bin (c), how?
« on: 27 / November / 2007, 08:12:31 »
Advertisements
I have some trouble understanding what to include in the bootdisk-program that allows me to jump to a firmware-function.

In GrAnd's example of a universal dumper there are following lines (not consecutive):

Code: [Select]
typedef int (*f_open)(const char *name, int flags, int mode);
f_open open;
open  = (f_open) func_list[0].ptr;
f = open("A/FREAD.TXT",O_RDONLY, 0777);

Is this supposed to work? What are the conventions for passing arguments to/from a function?

Is the first argument always assigned to R0?
Is an immediate value (i.e. not a pointer) passed in the Register and only (c-)pointers are given as (asm-)pointers?
What about the return value?

Cheers.

*

Offline GrAnd

  • ****
  • 916
  • [A610, S3IS]
    • CHDK
Re: Firmware (asm) calls from bootdisk.bin (c), how?
« Reply #1 on: 27 / November / 2007, 09:11:34 »
Canon firmware (and VxWorks) uses standard C-notation for passing of arguments and getting the result. The gcc does all work for me and I do not bother about it. It works, trust me. :)
CHDK Developer.

*

Offline jeff666

  • ****
  • 181
  • A720IS
Re: Firmware (asm) calls from bootdisk.bin (c), how?
« Reply #2 on: 28 / November / 2007, 07:18:37 »
It works, trust me. :)

It really seems to work. I just noticed some irregularity with strings.

I wrote a program which calls some of the init-functions of the DryOS-Firmware. They return integer values to indicate success or failure and two of them take a string which might be a filename ("/_term").

I load the code into IDA (to the firmware) and noticed that the string points to the wrong address. It didn't make any difference if I wrote

Code: [Select]
char *filename = "/_term";
termDeviceCreate(filename);
or just
Code: [Select]
termDeviceCreate("/_term");

I eventually solved the problem by writing
Code: [Select]
char *filename = (char*) <address_of_string_in_firmware>;
termDeviceCreate(filename);

The function still failed, but that's another problem.

Cheers.

*

Offline GrAnd

  • ****
  • 916
  • [A610, S3IS]
    • CHDK
Re: Firmware (asm) calls from bootdisk.bin (c), how?
« Reply #3 on: 28 / November / 2007, 08:07:09 »
I load the code into IDA (to the firmware) and noticed that the string points to the wrong address.

Did you load it with the same base address as for camera? 0x1900, AFAIR.
CHDK Developer.


*

kangxn

Re: Firmware (asm) calls from bootdisk.bin (c), how?
« Reply #4 on: 28 / November / 2007, 08:09:28 »
It works, trust me. :)

It really seems to work. I just noticed some irregularity with strings.

I wrote a program which calls some of the init-functions of the DryOS-Firmware. They return integer values to indicate success or failure and two of them take a string which might be a filename ("/_term").

I load the code into IDA (to the firmware) and noticed that the string points to the wrong address. It didn't make any difference if I wrote

Code: [Select]
char *filename = "/_term";
termDeviceCreate(filename);
or just
Code: [Select]
termDeviceCreate("/_term");

I eventually solved the problem by writing
Code: [Select]
char *filename = (char*) <address_of_string_in_firmware>;
termDeviceCreate(filename);

The function still failed, but that's another problem.

Cheers.


This looks like a linking issue. Have you specified the base address for linking? 

*

Offline jeff666

  • ****
  • 181
  • A720IS
Re: Firmware (asm) calls from bootdisk.bin (c), how?
« Reply #5 on: 28 / November / 2007, 09:30:27 »
Did you load it with the same base address as for camera? 0x1900, AFAIR.

You're right. That was the mistake.

I read ".org 0" in entry.S and load the code to 0x00 in IDA.
The Makefile does indeed state 1900 (no hex-prefix, though). I'll look at the program again using the correct offset.

 

Related Topics