A2400 porting thread - DryOS Development - CHDK Forum
« previous next »
Pages: [1] 2 3 4 5 6 ... 10   Go Down

A2400 porting thread

  • 96 Replies
  • 25393 Views
*

Offline madleech

  • *
  • 10
A2400 porting thread
« on: 01 / March / 2013, 21:23:07 »
Advertisements
Bought this camera a few days ago, have started porting CHDK to it. Based off the A2300 & A3400 port. Using IDA and OS X. First time porting, long time since I've done any ASM.

Camera info:
   DRYOS R50 (DRYOS version 2.3, release #0050)
   Firmware Ver GM1.00D
   Canon PowerShot A2400 IS
   PLATFORMID=12873
   MEMBASEADDR=0x1900
   EXMEM_HEAP_SKIP=0x2DB400
   MEMISOSTART=0x158080

Firmware dump: http://www.sendspace.com/file/mzdvy3

Loader: runs
boot(): runs
First jump after boot(): runs. Power button detection appears to be at 0x24B0 not 0x24B8 like its siblings (a810,a2300,etc)
Second jump after boot(): runs.
Third jump after boot(): function does not appear to run.

Adding some inline ASM to turn on the LED, I see that it bails out in this function:
Code: [Select]
void __attribute__((naked,noinline)) sub_FF8111D8_my(  ) {
asm volatile (
      "STR     LR, [SP, #-4]! \n"
      ...
      "STR     R0, [SP, #4] \n"
#if defined(OPT_CHDK_IN_EXMEM)
      "LDR     R0, =0x158080 \n"      // MEMISOSTART: Use original heap offset since CHDK is loaded in high memory
#else
      "LDR     R0, =new_sa\n"     //otherwise use patched value
      "LDR     R0, [R0]\n"
#endif
      ....
      "STR     R0, [SP, #0x68] \n" // execution reaches here
    //"LDR     R1, =sub_FF814288 \n"  //original
      "LDR     R1, =sub_FF814288_my \n" //patched
      "MOV     R2, #0 \n"
      "MOV     R0, SP \n" // this runs
      "BL      sub_003F2778 \n" //RAM
      "ADD     SP, SP, #0x74 \n" // this doesn't
      "LDR     PC, [SP], #4 \n"
);
}
If I'm reading my ASM right, at the end of sub_FF8111D8_my it loads R1 with address of sub_FF814288_my, sets up a couple of arguments, then jumps into RAM. Adding the LED ASM to the start of sub_FF814288_my shows that it never gets there. What does the BL to RAM do?

I saw that stubs_auto.S didn't have an entry for FF814288, however I regenerated this file and compiled again and still no joy.

Does anyone have any pointers or suggestions of where I'm going wrong? a2300/100e and a2400/100d are pretty close matches and very few addresses have changed in the code executed up to this point, so I'm a bit stumped why it does execute.

Thanks for any assistance,
--Michael
Logged
*

Offline reyalp

  • ******
  • 13393
Re: A2400 porting thread
« Reply #1 on: 01 / March / 2013, 22:50:54 »
Quote
If I'm reading my ASM right, at the end of sub_FF8111D8_my it loads R1 with address of sub_FF814288_my, sets up a couple of arguments, then jumps into RAM. Adding the LED ASM to the start of sub_FF814288_my shows that it never gets there. What does the BL to RAM do?
Recent dryos versions (>=50)  copy some kernel code to RAM. We don't know why. The call to sub_003F2778 is never expected to return, it's starting up the OS. The epilogue on that function is may just be a byproduct of canon's compiler. It should end up calling your sub_FF814288_my at some point.

edit:
If you want more 'real time' assistance, you can sometimes find some of us in the irc channel, #chdk on freenode
Logged
Don't forget what the H stands for.
*

Offline madleech

  • *
  • 10
Re: A2400 porting thread
« Reply #2 on: 01 / March / 2013, 23:55:09 »
Quote from: reyalp on 01 / March / 2013, 22:50:54
Recent dryos versions (>=50)  copy some kernel code to RAM. We don't know why. The call to sub_003F2778 is never expected to return, it's starting up the OS.

Ahh, thanks, that makes more sense then. Went back and double checked the path-to-RAM, found a typo. Getting further now, crashing somewhere between CreateTask_spytask and StartFactoryModeController in the task_Startup_my method. Time for some more LED flashing...
Logged
*

Offline nafraf

  • *****
  • 1308
Re: A2400 porting thread
« Reply #3 on: 02 / March / 2013, 05:02:00 »
a2400 has IS, for capt_seq.c porting it would be better to use A3400IS or A4000IS as reference.
Those models are in alpha, there are some features that were not fully tested.

You can use chdk-pt for porting a2400, you can obtain address file from a3400 101b:

capt_seq.c
Code: [Select]
capt_seq_task 0xFF872424 225
sub_FF968D38_my 0xFF968D38 50
sub_FFA87D48_my 0xFFA87D48 145
exp_drv_task 0xFF8B1AD0 467
sub_FF8AE740_my 0xFF8AE740 54
sub_FF89E38C_my 0xFF89E38C 28

movie_rec.c
Code: [Select]
movie_record_task 0xFF9632F4 107
sub_FF9562C2C_my 0xFF962CB8 442
I know that chdk-pt is recommended to port a new firmware version of the same camera, but in some cases it works to port a new model using a similar camera as reference :)
« Last Edit: 02 / March / 2013, 05:05:42 by nafraf »
Logged
*

Offline madleech

  • *
  • 10
Re: A2400 porting thread
« Reply #4 on: 02 / March / 2013, 17:28:59 »
Alright, booting and taking photos now :) Working ultra-alpha port is available at: http://www.sendspace.com/file/x1r7r8

Quote from: nafraf on 02 / March / 2013, 05:02:00
a2400 has IS, for capt_seq.c porting it would be better to use A3400IS or A4000IS as reference.
Those models are in alpha, there are some features that were not fully tested.

Yeah that was my thinking too, they seem a pretty good match.

So far:
  • Menus work
  • RAW doesn't
  • Movie mode doesn't

And the reason why my code kept crashing in odd places and I couldn't boot past the battery task in task_Startup_my? Ha, extremely flat battery. Lol.
Logged
*

Offline madleech

  • *
  • 10
Re: A2400 porting thread
« Reply #5 on: 02 / March / 2013, 19:50:40 »
Ok...
* Camera works
* RAW works, DNG files are readable
* Movie mode works, including quality overrides and optical zoom

Had a bit of a play around in menus, everything seems to work, no crashes so far.

Working DISKBOOT.BIN: http://www.sendspace.com/file/9rkzun

So now that I have a working port, what next???
Logged
*

Offline reyalp

  • ******
  • 13393
Re: A2400 porting thread
« Reply #6 on: 02 / March / 2013, 20:00:23 »
Quote from: madleech on 02 / March / 2013, 19:50:40
Ok...
* Camera works
* RAW works, DNG files are readable
* Movie mode works, including quality overrides and optical zoom

Had a bit of a play around in menus, everything seems to work, no crashes so far.

Working DISKBOOT.BIN: http://www.sendspace.com/file/9rkzun

So now that I have a working port, what next???
Nice work.

If you haven't already, you can try the test scripts listed in http://chdk.wikia.com/wiki/Testing

If you think it's ready to be included in svn, you can create a patch and post it in  http://chdk.setepontos.com/index.php?topic=650.1020

We can add it as an alpha or beta in the autobuild, or just add the source and leave it disabled.


Logged
Don't forget what the H stands for.
*

Offline nafraf

  • *****
  • 1308
Re: A2400 porting thread
« Reply #7 on: 02 / March / 2013, 20:11:43 »
@madleech
Some other suggestions:
* Are you using custom palette? check CHDK colors in PLAY and REC mode.
* Motion detection test?
* Did you test chdk + chdkptp liveview?  8)

Logged
*

Offline fe50

  • ******
  • 3132
  • IXUS50 & 860, SX10 Star WARs-Star RAWs
    • fe50
Re: A2400 porting thread
« Reply #8 on: 03 / March / 2013, 15:06:48 »
Quote from: fe50 on 03 / March / 2013, 15:06:03
Added the
  • A2400 1.00D
full 8MB dump (dumped with cBasic udumper) by madleech from this forum post to the CHDK P&S FW dumps repository.
Logged
*

Offline larrycafe

  • *
  • 49
Re: A2400 porting thread
« Reply #9 on: 12 / March / 2013, 09:05:30 »
Hi, I just bought an A2400

However, cannot make the ver.req or vers.req to work.

And I can only see a diskboot.bin download here, any other file I should download in order to make it work?

I used EOScard to make my SD card bootable already.

thank a lots for your help

Larrycafe
Logged
Pages: [1] 2 3 4 5 6 ... 10   Go Up
« previous next »
 

Related Topics