API tools faq
paste
Guest User

Untitled

a guest
Apr 26th, 2018
76
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.28 KB | None | 0 0
raw download clone embed print report
  1. #include "lolevel.h"
  2. #include "platform.h"
  3. #include "core.h"
  4.  
  5. const char * const new_sa = &_end;
  6.  
  7. /* Ours stuff */
  8. extern long wrs_kernel_bss_start;
  9. extern long wrs_kernel_bss_end;
  10.  
  11. // Forward declarations
  12. void CreateTask_PhySw();
  13. void CreateTask_spytask();
  14.  
  15. void boot();
  16.  
  17. void boot() { //#fs
  18. long *canon_data_src = (void*)0xFFE88E20; //found just before "romdata start" string
  19. long *canon_data_dst = (void*)0x1900;
  20. long canon_data_len = 0xBA68 - 0x1900; // data_end - data_start (found between "romdata start" and "romdata end")
  21. long *canon_bss_start = (void*)0xBA68; // just after data
  22. long canon_bss_len = 0x102438 - 0xBA68; // found just before "heap start"
  23.  
  24. long i;
  25.  
  26. // Code taken from VxWorks CHDK. Changes CPU speed?
  27. // asm volatile (
  28. // "MRC p15, 0, R0,c1,c0\n"
  29. // "ORR R0, R0, #0x1000\n"
  30. // "ORR R0, R0, #4\n"
  31. // "ORR R0, R0, #1\n"
  32. // "MCR p15, 0, R0,c1,c0\n"
  33. //:::"r0");
  34.  
  35. for(i=0;i<canon_data_len/4;i++)
  36. canon_data_dst[i]=canon_data_src[i];
  37.  
  38. for(i=0;i<canon_bss_len/4;i++)
  39. canon_bss_start[i]=0;
  40.  
  41. /* asm volatile (
  42. "MRC p15, 0, R0,c1,c0\n"
  43. "ORR R0, R0, #0x1000\n"
  44. "BIC R0, R0, #4\n"
  45. "ORR R0, R0, #1\n"
  46. "MCR p15, 0, R0,c1,c0\n"
  47. :::"r0");
  48. */
  49. asm volatile ("B sub_FFC001a4_my\n"); //CALLING sub_FFC001a4_my (got)
  50. }; //#fe
  51.  
  52.  
  53. // init
  54. void __attribute__((naked,noinline)) sub_FFC001a4_my() { //#fs
  55. asm volatile (
  56. "LDR R0, =0xFFC0021C\n"
  57. "MOV R1, #0\n"
  58. "LDR R3, =0xFFC00254\n"
  59. "loc_FFC001B0:\n"
  60. "CMP R0, R3\n"
  61. "LDRCC R2, [R0],#4\n"
  62. "STRCC R2, [R1],#4\n"
  63. "BCC loc_FFC001B0\n"
  64. "LDR R0, =0xFFC00254\n"
  65. "MOV R1, #0x4B0\n"
  66. "LDR R3, =0xFFC00468\n"
  67. "loc_FFC001CC:\n"
  68. "CMP R0, R3\n"
  69. "LDRCC R2, [R0],#4\n"
  70. "STRCC R2, [R1],#4\n"
  71. "BCC loc_FFC001CC\n"
  72. "MOV R0, #0xD2\n"
  73. "MSR CPSR_cxsf, R0\n"
  74. "MOV SP, #0x1000\n"
  75. "MOV R0, #0xD3\n"
  76. "MSR CPSR_cxsf, R0\n"
  77. "MOV SP, #0x1000\n"
  78. "LDR R0, =0xFFC00210\n"
  79. "LDR R2, =0xEEEEEEEE\n"
  80. "MOV R3, #0x1000\n"
  81. "loc_FFC00200:\n"
  82. "CMP R0, R3\n"
  83. "STRCC R2, [R0],#4\n"
  84. "BCC loc_FFC00200\n"
  85. //"BL sub_FFC00FC8\n"
  86. "BL sub_FFC00FC8_my\n" //CALLING sub_FFC00FC8_my (got)
  87. );
  88. } //#fe
  89.  
  90. void __attribute__((naked,noinline)) sub_FFC00FC8_my() {//#fs
  91. asm volatile (
  92. "STR LR, [SP,#-4]!\n"
  93. "SUB SP, SP, #0x74\n"
  94. "MOV R0, SP\n"
  95. "MOV R1, #0x74\n"
  96. "BL sub_FFE315E8\n" //CALLING sub_FFE315E8 (not got, in a470 it does not get this)
  97. "MOV R0, #0x53000\n"
  98. "STR R0, [SP,#0x74-0x70]\n"
  99. // "LDR R0, =0x102438\n"
  100. "LDR R0, =new_sa\n"
  101. "LDR R2, =0x279C00\n"
  102. "LDR R1, =0x2724A8\n"
  103. "STR R0, [SP,#0x74-0x6C]\n"
  104. "SUB R0, R1, R0\n"
  105. "ADD R3, SP, #0x74-0x68\n"
  106. "STR R2, [SP,#0x74-0x74]\n"
  107. "STMIA R3, {R0-R2}\n"
  108. "MOV R0, #0x22\n"
  109. "STR R0, [SP,#0x74-0x5C]\n"
  110. "MOV R0, #0x68\n"
  111. "STR R0, [SP,#0x74-0x58]\n"
  112. "LDR R0, =0x19B\n"
  113. "LDR R1, =sub_FFC04D3C_my\n" // According to A470, this is "uHwSetup"
  114. "STR R0, [SP,#0x74-0x54]\n"
  115. "MOV R0, #0x96\n"
  116. "STR R0, [SP,#0x74-0x50]\n"
  117. "MOV R0, #0x78\n"
  118. "STR R0, [SP,#0x74-0x4C]\n"
  119. "MOV R0, #0x64\n"
  120. "STR R0, [SP,#0x74-0x48]\n"
  121. "MOV R0, #0\n"
  122. "STR R0, [SP,#0x74-0x44]\n"
  123. "STR R0, [SP,#0x74-0x40]\n"
  124. "MOV R0, #0x10\n"
  125. "STR R0, [SP,#0x74-0x18]\n"
  126. "MOV R0, #0x800\n"
  127. "STR R0, [SP,#0x74-0x14]\n"
  128. "MOV R0, #0xA0\n"
  129. "STR R0, [SP,#0x74-0x10]\n"
  130. "MOV R0, #0x280\n"
  131. "STR R0, [SP,#0x74-0x0C]\n"
  132. "MOV R0, SP\n"
  133. "MOV R2, #0\n"
  134. "BL sub_FFC02D6C\n" //CALLING sub_FFC02D6C
  135. "ADD SP, SP, #0x74\n"
  136. "LDR PC, [SP],#4\n"
  137. );
  138. } //#fe
  139.  
  140. void __attribute__((naked,noinline)) sub_FFC04D3C_my ()
  141. {
  142. asm volatile(
  143. "STMFD SP!, {R4,LR}\n"
  144. "BL sub_FFC00958\n" // CALLING sub_FFC00958
  145. "BL sub_FFC097EC\n" // CALLING dmSetup/sub_FFC097EC
  146. "CMP R0, #0\n"
  147. //"ADRLT R0, aDmsetup\n" // "dmSetup"
  148. // According to S5IS, all ADRLT changes to LDRLT. Why?
  149. // It also happens on a470
  150. // it also seems necessary to change all names to original address
  151. "LDRLT R0, =0xFFC04E50\n"
  152. //"BLLT err_init_task\n"
  153. "BLLT sub_FFC04E30\n" //err_init_task
  154. "BL sub_FFC04978\n" //termDriverInit?? (according to S5IS)
  155. "CMP R0, #0\n"
  156. //"ADRLT R0, aTermdriverinit\n" // "termDriverInit"
  157. "LDRLT R0, =0xFFC04E58\n"
  158. "BLLT sub_FFC04E30\n" // err_init_task
  159. //"ADR R0, a_term\n" // "/_term"
  160. "LDR R0, 0xFFC04E68\n"
  161. "BL sub_FFC04A60\n" // termDeviceCreate
  162. "CMP R0, #0\n"
  163. //"ADRLT R0, aTermdevicecrea\n" // "termDeviceCreate"
  164. "LDRLT R0, =0xFFC04E70\n" // "termDeviceCreate"
  165. "BLLT sub_FFC04E30\n" // err_init_task
  166. "LDR R0, 0xFFC04E68\n"
  167. "BL sub_FFC0357C\n" // stdioSetup
  168. "CMP R0, #0\n"
  169. //"ADRLT R0, aStdiosetup\n" //"stdioSetup"
  170. "LDRLT R0, =0xFFC04E84\n"
  171. "BLLT sub_FFC04E30\n" // err_init_task
  172. "BL sub_FFC09304\n" // stdlibsetup?? (according to S5IS)
  173. "CMP R0, #0\n"
  174. //"ADRLT R0, aStdlibsetup\n" // "stdlibSetup"
  175. "LDRLT R0, =0xFFC04E90\n"
  176. "BLLT sub_FFC04E30\n" //err_init_task
  177. "BL sub_FFC014AC\n" //armlib_setup
  178. "CMP R0, #0\n"
  179. //"ADRLT R0, aArmlib_setup\n" // "armlib_setup"
  180. "LDRLT R0, =0xFFC04E9C\n" // "armlib_setup"
  181. "BLLT sub_FFC04E30\n" //err_init_task
  182. "LDMFD SP!, {R4,LR}\n"
  183. //"B taskcreate_Startup\n"
  184. "B sub_FFC0CE70_my\n" //taskcreate_Startup
  185. );
  186. }
  187.  
  188. void __attribute__((naked,noinline)) sub_FFC0CE70_my()
  189. {
  190. asm volatile (
  191. "STMFD SP!, {R3,LR}\n"
  192. "BL sub_FFC17F38\n"
  193. "CMP R0, #0\n"
  194. "BNE loc_FFC0CEA0\n"
  195. "BL sub_FFC11104\n"
  196. "CMP R0, #0\n"
  197. "BNE loc_FFC0CEA0\n"
  198. "LDR R1, =0xC0220000\n"
  199. "MOV R0, #0x44\n"
  200. "STR R0, [R1,#0x20]\n"
  201.  
  202. "loc_FFC0CE9C:\n"
  203. "B loc_FFC0CE9C\n"
  204.  
  205. "loc_FFC0CEA0:\n"
  206. "BL sub_FFC11110\n"
  207. "BL sub_FFC163F0\n"
  208. "LDR R1, =0x2CE000\n"
  209. "MOV R0, #0\n"
  210. "BL sub_FFC16638\n"
  211. "BL sub_FFC165E4\n"
  212. "MOV R3, #0\n"
  213. "STR R3, [SP,#8-8]\n"
  214. // "ADR R3, task_Startup\n"
  215. "LDR R3, =sub_FFC0CE14_my\n"
  216. "MOV R2, #0\n"
  217. "MOV R1, #0x19\n"
  218. // "ADR R0, aStartup\n"// ; "Startup"
  219. "LDR R0, =0xFFC0CEE8\n"
  220. "BL sub_FFC0B9C4\n" //createTask
  221. "MOV R0, #0\n"
  222. "LDMFD SP!, {R12,PC}\n"
  223.  
  224. );
  225. }
  226.  
  227. void __attribute__((naked,noinline)) sub_FFC0CE14_my()
  228. {
  229. asm volatile(
  230. );
  231. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!