There is also a stub testing routine under Debug menu, and running it is always a good idea. Once you have guessed a stub, put it in ML's stubs file (platform/camera.version/stubs.S), look it up in ML code to see where it's used (so you know what exactly to test), compile and test it out. if the code calls a ROM function from a RAM one, and you look at the ROM copy of the caller, you are screwed (I'll let you do the math for this one) if the code calls a RAM function from a ROM function, and you look at the caller code (the ROM function), you will see BL ram_address if the code calls a RAM function from another RAM function, and you look at the ROM copy of the caller, you will see BL rom_address So, you will find many BL calls to 0x99a0, for example:Ĭode: ff0e7644: eb3c88d5 bl loc_99a0įf0e7658: e59f20e8 ldr r2, ff0e7748: (ff0e5904) **"%s : AllocateMemory(READ_ONE_PARAM)"įunction calls are usually relative to the program counter. So, if say AllocateMemory is at 0xFF9FA160 in ROM (5D3.123), its RAM copy will be at 0xFF9FA160 - RAM_OFFSET = 0xFF9FA160 - 0xFF9F07C0 = 0x99a0. This difference is called RAM_OFFSET (it's declared in stubs.S). So, there will be a difference between the address where your function may run, and the address where it's placed in the ROM. It's not a hard rule though, but it helps in many cases.Ī note about DIGIC V cameras: they copy a section from the ROM, starting from assert_0 (string "Assert: File %s, Expression %s, Line %d"), to 0x1900. Check the stub files for more cameras, and look for such similarities. For example, the offset between FIO_SeekFile and FIO_SeekSkipFile is usually 0xD0. You will need to find some functions using those structures first.Ī very useful hint: the differences between related stubs may be constant, or at least helpful to get you within the ballpark. Other stubs are not functions, but data structures. Comparing with a dump from another camera, which has these stubs, is helpful. Other stubs may not be easy to find for strings in this case, you may look for the context (other functions calling it, which are identifiable from strings). Repeat the process for other stubs, until you get comfortable with the workflow. Code: ff9fa1c0: ebffff39 bl loc_ff9f9eac this is GetSizeOfMaxRegion you are looking forįf9fa1cc: 128f20d0 addne r2, pc, #208 ff9fa2a4: (4d454d5b) *" ERROR GetSizeOfMaxRegion "įf9fa1d8: 1bfff05c blne loc_ff9f6350 this must be DebugMsg (aka DryosDebugMsg in stubs.S)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |