Author Topic: Canon EOS 1300D / Rebel T6  (Read 5925 times)

a1ex

  • Administrator
  • Hero Member
  • *****
  • Posts: 9742
  • 5D Mark Free
Re: Canon EOS 1300D / Rebel T6
« Reply #50 on: April 26, 2017, 06:06:48 PM »
[...] the code at F80C00DC is [...]

... is data, not code ;)

edit: committed the initial QEMU code for 1300D (no more need to monkey-patch the ROM with model ID) and also added an option that may help solving your puzzle (see these examples)

(actually I want the memory tracing for other purposes, such as catching non-obvious, but potentially dangerous bugs; here it just happened to be helpful)

adamnock

  • New to the forum
  • *
  • Posts: 30
Re: Canon EOS 1300D / Rebel T6
« Reply #51 on: Yesterday at 01:32:36 AM »
Alrighty then.
yes the memory trace seems like a very very handy feature.

Ill get started on it again this weekend!

Thanks for the heads up on the qemu updates :)

adamnock

  • New to the forum
  • *
  • Posts: 30
Re: Canon EOS 1300D / Rebel T6
« Reply #52 on: Yesterday at 09:39:36 AM »
OK im a little confused....again

Ive got what i believe is most of the startup stubs identified, and compiled ML as such.
However, when booting with ML, which qemu is finding autoexec.bin off the SD card and booting it, i drop to the FROMUTILITY every time, without hitting any of the stub locations. Even if they were wrong, I believe I should see a jump to the location as ML tried to call those functions.

So, have I missed a step?
All I can see from searching around the forum is that the FROMUTILITY should be a option from a boot flag, but the output suggests 1 is the correct flag to boot autoexec.bin. Hence I can only assume its not loading?

Code: [Select]
SD LOAD OK.
Open file for read : AUTOEXEC.BIN
File size : 0x3AFC0
Now jump to AUTOEXEC.BIN!!

************ FROMUTILITY MENU Ver 0.11 ************
[Type:404 Body:DC Rev:0.00 MID:0x88(Error)]
0.Factory Menu
1.Erase Sector Select
2.Erase Block Select
3.Erase Chip
4.Write from card
5.Write from DRAM
6.Firm   flag 0xF8000000 0x00000000 ON
7.Boot   flag 0xF8000004 0xFFFFFFFF ON
8.UpDate flag 0xF800000C 0xFFFFFFFF OFF
9.Create Boot Disk
A.Exec Program from SD
C.Connect card
D.SROM 4Byte Mode ON
G.Memory Dump
I.Write Data
J.Direct Jump
U.Firm update
Z.RCBIND.BIN update
>>

a1ex

  • Administrator
  • Hero Member
  • *****
  • Posts: 9742
  • 5D Mark Free
Re: Canon EOS 1300D / Rebel T6
« Reply #53 on: Yesterday at 11:42:51 AM »
It's probably returning or jumping to some wrong address. An execution trace that covers only autoexec.bin (right after the "now jump to" message) should give more clues.