Messages

I have been at this for a hour or so but I cant get this damn thing to compile?

magiclantern@magiclantern-VirtualBox:~/nikfreak/magic-lantern$ make -j4 100D ROMBASEADDR=0xFF0C0000 RESTARTSTART=0x000C5300 AUTOEXEC_BASE=0x40800000 FIR_BASE=0x40800120
make -C  /home/magiclantern/nikfreak/magic-lantern/platform/100D.100
make[1]: Entering directory `/home/magiclantern/nikfreak/magic-lantern/platform/100D.100'
[ VERSION  ]   ../../platform/100D.100/version.bin
[ CPP      ]   magiclantern.lds
cc: error: unrecognized command line option '-mthumb-interwork'
[ AS       ]   entry.o
make[1]: *** [magiclantern.lds] Error 1
make[1]: *** Waiting for unfinished jobs....
../../src/entry.S: Assembler messages:
../../src/entry.S:87: Error: no such instruction: `b copy_and_restart'
make[1]: *** [entry.o] Error 1
make[1]: *** wait: No child processes.  Stop.
make: *** [100D] Error 2

I had a 16MB file that one did work correctly I was able to match up my findings with nik's and verify them as well to be correct. some of his findings
do not have labels directly in the method but they are from a bl within that method with the label so i'm guessing that I dont know exactly what im looking yet but I can see its accurate thanks.

I am going to get qemu on my debian installation and then get compiling to work get my toolchain setup correctly build the ML run the dump in qemu and start trying
to figure out where hijacking starts and see if I can figure out the process lol seems all very confusing but im sure i'll get it.

I think I know why my addresses were wrong I would guess its because I pulled it off the rom file and not via memory of a virtual machine running the dumped rom.
How would I go about finding the hijacking process what am i looking for code or function wise?

Well this is what I have so far!
you can tell all replaced functions because they do not have 0xFF in them they are 0x10 - 0x13

http://pastebin.com/eT9xy2z8

So in the case here
loc_10d6348: ; 23 refs
10d6348:    e92d40f8    push   {r3, r4, r5, r6, r7, lr}
10d634c:    e1a05000    mov   r5, r0
10d6350:    e1a06001    mov   r6, r1
10d6354:    e1a04002    mov   r4, r2
10d6358:    e1a03000    mov   r3, r0
10d635c:    e58d1000    str   r1, [sp]
10d6360:    e28f2e16    add   r2, pc, #352   ; 010d64c8: (5f495547)  *"GUI_Control:%d 0x%x"
10d6364:    e3a01003    mov   r1, #3
10d6368:    e3a00085    mov   r0, #133   ; 0x85
10d636c:    eb3cb9c0    bl   loc_2004a74

my GUI_Control address is 10d6348
I just want to make sure i'm right before I go verifying addresses and changing them

Okay I will post this,
loc_1137964: ; 2 refs
1137964:    e92d41f0    push   {r4, r5, r6, r7, r8, lr}
1137968:    e1a04000    mov   r4, r0
113796c:    e28f2f53    add   r2, pc, #332   ; 01137ac0: (74696e49)  *"InitializeBitmapDisplayDevice"

would that make the address for init dibtmap display device 113796x or 01137ac0 ?

I have decompiled the dump file and got my strings hex and dis file now im going to start finding function addresses if anyone has any information i might need to make this faster please post.

I'll go to run this later today i'll let you know how it goes thanks alex appreciate the help on getting me started with this.

Is there anyone left that have been working on this project?

I was told there is a dump of the 100D already could someone help me get that dump?

I'll start developing could someone post some helper links on how to start developing for this camera?
maybe anything i need to know that i wont find online looking for ML Development guides etc...?

I am a software engineer with a SL1 how may I help?