ok.. without the PROP_HANDLER( PROP_MVR_REC_START ) the image is booting without errors on qemu .. what should be the next steps?
Etiquette, expectations, entitlement...
@autoexec_bin | #magiclantern | Discord | Reddit | Server issues
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Show posts MenuROM1_7:FF06A570 PowerSpeakerForWAV ; CODE XREF: PowerAudioOutput+24p
ROM1_7:FF06A570 STMFD SP!, {R4,LR}
ROM1_7:FF06A574 ADR R2, aPowerspeakerforwav ; "PowerSpeakerForWAV"
ROM1_7:FF06A578 MOV R1, #3
ROM1_7:FF06A57C MOV R0, #0x14
ROM1_7:FF06A580 BL DryosDebugMsg
ROM1_7:FF06A584 LDR R4, =byte_274C
ROM1_7:FF06A588 MOV R1, #0
ROM1_7:FF06A58C LDR R0, [R4,#(dword_2780 - 0x274C)]
ROM1_7:FF06A590 BL take_semaphore
ROM1_7:FF06A594 LDR R0, =0x5507
ROM1_7:FF06A598 BL _audio_ic_write
ROM1_7:FF06A59C LDR R0, =0x4903
ROM1_7:FF06A5A0 BL _audio_ic_write
ROM1_7:FF06A5A4 MOV R0, #0x4B00
ROM1_7:FF06A5A8 BL _audio_ic_write
ROM1_7:FF06A5AC LDR R0, =0x2713
ROM1_7:FF06A5B0 BL _audio_ic_write
ROM1_7:FF06A5B4 LDR R0, =0x271F
ROM1_7:FF06A5B8 BL _audio_ic_write
ROM1_7:FF06A5BC LDR R0, =0x4901
ROM1_7:FF06A5C0 BL _audio_ic_write
ROM1_7:FF06A5C4 ADD R0, R4, #0x58
ROM1_7:FF06A5C8 LDRB R0, [R0,#(byte_2A4F - 0x27A4)]
ROM1_7:FF06A5CC ORR R0, R0, #0x6B00
ROM1_7:FF06A5D0 BL _audio_ic_write
ROM1_7:FF06A5D4 LDR R0, [R4,#(dword_2780 - 0x274C)]
ROM1_7:FF06A5D8 LDMFD SP!, {R4,LR}
ROM1_7:FF06A5DC B give_semaphore
ROM1_7:FF06A5DC ; End of function PowerSpeakerForWAV
ROM1:FE11CE60 PowerSpeakerForWAV ; CODE XREF: sub_FE11D1CC:loc_FE11D21Cp
ROM1:FE11CE60 ; SelectOutCheckFOut+68p
ROM1:FE11CE60 STMFD SP!, {R4,LR}
ROM1:FE11CE64 ADR R2, aPowerspeakerforwav ; "PowerSpeakerForWAV"
ROM1:FE11CE68 MOV R1, #3
ROM1:FE11CE6C MOV R0, #0x14
ROM1:FE11CE70 BL DryosDebugMsg
ROM1:FE11CE74 LDR R4, =unk_31B5C
ROM1:FE11CE78 MOV R1, #0
ROM1:FE11CE7C LDR R0, [R4,#(unk_31BA4 - 0x31B5C)]
ROM1:FE11CE80 BL takeSemaphore_ram
ROM1:FE11CE84 LDR R0, =unk_FE8CAC8C
ROM1:FE11CE88 BL sub_FE2B36D4
ROM1:FE11CE8C LDR R0, [R4,#(unk_31B74 - 0x31B5C)]
ROM1:FE11CE90 CMP R0, #0
ROM1:FE11CE94 BNE loc_FE11CEB0
ROM1:FE11CE98 LDRB R1, [R4,#(unk_31B61 - 0x31B5C)]
ROM1:FE11CE9C LDR R0, =unk_FE8CACC8
ROM1:FE11CEA0 BL sub_FE2B3A18
ROM1:FE11CEA4 LDRB R1, [R4,#(unk_31B61 - 0x31B5C)]
ROM1:FE11CEA8 LDR R0, =unk_FE8CAD20
ROM1:FE11CEAC BL sub_FE2B3A18
ROM1:FE11CEB0
ROM1:FE11CEB0 loc_FE11CEB0 ; CODE XREF: PowerSpeakerForWAV+34j
ROM1:FE11CEB0 MOV R0, #1
ROM1:FE11CEB4 STR R0, [R4,#0x2C]
ROM1:FE11CEB8 LDR R0, [R4,#0x48]
ROM1:FE11CEBC LDMFD SP!, {R4,LR}
ROM1:FE11CEC0 B giveSemaphore_ram
ROM1:FE11CEC0 ; End of function PowerSpeakerForWAV
stefan@morbo-3: ~/Develop/qemu% ./run_canon_fw.sh 1300D,firmware="boot=0" -d debugmsg |& grep SerialCommand_Send
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x1080000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x3960000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x5000000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x7000000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x9030000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0xb050000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0xf080000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x21010000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0xff001b58]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x21020000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0xff001b58]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x3960000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x5000000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x7000000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x9030000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0xb050000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0xf080000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0xd010000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0xd030000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0xd070000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0xd0f0000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x55080000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x3b160000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x27130000]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0xff004e20]
[ Startup:fe2b3724 ] (14:03) SerialCommand_Send[0x271f0000]
[ AudioCtrl:fe2b3724 ] (14:03) SerialCommand_Send[0x3b160000]
stefan@morbo-3: ~/Develop/qemu% ./run_canon_fw.sh 600D,firmware="boot=0" -d debugmsg |& grep 'Reg('
[ Startup:ff06a16c ] (14:03) Reg(0x0D) Data(0x0001)
[ Startup:ff06a16c ] (14:03) Reg(0x0F) Data(0x0000)
[ Startup:ff06a16c ] (14:03) Reg(0x01) Data(0x0008)
[ Startup:ff06a16c ] (14:03) Reg(0x01) Data(0x0008)
[ Startup:ff06a16c ] (14:03) Reg(0x03) Data(0x0096)
[ Startup:ff06a16c ] (14:03) Reg(0x05) Data(0x0000)
[ Startup:ff06a16c ] (14:03) Reg(0x07) Data(0x0000)
[ Startup:ff06a16c ] (14:03) Reg(0x09) Data(0x0003)
[ Startup:ff06a16c ] (14:03) Reg(0x0B) Data(0x0005)
[ Startup:ff06a16c ] (14:03) Reg(0x0F) Data(0x0004)
[ Startup:ff06a16c ] (14:03) Reg(0x0D) Data(0x0003)
[ Startup:ff06a16c ] (14:03) Reg(0x0D) Data(0x000f)
[ Startup:ff06a16c ] (14:03) Reg(0x61) Data(0x000b)
[ Startup:ff06a16c ] (14:03) Reg(0x63) Data(0x000b)
[ Startup:ff06a16c ] (14:03) Reg(0x65) Data(0x0000)
[ Startup:ff06a16c ] (14:03) Reg(0xB1) Data(0x0001)
[ Startup:ff06a16c ] (14:03) Reg(0xB3) Data(0x0008)
[ Startup:ff06a16c ] (14:03) Reg(0xB5) Data(0x0008)
[ Startup:ff06a16c ] (14:03) Reg(0xB7) Data(0x0000)
[ Startup:ff06a16c ] (14:03) Reg(0xB9) Data(0x000b)
[ Startup:ff06a16c ] (14:03) Reg(0xBB) Data(0x0070)
[ Startup:ff06a16c ] (14:03) Reg(0xBD) Data(0x0000)
[ Startup:ff06a16c ] (14:03) Reg(0xBF) Data(0x0001)
[ Startup:ff06a16c ] (14:03) Reg(0xC1) Data(0x0004)
[ Startup:ff06a16c ] (14:03) Reg(0xC3) Data(0x0005)
[ Startup:ff06a16c ] (14:03) Reg(0xC5) Data(0x000d)
[ Startup:ff06a16c ] (14:03) Reg(0xC7) Data(0x0070)
[ Startup:ff06a16c ] (14:03) Reg(0xC9) Data(0x0010)
[ Startup:ff06a16c ] (14:03) Reg(0xCB) Data(0x0000)
[ Startup:ff06a16c ] (14:03) Reg(0x31) Data(0x0002)
[ Startup:ff06a16c ] (14:03) Reg(0x21) Data(0x0001)
[ Startup:ff06a16c ] (14:03) Reg(0x21) Data(0x0002)
[ Startup:ff06a16c ] (14:03) Reg(0x21) Data(0x0006)
[ Startup:ff06a16c ] (14:03) Reg(0x3B) Data(0x001b)
[ Startup:ff06a16c ] (14:03) Reg(0x6B) Data(0x0010)
Dmstate: 0x39DD0
PropState: 0x38DB0
MFCMGRState: 0x39B50
EmState 0x36F24
FMnormalState 0x38558
SrmState 0x36FD0
Srmexmem1State 0x3702C
Srmexmem2State 0x37030
ScsState 0x35A74
ScseshutState 0x35A78
ScssrState 0x35A7C
SbsState 0x35AE8
SpsState 0x35B60
TomState 0x38500
FssState 0x36E94
AudioLevelStateSig 0x38CD0
SdsFrontState 0x36158
SdsFrontState 0x3615C
SdsFrontState 0x36160
SdsFrontState 0x36164
SdsFrontState 0x36168
SdsRearState 0x36078
SdsRearState 0x3607C
SdsRearState 0x36080
SoundEffetStateSig 0x38CDC
AsifState 0x38CF0
ActrlState 0x3D9DC
MovwState 0x3872C
MovrecState 0x38744
MovplayState 0x38750
MovrState 0x3BBE8
LvcdevState 0x37EE4
GmtState 0x933F68 // somehow off but valid
GmtMovieState 0x933F6C
GmtwakuState 0x933F70
EvfState 0x37930
ColorcalcState 0x380F8
AewbState 0x941C70
LvfaceState 0x37990
MotionDetectState 0x37DE8
MotionManagerState 0x94BB10
UsbControlPipe 0x6135C
UsbDataPipeBulkIn 0x61360
UsbDataPipeBulkOut 0x61364
UsbDataPipeInterupt 0x61368
UsbDeviceEvent 0x6136C
PtpdpsState 0x98D644
CeresState 0x38540
FcsState 0x36EA4
NwComState 0x3A504
MetactgState 0x3BC50
FrState 0xA478B4
FwState 0xA47AF0
VoiState 0x3BB34
SoundState 0x3BBCC
WavreaderState 0x40400
MrkState 0x3BB20
RdState 0x38124
DpState 0x371B4
DpimgeditState 0x3792C
InnerdevelopState 0x39C68
SasState 0x36270
SasState 0x36274
SasState 0x36278
SasState 0x3627C
SasState 0x36280
DisplayState 0x318B8
DisplayStateWithImgMute 0x318BC
stefan@morbo-3: ~/Develop/qemu% l /Volumes/EOS_DIGITAL/ML/modules/1300D_110.sym
-rwxrwxrwx 1 stefan staff 34K 15 Jan 22:13 /Volumes/EOS_DIGITAL/ML/modules/1300D_110.sym
#define DISPLAY_STATEOBJ (*(struct state_object **)0x2480) // posible: 0x000318C8
#define EVF_STATE (*(struct state_object **)0x3737C) // hope this is correct
#define MOVREC_STATE (*(struct state_object **)0x5720) // still 600D
#define SDS_FRONT3_STATE (*(struct state_object **)0x3660) // still 600D
[DM] FROM Write Complete!!!
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 354
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 314
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 354
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 314
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 354
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 314
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 354
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 314
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 354
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 314
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 354
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 314
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 354
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 314
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 354
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 314
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 354
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 314
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 354
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 314
ASSERT : SystemIF::KerSem.c, Task = ml_init, Line 354
HELLO WORLD
firmware signature = 0xCD13B11F
firmware signature = 0xCD13B11F
start MY BIG INIT
start _find_ml_card
start is_dir
Searching for A:/ML
< Error Exception>
TYPE : 4
ISR : 0
TASK IDSR : 50135115
TASK Name : ml_init
R 0 : 2fa9874
R 1 : 1ff
R 2 : 10aadc
R 3 : 1a9874
R 4 : 11de24
R 5 : 10ab88
R 6 : 10ab11
R 7 : 212
R 8 : 108506
R 9 : 19980198
R10 : 19980218
R11 : ff
R12 : 19980218
R13 : 1a9860
R14 : d157c
PC : ff1f94d8
CPSR : 13
1406: 736.000 [STARTUP] ###exceptionhandlercbr 0xff1f94d8 0
1407: 737.280 [STARTUP] #####exceptionhandlercbr 0xff1f94d8
1430: 737.536 [STARTUP] Exception : Time 2017/9/30 13:15:0
< Error Exception>
TYPE : 4
ISR : 0
TASK IDSR : 1318396
TASK Name : FileMgr
R 0 : 6cfe0c08
R 1 : 84fe0c08
R 2 : b0fe0c08
R 3 : cc000004
R 4 : 34fe0c08
R 5 : 4c0010b0
R 6 : 10b0
R 7 : 0
R 8 : 0
R 9 : 0
R10 : 0
R11 : 0
R12 : 0
R13 : 4f4ac
R14 : 0
PC : 0
CPSR : c8100008
Fixing from FE1296C8 to FE1298AC
FE1296D0: EBFE5CDE BL FFFE5CDE => FE0C0A50
FE1296D0: !!!! can not fixup jump from 0010232C to FE0C0A50 (offset -00810639)
FE1296F4: EB00006D BL 0000006D => FE1298B0
FE129704: EBFE692E BL FFFE692E => FE0C3BC4
FE129704: !!!! can not fixup jump from 00102360 to FE0C3BC4 (offset -0080F9E9)
FE129718: EBFE6960 BL FFFE6960 => FE0C3CA0
FE129718: !!!! can not fixup jump from 00102374 to FE0C3CA0 (offset -0080F9B7)
FE12972C: EBFE6B8C BL FFFE6B8C => FE0C4564
FE12972C: !!!! can not fixup jump from 00102388 to FE0C4564 (offset -0080F78B)
FE12973C: EB0673CD BL 000673CD => FE2C6678
FE12974C: EBFE5E80 BL FFFE5E80 => FE0C1154
FE12974C: !!!! can not fixup jump from 001023A8 to FE0C1154 (offset -00810497)
FE129760: EAFE60FE B FFFE60FE => FE0C1B60
FE129760: !!!! can not fixup jump from 001023BC to FE0C1B60 (offset -00810219)
FE129770: EB7B63AD BL 007B63AD => 0000262C
FE129780: EAFE5DF0 B FFFE5DF0 => FE0C0F48
FE129780: !!!! can not fixup jump from 001023DC to FE0C0F48 (offset -00810527)
FE12979C: 7A697320 B 00697320 => FFB86424
FE129814: 745F7469 LD 7, 15, ' => FE1293B3: 745F7164 356 data=812014E5
FE129830: EB066FA7 BL 00066FA7 => FE2C56D4
FE129844: EB066F8F BL 00066F8F => FE2C5688
FE129854: E51F6050 LD 6, 15, 80 => FE1298AC: E51F61A0 416 data=FE884A48
FE12987C: EB066FF3 BL 00066FF3 => FE2C5850
Fixups=10231C entry=102324 free_space=8
Fixing from FE0C1B60 to FE0C1EB8
FE0C1B6C: EBFFFDB5 BL FFFFFDB5 => FE0C1248
FE0C1B6C: !!!! can not fixup jump from 00102554 to FE0C1248 (offset -008104C5)
FE0C1B70: EB015F55 BL 00015F55 => FE1198CC
FE0C1B7C: EB01961C BL 0001961C => FE1273F4
FE0C1B80: EB7D0641 BL 007D0641 => 0000348C
FE0C1B8C: EB7D090E BL 007D090E => 00003FCC
FE0C1B9C: EB7D0667 BL 007D0667 => 00003540
FE0C1BA0: EB01795A BL 0001795A => FE120110
FE0C1BBC: EB7D0300 BL 007D0300 => 000027C4
FE0C1BE4: EB7D0353 BL 007D0353 => 00002938
FE0C1C0C: EB7D03BE BL 007D03BE => 00002B0C
FE0C1C30: EB7D042B BL 007D042B => 00002CE4
FE0C1C44: EB7D081C BL 007D081C => 00003CBC
FE0C1C48: EB017DD3 BL 00017DD3 => FE12139C
FE0C1C50: EB019C21 BL 00019C21 => FE128CDC
FE0C1C60: EB017AE3 BL 00017AE3 => FE1207F4
FE0C1C64: EB01885A BL 0001885A => FE123DD4
FE0C1C6C: EB018094 BL 00018094 => FE121EC4
FE0C1C70: EB017CDB BL 00017CDB => FE120FE4
FE0C1C74: EB01897A BL 0001897A => FE124264
FE0C1C78: EB0189C2 BL 000189C2 => FE124388
FE0C1C84: EB0187D7 BL 000187D7 => FE123BE8
FE0C1C88: EB0187EA BL 000187EA => FE123C38
FE0C1C94: EB01807C BL 0001807C => FE121E8C
FE0C1CA0: EB018079 BL 00018079 => FE121E8C
FE0C1CAC: EB018076 BL 00018076 => FE121E8C
FE0C1CB8: EB018073 BL 00018073 => FE121E8C
FE0C1CC4: EB018070 BL 00018070 => FE121E8C
FE0C1CD0: EB01806D BL 0001806D => FE121E8C
FE0C1CDC: EB01806A BL 0001806A => FE121E8C
FE0C1CFC: EB01750D BL 0001750D => FE11F138
FE0C1D08: EB01767B BL 0001767B => FE11F6FC
FE0C1D10: EB7D07F7 BL 007D07F7 => 00003CF4
FE0C1D18: EBFFFC67 BL FFFFFC67 => FE0C0EBC
FE0C1D18: !!!! can not fixup jump from 00102700 to FE0C0EBC (offset -00810613)
FE0C1D34: EB017596 BL 00017596 => FE11F394
FE0C1D48: EB017591 BL 00017591 => FE11F394
FE0C1D50: EB013313 BL 00013313 => FE10E9A4
FE0C1D70: EB0047FE BL 000047FE => FE0D3D70
FE0C1D70: !!!! can not fixup jump from 00102758 to FE0D3D70 (offset -0080BA7C)
FE0C1D78: E51F4848 LD 4, 15, 0 => FE0C1538: E51F4230 560 data=000310AC
FE0C1D90: 1B01757F BL 0001757F => FE11F394
FE0C1D9C: EB00488A BL 0000488A => FE0D3FCC
FE0C1D9C: !!!! can not fixup jump from 00102784 to FE0D3FCC (offset -0080B9F0)
FE0C1DA0: EB0177FA BL 000177FA => FE11FD90
FE0C1DA4: EB017494 BL 00017494 => FE11EFFC
FE0C1DA8: EB0190C9 BL 000190C9 => FE1260D4
FE0C1DAC: EB001112 BL 00001112 => FE0C61FC
FE0C1DAC: !!!! can not fixup jump from 00102794 to FE0C61FC (offset -0080F168)
FE0C1DB0: EB019E9B BL 00019E9B => FE129824
FE0C1DCC: EB7D06CA BL 007D06CA => 000038FC
FE0C1EA4: 6B736154 BL 00736154 => FFD9A3FC
FE0C1EB0: E51F1980 LD 1, 15, . => FE0C1538: E51F1364 868 data=000310AC
Fixups=102540 entry=102548 free_space=8
/* relative jumps in ARM mode are +/- 32 MB */
/* make sure we can reach anything in the ROM (some code, e.g. patchmgr, depend on this) */
uint32_t jump_limit = (uint32_t) &_bss_end - 32 * 1024 * 1024;
if (jump_limit > 0xFF000000 || jump_limit < 0xFC000000)
{
print_serial("[BOOT] warning: cannot use relative jumps to anywhere in the ROM (limit=%x)\n", jump_limit);
Page created in 0.081 seconds with 13 queries.