Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - critix

#101
For copy to img, use:
./mtools_copy_ml.sh ../magic-lantern/minimal/hello-world/zip/
#102
I think it would be better to create a new digic4+ branch because the 1300D is not the only digic4+.
#103
Yes, create directory 1300D in minimal, and in this directory create file "Makefile" with this:
MODEL=1300D
include ../Makefile.minimal

Then run again.
#104
For run "Hello Word" try this (of course, from qemu):
Quote from: a1ex on August 20, 2018, 09:53:25 PM
Hopefully done; I could finally compile the installer and other minimal examples!


cd minimal/hello-world
make MODEL=1300D clean
make MODEL=1300D install_qemu CONFIG_QEMU=y

#105
You need Xming installed in windows and turned on.
https://sourceforge.net/projects/xming/
or
http://www.straightrunning.com/XmingNotes/
Then run again.
#106
Quote from: a1ex on January 28, 2019, 12:56:47 PM
I'll try, but the solution is not straightforward.
....
Now, the hard part - clean up the code and commit it :D

Still need to find a general solution for patching arbitrary functions in Canon code (i.e. to implement long jump support in the patch manager).
Alex, you have not succeeded to find solution for patching arbitrary functions?
It seems that without being able to solve this part, it can not go further with ML to 1300D, 2000D ...
Thanks
#107
Camera-specific Development / Re: Canon 500D / T1i
March 08, 2019, 05:13:02 PM
Thanks. Tomorrow i will search new stubs...
#108
Camera-specific Development / Re: Canon 500D / T1i
March 08, 2019, 10:32:26 AM
Hello
I have enabled MLV_Lite and MLV_Rec.
Unfortunately, after starting the movie, it stops automatically ...
QuoteBusy ... please wait
. That's when I use RAW video, with 10bit or 12bit.
When I activate RAW video (MLV) I receive:
QuoteAllocating 122MiB backup
. And then, after 2 seconds, I get
QuoteFrame skipped
and stops with
QuoteBusy ... please wait
. That's at 10bit and 12bit.
Should I test otherwise?
#109
Camera-specific Development / Re: ML on EOS-M2
February 03, 2019, 06:27:26 PM
No, I use:
/disassemble.pl 0x1000000 RAM4.BIN
[Edit]
If you use prop_diag with the camera, then in prop_diag you have to put the offset. If you use offline, then you do not need offset.
That's why I'm trying with that script.
#110
Camera-specific Development / Re: ML on EOS-M2
February 03, 2019, 05:51:07 PM
QuoteI got prop_diag working as a stand alone app and was able to parse ROM1.BIN but am stuck trying to figure out how to parse the RAM4.BIN, especially, "...around the known address..." As Sergeant Schultz would say, "I know nothing!"
Starting from https://www.magiclantern.fm/forum/index.php?topic=12177.msg117735#msg117735 I tried to unblock RAM4.BIN. The problem is I do not know what offset to use.
I tried with 0xF0000000 and with 0xE0000000. The RAM4.BIN.strings file resulted. No matter what offset I've tried, the files are the same. Still running disassemble.pl, so I still do not have a result. I will return with a result when it is ready.

[Edit]
Maybe I got the offset wrong. Looking in the source, I found that RAM4 is saved with offset 0x10000000. So I run the script with offset 0x10000000. Let's see what's coming out.
#111
QuoteCouldn't just add a 4000D directory because it is not supported yet
It's work... I add a 4000D directory and run it... it's work
A step forward: D
#112
Thank you.
Is there a 4000D branch?
Now I'm working on the values in the stubs.S file
#113
You can give me the files ROM0 and ROM1?
Thanks
#114
Okay ... a small step forward in working with logs ... but ... other problems ...
A1ex, can you help me?
[boot] copy_and_restart 0xc80000 (13107200)
[BOOT] changing init_task from 0xfe1296c8 (-32336184) to 0xc804b0 (13108400)
[BOOT] autoexec.bin loaded at C80000 - CFCE40.
[BOOT] calling local pre_init_task C803E4...
[BOOT] changing AllocMem end address: D00000 -> C80000.
0xfe0c1b74:  e3a0160d      mov  r1, #13631488   ; 0xd00000
0xfe0c1b78:  e3a0082d      mov  r0, #2949120    ; 0x2d0000
0xfe0c1b74:  e3a018c8      mov  r1, #13107200   ; 0xc80000
0xfe0c1b78:  e3a0082d      mov  r0, #2949120    ; 0x2d0000
[BOOT] calling pre_init_task C80CA8...
[BOOT] installing task dispatch hook at 0x35924 (219428)
[BOOT] reserved 524288 bytes for ML (used 511552)
ICache: 8192b, idx=7e0 tag=fffff800 word=1c seg=c0000000
Jump range error: cf37a0 -> fe2993b8
Patch error at fe2993b4 (jump out of range)
Jump range error: cf37a0 -> fe10fa74
Patch error at fe10fa70 (jump out of range)
[BOOT] starting init_task 14B70C...
K404 READY
< Error Exception >
TYPE : undefined
ISR  : FALSE
TASK ID   : 00020002
TASK Name : init
R 0  : 00000000
R 1  : 00000001
R 2  : fe123d6c
R 3  : 00000001
R 4  : 00031e44
R 5  : 00000000
R 6  : 00c804b0
R 7  : 19980218
R 8  : 19980218
R 9  : 19980218
R10  : 19980218
R11  : 19980218
R12  : 0014bb40
R13  : 0014b6d8
R14  : fe123c98
PC   : fccc1a34
CPSR : 80000093
[****] Starting task fe2bafd0(0) PowerMgr
#115
Quote from: Walter Schulz on January 26, 2019, 07:10:37 PM
Thanks for testing!
Which lens was mounted?
I use Canon 18-55mm STM.
#116
OK, I did the test on 500D  ... Unfortunately, after the focus is found, the camera shoots like a crazy ...
Just like in your description. So this camera does not work well either.
#117
Okay, I'll test, but with what build?
#118
A big step forward ...
I was able to create the DM-0000.LOG file, but with 0 bytes.
I found what was wrong ... now I'm trying to find the solution to save the log ...
I'm not leaving, I want to run ML on 1300D  :D

Unpatch error at fe2993b4 (NOT_PATCHED)
Unpatch error at fe10fa70 (NOT_PATCHED)
Unpatch error at fe11f394 (NOT_PATCHED)
[NotifyBox] dm-0000.log: saved 0 bytes.
#119
I have succeeded with io_trace_full to start in qemu, but the same ... crash:
ASSERT: 0
at SystemIF::KerSem.c:354, PropMgr:337c
lv:0 mode:0

PropMgr stack: 151240 [151360-150360]
0xUNKNOWN  @ 41fc:151350
0xUNKNOWN  @ fe2c2170:151328
0xFE2BE970 @ fe10bc8c:151310
0xUNKNOWN  @ fe2be9a0:151300
0xUNKNOWN  @ fe2bea28:1512e0
0xUNKNOWN  @ fe294cf4:1512a8
0xUNKNOWN  @ c9cbb8:151280
0x00003CBC @ 3378:151278
0x00C80378 @ c80804:151240

Magic Lantern version : Nightly.2019Jan25.1300D110
Mercurial changeset   : 296fdfb5f8d0+ (io_trace_full)
Built on 2019-01-25 16:23:14 UTC by root@cristi.
Free Memory  : 260K + 898K

I do not manage to write my logs at all ...
#120
Looks like I'm wrong ... it looks like qemu is not blocking ....
I run:
./run_canon_fw.sh 1300D,firmware="boot=1"  -d tasks
and here is the result ...
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x374
00C803AC: MCR p15,3,Rd,cr15,cr1,0:  IcacheTag <- 0xFE0C1B70
00C803B0: MCR p15,3,Rd,cr15,cr3,0:  IcacheVal <- 0xE3A018C8
Cache patch: [FE0C1B74] <- E3A018C8 (was E3A0160D)
Task switch to idle:fe0c08d0                                                     at [idle:197c:197c]
Task switch to init:5cc                                                          at [init:1d84:1d84]
Task switch to idle:fe0c08d0                                                     at [idle:197c:197c]
Task switch to init:5cc                                                          at [init:1d84:1d84]
Task switch to idle:fe0c08d0                                                     at [idle:197c:197c]
Task switch to init:5cc                                                          at [init:1d84:1d84]
Task switch to idle:fe0c08d0                                                     at [idle:197c:197c]
Task switch to init:5cc                                                          at [init:1d84:1d84]
Task switch to idle:fe0c08d0                                                     at [idle:197c:197c]
Task switch to init:5cc                                                          at [init:1d84:1d84]
Task switch to idle:fe0c08d0                                                     at [idle:197c:197c]
Task switch to init:5cc                                                          at [init:1d84:1d84]
Task switch to idle:fe0c08d0                                                     at [idle:197c:197c]
Task switch to init:5cc                                                          at [init:1d84:1d84]
....

#121
I tried with io_trace branch but unfortunately qemu stops ... as in dm-spy-experiments:
00C80430: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x320
Lockdown read 2
00C80434: MRC p15,3,Rd,cr15,cr2,0:  DcacheTag -> 0x0
00C803BC: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x320
00C803C0: MCR p15,3,Rd,cr15,cr2,0:  DcacheTag <- 0xFE0C3B30
00C803C4: MCR p15,3,Rd,cr15,cr4,0:  DcacheVal <- 0xFE1296C8
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x324
00C803C0: MCR p15,3,Rd,cr15,cr2,0:  DcacheTag <- 0xFE0C3B30
00C803C4: MCR p15,3,Rd,cr15,cr4,0:  DcacheVal <- 0xE12FFF1E
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x328
00C803C0: MCR p15,3,Rd,cr15,cr2,0:  DcacheTag <- 0xFE0C3B30
00C803C4: MCR p15,3,Rd,cr15,cr4,0:  DcacheVal <- 0xE92D400E
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x32C
00C803C0: MCR p15,3,Rd,cr15,cr2,0:  DcacheTag <- 0xFE0C3B30
00C803C4: MCR p15,3,Rd,cr15,cr4,0:  DcacheVal <- 0xE59F0254
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x330
00C803C0: MCR p15,3,Rd,cr15,cr2,0:  DcacheTag <- 0xFE0C3B30
00C803C4: MCR p15,3,Rd,cr15,cr4,0:  DcacheVal <- 0xE3A010FF
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x334
00C803C0: MCR p15,3,Rd,cr15,cr2,0:  DcacheTag <- 0xFE0C3B30
00C803C4: MCR p15,3,Rd,cr15,cr4,0:  DcacheVal <- 0xE5CD1008
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x338
00C803C0: MCR p15,3,Rd,cr15,cr2,0:  DcacheTag <- 0xFE0C3B30
00C803C4: MCR p15,3,Rd,cr15,cr4,0:  DcacheVal <- 0xE3A01000
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x33C
00C803C0: MCR p15,3,Rd,cr15,cr2,0:  DcacheTag <- 0xFE0C3B30
00C803C4: MCR p15,3,Rd,cr15,cr4,0:  DcacheVal <- 0xE58D0000
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x320
00C803C0: MCR p15,3,Rd,cr15,cr2,0:  DcacheTag <- 0xFE0C3B30
00C803C4: MCR p15,3,Rd,cr15,cr4,0:  DcacheVal <- 0xC80480
Cache patch: [FE0C3B20] <- C80480 (was FE1296C8)
00C803F4: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x374
Lockdown read 1
00C803F8: MRC p15,3,Rd,cr15,cr1,0:  IcacheTag -> 0x0
00C803A8: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x360
00C803AC: MCR p15,3,Rd,cr15,cr1,0:  IcacheTag <- 0xFE0C1B70
00C803B0: MCR p15,3,Rd,cr15,cr3,0:  IcacheVal <- 0xE92D4010
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x364
00C803AC: MCR p15,3,Rd,cr15,cr1,0:  IcacheTag <- 0xFE0C1B70
00C803B0: MCR p15,3,Rd,cr15,cr3,0:  IcacheVal <- 0xE24DD018
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x368
00C803AC: MCR p15,3,Rd,cr15,cr1,0:  IcacheTag <- 0xFE0C1B70
00C803B0: MCR p15,3,Rd,cr15,cr3,0:  IcacheVal <- 0xE28F0F9A
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x36C
00C803AC: MCR p15,3,Rd,cr15,cr1,0:  IcacheTag <- 0xFE0C1B70
00C803B0: MCR p15,3,Rd,cr15,cr3,0:  IcacheVal <- 0xEBFFFDB5
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x370
00C803AC: MCR p15,3,Rd,cr15,cr1,0:  IcacheTag <- 0xFE0C1B70
00C803B0: MCR p15,3,Rd,cr15,cr3,0:  IcacheVal <- 0xEB015F55
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x374
00C803AC: MCR p15,3,Rd,cr15,cr1,0:  IcacheTag <- 0xFE0C1B70
00C803B0: MCR p15,3,Rd,cr15,cr3,0:  IcacheVal <- 0xE3A0160D
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x378
00C803AC: MCR p15,3,Rd,cr15,cr1,0:  IcacheTag <- 0xFE0C1B70
00C803B0: MCR p15,3,Rd,cr15,cr3,0:  IcacheVal <- 0xE3A0082D
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x37C
00C803AC: MCR p15,3,Rd,cr15,cr1,0:  IcacheTag <- 0xFE0C1B70
00C803B0: MCR p15,3,Rd,cr15,cr3,0:  IcacheVal <- 0xEB01961C
00C80390: MCR p15,3,Rd,cr15,cr0,0: CacheDbgIdx <- 0x374
00C803AC: MCR p15,3,Rd,cr15,cr1,0:  IcacheTag <- 0xFE0C1B70
00C803B0: MCR p15,3,Rd,cr15,cr3,0:  IcacheVal <- 0xE3A018C8
Cache patch: [FE0C1B74] <- E3A018C8 (was E3A0160D)

I do not know what else I can do ... what  I do wrong?
Thanks.
#122
Camera-specific Development / Re: ML on EOS-M2
January 21, 2019, 06:59:41 PM
New stubs value found:

-NSTUB(0xFF3CF44C,  PlayMain_handler)
+NSTUB(0xFF787304,  PlayMain_handler)
#123
Camera-specific Development / Re: ML on EOS-M2
January 21, 2019, 09:37:16 AM
I did not run EOSM2.103_dm-spy-experiments branch in the EOSM2, but in qemu.
I do not have my device now.
#124
Camera-specific Development / Re: ML on EOS-M2
January 21, 2019, 07:52:32 AM
I took the EOSM2.103_dm-spy-experiments branch from you @dfort, I compiled with "CONFIG_DEBUG_INTERCEPT_STARTUP = y", but unfortunately, it does not save me a log. Do I miss something? Anything to be done?
#125
Yes, it boots in the Canon menu but does not save any logs. On the contrary, I have a Crash:
ASSERT: 0
at SystemIF::KerSem.c:354, PropMgr:337c
lv:0 mode:0

PropMgr stack: 151240 [151360-150360]
0xUNKNOWN  @ 41fc:151350
0xUNKNOWN  @ fe2c2170:151328
0xFE2BE970 @ fe10bc8c:151310
0xUNKNOWN  @ fe2be9a0:151300
0xUNKNOWN  @ fe2bea28:1512e0
0xUNKNOWN  @ fe294cf4:1512a8
0xUNKNOWN  @ c9c5b8:151280
0x00003CBC @ 3378:151278
0x00C80378 @ c807cc:151240

Magic Lantern version : Nightly.2019Jan21.1300D110
Mercurial changeset   : b8ed21b80b54+ (dm-spy-experiments)
Built on 2019-01-21 07:59:00 UTC by root@cristi.
Free Memory  : 260K + 898K

I compiled with:
CONFIG_DEBUG_INTERCEPT_STARTUP=y