Author Topic: Full-resolution silent pictures (silent.mo)  (Read 751605 times)

elakrab

  • New to the forum
  • *
  • Posts: 3
Re: Full-resolution silent pictures (silent.mo)
« Reply #1100 on: Yesterday at 09:51:30 PM »
Ok, I think I have figured out how to read the two first addrs. Well, I have some doubts with capture_err_time_addr, because the instructions here:
https://www.magiclantern.fm/forum/index.php?topic=12523.msg171606#msg171606
and
https://www.magiclantern.fm/forum/index.php?topic=12523.msg170756#msg170756
give somehow different recipes to obtain it

Code: [Select]
ff158b64:   e28f2f7d    add r2, pc, #500    ; ff158d60: (42736373)  *"scsBulbEnd"
ff158b68:   e20000ff    and r0, r0, #255    ; 0xff 
ff158b6c:   e3a01003    mov r1, #3
ff158b70:   eb3ab714    bl  loc_67c8
ff158b74:   e51f03c0    ldr r0, [pc, #-960] ; ff1587bc: (000760e8)
ff158b78:   e3a01001    mov r1, #1
ff158b7c:   e5801014    str r1, [r0, #20]
ff158b80:   e5900004    ldr r0, [r0, #4]
ff158b84:   e8bd8010    pop {r4, pc}

and

Code: [Select]
ff1c56a0:   e28f20f4    add r2, pc, #244    ; ff1c579c: (435f4146)  *"FA_CaptureTestImage(hJob:%#lx)"
ff1c56a4:   e1a03004    mov r3, r4
ff1c56a8:   e3a01016    mov r1, #22
ff1c56ac:   e3a00090    mov r0, #144    ; 0x90
ff1c56b0:   eb390444    bl  loc_67c8
ff1c56b4:   e1a00004    mov r0, r4
ff1c56b8:   ebfc5756    bl  loc_ff0db418
ff1c56bc:   e51f41b8    ldr r4, [pc, #-440] ; [b]ff1c550c[/b]: (80040000)
ff1c56c0:   e3a02004    mov r2, #4
ff1c56c4:   e1a0100d    mov r1, sp
ff1c56c8:   e1a00004    mov r0, r4
ff1c56cc:   ebfffbe5    bl  loc_ff1c4668
ff1c56d0:   e59d0000    ldr r0, [sp]
ff1c56d4:   e3a02004    mov r2, #4
ff1c56d8:   e3800004    orr r0, r0, #4
loc_ff1c56dc: ; 3 refs
ff1c56dc:   e58d0000    str r0, [sp]
ff1c56e0:   e1a0100d    mov r1, sp
ff1c56e4:   e1a00004    mov r0, r4
ff1c56e8:   ebfffb26    bl  loc_ff1c4388
ff1c56ec:   e3a00014    mov r0, #20
ff1c56f0:   eb390fe4    bl  loc_9688
ff1c56f4:   e51f11d8    ldr r1, [pc, #-472] ; ff1c5524: (ff1c52b4)
ff1c56f8:   e24f0f76    sub r0, pc, #472    ; ff1c5528: (525f4146)  *"FA_RegisterPostNextCBR"
ff1c56fc:   ebfe044e    bl  loc_ff14683c
ff1c5700:   ebfc5754    bl  loc_ff0db458
ff1c5704:   e28f00b0    add r0, pc, #176    ; ff1c57bc: (5f746873)  *"sht_FA_ReleaseStart"
ff1c5708:   eb05b14d    bl  loc_ff331c44
ff1c570c:   e3a00014    mov r0, #20
ff1c5710:   eb390fdc    bl  loc_9688
ff1c5714:   ebfc5758    bl  loc_ff0db47c
ff1c5718:   e28f00b0    add r0, pc, #176    ; ff1c57d0: (5f746873)  *"sht_FA_ReleaseData"
ff1c571c:   eb05b148    bl  loc_ff331c44
ff1c5720:   e51f05cc    ldr r0, [pc, #-1484]    ; ff1c515c: (00078704)
ff1c5724:   e51f11a4    ldr r1, [pc, #-420] ; ff1c5588: (00004e20)
ff1c5728:   e5900010    ldr r0, [r0, #16]
ff1c572c:   eb390e9e    bl  loc_91ac
ff1c5730:   e3100001    tst r0, #1
ff1c5734:   159f2050    ldrne   r2, [pc, #80]   ; ff1c578c: (ff1c518c)  **"ERROR TakeSemaphore"


At some point I see

Code: [Select]
ff1cab44:   ebfdef3c    bl  loc_ff14683c
ff1cab48:   e59d0044    ldr r0, [sp, #68]   ; 0x44
ff1cab4c:   e59011a8    ldr r1, [r0, #424]  ; 0x1a8
ff1cab50:   e51f0cdc    ldr r0, [pc, #-3292]    ; ff1c9e7c: (ff1c83f4)  **"FA_SetChannelNum"
ff1cab54:   ebfdef38    bl  loc_ff14683c
ff1cab58:   ea00000c    b   loc_ff1cab90
[b]ff1cab5c[/b]:   00004e20    andeq   r4, r0, r0, lsr #28
ff1cab60:   ff1c9dd0            ; <UNDEFINED> instruction: 0xff1c9dd0
ff1cab64:   ff1c9df0            ; <UNDEFINED> instruction: 0xff1c9df0
ff1cab68:   ff1c9e04            ; <UNDEFINED> instruction: 0xff1c9e04
ff1cab6c:   ff1c9e24            ; <UNDEFINED> instruction: 0xff1c9e24
ff1cab70:   ff1c9e40            ; <UNDEFINED> instruction: 0xff1c9e40
ff1cab74:   ff1c9e58            ; <UNDEFINED> instruction: 0xff1c9e58

So, in summary, bulb_end_addr = 000760e8 + #20 (dec) = 00760FC and  capture_err_time_addr = 0xFF1C550C ? (line ff1c56bc:   e51f41b8    ldr r4, [pc, #-440] ;) or is it 0xFF1CAB5C? (line: 00004e20    andeq   r4, r0, r0, lsr #28)

Code: [Select]
if (is_camera("6D",  "1.1.6"))
    {
        bulb_end_addr = 0x760FC // or 0x760F8 ??;
        capture_err_time_addr = 0xFF1C550C; // or 0xFF1CAB5C ???
        frsp_tv_addr = ???; // cameras with SHOOTMODE_BULB need fake SHUTTER_BULB
}

What I don't know is how to get the frsp_tv_addr. There is a script from Greg, but I really don't know what to do with it. How do I compile it? Or is there any way to look for it directly in the BIN file like for the other two addrs?

Link to the ROM1.BIN.DIS: https://drive.google.com/file/d/1Y9X8V07nVk2IqeodRrBkdPfgQqmX7CdK/view?usp=share_link
Link to the ROM1.BIN: https://drive.google.com/file/d/1jwIpmLbgh9X2rajzJBLbVAu4PTywTWtb/view?usp=share_link