Wikia

CHDK Wiki

Srsa 4c/A420 FileWriteTask

Talk0
570pages on
this wiki

< User:Srsa 4c

The following serves as a proof-of-concept to prevent writing of files handled by this task.

void __attribute__((naked,noinline)) filewrite_task() {
 asm volatile( //@FFC524F0
"             STMFD   SP!, {R4,LR}\n"
"             LDR     R4, =0x1ADCC\n"
"             SUB     SP, SP, #4\n"
"             B       loc_FFC52524\n"
" loc_FFC52500:\n"
"             TST     R3, #4\n"
"             BEQ     loc_FFC52520\n"
"             LDR     R0, [R4]\n"
"             BL      sub_FFC0FB48\n" // ClearEventFlag
"             LDR     R0, [R4]\n"
"             MOV     R1, #8\n"
"             BL      sub_FFC0F9AC\n" // SetEventFlag
"             B       loc_FFC52524\n"
" loc_FFC52520:\n"
"             BL      sub_FFC52438_my\n" //->
" loc_FFC52524:\n"
"             MOV     R1, #7\n" // 1+2+4
"             LDR     R0, [R4]\n"
"             MOV     R2, #0\n"
"             BL      sub_FFC0F98C\n" // WaitForEventFlag_1
"             CMP     R0, #0\n"
"             MOV     R1, SP\n"
"             BEQ     loc_FFC52554\n"
"             MOV     R1, #0x2B0\n"
"             LDR     R0, =0xFFC5238C\n" // "dwFWrite.c"
"             ADD     R1, R1, #1\n"
"             BL      sub_FFC03AEC\n" // DebugAssert
"             B       loc_FFC5256C\n"
" loc_FFC52554:\n"
"             LDR     R0, [R4]\n"
"             BL      sub_FFC0FB98\n" // GetEventFlagValue
"             LDR     R3, [SP]\n" // local variable
"             TST     R3, #2\n"
"             MOV     R1, #5\n"
"             BEQ     loc_FFC52500\n"
" loc_FFC5256C:\n"
"             LDR     R3, =0x1ADD0\n"
"             LDR     R0, [R3]\n"
"             BL      sub_FFC10E58\n" // GiveSemaphore
"             BL      sub_FFC11620\n" // ExitTask
"             ADD     SP, SP, #4\n"
"             LDMFD   SP!, {R4,PC}"
    );
}

void __attribute__((naked,noinline)) sub_FFC52438_my() {
 asm volatile(
/*
cases called in this order (while shooting single jpeg): 0 1 1 2 2
*/
"             STMFD   SP!, {R4,R5,LR}\n"
"             LDR     R2, =0x1ADB0\n"
"             LDRH    R3, [R2]\n"
"             SUB     R3, R3, #1\n"
"             CMP     R3, #3\n"
"             LDRLS   PC, [PC,R3,LSL#2]\n"
"             B       loc_FFC52484\n"
"             .long   loc_FFC52464\n"
"             .long   loc_FFC52474\n"
"             .long   loc_FFC52474\n"
"             .long   loc_FFC52474\n"
" loc_FFC52464:\n"
"             LDR     R0, =0x1AD70\n" // case 0: open
/*
0x1ad70 + 0x1c: address of the filename
*/
"             BL      sub_FFC522E4_my\n" //->
"             MOV     R4, R0\n"
"             B       loc_FFC52488\n"
" loc_FFC52474:\n"
"             LDR     R0, =0x1AD70\n" // cases 1-3: write, close
"             BL      sub_FFC52398\n"
"             MOV     R4, R0\n"
"             B       loc_FFC52488\n"
" loc_FFC52484:\n"
"             MOV     R4, #1\n" // default case
" loc_FFC52488:\n"
"             CMP     R4, #0\n"
"             MOV     R1, #1\n"
"             LDMEQFD SP!, {R4,R5,PC}\n" // happens in every call except the last one
"             LDR     R3, =0x1ADCC\n"
"             LDR     R0, [R3]\n"
"             BL      sub_FFC0FB48\n" // ClearEventFlag
"             LDR     R3, =0x1ADD8\n"
"             LDR     R5, [R3]\n"
"             LDR     R1, =0x1ADD4\n"
"             LDR     R12, =0x24F4\n"
"             MOV     R3, #1\n"
"             MOV     R2, #0\n"
"             CMP     R5, #0\n"
"             STR     R3, [R1]\n"
"             MOV     R0, R4\n"
"             STR     R2, [R12]\n"
"             LDMEQFD SP!, {R4,R5,PC}\n"
"             MOV     LR, PC\n"
"             MOV     PC, R5\n" // sub_ffc50804, this is the last action on file save
"             LDMFD   SP!, {R4,R5,PC}\n"
    );
}

void __attribute__((naked,noinline)) sub_FFC522E4_my() {
 asm volatile(
"             STMFD   SP!, {R4-R6,LR}\n"
"             MOV     R4, R0\n"
"             ADD     R5, R4, #0x1C\n"
"             MOV     R0, R5\n"
"             BL      sub_FFC51FBC\n" // check for A/ and then takes file semaphore
"             LDR     R0, [R4,#0x3C]\n"
"             BL      sub_FFC5B034\n" // [0x256c] = r0
"             LDR     R3, [R4]\n"
"             MOV     R1, #0x600\n"
"             TST     R3, #0x10000\n"
"             ADD     R1, R1, #1\n"
"             MOV     R2, #0x1B4\n"
"             ORRNE   R1, R1, #0x8000\n"
"             LDR     R3, [R4,#0x3C]\n"
"             ADD     R2, R2, #2\n" // 0x1b6, 666 octal
//"           MOV     R0, R5\n" //- filename

"             ldr     r0, =loc_mynull\n" //+ trial: try to open the null device

"             BL      sub_FFC520C0\n" // open, returns handle in r0
"             MOV     R1, R4\n"
"             MOV     R2, R0\n"
"             MOV     R4, #0\n"
"             LDR     R3, =0x1ADB4\n"
"             CMP     R2, R4\n"
"             LDR     R6, =0x1ADB0\n"
"             MOV     R0, R5\n"
"             STR     R2, [R3]\n" // file handle stored at 0x1adb4
"             BGT     loc_FFC52364\n"
"             BL      sub_FFC51FD0\n" // check for A/ and give file semaphore
"             ldr     r0, =0x9200001\n"
"             BL      sub_FFC4FCC4\n" // [0x24e8]    = r0
"             MOV     R0, #2\n" // return 2
"             LDMFD   SP!, {R4-R6,PC}\n"
" loc_FFC52364:\n"
"             LDR     R3, =0x1ADB8\n"
"             LDRH    R0, [R6]\n" // state variable for filewritetask
"             STR     R4, [R3]\n"
"             BL      sub_FFC52234\n" // statemachine_filewritetask
"             STRH    R0, [R6]\n" // next state
"             MOV     R0, R4\n" // return 0
"             LDMFD   SP!, {R4-R6,PC}\n"
" loc_mynull:\n"
"             .long   0x6c756e2f\n" // "/null"
"             .long   0x0000006c\n"
    );
}

Around Wikia's network

Random Wiki