Srsa 4c/A420 FileWriteTask
Talk0
538pages on
this wiki
this wiki
< User:Srsa 4c
The following serves as a proof-of-concept to prevent writing of files handled by this task.
void __attribute__((naked,noinline)) filewrite_task() {
asm volatile( //@FFC524F0
" STMFD SP!, {R4,LR}\n"
" LDR R4, =0x1ADCC\n"
" SUB SP, SP, #4\n"
" B loc_FFC52524\n"
" loc_FFC52500:\n"
" TST R3, #4\n"
" BEQ loc_FFC52520\n"
" LDR R0, [R4]\n"
" BL sub_FFC0FB48\n" // ClearEventFlag
" LDR R0, [R4]\n"
" MOV R1, #8\n"
" BL sub_FFC0F9AC\n" // SetEventFlag
" B loc_FFC52524\n"
" loc_FFC52520:\n"
" BL sub_FFC52438_my\n" //->
" loc_FFC52524:\n"
" MOV R1, #7\n" // 1+2+4
" LDR R0, [R4]\n"
" MOV R2, #0\n"
" BL sub_FFC0F98C\n" // WaitForEventFlag_1
" CMP R0, #0\n"
" MOV R1, SP\n"
" BEQ loc_FFC52554\n"
" MOV R1, #0x2B0\n"
" LDR R0, =0xFFC5238C\n" // "dwFWrite.c"
" ADD R1, R1, #1\n"
" BL sub_FFC03AEC\n" // DebugAssert
" B loc_FFC5256C\n"
" loc_FFC52554:\n"
" LDR R0, [R4]\n"
" BL sub_FFC0FB98\n" // GetEventFlagValue
" LDR R3, [SP]\n" // local variable
" TST R3, #2\n"
" MOV R1, #5\n"
" BEQ loc_FFC52500\n"
" loc_FFC5256C:\n"
" LDR R3, =0x1ADD0\n"
" LDR R0, [R3]\n"
" BL sub_FFC10E58\n" // GiveSemaphore
" BL sub_FFC11620\n" // ExitTask
" ADD SP, SP, #4\n"
" LDMFD SP!, {R4,PC}"
);
}
void __attribute__((naked,noinline)) sub_FFC52438_my() {
asm volatile(
/*
cases called in this order (while shooting single jpeg): 0 1 1 2 2
*/
" STMFD SP!, {R4,R5,LR}\n"
" LDR R2, =0x1ADB0\n"
" LDRH R3, [R2]\n"
" SUB R3, R3, #1\n"
" CMP R3, #3\n"
" LDRLS PC, [PC,R3,LSL#2]\n"
" B loc_FFC52484\n"
" .long loc_FFC52464\n"
" .long loc_FFC52474\n"
" .long loc_FFC52474\n"
" .long loc_FFC52474\n"
" loc_FFC52464:\n"
" LDR R0, =0x1AD70\n" // case 0: open
/*
0x1ad70 + 0x1c: address of the filename
*/
" BL sub_FFC522E4_my\n" //->
" MOV R4, R0\n"
" B loc_FFC52488\n"
" loc_FFC52474:\n"
" LDR R0, =0x1AD70\n" // cases 1-3: write, close
" BL sub_FFC52398\n"
" MOV R4, R0\n"
" B loc_FFC52488\n"
" loc_FFC52484:\n"
" MOV R4, #1\n" // default case
" loc_FFC52488:\n"
" CMP R4, #0\n"
" MOV R1, #1\n"
" LDMEQFD SP!, {R4,R5,PC}\n" // happens in every call except the last one
" LDR R3, =0x1ADCC\n"
" LDR R0, [R3]\n"
" BL sub_FFC0FB48\n" // ClearEventFlag
" LDR R3, =0x1ADD8\n"
" LDR R5, [R3]\n"
" LDR R1, =0x1ADD4\n"
" LDR R12, =0x24F4\n"
" MOV R3, #1\n"
" MOV R2, #0\n"
" CMP R5, #0\n"
" STR R3, [R1]\n"
" MOV R0, R4\n"
" STR R2, [R12]\n"
" LDMEQFD SP!, {R4,R5,PC}\n"
" MOV LR, PC\n"
" MOV PC, R5\n" // sub_ffc50804, this is the last action on file save
" LDMFD SP!, {R4,R5,PC}\n"
);
}
void __attribute__((naked,noinline)) sub_FFC522E4_my() {
asm volatile(
" STMFD SP!, {R4-R6,LR}\n"
" MOV R4, R0\n"
" ADD R5, R4, #0x1C\n"
" MOV R0, R5\n"
" BL sub_FFC51FBC\n" // check for A/ and then takes file semaphore
" LDR R0, [R4,#0x3C]\n"
" BL sub_FFC5B034\n" // [0x256c] = r0
" LDR R3, [R4]\n"
" MOV R1, #0x600\n"
" TST R3, #0x10000\n"
" ADD R1, R1, #1\n"
" MOV R2, #0x1B4\n"
" ORRNE R1, R1, #0x8000\n"
" LDR R3, [R4,#0x3C]\n"
" ADD R2, R2, #2\n" // 0x1b6, 666 octal
//" MOV R0, R5\n" //- filename
" ldr r0, =loc_mynull\n" //+ trial: try to open the null device
" BL sub_FFC520C0\n" // open, returns handle in r0
" MOV R1, R4\n"
" MOV R2, R0\n"
" MOV R4, #0\n"
" LDR R3, =0x1ADB4\n"
" CMP R2, R4\n"
" LDR R6, =0x1ADB0\n"
" MOV R0, R5\n"
" STR R2, [R3]\n" // file handle stored at 0x1adb4
" BGT loc_FFC52364\n"
" BL sub_FFC51FD0\n" // check for A/ and give file semaphore
" ldr r0, =0x9200001\n"
" BL sub_FFC4FCC4\n" // [0x24e8] = r0
" MOV R0, #2\n" // return 2
" LDMFD SP!, {R4-R6,PC}\n"
" loc_FFC52364:\n"
" LDR R3, =0x1ADB8\n"
" LDRH R0, [R6]\n" // state variable for filewritetask
" STR R4, [R3]\n"
" BL sub_FFC52234\n" // statemachine_filewritetask
" STRH R0, [R6]\n" // next state
" MOV R0, R4\n" // return 0
" LDMFD SP!, {R4-R6,PC}\n"
" loc_mynull:\n"
" .long 0x6c756e2f\n" // "/null"
" .long 0x0000006c\n"
);
}
