Magic Lantern Firmware Wiki

5d-hack

Sign in to edit

Here is how to determine firmware values to port 5d-hack.c.

Example values below are for 60D 1.0.8.

this values should be put in consts-model.version.h
See 60d-hack.c and consts-60d.108.h 

// consts-60d.108.h

#define HIJACK_INSTR_BL_CSTART  0xFF01019C
#define HIJACK_INSTR_BSS_END 0xFF0110D0
#define HIJACK_FIXBR_BZERO32 0xFF011038
#define HIJACK_FIXBR_CREATE_ITASK 0xFF0110C0
#define HIJACK_INSTR_MY_ITASK 0xFF0110DC

#define HIJACK_TASK_ADDR 0x1a2c

ROM:FF010190                 CMP     R0, R3
ROM:FF010194                 STRCC   R2, [R0],#4
ROM:FF010198                 BCC     loc_FF010190
ROM:FF01019C                 BL      cstart



ROM:FF011028 cstart                                  ; CODE XREF: ROM:FF01019C p
...
ROM:FF011028 var_4           = -4
ROM:FF011028
ROM:FF011028                 STR     LR, [SP,#var_4]!
ROM:FF01102C                 SUB     SP, SP, #0x74
ROM:FF011030                 MOV     R0, SP
ROM:FF011034                 MOV     R1, #0x74
ROM:FF011038                 BL      bzero32
ROM:FF01103C                 MOV     R0, #0x104000
ROM:FF011040                 STR     R0, [SP,#0x78+var_74]
ROM:FF011044                 LDR     R0, =0x5EFD8

// BSS_END is 0x5EFD8, so RESTARTRESTART can be 0x5f000

ROM:FF011048                 LDR     R2, =0x10AC00
ROM:FF01104C                 LDR     R1, =0x103958
...
ROM:FF0110B4                 LDR     R1, =init_task
ROM:FF0110B8                 MOV     R0, SP
ROM:FF0110BC                 MOV     R2, #0
ROM:FF0110C0                 BL      create_init_task
...
ROM:FF0110C4                 ADD     SP, SP, #0x74
ROM:FF0110C8                 LDR     PC, [SP+4+var_4],#4
ROM:FF0110C8 ; End of function cstart
ROM:FF0110C8
ROM:FF0110C8 ; ------------------------------
ROM:FF0110CC dword_FF0110CC  DCD 0x10AC00            ; DATA XREF: cstart+20 r
ROM:FF0110D0 dword_FF0110D0  DCD 0x5EFD8             ; DATA XREF: cstart+1C r
ROM:FF0110D4 dword_FF0110D4  DCD 0x103958            ; DATA XREF: cstart+24 r
ROM:FF0110D8 dword_FF0110D8  DCD 0x19B               ; DATA XREF: cstart+4C r
ROM:FF0110DC off_FF0110DC    DCD init_task           ; DATA XREF: cstart+8C r

ROM:FF017B54 create_init_task                        ; CODE XREF: cstart+98?p
ROM:FF017B54                 STMFD   SP!, {R4-R6,LR}
ROM:FF017B58                 MOV     R6, R2
ROM:FF017B5C                 MOV     R5, R1
ROM:FF017B60                 MOV     R4, R0
ROM:FF017B64                 BL      sub_FF01083C
ROM:FF017B68                 CMN     R0, #1
ROM:FF017B6C                 MOVEQ   R1, #4
...
ROM:FF017B90                 MOVEQ   R0, #1
ROM:FF017B94                 BLEQ    sub_FF010E08
ROM:FF017B98                 BL      sub_FF07B4A0 <--
...


ROM:FF07B4A0 sub_FF07B4A0                            ; CODE XREF: create_init_task+44?p
ROM:FF07B4A0                 STMFD   SP!, {R4,LR}
ROM:FF07B4A4                 BL      sub_FF016620 <--
ROM:FF07B4A8                 CMN     R0, #1
ROM:FF07B4AC                 BEQ     loc_FF07B514
...

ROM:FF016620 sub_FF016620                            ; CODE XREF: sub_FF07B4A0+4?p
ROM:FF016620                 STMFD   SP!, {R4,LR}
ROM:FF016624                 BL      sub_FF07DB58
ROM:FF016628                 LDR     R12, =0x1A2C <--
ROM:FF01662C                 LDR     R1, [R0]
ROM:FF016630                 LDR     R3, =0x3230
ROM:FF016634                 MOV     R0, #0
ROM:FF016638                 MOV     R2, #0
ROM:FF01663C                 STR     R1, [R12,#8]

See also:


http://magiclantern.wikia.com/wiki/Autoexec

Community content is available under CC-BY-SA unless otherwise noted.