Magic Lantern Firmware Wiki
Advertisement

Firmware shim setup process[]

  • Camera DryOS copies .fir file into RAM at 0x800000 and jumps into it.
  • The first instruction does a long jump to 0x80000c to clear some headers
  • The CPSR is updated to put the ARM into supervisor mode (it already is)
  • An initial stack is setup at 0x1900
  • Branch to cstart() in reboot.c
  • set up the memory regions for the camera version of DryOS
  • enable all caches and rw regions
  • select reboot vectors in low memory
  • copies the 5d-hack.bin blob to above the DryOS BSS
    • This is the RESTARTSTART location
    • End of BSS is found in _entry() where it loops to zero it
    • Note off by 0x120 error due to .fir header.
  • flushes caches
  • Jumps into 5d-hack.bin copy_and_restart() code at RESTARTSTART (0x48000)
    • copy_and_restart() must be first routine in 5d-hack.c
  • copy_and_restart() copies the first 64 KB of ROM to 0x50000
  • It then patches a few instructions to fixup some branch instructions and to return to its control before control is transfered to the cstart() routine in the firmware. It also updates the end of the BSS so that both itself and the copied portion of DryOS will be saved
  • It installs a task dispatch hook in the function pointer at 0x1934. This will be called when ever a new task is run, allowing our code to disable Canon tasks or re-purpose them with our own implementations.
Advertisement