Introduction[]
Pel and others already found the fonts format, and I made previous descriptions about menu and strings IDs, but how the firmware is locating fonts and matching strings in several langages to strings_number ?
in 550d 108, in startupPreparePlayback()
ROM:FF0135AC LDR R0, =dword_FF5B0000 ROM:FF0135B0 BL sub_FF05C03C
we got a pointer to an updatable record which contains Gui resources.
Directory[]
first is a directory of tables, here with 6 entries, and the length of "gui_resources" part, see update record #8 here
nb_records=6, filesize= 0x001c648c
then, offset from the start, and lenght
0x00000008: 0x00000038 0x000b1a30 // compressed bitmaps 0x00000010: 0x000b1a68 0x00068ea0 // FONTS 0x00000018: 0x0011a908 0x0006ed6c // Strings in several langages 0x00000020: 0x00189674 0x00039b5c // dialog data 0x00000028: 0x001c31d0 0x00002a20 // ?? 0x00000030: 0x001c5bf0 0x0000089c // ??
GUI_resources is located at f85b0000/ff5b0000 on 550d/t2i.
Compressed bitmaps[]
first table at 0x38 is containing compressed bitmap
0x00000038: 0x00000594
first the number of bitmaps here 0x594, then bitmaps data...
between 0x3c and 02cdc are IDs + offsets to each bitmap data. Below the first column is the offset, then bitmap number, then offset. Delta is just difference between offsets
0x0000003c: 0x10000001 0x00002cdc delta=0x0000, 26 60 3 004f57015603550354095503 0x00000044: 0x10000002 0x00002e28 delta=0x014c, 24 52 5 f500000918196360a02e888d 1248 0x0000004c: 0x10000003 0x00002f2c delta=0x0104, 24 52 5 f500000918196360a02e686d 1248 0x00000054: 0x10000004 0x00003030 delta=0x0104, 24 52 5 2e01000918196360a02e080e 1248 0x0000005c: 0x10000005 0x0000316c delta=0x013c, 26 60 3 00c55601003a550154015501 0x00000064: 0x10000006 0x000031f4 delta=0x0088, 24 52 3 00a95d015c0100315d015c01 0x0000006c: 0x10000007 0x0000326c delta=0x0078, 24 52 3 00a985018401003185018401 0x00000074: 0x10000008 0x000032e4 delta=0x0078, 24 52 3 00a953015201003153015101 0x0000007c: 0x10000009 0x0000335c delta=0x0078, 26 60 5 02010009181963601824203c 1560 0x00000084: 0x1000000a 0x0000346c delta=0x0110, 24 52 5 de00000918196360a02a8889 1248 0x0000008c: 0x1000000b 0x00003558 delta=0x00ec, 24 52 5 de00000918196360a02a6869 1248 0x00000094: 0x1000000c 0x00003644 delta=0x00ec, 24 52 5 ef00000918196360a02a080a 1248 0x0000009c: 0x1000000d 0x00003740 delta=0x00fc, 26 60 5 5b01000918196360181c203c 1560 0x000000a4: 0x1000000e 0x000038a8 delta=0x0168, 24 52 5 2101000918196360a026888d 1248 0x000000ac: 0x1000000f 0x000039d8 delta=0x0130, 24 52 5 2101000918196360a026686d 1248 0x000000b4: 0x10000010 0x00003b08 delta=0x0130, 24 52 5 3201000918196360a026080e 1248 0x000000bc: 0x10000011 0x00003c48 delta=0x0140, 26 60 3 005d570156015409002f5701 0x000000c4: 0x10000012 0x00003d1c delta=0x00d4, 24 52 3 00515d015c025b0700285d01 0x000000cc: 0x10000013 0x00003dcc delta=0x00b0, 24 52 3 005185018402830700288501 0x000000d4: 0x10000014 0x00003e7c delta=0x00b0, 24 52 3 005153015201510150070028 0x000000dc: 0x10000015 0x00003f3c delta=0x00c0, 26 60 5 f80000091819636018d42004 1560 0x000000e4: 0x10000016 0x00004040 delta=0x0104, 24 52 5 ca00000918196360a03988c6 1248 0x000000ec: 0x10000017 0x00004118 delta=0x00d8, 24 52 5 ca00000918196360a03968c6 1248 0x000000f4: 0x10000018 0x000041f0 delta=0x00d8, 24 52 5 d900000918196360a03908c0 1248 0x000000fc: 0x10000019 0x000042d8 delta=0x00e8, 26 60 5 9d010009181963601844203c 1560 0x00000104: 0x1000001a 0x00004484 delta=0x01ac, 24 52 5 5101000918196360a0368889 1248 ... 0x00002ca4: 0x1000058e 0x000b130c delta=0x0030, 36 72 2 00ff00ff00ff00ff00860120 2592 0x00002cac: 0x0000058f 0x000b1348 delta=0x003c, 160 160 7 400200091819636018050c74 3200 0x00002cb4: 0x00000590 0x000b1594 delta=0x024c, 40 40 7 7500000918196360c007180f 200 0x00002cbc: 0x00000591 0x000b1618 delta=0x0084, 160 160 7 810200091819636018050c78 3200 0x00002cc4: 0x00000592 0x000b18a8 delta=0x0290, 40 40 7 6f00000918196360c006fe03 200 0x00002ccc: 0x00000593 0x000b1924 delta=0x007c, 40 40 7 95000009181963608003e63f 200 0x00002cd4: 0x00000594 0x000b19c8 delta=0x00a4, 40 40 7 91000009181963604000e6ff 200
bitmap data are structured this way:
0 short width 4 short height 8 long compression_method 12 ... (depending on method)
See columns #5 to #7.
Compression_methods are:
- 0: no compression, 1bit. data at +8
- 2: RLE, 8 bits. data at +8
- 3: RLE, 8 bits. data at +8 (height x width instead of width x height), mirrored
- 4: color gradient ?
- 5: zlib, 8 bits. data at +12
- 7: zlib, 1 bit. data at +12
With zlib, compressed data start at offset+12 (181963...) and RLE data at offset+8 (in bold below). Last column is decompressed size after successfull decompression. Dimensions of bitmap #2 are 24x52 and decompressed data length is 24*52=1248, which means each pixel is 8bits=256 colors (for compression #5). For bitmap #58f (and compression method #7), dimensions are 160x160=25600 pixels, whereas decompression size is 25600/8=3200: this is a monochrome bitmap.
RLE algorithm stream is <Value, T> each on one byte and means "repeat Value T times". For bitmap #33 below, repeat 0xfa 7 times, repeat 0xf9 21 times, etc...
0x000001bc: 0x10000031 0x0000600c delta=0x0188, 84 60 5 d70100091819636018050c08 5040 0x000001c4: 0x10000032 0x000061f0 delta=0x01e4, 2 308 5 b70000091819fbf58b6ee027 616 0x000001cc: 0x10000033 0x000062b4 delta=0x00c4, 2 48 2 fa07f902fa02f902fa01f902 96 0x000001d4: 0x10000034 0x00006304 delta=0x0050, 2 184 5 870000091819fbf58b0cf013 368 ... 0x0000031c: 0x1000005d 0x00007a30 delta=0x0064, 24 52 3 0038502c0008502c0008502c 0x00000324: 0x1000005e 0x00007a94 delta=0x0064, 1 92 4 020000ff 0x0000032c: 0x1000005f 0x00007aa0 delta=0x000c, 1 24 4 020000ff 0x00000334: 0x10000060 0x00007aac delta=0x000c, 1 52 2 020128320201000000010200 52
we can see that compression method #4 for bitmaps #5e and #5f is very efficient, 92 and 24 bytes are encoded in 12 bytes (delta values), minus 8 bytes for H, W and compression_method = 4 bytes.
See this script to extract bitmaps update 2Jan2012:
550d 109/108: ROM:FF2D85A8 decompress_gui_bitmap ROM:FF2D85A8 ROM:FF2D85A8 ROM:FF2D85A8 var_2EC = -0x2EC ROM:FF2D85A8 ROM:FF2D85A8 STMFD SP!, {R4-R9,LR} ROM:FF2D85AC MOV R6, R3 ; heigth ROM:FF2D85B0 MOV R5, R2 ; width ROM:FF2D85B4 LDR R3, [R1] ; pointer on bitmap data, on compression value ROM:FF2D85B8 MOV R4, R0 ; dest ROM:FF2D85BC CMP R3, #7 ; switch 8 cases ROM:FF2D85C0 ADD R2, R1, #4 ; r2=bitmap data, zlib src ROM:FF2D85C4 SUB SP, SP, #0x2D4 ROM:FF2D85C8 MUL R0, R6, R5 ROM:FF2D85CC ADDLS PC, PC, R3,LSL#2 ; jumptable FF2D85DC case 2 ... ROM:FF2D8708 MOV R1, R0 ; jumptable FF2D85DC case 5 ROM:FF2D870C B loc_FF2D871C ROM:FF2D8710 ; --------------------------------------------------------------------------- ROM:FF2D8710 ROM:FF2D8710 loc_FF2D8710 ROM:FF2D8710 ROM:FF2D8710 ADD R0, R5, #7 ; jumptable FF2D85DC case 7 ROM:FF2D8714 MOV R0, R0,LSR#3 ROM:FF2D8718 MUL R1, R6, R0 ;dest size ROM:FF2D871C ROM:FF2D871C loc_FF2D871C ROM:FF2D871C MOV R0, R4 ;dest ROM:FF2D8720 BL zlib_bitm_decompress ROM:FF2D8724 B loc_FF2D862C
Fonts data[]
Second part of GUI resources is font data
0x00000010: 0x000b1a68 0x00068ea0
and already described in Fonts.
Strings data[]
then Strings data
0x18 offset strings table + strings offset = 0x0011a908, length= 0x0006ed6c
again, you've got
000 long (=0) 004 long lang_number 008 long strings_number 0xc offset table
then strings, null terminated. first message in in several language, then 2nd message in several langage, etc... Below are english versions of strings ids 0xff to 0x109. the first colum is offset to ff5b0000.
0x0011ad10: 0x00ff 0x0001b599 (delta=0x0000020f) 0x135ea1 "Movie rec. size" 0x0011ad14: 0x0100 0x0001b7d4 (delta=0x0000023b) 0x1360dc "1920x1080 30fps" 0x0011ad18: 0x0101 0x0001ba14 (delta=0x00000240) 0x13631c "1920x1080 25fps" 0x0011ad1c: 0x0102 0x0001bc54 (delta=0x00000240) 0x13655c "1920x1080 24fps" 0x0011ad20: 0x0103 0x0001be94 (delta=0x00000240) 0x13679c "1280x720 60fps" 0x0011ad24: 0x0104 0x0001c0bb (delta=0x00000227) 0x1369c3 "1280x720 50fps" 0x0011ad28: 0x0105 0x0001c2e2 (delta=0x00000227) 0x136bea "640x480 60fps" 0x0011ad2c: 0x0106 0x0001c4f0 (delta=0x0000020e) 0x136df8 "640x480 50fps" 0x0011ad30: 0x0107 0x0001c6fe (delta=0x0000020e) 0x137006 "Sound recording" 0x0011ad34: 0x0108 0x0001c885 (delta=0x00000187) 0x13718d "On" 0x0011ad38: 0x0109 0x0001c924 (delta=0x0000009f) 0x13722c "Off"
which must be compared to
ROM:FF521DEC MovieSizeFrameRateMessage_table DCD 0,0x18, 0,0x102 ; 0x18=24 fps ROM:FF521DEC DATA XREF: guiGetUnaviMovieSizeFrameRateMessage+4 ROM:FF521DEC DCD 0,0x19, 0,0x101 ; 0x19=25 fps ROM:FF521DEC DCD 0,0x1E, 0,0x100 ; 30, 0=1920x1080 ROM:FF521DEC DCD 1,0x32, 0,0x104 ; 50 ROM:FF521DEC DCD 1,0x3C, 0,0x103 ; 60, 1=1280x720 ROM:FF521DEC DCD 2,0x32, 0,0x106 ; 50 ROM:FF521DEC DCD 2,0x3C, 0,0x105 ; 60, 2=640x480 ROM:FF521DEC DCD 2,0x32, 8,0x3C0 ; 50 ROM:FF521DEC DCD 2,0x3C, 8,0x3BF ; 60, 2=640x480, 8=crop
Dialogs data[]
for 500d 108 (offset from 0xff5b0000):
0x00000020: dialogs_data at 0x00189674
header is:
0 long 0 4 nb_dialog (0xa1) 8 offsets_tables
it looks like this. I did not analysed how dialogs are stored.
0x00189678: nb_dialogs = 0x000000a1 0x0018967c: 0x00000001 0x0000050c delta=0x050c 0x189b80 70990300010000000100010002000000434f4d4d4f4e0000000000000200 0x00189684: 0x00000002 0x0000057c delta=0x0070 0x189bf0 0100004001000000010006000c000000434f4d4d4f4e0000000000000000 0x0018968c: 0x00000003 0x0000068c delta=0x0110 0x189d00 010000400100000001000c008b000000434f4d4d4f4e0000000000000200 0x00189694: 0x00000004 0x00000c34 delta=0x05a8 0x18a2a8 01000040010000000100190084000000434f4d4d4f4e0000000000000200 0x0018969c: 0x00000005 0x0000124c delta=0x0618 0x18a8c0 010000400100000001000c0081000000434f4d4d4f4e0000000000000200 0x001896a4: 0x00000006 0x000017a4 delta=0x0558 0x18ae18 01000040010000000100040011000000434f4d4d4f4e0000000000000200 0x001896ac: 0x00000007 0x000018bc delta=0x0118 0x18af30 01000040010000000100020006000000434f4d4d4f4e0000000000000200 0x001896b4: 0x00000008 0x0000195c delta=0x00a0 0x18afd0 0100004001000000010011001e000000434f4d4d4f4e0000000000000200 0x001896bc: 0x00000009 0x00001bac delta=0x0250 0x18b220 010000400100000001000f0044000000434f4d4d4f4e0000000000000200 0x001896c4: 0x0000000a 0x00001f18 delta=0x036c 0x18b58c 00000000010000000100140087000000434f4d4d4f4e0000000000000200 0x001896cc: 0x0000000b 0x000024f8 delta=0x05e0 0x18bb6c 010000400100000001001300ab000000434f4d4d4f4e0000000000000200 0x001896d4: 0x0000000c 0x00002c04 delta=0x070c 0x18c278 01000040010000000100030027000000434f4d4d4f4e0000000000000200 0x001896dc: 0x0000000d 0x00002dbc delta=0x01b8 0x18c430 0200004001000000010004000e000000434f4d4d4f4e0000000000000200 0x001896e4: 0x0000000e 0x00002ebc delta=0x0100 0x18c530 01000040010000000100100045000000434f4d4d4f4e0000000000000200 0x001896ec: 0x0000000f 0x00003234 delta=0x0378 0x18c8a8 0100004001000000010004001d000000434f4d4d4f4e0000000000000200 0x001896f4: 0x00000010 0x000033ac delta=0x0178 0x18ca20 0200004001000000010009002c000000434f4d4d4f4e0000000000000200 0x001896fc: 0x00000011 0x000035ec delta=0x0240 0x18cc60 0000000001000000010008001f000000434f4d4d4f4e0000000000000200 0x00189704: 0x00000012 0x000037b4 delta=0x01c8 0x18ce28 0200004001000000010007001d000000434f4d4d4f4e0000000000000200 0x0018970c: 0x00000013 0x0000395c delta=0x01a8 0x18cfd0 01000040010000000100090023000000434f4d4d4f4e0000000000000200 0x00189714: 0x00000014 0x00003b58 delta=0x01fc 0x18d1cc 570000100100000001000a001b000000434f4d4d4f4e0000000000000200 0x0018971c: 0x00000015 0x00003d20 delta=0x01c8 0x18d394 02000040010000000100040016000000434f4d4d4f4e0000000000000200 0x00189724: 0x00000016 0x00003e60 delta=0x0140 0x18d4d4 02000040010000000100060014000000434f4d4d4f4e0000000000000200 0x0018972c: 0x00000017 0x00003fb0 delta=0x0150 0x18d624 871300000100000001002d00d8000000434f4d4d4f4e0000000000000200 0x00189734: 0x00000018 0x000049a8 delta=0x09f8 0x18e01c 0100004001000000010042018e070000434f4d4d4f4e0000000000000400 0x0018973c: 0x00000019 0x00009a9c delta=0x50f4 0x193110 01000040010000000100020008000000434f4d4d4f4e0000000000000400 0x00189744: 0x0000001a 0x00009b4c delta=0x00b0 0x1931c0 01000040010000000100080026000000434f4d4d4f4e0000000000000200 0x0018974c: 0x0000001b 0x00009d4c delta=0x0200 0x1933c0 02000040010000000100080024000000434f4d4d4f4e0000000000000200 0x00189754: 0x0000001c 0x00009f3c delta=0x01f0 0x1935b0 0200004001000000010002000d000000434f4d4d4f4e0000000000000200 0x0018975c: 0x0000001d 0x0000a014 delta=0x00d8 0x193688 01000040010000000100090015000000434f4d4d4f4e0000000000000200 ... 0x00189b7c: 0x000000a1 0x00039970 delta=0x0120 0x1c2fe4 010000000100000001000b0019000000434f4d4d4f4e000000000000010
you can notice strings "COMMON" and "DLG_RC"
Summary[]
camera | base address | nb_strings | nb_bitmap | nb_dialogs | |
550D/T2i | 0xFF5B0000 | 0x3E8 | 0x594 | 0xA1 | |
500D/T1i | 0xFF5B0000 | 0x69D | 0x5A4 | 0xF6 | |
60D | 0xFF710000 | 0x4A4 | 0x6d3 | 0xDF | |
600D/T3i | 0xFF7E0000 | 0x6AD | 0x846 | 0xD7 | |
7D | 0xFF5B0000 | 0x69E | 0x5A4 | 0xF6 | |
1100D/T3 | 0xFF750000 | ||||
5D Mrk II | 0xFF010000 | 0x674 | 0x47D | 0xF0* | main firmware at 0xFF810000 |
5Dm3 | 0xF02C0000 | 0xb9a | 0x92b | 0x17e | main firmware at 0xFF0C0000 |
- 5D Mark II has nb_dialogs at offset 0 instead of 4.
Examples (550D 1.0.8)[]
icons 0x4ab, 0x4ba | , |
icons 0x576, 0x57f, 0x578, 0x580,0x579, 0x57a, 0x57d, 0x57e,0x57b |
ROM:FF4E6D48 QualityIconID_table DCD 2,0x4BA ; DATA XREF: GetQualityIconID ROM:FF4E6D48 ; ROM:off_FF2FC734 ROM:FF4E6D48 DCD 3,0x4AB ROM:FF4E6D48 DCD 6, 0 ... ROM:FF4E6CB8 WbModeIconID_table DCD 0,0x576 ; DATA XREF: GetWbModeIconID+4 ROM:FF4E6CB8 ; ROM:off_FF2FC6F4 ROM:FF4E6CB8 DCD 1,0x57F ROM:FF4E6CB8 DCD 2,0x578 ROM:FF4E6CB8 DCD 3,0x580 ROM:FF4E6CB8 DCD 4,0x579 ROM:FF4E6CB8 DCD 5,0x57A ROM:FF4E6CB8 DCD 6,0x57D ROM:FF4E6CB8 DCD 0xF,0x57D ROM:FF4E6CB8 DCD 0x10,0x57D ROM:FF4E6CB8 DCD 0x12,0x57D ROM:FF4E6CB8 DCD 0x13,0x57D ROM:FF4E6CB8 DCD 8,0x57E ROM:FF4E6CB8 DCD 9,0x57B ROM:FF4E6CB8 DCD 0x16, 0
See also[]
See DialogTemplates