Code in bootflags.c, bootflag_write_bootblock. Useful for:

  • initial install (so installer can enable bootflag on both camera and card)
  • restoring ML after formatting the card

First stop: cf_device / sd_device (example for 650D 104):

   ff7436f8:	e28f2f7d 	add	r2, pc, #500	; *'sdReadBlk: st=%d, num=%d, buf=%#x'
   ff7436fc:	e3a01001 	mov	r1, #1
   ff743700:	e3a00023 	mov	r0, #35	; 0x23
   ff743704:	eb230094 	bl	0x395c	
   ff743708:	e51f4638 	ldr	r4, [pc, #-1592]	; 0xff7430d8: pointer to 0x48b6c
   ff74370c:	e5941004 	ldr	r1, [r4, #4]

=> NSTUB( 0x48B6C, sd_device)

Second stop: how it's used? (decompile that function)

You'll see that most of the code uses 0x48B70 instead (difference of 4 bytes).

Compare with code from bootflags.c:

   extern struct cf_device * const sd_device[];
   struct cf_device * const dev = (struct cf_device *)sd_device[1];

Now let's look at 7D 203, which boots from CF:

   ff44ebd8:	e28f2f53 	add	r2, pc, #332	; *'cfReadBlk: st=%d, num=%d, buf=%#x'
   ff44ebdc:	e3a01001 	mov	r1, #1
   ff44ebe0:	e88d0090 	stm	sp, {r4, r7}
   ff44ebe4:	ebf0a2b0 	bl	@DebugMsg	
   ff44ebe8:	e51f9370 	ldr	r9, [pc, #-880]	; 0xff44e880: pointer to 0x22938 (cf_device)
   ff44ebec:	e5990018 	ldr	r0, [r9, #24]

And, of course, most of the code uses 0x22950 (difference of 24 bytes).

and in ML code:

   NSTUB(   0x22938, cf_device)
   extern struct cf_device * const cf_device[];
   struct cf_device * const dev = (struct cf_device *)cf_device[6];

Does it make sense now? (hint: 1*4=4, 6*4=24)

Community content is available under CC-BY-SA unless otherwise noted.