Code in bootflags.c, bootflag_write_bootblock. Useful for:
- initial install (so installer can enable bootflag on both camera and card)
- restoring ML after formatting the card
First stop: cf_device / sd_device (example for 650D 104):
ff7436f8: e28f2f7d add r2, pc, #500 ; *'sdReadBlk: st=%d, num=%d, buf=%#x' ff7436fc: e3a01001 mov r1, #1 ff743700: e3a00023 mov r0, #35 ; 0x23 ff743704: eb230094 bl 0x395c ff743708: e51f4638 ldr r4, [pc, #-1592] ; 0xff7430d8: pointer to 0x48b6c ff74370c: e5941004 ldr r1, [r4, #4]
=> NSTUB( 0x48B6C, sd_device)
Second stop: how it's used? (decompile that function)
You'll see that most of the code uses 0x48B70 instead (difference of 4 bytes).
Compare with code from bootflags.c:
extern struct cf_device * const sd_device[]; struct cf_device * const dev = (struct cf_device *)sd_device[1];
Now let's look at 7D 203, which boots from CF:
ff44ebd8: e28f2f53 add r2, pc, #332 ; *'cfReadBlk: st=%d, num=%d, buf=%#x' ff44ebdc: e3a01001 mov r1, #1 ff44ebe0: e88d0090 stm sp, {r4, r7} ff44ebe4: ebf0a2b0 bl @DebugMsg ff44ebe8: e51f9370 ldr r9, [pc, #-880] ; 0xff44e880: pointer to 0x22938 (cf_device) ff44ebec: e5990018 ldr r0, [r9, #24]
And, of course, most of the code uses 0x22950 (difference of 24 bytes).
and in ML code:
NSTUB( 0x22938, cf_device) extern struct cf_device * const cf_device[]; struct cf_device * const dev = (struct cf_device *)cf_device[6];
Does it make sense now? (hint: 1*4=4, 6*4=24)