blue screen
Alex
send_event_to_IDLEHandler(SERVICE_MENU);
ff216b0c (550D):
if arg1 == 0x100000CE /*EQ22*/:
DebugMsg(131, 3, msg='IDLEHandler SERVICE_MENU', arg3, *(-96 +
sp0), *(-92 + sp0), *(-88 + sp0), *(-84 + sp0), ...
Ideas?
Alex
1422: 7941.836 [GUI_M] GUICMD_UNPRESS_SET
1423: 9789.117 [GUI] IDLEHandler START_SERVICE_MENU
1424: 9789.170 [BIND] bindChangeModeCompleteCBR (1, 1, 1)
1425: 9789.244 [MC] cam event guimode comp. 1
1426: 9997.418 [BIND] MC_FACTORY_EEP
1427: 10006.126 [DISP] VdInterruptHandler bmp=ff061028 img=0
1428: 10007.393 [BIND] bindReceiveMachineCell (ID = 6)
1429: 10007.427 [GUI_E] GUI_Control:168 0x1bc0
1430: 10016.958 < GUI Lock > GUILock_TurnOnDisplay (PUB)
1431: 10017.058 < GUI Lock > GUILockTask 1
1432: 10017.091 [DISP] TurnOnDisplay call
Code:
void xx_test(void* priv)
{
dmstart();
msleep(1000);
send_event_to_IDLEHandler(0x10000042);
msleep(5000);
dmstop();
dumpf();
Andrew Coutts
was an orange screen though :P
it didn't appear to actually display any data, as if I wasn't calling
something right (maybe some pointers in memory need to be altered as
well).
Alex
{
msleep(5000);
StartFactoryMenuApp();
msleep(1000);
call( "dispcheck" );
}
void xx_test(void* priv)
{
task_create("foo", 0x18, 0, foo, 0);
}
Should I proceed or not? :)
> --
> http://magiclantern.wikia.com/
>
> To post to this group, send email to ml-d...@googlegroups.com
> To unsubscribe from this group, send email to ml-devel+u...@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/ml-devel?hl=en
JaKob
Alex
arm.indy
and chdk people for 40d. It is used to check if the camera and display
are working well. The blue screen is maybe info about cmos version and
defects. The missing point is the key sequence to enable this menu. I
suspect also hidden menu during the update procedure and during boot.
On 28 juil, 20:46, Alex <broscutama...@gmail.com> wrote:
> ... silver :)
>
>
>
> On Thu, Jul 28, 2011 at 9:42 PM, JaKob <jakob...@gmail.com> wrote:
> > GOLD?!?
>
> > - Jakob
>
Alex
This is the code which seem to enable it with a key sequence:
0xff3afaec DlgMnMainSetup2_handler (550D 108):
if arg2 == 15: // that's some event code like the ones received by menu_task
DebugMsg(131, 1, msg='DlgMnMainRecord2 IDC_DPM_FACTORY') //
wrong debug string? all the other ones in this function are
DlgMnMainSetup2
struct_14c48_24c() => ret_struct_14c48_24c_FF3B0100
struct_14c48_98_get_ModeZone() =>
ret_struct_14c48_98_get_ModeZone_FF3B0108
if EQ((ret_struct_14c48_24c_FF3B0100 & 0x20)):
StartFactoryMenuApp()
return 0
if NE(-3 + ret_struct_14c48_98_get_ModeZone_FF3B0108):
StartFactoryMenuApp()
return 0
I have ran these button tests with debug log and event spy enabled. If
you would like some logs, let me know. Just a few lines:
1657: 10539.095 [MCell] StartFactoryMenuApp
1658: 10539.498 [GUI] DlgShootOlcInfo.c LOST_TOP_OF_CONTROL
1659: 10541.011 [BIND] MC_FACTORY_EEP
2053: 63480.637 [MCell] DialState diff(70) avg(70) cnt(1)
2058: 63570.758 [MCell] DialState diff(90) avg(80) cnt(2)
2063: 63839.046 [GUI] [MCell] useless MDIAL_REVERSE. Trigger=0
2074: 64825.193 [MCell] SwitchState key(4) direction(1)
2079: 65000.719 [MCell] SwitchState key(4) direction(0)
2094: 2614.549 [FAC] IPC FAC_SaveProperty Partly(ID=0x1000011,
Type=0x1000000)
2095: 2831.029 [BIND] bindReceiveMachineCell (ID = 5)
2096: 2831.056 [BIND] bindMachineCellSwitch (21, 0)
2097: 2870.998 [FAC] FAC_SaveProperty Partly(ID=0x1000011, Type=0x1000000)
2098: 2871.101 [PROPAD] PROPAD_WriteFROMMultiPropertyPartly 0x1515C0 1
2099: 2871.184 [PROPAD] MultiPartly Check 0x1000011 44
2100: 2863.843 [PROPAD] EraseSectorOfRom 0xF8A00000(0) [0]
2101: 2863.965 [PROPAD] Write Addr:0x403D3200->0xF8A00000(0)
Size:0x10000 [0]
2102: 3190.431 [PROPAD] Write VALID COMBO Addr:0xF8A00000(0)
2103: 3190.547 [BIND] [MS] COM_MC_EXIT_TESTMODE
2104: 3190.688 [DOS] Stop_DOS
What's also interesting is that almost every button (except those used
for menu navigation) sends a press/unpress event to gui_main_task, so
this may let us understand where button presses are coming from. My
first guess says these strings are related:
SubscribeSwitchFromPartner
SubscribeMachineCellFromPartner
and a few others.
At the end of DispDial tests, the self-timer LED is turned on for a
few seconds. Finding the code which does this will be very useful (it
could be used as an AF assist light, or to signal whether the camera
is recording or not... or maybe as a flashlight).
Chris71
can be read out (or how it sends informations) so that e.g. it could
be more generally used for ML menu navigation or for changing values
in the menu?
BTW, now that you've experimented with the service menu, do you think
it's dangerous to press the "Don't click me!" item in the current
bleeding-edge build? I'm just curious to look into the Factory Menu
myself.
Alex
and debug logs show that property 0x1000011 (which I believe it stores
test results) is written to ROM, so it does some permanent changes to
the camera. Probably they are only used by Canon service.
I can't guarantee anything, so if you run it, you do at your own risk.
To run, go to photo mode, non-LiveView, press "Don't click me" and
then you have 5 seconds to leave ML menu (otherwise camera will
freeze).
For DispDial test, here are the keys and the codes I've identified so
far (if you want to look in assembler or decompile, go to
FctDispDialCK_handler at 0xff3bfd74 in 550d 108):
- wheel right (0x100000DA, 0x63): test was OK (you saw some LEDs or
you heard a test sound) => item becomes green
- wheel left (0x100000D9, 0x62): test was not OK => item becomes gray
- SET (0x100000CF, 0x58): ends the test, activates the front LED and
shows "test failed" (because there are two items which I don't know
how to trigger; maybe remote controlled? )
- mode dial (0x100000DD, 0x66): one of the tests
- half-shutter press (0x100000E3, 0x6c): another test
arm.indy
for the records, on previous models:
* 5d2
http://magiclantern.wikia.com/wiki/Secret_menus
* 40d
http://www.fengniao.com/secforum/sec_showthread.php?s=&threadid=727341
http://chdk.setepontos.com/index.php?topic=2716.msg37319#msg37319
Factory menu will appear as part of the 'yellow2' menu, after language
and video settings.
http://magiclantern.wikia.com/wiki/GUI_menus
see ROM:FF53CE64 MenuTable_FuncNo, search for 'factory' comment
Alex, be careful, factory functions might be dangerous...
Indy
scrax
arm.indy
ROM:FF3BFD7C LDR R5, =unk_25334
Alex
All of them are related to zFctDispDialCK (second item from the menu).
NSTUB(0x25334, zFctDispDialCK_struct)
NSTUB(0x25340, zFctDispDialCK_struct.trigger_maybe) // there are 4
tests which should be confirmed by turning the wheel
NSTUB(0x25344, zFctDispDialCK_struct.test_counter_maybe)
NSTUB(0x25348, zFctDispDialCK_struct.test_result_confirmed_by_wheel_maybe)
// boolean; depending on the direction in which you turn the wheel,
the currently tested item becomes green or gray
Button codes:
NSTUB(0xFF3BFC80, zFctDispDialCK_catalog_detail_testid_mcell)
NSTUB(0xFF3C01D0, zFctDispDialCK_display_maybe_related)
NSTUB(0xFF3BFAB8, zFctDispDialCK_get_trigger_ie_testID)
NSTUB(0xFF3BFB0C, zFctDispDialCK_huge_calls_dialog_label_item)
NSTUB(0xFF3C03B4, zFctDispDialCK_init_related_maybe)
NSTUB(0xFF3BFD40, zFctDispDialCK_stop)
And these are from your IDC:
NSTUB(0xFF3C0014, FctDispDialCK)
NSTUB(0xFF3BFD74, FctDispDialCK_handler)
Now... questions:
- In test mode, all buttons send press/unpress events. Actually,
events sent by buttons depend on the current mode (maybe). How/where
is this configured and how can we read buttons which do not send
events in certain modes? (hint: SIO3 and MREQ ISRs).
- In parallel with the GUI handler (whose behavior can be altered from
gui_main_task), there is another task, which toggles the AF led and AF
points when you turn the wheel. This happens even if wheel event is
blocked from gui_main_task (i.e. FctDispDialCK_handler stops working,
but leds are still toggled). Where is this code?