Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

h264 initialization analysis - comparison between 500d and 60d

14 views
Skip to first unread message

Andrew Coutts

unread,
Sep 28, 2011, 7:10:03 PM9/28/11
to Magic Lantern firmware development
In an effort to gain more understanding of how the 60d has so many
recording modes, I spent today looking at the function that
initializes the h264 module for different recording modes. The
function is called from gui_init_event in both cameras, and they are
almost identical (the 60d initializes more modes though).

Firmware versions examined:
500d v1.1.0
60d v1.0.9

The main h264 initialization function is located at:
500d: 0xFF1D1BF4
60d: 0xFF22C3CC

In both cameras, it calls a series of functions which are almost
identical, and all work with CreateResLockEntry somehow. So, I began
looking closer to see how it works in both cameras.


Here is the order of functions from the 500d, as they are called in
this main init function (location noted above), I have listed all
memory locations modified. I will break these down later to see how
the different recording modes use different (and some of the same)
locations.

************************************
** 500d h264 Init Functions **
************************************
- sub_FF236CB4
CreateResLockEntry(0x6000F, 0x60009);
*(0x1788C) = ret_CreateResLockEntry_FF236CC0
*(0x17890) = *(arg0)->off_0x8 --> 0x6000E
*(0x178A0) = *(arg0)->off_0xC --> 0x60006
*(0x178A8) = *(arg0)->off_0x10 * 256 --> 0x6000D00
*(0x178AC) = *(arg0)->off_0x14 --> 0x6000A
*(0x178B0) = *(arg0)->off_0x18 --> 0x60002
*(0x178B4) = *(arg0)->off_0x20 --> 0x130001
*(0x178B8) = *(arg0)->off_0x24 --> 0x130002


- sub_FF1773CC
CreateBinarySemaphore(0x0, 0x0);
*(0x837C) = ret_CreateBinarySemaphore_FF1773DC
CreateResLockEntry(0x90000, 0xA0000);
*(0x83C0) = ret_CreateResLockEntry_FF1773EC
*(0x83C4) = *(arg0)->off_0x8 --> 0x180000
*(0x83C8) = *(arg0)->off_0x10 --> 0x130007
*(0x83CC) = *(arg0)->off_0x14 --> 0x130008
*(0x83D0) = *(arg0)->off_0x18 --> 0x130009
*(0x83D4) = *(arg0)->off_0x20 --> 0x13000B
*(0x83D8) = *(arg0)->off_0x24 --> 0x13000C


- H26E_InitializeH264Encode
DryosDebugMsg(0x1a, 0x1, "H264E InitializeH264Encode");
CreateResLockEntry(0x90000, 0x6000D);
*(0x84B8) = ret_CreateResLockEntry_FF177EFC
CreateResLockEntry(0x6000E, 0x60004);
*(0x84BC) = ret_CreateResLockEntry_FF177F10
*(0x8444) = *(arg0)->off_0x10 --> 0x60001
*(0x8454) = *(arg0)->off_0x14 --> 0x60012
*(0x8464) = *(arg0)->off_0x18 --> 0x10005
*(0x8474) = *(arg0)->off_0x1C --> 0x4
*(0x8484) = *(arg0)->off_0x20 --> 0xC0F0300C
*(0x8498) = *(arg0)->off_0x24 --> 0x80080000
*(0x849C) = *(arg0)->off_0x28 --> 0xC0F03014
*(0x8434) = *(arg0)->off_0x2C --> 0x80000016
*(0x843C) = *(arg0)->off_0x30 --> 0xC0F0301C
*(0x8430) = *(arg0)->off_0x34 --> 0x80000018
*(0x8438) = *(arg0)->off_0x38 --> 0xC0F03030
*(0x83E4) = 1


- H264E_InitializeH264EncodeFor720p
DryosDebugMsg(0x1a, 0x1, "H264E InitializeH264EncodeFor720p");
CreateResLockEntry(0x90000, 0x60002);
*(0x84C0) = ret_CreateResLockEntry_FF177F98
CreateResLockEntry(0x60001, 0x60012);
*(0x84C4) = ret_CreateResLockEntry_FF177FAC
*(0x8448) = *(arg0)->off_0x10 --> 0x10005
*(0x8458) = *(arg0)->off_0x14 --> 0x4
*(0x8468) = *(arg0)->off_0x18 --> 0x90000
*(0x8478) = *(arg0)->off_0x1C --> 0x6000D
*(0x8488) = *(arg0)->off_0x20 --> 0x6000E
*(0x84A0) = *(arg0)->off_0x24 --> 0x60004
*(0x84A4) = *(arg0)->off_0x28 --> 0x60001
*(0x8434) = *(arg0)->off_0x2C --> 0x60012
*(0x843C) = *(arg0)->off_0x30 --> 0x10005
*(0x8430) = *(arg0)->off_0x34 --> 0x4
*(0x8438) = *(arg0)->off_0x38 --> 0xC0F03004
*(0x83E8) = 1


- H264E_InitializeH264EncodeForVGA
DryosDebugMsg(0x1a, 0x1, "H264E InitializeH264EncodeForVGA");
CreateResLockEntry(0x90000, 0x60002);
*(0x84C8) = ret_CreateResLockEntry_FF178034
CreateResLockEntry(0x60001, 0x60012);
*(0x84CC) = reg_CreateResLockEntry_FF178048
*(0x844C) = *(arg0)->off_0x10 --> 0x10005
*(0x845C) = *(arg0)->off_0x14 --> 0x4
*(0x846C) = *(arg0)->off_0x18 --> 0x90000
*(0x847C) = *(arg0)->off_0x1C --> 0x6000D
*(0x848C) = *(arg0)->off_0x20 --> 0x6000E
*(0x84A8) = *(arg0)->off_0x24 --> 0x60004
*(0x84AC) = *(arg0)->off_0x28 --> 0x60001
*(0x8434) = *(arg0)->off_0x2C --> 0x60012
*(0x843C) = *(arg0)->off_0x30 --> 0x10005
*(0x8430) = *(arg0)->off_0x34 --> 0x4
*(0x8438) = *(arg0)->off_0x38 --> 0xC0F03004
*(0x83EC) = 1


- H264Dec_InitializeH264DecRotatePath
DryosDebugMsg(0x1a, 0x3, "[H264Dec] InitializeH264DecRotatePath %d",
0x22c);
CreateResLockEntry(dword_FF45969C, 0x29);
*(0x17AF4) = ret_CreateResLockEntry_FF244D14
CreateResLockEntry(dword_FF459634, 0x2);
*(0x17AF8) = ret_CreateResLockEntry_FF244D28
CreateResLockEntry(dword_FF459630, 0x1);
*(0x17AFC) = ret_CreateResLockEntry_FF244D38


- H264ForHD_InitializeH264DecForHdPath
DryosDebugMsg(0x1a, 0x3, "[H264ForHD] InitializeH264DecForHdPath");
CreateResLockEntry(dword_FF459E54, 0x29);
*(0x17C34) = ret_CreateResLockEntry_FF249B7C
CreateResLockEntry(dword_FF459E4c, 0x2);
*(0x17C38) = ret_CreateResLockEntry_FF249B90
CreateResLockEntry(dword_FF459E48, 0x1);
*(0x17C3C) = ret_CreateResLockEntry_FF249BA0
------------------------------------------------------------------------------------------------------------------------------------------------------------------------

***********************************
** 60d h264 Init Functions **
***********************************

- sub_FF2DF49C
CreateResLockEntry(0x6000F, 0x60009);
*0x27DE8 = ret_CreateResLockEntry_FF2DF4A8
*0x27D8C = 0
*0x27DEC = arg0->off_0x8 ---> 0x6000E
*0x27DFC = arg0->off_0xC ---> 0x60006
*0x27E04 = arg0->off_0x10 * 256 ---> 0x6000D00
*0x27E18 = arg0->off_0x14 ---> 0x6000A
*0x27E1C = arg0->off_0x18 ---> 0x60002
*0x27E20 = arg0->off_0x20 ---> 0x130001
*0x27E24 = arg0->off_0x24 ---> 0x130002


- sub_FF2DC34C
CreateBinarySemaphore(0x0, 0x0);
*0x27C30 = ret_sub_FF0728AC_FF2DC35C
CreateResLockEntry(0x90000, 0xA0000);
*0x27C74 = ret_CreateResLockEntry_FF2DC36C
*0x27C78 = arg0->off_0x8 ---> 0x180000
*0x27C7C = arg0->off_0x10 ---> 0x130007
*0x27C80 = arg0->off_0x14 ---> 0x130008
*0x27C84 = arg0->off_0x18 ---> 0x130009
*0x27C88 = arg0->off_0x20 ---> 0x13000B
*0x27C8C = arg0->off_0x24 ---> 0x13000C


- H26E_InitializeH264Encode
DryosDebugMsg(0x1a, 0x1, "H264E InitializeH264Encode");
CreateResLockEntry(0x90000, 0x6000D);
*0x5D84 = ret_CreateResLockEntry_FF1AC8F8
CreateResLockEntry(0x6000E, 0x60002);
*0x5D88 = ret_CreateResLockEntry_FF1AC90C
*0x5CBC = arg0->off_0x10 ---> 0x60001
*0x5CD8 = arg0->off_0x14 ---> 0x60012
*0x5CF4 = arg0->off_0x18 ---> 0x240000
*0x5D10 = arg0->off_0x1C ---> 0x10005
*0x5D2C = arg0->off_0x20 ---> 0x4
*0x5D4C = arg0->off_0x24 ---> 0xC0F03000
*0x5D50 = arg0->off_0x28 ---> 0x80000029
*0x5CAC = arg0->off_0x2C ---> 0xC0F03004
*0x5CB4 = arg0->off_0x30 ---> 0x8000002B
*0x5CA8 = arg0->off_0x34 ---> 0xC0F03008
*0x5CB0 = arg0->off_0x38 ---> 0x8000002D
*0x5C50 = 1


- H264E_InitializeH264EncodeFor1080pDZoom
DryosDebugMsg(0x1a, 0x1, "H264E InitializeH264EncodeFor1080pDZoom");
CreateResLockEntry(0x90000, 0x6000D);
*0x5DA4 = ret_CreateResLockEntry_FF1ACC04
CreateResLockEntry(0x6000E, 0x60002);
*0x5DA8 = ret_sub_CreateResLockEntry_FF1ACC18
*0x5CCC = arg0->off_0x10 ---> 0x60001
*0x5CE8 = arg0->off_0x14 ---> 0x60012
*0x5D04 = arg0->off_0x18 ---> 0x240000
*0x5D20 = arg0->off_0x1C ---> 0x10005
*0x5D3C = arg0->off_0x20 ---> 0x4
*0x5D6C = arg0->off_0x24 ---> 0xC0F03000
*0x5D70 = arg0->off_0x28 ---> 0x80000029
*0x5CAC = arg0->off_0x2C ---> 0xC0F03004
*0x5CB4 = arg0->off_0x30 ---> 0x8000002B
*0x5CA8 = arg0->off_0x34 ---> 0xC0F03008
*0x5CB0 = arg0->off_0x38 ---> 0x8000002D
*0x5C60 = 1
*0x5D9C = arg1 ---> 0xC0F04A10
*0x5C50 = arg2 ---> 0x3D00D70
*0x5C50 = arg3 ---> 0x9


- H264E_InitializeH264EncodeFor1080p25fps
DryosDebugMsg(0x1a, 0x1, "H264E
InitializeH264EncodeFor1080p25fpsDZoom");
CreateResLockEntry(0x90000, 0x6000D);
*0x5DAC = ret_CreateResLockEntry_FF1ACCB8
CreateResLockEntry(0x6000E, 0x60002);
*0x5DB0 = ret_sub_FF1C8630_FF1ACCCC
*0x5CD0 = arg0->off_0x10 ---> 0x60001
*0x5CEC = arg0->off_0x14 ---> 0x60012
*0x5D08 = arg0->off_0x18 ---> 0x240000
*0x5D24 = arg0->off_0x1C ---> 0x10005
*0x5D40 = arg0->off_0x20 ---> 0x4
*0x5D74 = arg0->off_0x24 ---> 0xC0F03000
*0x5D78 = arg0->off_0x28 ---> 0x80000029
*0x5CAC = arg0->off_0x2C ---> 0xC0F03004
*0x5CB4 = arg0->off_0x30 ---> 0x8000002B
*0x5CA8 = arg0->off_0x34 ---> 0xC0F03008
*0x5CB0 = arg0->off_0x38 ---> 0x8000002D
*0x5C64 = 1
*0x5D9C = arg1 ---> 0xC0F04A10
*0x5C50 = arg2 ---> 0x3D00D70
*0x5C50 = arg3 ---> 0x9


- H264E_InitializeH264EncodeForVGA
DryosDebugMsg(0x1a, 0x1, "H264E InitializeH264EncodeForVGA");
CreateResLockEntry(0x90000, 0x60002);
*0x5D94 = ret_CreateResLockEntry_FF1ACA30
CreateResLockEntry(0x60001, 0x60012);
*0x5D98 = ret_sub_CreateResLockEntry_FF1ACA44
*0x5CC4 = arg0->off_0x10 ---> 0x10005
*0x5CE0 = arg0->off_0x14 ---> 0x4
*0x5CFC = arg0->off_0x18 ---> 0xC0F03208
*0x5D18 = arg0->off_0x1C ---> 0x80270000
*0x5D34 = arg0->off_0x20 ---> 0xC0F0320C
*0x5D5C = arg0->off_0x24 ---> 0x80270001
*0x5D60 = arg0->off_0x28 ---> 0xC0F03210
*0x5CAC = arg0->off_0x2C ---> 0x80270002
*0x5CB4 = arg0->off_0x30 ---> 0xC0F03214
*0x5CA8 = arg0->off_0x34 ---> 0x80270003
*0x5CB0 = arg0->off_0x38 ---> 0xC0F03218
*0x5C58 = 1


- H264E_InitializeH264EncodeFor720p
DryosDebugMsg(0x1a, 0x1, "H264E InitializeH264EncodeFor720p");
CreateResLockEntry(0x90000, 0x6000E);
*0x5D8C = ret_sub_CreateResLockEntry_FF1AC994
CreateResLockEntry(0x60002, 0x60001);
*0x5D90 = ret_CreateResLockEntry_FF1AC9A8
*0x5CC0 = arg0->off_0x10 ---> 0x60012
*0x5CDC = arg0->off_0x14 ---> 0x10005
*0x5CF8 = arg0->off_0x18 ---> 0x4
*0x5D14 = arg0->off_0x1C ---> 0xC0F03004
*0x5D30 = arg0->off_0x20 ---> 0x8000001F
*0x5D54 = arg0->off_0x24 ---> 0xC0F0300C
*0x5D58 = arg0->off_0x28 ---> 0x80000021
*0x5CAC = arg0->off_0x2C ---> 0xC0F03010
*0x5CB4 = arg0->off_0x30 ---> 0x80000023
*0x5CA8 = arg0->off_0x34 ---> 0xC0F03014
*0x5CB0 = arg0->off_0x38 ---> 0x80000025
*0x5C54 = 1


- H264E_InitializeH264EncodeForCropVGA
DryosDebugMsg(0x1a, 0x1, "H264E InitializeH264EncodeForCropVGA");
CreateResLockEntry(0x90000, 0x6000D);
*0x5D9C = ret_CreateResLockEntry_FF1ACACC
CreateResLockEntry(0x6000E, 0x60004);
*0x5DA0 = ret_CreateResLockEntry_FF1ACAE0
*0x5CC8 = arg0->off_0x10 ---> 0x60001
*0x5CE4 = arg0->off_0x14 ---> 0x60012
*0x5D00 = arg0->off_0x18 ---> 0x10005
*0x5D1C = arg0->off_0x1C ---> 0x4
*0x5D38 = arg0->off_0x20 ---> 0xC0F03064
*0x5D64 = arg0->off_0x24 ---> 0x80070000
*0x5D68 = arg0->off_0x28 ---> 0xC0F03068
*0x5CAC = arg0->off_0x2C ---> 0x80080000
*0x5CB4 = arg0->off_0x30 ---> 0xC0F0306C
*0x5CA8 = arg0->off_0x34 ---> 0x80070003
*0x5CB0 = arg0->off_0x38 ---> 0xC0F03070
*0x5C5C = 1

Note:
[omitted: the 2 functions at the end of the 500d
(H264Dec_InitializeH264DecRotatePath) and
(H264ForHD_InitializeH264DecForHdPath) are present in the 60d, but
they have an unknown arg0 that I could not locate, so I left them out
here.]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Going further, I took the list of memory locations and put all in one
list, having each function's group of affected locations their own
color. I then sorted the list so that I'd be able to see what (if any)
locations were being used by more than one function. The result is
that they are! And it looks very similar between the 60d and 500d.
Below is my color key and a link to an image of the 500d's location
references and the 60d's. I put spaces between the groups for easier
reading.

Format of breakdown:
- pointer location on the left is the location in memory that's
changed by the specified function (specified by color).
- arg0 to these functions is a dword location (list of values), I have
the actual value at each location listed after the ---> arrow.

500d:
H26E_InitializeH264Encode == red
H26E_InitializeH264EncodeFor720p == green
H26E_InitializeH264EncodeForVGA == blue
- image link: http://i.imgur.com/5RVvU.png

60d (a little more complicated :P ):
H26E_InitializeH264Encode == red
H264E_InitializeH264EncodeFor1080pDZoom == green
H264E_InitializeH264EncodeFor1080p25fps == blue
H264E_InitializeH264EncodeForVGA == purple
H264E_InitializeH264EncodeFor720p == orange
H264E_InitializeH264EncodeForCropVGA == maroon
- image link: http://i.imgur.com/IbXMR.jpg



Interesting thing I've noted after today:
- 720p and VGA initialization functions in the 500d are identical,
only 1080p being different. This is interesting because in the 500d,
720p and 480p video can only be recorded at 30fps, and 1080p at 20fps.
I think there may be some link to this here.


So I'm still lost, but if I keep digging like this I'm bound to figure
out something eventually right? :)

Antony Newman

unread,
Sep 29, 2011, 8:58:04 AM9/29/11
to ml-d...@googlegroups.com
Andrew,
 
Not sure of if this helps .. some or the parm lists look like   DIGIC address , Value , DIGIC address, Value
 
Eg
*0x5D4C = arg0->off_0x24                        ---> 0xC0F03000
*0x5D50 = arg0->off_0x28                        ---> 0x80000029
*0x5CAC = arg0->off_0x2C                        ---> 0xC0F03004
*0x5CB4 = arg0->off_0x30                        ---> 0x8000002B
*0x5CA8 = arg0->off_0x34                        ---> 0xC0F03008
*0x5CB0 = arg0->off_0x38                        ---> 0x8000002D 

AJ
Reply all
Reply to author
Forward
0 new messages