Lua_touch: outdated HIJACK_TOUCH_CBR_PTR adress

Issue #2520 resolved
Daniel created an issue

Uh, well, so firstly:

a) I'm some 15 y/o guy who isn't permitted to join the forum, so don't complain about that please.

b) I've like no idea of C, but some things nevertheless seem understandable, so all I write is basically a guess.

The story: Some day I thought using my cam (a cheap 700D) as a torch would be awesome. So I setup some VM to compile ML. However, I didn't get the modules compiled, just an autoexec.bin, but that was still enough to figure out that I just was turning on the redeye option in the settings with my 'revolutionary' code.

Now I thought I could test some stuff for Alex (#711) so I asked how to compile the modules too, and got it working. However, now I soon forgot about what I wanted because it looked sooo tempting to compile the lua-touch branch - I love touch support and IMHO it would make LUA scripting much more useable. So I got it compiled and it didn't work.

Uh.

Then I did my usual debugging (AKA printf) to see where things get stuck. This finally was my code: https://lfil.es/p/31f235a1 And this the output:

screenshot.jpg

Basically how I understood it: the touch func that makes ML open with two fingers has no coordinates - that's why we need this complicated crap other method, which basically works like this: there's some function in the ROM that has an adress - 0x4D3F8 for example on the eosm - that gets called on a touch event, and it has coordinates and an id and blah.

And now we hijack it, by executing our own function handler when it's called, catch the coordinates & info and execute the listening lua functions with them, and then do the completely normal canon stuff.

And what went wrong? The hijack_touch_cbr_ptr (0x4D858) adress for the 700D is bullshit - it wasn't updated since an older firmware version

What to do? @a1ex and @dmilligan you seemed to do the touch things right? I haven't got IDA, so I think I must ask you to find out the right adresses ;) I can send ya a ROM dump if needed. (To whom?)

Oh and an additional info, there's this lua_dump script or whatever it's called, I ran it and let it dump the touch .. I think it was called table? too, and the up, move and down entries - that should show up as functions (?) just where nil. Dunno if that piece of info helps.

Comments (9)

  1. Daniel reporter

    What's the difference between stubs.S and consts.h ? Because the adress declared in consts.h (hijack_touch_cbr_ptr) is the one used in the code, and then there's also one in the stubs - touch_cbr_canon, that has been updated since the old version - but is commented out!

    The adresses seem to be completely different (not of the same thing on the same place), the old one used in the code - 0x4D858 is faaaar away from 0xFF3335C4. So maybe we aren't searching for stubs?

    There is some pfTouchEventCBR mentioned in some debugmsg calls (I think, tbh I've no clue) in the ROM1 *dis, but I think that isn't what we're searching for, because I think the stubs are correct.

    Ya so if you could find the adress it surely would save me a lot of effort, because, again, I've no idea of those things.

  2. Alex

    Some things from consts can actually be moved to stubs. Both are camera-specific values, stubs are limited to fixed addresses, but are a bit more elegant to use, though you have to define a type for them somewhere else in the code; the "consts" are C macros, which gives you a little flexibility, but it's also easier to break things from there.

    Did you find any references to 0x4D858 in the disassembly of the old firmware version?

  3. Daniel reporter

    Thank you for explaining. No, I don't have the old firmware version, just the dump of the newest one (1.1.4).

    Now the question comes up: what are we searching for? Right, we'd probably know more that if we had the old dump. Any ideas?

  4. nikfreak

    I would say the one in 111 fw was wrong, too.

    try 0x32200 (0x321b4+4c) for both 111/114 assuming the one from EOSM202 is correct.

    Update: grep'd for "hijack_touch_cbr_ptr" and it seems only defined for EOSM/700D and missing on 650D as well as on my maintained builds like SL1/70D. I must admit I haven't yet played around with lua.touch.

  5. Log in to comment