Ad blocker interference detected!
Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers
Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.
Emulating the Canon 7D or 5D Mark II requires qemu to simulate the system and either arm-elf-gdb or IDA Pro to step through it.
Configuring qemu 0.11 Edit
Download the patch file, patches/qemu-0.11.patch. Patch files will soon be updated to have hw name canon, but for now it is based on the chdk patches for the ixus platform.
patch -p1 < patches/qemu-0.11.patch ./configure \ --disable-werror \ --target-list=arm-softmmu
Running qemu Edit
(For flasher code)
QEMU_LOAD=0x800120 QEMU_ENTRY=0x800120 \ ./arm-softmmu/qemu-system-arm \ -s \ -S \ -nographic \ -m 1024 \ -M ixus \ -option-rom ~/build/5d/7d000110/flasher_payload.bin \ /dev/null
Be careful of this QEmu bug under Windows 7: http://developer.symbian.org/bugs/show_bug.cgi?id=3671
here is my patch against 0.12.5 (in gdbstub.c) :
// "%s,nowait,nodelay,server", device); "tcp:127.0.0.1:1234,nowait,nodelay,server");
IDA Pro Edit
Select Debugger - Process Options and set hostname to localhost port 1234 to contact qemu running on the same machine. Then select Debugger - Continue Process to run the firmware until it enters the infinite loop at 0x8009f4
ELF files are not required.
Configuring arm-elf-gdb Edit
I built with gdb-7.0.
./configure \ --disable-werror \ --target arm-elf make && sudo make install
Generating ELF files from ROM dumps Edit
remake-elf builds an ELF file from a binary dump and an IDA map file:
./remake-elf \ -o flasher.elf \ -b 0x80000 \ --relative \ flasher.bin \ flasher.map
Depending on the segment number in IDA, you might need to modify the regex to extract symbols from the correct segment.
target remote localhost:1234 set language asm layout asm layout regs focus cmd symbol-file flasher.elf # Break if we enter the infinite loop of death br *0x8009f4
echo Jumping to firmware updater set $pc = 0x80a294 set $r0 = 0xb00000 set $r1 = 0x22e100 # problem? br *0x846744
arm-elf-gdb -x gdbopts