Hi,
On Thu, Apr 10, 2008 at 01:38:02AM +0100, Oliver Ford wrote:
> The suspend code writes the resume address to SDRAM+0x0800 and also writes
> the address of a data area to +0x0804. On resume, the ROM code (running in
> the on-chip SRAM) places the data area address into r0 and jumps to the
> address at +0x0800. I've implemented this in haret so that I could use both
> the RESUMETRACES and the RESUMEINTOBOOT. The former now works but I had to
> make some significant changes. Was the existing hookResume() code specific
> to a particular machine / version of winCE?
Yes - the hooking of the resume vector seems to work on wince5
phones. (It works on both my Apache and Hermes.) I know of at least
one other phone (Magician I think) running wince4 that the current
system did not work.
> I put the resumeIn address into +0x0800 but, on the way into suspend
> windows stores its own resume vector there so I have to replace the
> instruction that does it with a 'nop'. Its not exactly elegant and
> currently requires knowing where the specific instruction will be in
> virtual memory. It does the job on this particular system though. I'll
> clean it up a bit and make a complete patch but wondered if you can think
> of a better way of doing it.
It would be great if you could send a patch over. Maybe Philipp can
compare it to what he had on Magician.
> Of course, with that, the resume into boot also works. Unfortunately linux
> won't bring up the LCD so I'm having to pay closer attention to what
> windows does during resume.
Okay - I don't think anyone has succesfully tested ResumeIntoBoot. If
you got it to work that is great.
> I've been tracing it with MMUTRACE and WIRQ, but unfortunately I can't get
> completely through the suspend code watching the PXA3xx's ACCR register
> (which is of most interest at the moment) without it giving up. The lines
> in haretlog.txt are:
> 002523: 09bdb659: mmutrace 8004b4e0: a8b14038(?) a9340000 8034f7c0
> (a9340000)
> 002523: 09bdb659: giving up - clearing mapping
You should put a copy of objdump into the same directory as
haretconsole - it will automatically disassemble for you then.
> The offending code is this (disassembled by objdump):
> 8004b4dc: e2922010 adds r2, r2, #16 ; 0x10
> 8004b4e0: a8b14038 ldmgeia r1!, {r3, r4, r5, lr} @ <--
> haret mmutrace gives up here
Yes. I never implemented ldm (load multiple) or stm (store multiple),
because it is a bit of a pain and I never ran into anything that
actually needed it. It is definitely possible to emulate it.
-Kevin
_______________________________________________
Haret mailing list
[email protected]
https://handhelds.org/mailman/listinfo/haret
