> I have 512Kb downstream, but depending on how much disk space we're > talking about, that may be more of an issue. I've about 15GB free, with > a 40GB disk currently sitting on the side if needed.
I believe it is time to explain how far I am. Currently, the register_get/register_set/bulk_transfer functions of the USB protocol are identified. Basing on the USB traces taken from windows (produced by usbsnoopy), we have perl/sed scripts transforming them into some kind of intermediate formats (which is changing quite often - as soon as I get clues). There is a libusb based C code (somewhat ugly for now - it was not the priority ;) playing those intermediate "scripts" at the scanner level. One of these perl filters is getting rid of this useless code in the script (which is pooling the scanner button state): REG(9200 9700 a310 a13f 970a ) REG1(8b) GET_LATCH()=5f REG1(8b) GET_LATCH()=5f REG1(97) SEND_CMD(85,0F,0f) REG(9260 ) REG1(8b) GET_LATCH()=c3 one other is transforming this "pooling" sequence into the WAIT_FOR_BIT2() opcode: REG1(8b) GET_LATCH()=xx REG1(8b) GET_LATCH()=xx ... REG1(8b) GET_LATCH()=bb etc... Now the scripts files are getting smaller and smaller, and the final goal is to get more and more code in the C parser, and nothing (except START_300dpi() opcode) in the script file :) The C interpretor is right now doing 75 and 300 dpi color scanning using these script files. However, this is still work in progress and I could not give it away without documenting it, telling where are the next steps in opcode mangling, etc... That's why I said this is early stages of the developpement. > My firewall is set up to allow through ssh, so I can set up to allow you to > push logs if you want, or I can pull them. > > What are you using for the disassembly? Is there much useful information > left or are you stuck with the horror of manually inferring structure > from the code directly? I found IDA usefull for disassembly documenting (it may work under wine easily I believe - I can give you the IDA database that I've got). I would like to try hacking the DLL to add verbosity (there is already some in c:\d1250fw.log), using a patcher or the Softice debugger. There is not much left. We have WIN32 library functions, and DLL exports, as usual. However, once get/set register functions are identified, each DLL export (MoveCariage, SetLampOn, ...) are identified as a list of get/set functions. However, the code is quite big ! Norbert
