原创 关于佳能相机（DIGICII)系列破解、编程的近一步信息

网络真是太神奇了，可以让我认识许多人，获得许多的知识！

前天给A610 RAW Hack补丁的作者写了封电子邮件，希望他把关于610编程的信息的readme.html给翻译成英语（原文为俄语，用google translate翻译的效果太惨不忍睹了）

他回的原文和我的翻译如下，里面告诉我如何准备为Digic II编程：

Well, yes, but it could be not that useful... This readme is
very outdated. It was written at some early stage when camera
just begun to do things it wasn't supposed to )

Basically, for best compatibility you'll need Linux or Cygwin/
MSYS on Windows.
最基本地，为了最好的兼容性，你会需要Linux或者在Windows上的Cygwin/MSYS
ARM GCC for Windows is here http://vitalyb.mail333.com/a610/gcc/

The best hacking tool to look inside camera code is IDA Pro Interactive
Disassembler. Also, at later stages of hacking VxWorks for ARM
may be pretty useful.
最好的观看相机代码的Hack工具是IDA Pro交互式的反汇编器。在hacking的后期（高级阶段），VxWorks for ARM可能会非常有用的
ixus_fd.exe & ixus_fdu.exe - programs to decrypt and decrypt&unpack
WIF file.

libptp2+patch - can upload files to camera via USB connection. Very
buggy, damages data, card reader is way much better.

http://vitalyb.mail333.com/a610/code/pak.c - converts bunch of files
to profer FIR. See source, should be pretty easy to understand.

FIR contains some files. Some have known and/or obvious application,
others - don't.

PRIMARY.BIN - primary flash file. For A610 it's base address is 0xff810000
主要的flash文件。对于A610,它的起始地址是0xff810000
WriterInFIR.bin - it's most interesting and juicy part especially at
early hacking. There's a quiet large symbol table with names and entry points.
Improves understanding of "what's going on there" significantly.
Base address 0x1900.
这是最有趣的和最能有收获的部分——特别是对于早期的hacking。这里有一个相当大的符号表，其中有名称和入口点。提高对于“这是在做什么”的理解是很重要的。

基地址：0x1900
WriterInFIR.bin ("wif" for short) is started when you initiate firmware
updgade. So, all of our code goes here.
当你要初始化firmware的升级的时候，WriterInFIR.bin （简称"wif"）被启动。

More advanced stuff:
WIF can be patched to load ELF binary and run it.
http://vitalyb.mail333.com/a610/code/code-v1.zip AFAIR

ELF binary should be relocatable and can use symbols of WIF.
SDL can be used here and there are corresponding examples. Buttons,
video and timer work OK. It's not clear how to use audio, though.
ELF二进制应该被重定位，而且可以使用WIF的符号表。

这里可以使用SDL，有许多相应的例程。按键、视频和计时器运行正常。但是还不清楚使用使用音频。

All above has nothing to do with camera firmware and is kind'a
running Win XP on Intel Mac 8)
上面所有这些和相机的固件无关（后面的我没看明白）

Next thing is running process in camera's original firmware
without touching it. This is how RAW hack works. Initialization
part of firmware is copied and modified to a) make
less RAM available to OS and b) run custom process. This
process lives in cut off portion of RAM and OS can not
touch it. Since there's no MMU it's not a problem.
下一件事情是在不触动相机的原始固件的情况下，在其中运行进程。这也是RAW hack工作的方法。固件的初始化部分被复制并修改1)使得OS可用的内存更少（是这么翻译？），2)运行自定义的进程。这个进程生存（运行）在一个被“切去”的内存部分中，OS是不能触碰它的。因为没有MMU（内存管理单元），所以这不是问题。