// Default TP entry, used by the Factory Reset
typedef struct
{
  byte  ChNum;
  byte  Bandwidth;
  word  Res;
  dword Frequency; // khz
} DefTP;


DefTP *def;
word *defCnt;
word *fwCnt = (word*)FindInstructionSequence(
  "240e0001 15ee0004 8f9ea144 24180070 10000004 a7d80000 8f99a144 24180072 a7380000",
  "ffffffff ffffffff ffff0000 ffffffff ffffffff ffffffff ffff0000 ffffff00 ffffffff",
  0x80180000, 0x80200000, 0, FALSE);
word *fwDef = (word*)FindInstructionSequence(
  "8f8f89e0 90f90001 01e97821 a1f90002 8f9889e0 8cef0004 0309c021 10000013 af0f0004 3c07802d 24e7c370 000430c0 8f8e89e0 00e6c821 00054900 93390000 01c97021 a1d90001",
  "ffff0000 ffffffff ffffffff ffffffff ffff0000 ffffffff ffffffff ffffffff ffffffff ffff0000 ffff0000 ffffffff ffff0000 ffffffff ffffffff ffffffff ffffffff ffffffff",
  0x80180000, 0x80200000, 0, FALSE);
bool hasHs = PatchIsInstalled((dword*)0x80000000, "Hs");
if(fwCnt && fwDef)
{
  defCnt = &fwCnt[15];
  num = *defCnt;
  def = (DefTP*)((fwDef[19]<<16)+(short)fwDef[21]);
  // [Hs] means the system doesn't double up the default TPs to do HP and LP
  if(!hasHs)
    num *= 2;
  TAP_Print("def=%p, defCnt=%d\n", def, num);
}