flat assembler
Message board for the users of flat assembler.
Index
> Non-x86 architectures > [ARM] Encoding T2 for the B instruction |
Author |
|
revolution 08 Jan 2013, 12:44
Where is this useful/used? What is this for? Some context?
|
|||
08 Jan 2013, 12:44 |
|
hopcode 08 Jan 2013, 14:13
dont know, should be ok; because i am doing it from empirical
calculations by debugging, because not yet much time to dig accurately into the ARMv7 manual follows ARM code during debugging Code: 0x00000560 0xBF00 NOP 0x00000562 0xBF00 NOP 0x00000564 0xE7FF B 0x00000566 ;<--- 0x00000566 0xBF00 NOP 0x00000568 ... useful because snippet doesnt touch EBX/EDX, and return in EAX the address. in this case giving in EBX 0x00000564 and in EDX 0xE7FF, it returns in EAX 0x00000566. it works relative addressing. my question is about bit 11,12 _________________ ⠓⠕⠏⠉⠕⠙⠑ |
|||
08 Jan 2013, 14:13 |
|
LocoDelAssembly 08 Jan 2013, 16:08
Also untested
Code: T2_B: mov eax,edx mov ecx,edx or eax, not 7FFh and ecx,7FFh test dh,4 cmovnz ecx,eax lea eax,[ecx+ecx+ebx+4] nop ret |
|||
08 Jan 2013, 16:08 |
|
hopcode 08 Jan 2013, 16:42
LocoDelAssembly wrote: Also untested it works! cool this should be named T2_B_dest because it calculates the target address of a B instruction. now the reverse, given a target address i want to opcode and the current address of a B instruction (no condition) Code: T2_B_enc: ;--- in EBX cur_addr of the B instruction ;--- in EAX destination target address i want to opcode ;--- ret in EAX the opcoded instruction sub eax,ebx sub eax,4 cdq and edx,400h and eax,7FFh shr eax,1 or eax,edx or eax,0E000h nop ret giving in EBX 0x00000564, and in EAX 0x00000566, return EAX 0xE7FF ARM code as reference to make some tests, Code: 0x00000560 0xbf00 NOP 0x00000562 0xbf00 NOP 0x00000564 0xe7ff B 0x00000566 ;<---- 0x00000566 0xbf00 NOP 0x00000568 0xe7ff B 0x0000056a 0x0000056a 0xbf00 NOP 0x0000056c 0xbf00 NOP 0x0000056e 0xe7fe B 0x0000056e 0x00000570 0xbf00 NOP 0x00000572 0xbf00 NOP 0x00000574 0xe7fd B 0x00000572 0x00000576 0xbf00 NOP ... 0x00000000 0xE00E ;<--- this will cause code to jump to address 20h 0x00000020 ... _________________ ⠓⠕⠏⠉⠕⠙⠑ |
|||
08 Jan 2013, 16:42 |
|
revolution 08 Jan 2013, 18:53
The encoding for the unconditional 16bit thumb B is just a simple 2s complement value of 11 bits with an offset of 4. You can simply truncate the value to 11 bits.
|
|||
08 Jan 2013, 18:53 |
|
hopcode 09 Jan 2013, 18:05
fine encoding may be rewritten as following
Code: T2_B_enc: mov ebx,cur_instr_addr mov eax,target_addr sub eax,ebx sub eax,4 shr eax,1 and eax,07FFh or ah,0E0h ret _________________ ⠓⠕⠏⠉⠕⠙⠑ |
|||
09 Jan 2013, 18:05 |
|
revolution 09 Jan 2013, 18:38
There are three other encodings for Thumb mode B. You can look at the fasmarm source to see how the others are encoded there, but the best place to go is the ARM manual. It seems to be a very slow way to work by reverse engineering something when the full manual is available.
|
|||
09 Jan 2013, 18:38 |
|
hopcode 09 Jan 2013, 19:57
revolution wrote: ...You can look at the fasmarm source to see how the others are encoded there, but the best place to go is the ARM manual i am expressly delaying the manual to the end of this month, while enjoining the direct access to the hardware, very new for me, such a powerful flashing impact _________________ ⠓⠕⠏⠉⠕⠙⠑ |
|||
09 Jan 2013, 19:57 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.