flat assembler
Message board for the users of flat assembler.

Index > Non-x86 architectures > Raw bootloader for STM32

Author
Thread Post new topic Reply to topic
cvtss2sd



Joined: 30 Sep 2010
Posts: 48
cvtss2sd 21 Jan 2012, 09:00
I'm sort of new to arm and the like, so i don't know what all info is necessary. Basically i have an STM32 board very similar to these, but with some minor differences (I think it's only the one button, actually). I'm trying to get a minimal (no linker) bootloader (just makes the LED flash) from which i can learn about arm and eventually make a self-serving development platform (by porting fasmarm to arm, having a small kernel with a text editor, keyboard (arduino keyboard), and microSD driver. Any help towards this goal would be appreciated.

I tried using some disassemblers out there to try to learn from the default bootloader, but i don't know enough about arm to tell it the entry point.
Post 21 Jan 2012, 09:00
View user's profile Send private message Reply with quote
Dex4u



Joined: 08 Feb 2005
Posts: 1601
Location: web
Dex4u 21 Jan 2012, 22:13
Post 21 Jan 2012, 22:13
View user's profile Send private message Reply with quote
cvtss2sd



Joined: 30 Sep 2010
Posts: 48
cvtss2sd 22 Jan 2012, 04:22
Pretty much, but i do not know enough to know what the org should be and things like that. Heck, the "mini boot arm" code might even be good enough. I just need a source in pure fasmarm that i can run without an OS and assembles into a binary that doesn't need a linker. I just have no idea what i'm doing. Embarassed
Post 22 Jan 2012, 04:22
View user's profile Send private message Reply with quote
Dex4u



Joined: 08 Feb 2005
Posts: 1601
Location: web
Dex4u 22 Jan 2012, 20:33
cvtss2sd wrote:
Pretty much, but i do not know enough to know what the org should be and things like that. Heck, the "mini boot arm" code might even be good enough. I just need a source in pure fasmarm that i can run without an OS and assembles into a binary that doesn't need a linker. I just have no idea what i'm doing. Embarassed
This is a FasmArm ver
Code:
format binary                                ; Tell the assembler output type

org      0x00000000                             ; This is where we are load to

use32                                             ; Use 32 bit code

B Reset_Handler                                ;/* Reset */
B Default                                      ;/* Undefined */
B Default                                      ;/* SWI */
B Default                                      ;/* Prefetch Abort */
B Default                                      ;/* Data Abort */
B Default                                      ;/* reserved */
B Default                                      ;/* IRQ */
B Default                                      ;/* FIQ */

;********************************;

; Just loop  for now          ;

;********************************;

Reset_Handler:

       b        Reset_Handler                  ; Just here on reset, you would add you start code here

Default:

       b      Justloop                       ; Just loop for now
    

Things to note 'b' is the same as 'jmp' and 'word' is the same as 'dword' in x86.
Something like the above needs to be at address 0, some times there a boot loader that is loaded there already and you need to load your code higher, you need to read doc's find this out.

Use:
fasmarm test.asm test.bin <enter>
To assemble
Post 22 Jan 2012, 20:33
View user's profile Send private message Reply with quote
cvtss2sd



Joined: 30 Sep 2010
Posts: 48
cvtss2sd 24 Jan 2012, 03:13
Thank you for your help, i'll test it out this weekend and tell you if it works (although, the way it's built, i won't know if it actually worked or not unless it does something that clearly tells me it failed [I'll have to look into exactly how it works the LED, but as long as this works it shouldn't be too hard to figure out how to do that]).

I do know, however, there is a "serial bootloader." This is the output of the code i managed to simplify to 1kb and make an LED flash. If pattern holds true, it seems there's an offset (i only edited the C files, not the asm files)...

Code:
0000000: 0000 0120 f100 0008 3101 0008 3101 0008  ... ....1...1...
0000010: 3101 0008 3101 0008 3101 0008 0000 0000  1...1...1.......
0000020: 0000 0000 0000 0000 0000 0000 3101 0008  ............1...
0000030: 3101 0008 0000 0000 3101 0008 3101 0008  1.......1...1...
0000040: 3101 0008 3101 0008 3101 0008 3101 0008  1...1...1...1...
0000050: 3101 0008 3101 0008 3101 0008 3101 0008  1...1...1...1...
0000060: 3101 0008 3101 0008 3101 0008 3101 0008  1...1...1...1...
0000070: 3101 0008 3101 0008 3101 0008 3101 0008  1...1...1...1...
0000080: 3101 0008 3101 0008 3101 0008 3101 0008  1...1...1...1...
0000090: 3101 0008 3101 0008 3101 0008 3101 0008  1...1...1...1...
00000a0: 3101 0008 3101 0008 3101 0008 3101 0008  1...1...1...1...
00000b0: 3101 0008 3101 0008 3101 0008 3101 0008  1...1...1...1...
00000c0: 3101 0008 3101 0008 3101 0008 3101 0008  1...1...1...1...
00000d0: 3101 0008 3101 0008 3101 0008 3101 0008  1...1...1...1...
00000e0: 3101 0008 3101 0008 3101 0008 5ff8 08f1  1...1...1..._...
00000f0: 0021 03e0 094b 5b58 4350 0431 0848 094b  .!...K[XCP.1.H.K
0000100: 4218 9a42 f6d3 084a 02e0 0023 42f8 043b  B..B...J...#B..;
0000110: 064b 9a42 f9d3 00f0 49f9 7047 f003 0008  .K.B....I.pG....
0000120: 0000 0020 0000 0020 0000 0020 0000 0020  ... ... ... ... 
0000130: fee7 0000 80b4 85b0 00af 7860 0b46 fb70  ..........x`.F.p
0000140: fb78 4ff0 0102 02fa 03f3 fb60 7b68 03f1  .xO........`{h..
0000150: 1003 fa68 1a60 07f1 1407 bd46 80bc 7047  ...h.`.....F..pG
0000160: 80b4 85b0 00af 7860 0b46 fb70 fb78 03f1  ......x`.F.p.x..
0000170: 1003 4ff0 0102 02fa 03f3 fb60 7b68 03f1  ..O........`{h..
0000180: 1003 fa68 1a60 07f1 1407 bd46 80bc 7047  ...h.`.....F..pG
0000190: 80b5 86b0 00af f860 7b60 0b46 fb72 1346  .......`{`.F.r.F
00001a0: bb72 fb7a f868 1946 fff7 daff 1fe0 7b68  .r.z.h.F......{h
00001b0: 7b61 04e0 00bf 7b69 03f1 ff33 7b61 7b69  {a....{i...3{a{i
00001c0: 002b f7d1 fb7a f868 1946 fff7 b3ff 7b68  .+...z.h.F....{h
00001d0: 7b61 04e0 00bf 7b69 03f1 ff33 7b61 7b69  {a....{i...3{a{i
00001e0: 002b f7d1 fb7a f868 1946 fff7 b9ff bb7a  .+...z.h.F.....z
00001f0: 002b 0cbf 0023 0123 dbb2 ba7a 02f1 ff32  .+...#.#...z...2
0000200: ba72 002b d3d1 07f1 1807 bd46 80bd 00bf  .r.+.......F....
0000210: 80b4 00af 41f2 0003 c4f2 0203 41f2 0002  ....A.......A...
0000220: c4f2 0202 1268 42f0 0102 1a60 41f2 0402  .....hB....`A...
0000230: c4f2 0202 41f2 0403 c4f2 0203 1968 40f2  ....A........h@.
0000240: 0003 cff6 ff03 01ea 0303 1360 41f2 0003  ...........`A...
0000250: c4f2 0203 41f2 0002 c4f2 0202 1268 22f0  ....A........h".
0000260: 8472 22f4 8032 1a60 41f2 0003 c4f2 0203  .r"..2.`A.......
0000270: 41f2 0002 c4f2 0202 1268 22f4 8022 1a60  A........h"..".`
0000280: 41f2 0403 c4f2 0203 41f2 0402 c4f2 0202  A.......A.......
0000290: 1268 22f4 fe02 1a60 41f2 0803 c4f2 0203  .h"....`A.......
00002a0: 4ff0 0002 1a60 bd46 80bc 7047 80b4 00af  O....`.F..pG....
00002b0: 41f2 0003 c4f2 0203 41f2 0002 c4f2 0202  A.......A.......
00002c0: 1268 42f0 0112 1a60 41f2 0003 c4f2 0203  .hB....`A.......
00002d0: 1b68 03f4 0033 002b f6d0 42f2 0003 c4f2  .h...3.+..B.....
00002e0: 0203 4ff0 1202 1a60 41f2 0403 c4f2 0203  ..O....`A.......
00002f0: 41f2 0402 c4f2 0202 1268 42f4 e812 42f4  A........hB...B.
0000300: 8062 1a60 41f2 0003 c4f2 0203 41f2 0002  .b.`A.......A...
0000310: c4f2 0202 1268 42f0 8072 1a60 41f2 0003  .....hB..r.`A...
0000320: c4f2 0203 1b68 03f0 4073 002b f6d0 41f2  .....h..@s.+..A.
0000330: 0403 c4f2 0203 41f2 0402 c4f2 0202 1268  ......A........h
0000340: 42f0 0202 1a60 41f2 0403 c4f2 0203 1b68  B....`A........h
0000350: 03f0 0803 002b f6d0 bd46 80bc 7047 00bf  .....+...F..pG..
0000360: 80b5 00af 41f2 0003 c4f2 0203 41f2 0002  ....A.......A...
0000370: c4f2 0202 9269 42f0 0802 9a61 40f6 0043  .....iB....a@..C
0000380: c4f2 0103 40f6 0042 c4f2 0102 1268 22f4  ....@..B.....h".
0000390: 7002 42f4 8012 1a60 40f6 0040 c4f2 0100  p.B....`@..@....
00003a0: 4ff0 0501 fff7 c6fe 80bd 00bf 80b5 00af  O...............
00003b0: fff7 2eff fff7 7aff fff7 d2ff 40f6 0040  ......z.....@..@
00003c0: c4f2 0100 4ff0 0501 4ff0 0502 4ff4 a023  ....O...O...O..#
00003d0: fff7 defe 40f6 0040 c4f2 0100 4ff0 0501  ....@..@....O...
00003e0: 4ff0 0102 4ff4 1433 fff7 d2fe f2e7 00bf  O...O..3........
00003f0: 0a                                       .
    


It looks like it might be 0x80000000 or something like that (assuming it's little endian). This little "ld" script seems to confirm it. Here's the asm file that gets linked to it (lacks alot of other code):

Code:
/**
 ******************************************************************************
 * @file      startup_stm32f10x_md.s
 * @author    MCD Application Team
 * @version   V3.1.0
 * @date      06/19/2009
 * @brief     STM32F10x Medium Density Devices vector table for RIDE7 toolchain.
 *            This module performs:
 *                - Set the initial SP
 *                - Set the initial PC == Reset_Handler,
 *                - Set the vector table entries with the exceptions ISR address
 *                - Branches to main in the C library (which eventually
 *                  calls main()).
 *            After Reset the Cortex-M3 processor is in Thread mode,
 *            priority is Privileged, and the Stack is set to Main.
 *******************************************************************************
 * @copy
 *
 * THE PRESENT FIRMWARE WHICH IS FOR GUIDANCE ONLY AIMS AT PROVIDING CUSTOMERS
 * WITH CODING INFORMATION REGARDING THEIR PRODUCTS IN ORDER FOR THEM TO SAVE
 * TIME. AS A RESULT, STMICROELECTRONICS SHALL NOT BE HELD LIABLE FOR ANY
 * DIRECT, INDIRECT OR CONSEQUENTIAL DAMAGES WITH RESPECT TO ANY CLAIMS ARISING
 * FROM THE CONTENT OF SUCH FIRMWARE AND/OR THE USE MADE BY CUSTOMERS OF THE
 * CODING INFORMATION CONTAINED HEREIN IN CONNECTION WITH THEIR PRODUCTS.
 *
 * <h2><center>&copy; COPYRIGHT 2009 STMicroelectronics</center></h2>
 */       
    
  .syntax unified
       .cpu cortex-m3
      .fpu softvfp
        .thumb

.global   g_pfnVectors
.global SystemInit_ExtMemCtl_Dummy
.global   Default_Handler
     
/* start address for the initialization values of the .data section. 
defined in linker script */
.word       _sidata
/* start address for the .data section. defined in linker script */  
.word       _sdata
/* end address for the .data section. defined in linker script */
.word    _edata
/* start address for the .bss section. defined in linker script */
.word   _sbss
/* end address for the .bss section. defined in linker script */
.word      _ebss

.equ  BootRAM, 0xF108F85F
/**
 * @brief  This is the code that gets called when the processor first
 *          starts execution following a reset event. Only the absolutely
 *          necessary set is performed, after which the application
 *          supplied main() routine is called. 
 * @param  None
 * @retval : None
*/

    .section     .text.Reset_Handler
 .weak   Reset_Handler
       .type   Reset_Handler, %function
Reset_Handler:  

/* Copy the data segment initializers from flash to SRAM */  
  movs r1, #0
  b   LoopCopyDataInit

CopyDataInit:
   ldr     r3, =_sidata
        ldr     r3, [r3, r1]
        str     r3, [r0, r1]
        adds    r1, r1, #4
    
LoopCopyDataInit:
 ldr     r0, =_sdata
 ldr     r3, =_edata
 adds    r2, r0, r1
  cmp     r2, r3
      bcc     CopyDataInit
        ldr     r2, =_sbss
  b       LoopFillZerobss
/* Zero fill the bss segment. */  
FillZerobss:
   movs    r3, #0
      str     r3, [r2], #4
    
LoopFillZerobss:
        ldr     r3, = _ebss
 cmp     r2, r3
      bcc     FillZerobss
/* Call the application's entry point.*/
    bl      main
        bx      lr    
.size Reset_Handler, .-Reset_Handler

/**
 * @brief  This is the code that gets called when the processor receives an 
 *         unexpected interrupt.  This simply enters an infinite loop, preserving
 *         the system state for examination by a debugger.
 *
 * @param  None     
 * @retval : None       
*/
    .section        .text.Default_Handler,"ax",%progbits
Default_Handler:
Infinite_Loop:
        b       Infinite_Loop
       .size   Default_Handler, .-Default_Handler
/******************************************************************************
*
* The minimal vector table for a Cortex M3.  Note that the proper constructs
* must be placed on this to ensure that it ends up at physical address
* 0x0000.0000.
*
******************************************************************************/    
  .section        .isr_vector,"a",%progbits
 .type   g_pfnVectors, %object
       .size   g_pfnVectors, .-g_pfnVectors
    
    
g_pfnVectors:
   .word   _estack
     .word   Reset_Handler
       .word   NMI_Handler
 .word   HardFault_Handler
   .word   MemManage_Handler
   .word   BusFault_Handler
    .word   UsageFault_Handler
  .word   0
   .word   0
   .word   0
   .word   0
   .word   SVC_Handler
 .word   DebugMon_Handler
    .word   0
   .word   PendSV_Handler
      .word   SysTick_Handler
     .word   WWDG_IRQHandler
     .word   PVD_IRQHandler
      .word   TAMPER_IRQHandler
   .word   RTC_IRQHandler
      .word   FLASH_IRQHandler
    .word   RCC_IRQHandler
      .word   EXTI0_IRQHandler
    .word   EXTI1_IRQHandler
    .word   EXTI2_IRQHandler
    .word   EXTI3_IRQHandler
    .word   EXTI4_IRQHandler
    .word   DMA1_Channel1_IRQHandler
    .word   DMA1_Channel2_IRQHandler
    .word   DMA1_Channel3_IRQHandler
    .word   DMA1_Channel4_IRQHandler
    .word   DMA1_Channel5_IRQHandler
    .word   DMA1_Channel6_IRQHandler
    .word   DMA1_Channel7_IRQHandler
    .word   ADC1_2_IRQHandler
   .word   USB_HP_CAN1_TX_IRQHandler
   .word   USB_LP_CAN1_RX0_IRQHandler
  .word   CAN1_RX1_IRQHandler
 .word   CAN1_SCE_IRQHandler
 .word   EXTI9_5_IRQHandler
  .word   TIM1_BRK_IRQHandler
 .word   TIM1_UP_IRQHandler
  .word   TIM1_TRG_COM_IRQHandler
     .word   TIM1_CC_IRQHandler
  .word   TIM2_IRQHandler
     .word   TIM3_IRQHandler
     .word   TIM4_IRQHandler
     .word   I2C1_EV_IRQHandler
  .word   I2C1_ER_IRQHandler
  .word   I2C2_EV_IRQHandler
  .word   I2C2_ER_IRQHandler
  .word   SPI1_IRQHandler
     .word   SPI2_IRQHandler
     .word   USART1_IRQHandler
   .word   USART2_IRQHandler
   .word   USART3_IRQHandler
   .word   EXTI15_10_IRQHandler
        .word   RTCAlarm_IRQHandler
 .word   USBWakeUp_IRQHandler    
/*
        .word TIM8_BRK
    .word   TIM8_UP
     .word   TIM8_TRG_COM
        .word   TIM8_CC
     .word   ADC3
        .word   FSMC
        .word   SDIO
        .word   TIM5
        .word   SPI3
        .word   UART4
       .word   UART5
       .word   TIM6
        .word   TIM7
        .word   DMA2_Channel1
       .word   DMA2_Channel2
       .word   DMA2_Channel3
       .word   DMA2_Channel5
*/
 .word   BootRAM          /* @0x108. This is for boot in RAM mode for 
                               STM32F10x Medium Density devices. */
        
/*******************************************************************************
*
* Provide weak aliases for each Exception handler to the Default_Handler. 
* As they are weak aliases, any function with the same name will override 
* this definition.
*
*******************************************************************************/
    
  .weak NMI_Handler
 .thumb_set NMI_Handler,Default_Handler
      
  .weak     HardFault_Handler
   .thumb_set HardFault_Handler,Default_Handler
        
  .weak     MemManage_Handler
   .thumb_set MemManage_Handler,Default_Handler
        
  .weak     BusFault_Handler
    .thumb_set BusFault_Handler,Default_Handler

     .weak   UsageFault_Handler
  .thumb_set UsageFault_Handler,Default_Handler

   .weak   SVC_Handler
 .thumb_set SVC_Handler,Default_Handler

  .weak   DebugMon_Handler
    .thumb_set DebugMon_Handler,Default_Handler

     .weak   PendSV_Handler
      .thumb_set PendSV_Handler,Default_Handler

       .weak   SysTick_Handler
     .thumb_set SysTick_Handler,Default_Handler

      .weak   WWDG_IRQHandler
     .thumb_set WWDG_IRQHandler,Default_Handler

      .weak   PVD_IRQHandler
      .thumb_set PVD_IRQHandler,Default_Handler

       .weak   TAMPER_IRQHandler
   .thumb_set TAMPER_IRQHandler,Default_Handler

    .weak   RTC_IRQHandler
      .thumb_set RTC_IRQHandler,Default_Handler

       .weak   FLASH_IRQHandler
    .thumb_set FLASH_IRQHandler,Default_Handler

     .weak   RCC_IRQHandler
      .thumb_set RCC_IRQHandler,Default_Handler

       .weak   EXTI0_IRQHandler
    .thumb_set EXTI0_IRQHandler,Default_Handler

     .weak   EXTI1_IRQHandler
    .thumb_set EXTI1_IRQHandler,Default_Handler

     .weak   EXTI2_IRQHandler
    .thumb_set EXTI2_IRQHandler,Default_Handler

     .weak   EXTI3_IRQHandler
    .thumb_set EXTI3_IRQHandler,Default_Handler

     .weak   EXTI4_IRQHandler
    .thumb_set EXTI4_IRQHandler,Default_Handler

     .weak   DMA1_Channel1_IRQHandler
    .thumb_set DMA1_Channel1_IRQHandler,Default_Handler

     .weak   DMA1_Channel2_IRQHandler
    .thumb_set DMA1_Channel2_IRQHandler,Default_Handler

     .weak   DMA1_Channel3_IRQHandler
    .thumb_set DMA1_Channel3_IRQHandler,Default_Handler

     .weak   DMA1_Channel4_IRQHandler
    .thumb_set DMA1_Channel4_IRQHandler,Default_Handler

     .weak   DMA1_Channel5_IRQHandler
    .thumb_set DMA1_Channel5_IRQHandler,Default_Handler

     .weak   DMA1_Channel6_IRQHandler
    .thumb_set DMA1_Channel6_IRQHandler,Default_Handler

     .weak   DMA1_Channel7_IRQHandler
    .thumb_set DMA1_Channel7_IRQHandler,Default_Handler

     .weak   ADC1_2_IRQHandler
   .thumb_set ADC1_2_IRQHandler,Default_Handler

    .weak   USB_HP_CAN1_TX_IRQHandler
   .thumb_set USB_HP_CAN1_TX_IRQHandler,Default_Handler

    .weak   USB_LP_CAN1_RX0_IRQHandler
  .thumb_set USB_LP_CAN1_RX0_IRQHandler,Default_Handler

   .weak   CAN1_RX1_IRQHandler
 .thumb_set CAN1_RX1_IRQHandler,Default_Handler

  .weak   CAN1_SCE_IRQHandler
 .thumb_set CAN1_SCE_IRQHandler,Default_Handler

  .weak   EXTI9_5_IRQHandler
  .thumb_set EXTI9_5_IRQHandler,Default_Handler

   .weak   TIM1_BRK_IRQHandler
 .thumb_set TIM1_BRK_IRQHandler,Default_Handler

  .weak   TIM1_UP_IRQHandler
  .thumb_set TIM1_UP_IRQHandler,Default_Handler

   .weak   TIM1_TRG_COM_IRQHandler
     .thumb_set TIM1_TRG_COM_IRQHandler,Default_Handler

      .weak   TIM1_CC_IRQHandler
  .thumb_set TIM1_CC_IRQHandler,Default_Handler

   .weak   TIM2_IRQHandler
     .thumb_set TIM2_IRQHandler,Default_Handler

      .weak   TIM3_IRQHandler
     .thumb_set TIM3_IRQHandler,Default_Handler

      .weak   TIM4_IRQHandler
     .thumb_set TIM4_IRQHandler,Default_Handler

      .weak   I2C1_EV_IRQHandler
  .thumb_set I2C1_EV_IRQHandler,Default_Handler

   .weak   I2C1_ER_IRQHandler
  .thumb_set I2C1_ER_IRQHandler,Default_Handler

   .weak   I2C2_EV_IRQHandler
  .thumb_set I2C2_EV_IRQHandler,Default_Handler

   .weak   I2C2_ER_IRQHandler
  .thumb_set I2C2_ER_IRQHandler,Default_Handler

   .weak   SPI1_IRQHandler
     .thumb_set SPI1_IRQHandler,Default_Handler

      .weak   SPI2_IRQHandler
     .thumb_set SPI2_IRQHandler,Default_Handler

      .weak   USART1_IRQHandler
   .thumb_set USART1_IRQHandler,Default_Handler

    .weak   USART2_IRQHandler
   .thumb_set USART2_IRQHandler,Default_Handler

    .weak   USART3_IRQHandler
   .thumb_set USART3_IRQHandler,Default_Handler

    .weak   EXTI15_10_IRQHandler
        .thumb_set EXTI15_10_IRQHandler,Default_Handler

 .weak   RTCAlarm_IRQHandler
 .thumb_set RTCAlarm_IRQHandler,Default_Handler

  .weak   USBWakeUp_IRQHandler
        .thumb_set USBWakeUp_IRQHandler,Default_Handler
    


My biggest concern is how to implement that moving function in fasm syntax and how exactly i declare that as the entrypoint in the output binary (it's that HLL syntax where this and that gets moved around that makes this complicated).
Post 24 Jan 2012, 03:13
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20363
Location: In your JS exploiting you and your system
revolution 24 Jan 2012, 13:05
cvtss2sd & Dex4u: Always remember to set your "processor" and "coprocessor" values to avoid disappointment with code crashing when trying to execute unsupported instructions.

Maybe I didn't stress it enough in the documentation, but setting the CPU and copro values is really important. If fasmarm chooses an encoding not supported by your CPU you would never know until it crashed in your system.

fasmarm does try to choose the instruction that is supported by the earliest CPU architectures but sometimes it is not possible and fasmarm then has to find an alternative that might only be supported by a higher capable CPU than the CPU that your code runs on. So ... always remember to set your "processor" and "coprocessor" values.
Post 24 Jan 2012, 13:05
View user's profile Send private message Visit poster's website Reply with quote
cvtss2sd



Joined: 30 Sep 2010
Posts: 48
cvtss2sd 27 Jan 2012, 19:20
Well, i don't know exactly what all my ARM uses. I know it uses a version of thumb, but the manual doesn't tell me what version. It just says "The processor implements a version of the thumb instruction set. Table 20 lists the supported instructions."

Are there any specific instructions i can look for in this table that would be dead giveaways?
Post 27 Jan 2012, 19:20
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20363
Location: In your JS exploiting you and your system
revolution 27 Jan 2012, 22:48
V4T: This is guaranteed to be supported by all THUMB inplementations
V5T: BLX reg
V6T: REV reg,reg
6M: WFI
7M: CBNZ reg,label
T2EE: CHKA reg,reg
X: BLX label
Z: SMC constant
T2: BXJ reg
V7: PLI [reg]
SYNC: LREXB reg,[rag]
DIV: SDIV reg,reg,reg
T2EE: ENTERX
MP: PLDW [reg]
Post 27 Jan 2012, 22:48
View user's profile Send private message Visit poster's website Reply with quote
cvtss2sd



Joined: 30 Sep 2010
Posts: 48
cvtss2sd 27 Jan 2012, 23:30
revolution wrote:
V4T: This is guaranteed to be supported by all THUMB inplementations
V5T: BLX reg
V6T: REV reg,reg
6M: WFI
7M: CBNZ reg,label
T2EE: CHKA reg,reg
X: BLX label
Z: SMC constant
T2: BXJ reg
V7: PLI [reg]
SYNC: LREXB reg,[rag]
DIV: SDIV reg,reg,reg
T2EE: ENTERX
MP: PLDW [reg]


Seems to support V5T, V6T, 6M, 7M, DIV,

T2EE doesn't seem to be found. The BLX mneumonic can only be applied to Rm (i'm assuming register), SMC, Z, T2, V7, SYNC and MP don't seem to be available, When i'm looking at your thumb32 example,i'm seeing some flags i don't see listed here... Is there a list of checks out there for what flags to set and what values the flags have?

EDIT: NVM, i think i can peice it together...

EDIT2: Nope. No idea. This is getting me all confused. Here's the manual. The instruction list starts on page 46.
Post 27 Jan 2012, 23:30
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.