Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for ARM NEON instructions #547

Closed
1 task
radare opened this issue Jan 17, 2014 · 10 comments
Closed
1 task

Add support for ARM NEON instructions #547

radare opened this issue Jan 17, 2014 · 10 comments
Labels
enhancement New Architecture
Milestone
0.9.8

Comments

@radare
Copy link
Collaborator

radare commented Jan 17, 2014

  • add support for ARM neon instructions:
    __text:00003702 C0 EF 50 00                       VMOV.I32        Q8, #0x80

-- > more info about neon instructions: http://www.crickettechnology.com/blog/?p=691

Capstone and GNU seems to fail here.. what does darm do?
@radare
Copy link
Collaborator Author

radare commented May 31, 2014

Latest capstone reports:

$ rasm2 -a arm.cs -d c0ef5000
subseq lr, r0, r0, asr 31
$ rasm2 -e -a arm.cs -d c0ef5000
rscgt r5, pc, r0

@Maijin
Copy link
Contributor

Maijin commented May 31, 2014

http://www.capstone-engine.org/arch.html <- Neon seems to be supported tests should be created #911

@aquynh
Copy link

aquynh commented Jun 1, 2014

see https://twitter.com/ceb0t/status/472902221315592192

?

@radare
Copy link
Collaborator Author

radare commented Jun 1, 2014

There are other instructions that are not correctly disassembled by capstone.

00000ee0    f960488f    vld2.32 {d20-d21}, [r0]

See https://twitter.com/ceb0t/status/472903166015438848 and https://twitter.com/ceb0t/status/472903339101798400

@radare
Copy link
Collaborator Author

radare commented Jun 1, 2014

More invalid instructions:

$ cat ops
00000ecc    ee813b90    vdup.32 d17, r3
00000ed0    f9e93c8f    vld1.32 {d19[]}, [r9]
00000ed4    eb0001c1    add.w   r1, r0, r1, lsl #3
00000ed8    f9e20c8f    vld1.32 {d16[]}, [r2]
00000edc    ee82cb90    vdup.32 d18, ip
00000ee0    f960488f    vld2.32 {d20-d21}, [r0]
00000ee4    efe48ca3    vmull.s32   q12, d20, d19
00000ee8    efe46ca2    vmull.s32   q11, d20, d18
00000eec    efe588a1    vmlal.s32   q12, d21, d17
00000ef0    efe568a0    vmlal.s32   q11, d21, d16
00000ef4    efe85838    vqshrun.s32 d21, q12, #8
00000ef8    efe84836    vqshrun.s32 d20, q11, #8
00000efc    f940488d    vst2.32 {d20-d21}, [r0]!

# CAPSTONE
$ for a in `cat ops |awk '{print $2}'` ; do rasm2 -aarm.cs -b16  -d $a ; done
strh r6, [r5, 0xe]
str r0, [sp, 0xec]
ldrd r8, pc, [sb, 0xf0]!
lsls r3, r5, 3
stm r1!, {r0}
b 0x5f6
ldrh r4, [r1, 0x38]
strh r6, [r5, 0x16]
str r0, [sp, 0x32c]
str r1, [r7, 0xc]
ldrh r0, [r1, 0x3a]
b -0x61e
adr r3, 0x230
b -0x61e
adr r2, 0x1b0
b -0x41e
adr r1, 0x220
b -0x41e
adr r0, 0x1a0
strd r3, r8, [pc], 0x160
strd r3, r6, [pc], 0x120
lsrs r1, r7
ldrh r0, [r1, 0x2a]

# GNU
$ for a in `cat ops |awk '{print $2}'` ; do rasm2 -b16 -e -aarm -d $a ; done
vdup.32 d17, r3
vld1.32 {d19[]}, [r9]
add.w r1, r0, r1, lsl 3
vld1.32 {d16[]}, [r2]
vdup.32 d18, ip
vld2.32 {d20-d21}, [r0]
vmull.s32 q12, d20, d19
vmull.s32 q11, d20, d18
vmlal.s32 q12, d21, d17
vmlal.s32 q11, d21, d16
vshrn.i64 d21, q12, 24
vshrn.i64 d20, q11, 24
vst2.32 {d20-d21}, [r0]!

@aquynh
Copy link

aquynh commented Jun 1, 2014

is this all Thumb instructions??

thanks.

On Sun, Jun 1, 2014 at 7:57 AM, radare notifications@github.com wrote:

More invalid instructions:

00000ecc ee813b90 vdup.32 d17, r3
00000ed0 f9e93c8f vld1.32 {d19[]}, [r9]
00000ed4 eb0001c1 add.w r1, r0, r1, lsl #3
00000ed8 f9e20c8f vld1.32 {d16[]}, [r2]
00000edc ee82cb90 vdup.32 d18, ip
00000ee0 f960488f vld2.32 {d20-d21}, [r0]
00000ee4 efe48ca3 vmull.s32 q12, d20, d19
00000ee8 efe46ca2 vmull.s32 q11, d20, d18
00000eec efe588a1 vmlal.s32 q12, d21, d17
00000ef0 efe568a0 vmlal.s32 q11, d21, d16
00000ef4 efe85838 vqshrun.s32 d21, q12, #8
00000ef8 efe84836 vqshrun.s32 d20, q11, #8
00000efc f940488d vst2.32 {d20-d21}, [r0]!

$ for a in cat ops |awk '{print $2}' ; do rasm2 -aarm.cs -e -d $a ; done
vdup.32 d17, r3
invalid
bl 0x70c
invalid
vdup.32 d18, ip
invalid
svc 0xe48ca3
svc 0xe46ca2
svc 0xe588a1
svc 0xe568a0
svc 0xe85838
svc 0xe84836
invalid

GNU
$ for a in cat ops |awk '{print $2}' ; do rasm2 -b16 -e -aarm -d $a ; done
vdup.32 d17, r3
vld1.32 {d19[]}, [r9]
add.w r1, r0, r1, lsl 3
vld1.32 {d16[]}, [r2]
vdup.32 d18, ip
vld2.32 {d20-d21}, [r0]
vmull.s32 q12, d20, d19
vmull.s32 q11, d20, d18
vmlal.s32 q12, d21, d17
vmlal.s32 q11, d21, d16
vshrn.i64 d21, q12, 24
vshrn.i64 d20, q11, 24
vst2.32 {d20-d21}, [r0]!


Reply to this email directly or view it on GitHub
#547 (comment).

@radare
Copy link
Collaborator Author

radare commented Jun 1, 2014

If the paste (and the article) and gnu are correct. Yes

On 01 Jun 2014, at 05:40, Nguyen Anh Quynh notifications@github.com wrote:

is this all Thumb instructions??

thanks.

On Sun, Jun 1, 2014 at 7:57 AM, radare notifications@github.com wrote:

More invalid instructions:

00000ecc ee813b90 vdup.32 d17, r3
00000ed0 f9e93c8f vld1.32 {d19[]}, [r9]
00000ed4 eb0001c1 add.w r1, r0, r1, lsl #3
00000ed8 f9e20c8f vld1.32 {d16[]}, [r2]
00000edc ee82cb90 vdup.32 d18, ip
00000ee0 f960488f vld2.32 {d20-d21}, [r0]
00000ee4 efe48ca3 vmull.s32 q12, d20, d19
00000ee8 efe46ca2 vmull.s32 q11, d20, d18
00000eec efe588a1 vmlal.s32 q12, d21, d17
00000ef0 efe568a0 vmlal.s32 q11, d21, d16
00000ef4 efe85838 vqshrun.s32 d21, q12, #8
00000ef8 efe84836 vqshrun.s32 d20, q11, #8
00000efc f940488d vst2.32 {d20-d21}, [r0]!

$ for a in cat ops |awk '{print $2}' ; do rasm2 -aarm.cs -e -d $a ; done
vdup.32 d17, r3
invalid
bl 0x70c
invalid
vdup.32 d18, ip
invalid
svc 0xe48ca3
svc 0xe46ca2
svc 0xe588a1
svc 0xe568a0
svc 0xe85838
svc 0xe84836
invalid

GNU
$ for a in cat ops |awk '{print $2}' ; do rasm2 -b16 -e -aarm -d $a ; done
vdup.32 d17, r3
vld1.32 {d19[]}, [r9]
add.w r1, r0, r1, lsl 3
vld1.32 {d16[]}, [r2]
vdup.32 d18, ip
vld2.32 {d20-d21}, [r0]
vmull.s32 q12, d20, d19
vmull.s32 q11, d20, d18
vmlal.s32 q12, d21, d17
vmlal.s32 q11, d21, d16
vshrn.i64 d21, q12, 24
vshrn.i64 d20, q11, 24
vst2.32 {d20-d21}, [r0]!


Reply to this email directly or view it on GitHub
#547 (comment).


Reply to this email directly or view it on GitHub.

@aquynh
Copy link

aquynh commented Jun 2, 2014

i am away, so please can you cross-check these instructions with IDA?

for example, instruction "vqshrun.s32 d20, q11, #8" is encoded as 3648d8f3
on Arm or d8f33648 on Thumb, but not as efe84836.
so i doubt that libopcodes is correct, as it is known to be very buggy for
Arm

thanks.

@aquynh
Copy link

aquynh commented Jun 19, 2014

On Mon, Jun 2, 2014 at 8:00 AM, Nguyen Anh Quynh aquynh@gmail.com wrote:

i am away, so please can you cross-check these instructions with IDA?

for example, instruction "vqshrun.s32 d20, q11, #8" is encoded as 3648d8f3
on Arm or d8f33648 on Thumb, but not as efe84836.
so i doubt that libopcodes is correct, as it is known to be very buggy for
Arm

so what about these instructions? did you confirm with IDA yet?

@radare
Copy link
Collaborator Author

radare commented Jun 19, 2014

IDA seems to report the same disassembly as capstone or gnu, i'm confused about the article contents, the test i did was done with a hello world program compiled with the iOS SDK, and placing the same bytes in the main symbol makes no difference on r2 or IDA.

http://x90.es/idaneon

@radare radare closed this as completed Jul 1, 2014
yossizap pushed a commit to yossizap/radare2 that referenced this issue Dec 30, 2019
@Vane11ope @thestr4ng3r
adding Open Shellcode function to the New menu mode (Fix radareorg#547)…
ae69dc0 
… (radareorg#609)

* layout done for the shellcode paste function

* paste shellcode functionality done

* fixed a bunch of things for the comments

* replaced the old qregexp with the latest one and some tweaks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New Architecture
Projects
None yet
Milestone
0.9.8
Development

No branches or pull requests
4 participants
@XVilka @radare @Maijin @aquynh