Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

arm improvements/refactoring #13665

Merged
merged 4 commits into from
Apr 8, 2019
Merged

arm improvements/refactoring #13665

merged 4 commits into from
Apr 8, 2019

Conversation

daddesio
Copy link
Contributor

@daddesio daddesio commented Apr 8, 2019

My goal was to add a new glibc signature (so "s main" would work), and I ended up fixing other issues as well.

gcc-linaro-arm-linux-gnueabi-2012.01-20120125_linux (GCC 4.6.3, glibc 2.13) produces binaries with the following entry point that require the new signature:

[0x000082bc]> pd20
            ;-- entry0:
            ;-- section..text:
            ;-- pc:
            ;-- r15:
            0x000082bc      4ff0000b       mov.w fp, 0                 ; [13] -r-x section size 220 named .text
            0x000082c0      4ff0000e       mov.w lr, 0
            0x000082c4      5df8041b       ldr r1, [sp], 4
            0x000082c8      6a46           mov r2, sp
            0x000082ca      4df8042d       str r2, [sp, -0x4]!
            0x000082ce      4df8040d       str r0, [sp, -0x4]!
            0x000082d2      dff814c0       ldr.w ip, [0x000082e8]      ; [0x82e8:4]=0x8395
            0x000082d6      4df804cd       str ip, [sp, -0x4]!
            0x000082da      0448           ldr r0, [0x000082ec]        ; [0x82ec:4]=0x8334
            0x000082dc      044b           ldr r3, [0x000082f0]        ; [0x82f0:4]=0x8351
            0x000082de      fff7daef       blx sym.imp.__libc_start_main
            0x000082e2      fff7e6ef       blx sym.imp.abort
            0x000082e6      0000           movs r0, r0
            0x000082e8      9583           strh r5, [r2, 0x1c]
            0x000082ea      0000           movs r0, r0
            0x000082ec      3483           strh r4, [r6, 0x18]
            0x000082ee      0000           movs r0, r0
            0x000082f0      5183           strh r1, [r2, 0x1a]
            0x000082f2      0000           movs r0, r0
            0x000082f4      034b           ldr r3, [0x00008304]        ; [0x8304:4]=0x81a8

daddesio added 4 commits April 8, 2019 11:59
@daddesio
arm: Move op analysis from anop_esil to anop
44b0cac 
This matches how other archs do it, such as x86.
@daddesio
arm: Move brace postfixing to bottom of function
5bdc669 
The analop_esil/analop64_esil functions have to wrap braces around the
ESIL expression if there's a condition code. Instead of only printing
the closing brace on certain instructions (which may differ from
arm_prefix_cond one day), print it regardless of the instruction.
@daddesio
arm: Cleanup br instruction handling
95d7eb0 
The cleaned up code fixes the following issues:
1. "bx pc" should always change to ARM mode (bits=32), never
   Thumb mode (bits=16), since PC is always even.
2. Use (addr & ~3LL) + pcdelta for all PC-relative arithmetic.

and removes checks for "b reg"/"bl reg"/"bx imm"/"bxj imm" as
these instructions don't exist.
@daddesio
arm: Improve glibc entry point signatures
808cf86 
Two changes:
1. Add signature for old gcc (4.6) that uses ldr/str instead
   of push/pop.
2. Mask out the Thumb bit from main's vaddr.
@daddesio
Copy link
Contributor Author

daddesio commented Apr 8, 2019
edited
Loading

Actually, patch #3 ("Cleanup br instruction") is wrong. In the emulator, we shouldn't be masking out the Thumb bit from PC because that will prevent the emulator from staying in Thumb mode.

Edit: Actually, the patch is correct because I only mask out the Thumb bit on the PC-relative branches (since PC is always even, even when you are in Thumb mode, according to my testing, which is why BX PC always brings you to ARM mode). I didn't change anything for the other types of branches.

@radare
Copy link
Collaborator

radare commented Apr 8, 2019 via email

@radare radare merged commit dff5115 into radareorg:master Apr 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@daddesio @radare