How to classify a binary weapon instruction during dismantling
1 answer
I recently wrote an ARM emulator.
Here's the strategy I used:
Use the mask and value to check after applying the mask.
Here's a snippet from the GNU Disassembler for ARM:
(* V7 instructions. *)
(arch:ARM_EXT_V7; value:$f910f000; mask:$ff70f000; i:_und; assembly:'pli'#9'%a'),
(arch:ARM_EXT_V7; value:$f3af80f0; mask:$fffffff0; i:_und; assembly:'dbg'#9'#%0-3d'),
(arch:ARM_EXT_V7; value:$f3bf8f50; mask:$fffffff0; i:_und; assembly:'dmb'#9'%U'),
(arch:ARM_EXT_V7; value:$f3bf8f40; mask:$fffffff0; i:_und; assembly:'dsb'#9'%U'),
(arch:ARM_EXT_V7; value:$f3bf8f60; mask:$fffffff0; i:_und; assembly:'isb'#9'%U'),
And this is how you will apply it:
- Read the bytes of the next instruction.
- Correct the large / small endian mode if necessary.
-
if (InstructionBytes and Mask) = value
, then we have a correspondence - Interprets the remaining bits according to the instructions in the assembly line.
- If ARM interprets condition code etc.
You need to make sure you are applying the masks in the correct order.
First, you should check the instructions presented in the new edition.
No need to worry if you are in ARM or Thumb mode.
Simply disassemble for both and store both disassembly side by side. If a mode change occurs, switch the table from which you are reading your parsed instructions.
+1
source to share