thumb

Using BX in Thumb code to call a Thumb function, or to jump to a Thumb instruction in another function

落爺英雄遲暮 提交于 2019-11-27 12:24:40
问题 I'm trying to learn skills useful in firmware modding (for which i don't have source code) These questions concern use of BX from thumb code to jump or call other existing thumb code. How do i use BX to JUMP to existing firmware THUMB code, from my THUMB code. How do i use BX to CALL an existing THUMB function (must set LR first), from my THUMB code. My understanding is that cpu looks at lsb bit (bit 0) and i have to make sure this is set to 1 in order to keep cpu state to "thumb state". So I

Can _start be the thumb function?

强颜欢笑 提交于 2019-11-27 05:37:29
Help me please with gnu assembler for arm926ejs cpu. I try to build a simple program(test.S): .global _start _start: mov r0, #2 bx lr and success build it: arm-none-linux-gnueabi-as -mthumb -o test.o test.S arm-none-linux-gnueabi-ld -o test test.o but when I run the program in the arm target linux environment, I get an error: ./test Segmentation fault What am I doing wrong? Can _start function be the thumb func? or It is always arm func? artless noise Can _start be a thumb function (in a Linux user program)? Yes it can. The steps are not as simple as you may believe. Please use the .code 16 as

Function address in ARM assembly have one byte offset?

南笙酒味 提交于 2019-11-26 22:25:19
问题 For example, I have the following assembly code got by objdump . The address of f() is 080001d4 . But printf("%x", f) outputs 080001d5 . And f() can be done by (*((int (*)())080001d5))() but (*((int (*)())080001d4))() . Why there is one byte offset in function address? 080001d4 <f>: 80001d4: 2000 movs r0, #0 80001d6: 4770 bx lr 回答1: ARM has two instruction modes, and the least-significant bit of the address is used to indicate which mode a given function uses. Odd addresses for Thumb mode,
订阅 thumb