问题
As an intro to learning Arm assembly, I'm trying to recreate disassembled functions in a higher level language. However I'm confused by the following bit of assembly:
0000315e 2101 movs r1, #1
00003160 e8dff000 tbb [pc, r0]
00003164 030e lsls r6, r1, #12
00003166 0907 lsrs r7, r0, #4
00003168 050b lsls r3, r1, #20
0000316a 2106 movs r1, #6
0000316c e008 b.n 0x3180
0000316e 2102 movs r1, #2
00003170 e006 b.n 0x3180
00003172 2103 movs r1, #3
00003174 e004 b.n 0x3180
00003176 2104 movs r1, #4
00003178 e002 b.n 0x3180
0000317a 2105 movs r1, #5
0000317c e000 b.n 0x3180
0000317e 2100 movs r1, #0
00003180 4608 mov r0, r1
00003182 4770 bx lr
I believe it may be some kind of switch statement but I'm unsure to what exactly it's doing
回答1:
Yes, that is a switch. tbb
stands for Table Branch Byte, it takes a table of byte-offsets, with base at pc
, and index at r0
, and uses that to do a branch.
So:
0000315e 2101 movs r1, #1 ; ret = default value
00003160 e8dff000 tbb [pc, r0] ; switch (r0)
; jump table, byte-sized offsets
00003164 03 0e 09 07 05 0b
; case 1: (0x3164 + 0x3 * 2)
0000316a 2106 movs r1, #6 ; ret = 6
0000316c e008 b.n 0x3180 ; break
; case 5: (0x3164 + 0x5 * 2)
0000316e 2102 movs r1, #2 ; ret = 2
00003170 e006 b.n 0x3180 ; break
; case 2: (0x3164 + 0x7 * 2)
00003172 2103 movs r1, #3
00003174 e004 b.n 0x3180
; case 3: (0x3164 + 0x9 * 2)
00003176 2104 movs r1, #4
00003178 e002 b.n 0x3180
; case 4: (0x3164 + 0xb * 2)
0000317a 2105 movs r1, #5
0000317c e000 b.n 0x3180
; default:
0000317e 2100 movs r1, #0
; case 0: (0x3164 + 0xe * 2)
: end switch
00003180 4608 mov r0, r1 ; mov ret to r0 (return value)
00003182 4770 bx lr ; return
The basic idea should be clear.
来源:https://stackoverflow.com/questions/7033847/confused-by-tbb-in-a-section-of-arm-disassembly