Hi All,
I am trying to do reverse engineering i.e. i am trying to get the signature of the function from the arm assembly code. I want to know how can we extract function signature from arm assembly code.
pradeepmisra 0 Newbie Poster
Salem 5,199 Posting Sage
Find the manual for an ARM C compiler.
Look up "calling conventions"
pradeepmisra 0 Newbie Poster
Hi I got some useful information regarding ARM architecture,this can be useful for others also:
* r0-r3 are the argument and scratch registers; r0-r1 are also the result registers
* r4-r8 are callee-save registers
* r9 might be a callee-save register or not (on some variants of AAPCS it is a special register)
* r10-r11 are callee-save registers
* r12-r15 are special registers
A callee-save register must be saved by the callee (in opposition to a caller-save register, where the caller saves the register); so, if this is the ABI you are using, you do not have to save r10 before calling another function (the other function is responsible for saving it).
Edit: Which compiler you are using makes no difference; gcc in particular can be configured for several different ABIs, and it can even be changed on the command line. Looking at the prologue/epilogue code it generates is not that useful, since it is tailored for each function and the compiler can use other ways of saving a register (for instance, saving it in the middle of a function).
pradeepmisra 0 Newbie Poster
Hi I am also doing same type of work, I working with very complex arm assembly code, can you help me what should be the data type of passed arguments in the called function.
31be60d4 b5f0 push {r4, r5, r6, r7, lr}
31be60d6 af03 add r7, sp, #12
31be60d8 4b32 ldr r3, [pc, #200] (0x31be61a4)
31be60da b08f sub sp, #60
31be60dc 1c0e mov r6, r1 (add r6, r1, #0)
31be60de 9303 str r3, [sp, #12]
31be60e0 9005 str r0, [sp, #20]
31be60e2 ed86f012 blx 0x31bf8bf0 ; symbol stub for: _mig_get_reply_port
31be60e6 4b30 ldr r3, [pc, #192] (0x31be61a8)
31be60e8 2103 mov r1, #3
31be60ea 9308 str r3, [sp, #32]
31be60ec 2300 mov r3, #0
31be60ee 9301 str r3, [sp, #4]
31be60f0 9302 str r3, [sp, #8]
31be60f2 2218 mov r2, #24
31be60f4 2330 mov r3, #48
31be60f6 ad03 add r5, sp, #12
31be60f8 9006 str r0, [sp, #24]
31be60fa 9000 str r0, [sp, #0]
31be60fc a803 add r0, sp, #12
31be60fe ed18f012 blx 0x31bf8b30 ; symbol stub for: _mach_msg
31be6102 1e04 sub r4, r0, #0
31be6104 d014 beq 0x31be6130
31be6106 4b29 ldr r3, [pc, #164] (0x31be61ac)
31be6108 429c cmp r4, r3
31be610a d00d beq 0x31be6128
31be610c 429c cmp r4, r3
31be610e dc06 bgt 0x31be611e
31be6110 4b27 ldr r3, [pc, #156] (0x31be61b0)
31be6112 429c cmp r4, r3
31be6114 d008 beq 0x31be6128
31be6116 9806 ldr r0, [sp, #24]
31be6118 ed72f012 blx 0x31bf8c00 ; symbol stub for: _mig_put_reply_port
31be611c e03f b 0x31be619e
31be611e 4b25 ldr r3, [pc, #148] (0x31be61b4)
31be6120 429c cmp r4, r3
31be6122 d001 beq 0x31be6128
31be6124 3303 add r3, #3
31be6126 e7f4 b 0x31be6112
31be6128 9806 ldr r0, [sp, #24]
31be612a ed5af012 blx 0x31bf8be0 ; symbol stub for: _mig_dealloc_reply_port
31be612e e036 b 0x31be619e
31be6130 9b08 ldr r3, [sp, #32]
31be6132 4a21 ldr r2, [pc, #132] (0x31be61b8)
31be6134 4293 cmp r3, r2
31be6136 d005 beq 0x31be6144
31be6138 2b47 cmp r3, #71
31be613a d101 bne 0x31be6140
31be613c 4c1f ldr r4, [pc, #124] (0x31be61bc)
31be613e e02e b 0x31be619e
31be6140 4c1f ldr r4, [pc, #124] (0x31be61c0)
31be6142 e02c b 0x31be619e
31be6144 9b03 ldr r3, [sp, #12]
31be6146 9a04 ldr r2, [sp, #16]
31be6148 2b00 cmp r3, #0
31be614a db27 blt 0x31be619c
31be614c 2a28 cmp r2, #40
31be614e d005 beq 0x31be615c
31be6150 2a24 cmp r2, #36
31be6152 d123 bne 0x31be619c
31be6154 980b ldr r0, [sp, #44]
31be6156 2800 cmp r0, #0
31be6158 d103 bne 0x31be6162
31be615a e01f b 0x31be619c
31be615c 980b ldr r0, [sp, #44]
31be615e 2800 cmp r0, #0
31be6160 d00d beq 0x31be617e
31be6162 4b18 ldr r3, [pc, #96] (0x31be61c4)
31be6164 7f2a ldrb r2, [r5, #28]
31be6166 447b add r3, pc
31be6168 681b ldr r3, [r3, #0]
31be616a 791b ldrb r3, [r3, #4]
31be616c 429a cmp r2, r3
31be616e d002 beq 0x31be6176
31be6170 9b0b ldr r3, [sp, #44]
31be6172 ba18 rev r0, r3
31be6174 900b str r0, [sp, #44]
31be6176 2800 cmp r0, #0
31be6178 d00b beq 0x31be6192
31be617a 1c04 mov r4, r0 (add r4, r0, #0)
31be617c e00f b 0x31be619e
31be617e 4b12 ldr r3, [pc, #72] (0x31be61c8)
31be6180 7f2a ldrb r2, [r5, #28]
31be6182 447b add r3, pc
31be6184 681b ldr r3, [r3, #0]
31be6186 791b ldrb r3, [r3, #4]
31be6188 429a cmp r2, r3
31be618a d002 beq 0x31be6192
31be618c 9b0b ldr r3, [sp, #44]
31be618e ba1b rev r3, r3
31be6190 930b str r3, [sp, #44]
31be6192 2324 mov r3, #36
31be6194 2400 mov r4, #0
31be6196 5ceb ldrb r3, [r5, r3]
31be6198 7033 strb r3, [r6, #0]
31be619a e000 b 0x31be619e
31be619c 4c0b ldr r4, [pc, #44] (0x31be61cc)
31be619e b00f add sp, #60
31be61a0 1c20 mov r0, r4 (add r0, r4, #0)
31be61a2 bdf0 pop {r4, r5, r6, r7, pc}
31be61a4 1513 asr r3, r2, #20
31be61a6 0000 lsl r0, r0, #0
31be61a8 b48d push {r0, r2, r3, r7}
31be61aa 0054 lsl r4, r2, #1
31be61ac 4002 and r2, r0
31be61ae 1000 asr r0, r0, #0
31be61b0 0009 lsl r1, r1, #0
31be61b2 1000 asr r0, r0, #0
31be61b4 4006 and r6, r0
31be61b6 1000 asr r0, r0, #0
31be61b8 b4f1 push {r0, r4, r5, r6, r7}
31be61ba 0054 lsl r4, r2, #1
31be61bc fecc second half of BL instruction 0xfecc
31be61be ffff second half of BL instruction 0xffff
31be61c0 fed3 second half of BL instruction 0xfed3
31be61c2 ffff second half of BL instruction 0xffff
31be61c4 713e strb r6, [r7, #4]
31be61c6 07ff lsl r7, r7, #31
31be61c8 7122 strb r2, [r4, #4]
31be61ca 07ff lsl r7, r7, #31
31be61cc fed4 second half of BL instruction 0xfed4
31be61ce ffff second half of BL instruction 0xffff Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.