issuhub.com

Assembly Language for Beginners

(nextflipdebug2) #1

1.33 MIPS-specific details.


4005ac: d65f03c0 ret

Contents of section .rodata:
400640 01000200 00000000 48656c6c 6f210000 ........Hello!..


As an example, let’s try to disassemble the BL instruction manually.
0x97ffffa0is 0 b 10010111111111111111111110100000. Accordingto[ARMArchitectureReferenceManual,ARMv8,
for ARMv8-A architecture profile, (2013)C5.6.26],imm26is the last 26 bits:
imm26 = 0b 11111111111111111110100000. It is0x3FFFFA0, buttheMSBis 1, so thenumber isnegative, and we
can convert it manually to convenient form for us. By the rules of negation (2.2 on page 453), just invert
all bits: (it is0b1011111=0x5F), and add 1 (0x5F+1=0x60). So the number in signed form is-0x60. Let’s
multiply-0x60by 4 (because address stored in opcode is divided by 4): it is-0x180. Now let’s calculate
destination address:0x4005a0+ (-0x180) =0x400420(please note: we consider the address of the BL
instruction, not the current value ofPC, which may be different!). So the destination address is0x400420.


More about ARM64-related relocs: [ELF for the ARM 64-bit Architecture (AArch64), (2013)]^199.


1.33 MIPS-specific details


1.33.1 Loading a 32-bit constant into register.


unsigned int f()
{
return 0x12345678;
};


All instructions in MIPS, just like ARM, have a size of 32-bit, so it’s not possible to embed a 32-bit constant
into one instruction.


So one have to use at least two instructions: the first loads the high part of the 32-bit number and the
second one applies an OR operation, which effectively sets the low 16-bit part of the target register:


Listing 1.413: GCC 4.4.5 -O3 (assembly output)

li $2,305397760 # 0x12340000

j $31

ori $2,$2,0x5678 ; branch delay slot

IDAis fully aware of such frequently encountered code patterns, so, for convenience it shows the lastORI
instruction as theLIpseudo instruction, which allegedly loads a full 32-bit number into the $V0 register.


Listing 1.414: GCC 4.4.5 -O3 (IDA)

lui $v0, 0x1234

jr $ra

li $v0, 0x12345678 ; branch delay slot

The GCC assembly output has the LI pseudo instruction, but in fact,LUI(“Load Upper Immediate”) is
there, which stores a 16-bit value into the high part of the register.


Let’s see inobjdumpoutput:


Listing 1.415: objdump

00000000 :
0: 3c021234 lui v0,0x1234
4: 03e00008 jr ra
8: 34425678 ori v0,v0,0x5678


(^199) Also available ashttp://go.yurichev.com/17288

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.