issuhub.com

Reverse Engineering for Beginners

(avery) #1 
CHAPTER 7. SCANF() CHAPTER 7. SCANF()

variables —inRAM^3. It is not very economical to store constant variables in RAM when you have ROM. Furthermore, constant

variables in RAM must be initialized, because after powering on, the RAM, obviously, contains random information.

Moving forward, we see a pointer to thex(off_2C) variable in the code segment, and that all operations with the variable

occur via this pointer. That is because thexvariable could be located somewhere far from this particular code fragment, so

its address must be saved somewhere in close proximity to the code. TheLDRinstruction in Thumb mode can only address

variables in a range of 1020 bytes from its location, and in in ARM-mode —variables in range of± 4095 bytes. And so the

address of thexvariable must be located somewhere in close proximity, because there is no guarantee that the linker would

be able to accommodate the variable somewhere nearby the code, it may well be even in an external memory chip!

One more thing: if a variable is declared asconst, the Keil compiler allocates it in the.constdatasegment. Perhaps,

thereafter, the linker could place this segment in ROM too, along with the code segment.

7.2.6 ARM64


Listing 7.7: Non-optimizing GCC 4.9.1 ARM64
1 .comm x,4,4
2 .LC0:
3 .string "Enter X:"
4 .LC1:
5 .string "%d"
6 .LC2:
7 .string "You entered %d...\n"
8 f5:
9 ; save FP and LR in stack frame:
10 stp x29, x30, [sp, -16]!
11 ; set stack frame (FP=SP)
12 add x29, sp, 0
13 ; load pointer to the "Enter X:" string:
14 adrp x0, .LC0
15 add x0, x0, :lo12:.LC0
16 bl puts
17 ; load pointer to the "%d" string:
18 adrp x0, .LC1
19 add x0, x0, :lo12:.LC1
20 ; form address of x global variable:
21 adrp x1, x
22 add x1, x1, :lo12:x
23 bl __isoc99_scanf
24 ; form address of x global variable again:
25 adrp x0, x
26 add x0, x0, :lo12:x
27 ; load value from memory at this address:
28 ldr w1, [x0]
29 ; load pointer to the "You entered %d...\n" string:
30 adrp x0, .LC2
31 add x0, x0, :lo12:.LC2
32 bl printf
33 ; return 0
34 mov w0, 0
35 ; restore FP and LR:
36 ldp x29, x30, [sp], 16
37 ret


In this case thexvariable is declared as global and its address is calculated using the ADRP/ADD instruction pair (lines 21

and 25).

7.2.7 MIPS.


Uninitialized global variable

So now thexvariable is global. Let’s compile to executable file rather than object file and load it intoIDA. IDA displays

thexvariable in the .sbss ELF section (remember the “Global Pointer”?3.5.1 on page 17), since the variable is not initialized

at the start.

(^3) Random-access memory

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.