上的ARM / Thumb解码BLX指令(IOS) [英] Decoding BLX instruction on ARM/Thumb (IOS)
问题描述
我已经通过许多ARM文档阅读,但仍然有麻烦BLX指令译码。这里有两个例子:
I've read through much of the ARM documentation but still having trouble decoding a BLX instruction. Here are two examples:
__text:0000347C 02 F0 B2 ED BLX _objc_msgSend
__text:0000469C 01 F0 A2 EC BLX _objc_msgSend
这两个都应该去同一个地方,虚拟地址0x5FE4因为在这里看到:
Both of these are supposed to go to the same place, virtual address 0x5FE4 as seen here:
__symbolstub1:00005FE4 38 F0 9F E5 LDR PC, =__imp__objc_msgSend
不过,我想不出有什么计算被用于使用他们的指令字节以上两个地址(0x347C和0x469C)得到的。根据ARM的文档,它应该是一个相对跳转,利用2右移,但数字不工作了。
However, I can't figure out what calculation is used to get from the above two addresses (0x347C and 0x469C) using their instruction bytes. According to the ARM documentation its supposed to be a relative jump, using a right shift by 2, but the numbers don't work out.
谁能帮帮忙?
推荐答案
首先,指令正在打印两个小尾数16位字段。为了配合在ARM参考手册字节顺序,你需要BYTESWAP每个字段。对第一指令,给出:
First, the instruction is being printed as two little-endian 16-bit fields. To match the byte ordering in the ARM reference manual, you need to byteswap each of the fields. For the first instruction, that gives:
F0 02 ED B2
或
11110000000000101110110110110010.
这是编码BLX指令的T2。闯入在ARM确定的领域是:
This is encoding T2 of the BLX instruction. Breaking this into the fields identified in the ARM:
11110 0 0000000010 11 1 0 1 1011011001 0
S imm10H J1 J2 imm10L
然后按照字段间pretation的说明:
Then follow the instructions for interpretation of the fields:
I1 = NOT(J1 EOR S) = 0
I2 = NOT(J2 EOR S) = 0
imm32 = SignExtend(S:I1:I2:imm10H:imm10L:00)
= SignExtend(0000000000010101101100100)
= 0x00002b64
这是precisely 0x5FE4 - 0x3480 (记住, PC 是提前4个字节在Thumb /拇指2)。
Which is precisely 0x5FE4 - 0x3480 (remember, the PC is 4 bytes ahead in Thumb/Thumb 2).
我相信你可以通过第二个例子自己的工作。
I trust you can work through the second example yourself.
这篇关于上的ARM / Thumb解码BLX指令(IOS)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
