固件补丁的 ARM/Thumb 代码...如何告诉 gcc 汇编器/链接器到 BL 到绝对地址? [英] ARM/Thumb code for firmware patches...How to tell gcc assembler / linker to BL to absolute addr?
问题描述
我正在尝试编写固件模块(针对现有固件,我没有源代码)所有 Thumb 代码.
I'm trying to write a firmware mod (to existing firmware, for which i don't have source code) All Thumb code.
是否有人知道如何在 gcc as (GAS) 汇编程序中执行此操作:使用 BL 无需手动计算偏移量,当 BL 使用某些现有函数(不在我的代码中......但我知道它的地址)
does anybody have any idea how to do this, in gcc as (GAS) assembler:
Use BL without having to manually calculate offsets, when BL'ing to some existing function (not in my code.. but i know its address)
目前,如果我想使用 BL ...我必须:- 返回我的代码-找出并添加在我正在编写的函数中组装所有先前指令所产生的所有字节- 将我的函数的起始地址添加到其中(我在链接描述文件中指定了我正在编写的内容的起始地址)-然后减去我要调用的firmfunc函数的地址
Currently, if i want to use BL ...i have to :
-go back in my code
-figure out and add all the bytes that would result from assembling all the previous instructions in the function i'm writing
-add the begining address of my function to that (i specify the starting address of what i'm writing, in the linker script)
-and then substract the address of the firmfunc function i want to call
所有这些...只是为了计算偏移量...能够编写bl偏移量...来调用现有的固件函数?如果我在 BL 之前更改任何代码,我必须手动重新做一遍!
看.. 这就是为什么我想学习使用 BX 正确...而不是 BL
All this... just to calculate the offset... to be able to write abl offset... to call an existing firmware function?
And if i change any code before that BL, i have to do it all over again manually !
See.. this is why i want to learn to use BX right... instead of BL
另外,我不太了解 BX.如果我使用 BX 跳转到绝对地址,从 Thumb 代码(以保持 lsb 字节为 1)校准 Thumb 代码时,我是否必须将实际地址增加 1...并且 CPU 将知道它是拇指代码?
Also, i don't quite understand the BX. If i use BX to jump to an absolute address, do i have to increase the actual address by 1, when caling Thumb code from Thumb code (to keep the lsb byte 1)... and the CPU will know it's thumb code ?
推荐答案
BIG
根据我最近学到的知识和对问题的更好理解更改答案
Changing the answer based on what I have learned recently and a better understanding of the question
首先我不知道如何告诉链接器生成一个 bl 到一个硬编码地址的地址,而不是实际上在这段代码中.您可能会尝试构建一个带有标签等但虚拟或没有代码的 elf 文件,不知道这是否会欺骗链接器.您还必须修改链接器脚本.不值得.
First off I dont know how to tell the linker to generate a bl to an address that is a hardcoded address and not actually in this code. You might try to rig up an elf file that has labels and such but dummy or no code, dont know if that will fool the linker or not. You would have to modify the linker script as well. not worth it.
您由此提出的另一个问题:
your other question that was spawned from this one:
Arm/Thumb:在 Thumb 代码中使用 BX,调用 Thumb 函数,或跳转到另一个函数中的 Thumb 指令
对于分支,这很好用:
LDR R6, =0x24000
ADD R6, #1 @ (set lsb to 1)
BX R6
或保存一条指令,然后执行此操作
or save an instruction and just do this
LDR R6, =0x24001
BX R6
如果你想分支链接并且你知道地址并且你处于拇指模式并且想要获得拇指代码那么
if you want to branch link and you know the address and you are in thumb mode and want to get to thumb code then
ldr r6,=0x24001
bl thumb_trampoline
;@returns here
...
.thumb_func
thumb_trampoline:
bx r6
如果您以手臂模式开始,并且想要在您已经知道的地址获取拇指代码,则几乎完全相同.
And almost the exact same if you are starting in arm mode, and want to get to thumb code at an address you already know.
ldr r6,=0x24001
bl arm_trampoline
;@returns here
...
arm_trampoline:
bx r6
您必须知道您可以通过这种方式破坏 r6(确保 r6 没有保存一些调用此代码的代码正在使用的值).
You have to know that you can trash r6 in this way (make sure r6 isnt saving some value being used by some code that called this code).
很抱歉用另一个答案误导您,我可以发誓 mov lr,pc 将 lsbit 作为一种模式引入,但它没有.
Very sorry misleading you with the other answer, I could swear that mov lr,pc pulled in the lsbit as a mode, but it doesnt.
这篇关于固件补丁的 ARM/Thumb 代码...如何告诉 gcc 汇编器/链接器到 BL 到绝对地址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
