跳转表 - 用68K组装方面的帮助? [英] Help with 68k assembly - jump tables?
本文介绍了跳转表 - 用68K组装方面的帮助?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我工作在逆向工程IDA大Amiga的程序,我做了一吨的进展。然而,有一些东西我不能完全弄清楚。也就是说,我发现它用什么我认为是跳表几个子程序 - 但我不能完全弄清楚他们如何工作。有没有人有什么建议吗?
moveq#0,D0
move.b D7,D0;设置D0从CTRL字节
subq.w#1,D0;从中减去1
blt.w finish_29ABA;如果D0为小于1,分支
cmpi.w#$ 16 D0
bge.w finish_29ABA;如果D0为大于或等于16,分支
ADD.W D0,D0;否则,双D0
move.w dword_29918(PC,d0.w),D0
JMP dword_29918 + 2(PC,d0.w)
; -------------------------------------------------- -------------------------
dword_29918:dc.l $四〇〇〇三六; code XREF:serialCtrlCmd + E0j
dc.l $ 360036
dc.l $ 3601A0
dc.l $ 3601A0
dc.l $ 1A001A0
dc.l $ 360040
dc.l $ 2A01A0
dc.l $四十〇万〇三十六
dc.l $ 3601A0
dc.l $ 1A00036
dc.l $ 1A00036
dc.l $ 33FC0003
dc.l HEAP_3B897 + $ 41A7; CTRLRead3
; -------------------------------------------------- -------------------------
bra.w finish_29ABA
; -------------------------------------------------- -------------------------
tst.w(CTRL_36494).L
bne.w return_29AF6
moveq#1,D0
LEA((HEAP_3B897 + $ 2665))。L,A0
adda.w(CTRLRead1).L,A0
move.b D7(A0)
moveq#0,D1
move.b D7,D1
move.w D1,(CTRLRead2).L
move.w(CTRLCmds).L,D1
addq.w#1,D1
move.w D1,(CTRLCmds).L;增量CTRL CMDS 1
move.w D0,(CTRLRead3).L
bra.w finish_29ABA
解决方案
blt.w finish_29ABA; \\
cmpi.w#$ 16 D0; >这些insn则检查该指数在范围内
bge.w finish_29ABA; / ADD.W D0,D0;因为跳转表中包含的话,
;乘以2的指数,得到一个字的索引 move.w dword_29918(PC,d0.w),D0;您可以通过跳转表一个字,由D0索引 JMP dword_29918 + 2(PC,d0.w);执行一个间接跳转到(PC,D0) dword_29918:;以下是偏移连接$ C $光盘作为词
; 0040 0036 0036 0036 ...
这通常是一个C 开关语句。
I'm working on reverse engineering a large Amiga program in IDA, and I've made a ton of progress. However, there is some stuff I can't quite figure out. Namely, I have found several subroutines which use what I believe to be "jump tables" - but I can't quite figure out how they work. Does anyone have any advice?
moveq #0,d0
move.b d7,d0 ; set D0 to a byte from CTRL
subq.w #1,d0 ; subtract 1 from it
blt.w finish_29ABA ; if D0 is less than 1, branch
cmpi.w #$16,d0
bge.w finish_29ABA ; if D0 is greater than or equal to 16, branch
add.w d0,d0 ; otherwise, double D0
move.w dword_29918(pc,d0.w),d0
jmp dword_29918+2(pc,d0.w)
; ---------------------------------------------------------------------------
dword_29918: dc.l $400036 ; CODE XREF: serialCtrlCmd+E0j
dc.l $360036
dc.l $3601A0
dc.l $3601A0
dc.l $1A001A0
dc.l $360040
dc.l $2A01A0
dc.l $400036
dc.l $3601A0
dc.l $1A00036
dc.l $1A00036
dc.l $33FC0003
dc.l HEAP_3B897+$41A7 ; CTRLRead3
; ---------------------------------------------------------------------------
bra.w finish_29ABA
; ---------------------------------------------------------------------------
tst.w (CTRL_36494).l
bne.w return_29AF6
moveq #1,d0
lea ((HEAP_3B897+$2665)).l,a0
adda.w (CTRLRead1).l,a0
move.b d7,(a0)
moveq #0,d1
move.b d7,d1
move.w d1,(CTRLRead2).l
move.w (CTRLCmds).l,d1
addq.w #1,d1
move.w d1,(CTRLCmds).l ; Increment CTRL Cmds by 1
move.w d0,(CTRLRead3).l
bra.w finish_29ABA
解决方案
blt.w finish_29ABA ; \
cmpi.w #$16,d0 ; > These insns check that the index is in range
bge.w finish_29ABA ; /
add.w d0,d0 ; since the jump table contains words,
; multiply the index by 2, to get a word index
move.w dword_29918(pc,d0.w),d0 ; get a word from the jump table, indexed by d0
jmp dword_29918+2(pc,d0.w) ; perform an indirect jump to (PC,d0)
dword_29918: ; the following are offsets encoded as words
; 0040 0036 0036 0036...
This is usually the result of a C switch statement.
这篇关于跳转表 - 用68K组装方面的帮助?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
