本文介绍了在ARM反汇编的一段中被TBB弄糊涂了的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
作为学习 Arm 汇编的介绍,我正在尝试用更高级的语言重新创建反汇编的函数.但是,我对以下汇编感到困惑:
As an intro to learning Arm assembly, I'm trying to recreate disassembled functions in a higher level language. However I'm confused by the following bit of assembly:
0000315e 2101 movs r1, #1
00003160 e8dff000 tbb [pc, r0]
00003164 030e lsls r6, r1, #12
00003166 0907 lsrs r7, r0, #4
00003168 050b lsls r3, r1, #20
0000316a 2106 movs r1, #6
0000316c e008 b.n 0x3180
0000316e 2102 movs r1, #2
00003170 e006 b.n 0x3180
00003172 2103 movs r1, #3
00003174 e004 b.n 0x3180
00003176 2104 movs r1, #4
00003178 e002 b.n 0x3180
0000317a 2105 movs r1, #5
0000317c e000 b.n 0x3180
0000317e 2100 movs r1, #0
00003180 4608 mov r0, r1
00003182 4770 bx lr
我相信这可能是某种 switch 语句,但我不确定它到底在做什么
I believe it may be some kind of switch statement but I'm unsure to what exactly it's doing
推荐答案
是的,那是一个开关.tbb代表Table Branch Byte,它需要一个字节偏移表,以pc为基数,r0,并使用它来做一个分支.
Yes, that is a switch. tbb stands for Table Branch Byte, it takes a table of byte-offsets, with base at pc, and index at r0, and uses that to do a branch.
所以:
0000315e 2101 movs r1, #1 ; ret = default value
00003160 e8dff000 tbb [pc, r0] ; switch (r0)
; jump table, byte-sized offsets
00003164 03 0e 09 07 05 0b
; case 1: (0x3164 + 0x3 * 2)
0000316a 2106 movs r1, #6 ; ret = 6
0000316c e008 b.n 0x3180 ; break
; case 5: (0x3164 + 0x5 * 2)
0000316e 2102 movs r1, #2 ; ret = 2
00003170 e006 b.n 0x3180 ; break
; case 2: (0x3164 + 0x7 * 2)
00003172 2103 movs r1, #3
00003174 e004 b.n 0x3180
; case 3: (0x3164 + 0x9 * 2)
00003176 2104 movs r1, #4
00003178 e002 b.n 0x3180
; case 4: (0x3164 + 0xb * 2)
0000317a 2105 movs r1, #5
0000317c e000 b.n 0x3180
; default:
0000317e 2100 movs r1, #0
; case 0: (0x3164 + 0xe * 2)
: end switch
00003180 4608 mov r0, r1 ; mov ret to r0 (return value)
00003182 4770 bx lr ; return
基本思路要清晰.
这篇关于在ARM反汇编的一段中被TBB弄糊涂了的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!