yetangitu/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2025-10-04 18:29:37 +02:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'origin/GT-3149_ghidra1_PE_ARM'

Browse source
This commit is contained in:
ghidra1 2019-09-17 11:42:50 -04:00
commit bc76ea6ae5
11 changed files with 121 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Ghidra/Features/Base/src/main/java/ghidra/app/plugin/debug/DbViewerComponent.java
View file

@ -200,12 +200,12 @@ class DbViewerComponent extends JPanel {
GTable gTable = new GTable(); GTable gTable = new GTable();
if (table.getRecordCount() <= 10000) { if (table.getRecordCount() <= 10000) {
model = new DbSmallTableModel(table); model = new DbSmallTableModel(table);
gTable.setDefaultRenderer(Long.class, new LongRenderer());
} }
else { else {
model = new DbLargeTableModel(table); model = new DbLargeTableModel(table);
} }
gTable.setModel(model); gTable.setModel(model);
gTable.setDefaultRenderer(Long.class, new LongRenderer());
JScrollPane scroll = new JScrollPane(gTable); JScrollPane scroll = new JScrollPane(gTable);
panel.add(scroll, BorderLayout.CENTER); panel.add(scroll, BorderLayout.CENTER);

12
Ghidra/Features/Base/src/main/java/ghidra/app/plugin/debug/dbtable/LongRenderer.java
View file

@ -17,18 +17,19 @@ package ghidra.app.plugin.debug.dbtable;
import java.awt.Component; import java.awt.Component;
import javax.swing.*; import javax.swing.JLabel;
import javax.swing.SwingConstants;
import docking.widgets.table.GTableCellRenderer; import docking.widgets.table.GTableCellRenderer;
import docking.widgets.table.GTableCellRenderingData; import docking.widgets.table.GTableCellRenderingData;
import ghidra.docking.settings.Settings;
public class LongRenderer extends GTableCellRenderer { public class LongRenderer extends GTableCellRenderer {
@Override @Override
public Component getTableCellRendererComponent(GTableCellRenderingData data) { public Component getTableCellRendererComponent(GTableCellRenderingData data) {
JLabel renderer = JLabel renderer = (JLabel) super.getTableCellRendererComponent(data);
(JLabel) super.getTableCellRendererComponent(data);
renderer.setHorizontalAlignment(SwingConstants.LEADING); renderer.setHorizontalAlignment(SwingConstants.LEADING);
@ -39,4 +40,9 @@ public class LongRenderer extends GTableCellRenderer {
protected String getText(Object value) { protected String getText(Object value) {
return value == null ? "" : "0x" + Long.toHexString((Long) value); return value == null ? "" : "0x" + Long.toHexString((Long) value);
} }
@Override
protected String formatNumber(Number value, Settings settings) {
return getText(value);
}
} }

5
Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/app/plugin/processors/sleigh/SleighLanguageProvider.java
View file

@ -369,7 +369,10 @@ public class SleighLanguageProvider implements LanguageProvider {
catch (SleighException ex) { // Error with the manual shouldn't prevent language from loading catch (SleighException ex) { // Error with the manual shouldn't prevent language from loading
Msg.error(this, ex.getMessage()); Msg.error(this, ex.getMessage());
} }
descriptions.put(id, description); if (descriptions.put(id, description) != null) {
Msg.showError(this, null, "Duplicate Sleigh Language ID",
"Language " + id + " previously defined: " + defsFile);
}
} }
parser.end(start); parser.end(start);
} }

3
Ghidra/Processors/AARCH64/data/languages/AARCH64_win.cspec
View file

@ -25,6 +25,9 @@
<entry size="8" alignment="8" /> <entry size="8" alignment="8" />
<entry size="16" alignment="16" /> <entry size="16" alignment="16" />
</size_alignment_map> </size_alignment_map>
<bitfield_packing>
<use_MS_convention value="true"/>
</bitfield_packing>
</data_organization> </data_organization>
<global> <global>

2
Ghidra/Processors/ARM/certification.manifest
View file

@ -5,7 +5,6 @@ data/languages/ARM.cspec||GHIDRA||||END|
data/languages/ARM.dwarf||GHIDRA||||END| data/languages/ARM.dwarf||GHIDRA||||END|
data/languages/ARM.ldefs||GHIDRA||||END| data/languages/ARM.ldefs||GHIDRA||||END|
data/languages/ARM.opinion||GHIDRA||||END| data/languages/ARM.opinion||GHIDRA||||END|
data/languages/ARM.pspec||GHIDRA||||END|
data/languages/ARM.sinc||GHIDRA||||END| data/languages/ARM.sinc||GHIDRA||||END|
data/languages/ARM4_be.slaspec||GHIDRA||||END| data/languages/ARM4_be.slaspec||GHIDRA||||END|
data/languages/ARM4_le.slaspec||GHIDRA||||END| data/languages/ARM4_le.slaspec||GHIDRA||||END|
@ -30,6 +29,7 @@ data/languages/ARMinstructions.sinc||GHIDRA||||END|
data/languages/ARMneon.dwarf||GHIDRA||||END| data/languages/ARMneon.dwarf||GHIDRA||||END|
data/languages/ARMneon.sinc||GHIDRA||||END| data/languages/ARMneon.sinc||GHIDRA||||END|
data/languages/ARMt.pspec||GHIDRA||||END| data/languages/ARMt.pspec||GHIDRA||||END|
data/languages/ARMtTHUMB.pspec||GHIDRA||||END|
data/languages/ARMt_v45.pspec||GHIDRA||||END| data/languages/ARMt_v45.pspec||GHIDRA||||END|
data/languages/ARMv8.sinc||GHIDRA||||END| data/languages/ARMv8.sinc||GHIDRA||||END|
data/languages/old/ARMv5.lang||GHIDRA||||END| data/languages/old/ARMv5.lang||GHIDRA||||END|

33
Ghidra/Processors/ARM/data/languages/ARM.ldefs
View file

@ -18,6 +18,23 @@
<external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/> <external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/>
</language> </language>
<language processor="ARM"
endian="little"
size="32"
variant="v8T"
version="1.102"
slafile="ARM8_le.sla"
processorspec="ARMtTHUMB.pspec"
manualindexfile="../manuals/ARM.idx"
id="ARM:LE:32:v8T">
<description>Generic ARM/Thumb v8 little endian (Thumb is default)</description>
<compiler name="default" spec="ARM.cspec" id="default"/>
<compiler name="Visual Studio" spec="ARM_win.cspec" id="windows"/>
<external_name tool="gnu" name="iwmmxt"/>
<external_name tool="IDA-PRO" name="arm"/>
<external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/>
</language>
<language processor="ARM" <language processor="ARM"
endian="big" endian="big"
instructionEndian="little" instructionEndian="little"
@ -50,6 +67,22 @@
<external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/> <external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/>
</language> </language>
<language processor="ARM"
endian="big"
size="32"
variant="v8T"
version="1.102"
slafile="ARM8_be.sla"
processorspec="ARMtTHUMB.pspec"
manualindexfile="../manuals/ARM.idx"
id="ARM:BE:32:v8T">
<description>Generic ARM/Thumb v8 big endian (Thumb is default)</description>
<compiler name="default" spec="ARM.cspec" id="default"/>
<external_name tool="gnu" name="iwmmxt"/>
<external_name tool="IDA-PRO" name="armb"/>
<external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/>
</language>
<language processor="ARM" <language processor="ARM"
endian="little" endian="little"
size="32" size="32"

12
Ghidra/Processors/ARM/data/languages/ARM.opinion
View file

@ -2,8 +2,8 @@
<constraint loader="Portable Executable (PE)"> <constraint loader="Portable Executable (PE)">
<constraint compilerSpecID="windows"> <constraint compilerSpecID="windows">
<constraint primary="448" processor="ARM" endian="little" size="32" variant="v8" /> <constraint primary="448" processor="ARM" endian="little" size="32" variant="v8" />
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8" /> <!-- THUMB --> <constraint primary="450" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8" /> <!-- THUMB --> <constraint primary="452" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
</constraint> </constraint>
<constraint compilerSpecID="default"> <constraint compilerSpecID="default">
<constraint primary="2560" processor="ARM" endian="big" size="32" variant="v8" /> <constraint primary="2560" processor="ARM" endian="big" size="32" variant="v8" />
@ -11,8 +11,8 @@
</constraint> </constraint>
<constraint loader="Debug Symbols (DBG)" compilerSpecID="windows"> <constraint loader="Debug Symbols (DBG)" compilerSpecID="windows">
<constraint primary="448" processor="ARM" endian="little" size="32" variant="v8" /> <constraint primary="448" processor="ARM" endian="little" size="32" variant="v8" />
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8" /> <!-- THUMB --> <constraint primary="450" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8" /> <!-- THUMB --> <constraint primary="452" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
</constraint> </constraint>
<constraint loader="Executable and Linking Format (ELF)" compilerSpecID="default"> <constraint loader="Executable and Linking Format (ELF)" compilerSpecID="default">
<constraint primary="40" processor="ARM" size="32" variant="v8" /> <constraint primary="40" processor="ARM" size="32" variant="v8" />
@ -32,7 +32,7 @@
</constraint> </constraint>
<constraint loader="MS Common Object File Format (COFF)" compilerSpecID="windows"> <constraint loader="MS Common Object File Format (COFF)" compilerSpecID="windows">
<constraint primary="448" processor="ARM" endian="little" size="32" variant="v8" /> <constraint primary="448" processor="ARM" endian="little" size="32" variant="v8" />
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8" /> <constraint primary="450" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8" /> <constraint primary="452" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
</constraint> </constraint>
</opinions> </opinions>

3
Ghidra/Processors/ARM/data/languages/ARM_win.cspec
View file

@ -22,6 +22,9 @@
<entry size="4" alignment="4" /> <entry size="4" alignment="4" />
<entry size="8" alignment="8" /> <entry size="8" alignment="8" />
</size_alignment_map> </size_alignment_map>
<bitfield_packing>
<use_MS_convention value="true"/>
</bitfield_packing>
</data_organization> </data_organization>
<global> <global>

26
Ghidra/Processors/ARM/data/languages/ARM.pspec → Ghidra/Processors/ARM/data/languages/ARMtTHUMB.pspec
View file

@ -1,15 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<processor_spec> <processor_spec>
<!-- THIS PSPEC IS A COPY OF ARMt.pspec AND ONLY DIFFERS WITH ENABLEMENT OF THUMB AS DEFAULT CONTEXT -->
<properties> <properties>
<property key="addressesDoNotAppearDirectlyInCode" value="true"/> <property key="addressesDoNotAppearDirectlyInCode" value="true"/>
<property key="allowOffcutReferencesToFunctionStarts" value="true"/> <property key="allowOffcutReferencesToFunctionStarts" value="true"/>
<property key="useNewFunctionStackAnalysis" value="true"/> <property key="useNewFunctionStackAnalysis" value="true"/>
<property key="emulateInstructionStateModifierClass" value="ghidra.program.emulation.ARMEmulateInstructionStateModifier"/> <property key="emulateInstructionStateModifierClass" value="ghidra.program.emulation.ARMEmulateInstructionStateModifier"/>
<property key="assemblyRating:ARM:BE:32:v7" value="PLATINUM"/>
<property key="assemblyRating:ARM:LE:32:v7" value="PLATINUM"/>
</properties> </properties>
<programcounter register="pc"/> <programcounter register="pc"/>
<context_data> <context_data>
<context_set space="ram"> <context_set space="ram">
<set name="TMode" val="1" description="0 for ARM 32-bit, 1 for THUMB 16-bit"/>
<set name="LRset" val="0" description="0 lr reg not set, 1 for LR set, affects BX as a call"/> <set name="LRset" val="0" description="0 lr reg not set, 1 for LR set, affects BX as a call"/>
</context_set> </context_set>
<tracked_set space="ram"> <tracked_set space="ram">
@ -23,6 +27,7 @@
<symbol name="SupervisorCall" address="ram:0x8" entry="true"/> <symbol name="SupervisorCall" address="ram:0x8" entry="true"/>
<symbol name="PrefetchAbort" address="ram:0xC" entry="true"/> <symbol name="PrefetchAbort" address="ram:0xC" entry="true"/>
<symbol name="DataAbort" address="ram:0x10" entry="true"/> <symbol name="DataAbort" address="ram:0x10" entry="true"/>
<symbol name="NotUsed" address="ram:0x14" entry="true"/>
<symbol name="IRQ" address="ram:0x18" entry="true"/> <symbol name="IRQ" address="ram:0x18" entry="true"/>
<symbol name="FIQ" address="ram:0x1c" entry="true"/> <symbol name="FIQ" address="ram:0x1c" entry="true"/>
@ -31,8 +36,29 @@
<symbol name="H_SupervisorCall" address="ram:0xFFFF0008" entry="true"/> <symbol name="H_SupervisorCall" address="ram:0xFFFF0008" entry="true"/>
<symbol name="H_PrefetchAbort" address="ram:0xFFFF000C" entry="true"/> <symbol name="H_PrefetchAbort" address="ram:0xFFFF000C" entry="true"/>
<symbol name="H_DataAbort" address="ram:0xFFFF0010" entry="true"/> <symbol name="H_DataAbort" address="ram:0xFFFF0010" entry="true"/>
<symbol name="H_NotUsed" address="ram:0xFFFF0014" entry="true"/>
<symbol name="H_IRQ" address="ram:0xFFFF0018" entry="true"/> <symbol name="H_IRQ" address="ram:0xFFFF0018" entry="true"/>
<symbol name="H_FIQ" address="ram:0xFFFF001c" entry="true"/> <symbol name="H_FIQ" address="ram:0xFFFF001c" entry="true"/>
</default_symbols> </default_symbols>
<register_data>
<register name="q0" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q1" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q2" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q3" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q4" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q5" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q6" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q7" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q8" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q9" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q10" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q11" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q12" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q13" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q14" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q15" group="NEON" vector_lane_sizes="1,2,4"/>
</register_data>
</processor_spec> </processor_spec>

25
Ghidra/Processors/ARM/data/patterns/ARM_BE_patterns.xml
View file

@ -63,13 +63,15 @@
<data> 11100101 00101101 1110.... ........ 0x........ 0xe24dd... </data> <!-- str lr,[sp,#...]; <instr>; sub sp,sp; --> <data> 11100101 00101101 1110.... ........ 0x........ 0xe24dd... </data> <!-- str lr,[sp,#...]; <instr>; sub sp,sp; -->
<data> 0xe5 0x2d 0xe0 0x08 </data> <!-- str lr,[sp,#-0x8] --> <data> 0xe5 0x2d 0xe0 0x08 </data> <!-- str lr,[sp,#-0x8] -->
<data> 0xe1a0c00d 0xe92d.... </data> <!-- cpy ip,sp; stmdb sp!,{} --> <data> 0xe1a0c00d 0xe92d.... </data> <!-- cpy ip,sp; stmdb sp!,{} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<funcstart/> <funcstart/>
</postpatterns> </postpatterns>
</patternpairs> </patternpairs>
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<data> 0xe24dd... 11101001 00101101 .1...... ....0000 </data> <!-- sub sp,sp ; stmdb sp!,{r4+,lr} --> <data> 0xe24dd... 11101001 00101101 .1...... ....0000 </data> <!-- sub sp,sp ; stmdb sp!,{r4+,lr} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<codeboundary /> <!-- it is at least code --> <codeboundary /> <!-- it is at least code -->
<funcstart after="defined" /> <!-- must be something defined right before this --> <funcstart after="defined" /> <!-- must be something defined right before this -->
@ -77,36 +79,49 @@
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<data> 11101001 00101101 .1...... ....0000 </data> <!-- stmdb sp!,{r4+,lr}; --> <data> 11101001 00101101 .1...... ....0000 </data> <!-- stmdb sp!,{r4+,lr}; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<funcstart after="data" isvalid="true"/> <!-- must be something defined right before this, and good code --> <funcstart after="data" isvalid="true"/> <!-- must be something defined right before this, and good code -->
</pattern> </pattern>
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<data> 0xe24dd... 11100101 00101101 1110.... ........ </data> <!-- sub sp,sp; str lr,[sp,#...]; --> <data> 11101001 00101101 .1...... ....0000 </data> <!-- stmdb sp!,{r4+,lr}; <valid code> -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="defined" isvalid="40"/> <!-- must be something defined right before this, && must be at least 40 valid instructions after it -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data> 0xe24dd... 11100101 00101101 1110.... ........ </data> <!-- sub sp,sp; str lr,[sp,#...]; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<funcstart after="defined" /> <!-- must be something defined right before this --> <funcstart after="defined" /> <!-- must be something defined right before this -->
</pattern> </pattern>
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<data>11100101 00101101 1110.... ........ 0xe24dd... </data> <!-- str lr,[sp,#...]; --> <data>11100101 00101101 1110.... ........ 0xe24dd... </data> <!-- str lr,[sp,#...]; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<funcstart after="data" /> <!-- must be something defined right before this --> <funcstart after="data" /> <!-- must be something defined right before this -->
</pattern> </pattern>
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<data> 11101001 00101101 .1...... ....0000 0x........ 0xe24dd... </data> <!-- stmdb sp!,{r4+,lr}; <instr>; sub sp,sp --> <data> 11101001 00101101 .1...... ....0000 0x........ 0xe24dd... </data> <!-- stmdb sp!,{r4+,lr}; <instr>; sub sp,sp -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<funcstart after="data" /> <!-- must be something defined right before this --> <funcstart after="data" /> <!-- must be something defined right before this -->
</pattern> </pattern>
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<data>11100101 00101101 1110.... ........ 0x........ 0xe24dd... </data> <!-- str lr,[sp,#...]; <instr>; sub sp,sp; --> <data>11100101 00101101 1110.... ........ 0x........ 0xe24dd... </data> <!-- str lr,[sp,#...]; <instr>; sub sp,sp; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<funcstart after="data" /> <!-- must be something defined right before this --> <funcstart after="data" /> <!-- must be something defined right before this -->
</pattern> </pattern>
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<data>0xe1a0c00d 0xe92d.... </data> <!-- cpy ip,sp; stmdb sp!,{} --> <data>0xe1a0c00d 0xe92d.... </data> <!-- cpy ip,sp; stmdb sp!,{} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<codeboundary /> <!-- can't say it is a function yet, have seen instructions before --> <codeboundary /> <!-- can't say it is a function yet, have seen instructions before -->
</pattern> </pattern>
@ -183,10 +198,4 @@
</postpatterns> </postpatterns>
</patternpairs> </patternpairs>
<pattern> <!-- 32 bit ARM -->
<data> 11101001 00101101 .1...... ....0000 </data> <!-- stmdb sp!,{r4+,lr}; <valid code> -->
<setcontext name="TMode" value="0"/>
<funcstart after="defined" isvalid="40"/> <!-- must be something defined right before this, && must be at least 40 valid instructions after it -->
</pattern>
</patternlist> </patternlist>

26
Ghidra/Processors/ARM/data/patterns/ARM_LE_patterns.xml
View file

@ -64,6 +64,7 @@
<data>0x08 0xe0 0x2d 0xe5 </data> <!-- str lr,[sp,#-0x8] --> <data>0x08 0xe0 0x2d 0xe5 </data> <!-- str lr,[sp,#-0x8] -->
<data>0x0dc0a0e1 0x....2de9 </data> <!-- cpy ip,sp; stmdb sp!,{} --> <data>0x0dc0a0e1 0x....2de9 </data> <!-- cpy ip,sp; stmdb sp!,{} -->
<data> ........ .1...... 00101101 11101001 </data> <!-- stmdb sp!,{xxx lr}; --> <data> ........ .1...... 00101101 11101001 </data> <!-- stmdb sp!,{xxx lr}; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<possiblefuncstart/> <possiblefuncstart/>
</postpatterns> </postpatterns>
@ -71,20 +72,30 @@
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<data> 0x..d.4de2 ....0000 .1...... 00101101 11101001 </data> <!-- sub sp,sp ; stmdb sp!,{r4+,lr} --> <data> 0x..d.4de2 ....0000 .1...... 00101101 11101001 </data> <!-- sub sp,sp ; stmdb sp!,{r4+,lr} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<codeboundary /> <!-- it is at least code --> <codeboundary /> <!-- it is at least code -->
<possiblefuncstart after="defined" /> <!-- must be something defined right before this --> <possiblefuncstart after="defined" /> <!-- must be something defined right before this -->
</pattern> </pattern>
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<!-- NOTE: pattern also match Thumb 'b' instruction followed by a 'push' instruction (where push is start uf Thumb function) -->
<data> ....0000 .1...... 00101101 11101001 </data> <!-- stmdb sp!,{r4+,lr}; --> <data> ....0000 .1...... 00101101 11101001 </data> <!-- stmdb sp!,{r4+,lr}; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<codeboundary />
<possiblefuncstart after="data" isvalid="true"/> <!-- must be something defined right before this, and good code --> <possiblefuncstart after="data" isvalid="true"/> <!-- must be something defined right before this, and good code -->
</pattern> </pattern>
<pattern> <!-- 32 bit ARM -->
<data> ........ .1...... 00101101 11101001 </data> <!-- stmdb sp!,{r4+,lr}; <valid code> -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="defined" isvalid="40"/> <!-- must be something defined right before this, && must be at least 40 valid instructions after it -->
</pattern>
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<data> 0x..d.4de2 ........ 1110.... 00101101 11100101 </data> <!-- sub sp,sp; str lr,[sp,#...]; --> <data> 0x..d.4de2 ........ 1110.... 00101101 11100101 </data> <!-- sub sp,sp; str lr,[sp,#...]; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<codeboundary /> <codeboundary />
<possiblefuncstart after="defined" /> <!-- must be something defined right before this --> <possiblefuncstart after="defined" /> <!-- must be something defined right before this -->
@ -92,6 +103,7 @@
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<data>........ 1110.... 00101101 11100101 0x..d.4de2 </data> <!-- str lr,[sp,#...]; --> <data>........ 1110.... 00101101 11100101 0x..d.4de2 </data> <!-- str lr,[sp,#...]; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<codeboundary /> <codeboundary />
<possiblefuncstart after="data" /> <!-- must be data defined right before this --> <possiblefuncstart after="data" /> <!-- must be data defined right before this -->
@ -99,6 +111,7 @@
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<data> ....0000 .1...... 00101101 11101001 0x........ 0x..d.4de2 </data> <!-- stmdb sp!,{r4+,lr}; <instr>; sub sp,sp --> <data> ....0000 .1...... 00101101 11101001 0x........ 0x..d.4de2 </data> <!-- stmdb sp!,{r4+,lr}; <instr>; sub sp,sp -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<codeboundary /> <codeboundary />
<possiblefuncstart after="data" /> <!-- must be data defined right before this --> <possiblefuncstart after="data" /> <!-- must be data defined right before this -->
@ -106,12 +119,14 @@
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<data>........ 1110.... 00101101 11100101 0x........ 0x..d.4de2 </data> <!-- str lr,[sp,#...]; <instr>; sub sp,sp; --> <data>........ 1110.... 00101101 11100101 0x........ 0x..d.4de2 </data> <!-- str lr,[sp,#...]; <instr>; sub sp,sp; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<possiblefuncstart after="data" /> <!-- must be data defined right before this --> <possiblefuncstart after="data" /> <!-- must be data defined right before this -->
</pattern> </pattern>
<pattern> <!-- 32 bit ARM --> <pattern> <!-- 32 bit ARM -->
<data>0x0dc0a0e1 0x....2de9 </data> <!-- cpy ip,sp; stmdb sp!,{} --> <data>0x0dc0a0e1 0x....2de9 </data> <!-- cpy ip,sp; stmdb sp!,{} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<codeboundary /> <!-- can't say it is a function yet, have seen instructions before --> <codeboundary /> <!-- can't say it is a function yet, have seen instructions before -->
</pattern> </pattern>
@ -189,13 +204,6 @@
</postpatterns> </postpatterns>
</patternpairs> </patternpairs>
<pattern> <!-- 32 bit ARM -->
<data> ........ .1...... 00101101 11101001 </data> <!-- stmdb sp!,{r4+,lr}; <valid code> -->
<setcontext name="TMode" value="0"/>
<funcstart after="defined" isvalid="40"/> <!-- must be something defined right before this, && must be at least 40 valid instructions after it -->
</pattern>
<!-- Special functions with side-effects --> <!-- Special functions with side-effects -->
<!-- --> <!-- -->
@ -290,6 +298,7 @@
add ip,lr,r3, lsl #0x1 | add lr,lr,r3, lsl #0x1 add ip,lr,r3, lsl #0x1 | add lr,lr,r3, lsl #0x1
bx ip | bx lr bx ip | bx lr
--> -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<funcstart label="switch8_r3"/> <funcstart label="switch8_r3"/>
</pattern> </pattern>
@ -304,6 +313,7 @@
add ip,lr,r3, lsl #0x1 | add lr,lr,r3, lsl #0x1 add ip,lr,r3, lsl #0x1 | add lr,lr,r3, lsl #0x1
bx ip | bx lr bx ip | bx lr
--> -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/> <setcontext name="TMode" value="0"/>
<funcstart label="switch8_r3"/> <funcstart label="switch8_r3"/>
</pattern> </pattern>