堆栈内存溢出
  简体   繁体   English

从.so 文件到运行时 memory 的指令编码是否不同?

[英]Is instruction encoded different from .so file to runtime memory?

 原文  2022-01-20 02:58:15       assembly/ arm/ disassembly/ ida/ instruction-encoding

问题描述

I have a Android.so file uses ARM-V7A instruction set.我有一个 Android.so 文件使用 ARM-V7A 指令集。

I drag it into IDA, and there is one line shows:我把它拖进IDA,有一行显示:

0x1000: b #0x102c

And the hex window show that the binary code of b #0x102c is 14 e0 .十六进制 window 显示b #0x102c的二进制代码是14 e0

14 e0 have binrary format of 0001 0100 1110 0000 , which is not how ARM-manual encoded this instruction. 14 e0的二进制格式为0001 0100 1110 0000 ,这不是 ARM 手册对该指令进行编码的方式。

UNLESS除非

1    4    e    0
0001 0100 1110 0000
8 ----- 1 16 ---- 9

8 -- 1 means 1 bit to 8 bit, 9 -- 16 means 9 bit to 16bit 8 -- 1表示 1 位到 8 位, 9 -- 16表示 9 位到 16 位

Why is instruction encoded this way in .so file?为什么指令在.so文件中以这种方式编码?

For example if I want to runtime change some instruction at some address.例如,如果我想在某个地址运行时更改某些指令。 Do I change it to 0x14e0 ( which is how instruction encoded in .so file ), or change it to 0xe014 ( which is how instrcution encoded in ARM-Manual )我是否将其更改为0x14e0 (这是指令在.so文件中的编码方式),还是将其更改为0xe014 (这是指令在 ARM-Manual 中的编码方式)

1 个解决方案

解决方案1
 0  2022-01-20 03:36:59

Looks like IDA is breaking it into bytes so you'd expect the low 8 bits to be first, as a byte-stream.看起来 IDA 将其分解为字节,因此您希望低 8 位作为字节流排在第一位。 14 e0 is the same thing as little-endian e014 , a single 16-bit halfword. 14 e0与 little-endian e014 ,是一个 16 位半字。

(IDA was probably first developed for x86, where machine code is a variable-length byte-stream, not a sequence of 16 or 32-bit chunks, and ported to ARM. This is still a valid way to hexdump ARM machine code, though.) (IDA was probably first developed for x86, where machine code is a variable-length byte-stream, not a sequence of 16 or 32-bit chunks, and ported to ARM. This is still a valid way to hexdump ARM machine code, though .)

Re: the title question:回复:标题问题:

The.text section of an executable or library will get mapped into memory like mmap , without modifications.可执行文件或库的 .text 部分将像mmap一样映射到 memory ,无需修改。 Except in rare cases of "text relocations" to fix up absolute addresses, eg in jump tables in .rodata or movw / movk in .text itself.除了在极少数情况下“文本重定位”来修复绝对地址,例如在.rodata中的跳转表或.text本身中的movw / movk中。

But position-independent code generally avoids that, because that's the whole point of being position independent.但是与位置无关的代码通常会避免这种情况,因为这就是 position 独立的全部意义所在。 It's definitely not byte-swapped!它绝对不是字节交换的!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ldr 内存加载指令可以从内存的堆栈部分加载吗 - can an ldr memory load instruction ..load from the stack part of the memory 在运行时检查机器指令 - Inspecting Machine Instruction in Runtime 从大于指令中可用大小的内存中加载 - Loading from memory whose size is larger than the available size in an instruction STP指令占用的内存 - Memory occupied by STP instruction 运行时的iOS Patch程序指令 - iOS Patch program instruction at runtime 将涉及CPU寄存器的指令转换为内存指令 - Converting instruction involving CPU registers to memory instruction 运行时错误汇编中的非法指令 - runtime error Illegal instruction in Assembly 填充指令,使末端对齐 - Pad instruction so end is aligned mov指令从x86程序集中的内存中获取数据 - mov instruction fetches data from memory to memory in x86 assembly nasm:在运行时从 rip(指令指针)获取重定位二进制文​​件的偏移量 - nasm: get offset of relocated binary during runtime from rip (instruction pointer)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM