解读简单的ARM指令?
[英]Dissasembling simple ARM instructions?
问题描述
I've been messing around with IDA Pro and trying to disassemble my own products just for the sake of it. 
我一直在搞乱IDA Pro并试图为了它而拆卸我自己的产品。
I've noticed a couple of things I don't understand because my assembly language knowledge is terrible. 我注意到了一些我不理解的事情,因为我的汇编语言知识很糟糕。 Here is a little chunk of code which invokes CGContextSetRGBStrokeColor . 这里有一小段代码调用CGContextSetRGBStrokeColor 。
CGContextSetRGBStrokeColor(ctx, 1, 1, 1, 1);
In IDA it looks like this: 在IDA中它看起来像这样:
I don't understand a number of things: 我不明白很多事情:
- How does 0x3F800000 relate to the number 1? 0x3F800000如何与数字1相关? I assume it is a reference, however I did not get what it refers to. 我认为它是一个参考,但我没有得到它所指的。
- Why is MOVS being called three times instead of four (because there are four arguments)? 为什么MOVS被调用三次而不是四次(因为有四个参数)?
- Are R0,R1,R2 etc. CPU registers? 是R0,R1,R2等CPU寄存器吗?
- Could someone explaing these: 有人可以解释这些:
Some text lines http://a.imageshack.us/img836/4018/gah.png 一些文字行http://a.imageshack.us/img836/4018/gah.png
This file is a Framework (therefore a Mach-O file). 该文件是一个框架 (因此是一个Mach-O文件)。 That function comes from CoreGraphics. 该功能来自CoreGraphics。
1 个解决方案
解决方案1
10 已采纳 2010-08-12 17:02:07
How does 0x3F800000 relate to the number 1?
0x3F800000 is 1.0 in IEEE single precision representation. 在IEEE单精度表示中,0x3F800000是1.0。 You could right click on that 0x3F800000 and choose floating point representation to convert it to 1.0. 您可以右键单击该0x3F800000并选择浮点表示将其转换为1.0。
Why is MOVS being called three times instead of four (because there are four arguments)?
In the standard ARM calling convention, the first 4 arguments are stored in R0 to R3 respectively. 在标准的ARM调用约定中,前4个参数分别存储在R0到R3中。 The ldr r1, =0x3f800000 instruction already stores the 2nd argument. ldr r1, =0x3f800000指令已存储第二个参数。
Are R0,R1,R2 etc. CPU registers?
Yes. 是。
Could someone explaing these:
Please don't take apart non-consecutive instructions, since the r3 at the 2nd instruction and that in the 3rd are different. 请不要拆分非连续指令,因为第2条指令的r3和第3条指令的r3不同。
If you check the whole function, you should see that "var_4C" is the address to the variable ctx on stack. 如果检查整个函数,您应该看到“var_4C”是堆栈上变量ctx的地址。 Hence, 因此,
add r3, sp, #0x50+var_4c
ldr r2, [r3]
just means r2 = ctx . 只是意味着r2 = ctx 。 The instruction movs r0, r2 much later put the context as the 1st argument. 指令movs r0, r2后来将上下文作为第一个参数。
Also, in ARM, var_?? 另外,在ARM中,var_ ?? is equivalent to the value -0x??. 相当于值-0x ??。 In ARM, the 5th argument and above are stored on the stack at [sp, #0], [sp, #4], etc. Hence, the instruction 在ARM中,第5个参数及以上参数存储在[sp,#0],[sp,#4]等堆栈中。因此,指令
ldr r3, =0x3f800000
str r3, [sp, #0] ;// #0x50+var_50 = 0x50 - 0x50 = 0
put the 1.0 on at the 5th argument. 将1.0放在第5个参数上。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.