ldr 的奇怪行为 [pc, #value]
我正在调试一些c++代码(ARM平台上的WinCE 6), 我发现一些行为很奇怪:
4277220C mov r3, #0x93, 30
42772210 str r3, [sp]
42772214 ldr r3, [pc, #0x69C]
42772218 ldr r2, [pc, #0x694]
4277221C mov r1, #0
42772220 ldr r0, [pc, #0x688]
行 42772214 ldr r3, [pc, #0x69C] 用于从 .DATA 部分获取一些常量,至少我这么认为。
奇怪的是,根据代码,r2 应该填充来自地址 pc=0x42772214 + 0x69C = 0x427728B0 的内存,但根据从 0x427728B8(8 个字节+)加载的内存内容,其他 ldr 用法也会发生这种情况。
是调试器的错误还是我对 ldr/pc 的理解错误? 我不明白的另一个问题 - 为什么对 .data 部分的访问与执行的代码相关?我觉得有点奇怪。
还有一个问题:我找不到第一个 mov 命令的语法(任何人都可以向我指出 Thumb (1C2) 的 optype 规范)
抱歉,我的描述很简单,但我只是熟悉程序集。
I was debugging some c++ code (WinCE 6 on ARM platform),
and i find some behavior strange:
4277220C mov r3, #0x93, 30
42772210 str r3, [sp]
42772214 ldr r3, [pc, #0x69C]
42772218 ldr r2, [pc, #0x694]
4277221C mov r1, #0
42772220 ldr r0, [pc, #0x688]
Line 42772214 ldr r3, [pc, #0x69C] is used to get some constant from .DATA section, at least I think so.
What is strange that according to the code r2 should be filled with memory from address pc=0x42772214 + 0x69C = 0x427728B0, but according to the memory contents it's loaded from 0x427728B8 (8bytes+), it happens for other ldr usages too.
Is it fault of the debugger or my understanding of ldr/pc?
Another issue I don't get - why access to the .data section is relative to the executed code? I find it little bit strange.
And one more issue: i cannot find syntax of the 1st mov command (any one could point me a optype specification for the Thumb (1C2))
Sorry for the laic description, but I'm just familiarizing with the assemblies.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这是正确的。当使用
pc读取时,ARM模式下有8字节偏移,Thumb模式下有4字节偏移。来自ARM-ARM:
使用 PC 相对寻址有两个原因。
mov r3, #0x12345678是不可能用 1 条指令完成的,因此编译器可能会将这个常量放在函数的末尾并使用例如ldr r3, [pc, #0x50]来加载它。我不知道 mov r3, #0x93, 30 是什么意思。可能是
mov r3, #0x93, rol 30(给出0xC0000024)?This is correct. When
pcis used for reading there is an 8-byte offset in ARM mode and 4-byte offset in Thumb mode.From the ARM-ARM:
There are 2 reasons for pc-relative addressing.
mov r3, #0x12345678is impossible to complete in 1 instruction, so the compiler may put this constant in the end of the function and use e.g.ldr r3, [pc, #0x50]to load it instead.I don't know what
mov r3, #0x93, 30means. Probably it ismov r3, #0x93, rol 30(which gives0xC0000024)?