我目前正在尝试了解 movw 指令如何在 ARM 上工作,以便能够对库进行十六进制编辑并更改使用所述指令设置的值。
该库提供的代码如下(来自 objdump 的输出):
[...]
29c4: f44f 71f0 mov.w r1, #480 ; 0x1e0
[...]
换句话说,我想做的是弄清楚 0x1e0 / 480 在“f44f 71f0”中是如何表示的。我一直在网上阅读内容,包括 http://blogs.arm.com/software-enablement/251-how-to-load-constants-in- assembly-for-arm-architecture/ 我想我明白如何movw 是否有效及其局限性;但我仍然不明白指令上显示的值如何映射到实际的二进制代码。非常感谢您能够提供有关此事的任何文件或标志:)
I am currently trying to understand how does the movw instruction work on ARM, to be able to hex edit a library and change a value that is being set with said instruction.
The library presents code as follows (output from objdump):
[...]
29c4: f44f 71f0 mov.w r1, #480 ; 0x1e0
[...]
What I'm trying to do in other words, is figure out how is 0x1e0 / 480 represented inside "f44f 71f0". I've been reading stuff around the net, including http://blogs.arm.com/software-enablement/251-how-to-load-constants-in-assembly-for-arm-architecture/ and I think I understand how does movw work and it's limitations; but I still don't get how does the value shown on the instruction map to the actual binary code. Any documentation or insignt you might be able to provide on the matter is much appreciated :)
发布评论
评论(2)
对于 ARM,指令在 ARM ARM、ARM 架构参考手册中进行了描述。转到 http://infocenter.arm.com 然后沿着左侧查找架构,然后找到您感兴趣的架构这是一个thumb2指令,所以你需要armv7-m。
这看起来是
在指令中编码 T2 i 和 S 为零。 imm3 是位 12 到 14,imm8 是位 7 - 0。
所以你的 imm3 是 0b111,imm8 是 0b11110000,
然后你查看拇指指令部分
i ... imm3 ... abcdefgh 中修改的立即常量,其中 abcdefgh 是 imm8 位你的 i:imm3:a 位,5 位是 0b11111
所以你在表中查找并你会看到右侧的 imm8 左移 1,
即 0x000001E0
Arm 在记录其指令方面做得非常好,比大多数都好。
For arm the instructions are described in the ARM ARM, ARM Architectural Reference manual(s). Go to http://infocenter.arm.com then along the left find architecture then find the architecture you are interested in. This is a thumb2 instruction so you want the armv7-m.
This looks to be encoding T2
i and S are zero in your instruction. imm3 is bits 12 to 14 and imm8 is bits 7 - 0.
so your imm3 is 0b111 and imm8 is 0b11110000
then you look at the modified immediate constants in thumb instructions section
i ... imm3 ... abcdefgh where abcdefgh are the imm8 bits your i:imm3:a bits, 5 bits are 0b11111
so you look that up in the table and you get imm8 on the right side shifted left 1
which is 0x000001E0
Arm does a pretty good job of documenting their instructions, better than most.
这是MOV T2 编码(来自ARM 架构参考手册)
因为您的模式是
您有
i=1, S=0, imm3=111, imm8=11110000< /code>通过检查ThumbExpandImm_C() 的作用,您将了解这些值是如何变成 0x1e0
我们的
imm12 = i:imm3:imm8 (1:111:11110000) = 1111 1111 0000我们的值将通过 (a) 和 (b) 行,因为最高 2 位 [11,10] 是 '11'
ZeroExtend('1':imm12<6:0>, 32) 意味着您有将“1”添加到 [6..0] 位之前。因此该值变为
1:1110000 = 11110000(a)ROR_C(unrotated_value, UInt(imm12<11:7>)) 向右旋转 [11:7] = 11111 = 31,
与向左旋转 1 相同。 (b)因此结果值为
1 1110 0000(a 移位 b)= 0x1e0Here's MOV T2 encoding (from ARM Architecture Reference Manual)
Because your pattern is
You have
i=1, S=0, imm3=111, imm8=11110000By checking what ThumbExpandImm_C() does, you will understand how the values became 0x1e0
Our
imm12 = i:imm3:imm8 (1:111:11110000) = 1111 1111 0000Our values will pass lines (a) and (b) because highest 2 bits [11,10] are '11'
ZeroExtend(‘1’:imm12<6:0>, 32) means you have to prepend '1' to [6..0] bits. So the value becomes
1:1110000 = 11110000(a)ROR_C(unrotated_value, UInt(imm12<11:7>)) does rotate right by [11:7] = 11111 = 31 which is the
same as rotate left by 1. (b)So the resulting value is
1 1110 0000 (a shifted by b) = 0x1e0