Fandom

Magic Lantern Firmware Wiki

ARM-console Tips by Alex

328pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

ARM-console Tips / Examples - by: CouttsEdit

Here are some examples of useful things that can be done with the ARM-console (written by A1ex). I am compiling this page from chat logs with Alex, with examples of tasks the arm-console can do, that aren't already documented.


Stepping through assembly codeEdit

Let's say you're looking at a function in a firmware dump and want to go step by step and figure out the register values at each instruction, or keep track of what's happening at each point in the program. There is a module in the console named emusym which has a function to trace code paths, and tell us what different instructions are doing. Take this code for example:

SUB     R9, R10, #4
SUB     R8, R10, #8
SUB     R7, R10, #0xC
SUB     R6, R10, #0x10
SUB     LR, R10, #0x14

You can use this to break things down:

In [8]: cp = range(0xff206224, 0xff206224 +4*5, 4)

In [9]: emusym.resetArm()

In [10]: emusym.emusym_code_path(cp)

In [11]: !cat emusym.log

The output should look something like this:

*******************************************
emulating from 0xFF206224: sub   r9, r10, #4
*******************************************
sub   r9, r10, #4
  => ARM.R9 = (ARM.R10) - (4)
  * ARM.R9 = -4 + unk_R10
sub   r8, r10, #8
  => ARM.R8 = (ARM.R10) - (8)
  * ARM.R8 = -8 + unk_R10
sub   r7, r10, #12
  => ARM.R7 = (ARM.R10) - (12)
  * ARM.R7 = -12 + unk_R10
sub   r6, r10, #16
  => ARM.R6 = (ARM.R10) - (16)
  * ARM.R6 = -16 + unk_R10
sub   r14, r10, #20
  => ARM.LR = (ARM.R10) - (20)
  * ARM.LR = -20 + unk_R10
END OF CODE PATH

Notice R10 was not known when starting the emulation. Now let's try with some other initial condition:

In [12]: emusym.resetArm()

In [13]: emusym.ARM.R10 = 5

In [14]: emusym.emusym_code_path(cp)

In [15]: !cat emusym.log
*******************************************
emulating from 0xFF206224: sub   r9, r10, #4
*******************************************
sub   r9, r10, #4
  => ARM.R9 = (ARM.R10) - (4)
  * ARM.R9 = 1
sub   r8, r10, #8
  => ARM.R8 = (ARM.R10) - (8)
  * ARM.R8 = -3
sub   r7, r10, #12
  => ARM.R7 = (ARM.R10) - (12)
  * ARM.R7 = -7
sub   r6, r10, #16
  => ARM.R6 = (ARM.R10) - (16)
  * ARM.R6 = 0xFFFFFFF5
sub   r14, r10, #20
  => ARM.LR = (ARM.R10) - (20)
  * ARM.LR = 0xFFFFFFF1

Also on Fandom

Random Wiki