Skip to content

arm ¤

Classes:

Functions:

  • itstate_from_cpsr

    ITSTATE == If-Then execution state bits for the Thumb IT instruction

Attributes:

ARM_BIT_SHIFT_MAP module-attribute ¤

ARM_BIT_SHIFT_MAP: dict[int, Callable[[int, int, int], int]] = {
    ARM_SFT_ASR: arithmetic_shift_right,
    ARM_SFT_LSL: logical_shift_left,
    ARM_SFT_LSR: logical_shift_right,
    ARM_SFT_ROR: rotate_right,
}

ARM_SINGLE_LOAD_INSTRUCTIONS module-attribute ¤

ARM_SINGLE_LOAD_INSTRUCTIONS = {
    ARM_INS_LDRB: 1,
    ARM_INS_LDRSB: -1,
    ARM_INS_LDRH: 2,
    ARM_INS_LDRSH: -2,
    ARM_INS_LDR: 4,
    ARM_INS_LDRBT: 1,
    ARM_INS_LDRSBT: -1,
    ARM_INS_LDRHT: 2,
    ARM_INS_LDRSHT: -2,
    ARM_INS_LDRT: 4,
    ARM_INS_LDREXB: 1,
    ARM_INS_LDREXH: 2,
    ARM_INS_LDREX: 4,
}

ARM_SINGLE_STORE_INSTRUCTIONS module-attribute ¤

ARM_SINGLE_STORE_INSTRUCTIONS = {
    ARM_INS_STRB: 1,
    ARM_INS_STRH: 2,
    ARM_INS_STR: 4,
    ARM_INS_STRBT: 1,
    ARM_INS_STRHT: 2,
    ARM_INS_STRT: 4,
}

ARM_EXCLUSIVE_STORE_INSTRUCTIONS module-attribute ¤

ARM_EXCLUSIVE_STORE_INSTRUCTIONS = {
    ARM_INS_STREXB: 1,
    ARM_INS_STREXH: 2,
    ARM_INS_STREX: 4,
}

ARM_MATH_INSTRUCTIONS module-attribute ¤

ARM_MATH_INSTRUCTIONS = {
    ARM_INS_ADD: "+",
    ARM_INS_ADDW: "+",
    ARM_INS_SUB: "-",
    ARM_INS_ORR: "|",
    ARM_INS_AND: "&",
    ARM_INS_EOR: "^",
    ARM_INS_UDIV: "/",
    ARM_INS_SDIV: "/",
    ARM_INS_MUL: "*",
    ARM_INS_UMULL: "*",
    ARM_INS_SMULL: "*",
}

ARM_SHIFT_INSTRUCTIONS module-attribute ¤

ARM_SHIFT_INSTRUCTIONS = {
    ARM_INS_ASR: ">>s",
    ARM_INS_ALIAS_ASR: ">>s",
    ARM_INS_LSR: ">>",
    ARM_INS_ALIAS_LSR: ">>",
    ARM_INS_LSL: "<<",
    ARM_INS_ALIAS_LSL: "<<",
    ARM_INS_ROR: ">>r",
    ARM_INS_ALIAS_ROR: ">>r",
}

ARM_CAN_WRITE_TO_PC_INSTRUCTIONS module-attribute ¤

ARM_CAN_WRITE_TO_PC_INSTRUCTIONS = {
    ARM_INS_LDM,
    ARM_INS_ALIAS_LDM,
    ARM_INS_POP,
    ARM_INS_ALIAS_POP,
    ARM_INS_LDR,
    ARM_INS_ADC,
    ARM_INS_ADD,
    ARM_INS_ADR,
    ARM_INS_AND,
    ARM_INS_ASR,
    ARM_INS_ALIAS_ASR,
    ARM_INS_BIC,
    ARM_INS_EOR,
    ARM_INS_LSL,
    ARM_INS_ALIAS_LSL,
    ARM_INS_LSR,
    ARM_INS_ALIAS_LSR,
    ARM_INS_MOV,
    ARM_INS_MVN,
    ARM_INS_ORR,
    ARM_INS_ROR,
    ARM_INS_ALIAS_ROR,
    ARM_INS_RRX,
    ARM_INS_ALIAS_RRX,
    ARM_INS_RSB,
    ARM_INS_RSC,
    ARM_INS_SBC,
    ARM_INS_SUB,
}

ArmDisassemblyAssistant ¤

ArmDisassemblyAssistant(architecture, flags_reg: Literal['cpsr', 'xpsr'])

Bases: DisassemblyAssistant

Methods:

  • read_thumb_bit
  • enhance

    Enhance the instruction - resolving branch targets, conditionals, and adding annotations

  • can_reason_about_process_state

    Determine if the program counter of the process equals the address of the instruction being enhanced.

  • dump

    Debug-only method.

Attributes:

flags_reg instance-attribute ¤

flags_reg = flags_reg

annotation_handlers instance-attribute ¤

annotation_handlers: dict[
    int, Callable[[PwndbgInstruction, Emulator], None]
] = {
    ARM_INS_MOV: _common_move_annotator,
    ARM_INS_MOVW: _common_move_annotator,
    ARM_INS_MOVT: _common_generic_register_destination,
    ARM_INS_MVN: _common_generic_register_destination,
    ARM_INS_CMP: _common_cmp_annotator_builder(flags_reg, "-"),
    ARM_INS_CMN: _common_cmp_annotator_builder(flags_reg, "+"),
    ARM_INS_TST: _common_cmp_annotator_builder(flags_reg, "&"),
    ARM_INS_TEQ: _common_cmp_annotator_builder(flags_reg, "^"),
}

architecture instance-attribute ¤

architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture

op_handlers instance-attribute ¤

op_handlers: dict[
    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]
] = {
    CS_OP_IMM: _parse_immediate,
    CS_OP_REG: _parse_register,
    CS_OP_MEM: _parse_memory,
}

op_names instance-attribute ¤

op_names: dict[
    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]
] = {
    CS_OP_IMM: _immediate_string,
    CS_OP_REG: _register_string,
    CS_OP_MEM: _memory_string,
}

read_thumb_bit ¤

read_thumb_bit(instruction: PwndbgInstruction, emu: Emulator) -> int | None

enhance ¤

enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None

Enhance the instruction - resolving branch targets, conditionals, and adding annotations

This is the only public method that should be called on this object externally.

can_reason_about_process_state ¤

can_reason_about_process_state(instruction: PwndbgInstruction) -> bool

Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced

dump ¤

dump(instruction: PwndbgInstruction)

Debug-only method.

itstate_from_cpsr ¤

itstate_from_cpsr(cpsr_value: int) -> int

ITSTATE == If-Then execution state bits for the Thumb IT instruction The ITSTATE bits are spread across 3 sections of Arm flags register to a total of 8 bits. This function extracts them and reorders the bits into their logical order - https://developer.arm.com/documentation/ddi0403/d/System-Level-Architecture/System-Level-Programmers--Model/Registers/The-special-purpose-program-status-registers--xPSR#:~:text=shows%20the%20assignment%20of%20the%20ICI/IT%20bits.

Bits of the flags register: EPSR[26:25] EPSR[15:12] EPSR[11:10] Bits of ITSTATE: IT[1:0] IT[7:4] IT[3:2]

The lower 5 bits has information that indicates the number of instructions in the IT Block. The top 3 bits indicate the base condition of the block. - https://developer.arm.com/documentation/ddi0406/cb/Application-Level-Architecture/Application-Level-Programmers--Model/Execution-state-registers/IT-block-state-register--ITSTATE?lang=en

If the value is zero, it means we are not in an IT block.