New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to disassemble to ARM UAL? #3433

Closed
lowfatcomputing opened this Issue Oct 8, 2015 · 5 comments

Comments

Projects
None yet
4 participants
@lowfatcomputing

lowfatcomputing commented Oct 8, 2015

I see a way to set radare2 to disassemble 32-bit ARM assembly (r2 -aarm -b32 thing.bin) and 16-bit ARM Thumb (r2 -aarm -b16 thing.bin) but not to the combined ARM UAL (Unified Assembly Language).

@radare

This comment has been minimized.

Owner

radare commented Oct 11, 2015

this looks like an issue for https://github.com/aquynh/capstone/issues

@radare

This comment has been minimized.

Owner

radare commented Oct 12, 2015

what is exactly ual? because all the info i can find about it is just a syntax, and capstone supports it, if you want thumb use -b16, if you want arm use -b32 and for aarch64 -b64. but -b16 will be disassembling thumb and thumb2. if any of the instructions displayed is not following the UAL syntax, then report that specific thing to capstone.

@lowfatcomputing

This comment has been minimized.

lowfatcomputing commented Oct 15, 2015

but -b16 will be disassembling thumb and thumb2

You are correct. My bad.

[0x00000000]> pdl | sort | uniq

2
4

The only bug I might see here now is a usability bug. Afaik UAL is not actually 16-bit asm. It's both 16-bit and 32-bit. So maybe instead it should be specified as -b16-32, -bUAL or something.

It seems clear now that my ELF and BIN files are disassembled at the wrong offset, or capstone tries to disassemble the interrupt vector table as assembly instructions. I look into it further and provide a test case for a new issue.

@radare

This comment has been minimized.

Owner

radare commented Oct 16, 2015

-b16 is asumed for thumb, not because the instruction size or the register size. Its an exception to make things simpler. Because its just a mode of the cpu.

-b16 sets thumb2 mode in capstone disassembler (as well as in gnu). Thumb2 contains 2 byte and 4 byte instruction lengths. Thumb was only 2. But thumb and thumb2 are binarynl compatible, so it makes sense to use thumb2 here, unless the cpu doesnt supports it.

From what i understand from ual is that this ist just a syntax, and this symtax should be ready in capstone.

Capstone knows nothing about code or data. It just disassembles. And if u pass a raw binary to radare, or well, an elf. The data mixed in code will be disaplayed as code until you define it as data. See Vd command, and C* ones

On 15 Oct 2015, at 16:59, Andreas Wagner notifications@github.com wrote:

but -b16 will be disassembling thumb and thumb2

You are correct. My bad.

[0x00000000]> pdl | sort | uniq

2
4
The only bug I might see here now is a usability bug. Afaik UAL is not actually 16-bit asm. It's both 16-bit and 32-bit. So maybe instead it should be specified as -b16-32, -bUAL or something.

It seems clear now that my ELF and BIN files are disassembled at the wrong offset, or capstone tries to disassemble the interrupt vector table as assembly instructions. I look into it further and provide a test case for a new issue.


Reply to this email directly or view it on GitHub.

@Maijin Maijin added the ARM label Oct 25, 2016

@Maijin

This comment has been minimized.

Collaborator

Maijin commented Oct 25, 2016

I'm closing since you didn't provide any example.

@Maijin Maijin closed this Oct 25, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment