Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
How to disassemble to ARM UAL? #3433
what is exactly ual? because all the info i can find about it is just a syntax, and capstone supports it, if you want thumb use -b16, if you want arm use -b32 and for aarch64 -b64. but -b16 will be disassembling thumb and thumb2. if any of the instructions displayed is not following the UAL syntax, then report that specific thing to capstone.
You are correct. My bad.
The only bug I might see here now is a usability bug. Afaik UAL is not actually 16-bit asm. It's both 16-bit and 32-bit. So maybe instead it should be specified as
It seems clear now that my ELF and BIN files are disassembled at the wrong offset, or capstone tries to disassemble the interrupt vector table as assembly instructions. I look into it further and provide a test case for a new issue.
-b16 is asumed for thumb, not because the instruction size or the register size. Its an exception to make things simpler. Because its just a mode of the cpu.
-b16 sets thumb2 mode in capstone disassembler (as well as in gnu). Thumb2 contains 2 byte and 4 byte instruction lengths. Thumb was only 2. But thumb and thumb2 are binarynl compatible, so it makes sense to use thumb2 here, unless the cpu doesnt supports it.
From what i understand from ual is that this ist just a syntax, and this symtax should be ready in capstone.
Capstone knows nothing about code or data. It just disassembles. And if u pass a raw binary to radare, or well, an elf. The data mixed in code will be disaplayed as code until you define it as data. See Vd command, and C* ones