is 57 lib/math/ef_pow.c int hx,hy,ix,iy,is; is 133 lib/math/ef_pow.c GET_FLOAT_WORD(is,t1); is 134 lib/math/ef_pow.c SET_FLOAT_WORD(t1,is&0xfffff000); is 156 lib/math/ef_pow.c GET_FLOAT_WORD(is,s_h); is 157 lib/math/ef_pow.c SET_FLOAT_WORD(s_h,is&0xfffff000); is 168 lib/math/ef_pow.c GET_FLOAT_WORD(is,t_h); is 169 lib/math/ef_pow.c SET_FLOAT_WORD(t_h,is&0xfffff000); is 176 lib/math/ef_pow.c GET_FLOAT_WORD(is,p_h); is 177 lib/math/ef_pow.c SET_FLOAT_WORD(p_h,is&0xfffff000); is 184 lib/math/ef_pow.c GET_FLOAT_WORD(is,t1); is 185 lib/math/ef_pow.c SET_FLOAT_WORD(t1,is&0xfffff000); is 194 lib/math/ef_pow.c GET_FLOAT_WORD(is,y); is 195 lib/math/ef_pow.c SET_FLOAT_WORD(y1,is&0xfffff000); is 226 lib/math/ef_pow.c GET_FLOAT_WORD(is,t); is 227 lib/math/ef_pow.c SET_FLOAT_WORD(t,is&0xfffff000); is 421 tools/capdis.c void describe_prop_call(firmware *fw,iter_state_t *is, unsigned dis_opts, char *comment, uint32_t target) is 429 tools/capdis.c if((get_call_const_args(fw,is,6,regs)&1)!=1) { is 458 tools/capdis.c int do_dis_branch(firmware *fw, iter_state_t *is, unsigned dis_opts, char *mnem, char *ops, char *comment) is 460 tools/capdis.c uint32_t target = B_target(fw,is->insn); is 463 tools/capdis.c target = CBx_target(fw,is->insn); is 467 tools/capdis.c sprintf(op_pfx,"%s, ",cs_reg_name(is->cs_handle,is->insn->detail->arm.operands[0].reg)); is 474 tools/capdis.c ostub = find_sig_val(fw->sv->stubs,target|is->thumb); is 483 tools/capdis.c if(fw_disasm_iter_single(fw,target|is->thumb)) { is 484 tools/capdis.c j_target=get_direct_jump_target(fw,fw->is); is 509 tools/capdis.c describe_prop_call(fw,is,dis_opts,comment,desc_adr | is->thumb); is 510 tools/capdis.c describe_simple_func(fw,dis_opts,comment,desc_adr | is->thumb); is 515 tools/capdis.c int do_dis_call(firmware *fw, iter_state_t *is, unsigned dis_opts, char *mnem, char *ops, char *comment) is 517 tools/capdis.c if(!((is->insn->id == ARM_INS_BL || is->insn->id == ARM_INS_BLX) is 518 tools/capdis.c && is->insn->detail->arm.operands[0].type == ARM_OP_IMM)) { is 522 tools/capdis.c uint32_t target = get_branch_call_insn_target(fw,is); // target with thumb bit set appropriately is 537 tools/capdis.c j_target=get_direct_jump_target(fw,fw->is); is 563 tools/capdis.c describe_prop_call(fw,is,dis_opts,comment,desc_adr); is 570 tools/capdis.c iter_state_t *is, is 577 tools/capdis.c cs_insn *insn=is->insn; is 584 tools/capdis.c if(do_dis_branch(fw,is,dis_opts,mnem,ops,comment)) { is 587 tools/capdis.c if(do_dis_call(fw,is,dis_opts,mnem,ops,comment)) { is 598 tools/capdis.c cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), is 619 tools/capdis.c cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), is 625 tools/capdis.c cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), is 631 tools/capdis.c cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), is 641 tools/capdis.c cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), is 654 tools/capdis.c } else if(get_TBx_PC_info(fw,is,ti)) { is 663 tools/capdis.c void do_adr_label(firmware *fw, struct llist **branch_list, iter_state_t *is, unsigned dis_opts) is 666 tools/capdis.c uint32_t adr=is->insn->address; is 671 tools/capdis.c ostub = find_sig_val(fw->sv->stubs,adr|is->thumb); is 692 tools/capdis.c static void do_tbb_data(firmware *fw, iter_state_t *is, unsigned dis_opts, tbx_info_t *ti) is 746 tools/capdis.c if(!disasm_iter_init(fw,is,adr | is->thumb)) { is 754 tools/capdis.c static void do_tbh_data(firmware *fw, iter_state_t *is, unsigned dis_opts, tbx_info_t *ti) is 791 tools/capdis.c if(!disasm_iter_init(fw,is,adr | is->thumb)) { is 796 tools/capdis.c static void do_tbx_pass1(firmware *fw, iter_state_t *is, struct llist **branch_list, unsigned dis_opts, tbx_info_t *ti) is 829 tools/capdis.c if(!disasm_iter_init(fw,is,adr | is->thumb)) { is 835 tools/capdis.c static void do_tbx_data(firmware *fw, iter_state_t *is, unsigned dis_opts, tbx_info_t *ti) is 838 tools/capdis.c do_tbb_data(fw,is,dis_opts,ti); is 840 tools/capdis.c do_tbh_data(fw,is,dis_opts,ti); is 851 tools/capdis.c iter_state_t *is=disasm_iter_new(fw,dis_start); is 859 tools/capdis.c while(count < dis_count && is->adr < dis_end) { is 860 tools/capdis.c if(disasm_iter(fw,is)) { is 861 tools/capdis.c uint32_t b_tgt=get_branch_call_insn_target(fw,is); is 865 tools/capdis.c } else if(get_TBx_PC_info(fw,is,&ti)) { is 868 tools/capdis.c do_tbx_pass1(fw,is,branch_list,dis_opts,&ti); is 871 tools/capdis.c if(!disasm_iter_init(fw,is,(is->adr+is->insn_min_size) | is->thumb)) { is 880 tools/capdis.c disasm_iter_init(fw,is,dis_start); is 881 tools/capdis.c while(count < dis_count && is->adr < dis_end) { is 882 tools/capdis.c if(disasm_iter(fw,is)) { is 883 tools/capdis.c do_adr_label(fw,branch_list,is,dis_opts); is 888 tools/capdis.c printf(" 0x%"PRIx64"",is->insn->address); is 892 tools/capdis.c for(k=0;k<is->insn->size;k++) { is 893 tools/capdis.c printf(" %02x",is->insn->bytes[k]); is 899 tools/capdis.c describe_insn_ops(is->cs_handle,is->insn); is 902 tools/capdis.c describe_insn_groups(is->cs_handle,is->insn); is 907 tools/capdis.c do_dis_insn(fw,is,dis_opts,insn_mnemonic,insn_ops,comment,&ti); is 921 tools/capdis.c printf("%08"PRIx64": \t",is->insn->address); is 924 tools/capdis.c if(is->insn->size == 2) { is 925 tools/capdis.c printf("%04x ",*(unsigned short *)is->insn->bytes); is 926 tools/capdis.c } else if(is->insn->size == 4) { is 927 tools/capdis.c printf("%04x %04x",*(unsigned short *)is->insn->bytes,*(unsigned short *)(is->insn->bytes+2)); is 951 tools/capdis.c do_tbx_data(fw,is,dis_opts,&ti); is 953 tools/capdis.c if((dis_opts & DIS_OPT_END_RET) && isRETx(is->insn)) { // end disassembly on return is 968 tools/capdis.c uint16_t *pv=(uint16_t *)adr2ptr(fw,is->adr); is 971 tools/capdis.c if(is->thumb) { is 977 tools/capdis.c printf("%s invalid address %"PRIx64"\n",comment_start,is->adr); is 979 tools/capdis.c if(!disasm_iter_init(fw,is,(is->adr+is->insn_min_size)|is->thumb)) { is 991 tools/capdis.c printf(" ldr pc, =0x%"PRIx64,is->adr|is->thumb); is 781 tools/finsig_thumb2.c uint32_t b_adr=get_direct_jump_target(fw,fw->is); is 796 tools/finsig_thumb2.c int find_next_sig_call(firmware *fw, iter_state_t *is, uint32_t max_offset, const char *name) is 819 tools/finsig_thumb2.c return fw_search_insn(fw,is,search_disasm_calls_multi,0,match_fns,is->adr + max_offset); is 823 tools/finsig_thumb2.c int is_sig_call(firmware *fw, iter_state_t *is, const char *name) is 825 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); is 852 tools/finsig_thumb2.c typedef int (*sig_match_fn)(firmware *fw, iter_state_t *is, sig_rule_t *rule); is 888 tools/finsig_thumb2.c int init_disasm_sig_ref(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 899 tools/finsig_thumb2.c if(!disasm_iter_init(fw,is,adr)) { is 906 tools/finsig_thumb2.c int sig_match_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule); is 912 tools/finsig_thumb2.c int sig_match_str_r0_call(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 923 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 924 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 925 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg == ARM_REG_R0) { is 928 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,4,match_b_bl_blximm)) { is 929 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); is 939 tools/finsig_thumb2.c int sig_match_reg_evp(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 957 tools/finsig_thumb2.c disasm_iter_init(fw,is,e_to_evp); is 958 tools/finsig_thumb2.c if(insn_match_seq(fw,is,reg_evp_match)) { is 959 tools/finsig_thumb2.c reg_evp=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm); is 968 tools/finsig_thumb2.c int sig_match_reg_evp_table(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 979 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 981 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 982 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) { is 985 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,2,match_b_bl)) { is 988 tools/finsig_thumb2.c reg_evp_alt1=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm); is 995 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&3)==3) { is 1007 tools/finsig_thumb2.c disasm_iter_init(fw,is,dd_enable_p); // start at found func is 1008 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,4,match_b_bl)) { // find the first bl is 1011 tools/finsig_thumb2.c if(get_call_const_args(fw,is,4,regs)&1) { is 1012 tools/finsig_thumb2.c reg_evp_tbl=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm); is 1022 tools/finsig_thumb2.c int sig_match_reg_evp_alt2(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1034 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 1035 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 1036 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) { is 1039 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_b_bl)) { is 1044 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&3)==3) { is 1046 tools/finsig_thumb2.c reg_evp_alt2=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm); is 1049 tools/finsig_thumb2.c printf("RegisterEventProcedure_alt2 == _alt1 at %"PRIx64"\n",is->insn->address); is 1064 tools/finsig_thumb2.c int sig_match_unreg_evp_table(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1076 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 1077 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 1079 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) { is 1082 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_b_bl)) { is 1085 tools/finsig_thumb2.c uint32_t reg_call=get_branch_call_insn_target(fw,is); is 1092 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&3)==3) { is 1104 tools/finsig_thumb2.c disasm_iter_init(fw,is,mecha_unreg); is 1106 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,7,match_b_bl)) { is 1114 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,18,match_ldr_r0)) { is 1117 tools/finsig_thumb2.c uint32_t tbl=LDR_PC2val(fw,is->insn); is 1121 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 1125 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 1130 tools/finsig_thumb2.c int sig_match_evp_table_veneer(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1137 tools/finsig_thumb2.c disasm_iter_init(fw,is,ref_adr); // start at our known function is 1138 tools/finsig_thumb2.c while (is->adr < (ref_adr+0x800)) { is 1139 tools/finsig_thumb2.c cadr = is->adr; is 1140 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) { is 1141 tools/finsig_thumb2.c disasm_iter_set(fw,is,(is->adr+2) | fw->thumb_default); is 1144 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_B) { is 1145 tools/finsig_thumb2.c uint32_t b_adr = get_branch_call_insn_target(fw,is); is 1148 tools/finsig_thumb2.c add_func_name(fw,rule->name,cadr | is->thumb,NULL); is 1158 tools/finsig_thumb2.c int sig_match_get_nd_value(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1165 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1168 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,16,"ClearEventFlag")) { is 1172 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { is 1177 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 1178 tools/finsig_thumb2.c disasm_iter(fw,is); is 1179 tools/finsig_thumb2.c if (B_target(fw,is->insn)) is 1180 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 1182 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_bl_blximm)) { is 1186 tools/finsig_thumb2.c uint32_t addr=get_branch_call_insn_target(fw,is); is 1194 tools/finsig_thumb2.c int sig_match_get_current_exp(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1196 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1199 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,2,match_bl_blximm)) { is 1204 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 1205 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { is 1210 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 1211 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { is 1215 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 1218 tools/finsig_thumb2.c int sig_match_get_current_nd_value(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1224 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1227 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,36,"GetCurrentShutterSpeed_FW")) { is 1238 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,10,match_bl_strh)) { is 1243 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,1)); is 1244 tools/finsig_thumb2.c disasm_iter(fw,is); is 1245 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 1248 tools/finsig_thumb2.c int sig_match_imager_active_callback(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1250 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1261 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,28,match_ldr_bl_mov_pop)) { is 1266 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,3)); is 1268 tools/finsig_thumb2.c disasm_iter(fw,is); is 1269 tools/finsig_thumb2.c uint32_t f1=LDR_PC2val(fw,is->insn); is 1274 tools/finsig_thumb2.c int sig_match_imager_active(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1276 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1289 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,10,match_ldr_mov_str_pop)) { is 1291 tools/finsig_thumb2.c init_disasm_sig_ref(fw,is,rule); is 1299 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,10,match_mov_ldr_str_pop)) { is 1306 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,backtrack)); is 1307 tools/finsig_thumb2.c disasm_iter(fw,is); is 1308 tools/finsig_thumb2.c uint32_t base=LDR_PC2val(fw,is->insn); is 1309 tools/finsig_thumb2.c uint32_t reg=is->insn->detail->arm.operands[0].reg; is 1313 tools/finsig_thumb2.c disasm_iter(fw,is); is 1315 tools/finsig_thumb2.c disasm_iter(fw,is); is 1317 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[1].mem.base != reg) { is 1321 tools/finsig_thumb2.c uint32_t off=is->insn->detail->arm.operands[1].mem.disp; is 1323 tools/finsig_thumb2.c save_misc_val("imager_active",base,off,(uint32_t)is->insn->address); is 1327 tools/finsig_thumb2.c int sig_match_screenlock_helper(firmware *fw, iter_state_t *is, sig_rule_t *rule) { is 1328 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1331 tools/finsig_thumb2.c uint32_t init_adr = (uint32_t)is->adr | is->thumb; is 1347 tools/finsig_thumb2.c if(insn_match_find_next_seq(fw,is,6,match_cmp_bne_bl)) { is 1354 tools/finsig_thumb2.c disasm_iter_init(fw,is,init_adr); is 1355 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,1,match_ldrpc_mov_b)) { is 1356 tools/finsig_thumb2.c printf("sig_match_screenlock_helper: match 2 failed 0x%"PRIx64"\n",is->insn->address); is 1359 tools/finsig_thumb2.c disasm_iter_init(fw,is,init_adr); is 1360 tools/finsig_thumb2.c disasm_iter(fw,is); is 1361 tools/finsig_thumb2.c uint32_t adr = LDR_PC2val(fw,is->insn); is 1363 tools/finsig_thumb2.c printf("sig_match_screenlock_helper: no match LDR PC 0x%"PRIx64"\n",is->insn->address); is 1366 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); is 1368 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,6,match_cmp_bne_bl)) { is 1375 tools/finsig_thumb2.c int sig_match_screenunlock(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1377 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1381 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,14,"ScreenLock")) { is 1392 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,38,match_end)) { is 1397 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 1401 tools/finsig_thumb2.c int sig_match_log_camera_event(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1403 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1406 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { is 1411 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&3)!=3) { is 1424 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 1428 tools/finsig_thumb2.c int sig_match_physw_misc(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1430 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1434 tools/finsig_thumb2.c disasm_iter_init(fw,is,ostub2->val); is 1444 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 1448 tools/finsig_thumb2.c physw_run=LDR_PC2val(fw,is->insn); is 1451 tools/finsig_thumb2.c save_misc_val("physw_run",physw_run,0,(uint32_t)is->insn->address); is 1464 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,7,match_bl_blximm)) { is 1472 tools/finsig_thumb2.c uint32_t f=get_branch_call_insn_target(fw,is); is 1477 tools/finsig_thumb2.c uint32_t f2=get_direct_jump_target(fw,fw->is); is 1486 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,1)); is 1487 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 1492 tools/finsig_thumb2.c if(is->insn->id != ARM_INS_LDR is 1493 tools/finsig_thumb2.c || is->insn->detail->arm.operands[0].reg != ARM_REG_R0) { is 1496 tools/finsig_thumb2.c save_misc_val("physw_sleep_delay",physw_run,is->insn->detail->arm.operands[1].mem.disp,(uint32_t)is->insn->address); is 1498 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 1504 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,2,match_bl_blximm)) { is 1507 tools/finsig_thumb2.c save_sig(fw,"kbd_p1_f",get_branch_call_insn_target(fw,is)); is 1510 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { is 1513 tools/finsig_thumb2.c save_sig(fw,"kbd_p2_f",get_branch_call_insn_target(fw,is)); is 1517 tools/finsig_thumb2.c int sig_match_kbd_read_keys(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1519 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1523 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { is 1526 tools/finsig_thumb2.c save_sig(fw,"kbd_read_keys",get_branch_call_insn_target(fw,is)); is 1527 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 1531 tools/finsig_thumb2.c uint32_t physw_status=LDR_PC2val(fw,is->insn); is 1533 tools/finsig_thumb2.c save_misc_val("physw_status",physw_status,0,(uint32_t)is->insn->address); is 1534 tools/finsig_thumb2.c save_sig(fw,"kbd_p1_f_cont",(uint32_t)(is->insn->address) | is->thumb); is 1541 tools/finsig_thumb2.c int sig_match_get_kbd_state(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1543 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1553 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,11,match)) { is 1556 tools/finsig_thumb2.c save_sig_with_j(fw,"GetKbdState",get_branch_call_insn_target(fw,is)); is 1558 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_b_bl_blximm)) { is 1561 tools/finsig_thumb2.c save_sig_with_j(fw,"kbd_read_keys_r2",get_branch_call_insn_target(fw,is)); is 1565 tools/finsig_thumb2.c int sig_match_get_dial_hw_position(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1567 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1570 tools/finsig_thumb2.c uint32_t adr = find_last_call_from_func(fw,is,18,50); is 1576 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); is 1577 tools/finsig_thumb2.c adr = find_last_call_from_func(fw,is,16,32); is 1583 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); is 1585 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,30,match_bl_blximm)) { is 1589 tools/finsig_thumb2.c uint32_t fadr = get_branch_call_insn_target(fw,is); is 1591 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,4)); is 1598 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_hw_dial_call)) { is 1605 tools/finsig_thumb2.c int sig_match_create_jumptable(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1607 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1611 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,20,2,match_bl_blximm)) { is 1615 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 1616 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,15,match_bl_blximm)) { is 1620 tools/finsig_thumb2.c save_sig(fw,"CreateJumptable",get_branch_call_insn_target(fw,is)); is 1625 tools/finsig_thumb2.c int sig_match_take_semaphore_strict(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1627 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1631 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { is 1635 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 1637 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,10,2,match_bl_blximm)) { is 1641 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 1643 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,20,3,match_bl_blximm)) { is 1646 tools/finsig_thumb2.c save_sig_with_j(fw,"DebugAssert",get_branch_call_insn_target(fw,is)); is 1649 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,7,match_bl_blximm)) { is 1652 tools/finsig_thumb2.c save_sig_with_j(fw,"TakeSemaphoreStrictly",get_branch_call_insn_target(fw,is)); is 1658 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); is 1659 tools/finsig_thumb2.c cs_insn *insn=fw->is->insn; is 1680 tools/finsig_thumb2.c save_misc_val("fileio_semaphore",sem_adr,0,(uint32_t)is->insn->address); is 1682 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,10,match_bl_blximm)) { is 1685 tools/finsig_thumb2.c return save_sig_with_j(fw,"GetDrive_FreeClusters",get_branch_call_insn_target(fw,is)); is 1688 tools/finsig_thumb2.c int sig_match_get_semaphore_value(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1696 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 1698 tools/finsig_thumb2.c if(!fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 1706 tools/finsig_thumb2.c if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) { is 1710 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_bl_blximm)){ is 1711 tools/finsig_thumb2.c fadr=get_branch_call_insn_target(fw,fw->is); is 1720 tools/finsig_thumb2.c disasm_iter_init(fw,is,fadr); is 1722 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,9,match_bl_blximm)) { is 1726 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 1729 tools/finsig_thumb2.c int sig_match_stat(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1738 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 1739 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 1740 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg == ARM_REG_R0) { is 1741 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,2,match_bl_blximm)) { is 1742 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); is 1744 tools/finsig_thumb2.c if(is_sig_call(fw,is,"Fopen_Fut_FW")) { is 1765 tools/finsig_thumb2.c int sig_match_open(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1767 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1770 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,48,match_open_mov_call)) { is 1773 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 1777 tools/finsig_thumb2.c int sig_match_open_gt_57(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1779 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1782 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,38,"TakeSemaphoreStrictly")) { is 1787 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_bl_blximm)) { is 1791 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 1793 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,48,match_open_mov_call)) { is 1796 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 1801 tools/finsig_thumb2.c int sig_match_close_gt_57(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1803 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1806 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,34,"TakeSemaphoreStrictly")) { is 1811 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { is 1815 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 1817 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { is 1820 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 1825 tools/finsig_thumb2.c int sig_match_umalloc(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1827 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1831 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,15,3,match_bl_blximm)) { is 1835 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 1837 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,14,3,match_bl_blximm)) { is 1840 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 1844 tools/finsig_thumb2.c int sig_match_ufree(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1846 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 1850 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,60,"strcpy_FW")) { is 1854 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,12,3,match_bl_blximm)) { is 1858 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 1860 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,40,"Close_FW")) { is 1864 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { is 1867 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 1870 tools/finsig_thumb2.c int sig_match_deletefile_fut(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1878 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 1879 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 1881 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { is 1885 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); is 1898 tools/finsig_thumb2.c if(!insn_match_any(fw->is->insn,match_mov_r1)){ is 1906 tools/finsig_thumb2.c uint32_t find_call_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule); is 1908 tools/finsig_thumb2.c int sig_match_closedir(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1916 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 1917 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 1918 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,60,"sprintf_FW")) { is 1921 tools/finsig_thumb2.c if(insn_match_find_nth(fw,is,7,2,match_bl_blximm)) { is 1922 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 1926 tools/finsig_thumb2.c uint32_t call_adr = find_call_near_str(fw,is,rule); is 1928 tools/finsig_thumb2.c disasm_iter_init(fw,is,call_adr); // reset to a bit before where the string was found is 1935 tools/finsig_thumb2.c if(insn_match_seq(fw,is,match_closedir)){ is 1936 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 1946 tools/finsig_thumb2.c disasm_iter_init(fw,fw->is,call_adr); // reset to a bit before where the string was found is 1947 tools/finsig_thumb2.c disasm_iter(fw,fw->is); is 1948 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,fw->is)); is 1951 tools/finsig_thumb2.c int sig_match_readfastdir(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 1968 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 1969 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 1970 tools/finsig_thumb2.c uint32_t ref_adr = iter_state_adr(is); is 1972 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,2)); is 1973 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_bl_blximm)) { is 1974 tools/finsig_thumb2.c uint32_t call_adr = iter_state_adr(fw->is); is 1975 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,1)); is 1976 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_cbnz_r0)) { is 1983 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); is 1984 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_bl_blximm)) { is 1985 tools/finsig_thumb2.c uint32_t call_adr = iter_state_adr(fw->is); is 1986 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i-1)); is 1987 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_cbz_r0)) { is 1988 tools/finsig_thumb2.c uint32_t b_adr = get_branch_call_insn_target(fw,fw->is); is 2000 tools/finsig_thumb2.c int sig_match_strrchr(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2005 tools/finsig_thumb2.c uint32_t call_adr = find_call_near_str(fw,is,rule); is 2007 tools/finsig_thumb2.c disasm_iter_init(fw,is,call_adr-4); // reset to a bit before where the string was found is 2012 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,2,match_mov_r1_imm)){ is 2020 tools/finsig_thumb2.c int sig_match_time(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2029 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 2030 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 2032 tools/finsig_thumb2.c if(insn_match_find_nth(fw,is,6,2,match_bl_blximm)) { is 2033 tools/finsig_thumb2.c fadr=get_branch_call_insn_target(fw,is); is 2041 tools/finsig_thumb2.c disasm_iter_init(fw,is,fadr); is 2043 tools/finsig_thumb2.c if(insn_match_find_nth(fw,is,11,2,match_bl_blximm)) { is 2044 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2049 tools/finsig_thumb2.c int sig_match_strncpy(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2051 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2054 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,60,"strcpy_FW")) { is 2057 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { is 2060 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2063 tools/finsig_thumb2.c int sig_match_strncmp(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2071 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 2072 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 2073 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { is 2077 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&6)==6) { is 2080 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2087 tools/finsig_thumb2.c int sig_match_strtolx(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2089 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2092 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,130,"strncpy")) { is 2096 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { is 2099 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); is 2104 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); is 2105 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 2116 tools/finsig_thumb2.c if(!insn_match(is->insn,match_mov_r3_imm)){ is 2119 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 2123 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2127 tools/finsig_thumb2.c int sig_match_exec_evp(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2135 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 2136 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 2140 tools/finsig_thumb2.c if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) { is 2143 tools/finsig_thumb2.c if(fw->is->insn->id == ARM_INS_PUSH && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0) { is 2145 tools/finsig_thumb2.c uint32_t adr=(uint32_t)(fw->is->insn->address) | is->thumb; is 2147 tools/finsig_thumb2.c if(find_next_sig_call(fw,is,28,"DebugAssert")) { is 2157 tools/finsig_thumb2.c int sig_match_fgets_fut(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2159 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2162 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,16,"Fopen_Fut_FW")) { is 2165 tools/finsig_thumb2.c disasm_iter(fw,is); is 2166 tools/finsig_thumb2.c disasm_iter(fw,is); is 2167 tools/finsig_thumb2.c if (B_target(fw,is->insn) && (is->insn->detail->arm.cc == ARM_CC_NE)) { is 2168 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 2170 tools/finsig_thumb2.c if (B_target(fw,is->insn) && (is->insn->detail->arm.cc == ARM_CC_NE)) { is 2171 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 2174 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,20,1,match_bl_blximm)) { is 2177 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2180 tools/finsig_thumb2.c int sig_match_log(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2182 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2190 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,38,3,match_pop6)) { is 2194 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,24,3,match_bl_blximm)) { is 2197 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2201 tools/finsig_thumb2.c int sig_match_pow_dry_52(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2206 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2214 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,50,match_ldrd_r0_r1)) { is 2218 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[2].mem.base == ARM_REG_SP) { is 2221 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 2225 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); is 2233 tools/finsig_thumb2.c int sig_match_pow_dry_gt_52(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2238 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2261 tools/finsig_thumb2.c if(insn_match_find_next_seq(fw,is,50,match1[idx])) is 2263 tools/finsig_thumb2.c init_disasm_sig_ref(fw,is,rule); is 2269 tools/finsig_thumb2.c uint32_t adr=get_branch_call_insn_target(fw,is); is 2274 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); is 2291 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,15,match2[idx])) { is 2294 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2297 tools/finsig_thumb2.c int sig_match_sqrt(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2299 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2303 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,12,3,match_bl_blximm)) { is 2307 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 2308 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 2312 tools/finsig_thumb2.c uint32_t j_tgt=get_direct_jump_target(fw,is); is 2316 tools/finsig_thumb2.c disasm_iter_init(fw,is,j_tgt); is 2317 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 2323 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,12,2,match_b_bl_blximm)) { is 2326 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2328 tools/finsig_thumb2.c int sig_match_get_drive_cluster_size(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2330 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2334 tools/finsig_thumb2.c if(fw_search_insn(fw,is,search_disasm_str_ref,0,"A/OpLogErr.txt",(uint32_t)is->adr+260)) { is 2336 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { is 2341 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 2343 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,13,2,match_bl_blximm)) { is 2348 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 2349 tools/finsig_thumb2.c disasm_iter(fw,is); is 2350 tools/finsig_thumb2.c if (B_target(fw, is->insn)) is 2351 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 2353 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { is 2357 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2362 tools/finsig_thumb2.c int sig_match_mktime_ext(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2370 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 2371 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 2373 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,12,"sscanf_FW")) { is 2378 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,22,match_bl_blximm)) { is 2383 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 2384 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 2388 tools/finsig_thumb2.c uint32_t j_tgt=get_direct_jump_target(fw,is); is 2392 tools/finsig_thumb2.c disasm_iter_init(fw,is,j_tgt); is 2393 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 2405 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,54,match_pop4)) { is 2409 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_b)) { is 2413 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2419 tools/finsig_thumb2.c int sig_match_rec2pb(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2427 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 2428 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 2434 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,10,match_ldr_cbnz_r0)) { is 2439 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 2440 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_b_bl_blximm)) { is 2445 tools/finsig_thumb2.c uint32_t adr = iter_state_adr(is); is 2447 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 2448 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,16,"LogCameraEvent")) { is 2453 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&3)!=3) { is 2469 tools/finsig_thumb2.c int sig_match_get_parameter_data(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2471 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2479 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,4,match_cmp_bhs)) { is 2484 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 2485 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_b)) { is 2489 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2495 tools/finsig_thumb2.c int sig_match_prepdir_x(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2497 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2507 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_mov_r1_1)) { is 2511 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_b)) { is 2515 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2521 tools/finsig_thumb2.c int sig_match_prepdir_1(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2523 tools/finsig_thumb2.c uint32_t call_adr = find_call_near_str(fw,is,rule); is 2525 tools/finsig_thumb2.c disasm_iter_init(fw,is,call_adr); is 2526 tools/finsig_thumb2.c disasm_iter(fw,is); is 2527 tools/finsig_thumb2.c disasm_iter(fw,is); is 2528 tools/finsig_thumb2.c if (!CBx_target(fw,is->insn)) is 2531 tools/finsig_thumb2.c call_adr = find_call_near_str(fw,is,rule); is 2535 tools/finsig_thumb2.c disasm_iter_init(fw,is,call_adr); is 2536 tools/finsig_thumb2.c disasm_iter(fw,is); is 2537 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2542 tools/finsig_thumb2.c call_adr = find_call_near_str(fw,is,rule); is 2549 tools/finsig_thumb2.c int sig_match_prepdir_0(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2551 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2560 tools/finsig_thumb2.c disasm_iter(fw,is); is 2561 tools/finsig_thumb2.c disasm_iter(fw,is); is 2563 tools/finsig_thumb2.c uint32_t adr=(uint32_t)is->adr|is->thumb; is 2571 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_mov_r1_1)) { is 2575 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_b)) { is 2579 tools/finsig_thumb2.c uint32_t pdx=get_branch_call_insn_target(fw,is); is 2586 tools/finsig_thumb2.c int sig_match_mkdir(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2588 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2598 tools/finsig_thumb2.c if(insn_match_find_next_seq(fw,is,148,match)) { is 2599 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2602 tools/finsig_thumb2.c init_disasm_sig_ref(fw,is,rule); is 2610 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,148,match2)) { is 2614 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2617 tools/finsig_thumb2.c int sig_match_add_ptp_handler(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2625 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 2626 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 2628 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,8,"CreateTaskStrictly")) { is 2633 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,13,3,match_bl_blximm)) { is 2639 tools/finsig_thumb2.c if((get_call_const_args(fw,is,5,regs)&7)!=7) { is 2647 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2651 tools/finsig_thumb2.c int sig_match_qsort(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2653 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2656 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,90,"DebugAssert")) { is 2660 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,38,3,match_bl_blximm)) { is 2665 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 2667 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,4,match_bl_blximm)) { is 2668 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 2670 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,14,match_bl_blximm)) { is 2676 tools/finsig_thumb2.c if((get_call_const_args(fw,is,5,regs)&0xe)!=0xe) { is 2680 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2690 tools/finsig_thumb2.c int sig_match_deletedirectory_fut(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2699 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - 2048) | fw->thumb_default); // reset to a bit before where the string was found is 2701 tools/finsig_thumb2.c while(find_next_sig_call(fw,is,end_adr - (uint32_t)is->adr,"DeleteFile_Fut")) { is 2702 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { is 2706 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"strcpy")) { is 2710 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { is 2714 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"strrchr")) { is 2720 tools/finsig_thumb2.c if((get_call_const_args(fw,is,2,regs)&0x2)!=0x2) { is 2728 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_bl_blximm)) { is 2732 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2746 tools/finsig_thumb2.c int sig_match_set_control_event(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2754 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 2755 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 2756 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { is 2760 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"LogCameraEvent")) { is 2770 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,1,match_seq)) { is 2774 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2779 tools/finsig_thumb2.c int sig_match_displaybusyonscreen_52(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2789 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 2790 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 2791 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { is 2795 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"LogCameraEvent")) { is 2799 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,4,"GUISrv_StartGUISystem_FW")) { is 2803 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,5,2,match_bl_blximm)) { is 2807 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2812 tools/finsig_thumb2.c int sig_match_undisplaybusyonscreen_52(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2822 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 2823 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 2825 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,24,"displaybusyonscreen")) { is 2829 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,12,"GUISrv_StartGUISystem_FW")) { is 2833 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,6,3,match_bl_blximm)) { is 2837 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2842 tools/finsig_thumb2.c int sig_match_try_take_sem_dry_gt_58(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2844 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2847 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,24,"ReceiveMessageQueue")) { is 2851 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,60,"bzero")) { is 2855 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,3,match_bl_blximm)) { is 2856 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2862 tools/finsig_thumb2.c int sig_match_wait_all_eventflag_strict(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2864 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2872 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,60,"SleepTask")) { is 2877 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,is->adr + 60)) { is 2878 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,6,match_bl_blximm)) { is 2879 tools/finsig_thumb2.c printf("sig_match_wait_all_eventflag_strict: no match bl 0x%"PRIx64"\n",is->insn->address); is 2882 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2887 tools/finsig_thumb2.c int sig_match_get_num_posted_messages(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2889 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2892 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,50,"TakeSemaphore")) { is 2897 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_bl_blximm)) { is 2898 tools/finsig_thumb2.c printf("sig_match_get_num_posted_messages: no match bl 0x%"PRIx64"\n",is->insn->address); is 2901 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2904 tools/finsig_thumb2.c int sig_match_set_hp_timer_after_now(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 2911 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 2912 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 2913 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,20,"ClearEventFlag")) { is 2918 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,13,3,match_bl_blximm)) { is 2924 tools/finsig_thumb2.c uint32_t found_regs = get_call_const_args(fw,is,6,regs); is 2931 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2942 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 2946 tools/finsig_thumb2.c int sig_match_transfer_src_overlay(firmware *fw, iter_state_t *is, sig_rule_t *rule) { is 2947 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 2951 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,32,"DebugAssert")) { is 2956 tools/finsig_thumb2.c if(!find_and_get_var_ldr(fw, is, 20,4, ARM_REG_R0, &desc)) { is 2961 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,1,match_bl_blximm)) { is 2962 tools/finsig_thumb2.c printf("sig_match_transfer_src_overlay: no match bl 0x%"PRIx64"\n",is->insn->address); is 2966 tools/finsig_thumb2.c uint32_t fadr = get_branch_call_insn_target(fw,is); is 2969 tools/finsig_thumb2.c save_misc_val("active_bitmap_buffer",desc.adr_adj,desc.off,(uint32_t)is->insn->address); is 2979 tools/finsig_thumb2.c if(insn_match_find_next_seq(fw,is,1,bm_buf_match)) { is 2980 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[1].reg == desc.reg_base) { is 2981 tools/finsig_thumb2.c save_misc_val("bitmap_buffer",desc.adr_adj,is->insn->detail->arm.operands[2].imm,(uint32_t)is->insn->address); is 2998 tools/finsig_thumb2.c int sig_match_exmem_vars(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3001 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3006 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,15,match_ldr_pc)) { is 3010 tools/finsig_thumb2.c adr[0]=LDR_PC2val(fw,is->insn); is 3011 tools/finsig_thumb2.c fnd[0]=(uint32_t)is->insn->address; is 3012 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_ldr_pc)) { is 3016 tools/finsig_thumb2.c adr[1]=LDR_PC2val(fw,is->insn); is 3017 tools/finsig_thumb2.c fnd[1]=(uint32_t)is->insn->address; is 3050 tools/finsig_thumb2.c int sig_match_zicokick_52(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3057 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 3060 tools/finsig_thumb2.c if(!fw_search_insn(fw,is,search_disasm_str_ref,0,rule->ref_name,(uint32_t)is->adr+SEARCH_NEAR_REF_RANGE)) { is 3065 tools/finsig_thumb2.c if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,1))) { is 3069 tools/finsig_thumb2.c if (!(isLDR_PC(fw->is->insn) && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0)) { is 3074 tools/finsig_thumb2.c uint32_t adr=(uint32_t)(fw->is->insn->address) | is->thumb; is 3076 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 3080 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_PUSH && is->insn->detail->arm.operands[0].reg == ARM_REG_R4) { is 3086 tools/finsig_thumb2.c int sig_match_zicokick_gt52(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3093 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 3096 tools/finsig_thumb2.c if(!fw_search_insn(fw,is,search_disasm_str_ref,0,rule->ref_name,(uint32_t)is->adr+SEARCH_NEAR_REF_RANGE)) { is 3105 tools/finsig_thumb2.c if (!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) { is 3109 tools/finsig_thumb2.c if (fw->is->insn->id == ARM_INS_PUSH && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R4) { is 3110 tools/finsig_thumb2.c if (!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i+1))) { is 3114 tools/finsig_thumb2.c if (isLDR_PC(fw->is->insn) && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0) { is 3115 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,(uint32_t)(fw->is->insn->address) | is->thumb); is 3122 tools/finsig_thumb2.c int sig_match_zicokick_copy(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3124 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3137 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,30,match_ldrs_bl)) { is 3142 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 3145 tools/finsig_thumb2.c int sig_match_zicokick_values(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3147 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3153 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,64,"zicokick_copy")) { is 3159 tools/finsig_thumb2.c if((get_call_const_args(fw,is,7,regs)&0x7)==0x7) { is 3164 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,8,"zicokick_copy")) { is 3177 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) { is 3181 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].type == ARM_OP_MEM) { is 3182 tools/finsig_thumb2.c uint32_t u = LDR_PC2val(fw,is->insn); is 3191 tools/finsig_thumb2.c else if (is->insn->id == ARM_INS_BL) { is 3224 tools/finsig_thumb2.c else if (is->insn->id == ARM_INS_POP) { is 3238 tools/finsig_thumb2.c int sig_match_enable_hdmi_power(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3240 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3243 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,14,"CreateEventFlagStrictly")) { is 3252 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,4,match_seq)) { is 3253 tools/finsig_thumb2.c printf("sig_match_enable_hdmi_power: no match bl seq cbnz 0x%"PRIx64"\n",is->insn->address); is 3257 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) { is 3260 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 3263 tools/finsig_thumb2.c int sig_match_disable_hdmi_power(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3265 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3268 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,24,"EnableHDMIPower")) { is 3272 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,22,"ClearEventFlag")) { is 3282 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,12,match_seq)) { is 3283 tools/finsig_thumb2.c printf("sig_match_disable_hdmi_power: no match seq bl movs pop 0x%"PRIx64"\n",is->insn->address); is 3287 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,2)); is 3288 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) { is 3291 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is)); is 3294 tools/finsig_thumb2.c int sig_match_levent_table(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3296 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3299 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { is 3304 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 3307 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_bl_blximm)) { is 3313 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 3316 tools/finsig_thumb2.c disasm_iter(fw,is); is 3317 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); is 3324 tools/finsig_thumb2.c printf("sig_match_levent_table: 0x%08x not a ROM adr 0x%"PRIx64"\n",adr,is->insn->address); is 3328 tools/finsig_thumb2.c printf("sig_match_levent_table: expected 0x800 not 0x%x at 0x%08x ref 0x%"PRIx64"\n",*(p+1),adr,is->insn->address); is 3332 tools/finsig_thumb2.c save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address); is 3335 tools/finsig_thumb2.c int sig_match_flash_param_table(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3337 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3341 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,14,match_bl_blximm)) { is 3345 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"DebugAssert")) { is 3349 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,7,match_bl_blximm)) { is 3353 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"DebugAssert")) { is 3357 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,8,match_bl_blximm)) { is 3361 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"DebugAssert")) { is 3366 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,14,2,match_bl_blximm)) { is 3371 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 3374 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,8,match_bl_blximm)) { is 3380 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 3382 tools/finsig_thumb2.c disasm_iter(fw,is); is 3383 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); is 3388 tools/finsig_thumb2.c save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address); is 3391 tools/finsig_thumb2.c int sig_match_jpeg_count_str(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3399 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 3400 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 3402 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { is 3406 tools/finsig_thumb2.c if(!is_sig_call(fw,is,"sprintf_FW")) { is 3412 tools/finsig_thumb2.c if((get_call_const_args(fw,is,5,regs)&0x3)!=0x3) { is 3424 tools/finsig_thumb2.c save_misc_val(rule->name,regs[0],0,(uint32_t)is->insn->address); is 3431 tools/finsig_thumb2.c int sig_match_misc_flag_named(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3438 tools/finsig_thumb2.c int sig_match_cam_has_iris_diaphragm(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3453 tools/finsig_thumb2.c int sig_match_cam_uncached_bit(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3455 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3462 tools/finsig_thumb2.c if(insn_match_find_next(fw,is,4,match_bic_r0)) { is 3463 tools/finsig_thumb2.c save_misc_val(rule->name,is->insn->detail->arm.operands[2].imm,0,(uint32_t)is->insn->address); is 3469 tools/finsig_thumb2.c int sig_match_physw_event_table(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3471 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3475 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_ldr_pc)) { is 3479 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); is 3481 tools/finsig_thumb2.c printf("sig_match_physw_event_table: no match LDR PC 0x%"PRIx64"\n",is->insn->address); is 3485 tools/finsig_thumb2.c printf("sig_match_physw_event_table: adr not ROM 0x%08x at 0x%"PRIx64"\n",adr,is->insn->address); is 3488 tools/finsig_thumb2.c save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address); is 3491 tools/finsig_thumb2.c int sig_match_uiprop_count(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3493 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3496 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,38,"DebugAssert")) { is 3500 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,14,"DebugAssert")) { is 3509 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,3,match_bic_cmp)) { is 3513 tools/finsig_thumb2.c save_misc_val(rule->name,is->insn->detail->arm.operands[1].imm,0,(uint32_t)is->insn->address); is 3517 tools/finsig_thumb2.c int sig_match_get_canon_mode_list(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3526 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 3527 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) { is 3529 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,4,"LogCameraEvent")) { is 3534 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 3545 tools/finsig_thumb2.c if(insn_match_any(is->insn,match_mov_r0_1)) { is 3546 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,2,2,match_bl_blximm)) { is 3551 tools/finsig_thumb2.c if(!insn_match_any(is->insn,match_bl_blximm)) { is 3557 tools/finsig_thumb2.c adr=get_branch_call_insn_target(fw,is); is 3564 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); is 3565 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,40,"TakeSemaphoreStrictly")) { is 3570 tools/finsig_thumb2.c if(!insn_match_find_nth(fw,is,12,2,match_b_bl_blximm)) { is 3575 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 3583 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,64,match_loop)) { is 3587 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,2,match_bl_blximm)) { is 3592 tools/finsig_thumb2.c adr=get_branch_call_insn_target(fw,is); is 3594 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr); is 3600 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,1,match_ldr_r0_ret)) { is 3607 tools/finsig_thumb2.c int sig_match_zoom_busy(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3609 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3613 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_bl_blximm)) { is 3618 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 3620 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_ldr_pc)) { is 3624 tools/finsig_thumb2.c uint32_t base=LDR_PC2val(fw,is->insn); is 3625 tools/finsig_thumb2.c arm_reg rb=is->insn->detail->arm.operands[0].reg; is 3628 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,40,"TakeSemaphoreStrictly")) { is 3632 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 3637 tools/finsig_thumb2.c if(is->insn->id != ARM_INS_LDR is 3638 tools/finsig_thumb2.c || is->insn->detail->arm.operands[0].reg != ARM_REG_R0 is 3639 tools/finsig_thumb2.c || is->insn->detail->arm.operands[1].mem.base != rb) { is 3643 tools/finsig_thumb2.c save_misc_val(rule->name,base,is->insn->detail->arm.operands[1].mem.disp,(uint32_t)is->insn->address); is 3647 tools/finsig_thumb2.c int sig_match_focus_busy(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3649 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3653 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,40,"TakeSemaphore")) { is 3658 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_bl_blximm)) { is 3663 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 3665 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,5,match_ldr_pc)) { is 3669 tools/finsig_thumb2.c uint32_t base=LDR_PC2val(fw,is->insn); is 3670 tools/finsig_thumb2.c arm_reg rb=is->insn->detail->arm.operands[0].reg; is 3673 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,50,"TakeSemaphoreStrictly")) { is 3681 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,7,match_ldr)) { is 3687 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[1].mem.base != rb) { is 3691 tools/finsig_thumb2.c save_misc_val(rule->name,base,is->insn->detail->arm.operands[1].mem.disp,(uint32_t)is->insn->address); is 3694 tools/finsig_thumb2.c int sig_match_aram_size(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3696 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3705 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,15,match_ldr_r0_sp_cmp)) { is 3709 tools/finsig_thumb2.c uint32_t val=is->insn->detail->arm.operands[1].imm; is 3713 tools/finsig_thumb2.c save_misc_val(rule->name,val,0,(uint32_t)is->insn->address); is 3717 tools/finsig_thumb2.c int sig_match_aram_size_gt58(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3719 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3734 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,15,match_ldrd_r0r1_mov)) { is 3735 tools/finsig_thumb2.c init_disasm_sig_ref(fw,is,rule); // reset to start is 3736 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,15,match_ldrd_r2r1_mov)) { is 3741 tools/finsig_thumb2.c uint32_t val=is->insn->detail->arm.operands[1].imm; is 3745 tools/finsig_thumb2.c save_misc_val(rule->name,val,0,(uint32_t)is->insn->address); is 3749 tools/finsig_thumb2.c int sig_match_aram_start(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3751 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3755 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,50,"DebugAssert")) { is 3765 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,15,match_cmp_bne_ldr)) { is 3769 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); is 3771 tools/finsig_thumb2.c printf("sig_match_aram_start: no match LDR PC 0x%"PRIx64"\n",is->insn->address); is 3775 tools/finsig_thumb2.c save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address); is 3779 tools/finsig_thumb2.c int sig_match_aram_start2(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3784 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3788 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,60,"DebugAssert")) { is 3799 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,15,match_cmp_bne_ldr)) { is 3803 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); is 3805 tools/finsig_thumb2.c printf("sig_match_aram_start2: no match LDR PC 0x%"PRIx64"\n",is->insn->address); is 3809 tools/finsig_thumb2.c save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address); is 3813 tools/finsig_thumb2.c int sig_match__nrflag(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3815 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3818 tools/finsig_thumb2.c uint32_t fadr=is->adr; is 3825 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,4,match_cmp_b) || is->insn->detail->arm.cc == ARM_CC_AL) { is 3830 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 3831 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 3836 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); is 3838 tools/finsig_thumb2.c printf("sig_match__nrflag: no match LDR PC 0x%"PRIx64"\n",is->insn->address); is 3841 tools/finsig_thumb2.c arm_reg reg_base = is->insn->detail->arm.operands[0].reg; // reg value was loaded into is 3842 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 3847 tools/finsig_thumb2.c if(isADDx_imm(is->insn) || isSUBx_imm(is->insn)) { is 3848 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg != reg_base) { is 3852 tools/finsig_thumb2.c if(isADDx_imm(is->insn)) { is 3853 tools/finsig_thumb2.c adr+=is->insn->detail->arm.operands[1].imm; is 3855 tools/finsig_thumb2.c adr-=is->insn->detail->arm.operands[1].imm; is 3857 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 3862 tools/finsig_thumb2.c if(is->insn->id != ARM_INS_STR || is->insn->detail->arm.operands[1].reg != reg_base) { is 3866 tools/finsig_thumb2.c uint32_t disp = is->insn->detail->arm.operands[1].mem.disp; is 3874 tools/finsig_thumb2.c int sig_match_var_struct_get(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3876 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3879 tools/finsig_thumb2.c uint32_t fadr=is->adr; is 3881 tools/finsig_thumb2.c if(!find_and_get_var_ldr(fw, is, 1, 4, ARM_REG_R0, &desc)) { is 3885 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 3890 tools/finsig_thumb2.c if(!insn_match(is->insn,match_bxlr)) { is 3898 tools/finsig_thumb2.c int sig_match_av_over_sem(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3905 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3908 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,30,"TakeSemaphore")) { is 3909 tools/finsig_thumb2.c printf("sig_match_av_over_sem: no match TakeSemaphore at 0x%"PRIx64"\n",is->insn->address); is 3914 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,5)); is 3916 tools/finsig_thumb2.c if(!find_and_get_var_ldr(fw, is, 3, 4, ARM_REG_R0, &desc)) { is 3917 tools/finsig_thumb2.c printf("sig_match_av_over_sem: no match ldr at 0x%"PRIx64"\n",is->insn->address); is 3921 tools/finsig_thumb2.c save_misc_val(rule->name,desc.adr_adj,desc.off,(uint32_t)is->insn->address); is 3925 tools/finsig_thumb2.c int sig_match_canon_menu_active(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3927 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3931 tools/finsig_thumb2.c if(!find_and_get_var_ldr(fw, is, 2, 4, ARM_REG_R0, &desc)) { is 3932 tools/finsig_thumb2.c printf("sig_match_canon_menu_active: no match ldr at 0x%"PRIx64"\n",is->insn->address); is 3935 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 3939 tools/finsig_thumb2.c if(is->insn->id != ARM_INS_CMP) { is 3940 tools/finsig_thumb2.c printf("sig_match_canon_menu_active: no match cmp at 0x%"PRIx64"\n",is->insn->address); is 3943 tools/finsig_thumb2.c save_misc_val(rule->name,desc.adr_adj,desc.off,(uint32_t)is->insn->address); is 3947 tools/finsig_thumb2.c int sig_match_file_counter_init(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3949 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3953 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { is 3958 tools/finsig_thumb2.c if(check_simple_func(fw,get_branch_call_insn_target(fw,is),MATCH_SIMPLE_FUNC_NULLSUB,NULL)) { is 3959 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { is 3965 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 3966 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl_blximm)) { is 3970 tools/finsig_thumb2.c uint32_t fadr = get_branch_call_insn_target(fw,is); is 3972 tools/finsig_thumb2.c disasm_iter_init(fw,is,fadr); is 3973 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 3978 tools/finsig_thumb2.c if(!isLDR_PC(is->insn)) { is 3985 tools/finsig_thumb2.c int sig_match_file_counter_var(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 3987 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 3990 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); is 3995 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) { is 4003 tools/finsig_thumb2.c save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address); is 4007 tools/finsig_thumb2.c int sig_match_palette_vars(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 4009 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 4012 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,70,"transfer_src_overlay")) { is 4020 tools/finsig_thumb2.c if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) { is 4024 tools/finsig_thumb2.c fadr=get_branch_call_insn_target(fw,fw->is); is 4030 tools/finsig_thumb2.c printf("sig_match_palette_vars: no match bl 1 0x%"PRIx64"\n",fw->is->insn->address); is 4034 tools/finsig_thumb2.c disasm_iter_init(fw,is,fadr); is 4036 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_bl)) { is 4037 tools/finsig_thumb2.c printf("sig_match_palette_vars: no match bl 2 0x%"PRIx64"\n",is->insn->address); is 4041 tools/finsig_thumb2.c disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is)); is 4043 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,3,match_ldr_pc)) { is 4044 tools/finsig_thumb2.c printf("sig_match_palette_vars: no match ldr pc 0x%"PRIx64"\n",is->insn->address); is 4048 tools/finsig_thumb2.c uint32_t pal_base=LDR_PC2val(fw,is->insn); is 4050 tools/finsig_thumb2.c printf("sig_match_palette_vars: bad LDR PC 0x%"PRIx64"\n",is->insn->address); is 4054 tools/finsig_thumb2.c arm_reg ptr_reg = is->insn->detail->arm.operands[0].reg; is 4056 tools/finsig_thumb2.c save_misc_val(rule->name,pal_base,0,(uint32_t)is->insn->address); is 4061 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 4065 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].mem.base == ptr_reg) { is 4068 tools/finsig_thumb2.c is->insn->detail->arm.operands[1].mem.disp, is 4069 tools/finsig_thumb2.c (uint32_t)is->insn->address); is 4075 tools/finsig_thumb2.c printf("sig_match_palette_vars: no match active_palette_buffer 0x%"PRIx64"\n",is->insn->address); is 4079 tools/finsig_thumb2.c if(!find_next_sig_call(fw,is,20,"PTM_RestoreUIProperty_FW")) { is 4085 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 4089 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].mem.base == ptr_reg) { is 4092 tools/finsig_thumb2.c is->insn->detail->arm.operands[1].mem.disp, is 4093 tools/finsig_thumb2.c (uint32_t)is->insn->address); is 4097 tools/finsig_thumb2.c printf("sig_match_palette_vars: no match palette_buffer_ptr 0x%"PRIx64"\n",is->insn->address); is 4101 tools/finsig_thumb2.c int sig_match_rom_ptr_get(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 4103 tools/finsig_thumb2.c if(!init_disasm_sig_ref(fw,is,rule)) { is 4106 tools/finsig_thumb2.c uint32_t fadr=is->adr; is 4107 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 4111 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); is 4113 tools/finsig_thumb2.c printf("sig_match_rom_ptr_get: no match LDR PC 0x%"PRIx64"\n",is->insn->address); is 4116 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) { is 4120 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 4125 tools/finsig_thumb2.c if(!insn_match(is->insn,match_bxlr)) { is 4136 tools/finsig_thumb2.c uint32_t find_call_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 4171 tools/finsig_thumb2.c disasm_iter_init(fw,is,(ADR_ALIGN4(search_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found is 4172 tools/finsig_thumb2.c while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,search_adr+SEARCH_NEAR_REF_RANGE)) { is 4178 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); is 4179 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,insn_match)) { is 4183 tools/finsig_thumb2.c return iter_state_adr(fw->is); is 4187 tools/finsig_thumb2.c if(insn_match_find_nth(fw,is,max_insns,n,insn_match)) { is 4188 tools/finsig_thumb2.c return iter_state_adr(is); is 4197 tools/finsig_thumb2.c int sig_match_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 4201 tools/finsig_thumb2.c uint32_t call_adr = find_call_near_str(fw,is,rule); is 4210 tools/finsig_thumb2.c int sig_match_prop_string(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 4212 tools/finsig_thumb2.c uint32_t call_adr = find_call_near_str(fw, is, rule); is 4218 tools/finsig_thumb2.c disasm_iter_init(fw,is,call_adr); is 4219 tools/finsig_thumb2.c disasm_iter(fw,is); is 4223 tools/finsig_thumb2.c if (is_sig_call(fw,is,"GetPropertyCase")) { is 4234 tools/finsig_thumb2.c disasm_iter_init(fw,is,call_adr - hl*4); is 4236 tools/finsig_thumb2.c while (is->adr < call_adr) { is 4237 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) is 4238 tools/finsig_thumb2.c disasm_iter_init(fw,is,(is->adr | is->thumb)+2); is 4242 tools/finsig_thumb2.c if ((get_call_const_args(fw,is,hl,regs)&(1<<myreg))==(1<<myreg)) { is 4262 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_mov_r0_imm)) { is 4265 tools/finsig_thumb2.c if(isRETx(fw->is->insn)) { is 4283 tools/finsig_thumb2.c int sig_match_named_last(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 4292 tools/finsig_thumb2.c disasm_iter_init(fw,is,ref_adr); is 4293 tools/finsig_thumb2.c if(is_immediate_ret_sub(fw,is)) { is 4297 tools/finsig_thumb2.c uint32_t fadr = find_last_call_from_func(fw,is,min,max); is 4340 tools/finsig_thumb2.c int sig_match_named(firmware *fw, iter_state_t *is, sig_rule_t *rule) is 4375 tools/finsig_thumb2.c disasm_iter_init(fw,is,ref_adr); is 4377 tools/finsig_thumb2.c if(is_immediate_ret_sub(fw,is)) { is 4385 tools/finsig_thumb2.c if(!disasm_iter(fw,is)) { is 4386 tools/finsig_thumb2.c printf("sig_match_named: disasm failed %s 0x%08x\n",rule->name,(uint32_t)is->insn->address); is 4390 tools/finsig_thumb2.c sig_match_named_save_sig(fw,rule->name,iter_state_adr(is),sig_flags); is 4395 tools/finsig_thumb2.c if(insn_match_find_nth(fw,is,15 + sig_nth_range*sig_nth,sig_nth,insn_match)) { is 4396 tools/finsig_thumb2.c uint32_t adr = B_BL_BLXimm_target(fw,is->insn); is 4399 tools/finsig_thumb2.c if(is->insn->id == ARM_INS_BLX) { is 4401 tools/finsig_thumb2.c if(!is->thumb) { is 4406 tools/finsig_thumb2.c adr |= is->thumb; is 4408 tools/finsig_thumb2.c disasm_iter_set(fw,is,adr); is 4409 tools/finsig_thumb2.c if(disasm_iter(fw,is)) { is 4411 tools/finsig_thumb2.c uint32_t j_adr=get_direct_jump_target(fw,is); is 4761 tools/finsig_thumb2.c iter_state_t *is=disasm_iter_new(fw,0); is 4770 tools/finsig_thumb2.c rule->match_fn(fw,is,rule); is 4774 tools/finsig_thumb2.c disasm_iter_free(is); is 4791 tools/finsig_thumb2.c uint32_t b_adr=get_direct_jump_target(fw,fw->is); is 4803 tools/finsig_thumb2.c int process_reg_eventproc_call(firmware *fw, iter_state_t *is,uint32_t unused) { is 4806 tools/finsig_thumb2.c if((get_call_const_args(fw,is,4,regs)&3)==3) { is 4814 tools/finsig_thumb2.c printf("eventproc name not string at 0x%"PRIx64"\n",is->insn->address); is 4821 tools/finsig_thumb2.c uint64_t adr = is->insn->address; is 4822 tools/finsig_thumb2.c uint32_t adr_thumb = is->thumb; is 4827 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr_hist_get(&is->ah,10)); is 4830 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) break; is 4831 tools/finsig_thumb2.c if (is->insn->address >= adr) break; is 4832 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].type == ARM_OP_MEM) { is 4833 tools/finsig_thumb2.c uint32_t u = LDR_PC2val(fw,is->insn); is 4835 tools/finsig_thumb2.c ar = is->insn->detail->arm.operands[0].reg; is 4843 tools/finsig_thumb2.c if (!disasm_iter(fw,is)) break; is 4844 tools/finsig_thumb2.c if (is->insn->address >= adr) break; is 4845 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_ADD && is->insn->detail->arm.operands[1].reg == ar) { is 4877 tools/finsig_thumb2.c disasm_iter_init(fw,is,adr | adr_thumb); is 4878 tools/finsig_thumb2.c disasm_iter(fw,is); is 4884 tools/finsig_thumb2.c int process_eventproc_table_call(firmware *fw, iter_state_t *is,uint32_t unused) { is 4888 tools/finsig_thumb2.c foundr0 = get_call_const_args(fw,is,4,regs) & 1; is 4891 tools/finsig_thumb2.c uint32_t ca = iter_state_adr(is); is 4892 tools/finsig_thumb2.c uint32_t sa = adr_hist_get(&is->ah,2); is 4893 tools/finsig_thumb2.c uint32_t ta = adr_hist_get(&is->ah,8); is 4894 tools/finsig_thumb2.c disasm_iter_set(fw,is,ta); is 4898 tools/finsig_thumb2.c disasm_iter(fw,is); is 4902 tools/finsig_thumb2.c uint32_t adr2 = get_branch_call_insn_target(fw,fw->is); is 4903 tools/finsig_thumb2.c if (fw->is->insn->id == ARM_INS_BLX && adr1 == adr2) { is 4904 tools/finsig_thumb2.c foundr0 = get_call_const_args(fw,is,8-2,regs) & 2; is 4911 tools/finsig_thumb2.c disasm_iter_init(fw,is,ca); is 4912 tools/finsig_thumb2.c disasm_iter(fw,is); is 4935 tools/finsig_thumb2.c printf("failed to get *EventProcTable arg 0x%08x at 0x%"PRIx64"\n",regs[0],is->insn->address); is 4938 tools/finsig_thumb2.c printf("failed to get *EventProcTable r0 at 0x%"PRIx64"\n",is->insn->address); is 4943 tools/finsig_thumb2.c int process_createtask_call(firmware *fw, iter_state_t *is,uint32_t unused) { is 4947 tools/finsig_thumb2.c if((get_call_const_args(fw,is,10,regs)&9)==9) { is 4956 tools/finsig_thumb2.c printf("task name name not string at 0x%"PRIx64"\n",is->insn->address); is 4959 tools/finsig_thumb2.c printf("failed to get CreateTask args at 0x%"PRIx64"\n",is->insn->address); is 4980 tools/finsig_thumb2.c int process_add_ptp_handler_call(firmware *fw, iter_state_t *is,uint32_t unused) { is 4983 tools/finsig_thumb2.c if((get_call_const_args(fw,is,8,regs)&3)==3) { is 4986 tools/finsig_thumb2.c printf("add_ptp_handler op 0x%08x out of range 0x%"PRIx64"\n",regs[0],is->insn->address); is 4995 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); is 4996 tools/finsig_thumb2.c cs_insn *insn=fw->is->insn; is 5012 tools/finsig_thumb2.c printf("failed to get add_ptp_handler args at 0x%"PRIx64"\n",is->insn->address); is 5019 tools/finsig_thumb2.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); is 5020 tools/finsig_thumb2.c cs_insn *insn=fw->is->insn; is 5036 tools/finsig_thumb2.c printf("failed to get ptp handler table adr at 0x%"PRIx64"\n",is->insn->address); is 5092 tools/finsig_thumb2.c void find_exception_handlers(firmware *fw, iter_state_t *is) is 5103 tools/finsig_thumb2.c disasm_iter_init(fw, is, fw->base + fw->main_offs + 12 + fw->thumb_default); is 5104 tools/finsig_thumb2.c if(!insn_match_find_next(fw,is,4,match_mcr_vbar)) { is 5108 tools/finsig_thumb2.c disasm_iter_init(fw, is, adr_hist_get(&is->ah,1)); is 5109 tools/finsig_thumb2.c disasm_iter(fw, is); is 5111 tools/finsig_thumb2.c ex_vec = LDR_PC2val(fw,is->insn); is 5119 tools/finsig_thumb2.c disasm_iter_init(fw, is, ex_vec); is 5120 tools/finsig_thumb2.c disasm_iter(fw, is); is 5133 tools/finsig_thumb2.c uint32_t addr=LDR_PC2val(fw,is->insn); is 5134 tools/finsig_thumb2.c if(!addr && is->insn->id == ARM_INS_B) { is 5135 tools/finsig_thumb2.c addr=get_branch_call_insn_target(fw,is); is 5141 tools/finsig_thumb2.c disasm_iter_init(fw, is, ADR_SET_THUMB(ex_vec + 4)); is 5144 tools/finsig_thumb2.c disasm_iter(fw, is); is 5147 tools/finsig_thumb2.c addr=LDR_PC2val(fw,is->insn); is 5180 tools/finsig_thumb2.c iter_state_t *is=disasm_iter_new(fw,0); is 5181 tools/finsig_thumb2.c disasm_iter_init(fw,is,fw->rom_code_search_min_adr | fw->thumb_default); // reset to start of fw is 5182 tools/finsig_thumb2.c fw_search_insn(fw,is,search_disasm_calls_multi,0,match_fns,0); is 5190 tools/finsig_thumb2.c disasm_iter_init(fw,is,fw->adr_ranges[i].start | fw->thumb_default); // reset to start of range is 5191 tools/finsig_thumb2.c fw_search_insn(fw,is,search_disasm_calls_multi,0,match_fns,0); is 5194 tools/finsig_thumb2.c find_exception_handlers(fw,is); is 5196 tools/finsig_thumb2.c disasm_iter_free(is); is 6194 tools/finsig_thumb2.c if(get_direct_jump_target(fw,fw->is) == sig->val) { is 6198 tools/finsig_thumb2.c if(get_direct_jump_target(fw,fw->is) == ostub2->val) { is 831 tools/firmware_load_ng.c int get_TBx_PC_info(firmware *fw,iter_state_t *is, tbx_info_t *ti) is 833 tools/firmware_load_ng.c if(!(is->insn->id == ARM_INS_TBH || is->insn->id == ARM_INS_TBB) || is->insn->detail->arm.operands[0].mem.base != ARM_REG_PC) { is 836 tools/firmware_load_ng.c ti->start=(uint32_t)is->adr; // after current instruction is 838 tools/firmware_load_ng.c ti->bytes=(is->insn->id == ARM_INS_TBH)?2:1; is 847 tools/firmware_load_ng.c arm_reg i_reg=is->insn->detail->arm.operands[0].mem.index; is 853 tools/firmware_load_ng.c if(is->ah.count - 1 < max_backtrack) { is 854 tools/firmware_load_ng.c max_backtrack = is->ah.count-1; is 861 tools/firmware_load_ng.c fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); // thumb state comes from hist is 862 tools/firmware_load_ng.c if(fw->is->insn->id == ARM_INS_B && fw->is->insn->detail->arm.cc == ARM_CC_HS) { is 867 tools/firmware_load_ng.c if(found_bhs && fw->is->insn->id == ARM_INS_CMP) { is 869 tools/firmware_load_ng.c if(fw->is->insn->detail->arm.operands[0].reg == i_reg is 870 tools/firmware_load_ng.c || fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM) { is 871 tools/firmware_load_ng.c max_count = fw->is->insn->detail->arm.operands[1].imm; is 930 tools/firmware_load_ng.c iter_state_t *is=(iter_state_t *)malloc(sizeof(iter_state_t)); is 933 tools/firmware_load_ng.c is->insn=cs_malloc(fw->cs_handle_arm); is 934 tools/firmware_load_ng.c disasm_iter_init(fw,is,adr); is 935 tools/firmware_load_ng.c return is; is 939 tools/firmware_load_ng.c void disasm_iter_free(iter_state_t *is) is 941 tools/firmware_load_ng.c cs_free(is->insn,1); is 942 tools/firmware_load_ng.c free(is); is 948 tools/firmware_load_ng.c int disasm_iter_set(firmware *fw, iter_state_t *is, uint32_t adr) is 952 tools/firmware_load_ng.c is->cs_handle=fw->cs_handle_thumb; is 953 tools/firmware_load_ng.c is->thumb=1; is 954 tools/firmware_load_ng.c is->insn_min_size=2; is 957 tools/firmware_load_ng.c is->cs_handle=fw->cs_handle_arm; is 958 tools/firmware_load_ng.c is->thumb=0; is 959 tools/firmware_load_ng.c is->insn_min_size=4; is 962 tools/firmware_load_ng.c is->code=NULL; is 963 tools/firmware_load_ng.c is->size=0; is 964 tools/firmware_load_ng.c is->adr=0; is 972 tools/firmware_load_ng.c is->code=NULL; // make first iter fail is 973 tools/firmware_load_ng.c is->size=0; is 974 tools/firmware_load_ng.c is->adr=0; is 978 tools/firmware_load_ng.c is->code=p; is 979 tools/firmware_load_ng.c is->size=fw->size8 - (p-fw->buf8); is 980 tools/firmware_load_ng.c is->adr=adr; is 985 tools/firmware_load_ng.c int disasm_iter_init(firmware *fw, iter_state_t *is, uint32_t adr) is 987 tools/firmware_load_ng.c adr_hist_reset(&is->ah); is 988 tools/firmware_load_ng.c return disasm_iter_set(fw,is,adr); is 994 tools/firmware_load_ng.c int disasm_iter(firmware *fw, iter_state_t *is) is 997 tools/firmware_load_ng.c if(!is->code) { is 1000 tools/firmware_load_ng.c adr_hist_add(&is->ah,(uint32_t)is->adr | is->thumb); // record thumb state to allow backtracking through state changes is 1001 tools/firmware_load_ng.c return cs_disasm_iter(is->cs_handle, &is->code, &is->size, &is->adr, is->insn); is 1008 tools/firmware_load_ng.c int disasm_iter_redo(firmware *fw,iter_state_t *is) { is 1009 tools/firmware_load_ng.c if(!is->code || !is->ah.count) { is 1012 tools/firmware_load_ng.c is->code -= is->insn->size; is 1013 tools/firmware_load_ng.c is->adr -= is->insn->size; is 1014 tools/firmware_load_ng.c is->size += is->insn->size; is 1016 tools/firmware_load_ng.c return cs_disasm_iter(is->cs_handle, &is->code, &is->size, &is->adr, is->insn); is 1027 tools/firmware_load_ng.c return disasm_iter_init(fw,fw->is,adr); is 1033 tools/firmware_load_ng.c return disasm_iter(fw,fw->is); is 1072 tools/firmware_load_ng.c uint32_t fw_search_insn(firmware *fw, iter_state_t *is, search_insn_fn f, uint32_t v1, void *udata, uint32_t adr_end) is 1074 tools/firmware_load_ng.c uint32_t adr_start=is->adr; is 1086 tools/firmware_load_ng.c adr_end=r_start->start + r_start->bytes - is->insn_min_size; is 1107 tools/firmware_load_ng.c if(disasm_iter(fw,is)) { is 1108 tools/firmware_load_ng.c uint32_t r=f(fw,is,v1,udata); is 1112 tools/firmware_load_ng.c adr=(uint32_t)is->adr; // adr was updated by iter or called sub is 1116 tools/firmware_load_ng.c adr=adr+is->insn_min_size; is 1117 tools/firmware_load_ng.c if(!disasm_iter_init(fw,is,adr|is->thumb)) { is 1138 tools/firmware_load_ng.c if(!disasm_iter_init(fw,is,(uint32_t)adr)) { is 1145 tools/firmware_load_ng.c if(disasm_iter(fw,is)) { is 1146 tools/firmware_load_ng.c uint32_t r=f(fw,is,v1,udata); is 1150 tools/firmware_load_ng.c adr=(uint32_t)is->adr; // adr was updated by iter or called sub is 1154 tools/firmware_load_ng.c adr=adr+is->insn_min_size; is 1155 tools/firmware_load_ng.c if(!disasm_iter_init(fw,is,adr|is->thumb)) { is 1170 tools/firmware_load_ng.c uint32_t search_disasm_const_ref(firmware *fw, iter_state_t *is, uint32_t val, void *unused) is 1173 tools/firmware_load_ng.c uint32_t av=ADRx2adr(fw,is->insn); is 1177 tools/firmware_load_ng.c return (uint32_t)is->insn->address; is 1181 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,is->insn); is 1185 tools/firmware_load_ng.c return (uint32_t)is->insn->address; is 1192 tools/firmware_load_ng.c uint32_t search_disasm_str_ref(firmware *fw, iter_state_t *is, uint32_t val, void *udata) is 1196 tools/firmware_load_ng.c uint32_t av=ADRx2adr(fw,is->insn); is 1201 tools/firmware_load_ng.c return (uint32_t)is->insn->address; is 1205 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,is->insn); is 1210 tools/firmware_load_ng.c return (uint32_t)is->insn->address; is 1219 tools/firmware_load_ng.c uint32_t search_disasm_calls(firmware *fw, iter_state_t *is, uint32_t val, void *unused) is 1222 tools/firmware_load_ng.c uint32_t sub=get_branch_call_insn_target(fw,is); is 1232 tools/firmware_load_ng.c int search_calls_multi_end(firmware *fw, iter_state_t *is, uint32_t adr) { is 1240 tools/firmware_load_ng.c uint32_t search_disasm_calls_multi(firmware *fw, iter_state_t *is, uint32_t unused, void *userdata) is 1243 tools/firmware_load_ng.c uint32_t sub=get_branch_call_insn_target(fw,is); is 1247 tools/firmware_load_ng.c return data->fn(fw,is,sub); is 1307 tools/firmware_load_ng.c arm_insn insn_id = fw->is->insn->id; is 1313 tools/firmware_load_ng.c && fw->is->insn->detail->arm.cc == ARM_CC_AL) { is 1319 tools/firmware_load_ng.c if(fw->is->insn->detail->arm.operands[0].type != ARM_OP_REG) { is 1322 tools/firmware_load_ng.c arm_reg rd = fw->is->insn->detail->arm.operands[0].reg; is 1337 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,fw->is->insn); is 1344 tools/firmware_load_ng.c uint32_t v=ADRx2adr(fw,fw->is->insn); // assumes ADR doesn't generate 0, probably safe is 1353 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM) { is 1354 tools/firmware_load_ng.c res[rd_i] += fw->is->insn->detail->arm.operands[1].imm; is 1357 tools/firmware_load_ng.c } else if(isADDx_imm(fw->is->insn)) { is 1358 tools/firmware_load_ng.c res[rd_i] += fw->is->insn->detail->arm.operands[1].imm; is 1363 tools/firmware_load_ng.c } else if(isSUBx_imm(fw->is->insn)) { is 1364 tools/firmware_load_ng.c res[rd_i] = (int)(res[rd_i]) - fw->is->insn->detail->arm.operands[1].imm; is 1409 tools/firmware_load_ng.c fprintf(stderr,"get_direct_jump_target: disasm single failed at 0x%"PRIx64"\n",fw->is->insn->address); is 1413 tools/firmware_load_ng.c if(!(fw->is->insn->id == ARM_INS_MOVT is 1414 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_IP is 1415 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM)) { is 1421 tools/firmware_load_ng.c adr = (fw->is->insn->detail->arm.operands[1].imm << 16) | (adr&0xFFFF); is 1423 tools/firmware_load_ng.c fprintf(stderr,"get_direct_jump_target: disasm 2 failed at 0x%"PRIx64"\n",fw->is->insn->address); is 1427 tools/firmware_load_ng.c if(fw->is->insn->id == ARM_INS_BX is 1428 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[0].type == ARM_OP_REG is 1429 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_IP) { is 1441 tools/firmware_load_ng.c uint32_t get_branch_call_insn_target(firmware *fw, iter_state_t *is) is 1443 tools/firmware_load_ng.c uint32_t adr=B_BL_target(fw,is->insn); is 1445 tools/firmware_load_ng.c return (adr | is->thumb); is 1448 tools/firmware_load_ng.c if(is->thumb) { is 1449 tools/firmware_load_ng.c adr=CBx_target(fw,is->insn); is 1455 tools/firmware_load_ng.c adr=BLXimm_target(fw,is->insn); is 1457 tools/firmware_load_ng.c if(is->thumb) { is 1460 tools/firmware_load_ng.c return adr | is->thumb; is 1464 tools/firmware_load_ng.c adr=LDR_PC_PC_target(fw,is->insn); is 1488 tools/firmware_load_ng.c iter_state_t *is, is 1495 tools/firmware_load_ng.c if(!insn_match_find_next(fw,is,max_search_insns,match_ldr_pc)) { is 1501 tools/firmware_load_ng.c r.reg_base=is->insn->detail->arm.operands[0].reg; is 1502 tools/firmware_load_ng.c r.adr_base=LDR_PC2val(fw,is->insn); is 1507 tools/firmware_load_ng.c if(!disasm_iter(fw,is)) { is 1513 tools/firmware_load_ng.c if(isLDR_PC(is->insn)) { is 1519 tools/firmware_load_ng.c if(isADDx_imm(is->insn) || isSUBx_imm(is->insn)) { is 1520 tools/firmware_load_ng.c if(is->insn->detail->arm.operands[0].reg != r.reg_base) { is 1523 tools/firmware_load_ng.c if(isADDx_imm(is->insn)) { is 1524 tools/firmware_load_ng.c r.adj=is->insn->detail->arm.operands[1].imm; is 1526 tools/firmware_load_ng.c r.adj=-is->insn->detail->arm.operands[1].imm; is 1528 tools/firmware_load_ng.c if(!disasm_iter(fw,is)) { is 1540 tools/firmware_load_ng.c && (is->insn->id == ARM_INS_BL || is->insn->id == ARM_INS_BLX is 1541 tools/firmware_load_ng.c || is->insn->id == ARM_INS_B || is->insn->id == ARM_INS_BX) is 1542 tools/firmware_load_ng.c && is->insn->detail->arm.cc == ARM_CC_AL) { is 1546 tools/firmware_load_ng.c if(is->insn->id != ARM_INS_LDR || is->insn->detail->arm.operands[1].reg != r.reg_base) { is 1549 tools/firmware_load_ng.c if(is->insn->detail->arm.operands[0].type == ARM_OP_REG && is->insn->detail->arm.operands[0].reg == r.reg_base) { is 1555 tools/firmware_load_ng.c r.reg_val = is->insn->detail->arm.operands[0].reg; is 1559 tools/firmware_load_ng.c r.off = is->insn->detail->arm.operands[1].mem.disp; is 1606 tools/firmware_load_ng.c if(insn_match_any(fw->is->insn,match_mov_r0_imm)) { is 1607 tools/firmware_load_ng.c found_val = fw->is->insn->detail->arm.operands[1].imm; is 1616 tools/firmware_load_ng.c if(!isRETx(fw->is->insn)) { is 1641 tools/firmware_load_ng.c uint32_t find_last_call_from_func(firmware *fw, iter_state_t *is,int min_insns, int max_insns) is 1647 tools/firmware_load_ng.c if(!disasm_iter(fw,is)) { is 1648 tools/firmware_load_ng.c fprintf(stderr,"find_last_call_from_func: disasm failed 0x%"PRIx64"\n",is->adr); is 1652 tools/firmware_load_ng.c if(isPUSH_LR(is->insn)) { is 1667 tools/firmware_load_ng.c if(insn_match_any(is->insn,match_bl_blximm) && count >= min_insns) { is 1669 tools/firmware_load_ng.c last_adr=get_branch_call_insn_target(fw,is); is 1673 tools/firmware_load_ng.c if(isPOP_PC(is->insn)) { is 1682 tools/firmware_load_ng.c if(isPOP_LR(is->insn)) { is 1688 tools/firmware_load_ng.c if(!disasm_iter(fw,is)) { is 1689 tools/firmware_load_ng.c fprintf(stderr,"find_last_call_from_func: disasm failed 0x%"PRIx64"\n",is->adr); is 1692 tools/firmware_load_ng.c if(is->insn->id == ARM_INS_B && is->insn->detail->arm.cc == ARM_CC_AL) { is 1693 tools/firmware_load_ng.c return get_branch_call_insn_target(fw,is); is 1700 tools/firmware_load_ng.c if(isRETx(is->insn)) { is 1750 tools/firmware_load_ng.c int insn_match_seq(firmware *fw, iter_state_t *is, const insn_match_t *match) is 1753 tools/firmware_load_ng.c while(match->id != ARM_INS_ENDING && disasm_iter(fw,is) && insn_match(is->insn,match)) { is 1848 tools/firmware_load_ng.c int insn_match_find_next(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match) is 1853 tools/firmware_load_ng.c if(!disasm_iter(fw,is)) { is 1857 tools/firmware_load_ng.c if(insn_match_any(is->insn,match)) { is 1867 tools/firmware_load_ng.c int insn_match_find_nth(firmware *fw, iter_state_t *is, int max_insns, int num_to_match, const insn_match_t *match) is 1873 tools/firmware_load_ng.c if(!disasm_iter(fw,is)) { is 1881 tools/firmware_load_ng.c if(insn_match(is->insn,m)) { is 1895 tools/firmware_load_ng.c int insn_match_find_next_seq(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match) is 1901 tools/firmware_load_ng.c while(m->id != ARM_INS_ENDING && disasm_iter(fw,is) && insn_match(is->insn,m)) { is 2171 tools/firmware_load_ng.c fw->is=disasm_iter_new(fw,0); is 2185 tools/firmware_load_ng.c iter_state_t *is, is 2199 tools/firmware_load_ng.c while(disasm_iter(fw,is) && count < max_search) { is 2200 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,is->insn); is 2235 tools/firmware_load_ng.c void find_exception_vec(firmware *fw, iter_state_t *is) is 2251 tools/firmware_load_ng.c disasm_iter_init(fw, is, fw->base + fw->main_offs + 12 + fw->thumb_default); is 2252 tools/firmware_load_ng.c if(!insn_match_find_next(fw,is,4,match_bl_mcr)) { is 2257 tools/firmware_load_ng.c uint32_t faddr = get_branch_call_insn_target(fw,is); is 2260 tools/firmware_load_ng.c disasm_iter_init(fw, is, faddr); is 2261 tools/firmware_load_ng.c disasm_iter(fw, is); is 2264 tools/firmware_load_ng.c if(!IS_INSN_ID_MOVx(is->insn->id) || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) { is 2267 tools/firmware_load_ng.c ra = is->insn->detail->arm.operands[0].reg; is 2268 tools/firmware_load_ng.c va = is->insn->detail->arm.operands[1].imm; is 2269 tools/firmware_load_ng.c disasm_iter(fw, is); is 2270 tools/firmware_load_ng.c if(is->insn->id != ARM_INS_MOVT is 2271 tools/firmware_load_ng.c || is->insn->detail->arm.operands[0].reg != ra is 2272 tools/firmware_load_ng.c || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) { is 2275 tools/firmware_load_ng.c va = (is->insn->detail->arm.operands[1].imm << 16) | (va & 0xFFFF); is 2281 tools/firmware_load_ng.c disasm_iter(fw, is); is 2282 tools/firmware_load_ng.c if(!IS_INSN_ID_MOVx(is->insn->id) || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) { is 2285 tools/firmware_load_ng.c rb = is->insn->detail->arm.operands[0].reg; is 2286 tools/firmware_load_ng.c vb = is->insn->detail->arm.operands[1].imm; is 2287 tools/firmware_load_ng.c disasm_iter(fw, is); is 2288 tools/firmware_load_ng.c if(is->insn->id != ARM_INS_MOVT is 2289 tools/firmware_load_ng.c || is->insn->detail->arm.operands[0].reg != rb is 2290 tools/firmware_load_ng.c || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) { is 2293 tools/firmware_load_ng.c vb = (is->insn->detail->arm.operands[1].imm << 16) | (vb & 0xFFFF); is 2304 tools/firmware_load_ng.c } else if(is->insn->id == ARM_INS_MCR) { is 2308 tools/firmware_load_ng.c disasm_iter_init(fw, is, adr_hist_get(&is->ah,1)); is 2309 tools/firmware_load_ng.c disasm_iter(fw, is); is 2323 tools/firmware_load_ng.c iter_state_t *is=disasm_iter_new(fw, fw->base + fw->main_offs + 12 + fw->thumb_default); is 2336 tools/firmware_load_ng.c while(find_startup_copy(fw,is,max_search,&src_start,&dst_start,&dst_end)) { is 2355 tools/firmware_load_ng.c data_found_copy=is->adr; is 2405 tools/firmware_load_ng.c disasm_iter_init(fw,is,(data_found_copy-4) | fw->thumb_default); is 2406 tools/firmware_load_ng.c while(disasm_iter(fw,is) && count < 20) { is 2407 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,is->insn); is 2435 tools/firmware_load_ng.c find_exception_vec(fw,is); is 2448 tools/firmware_load_ng.c disasm_iter_free(is); is 2457 tools/firmware_load_ng.c if(fw->is) { is 2458 tools/firmware_load_ng.c disasm_iter_free(fw->is); is 128 tools/firmware_load_ng.h iter_state_t* is; is 343 tools/firmware_load_ng.h int get_TBx_PC_info(firmware *fw,iter_state_t *is, tbx_info_t *ti); is 350 tools/firmware_load_ng.h void disasm_iter_free(iter_state_t *is); is 354 tools/firmware_load_ng.h int disasm_iter_set(firmware *fw, iter_state_t *is, uint32_t adr); is 358 tools/firmware_load_ng.h int disasm_iter_init(firmware *fw, iter_state_t *is, uint32_t adr); is 365 tools/firmware_load_ng.h int disasm_iter(firmware *fw, iter_state_t *is); is 400 tools/firmware_load_ng.h typedef uint32_t (*search_insn_fn)(firmware *fw, iter_state_t *is, uint32_t v1, void *udata); is 411 tools/firmware_load_ng.h uint32_t fw_search_insn(firmware *fw, iter_state_t *is, search_insn_fn f,uint32_t v1, void *udata, uint32_t adr_end); is 415 tools/firmware_load_ng.h uint32_t search_disasm_const_ref(firmware *fw, iter_state_t *is, uint32_t val, void *unused); is 418 tools/firmware_load_ng.h uint32_t search_disasm_str_ref(firmware *fw, iter_state_t *is, uint32_t val, void *str); is 423 tools/firmware_load_ng.h uint32_t search_disasm_calls(firmware *fw, iter_state_t *is, uint32_t val, void *unused); is 427 tools/firmware_load_ng.h typedef int (*search_calls_multi_fn)(firmware *fw, iter_state_t *is, uint32_t adr); is 437 tools/firmware_load_ng.h int search_calls_multi_end(firmware *fw, iter_state_t *is, uint32_t adr); is 442 tools/firmware_load_ng.h uint32_t search_disasm_calls_multi(firmware *fw, iter_state_t *is, uint32_t unused, void *userdata); is 475 tools/firmware_load_ng.h uint32_t get_branch_call_insn_target(firmware *fw, iter_state_t *is); is 504 tools/firmware_load_ng.h iter_state_t *is, is 539 tools/firmware_load_ng.h uint32_t find_last_call_from_func(firmware *fw, iter_state_t *is,int min_insns, int max_insns); is 615 tools/firmware_load_ng.h int insn_match_find_next(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match); is 618 tools/firmware_load_ng.h int insn_match_find_nth(firmware *fw, iter_state_t *is, int max_insns, int num_to_match, const insn_match_t *match); is 621 tools/firmware_load_ng.h int insn_match_seq(firmware *fw, iter_state_t *is, const insn_match_t *match); is 624 tools/firmware_load_ng.h int insn_match_find_next_seq(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match); is 653 tools/firmware_load_ng.h #define iter_state_adr(is) ((uint32_t)is->insn->address | is->thumb)