is                 57 lib/math/ef_pow.c 	int hx,hy,ix,iy,is;
is                133 lib/math/ef_pow.c 	    GET_FLOAT_WORD(is,t1);
is                134 lib/math/ef_pow.c 	    SET_FLOAT_WORD(t1,is&0xfffff000);
is                156 lib/math/ef_pow.c 	    GET_FLOAT_WORD(is,s_h);
is                157 lib/math/ef_pow.c 	    SET_FLOAT_WORD(s_h,is&0xfffff000);
is                168 lib/math/ef_pow.c 	    GET_FLOAT_WORD(is,t_h);
is                169 lib/math/ef_pow.c 	    SET_FLOAT_WORD(t_h,is&0xfffff000);
is                176 lib/math/ef_pow.c 	    GET_FLOAT_WORD(is,p_h);
is                177 lib/math/ef_pow.c 	    SET_FLOAT_WORD(p_h,is&0xfffff000);
is                184 lib/math/ef_pow.c 	    GET_FLOAT_WORD(is,t1);
is                185 lib/math/ef_pow.c 	    SET_FLOAT_WORD(t1,is&0xfffff000);
is                194 lib/math/ef_pow.c 	GET_FLOAT_WORD(is,y);
is                195 lib/math/ef_pow.c 	SET_FLOAT_WORD(y1,is&0xfffff000);
is                226 lib/math/ef_pow.c 	GET_FLOAT_WORD(is,t);
is                227 lib/math/ef_pow.c 	SET_FLOAT_WORD(t,is&0xfffff000);
is                421 tools/capdis.c void describe_prop_call(firmware *fw,iter_state_t *is, unsigned dis_opts, char *comment, uint32_t target)
is                429 tools/capdis.c     if((get_call_const_args(fw,is,6,regs)&1)!=1) {
is                458 tools/capdis.c int do_dis_branch(firmware *fw, iter_state_t *is, unsigned dis_opts, char *mnem, char *ops, char *comment)
is                460 tools/capdis.c     uint32_t target = B_target(fw,is->insn);
is                463 tools/capdis.c         target = CBx_target(fw,is->insn);
is                467 tools/capdis.c         sprintf(op_pfx,"%s, ",cs_reg_name(is->cs_handle,is->insn->detail->arm.operands[0].reg));
is                474 tools/capdis.c        ostub = find_sig_val(fw->sv->stubs,target|is->thumb);
is                483 tools/capdis.c             if(fw_disasm_iter_single(fw,target|is->thumb)) {
is                484 tools/capdis.c                 j_target=get_direct_jump_target(fw,fw->is);
is                509 tools/capdis.c     describe_prop_call(fw,is,dis_opts,comment,desc_adr | is->thumb);
is                510 tools/capdis.c     describe_simple_func(fw,dis_opts,comment,desc_adr | is->thumb);
is                515 tools/capdis.c int do_dis_call(firmware *fw, iter_state_t *is, unsigned dis_opts, char *mnem, char *ops, char *comment)
is                517 tools/capdis.c     if(!((is->insn->id == ARM_INS_BL || is->insn->id == ARM_INS_BLX) 
is                518 tools/capdis.c             && is->insn->detail->arm.operands[0].type == ARM_OP_IMM)) {
is                522 tools/capdis.c     uint32_t target = get_branch_call_insn_target(fw,is); // target with thumb bit set appropriately
is                537 tools/capdis.c                 j_target=get_direct_jump_target(fw,fw->is);
is                563 tools/capdis.c     describe_prop_call(fw,is,dis_opts,comment,desc_adr);
is                570 tools/capdis.c                     iter_state_t *is,
is                577 tools/capdis.c     cs_insn *insn=is->insn;
is                584 tools/capdis.c     if(do_dis_branch(fw,is,dis_opts,mnem,ops,comment)) {
is                587 tools/capdis.c     if(do_dis_call(fw,is,dis_opts,mnem,ops,comment)) {
is                598 tools/capdis.c                         cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg),
is                619 tools/capdis.c                         cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg),
is                625 tools/capdis.c                                 cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), 
is                631 tools/capdis.c                                 cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), 
is                641 tools/capdis.c                                 cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), 
is                654 tools/capdis.c     } else if(get_TBx_PC_info(fw,is,ti)) {
is                663 tools/capdis.c void do_adr_label(firmware *fw, struct llist **branch_list, iter_state_t *is, unsigned dis_opts)
is                666 tools/capdis.c     uint32_t adr=is->insn->address;
is                671 tools/capdis.c        ostub = find_sig_val(fw->sv->stubs,adr|is->thumb);
is                692 tools/capdis.c static void do_tbb_data(firmware *fw, iter_state_t *is, unsigned dis_opts, tbx_info_t *ti)
is                746 tools/capdis.c     if(!disasm_iter_init(fw,is,adr | is->thumb)) {
is                754 tools/capdis.c static void do_tbh_data(firmware *fw, iter_state_t *is, unsigned dis_opts, tbx_info_t *ti)
is                791 tools/capdis.c     if(!disasm_iter_init(fw,is,adr | is->thumb)) {
is                796 tools/capdis.c static void do_tbx_pass1(firmware *fw, iter_state_t *is, struct llist **branch_list, unsigned dis_opts, tbx_info_t *ti)
is                829 tools/capdis.c     if(!disasm_iter_init(fw,is,adr | is->thumb)) {
is                835 tools/capdis.c static void do_tbx_data(firmware *fw, iter_state_t *is, unsigned dis_opts, tbx_info_t *ti)
is                838 tools/capdis.c         do_tbb_data(fw,is,dis_opts,ti);
is                840 tools/capdis.c         do_tbh_data(fw,is,dis_opts,ti);
is                851 tools/capdis.c     iter_state_t *is=disasm_iter_new(fw,dis_start);
is                859 tools/capdis.c         while(count < dis_count &&  is->adr < dis_end) {
is                860 tools/capdis.c             if(disasm_iter(fw,is)) {
is                861 tools/capdis.c                 uint32_t b_tgt=get_branch_call_insn_target(fw,is);
is                865 tools/capdis.c                 } else if(get_TBx_PC_info(fw,is,&ti)) { 
is                868 tools/capdis.c                     do_tbx_pass1(fw,is,branch_list,dis_opts,&ti);
is                871 tools/capdis.c                 if(!disasm_iter_init(fw,is,(is->adr+is->insn_min_size) | is->thumb)) {
is                880 tools/capdis.c     disasm_iter_init(fw,is,dis_start);
is                881 tools/capdis.c     while(count < dis_count && is->adr < dis_end) {
is                882 tools/capdis.c         if(disasm_iter(fw,is)) {
is                883 tools/capdis.c             do_adr_label(fw,branch_list,is,dis_opts);
is                888 tools/capdis.c                     printf(" 0x%"PRIx64"",is->insn->address);
is                892 tools/capdis.c                     for(k=0;k<is->insn->size;k++) {
is                893 tools/capdis.c                         printf(" %02x",is->insn->bytes[k]);
is                899 tools/capdis.c                 describe_insn_ops(is->cs_handle,is->insn);
is                902 tools/capdis.c                 describe_insn_groups(is->cs_handle,is->insn);
is                907 tools/capdis.c             do_dis_insn(fw,is,dis_opts,insn_mnemonic,insn_ops,comment,&ti);
is                921 tools/capdis.c                     printf("%08"PRIx64": \t",is->insn->address);
is                924 tools/capdis.c                     if(is->insn->size == 2) {
is                925 tools/capdis.c                         printf("%04x     ",*(unsigned short *)is->insn->bytes);
is                926 tools/capdis.c                     } else if(is->insn->size == 4) {
is                927 tools/capdis.c                         printf("%04x %04x",*(unsigned short *)is->insn->bytes,*(unsigned short *)(is->insn->bytes+2));
is                951 tools/capdis.c                 do_tbx_data(fw,is,dis_opts,&ti);
is                953 tools/capdis.c             if((dis_opts & DIS_OPT_END_RET) && isRETx(is->insn)) { // end disassembly on return
is                968 tools/capdis.c             uint16_t *pv=(uint16_t *)adr2ptr(fw,is->adr);
is                971 tools/capdis.c                 if(is->thumb) {
is                977 tools/capdis.c                 printf("%s invalid address %"PRIx64"\n",comment_start,is->adr);
is                979 tools/capdis.c             if(!disasm_iter_init(fw,is,(is->adr+is->insn_min_size)|is->thumb)) {
is                991 tools/capdis.c         printf("    ldr     pc, =0x%"PRIx64,is->adr|is->thumb);
is                786 tools/finsig_thumb2.c     uint32_t b_adr=get_direct_jump_target(fw,fw->is);
is                801 tools/finsig_thumb2.c int find_next_sig_call(firmware *fw, iter_state_t *is, uint32_t max_offset, const char *name)
is                824 tools/finsig_thumb2.c     return fw_search_insn(fw,is,search_disasm_calls_multi,0,match_fns,is->adr + max_offset);
is                828 tools/finsig_thumb2.c int is_sig_call(firmware *fw, iter_state_t *is, const char *name)
is                830 tools/finsig_thumb2.c     uint32_t adr=get_branch_call_insn_target(fw,is);
is                857 tools/finsig_thumb2.c typedef int (*sig_match_fn)(firmware *fw, iter_state_t *is, sig_rule_t *rule);
is                893 tools/finsig_thumb2.c int init_disasm_sig_ref(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is                904 tools/finsig_thumb2.c     if(!disasm_iter_init(fw,is,adr)) {
is                911 tools/finsig_thumb2.c int sig_match_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule);
is                917 tools/finsig_thumb2.c int sig_match_str_r0_call(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is                928 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is                929 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is                930 tools/finsig_thumb2.c         if(is->insn->detail->arm.operands[0].reg == ARM_REG_R0) {
is                933 tools/finsig_thumb2.c             if(insn_match_find_next(fw,is,4,match_b_bl_blximm)) {
is                934 tools/finsig_thumb2.c                 uint32_t adr=get_branch_call_insn_target(fw,is);
is                944 tools/finsig_thumb2.c int sig_match_reg_evp(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is                962 tools/finsig_thumb2.c     disasm_iter_init(fw,is,e_to_evp);
is                963 tools/finsig_thumb2.c     if(insn_match_seq(fw,is,reg_evp_match)) {
is                964 tools/finsig_thumb2.c         reg_evp=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm);
is                973 tools/finsig_thumb2.c int sig_match_reg_evp_table(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is                984 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is                986 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is                987 tools/finsig_thumb2.c         if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) {
is                990 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,2,match_b_bl)) {
is                993 tools/finsig_thumb2.c         reg_evp_alt1=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm);
is               1000 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,4,regs)&3)==3) {
is               1012 tools/finsig_thumb2.c         disasm_iter_init(fw,is,dd_enable_p); // start at found func
is               1013 tools/finsig_thumb2.c         if(insn_match_find_next(fw,is,4,match_b_bl)) { // find the first bl
is               1016 tools/finsig_thumb2.c             if(get_call_const_args(fw,is,4,regs)&1) {
is               1017 tools/finsig_thumb2.c                 reg_evp_tbl=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm);
is               1027 tools/finsig_thumb2.c int sig_match_reg_evp_alt2(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1039 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1040 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1041 tools/finsig_thumb2.c         if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) {
is               1044 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_b_bl)) {
is               1049 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,4,regs)&3)==3) {
is               1051 tools/finsig_thumb2.c                 reg_evp_alt2=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm);
is               1054 tools/finsig_thumb2.c                     printf("RegisterEventProcedure_alt2 == _alt1 at %"PRIx64"\n",is->insn->address);
is               1069 tools/finsig_thumb2.c int sig_match_unreg_evp_table(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1081 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1082 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1084 tools/finsig_thumb2.c         if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) {
is               1087 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_b_bl)) {
is               1090 tools/finsig_thumb2.c         uint32_t reg_call=get_branch_call_insn_target(fw,is);
is               1097 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,4,regs)&3)==3) {
is               1109 tools/finsig_thumb2.c     disasm_iter_init(fw,is,mecha_unreg);
is               1111 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,7,match_b_bl)) {
is               1119 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,18,match_ldr_r0)) {
is               1122 tools/finsig_thumb2.c     uint32_t tbl=LDR_PC2val(fw,is->insn);
is               1126 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               1130 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1135 tools/finsig_thumb2.c int sig_match_evp_table_veneer(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1142 tools/finsig_thumb2.c     disasm_iter_init(fw,is,ref_adr); // start at our known function
is               1143 tools/finsig_thumb2.c     while (is->adr < (ref_adr+0x800)) {
is               1144 tools/finsig_thumb2.c         cadr = is->adr;
is               1145 tools/finsig_thumb2.c         if (!disasm_iter(fw,is)) {
is               1146 tools/finsig_thumb2.c             disasm_iter_set(fw,is,(is->adr+2) | fw->thumb_default);
is               1149 tools/finsig_thumb2.c             if (is->insn->id == ARM_INS_B) {
is               1150 tools/finsig_thumb2.c                 uint32_t b_adr = get_branch_call_insn_target(fw,is);
is               1153 tools/finsig_thumb2.c                     add_func_name(fw,rule->name,cadr | is->thumb,NULL);
is               1163 tools/finsig_thumb2.c int sig_match_get_nd_value(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1170 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1173 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,16,"ClearEventFlag")) {
is               1177 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               1182 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1183 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               1184 tools/finsig_thumb2.c     if (B_target(fw,is->insn))
is               1185 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1187 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_bl_blximm)) {
is               1191 tools/finsig_thumb2.c     uint32_t addr=get_branch_call_insn_target(fw,is);
is               1199 tools/finsig_thumb2.c int sig_match_get_current_exp(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1201 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1204 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,2,match_bl_blximm)) {
is               1209 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1210 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               1215 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1216 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               1220 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1223 tools/finsig_thumb2.c int sig_match_get_current_nd_value(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1229 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1232 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,36,"GetCurrentShutterSpeed_FW")) {
is               1243 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,10,match_bl_strh)) {
is               1248 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,1));
is               1249 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               1250 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1253 tools/finsig_thumb2.c int sig_match_imager_active_callback(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1255 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1266 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,28,match_ldr_bl_mov_pop)) {
is               1271 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,3));
is               1273 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               1274 tools/finsig_thumb2.c     uint32_t f1=LDR_PC2val(fw,is->insn);
is               1279 tools/finsig_thumb2.c int sig_match_imager_active(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1281 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1294 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,10,match_ldr_mov_str_pop)) {
is               1296 tools/finsig_thumb2.c         init_disasm_sig_ref(fw,is,rule);
is               1304 tools/finsig_thumb2.c         if(!insn_match_find_next_seq(fw,is,10,match_mov_ldr_str_pop)) {
is               1311 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,backtrack));
is               1312 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               1313 tools/finsig_thumb2.c     uint32_t base=LDR_PC2val(fw,is->insn);
is               1314 tools/finsig_thumb2.c     uint32_t reg=is->insn->detail->arm.operands[0].reg;
is               1318 tools/finsig_thumb2.c         disasm_iter(fw,is);
is               1320 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               1322 tools/finsig_thumb2.c     if(is->insn->detail->arm.operands[1].mem.base != reg) {
is               1326 tools/finsig_thumb2.c     uint32_t off=is->insn->detail->arm.operands[1].mem.disp;
is               1328 tools/finsig_thumb2.c     save_misc_val("imager_active",base,off,(uint32_t)is->insn->address);
is               1332 tools/finsig_thumb2.c int sig_match_screenlock_helper(firmware *fw, iter_state_t *is, sig_rule_t *rule) {
is               1333 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1336 tools/finsig_thumb2.c     uint32_t init_adr = (uint32_t)is->adr | is->thumb;
is               1352 tools/finsig_thumb2.c     if(insn_match_find_next_seq(fw,is,6,match_cmp_bne_bl)) {
is               1359 tools/finsig_thumb2.c     disasm_iter_init(fw,is,init_adr);
is               1360 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,1,match_ldrpc_mov_b)) {
is               1361 tools/finsig_thumb2.c         printf("sig_match_screenlock_helper: match 2 failed 0x%"PRIx64"\n",is->insn->address);
is               1364 tools/finsig_thumb2.c     disasm_iter_init(fw,is,init_adr);
is               1365 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               1366 tools/finsig_thumb2.c     uint32_t adr = LDR_PC2val(fw,is->insn);
is               1368 tools/finsig_thumb2.c         printf("sig_match_screenlock_helper: no match LDR PC 0x%"PRIx64"\n",is->insn->address);
is               1371 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               1373 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,6,match_cmp_bne_bl)) {
is               1380 tools/finsig_thumb2.c int sig_match_screenunlock(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1382 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1386 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,14,"ScreenLock")) {
is               1397 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,38,match_end)) {
is               1402 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1406 tools/finsig_thumb2.c int sig_match_log_camera_event(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1408 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1411 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               1416 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,4,regs)&3)!=3) {
is               1429 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1433 tools/finsig_thumb2.c int sig_match_physw_misc(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1435 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1439 tools/finsig_thumb2.c             disasm_iter_init(fw,is,ostub2->val);
is               1449 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               1453 tools/finsig_thumb2.c         physw_run=LDR_PC2val(fw,is->insn);
is               1456 tools/finsig_thumb2.c                 save_misc_val("physw_run",physw_run,0,(uint32_t)is->insn->address);
is               1469 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,7,match_bl_blximm)) {
is               1477 tools/finsig_thumb2.c     uint32_t f=get_branch_call_insn_target(fw,is);
is               1482 tools/finsig_thumb2.c         uint32_t f2=get_direct_jump_target(fw,fw->is);
is               1491 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,1));
is               1492 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               1497 tools/finsig_thumb2.c     if(is->insn->id != ARM_INS_LDR
is               1498 tools/finsig_thumb2.c         || is->insn->detail->arm.operands[0].reg != ARM_REG_R0) {
is               1501 tools/finsig_thumb2.c     save_misc_val("physw_sleep_delay",physw_run,is->insn->detail->arm.operands[1].mem.disp,(uint32_t)is->insn->address);
is               1503 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               1509 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,2,match_bl_blximm)) {
is               1512 tools/finsig_thumb2.c     save_sig(fw,"kbd_p1_f",get_branch_call_insn_target(fw,is));
is               1515 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               1518 tools/finsig_thumb2.c     save_sig(fw,"kbd_p2_f",get_branch_call_insn_target(fw,is));
is               1522 tools/finsig_thumb2.c int sig_match_kbd_read_keys(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1524 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1528 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               1531 tools/finsig_thumb2.c     save_sig(fw,"kbd_read_keys",get_branch_call_insn_target(fw,is));
is               1532 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               1536 tools/finsig_thumb2.c     uint32_t physw_status=LDR_PC2val(fw,is->insn);
is               1538 tools/finsig_thumb2.c         save_misc_val("physw_status",physw_status,0,(uint32_t)is->insn->address);
is               1539 tools/finsig_thumb2.c         save_sig(fw,"kbd_p1_f_cont",(uint32_t)(is->insn->address) | is->thumb);
is               1546 tools/finsig_thumb2.c int sig_match_get_kbd_state(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1548 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1558 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,11,match)) {
is               1561 tools/finsig_thumb2.c     save_sig_with_j(fw,"GetKbdState",get_branch_call_insn_target(fw,is));
is               1563 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_b_bl_blximm)) {
is               1566 tools/finsig_thumb2.c     save_sig_with_j(fw,"kbd_read_keys_r2",get_branch_call_insn_target(fw,is));
is               1570 tools/finsig_thumb2.c int sig_match_get_dial_hw_position(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1572 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1575 tools/finsig_thumb2.c     uint32_t adr = find_last_call_from_func(fw,is,18,50);
is               1581 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               1582 tools/finsig_thumb2.c     adr = find_last_call_from_func(fw,is,16,32);
is               1588 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               1590 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,30,match_bl_blximm)) {
is               1594 tools/finsig_thumb2.c     uint32_t fadr = get_branch_call_insn_target(fw,is);
is               1596 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,4));
is               1603 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_hw_dial_call)) {
is               1610 tools/finsig_thumb2.c int sig_match_create_jumptable(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1612 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1616 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,20,2,match_bl_blximm)) {
is               1620 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1621 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,15,match_bl_blximm)) {
is               1625 tools/finsig_thumb2.c     save_sig(fw,"CreateJumptable",get_branch_call_insn_target(fw,is));
is               1630 tools/finsig_thumb2.c int sig_match_take_semaphore_strict(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1632 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1636 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               1640 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1642 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,10,2,match_bl_blximm)) {
is               1646 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1648 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,20,3,match_bl_blximm)) {
is               1651 tools/finsig_thumb2.c     save_sig_with_j(fw,"DebugAssert",get_branch_call_insn_target(fw,is));
is               1654 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,7,match_bl_blximm)) {
is               1657 tools/finsig_thumb2.c     save_sig_with_j(fw,"TakeSemaphoreStrictly",get_branch_call_insn_target(fw,is));
is               1663 tools/finsig_thumb2.c         fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i));
is               1664 tools/finsig_thumb2.c         cs_insn *insn=fw->is->insn;
is               1685 tools/finsig_thumb2.c     save_misc_val("fileio_semaphore",sem_adr,0,(uint32_t)is->insn->address);
is               1687 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,10,match_bl_blximm)) {
is               1690 tools/finsig_thumb2.c     return save_sig_with_j(fw,"GetDrive_FreeClusters",get_branch_call_insn_target(fw,is));
is               1693 tools/finsig_thumb2.c int sig_match_get_semaphore_value(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1701 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1703 tools/finsig_thumb2.c     if(!fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1711 tools/finsig_thumb2.c         if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) {
is               1715 tools/finsig_thumb2.c         if(insn_match_any(fw->is->insn,match_bl_blximm)){
is               1716 tools/finsig_thumb2.c             fadr=get_branch_call_insn_target(fw,fw->is);
is               1725 tools/finsig_thumb2.c     disasm_iter_init(fw,is,fadr);
is               1727 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,9,match_bl_blximm)) {
is               1731 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1734 tools/finsig_thumb2.c int sig_match_stat(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1743 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1744 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1745 tools/finsig_thumb2.c         if(is->insn->detail->arm.operands[0].reg == ARM_REG_R0) {
is               1746 tools/finsig_thumb2.c             if(insn_match_find_next(fw,is,2,match_bl_blximm)) {
is               1747 tools/finsig_thumb2.c                 uint32_t adr=get_branch_call_insn_target(fw,is);
is               1749 tools/finsig_thumb2.c                 if(is_sig_call(fw,is,"Fopen_Fut_FW")) {
is               1770 tools/finsig_thumb2.c int sig_match_open(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1772 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1775 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,48,match_open_mov_call)) {
is               1778 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1782 tools/finsig_thumb2.c int sig_match_open_gt_57(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1784 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1787 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,38,"TakeSemaphoreStrictly")) {
is               1792 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_bl_blximm)) {
is               1796 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1798 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,48,match_open_mov_call)) {
is               1801 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1806 tools/finsig_thumb2.c int sig_match_close_gt_57(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1808 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1811 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,34,"TakeSemaphoreStrictly")) {
is               1816 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               1820 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1822 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               1825 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1830 tools/finsig_thumb2.c int sig_match_umalloc(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1832 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1836 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,15,3,match_bl_blximm)) {
is               1840 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1842 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,14,3,match_bl_blximm)) {
is               1845 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1849 tools/finsig_thumb2.c int sig_match_ufree(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1851 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1855 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,60,"strcpy_FW")) {
is               1859 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,12,3,match_bl_blximm)) {
is               1863 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1865 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,40,"Close_FW")) {
is               1869 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               1872 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1875 tools/finsig_thumb2.c int sig_match_deletefile_fut(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1883 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1884 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1886 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               1890 tools/finsig_thumb2.c         uint32_t adr=get_branch_call_insn_target(fw,is);
is               1903 tools/finsig_thumb2.c         if(!insn_match_any(fw->is->insn,match_mov_r1)){
is               1911 tools/finsig_thumb2.c uint32_t find_call_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule);
is               1913 tools/finsig_thumb2.c int sig_match_closedir(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1921 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1922 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1923 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,60,"sprintf_FW")) {
is               1926 tools/finsig_thumb2.c         if(insn_match_find_nth(fw,is,7,2,match_bl_blximm)) {
is               1927 tools/finsig_thumb2.c             return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1931 tools/finsig_thumb2.c     uint32_t call_adr = find_call_near_str(fw,is,rule);
is               1933 tools/finsig_thumb2.c         disasm_iter_init(fw,is,call_adr); // reset to a bit before where the string was found
is               1940 tools/finsig_thumb2.c         if(insn_match_seq(fw,is,match_closedir)){
is               1941 tools/finsig_thumb2.c             return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1951 tools/finsig_thumb2.c     disasm_iter_init(fw,fw->is,call_adr); // reset to a bit before where the string was found
is               1952 tools/finsig_thumb2.c     disasm_iter(fw,fw->is);
is               1953 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,fw->is));
is               1956 tools/finsig_thumb2.c int sig_match_readfastdir(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1973 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1974 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1975 tools/finsig_thumb2.c         uint32_t ref_adr = iter_state_adr(is);
is               1977 tools/finsig_thumb2.c         fw_disasm_iter_single(fw,adr_hist_get(&is->ah,2));
is               1978 tools/finsig_thumb2.c         if(insn_match_any(fw->is->insn,match_bl_blximm)) {
is               1979 tools/finsig_thumb2.c             uint32_t call_adr = iter_state_adr(fw->is);
is               1980 tools/finsig_thumb2.c             fw_disasm_iter_single(fw,adr_hist_get(&is->ah,1));
is               1981 tools/finsig_thumb2.c             if(insn_match_any(fw->is->insn,match_cbnz_r0)) {
is               1988 tools/finsig_thumb2.c             fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i));
is               1989 tools/finsig_thumb2.c             if(insn_match_any(fw->is->insn,match_bl_blximm)) {
is               1990 tools/finsig_thumb2.c                 uint32_t call_adr = iter_state_adr(fw->is);
is               1991 tools/finsig_thumb2.c                 fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i-1));
is               1992 tools/finsig_thumb2.c                 if(insn_match_any(fw->is->insn,match_cbz_r0)) {
is               1993 tools/finsig_thumb2.c                     uint32_t b_adr = get_branch_call_insn_target(fw,fw->is);
is               2005 tools/finsig_thumb2.c int sig_match_strrchr(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2010 tools/finsig_thumb2.c         uint32_t call_adr = find_call_near_str(fw,is,rule);
is               2012 tools/finsig_thumb2.c             disasm_iter_init(fw,is,call_adr-4); // reset to a bit before where the string was found
is               2017 tools/finsig_thumb2.c             if(insn_match_find_next(fw,is,2,match_mov_r1_imm)){
is               2025 tools/finsig_thumb2.c int sig_match_time(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2034 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2035 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2037 tools/finsig_thumb2.c         if(insn_match_find_nth(fw,is,6,2,match_bl_blximm)) {
is               2038 tools/finsig_thumb2.c             fadr=get_branch_call_insn_target(fw,is);
is               2046 tools/finsig_thumb2.c     disasm_iter_init(fw,is,fadr);
is               2048 tools/finsig_thumb2.c     if(insn_match_find_nth(fw,is,11,2,match_bl_blximm)) {
is               2049 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2054 tools/finsig_thumb2.c int sig_match_strncpy(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2056 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2059 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,60,"strcpy_FW")) {
is               2062 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               2065 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2068 tools/finsig_thumb2.c int sig_match_strncmp(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2076 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2077 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2078 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               2082 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,4,regs)&6)==6) {
is               2085 tools/finsig_thumb2.c                 return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2092 tools/finsig_thumb2.c int sig_match_strtolx(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2094 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2097 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,130,"strncpy")) {
is               2101 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               2104 tools/finsig_thumb2.c     uint32_t adr=get_branch_call_insn_target(fw,is);
is               2109 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               2110 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               2121 tools/finsig_thumb2.c     if(!insn_match(is->insn,match_mov_r3_imm)){
is               2124 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               2128 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2132 tools/finsig_thumb2.c int sig_match_exec_evp(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2140 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2141 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2145 tools/finsig_thumb2.c             if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) {
is               2148 tools/finsig_thumb2.c             if(fw->is->insn->id == ARM_INS_PUSH && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0) {
is               2150 tools/finsig_thumb2.c                 uint32_t adr=(uint32_t)(fw->is->insn->address) | is->thumb;
is               2152 tools/finsig_thumb2.c                 if(find_next_sig_call(fw,is,28,"DebugAssert")) {
is               2162 tools/finsig_thumb2.c int sig_match_fgets_fut(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2164 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2167 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,16,"Fopen_Fut_FW")) {
is               2170 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               2171 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               2172 tools/finsig_thumb2.c     if (B_target(fw,is->insn) && (is->insn->detail->arm.cc == ARM_CC_NE)) {
is               2173 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2175 tools/finsig_thumb2.c         if (B_target(fw,is->insn) && (is->insn->detail->arm.cc == ARM_CC_NE)) {
is               2176 tools/finsig_thumb2.c             disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2179 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,20,1,match_bl_blximm)) {
is               2182 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2185 tools/finsig_thumb2.c int sig_match_log(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2187 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2195 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,38,3,match_pop6)) {
is               2199 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,24,3,match_bl_blximm)) {
is               2202 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2206 tools/finsig_thumb2.c int sig_match_pow_dry_52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2211 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2219 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,50,match_ldrd_r0_r1)) {
is               2223 tools/finsig_thumb2.c     if(is->insn->detail->arm.operands[2].mem.base == ARM_REG_SP) {
is               2226 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               2230 tools/finsig_thumb2.c     uint32_t adr=get_branch_call_insn_target(fw,is);
is               2238 tools/finsig_thumb2.c int sig_match_pow_dry_gt_52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2243 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2266 tools/finsig_thumb2.c         if(insn_match_find_next_seq(fw,is,50,match1[idx]))
is               2268 tools/finsig_thumb2.c         init_disasm_sig_ref(fw,is,rule);
is               2274 tools/finsig_thumb2.c     uint32_t adr=get_branch_call_insn_target(fw,is);
is               2279 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               2296 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,15,match2[idx])) {
is               2299 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2302 tools/finsig_thumb2.c int sig_match_sqrt(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2304 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2308 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,12,3,match_bl_blximm)) {
is               2312 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2313 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               2317 tools/finsig_thumb2.c     uint32_t j_tgt=get_direct_jump_target(fw,is);
is               2321 tools/finsig_thumb2.c         disasm_iter_init(fw,is,j_tgt);
is               2322 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               2328 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,12,2,match_b_bl_blximm)) {
is               2331 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2333 tools/finsig_thumb2.c int sig_match_get_drive_cluster_size(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2335 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2339 tools/finsig_thumb2.c     if(fw_search_insn(fw,is,search_disasm_str_ref,0,"A/OpLogErr.txt",(uint32_t)is->adr+260)) {
is               2341 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               2346 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2348 tools/finsig_thumb2.c         if(!insn_match_find_nth(fw,is,13,2,match_bl_blximm)) {
is               2353 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2354 tools/finsig_thumb2.c         disasm_iter(fw,is);
is               2355 tools/finsig_thumb2.c         if (B_target(fw, is->insn))
is               2356 tools/finsig_thumb2.c             disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2358 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               2362 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2367 tools/finsig_thumb2.c int sig_match_mktime_ext(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2375 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2376 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2378 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,12,"sscanf_FW")) {
is               2383 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,22,match_bl_blximm)) {
is               2388 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2389 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               2393 tools/finsig_thumb2.c         uint32_t j_tgt=get_direct_jump_target(fw,is);
is               2397 tools/finsig_thumb2.c             disasm_iter_init(fw,is,j_tgt);
is               2398 tools/finsig_thumb2.c             if(!disasm_iter(fw,is)) {
is               2410 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,54,match_pop4)) {
is               2414 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,1,match_b)) {
is               2418 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2424 tools/finsig_thumb2.c int sig_match_rec2pb(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2432 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2433 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2439 tools/finsig_thumb2.c         if(!insn_match_find_next_seq(fw,is,10,match_ldr_cbnz_r0)) {
is               2444 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2445 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_b_bl_blximm)) {
is               2450 tools/finsig_thumb2.c         uint32_t adr = iter_state_adr(is);
is               2452 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2453 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,16,"LogCameraEvent")) {
is               2458 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,4,regs)&3)!=3) {
is               2474 tools/finsig_thumb2.c int sig_match_get_parameter_data(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2476 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2484 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,4,match_cmp_bhs)) {
is               2489 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2490 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,1,match_b)) {
is               2494 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2500 tools/finsig_thumb2.c int sig_match_prepdir_x(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2502 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2512 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,1,match_mov_r1_1)) {
is               2516 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,1,match_b)) {
is               2520 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2526 tools/finsig_thumb2.c int sig_match_prepdir_1(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2528 tools/finsig_thumb2.c     uint32_t call_adr = find_call_near_str(fw,is,rule);
is               2530 tools/finsig_thumb2.c         disasm_iter_init(fw,is,call_adr);
is               2531 tools/finsig_thumb2.c         disasm_iter(fw,is);
is               2532 tools/finsig_thumb2.c         disasm_iter(fw,is);
is               2533 tools/finsig_thumb2.c         if (!CBx_target(fw,is->insn))
is               2536 tools/finsig_thumb2.c             call_adr = find_call_near_str(fw,is,rule);
is               2540 tools/finsig_thumb2.c             disasm_iter_init(fw,is,call_adr);
is               2541 tools/finsig_thumb2.c             disasm_iter(fw,is);
is               2542 tools/finsig_thumb2.c             return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2547 tools/finsig_thumb2.c     call_adr = find_call_near_str(fw,is,rule);
is               2554 tools/finsig_thumb2.c int sig_match_prepdir_0(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2556 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2565 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               2566 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               2568 tools/finsig_thumb2.c     uint32_t adr=(uint32_t)is->adr|is->thumb;
is               2576 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,1,match_mov_r1_1)) {
is               2580 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,1,match_b)) {
is               2584 tools/finsig_thumb2.c     uint32_t pdx=get_branch_call_insn_target(fw,is);
is               2591 tools/finsig_thumb2.c int sig_match_mkdir(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2593 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2603 tools/finsig_thumb2.c     if(insn_match_find_next_seq(fw,is,148,match)) {
is               2604 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2607 tools/finsig_thumb2.c     init_disasm_sig_ref(fw,is,rule);
is               2615 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,148,match2)) {
is               2619 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2622 tools/finsig_thumb2.c int sig_match_add_ptp_handler(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2630 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2631 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2633 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,8,"CreateTaskStrictly")) {
is               2638 tools/finsig_thumb2.c         if(!insn_match_find_nth(fw,is,13,3,match_bl_blximm)) {
is               2644 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,5,regs)&7)!=7) {
is               2652 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2656 tools/finsig_thumb2.c int sig_match_qsort(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2658 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2661 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,90,"DebugAssert")) {
is               2665 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,38,3,match_bl_blximm)) {
is               2670 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2672 tools/finsig_thumb2.c     if(insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               2673 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2675 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,14,match_bl_blximm)) {
is               2681 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,5,regs)&0xe)!=0xe) {
is               2685 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2695 tools/finsig_thumb2.c int sig_match_deletedirectory_fut(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2704 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - 2048) | fw->thumb_default); // reset to a bit before where the string was found
is               2706 tools/finsig_thumb2.c     while(find_next_sig_call(fw,is,end_adr - (uint32_t)is->adr,"DeleteFile_Fut")) {
is               2707 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               2711 tools/finsig_thumb2.c         if(!is_sig_call(fw,is,"strcpy")) {
is               2715 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               2719 tools/finsig_thumb2.c         if(!is_sig_call(fw,is,"strrchr")) {
is               2725 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,2,regs)&0x2)!=0x2) {
is               2733 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,5,match_bl_blximm)) {
is               2737 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2751 tools/finsig_thumb2.c int sig_match_set_control_event(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2759 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2760 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2761 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               2765 tools/finsig_thumb2.c         if(!is_sig_call(fw,is,"LogCameraEvent")) {
is               2775 tools/finsig_thumb2.c         if(!insn_match_find_next_seq(fw,is,1,match_seq)) {
is               2779 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2784 tools/finsig_thumb2.c int sig_match_displaybusyonscreen_52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2794 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2795 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2796 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               2800 tools/finsig_thumb2.c         if(!is_sig_call(fw,is,"LogCameraEvent")) {
is               2804 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,4,"GUISrv_StartGUISystem_FW")) {
is               2808 tools/finsig_thumb2.c         if(!insn_match_find_nth(fw,is,5,2,match_bl_blximm)) {
is               2812 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2817 tools/finsig_thumb2.c int sig_match_undisplaybusyonscreen_52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2827 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2828 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2830 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,24,"displaybusyonscreen")) {
is               2834 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,12,"GUISrv_StartGUISystem_FW")) {
is               2838 tools/finsig_thumb2.c         if(!insn_match_find_nth(fw,is,6,3,match_bl_blximm)) {
is               2842 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2847 tools/finsig_thumb2.c int sig_match_try_take_sem_dry_gt_58(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2849 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2852 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,24,"ReceiveMessageQueue")) {
is               2856 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,60,"bzero")) {
is               2860 tools/finsig_thumb2.c     if(insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               2861 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2867 tools/finsig_thumb2.c int sig_match_wait_all_eventflag_strict(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2869 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2877 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,60,"SleepTask")) {
is               2882 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,is->adr + 60)) {
is               2883 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               2884 tools/finsig_thumb2.c             printf("sig_match_wait_all_eventflag_strict: no match bl 0x%"PRIx64"\n",is->insn->address);
is               2887 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2892 tools/finsig_thumb2.c int sig_match_get_num_posted_messages(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2894 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2897 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,50,"TakeSemaphore")) {
is               2902 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_bl_blximm)) {
is               2903 tools/finsig_thumb2.c         printf("sig_match_get_num_posted_messages:  no match bl 0x%"PRIx64"\n",is->insn->address);
is               2906 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2909 tools/finsig_thumb2.c int sig_match_set_hp_timer_after_now(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2916 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2917 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2918 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,20,"ClearEventFlag")) {
is               2923 tools/finsig_thumb2.c         if(!insn_match_find_nth(fw,is,13,3,match_bl_blximm)) {
is               2929 tools/finsig_thumb2.c         uint32_t found_regs = get_call_const_args(fw,is,6,regs);
is               2936 tools/finsig_thumb2.c                     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2947 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2951 tools/finsig_thumb2.c int sig_match_transfer_src_overlay(firmware *fw, iter_state_t *is, sig_rule_t *rule) {
is               2952 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2956 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,32,"DebugAssert")) {
is               2961 tools/finsig_thumb2.c     if(!find_and_get_var_ldr(fw, is, 20,4, ARM_REG_R0, &desc)) {
is               2966 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,1,match_bl_blximm)) {
is               2967 tools/finsig_thumb2.c         printf("sig_match_transfer_src_overlay: no match bl 0x%"PRIx64"\n",is->insn->address);
is               2971 tools/finsig_thumb2.c     uint32_t fadr = get_branch_call_insn_target(fw,is);
is               2974 tools/finsig_thumb2.c     save_misc_val("active_bitmap_buffer",desc.adr_adj,desc.off,(uint32_t)is->insn->address);
is               2984 tools/finsig_thumb2.c     if(insn_match_find_next_seq(fw,is,1,bm_buf_match)) {
is               2985 tools/finsig_thumb2.c         if(is->insn->detail->arm.operands[1].reg == desc.reg_base) {
is               2986 tools/finsig_thumb2.c             save_misc_val("bitmap_buffer",desc.adr_adj,is->insn->detail->arm.operands[2].imm,(uint32_t)is->insn->address);
is               3003 tools/finsig_thumb2.c int sig_match_exmem_vars(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3006 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3011 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,15,match_ldr_pc)) {
is               3015 tools/finsig_thumb2.c     adr[0]=LDR_PC2val(fw,is->insn);
is               3016 tools/finsig_thumb2.c     fnd[0]=(uint32_t)is->insn->address;
is               3017 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_ldr_pc)) {
is               3021 tools/finsig_thumb2.c     adr[1]=LDR_PC2val(fw,is->insn);
is               3022 tools/finsig_thumb2.c     fnd[1]=(uint32_t)is->insn->address;
is               3055 tools/finsig_thumb2.c int sig_match_zicokick_52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3062 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               3065 tools/finsig_thumb2.c     if(!fw_search_insn(fw,is,search_disasm_str_ref,0,rule->ref_name,(uint32_t)is->adr+SEARCH_NEAR_REF_RANGE)) {
is               3070 tools/finsig_thumb2.c     if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,1))) {
is               3074 tools/finsig_thumb2.c     if (!(isLDR_PC(fw->is->insn) && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0)) {
is               3079 tools/finsig_thumb2.c     uint32_t adr=(uint32_t)(fw->is->insn->address) | is->thumb;
is               3081 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               3085 tools/finsig_thumb2.c     if (is->insn->id == ARM_INS_PUSH && is->insn->detail->arm.operands[0].reg == ARM_REG_R4) {
is               3091 tools/finsig_thumb2.c int sig_match_zicokick_gt52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3098 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               3101 tools/finsig_thumb2.c     if(!fw_search_insn(fw,is,search_disasm_str_ref,0,rule->ref_name,(uint32_t)is->adr+SEARCH_NEAR_REF_RANGE)) {
is               3110 tools/finsig_thumb2.c         if (!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) {
is               3114 tools/finsig_thumb2.c         if (fw->is->insn->id == ARM_INS_PUSH && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R4) {
is               3115 tools/finsig_thumb2.c             if (!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i+1))) {
is               3119 tools/finsig_thumb2.c             if (isLDR_PC(fw->is->insn) && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0) {
is               3120 tools/finsig_thumb2.c                 return save_sig_with_j(fw,rule->name,(uint32_t)(fw->is->insn->address) | is->thumb);
is               3127 tools/finsig_thumb2.c int sig_match_zicokick_copy(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3129 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3142 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,30,match_ldrs_bl)) {
is               3147 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3150 tools/finsig_thumb2.c int sig_match_zicokick_values(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3152 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3158 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,64,"zicokick_copy")) {
is               3164 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,7,regs)&0x7)==0x7) {
is               3169 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,8,"zicokick_copy")) {
is               3182 tools/finsig_thumb2.c         if (!disasm_iter(fw,is)) {
is               3186 tools/finsig_thumb2.c         if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].type == ARM_OP_MEM) {
is               3187 tools/finsig_thumb2.c             uint32_t u = LDR_PC2val(fw,is->insn);
is               3196 tools/finsig_thumb2.c         else if (is->insn->id == ARM_INS_BL) {
is               3229 tools/finsig_thumb2.c         else if (is->insn->id == ARM_INS_POP) {
is               3243 tools/finsig_thumb2.c int sig_match_init_ex_drivers(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3245 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3252 tools/finsig_thumb2.c         if (!disasm_iter(fw,is)) {
is               3256 tools/finsig_thumb2.c         uint32_t b_tgt = get_branch_call_insn_target(fw,is);
is               3261 tools/finsig_thumb2.c         uint64_t next_adr = is->adr | is->thumb;
is               3262 tools/finsig_thumb2.c         disasm_iter_init(fw,is,b_tgt);
is               3263 tools/finsig_thumb2.c         if (!disasm_iter(fw,is)) {
is               3268 tools/finsig_thumb2.c         if(is->insn->id == ARM_INS_PUSH) {
is               3269 tools/finsig_thumb2.c             if(find_next_sig_call(fw,is,30,"DebugAssert")) {
is               3271 tools/finsig_thumb2.c                 if((get_call_const_args(fw,is,5,regs)&0x2)==0x2) {
is               3279 tools/finsig_thumb2.c         disasm_iter_init(fw,is,next_adr);
is               3284 tools/finsig_thumb2.c int sig_match_omar_init(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3290 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3293 tools/finsig_thumb2.c     uint32_t fadr = find_last_call_from_func(fw,is,20,42);
is               3299 tools/finsig_thumb2.c     disasm_iter_init(fw,is,fadr);
is               3300 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,44,"dry_memcpy")) {
is               3306 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,5,regs)&0x6)!=0x6) {
is               3315 tools/finsig_thumb2.c     save_misc_val("omar_init_data",dadr,0,(uint32_t)is->insn->address);
is               3342 tools/finsig_thumb2.c int sig_match_enable_hdmi_power(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3344 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3347 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,14,"CreateEventFlagStrictly")) {
is               3356 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,4,match_seq)) {
is               3357 tools/finsig_thumb2.c         printf("sig_match_enable_hdmi_power: no match bl seq cbnz 0x%"PRIx64"\n",is->insn->address);
is               3361 tools/finsig_thumb2.c     if (!disasm_iter(fw,is)) {
is               3364 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3367 tools/finsig_thumb2.c int sig_match_disable_hdmi_power(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3369 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3372 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,24,"EnableHDMIPower")) {
is               3376 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,22,"ClearEventFlag")) {
is               3386 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,12,match_seq)) {
is               3387 tools/finsig_thumb2.c         printf("sig_match_disable_hdmi_power: no match seq bl movs pop 0x%"PRIx64"\n",is->insn->address);
is               3391 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,2));
is               3392 tools/finsig_thumb2.c     if (!disasm_iter(fw,is)) {
is               3395 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3398 tools/finsig_thumb2.c int sig_match_levent_table(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3400 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3403 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               3408 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3411 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               3417 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3420 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               3421 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               3428 tools/finsig_thumb2.c         printf("sig_match_levent_table: 0x%08x not a ROM adr 0x%"PRIx64"\n",adr,is->insn->address);
is               3432 tools/finsig_thumb2.c         printf("sig_match_levent_table: expected 0x800 not 0x%x at 0x%08x ref 0x%"PRIx64"\n",*(p+1),adr,is->insn->address);
is               3436 tools/finsig_thumb2.c     save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address);
is               3439 tools/finsig_thumb2.c int sig_match_flash_param_table(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3441 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3445 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,14,match_bl_blximm)) {
is               3449 tools/finsig_thumb2.c     if(!is_sig_call(fw,is,"DebugAssert")) {
is               3453 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,7,match_bl_blximm)) {
is               3457 tools/finsig_thumb2.c     if(!is_sig_call(fw,is,"DebugAssert")) {
is               3461 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,8,match_bl_blximm)) {
is               3465 tools/finsig_thumb2.c     if(!is_sig_call(fw,is,"DebugAssert")) {
is               3470 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,14,2,match_bl_blximm)) {
is               3475 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3478 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,8,match_bl_blximm)) {
is               3484 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3486 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               3487 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               3492 tools/finsig_thumb2.c     save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address);
is               3495 tools/finsig_thumb2.c int sig_match_jpeg_count_str(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3503 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               3504 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               3506 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               3510 tools/finsig_thumb2.c         if(!is_sig_call(fw,is,"sprintf_FW")) {
is               3516 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,5,regs)&0x3)!=0x3) {
is               3528 tools/finsig_thumb2.c         save_misc_val(rule->name,regs[0],0,(uint32_t)is->insn->address);
is               3535 tools/finsig_thumb2.c int sig_match_misc_flag_named(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3542 tools/finsig_thumb2.c int sig_match_cam_has_iris_diaphragm(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3557 tools/finsig_thumb2.c int sig_match_cam_uncached_bit(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3559 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3566 tools/finsig_thumb2.c     if(insn_match_find_next(fw,is,4,match_bic_r0)) {
is               3567 tools/finsig_thumb2.c         save_misc_val(rule->name,is->insn->detail->arm.operands[2].imm,0,(uint32_t)is->insn->address);
is               3573 tools/finsig_thumb2.c int sig_match_physw_event_table(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3575 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3579 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_ldr_pc)) {
is               3583 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               3585 tools/finsig_thumb2.c         printf("sig_match_physw_event_table: no match LDR PC 0x%"PRIx64"\n",is->insn->address);
is               3589 tools/finsig_thumb2.c         printf("sig_match_physw_event_table: adr not ROM 0x%08x at 0x%"PRIx64"\n",adr,is->insn->address);
is               3592 tools/finsig_thumb2.c     save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address);
is               3595 tools/finsig_thumb2.c int sig_match_uiprop_count(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3597 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3600 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,38,"DebugAssert")) {
is               3604 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,14,"DebugAssert")) {
is               3613 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,3,match_bic_cmp)) {
is               3617 tools/finsig_thumb2.c     save_misc_val(rule->name,is->insn->detail->arm.operands[1].imm,0,(uint32_t)is->insn->address);
is               3621 tools/finsig_thumb2.c int sig_match_get_canon_mode_list(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3630 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               3631 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               3633 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,4,"LogCameraEvent")) {
is               3638 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               3649 tools/finsig_thumb2.c         if(insn_match_any(is->insn,match_mov_r0_1)) {
is               3650 tools/finsig_thumb2.c             if(!insn_match_find_nth(fw,is,2,2,match_bl_blximm)) {
is               3655 tools/finsig_thumb2.c             if(!insn_match_any(is->insn,match_bl_blximm)) {
is               3661 tools/finsig_thumb2.c         adr=get_branch_call_insn_target(fw,is);
is               3668 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               3669 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,40,"TakeSemaphoreStrictly")) {
is               3674 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,12,2,match_b_bl_blximm)) {
is               3679 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3687 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,64,match_loop)) {
is               3691 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,2,match_bl_blximm)) {
is               3696 tools/finsig_thumb2.c     adr=get_branch_call_insn_target(fw,is);
is               3698 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               3704 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,1,match_ldr_r0_ret)) {
is               3711 tools/finsig_thumb2.c int sig_match_zoom_busy(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3713 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3717 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_bl_blximm)) {
is               3722 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3724 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_ldr_pc)) {
is               3728 tools/finsig_thumb2.c     uint32_t base=LDR_PC2val(fw,is->insn);
is               3729 tools/finsig_thumb2.c     arm_reg rb=is->insn->detail->arm.operands[0].reg;
is               3732 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,40,"TakeSemaphoreStrictly")) {
is               3736 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               3741 tools/finsig_thumb2.c     if(is->insn->id != ARM_INS_LDR 
is               3742 tools/finsig_thumb2.c         || is->insn->detail->arm.operands[0].reg != ARM_REG_R0
is               3743 tools/finsig_thumb2.c         || is->insn->detail->arm.operands[1].mem.base != rb) {
is               3747 tools/finsig_thumb2.c     save_misc_val(rule->name,base,is->insn->detail->arm.operands[1].mem.disp,(uint32_t)is->insn->address);
is               3751 tools/finsig_thumb2.c int sig_match_focus_busy(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3753 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3757 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,40,"TakeSemaphore")) {
is               3762 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_bl_blximm)) {
is               3767 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3769 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_ldr_pc)) {
is               3773 tools/finsig_thumb2.c     uint32_t base=LDR_PC2val(fw,is->insn);
is               3774 tools/finsig_thumb2.c     arm_reg rb=is->insn->detail->arm.operands[0].reg;
is               3777 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,50,"TakeSemaphoreStrictly")) {
is               3785 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,7,match_ldr)) {
is               3791 tools/finsig_thumb2.c     if(is->insn->detail->arm.operands[1].mem.base != rb) {
is               3795 tools/finsig_thumb2.c     save_misc_val(rule->name,base,is->insn->detail->arm.operands[1].mem.disp,(uint32_t)is->insn->address);
is               3798 tools/finsig_thumb2.c int sig_match_aram_size(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3800 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3809 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,15,match_ldr_r0_sp_cmp)) {
is               3813 tools/finsig_thumb2.c     uint32_t val=is->insn->detail->arm.operands[1].imm;
is               3817 tools/finsig_thumb2.c     save_misc_val(rule->name,val,0,(uint32_t)is->insn->address);
is               3821 tools/finsig_thumb2.c int sig_match_aram_size_gt58(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3823 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3838 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,15,match_ldrd_r0r1_mov)) {
is               3839 tools/finsig_thumb2.c         init_disasm_sig_ref(fw,is,rule); // reset to start
is               3840 tools/finsig_thumb2.c         if(!insn_match_find_next_seq(fw,is,15,match_ldrd_r2r1_mov)) {
is               3845 tools/finsig_thumb2.c     uint32_t val=is->insn->detail->arm.operands[1].imm;
is               3849 tools/finsig_thumb2.c     save_misc_val(rule->name,val,0,(uint32_t)is->insn->address);
is               3853 tools/finsig_thumb2.c int sig_match_aram_start(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3855 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3859 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,50,"DebugAssert")) {
is               3869 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,15,match_cmp_bne_ldr)) {
is               3873 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               3875 tools/finsig_thumb2.c         printf("sig_match_aram_start: no match LDR PC 0x%"PRIx64"\n",is->insn->address);
is               3879 tools/finsig_thumb2.c     save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address);
is               3883 tools/finsig_thumb2.c int sig_match_aram_start2(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3888 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3892 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,60,"DebugAssert")) {
is               3903 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,15,match_cmp_bne_ldr)) {
is               3907 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               3909 tools/finsig_thumb2.c         printf("sig_match_aram_start2: no match LDR PC 0x%"PRIx64"\n",is->insn->address);
is               3913 tools/finsig_thumb2.c     save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address);
is               3917 tools/finsig_thumb2.c int sig_match__nrflag(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3919 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3922 tools/finsig_thumb2.c     uint32_t fadr=is->adr;
is               3929 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,4,match_cmp_b) || is->insn->detail->arm.cc == ARM_CC_AL) {
is               3934 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3935 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               3940 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               3942 tools/finsig_thumb2.c         printf("sig_match__nrflag: no match LDR PC 0x%"PRIx64"\n",is->insn->address);
is               3945 tools/finsig_thumb2.c     arm_reg reg_base = is->insn->detail->arm.operands[0].reg; // reg value was loaded into
is               3946 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               3951 tools/finsig_thumb2.c     if(isADDx_imm(is->insn) || isSUBx_imm(is->insn)) {
is               3952 tools/finsig_thumb2.c         if(is->insn->detail->arm.operands[0].reg != reg_base) {
is               3956 tools/finsig_thumb2.c         if(isADDx_imm(is->insn)) {
is               3957 tools/finsig_thumb2.c             adr+=is->insn->detail->arm.operands[1].imm;
is               3959 tools/finsig_thumb2.c             adr-=is->insn->detail->arm.operands[1].imm;
is               3961 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               3966 tools/finsig_thumb2.c     if(is->insn->id != ARM_INS_STR || is->insn->detail->arm.operands[1].reg != reg_base) {
is               3970 tools/finsig_thumb2.c     uint32_t disp = is->insn->detail->arm.operands[1].mem.disp;
is               3978 tools/finsig_thumb2.c int sig_match_var_struct_get(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3980 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3983 tools/finsig_thumb2.c     uint32_t fadr=is->adr;
is               3985 tools/finsig_thumb2.c     if(!find_and_get_var_ldr(fw, is, 1, 4, ARM_REG_R0, &desc)) {
is               3989 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               3994 tools/finsig_thumb2.c     if(!insn_match(is->insn,match_bxlr)) {
is               4002 tools/finsig_thumb2.c int sig_match_av_over_sem(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4009 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4012 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,30,"TakeSemaphore")) {
is               4013 tools/finsig_thumb2.c         printf("sig_match_av_over_sem: no match TakeSemaphore at 0x%"PRIx64"\n",is->insn->address);
is               4018 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,5));
is               4020 tools/finsig_thumb2.c     if(!find_and_get_var_ldr(fw, is, 3, 4, ARM_REG_R0, &desc)) {
is               4021 tools/finsig_thumb2.c         printf("sig_match_av_over_sem: no match ldr at 0x%"PRIx64"\n",is->insn->address);
is               4025 tools/finsig_thumb2.c     save_misc_val(rule->name,desc.adr_adj,desc.off,(uint32_t)is->insn->address);
is               4029 tools/finsig_thumb2.c int sig_match_canon_menu_active(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4031 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4035 tools/finsig_thumb2.c     if(!find_and_get_var_ldr(fw, is, 2, 4, ARM_REG_R0, &desc)) {
is               4036 tools/finsig_thumb2.c         printf("sig_match_canon_menu_active: no match ldr at 0x%"PRIx64"\n",is->insn->address);
is               4039 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4043 tools/finsig_thumb2.c     if(is->insn->id != ARM_INS_CMP) {
is               4044 tools/finsig_thumb2.c         printf("sig_match_canon_menu_active: no match cmp at 0x%"PRIx64"\n",is->insn->address);
is               4047 tools/finsig_thumb2.c     save_misc_val(rule->name,desc.adr_adj,desc.off,(uint32_t)is->insn->address);
is               4051 tools/finsig_thumb2.c int sig_match_file_counter_init(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4053 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4057 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               4062 tools/finsig_thumb2.c     if(check_simple_func(fw,get_branch_call_insn_target(fw,is),MATCH_SIMPLE_FUNC_NULLSUB,NULL)) {
is               4063 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               4069 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               4070 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               4074 tools/finsig_thumb2.c     uint32_t fadr = get_branch_call_insn_target(fw,is);
is               4076 tools/finsig_thumb2.c     disasm_iter_init(fw,is,fadr);
is               4077 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4082 tools/finsig_thumb2.c     if(!isLDR_PC(is->insn)) {
is               4089 tools/finsig_thumb2.c int sig_match_file_counter_var(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4091 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4094 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               4099 tools/finsig_thumb2.c     if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) {
is               4107 tools/finsig_thumb2.c     save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address);
is               4111 tools/finsig_thumb2.c int sig_match_palette_vars(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4113 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4116 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,70,"transfer_src_overlay")) {
is               4124 tools/finsig_thumb2.c         if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) {
is               4128 tools/finsig_thumb2.c         fadr=get_branch_call_insn_target(fw,fw->is);
is               4134 tools/finsig_thumb2.c         printf("sig_match_palette_vars: no match bl 1 0x%"PRIx64"\n",fw->is->insn->address);
is               4138 tools/finsig_thumb2.c     disasm_iter_init(fw,is,fadr);
is               4140 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,3,match_bl)) {
is               4141 tools/finsig_thumb2.c         printf("sig_match_palette_vars: no match bl 2 0x%"PRIx64"\n",is->insn->address);
is               4145 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               4147 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,3,match_ldr_pc)) {
is               4148 tools/finsig_thumb2.c         printf("sig_match_palette_vars: no match ldr pc 0x%"PRIx64"\n",is->insn->address);
is               4152 tools/finsig_thumb2.c     uint32_t pal_base=LDR_PC2val(fw,is->insn);
is               4154 tools/finsig_thumb2.c         printf("sig_match_palette_vars: bad LDR PC 0x%"PRIx64"\n",is->insn->address);
is               4158 tools/finsig_thumb2.c     arm_reg ptr_reg = is->insn->detail->arm.operands[0].reg;
is               4160 tools/finsig_thumb2.c     save_misc_val(rule->name,pal_base,0,(uint32_t)is->insn->address);
is               4165 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               4169 tools/finsig_thumb2.c         if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].mem.base == ptr_reg) {
is               4172 tools/finsig_thumb2.c                         is->insn->detail->arm.operands[1].mem.disp,
is               4173 tools/finsig_thumb2.c                         (uint32_t)is->insn->address);
is               4179 tools/finsig_thumb2.c         printf("sig_match_palette_vars: no match active_palette_buffer 0x%"PRIx64"\n",is->insn->address);
is               4183 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,20,"PTM_RestoreUIProperty_FW")) {
is               4189 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               4193 tools/finsig_thumb2.c         if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].mem.base == ptr_reg) {
is               4196 tools/finsig_thumb2.c                         is->insn->detail->arm.operands[1].mem.disp,
is               4197 tools/finsig_thumb2.c                         (uint32_t)is->insn->address);
is               4201 tools/finsig_thumb2.c     printf("sig_match_palette_vars: no match palette_buffer_ptr 0x%"PRIx64"\n",is->insn->address);
is               4205 tools/finsig_thumb2.c int sig_match_rom_ptr_get(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4207 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4210 tools/finsig_thumb2.c     uint32_t fadr=is->adr;
is               4211 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4215 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               4217 tools/finsig_thumb2.c         printf("sig_match_rom_ptr_get: no match LDR PC 0x%"PRIx64"\n",is->insn->address);
is               4220 tools/finsig_thumb2.c     if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) {
is               4224 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4229 tools/finsig_thumb2.c     if(!insn_match(is->insn,match_bxlr)) {
is               4240 tools/finsig_thumb2.c uint32_t find_call_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4275 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(search_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               4276 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,search_adr+SEARCH_NEAR_REF_RANGE)) {
is               4282 tools/finsig_thumb2.c                 fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i));
is               4283 tools/finsig_thumb2.c                 if(insn_match_any(fw->is->insn,insn_match)) {
is               4287 tools/finsig_thumb2.c                     return iter_state_adr(fw->is);
is               4291 tools/finsig_thumb2.c             if(insn_match_find_nth(fw,is,max_insns,n,insn_match)) {
is               4292 tools/finsig_thumb2.c                 return iter_state_adr(is);
is               4301 tools/finsig_thumb2.c int sig_match_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4305 tools/finsig_thumb2.c         uint32_t call_adr = find_call_near_str(fw,is,rule);
is               4314 tools/finsig_thumb2.c int sig_match_prop_string(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4316 tools/finsig_thumb2.c     uint32_t call_adr = find_call_near_str(fw, is, rule);
is               4322 tools/finsig_thumb2.c     disasm_iter_init(fw,is,call_adr);
is               4323 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               4327 tools/finsig_thumb2.c     if (is_sig_call(fw,is,"GetPropertyCase")) {
is               4338 tools/finsig_thumb2.c     disasm_iter_init(fw,is,call_adr - hl*4);
is               4340 tools/finsig_thumb2.c     while (is->adr < call_adr) {
is               4341 tools/finsig_thumb2.c         if (!disasm_iter(fw,is))
is               4342 tools/finsig_thumb2.c             disasm_iter_init(fw,is,(is->adr | is->thumb)+2);
is               4346 tools/finsig_thumb2.c     if ((get_call_const_args(fw,is,hl,regs)&(1<<myreg))==(1<<myreg)) {
is               4366 tools/finsig_thumb2.c     if(insn_match_any(fw->is->insn,match_mov_r0_imm)) {
is               4369 tools/finsig_thumb2.c     if(isRETx(fw->is->insn)) {
is               4387 tools/finsig_thumb2.c int sig_match_named_last(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4396 tools/finsig_thumb2.c     disasm_iter_init(fw,is,ref_adr);
is               4397 tools/finsig_thumb2.c     if(is_immediate_ret_sub(fw,is)) {
is               4401 tools/finsig_thumb2.c     uint32_t fadr = find_last_call_from_func(fw,is,min,max);
is               4444 tools/finsig_thumb2.c int sig_match_named(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4479 tools/finsig_thumb2.c     disasm_iter_init(fw,is,ref_adr);
is               4481 tools/finsig_thumb2.c     if(is_immediate_ret_sub(fw,is)) {
is               4489 tools/finsig_thumb2.c             if(!disasm_iter(fw,is)) {
is               4490 tools/finsig_thumb2.c                 printf("sig_match_named: disasm failed %s 0x%08x\n",rule->name,(uint32_t)is->insn->address);
is               4494 tools/finsig_thumb2.c         sig_match_named_save_sig(fw,rule->name,iter_state_adr(is),sig_flags);
is               4499 tools/finsig_thumb2.c     if(insn_match_find_nth(fw,is,15 + sig_nth_range*sig_nth,sig_nth,insn_match)) {
is               4500 tools/finsig_thumb2.c         uint32_t adr = B_BL_BLXimm_target(fw,is->insn);
is               4503 tools/finsig_thumb2.c             if(is->insn->id == ARM_INS_BLX) {
is               4505 tools/finsig_thumb2.c                 if(!is->thumb) {
is               4510 tools/finsig_thumb2.c                 adr |= is->thumb;
is               4512 tools/finsig_thumb2.c             disasm_iter_set(fw,is,adr);
is               4513 tools/finsig_thumb2.c             if(disasm_iter(fw,is)) {
is               4515 tools/finsig_thumb2.c                 uint32_t j_adr=get_direct_jump_target(fw,is);
is               4867 tools/finsig_thumb2.c     iter_state_t *is=disasm_iter_new(fw,0);
is               4876 tools/finsig_thumb2.c         rule->match_fn(fw,is,rule);
is               4880 tools/finsig_thumb2.c     disasm_iter_free(is);
is               4897 tools/finsig_thumb2.c     uint32_t b_adr=get_direct_jump_target(fw,fw->is);
is               4909 tools/finsig_thumb2.c int process_reg_eventproc_call(firmware *fw, iter_state_t *is,uint32_t unused) {
is               4912 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,4,regs)&3)==3) {
is               4920 tools/finsig_thumb2.c             printf("eventproc name not string at 0x%"PRIx64"\n",is->insn->address);
is               4927 tools/finsig_thumb2.c         uint64_t adr = is->insn->address;
is               4928 tools/finsig_thumb2.c         uint32_t adr_thumb = is->thumb;
is               4933 tools/finsig_thumb2.c         disasm_iter_init(fw,is,adr_hist_get(&is->ah,10));
is               4936 tools/finsig_thumb2.c             if (!disasm_iter(fw,is)) break;
is               4937 tools/finsig_thumb2.c             if (is->insn->address >= adr) break;
is               4938 tools/finsig_thumb2.c             if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].type == ARM_OP_MEM) {
is               4939 tools/finsig_thumb2.c                 uint32_t u = LDR_PC2val(fw,is->insn);
is               4941 tools/finsig_thumb2.c                     ar = is->insn->detail->arm.operands[0].reg;
is               4949 tools/finsig_thumb2.c             if (!disasm_iter(fw,is)) break;
is               4950 tools/finsig_thumb2.c             if (is->insn->address >= adr) break;
is               4951 tools/finsig_thumb2.c             if (is->insn->id == ARM_INS_ADD && is->insn->detail->arm.operands[1].reg == ar) {
is               4983 tools/finsig_thumb2.c         disasm_iter_init(fw,is,adr | adr_thumb);
is               4984 tools/finsig_thumb2.c         disasm_iter(fw,is);
is               4990 tools/finsig_thumb2.c int process_eventproc_table_call(firmware *fw, iter_state_t *is,uint32_t unused) {
is               4994 tools/finsig_thumb2.c     foundr0 = get_call_const_args(fw,is,4,regs) & 1;
is               4997 tools/finsig_thumb2.c         uint32_t ca = iter_state_adr(is);
is               4998 tools/finsig_thumb2.c         uint32_t sa = adr_hist_get(&is->ah,2);
is               4999 tools/finsig_thumb2.c         uint32_t ta = adr_hist_get(&is->ah,8);
is               5000 tools/finsig_thumb2.c         disasm_iter_set(fw,is,ta);
is               5004 tools/finsig_thumb2.c             disasm_iter(fw,is);
is               5008 tools/finsig_thumb2.c         uint32_t adr2 = get_branch_call_insn_target(fw,fw->is);
is               5009 tools/finsig_thumb2.c         if (fw->is->insn->id == ARM_INS_BLX && adr1 == adr2) {
is               5010 tools/finsig_thumb2.c             foundr0 = get_call_const_args(fw,is,8-2,regs) & 2;
is               5017 tools/finsig_thumb2.c         disasm_iter_init(fw,is,ca);
is               5018 tools/finsig_thumb2.c         disasm_iter(fw,is);
is               5041 tools/finsig_thumb2.c             printf("failed to get *EventProcTable arg 0x%08x at 0x%"PRIx64"\n",regs[0],is->insn->address);
is               5044 tools/finsig_thumb2.c         printf("failed to get *EventProcTable r0 at 0x%"PRIx64"\n",is->insn->address);
is               5049 tools/finsig_thumb2.c int process_createtask_call(firmware *fw, iter_state_t *is,uint32_t unused) {
is               5053 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,10,regs)&9)==9) {
is               5062 tools/finsig_thumb2.c             printf("task name name not string at 0x%"PRIx64"\n",is->insn->address);
is               5065 tools/finsig_thumb2.c         printf("failed to get CreateTask args at 0x%"PRIx64"\n",is->insn->address);
is               5086 tools/finsig_thumb2.c int process_add_ptp_handler_call(firmware *fw, iter_state_t *is,uint32_t unused) {
is               5089 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,8,regs)&3)==3) {
is               5092 tools/finsig_thumb2.c             printf("add_ptp_handler op 0x%08x out of range 0x%"PRIx64"\n",regs[0],is->insn->address);
is               5101 tools/finsig_thumb2.c             fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i));
is               5102 tools/finsig_thumb2.c             cs_insn *insn=fw->is->insn;
is               5118 tools/finsig_thumb2.c             printf("failed to get add_ptp_handler args at 0x%"PRIx64"\n",is->insn->address);
is               5125 tools/finsig_thumb2.c             fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i));
is               5126 tools/finsig_thumb2.c             cs_insn *insn=fw->is->insn;
is               5142 tools/finsig_thumb2.c             printf("failed to get ptp handler table adr at 0x%"PRIx64"\n",is->insn->address);
is               5198 tools/finsig_thumb2.c void find_exception_handlers(firmware *fw, iter_state_t *is)
is               5209 tools/finsig_thumb2.c         disasm_iter_init(fw, is, fw->base + fw->main_offs + 12 + fw->thumb_default);
is               5210 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,4,match_mcr_vbar)) {
is               5214 tools/finsig_thumb2.c         disasm_iter_init(fw, is, adr_hist_get(&is->ah,1));
is               5215 tools/finsig_thumb2.c         disasm_iter(fw, is);
is               5217 tools/finsig_thumb2.c         ex_vec  = LDR_PC2val(fw,is->insn);
is               5225 tools/finsig_thumb2.c     disasm_iter_init(fw, is, ex_vec);
is               5226 tools/finsig_thumb2.c     disasm_iter(fw, is);
is               5239 tools/finsig_thumb2.c     uint32_t addr=LDR_PC2val(fw,is->insn);
is               5240 tools/finsig_thumb2.c     if(!addr && is->insn->id == ARM_INS_B) {
is               5241 tools/finsig_thumb2.c         addr=get_branch_call_insn_target(fw,is);
is               5247 tools/finsig_thumb2.c     disasm_iter_init(fw, is, ADR_SET_THUMB(ex_vec + 4));
is               5250 tools/finsig_thumb2.c         disasm_iter(fw, is);
is               5253 tools/finsig_thumb2.c         addr=LDR_PC2val(fw,is->insn);
is               5286 tools/finsig_thumb2.c     iter_state_t *is=disasm_iter_new(fw,0);
is               5287 tools/finsig_thumb2.c     disasm_iter_init(fw,is,fw->rom_code_search_min_adr | fw->thumb_default); // reset to start of fw
is               5288 tools/finsig_thumb2.c     fw_search_insn(fw,is,search_disasm_calls_multi,0,match_fns,0);
is               5296 tools/finsig_thumb2.c         disasm_iter_init(fw,is,fw->adr_ranges[i].start | fw->thumb_default); // reset to start of range
is               5297 tools/finsig_thumb2.c         fw_search_insn(fw,is,search_disasm_calls_multi,0,match_fns,0);
is               5300 tools/finsig_thumb2.c     find_exception_handlers(fw,is);
is               5302 tools/finsig_thumb2.c     disasm_iter_free(is);
is               6312 tools/finsig_thumb2.c                 if(get_direct_jump_target(fw,fw->is) == sig->val) {
is               6316 tools/finsig_thumb2.c                     if(get_direct_jump_target(fw,fw->is) == ostub2->val) {
is                831 tools/firmware_load_ng.c int get_TBx_PC_info(firmware *fw,iter_state_t *is, tbx_info_t *ti)
is                833 tools/firmware_load_ng.c     if(!(is->insn->id == ARM_INS_TBH || is->insn->id == ARM_INS_TBB) || is->insn->detail->arm.operands[0].mem.base != ARM_REG_PC) {
is                836 tools/firmware_load_ng.c     ti->start=(uint32_t)is->adr; // after current instruction
is                838 tools/firmware_load_ng.c     ti->bytes=(is->insn->id == ARM_INS_TBH)?2:1;
is                847 tools/firmware_load_ng.c     arm_reg i_reg=is->insn->detail->arm.operands[0].mem.index;
is                853 tools/firmware_load_ng.c     if(is->ah.count - 1 < max_backtrack) {
is                854 tools/firmware_load_ng.c         max_backtrack = is->ah.count-1;
is                861 tools/firmware_load_ng.c         fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); // thumb state comes from hist
is                862 tools/firmware_load_ng.c         if(fw->is->insn->id == ARM_INS_B && fw->is->insn->detail->arm.cc == ARM_CC_HS) {
is                867 tools/firmware_load_ng.c         if(found_bhs && fw->is->insn->id == ARM_INS_CMP) {
is                869 tools/firmware_load_ng.c             if(fw->is->insn->detail->arm.operands[0].reg == i_reg 
is                870 tools/firmware_load_ng.c                 || fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM) {
is                871 tools/firmware_load_ng.c                 max_count = fw->is->insn->detail->arm.operands[1].imm;
is                930 tools/firmware_load_ng.c     iter_state_t *is=(iter_state_t *)malloc(sizeof(iter_state_t));
is                933 tools/firmware_load_ng.c     is->insn=cs_malloc(fw->cs_handle_arm);
is                934 tools/firmware_load_ng.c     disasm_iter_init(fw,is,adr);
is                935 tools/firmware_load_ng.c     return is;
is                939 tools/firmware_load_ng.c void disasm_iter_free(iter_state_t *is)
is                941 tools/firmware_load_ng.c     cs_free(is->insn,1);
is                942 tools/firmware_load_ng.c     free(is);
is                948 tools/firmware_load_ng.c int disasm_iter_set(firmware *fw, iter_state_t *is, uint32_t adr)
is                952 tools/firmware_load_ng.c         is->cs_handle=fw->cs_handle_thumb;
is                953 tools/firmware_load_ng.c         is->thumb=1;
is                954 tools/firmware_load_ng.c         is->insn_min_size=2;
is                957 tools/firmware_load_ng.c         is->cs_handle=fw->cs_handle_arm;
is                958 tools/firmware_load_ng.c         is->thumb=0;
is                959 tools/firmware_load_ng.c         is->insn_min_size=4;
is                962 tools/firmware_load_ng.c             is->code=NULL;
is                963 tools/firmware_load_ng.c             is->size=0;
is                964 tools/firmware_load_ng.c             is->adr=0;
is                972 tools/firmware_load_ng.c         is->code=NULL; // make first iter fail
is                973 tools/firmware_load_ng.c         is->size=0;
is                974 tools/firmware_load_ng.c         is->adr=0;
is                978 tools/firmware_load_ng.c     is->code=p;
is                979 tools/firmware_load_ng.c     is->size=fw->size8 - (p-fw->buf8);
is                980 tools/firmware_load_ng.c     is->adr=adr;
is                985 tools/firmware_load_ng.c int disasm_iter_init(firmware *fw, iter_state_t *is, uint32_t adr)
is                987 tools/firmware_load_ng.c     adr_hist_reset(&is->ah);
is                988 tools/firmware_load_ng.c     return disasm_iter_set(fw,is,adr);
is                994 tools/firmware_load_ng.c int disasm_iter(firmware *fw, iter_state_t *is)
is                997 tools/firmware_load_ng.c     if(!is->code) {
is               1000 tools/firmware_load_ng.c     adr_hist_add(&is->ah,(uint32_t)is->adr | is->thumb); // record thumb state to allow backtracking through state changes
is               1001 tools/firmware_load_ng.c     return cs_disasm_iter(is->cs_handle, &is->code, &is->size, &is->adr, is->insn);
is               1008 tools/firmware_load_ng.c int disasm_iter_redo(firmware *fw,iter_state_t *is) {
is               1009 tools/firmware_load_ng.c     if(!is->code || !is->ah.count) {
is               1012 tools/firmware_load_ng.c     is->code -= is->insn->size;
is               1013 tools/firmware_load_ng.c     is->adr -= is->insn->size;
is               1014 tools/firmware_load_ng.c     is->size += is->insn->size;
is               1016 tools/firmware_load_ng.c     return cs_disasm_iter(is->cs_handle, &is->code, &is->size, &is->adr, is->insn);
is               1027 tools/firmware_load_ng.c     return disasm_iter_init(fw,fw->is,adr);
is               1033 tools/firmware_load_ng.c     return disasm_iter(fw,fw->is);
is               1072 tools/firmware_load_ng.c uint32_t fw_search_insn(firmware *fw, iter_state_t *is, search_insn_fn f, uint32_t v1, void *udata, uint32_t adr_end)
is               1074 tools/firmware_load_ng.c     uint32_t adr_start=is->adr;
is               1086 tools/firmware_load_ng.c             adr_end=r_start->start + r_start->bytes - is->insn_min_size;
is               1107 tools/firmware_load_ng.c             if(disasm_iter(fw,is)) {
is               1108 tools/firmware_load_ng.c                 uint32_t r=f(fw,is,v1,udata);
is               1112 tools/firmware_load_ng.c                 adr=(uint32_t)is->adr; // adr was updated by iter or called sub
is               1116 tools/firmware_load_ng.c                 adr=adr+is->insn_min_size;
is               1117 tools/firmware_load_ng.c                 if(!disasm_iter_init(fw,is,adr|is->thumb)) {
is               1138 tools/firmware_load_ng.c             if(!disasm_iter_init(fw,is,(uint32_t)adr)) {
is               1145 tools/firmware_load_ng.c             if(disasm_iter(fw,is)) {
is               1146 tools/firmware_load_ng.c                 uint32_t r=f(fw,is,v1,udata);
is               1150 tools/firmware_load_ng.c                 adr=(uint32_t)is->adr; // adr was updated by iter or called sub
is               1154 tools/firmware_load_ng.c                 adr=adr+is->insn_min_size;
is               1155 tools/firmware_load_ng.c                 if(!disasm_iter_init(fw,is,adr|is->thumb)) {
is               1170 tools/firmware_load_ng.c uint32_t search_disasm_const_ref(firmware *fw, iter_state_t *is, uint32_t val, void *unused)
is               1173 tools/firmware_load_ng.c     uint32_t av=ADRx2adr(fw,is->insn);
is               1177 tools/firmware_load_ng.c             return (uint32_t)is->insn->address;
is               1181 tools/firmware_load_ng.c     uint32_t *pv=LDR_PC2valptr(fw,is->insn);
is               1185 tools/firmware_load_ng.c             return (uint32_t)is->insn->address;
is               1192 tools/firmware_load_ng.c uint32_t search_disasm_str_ref(firmware *fw, iter_state_t *is, uint32_t val, void *udata)
is               1196 tools/firmware_load_ng.c     uint32_t av=ADRx2adr(fw,is->insn);
is               1201 tools/firmware_load_ng.c             return (uint32_t)is->insn->address;
is               1205 tools/firmware_load_ng.c     uint32_t *pv=LDR_PC2valptr(fw,is->insn);
is               1210 tools/firmware_load_ng.c             return (uint32_t)is->insn->address;
is               1219 tools/firmware_load_ng.c uint32_t search_disasm_calls(firmware *fw, iter_state_t *is, uint32_t val, void *unused)
is               1222 tools/firmware_load_ng.c     uint32_t sub=get_branch_call_insn_target(fw,is);
is               1232 tools/firmware_load_ng.c int search_calls_multi_end(firmware *fw, iter_state_t *is, uint32_t adr) {
is               1240 tools/firmware_load_ng.c uint32_t search_disasm_calls_multi(firmware *fw, iter_state_t *is, uint32_t unused, void *userdata)
is               1243 tools/firmware_load_ng.c     uint32_t sub=get_branch_call_insn_target(fw,is);
is               1247 tools/firmware_load_ng.c                 return data->fn(fw,is,sub);
is               1307 tools/firmware_load_ng.c         arm_insn insn_id = fw->is->insn->id;
is               1313 tools/firmware_load_ng.c              && fw->is->insn->detail->arm.cc == ARM_CC_AL) {
is               1319 tools/firmware_load_ng.c         if(fw->is->insn->detail->arm.operands[0].type != ARM_OP_REG) {
is               1322 tools/firmware_load_ng.c         arm_reg rd = fw->is->insn->detail->arm.operands[0].reg;
is               1337 tools/firmware_load_ng.c             uint32_t *pv=LDR_PC2valptr(fw,fw->is->insn);
is               1344 tools/firmware_load_ng.c             uint32_t v=ADRx2adr(fw,fw->is->insn); // assumes ADR doesn't generate 0, probably safe
is               1353 tools/firmware_load_ng.c                 && fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM) {
is               1354 tools/firmware_load_ng.c                 res[rd_i] += fw->is->insn->detail->arm.operands[1].imm;
is               1357 tools/firmware_load_ng.c             } else if(isADDx_imm(fw->is->insn)) {
is               1358 tools/firmware_load_ng.c                 res[rd_i] += fw->is->insn->detail->arm.operands[1].imm;
is               1363 tools/firmware_load_ng.c             } else if(isSUBx_imm(fw->is->insn)) {
is               1364 tools/firmware_load_ng.c                 res[rd_i] = (int)(res[rd_i]) - fw->is->insn->detail->arm.operands[1].imm;
is               1409 tools/firmware_load_ng.c             fprintf(stderr,"get_direct_jump_target: disasm single failed at 0x%"PRIx64"\n",fw->is->insn->address);
is               1413 tools/firmware_load_ng.c         if(!(fw->is->insn->id == ARM_INS_MOVT
is               1414 tools/firmware_load_ng.c             && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_IP
is               1415 tools/firmware_load_ng.c             && fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM)) {
is               1421 tools/firmware_load_ng.c         adr = (fw->is->insn->detail->arm.operands[1].imm << 16) | (adr&0xFFFF);
is               1423 tools/firmware_load_ng.c             fprintf(stderr,"get_direct_jump_target: disasm 2 failed at 0x%"PRIx64"\n",fw->is->insn->address);
is               1427 tools/firmware_load_ng.c         if(fw->is->insn->id == ARM_INS_BX
is               1428 tools/firmware_load_ng.c             && fw->is->insn->detail->arm.operands[0].type == ARM_OP_REG
is               1429 tools/firmware_load_ng.c             && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_IP) {
is               1441 tools/firmware_load_ng.c uint32_t get_branch_call_insn_target(firmware *fw, iter_state_t *is)
is               1443 tools/firmware_load_ng.c     uint32_t adr=B_BL_target(fw,is->insn);
is               1445 tools/firmware_load_ng.c         return (adr | is->thumb);
is               1448 tools/firmware_load_ng.c     if(is->thumb) {
is               1449 tools/firmware_load_ng.c         adr=CBx_target(fw,is->insn);
is               1455 tools/firmware_load_ng.c     adr=BLXimm_target(fw,is->insn);
is               1457 tools/firmware_load_ng.c         if(is->thumb) {
is               1460 tools/firmware_load_ng.c             return adr | is->thumb;
is               1464 tools/firmware_load_ng.c     adr=LDR_PC_PC_target(fw,is->insn);
is               1488 tools/firmware_load_ng.c                             iter_state_t *is,
is               1495 tools/firmware_load_ng.c     if(!insn_match_find_next(fw,is,max_search_insns,match_ldr_pc)) {
is               1501 tools/firmware_load_ng.c     r.reg_base=is->insn->detail->arm.operands[0].reg;
is               1502 tools/firmware_load_ng.c     r.adr_base=LDR_PC2val(fw,is->insn);
is               1507 tools/firmware_load_ng.c         if(!disasm_iter(fw,is)) {
is               1513 tools/firmware_load_ng.c         if(isLDR_PC(is->insn)) {
is               1519 tools/firmware_load_ng.c         if(isADDx_imm(is->insn) || isSUBx_imm(is->insn)) {
is               1520 tools/firmware_load_ng.c             if(is->insn->detail->arm.operands[0].reg != r.reg_base) {
is               1523 tools/firmware_load_ng.c             if(isADDx_imm(is->insn)) {
is               1524 tools/firmware_load_ng.c                 r.adj=is->insn->detail->arm.operands[1].imm;
is               1526 tools/firmware_load_ng.c                 r.adj=-is->insn->detail->arm.operands[1].imm;
is               1528 tools/firmware_load_ng.c             if(!disasm_iter(fw,is)) {
is               1540 tools/firmware_load_ng.c                 && (is->insn->id == ARM_INS_BL || is->insn->id == ARM_INS_BLX 
is               1541 tools/firmware_load_ng.c                     || is->insn->id == ARM_INS_B || is->insn->id == ARM_INS_BX)
is               1542 tools/firmware_load_ng.c                 && is->insn->detail->arm.cc == ARM_CC_AL) {
is               1546 tools/firmware_load_ng.c         if(is->insn->id != ARM_INS_LDR || is->insn->detail->arm.operands[1].reg != r.reg_base) {
is               1549 tools/firmware_load_ng.c             if(is->insn->detail->arm.operands[0].type == ARM_OP_REG && is->insn->detail->arm.operands[0].reg == r.reg_base) {
is               1555 tools/firmware_load_ng.c         r.reg_val = is->insn->detail->arm.operands[0].reg;
is               1559 tools/firmware_load_ng.c         r.off = is->insn->detail->arm.operands[1].mem.disp;
is               1606 tools/firmware_load_ng.c         if(insn_match_any(fw->is->insn,match_mov_r0_imm)) {
is               1607 tools/firmware_load_ng.c             found_val = fw->is->insn->detail->arm.operands[1].imm; 
is               1616 tools/firmware_load_ng.c     if(!isRETx(fw->is->insn)) {
is               1641 tools/firmware_load_ng.c uint32_t find_last_call_from_func(firmware *fw, iter_state_t *is,int min_insns, int max_insns)
is               1647 tools/firmware_load_ng.c         if(!disasm_iter(fw,is)) {
is               1648 tools/firmware_load_ng.c             fprintf(stderr,"find_last_call_from_func: disasm failed 0x%"PRIx64"\n",is->adr);
is               1652 tools/firmware_load_ng.c         if(isPUSH_LR(is->insn)) {
is               1667 tools/firmware_load_ng.c         if(insn_match_any(is->insn,match_bl_blximm) && count >= min_insns) {
is               1669 tools/firmware_load_ng.c             last_adr=get_branch_call_insn_target(fw,is);
is               1673 tools/firmware_load_ng.c         if(isPOP_PC(is->insn)) {
is               1682 tools/firmware_load_ng.c         if(isPOP_LR(is->insn)) {
is               1688 tools/firmware_load_ng.c             if(!disasm_iter(fw,is)) {
is               1689 tools/firmware_load_ng.c                 fprintf(stderr,"find_last_call_from_func: disasm failed 0x%"PRIx64"\n",is->adr);
is               1692 tools/firmware_load_ng.c             if(is->insn->id == ARM_INS_B && is->insn->detail->arm.cc == ARM_CC_AL) {
is               1693 tools/firmware_load_ng.c                 return get_branch_call_insn_target(fw,is);
is               1700 tools/firmware_load_ng.c         if(isRETx(is->insn)) {
is               1750 tools/firmware_load_ng.c int insn_match_seq(firmware *fw, iter_state_t *is, const insn_match_t *match)
is               1753 tools/firmware_load_ng.c     while(match->id != ARM_INS_ENDING && disasm_iter(fw,is) && insn_match(is->insn,match)) {
is               1848 tools/firmware_load_ng.c int insn_match_find_next(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match)
is               1853 tools/firmware_load_ng.c         if(!disasm_iter(fw,is)) {
is               1857 tools/firmware_load_ng.c         if(insn_match_any(is->insn,match)) {
is               1867 tools/firmware_load_ng.c int insn_match_find_nth(firmware *fw, iter_state_t *is, int max_insns, int num_to_match, const insn_match_t *match)
is               1873 tools/firmware_load_ng.c         if(!disasm_iter(fw,is)) {
is               1881 tools/firmware_load_ng.c             if(insn_match(is->insn,m)) {
is               1895 tools/firmware_load_ng.c int insn_match_find_next_seq(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match)
is               1901 tools/firmware_load_ng.c         while(m->id != ARM_INS_ENDING && disasm_iter(fw,is) && insn_match(is->insn,m)) {
is               2171 tools/firmware_load_ng.c     fw->is=disasm_iter_new(fw,0);
is               2185 tools/firmware_load_ng.c                          iter_state_t *is,
is               2199 tools/firmware_load_ng.c     while(disasm_iter(fw,is) && count < max_search) {
is               2200 tools/firmware_load_ng.c         uint32_t *pv=LDR_PC2valptr(fw,is->insn);
is               2235 tools/firmware_load_ng.c void find_exception_vec(firmware *fw, iter_state_t *is)
is               2251 tools/firmware_load_ng.c     disasm_iter_init(fw, is, fw->base + fw->main_offs + 12 + fw->thumb_default);
is               2252 tools/firmware_load_ng.c     if(!insn_match_find_next(fw,is,4,match_bl_mcr)) {
is               2257 tools/firmware_load_ng.c     uint32_t faddr = get_branch_call_insn_target(fw,is);
is               2260 tools/firmware_load_ng.c         disasm_iter_init(fw, is, faddr);
is               2261 tools/firmware_load_ng.c         disasm_iter(fw, is);
is               2264 tools/firmware_load_ng.c         if(!IS_INSN_ID_MOVx(is->insn->id) || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) {
is               2267 tools/firmware_load_ng.c         ra = is->insn->detail->arm.operands[0].reg;
is               2268 tools/firmware_load_ng.c         va = is->insn->detail->arm.operands[1].imm;
is               2269 tools/firmware_load_ng.c         disasm_iter(fw, is);
is               2270 tools/firmware_load_ng.c         if(is->insn->id != ARM_INS_MOVT 
is               2271 tools/firmware_load_ng.c             || is->insn->detail->arm.operands[0].reg != ra
is               2272 tools/firmware_load_ng.c             || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) {
is               2275 tools/firmware_load_ng.c         va = (is->insn->detail->arm.operands[1].imm << 16) | (va & 0xFFFF);
is               2281 tools/firmware_load_ng.c         disasm_iter(fw, is);
is               2282 tools/firmware_load_ng.c         if(!IS_INSN_ID_MOVx(is->insn->id) || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) {
is               2285 tools/firmware_load_ng.c         rb = is->insn->detail->arm.operands[0].reg;
is               2286 tools/firmware_load_ng.c         vb = is->insn->detail->arm.operands[1].imm;
is               2287 tools/firmware_load_ng.c         disasm_iter(fw, is);
is               2288 tools/firmware_load_ng.c         if(is->insn->id != ARM_INS_MOVT 
is               2289 tools/firmware_load_ng.c             || is->insn->detail->arm.operands[0].reg != rb
is               2290 tools/firmware_load_ng.c             || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) {
is               2293 tools/firmware_load_ng.c         vb = (is->insn->detail->arm.operands[1].imm << 16) | (vb & 0xFFFF);
is               2304 tools/firmware_load_ng.c     } else if(is->insn->id == ARM_INS_MCR) {
is               2308 tools/firmware_load_ng.c         disasm_iter_init(fw, is, adr_hist_get(&is->ah,1));
is               2309 tools/firmware_load_ng.c         disasm_iter(fw, is);
is               2323 tools/firmware_load_ng.c     iter_state_t *is=disasm_iter_new(fw, fw->base + fw->main_offs + 12 + fw->thumb_default);
is               2336 tools/firmware_load_ng.c     while(find_startup_copy(fw,is,max_search,&src_start,&dst_start,&dst_end)) {
is               2355 tools/firmware_load_ng.c             data_found_copy=is->adr;
is               2405 tools/firmware_load_ng.c         disasm_iter_init(fw,is,(data_found_copy-4) | fw->thumb_default);
is               2406 tools/firmware_load_ng.c         while(disasm_iter(fw,is) && count < 20) {
is               2407 tools/firmware_load_ng.c             uint32_t *pv=LDR_PC2valptr(fw,is->insn);
is               2435 tools/firmware_load_ng.c     find_exception_vec(fw,is);
is               2448 tools/firmware_load_ng.c     disasm_iter_free(is);
is               2457 tools/firmware_load_ng.c     if(fw->is) {
is               2458 tools/firmware_load_ng.c         disasm_iter_free(fw->is);
is                128 tools/firmware_load_ng.h     iter_state_t* is;
is                343 tools/firmware_load_ng.h int get_TBx_PC_info(firmware *fw,iter_state_t *is, tbx_info_t *ti);
is                350 tools/firmware_load_ng.h void disasm_iter_free(iter_state_t *is);
is                354 tools/firmware_load_ng.h int disasm_iter_set(firmware *fw, iter_state_t *is, uint32_t adr);
is                358 tools/firmware_load_ng.h int disasm_iter_init(firmware *fw, iter_state_t *is, uint32_t adr);
is                365 tools/firmware_load_ng.h int disasm_iter(firmware *fw, iter_state_t *is);
is                400 tools/firmware_load_ng.h typedef uint32_t (*search_insn_fn)(firmware *fw, iter_state_t *is, uint32_t v1, void *udata);
is                411 tools/firmware_load_ng.h uint32_t fw_search_insn(firmware *fw, iter_state_t *is, search_insn_fn f,uint32_t v1, void *udata, uint32_t adr_end);
is                415 tools/firmware_load_ng.h uint32_t search_disasm_const_ref(firmware *fw, iter_state_t *is, uint32_t val, void *unused);
is                418 tools/firmware_load_ng.h uint32_t search_disasm_str_ref(firmware *fw, iter_state_t *is, uint32_t val, void *str);
is                423 tools/firmware_load_ng.h uint32_t search_disasm_calls(firmware *fw, iter_state_t *is, uint32_t val, void *unused);
is                427 tools/firmware_load_ng.h typedef int (*search_calls_multi_fn)(firmware *fw, iter_state_t *is, uint32_t adr);
is                437 tools/firmware_load_ng.h int search_calls_multi_end(firmware *fw, iter_state_t *is, uint32_t adr);
is                442 tools/firmware_load_ng.h uint32_t search_disasm_calls_multi(firmware *fw, iter_state_t *is, uint32_t unused, void *userdata);
is                475 tools/firmware_load_ng.h uint32_t get_branch_call_insn_target(firmware *fw, iter_state_t *is);
is                504 tools/firmware_load_ng.h                             iter_state_t *is,
is                539 tools/firmware_load_ng.h uint32_t find_last_call_from_func(firmware *fw, iter_state_t *is,int min_insns, int max_insns);
is                615 tools/firmware_load_ng.h int insn_match_find_next(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match);
is                618 tools/firmware_load_ng.h int insn_match_find_nth(firmware *fw, iter_state_t *is, int max_insns, int num_to_match, const insn_match_t *match);
is                621 tools/firmware_load_ng.h int insn_match_seq(firmware *fw, iter_state_t *is, const insn_match_t *match);
is                624 tools/firmware_load_ng.h int insn_match_find_next_seq(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match);
is                653 tools/firmware_load_ng.h #define iter_state_adr(is) ((uint32_t)is->insn->address | is->thumb)