insn 245 tools/capdis.c static void describe_insn_ops(csh handle, cs_insn *insn) { insn 246 tools/capdis.c printf("%s OPERANDS %d:\n",comment_start,insn->detail->arm.op_count); insn 248 tools/capdis.c for(i=0;i<insn->detail->arm.op_count;i++) { insn 249 tools/capdis.c printf("%s %d: %s",comment_start,i,arm_op_type_name(insn->detail->arm.operands[i].type)); insn 250 tools/capdis.c switch(insn->detail->arm.operands[i].type) { insn 254 tools/capdis.c printf("=0x%x",insn->detail->arm.operands[i].imm); insn 257 tools/capdis.c const char *reg=cs_reg_name(handle,insn->detail->arm.operands[i].mem.base); insn 261 tools/capdis.c reg=cs_reg_name(handle,insn->detail->arm.operands[i].mem.index); insn 265 tools/capdis.c if(insn->detail->arm.operands[i].mem.disp) { insn 267 tools/capdis.c insn->detail->arm.operands[i].mem.scale, insn 268 tools/capdis.c insn->detail->arm.operands[i].mem.disp); insn 273 tools/capdis.c printf(" %s",cs_reg_name(handle,insn->detail->arm.operands[i].reg)); insn 281 tools/capdis.c static void describe_insn_groups(csh handle, cs_insn *insn) { insn 283 tools/capdis.c printf("%s GROUPS %d:",comment_start,insn->detail->groups_count); insn 284 tools/capdis.c for(i=0;i<insn->detail->groups_count;i++) { insn 288 tools/capdis.c printf("%s",cs_group_name(handle,insn->detail->groups[i])); insn 460 tools/capdis.c uint32_t target = B_target(fw,is->insn); insn 463 tools/capdis.c target = CBx_target(fw,is->insn); insn 467 tools/capdis.c sprintf(op_pfx,"%s, ",cs_reg_name(is->cs_handle,is->insn->detail->arm.operands[0].reg)); insn 517 tools/capdis.c if(!((is->insn->id == ARM_INS_BL || is->insn->id == ARM_INS_BLX) insn 518 tools/capdis.c && is->insn->detail->arm.operands[0].type == ARM_OP_IMM)) { insn 577 tools/capdis.c cs_insn *insn=is->insn; insn 580 tools/capdis.c strcpy(mnem,insn->mnemonic); insn 581 tools/capdis.c strcpy(ops,insn->op_str); insn 590 tools/capdis.c if((dis_opts & (DIS_OPT_CONSTS|DIS_OPT_DETAIL_CONST)) && isLDR_PC(insn)) { insn 592 tools/capdis.c uint32_t ad=LDR_PC2adr(fw,insn); insn 598 tools/capdis.c cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), insn 602 tools/capdis.c sprintf(comment,"[pc, #%d] (0x%08x)",insn->detail->arm.operands[1].mem.disp,ad); insn 612 tools/capdis.c } else if((dis_opts & (DIS_OPT_CONSTS|DIS_OPT_DETAIL_CONST)) && isADRx(insn)) { insn 613 tools/capdis.c unsigned ad=ADRx2adr(fw,insn); insn 619 tools/capdis.c cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), insn 623 tools/capdis.c if(insn->id == ARM_INS_ADR) { insn 625 tools/capdis.c cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), insn 626 tools/capdis.c insn->detail->arm.operands[1].imm, insn 630 tools/capdis.c insn->mnemonic, insn 631 tools/capdis.c cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), insn 632 tools/capdis.c insn->detail->arm.operands[2].imm, insn 637 tools/capdis.c if(insn->id == ARM_INS_ADR) { insn 641 tools/capdis.c cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), insn 642 tools/capdis.c insn->detail->arm.operands[1].imm); insn 657 tools/capdis.c insn->detail->arm.operands[0].mem.index - ARM_REG_R0, insn 666 tools/capdis.c uint32_t adr=is->insn->address; insn 888 tools/capdis.c printf(" 0x%"PRIx64"",is->insn->address); insn 892 tools/capdis.c for(k=0;k<is->insn->size;k++) { insn 893 tools/capdis.c printf(" %02x",is->insn->bytes[k]); insn 899 tools/capdis.c describe_insn_ops(is->cs_handle,is->insn); insn 902 tools/capdis.c describe_insn_groups(is->cs_handle,is->insn); insn 921 tools/capdis.c printf("%08"PRIx64": \t",is->insn->address); insn 924 tools/capdis.c if(is->insn->size == 2) { insn 925 tools/capdis.c printf("%02x%02x ",is->insn->bytes[1],is->insn->bytes[0]); insn 926 tools/capdis.c } else if(is->insn->size == 4) { insn 927 tools/capdis.c printf("%02x%02x %02x%02x",is->insn->bytes[1],is->insn->bytes[0],is->insn->bytes[3],is->insn->bytes[2]); insn 953 tools/capdis.c if((dis_opts & DIS_OPT_END_RET) && isRETx(is->insn)) { // end disassembly on return insn 937 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg == ARM_REG_R0) { insn 971 tools/finsig_thumb2.c reg_evp=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm); insn 994 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) { insn 1000 tools/finsig_thumb2.c reg_evp_alt1=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm); insn 1024 tools/finsig_thumb2.c reg_evp_tbl=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm); insn 1048 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) { insn 1058 tools/finsig_thumb2.c reg_evp_alt2=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm); insn 1061 tools/finsig_thumb2.c printf("RegisterEventProcedure_alt2 == _alt1 at %"PRIx64"\n",is->insn->address); insn 1091 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) { insn 1129 tools/finsig_thumb2.c uint32_t tbl=LDR_PC2val(fw,is->insn); insn 1156 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_B) { insn 1191 tools/finsig_thumb2.c if (B_target(fw,is->insn)) insn 1308 tools/finsig_thumb2.c uint32_t f1=LDR_PC2val(fw,is->insn); insn 1347 tools/finsig_thumb2.c uint32_t base=LDR_PC2val(fw,is->insn); insn 1348 tools/finsig_thumb2.c uint32_t reg=is->insn->detail->arm.operands[0].reg; insn 1356 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[1].mem.base != reg) { insn 1360 tools/finsig_thumb2.c uint32_t off=is->insn->detail->arm.operands[1].mem.disp; insn 1362 tools/finsig_thumb2.c save_misc_val("imager_active",base,off,(uint32_t)is->insn->address); insn 1395 tools/finsig_thumb2.c printf("sig_match_screenlock_helper: match 2 failed 0x%"PRIx64"\n",is->insn->address); insn 1400 tools/finsig_thumb2.c uint32_t adr = LDR_PC2val(fw,is->insn); insn 1402 tools/finsig_thumb2.c printf("sig_match_screenlock_helper: no match LDR PC 0x%"PRIx64"\n",is->insn->address); insn 1487 tools/finsig_thumb2.c physw_run=LDR_PC2val(fw,is->insn); insn 1490 tools/finsig_thumb2.c save_misc_val("physw_run",physw_run,0,(uint32_t)is->insn->address); insn 1531 tools/finsig_thumb2.c if(is->insn->id != ARM_INS_LDR insn 1532 tools/finsig_thumb2.c || is->insn->detail->arm.operands[0].reg != ARM_REG_R0) { insn 1535 tools/finsig_thumb2.c save_misc_val("physw_sleep_delay",physw_run,is->insn->detail->arm.operands[1].mem.disp,(uint32_t)is->insn->address); insn 1570 tools/finsig_thumb2.c uint32_t physw_status=LDR_PC2val(fw,is->insn); insn 1572 tools/finsig_thumb2.c save_misc_val("physw_status",physw_status,0,(uint32_t)is->insn->address); insn 1573 tools/finsig_thumb2.c save_sig(fw,"kbd_p1_f_cont",(uint32_t)(is->insn->address) | is->thumb); insn 1698 tools/finsig_thumb2.c cs_insn *insn=fw->is->insn; insn 1699 tools/finsig_thumb2.c if(insn->id != ARM_INS_LDR) { insn 1703 tools/finsig_thumb2.c && insn->detail->arm.operands[0].reg == ARM_REG_R0 insn 1704 tools/finsig_thumb2.c && insn->detail->arm.operands[1].mem.base != ARM_REG_PC) { insn 1705 tools/finsig_thumb2.c ptr_reg = insn->detail->arm.operands[1].mem.base; insn 1708 tools/finsig_thumb2.c if(ptr_reg == ARM_REG_INVALID || !isLDR_PC(insn) || (arm_reg)insn->detail->arm.operands[0].reg != ptr_reg) { insn 1711 tools/finsig_thumb2.c sem_adr=LDR_PC2val(fw,insn); insn 1719 tools/finsig_thumb2.c save_misc_val("fileio_semaphore",sem_adr,0,(uint32_t)is->insn->address); insn 1749 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_bl_blximm)){ insn 1779 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg == ARM_REG_R0) { insn 1889 tools/finsig_thumb2.c if(!insn_match_any(fw->is->insn,match_mov_r1)){ insn 1964 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_bl_blximm)) { insn 1967 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_cbnz_r0)) { insn 1975 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_bl_blximm)) { insn 1978 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_cbz_r0)) { insn 2107 tools/finsig_thumb2.c if(!insn_match(is->insn,match_mov_r3_imm)){ insn 2134 tools/finsig_thumb2.c if(fw->is->insn->id == ARM_INS_PUSH && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0) { insn 2136 tools/finsig_thumb2.c uint32_t adr=(uint32_t)(fw->is->insn->address) | is->thumb; insn 2158 tools/finsig_thumb2.c if (B_target(fw,is->insn) && (is->insn->detail->arm.cc == ARM_CC_NE)) { insn 2161 tools/finsig_thumb2.c if (B_target(fw,is->insn) && (is->insn->detail->arm.cc == ARM_CC_NE)) { insn 2209 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[2].mem.base == ARM_REG_SP) { insn 2341 tools/finsig_thumb2.c if (B_target(fw, is->insn)) insn 2519 tools/finsig_thumb2.c if (!CBx_target(fw,is->insn)) insn 2870 tools/finsig_thumb2.c printf("sig_match_wait_all_eventflag_strict: no match bl 0x%"PRIx64"\n",is->insn->address); insn 2889 tools/finsig_thumb2.c printf("sig_match_get_num_posted_messages: no match bl 0x%"PRIx64"\n",is->insn->address); insn 2953 tools/finsig_thumb2.c printf("sig_match_transfer_src_overlay: no match bl 0x%"PRIx64"\n",is->insn->address); insn 2960 tools/finsig_thumb2.c save_misc_val("active_bitmap_buffer",desc.adr_adj,desc.off,(uint32_t)is->insn->address); insn 2971 tools/finsig_thumb2.c if((arm_reg)is->insn->detail->arm.operands[1].reg == desc.reg_base) { insn 2972 tools/finsig_thumb2.c save_misc_val("bitmap_buffer",desc.adr_adj,is->insn->detail->arm.operands[2].imm,(uint32_t)is->insn->address); insn 3001 tools/finsig_thumb2.c adr[0]=LDR_PC2val(fw,is->insn); insn 3002 tools/finsig_thumb2.c fnd[0]=(uint32_t)is->insn->address; insn 3007 tools/finsig_thumb2.c adr[1]=LDR_PC2val(fw,is->insn); insn 3008 tools/finsig_thumb2.c fnd[1]=(uint32_t)is->insn->address; insn 3060 tools/finsig_thumb2.c if (!(isLDR_PC(fw->is->insn) && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0)) { insn 3065 tools/finsig_thumb2.c uint32_t adr=(uint32_t)(fw->is->insn->address) | is->thumb; insn 3071 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_PUSH && is->insn->detail->arm.operands[0].reg == ARM_REG_R4) { insn 3100 tools/finsig_thumb2.c if (fw->is->insn->id == ARM_INS_PUSH && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R4) { insn 3105 tools/finsig_thumb2.c if (isLDR_PC(fw->is->insn) && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0) { insn 3106 tools/finsig_thumb2.c return save_sig_with_j(fw,rule->name,(uint32_t)(fw->is->insn->address) | is->thumb); insn 3172 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].type == ARM_OP_MEM) { insn 3173 tools/finsig_thumb2.c uint32_t u = LDR_PC2val(fw,is->insn); insn 3182 tools/finsig_thumb2.c else if (is->insn->id == ARM_INS_BL) { insn 3215 tools/finsig_thumb2.c else if (is->insn->id == ARM_INS_POP) { insn 3254 tools/finsig_thumb2.c if(is->insn->id == ARM_INS_PUSH) { insn 3301 tools/finsig_thumb2.c save_misc_val("omar_init_data",dadr,0,(uint32_t)is->insn->address); insn 3343 tools/finsig_thumb2.c printf("sig_match_enable_hdmi_power: no match bl seq cbnz 0x%"PRIx64"\n",is->insn->address); insn 3373 tools/finsig_thumb2.c printf("sig_match_disable_hdmi_power: no match seq bl movs pop 0x%"PRIx64"\n",is->insn->address); insn 3407 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); insn 3414 tools/finsig_thumb2.c printf("sig_match_levent_table: 0x%08x not a ROM adr 0x%"PRIx64"\n",adr,is->insn->address); insn 3418 tools/finsig_thumb2.c printf("sig_match_levent_table: expected 0x800 not 0x%x at 0x%08x ref 0x%"PRIx64"\n",*(p+1),adr,is->insn->address); insn 3422 tools/finsig_thumb2.c save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address); insn 3473 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); insn 3478 tools/finsig_thumb2.c save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address); insn 3514 tools/finsig_thumb2.c save_misc_val(rule->name,regs[0],0,(uint32_t)is->insn->address); insn 3553 tools/finsig_thumb2.c save_misc_val(rule->name,is->insn->detail->arm.operands[2].imm,0,(uint32_t)is->insn->address); insn 3569 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); insn 3571 tools/finsig_thumb2.c printf("sig_match_physw_event_table: no match LDR PC 0x%"PRIx64"\n",is->insn->address); insn 3575 tools/finsig_thumb2.c printf("sig_match_physw_event_table: adr not ROM 0x%08x at 0x%"PRIx64"\n",adr,is->insn->address); insn 3578 tools/finsig_thumb2.c save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address); insn 3603 tools/finsig_thumb2.c save_misc_val(rule->name,is->insn->detail->arm.operands[1].imm,0,(uint32_t)is->insn->address); insn 3635 tools/finsig_thumb2.c if(insn_match_any(is->insn,match_mov_r0_1)) { insn 3641 tools/finsig_thumb2.c if(!insn_match_any(is->insn,match_bl_blximm)) { insn 3714 tools/finsig_thumb2.c uint32_t base=LDR_PC2val(fw,is->insn); insn 3715 tools/finsig_thumb2.c arm_reg rb=is->insn->detail->arm.operands[0].reg; insn 3727 tools/finsig_thumb2.c if(is->insn->id != ARM_INS_LDR insn 3728 tools/finsig_thumb2.c || is->insn->detail->arm.operands[0].reg != ARM_REG_R0 insn 3729 tools/finsig_thumb2.c || is->insn->detail->arm.operands[1].mem.base != rb) { insn 3733 tools/finsig_thumb2.c save_misc_val(rule->name,base,is->insn->detail->arm.operands[1].mem.disp,(uint32_t)is->insn->address); insn 3759 tools/finsig_thumb2.c uint32_t base=LDR_PC2val(fw,is->insn); insn 3760 tools/finsig_thumb2.c arm_reg rb=is->insn->detail->arm.operands[0].reg; insn 3780 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[1].mem.base != rb) { insn 3784 tools/finsig_thumb2.c save_misc_val(rule->name,base,is->insn->detail->arm.operands[1].mem.disp,(uint32_t)is->insn->address); insn 3802 tools/finsig_thumb2.c uint32_t val=is->insn->detail->arm.operands[1].imm; insn 3806 tools/finsig_thumb2.c save_misc_val(rule->name,val,0,(uint32_t)is->insn->address); insn 3834 tools/finsig_thumb2.c uint32_t val=is->insn->detail->arm.operands[1].imm; insn 3838 tools/finsig_thumb2.c save_misc_val(rule->name,val,0,(uint32_t)is->insn->address); insn 3862 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); insn 3864 tools/finsig_thumb2.c printf("sig_match_aram_start: no match LDR PC 0x%"PRIx64"\n",is->insn->address); insn 3868 tools/finsig_thumb2.c save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address); insn 3896 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); insn 3898 tools/finsig_thumb2.c printf("sig_match_aram_start2: no match LDR PC 0x%"PRIx64"\n",is->insn->address); insn 3902 tools/finsig_thumb2.c save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address); insn 3918 tools/finsig_thumb2.c if(!insn_match_find_next_seq(fw,is,4,match_cmp_b) || is->insn->detail->arm.cc == ARM_CC_AL) { insn 3929 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); insn 3931 tools/finsig_thumb2.c printf("sig_match__nrflag: no match LDR PC 0x%"PRIx64"\n",is->insn->address); insn 3934 tools/finsig_thumb2.c arm_reg reg_base = is->insn->detail->arm.operands[0].reg; // reg value was loaded into insn 3940 tools/finsig_thumb2.c if(isADDx_imm(is->insn) || isSUBx_imm(is->insn)) { insn 3941 tools/finsig_thumb2.c if((arm_reg)is->insn->detail->arm.operands[0].reg != reg_base) { insn 3945 tools/finsig_thumb2.c if(isADDx_imm(is->insn)) { insn 3946 tools/finsig_thumb2.c adr+=is->insn->detail->arm.operands[1].imm; insn 3948 tools/finsig_thumb2.c adr-=is->insn->detail->arm.operands[1].imm; insn 3955 tools/finsig_thumb2.c if(is->insn->id != ARM_INS_STR || (arm_reg)is->insn->detail->arm.operands[1].reg != reg_base) { insn 3959 tools/finsig_thumb2.c uint32_t disp = is->insn->detail->arm.operands[1].mem.disp; insn 3983 tools/finsig_thumb2.c if(!insn_match(is->insn,match_bxlr)) { insn 4002 tools/finsig_thumb2.c printf("sig_match_av_over_sem: no match TakeSemaphore at 0x%"PRIx64"\n",is->insn->address); insn 4010 tools/finsig_thumb2.c printf("sig_match_av_over_sem: no match ldr at 0x%"PRIx64"\n",is->insn->address); insn 4014 tools/finsig_thumb2.c save_misc_val(rule->name,desc.adr_adj,desc.off,(uint32_t)is->insn->address); insn 4025 tools/finsig_thumb2.c printf("sig_match_canon_menu_active: no match ldr at 0x%"PRIx64"\n",is->insn->address); insn 4032 tools/finsig_thumb2.c if(is->insn->id != ARM_INS_CMP) { insn 4033 tools/finsig_thumb2.c printf("sig_match_canon_menu_active: no match cmp at 0x%"PRIx64"\n",is->insn->address); insn 4036 tools/finsig_thumb2.c save_misc_val(rule->name,desc.adr_adj,desc.off,(uint32_t)is->insn->address); insn 4071 tools/finsig_thumb2.c if(!isLDR_PC(is->insn)) { insn 4083 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); insn 4088 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) { insn 4096 tools/finsig_thumb2.c save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address); insn 4123 tools/finsig_thumb2.c printf("sig_match_palette_vars: no match bl 1 0x%"PRIx64"\n",fw->is->insn->address); insn 4130 tools/finsig_thumb2.c printf("sig_match_palette_vars: no match bl 2 0x%"PRIx64"\n",is->insn->address); insn 4137 tools/finsig_thumb2.c printf("sig_match_palette_vars: no match ldr pc 0x%"PRIx64"\n",is->insn->address); insn 4141 tools/finsig_thumb2.c uint32_t pal_base=LDR_PC2val(fw,is->insn); insn 4143 tools/finsig_thumb2.c printf("sig_match_palette_vars: bad LDR PC 0x%"PRIx64"\n",is->insn->address); insn 4147 tools/finsig_thumb2.c arm_reg ptr_reg = is->insn->detail->arm.operands[0].reg; insn 4149 tools/finsig_thumb2.c save_misc_val(rule->name,pal_base,0,(uint32_t)is->insn->address); insn 4158 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].mem.base == ptr_reg) { insn 4161 tools/finsig_thumb2.c is->insn->detail->arm.operands[1].mem.disp, insn 4162 tools/finsig_thumb2.c (uint32_t)is->insn->address); insn 4168 tools/finsig_thumb2.c printf("sig_match_palette_vars: no match active_palette_buffer 0x%"PRIx64"\n",is->insn->address); insn 4182 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].mem.base == ptr_reg) { insn 4185 tools/finsig_thumb2.c is->insn->detail->arm.operands[1].mem.disp, insn 4186 tools/finsig_thumb2.c (uint32_t)is->insn->address); insn 4190 tools/finsig_thumb2.c printf("sig_match_palette_vars: no match palette_buffer_ptr 0x%"PRIx64"\n",is->insn->address); insn 4202 tools/finsig_thumb2.c printf("sig_match_live_free_cluster_count: no match bl1 0x%"PRIx64"\n",is->insn->address); insn 4209 tools/finsig_thumb2.c printf("sig_match_live_free_cluster_count: no get_fstype 0x%"PRIx64"\n",is->insn->address); insn 4215 tools/finsig_thumb2.c printf("sig_match_live_free_cluster_count: no match bl2 0x%"PRIx64"\n",is->insn->address); insn 4224 tools/finsig_thumb2.c printf("sig_match_live_free_cluster_count: no match ldr1 0x%"PRIx64"\n",is->insn->address); insn 4229 tools/finsig_thumb2.c printf("sig_match_live_free_cluster_count: no match ldr2 0x%"PRIx64"\n",is->insn->address); insn 4232 tools/finsig_thumb2.c uint32_t base = LDR_PC2val(fw,is->insn); insn 4235 tools/finsig_thumb2.c printf("sig_match_live_free_cluster_count: no takesemaphore_low 0x%"PRIx64"\n",is->insn->address); insn 4245 tools/finsig_thumb2.c printf("sig_match_live_free_cluster_count: no match ldrd 0x%"PRIx64"\n",is->insn->address); insn 4249 tools/finsig_thumb2.c save_misc_val(rule->name,base,is->insn->detail->arm.operands[2].mem.disp + 4,(uint32_t)is->insn->address); insn 4264 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,is->insn); insn 4266 tools/finsig_thumb2.c printf("sig_match_rom_ptr_get: no match LDR PC 0x%"PRIx64"\n",is->insn->address); insn 4269 tools/finsig_thumb2.c if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) { insn 4278 tools/finsig_thumb2.c if(!insn_match(is->insn,match_bxlr)) { insn 4332 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,insn_match)) { insn 4415 tools/finsig_thumb2.c if(insn_match_any(fw->is->insn,match_mov_r0_imm)) { insn 4418 tools/finsig_thumb2.c if(isRETx(fw->is->insn)) { insn 4539 tools/finsig_thumb2.c printf("sig_match_named: disasm failed %s 0x%08x\n",rule->name,(uint32_t)is->insn->address); insn 4549 tools/finsig_thumb2.c uint32_t adr = B_BL_BLXimm_target(fw,is->insn); insn 4552 tools/finsig_thumb2.c if(is->insn->id == ARM_INS_BLX) { insn 4980 tools/finsig_thumb2.c printf("eventproc name not string at 0x%"PRIx64"\n",is->insn->address); insn 4987 tools/finsig_thumb2.c uint64_t adr = is->insn->address; insn 4997 tools/finsig_thumb2.c if (is->insn->address >= adr) break; insn 4998 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].type == ARM_OP_MEM) { insn 4999 tools/finsig_thumb2.c uint32_t u = LDR_PC2val(fw,is->insn); insn 5001 tools/finsig_thumb2.c ar = is->insn->detail->arm.operands[0].reg; insn 5010 tools/finsig_thumb2.c if (is->insn->address >= adr) break; insn 5011 tools/finsig_thumb2.c if (is->insn->id == ARM_INS_ADD && is->insn->detail->arm.operands[1].reg == ar) { insn 5069 tools/finsig_thumb2.c if (fw->is->insn->id == ARM_INS_BLX && adr1 == adr2) { insn 5101 tools/finsig_thumb2.c printf("failed to get *EventProcTable arg 0x%08x at 0x%"PRIx64"\n",regs[0],is->insn->address); insn 5104 tools/finsig_thumb2.c printf("failed to get *EventProcTable r0 at 0x%"PRIx64"\n",is->insn->address); insn 5122 tools/finsig_thumb2.c printf("task name name not string at 0x%"PRIx64"\n",is->insn->address); insn 5125 tools/finsig_thumb2.c printf("failed to get CreateTask args at 0x%"PRIx64"\n",is->insn->address); insn 5152 tools/finsig_thumb2.c printf("add_ptp_handler op 0x%08x out of range 0x%"PRIx64"\n",regs[0],is->insn->address); insn 5162 tools/finsig_thumb2.c cs_insn *insn=fw->is->insn; insn 5163 tools/finsig_thumb2.c if(insn->id != ARM_INS_LDRH) { insn 5166 tools/finsig_thumb2.c if(insn->detail->arm.operands[0].reg != ARM_REG_R0 insn 5167 tools/finsig_thumb2.c || insn->detail->arm.operands[1].mem.base == ARM_REG_PC insn 5172 tools/finsig_thumb2.c ptr_reg = insn->detail->arm.operands[1].mem.base; insn 5178 tools/finsig_thumb2.c printf("failed to get add_ptp_handler args at 0x%"PRIx64"\n",is->insn->address); insn 5186 tools/finsig_thumb2.c cs_insn *insn=fw->is->insn; insn 5187 tools/finsig_thumb2.c if(!isLDR_PC(insn)) { insn 5190 tools/finsig_thumb2.c if((arm_reg)insn->detail->arm.operands[0].reg != ptr_reg) { insn 5194 tools/finsig_thumb2.c uint32_t adr=LDR_PC2val(fw,insn); insn 5202 tools/finsig_thumb2.c printf("failed to get ptp handler table adr at 0x%"PRIx64"\n",is->insn->address); insn 5277 tools/finsig_thumb2.c ex_vec = LDR_PC2val(fw,is->insn); insn 5299 tools/finsig_thumb2.c uint32_t addr=LDR_PC2val(fw,is->insn); insn 5300 tools/finsig_thumb2.c if(!addr && is->insn->id == ARM_INS_B) { insn 5313 tools/finsig_thumb2.c addr=LDR_PC2val(fw,is->insn); insn 474 tools/firmware_load_ng.c int isARM(cs_insn *insn) insn 477 tools/firmware_load_ng.c for(i=0;i<insn->detail->groups_count;i++) { insn 478 tools/firmware_load_ng.c if(insn->detail->groups[i] == ARM_GRP_ARM) { insn 488 tools/firmware_load_ng.c int isLDR_PC(cs_insn *insn) insn 490 tools/firmware_load_ng.c return insn->id == ARM_INS_LDR insn 491 tools/firmware_load_ng.c && insn->detail->arm.op_count == 2 insn 492 tools/firmware_load_ng.c && insn->detail->arm.operands[0].type == ARM_OP_REG insn 493 tools/firmware_load_ng.c && insn->detail->arm.operands[1].type == ARM_OP_MEM insn 494 tools/firmware_load_ng.c && insn->detail->arm.operands[1].mem.base == ARM_REG_PC; insn 501 tools/firmware_load_ng.c int isLDR_PC_PC(cs_insn *insn) insn 503 tools/firmware_load_ng.c if(!isLDR_PC(insn)) { insn 506 tools/firmware_load_ng.c return (insn->detail->arm.operands[0].reg == ARM_REG_PC); insn 510 tools/firmware_load_ng.c int isSUBW_PC(cs_insn *insn) insn 512 tools/firmware_load_ng.c return(insn->id == ARM_INS_SUBW insn 513 tools/firmware_load_ng.c && insn->detail->arm.op_count == 3 insn 514 tools/firmware_load_ng.c && insn->detail->arm.operands[0].type == ARM_OP_REG insn 515 tools/firmware_load_ng.c && insn->detail->arm.operands[0].reg != ARM_REG_PC insn 516 tools/firmware_load_ng.c && insn->detail->arm.operands[1].type == ARM_OP_REG insn 517 tools/firmware_load_ng.c && insn->detail->arm.operands[1].reg == ARM_REG_PC insn 518 tools/firmware_load_ng.c && insn->detail->arm.operands[2].type == ARM_OP_IMM); insn 522 tools/firmware_load_ng.c int isADDW_PC(cs_insn *insn) insn 524 tools/firmware_load_ng.c return(insn->id == ARM_INS_ADDW insn 525 tools/firmware_load_ng.c && insn->detail->arm.op_count == 3 insn 526 tools/firmware_load_ng.c && insn->detail->arm.operands[0].type == ARM_OP_REG insn 527 tools/firmware_load_ng.c && insn->detail->arm.operands[0].reg != ARM_REG_PC insn 528 tools/firmware_load_ng.c && insn->detail->arm.operands[1].type == ARM_OP_REG insn 529 tools/firmware_load_ng.c && insn->detail->arm.operands[1].reg == ARM_REG_PC insn 530 tools/firmware_load_ng.c && insn->detail->arm.operands[2].type == ARM_OP_IMM); insn 534 tools/firmware_load_ng.c int isADD_PC(cs_insn *insn) insn 536 tools/firmware_load_ng.c return (insn->id == ARM_INS_ADD insn 537 tools/firmware_load_ng.c && insn->detail->arm.op_count == 3 insn 538 tools/firmware_load_ng.c && insn->detail->arm.operands[0].reg != ARM_REG_PC insn 539 tools/firmware_load_ng.c && insn->detail->arm.operands[1].type == ARM_OP_REG insn 540 tools/firmware_load_ng.c && insn->detail->arm.operands[1].reg == ARM_REG_PC insn 541 tools/firmware_load_ng.c && insn->detail->arm.operands[2].type == ARM_OP_IMM); insn 545 tools/firmware_load_ng.c int isSUB_PC(cs_insn *insn) insn 547 tools/firmware_load_ng.c return (insn->id == ARM_INS_SUB insn 548 tools/firmware_load_ng.c && insn->detail->arm.op_count == 3 insn 549 tools/firmware_load_ng.c && insn->detail->arm.operands[0].reg != ARM_REG_PC insn 550 tools/firmware_load_ng.c && insn->detail->arm.operands[1].type == ARM_OP_REG insn 551 tools/firmware_load_ng.c && insn->detail->arm.operands[1].reg == ARM_REG_PC insn 552 tools/firmware_load_ng.c && insn->detail->arm.operands[2].type == ARM_OP_IMM); insn 556 tools/firmware_load_ng.c int isRETx(cs_insn *insn) insn 559 tools/firmware_load_ng.c if(insn->id == ARM_INS_BX insn 560 tools/firmware_load_ng.c && insn->detail->arm.op_count == 1 insn 561 tools/firmware_load_ng.c && insn->detail->arm.operands[0].type == ARM_OP_REG insn 562 tools/firmware_load_ng.c && insn->detail->arm.operands[0].reg == ARM_REG_LR) { insn 569 tools/firmware_load_ng.c if(insn->id == ARM_INS_POP) { insn 571 tools/firmware_load_ng.c for(i=0; i < insn->detail->arm.op_count; i++) { insn 572 tools/firmware_load_ng.c if(insn->detail->arm.operands[i].type == ARM_OP_REG insn 573 tools/firmware_load_ng.c && insn->detail->arm.operands[i].reg == ARM_REG_PC) { insn 579 tools/firmware_load_ng.c if(insn->id == ARM_INS_MOV insn 580 tools/firmware_load_ng.c && insn->detail->arm.operands[0].type == ARM_OP_REG insn 581 tools/firmware_load_ng.c && insn->detail->arm.operands[0].reg == ARM_REG_PC insn 582 tools/firmware_load_ng.c && insn->detail->arm.operands[1].type == ARM_OP_REG insn 583 tools/firmware_load_ng.c && insn->detail->arm.operands[1].reg == ARM_REG_LR) { insn 590 tools/firmware_load_ng.c int isPUSH_LR(cs_insn *insn) insn 592 tools/firmware_load_ng.c if(insn->id != ARM_INS_PUSH) { insn 596 tools/firmware_load_ng.c for(i=0; i < insn->detail->arm.op_count; i++) { insn 597 tools/firmware_load_ng.c if(insn->detail->arm.operands[i].type == ARM_OP_REG insn 598 tools/firmware_load_ng.c && insn->detail->arm.operands[i].reg == ARM_REG_LR) { insn 606 tools/firmware_load_ng.c int isPOP_LR(cs_insn *insn) insn 608 tools/firmware_load_ng.c if(insn->id != ARM_INS_POP) { insn 612 tools/firmware_load_ng.c for(i=0; i < insn->detail->arm.op_count; i++) { insn 613 tools/firmware_load_ng.c if(insn->detail->arm.operands[i].type == ARM_OP_REG insn 614 tools/firmware_load_ng.c && insn->detail->arm.operands[i].reg == ARM_REG_LR) { insn 622 tools/firmware_load_ng.c int isPOP_PC(cs_insn *insn) insn 624 tools/firmware_load_ng.c if(insn->id != ARM_INS_POP) { insn 628 tools/firmware_load_ng.c for(i=0; i < insn->detail->arm.op_count; i++) { insn 629 tools/firmware_load_ng.c if(insn->detail->arm.operands[i].type == ARM_OP_REG insn 630 tools/firmware_load_ng.c && insn->detail->arm.operands[i].reg == ARM_REG_PC) { insn 638 tools/firmware_load_ng.c int isADDx_imm(cs_insn *insn) insn 640 tools/firmware_load_ng.c return ((insn->id == ARM_INS_ADD || insn->id == ARM_INS_ADDW) && insn->detail->arm.operands[1].type == ARM_OP_IMM); insn 643 tools/firmware_load_ng.c int isSUBx_imm(cs_insn *insn) insn 645 tools/firmware_load_ng.c return (IS_INSN_ID_SUBx(insn->id) && insn->detail->arm.operands[1].type == ARM_OP_IMM); insn 649 tools/firmware_load_ng.c int isADRx(cs_insn *insn) insn 651 tools/firmware_load_ng.c return ((insn->id == ARM_INS_ADR) insn 652 tools/firmware_load_ng.c || isSUBW_PC(insn) insn 653 tools/firmware_load_ng.c || isADDW_PC(insn) insn 654 tools/firmware_load_ng.c || (isARM(insn) && (isADD_PC(insn) || isSUB_PC(insn)))); insn 658 tools/firmware_load_ng.c uint32_t* LDR_PC2valptr_thumb(firmware *fw, cs_insn *insn) insn 660 tools/firmware_load_ng.c if(!isLDR_PC(insn)) { insn 666 tools/firmware_load_ng.c adr=(insn->address&~3)+4+insn->detail->arm.operands[1].mem.disp; insn 670 tools/firmware_load_ng.c uint32_t* LDR_PC2valptr_arm(firmware *fw, cs_insn *insn) insn 672 tools/firmware_load_ng.c if(!isLDR_PC(insn)) { insn 678 tools/firmware_load_ng.c adr=insn->address+8+insn->detail->arm.operands[1].mem.disp; insn 682 tools/firmware_load_ng.c uint32_t* LDR_PC2valptr(firmware *fw, cs_insn *insn) insn 684 tools/firmware_load_ng.c if(isARM(insn)) { insn 685 tools/firmware_load_ng.c return LDR_PC2valptr_arm(fw,insn); insn 687 tools/firmware_load_ng.c return LDR_PC2valptr_thumb(fw,insn); insn 692 tools/firmware_load_ng.c uint32_t LDR_PC2adr(__attribute__ ((unused))firmware *fw, cs_insn *insn) insn 694 tools/firmware_load_ng.c if(!isLDR_PC(insn)) { insn 697 tools/firmware_load_ng.c if(isARM(insn)) { insn 698 tools/firmware_load_ng.c return insn->address+8+insn->detail->arm.operands[1].mem.disp; insn 700 tools/firmware_load_ng.c return (insn->address&~3)+4+insn->detail->arm.operands[1].mem.disp; insn 705 tools/firmware_load_ng.c uint32_t ADRx2adr(__attribute__ ((unused))firmware *fw, cs_insn *insn) insn 707 tools/firmware_load_ng.c if(insn->id == ARM_INS_ADR) { insn 708 tools/firmware_load_ng.c return (insn->address&~3)+4+insn->detail->arm.operands[1].imm; insn 710 tools/firmware_load_ng.c if(isSUBW_PC(insn)) { insn 711 tools/firmware_load_ng.c return (insn->address&~3)+4-insn->detail->arm.operands[2].imm; insn 713 tools/firmware_load_ng.c if(isADDW_PC(insn)) { insn 714 tools/firmware_load_ng.c return (insn->address&~3)+4+insn->detail->arm.operands[2].imm; insn 716 tools/firmware_load_ng.c if(isARM(insn)) { insn 717 tools/firmware_load_ng.c if(isADD_PC(insn)) { insn 718 tools/firmware_load_ng.c return insn->address+8+insn->detail->arm.operands[2].imm; insn 720 tools/firmware_load_ng.c if(isSUB_PC(insn)) { insn 721 tools/firmware_load_ng.c return insn->address+8-insn->detail->arm.operands[2].imm; insn 729 tools/firmware_load_ng.c uint32_t ADR2adr(__attribute__ ((unused))firmware *fw, cs_insn *insn) insn 731 tools/firmware_load_ng.c if(insn->id != ARM_INS_ADR) { insn 740 tools/firmware_load_ng.c return (insn->address&~3)+4+insn->detail->arm.operands[1].imm; insn 744 tools/firmware_load_ng.c uint32_t* ADR2valptr(firmware *fw, cs_insn *insn) insn 746 tools/firmware_load_ng.c uint32_t adr=ADR2adr(fw,insn); insn 751 tools/firmware_load_ng.c uint32_t LDR_PC2val(firmware *fw, cs_insn *insn) insn 753 tools/firmware_load_ng.c uint32_t *p=LDR_PC2valptr(fw,insn); insn 761 tools/firmware_load_ng.c uint32_t LDR_PC_PC_target(firmware *fw, cs_insn *insn) insn 763 tools/firmware_load_ng.c if(!isLDR_PC_PC(insn)) { insn 766 tools/firmware_load_ng.c return LDR_PC2val(fw,insn); insn 770 tools/firmware_load_ng.c uint32_t B_target(__attribute__ ((unused))firmware *fw, cs_insn *insn) insn 772 tools/firmware_load_ng.c if(insn->id == ARM_INS_B) { insn 773 tools/firmware_load_ng.c return insn->detail->arm.operands[0].imm; insn 780 tools/firmware_load_ng.c uint32_t CBx_target(__attribute__ ((unused))firmware *fw, cs_insn *insn) insn 782 tools/firmware_load_ng.c if(insn->id == ARM_INS_CBZ || insn->id == ARM_INS_CBNZ) { insn 783 tools/firmware_load_ng.c return insn->detail->arm.operands[1].imm; insn 789 tools/firmware_load_ng.c uint32_t BLXimm_target(__attribute__ ((unused))firmware *fw, cs_insn *insn) insn 791 tools/firmware_load_ng.c if(insn->id == ARM_INS_BLX && insn->detail->arm.operands[0].type == ARM_OP_IMM) { insn 792 tools/firmware_load_ng.c return insn->detail->arm.operands[0].imm; insn 799 tools/firmware_load_ng.c uint32_t BL_target(__attribute__ ((unused))firmware *fw, cs_insn *insn) insn 801 tools/firmware_load_ng.c if(insn->id == ARM_INS_BL) { insn 802 tools/firmware_load_ng.c return insn->detail->arm.operands[0].imm; insn 808 tools/firmware_load_ng.c uint32_t B_BL_target(__attribute__ ((unused))firmware *fw, cs_insn *insn) insn 810 tools/firmware_load_ng.c if(insn->id == ARM_INS_B || insn->id == ARM_INS_BL) { insn 811 tools/firmware_load_ng.c return insn->detail->arm.operands[0].imm; insn 818 tools/firmware_load_ng.c uint32_t B_BL_BLXimm_target(__attribute__ ((unused))firmware *fw, cs_insn *insn) insn 820 tools/firmware_load_ng.c if(insn->id == ARM_INS_B insn 821 tools/firmware_load_ng.c || insn->id == ARM_INS_BL insn 822 tools/firmware_load_ng.c || (insn->id == ARM_INS_BLX && insn->detail->arm.operands[0].type == ARM_OP_IMM)) { insn 823 tools/firmware_load_ng.c return insn->detail->arm.operands[0].imm; insn 833 tools/firmware_load_ng.c if(!(is->insn->id == ARM_INS_TBH || is->insn->id == ARM_INS_TBB) || is->insn->detail->arm.operands[0].mem.base != ARM_REG_PC) { insn 838 tools/firmware_load_ng.c ti->bytes=(is->insn->id == ARM_INS_TBH)?2:1; insn 847 tools/firmware_load_ng.c arm_reg i_reg=is->insn->detail->arm.operands[0].mem.index; insn 862 tools/firmware_load_ng.c if(fw->is->insn->id == ARM_INS_B && fw->is->insn->detail->arm.cc == ARM_CC_HS) { insn 867 tools/firmware_load_ng.c if(found_bhs && fw->is->insn->id == ARM_INS_CMP) { insn 869 tools/firmware_load_ng.c if((arm_reg)fw->is->insn->detail->arm.operands[0].reg == i_reg insn 870 tools/firmware_load_ng.c || fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM) { insn 871 tools/firmware_load_ng.c max_count = fw->is->insn->detail->arm.operands[1].imm; insn 933 tools/firmware_load_ng.c is->insn=cs_malloc(fw->cs_handle_arm); insn 941 tools/firmware_load_ng.c cs_free(is->insn,1); insn 1001 tools/firmware_load_ng.c return cs_disasm_iter(is->cs_handle, &is->code, &is->size, &is->adr, is->insn); insn 1012 tools/firmware_load_ng.c is->code -= is->insn->size; insn 1013 tools/firmware_load_ng.c is->adr -= is->insn->size; insn 1014 tools/firmware_load_ng.c is->size += is->insn->size; insn 1016 tools/firmware_load_ng.c return cs_disasm_iter(is->cs_handle, &is->code, &is->size, &is->adr, is->insn); insn 1051 tools/firmware_load_ng.c size_t fw_disasm_adr(firmware *fw, uint32_t adr, unsigned count, cs_insn **insn) insn 1055 tools/firmware_load_ng.c *insn=NULL; // ? insn 1058 tools/firmware_load_ng.c return cs_disasm(fw->cs_handle, p, fw->size8 - (p-fw->buf8), adr, count, insn); insn 1173 tools/firmware_load_ng.c uint32_t av=ADRx2adr(fw,is->insn); insn 1177 tools/firmware_load_ng.c return (uint32_t)is->insn->address; insn 1181 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,is->insn); insn 1185 tools/firmware_load_ng.c return (uint32_t)is->insn->address; insn 1196 tools/firmware_load_ng.c uint32_t av=ADRx2adr(fw,is->insn); insn 1201 tools/firmware_load_ng.c return (uint32_t)is->insn->address; insn 1205 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,is->insn); insn 1210 tools/firmware_load_ng.c return (uint32_t)is->insn->address; insn 1333 tools/firmware_load_ng.c arm_insn insn_id = fw->is->insn->id; insn 1339 tools/firmware_load_ng.c && fw->is->insn->detail->arm.cc == ARM_CC_AL) { insn 1345 tools/firmware_load_ng.c if(fw->is->insn->detail->arm.operands[0].type != ARM_OP_REG) { insn 1348 tools/firmware_load_ng.c arm_reg rd = fw->is->insn->detail->arm.operands[0].reg; insn 1363 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,fw->is->insn); insn 1370 tools/firmware_load_ng.c uint32_t v=ADRx2adr(fw,fw->is->insn); // assumes ADR doesn't generate 0, probably safe insn 1379 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM) { insn 1380 tools/firmware_load_ng.c res[rd_i] += fw->is->insn->detail->arm.operands[1].imm; insn 1383 tools/firmware_load_ng.c } else if(isADDx_imm(fw->is->insn)) { insn 1384 tools/firmware_load_ng.c res[rd_i] += fw->is->insn->detail->arm.operands[1].imm; insn 1389 tools/firmware_load_ng.c } else if(isSUBx_imm(fw->is->insn)) { insn 1390 tools/firmware_load_ng.c res[rd_i] = (int)(res[rd_i]) - fw->is->insn->detail->arm.operands[1].imm; insn 1418 tools/firmware_load_ng.c uint32_t adr=B_target(fw,is_init->insn); insn 1423 tools/firmware_load_ng.c adr=LDR_PC_PC_target(fw,is_init->insn); insn 1429 tools/firmware_load_ng.c if((is_init->insn->id == ARM_INS_MOV || is_init->insn->id == ARM_INS_MOVW) insn 1430 tools/firmware_load_ng.c && is_init->insn->detail->arm.operands[0].reg == ARM_REG_IP insn 1431 tools/firmware_load_ng.c && is_init->insn->detail->arm.operands[1].type == ARM_OP_IMM) { insn 1432 tools/firmware_load_ng.c adr = is_init->insn->detail->arm.operands[1].imm; insn 1435 tools/firmware_load_ng.c fprintf(stderr,"get_direct_jump_target: disasm single failed at 0x%"PRIx64"\n",fw->is->insn->address); insn 1439 tools/firmware_load_ng.c if(!(fw->is->insn->id == ARM_INS_MOVT insn 1440 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_IP insn 1441 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM)) { insn 1447 tools/firmware_load_ng.c adr = (fw->is->insn->detail->arm.operands[1].imm << 16) | (adr&0xFFFF); insn 1449 tools/firmware_load_ng.c fprintf(stderr,"get_direct_jump_target: disasm 2 failed at 0x%"PRIx64"\n",fw->is->insn->address); insn 1453 tools/firmware_load_ng.c if(fw->is->insn->id == ARM_INS_BX insn 1454 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[0].type == ARM_OP_REG insn 1455 tools/firmware_load_ng.c && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_IP) { insn 1469 tools/firmware_load_ng.c uint32_t adr=B_BL_target(fw,is->insn); insn 1475 tools/firmware_load_ng.c adr=CBx_target(fw,is->insn); insn 1481 tools/firmware_load_ng.c adr=BLXimm_target(fw,is->insn); insn 1490 tools/firmware_load_ng.c adr=LDR_PC_PC_target(fw,is->insn); insn 1527 tools/firmware_load_ng.c r.reg_base=is->insn->detail->arm.operands[0].reg; insn 1528 tools/firmware_load_ng.c r.adr_base=LDR_PC2val(fw,is->insn); insn 1539 tools/firmware_load_ng.c if(isLDR_PC(is->insn)) { insn 1545 tools/firmware_load_ng.c if(isADDx_imm(is->insn) || isSUBx_imm(is->insn)) { insn 1546 tools/firmware_load_ng.c if((arm_reg)is->insn->detail->arm.operands[0].reg != r.reg_base) { insn 1549 tools/firmware_load_ng.c if(isADDx_imm(is->insn)) { insn 1550 tools/firmware_load_ng.c r.adj=is->insn->detail->arm.operands[1].imm; insn 1552 tools/firmware_load_ng.c r.adj=-is->insn->detail->arm.operands[1].imm; insn 1566 tools/firmware_load_ng.c && (is->insn->id == ARM_INS_BL || is->insn->id == ARM_INS_BLX insn 1567 tools/firmware_load_ng.c || is->insn->id == ARM_INS_B || is->insn->id == ARM_INS_BX) insn 1568 tools/firmware_load_ng.c && is->insn->detail->arm.cc == ARM_CC_AL) { insn 1572 tools/firmware_load_ng.c if(is->insn->id != ARM_INS_LDR || (arm_reg)is->insn->detail->arm.operands[1].reg != r.reg_base) { insn 1575 tools/firmware_load_ng.c if(is->insn->detail->arm.operands[0].type == ARM_OP_REG && (arm_reg)is->insn->detail->arm.operands[0].reg == r.reg_base) { insn 1581 tools/firmware_load_ng.c r.reg_val = is->insn->detail->arm.operands[0].reg; insn 1585 tools/firmware_load_ng.c r.off = is->insn->detail->arm.operands[1].mem.disp; insn 1632 tools/firmware_load_ng.c if(insn_match_any(fw->is->insn,match_mov_r0_imm)) { insn 1633 tools/firmware_load_ng.c found_val = fw->is->insn->detail->arm.operands[1].imm; insn 1642 tools/firmware_load_ng.c if(!isRETx(fw->is->insn)) { insn 1678 tools/firmware_load_ng.c if(isPUSH_LR(is->insn)) { insn 1693 tools/firmware_load_ng.c if(insn_match_any(is->insn,match_bl_blximm) && count >= min_insns) { insn 1699 tools/firmware_load_ng.c if(isPOP_PC(is->insn)) { insn 1708 tools/firmware_load_ng.c if(isPOP_LR(is->insn)) { insn 1718 tools/firmware_load_ng.c if(is->insn->id == ARM_INS_B && is->insn->detail->arm.cc == ARM_CC_AL) { insn 1726 tools/firmware_load_ng.c if(isRETx(is->insn)) { insn 1779 tools/firmware_load_ng.c while(match->id != ARM_INS_ENDING && disasm_iter(fw,is) && insn_match(is->insn,match)) { insn 1787 tools/firmware_load_ng.c int insn_match(cs_insn *insn,const insn_match_t *match) insn 1790 tools/firmware_load_ng.c if(match->id != ARM_INS_INVALID && insn->id != match->id) { insn 1794 tools/firmware_load_ng.c if(match->cc != ARM_CC_INVALID && insn->detail->arm.cc != match->cc) { insn 1802 tools/firmware_load_ng.c if(match->op_count >= 0 && insn->detail->arm.op_count != match->op_count) { insn 1807 tools/firmware_load_ng.c for(i=0;i<MATCH_MAX_OPS && i < insn->detail->arm.op_count; i++) { insn 1809 tools/firmware_load_ng.c if(match->operands[i].type != ARM_OP_INVALID && insn->detail->arm.operands[i].type != match->operands[i].type) { insn 1814 tools/firmware_load_ng.c if(insn->detail->arm.operands[i].type == ARM_OP_REG) { insn 1815 tools/firmware_load_ng.c if((arm_reg)insn->detail->arm.operands[i].reg != match->operands[i].reg1) { insn 1818 tools/firmware_load_ng.c } else if(insn->detail->arm.operands[i].type == ARM_OP_MEM) { insn 1819 tools/firmware_load_ng.c if(insn->detail->arm.operands[i].mem.base != match->operands[i].reg1) { insn 1824 tools/firmware_load_ng.c insn->detail->arm.operands[i].type); insn 1828 tools/firmware_load_ng.c if(insn->detail->arm.operands[i].type == ARM_OP_MEM) { insn 1829 tools/firmware_load_ng.c if(insn->detail->arm.operands[i].mem.index != match->operands[i].reg2) { insn 1834 tools/firmware_load_ng.c insn->detail->arm.operands[i].type); insn 1838 tools/firmware_load_ng.c if(insn->detail->arm.operands[i].type == ARM_OP_IMM insn 1839 tools/firmware_load_ng.c || insn->detail->arm.operands[i].type == ARM_OP_PIMM insn 1840 tools/firmware_load_ng.c || insn->detail->arm.operands[i].type == ARM_OP_CIMM) { insn 1841 tools/firmware_load_ng.c if(insn->detail->arm.operands[i].imm != match->operands[i].imm) { insn 1844 tools/firmware_load_ng.c } else if(insn->detail->arm.operands[i].type == ARM_OP_MEM) { insn 1845 tools/firmware_load_ng.c if(insn->detail->arm.operands[i].mem.disp != match->operands[i].imm) { insn 1850 tools/firmware_load_ng.c insn->detail->arm.operands[i].type); insn 1861 tools/firmware_load_ng.c int insn_match_any(cs_insn *insn,const insn_match_t *match) insn 1866 tools/firmware_load_ng.c if(insn_match(insn,m)) { insn 1883 tools/firmware_load_ng.c if(insn_match_any(is->insn,match)) { insn 1907 tools/firmware_load_ng.c if(insn_match(is->insn,m)) { insn 1927 tools/firmware_load_ng.c while(m->id != ARM_INS_ENDING && disasm_iter(fw,is) && insn_match(is->insn,m)) { insn 2165 tools/firmware_load_ng.c cs_insn *insn; insn 2167 tools/firmware_load_ng.c count = cs_disasm(fw->cs_handle_thumb, code, sizeof(code), 0xFF000000, 3, &insn); insn 2169 tools/firmware_load_ng.c if(!(count == 3 && insn[0].id == ARM_INS_BLX && insn[2].id == ARM_INS_BLX)) { insn 2174 tools/firmware_load_ng.c int r=(insn[0].detail->arm.operands[0].imm == insn[2].detail->arm.operands[0].imm); insn 2180 tools/firmware_load_ng.c cs_free(insn,count); insn 2226 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,is->insn); insn 2290 tools/firmware_load_ng.c if(!IS_INSN_ID_MOVx(is->insn->id) || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) { insn 2293 tools/firmware_load_ng.c ra = is->insn->detail->arm.operands[0].reg; insn 2294 tools/firmware_load_ng.c va = is->insn->detail->arm.operands[1].imm; insn 2296 tools/firmware_load_ng.c if(is->insn->id != ARM_INS_MOVT insn 2297 tools/firmware_load_ng.c || is->insn->detail->arm.operands[0].reg != ra insn 2298 tools/firmware_load_ng.c || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) { insn 2301 tools/firmware_load_ng.c va = (is->insn->detail->arm.operands[1].imm << 16) | (va & 0xFFFF); insn 2308 tools/firmware_load_ng.c if(!IS_INSN_ID_MOVx(is->insn->id) || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) { insn 2311 tools/firmware_load_ng.c rb = is->insn->detail->arm.operands[0].reg; insn 2312 tools/firmware_load_ng.c vb = is->insn->detail->arm.operands[1].imm; insn 2314 tools/firmware_load_ng.c if(is->insn->id != ARM_INS_MOVT insn 2315 tools/firmware_load_ng.c || is->insn->detail->arm.operands[0].reg != rb insn 2316 tools/firmware_load_ng.c || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) { insn 2319 tools/firmware_load_ng.c vb = (is->insn->detail->arm.operands[1].imm << 16) | (vb & 0xFFFF); insn 2330 tools/firmware_load_ng.c } else if(is->insn->id == ARM_INS_MCR) { insn 2433 tools/firmware_load_ng.c uint32_t *pv=LDR_PC2valptr(fw,is->insn); insn 62 tools/firmware_load_ng.h cs_insn *insn; // cached instruction insn 245 tools/firmware_load_ng.h int isARM(cs_insn *insn); insn 250 tools/firmware_load_ng.h int isLDR_PC(cs_insn *insn); insn 255 tools/firmware_load_ng.h int isLDR_PC_PC(cs_insn *insn); insn 258 tools/firmware_load_ng.h uint32_t* LDR_PC2valptr_thumb(firmware *fw, cs_insn *insn); insn 259 tools/firmware_load_ng.h uint32_t* LDR_PC2valptr_arm(firmware *fw, cs_insn *insn); insn 260 tools/firmware_load_ng.h uint32_t* LDR_PC2valptr(firmware *fw, cs_insn *insn); insn 263 tools/firmware_load_ng.h uint32_t LDR_PC2adr(firmware *fw, cs_insn *insn); insn 266 tools/firmware_load_ng.h int isSUBW_PC(cs_insn *insn); insn 269 tools/firmware_load_ng.h int isADDW_PC(cs_insn *insn); insn 272 tools/firmware_load_ng.h int isADD_PC(cs_insn *insn); insn 275 tools/firmware_load_ng.h int isSUB_PC(cs_insn *insn); insn 278 tools/firmware_load_ng.h int isRETx(cs_insn *insn); insn 281 tools/firmware_load_ng.h int isPUSH_LR(cs_insn *insn); insn 284 tools/firmware_load_ng.h int isPOP_LR(cs_insn *insn); insn 287 tools/firmware_load_ng.h int isPOP_PC(cs_insn *insn); insn 290 tools/firmware_load_ng.h int isADDx_imm(cs_insn *insn); insn 293 tools/firmware_load_ng.h int isSUBx_imm(cs_insn *insn); insn 296 tools/firmware_load_ng.h int isADRx(cs_insn *insn); insn 299 tools/firmware_load_ng.h uint32_t ADRx2adr(firmware *fw, cs_insn *insn); insn 303 tools/firmware_load_ng.h uint32_t ADR2adr(firmware *fw, cs_insn *insn); insn 306 tools/firmware_load_ng.h uint32_t* ADR2valptr(firmware *fw, cs_insn *insn); insn 309 tools/firmware_load_ng.h uint32_t LDR_PC2val(firmware *fw, cs_insn *insn); insn 314 tools/firmware_load_ng.h uint32_t B_target(firmware *fw, cs_insn *insn); insn 317 tools/firmware_load_ng.h uint32_t CBx_target(firmware *fw, cs_insn *insn); insn 320 tools/firmware_load_ng.h uint32_t BLXimm_target(firmware *fw, cs_insn *insn); insn 325 tools/firmware_load_ng.h uint32_t BL_target(firmware *fw, cs_insn *insn); insn 328 tools/firmware_load_ng.h uint32_t B_BL_target(firmware *fw, cs_insn *insn); insn 331 tools/firmware_load_ng.h uint32_t B_BL_BLXimm_target(firmware *fw, cs_insn *insn); insn 612 tools/firmware_load_ng.h int insn_match(cs_insn *insn, const insn_match_t *match); insn 615 tools/firmware_load_ng.h int insn_match_any(cs_insn *insn,const insn_match_t *match); insn 656 tools/firmware_load_ng.h #define iter_state_adr(is) ((uint32_t)is->insn->address | is->thumb)