is                421 tools/capdis.c void describe_prop_call(firmware *fw,iter_state_t *is, unsigned dis_opts, char *comment, uint32_t target)
is                429 tools/capdis.c     if((get_call_const_args(fw,is,6,regs)&1)!=1) {
is                458 tools/capdis.c int do_dis_branch(firmware *fw, iter_state_t *is, unsigned dis_opts, char *ops, char *comment)
is                460 tools/capdis.c     uint32_t target = B_target(fw,is->insn);
is                463 tools/capdis.c         target = CBx_target(fw,is->insn);
is                467 tools/capdis.c         sprintf(op_pfx,"%s, ",cs_reg_name(is->cs_handle,is->insn->detail->arm.operands[0].reg));
is                474 tools/capdis.c        ostub = find_sig_val(fw->sv->stubs,target|is->thumb);
is                483 tools/capdis.c             if(fw_disasm_iter_single(fw,target|is->thumb)) {
is                484 tools/capdis.c                 j_target=get_direct_jump_target(fw,fw->is);
is                509 tools/capdis.c     describe_prop_call(fw,is,dis_opts,comment,desc_adr | is->thumb);
is                510 tools/capdis.c     describe_simple_func(fw,dis_opts,comment,desc_adr | is->thumb);
is                515 tools/capdis.c int do_dis_call(firmware *fw, iter_state_t *is, unsigned dis_opts, char *ops, char *comment)
is                517 tools/capdis.c     if(!((is->insn->id == ARM_INS_BL || is->insn->id == ARM_INS_BLX) 
is                518 tools/capdis.c             && is->insn->detail->arm.operands[0].type == ARM_OP_IMM)) {
is                522 tools/capdis.c     uint32_t target = get_branch_call_insn_target(fw,is); // target with thumb bit set appropriately
is                537 tools/capdis.c                 j_target=get_direct_jump_target(fw,fw->is);
is                563 tools/capdis.c     describe_prop_call(fw,is,dis_opts,comment,desc_adr);
is                570 tools/capdis.c                     iter_state_t *is,
is                577 tools/capdis.c     cs_insn *insn=is->insn;
is                584 tools/capdis.c     if(do_dis_branch(fw,is,dis_opts,ops,comment)) {
is                587 tools/capdis.c     if(do_dis_call(fw,is,dis_opts,ops,comment)) {
is                598 tools/capdis.c                         cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg),
is                619 tools/capdis.c                         cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg),
is                625 tools/capdis.c                                 cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), 
is                631 tools/capdis.c                                 cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), 
is                641 tools/capdis.c                                 cs_reg_name(is->cs_handle,insn->detail->arm.operands[0].reg), 
is                654 tools/capdis.c     } else if(get_TBx_PC_info(fw,is,ti)) {
is                663 tools/capdis.c void do_adr_label(firmware *fw, struct llist **branch_list, iter_state_t *is, unsigned dis_opts)
is                666 tools/capdis.c     uint32_t adr=is->insn->address;
is                671 tools/capdis.c        ostub = find_sig_val(fw->sv->stubs,adr|is->thumb);
is                692 tools/capdis.c static void do_tbb_data(firmware *fw, iter_state_t *is, unsigned dis_opts, tbx_info_t *ti)
is                746 tools/capdis.c     if(!disasm_iter_init(fw,is,adr | is->thumb)) {
is                754 tools/capdis.c static void do_tbh_data(firmware *fw, iter_state_t *is, unsigned dis_opts, tbx_info_t *ti)
is                791 tools/capdis.c     if(!disasm_iter_init(fw,is,adr | is->thumb)) {
is                796 tools/capdis.c static void do_tbx_pass1(firmware *fw, iter_state_t *is, struct llist **branch_list, unsigned dis_opts, tbx_info_t *ti)
is                829 tools/capdis.c     if(!disasm_iter_init(fw,is,adr | is->thumb)) {
is                835 tools/capdis.c static void do_tbx_data(firmware *fw, iter_state_t *is, unsigned dis_opts, tbx_info_t *ti)
is                838 tools/capdis.c         do_tbb_data(fw,is,dis_opts,ti);
is                840 tools/capdis.c         do_tbh_data(fw,is,dis_opts,ti);
is                851 tools/capdis.c     iter_state_t *is=disasm_iter_new(fw,dis_start);
is                859 tools/capdis.c         while(count < dis_count &&  is->adr < dis_end) {
is                860 tools/capdis.c             if(disasm_iter(fw,is)) {
is                861 tools/capdis.c                 uint32_t b_tgt=get_branch_call_insn_target(fw,is);
is                865 tools/capdis.c                 } else if(get_TBx_PC_info(fw,is,&ti)) { 
is                868 tools/capdis.c                     do_tbx_pass1(fw,is,branch_list,dis_opts,&ti);
is                871 tools/capdis.c                 if(!disasm_iter_init(fw,is,(is->adr+is->insn_min_size) | is->thumb)) {
is                880 tools/capdis.c     disasm_iter_init(fw,is,dis_start);
is                881 tools/capdis.c     while(count < dis_count && is->adr < dis_end) {
is                882 tools/capdis.c         if(disasm_iter(fw,is)) {
is                883 tools/capdis.c             do_adr_label(fw,branch_list,is,dis_opts);
is                888 tools/capdis.c                     printf(" 0x%"PRIx64"",is->insn->address);
is                892 tools/capdis.c                     for(k=0;k<is->insn->size;k++) {
is                893 tools/capdis.c                         printf(" %02x",is->insn->bytes[k]);
is                899 tools/capdis.c                 describe_insn_ops(is->cs_handle,is->insn);
is                902 tools/capdis.c                 describe_insn_groups(is->cs_handle,is->insn);
is                907 tools/capdis.c             do_dis_insn(fw,is,dis_opts,insn_mnemonic,insn_ops,comment,&ti);
is                921 tools/capdis.c                     printf("%08"PRIx64": \t",is->insn->address);
is                924 tools/capdis.c                     if(is->insn->size == 2) {
is                925 tools/capdis.c                         printf("%02x%02x     ",is->insn->bytes[1],is->insn->bytes[0]);
is                926 tools/capdis.c                     } else if(is->insn->size == 4) {
is                927 tools/capdis.c                         printf("%02x%02x %02x%02x",is->insn->bytes[1],is->insn->bytes[0],is->insn->bytes[3],is->insn->bytes[2]);
is                951 tools/capdis.c                 do_tbx_data(fw,is,dis_opts,&ti);
is                953 tools/capdis.c             if((dis_opts & DIS_OPT_END_RET) && isRETx(is->insn)) { // end disassembly on return
is                968 tools/capdis.c             uint16_t *pv=(uint16_t *)adr2ptr(fw,is->adr);
is                971 tools/capdis.c                 if(is->thumb) {
is                977 tools/capdis.c                 printf("%s invalid address %"PRIx64"\n",comment_start,is->adr);
is                979 tools/capdis.c             if(!disasm_iter_init(fw,is,(is->adr+is->insn_min_size)|is->thumb)) {
is                991 tools/capdis.c         printf("    ldr     pc, =0x%"PRIx64,is->adr|is->thumb);
is                873 tools/finsig_thumb2.c     for(v_cnt = 0, b_adr = get_direct_jump_target(fw,fw->is);
is                875 tools/finsig_thumb2.c             v_cnt++,b_adr = get_direct_jump_target(fw,fw->is)) {
is                911 tools/finsig_thumb2.c int find_next_sig_call_ex(firmware *fw, iter_state_t *is, uint32_t max_offset, const char *name, uint32_t flags)
is                948 tools/finsig_thumb2.c     return fw_search_insn(fw,is,search_fn,0,match_fns,is->adr + max_offset);
is                951 tools/finsig_thumb2.c int find_next_sig_call(firmware *fw, iter_state_t *is, uint32_t max_offset, const char *name)
is                953 tools/finsig_thumb2.c     return find_next_sig_call_ex(fw,is,max_offset,name,0);
is                958 tools/finsig_thumb2.c int is_sig_call(firmware *fw, iter_state_t *is, const char *name)
is                960 tools/finsig_thumb2.c     uint32_t adr=get_branch_call_insn_target(fw,is);
is               1005 tools/finsig_thumb2.c typedef int (*sig_match_fn)(firmware *fw, iter_state_t *is, sig_rule_t *rule);
is               1018 tools/finsig_thumb2.c int init_disasm_sig_ref(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1029 tools/finsig_thumb2.c     if(!disasm_iter_init(fw,is,adr)) {
is               1036 tools/finsig_thumb2.c int sig_match_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule);
is               1037 tools/finsig_thumb2.c uint32_t find_str_arg_call(firmware *fw, iter_state_t *is, sig_rule_t *rule);
is               1043 tools/finsig_thumb2.c int sig_match_str_r0_call(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1054 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1055 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1056 tools/finsig_thumb2.c         if(is->insn->detail->arm.operands[0].reg == ARM_REG_R0) {
is               1059 tools/finsig_thumb2.c             if(insn_match_find_next(fw,is,4,match_b_bl_blximm)) {
is               1060 tools/finsig_thumb2.c                 uint32_t adr=get_branch_call_insn_target(fw,is);
is               1070 tools/finsig_thumb2.c int sig_match_reg_evp(firmware *fw, iter_state_t *is, __attribute__ ((unused))sig_rule_t *rule)
is               1088 tools/finsig_thumb2.c     disasm_iter_init(fw,is,e_to_evp);
is               1089 tools/finsig_thumb2.c     if(insn_match_seq(fw,is,reg_evp_match)) {
is               1090 tools/finsig_thumb2.c         reg_evp=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm);
is               1099 tools/finsig_thumb2.c int sig_match_reg_evp_table(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1110 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1112 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1113 tools/finsig_thumb2.c         if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) {
is               1116 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,2,match_b_bl)) {
is               1119 tools/finsig_thumb2.c         reg_evp_alt1=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm);
is               1126 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,4,regs)&3)==3) {
is               1138 tools/finsig_thumb2.c         disasm_iter_init(fw,is,dd_enable_p); // start at found func
is               1139 tools/finsig_thumb2.c         if(insn_match_find_next(fw,is,4,match_b_bl)) { // find the first bl
is               1142 tools/finsig_thumb2.c             if(get_call_const_args(fw,is,4,regs)&1) {
is               1143 tools/finsig_thumb2.c                 reg_evp_tbl=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm);
is               1153 tools/finsig_thumb2.c int sig_match_reg_evp_alt2(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1165 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1166 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1167 tools/finsig_thumb2.c         if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) {
is               1170 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_b_bl)) {
is               1175 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,4,regs)&3)==3) {
is               1177 tools/finsig_thumb2.c                 reg_evp_alt2=ADR_SET_THUMB(is->insn->detail->arm.operands[0].imm);
is               1180 tools/finsig_thumb2.c                     printf("RegisterEventProcedure_alt2 == _alt1 at %"PRIx64"\n",is->insn->address);
is               1195 tools/finsig_thumb2.c int sig_match_unreg_evp_table(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1207 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1208 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1210 tools/finsig_thumb2.c         if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) {
is               1213 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_b_bl)) {
is               1216 tools/finsig_thumb2.c         uint32_t reg_call=get_branch_call_insn_target(fw,is);
is               1223 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,4,regs)&3)==3) {
is               1235 tools/finsig_thumb2.c     disasm_iter_init(fw,is,mecha_unreg);
is               1237 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,7,match_b_bl)) {
is               1245 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,18,match_ldr_r0)) {
is               1248 tools/finsig_thumb2.c     uint32_t tbl=LDR_PC2val(fw,is->insn);
is               1252 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               1256 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1261 tools/finsig_thumb2.c int sig_match_evp_table_veneer(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1268 tools/finsig_thumb2.c     disasm_iter_init(fw,is,ref_adr); // start at our known function
is               1269 tools/finsig_thumb2.c     while (is->adr < (ref_adr+0x800)) {
is               1270 tools/finsig_thumb2.c         cadr = is->adr;
is               1271 tools/finsig_thumb2.c         if (!disasm_iter(fw,is)) {
is               1272 tools/finsig_thumb2.c             disasm_iter_set(fw,is,(is->adr+2) | fw->thumb_default);
is               1275 tools/finsig_thumb2.c             if (is->insn->id == ARM_INS_B) {
is               1276 tools/finsig_thumb2.c                 uint32_t b_adr = get_branch_call_insn_target(fw,is);
is               1279 tools/finsig_thumb2.c                     add_func_name(fw,rule->name,cadr | is->thumb,NULL);
is               1290 tools/finsig_thumb2.c int sig_match_createtaskstrictly_alt(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1298 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1299 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1300 tools/finsig_thumb2.c         if(is->insn->detail->arm.operands[0].reg == ARM_REG_R0) {
is               1303 tools/finsig_thumb2.c             if(insn_match_find_next(fw,is,4,match_b_bl_blximm)) {
is               1304 tools/finsig_thumb2.c                 uint32_t adr=get_branch_call_insn_target(fw,is);
is               1324 tools/finsig_thumb2.c int sig_match_createtask_alt(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1331 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1334 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               1338 tools/finsig_thumb2.c     uint32_t adr = get_branch_call_insn_target(fw,is);
is               1354 tools/finsig_thumb2.c int sig_match_get_nd_value(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1361 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1364 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,16,"ClearEventFlag")) {
is               1368 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               1373 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1374 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               1375 tools/finsig_thumb2.c     if (B_target(fw,is->insn))
is               1376 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1378 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_bl_blximm)) {
is               1382 tools/finsig_thumb2.c     uint32_t addr=get_branch_call_insn_target(fw,is);
is               1390 tools/finsig_thumb2.c int sig_match_get_current_exp(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1392 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1395 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,2,match_bl_blximm)) {
is               1400 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1401 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               1406 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1407 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               1411 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1414 tools/finsig_thumb2.c int sig_match_get_current_nd_value(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1420 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1423 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,36,"GetCurrentShutterSpeed_FW")) {
is               1434 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,10,match_bl_strh)) {
is               1439 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,1));
is               1440 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               1441 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1444 tools/finsig_thumb2.c int sig_match_get_current_deltasv(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1446 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1449 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,36,"GetCurrentShutterSpeed_FW")) {
is               1460 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,8,match_bl_strh)) {
is               1465 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,1));
is               1466 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               1467 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1471 tools/finsig_thumb2.c int sig_match_imager_active_callback(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1473 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1484 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,28,match_ldr_bl_mov_pop)) {
is               1489 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,3));
is               1491 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               1492 tools/finsig_thumb2.c     uint32_t f1=LDR_PC2val(fw,is->insn);
is               1497 tools/finsig_thumb2.c int sig_match_imager_active(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1499 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1512 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,10,match_ldr_mov_str_pop)) {
is               1514 tools/finsig_thumb2.c         init_disasm_sig_ref(fw,is,rule);
is               1522 tools/finsig_thumb2.c         if(!insn_match_find_next_seq(fw,is,10,match_mov_ldr_str_pop)) {
is               1529 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,backtrack));
is               1530 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               1531 tools/finsig_thumb2.c     uint32_t base=LDR_PC2val(fw,is->insn);
is               1532 tools/finsig_thumb2.c     uint32_t reg=is->insn->detail->arm.operands[0].reg;
is               1536 tools/finsig_thumb2.c         disasm_iter(fw,is);
is               1538 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               1540 tools/finsig_thumb2.c     if(is->insn->detail->arm.operands[1].mem.base != reg) {
is               1544 tools/finsig_thumb2.c     uint32_t off=is->insn->detail->arm.operands[1].mem.disp;
is               1546 tools/finsig_thumb2.c     save_misc_val("imager_active",base,off,(uint32_t)is->insn->address);
is               1550 tools/finsig_thumb2.c int sig_match_screenlock_helper(firmware *fw, iter_state_t *is, sig_rule_t *rule) {
is               1551 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1554 tools/finsig_thumb2.c     uint32_t init_adr = (uint32_t)is->adr | is->thumb;
is               1570 tools/finsig_thumb2.c     if(insn_match_find_next_seq(fw,is,6,match_cmp_bne_bl)) {
is               1577 tools/finsig_thumb2.c     disasm_iter_init(fw,is,init_adr);
is               1578 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,1,match_ldrpc_mov_b)) {
is               1579 tools/finsig_thumb2.c         printf("sig_match_screenlock_helper: match 2 failed 0x%"PRIx64"\n",is->insn->address);
is               1582 tools/finsig_thumb2.c     disasm_iter_init(fw,is,init_adr);
is               1583 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               1584 tools/finsig_thumb2.c     uint32_t adr = LDR_PC2val(fw,is->insn);
is               1586 tools/finsig_thumb2.c         printf("sig_match_screenlock_helper: no match LDR PC 0x%"PRIx64"\n",is->insn->address);
is               1589 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               1591 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,6,match_cmp_bne_bl)) {
is               1598 tools/finsig_thumb2.c int sig_match_fclose_low(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1600 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1604 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,24,"strlen")) {
is               1608 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,26,"malloc")) {
is               1612 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,14,"strcpy")) {
is               1617 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,12,3,match_bl_blximm)) {
is               1621 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1624 tools/finsig_thumb2.c int sig_match_screenunlock(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1626 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1630 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,14,"ScreenLock")) {
is               1641 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,38,match_end)) {
is               1646 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1650 tools/finsig_thumb2.c int sig_match_log_camera_event(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1652 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1655 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               1660 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,4,regs)&3)!=3) {
is               1673 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1677 tools/finsig_thumb2.c int sig_match_physw_misc(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1679 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1683 tools/finsig_thumb2.c             disasm_iter_init(fw,is,ostub2->val);
is               1693 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               1697 tools/finsig_thumb2.c         physw_run=LDR_PC2val(fw,is->insn);
is               1700 tools/finsig_thumb2.c                 save_misc_val("physw_run",physw_run,0,(uint32_t)is->insn->address);
is               1713 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,7,match_bl_blximm)) {
is               1721 tools/finsig_thumb2.c     uint32_t f=get_branch_call_insn_target(fw,is);
is               1726 tools/finsig_thumb2.c         uint32_t f2=get_direct_jump_target(fw,fw->is);
is               1735 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,1));
is               1736 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               1741 tools/finsig_thumb2.c     if(is->insn->id != ARM_INS_LDR
is               1742 tools/finsig_thumb2.c         || is->insn->detail->arm.operands[0].reg != ARM_REG_R0) {
is               1745 tools/finsig_thumb2.c     save_misc_val("physw_sleep_delay",physw_run,is->insn->detail->arm.operands[1].mem.disp,(uint32_t)is->insn->address);
is               1747 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               1753 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,2,match_bl_blximm)) {
is               1756 tools/finsig_thumb2.c     save_sig(fw,"kbd_p1_f",get_branch_call_insn_target(fw,is));
is               1759 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               1762 tools/finsig_thumb2.c     save_sig(fw,"kbd_p2_f",get_branch_call_insn_target(fw,is));
is               1766 tools/finsig_thumb2.c int sig_match_kbd_read_keys(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1768 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1772 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               1775 tools/finsig_thumb2.c     save_sig(fw,"kbd_read_keys",get_branch_call_insn_target(fw,is));
is               1776 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               1780 tools/finsig_thumb2.c     uint32_t physw_status=LDR_PC2val(fw,is->insn);
is               1782 tools/finsig_thumb2.c         save_misc_val("physw_status",physw_status,0,(uint32_t)is->insn->address);
is               1783 tools/finsig_thumb2.c         save_sig(fw,"kbd_p1_f_cont",(uint32_t)(is->insn->address) | is->thumb);
is               1790 tools/finsig_thumb2.c int sig_match_get_kbd_state(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1792 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1802 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,11,match)) {
is               1805 tools/finsig_thumb2.c     save_sig_with_j(fw,"GetKbdState",get_branch_call_insn_target(fw,is));
is               1807 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_b_bl_blximm)) {
is               1810 tools/finsig_thumb2.c     save_sig_with_j(fw,"kbd_read_keys_r2",get_branch_call_insn_target(fw,is));
is               1814 tools/finsig_thumb2.c int sig_match_get_dial_hw_position(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1816 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1819 tools/finsig_thumb2.c     uint32_t adr = find_last_call_from_func(fw,is,18,50);
is               1825 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               1826 tools/finsig_thumb2.c     adr = find_last_call_from_func(fw,is,16,32);
is               1832 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               1834 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,30,match_bl_blximm)) {
is               1838 tools/finsig_thumb2.c     uint32_t fadr = get_branch_call_insn_target(fw,is);
is               1840 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,4));
is               1847 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_hw_dial_call)) {
is               1854 tools/finsig_thumb2.c int sig_match_create_jumptable(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1856 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1860 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,20,2,match_bl_blximm)) {
is               1864 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1865 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,15,match_bl_blximm)) {
is               1869 tools/finsig_thumb2.c     save_sig(fw,"CreateJumptable",get_branch_call_insn_target(fw,is));
is               1874 tools/finsig_thumb2.c int sig_match_take_semaphore_strict(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1876 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               1880 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               1884 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1886 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,10,2,match_bl_blximm)) {
is               1890 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               1892 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,20,3,match_bl_blximm)) {
is               1895 tools/finsig_thumb2.c     save_sig_with_j(fw,"DebugAssert",get_branch_call_insn_target(fw,is));
is               1898 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,7,match_bl_blximm)) {
is               1901 tools/finsig_thumb2.c     save_sig_with_j(fw,"TakeSemaphoreStrictly",get_branch_call_insn_target(fw,is));
is               1907 tools/finsig_thumb2.c         fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i));
is               1908 tools/finsig_thumb2.c         cs_insn *insn=fw->is->insn;
is               1929 tools/finsig_thumb2.c     save_misc_val("fileio_semaphore",sem_adr,0,(uint32_t)is->insn->address);
is               1931 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,10,match_bl_blximm)) {
is               1934 tools/finsig_thumb2.c     return save_sig_with_j(fw,"GetDrive_FreeClusters",get_branch_call_insn_target(fw,is));
is               1937 tools/finsig_thumb2.c int sig_match_get_semaphore_value(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1945 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1947 tools/finsig_thumb2.c     if(!fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1955 tools/finsig_thumb2.c         if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) {
is               1959 tools/finsig_thumb2.c         if(insn_match_any(fw->is->insn,match_bl_blximm)){
is               1960 tools/finsig_thumb2.c             fadr=get_branch_call_insn_target(fw,fw->is);
is               1969 tools/finsig_thumb2.c     disasm_iter_init(fw,is,fadr);
is               1971 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,9,match_bl_blximm)) {
is               1975 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               1978 tools/finsig_thumb2.c int sig_match_stat(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               1987 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               1988 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               1989 tools/finsig_thumb2.c         if(is->insn->detail->arm.operands[0].reg == ARM_REG_R0) {
is               1990 tools/finsig_thumb2.c             if(insn_match_find_next(fw,is,2,match_bl_blximm)) {
is               1991 tools/finsig_thumb2.c                 uint32_t adr=get_branch_call_insn_target(fw,is);
is               1993 tools/finsig_thumb2.c                 if(is_sig_call(fw,is,"Fopen_Fut_FW")) {
is               2014 tools/finsig_thumb2.c int sig_match_open(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2016 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2019 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,48,match_open_mov_call)) {
is               2022 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2026 tools/finsig_thumb2.c int sig_match_umalloc(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2028 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2032 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,15,3,match_bl_blximm)) {
is               2036 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2038 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,14,3,match_bl_blximm)) {
is               2041 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2045 tools/finsig_thumb2.c int sig_match_ufree(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2047 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2051 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,60,"strcpy_FW")) {
is               2055 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,12,3,match_bl_blximm)) {
is               2059 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2061 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,40,"Close_FW")) {
is               2065 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               2068 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2071 tools/finsig_thumb2.c int sig_match_deletefile_fut(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2079 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2080 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2082 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               2086 tools/finsig_thumb2.c         uint32_t adr=get_branch_call_insn_target(fw,is);
is               2099 tools/finsig_thumb2.c         if(!insn_match_any(fw->is->insn,match_mov_r1)){
is               2107 tools/finsig_thumb2.c uint32_t find_call_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule);
is               2109 tools/finsig_thumb2.c int sig_match_closedir(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2117 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2118 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2119 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,60,"sprintf_FW")) {
is               2122 tools/finsig_thumb2.c         if(insn_match_find_nth(fw,is,7,2,match_bl_blximm)) {
is               2123 tools/finsig_thumb2.c             return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2127 tools/finsig_thumb2.c     uint32_t call_adr = find_call_near_str(fw,is,rule);
is               2129 tools/finsig_thumb2.c         disasm_iter_init(fw,is,call_adr); // reset to a bit before where the string was found
is               2136 tools/finsig_thumb2.c         if(insn_match_seq(fw,is,match_closedir)){
is               2137 tools/finsig_thumb2.c             return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2147 tools/finsig_thumb2.c     disasm_iter_init(fw,fw->is,call_adr); // reset to a bit before where the string was found
is               2148 tools/finsig_thumb2.c     disasm_iter(fw,fw->is);
is               2149 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,fw->is));
is               2152 tools/finsig_thumb2.c int sig_match_readfastdir(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2169 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2170 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2171 tools/finsig_thumb2.c         uint32_t ref_adr = iter_state_adr(is);
is               2173 tools/finsig_thumb2.c         fw_disasm_iter_single(fw,adr_hist_get(&is->ah,2));
is               2174 tools/finsig_thumb2.c         if(insn_match_any(fw->is->insn,match_bl_blximm)) {
is               2175 tools/finsig_thumb2.c             uint32_t call_adr = iter_state_adr(fw->is);
is               2176 tools/finsig_thumb2.c             fw_disasm_iter_single(fw,adr_hist_get(&is->ah,1));
is               2177 tools/finsig_thumb2.c             if(insn_match_any(fw->is->insn,match_cbnz_r0)) {
is               2184 tools/finsig_thumb2.c             fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i));
is               2185 tools/finsig_thumb2.c             if(insn_match_any(fw->is->insn,match_bl_blximm)) {
is               2186 tools/finsig_thumb2.c                 uint32_t call_adr = iter_state_adr(fw->is);
is               2187 tools/finsig_thumb2.c                 fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i-1));
is               2188 tools/finsig_thumb2.c                 if(insn_match_any(fw->is->insn,match_cbz_r0)) {
is               2189 tools/finsig_thumb2.c                     uint32_t b_adr = get_branch_call_insn_target(fw,fw->is);
is               2201 tools/finsig_thumb2.c int sig_match_strrchr(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2206 tools/finsig_thumb2.c         uint32_t call_adr = find_call_near_str(fw,is,rule);
is               2208 tools/finsig_thumb2.c             disasm_iter_init(fw,is,call_adr-4); // reset to a bit before where the string was found
is               2213 tools/finsig_thumb2.c             if(insn_match_find_next(fw,is,2,match_mov_r1_imm)){
is               2221 tools/finsig_thumb2.c int sig_match_time(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2230 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2231 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2233 tools/finsig_thumb2.c         if(insn_match_find_nth(fw,is,6,2,match_bl_blximm)) {
is               2234 tools/finsig_thumb2.c             fadr=get_branch_call_insn_target(fw,is);
is               2242 tools/finsig_thumb2.c     disasm_iter_init(fw,is,fadr);
is               2244 tools/finsig_thumb2.c     if(insn_match_find_nth(fw,is,11,2,match_bl_blximm)) {
is               2245 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2250 tools/finsig_thumb2.c int sig_match_strncpy(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2252 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2255 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,60,"strcpy_FW")) {
is               2258 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               2261 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2264 tools/finsig_thumb2.c int sig_match_strncmp(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2272 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2273 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2274 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               2278 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,4,regs)&6)==6) {
is               2281 tools/finsig_thumb2.c                 return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2288 tools/finsig_thumb2.c int sig_match_strtolx(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2290 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2293 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,130,"strncpy")) {
is               2297 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               2300 tools/finsig_thumb2.c     uint32_t adr=get_branch_call_insn_target(fw,is);
is               2305 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               2306 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               2317 tools/finsig_thumb2.c     if(!insn_match(is->insn,match_mov_r3_imm)){
is               2320 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               2324 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2328 tools/finsig_thumb2.c int sig_match_exec_evp(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2336 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2337 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2341 tools/finsig_thumb2.c             if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) {
is               2344 tools/finsig_thumb2.c             if(fw->is->insn->id == ARM_INS_PUSH && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0) {
is               2346 tools/finsig_thumb2.c                 uint32_t adr=(uint32_t)(fw->is->insn->address) | is->thumb;
is               2348 tools/finsig_thumb2.c                 if(find_next_sig_call(fw,is,28,"DebugAssert")) {
is               2358 tools/finsig_thumb2.c int sig_match_fgets_fut(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2360 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2363 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,16,"Fopen_Fut_FW")) {
is               2366 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               2367 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               2368 tools/finsig_thumb2.c     if (B_target(fw,is->insn) && (is->insn->detail->arm.cc == ARM_CC_NE)) {
is               2369 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2371 tools/finsig_thumb2.c         if (B_target(fw,is->insn) && (is->insn->detail->arm.cc == ARM_CC_NE)) {
is               2372 tools/finsig_thumb2.c             disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2375 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,20,1,match_bl_blximm)) {
is               2378 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2381 tools/finsig_thumb2.c int sig_match_log(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2383 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2391 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,38,3,match_pop6)) {
is               2395 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,24,3,match_bl_blximm)) {
is               2398 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2402 tools/finsig_thumb2.c int sig_match_pow_dry_52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2407 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2415 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,50,match_ldrd_r0_r1)) {
is               2419 tools/finsig_thumb2.c     if(is->insn->detail->arm.operands[2].mem.base == ARM_REG_SP) {
is               2422 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               2426 tools/finsig_thumb2.c     uint32_t adr=get_branch_call_insn_target(fw,is);
is               2434 tools/finsig_thumb2.c int sig_match_pow_dry_gt_52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2439 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2462 tools/finsig_thumb2.c         if(insn_match_find_next_seq(fw,is,50,match1[idx]))
is               2464 tools/finsig_thumb2.c         init_disasm_sig_ref(fw,is,rule);
is               2470 tools/finsig_thumb2.c     uint32_t adr=get_branch_call_insn_target(fw,is);
is               2475 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               2492 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,15,match2[idx])) {
is               2495 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2498 tools/finsig_thumb2.c int sig_match_sqrt(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2500 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2504 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,12,3,match_bl_blximm)) {
is               2508 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2509 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               2513 tools/finsig_thumb2.c     uint32_t j_tgt=get_direct_jump_target(fw,is);
is               2517 tools/finsig_thumb2.c         disasm_iter_init(fw,is,j_tgt);
is               2518 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               2524 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,12,2,match_b_bl_blximm)) {
is               2527 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2529 tools/finsig_thumb2.c int sig_match_get_drive_cluster_size(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2531 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2535 tools/finsig_thumb2.c     if(fw_search_insn(fw,is,search_disasm_str_ref,0,"A/OpLogErr.txt",(uint32_t)is->adr+260)) {
is               2537 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               2542 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2544 tools/finsig_thumb2.c         if(!insn_match_find_nth(fw,is,13,2,match_bl_blximm)) {
is               2549 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2550 tools/finsig_thumb2.c         disasm_iter(fw,is);
is               2551 tools/finsig_thumb2.c         if (B_target(fw, is->insn))
is               2552 tools/finsig_thumb2.c             disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2554 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               2558 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2563 tools/finsig_thumb2.c int sig_match_mktime_ext(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2571 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2572 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2574 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,12,"sscanf_FW")) {
is               2579 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,22,match_bl_blximm)) {
is               2584 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2585 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               2589 tools/finsig_thumb2.c         uint32_t j_tgt=get_direct_jump_target(fw,is);
is               2593 tools/finsig_thumb2.c             disasm_iter_init(fw,is,j_tgt);
is               2594 tools/finsig_thumb2.c             if(!disasm_iter(fw,is)) {
is               2606 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,54,match_pop4)) {
is               2610 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,1,match_b)) {
is               2614 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2620 tools/finsig_thumb2.c int sig_match_rec2pb(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2628 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2629 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2635 tools/finsig_thumb2.c         if(!insn_match_find_next_seq(fw,is,10,match_ldr_cbnz_r0)) {
is               2640 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2641 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_b_bl_blximm)) {
is               2646 tools/finsig_thumb2.c         uint32_t adr = iter_state_adr(is);
is               2648 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2649 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,16,"LogCameraEvent")) {
is               2654 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,4,regs)&3)!=3) {
is               2670 tools/finsig_thumb2.c int sig_match_get_parameter_data(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2672 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2680 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,4,match_cmp_bhs)) {
is               2685 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2686 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,1,match_b)) {
is               2690 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2696 tools/finsig_thumb2.c int sig_match_prepdir_x(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2698 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2708 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,1,match_mov_r1_1)) {
is               2712 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,1,match_b)) {
is               2716 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2722 tools/finsig_thumb2.c int sig_match_prepdir_1(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2724 tools/finsig_thumb2.c     uint32_t call_adr = find_call_near_str(fw,is,rule);
is               2726 tools/finsig_thumb2.c         disasm_iter_init(fw,is,call_adr);
is               2727 tools/finsig_thumb2.c         disasm_iter(fw,is);
is               2728 tools/finsig_thumb2.c         disasm_iter(fw,is);
is               2729 tools/finsig_thumb2.c         if (!CBx_target(fw,is->insn))
is               2732 tools/finsig_thumb2.c             call_adr = find_call_near_str(fw,is,rule);
is               2736 tools/finsig_thumb2.c             disasm_iter_init(fw,is,call_adr);
is               2737 tools/finsig_thumb2.c             disasm_iter(fw,is);
is               2738 tools/finsig_thumb2.c             return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2743 tools/finsig_thumb2.c     call_adr = find_call_near_str(fw,is,rule);
is               2750 tools/finsig_thumb2.c int sig_match_prepdir_0(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2752 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2761 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               2762 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               2764 tools/finsig_thumb2.c     uint32_t adr=(uint32_t)is->adr|is->thumb;
is               2772 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,1,match_mov_r1_1)) {
is               2776 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,1,match_b)) {
is               2780 tools/finsig_thumb2.c     uint32_t pdx=get_branch_call_insn_target(fw,is);
is               2787 tools/finsig_thumb2.c int sig_match_mkdir(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2789 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2799 tools/finsig_thumb2.c     if(insn_match_find_next_seq(fw,is,148,match)) {
is               2800 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2803 tools/finsig_thumb2.c     init_disasm_sig_ref(fw,is,rule);
is               2811 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,148,match2)) {
is               2815 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2818 tools/finsig_thumb2.c int sig_match_add_ptp_handler(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2826 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2827 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2829 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,8,"CreateTaskStrictly")) {
is               2834 tools/finsig_thumb2.c         if(!insn_match_find_nth(fw,is,13,3,match_bl_blximm)) {
is               2840 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,5,regs)&7)!=7) {
is               2848 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2852 tools/finsig_thumb2.c int sig_match_qsort(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2854 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               2857 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,90,"DebugAssert")) {
is               2861 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,38,3,match_bl_blximm)) {
is               2866 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2868 tools/finsig_thumb2.c     if(insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               2869 tools/finsig_thumb2.c         disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               2871 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,14,match_bl_blximm)) {
is               2877 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,5,regs)&0xe)!=0xe) {
is               2881 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2891 tools/finsig_thumb2.c int sig_match_deletedirectory_fut(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2900 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - 2048) | fw->thumb_default); // reset to a bit before where the string was found
is               2902 tools/finsig_thumb2.c     while(find_next_sig_call(fw,is,end_adr - (uint32_t)is->adr,"DeleteFile_Fut")) {
is               2903 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               2907 tools/finsig_thumb2.c         if(!is_sig_call(fw,is,"strcpy")) {
is               2911 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               2915 tools/finsig_thumb2.c         if(!is_sig_call(fw,is,"strrchr")) {
is               2921 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,2,regs)&0x2)!=0x2) {
is               2929 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,5,match_bl_blximm)) {
is               2933 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2947 tools/finsig_thumb2.c int sig_match_set_control_event(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2955 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2956 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2957 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               2961 tools/finsig_thumb2.c         if(!is_sig_call(fw,is,"LogCameraEvent")) {
is               2971 tools/finsig_thumb2.c         if(!insn_match_find_next_seq(fw,is,1,match_seq)) {
is               2975 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               2980 tools/finsig_thumb2.c int sig_match_displaybusyonscreen_52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               2990 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               2991 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               2992 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               2996 tools/finsig_thumb2.c         if(!is_sig_call(fw,is,"LogCameraEvent")) {
is               3000 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,4,"GUISrv_StartGUISystem_FW")) {
is               3004 tools/finsig_thumb2.c         if(!insn_match_find_nth(fw,is,5,2,match_bl_blximm)) {
is               3008 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3013 tools/finsig_thumb2.c int sig_match_undisplaybusyonscreen_52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3023 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               3024 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               3026 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,24,"displaybusyonscreen")) {
is               3030 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,12,"GUISrv_StartGUISystem_FW")) {
is               3034 tools/finsig_thumb2.c         if(!insn_match_find_nth(fw,is,6,3,match_bl_blximm)) {
is               3038 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3043 tools/finsig_thumb2.c int sig_match_try_take_sem_dry_gt_57(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3045 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3048 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,24,"ReceiveMessageQueue")) {
is               3052 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,60,"bzero")) {
is               3056 tools/finsig_thumb2.c     if(insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               3057 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3063 tools/finsig_thumb2.c int sig_match_wait_all_eventflag_strict(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3065 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3073 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,60,"SleepTask")) {
is               3078 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,is->adr + 60)) {
is               3079 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,6,match_bl_blximm)) {
is               3080 tools/finsig_thumb2.c             printf("sig_match_wait_all_eventflag_strict: no match bl 0x%"PRIx64"\n",is->insn->address);
is               3083 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3088 tools/finsig_thumb2.c int sig_match_get_num_posted_messages(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3090 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3093 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,50,"TakeSemaphore")) {
is               3098 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_bl_blximm)) {
is               3099 tools/finsig_thumb2.c         printf("sig_match_get_num_posted_messages:  no match bl 0x%"PRIx64"\n",is->insn->address);
is               3102 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3105 tools/finsig_thumb2.c int sig_match_set_hp_timer_after_now(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3112 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               3113 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               3114 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,20,"ClearEventFlag")) {
is               3119 tools/finsig_thumb2.c         if(!insn_match_find_nth(fw,is,13,3,match_bl_blximm)) {
is               3125 tools/finsig_thumb2.c         uint32_t found_regs = get_call_const_args(fw,is,6,regs);
is               3132 tools/finsig_thumb2.c                     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3143 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3147 tools/finsig_thumb2.c int sig_match_transfer_src_overlay(firmware *fw, iter_state_t *is, sig_rule_t *rule) {
is               3148 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3152 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,32,"DebugAssert")) {
is               3157 tools/finsig_thumb2.c     if(!find_and_get_var_ldr(fw, is, 20,4, ARM_REG_R0, &desc)) {
is               3162 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,1,match_bl_blximm)) {
is               3163 tools/finsig_thumb2.c         printf("sig_match_transfer_src_overlay: no match bl 0x%"PRIx64"\n",is->insn->address);
is               3167 tools/finsig_thumb2.c     uint32_t fadr = get_branch_call_insn_target(fw,is);
is               3170 tools/finsig_thumb2.c     save_misc_val("active_bitmap_buffer",desc.adr_adj,desc.off,(uint32_t)is->insn->address);
is               3180 tools/finsig_thumb2.c     if(insn_match_find_next_seq(fw,is,1,bm_buf_match)) {
is               3181 tools/finsig_thumb2.c         if((arm_reg)is->insn->detail->arm.operands[1].reg == desc.reg_base) {
is               3182 tools/finsig_thumb2.c             save_misc_val("bitmap_buffer",desc.adr_adj,is->insn->detail->arm.operands[2].imm,(uint32_t)is->insn->address);
is               3199 tools/finsig_thumb2.c int sig_match_exmem_vars(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3202 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3207 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,15,match_ldr_pc)) {
is               3211 tools/finsig_thumb2.c     adr[0]=LDR_PC2val(fw,is->insn);
is               3212 tools/finsig_thumb2.c     fnd[0]=(uint32_t)is->insn->address;
is               3213 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_ldr_pc)) {
is               3217 tools/finsig_thumb2.c     adr[1]=LDR_PC2val(fw,is->insn);
is               3218 tools/finsig_thumb2.c     fnd[1]=(uint32_t)is->insn->address;
is               3251 tools/finsig_thumb2.c int sig_match_zicokick_52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3258 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               3261 tools/finsig_thumb2.c     if(!fw_search_insn(fw,is,search_disasm_str_ref,0,rule->ref_name,(uint32_t)is->adr+SEARCH_NEAR_REF_RANGE)) {
is               3266 tools/finsig_thumb2.c     if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,1))) {
is               3270 tools/finsig_thumb2.c     if (!(isLDR_PC(fw->is->insn) && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0)) {
is               3275 tools/finsig_thumb2.c     uint32_t adr=(uint32_t)(fw->is->insn->address) | is->thumb;
is               3277 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               3281 tools/finsig_thumb2.c     if (is->insn->id == ARM_INS_PUSH && is->insn->detail->arm.operands[0].reg == ARM_REG_R4) {
is               3287 tools/finsig_thumb2.c int sig_match_zicokick_gt52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3294 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               3297 tools/finsig_thumb2.c     if(!fw_search_insn(fw,is,search_disasm_str_ref,0,rule->ref_name,(uint32_t)is->adr+SEARCH_NEAR_REF_RANGE)) {
is               3306 tools/finsig_thumb2.c         if (!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) {
is               3310 tools/finsig_thumb2.c         if (fw->is->insn->id == ARM_INS_PUSH && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R4) {
is               3311 tools/finsig_thumb2.c             if (!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i+1))) {
is               3315 tools/finsig_thumb2.c             if (isLDR_PC(fw->is->insn) && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_R0) {
is               3316 tools/finsig_thumb2.c                 return save_sig_with_j(fw,rule->name,(uint32_t)(fw->is->insn->address) | is->thumb);
is               3323 tools/finsig_thumb2.c int sig_match_zicokick_copy(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3325 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3338 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,30,match_ldrs_bl)) {
is               3343 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3346 tools/finsig_thumb2.c int sig_match_zicokick_values(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3348 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3354 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,64,"zicokick_copy")) {
is               3360 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,7,regs)&0x7)==0x7) {
is               3365 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,8,"zicokick_copy")) {
is               3378 tools/finsig_thumb2.c         if (!disasm_iter(fw,is)) {
is               3382 tools/finsig_thumb2.c         if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].type == ARM_OP_MEM) {
is               3383 tools/finsig_thumb2.c             uint32_t u = LDR_PC2val(fw,is->insn);
is               3392 tools/finsig_thumb2.c         else if (is->insn->id == ARM_INS_BL) {
is               3425 tools/finsig_thumb2.c         else if (is->insn->id == ARM_INS_POP) {
is               3439 tools/finsig_thumb2.c int sig_match_init_ex_drivers(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3441 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3448 tools/finsig_thumb2.c         if (!disasm_iter(fw,is)) {
is               3452 tools/finsig_thumb2.c         uint32_t b_tgt = get_branch_call_insn_target(fw,is);
is               3457 tools/finsig_thumb2.c         uint64_t next_adr = is->adr | is->thumb;
is               3458 tools/finsig_thumb2.c         disasm_iter_init(fw,is,b_tgt);
is               3459 tools/finsig_thumb2.c         if (!disasm_iter(fw,is)) {
is               3464 tools/finsig_thumb2.c         if(is->insn->id == ARM_INS_PUSH) {
is               3465 tools/finsig_thumb2.c             if(find_next_sig_call(fw,is,30,"DebugAssert")) {
is               3467 tools/finsig_thumb2.c                 if((get_call_const_args(fw,is,5,regs)&0x2)==0x2) {
is               3475 tools/finsig_thumb2.c         disasm_iter_init(fw,is,next_adr);
is               3480 tools/finsig_thumb2.c int sig_match_omar_init(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3482 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3485 tools/finsig_thumb2.c     uint32_t fadr = find_last_call_from_func(fw,is,20,42);
is               3491 tools/finsig_thumb2.c     disasm_iter_init(fw,is,fadr);
is               3492 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,44,"dry_memcpy")) {
is               3498 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,5,regs)&0x6)!=0x6) {
is               3507 tools/finsig_thumb2.c     save_misc_val("omar_init_data",dadr,0,(uint32_t)is->insn->address);
is               3534 tools/finsig_thumb2.c int sig_match_init_error_handlers(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3536 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3539 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,64,"init_ex_drivers")) {
is               3543 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,4,2,match_bl_blximm)) {
is               3547 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3550 tools/finsig_thumb2.c int sig_match_default_assert_handler(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3552 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3555 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,14,"set_assert_handler")) {
is               3561 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,1,regs)&0x1)!=0x1) {
is               3568 tools/finsig_thumb2.c int sig_match_default_exception_handler(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3570 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3573 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,20,"set_exception_handler")) {
is               3579 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,1,regs)&0x1)!=0x1) {
is               3586 tools/finsig_thumb2.c int sig_match_default_panic_handler(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3588 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3591 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,28,"set_panic_handler")) {
is               3597 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,1,regs)&0x1)!=0x1) {
is               3604 tools/finsig_thumb2.c int sig_match_get_task_properties(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3606 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3609 tools/finsig_thumb2.c     if(fw_search_insn(fw,is,search_disasm_str_ref,0,"Occured Time  %s\n",(uint32_t)is->adr+170)) {
is               3611 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,16,"dry_error_printf")) {
is               3612 tools/finsig_thumb2.c             printf("get_task_properties: no match dry_error_printf 0x%"PRIx64"\n",is->insn->address);
is               3615 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               3616 tools/finsig_thumb2.c             printf("sig_match_get_task_properties: no match bl 0x%"PRIx64"\n",is->insn->address);
is               3619 tools/finsig_thumb2.c         return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3621 tools/finsig_thumb2.c     printf("sig_match_get_task_properties: no match 'Occured Time' 0x%"PRIx64"\n",is->insn->address);
is               3625 tools/finsig_thumb2.c int sig_match_enable_hdmi_power(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3627 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3630 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,14,"CreateEventFlagStrictly")) {
is               3639 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,4,match_seq)) {
is               3640 tools/finsig_thumb2.c         printf("sig_match_enable_hdmi_power: no match bl seq cbnz 0x%"PRIx64"\n",is->insn->address);
is               3644 tools/finsig_thumb2.c     if (!disasm_iter(fw,is)) {
is               3647 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3650 tools/finsig_thumb2.c int sig_match_disable_hdmi_power(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3652 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3655 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,24,"EnableHDMIPower")) {
is               3659 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,22,"ClearEventFlag")) {
is               3669 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,12,match_seq)) {
is               3670 tools/finsig_thumb2.c         printf("sig_match_disable_hdmi_power: no match seq bl movs pop 0x%"PRIx64"\n",is->insn->address);
is               3674 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,2));
is               3675 tools/finsig_thumb2.c     if (!disasm_iter(fw,is)) {
is               3678 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3681 tools/finsig_thumb2.c int sig_match_levent_table(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3683 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3686 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               3691 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3694 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               3700 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3703 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               3704 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               3711 tools/finsig_thumb2.c         printf("sig_match_levent_table: 0x%08x not a ROM adr 0x%"PRIx64"\n",adr,is->insn->address);
is               3715 tools/finsig_thumb2.c         printf("sig_match_levent_table: expected 0x800 not 0x%x at 0x%08x ref 0x%"PRIx64"\n",*(p+1),adr,is->insn->address);
is               3719 tools/finsig_thumb2.c     save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address);
is               3722 tools/finsig_thumb2.c int sig_match_flash_param_table(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3724 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3728 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,14,match_bl_blximm)) {
is               3732 tools/finsig_thumb2.c     if(!is_sig_call(fw,is,"DebugAssert")) {
is               3736 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,7,match_bl_blximm)) {
is               3740 tools/finsig_thumb2.c     if(!is_sig_call(fw,is,"DebugAssert")) {
is               3744 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,8,match_bl_blximm)) {
is               3748 tools/finsig_thumb2.c     if(!is_sig_call(fw,is,"DebugAssert")) {
is               3753 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,14,2,match_bl_blximm)) {
is               3758 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3761 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,8,match_bl_blximm)) {
is               3767 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3769 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               3770 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               3775 tools/finsig_thumb2.c     save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address);
is               3778 tools/finsig_thumb2.c int sig_match_jpeg_count_str(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3786 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               3787 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               3789 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               3793 tools/finsig_thumb2.c         if(!is_sig_call(fw,is,"sprintf_FW")) {
is               3799 tools/finsig_thumb2.c         if((get_call_const_args(fw,is,5,regs)&0x3)!=0x3) {
is               3811 tools/finsig_thumb2.c         save_misc_val(rule->name,regs[0],0,(uint32_t)is->insn->address);
is               3818 tools/finsig_thumb2.c int sig_match_misc_flag_named(__attribute__ ((unused))firmware *fw, __attribute__ ((unused))iter_state_t *is, sig_rule_t *rule)
is               3825 tools/finsig_thumb2.c int sig_match_dry_memset(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3827 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3830 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               3835 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3836 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,12,3,match_bl_blximm)) {
is               3840 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3843 tools/finsig_thumb2.c int sig_match_dry_memzero(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3845 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3848 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               3853 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3854 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,7,match_bl_blximm)) {
is               3858 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3863 tools/finsig_thumb2.c int sig_match_dry_memzero(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3865 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3875 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,1,match_start)) {
is               3880 tools/finsig_thumb2.c     uint32_t adr = get_branch_call_insn_target(fw,is) - 4;
is               3881 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               3886 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,1,match_mov_r2_0)) {
is               3894 tools/finsig_thumb2.c int sig_match_dry_memcpy_bytes(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3896 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3899 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,7,match_bl_blximm)) {
is               3904 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3912 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,20,match_end)) {
is               3916 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3920 tools/finsig_thumb2.c int sig_match_cam_has_iris_diaphragm(__attribute__ ((unused))firmware *fw, __attribute__ ((unused))iter_state_t *is, sig_rule_t *rule)
is               3935 tools/finsig_thumb2.c int sig_match_cam_uncached_bit(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3937 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3944 tools/finsig_thumb2.c     if(insn_match_find_next(fw,is,4,match_bic_r0)) {
is               3945 tools/finsig_thumb2.c         save_misc_val(rule->name,is->insn->detail->arm.operands[2].imm,0,(uint32_t)is->insn->address);
is               3951 tools/finsig_thumb2.c int sig_match_umalloc_strictly(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3959 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               3960 tools/finsig_thumb2.c     if(!fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               3964 tools/finsig_thumb2.c     if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) {
is               3968 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,4,match_bl_blximm)) {
is               3972 tools/finsig_thumb2.c     if(!is_sig_call(fw,is,"CreateTaskStrictly")) {
is               3977 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,6,match_b_bl_blximm)) {
is               3982 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               3983 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,10,match_bl_blximm)) {
is               3987 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               3990 tools/finsig_thumb2.c int sig_match_dcache_clean_flush_and_disable(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               3992 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               3995 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,44,"GetSRAndDisableInterrupt")) {
is               3999 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,2,match_bl_blximm)) {
is               4003 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               4006 tools/finsig_thumb2.c int sig_match_get_rom_id(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4008 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4012 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4016 tools/finsig_thumb2.c     if(is->insn->id == ARM_INS_MOV) {
is               4017 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               4021 tools/finsig_thumb2.c         if(is->insn->id != ARM_INS_B) {
is               4025 tools/finsig_thumb2.c     } else if(is->insn->id == ARM_INS_PUSH) {
is               4034 tools/finsig_thumb2.c         if(!insn_match_find_next_seq(fw,is,1,match_seq)) {
is               4042 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               4045 tools/finsig_thumb2.c int sig_match_dcache_flush_and_enable(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4047 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4050 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,12,"GetSRAndDisableInterrupt")) {
is               4054 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,8,"dcache_clean_flush_and_disable")) {
is               4060 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,112,"SetSR")) {
is               4065 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,2));
is               4066 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               4067 tools/finsig_thumb2.c     uint32_t adr = get_branch_call_insn_target(fw,is);
is               4076 tools/finsig_thumb2.c int sig_match_physw_event_table(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4078 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4082 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_ldr_pc)) {
is               4086 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               4088 tools/finsig_thumb2.c         printf("sig_match_physw_event_table: no match LDR PC 0x%"PRIx64"\n",is->insn->address);
is               4092 tools/finsig_thumb2.c         printf("sig_match_physw_event_table: adr not ROM 0x%08x at 0x%"PRIx64"\n",adr,is->insn->address);
is               4095 tools/finsig_thumb2.c     save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address);
is               4098 tools/finsig_thumb2.c int sig_match_uiprop_count(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4100 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4103 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,38,"DebugAssert")) {
is               4107 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,14,"DebugAssert")) {
is               4116 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,3,match_bic_cmp)) {
is               4120 tools/finsig_thumb2.c     save_misc_val(rule->name,is->insn->detail->arm.operands[1].imm,0,(uint32_t)is->insn->address);
is               4124 tools/finsig_thumb2.c int sig_match_get_canon_mode_list(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4133 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               4134 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,str_adr+SEARCH_NEAR_REF_RANGE)) {
is               4136 tools/finsig_thumb2.c         if(!find_next_sig_call(fw,is,4,"LogCameraEvent")) {
is               4141 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               4152 tools/finsig_thumb2.c         if(insn_match_any(is->insn,match_mov_r0_1)) {
is               4153 tools/finsig_thumb2.c             if(!insn_match_find_nth(fw,is,2,2,match_bl_blximm)) {
is               4158 tools/finsig_thumb2.c             if(!insn_match_any(is->insn,match_bl_blximm)) {
is               4164 tools/finsig_thumb2.c         adr=get_branch_call_insn_target(fw,is);
is               4171 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               4172 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,40,"TakeSemaphoreStrictly")) {
is               4177 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,12,2,match_b_bl_blximm)) {
is               4182 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               4190 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,64,match_loop)) {
is               4194 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,2,match_bl_blximm)) {
is               4199 tools/finsig_thumb2.c     adr=get_branch_call_insn_target(fw,is);
is               4201 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr);
is               4207 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,1,match_ldr_r0_ret)) {
is               4214 tools/finsig_thumb2.c int sig_match_zoom_busy(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4216 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4220 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_bl_blximm)) {
is               4225 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               4227 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_ldr_pc)) {
is               4231 tools/finsig_thumb2.c     uint32_t base=LDR_PC2val(fw,is->insn);
is               4232 tools/finsig_thumb2.c     arm_reg rb=is->insn->detail->arm.operands[0].reg;
is               4235 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,40,"TakeSemaphoreStrictly")) {
is               4239 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4244 tools/finsig_thumb2.c     if(is->insn->id != ARM_INS_LDR
is               4245 tools/finsig_thumb2.c         || is->insn->detail->arm.operands[0].reg != ARM_REG_R0
is               4246 tools/finsig_thumb2.c         || is->insn->detail->arm.operands[1].mem.base != rb) {
is               4250 tools/finsig_thumb2.c     save_misc_val(rule->name,base,is->insn->detail->arm.operands[1].mem.disp,(uint32_t)is->insn->address);
is               4254 tools/finsig_thumb2.c int sig_match_focus_busy(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4256 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4260 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,40,"TakeSemaphore")) {
is               4265 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_bl_blximm)) {
is               4270 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               4272 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_ldr_pc)) {
is               4276 tools/finsig_thumb2.c     uint32_t base=LDR_PC2val(fw,is->insn);
is               4277 tools/finsig_thumb2.c     arm_reg rb=is->insn->detail->arm.operands[0].reg;
is               4280 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,50,"TakeSemaphoreStrictly")) {
is               4289 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,10,match_ldr)) {
is               4294 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,1));
is               4295 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               4297 tools/finsig_thumb2.c     if(is->insn->detail->arm.operands[1].mem.base != rb) {
is               4301 tools/finsig_thumb2.c     save_misc_val(rule->name,base,is->insn->detail->arm.operands[1].mem.disp,(uint32_t)is->insn->address);
is               4304 tools/finsig_thumb2.c int sig_match_aram_size(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4306 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4315 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,15,match_ldr_r0_sp_cmp)) {
is               4319 tools/finsig_thumb2.c     uint32_t val=is->insn->detail->arm.operands[1].imm;
is               4323 tools/finsig_thumb2.c     save_misc_val(rule->name,val,0,(uint32_t)is->insn->address);
is               4327 tools/finsig_thumb2.c int sig_match_aram_size_gt58(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4329 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4344 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,15,match_ldrd_r0r1_mov)) {
is               4345 tools/finsig_thumb2.c         init_disasm_sig_ref(fw,is,rule); // reset to start
is               4346 tools/finsig_thumb2.c         if(!insn_match_find_next_seq(fw,is,15,match_ldrd_r2r1_mov)) {
is               4351 tools/finsig_thumb2.c     uint32_t val=is->insn->detail->arm.operands[1].imm;
is               4355 tools/finsig_thumb2.c     save_misc_val(rule->name,val,0,(uint32_t)is->insn->address);
is               4359 tools/finsig_thumb2.c int sig_match_aram_start(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4361 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4365 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,50,"DebugAssert")) {
is               4375 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,15,match_cmp_bne_ldr)) {
is               4379 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               4381 tools/finsig_thumb2.c         printf("sig_match_aram_start: no match LDR PC 0x%"PRIx64"\n",is->insn->address);
is               4385 tools/finsig_thumb2.c     save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address);
is               4389 tools/finsig_thumb2.c int sig_match_aram_start2(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4394 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4398 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,60,"DebugAssert")) {
is               4409 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,15,match_cmp_bne_ldr)) {
is               4413 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               4415 tools/finsig_thumb2.c         printf("sig_match_aram_start2: no match LDR PC 0x%"PRIx64"\n",is->insn->address);
is               4419 tools/finsig_thumb2.c     save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address);
is               4423 tools/finsig_thumb2.c int sig_match_icache_flush_range(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4425 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4429 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,60,"DebugAssert")) {
is               4433 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,44,"dcache_flush_range")) {
is               4437 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,5,match_bl_blximm)) {
is               4438 tools/finsig_thumb2.c         printf("sig_icache_flush_range: bl match failed at 0x%"PRIx64"\n",is->insn->address);
is               4441 tools/finsig_thumb2.c     return save_sig_with_j(fw,rule->name,get_branch_call_insn_target(fw,is));
is               4444 tools/finsig_thumb2.c int sig_match__nrflag(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4446 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4449 tools/finsig_thumb2.c     uint32_t fadr=is->adr;
is               4456 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,4,match_cmp_b) || is->insn->detail->arm.cc == ARM_CC_AL) {
is               4461 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               4462 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4467 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               4469 tools/finsig_thumb2.c         printf("sig_match__nrflag: no match LDR PC 0x%"PRIx64"\n",is->insn->address);
is               4472 tools/finsig_thumb2.c     arm_reg reg_base = is->insn->detail->arm.operands[0].reg; // reg value was loaded into
is               4473 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4478 tools/finsig_thumb2.c     if(isADDx_imm(is->insn) || isSUBx_imm(is->insn)) {
is               4479 tools/finsig_thumb2.c         if((arm_reg)is->insn->detail->arm.operands[0].reg != reg_base) {
is               4483 tools/finsig_thumb2.c         if(isADDx_imm(is->insn)) {
is               4484 tools/finsig_thumb2.c             adr+=is->insn->detail->arm.operands[1].imm;
is               4486 tools/finsig_thumb2.c             adr-=is->insn->detail->arm.operands[1].imm;
is               4488 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               4493 tools/finsig_thumb2.c     if(is->insn->id != ARM_INS_STR || (arm_reg)is->insn->detail->arm.operands[1].reg != reg_base) {
is               4497 tools/finsig_thumb2.c     uint32_t disp = is->insn->detail->arm.operands[1].mem.disp;
is               4505 tools/finsig_thumb2.c int sig_match_var_struct_get(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4507 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4510 tools/finsig_thumb2.c     uint32_t fadr=is->adr;
is               4512 tools/finsig_thumb2.c     if(!find_and_get_var_ldr(fw, is, 1, 4, ARM_REG_R0, &desc)) {
is               4516 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4521 tools/finsig_thumb2.c     if(!insn_match(is->insn,match_bxlr)) {
is               4533 tools/finsig_thumb2.c int sig_match_ui_mem_func_ptr(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4535 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4538 tools/finsig_thumb2.c     uint32_t fadr=is->adr;
is               4540 tools/finsig_thumb2.c     if(!find_and_get_var_ldr(fw, is, 1, 4, ARM_REG_R1, &desc)) {
is               4544 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4554 tools/finsig_thumb2.c     if(!insn_match(is->insn,match_bx_r1)) {
is               4563 tools/finsig_thumb2.c int sig_match_func_ptr_val(firmware *fw, __attribute__ ((unused))iter_state_t *is, sig_rule_t *rule)
is               4577 tools/finsig_thumb2.c int sig_match_av_over_sem(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4584 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4587 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,30,"TakeSemaphore")) {
is               4588 tools/finsig_thumb2.c         printf("sig_match_av_over_sem: no match TakeSemaphore at 0x%"PRIx64"\n",is->insn->address);
is               4593 tools/finsig_thumb2.c     disasm_iter_init(fw,is,adr_hist_get(&is->ah,5));
is               4595 tools/finsig_thumb2.c     if(!find_and_get_var_ldr(fw, is, 3, 4, ARM_REG_R0, &desc)) {
is               4596 tools/finsig_thumb2.c         printf("sig_match_av_over_sem: no match ldr at 0x%"PRIx64"\n",is->insn->address);
is               4600 tools/finsig_thumb2.c     save_misc_val(rule->name,desc.adr_adj,desc.off,(uint32_t)is->insn->address);
is               4604 tools/finsig_thumb2.c int sig_match_canon_menu_active(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4606 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4610 tools/finsig_thumb2.c     if(!find_and_get_var_ldr(fw, is, 2, 4, ARM_REG_R0, &desc)) {
is               4611 tools/finsig_thumb2.c         printf("sig_match_canon_menu_active: no match ldr at 0x%"PRIx64"\n",is->insn->address);
is               4614 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4618 tools/finsig_thumb2.c     if(is->insn->id != ARM_INS_CMP) {
is               4619 tools/finsig_thumb2.c         printf("sig_match_canon_menu_active: no match cmp at 0x%"PRIx64"\n",is->insn->address);
is               4622 tools/finsig_thumb2.c     save_misc_val(rule->name,desc.adr_adj,desc.off,(uint32_t)is->insn->address);
is               4626 tools/finsig_thumb2.c int sig_match_file_counter_init(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4628 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4632 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               4637 tools/finsig_thumb2.c     if(check_simple_func(fw,get_branch_call_insn_target(fw,is),MATCH_SIMPLE_FUNC_NULLSUB,NULL)) {
is               4638 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               4644 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               4645 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,3,match_bl_blximm)) {
is               4649 tools/finsig_thumb2.c     uint32_t fadr = get_branch_call_insn_target(fw,is);
is               4651 tools/finsig_thumb2.c     disasm_iter_init(fw,is,fadr);
is               4652 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4657 tools/finsig_thumb2.c     if(!isLDR_PC(is->insn)) {
is               4664 tools/finsig_thumb2.c int sig_match_file_counter_var(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4666 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4669 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               4674 tools/finsig_thumb2.c     if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) {
is               4682 tools/finsig_thumb2.c     save_misc_val(rule->name,adr,0,(uint32_t)is->insn->address);
is               4686 tools/finsig_thumb2.c int sig_match_palette_vars(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4688 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4691 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,70,"transfer_src_overlay")) {
is               4699 tools/finsig_thumb2.c         if(!fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i))) {
is               4703 tools/finsig_thumb2.c         fadr=get_branch_call_insn_target(fw,fw->is);
is               4709 tools/finsig_thumb2.c         printf("sig_match_palette_vars: no match bl 1 0x%"PRIx64"\n",fw->is->insn->address);
is               4713 tools/finsig_thumb2.c     disasm_iter_init(fw,is,fadr);
is               4715 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,3,match_bl)) {
is               4716 tools/finsig_thumb2.c         printf("sig_match_palette_vars: no match bl 2 0x%"PRIx64"\n",is->insn->address);
is               4720 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               4722 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,3,match_ldr_pc)) {
is               4723 tools/finsig_thumb2.c         printf("sig_match_palette_vars: no match ldr pc 0x%"PRIx64"\n",is->insn->address);
is               4727 tools/finsig_thumb2.c     uint32_t pal_base=LDR_PC2val(fw,is->insn);
is               4729 tools/finsig_thumb2.c         printf("sig_match_palette_vars: bad LDR PC 0x%"PRIx64"\n",is->insn->address);
is               4733 tools/finsig_thumb2.c     arm_reg ptr_reg = is->insn->detail->arm.operands[0].reg;
is               4735 tools/finsig_thumb2.c     save_misc_val(rule->name,pal_base,0,(uint32_t)is->insn->address);
is               4740 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               4744 tools/finsig_thumb2.c         if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].mem.base == ptr_reg) {
is               4747 tools/finsig_thumb2.c                         is->insn->detail->arm.operands[1].mem.disp,
is               4748 tools/finsig_thumb2.c                         (uint32_t)is->insn->address);
is               4754 tools/finsig_thumb2.c         printf("sig_match_palette_vars: no match active_palette_buffer 0x%"PRIx64"\n",is->insn->address);
is               4758 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,20,"PTM_RestoreUIProperty_FW")) {
is               4764 tools/finsig_thumb2.c         if(!disasm_iter(fw,is)) {
is               4768 tools/finsig_thumb2.c         if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].mem.base == ptr_reg) {
is               4771 tools/finsig_thumb2.c                         is->insn->detail->arm.operands[1].mem.disp,
is               4772 tools/finsig_thumb2.c                         (uint32_t)is->insn->address);
is               4776 tools/finsig_thumb2.c     printf("sig_match_palette_vars: no match palette_buffer_ptr 0x%"PRIx64"\n",is->insn->address);
is               4780 tools/finsig_thumb2.c int sig_match_live_free_cluster_count(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4782 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4787 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,22,3,match_bl_blximm)) {
is               4788 tools/finsig_thumb2.c         printf("sig_match_live_free_cluster_count: no match bl1 0x%"PRIx64"\n",is->insn->address);
is               4792 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               4794 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,20,"get_fstype")) {
is               4795 tools/finsig_thumb2.c         printf("sig_match_live_free_cluster_count: no get_fstype 0x%"PRIx64"\n",is->insn->address);
is               4800 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,12,2,match_bl_blximm)) {
is               4801 tools/finsig_thumb2.c         printf("sig_match_live_free_cluster_count: no match bl2 0x%"PRIx64"\n",is->insn->address);
is               4806 tools/finsig_thumb2.c     disasm_iter_init(fw,is,get_branch_call_insn_target(fw,is));
is               4809 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,3,match_ldr_pc)) {
is               4810 tools/finsig_thumb2.c         printf("sig_match_live_free_cluster_count: no match ldr1 0x%"PRIx64"\n",is->insn->address);
is               4814 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,3,match_ldr_pc)) {
is               4815 tools/finsig_thumb2.c         printf("sig_match_live_free_cluster_count: no match ldr2 0x%"PRIx64"\n",is->insn->address);
is               4818 tools/finsig_thumb2.c     uint32_t base = LDR_PC2val(fw,is->insn);
is               4820 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,16,"takesemaphore_low")) {
is               4821 tools/finsig_thumb2.c         printf("sig_match_live_free_cluster_count: no takesemaphore_low 0x%"PRIx64"\n",is->insn->address);
is               4830 tools/finsig_thumb2.c     if(!insn_match_find_next_seq(fw,is,50,match_ldr_ldrd)) {
is               4831 tools/finsig_thumb2.c         printf("sig_match_live_free_cluster_count: no match ldrd 0x%"PRIx64"\n",is->insn->address);
is               4835 tools/finsig_thumb2.c     save_misc_val(rule->name,base,is->insn->detail->arm.operands[2].mem.disp + 4,(uint32_t)is->insn->address);
is               4840 tools/finsig_thumb2.c int sig_match_debug_logging_ptr(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4842 tools/finsig_thumb2.c     uint32_t call_adr = find_str_arg_call(fw,is,rule);
is               4848 tools/finsig_thumb2.c     arm_reg call_reg = is->insn->detail->arm.operands[0].reg;
is               4853 tools/finsig_thumb2.c         fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i));
is               4854 tools/finsig_thumb2.c         cs_insn *insn=fw->is->insn;
is               4864 tools/finsig_thumb2.c             fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i));
is               4865 tools/finsig_thumb2.c             uint32_t adr = LDR_PC2val(fw,fw->is->insn);
is               4866 tools/finsig_thumb2.c             if(!adr || (arm_reg)fw->is->insn->detail->arm.operands[0].reg != base_reg) {
is               4867 tools/finsig_thumb2.c                 printf("sig_match_debug_logging_ptr: no match ldr2 0x%x 0x%"PRIx64"\n",adr,fw->is->insn->address);
is               4870 tools/finsig_thumb2.c             save_misc_val(rule->name,adr + disp,disp,(uint32_t)fw->is->insn->address);
is               4873 tools/finsig_thumb2.c         printf("sig_match_debug_logging_ptr: reg clobbered 0x%"PRIx64"\n",fw->is->insn->address);
is               4876 tools/finsig_thumb2.c     printf("sig_match_debug_logging_ptr: no match ldr 0x%"PRIx64"\n",fw->is->insn->address);
is               4880 tools/finsig_thumb2.c int sig_match_debug_logging_flag(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4882 tools/finsig_thumb2.c     if(!find_str_arg_call(fw,is,rule)) {
is               4886 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,8,match_ldr_pc)) {
is               4887 tools/finsig_thumb2.c         printf("sig_match_debug_logging_flag: no match ldr pc 0x%"PRIx64"\n",is->insn->address);
is               4890 tools/finsig_thumb2.c     uint32_t adr = LDR_PC2val(fw,is->insn);
is               4891 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4895 tools/finsig_thumb2.c     arm_reg base_reg = (arm_reg)is->insn->detail->arm.operands[1].reg;
is               4896 tools/finsig_thumb2.c     uint32_t ref_adr = (uint32_t)is->insn->address;
is               4898 tools/finsig_thumb2.c         if(is->insn->id != ARM_INS_LDRB) {
is               4899 tools/finsig_thumb2.c             printf("sig_match_debug_logging_flag: no match ldrb 0x%"PRIx64"\n",is->insn->address);
is               4903 tools/finsig_thumb2.c         if(is->insn->id != ARM_INS_LDR) {
is               4904 tools/finsig_thumb2.c             printf("sig_match_debug_logging_flag: no match ldr 0x%"PRIx64"\n",is->insn->address);
is               4908 tools/finsig_thumb2.c     if((arm_reg)is->insn->detail->arm.operands[1].reg != base_reg) {
is               4909 tools/finsig_thumb2.c         printf("sig_match_debug_logging_flag: no match reg 0x%"PRIx64"\n",is->insn->address);
is               4912 tools/finsig_thumb2.c     int disp = (arm_reg)is->insn->detail->arm.operands[1].mem.disp;
is               4913 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4917 tools/finsig_thumb2.c     if(is->insn->id != ARM_INS_LSL) {
is               4924 tools/finsig_thumb2.c int sig_match_mzrm_sendmsg_ret_adr(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4926 tools/finsig_thumb2.c     if(!find_str_arg_call(fw,is,rule)) {
is               4930 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4935 tools/finsig_thumb2.c     save_misc_val(rule->name,(uint32_t)is->insn->address | is->thumb,0,0);
is               4939 tools/finsig_thumb2.c int sig_match_fw_yuv_layer_buf_52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4941 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4945 tools/finsig_thumb2.c     if(!find_next_sig_call_ex(fw,is,54,"get_displaytype",FIND_SIG_CALL_NO_UNK_VENEER)) {
is               4949 tools/finsig_thumb2.c     printf("match get_displaytype 0x%"PRIx64"\n",is->insn->address);
is               4950 tools/finsig_thumb2.c     if(!insn_match_find_nth(fw,is,14,2,match_bl_blximm)) {
is               4954 tools/finsig_thumb2.c     printf("match 0x%"PRIx64"\n",is->insn->address);
is               4957 tools/finsig_thumb2.c     if ((get_call_const_args(fw,is,8,regs)&2)!=2) {
is               4961 tools/finsig_thumb2.c     save_misc_val(rule->name,regs[1],0,(uint32_t)fw->is->insn->address); // fw is has backtracked address
is               4965 tools/finsig_thumb2.c int sig_match_fw_yuv_layer_buf_gt52(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4967 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4970 tools/finsig_thumb2.c     if(!find_next_sig_call(fw,is,170,"DebugAssert")) {
is               4974 tools/finsig_thumb2.c     if(!insn_match_find_next(fw,is,12,match_bl_blximm)) {
is               4980 tools/finsig_thumb2.c     if ((get_call_const_args(fw,is,8,regs)&2)!=2) {
is               4984 tools/finsig_thumb2.c     save_misc_val(rule->name,regs[1],0,(uint32_t)fw->is->insn->address); // fw is has backtracked address
is               4988 tools/finsig_thumb2.c int sig_match_rom_ptr_get(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               4990 tools/finsig_thumb2.c     if(!init_disasm_sig_ref(fw,is,rule)) {
is               4993 tools/finsig_thumb2.c     uint32_t fadr=is->adr;
is               4994 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               4998 tools/finsig_thumb2.c     uint32_t adr=LDR_PC2val(fw,is->insn);
is               5000 tools/finsig_thumb2.c         printf("sig_match_rom_ptr_get: no match LDR PC 0x%"PRIx64"\n",is->insn->address);
is               5003 tools/finsig_thumb2.c     if(is->insn->detail->arm.operands[0].reg != ARM_REG_R0) {
is               5007 tools/finsig_thumb2.c     if(!disasm_iter(fw,is)) {
is               5012 tools/finsig_thumb2.c     if(!insn_match(is->insn,match_bxlr)) {
is               5023 tools/finsig_thumb2.c uint32_t find_call_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               5058 tools/finsig_thumb2.c     disasm_iter_init(fw,is,(ADR_ALIGN4(search_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               5059 tools/finsig_thumb2.c     while(fw_search_insn(fw,is,search_disasm_const_ref,str_adr,NULL,search_adr+SEARCH_NEAR_REF_RANGE)) {
is               5065 tools/finsig_thumb2.c                 fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i));
is               5066 tools/finsig_thumb2.c                 if(insn_match_any(fw->is->insn,insn_match)) {
is               5070 tools/finsig_thumb2.c                     return iter_state_adr(fw->is);
is               5074 tools/finsig_thumb2.c             if(insn_match_find_nth(fw,is,max_insns,n,insn_match)) {
is               5075 tools/finsig_thumb2.c                 return iter_state_adr(is);
is               5084 tools/finsig_thumb2.c int sig_match_near_str(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               5088 tools/finsig_thumb2.c         uint32_t call_adr = find_call_near_str(fw,is,rule);
is               5101 tools/finsig_thumb2.c uint32_t find_str_arg_call(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               5124 tools/finsig_thumb2.c         disasm_iter_init(fw,is,(ADR_ALIGN4(str_adr) - SEARCH_NEAR_REF_RANGE) | fw->thumb_default); // reset to a bit before where the string was found
is               5125 tools/finsig_thumb2.c         uint32_t call_adr = find_const_ref_match(fw, is, SEARCH_NEAR_REF_RANGE*2, 8, reg, str_adr, match, FIND_CONST_REF_MATCH_ANY);
is               5135 tools/finsig_thumb2.c int sig_match_str_arg_call(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               5137 tools/finsig_thumb2.c     uint32_t call_adr = find_str_arg_call(fw,is,rule);
is               5144 tools/finsig_thumb2.c int sig_match_prop_string(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               5146 tools/finsig_thumb2.c     uint32_t call_adr = find_call_near_str(fw, is, rule);
is               5152 tools/finsig_thumb2.c     disasm_iter_init(fw,is,call_adr);
is               5153 tools/finsig_thumb2.c     disasm_iter(fw,is);
is               5157 tools/finsig_thumb2.c     if (is_sig_call(fw,is,"GetPropertyCase")) {
is               5168 tools/finsig_thumb2.c     disasm_iter_init(fw,is,call_adr - hl*4);
is               5170 tools/finsig_thumb2.c     while (is->adr < call_adr) {
is               5171 tools/finsig_thumb2.c         if (!disasm_iter(fw,is))
is               5172 tools/finsig_thumb2.c             disasm_iter_init(fw,is,(is->adr | is->thumb)+2);
is               5176 tools/finsig_thumb2.c     if ((get_call_const_args(fw,is,hl,regs)&(1<<myreg))==(1<<myreg)) {
is               5196 tools/finsig_thumb2.c     if(insn_match_any(fw->is->insn,match_mov_r0_imm)) {
is               5199 tools/finsig_thumb2.c     if(isRETx(fw->is->insn)) {
is               5216 tools/finsig_thumb2.c int sig_match_named_last(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               5225 tools/finsig_thumb2.c     disasm_iter_init(fw,is,ref_adr);
is               5226 tools/finsig_thumb2.c     if(is_immediate_ret_sub(fw,is)) {
is               5230 tools/finsig_thumb2.c     uint32_t fadr = find_last_call_from_func(fw,is,min,max);
is               5278 tools/finsig_thumb2.c int sig_match_named(firmware *fw, iter_state_t *is, sig_rule_t *rule)
is               5312 tools/finsig_thumb2.c     disasm_iter_init(fw,is,ref_adr);
is               5314 tools/finsig_thumb2.c     if(is_immediate_ret_sub(fw,is)) {
is               5322 tools/finsig_thumb2.c             if(!disasm_iter(fw,is)) {
is               5323 tools/finsig_thumb2.c                 printf("sig_match_named: disasm failed %s 0x%08x\n",rule->name,(uint32_t)is->insn->address);
is               5327 tools/finsig_thumb2.c         return sig_match_named_save_sig(fw,rule->name,iter_state_adr(is),sig_flags);
is               5331 tools/finsig_thumb2.c     if(insn_match_find_nth(fw,is,15 + sig_nth_range*sig_nth,sig_nth,insn_match)) {
is               5332 tools/finsig_thumb2.c         uint32_t adr = B_BL_BLXimm_target(fw,is->insn);
is               5335 tools/finsig_thumb2.c             if(is->insn->id == ARM_INS_BLX) {
is               5337 tools/finsig_thumb2.c                 if(!is->thumb) {
is               5342 tools/finsig_thumb2.c                 adr |= is->thumb;
is               5796 tools/finsig_thumb2.c     iter_state_t *is=disasm_iter_new(fw,0);
is               5804 tools/finsig_thumb2.c         rule->match_fn(fw,is,rule);
is               5808 tools/finsig_thumb2.c     disasm_iter_free(is);
is               5825 tools/finsig_thumb2.c     uint32_t b_adr=get_direct_jump_target(fw,fw->is);
is               5837 tools/finsig_thumb2.c int process_reg_eventproc_call(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t unused) {
is               5840 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,4,regs)&3)==3) {
is               5848 tools/finsig_thumb2.c             printf("eventproc name not string at 0x%"PRIx64"\n",is->insn->address);
is               5855 tools/finsig_thumb2.c         uint64_t adr = is->insn->address;
is               5856 tools/finsig_thumb2.c         uint32_t adr_thumb = is->thumb;
is               5861 tools/finsig_thumb2.c         disasm_iter_init(fw,is,adr_hist_get(&is->ah,10));
is               5864 tools/finsig_thumb2.c             if (!disasm_iter(fw,is)) break;
is               5865 tools/finsig_thumb2.c             if (is->insn->address >= adr) break;
is               5866 tools/finsig_thumb2.c             if (is->insn->id == ARM_INS_LDR && is->insn->detail->arm.operands[1].type == ARM_OP_MEM) {
is               5867 tools/finsig_thumb2.c                 uint32_t u = LDR_PC2val(fw,is->insn);
is               5869 tools/finsig_thumb2.c                     ar = is->insn->detail->arm.operands[0].reg;
is               5877 tools/finsig_thumb2.c             if (!disasm_iter(fw,is)) break;
is               5878 tools/finsig_thumb2.c             if (is->insn->address >= adr) break;
is               5879 tools/finsig_thumb2.c             if (is->insn->id == ARM_INS_ADD && is->insn->detail->arm.operands[1].reg == ar) {
is               5911 tools/finsig_thumb2.c         disasm_iter_init(fw,is,adr | adr_thumb);
is               5912 tools/finsig_thumb2.c         disasm_iter(fw,is);
is               5918 tools/finsig_thumb2.c int process_eventproc_table_call(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t unused) {
is               5922 tools/finsig_thumb2.c     foundr0 = get_call_const_args(fw,is,4,regs) & 1;
is               5925 tools/finsig_thumb2.c         uint32_t ca = iter_state_adr(is);
is               5926 tools/finsig_thumb2.c         uint32_t sa = adr_hist_get(&is->ah,2);
is               5927 tools/finsig_thumb2.c         uint32_t ta = adr_hist_get(&is->ah,8);
is               5928 tools/finsig_thumb2.c         disasm_iter_set(fw,is,ta);
is               5932 tools/finsig_thumb2.c             disasm_iter(fw,is);
is               5936 tools/finsig_thumb2.c         uint32_t adr2 = get_branch_call_insn_target(fw,fw->is);
is               5937 tools/finsig_thumb2.c         if (fw->is->insn->id == ARM_INS_BLX && adr1 == adr2) {
is               5938 tools/finsig_thumb2.c             foundr0 = get_call_const_args(fw,is,8-2,regs) & 2;
is               5945 tools/finsig_thumb2.c         disasm_iter_init(fw,is,ca);
is               5946 tools/finsig_thumb2.c         disasm_iter(fw,is);
is               5969 tools/finsig_thumb2.c             printf("failed to get *EventProcTable arg 0x%08x at 0x%"PRIx64"\n",regs[0],is->insn->address);
is               5972 tools/finsig_thumb2.c         printf("failed to get *EventProcTable r0 at 0x%"PRIx64"\n",is->insn->address);
is               5977 tools/finsig_thumb2.c int process_createtask_call(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t unused) {
is               5981 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,10,regs)&9)==9) {
is               5990 tools/finsig_thumb2.c             printf("task name name not string at 0x%"PRIx64"\n",is->insn->address);
is               5993 tools/finsig_thumb2.c         printf("failed to get CreateTask args at 0x%"PRIx64"\n",is->insn->address);
is               6014 tools/finsig_thumb2.c int process_add_ptp_handler_call(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t unused) {
is               6017 tools/finsig_thumb2.c     if((get_call_const_args(fw,is,8,regs)&3)==3) {
is               6020 tools/finsig_thumb2.c             printf("add_ptp_handler op 0x%08x out of range 0x%"PRIx64"\n",regs[0],is->insn->address);
is               6029 tools/finsig_thumb2.c             fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i));
is               6030 tools/finsig_thumb2.c             cs_insn *insn=fw->is->insn;
is               6046 tools/finsig_thumb2.c             printf("failed to get add_ptp_handler args at 0x%"PRIx64"\n",is->insn->address);
is               6053 tools/finsig_thumb2.c             fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i));
is               6054 tools/finsig_thumb2.c             cs_insn *insn=fw->is->insn;
is               6070 tools/finsig_thumb2.c             printf("failed to get ptp handler table adr at 0x%"PRIx64"\n",is->insn->address);
is               6126 tools/finsig_thumb2.c void find_exception_handlers(firmware *fw, iter_state_t *is)
is               6137 tools/finsig_thumb2.c         disasm_iter_init(fw, is, fw->base + fw->main_offs + 12 + fw->thumb_default);
is               6138 tools/finsig_thumb2.c         if(!insn_match_find_next(fw,is,4,match_mcr_vbar)) {
is               6142 tools/finsig_thumb2.c         disasm_iter_init(fw, is, adr_hist_get(&is->ah,1));
is               6143 tools/finsig_thumb2.c         disasm_iter(fw, is);
is               6145 tools/finsig_thumb2.c         ex_vec  = LDR_PC2val(fw,is->insn);
is               6153 tools/finsig_thumb2.c     disasm_iter_init(fw, is, ex_vec);
is               6154 tools/finsig_thumb2.c     disasm_iter(fw, is);
is               6167 tools/finsig_thumb2.c     uint32_t addr=LDR_PC2val(fw,is->insn);
is               6168 tools/finsig_thumb2.c     if(!addr && is->insn->id == ARM_INS_B) {
is               6169 tools/finsig_thumb2.c         addr=get_branch_call_insn_target(fw,is);
is               6175 tools/finsig_thumb2.c     disasm_iter_init(fw, is, ADR_SET_THUMB(ex_vec + 4));
is               6178 tools/finsig_thumb2.c         disasm_iter(fw, is);
is               6181 tools/finsig_thumb2.c         addr=LDR_PC2val(fw,is->insn);
is               6214 tools/finsig_thumb2.c     iter_state_t *is=disasm_iter_new(fw,0);
is               6215 tools/finsig_thumb2.c     disasm_iter_init(fw,is,fw->rom_code_search_min_adr | fw->thumb_default); // reset to start of fw
is               6216 tools/finsig_thumb2.c     fw_search_insn(fw,is,search_disasm_calls_multi,0,match_fns,0);
is               6223 tools/finsig_thumb2.c         disasm_iter_init(fw,is,fw->adr_ranges[i].start | fw->thumb_default); // reset to start of range
is               6225 tools/finsig_thumb2.c         fw_search_insn(fw,is,search_disasm_calls_veneer_multi,0,match_fns,0);
is               6228 tools/finsig_thumb2.c     find_exception_handlers(fw,is);
is               6230 tools/finsig_thumb2.c     disasm_iter_free(is);
is               7250 tools/finsig_thumb2.c                 if(get_direct_jump_target(fw,fw->is) == sig->val) {
is               7254 tools/finsig_thumb2.c                     if(get_direct_jump_target(fw,fw->is) == ostub2->val) {
is                855 tools/firmware_load_ng.c int get_TBx_PC_info(firmware *fw,iter_state_t *is, tbx_info_t *ti)
is                857 tools/firmware_load_ng.c     if(!(is->insn->id == ARM_INS_TBH || is->insn->id == ARM_INS_TBB) || is->insn->detail->arm.operands[0].mem.base != ARM_REG_PC) {
is                860 tools/firmware_load_ng.c     ti->start=(uint32_t)is->adr; // after current instruction
is                862 tools/firmware_load_ng.c     ti->bytes=(is->insn->id == ARM_INS_TBH)?2:1;
is                871 tools/firmware_load_ng.c     arm_reg i_reg=is->insn->detail->arm.operands[0].mem.index;
is                877 tools/firmware_load_ng.c     if(is->ah.count - 1 < max_backtrack) {
is                878 tools/firmware_load_ng.c         max_backtrack = is->ah.count-1;
is                885 tools/firmware_load_ng.c         fw_disasm_iter_single(fw,adr_hist_get(&is->ah,i)); // thumb state comes from hist
is                886 tools/firmware_load_ng.c         if(fw->is->insn->id == ARM_INS_B && fw->is->insn->detail->arm.cc == ARM_CC_HS) {
is                891 tools/firmware_load_ng.c         if(found_bhs && fw->is->insn->id == ARM_INS_CMP) {
is                893 tools/firmware_load_ng.c             if((arm_reg)fw->is->insn->detail->arm.operands[0].reg == i_reg
is                894 tools/firmware_load_ng.c                 || fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM) {
is                895 tools/firmware_load_ng.c                 max_count = fw->is->insn->detail->arm.operands[1].imm;
is                954 tools/firmware_load_ng.c     iter_state_t *is=(iter_state_t *)malloc(sizeof(iter_state_t));
is                957 tools/firmware_load_ng.c     is->insn=cs_malloc(fw->cs_handle_arm);
is                958 tools/firmware_load_ng.c     disasm_iter_init(fw,is,adr);
is                959 tools/firmware_load_ng.c     return is;
is                963 tools/firmware_load_ng.c void disasm_iter_free(iter_state_t *is)
is                965 tools/firmware_load_ng.c     cs_free(is->insn,1);
is                966 tools/firmware_load_ng.c     free(is);
is                972 tools/firmware_load_ng.c int disasm_iter_set(firmware *fw, iter_state_t *is, uint32_t adr)
is                976 tools/firmware_load_ng.c         is->cs_handle=fw->cs_handle_thumb;
is                977 tools/firmware_load_ng.c         is->thumb=1;
is                978 tools/firmware_load_ng.c         is->insn_min_size=2;
is                981 tools/firmware_load_ng.c         is->cs_handle=fw->cs_handle_arm;
is                982 tools/firmware_load_ng.c         is->thumb=0;
is                983 tools/firmware_load_ng.c         is->insn_min_size=4;
is                986 tools/firmware_load_ng.c             is->code=NULL;
is                987 tools/firmware_load_ng.c             is->size=0;
is                988 tools/firmware_load_ng.c             is->adr=0;
is                996 tools/firmware_load_ng.c         is->code=NULL; // make first iter fail
is                997 tools/firmware_load_ng.c         is->size=0;
is                998 tools/firmware_load_ng.c         is->adr=0;
is               1002 tools/firmware_load_ng.c     is->code=p;
is               1003 tools/firmware_load_ng.c     is->size=fw->size8 - (p-fw->buf8);
is               1004 tools/firmware_load_ng.c     is->adr=adr;
is               1009 tools/firmware_load_ng.c int disasm_iter_init(__attribute__ ((unused))firmware *fw, iter_state_t *is, uint32_t adr)
is               1011 tools/firmware_load_ng.c     adr_hist_reset(&is->ah);
is               1012 tools/firmware_load_ng.c     return disasm_iter_set(fw,is,adr);
is               1018 tools/firmware_load_ng.c int disasm_iter(__attribute__ ((unused))firmware *fw, iter_state_t *is)
is               1021 tools/firmware_load_ng.c     if(!is->code) {
is               1024 tools/firmware_load_ng.c     adr_hist_add(&is->ah,(uint32_t)is->adr | is->thumb); // record thumb state to allow backtracking through state changes
is               1025 tools/firmware_load_ng.c     return cs_disasm_iter(is->cs_handle, &is->code, &is->size, &is->adr, is->insn);
is               1032 tools/firmware_load_ng.c int disasm_iter_redo(firmware *fw,iter_state_t *is) {
is               1033 tools/firmware_load_ng.c     if(!is->code || !is->ah.count) {
is               1036 tools/firmware_load_ng.c     is->code -= is->insn->size;
is               1037 tools/firmware_load_ng.c     is->adr -= is->insn->size;
is               1038 tools/firmware_load_ng.c     is->size += is->insn->size;
is               1040 tools/firmware_load_ng.c     return cs_disasm_iter(is->cs_handle, &is->code, &is->size, &is->adr, is->insn);
is               1051 tools/firmware_load_ng.c     return disasm_iter_init(fw,fw->is,adr);
is               1057 tools/firmware_load_ng.c     return disasm_iter(fw,fw->is);
is               1096 tools/firmware_load_ng.c uint32_t fw_search_insn(firmware *fw, iter_state_t *is, search_insn_fn f, uint32_t v1, void *udata, uint32_t adr_end)
is               1098 tools/firmware_load_ng.c     uint32_t adr_start=is->adr;
is               1110 tools/firmware_load_ng.c             adr_end=r_start->start + r_start->bytes - is->insn_min_size;
is               1131 tools/firmware_load_ng.c             if(disasm_iter(fw,is)) {
is               1132 tools/firmware_load_ng.c                 uint32_t r=f(fw,is,v1,udata);
is               1136 tools/firmware_load_ng.c                 adr=(uint32_t)is->adr; // adr was updated by iter or called sub
is               1140 tools/firmware_load_ng.c                 adr=adr+is->insn_min_size;
is               1141 tools/firmware_load_ng.c                 if(!disasm_iter_init(fw,is,adr|is->thumb)) {
is               1162 tools/firmware_load_ng.c             if(!disasm_iter_init(fw,is,(uint32_t)adr | is->thumb)) {
is               1169 tools/firmware_load_ng.c             if(disasm_iter(fw,is)) {
is               1170 tools/firmware_load_ng.c                 uint32_t r=f(fw,is,v1,udata);
is               1174 tools/firmware_load_ng.c                 adr=(uint32_t)is->adr; // adr was updated by iter or called sub
is               1178 tools/firmware_load_ng.c                 adr=adr+is->insn_min_size;
is               1179 tools/firmware_load_ng.c                 if(!disasm_iter_init(fw,is,adr|is->thumb)) {
is               1194 tools/firmware_load_ng.c uint32_t search_disasm_const_ref(firmware *fw, iter_state_t *is, uint32_t val, __attribute__ ((unused))void *unused)
is               1197 tools/firmware_load_ng.c     uint32_t av=ADRx2adr(fw,is->insn);
is               1201 tools/firmware_load_ng.c             return (uint32_t)is->insn->address;
is               1205 tools/firmware_load_ng.c     uint32_t *pv=LDR_PC2valptr(fw,is->insn);
is               1209 tools/firmware_load_ng.c             return (uint32_t)is->insn->address;
is               1216 tools/firmware_load_ng.c uint32_t search_disasm_str_ref(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t val, void *udata)
is               1220 tools/firmware_load_ng.c     uint32_t av=ADRx2adr(fw,is->insn);
is               1225 tools/firmware_load_ng.c             return (uint32_t)is->insn->address;
is               1229 tools/firmware_load_ng.c     uint32_t *pv=LDR_PC2valptr(fw,is->insn);
is               1234 tools/firmware_load_ng.c             return (uint32_t)is->insn->address;
is               1243 tools/firmware_load_ng.c uint32_t search_disasm_calls(firmware *fw, iter_state_t *is, uint32_t val, __attribute__ ((unused))void *unused)
is               1246 tools/firmware_load_ng.c     uint32_t sub=get_branch_call_insn_target(fw,is);
is               1256 tools/firmware_load_ng.c int search_calls_multi_end(__attribute__ ((unused))firmware *fw, __attribute__ ((unused))iter_state_t *is, __attribute__ ((unused))uint32_t adr) {
is               1264 tools/firmware_load_ng.c uint32_t search_disasm_calls_multi(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t unused, void *userdata)
is               1267 tools/firmware_load_ng.c     uint32_t sub=get_branch_call_insn_target(fw,is);
is               1271 tools/firmware_load_ng.c                 return data->fn(fw,is,sub);
is               1280 tools/firmware_load_ng.c uint32_t search_disasm_calls_veneer_multi(firmware *fw, iter_state_t *is, __attribute__ ((unused))uint32_t unused, void *userdata)
is               1283 tools/firmware_load_ng.c     uint32_t sub=get_branch_call_insn_target(fw,is);
is               1287 tools/firmware_load_ng.c                 return data->fn(fw,is,sub);
is               1293 tools/firmware_load_ng.c         veneer=get_branch_call_insn_target(fw,fw->is);
is               1297 tools/firmware_load_ng.c                 return data->fn(fw,is,sub);
is               1357 tools/firmware_load_ng.c         arm_insn insn_id = fw->is->insn->id;
is               1363 tools/firmware_load_ng.c              && fw->is->insn->detail->arm.cc == ARM_CC_AL) {
is               1369 tools/firmware_load_ng.c         if(fw->is->insn->detail->arm.operands[0].type != ARM_OP_REG) {
is               1372 tools/firmware_load_ng.c         arm_reg rd = fw->is->insn->detail->arm.operands[0].reg;
is               1387 tools/firmware_load_ng.c             uint32_t *pv=LDR_PC2valptr(fw,fw->is->insn);
is               1394 tools/firmware_load_ng.c             uint32_t v=ADRx2adr(fw,fw->is->insn); // assumes ADR doesn't generate 0, probably safe
is               1403 tools/firmware_load_ng.c                 && fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM) {
is               1404 tools/firmware_load_ng.c                 res[rd_i] += fw->is->insn->detail->arm.operands[1].imm;
is               1407 tools/firmware_load_ng.c             } else if(isADDx_imm(fw->is->insn)) {
is               1408 tools/firmware_load_ng.c                 res[rd_i] += fw->is->insn->detail->arm.operands[1].imm;
is               1413 tools/firmware_load_ng.c             } else if(isSUBx_imm(fw->is->insn)) {
is               1414 tools/firmware_load_ng.c                 res[rd_i] = (int)(res[rd_i]) - fw->is->insn->detail->arm.operands[1].imm;
is               1470 tools/firmware_load_ng.c             fprintf(stderr,"get_direct_jump_target: disasm single failed at 0x%"PRIx64"\n",fw->is->insn->address);
is               1474 tools/firmware_load_ng.c         if(!(fw->is->insn->id == ARM_INS_MOVT
is               1475 tools/firmware_load_ng.c             && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_IP
is               1476 tools/firmware_load_ng.c             && fw->is->insn->detail->arm.operands[1].type == ARM_OP_IMM)) {
is               1482 tools/firmware_load_ng.c         adr = (fw->is->insn->detail->arm.operands[1].imm << 16) | (adr&0xFFFF);
is               1484 tools/firmware_load_ng.c             fprintf(stderr,"get_direct_jump_target: disasm 2 failed at 0x%"PRIx64"\n",fw->is->insn->address);
is               1488 tools/firmware_load_ng.c         if(fw->is->insn->id == ARM_INS_BX
is               1489 tools/firmware_load_ng.c             && fw->is->insn->detail->arm.operands[0].type == ARM_OP_REG
is               1490 tools/firmware_load_ng.c             && fw->is->insn->detail->arm.operands[0].reg == ARM_REG_IP) {
is               1502 tools/firmware_load_ng.c uint32_t get_branch_call_insn_target(firmware *fw, iter_state_t *is)
is               1504 tools/firmware_load_ng.c     uint32_t adr=B_BL_target(fw,is->insn);
is               1506 tools/firmware_load_ng.c         return (adr | is->thumb);
is               1509 tools/firmware_load_ng.c     if(is->thumb) {
is               1510 tools/firmware_load_ng.c         adr=CBx_target(fw,is->insn);
is               1516 tools/firmware_load_ng.c     adr=BLXimm_target(fw,is->insn);
is               1518 tools/firmware_load_ng.c         if(is->thumb) {
is               1521 tools/firmware_load_ng.c             return adr | is->thumb;
is               1525 tools/firmware_load_ng.c     adr=LDR_PC_PC_target(fw,is->insn);
is               1529 tools/firmware_load_ng.c     adr=BX_PC_target(fw,is->insn);
is               1532 tools/firmware_load_ng.c         if(is->thumb) {
is               1558 tools/firmware_load_ng.c                             iter_state_t *is,
is               1565 tools/firmware_load_ng.c     if(!insn_match_find_next(fw,is,max_search_insns,match_ldr_pc)) {
is               1571 tools/firmware_load_ng.c     r.reg_base=is->insn->detail->arm.operands[0].reg;
is               1572 tools/firmware_load_ng.c     r.adr_base=LDR_PC2val(fw,is->insn);
is               1577 tools/firmware_load_ng.c         if(!disasm_iter(fw,is)) {
is               1583 tools/firmware_load_ng.c         if(isLDR_PC(is->insn)) {
is               1589 tools/firmware_load_ng.c         if(isADDx_imm(is->insn) || isSUBx_imm(is->insn)) {
is               1590 tools/firmware_load_ng.c             if((arm_reg)is->insn->detail->arm.operands[0].reg != r.reg_base) {
is               1593 tools/firmware_load_ng.c             if(isADDx_imm(is->insn)) {
is               1594 tools/firmware_load_ng.c                 r.adj=is->insn->detail->arm.operands[1].imm;
is               1596 tools/firmware_load_ng.c                 r.adj=-is->insn->detail->arm.operands[1].imm;
is               1598 tools/firmware_load_ng.c             if(!disasm_iter(fw,is)) {
is               1610 tools/firmware_load_ng.c                 && (is->insn->id == ARM_INS_BL || is->insn->id == ARM_INS_BLX
is               1611 tools/firmware_load_ng.c                     || is->insn->id == ARM_INS_B || is->insn->id == ARM_INS_BX)
is               1612 tools/firmware_load_ng.c                 && is->insn->detail->arm.cc == ARM_CC_AL) {
is               1616 tools/firmware_load_ng.c         if(is->insn->id != ARM_INS_LDR || (arm_reg)is->insn->detail->arm.operands[1].reg != r.reg_base) {
is               1619 tools/firmware_load_ng.c             if(is->insn->detail->arm.operands[0].type == ARM_OP_REG && (arm_reg)is->insn->detail->arm.operands[0].reg == r.reg_base) {
is               1625 tools/firmware_load_ng.c         r.reg_val = is->insn->detail->arm.operands[0].reg;
is               1629 tools/firmware_load_ng.c         r.off = is->insn->detail->arm.operands[1].mem.disp;
is               1645 tools/firmware_load_ng.c                             iter_state_t *is,
is               1661 tools/firmware_load_ng.c     int (*match_fn)(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match);
is               1671 tools/firmware_load_ng.c     while(fw_search_insn(fw,is,search_disasm_const_ref,val,NULL,(uint32_t)(is->adr+max_search_bytes))) {
is               1673 tools/firmware_load_ng.c         uint32_t next_adr = (uint32_t)is->adr;
is               1676 tools/firmware_load_ng.c         if(match_fn(fw,is,max_gap_insns,match)) {
is               1682 tools/firmware_load_ng.c             if((get_call_const_args(fw,is,max_gap_insns,regs)&reg_bit)==reg_bit) {
is               1685 tools/firmware_load_ng.c                     return iter_state_adr(is);
is               1690 tools/firmware_load_ng.c         disasm_iter_init(fw,is,next_adr | is->thumb);
is               1702 tools/firmware_load_ng.c                             iter_state_t *is,
is               1709 tools/firmware_load_ng.c     return find_const_ref_match(fw,is,max_search_bytes,max_gap_insns,match_reg,val,match_bl_blximm,FIND_CONST_REF_MATCH_ANY);
is               1750 tools/firmware_load_ng.c         if(insn_match_any(fw->is->insn,match_mov_r0_imm)) {
is               1751 tools/firmware_load_ng.c             found_val = fw->is->insn->detail->arm.operands[1].imm;
is               1760 tools/firmware_load_ng.c     if(!isRETx(fw->is->insn)) {
is               1787 tools/firmware_load_ng.c uint32_t find_last_call_from_func(firmware *fw, iter_state_t *is,int min_insns, int max_insns)
is               1793 tools/firmware_load_ng.c         if(!disasm_iter(fw,is)) {
is               1794 tools/firmware_load_ng.c             fprintf(stderr,"find_last_call_from_func: disasm failed 0x%"PRIx64"\n",is->adr);
is               1798 tools/firmware_load_ng.c         if(isPUSH_LR(is->insn)) {
is               1813 tools/firmware_load_ng.c         if(insn_match_any(is->insn,match_bl_blximm) && count >= min_insns) {
is               1815 tools/firmware_load_ng.c             last_adr=get_branch_call_insn_target(fw,is);
is               1819 tools/firmware_load_ng.c         if(isPOP_PC(is->insn)) {
is               1828 tools/firmware_load_ng.c         if(isPOP_LR(is->insn)) {
is               1834 tools/firmware_load_ng.c             if(!disasm_iter(fw,is)) {
is               1835 tools/firmware_load_ng.c                 fprintf(stderr,"find_last_call_from_func: disasm failed 0x%"PRIx64"\n",is->adr);
is               1852 tools/firmware_load_ng.c             while(insn_match_any(is->insn,match_tail) && count < max_insns) {
is               1853 tools/firmware_load_ng.c                 if(!disasm_iter(fw,is)) {
is               1854 tools/firmware_load_ng.c                     fprintf(stderr,"find_last_call_from_func: disasm failed 0x%"PRIx64"\n",is->adr);
is               1859 tools/firmware_load_ng.c             if(is->insn->id == ARM_INS_B && is->insn->detail->arm.cc == ARM_CC_AL) {
is               1860 tools/firmware_load_ng.c                 return get_branch_call_insn_target(fw,is);
is               1867 tools/firmware_load_ng.c         if(isRETx(is->insn)) {
is               1927 tools/firmware_load_ng.c int insn_match_seq(firmware *fw, iter_state_t *is, const insn_match_t *match)
is               1930 tools/firmware_load_ng.c     while(match->id != ARM_INS_ENDING && disasm_iter(fw,is) && insn_match(is->insn,match)) {
is               2073 tools/firmware_load_ng.c int insn_match_find_next(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match)
is               2078 tools/firmware_load_ng.c         if(!disasm_iter(fw,is)) {
is               2082 tools/firmware_load_ng.c         if(insn_match_any(is->insn,match)) {
is               2092 tools/firmware_load_ng.c int insn_match_find_nth(firmware *fw, iter_state_t *is, int max_insns, int num_to_match, const insn_match_t *match)
is               2098 tools/firmware_load_ng.c         if(!disasm_iter(fw,is)) {
is               2106 tools/firmware_load_ng.c             if(insn_match(is->insn,m)) {
is               2120 tools/firmware_load_ng.c int insn_match_find_next_seq(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match)
is               2126 tools/firmware_load_ng.c         while(m->id != ARM_INS_ENDING && disasm_iter(fw,is) && insn_match(is->insn,m)) {
is               2408 tools/firmware_load_ng.c     fw->is=disasm_iter_new(fw,0);
is               2422 tools/firmware_load_ng.c                          iter_state_t *is,
is               2436 tools/firmware_load_ng.c     while(disasm_iter(fw,is) && count < max_search) {
is               2437 tools/firmware_load_ng.c         uint32_t *pv=LDR_PC2valptr(fw,is->insn);
is               2472 tools/firmware_load_ng.c void find_exception_vec(firmware *fw, iter_state_t *is)
is               2488 tools/firmware_load_ng.c     disasm_iter_init(fw, is, fw->base + fw->main_offs + 12 + fw->thumb_default);
is               2489 tools/firmware_load_ng.c     if(!insn_match_find_next(fw,is,4,match_bl_mcr)) {
is               2494 tools/firmware_load_ng.c     uint32_t faddr = get_branch_call_insn_target(fw,is);
is               2497 tools/firmware_load_ng.c         disasm_iter_init(fw, is, faddr);
is               2498 tools/firmware_load_ng.c         disasm_iter(fw, is);
is               2501 tools/firmware_load_ng.c         if(!IS_INSN_ID_MOVx(is->insn->id) || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) {
is               2504 tools/firmware_load_ng.c         ra = is->insn->detail->arm.operands[0].reg;
is               2505 tools/firmware_load_ng.c         va = is->insn->detail->arm.operands[1].imm;
is               2506 tools/firmware_load_ng.c         disasm_iter(fw, is);
is               2507 tools/firmware_load_ng.c         if(is->insn->id != ARM_INS_MOVT
is               2508 tools/firmware_load_ng.c             || is->insn->detail->arm.operands[0].reg != ra
is               2509 tools/firmware_load_ng.c             || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) {
is               2512 tools/firmware_load_ng.c         va = (is->insn->detail->arm.operands[1].imm << 16) | (va & 0xFFFF);
is               2518 tools/firmware_load_ng.c         disasm_iter(fw, is);
is               2519 tools/firmware_load_ng.c         if(!IS_INSN_ID_MOVx(is->insn->id) || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) {
is               2522 tools/firmware_load_ng.c         rb = is->insn->detail->arm.operands[0].reg;
is               2523 tools/firmware_load_ng.c         vb = is->insn->detail->arm.operands[1].imm;
is               2524 tools/firmware_load_ng.c         disasm_iter(fw, is);
is               2525 tools/firmware_load_ng.c         if(is->insn->id != ARM_INS_MOVT
is               2526 tools/firmware_load_ng.c             || is->insn->detail->arm.operands[0].reg != rb
is               2527 tools/firmware_load_ng.c             || is->insn->detail->arm.operands[1].type != ARM_OP_IMM) {
is               2530 tools/firmware_load_ng.c         vb = (is->insn->detail->arm.operands[1].imm << 16) | (vb & 0xFFFF);
is               2541 tools/firmware_load_ng.c     } else if(is->insn->id == ARM_INS_MCR) {
is               2545 tools/firmware_load_ng.c         disasm_iter_init(fw, is, adr_hist_get(&is->ah,1));
is               2546 tools/firmware_load_ng.c         disasm_iter(fw, is);
is               2560 tools/firmware_load_ng.c     iter_state_t *is=disasm_iter_new(fw, fw->base + fw->main_offs + 12 + fw->thumb_default);
is               2573 tools/firmware_load_ng.c     while(find_startup_copy(fw,is,max_search,&src_start,&dst_start,&dst_end)) {
is               2592 tools/firmware_load_ng.c             data_found_copy=is->adr;
is               2642 tools/firmware_load_ng.c         disasm_iter_init(fw,is,(data_found_copy-4) | fw->thumb_default);
is               2643 tools/firmware_load_ng.c         while(disasm_iter(fw,is) && count < 20) {
is               2644 tools/firmware_load_ng.c             uint32_t *pv=LDR_PC2valptr(fw,is->insn);
is               2672 tools/firmware_load_ng.c     find_exception_vec(fw,is);
is               2685 tools/firmware_load_ng.c     disasm_iter_free(is);
is               2694 tools/firmware_load_ng.c     if(fw->is) {
is               2695 tools/firmware_load_ng.c         disasm_iter_free(fw->is);
is                133 tools/firmware_load_ng.h     iter_state_t* is;
is                354 tools/firmware_load_ng.h int get_TBx_PC_info(firmware *fw,iter_state_t *is, tbx_info_t *ti);
is                361 tools/firmware_load_ng.h void disasm_iter_free(iter_state_t *is);
is                365 tools/firmware_load_ng.h int disasm_iter_set(firmware *fw, iter_state_t *is, uint32_t adr);
is                369 tools/firmware_load_ng.h int disasm_iter_init(firmware *fw, iter_state_t *is, uint32_t adr);
is                376 tools/firmware_load_ng.h int disasm_iter(firmware *fw, iter_state_t *is);
is                411 tools/firmware_load_ng.h typedef uint32_t (*search_insn_fn)(firmware *fw, iter_state_t *is, uint32_t v1, void *udata);
is                422 tools/firmware_load_ng.h uint32_t fw_search_insn(firmware *fw, iter_state_t *is, search_insn_fn f,uint32_t v1, void *udata, uint32_t adr_end);
is                426 tools/firmware_load_ng.h uint32_t search_disasm_const_ref(firmware *fw, iter_state_t *is, uint32_t val, void *unused);
is                429 tools/firmware_load_ng.h uint32_t search_disasm_str_ref(firmware *fw, iter_state_t *is, uint32_t val, void *str);
is                434 tools/firmware_load_ng.h uint32_t search_disasm_calls(firmware *fw, iter_state_t *is, uint32_t val, void *unused);
is                438 tools/firmware_load_ng.h typedef int (*search_calls_multi_fn)(firmware *fw, iter_state_t *is, uint32_t adr);
is                448 tools/firmware_load_ng.h int search_calls_multi_end(firmware *fw, iter_state_t *is, uint32_t adr);
is                453 tools/firmware_load_ng.h uint32_t search_disasm_calls_multi(firmware *fw, iter_state_t *is, uint32_t unused, void *userdata);
is                456 tools/firmware_load_ng.h uint32_t search_disasm_calls_veneer_multi(firmware *fw, iter_state_t *is, uint32_t unused, void *userdata);
is                490 tools/firmware_load_ng.h uint32_t get_branch_call_insn_target(firmware *fw, iter_state_t *is);
is                519 tools/firmware_load_ng.h                             iter_state_t *is,
is                556 tools/firmware_load_ng.h uint32_t find_last_call_from_func(firmware *fw, iter_state_t *is,int min_insns, int max_insns);
is                639 tools/firmware_load_ng.h int insn_match_find_next(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match);
is                642 tools/firmware_load_ng.h int insn_match_find_nth(firmware *fw, iter_state_t *is, int max_insns, int num_to_match, const insn_match_t *match);
is                645 tools/firmware_load_ng.h int insn_match_seq(firmware *fw, iter_state_t *is, const insn_match_t *match);
is                648 tools/firmware_load_ng.h int insn_match_find_next_seq(firmware *fw, iter_state_t *is, int max_insns, const insn_match_t *match);
is                660 tools/firmware_load_ng.h                             iter_state_t *is,
is                676 tools/firmware_load_ng.h                             iter_state_t *is,
is                710 tools/firmware_load_ng.h #define iter_state_adr(is) ((uint32_t)is->insn->address | is->thumb)