Romhacking.net

Romhacking => Programming => Topic started by: interdpth on February 04, 2013, 04:04:05 pm

Title: Detecting a jump table in ARM(Need some C help)
Post by: interdpth on February 04, 2013, 04:04:05 pm
Hello!


I need to check for





LSL Rx, Rx, Rx
LDR Rx, offset
ADD Rx, Rx, Rx
LDR Rx,[Rx]
MOV PC, rX

The code I have to check is



//Code checks backwards.

                                if (!((get_word(ea) & 0x4680) &&// MOV PC, rX
                                (get_word(ea-2) & 0x6800) &&//LDR Rx,[Rx]
                                (get_word(ea-4) & 0x1800) &&//ADD Rx, Rx, Rx
                                (get_word(ea-6) & 0x4800) &&//LDR Rx, offset
                                (get_word(ea-8)&~0x38) == 0x0080))//LSL Rx, Rx, Rx
                return 0;

If anyone could be of assistance I will be extremely grateful.
Title: Re: Detecting a jump table in ARM(Need some C help)
Post by: Zoinkity on February 04, 2013, 04:51:21 pm
If you have a hex editor that can search using a mask it would really help, assuming no other ops are shuffled into that.  That way, you can search just for the unchanging parts of each opcode and mask away the registers.
It's a method I use for searching out corresponding opcode sequences in different versions of N64 games, since the sequence of opcodes will usually be the same even when the specific registers and offsets aren't.

One freebie hex editor that comes to mind with that feature would be HexEdit from Expert Software (http://www.hexedit.com/).  Last July they released v4.0 for free (previously only 3.0F was available, and you had to use compatability settings with 64bit Windows.).
If you did use it, open the 'Find' menu window, select the 'Hex' tab, type in the binary form of the opcodes you're looking for, then set the mask in the appropriate line to ignore all the registers.