News: 11 March 2016 - Forum Rules

Author Topic: Detecting a jump table in ARM(Need some C help)  (Read 2486 times)


  • Jr. Member
  • **
  • Posts: 33
    • View Profile
Detecting a jump table in ARM(Need some C help)
« on: February 04, 2013, 04:04:05 pm »

I need to check for

LSL Rx, Rx, Rx
LDR Rx, offset
ADD Rx, Rx, Rx
LDR Rx,[Rx]

The code I have to check is

//Code checks backwards.

                                if (!((get_word(ea) & 0x4680) &&// MOV PC, rX
                                (get_word(ea-2) & 0x6800) &&//LDR Rx,[Rx]
                                (get_word(ea-4) & 0x1800) &&//ADD Rx, Rx, Rx
                                (get_word(ea-6) & 0x4800) &&//LDR Rx, offset
                                (get_word(ea-8)&~0x38) == 0x0080))//LSL Rx, Rx, Rx
                return 0;

If anyone could be of assistance I will be extremely grateful.


  • Hero Member
  • *****
  • Posts: 565
    • View Profile
Re: Detecting a jump table in ARM(Need some C help)
« Reply #1 on: February 04, 2013, 04:51:21 pm »
If you have a hex editor that can search using a mask it would really help, assuming no other ops are shuffled into that.  That way, you can search just for the unchanging parts of each opcode and mask away the registers.
It's a method I use for searching out corresponding opcode sequences in different versions of N64 games, since the sequence of opcodes will usually be the same even when the specific registers and offsets aren't.

One freebie hex editor that comes to mind with that feature would be HexEdit from Expert Software.  Last July they released v4.0 for free (previously only 3.0F was available, and you had to use compatability settings with 64bit Windows.).
If you did use it, open the 'Find' menu window, select the 'Hex' tab, type in the binary form of the opcodes you're looking for, then set the mask in the appropriate line to ignore all the registers.