11 March 2016 - Forum Rules

Main Menu

Detecting a jump table in ARM(Need some C help)

Started by interdpth, February 04, 2013, 04:04:05 PM

Previous topic - Next topic



I need to check for

LSL Rx, Rx, Rx
LDR Rx, offset
ADD Rx, Rx, Rx
LDR Rx,[Rx]

The code I have to check is

//Code checks backwards.

                                if (!((get_word(ea) & 0x4680) &&// MOV PC, rX
                                (get_word(ea-2) & 0x6800) &&//LDR Rx,[Rx]
                                (get_word(ea-4) & 0x1800) &&//ADD Rx, Rx, Rx
                                (get_word(ea-6) & 0x4800) &&//LDR Rx, offset
                                (get_word(ea-8)&~0x38) == 0x0080))//LSL Rx, Rx, Rx
                return 0;

If anyone could be of assistance I will be extremely grateful.


If you have a hex editor that can search using a mask it would really help, assuming no other ops are shuffled into that.  That way, you can search just for the unchanging parts of each opcode and mask away the registers.
It's a method I use for searching out corresponding opcode sequences in different versions of N64 games, since the sequence of opcodes will usually be the same even when the specific registers and offsets aren't.

One freebie hex editor that comes to mind with that feature would be HexEdit from Expert Software.  Last July they released v4.0 for free (previously only 3.0F was available, and you had to use compatability settings with 64bit Windows.).
If you did use it, open the 'Find' menu window, select the 'Hex' tab, type in the binary form of the opcodes you're looking for, then set the mask in the appropriate line to ignore all the registers.