Exercise 4 on page 79 of the book Practical Reverse Engineering specifies the following ARM disassembly of a function mystery4:
01: mystery4
02: 08 B9 CBNZ R0, loc_100C3DA
03: 00 20 MOVS R0, #0
04: 70 47 BX LR
05: loc_100C3DA
06: 50 F8 08 0C LDR.W R0, [R0,#–8]
07: 70 47 BX LR
08: ; End of function mystery4
The disassembly is in Thumb mode, as there are instructions having a width of 16 bits and some instructions specific to this mode (e.g. CBNZ and the .W suffix).
Mystery4 takes one argument in r0 and the argument is a pointer to an unknown data structure. The function either returns 0 or a 32 bit value stored in memory at address (r0-8). We know it reads a 32 bit value due to the .W suffix of the LDR instruction in line 6.
This is all we can say about the function and therefore its overall meaning remains a mystery to us:
long mystery4 (unknownDataStructure* arg) {
if (arg==null) {
return 0;
}
else {
return *(arg-8);
}
}
No comments:
Post a Comment