Practical Reverse Engineering Exercise Solutions: Page 79 / Exercise 4
Exercise 4 on page 79 of the book Practical Reverse Engineering specifies the following ARM disassembly of a function
The disassembly is in Thumb mode, as there are instructions having a width of 16 bits and some instructions specific to this mode (e.g.
CBNZ and the
Mystery4 takes one argument in
r0 and the argument is a pointer to an unknown data structure. The function either returns 0 or a 32 bit value stored in memory at address (
r0-8). We know it reads a 32 bit value due to the
.W suffix of the
LDR instruction in line 6.
This is all we can say about the function and therefore its overall meaning remains a mystery to us: