Help me With Instruction logic

[Un_Known]

Can anybody explain logic here 

It's ARM instruction set:

Here dword_36BD38 is uninitialized variable in .bss section

LDR       R3, =(dword_36BD38 - 0x19D86C) 

ADD      R3, PC, R3  ; dword_36BD38

CMP      R0, #0

STR       R0, [R3]

MOVLT   R2, #0x7FFFFFFF

STRLT     R2, [R3]

I have a little idea what's happening here but couldn't understand whole logic!

Edited June 26, 2019 by Un_Known

[saiaapiz]

0000	LDR		R3, =(dword_36BD38 - 0x19D86C) -- Load offset to R3
0004	ADD		R3, PC, R3  ; dword_36BD38 -- R3 = PC + Offset (R3)
0008	CMP		R0, #0 -- Check if R0 value equal to 0
000C	STR		R0, [R3] -- Store R0 value into R3 (R3 = dword_36BD38)
0010	MOVLT	R2, #0x7FFFFFFF -- If R0 value less than 0, then put (0x7FFFFFFF) 2147483647 into R2.
0014	STRLT	R2, [R3] -- If R0 value less than 0, then store R2 value which is 2147483647, into R3 (R3 = dword_36BD38)

Conclusion is, if R0 value less than 0.. then put 2147483647 into bss:dword_36BD38.

Anyway, if you not understand about the logic. F5 hotkey may come handy.

[Un_Known]

I have learnt a lot after joining GG forum. 

Thnx to @saiaapiz @Enyby

 

[Un_Known]

It generally means that value of coins would be highest (because 2147483647 is largest dword) only when value in R0 is less than 0

Okk if  I change MOVLT to MOV

and STRLT to STR

then value will always be 2147483647 because it will bypass condition check 

is it correct

 

and plz elaborate this part =(dword_36BD38 - 0x19D86C)

couldn't understand this That 

What would be value in R3 register

@saiaapiz

 

Edited June 26, 2019 by Un_Known

[saiaapiz]

Quote

 

Okk if  I change MOVLT to MOV

and STRLT to STR

then value will always be 2147483647 because it will bypass condition check 

is it correct

 

Yes, you're correct.

Quote

and plz elaborate this part =(dword_36BD38 - 0x19D86C)

This push offset into register, then add it with PC. So PC + Offset lead to dword_36BD38 which is targeted address.

Quote

What would be value in R3 register

R3 is address of dword_36BD38

[Un_Known]

1 minute ago, saiaapiz said:

Yes, you're correct.

This push offset into register, then add it with PC. So PC + Offset lead to dword_36BD38 which is targeted address.

R3 is address of dword_36BD38

ohh thnx buddy once again sorry for disturbing you

[Un_Known]

1 hour ago, saiaapiz said:

Yes, you're correct.

This push offset into register, then add it with PC. So PC + Offset lead to dword_36BD38 which is targeted address.

R3 is address of dword_36BD38

What is happening here can u explain? I have highlighted offset pushed to R1 with cursor?

what type of sign is between ahighscore and offset is it just a dash ? What is purpose of ahighscore here? 

Any reference guide for arm instruction set ?

Edited June 26, 2019 by Un_Known

[Un_Known]

Above question can be ignored Updated:

I think it is offset is loaded into R1 after subtraction between ahighscore and 0x19D8B4 and their addresses being subtracted!

so Here ahighscore has address =>00319CEC

so 00319CEC - 0x19D8B4 =17C438

So R1, = 17C438 would it be an offset?

Am.i correct or Wrong?

@saiaapiz @Enyby

Edited June 26, 2019 by Un_Known

[Enyby]

Offset from PC in LDR location. Useless in any other place.

 

[saiaapiz]

2 hours ago, Enyby said:

Offset from PC in LDR location. Useless in any other place.

 

Yep, Ida make we confuse by looking its value pointing directly to target address.

Actually, true opcode look like this LDR R0, [PC, #0x4]

Idk how to explain it, you can find arm opcode documentation on google. They describe how each instruction work.

@Un_Known

[Enyby]

This is how the ARM architecture works. Most addresses are not absolute, but relative, relative to the PC. This is done to save space in instructions. The instruction size is 4 bytes. The size of the 32-bit pointer is also 4 bytes. An absolute address almost always requires 4 bytes, since the code can be located in different places. A relative address can be encoded with 2 or 3 bytes. This will give the opportunity to refer to the memory near the code, where this code would not be located.
And since .bss is not far from .code (.text), this is enough.

[saiaapiz]

Let me explain this real quick.

How they load offset, and calculate address ?

Explanation: 
* PC = (Current Instruction Address + 0x8)

00000000         LDR     R0, [PC, 0x1C]; Its calculated like this, R0 = (PC:00000008 + 0x1C = 00000024). Read val at 00000024 which is 0x14, then put into R0.
00000004         ADD     R0, PC, R0 ; Again, R0 = (PC:0000000C + 0x14 (Offset) = 00000020)
00000008         MOV     R1, #0x1234; Move 0x1234 into R1
0000000C         STR     R1, [R0]; Store R1:0x1234 value into R0:00000020 address.
00000010         BX      LR; Jump into LR (LR is register that store address of this function caller.)
00000014         ALIGN 0x10
00000020 MyValue DCD 0x0
00000024 Offset  DCD 0x14

You can find lot of information here, The ARM instruction set

Edited June 26, 2019 by saiaapiz

[Un_Known]

50 minutes ago, saiaapiz said:

Let me explain this real quick.

How they load offset, and calculate address ?

Explanation: 
* PC = (Current Instruction Address + 0x8)

00000000         LDR     R0, [PC, 0x1C]; Its calculated like this, R0 = (PC:00000008 + 0x1C = 00000024). Read val at 00000024 which is 0x14, then put into R0.
00000004         ADD     R0, PC, R0 ; Again, R0 = (PC:0000000C + 0x14 (Offset) = 00000020)
00000008         MOV     R1, #0x1234; Move 0x1234 into R1
0000000C         STR     R1, [R0]; Store R1:0x1234 value into R0:00000020 address.
00000010         BX      LR; Jump into LR (LR is register that store address of this function caller.)
00000014         ALIGN 0x10
00000020 MyValue DCD 0x0
00000024 Offset  DCD 0x14

You can find lot of information here, The ARM instruction set

Thnx buddy for putting a lot of effort just to helpme!

[Un_Known]

3 hours ago, saiaapiz said:

Let me explain this real quick.

How they load offset, and calculate address ?

Explanation: 
* PC = (Current Instruction Address + 0x8)

00000000         LDR     R0, [PC, 0x1C]; Its calculated like this, R0 = (PC:00000008 + 0x1C = 00000024). Read val at 00000024 which is 0x14, then put into R0.
00000004         ADD     R0, PC, R0 ; Again, R0 = (PC:0000000C + 0x14 (Offset) = 00000020)
00000008         MOV     R1, #0x1234; Move 0x1234 into R1
0000000C         STR     R1, [R0]; Store R1:0x1234 value into R0:00000020 address.
00000010         BX      LR; Jump into LR (LR is register that store address of this function caller.)
00000014         ALIGN 0x10
00000020 MyValue DCD 0x0
00000024 Offset  DCD 0x14

You can find lot of information here, The ARM instruction set

Why pc is pointing to 0x8 shouldn't it be pointing to  0x4 from current address! 

As next  instruction would always be at 0x4 from current address

as instructions are of 32 bits (exclude thumb instruction set here )@saiaapiz

Edited June 26, 2019 by Un_Known

[saiaapiz]

19 hours ago, Un_Known said:

Why pc is pointing to 0x8 shouldn't it be pointing to  0x4 from current address! 

As next  instruction would always be at 0x4 from current address

as instructions are of 32 bits (exclude thumb instruction set here )@saiaapiz

Idk, it just works.

I didn't read hundred pages of arm documentation.

[Un_Known]

On 6/27/2019 at 2:30 AM, Un_Known said:

Why pc is pointing to 0x8 shouldn't it be pointing to  0x4 from current address! 

As next  instruction would always be at 0x4 from current address

as instructions are of 32 bits (exclude thumb instruction set here )@saiaapiz

So finally I Got answer to this thnx to @saiaapiz .

Posting Answer here because it can help many!

The Program Counter is automatically incremented by the size of the instruction executed. This size is always 4 bytes in ARM state and 2 bytes in THUMB mode. When a branch instruction is being executed, the PC holds the destination address. During execution, PC stores the address of the current instruction plus 8 (two ARM instructions) in ARM state, and the current instruction plus 4 (two Thumb instructions) in Thumb(v1) state. This is different from x86 where PC always points to the next instruction to be executed. 

Edited July 1, 2019 by Un_Known