Jump to content

Question

Recommended Posts

  • 0
Posted
6 minutes ago, Alessa- said:

if the address is not far I can but if the address is very far away, LDR can't do it what is this limit?

There are 12 bits in the instruction that are used for encoding offset from PC in bytes, so the limit is from -4095 to 4095.

Reference: https://developer.arm.com/documentation/ddi0406/cb/Application-Level-Architecture/Instruction-Details/Alphabetical-list-of-instructions/LDR--literal-?lang=en

  • 0
Posted

Hi @Alessa-, (LDR register, =addr) is a Pseudo-code that:

  • 1) It is not widely supported, since it requires more translation.
  • 2) PSeudo-code is intended for readability. Being a Pseudo, you can even put a labels on it (LDR R0, =Function._Name)
  • 3) A reminder: Arm Patching must follow length. If exceeded, you can replace the next instruction and it will still considered your patched Instruction.

Your code above will roughly translated as below, where #0xsomething is offset and PC is a relative register that holds next instruction.

LDR R0, [pc, #0xsomething] --If somewhere around PC and loads into R0
LDR R0, [pc] -- If at the Start of PC and loads into R0

Your code above is 16-bits long, thus it's why it's translated into relative addresses using PC. ARM can only handle 8-bits:

LDR R0, =1C5AF30
04 00 1F E5 30 AF C5 01

Thus needs to be splitted by either pushing the content into the register or manually calculate the offset (pc, #calculate._here) :
https://azeria-labs.com/memory-instructions-load-and-store-part-4/

  • 0
Posted
5 hours ago, Alessa- said:

Gg cant doit for that ?

@XEKEX have solution for that ?

Using the instructions movw and movt to load the address into register r0 and then using ldr to load the value from the address into the same register r0 will overwrite the original value of the address with the value at that address. This will result in the register r0 containing the value at address 0x12345678, rather than the address itself.



movw r0, 0x5678
movt r0, 0x1234
ldr r0, [r0] <- ( LDR R1, [0x12345678])

the address should be a pointer

 

  • 0
Posted
2 minutes ago, MC189 said:

Hi @Alessa-, (LDR register, =addr) is a Pseudo-code that:

  • 1) It is not widely supported, since it requires more translation.
  • 2) PSeudo-code is intended for readability. Being a Pseudo, you can even put a labels on it (LDR R0, =Function._Name)
  • 3) A reminder: Arm Patching must follow length. If exceeded, you can replace the next instruction and it will still considered your patched Instruction.

Your code above will roughly translated as below, where #0xsomething is offset and PC is a relative register that holds next instruction.

LDR R0, [pc, #0xsomething] --If somewhere around PC and loads into R0
LDR R0, [pc] -- If at the Start of PC and loads into R0

Your code above is 16-bits long, thus it's why it's translated into relative addresses using PC. ARM can only handle 8-bits:

LDR R0, =1C5AF30
04 00 1F E5 30 AF C5 01

Thus needs to be splitted by either pushing the content into the register or manually calculate the offset (pc, #calculate._here) :
https://azeria-labs.com/memory-instructions-load-and-store-part-4/

working with PC is so dangerous for whome don't understand arm instructions .
LDR R0, [PC, 0x somthing] -- wrong cause the 2ed parameter in [ ] is the offset of the value [PC , + offset ] wont give the correct address and since we don't know the next instruction address this will give random address.
ARM can only handle 8-bits: this is true 
LDR R0, =Function._Pointer / string literal ( BS region or Stringliteral.json will contain offsets [lib_ base address + offset = address ] ) / jump instruction ( B , BL ,) / a value from memory ( any )

  • 0
Posted
2 hours ago, CmP said:

It can't be used, because it is a pseudo-instruction that requires more space than single instruction.

Description and examples of LDR pseudo-instruction are present in ARM documentation:
https://developer.arm.com/documentation/dui0802/b/A32-and-T32-Instructions/LDR-pseudo-instruction

I want ldr load may address 

Example my address 0xccccc

 

How to ldr load my address ?

Guys so.. how to ldr load mu address ?  

 

2 minutes ago, XEKEX said:

working with PC is so dangerous for whome don't understand arm instructions .
LDR R0, [PC, 0x somthing] -- wrong cause the 2ed parameter in [ ] is the offset of the value [PC , + offset ] wont give the correct address and since we don't know the next instruction address this will give random address.
ARM can only handle 8-bits: this is true 
LDR R0, =Function._Pointer / string literal ( BS region or Stringliteral.json will contain offsets [lib_ base address + offset = address ] ) / jump instruction ( B , BL ,) / a value from memory ( any )

Yes , but i want ldr load my addres 

I use ldr r0, [pc,#addres]

Amd ldr r0, =address 

Cant doit gg 

  • 0
Posted

@Alessa- 
example in memory : the pointer 0x12345678 will point to this address 0x87654321 -> this address got the value 99999.
using LDR:
LDR r0, [0x12345678] using this instruction will load the pointed value of 0x12345678 into R0 
means : R0 = 99999

  • 0
Posted

Example my ldr addres 

This https://pasteboard.co/SaAZH5P9iGkV.jpg

Ldr r0 xxxx 

And i want load address

 this 

https://pasteboard.co/oOKpwzDEObvn.jpg

How to doit for ldr ?

Ldr r0, =address cant doit

 

7 minutes ago, XEKEX said:

@Alessa- 
example in memory : the pointer 0x12345678 will point to this address 0x87654321 -> this address got the value 99999.
using LDR:
LDR r0, [0x12345678] using this instruction will load the pointed value of 0x12345678 into R0 
means : R0 = 99999

Cant  , ldr cant load addres 

ldr can't load the distance between the address and the far ldr?

  • 0
Posted
40 minutes ago, MC189 said:

Hi @Alessa-, (LDR register, =addr) is a Pseudo-code that:

  • 1) It is not widely supported, since it requires more translation.
  • 2) PSeudo-code is intended for readability. Being a Pseudo, you can even put a labels on it (LDR R0, =Function._Name)
  • 3) A reminder: Arm Patching must follow length. If exceeded, you can replace the next instruction and it will still considered your patched Instruction.

Your code above will roughly translated as below, where #0xsomething is offset and PC is a relative register that holds next instruction.

LDR R0, [pc, #0xsomething] --If somewhere around PC and loads into R0
LDR R0, [pc] -- If at the Start of PC and loads into R0

Your code above is 16-bits long, thus it's why it's translated into relative addresses using PC. ARM can only handle 8-bits:

LDR R0, =1C5AF30
04 00 1F E5 30 AF C5 01

Thus needs to be splitted by either pushing the content into the register or manually calculate the offset (pc, #calculate._here) :
https://azeria-labs.com/memory-instructions-load-and-store-part-4/

Still same

  • 0
Posted
6 minutes ago, Alessa- said:

Example my ldr addres 

This https://pasteboard.co/SaAZH5P9iGkV.jpg

Ldr r0 xxxx 

And i want load address

 this 

https://pasteboard.co/oOKpwzDEObvn.jpg

How to doit for ldr ?

Ldr r0, =address cant doit

 

Cant  , ldr cant load addres 

ldr can't load the distance between the address and the far ldr?

if the offset is less then 4kb (0x400) you can use LDR R0, [PC, offset]

  • 0
Posted (edited)
12 hours ago, XEKEX said:

- LDR R0, [PC, 0x somthing] -- wrong cause the 2ed parameter in [ ] is the offset
- wont give the correct address

That's why you need to Calculate it or Pushing the Address into the Register first. Which it's depend on your approach. Something hard to predict doesn't make it wrong. Personally I prefer in using PC instead:

  • - You can judge the PC pattern by being 8-bytes ahead from initial.
  • - PC withhold next instruction, otherwise an unknown address (mentioned in offset) will raise errors. I don't know if Android or GG has some kind of prevention to this, I mainly use Emulators.
  • - It avoids of re-moving address to registers, it's unnecessary in my opinion, just straight accessing them which debugger will happily tells you.

EDIT: I don't know if you thought 0xsomething is an Address, then it is misunderstanding, I definitely said it was offset in the end.

Quote

- where #0xsomething is offset
- Thus needs to be splitted by either pushing the content into the register or manually calculate the offset (pc, #calculate._here) :

 

Edited by MC189
edit._2
  • 0
Posted
1 minute ago, XEKEX said:

if the offset is less then 4kb (0x400) you can use LDR R0, [PC, offset]

I trt it but is work with same area 

Example

ldr 

Area AAAA 

and addres be load area AAAA can ldr load 

But if ldr area AAAA 

And addres area CCCC 

Ldr cant load maybe limit 

So how fix it ?

 

4 minutes ago, MC189 said:

That's why you need to Calculate it or Pushing the Address into the Register first. Which it's depend on your approach. Something hard to predict doesn't make it wrong. Personally I prefer in using PC instead:

  • - You can judge the PC pattern by being 8-bytes ahead from initial.
  • - PC withhold next instruction, otherwise an unknown address (mentioned in offset) will raise errors. I don't know if Android or GG has some kind of prevention to this, I mainly use Emulators.
  • - It avoids of re-moving address to registers, it's unnecessary in my opinion, just straight accessing them which debugger will happily tells you.

Okay

6 minutes ago, XEKEX said:

if the offset is less then 4kb (0x400) you can use LDR R0, [PC, offset]

Eaxmple ldr addres : B179DE28 

and i want load addres: AFFDACA4 

ldr cant doit i dont know why 

but if ldr addres : AFFDABEC 

and i want load address : AFFDACA4 

can doit ldr r0, [pc,#offset]

  • 0
Posted (edited)

@Alessa- try to use this code : 

~A MOVW R0, 0XDE28 -- we set the value of R0 to be the LDR address
~A MOVT R0, 0XB179
~A MOVW R1, 0XCE7C -- offset of the two values is : 0xFE83CE7C ( 0xAFFDACA4 - 0XB179DE28 = 0xFE83CE7C or 0XB179DE28 + 0xFE83CE7C = 0xAFFDACA4 ) 
~A MOVT R1, 0XFE83
~A LDR R0, [R0, R1] -- this will load the value of the address 0xAFFDACA4 ( 29883488 ) -> LDR R0, [0XB179DE28 + 0xFE83CE7C ] into R0 ( R0 = 29883488 )

Edited by XEKEX
  • 0
Posted
5 minutes ago, XEKEX said:

@Alessa- try to use this code : 

~A MOVW R0, 0XDE28 -- we set the value of R0 to be the LDR address
~A MOVT R0, 0XB179
~A MOVW R1, 0XCE7C -- offset of the two values is : 0xFE83CE7C ( 0xAFFDACA4 - 0XB179DE28 = 0xFE83CE7C / 0XB179DE28 + 0xFE83CE7C = 0xAFFDACA4 ) 
~A MOVT R1, 0XFE83
~A LDR R0, [R0, R1] -- this will load the value of the address 0xAFFDACA4 ( 29883488 ) / LDR R0, [0XB179DE28 + 0xFE83CE7C ]

~A MOVW R0, 0XDE28 gg error cant add that

This https://pasteboard.co/d9cwlUjuCXVy.jpg

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.