Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for ARM32 ldm<amode> #1278

Open
pdamian opened this issue Aug 23, 2023 · 5 comments
Open

Support for ARM32 ldm<amode> #1278

pdamian opened this issue Aug 23, 2023 · 5 comments

Comments

@pdamian
Copy link

pdamian commented Aug 23, 2023

Would it be possible to add support for different <amode> (DA: Decrement After, DB: Decrement Before, IA: Increment After and IB: Increment Before) in instructions such as ldm (or stm)? These seem currently not being supported (see example below).
Example:

#!/usr/bin/env python3
## -*- coding: utf-8 -*-
from triton import ARCH, EXCEPTION, Instruction, MemoryAccess, MODE, TritonContext


function = {
    0x8000: b"\x06\x00\x90\xe8", # ldm r0, {r1, r2}
    0x8004: b"\x06\x00\x10\xe9", # ldmdb r0, {r1, r2}
}

ctx = TritonContext(ARCH.ARM32)
ctx.setMode(MODE.ALIGNED_MEMORY, True)
ctx.setThumb(False)

ctx.setConcreteRegisterValue(ctx.registers.r0, 0x1000)
ctx.setConcreteMemoryValue(MemoryAccess(0x0ff8, 4), 0x0ff8)
ctx.setConcreteMemoryValue(MemoryAccess(0x0ffc, 4), 0x0ffc)
ctx.setConcreteMemoryValue(MemoryAccess(0x1000, 4), 0x1000)
ctx.setConcreteMemoryValue(MemoryAccess(0x1004, 4), 0x1004)

pc = 0x8000
while pc in function:
    inst = Instruction(pc, function[pc])
    e = ctx.processing(inst)
    print(inst)
    if e != EXCEPTION.NO_FAULT:
        print(f"\tException = {e:d}")
        break
    r0 = ctx.getConcreteRegisterValue(ctx.registers.r0)
    r1 = ctx.getConcreteRegisterValue(ctx.registers.r1)
    r2 = ctx.getConcreteRegisterValue(ctx.registers.r2)
    print(f"\tr0 = 0x{r0:x}")
    print(f"\tr1 = 0x{r1:x}")
    print(f"\tr2 = 0x{r2:x}")
    pc = ctx.getConcreteRegisterValue(ctx.registers.pc)

Output:

0x8000: ldm r0, {r1, r2}
        r0 = 0x1000
        r1 = 0x1000
        r2 = 0x1004
0x8004: ldmdb r0, {r1, r2}
        Exception = 3
@cnheitman
Copy link
Collaborator

Hi @pdamian ! I can take a look to this and try to implement the missing modes in the upcoming weeks.

@m4drat
Copy link

m4drat commented Dec 19, 2023

Hi!
While playing with https://github.com/quarkslab/tritondse/ and an ARM32 target I also encountered this problem. Are there any updates on implementation of these instructions?

@cnheitman
Copy link
Collaborator

Hi @m4drat ! Unfortunately I did not have much time to spend on this. It is still on my todo list but I cannot give an estimate on when I'll be able to do it.

@m4drat
Copy link

m4drat commented Dec 20, 2023

Thanks for an answer. Got it! I've come across a couple other instructions that seem to need to be implemented as well, so I might work on this and related issues in the future. Of course, if it makes sense for the project I'm working on right now.

@cnheitman
Copy link
Collaborator

Great! Any PR will be very much appreciated :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants