日志
mcore汇编分析
我用mcore交叉编译器做了下编译测试。
发现寄存器
r15为返回地址
r2为返回值
函数调用时,根据参数多少,依次使用r2至r6寄存器
r7寄存器一般多用于保存临时变量
入栈时,一般要把寄存器的值全部保存到堆栈内。
编译命令为:
mcore-elf-gcc -fshort-wchar -mbig-endian -nostdinc -fomit-frame-pointer -nostdlib -fno-builtin -c -o
源码为:
编译命令为:
mcore-elf-gcc -fshort-wchar -mbig-endian -nostdinc -fomit-frame-pointer -nostdlib -fno-builtin -c -o
源码为:
//#include<stdio.h>
int test(int z,int y,int x,char *w,long vv)
{
int b;
int tt;
for(b=0;b<36;b++)
{
tt = z * y;
tt = ( x + b )/5 * vv;
w[b] = 55;
}
return tt;
}
int main()
{
int fd;
int a;
int b;
int rt;
char p[]="i loveryou ";;
long vv;
int c;
a=19;
b=28;
vv=368489;
c=a+b;
rt = test(a,b,c,p,vv);
return rt;
}
用ida加载mcore插件后的汇编代码为:
ROM:00000034 24 70 subi sp, 8
ROM:00000036 98 00 st.w r8, (sp, 8+var_8)
ROM:00000038 25 F0 subi sp, 0x20
ROM:0000003A 12 08 mov r8, sp
ROM:0000003C 92 08 st.w r2, (r8, 0)
ROM:0000003E 93 18 st.w r3, (r8, 4)
ROM:00000040 94 28 st.w r4, (r8, 8)
ROM:00000042 95 38 st.w r5, (r8, 0xC)
ROM:00000044 96 48 st.w r6, (r8, 0x10)
ROM:00000046 60 07 movi r7, 0
ROM:00000048 97 58 st.w r7, (r8, 0x14)
ROM:0000004A
ROM:0000004A loc_4A: CODE XREF: test+48j
ROM:0000004A 86 58 ld.w r6, (r8, 0x14)
ROM:0000004C 62 37 movi r7, 0x23
ROM:0000004E 0D 67 cmplt r7, r6
ROM:00000050 E0 16 jbt loc_7E
ROM:00000052 86 08 ld.w r6, (r8, 0)
ROM:00000054 87 18 ld.w r7, (r8, 4)
ROM:00000056 03 67 mult r7, r6
ROM:00000058 97 68 st.w r7, (r8, 0x18)
ROM:0000005A 86 28 ld.w r6, (r8, 8)
ROM:0000005C 87 58 ld.w r7, (r8, 0x14)
ROM:0000005E 1C 67 addu r7, r6
ROM:00000060 60 51 movi r1, 5
ROM:00000062 12 76 mov r6, r7
ROM:00000064 32 16 divs r6, r1
ROM:00000066 87 48 ld.w r7, (r8, 0x10)
ROM:00000068 03 67 mult r7, r6
ROM:0000006A 97 68 st.w r7, (r8, 0x18)
ROM:0000006C 86 38 ld.w r6, (r8, 0xC)
ROM:0000006E 87 58 ld.w r7, (r8, 0x14)
ROM:00000070 1C 76 addu r6, r7
ROM:00000072 63 77 movi r7, 0x37
ROM:00000074 B7 06 st.b r7, (r6, 0)
ROM:00000076 87 58 ld.w r7, (r8, 0x14)
ROM:00000078 20 07 addi r7, 1
ROM:0000007A 97 58 st.w r7, (r8, 0x14)
ROM:0000007C F7 E6 jbr loc_4A
ROM:0000007E ---------------------------------------------------------------------------
ROM:0000007E
ROM:0000007E loc_7E: CODE XREF: test+1Cj
ROM:0000007E 87 68 ld.w r7, (r8, 0x18)
ROM:00000080 12 72 mov r2, r7
ROM:00000082 12 80 mov sp, r8
ROM:00000084 21 F0 addi sp, 0x20
ROM:00000086 88 00 ld.w r8, (sp, 8+var_8)
ROM:00000088 20 70 addi sp, 8
ROM:0000008A 00 CF jmp r15
ROM:0000008A End of function test
ROM:0000008A
ROM:0000008C
ROM:0000008C =============== S U B R O U T I N E =======================================
ROM:0000008C
ROM:0000008C
ROM:0000008C main:
ROM:0000008C
ROM:0000008C _r14 = -0x10
ROM:0000008C _r15 = -0xC
ROM:0000008C var_8 = -8
ROM:0000008C
ROM:0000008C 24 F0 subi sp, 0x10
ROM:0000008E 00 7E stm r14 - r15, (sp)
ROM:00000090 98 20 st.w r8, (sp, 0x10+var_8)
ROM:00000092 63 01 movi r1, 0x30
ROM:00000094 05 10 subu sp, r1
ROM:00000096 12 08 mov r8, sp
ROM:00000098 12 87 mov r7, r8
ROM:0000009A 20 F7 addi r7, 0x10
ROM:0000009C 76 17 lrw r6, sub_0
ROM:0000009E 12 75 mov r5, r7
ROM:000000A0 12 67 mov r7, r6
ROM:000000A2 84 07 ld.w r4, (r7, 0)
ROM:000000A4 94 A8 st.w r4, (r8, 0x28)
ROM:000000A6 86 17 ld.w r6, (r7, 4)
ROM:000000A8 84 A8 ld.w r4, (r8, 0x28)
ROM:000000AA 94 05 st.w r4, (r5, 0)
ROM:000000AC 87 27 ld.w r7, (r7, 8)
ROM:000000AE 97 A8 st.w r7, (r8, 0x28)
ROM:000000B0 96 15 st.w r6, (r5, 4)
ROM:000000B2 86 A8 ld.w r6, (r8, 0x28)
ROM:000000B4 96 25 st.w r6, (r5, 8)
ROM:000000B6 61 37 movi r7, 0x13
ROM:000000B8 97 18 st.w r7, (r8, 4)
ROM:000000BA 61 C7 movi r7, 0x1C
ROM:000000BC 97 28 st.w r7, (r8, 8)
ROM:000000BE 77 0F lrw r7, 0x59F69
ROM:000000C0 97 88 st.w r7, (r8, 0x20)
ROM:000000C2 86 18 ld.w r6, (r8, 4)
ROM:000000C4 87 28 ld.w r7, (r8, 8)
ROM:000000C6 1C 67 addu r7, r6
ROM:000000C8 97 98 st.w r7, (r8, 0x24)
ROM:000000CA 87 18 ld.w r7, (r8, 4)
ROM:000000CC 86 28 ld.w r6, (r8, 8)
ROM:000000CE 85 98 ld.w r5, (r8, 0x24)
ROM:000000D0 12 8F mov r15, r8
ROM:000000D2 20 FF addi r15, 0x10
ROM:000000D4 8E 88 ld.w r14, (r8, 0x20)
ROM:000000D6 12 72 mov r2, r7
ROM:000000D8 12 63 mov r3, r6
ROM:000000DA 12 54 mov r4, r5
ROM:000000DC 12 F5 mov r5, r15
ROM:000000DE 12 E6 mov r6, r14
ROM:000000E0 7F 08 jsri sub_0
ROM:000000E2 12 27 mov r7, r2
ROM:000000E4 97 38 st.w r7, (r8, 0xC)
ROM:000000E6 87 38 ld.w r7, (r8, 0xC)
ROM:000000E8 12 72 mov r2, r7
ROM:000000EA 12 80 mov sp, r8
ROM:000000EC 63 01 movi r1, 0x30
ROM:000000EE 1C 10 addu sp, r1
ROM:000000F0 00 6E ldm r14 - r15, (sp)
ROM:000000F2 88 20 ld.w r8, (sp, 0x10+var_8)
ROM:000000F4 20 F0 addi sp, 0x10
ROM:000000F6 00 CF jmp r15
ROM:000000F6 End of function main
渝公网安备 50011602500124号