Figure 2-12 involves some twiddling.
Here is a disassembly of the function:
 |
| Figure 2-12. Practical Reverse Engineering. © 2014 by Bruce Dang |
The ARM processor is in Thumb state. The function takes a struct that has a size value and array in it. The array is enumerated looking for a search value, then returning a type of bitmask on its location.
uint64_t search_mask(struct *r0, DWORD search)
{
/* loc_103B3A8 */
for (
DWORD i = 0; /* MOVS R2, #0 */
i < r0->numElements; /* CMP R2, R4 */
++i; /* ADDS R2, #1 */
)
{
/* LDR.W R3, [R0,#4]! */
/* CMP R3, R1 */
if (r0->elements[i] == search)
{
/* SUBS.W R3, R2, #0X20 */
/* LSLS R1, R3 */
search = 1 << (i - 0x20);
/* MOVS R3, #1 */
/* LSLS.W R0, R3, R2 */
return (uint64_t) 1 << i;
}
}
search = 0; /* MOVS R1, #0 */
return 0; /* MOVS R0, #0 */
}
Here is a struct definition:
struct r0
{
DWORD numElements; /* 0x0 */
DWORD elements[?]; /* 0x4 */
}
No comments :
Post a Comment