ARM调用方式调试笔记

ARM调用方式

理解笔记

The first four registers r0-r3 (a1-a4) are used to pass argument values into a subroutine and to return a result
value from a function. They may also be used to hold intermediate values within a routine (but, in general, only
between subroutine calls)

Register r12 (IP) may be used by a linker as a scratch register between a routine and any subroutine it calls (for
details, see §5.3.1.1, Use of IP by the linker). It can also be used within a routine to hold intermediate values
between subroutine calls.

The role of register r9 is platform specific. A virtual platform may assign any role to this register and must
document this usage. For example, it may designate it as the static base (SB) in a position-independent data
model, or it may designate it as the thread register (TR) in an environment with thread-local storage. The usage
of this register may require that the value held is persistent across all calls. A virtual platform that has no need for
such a special register may designate r9 as an additional callee-saved variable register, v6.

处理大于32位的数

Fundamental types larger than 32 bits may be passed as parameters to, or returned as the result of, function calls.
When these types are in core registers the following rules apply:
 A double-word sized type is passed in two consecutive registers (e.g., r0 and r1, or r2 and r3). The content of
the registers is as if the value had been loaded from memory representation with a single LDM instruction.
 A 128-bit containerized vector is passed in four consecutive registers. The content of the registers is as if the
value had been loaded from memory with a single LDM instruction.

从以往的逆向经验来讲从函数ldivmod 等变种的函数(汇编代码)中处理方式可找到证据

/*
* Unsigned divide operation.
*	Input :	Divisor in Reg r5
*		Dividend in Reg r6
*	Output: Result in Reg r3
*/

	.text
	.globl	__udivsi3
	.type __udivsi3, @function
	.ent __udivsi3

__udivsi3:

Parameter Passing 重心

从jd的so来看sprintf超过r0-r3参数个数的时候，会首先用r0-r3,然后就是栈，sp,sp-4,sp-8,sp-0xc
依次存储多余的参数，这个东西我从逆向的书中看真的很慢，不如我直接看代码.

例如:

sprintf函数调用:
R0
R1 “%d%d%d%d%d%d%d”
R2 year+0x76c
R3 month+1

SP =>>>>>> day
SP-4 =>>>>>> hour
SP-8 =>>>>>> min 00004918 r1
SP-12 =>>>>>> second 0000491C r1
SP-16 =>>>>>> tv.usec A4347‬
SP-20
A4347‬ =>> 672583 00004920 r1
sprintf结果验证:
2019/8/28/1/32/4/2/672583
2019/8/28/1/56/59/409942
2019/8/28/2/00/43/484342
2019/8/28/2/08/00/230705
2019/8/28/2/13/21/861612
2019/8/28/6/48/19/582022