News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

PPC ASM Question

Started by reinstein, November 03, 2012, 01:08:52 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

reinstein

November 03, 2012, 01:08:52 AM
Hey everyone, I'm new to ASM and I'm having some difficulty following some code I'm analyzing.

Code Select

.set arg_28,  0x28
li        r12, 0        # Load Immediate
oris      r12, r12, 6   # OR Immediate Shifted
lwz       r12, -0x800(r12) # Load Word and Zero
std       r2, arg_28(r1) # Store Double Word
lwz       r0, 0(r12)    # Load Word and Zero
lwz       r2, 4(r12)    # Load Word and Zero
mtspr   CTR, r0         # Move to sprg,
bctr                    # Branch unconditionall


My confusion lies with register 12.  It looks to me like it is loaded with 0x60000, and then it is loaded with the contents of memory address 0x60800.

This address contains:
Code Select

.quad 0x635B8000635C0


But then a few lines later it appears to load r0 with the contents of the memory address stored in r12, but 0x635B8000635C0 is not a valid memory address.  Can someone explain this, because I'm sure I'm misinterpreting something here...

Tedd

#1
November 03, 2012, 02:28:02 AM
Just a guess, but...

-0x800 + 0x60000 = 0x5f800
Potato2

reinstein

#2
November 03, 2012, 02:40:16 AM
Quote from: Tedd on November 03, 2012, 02:28:02 AM
Just a guess, but...

-0x800 + 0x60000 = 0x5f800

Yes, I just realized that myself.  I was thinking 2's compliment, but that doesn't apply here.  The ironic thing about that is in address 0x5f800 is:

Code Select
.long functionA and the code I have above is actually functionA:, so the address is the address of this function.  That seems too coincidental to be wrong, but then I still don't know what is then being stored in registers r0 and r2...

Tedd

#3
November 03, 2012, 03:51:43 AM
More guessing.. :badgrin:

Code Select
li r12, 0               # r12 = 0
oris r12, r12, 6        # r12 = 60000
lwz r12, -0x800(r12)    # r12 = w(-800+r12) = w(5f800)
std r2, arg_28(r1)      # d(arg_28+r1) = r2    -- local variable
lwz r0, 0(r12)          # r0 = w(0+r12)
lwz r2, 4(r12)          # r2 = w(4+r12)
mtspr CTR, r0           # special reg CTR = r0
bctr                    # branch to CTR

So, my best guess would be that r0 is the function address and r2 is the first argument for that function, which is then branched to via CTR.
0x5F800 is a dispatch table containing <function pointer, argument>, ...

However, if this is all of 'functionA', it's just going to keep going round and round; so.. the table gets patched during runtime, as necessary?
Potato2

reinstein

#4
November 03, 2012, 05:58:09 AM
I appreciate the thoughts.  This is actually the entire subroutine and it corresponds to a cellCryptoPuSha1Init(SHA_CTX) function.
Print
Go Up Pages1
User actions