Text only | Text with Images

The MASM Forum

General => The Campus => Topic started by: reinstein on November 03, 2012, 01:08:52 AM

Title: PPC ASM Question
Post by: reinstein on November 03, 2012, 01:08:52 AM
Hey everyone, I'm new to ASM and I'm having some difficulty following some code I'm analyzing.

Code Select

.set arg_28,  0x28
li        r12, 0        # Load Immediate
oris      r12, r12, 6   # OR Immediate Shifted
lwz       r12, -0x800(r12) # Load Word and Zero
std       r2, arg_28(r1) # Store Double Word
lwz       r0, 0(r12)    # Load Word and Zero
lwz       r2, 4(r12)    # Load Word and Zero
mtspr   CTR, r0         # Move to sprg,
bctr                    # Branch unconditionall


My confusion lies with register 12.  It looks to me like it is loaded with 0x60000, and then it is loaded with the contents of memory address 0x60800.

This address contains:
Code Select

.quad 0x635B8000635C0


But then a few lines later it appears to load r0 with the contents of the memory address stored in r12, but 0x635B8000635C0 is not a valid memory address.  Can someone explain this, because I'm sure I'm misinterpreting something here...
Title: Re: PPC ASM Question
Post by: Tedd on November 03, 2012, 02:28:02 AM
Just a guess, but...

-0x800 + 0x60000 = 0x5f800
Title: Re: PPC ASM Question
Post by: reinstein on November 03, 2012, 02:40:16 AM
Quote from: Tedd on November 03, 2012, 02:28:02 AM
Just a guess, but...

-0x800 + 0x60000 = 0x5f800

Yes, I just realized that myself.  I was thinking 2's compliment, but that doesn't apply here.  The ironic thing about that is in address 0x5f800 is:

Code Select
.long functionA and the code I have above is actually functionA:, so the address is the address of this function.  That seems too coincidental to be wrong, but then I still don't know what is then being stored in registers r0 and r2...
Title: Re: PPC ASM Question
Post by: Tedd on November 03, 2012, 03:51:43 AM
More guessing.. :badgrin:

Code Select
li r12, 0               # r12 = 0
oris r12, r12, 6        # r12 = 60000
lwz r12, -0x800(r12)    # r12 = w(-800+r12) = w(5f800)
std r2, arg_28(r1)      # d(arg_28+r1) = r2    -- local variable
lwz r0, 0(r12)          # r0 = w(0+r12)
lwz r2, 4(r12)          # r2 = w(4+r12)
mtspr CTR, r0           # special reg CTR = r0
bctr                    # branch to CTR

So, my best guess would be that r0 is the function address and r2 is the first argument for that function, which is then branched to via CTR.
0x5F800 is a dispatch table containing <function pointer, argument>, ...

However, if this is all of 'functionA', it's just going to keep going round and round; so.. the table gets patched during runtime, as necessary?
Title: Re: PPC ASM Question
Post by: reinstein on November 03, 2012, 05:58:09 AM
I appreciate the thoughts.  This is actually the entire subroutine and it corresponds to a cellCryptoPuSha1Init(SHA_CTX) function.
Text only | Text with Images