ARM processor detection problem

keystone-engine / keypatch

Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.

http://www.keystone-engine.org/keypatch

GNU General Public License v2.0

1.49k stars 355 forks source link

ARM processor detection problem #1

Closed ghost closed 8 years ago

ghost commented 8 years ago

Hello, I'm working with Cortex-M3 firmware images. This MCU only supports Thumb2 instructions, which might be the reason why these files are neither 32 or 64 bit in the info structure. That's how I solved this problem for me:

diff --git a/keypatch.py b/keypatch.py
index a8ea4da..a9a13f4 100644
--- a/keypatch.py
+++ b/keypatch.py
@@ -106,6 +106,9 @@ class Keypatch_Asm:
                     mode = KS_MODE_ARM | KS_MODE_LITTLE_ENDIAN
                 else:
                     mode = KS_MODE_ARM | KS_MODE_BIG_ENDIAN
+            else:
+                arch = KS_ARCH_ARM
+                mode = KS_MODE_THUMB | KS_MODE_LITTLE_ENDIAN
         elif cpuname.startswith("sparc"):
             arch = KS_ARCH_SPARC
             if info.is_64bit():

aquynh commented 8 years ago

can you please send a pull request?

aquynh commented 8 years ago

btw, what is the value of cpuname in this case?

ghost commented 8 years ago

The loader sets the processor with

idaapi.set_processor_type('ARM:ARMv7-M', idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)

and

idaapi.get_inf_structure().procName

is as usual 'ARM' for little endian and 'ARMB' for big endian.

skochinsky commented 8 years ago

IMO you should fix your loader to set the 32-bit flag (LFLG_PC_FLAT) anyway.

aquynh commented 8 years ago

@skochinsky: as you are here, i have a quick question: how can i tell IDA to look for my Python module (Keystone in this case) in a specific path? my module is under /usr/local, but apparently IDA does not look there, but only /usr.

thanks.

aquynh commented 8 years ago

fixed, thanks!