radare
commented
8 years ago this looks like an issue for https://github.com/aquynh/capstone/issues
Closed lowfatcomputing closed 7 years ago
radare
commented
8 years ago this looks like an issue for https://github.com/aquynh/capstone/issues
radare
commented
8 years ago what is exactly ual? because all the info i can find about it is just a syntax, and capstone supports it, if you want thumb use -b16, if you want arm use -b32 and for aarch64 -b64. but -b16 will be disassembling thumb and thumb2. if any of the instructions displayed is not following the UAL syntax, then report that specific thing to capstone.
lowfatcomputing
commented
8 years ago but -b16 will be disassembling thumb and thumb2
You are correct. My bad.
[0x00000000]> pdl | sort | uniq
2
4The only bug I might see here now is a usability bug. Afaik UAL is not actually 16-bit asm. It's both 16-bit and 32-bit. So maybe instead it should be specified as -b16-32, -bUAL or something.
It seems clear now that my ELF and BIN files are disassembled at the wrong offset, or capstone tries to disassemble the interrupt vector table as assembly instructions. I look into it further and provide a test case for a new issue.
radare
commented
8 years ago -b16 is asumed for thumb, not because the instruction size or the register size. Its an exception to make things simpler. Because its just a mode of the cpu.
-b16 sets thumb2 mode in capstone disassembler (as well as in gnu). Thumb2 contains 2 byte and 4 byte instruction lengths. Thumb was only 2. But thumb and thumb2 are binarynl compatible, so it makes sense to use thumb2 here, unless the cpu doesnt supports it.
From what i understand from ual is that this ist just a syntax, and this symtax should be ready in capstone.
Capstone knows nothing about code or data. It just disassembles. And if u pass a raw binary to radare, or well, an elf. The data mixed in code will be disaplayed as code until you define it as data. See Vd command, and C* ones
On 15 Oct 2015, at 16:59, Andreas Wagner notifications@github.com wrote:
but -b16 will be disassembling thumb and thumb2
You are correct. My bad.
[0x00000000]> pdl | sort | uniq
2 4 The only bug I might see here now is a usability bug. Afaik UAL is not actually 16-bit asm. It's both 16-bit and 32-bit. So maybe instead it should be specified as -b16-32, -bUAL or something.
It seems clear now that my ELF and BIN files are disassembled at the wrong offset, or capstone tries to disassemble the interrupt vector table as assembly instructions. I look into it further and provide a test case for a new issue.
— Reply to this email directly or view it on GitHub.
Maijin
commented
7 years ago I'm closing since you didn't provide any example.
I see a way to set radare2 to disassemble 32-bit ARM assembly (
r2 -aarm -b32 thing.bin) and 16-bit ARM Thumb (r2 -aarm -b16 thing.bin) but not to the combined ARM UAL (Unified Assembly Language).