Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How does 'BL' arm instruction disassembly work?

Tags:

linux

arm

disassembly

'bl' or branch with link instruction is almost always becomes 0xebfffffe

However, the processor and GNU binutils objdump somehow know where to branch:

00000000 <init_module>:
   0:   e1a0c00d        mov     ip, sp
   4:   e92ddff0        push    {r4, r5, r6, r7, r8, r9, sl, fp, ip, lr, pc}
   8:   e24cb004        sub     fp, ip, #4
   c:   e24dd038        sub     sp, sp, #56     ; 0x38
  10:   ebfffffe        bl      0 <init_module>
  14:   e59f0640        ldr     r0, [pc, #1600] ; 65c <init_module+0x65c>
  18:   ebfffffe        bl      74 <init_module+0x74>

How do they know?

like image 435
yanychar Avatar asked Feb 21 '13 13:02

yanychar

People also ask

What does the BL instruction do?

The BL instruction causes a branch to label , and copies the address of the next instruction into LR ( R14 , the link register).

How does bl work in ARM?

The BL instruction copies the address of the next instruction into r14 (lr, the link register), and causes a branch to label . Machine-level B and BL instructions have a range of ±32Mb from the address of the current instruction. However, you can use these instructions even if label is out of range.

What does bl mean in assembly?

Branch Link (BL) performs a similar operation, but it copies the address of the next instruction into R14, the link register (LR). This works great when performing subroutine/procedure calls, because as soon as the section of code at the label is finished we can use the LR to get back to where we branched.

1 Answers

The issue is caused by the fact that you're looking at the disassembly of an object file, not final executable or shared object.

When assembler is producing the object file, the final address of the bl target is not fixed yet (it depends on the other object files that will be linked with it). So the assembler sets the address to 0 but also adds a relocation that tells the linker where this bl is supposed to go in the final file. (You can see the relocation info in objdump by adding the -r switch.)

When linking, the linker processes the relocation, calculates the final address of the target function and patches the instruction so that the target address lines up. If you disassemble the final, linked executable, you will see a different opcode.

like image 125
Igor Skochinsky Avatar answered Oct 14 '22 04:10

Igor Skochinsky
Sign in to Comment

Related questions

Meta data of text file
What is the best way to process the content of sysfs using C/C++?
How to identify multiple USB-serial adapters under Ubuntu 10.1
Process Memory Vs Heap -- JVM
Running a shell command in a c program
Shell script calls sudo; how do I suppress the password prompt
Linux: get the exit code from the kill command
Writing a shell script to install cron job
Writing STRINGS to serial port in C++ linux
sys_execve system call from Assembly
std.net.curl linker errors in Linux
Can "Text file busy" happen when two processes trying to execute a perl file in the same time?
How can the same Linux program load memory addresses be used multiple times on different processes running concurrently?
Can I call accept() for one socket from several threads simultaneously?
FTP "ls -lt" command: How does it list the file details for Linux FTP and Windows FTP server?
fopen() fails to open stream: permission denied, yet permissions should be valid
Where are string constants stored by GCC and from where these pointers are mapped?
Generate random number in kernel module
Histogram of an Image's "Black Ink Level" by Horizontal Axis
GDB complains No Source Available

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!