0

I get stack dump from android's logcat and it shows code around pc like that:

I/DEBUG   ( 1006): code around pc:
I/DEBUG   ( 1006): 825b11b8 e1cd66d8 e59de070 e046a007 e3caa00f
I/DEBUG   ( 1006): 825b11c8 e1a0c007 e1a06000 e0808005 e0809085
I/DEBUG   ( 1006): 825b11d8 f426892d f428c92d f469092d e25cc010
I/DEBUG   ( 1006): 825b11e8 f426992d f428d92d f308014c f469192d
I/DEBUG   ( 1006): 825b11f8 f30aa14e f466492d f30c2160 f468892d

The question is: using gcc/binutils, how can I convert that stuff into asm?

Alexey Frunze
  • 61,140
  • 12
  • 83
  • 180
Pavel P
  • 15,789
  • 11
  • 79
  • 128
  • it looks like thumb2 (ARM 16 bit). for xscale I have used these two commands, probably change the xscale to arm or thumb somehow and try that arm-linux-gnueabi-objcopy -B xscale -I binary somebinary.bin -O elf32-littlearm outputfile.elf arm-linux-gnueabi-objdump -D outputfile.elf > outputfile.list you will get some data disassembled as instructions but that is okay it is a fixed length instruction set (well, sorta). – old_timer Apr 25 '12 at 04:00
  • or if that is everything you want to disassemble just do it by hand. – old_timer Apr 25 '12 at 04:01
  • It's an arm7 tegra and I think it was compiled in arm mode. I'd like to find if there is a command that can give me opcode string for a given 32 hex value. I'm writing a script that would do automated logcat processing and I'd like to see that asm block as well – Pavel P Apr 25 '12 at 19:09
  • @dwelch what do you mean? How can something like that be done by hand? Or you meant to disasm entire .so and then search for that location, this isn't what I'm looking for. – Pavel P Apr 25 '12 at 19:10
  • if all you are talking about is the code in the post which looks to be 8 arm instructions, 12 thumb 2 perhaps and maybe 10 thumb, if there is a lot more code than that then no, not by hand. A disassembler is not hard to write, takes an afternoon for arm or thumb. that code in the question looks mixed though. words that begin with 0xE are often arm, thumb is normally a halfword with 0x6 or 0x7 but maybe the 0x8s and 0x1s are thumb the 0xFs are probably thumb 2 or a lot of thumb branches. – old_timer Apr 26 '12 at 00:33
  • did you not try the gnu tools as mentioned above? – old_timer Apr 26 '12 at 00:33
  • I didn't try yet, I didn't quite got what they do. To clarify, I don't need to resolve this specific hex dump, I'd just dump entire lib and find the location by using pc. I intentionally added assert to generate it for the purpose of this example. So, imagine, I wanted to get asm opcode for 0x825b11b8 only using some sort of binutils command lines. Perhaps, I can simply write the number as binary and then disasm raw binary. Is that what that example does? I think it's possible to tell objdump to disasm raw binary – Pavel P Apr 26 '12 at 01:50

0 Answers0