ARM assembly Jump to address

1
votes

I have a need in pure C, after make the page read, I want to replace the function address with jump instruction and another function address, so I can use another function instead of current function at runtime, which implements MOCK.

It works fine on X86, but on ARM, I came into some issues, and do not know how to solve it. could you help me?

What is jump instruction of ARM, and how to replace it with current function address using memcpy?

I think maybe the key element is 16hex ARM jump instruction

1
cassemblyarm
"I came into some issues" - It would help to say what those issues were exactly.Notlikethat
Also, there are dozens of ARM instructions that can cause a branch, but in "pure C" you have no access to them, since the abstraction of the C runtime environment is your lowest level. It does rather sound like you're effectively trying to reimplement function pointers, but in a nasty way that relies on implementation specifics or undefined behaviour.Notlikethat
You need to give more details of your 'C' environment. In the purest form, auselen's answer applies. However, if it is Linux with shared libraries or some other OS, then other solutions may apply. Also, are you allowed to modify the source or do you want to do this to a binary? Do you have access to a libelf, etc.artless noise
I use mprotect to make the page read/write, so I can change the memory, my ARM env is android simulator, but after I memcpy, it just crashed. P.S. used B instruction and function address.Samblg
@Samblg you need to work on your accept ratio.auselen

1 Answers

1
votes

From blog post titled Caches and Self-Modifying Code on arm's community page:

Cached ARM architectures have a separate cache for data and instruction accesses; these are called the D-cache and the I-cache, respectively. ... with two interfaces to the CPU, the core can load an instruction and some data at the same time.

... because the D-cache and I-cache are not coherent, the newly-written instructions might be masked by the existing contents of the I-cache, causing the processor to execute old (or possibly invalid) instructions.

I believe rest of the article would help you dig deeper however I wonder why you are not using function pointers? They would be much easier to build on.