Capstone switching from ARM to THUMB dynamically

0
votes

I'm trying to write a simple script to disassemble ARM/THUMB bytecode. It's very common in ARM to switch from one mode to another, and therefore it's quite crucial that the disassembler be able to follow that. I'm having trouble with it, even though the docs say it's very simple ( see https://www.capstone-engine.org/lang_python.html#62-dynamically-change-disassemble-mode-at-run-time ). This does not seem to work at runtime for me.

Here is what my test looks like:

for i in md.disasm(CODE, 0x1000):
    print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))
    if i.mnemonic == "bx":
        md.mode = cs.CS_MODE_THUMB

Note that it actually does go into thumb mode, just not during the loop. Therefore, what happens is that the code is completely disassembled in ARM, but if I run it again it will be completely disassembled in THUMB.

Thank you in advance for your help

1
pythonarmcapstone
variable length instructions sets like arm/thumb arm/thumb/thumb2 need to be disassembled in execution order not linear order. so you need to start at a good entry point. problem is you have to do some level of simulation in order to get this to work with these platforms. now thumb/thumb2 is easy in execution order, arm vs thumb is not in any way. now I think there is something in .elf files to tell disassemblers what chunk is what as they are able to figure it out. other than that your best chance is a partial simulator and do it in execution order.old_timer
and as with x86 and other variable length instruction sets you can only hope to get some of it right (Even gnu struggles heavily with x86)old_timer
what did they say when you asked about this in the mailing list?old_timer
@old_timer I did not ask on the mailing list..Dominus
Mailing list would be the best method to contact us. This is the place for long conversations.old_timer

1 Answers

1
votes

disasm disassembles multiple instructions in a single call, so it's too late by the time you change the mode.

You can disassemble one instruction at a time or use cs_disasm_iter.

Reference link: https://www.capstone-engine.org/iteration.html