ARM Mode and the Thumb Mode classification – Android


Now I’m going to step into the world of Android ARM.

First of all

About ARM and Thumb Mode
ARM and Thumb are two different instruction sets supported by ARM cores with a “T” in their
name. For instance, ARM7 TDMI supports Thumb mode. ARM instructions are 32 bits wide, and
Thumb instructions are 16 wide. Thumb mode allows for code to be smaller, and can potentially be
faster if the target has slow memory.

Now that you’re familiar with this, you know, some of the first things that you need, but let’s take a look at what you need.

Let’s take a quick look at the ARM Mode and Thumb Mode.

On the ARM CPU, you can think of code execution as the meaning of how to interpret the code (how to interpret the code).It is divided into ARM Mode and Thumb Mode.

For ARM Mode, the anthropoments always use 32 bits.

For Thumb Mode, interpret the default 16 bits.

But this Thumb Mode is a bit more troubling.

As you can see, it’s more like a couple of times, but in the case of Thumb Mode, it’s 16 bits per bit, and it’s 32 bits.

So how would you categorize the code to be executed in the ARM Mode stamp mode?

It’s very simple.

As you know, the memory address loaded to run is stored in the PC (Program Counter).

If 0 0 bits of this address are 0, the ARM Mode is ARM Mode, and then the Thumb Mode is the Thumb mode.

And the CPU is written to bits 5 of the CPSR register that plays this information similar to the EFLAGS of Intel x86. If you are in theox mode, set the set to 1.

Then, let’s check the function of the function in the ARM Mode journal Thumb Mode journal.

For the first time, we’ll take the following code and debug it to the Android studio.

(Testing environment was conducted in an environment of Android marshmallow ARMv7.)

Our function, DebugTest() and fopen(), respectively, will look at the brake point of each mode and look at the brake point.

Let’s start by looking at what mode the current code is running.

Read the CPSR register to read 0x600F.

I need to look at bit 5, so binary changes …

Bit 5 is 1! Running in Thumb Mode.

And let’s look at the DebugTest() function, which was saved in this_function() function, in 0xEE831F8D

Bit zero! It is Thumb Mode again! D : D

Here’s to you again!

And then we’ll look at it in detail, but in the diagram, the actual code is in alignment, and in fact, the execution is in alignment.

Something’s wrong with the assembly code?

So let’s clean up. Let’s explore the code of 0xEE831F8C.

Now the code is good!^^

It is important to refer to the code address again later, but it is very important to address the code address.

Let’s debug this code to IDA as an IDA and test the actual file.

That’s it.

Today we briefly found out about the ARM Mode and the Thumb Mode classification.

Next time we will learn about encoding.

Thanks and sorry for bad english :D.

1 thought on “ARM Mode and the Thumb Mode classification – Android”

  1. that awesome article, thank you dude.
    (all images are so small and I can’t see anything can you upload them with high dimensions)

Leave a Reply

Your email address will not be published. Required fields are marked *