1

I'm starting to learn reverse engineering so I'm trying to reverse sample app, compiled for ARM(iOS) and now I'm looking into code.

This section is right before WHILE and right at the beginning of function where values are initiated. but I can't find the raw values.

This is the function .h file:

#import "NSObject.h" @interface SampleCalc : NSObject + (double)doCalc:(double)arg1; @end

And this is the ARM code:

+[SampleCalc doCalc:]: 0002f198 movw sb, #0x6cb4 ; Objective C Implementation defined at 0x95db8 (class method), :lower16:(0xc5e60 - 0x2f1ac) 0002f19c vmov.i32 d18, #0x0 0002f1a0 movt sb, #0x9 ; :upper16:(0xc5e60 - 0x2f1ac) 0002f1a4 vmov d16, r2, r3 0002f1a8 add sb, pc ; 0xc5e60 0002f1aa movs r2, #0x0 0002f1ac add.w r3, sb, #0x8 ; 0xc5e68 0002f1b0 vldr d17, [sb]

If I understand correctly this is ARM PIC (position independent code).

But I don't get the logic here 0002f1b0 - does the brackets mean sb is storing address and value is loaded in d17? And what is the address - 0xc5e68 correct?

The 0xc5e60 contains:

000c5e60 db 0x00 ; 000c5e61 db 0x00 ; '.' 000c5e62 db 0x00 ; '.' 000c5e63 db 0x00 ; '.' 000c5e64 db 0x00 ; '.' 000c5e65 db 0x00 ; '.' 000c5e66 db 0x33 ; '3' 000c5e67 db 0x40 ; '@' 000c5e68 db 0x00 ; 000c5e69 db 0x00 ; '.' 000c5e6a db 0x00 ; '.' 000c5e6b db 0x00 ; '.' 000c5e6c db 0x00 ; '.' 000c5e6d db 0x00 ; '.' 000c5e6e db 0x34 ; '4' 000c5e6f db 0x40 ; '@' 000c5e70 db 0x00 ; '.' 000c5e71 db 0x00 ; '.' 000c5e72 db 0x00 ; '.' 000c5e73 db 0x00 ; '.' 000c5e74 db 0x00 ; '.' 000c5e75 db 0x00 ; '.' 000c5e76 db 0x35 ; '5'

So does that mean D17 gets value 0x00?

Bonus question, if possible, what are all those . and @.

Thanks.

Improve this question
1
  • What tool is the output from? Commented Feb 23, 2017 at 10:27

1 Answer 1

Reset to default
1

sb is the alternative name for the ARM register R9 used by some disassemblers, similar to ip for R12, sp for R13 or PC for R15.

The main thing you need to look at is this:

0002f1a8 add sb, pc

At this point, sb has the value of 0x96cb4 due to the movw and movt before. In ARM, the pc value points two instructions ahead, so here it will have value 0x002f1a8+4 = 0x002f1ac. So, we get 0x002f1ac+0x96cb4=0xC5E60 which matches the comment added by the disassembler. Next, vldr d17, [sb] is executed which loads the double value at sb (or 0xC5E60). Double values are 8 bytes long so all of the bytes from 0xC5E60 till 0xC5E67 will be loaded. The hex for it is 0x4033000000000000 which corresponds to 19.0.

Improve this answer
0

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.