Part 21 – Debugging ADC

For a complete table of contents of all the lessons please click below as it will give you a brief of each lesson in addition to the topics it will cover. https://github.com/mytechnotalent/Reverse-Engineering-Tutorial

To recap, ADC is the same as ADD except it adds a 1 if the carry flag is set. We need to pay particular attention to the CPSR or Status Register when we work with ADC.

Let’s review our code:

We add 100 decimal into r1, 4,294,967,295 into r2, 100 decimal into r3 and 100 decimal into r4. We then add r1 and r2 and place in r0 and then add r3 and r4 and place into r5.

We see adds which sets the flags in the CPSR. We have to once again remember when we debug in GDB, the value of the CPSR is in hex. In order to see what flags are set, we must convert the hex to binary. This will make sense as we start to debug and hack this example in the coming tutorials.

Last week I raised a question where I wanted you to ask yourself what is going to happen when r3(100 decimal) is added to r4(100 decimal)? What do you think the value of r5 will be with the above example of setting the flags with the adds result?

Ok so we add 100 decimal and 100 decimal together in r3 and r4 and we get 201 decimal in r5! Is something broken? ADC is the same as ADD except it adds a 1 if the carry flag is set. Therefore we get the extra 1 in r5.

We again need to remember that bits 31, 20, 29 and 28 in the CPSR indicate the following:

bit 31 - N = Negative Flag

bit 30 - Z = Zero Flag

bit 29 - C = Carry Flag

bit 28 - V = Overflow Flag

We see the CPSR at 20000010 hex. The most significant bits of 20000010 hex in binary is 0010.

Therefore if the value in binary was 0010 of bit 31, 30, 29 and 28 (NZCV) that would mean:

Negative Flag NOT Set

Zero Flag NOT Set

Carry Flag SET

Overflow Flag NOT Set

As we can clearly see the carry flag was set. I hope you can digest and understand each of these very simple operations and how they have an effect on the CPSR.

Next week we will dive into Hacking ADC.

results matching ""

    No results matching ""