Part 24 – Debugging SUB

For a complete table of contents of all the lessons please click below as it will give you a brief of each lesson in addition to the topics it will cover. https://github.com/mytechnotalent/Reverse-Engineering-Tutorial

As stated, subtraction in ARM has four instructions which are SUB, SBC, RSB and RSC. We will start today with SUB.

Please keep in mind when you add the S suffix on the end of each such as SUBS, SBCS, RSBS, RSCS, it will affect the flags. We have spent enough time on flags in the prior lessons so that you should have a firm grasp on this now.

Let’s re-examine our example of SUB:

We simply take 67 decimal and move into r1 and 53 decimal and move into r2 and subtract r1 – r2 and put the result in r0.

Let’s debug.

As we can see the registers are clear. Lets step through and see what the value of r0 becomes.

As you can see above r0 now has decimal 14 which works as expected.

Next week we will dive into SUB hacking.