MobileRead Forums - View Single Post - Questions on how to create/update Metazoa patches, ARM assembler, objdump, etc.

GeoffR · 10-06-2017, 02:37 AM

(Note that objdump refers to the 16 core registers as r0 - r9, sl, fp, ip, sp, lr, pc. Other tools might name them differently.)

The first 4 (non-float) arguments to a C/C++ function are passed in registers r0, r1, r2, r3, with any additional arguments passed on the stack. On return the result (if any) is in r0 - r3, and any of the registers r0 - r3 not used for the result contain junk. The contents of r4 - r9, sl, fp are preserved by the called function.

A standard C function takes a fixed number of arguments and returns a single result. In the C source, calling a function with 2 small integer arguments returning a small integer result could look something like:

Code:

result = fun(100, 23)

In assembly that function call might look something like:

Code:

movs r0, #100
movs r1, #23
blx  fun@plt
; now r0 contains result, r1 - r3 are junk

C++ function calls are similar, except that the compiler can insert some hidden arguments before the ones declared in the parameter list. A C++ source function call

Code:

result = obj.fun(100, 23)

might look something like this in assembly:

Code:

ldr  r0, [sp, #40] ; obj
movs r1, #100
movs r2, #23
blx  Class::fun(int,int)@plt
; now r0 contains result, r1 - r3 are junk

`Brightness fine control` for firmware 4.5.9587 is an example of a patch that modifies the declared argument to a C++ function taking one hidden and one declared argument:

Code:

<Patch>
patch_name = `Brightness fine control`
patch_enable = `yes`
#
## Sun symbols change the frontlight brightness in 2% instead of 1% steps.
#
# ValueDisplaySlider::setStep(1) --> ValueDisplaySlider::setStep(2)
replace_int = 741DCA, 1, 2
</Patch>

objdump command to show the relevant section of code in libnickel.so.1.0.0:

Code:

objdump -dC libnickel.so.1.0.0 --start-address=0x741dc6 | less

output before patching, firmware 4.5.9587 (trimmed):

Code:

  741dc6:       f8d4 308c       ldr.w   r3, [r4, #140]  ; 0x8c
  741dca:       2101            movs    r1, #1
  741dcc:       6a58            ldr     r0, [r3, #36]   ; 0x24
  741dce:       f597 efa2       blx     4d9d14 <ValueDisplaySlider::setStep(int)@plt>

output after patching, firmware 4.5.9587 (trimmed):

Code:

  741dc6:       f8d4 308c       ldr.w   r3, [r4, #140]  ; 0x8c
  741dca:       2102            movs    r1, #2
  741dcc:       6a58            ldr     r0, [r3, #36]   ; 0x24
  741dce:       f597 efa2       blx     4d9d14 <ValueDisplaySlider::setStep(int)@plt>

10-06-2017, 02:37 AM	#8
GeoffR Wizard Posts: 3,821 Karma: 19162882 Join Date: Nov 2012 Location: Te Riu-a-Māui Device: Kobo Glo	Function call arguments (Note that objdump refers to the 16 core registers as r0 - r9, sl, fp, ip, sp, lr, pc. Other tools might name them differently.) The first 4 (non-float) arguments to a C/C++ function are passed in registers r0, r1, r2, r3, with any additional arguments passed on the stack. On return the result (if any) is in r0 - r3, and any of the registers r0 - r3 not used for the result contain junk. The contents of r4 - r9, sl, fp are preserved by the called function. A standard C function takes a fixed number of arguments and returns a single result. In the C source, calling a function with 2 small integer arguments returning a small integer result could look something like: Code: result = fun(100, 23) In assembly that function call might look something like: Code: movs r0, #100 movs r1, #23 blx fun@plt ; now r0 contains result, r1 - r3 are junk C++ function calls are similar, except that the compiler can insert some hidden arguments before the ones declared in the parameter list. A C++ source function call Code: result = obj.fun(100, 23) might look something like this in assembly: Code: ldr r0, [sp, #40] ; obj movs r1, #100 movs r2, #23 blx Class::fun(int,int)@plt ; now r0 contains result, r1 - r3 are junk `Brightness fine control` for firmware 4.5.9587 is an example of a patch that modifies the declared argument to a C++ function taking one hidden and one declared argument: Code: <Patch> patch_name = `Brightness fine control` patch_enable = `yes` # ## Sun symbols change the frontlight brightness in 2% instead of 1% steps. # # ValueDisplaySlider::setStep(1) --> ValueDisplaySlider::setStep(2) replace_int = 741DCA, 1, 2 </Patch> objdump command to show the relevant section of code in libnickel.so.1.0.0: Code: objdump -dC libnickel.so.1.0.0 --start-address=0x741dc6 \| less output before patching, firmware 4.5.9587 (trimmed): Code: 741dc6: f8d4 308c ldr.w r3, [r4, #140] ; 0x8c 741dca: 2101 movs r1, #1 741dcc: 6a58 ldr r0, [r3, #36] ; 0x24 741dce: f597 efa2 blx 4d9d14 <ValueDisplaySlider::setStep(int)@plt> output after patching, firmware 4.5.9587 (trimmed): Code: 741dc6: f8d4 308c ldr.w r3, [r4, #140] ; 0x8c 741dca: 2102 movs r1, #2 741dcc: 6a58 ldr r0, [r3, #36] ; 0x24 741dce: f597 efa2 blx 4d9d14 <ValueDisplaySlider::setStep(int)@plt>