Improve ARM/Thumb support #6381
Labels
Component: Architecture
Issue needs changes to an architecture plugin
Component: Core
Issue needs changes to the core
Effort: Medium
Issue should take < 1 month
Impact: Medium
Issue is impactful with a bad, or no, workaround
Comments
xusheng6
added
Component: Architecture
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Binary Ninja struggles to be useful in the face of Thumb code in ARM binaries. In an mixed-mode ARM/Thumb binary calls between ARM and Thumb code use the "BLX" instruction instead of "BL". This signifies that the LSB of the target address is a Thumb function and the processor must change mode to Thumb mode to execute it.
However, that means there are "odd" function pointers within the code and data that need special handling. Further, when you follow such an "odd" pointer, it brings you to the specific address and not the aligned address. In ARM (Thumb or not), and instruction can NEVER have its first byte on an odd address.
If a function is later identified to be Thumb vs. ARM it doesn't seem possible to change this setting. Maybe I'm missing how, since I'm relatively new to Binary Ninja (but I have decades of IDA experience).
I can't be certain about every platform/OS/compiler/etc, but at least with GNU binaries (like Android) there are often symbols that pointer directly to the start of arm or thumb functions and specify the type. These are often seen as "$t" or "$a" in the symbols.
The text was updated successfully, but these errors were encountered: