binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard
verified publisher icon Vector35

Linear sweep missing many thumb2 functions

Open negasora opened this issue 1 year ago • 0 comments

See internal binary problem service sweep initiative

Examples at 0x87e923c4, 0x87e8882c, and lots of other places in the binary

The pseudocode for bx shows that we should be considering creating thumb2 functions at even addresses (taken from here):

// BXWritePC()
// ===========

BXWritePC(bits(32) address)
    if CurrentInstrSet() == InstrSet_ThumbEE then
        if address<0> == '1' then
            BranchTo(address<31:1>:'0');  // Remaining in ThumbEE state
        else
            UNPREDICTABLE;
    else
        if address<0> == '1' then
            SelectInstrSet(InstrSet_Thumb);
            BranchTo(address<31:1>:'0');
        elsif address<1> == '0' then
            SelectInstrSet(InstrSet_ARM);
            BranchTo(address);
        else // address<1:0> == '10'
            UNPREDICTABLE;

negasora avatar Oct 14 '24 15:10 negasora