ARM64基础知识整理

By xia0

#ARM64基础知识整理

#Register

#参数寄存器 (X0-X7)

参数寄存器,在函数调用的时候传参使用。X0-X7分别对应8个参数,多于8个的参数保存在栈中。

#其他特殊寄存器
X29(FP) 栈帧寄存器 类比x64中rbp
X30(LR) 链接寄存器,保存函数返回地址,x64该地址保存在栈中
SP 栈顶寄存器,类比x64中
PC 指向下一条指令
寄存器 描述
CPSR 状态寄存器

#Instructions

  • mov
  mov x0, x1; copies x1 into x0
  mov x1, 0x4141; loads the value 0x4141 in x1
  • str/ldr
str x0, [x29]; store x0 at the address in x29
ldr x0, [x29]; load the value from the address in x29 into x0
  • stp/ldp
stp x29, x30, [sp]; store x29 at sp and x30 at sp+8
  • b/br
 br x0; jump to the address stored in x0
  • ret
Unlike it’s x86 equivalent which pops the return address from stack, it looks for the return address in the x30 register and jumps there.

#Indexing modes

  • Immediate offset : [base, #offset] - Index an offset directly and don’t mess with anything else
ldr x0, [sp, 0x10]; load x0 from sp+0x10
  • Pre-indexed : [base, #offset]! - Almost the same as above, except that base+offset is written back into base.
ldr x0, [sp, 0x10]!; load x0 from sp+0x10 and then increase sp by 0x10
  • Post-indexed : [base], #offset - Use the base directly and then write base+offset back into the base
ldr x0, [sp], 0x10; load x0 from sp and then increase sp by 0x10

#函数调用demo分析

__text:000000010004F0D4                 SUB             SP, SP, #0x70
__text:000000010004F0D8                 STP             X24, X23, [SP,#0x60+var_30]
__text:000000010004F0DC                 STP             X22, X21, [SP,#0x60+var_20]
__text:000000010004F0E0                 STP             X20, X19, [SP,#0x60+var_10]
__text:000000010004F0E4                 STP             X29, X30, [SP,#0x60+var_s0]
__text:000000010004F0E8                 ADD             X29, SP, #0x60
__text:000000010004F0EC                 MOV             X19, X0
__text:000000010004F0F0                 ADRP            X8, #___stack_chk_guard_ptr@PAGE
__text:000000010004F0F4                 LDR             X8, [X8,#___stack_chk_guard_ptr@PAGEOFF]
__text:000000010004F0F8                 LDR             X8, [X8]
__text:000000010004F0FC                 STR             X8, [SP,#0x60+var_38]
__text:000000010004F100                 ADRP            X8, #classRef_Fabric@PAGE
__text:000000010004F104                 LDR             X20, [X8,#classRef_Fabric@PAGEOFF]
__text:000000010004F108                 NOP
__text:000000010004F10C                 LDR             X0, [X8,#classRef_Crashlytics@PAGEOFF] ; void *
__text:000000010004F110                 ADRP            X8, #selRef_class@PAGE
__text:000000010004F114                 LDR             X1, [X8,#selRef_class@PAGEOFF] ; char *
__text:000000010004F118                 BL              _objc_msgSend

...
__text:000000010004F2F4                 LDP             X29, X30, [SP,#0x60+var_s0]
__text:000000010004F2F8                 LDP             X20, X19, [SP,#0x60+var_10]
__text:000000010004F2FC                 LDP             X22, X21, [SP,#0x60+var_20]
__text:000000010004F300                 LDP             X24, X23, [SP,#0x60+var_30]
__text:000000010004F304                 ADD             SP, SP, #0x70
__text:000000010004F308                 RET
地址 栈值 描述
sp=sp-0x70 局部变量空间
sp-0x60 局部变量空间
sp-0x50 局部变量空间
sp-0x40 X24/X23 保存寄存器信息
sp-0x30 X22/X21 保存寄存器信息
sp-0x20 X20/X19 保存寄存器信息
X29 –> sp-0x10 X29/X30 保存前栈基址和返回地址
sp=sp 调用前的栈顶地址

#Arm32

arm32

#参考