Reverse Engineering Asked on December 29, 2020
Here I think I have some wrong in base concepts,
In the code shown below as you have seen, r4
is input argument for sub_37C2
where r4
is r0 + 6
. And probably this function return r4
and r5
.
So, we have a 32-bit address after sub_37C2
.
loc_1892:
mov r9, #4
add r9, r0
mov r12, #0FFFFh
mov r4, r9
add r4, #2
calls 0, sub_37C2
mov r13, r4
mov r14, r5
mov r15, #6
calls 0, CRC_16_Calculate
mov word_E7F8, r4
mov r12, #0FFFFh
mov r4, #4
add r4, r0
calls 0, sub_37C2
mov r13, r4
mov r14, r5
mov r15, #6
calls 0, CRC_16_Calculate
mov word_E7FA, r4
OK. In sub_37C2
we have:
sub_37C2:
mov r5, r4
shr r5, #14
shl r5, #1
mov r5, [r5+0FE00h] ; DPP0
bmov r4.14, r5.0
bmov r4.15, r5.1
shr r5, #2
rets
Suppose we know what this function does.(Convert near address to far)
But, This piece of code, by itself, raises a few questions.
Why r5
shifted 14 times to right after that 1 times to left? Does this have a specific purpose?
In line mov r5, [r5+0FE00h] ; DPP0
, what is the r5
after execute? DPP0 is 1D and 7 4000 after shifted left for 14 times.
After that, we have CRC_16_Calculate
function that used r4,r5
(as r13
and r14
) for input argument and use in sub function that shown below:
loc_29A4:
mov r4, r13
mov r5, r14
add r13, #1
addc r14, #0
exts r5, #1
movb rl3, [r4]
movbz r7, rl3
movb rl6, #0
Why r13
increment but r4
is used as the address?
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP