-
-
[原创] 修复 Miasm 源码缺失armt TEQ , CMN (register) of T2, TST (register) of T2 指令
-
发表于: 2019-9-21 19:36
-
【问题起源】
在使用Miasm做armt(安卓的armeabi-v7a的Thumb指令)分析时,遇到TEQ指令无法反编译的情况,IDA和其他反编译引擎正常。实情如,处理以下指令:
91 EA 03 0F TEQ.W R1, R3 92 EA 00 0F TEQ.W R2, R0 90 EA 02 0F TEQ.W R0, R2 93 EA 02 0F TEQ.W R3, R2 93 EA 01 0F TEQ.W R3, R1
会出现类似下述错误警告:
WARNING: cannot disasm (guess) at 39B0 WARNING: cannot disasm at 39B0
【问题修复】
经源码审查,问题源于miasm/arch/arm/arch.py的Thumb模式缺失了TEQ指令的定义(ARM模式正常),同时发现的,Thumb也缺失CMN和TST指令T2模型。
这里在
miasm/arch/arm/arch.py
文件末端添加以下代码对缺失Thumb 指令进行补充定义。
armtop("TEQ", [bs('11110'), imm12_1, bs('001001'), rn, bs('0'), imm12_3, bs('1111'), imm12_8], [rn, imm12_8])
armtop("TEQ", [bs('11101010100'), bs('1'), rn, bs('0'), imm5_3, bs('1111'), imm5_2, imm_stype, rm_sh], [rn, rm_sh] )
armtop("CMN", [bs('11101011000'), bs('1'), rn, bs('0'), imm5_3, bs('1111'), imm5_2, imm_stype, rm_sh], [rn, rm_sh] )
armtop("TST", [bs('11101010000'), bs('1'), rn, bs('0'), imm5_3, bs('1111'), imm5_2, imm_stype, rm_sh], [rn, rm_sh] )【修复原理】
上述指令定义原型来自ARM官方文件 DDI0406C_d_armv7ar_arm.pdf ,参考附件。
TEQ (immediate)
#T1 ARMv6T2, ARMv7
TEQ<c> <Rn>, #<const>
15 14 13 12 11 - 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 - 14 13 12 - 11 10 09 08 - 07 06 05 04 03 02 01 00
1 1 1 1 0 i 0 0 1 0 0 1 Rn 0 imm3 1 1 1 1 imm8
n = UInt(Rn);
(imm32, carry) = ThumbExpandImm_C(i:imm3:imm8, APSR.C);
if n IN {13,15} then UNPREDICTABLE;
TEQ(register)
#T1 ARMv6T2,ARMv7 Page.741
TEQ<c> <Rn>, <Rm>{, <shift>}
15 14 13 12 11 - 10 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 - 14 13 12 - 11 10 09 08 - 07 06 - 05 04 - 03 02 01 00
1 1 1 0 1 0 1 0 1 0 0 1 Rn (0) imm3 1 1 1 1 imm2 type Rm
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = DecodeImmShift(type, imm3:imm2);
if n IN {13,15} || m IN {13,15} then UNPREDICTABLE;
CMN (register)
#T2 ARMv6T2, ARMv7
CMN<c>.W <Rn>, <Rm>{, <shift>}
15 14 13 12 11 - 10 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 - 14 13 12 - 11 10 09 08 - 07 06 - 05 04 - 03 02 01 00
1 1 1 0 1 0 1 1 0 0 0 1 Rn (0) imm3 1 1 1 1 imm2 type Rm
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = DecodeImmShift(type, imm3:imm2);
if n == 15 || m IN {13,15} then UNPREDICTABLE;
TST (register)
#T2 ARMv6T2, ARMv7
TST<c>.W <Rn>, <Rm>{, <shift>}
15 14 13 12 11 - 10 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 - 14 13 12 - 11 10 09 08 - 07 06 - 05 04 - 03 02 01 00
1 1 1 0 1 0 1 0 0 0 0 1 Rn (0) imm3 1 1 1 1 imm2 type Rm
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = DecodeImmShift(type, imm3:imm2);
if n IN {13,15} || m IN {13,15} then UNPREDICTABLE;CMP,CMN,TEQ,TST 四种指令 ARM版(A*版)与Thumb 版(T*版)所有原型的定义如下。
miasm,mn_arm 主要对A1、A2、A3版本(A*版)指令定义,而mn_armt需要对T1、T2、T3版本(T*版)指令定义。
由此问题延伸的出的,在使用miasm过程中,mn_armt很可能缺失T2、T3版本指令的定义,也可能缺乏新版指令原型定义,这时需要我们自行补充。
#15 14 13 12 11 10 09 08 07 06 05 04 03 02 01 00 -- 15 14 13 12 11 10 09 08 07 06 05 04 03 02 01 00
CMP (immediate)
#T1 ARMv4T, ARMv5T*, ARMv6*, ARMv7
CMP<c> <Rn>, #<imm8>
15 14 13 - 12 11 - 10 09 08 - 07 06 05 04 03 02 01 00
0 0 1 0 1 Rn imm8
n = UInt(Rn); imm32 = ZeroExtend(imm8, 32);
#T2 ARMv6T2, ARMv7
CMP<c>.W <Rn>, #<const>
15 14 13 12 11 - 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 - 14 13 12 - 11 10 09 08 - 07 06 05 04 03 02 01 00
1 1 1 1 0 i 0 1 1 0 1 1 Rn 0 imm3 1 1 1 1 imm8
n = UInt(Rn); imm32 = ThumbExpandImm(i:imm3:imm8);
if n == 15 then UNPREDICTABLE;
#A! ARMv4*, ARMv5T*, ARMv6*, ARMv7
CMP<c> <Rn>, #<const>
15 14 13 12 - 11 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 14 13 12 - 11 10 09 08 07 06 05 04 03 02 01 00
cond 0 0 1 1 0 1 0 1 Rn (0)(0)(0)(0) imm12
n = UInt(Rn); imm32 = ARMExpandImm(imm12);
CMP (register)
#T1 ARMv4T, ARMv5T*, ARMv6*, ARMv7
CMP<c> <Rn>, <Rm> #<Rn> and <Rm> both from R0-R7
15 14 13 12 11 10 - 09 08 07 06 - 05 04 03 - 02 01 00
0 1 0 0 0 0 1 0 1 0 Rm Rn
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = (SRType_LSL, 0);
#T2 ARMv4T, ARMv5T*, ARMv6*, ARMv7
CMP<c> <Rn>, <Rm> #<Rn> and <Rm> not both from R0-R7
15 14 13 12 11 10 - 09 08 - 07 - 06 05 04 03 - 02 01 00
0 1 0 0 0 1 0 1 N Rm Rn
n = UInt(N:Rn); m = UInt(Rm);
(shift_t, shift_n) = (SRType_LSL, 0);
if n < 8 && m < 8 then UNPREDICTABLE;
if n == 15 || m == 15 then UNPREDICTABLE;
#T3 ARMv6T2, ARMv7
CMP<c>.W <Rn>, <Rm> {, <shift>}
15 14 13 12 11 - 10 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 - 14 13 12 - 11 10 09 08 - 07 06 - 05 04 - 03 02 01 00
1 1 1 0 1 0 1 1 1 0 1 1 Rn (0) imm3 1 1 1 1 imm2 type Rm
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = DecodeImmShift(type, imm3:imm2);
if n == 15 || m IN {13,15} then UNPREDICTABLE;
#A1 ARMv4*, ARMv5T*, ARMv6*, ARMv7
CMP<c> <Rn>, <Rm>{, <shift>}
15 14 13 12 - 11 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 14 13 12 - 11 10 09 08 07 - 06 05 - 04 - 03 02 01 00
cond 0 0 0 1 0 1 0 1 Rn (0)(0)(0)(0) imm5 type 0 Rm
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = DecodeImmShift(type, imm5);
CMP (register-shifted register)
#A1 ARMv4*, ARMv5T*, ARMv6*, ARMv7
CMP<c> <Rn>, <Rm>, <type> <Rs>
15 14 13 12 - 11 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 14 13 12 - 11 10 09 08 - 07 - 06 05 - 04 - 03 02 01 00
cond 0 0 0 1 0 1 0 1 Rn (0)(0)(0)(0) Rs 0 type 1 Rm
n = UInt(Rn); m = UInt(Rm); s = UInt(Rs);
shift_t = DecodeRegShift(type);
if n == 15 || m == 15 || s == 15 then UNPREDICTABLE;
#15 14 13 12 11 10 09 08 07 06 05 04 03 02 01 00 -- 15 14 13 12 11 10 09 08 07 06 05 04 03 02 01 00
CMN (immediate)
#T1 ARMv6T2, ARMv7
CMN<c> <Rn>, #<const>
15 14 13 12 11 - 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 - 14 13 12 - 11 10 09 08 - 07 06 05 04 03 02 01 00
1 1 1 1 0 i 0 1 0 0 0 1 Rn 0 imm3 1 1 1 1 imm8
n = UInt(Rn); imm32 = ThumbExpandImm(i:imm3:imm8);
if n == 15 then UNPREDICTABLE;
#A1 ARMv4*, ARMv5T*, ARMv6*, ARMv7
CMN<c> <Rn>, #<const>
15 14 13 12 - 11 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 14 13 12 - 11 10 09 08 07 06 05 04 03 02 01 00
cond 0 0 1 1 0 1 1 1 Rn (0)(0)(0)(0) imm12
n = UInt(Rn); imm32 = ARMExpandImm(imm12);
CMN (register)
#T1 ARMv4T, ARMv5T*, ARMv6*, ARMv7
CMN<c> <Rn>, <Rm>
15 14 13 12 11 10 - 09 08 07 06 - 05 04 03 - 02 01 00
0 1 0 0 0 0 1 0 1 1 Rm Rn
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = (SRType_LSL, 0);
#T2 ARMv6T2, ARMv7
CMN<c>.W <Rn>, <Rm>{, <shift>}
15 14 13 12 11 - 10 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 - 14 13 12 - 11 10 09 08 - 07 06 - 05 04 - 03 02 01 00
1 1 1 0 1 0 1 1 0 0 0 1 Rn (0) imm3 1 1 1 1 imm2 type Rm
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = DecodeImmShift(type, imm3:imm2);
if n == 15 || m IN {13,15} then UNPREDICTABLE;
#A1 ARMv4*, ARMv5T*, ARMv6*, ARMv7
CMN<c> <Rn>, <Rm>{, <shift>}
15 14 13 12 - 11 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 14 13 12 - 11 10 09 08 07 - 06 05 - 04 - 03 02 01 00
cond 0 0 0 1 0 1 1 1 Rn (0)(0)(0)(0) imm5 type 0 Rm
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = DecodeImmShift(type, imm5);
CMN (register-shifted register)
#A1 ARMv4*, ARMv5T*, ARMv6*, ARMv7
CMN<c> <Rn>, <Rm>, <type> <Rs>
15 14 13 12 - 11 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 14 13 12 - 11 10 09 08 - 07 - 06 05 - 04 - 03 02 01 00
cond 0 0 0 1 0 1 1 1 Rn (0)(0)(0)(0) Rs 0 type 1 Rm
n = UInt(Rn); m = UInt(Rm); s = UInt(Rs);
shift_t = DecodeRegShift(type);
if n == 15 || m == 15 || s == 15 then UNPREDICTABLE;
#15 14 13 12 11 10 09 08 07 06 05 04 03 02 01 00 -- 15 14 13 12 11 10 09 08 07 06 05 04 03 02 01 00
TEQ (immediate)
#T1 ARMv6T2, ARMv7
TEQ<c> <Rn>, #<const>
15 14 13 12 11 - 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 - 14 13 12 - 11 10 09 08 - 07 06 05 04 03 02 01 00
1 1 1 1 0 i 0 0 1 0 0 1 Rn 0 imm3 1 1 1 1 imm8
n = UInt(Rn);
(imm32, carry) = ThumbExpandImm_C(i:imm3:imm8, APSR.C);
if n IN {13,15} then UNPREDICTABLE;
#A1 ARMv4*, ARMv5T*, ARMv6*, ARMv7
TEQ<c> <Rn>, #<const>
15 14 13 12 - 11 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 14 13 12 - 11 10 09 08 07 06 05 04 03 02 01 00
cond 0 0 1 1 0 0 1 1 Rn (0)(0)(0)(0) imm12
n = UInt(Rn);
(imm32, carry) = ARMExpandImm_C(imm12, APSR.C);
TEQ(register)
#T1 ARMv6T2,ARMv7 Page.741
TEQ<c> <Rn>, <Rm>{, <shift>}
15 14 13 12 11 - 10 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 - 14 13 12 - 11 10 09 08 - 07 06 - 05 04 - 03 02 01 00
1 1 1 0 1 0 1 0 1 0 0 1 Rn (0) imm3 1 1 1 1 imm2 type Rm
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = DecodeImmShift(type, imm3:imm2);
if n IN {13,15} || m IN {13,15} then UNPREDICTABLE;
#A1 ARMv4*, ARMv5T*, ARMv6*, ARMv7
TEQ<c> <Rn>, <Rm>{, <shift>}
15 14 13 12 - 11 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 14 13 12 - 11 10 09 08 07 - 06 05 - 04 - 03 02 01 00
cond 0 0 0 1 0 0 1 1 Rn (0)(0)(0)(0) imm5 type 0 Rm
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = DecodeImmShift(type, imm5);
TEQ (register-shifted register)
#A1 ARMv4*, ARMv5T*, ARMv6*, ARMv7
TEQ<c> <Rn>, <Rm>, <type> <Rs>
15 14 13 12 - 11 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 14 13 12 - 11 10 09 08 - 07 - 06 05 - 04 - 03 02 01 00
cond 0 0 0 1 0 0 1 1 Rn (0)(0)(0)(0) Rs 0 type 1 Rm
n = UInt(Rn); m = UInt(Rm); s = UInt(Rs);
shift_t = DecodeRegShift(type);
if n == 15 || m == 15 || s == 15 then UNPREDICTABLE;
#15 14 13 12 11 10 09 08 07 06 05 04 03 02 01 00 -- 15 14 13 12 11 10 09 08 07 06 05 04 03 02 01 00
TST (immediate)
#T1 ARMv6T2, ARMv7 //armtop("tst", [bs('11110'), imm12_1, bs('000001'), rn, bs('0'), imm12_3, bs('1111'), imm12_8], [rn, imm12_8])
TST<c> <Rn>, #<const>
15 14 13 12 11 - 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 - 14 13 12 - 11 10 09 08 - 07 06 05 04 03 02 01 00
1 1 1 1 0 i 0 0 0 0 0 1 Rn 0 imm3 1 1 1 1 imm8
n = UInt(Rn);
(imm32, carry) = ThumbExpandImm_C(i:imm3:imm8, APSR.C);
if n IN {13,15} then UNPREDICTABLE;
#A1 ARMv4*, ARMv5T*, ARMv6*, ARMv7
TST<c> <Rn>, #<const>
15 14 13 12 - 11 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 14 13 12 - 11 10 09 08 07 06 05 04 03 02 01 00
cond 0 0 1 1 0 0 0 1 Rn (0)(0)(0)(0) imm12
n = UInt(Rn);
(imm32, carry) = ARMExpandImm_C(imm12, APSR.C);
TST (register)
#T1 ARMv4T, ARMv5T*, ARMv6*, ARMv7
TST<c> <Rn>, <Rm>
15 14 13 12 11 10 - 09 08 07 06 - 05 04 03 - 02 01 00
0 1 0 0 0 0 1 0 0 0 Rm Rn
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = (SRType_LSL, 0);
#T2 ARMv6T2, ARMv7
TST<c>.W <Rn>, <Rm>{, <shift>}
15 14 13 12 11 - 10 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 - 14 13 12 - 11 10 09 08 - 07 06 - 05 04 - 03 02 01 00
1 1 1 0 1 0 1 0 0 0 0 1 Rn (0) imm3 1 1 1 1 imm2 type Rm
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = DecodeImmShift(type, imm3:imm2);
if n IN {13,15} || m IN {13,15} then UNPREDICTABLE;
#A1 ARMv4*, ARMv5T*, ARMv6*, ARMv7
TST<c> <Rn>, <Rm>{, <shift>}
15 14 13 12 - 11 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 14 13 12 - 11 10 09 08 07 - 06 05 - 04 - 03 02 01 00
cond 0 0 0 1 0 0 0 1 Rn (0)(0)(0)(0) imm5 type 0 Rm
n = UInt(Rn); m = UInt(Rm);
(shift_t, shift_n) = DecodeImmShift(type, imm5);
TST (register-shifted register)
#A1 ARMv4*, ARMv5T*, ARMv6*, ARMv7
TST<c> <Rn>, <Rm>, <type> <Rs>
15 14 13 12 - 11 10 - 09 - 08 07 06 05 - 04 - 03 02 01 00 -- 15 14 13 12 - 11 10 09 08 - 07 - 06 05 - 04 - 03 02 01 00
cond 0 0 0 1 0 0 0 1 Rn (0)(0)(0)(0) Rs 0 type 1 Rm
n = UInt(Rn); m = UInt(Rm); s = UInt(Rs);
shift_t = DecodeRegShift(type);
if n == 15 || m == 15 || s == 15 then UNPREDICTABLE;【如何比对哪些指令原型已经细化定义,哪些没有?】
通过如下代码,我们可以查阅miasm特定芯片处理器架构已经定义的所有指令原型或特定指令原型,
通过比对最新版芯片指令集的编码规范文件,我们就可以知道已经定义了哪些、缺失了哪些。
from miasm2.arch.arm.arch import mn_armt
insts=mn_armt.all_mn
for inst in insts:
print("{:03} {} {}".format(inst.num,inst.name.ljust(7),' '.join([f.strbits if f.strbits else 'x'*f.l for f in inst.fields])))
def xinst(n='TEQ'):
n = n.upper()
for inst in insts:
if inst.name.startswith(n)
print("{:03} {} {}".format(inst.num,inst.name.ljust(7),' '.join([f.strbits if f.strbits else 'x'*f.l for f in inst.fields])))以下是修复后的相关指令的所有T*版原型定义。
在审核miasm指令定义时,应当注意官方原型的区别,上图CMP的29,32,25,38号CMP指令原型。
实际对应CMP (register) T2版,由于miasm将部分CMP指令原型与部分mov,add,sub指令归类,所以派生了四种原型。
miasm 关于 mn_armt 的所有指令原型(我们从中,如先后顺序,也可得知源码是如何归类定义相应指令集)
>>xinst('')
000 ASRS 000 10 xxxxx xxx xxx
001 LSRS 000 01 xxxxx xxx xxx
002 LSLS 000 00 xxxxx xxx xxx
003 ADDS 000110 0 xxx xxx xxx
004 SUBS 000110 1 xxx xxx xxx
005 ADDS 000111 0 xxx xxx xxx
006 SUBS 000111 1 xxx xxx xxx
007 SUBS 001 11 xxx xxxxxxxx
008 ADDS 001 10 xxx xxxxxxxx
009 MOVS 001 00 xxx xxxxxxxx
010 CMP 001 01 xxx xxxxxxxx
011 MVNS 010000 1111 xxx xxx
012 EORS 010000 0001 xxx xxx
013 SBCS 010000 0110 xxx xxx
014 CMN 010000 1011 xxx xxx
015 NEGS 010000 1001 xxx xxx
016 LSLS 010000 0010 xxx xxx
017 BICS 010000 1110 xxx xxx
018 ASRS 010000 0100 xxx xxx
019 LSRS 010000 0011 xxx xxx
020 ADCS 010000 0101 xxx xxx
021 MULS 010000 1101 xxx xxx
022 TST 010000 1000 xxx xxx
023 RORS 010000 0111 xxx xxx
024 ORRS 010000 1100 xxx xxx
025 ANDS 010000 0000 xxx xxx
026 CMP 010000 1010 xxx xxx
027 ADDS 010001 00 00 xxx xxx
028 MOV 010001 10 00 xxx xxx
029 CMP 010001 01 00 xxx xxx
030 ADDS 010001 00 01 xxx xxx
031 MOV 010001 10 01 xxx xxx
032 CMP 010001 01 01 xxx xxx
033 ADDS 010001 00 10 xxx xxx
034 MOV 010001 10 10 xxx xxx
035 CMP 010001 01 10 xxx xxx
036 ADDS 010001 00 11 xxx xxx
037 MOV 010001 10 11 xxx xxx
038 CMP 010001 01 11 xxx xxx
039 BX 010001 11 00 xxx xxx
040 BX 010001 11 01 xxx xxx
041 LDR 01001 xxx xxxxxxxx
042 LDR 0101 1 0 0 xxx xxx xxx
043 LDRB 0101 1 1 0 xxx xxx xxx
044 STR 0101 0 0 0 xxx xxx xxx
045 STRB 0101 0 1 0 xxx xxx xxx
046 STRH 0101 00 1 xxx xxx xxx
047 LDRH 0101 10 1 xxx xxx xxx
048 LDSB 0101 01 1 xxx xxx xxx
049 LDSH 0101 11 1 xxx xxx xxx
050 LDR 011 0 1 xxxxx xxx xxx
051 LDRB 011 1 1 xxxxx xxx xxx
052 STR 011 0 0 xxxxx xxx xxx
053 STRB 011 1 0 xxxxx xxx xxx
054 LDRH 1000 1 xxxxx xxx xxx
055 STRH 1000 0 xxxxx xxx xxx
056 LDR 1001 1 xxx xxxxxxxx
057 STR 1001 0 xxx xxxxxxxx
058 ADD 1010 x xxx xxxxxxxx
059 ADD 10110000 0 xxxxxxx
060 SUB 10110000 1 xxxxxxx
061 PUSH 1011 0 10 x xxxxxxxx
062 POP 1011 1 10 x xxxxxxxx
063 STMIA 1100 0 xxx xxxxxxxx
064 LDMIA 1100 1 xxx xxxxxxxx
065 BHI 1101 1000 xxxxxxxx
066 BGE 1101 1010 xxxxxxxx
067 BLT 1101 1011 xxxxxxxx
068 BPL 1101 0101 xxxxxxxx
069 BLS 1101 1001 xxxxxxxx
070 BCC 1101 0011 xxxxxxxx
071 BGT 1101 1100 xxxxxxxx
072 BLE 1101 1101 xxxxxxxx
073 BEQ 1101 0000 xxxxxxxx
074 BNE 1101 0001 xxxxxxxx
075 BCS 1101 0010 xxxxxxxx
076 BVS 1101 0110 xxxxxxxx
077 BMI 1101 0100 xxxxxxxx
078 BVC 1101 0111 xxxxxxxx
079 BLX 01000111 1 xxxx 000
080 SVC 11011111 xxxxxxxx
081 B 11100 xxxxxxxxxxx
082 UND 1101 1110 xxxxxxxx
083 REV 10111010 00 xxx xxx
084 REV16 10111010 01 xxx xxx
085 UXTB 10110010 11 xxx xxx
086 UXTH 10110010 10 xxx xxx
087 SXTB 10110010 01 xxx xxx
088 SXTH 10110010 00 xxx xxx
089 UXTAB 111110100 101 xxxx 1111 xxxx 10 xx xxxx
090 UXTAH 111110100 001 xxxx 1111 xxxx 10 xx xxxx
091 ADC 11110 x 0 1010 0 xxxx 0 xxx xxxx xxxxxxxx
092 ADCS 11110 x 0 1010 1 xxxx 0 xxx xxxx xxxxxxxx
093 ADC 11101 01 1010 0 xxxx 0 xxx xxxx xx xx xxxx
094 ADCS 11101 01 1010 1 xxxx 0 xxx xxxx xx xx xxxx
095 BL 11110 x xxxxxxxxxx 11 x 1 x xxxxxxxxxxx
096 BLX 11110 x xxxxxxxxxx 11 x 0 x xxxxxxxxxx 0
097 CBZ 101100 x 1 xxxxx xxx
098 CBNZ 101110 x 1 xxxxx xxx
099 BKPT 1011 1110 xxxxxxxx
100 ITTTT 10111111 xxx 0 0001
101 ITTT 10111111 xxx 0 0010
102 ITTTE 10111111 xxx 0 0011
103 ITT 10111111 xxx 0 0100
104 ITTET 10111111 xxx 0 0101
105 ITTE 10111111 xxx 0 0110
106 ITTEE 10111111 xxx 0 0111
107 IT 10111111 xxx 0 1000
108 ITETT 10111111 xxx 0 1001
109 ITET 10111111 xxx 0 1010
110 ITETE 10111111 xxx 0 1011
111 ITE 10111111 xxx 0 1100
112 ITEET 10111111 xxx 0 1101
113 ITEE 10111111 xxx 0 1110
114 ITEEE 10111111 xxx 0 1111
115 ITEEE 10111111 xxx 1 0001
116 ITEE 10111111 xxx 1 0010
117 ITEET 10111111 xxx 1 0011
118 ITE 10111111 xxx 1 0100
119 ITETE 10111111 xxx 1 0101
120 ITET 10111111 xxx 1 0110
121 ITETT 10111111 xxx 1 0111
122 IT 10111111 xxx 1 1000
123 ITTEE 10111111 xxx 1 1001
124 ITTE 10111111 xxx 1 1010
125 ITTET 10111111 xxx 1 1011
126 ITT 10111111 xxx 1 1100
127 ITTTE 10111111 xxx 1 1101
128 ITTT 10111111 xxx 1 1110
129 ITTTT 10111111 xxx 1 1111
130 NOP 10111111 00000000
131 WFI 10111111 00110000
132 CPSID 10110110 0111 0 xxx
133 CPSIE 10110110 0110 0 xxx
134 PUSH 1110100 10 0 1 0 1101 0 x 0 xxxxxxxxxxxxx
135 POP 1110100 01 0 1 1 1101 x x 0 xxxxxxxxxxxxx
136 MOV 11110 x 00010 0 1111 0 xxx xxxx xxxxxxxx
137 MOVS 11110 x 00010 1 1111 0 xxx xxxx xxxxxxxx
138 ASR 11111010 0100 xxxx 1111 xxxx 0000 xxxx
139 LSL 11111010 0000 xxxx 1111 xxxx 0000 xxxx
140 SEL 11111010 1010 xxxx 1111 xxxx 1000 xxxx
141 REV 11111010 1001 xxxx 1111 xxxx 1000 xxxx
142 UADD8 111110101000 xxxx 1111 xxxx 0100 xxxx
143 MVN 11101010011 0 11110 xxx xxxx xx xx xxxx
144 MVNS 11101010011 1 11110 xxx xxxx xx xx xxxx
145 AND 11101010000 0 xxxx 0 xxx xxxx xx xx xxxx
146 ANDS 11101010000 1 xxxx 0 xxx xxxx xx xx xxxx
147 ORR 11101010010 0 xxxx 0 xxx xxxx xx xx xxxx
148 ORRS 11101010010 1 xxxx 0 xxx xxxx xx xx xxxx
149 BIC 11101010001 0 xxxx 0 xxx xxxx xx xx xxxx
150 BICS 11101010001 1 xxxx 0 xxx xxxx xx xx xxxx
151 ADD 11101011000 0 xxxx 0 xxx xxxx xx xx xxxx
152 ADDS 11101011000 1 xxxx 0 xxx xxxx xx xx xxxx
153 SUB 11101011101 0 xxxx 0 xxx xxxx xx xx xxxx
154 SUBS 11101011101 1 xxxx 0 xxx xxxx xx xx xxxx
155 EOR 11101010100 0 xxxx 0 xxx xxxx xx xx xxxx
156 EORS 11101010100 1 xxxx 0 xxx xxxx xx xx xxxx
157 RSB 11101011110 0 xxxx 0 xxx xxxx xx xx xxxx
158 RSBS 11101011110 1 xxxx 0 xxx xxxx xx xx xxxx
159 ORN 11101010011 0 xxxx 0 xxx xxxx xx xx xxxx
160 ORNS 11101010011 1 xxxx 0 xxx xxxx xx xx xxxx
161 MOV 11101010010 0 1111 0 xxx xxxx xx 00 xxxx
162 MOVS 11101010010 1 1111 0 xxx xxxx xx 00 xxxx
163 MOV 11101010010 0 1111 0 xxx xxxx xx 01 xxxx
164 MOVS 11101010010 1 1111 0 xxx xxxx xx 01 xxxx
165 MOV 11101010010 0 1111 0 xxx xxxx xx 11 xxxx
166 MOVS 11101010010 1 1111 0 xxx xxxx xx 11 xxxx
167 ORR 11110 x 00010 0 xxxx 0 xxx xxxx xxxxxxxx
168 ORRS 11110 x 00010 1 xxxx 0 xxx xxxx xxxxxxxx
169 ADD 11110 x 01000 0 xxxx 0 xxx xxxx xxxxxxxx
170 ADDS 11110 x 01000 1 xxxx 0 xxx xxxx xxxxxxxx
171 BIC 11110 x 00001 0 xxxx 0 xxx xxxx xxxxxxxx
172 BICS 11110 x 00001 1 xxxx 0 xxx xxxx xxxxxxxx
173 AND 11110 x 00000 0 xxxx 0 xxx xxxx xxxxxxxx
174 ANDS 11110 x 00000 1 xxxx 0 xxx xxxx xxxxxxxx
175 SUB 11110 x 01101 0 xxxx 0 xxx xxxx xxxxxxxx
176 SUBS 11110 x 01101 1 xxxx 0 xxx xxxx xxxxxxxx
177 EOR 11110 x 00100 0 xxxx 0 xxx xxxx xxxxxxxx
178 EORS 11110 x 00100 1 xxxx 0 xxx xxxx xxxxxxxx
179 ADD 11110 x 10000 0 xxxx 0 xxx xxxx xxxxxxxx
180 ADDS 11110 x 10000 1 xxxx 0 xxx xxxx xxxxxxxx
181 CMP 11110 x 01101 1 xxxx 0 xxx 1111 xxxxxxxx
182 CMP 11101011101 1 xxxx 0 xxx 1111 xx xx xxxx
183 CMN 11110 x 01000 1 xxxx 0 xxx 1111 xxxxxxxx
184 MVN 11110 x 00011 0 1111 0 xxx xxxx xxxxxxxx
185 MVNS 11110 x 00011 1 1111 0 xxx xxxx xxxxxxxx
186 RSB 11110 x 01110 0 xxxx 0 xxx xxxx xxxxxxxx
187 RSBS 11110 x 01110 1 xxxx 0 xxx xxxx xxxxxxxx
188 SUB 11110 x 101010 xxxx 0 xxx xxxx xxxxxxxx
189 TST 11110 x 000001 xxxx 0 xxx 1111 xxxxxxxx
190 MOV 11110 x 100100 xxxx 0 xxx xxxx xxxxxxxx
191 MOVT 11110 x 101100 xxxx 0 xxx xxxx xxxxxxxx
192 SDIV 111110111001 xxxx 1111 xxxx 1111 xxxx
193 UDIV 111110111011 xxxx 1111 xxxx 1111 xxxx
194 MLS 111110110000 xxxx xxxx xxxx 0001 xxxx
195 MLA 111110110000 xxxx xxxx xxxx 0000 xxxx
196 MUL 111110110000 xxxx 1111 xxxx 0000 xxxx
197 SMLABB 111110110001 xxxx xxxx xxxx 00 00 xxxx
198 SMLABT 111110110001 xxxx xxxx xxxx 00 01 xxxx
199 SMLATB 111110110001 xxxx xxxx xxxx 00 10 xxxx
200 SMLATT 111110110001 xxxx xxxx xxxx 00 11 xxxx
201 BEQ 11110 x 0000 xxxxxx 10 x 0 x xxxxxxxxxxx
202 BNE 11110 x 0001 xxxxxx 10 x 0 x xxxxxxxxxxx
203 BCS 11110 x 0010 xxxxxx 10 x 0 x xxxxxxxxxxx
204 BCC 11110 x 0011 xxxxxx 10 x 0 x xxxxxxxxxxx
205 BMI 11110 x 0100 xxxxxx 10 x 0 x xxxxxxxxxxx
206 BPL 11110 x 0101 xxxxxx 10 x 0 x xxxxxxxxxxx
207 BVS 11110 x 0110 xxxxxx 10 x 0 x xxxxxxxxxxx
208 BVC 11110 x 0111 xxxxxx 10 x 0 x xxxxxxxxxxx
209 BHI 11110 x 1000 xxxxxx 10 x 0 x xxxxxxxxxxx
210 BLS 11110 x 1001 xxxxxx 10 x 0 x xxxxxxxxxxx
211 BGE 11110 x 1010 xxxxxx 10 x 0 x xxxxxxxxxxx
212 BLT 11110 x 1011 xxxxxx 10 x 0 x xxxxxxxxxxx
213 BGT 11110 x 1100 xxxxxx 10 x 0 x xxxxxxxxxxx
214 BLE 11110 x 1101 xxxxxx 10 x 0 x xxxxxxxxxxx
215 B 11110 x xxxxxxxxxx 10 x 1 x xxxxxxxxxxx
216 UBFX 111100111100 xxxx 0 xxx xxxx xx 0 xxxxx
217 UXTH 111110100001 1111 1111 xxxx 10 xx xxxx
218 STR 111110001100 xxxx xxxx xxxxxxxxxxxx
219 STR 111110000100 xxxx xxxx 000000 xx xxxx
220 STR 111110000100 xxxx xxxx 1 x x x xxxxxxxx
221 STRB 111110001000 xxxx xxxx xxxxxxxxxxxx
222 STRB 111110000000 xxxx xxxx 1 x x x xxxxxxxx
223 STRH 111110001010 xxxx xxxx xxxxxxxxxxxx
224 STRH 111110000010 xxxx xxxx 1 x x x xxxxxxxx
225 STRD 1110100 x x 1 x 0 xxxx xxxx xxxx xxxxxxxx
226 LDRD 1110100 x x 1 x 1 xxxx xxxx xxxx xxxxxxxx
227 LDR 111110001101 xxxx xxxx xxxxxxxxxxxx
228 LDR 111110000101 xxxx xxxx 1 x x x xxxxxxxx
229 LDR 111110000101 xxxx xxxx 000000 xx xxxx
230 LDRB 111110000001 xxxx xxxx 000000 xx xxxx
231 LDRB 111110000001 xxxx xxxx 1 x x x xxxxxxxx
232 LDRB 111110001001 xxxx xxxx xxxxxxxxxxxx
233 LDRSB 111110011001 xxxx xxxx xxxxxxxxxxxx
234 LDRSH 111110011011 xxxx xxxx xxxxxxxxxxxx
235 LDRH 111110001011 xxxx xxxx xxxxxxxxxxxx
236 LDRH 111110000011 xxxx xxxx 1 x x x xxxxxxxx
237 PLD 111110001001 xxxx 1111 xxxxxxxxxxxx
238 PLDW 111110001011 xxxx 1111 xxxxxxxxxxxx
239 CLZ 111110101011 xxxx 1111 xxxx 1000 xxxx
240 TBB 111010001101 xxxx 11110000000 0 xxxx
241 TBH 111010001101 xxxx 11110000000 1 xxxx
242 DSB 111100111011 1111 1000 1111 0100 xxxx
243 ADR 11110 x 100000 1111 0 xxx xxxx xxxxxxxx
244 CMN 11101011000 1 xxxx 0 xxx 1111 xx xx xxxx
245 TST 11101010000 1 xxxx 0 xxx 1111 xx xx xxxx
246 TEQ 11101010100 1 xxxx 0 xxx 1111 xx xx xxxx
247 TEQ 11110 x 001001 xxxx 0 xxx 1111 xxxxxxxx
最后于 2019-9-22 16:39
被HHHso编辑
,原因:
