Re: [Capstone-users] Decoding AArch64 (ARM64) instructions via Python bindings (unsuccessful attempts)

[Nguyen A. Q. <aq...@gm...>]

hi David,

(1) it is fine to use CS_MODE_ARM with Arm64, like below:

    md = Cs(CS_ARCH_ARM64, CS_MODE_ARM)

(2) obviously you need Big Endian mode in your case, like:

    md = Cs(CS_ARCH_ARM64, CS_MODE_ARM + CS_MODE_BIG_ENDIAN)

(3) on your machine, compiler produces Big Endian code for AArch64, and
that is the reason why your code failed


thanks,
Q




On Tue, Oct 14, 2014 at 6:41 AM, David Abdurachmanov <
dav...@gm...> wrote:

> Why is it that I can copy & paste objdump -d produced x86_64 machine code
> to
> www.cenigma.org and get the correct result, but I cannot do the same for
> aarch64.
>
> ## x86_64
>
>  45d4e4:       4c 8b ac 24 b0 00 00    mov    0xb0(%rsp),%r13
>  45d4eb:       00
>
>
> 0        4c8bac24b0000000       movq     0xb0(%rsp), %r13
>
> $ lscpu
> Architecture:          x86_64
> CPU op-mode(s):        32-bit, 64-bit
> Byte Order:            Little Endian
> [snip]
>
> ## aarch64
>
>    1588:       bc6478a1        ldr     s1, [x5,x4,lsl #2]
>    158c:       bc2279a0        str     s0, [x13,x2,lsl #2]
>    1590:       bc6b79a0        ldr     s0, [x13,x11,lsl #2]
>
> bc 64 78 a1
> bc 22 79 a0
> bc 6b 79 a0
>
> Error: Failed to disassemble! Invalid input?
>
> Setting "Big Endian" instead of "Little Endian" provides correct result:
>
> 0        bc6478a1       ldr      s1, [x5, x4, lsl #2]
> 4        bc2279a0       str      s0, [x13, x2, lsl #2]
> 8        bc6b79a0       ldr      s0, [x13, x11, lsl #2]
>
> $ lscpu
> Architecture:          aarch64
> Byte Order:            Little Endian
> [snip]
>
> Both systems are Linux.
>
> Why is that it works different for little endian machines?
>
> david
>
>
> ------------------------------------------------------------------------------
> Comprehensive Server Monitoring with Site24x7.
> Monitor 10 servers for $9/Month.
> Get alerted through email, SMS, voice calls or mobile push notifications.
> Take corrective actions from your mobile device.
> http://p.sf.net/sfu/Zoho
> _______________________________________________
> Capstone-users mailing list
> Cap...@li...
> https://lists.sourceforge.net/lists/listinfo/capstone-users
>
>