How does disassembling the BL arm work?

Question

How does disassembling the BL arm work?

'bl' or branch using the link command almost always becomes 0xebfffffe

However, the processor and GNU binutils objdump somehow know where to separate:

00000000 <init_module>: 0: e1a0c00d mov ip, sp 4: e92ddff0 push {r4, r5, r6, r7, r8, r9, sl, fp, ip, lr, pc} 8: e24cb004 sub fp, ip, #4 c: e24dd038 sub sp, sp, #56 ; 0x38 10: ebfffffe bl 0 <init_module> 14: e59f0640 ldr r0, [pc, #1600] ; 65c <init_module+0x65c> 18: ebfffffe bl 74 <init_module+0x74>

How do they know?

+8

linux arm disassembly

yanychar Feb 21 '13 at 13:38

source share

1 answer

Igor Skochinsky · Accepted Answer · 2013-02-21T14:14:54+0000

The problem is that you are looking at parsing an object file, and not at the final executable or shared object.

When the assembler creates the object file, the end address of the target bl is not yet fixed (this depends on the other object files that will be associated with it). Thus, the assembler sets the address to 0, but also adds a move that tells the linker where this bl should go in the final file. (You can view the move information in objdump by adding the -r switch.)

When linking, the linker processes the move, calculates the end address of the target function, and corrects the instruction so that the target address is aligned. If you break the final linked executable, you will see a different opcode.

How does disassembling the BL arm work?

More articles: