CMP W1, #0x2D ; check index
B.HI loc_140673294
ADR X9, dword_14066E9EC ; switch tab address
LDRSW X8, [X9,W1,UXTW#2] ; index in W1 << 2
ADR X9, loc_14066E358 ; base address
ADD X8, X9, X8,LSL#2 ; base address + offset << 2
BR X8What happens here? first "ADR x9, addr" loads address of switch table
Next LDRSW is like "mov x8, [x9 + 4 * w1]" on Intel - load DWORD at x9 + index w1 left shifted by 2
Then second ADR loads address of base for this switch table
ADD x8, x9, x8 << 2 sets in x8 address of actual jumps
and finally BR go to this address
So I just wrote quick and dirty plugin arm64sw.p64 based on armpatched for switch tables processing
Комментариев нет:
Отправить комментарий