Featured image of post Addressing Mode of ARM Architecture
Reversing

Addressing Mode of ARM Architecture

Explains ARM addressing mode using stored addresses between functions, with binary analysis examples.

Abstract

  • Like MIPS, ARM instructions are 4 bytes in size, so a single instruction is not sufficient to directly load a full memory address.

  • To solve this, ARM stores addresses between functions and accesses them when needed.

Addressing Method in ARM

  • Using tools like Binwalk, you can locate function epilogues in a binary.

    binwalk-arm.png

  • If you navigate to the identified location, you can see that between the function epilogue and the next function prologue, raw addresses (not instructions) are stored.

    arm-stored-addr.png

  • These stored memory addresses are accessed using offsets relative to the instruction’s location.

    arm-use-stored-addr.png

comments powered by Disqus
© 2021 - 2025 N3t7a1k Log
Built with Hugo
Theme Stack designed by Jimmy