Skip to content

Instantly share code, notes, and snippets.

@kgsws

kgsws/arbread.jop Secret

Last active November 9, 2017 21:34
Show Gist options
  • Save kgsws/4c321471ebbe747d5ce6c2f652c77294 to your computer and use it in GitHub Desktop.
Save kgsws/4c321471ebbe747d5ce6c2f652c77294 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
arbread.jop
ArbRead:
0x0000003d00017d80: ldr x8, [x23] // X8 = IPC (0x24)
0x0000003d00017d84: ldr x8, [x8, #56] // ipc[15] + ipc[16]
0x0000003d00017d88: mov x0, x23 // X0 = ptr 24
0x0000003d00017d8c: blr x8
-1------
0x0000003d0000f194: ldr x8, [x0] // X8 = IPC (0x24)
0x0000003d0000f198: ldr x2, [x8, #72] // ipc[19] + ipc[20]
0x0000003d0000f19c: br x2
-2------
0x0000003d0003f8a8: ldr x0, [x8, #16] // X0 = ipc[5] + ipc[6]; pdmEntry
0x0000003d0003f8ac: ldr x8, [x0] // X8 = *(pdmEntry+0)
0x0000003d0003f8b0: ldr x8, [x8, #48] // X8 = *(*(pdmEntry+0)+48)
0x0000003d0003f8b4: blr x8
-3------
0x0000003d000033d0: ldr x8, [x0] // X8 = *(pdmEntry+0)
0x0000003d000033d4: ldr x8, [x8, #16] // X8 = *(*(pdmEntry+0)+16)
0x0000003d000033d8: blr x8
-4------ called
0x0000003d000026cc: sub sp, sp, #0xd0 // STACK MOVE
0x0000003d000026d0: stp x26, x25, [sp, #128]
0x0000003d000026d4: stp x24, x23, [sp, #144]
0x0000003d000026d8: stp x22, x21, [sp, #160]
0x0000003d000026dc: stp x20, x19, [sp, #176]
0x0000003d000026e0: stp x29, x30, [sp, #192]
0x0000003d000026e4: add x29, sp, #0xc0
0x0000003d000026e8: ldr x19, [x0, #8] // X19 = *(pdmEntry+8)
0x0000003d000026ec: ldr x8, [x19] // X8 = *(*(pdmEntry+8)+0)
0x0000003d000026f0: ldr x8, [x8] // X8 = (*(*(pdmEntry+8)+0)+0)
0x0000003d000026f4: ldr w26, [x0, #16]
0x0000003d000026f8: mov x0, x19 // X0 = *(pdmEntry+8)
0x0000003d000026fc: mov w22, w3
0x0000003d00002700: mov x24, x2
0x0000003d00002704: mov x25, x1
0x0000003d00002708: blr x8
-5------
0x0000003d0004de9c: ldr x9, [x19, #32] // X9 = *(*(pdmEntry+8)+32)
0x0000003d0004dea0: sub x1, x9, x0
0x0000003d0004dea4: ldr x8, [x19, #48] // X8 = *(*(pdmEntry+8)+48)
0x0000003d0004dea8: blr x8
-6------
0x0000003d00025d08: ldr x8, [x0] // X8 = *(*(pdmEntry+8)+0)
0x0000003d00025d0c: ldr x1, [x8, #8] // X1 = *(*(*(pdmEntry+8)+0)+8)
0x0000003d00025d10: br x1
-7------
0x0000003d00014134: ldr x8, [x8, #24] // X8 = *(*(*(pdmEntry+8)+0)+24)
0x0000003d00014138: sub x1, x29, #0x54
0x0000003d0001413c: mov x0, x23 // X0 = ptr 24
0x0000003d00014140: blr x8
-8------
0x0000003d0002d6c8: ldr x8, [x0] // X8 = IPC (0x24)
0x0000003d0002d6cc: ldr x2, [x8, #64] // X2 = ipc[17] + ipc[18]
0x0000003d0002d6d0: br x2
-9------
0x0000003d000304c0: mov x1, x8 // X1 = IPC (0x24)
0x0000003d000304c4: blr x9
-10-----
0x0000003d0001349c: ldp x0, x8, [x19, #96] // X0 = *(*(pdmEntry+8)+96); X8 = *(*(pdmEntry+8)+104)
0x0000003d000134a0: blr x8
-11-----
0x0000003d0000638c: ldr x20, [x0, #8] // X20 = *(*(*(pdmEntry+8)+96)+8)
0x0000003d00006390: ldr x8, [x20] // X8 = *(*(*(*(pdmEntry+8)+96)+8)+0)
0x0000003d00006394: ldr x8, [x8] // X8 = *(*(*(*(*(pdmEntry+8)+96)+8)+0)+0)
0x0000003d00006398: ldr x26, [x2]
0x0000003d0000639c: ldr w27, [x0, #16]
0x0000003d000063a0: mov x0, x20 // X0 = *(*(*(pdmEntry+8)+96)+8)
0x0000003d000063a4: mov x19, x5
0x0000003d000063a8: mov w22, w4
0x0000003d000063ac: mov x23, x3
0x0000003d000063b0: mov x21, x1 // X21 = IPC (0x24)
0x0000003d000063b4: blr x8
-12-----
0x0000003d0004dbf8: ldr x0, [x21, #8] // X0 = ipc[3] + ipc[4]; pdmNext
0x0000003d0004dbfc: ldr x9, [x21, #32] // X9 = ipc[9] + ipc[10]; arbAddr
0x0000003d0004dc00: sub x1, x9, x0
0x0000003d0004dc04: ldr x8, [x21, #48] // X8 = ipc[13] + ipc[14]
0x0000003d0004dc08: blr x8
-13-----
0x0000003d0002d8d4: ldr x22, [x0, #8] // X22 = *(pdmNext+8)
0x0000003d0002d8d8: ldr x21, [x22, #72] // X21 = *(*(pdmNext+8)+72)
0x0000003d0002d8dc: mov x20, x2
0x0000003d0002d8e0: mov x19, x1
0x0000003d0002d8e4: str x21, [sp, #32]
0x0000003d0002d8e8: cbz x21, 0x3d0002d8fc
0x0000003d0002d8ec: ldr x8, [x21] // X8 = *(*(*(pdmNext+8)+72)+0)
0x0000003d0002d8f0: ldr x8, [x8] // X8 = *(*(*(*(pdmNext+8)+72)+0)+0)
0x0000003d0002d8f4: mov x0, x21 // X0 = *(*(pdmNext+8)+72)
0x0000003d0002d8f8: blr x8
-14-----
0x0000003d0002dd5c: ldr w2, [x9] // W2 = *arbAddr
0x0000003d0002dd60: str wzr, [sp, #24]
0x0000003d0002dd64: strb wzr, [sp, #28]
0x0000003d0002dd68: ldr x8, [x22] // X8 = *(*(pdmNext+8)+0)
0x0000003d0002dd6c: ldr x8, [x8, #40] // X8 = *(*(*(pdmNext+8)+0)+40)
0x0000003d0002dd70: mov x0, x22 // X0 = *(pdmNext+8)
0x0000003d0002dd74: blr x8
-15-----
0x0000003d0004dbf8: ldr x0, [x21, #8] // X0 = *(*(*(pdmNext+8)+72)+8)
0x0000003d0004dbfc: ldr x9, [x21, #32] // X9 = *(*(*(pdmNext+8)+72)+32)
0x0000003d0004dc00: sub x1, x9, x0
0x0000003d0004dc04: ldr x8, [x21, #48] // X8 = *(*(*(pdmNext+8)+72)+48)
0x0000003d0004dc08: blr x8
-16-----
0x0000003d00002850: ldp x29, x30, [sp, #192]
0x0000003d00002854: ldp x20, x19, [sp, #176]
0x0000003d00002858: ldp x22, x21, [sp, #160]
0x0000003d0000285c: ldp x24, x23, [sp, #144]
0x0000003d00002860: ldp x26, x25, [sp, #128]
0x0000003d00002864: add sp, sp, #0xd0 // STACK BACK
0x0000003d00002868: ret
-RET---- returned
0x0000003d000033dc: ldr x8, [x0] // X8 = *(*(*(*(pdmNext+8)+72)+8)+0)
0x0000003d000033e0: ldr x8, [x8] // X8 = *(*(*(*(*(pdmNext+8)+72)+8)+0)+0)
0x0000003d000033e4: blr x8
-17-----
0x0000003d00035180: mov x0, x2 // return X2; *arbAddr
0x0000003d00035184: ldr x8, [x9, #40] // X8 = *(*(*(*(pdmNext+8)+72)+32)+40)
0x0000003d00035188: mov x2, x19
0x0000003d0003518c: mov x3, x19
0x0000003d00035190: mov w5, wzr
0x0000003d00035194: blr x8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment