Arm64: “HINT 0x1b” 和 “HINT 0x1F” 的含义是什么?

huangapple
go评论73阅读模式
英文:

Arm64: What's the meaning of "HINT 0x1b" and "HINT 0x1F"?

问题

在我分析我的C++代码时,我看到在函数的前导部分,MSVC添加了初始的HINT指令,如下所示:

HINT #0x1B
STP X29, X30, [SP,#-0x10+var_s0]!
...
...

而在函数的前导部分,我看到:

HINT #0x1F
RET

它们只是被视为NOP吗?但如果它们是NOP,为什么会使用不同的立即数?

英文:

In the disassembly of my C++ code, I see that in the prolog of the function, MSVC adds an initial HINT instruction such as:

HINT            #0x1B
STP             X29, X30, [SP,#-0x10+var_s0]!
...
...

And in the prolog of the function I see:

HINT            #0x1F
RET

Are they just treated as a NOP? But if it were a NOP, why does it use different immediate?

答案1

得分: 3

你的反汇编器太旧了。

这些是ARMv8.3指针验证功能(FEAT_PAuth)的一部分的指令pacibspautibsp。它们分别使用“IB”密钥对x30寄存器进行签名和验证,并使用sp寄存器的内容作为上下文。

一些PAC指令(就像你正在查看的这两个)被编码在现有的NOP空间中,以便以向后兼容的方式编译程序:如果二进制代码在ARMv8.3兼容的硬件上运行,那么这些指令会对x30寄存器进行签名和验证,否则这两个指令都是NOP。

英文:

Your disassembler is too old.

These are the instructions pacibsp and autibsp, part of the ARMv8.3 Pointer Authentication feature (FEAT_PAuth). They respectively sign and authenticate the x30 register with the "IB" key, and with the contents of the sp register as context.

Some PAC instructions (like the two you're looking at) were encoded in existing NOP space, so that programs could be compiled in a backwards-compatible way: if the binary is running on ARMv8.3-compliant hardware, then the instructions sign and authenticate the x30 register, otherwise the two instructions are both NOPs.

huangapple
  • 本文由 发表于 2023年6月22日 19:53:46
  • 转载请务必保留本文链接:https://go.coder-hub.com/76531601.html
  • arm64
  • assembly
  • instruction-set
  • visual-c++
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定