f3e27f3c62c62dd1b5557f8c066408fde6aef942
explain/tinyelf-arm.md
| ... | ... | @@ -16,6 +16,7 @@ Looks like breadbox didn't want to go down *this* rabbithole. So we'll have to d |
| 16 | 16 | * You can shift one operand of an instruction by a constant value for free, it doesn't cost any bytes. (ARM mode only) This can also be used to do fixed-point multiplications etc. (eg. `add r0, r0, lsr #1` for `r0*1.5`) |
| 17 | 17 | * `ldmia`/`stmia` are great for copying stuff around |
| 18 | 18 | * [`e_machine` (and `e_type`) seem to be the only checked header fields](https://code.woboq.org/linux/linux/arch/arm/kernel/elf.c.html) (`e_entry` alignment checks are normal, because if it wouldn't be aligned, the code would segfault on entry.) |
| 19 | + * Of course, `e_entry`, `e_phoff`, `e_phnum` need to contain the right values, and `e_phentsize` and `e_ehsize` need to be correct as well. |
|
| 19 | 20 | * `phdr` parsing etc. is done architecture-independently, so the same tricks should be usable here as well. |
| 20 | 21 | * Turns out it's even more relaxed than x86 when messing with `p_paddr`, `p_padding` and `p_flags`. It seems to be the case that the kernel & CPU will happily let you execute code in read-write pages. |
| 21 | 22 | * Apparently the kernel doesn't look at the immediate field of `swi` and `bkpt` instructions __if it's configured as EABI-only__ (which we assume). |