ARMu - ARM assembler, disassembler, emulator

Main features of ARMu:

		ARM disassembler
		It can disassemble an ARM binary file using the architecture ARMv5TE instruction set (use some pseudo instruction mnemonic like ADR, RET, etc., no THUMB instructions) Automatically generates labels for subroutines, branches, data referencing, strings, SHA constants Custom labels, comments Handles memory segments Syntax highlighting Fully customizable code view (colors, font)
		ARM debugger
		Run and trace commands (Step, Run over, Run to) Stack view, Register view (CPSR flags), Call stack, CP15 view Edit register values (+flags) All 37 registers implemented.
		Import/export names from/to IDA database dump .idc files
		Dump all or only the custom labels Load/Save database from/to own format
		Search options
		Hex search (normal and reverse byte order) Text search (label, string, opcode, operand, comment)
		Database options
		Text search Filter for auto generated labels Type filter (show/hide jump target, subroutine, offset, string, data word) Sorting by address, label (inc/dec), length (inc/dec), number of references (inc/dec), type (inc/dec) Displays the UTF8 strings
		Hex editor
		It can show the binary file as hexadecimal values
		Project file editor
		It can edit the project file

- Quick overview -

Getting started

If you want to work with more than one segment you should create a 'project file' to make things easier.
The project file (.prj) is a plain text file containing instructions for ARMu.
Let's see how does it look like:

;ARMu project file
;-----------------------------------
;Set the working directory
;WORKDIR,working directory
;-----------------------------------
;Create a memory segment and load a binary file to it
;SEGMENT,C(ode)/D(ata),segment_label,start_adress[,filename/end_address][,from][,length]
;-----------------------------------
;Merge segments together
;MERGE,start_address,end_address
;-----------------------------------
;Mark memory region to data (string search and disass will skip this area)
;DATA,from,to
;-----------------------------------
;Fill memory
;FILL,start_address,end_address,value
;-----------------------------------
;String search
;SEARCH,start addr,end address,U(TF8 32-240)/A(SCII, 32-127),W(ord aligned)/N(on word aligned)
;-----------------------------------
;Imports IDA Dump database IDC file
;IDC,filename
;-----------------------------------
;Find references
;Collects B, BL branches, LDR, PC addresses and ADR values
;XREF
;-----------------------------------
;Load the database if exists
;LOADDB
;-----------------------------------
;Load an IDA dump database compatible IDC file
;IDC,filename
;-----------------------------------
;Set the filename for database dump cust.
;DUMPCUST,filename
;-----------------------------------
;Set a register value
;SETREG,register(dec),value(hex)
;-----------------------------------
;Jump to an address
;JUMP,address
;-----------------------------------
WORKDIR,d:\projects\7D\
SEGMENT,C,RAM,0,7DROM.bin,10168,38
SEGMENT,D,RAM,38,4af
SEGMENT,C,RAM,4B0,7DROM.bin,101A0,214
SEGMENT,D,RAM,6C4,18FF
FILL,6C4,1000,EEEEEEEE
SEGMENT,D,RAM,1900,7DROM.bin,50DCE8,221F0
SEGMENT,D,RAM,23AF0,24FFF
MERGE,0,24FFF
SEGMENT,D,RAM,33000,33FFF
SEGMENT,D,RAM,34000,34FFF
SEGMENT,D,RAM,40000000,400FFFFF
SEGMENT,D,RAM,C0000000,C00FFFFF
SEGMENT,D,RAM,C0100000,C01FFFFF
SEGMENT,D,RAM,C0200000,C02FFFFF
SEGMENT,D,RAM,C0400000,C04FFFFF
SEGMENT,D,RAM,C0800000,C08FFFFF
SEGMENT,D,RAM,C0F00000,C0FFFFFF
SEGMENT,C,ROM,FF000000,7DROM.bin
DATA,9A4620,9A4A24
DATA,FF4AA1C8,FF4AAB18
DATA,FF4C1AE0,FF4C4F48
DATA,FF4DEFF4,FF4E0664
DATA,FF4E726C,FF4FF928
DATA,FF501804,FF503FFC
DATA,FF505B98,FF50738F
DATA,FF5221D0,FF5235A0
DATA,FF5B2D94,FF617296
DATA,FF7A80E0,FFA0004C
DATA,FFA00090,FFFDB048
SEARCH,FF000000,FFFFFF00,U,N
IDC,7DROMchanges.idc
DUMPCUST,d:\util\projects\armu\7DROMchanges.idc
XREF
SETREG,13,1000
JUMP,FF010000

Download Canon EOS 7D fw 1.1.0 or Canon EOS 5D MkII fw 2.0.4 project.

1. Disassembler

	A	(ASCI string) Mark this line as a string.
	C	(Code) Mark this line as code.
	Shift-C	(Clear) Clear the label and mark the line as code.
	Ctrl-C	(Copy) Copy the selected address, codewords (one or more), label, opcode, operand or comment to the clipboard. You can paste it to the search box.
	D	(Data) Mark this line as data.
	G	(Goto) Set focus on the address field
	L	(List) Disassemble the seleced area to the status page
	Ctrl-L	(Lock) Lock/unlock for editing
	F3	Search forward
	Ctrl-F3	Search backward
	Click	on a code word: Show the code word in hex, bin, dec, inv
	Click	on a label: Show label properties, write the next reference address to the jump box
	Double click	on a label: Jump to DB view
	Double click	on a jump operand: Jump to the address
	Alt-F1	Show/hide the Register view
	Alt-F2	Show/hide the Stack view
	F5	Start the trace from the cursor. Execute one command.
	F7	Step: Execute the current command.
	F8	Run over: Run until reach the next command.
	F9	Run to: Run the trace until the cursor.
	F10	Stop: Abort running.

The search always searches from the cursor (the selected field not included).
The double arrow change the search direction (you can also use F3, Ctrl-F3).
Before click on the Search button select a field in the grid.
The search procedure depends on which column has the selected field.
If the selected field is in one of the first two columns there will a hex search.
There are two options:
- type hex digit pairs (byte) as the same order as in the binary file. (eg. '1122334455667788')
- type codewords (4 bytes) as you see in the grid and put spaces between the codewords (eg. '44332211 88776655')
If you type other character than hex digits, the search automatically jumps to the 'label' column.
If the selected field is in the 'text' or the 'label' column it will a text search on labels.
If the selected field is in the 'opcode' column then there are two options:
- type only an opcode (or a part of it) to search in the opcode column only
- type an opcode (or a part of it) and an operand (or a part of the operand) separated by a 'space' to search in both column
If the selected field is in the 'operand' column then there will a text search on the operands.
If the selected field is in the 'comment' column then there will a text search on the comments.

	Alt-0	Show custom labels only/show all.
	Alt-1	Show/hide jump targets.
	Alt-2	Show/hide subroutines.
	Alt-3	Show/hide offsets.
	Alt-4	Show/hide strings.
	Alt-5	Show/hide data words.
	Ctrl-L	(Lock) Lock/unlock for editing
	F3	Search forward
	Ctrl-F3	Search backward
	Click	on a column header: Sort the data (address, label, len, C/G, ref, type)
	Click	on a label: Show label properties
	Double click	on a label: Jump to Code view
	Double click	on a type: List label properties

Version history

Change log:

Changes for v0.17	03/27/2011
.fir structure handling removed
Bug fixes
Changes for v0.16	03/22/2011
UTF8 string support (limited)
Bug fixes
Changes for v0.15	10/10/2010
Hex editor
Changes for v0.14	08/02/2010
Bug fixes
Changes for v0.12	07/18/2010
Improved search
Bug fixes
Changes for v0.11	06/04/2010
Improved debug
Bug fixes
First preview v0.10	05/26/2010
ARM Disassembler (ARMv5TE without Thumb instrucions)
Debugger (Step, Run over, Run to), Stack and Register view
Edit the register values and the binary file
Handle memory segments
Syntax highlighting (customizable)
Text and hex search (with different options)
Database for labels and comments
Search references
IDA dump IDC export, import
Display Canon DSLR firmware structure and decrypt updater(s)

Donation

If you've decided to make a donation for my project
click the donate button below for PayPal,
or wire the money directly to my account.

Donate with minimum amount of 10 EUR or 15 USD
and your serial number will be registered
and you can skip the start delay.

Donate via PayPal:

Money transfer:

Name: CSABA GODENY
Account (IBAN): HU56117730470957371600000000
Bank (BIC): OTPVHUHB
Budapest, HUNGARY
European Union

Links

Canon EOS 7D firmware related links:

ML-devel mailing list

Credits

The ARM instruction set implementation based on the ARMv5 Architecture Reference Manual