Problems about decoding the data dumped from ARM memory

Question

Now I got some content dumped from the memory of an ARM machine. The thing is actually they are ARM instructions, but I don't know how to convert those hex numbers to ARM instructions. What I have now is the "arm-elf-objdump" can read .bin file and disassemble the content in the .bin file. But I just have the texts of hex numbers which is different from the binary file. How can I do this decode?

E.g.

  800104:       e3a00000        mov     r0, #0  ; 0x0
  800108:       e59f104c        ldr     r1, [pc, #76]   ; 80015c <_jump_main+0x4>
  80010c:       e59f204c        ldr     r2, [pc, #76]   ; 800160 <_jump_main+0x8>

Actually the "e3a00000" means "mov r0, #0". There should be a tool to do this. Any one can give me some suggestions?

Answer 1

OK, as I have finished this task, I will answer my own question so maybe someone can get help from my answer.

My problem is made of two parts: The first one is that I don't know clearly how "arm-elf-objdump" work. In my case, I use

arm-elf-objdump -D -b binary -marm binaryfile.dat

This will help to disassemble the ARM code if the binaryfile.dat is correct.

The second problem is how to make binaryfile.dat correct. For example,

800104:       e3a00000        mov     r0, #0  ; 0x0

When I dumped hex number e3a00000 from RAM, actually I almost got the instruction. Then I use

const uint8_t num=0xe3a00000;
fp = fopen("binaryfile.dat", "wb+");
fwrite(&num, sizeof(const uint8_t), 1, fp);

This will write "e3a00000" in the binaryfile.dat which is a binary file(in Linux). Then I used

hexer binaryfile.dat 

to check and found it is correct, then used

arm-elf-objdump -D -b binary -marm binaryfile.dat

What I got is

> arm-elf-objdump -D -b binary -marm binaryfile.dat
binaryfile.dat:     file format binary

Disassembly of section .data:

0000000000000000 <.data>:
0:  e3a00000    mov r0, #0  ; 0x0

That's all, I am a beginner in this area and thanks for all the people who helped me. If you find some problems, please let me know :)

Answer 2

Convert your text file to a binary file which should be trivial even you have to write a script/application yourself then use objdump to disassemble.

objdump -D -b binary -marm <binary_file>

However also be careful to instruction encoding, you'll get wildly different results if you select arm for thumb encoding. See objdump manual part about --disassembler-options=force-thumb.

Answer 3

The tool you're looking for is called a 'disassembler'. A common one is GNU objdump, as you've found. I'm not sure if it can handle text input, but you can write a simple program to convert it back to binary if necessary.