Hello Expert.!!
I have a only code in elf file .text section.
I want make a dis-assembler but i don't know which is thumb or arm code.
how to distinguish arm or thumb. i can not read cpsr regester infomation. only have a code...
thanks
This may be a bit late but other users might be interested in the info. I will list the steps that are needed to decode an ELF file in general (there may be some specific based on the processor arch/manufacturer).
1. You need to decode the ELF file header to extract all the different headers and sections in your file. This is located at address 0 in the ELF file. There are a number of manuals online that describe the structure of the ELF header which is standard.
2. The most important is the program header that contains the loadable program segment(s).
3. The are a bunch of other information that you will need to extract such as start address of the heap, etc. These are only needed if you actually want to emulate your processor environment. For just debugging the code you can proceed directly to the loadable program segment(s).
4. Once you get to the loadable program segment you can start decoding the instructions by reading 8-bit or 16-bit words at a time and deciphering the opcode (first byte). The opcode reference can be found on ARM website. Thumb2 (32-bit instructions within the Thumb ISA) instructions are assigned specific opcodes, for example in Thumb ISA opcodes 0x0F/0x1F/0x1E indicate that the instructions is a 32-bit instructions.
If you haven't done this before it is quite a challenge. Alternatively, all these functions are included in the GCC source code. You can make use of them if you have the time to dig deep inside the GCC web.
Good luck!