.I wish PPC64 code was as simple as PPC32 code.. :( I'm in the process of reversing a PPC64 executable, but I cannot figure out how the data references are calculated.. I simply cannot wrap my head around the calculation of the %rtoc and the negative offsets..
In basic form there is this (why is the offset negative?):
lwz %r0, -0x7FF8(%rtoc)And the recalculation of %rtoc?:
LOAD:0000000000012624 bl sub_A35E8
LOAD:0000000000012628 ld %rtoc, arg_28(%sp)
# ------------------------------------------
sub_a35e8:
LOAD:00000000000A35E8 .set arg_28, 0x28
LOAD:00000000000A35E8
LOAD:00000000000A35E8 li %r12, 0
LOAD:00000000000A35EC oris %r12, %r12, 0xF
LOAD:00000000000A35F0 lwz %r12, -0x6F38(%r12)
LOAD:00000000000A35F4 std %rtoc, arg_28(%sp)
LOAD:00000000000A35F8 lwz %r0, 0(%r12)
LOAD:00000000000A35FC lwz %rtoc, 4(%r12)
LOAD:00000000000A3600 mtspr CTR, %r0
LOAD:00000000000A3604 bctr
And there are functions which include tables; are these so called GOT tables? and how is this static data referenced?:
LOAD:000000000001B418 lwz %r11, -0x6620(%rtoc) # Load Word and Zero
LOAD:000000000001B41C rldic %r9, %r5, 2,30 # Rotate Left Doubleword Immediate then Clear Left MD-form
LOAD:000000000001B420 lwzx %r0, %r9, %r11 # Load Word and Zero Indexed X-form
LOAD:000000000001B424 extsw %r0, %r0 # Extend Sign Word X-form
LOAD:000000000001B428 add %r0, %r0, %r11
LOAD:000000000001B42C mtspr CTR, %r0 # Move To Special Purpose Register XFX-form
LOAD:000000000001B430 bctr # Branch unconditionally to CTR
LOAD:000000000001B430 # ---------------------------------------------------------------------------
LOAD:000000000001B434 .long 0x38
LOAD:000000000001B438 .long 0x50
LOAD:000000000001B43C .long 0xC0
LOAD:000000000001B440 .long 0x110
LOAD:000000000001B444 .long 0x188
LOAD:000000000001B448 .long 0x1ACI've been looking for manuals/explanation, and only found this, but still don't get it..:
http://code.google.com/p/cellos/wiki/UnderstandingPICGOT
Who can help me further?
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}