I have a Android .so file uses ARM-V7A instruction set.

I drag it into IDA, and there is one line shows :

0x1000: b #0x102c

And the hex window show that the binary code of b #0x102c is 14 e0.

14 e0 have binrary format of 0001 0100 1110 0000, which is not how ARM-manual encoded this instruction.

UNLESS

1    4    e    0
0001 0100 1110 0000
8 ----- 1 16 ---- 9

8 -- 1 means 1 bit to 8 bit, 9 -- 16 means 9 bit to 16bit

Why is instruction encoded this way in .so file ?

For example if I want to runtime change some instruction at some address. Do I change it to 0x14e0( which is how instruction encoded in .so file ), or change it to 0xe014( which is how instrcution encoded in ARM-Manual )

CodePudding user response：

Looks like IDA is breaking it into bytes so you'd expect the low 8 bits to be first, as a byte-stream. 14 e0 is the same thing as little-endian e014, a single 16-bit halfword.

(IDA was probably first developed for x86, where machine code is a variable-length byte-stream, not a sequence of 16 or 32-bit chunks, and ported to ARM. This is still a valid way to hexdump ARM machine code, though.)

Re: the title question:

The .text section of an executable or library will get mapped into memory like mmap, without modifications. Except in rare cases of "text relocations" to fix up absolute addresses, e.g. in jump tables in .rodata or movw/movk in .text itself.

But position-independent code generally avoids that, because that's the whole point of being position independent. It's definitely not byte-swapped!