I am using olimex stm32 board. It has cortex-m3 processor. For my
project, I require to change return address when processor is executing
exception. I know that it is stored in stack, But where in stack?
It is always present somewhere in stack.I tried to find it by
displaying stack contents using gdb. I found it at sp+40 when I was in
usage fault handler and sp+48 when I was in mem fault handler. It seems
that in some cases it is not pushing all registers. Is this correct? If
yes, how to change return address?
I have attached disassembly of code and vector.c for reference. Any
kind of inputs will be really helpful.
Thanking you in advance.
What are you trying to do? Maybe there is another way to solve the problem.
Mem management fault occurs when processor cannot find the function. or
the address of function is wrong. In this case, I load the function in
RAM and want my exception handler to return to this newly loaded
handler. This can only be done by changing return address in stack.
Actually, I think this is only the way. But if you have any
alternative way please suggest.
Thank you for reply.
My error is solved. I am writing the code to change return address which
worked for me. This code is for olimex stm32f107 board.
asm(
"TST LR, #4;"
"ITE EQ;"
"MRSEQ R0, MSP;"
"MRSNE R0, PSP;"
);
asm("mov %0, r0" : "=r"(lraddr));
nxaddr=lraddr[12];
lraddr[12]=NEW VALUE
nxaddr contains old value.
Interesting... What happens when your newly loaded function returns? It will try to load a return address from stack which doesn't exist at that point, right?
Well, If it tries to jump at unknown location, a fault is called which returns to loaded function rather than unknown address. But now I am facing another problem on how to find size of function to be loaded. If anybody knows how to access symbol table at run-time. It would be of great help? Anyways you can ask any questions related to above code. I will help. Thank you.
> Well, If it tries to jump at unknown location, a fault is called which > returns to loaded function rather than unknown address. I mean, after jumping to that loaded function, when this new function tries to return, what happens? I think it will load some "random data" as a return address from the stack, try to jump there, causing random behaviour. I think you should NOT replace the return address on the stack, but just POP all local variables until you reach that return addres, and then do a JMP to the newly loaded function. Probably writing the whole ISR in assembler whould make this easier. Then, when the loaded function returns, it will jump back to the place where the exeption occured in the first place.
ok. For loading of function we require its size. I think we can get this by subtracting starting address of function to be loaded and next function. For that we require these address.How can we get these addresses or access symbol table?
Watch this topic
Disable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
Do you have a Google/GoogleMail account? No registration required!
Log in with Google account
Log in with Google account
No account? Register here.