Tag: AARCH64

Why the load of main by _start uses got entry, not adrp+add pair?

  • Haco
  • November 26, 2025
  • 6 min read

The _start function uses a Global Offset Table (GOT) entry to load the address of main primarily because _start is defined in a pre-compiled object file (typically Scrt1.o) that was built with Position-Independent Code (PIC) enabled. Here is the detailed explanation of why this happens and why adrp + add isn't used by default: 1. _start is Pre-Compiled Generic Code The _start function is not compiled at the same time as your application's main.c. It is part of the C Runtime (CRT) startup files (specifically Scrt1.o for Position…

AArch64 Pre/Post Indexing

  • Haco
  • November 25, 2025
  • 6 min read

In AArch64 (ARMv8-A 64-bit architecture), Pre-indexing and Post-indexing are memory addressing modes used with Load (LDR) and Store (STR) instructions. Their primary purpose is to perform Writeback: they automatically update the base register (the pointer) with a new address as part of the instruction execution. This is extremely efficient for iterating through arrays or managing stacks because it eliminates the need for a separate ADD or SUB instruction to move the pointer. Here is the breakdown of how they work. 1. Pre-Indexed Addressing Syntax: [base, #offset]!Key Symbol: The…

Enabling PAC and BTI on AArch64 for Linux

  • Haco
  • March 18, 2025
  • 34 min read

Source code for the examples can be found at https://gitlab.arm.com/pac-and-bti-blog/blog-example and the tag will be referenced with the "Tag" keyword before source examples. Certain versions of Arm 64-bit processors have features that can help provide control flow integrity and reduce gadget space, making software more robust in the face of attack. Pointer Authentication Codes (PAC) work by signing and verifying indirect branch targets and branch target instructions (BTI) function by marking all valid branch locations. These technologies harden the control flow by ensuring that modification of control flow…

How to compile coreutils / binutils for aarch64 in x64

  • Haco
  • February 23, 2025
  • 2 min read

Dockcross git clone https://github.com/dockcross/dockcross.git cd dockcross docker run --rm dockcross/linux-arm64> ./dockcross-linux-arm64 chmod +x ./dockcross-linux-arm64 mv ./dockcross-linux-arm64 ~/bin/ Coreutils / Binutils //Go to the repository diretory dockcross-linux-arm64 bash //In the docker work diretory ./bootstrap(only for coreutils) mkdir aarch64 cd aarch64 ../configure make make check(run official test) Building GDB Natively Ever since the GDB and the binutils repositories were integrated (due to the git migration), it has become a bit more complex to build GDB. Of course, you can still do a simple ./configure && make, but you might actually want to disable…

How to launch ARM aarch64 VM with QEMU from scratch

  • Haco
  • February 5, 2025
  • 3 min read

The below instructions will allow for bringing up an ARM VM from scratch. To launch an aarch64 VM we first need to install a few dependencies, including QEMU and the qemu-efi-aarch64 package, which includes the efi firmware. apt-get install qemu-system-arm apt-get install qemu-efi-aarch64 apt-get install qemu-utils Create the flash images with the correct sizes. dd if=/dev/zero of=flash1.img bs=1M count=64 dd if=/dev/zero of=flash0.img bs=1M count=64 dd if=/usr/share/qemu-efi-aarch64/QEMU_EFI.fd of=flash0.img conv=notrunc Create a dedicated directory (folder) on your host system to contain this virtual machine. Download the latest  “Virtual” ISO file for…