From b279ea60ab086885d7ca1027129de2d1288d0579 Mon Sep 17 00:00:00 2001
From: deepio <alex.daigle2@gmail.com>
Date: Fri, 22 Mar 2019 02:42:16 -0400
Subject: [PATCH] Fixes: ARM-Thumb srsdb disassembly

Thank you @emteere !

https://github.com/NationalSecurityAgency/ghidra/issues/216
---
 .../data/languages/ARMTHUMBinstructions.sinc  | 25 ++++++++++----
 .../ARM/data/languages/ARMinstructions.sinc   | 34 +++++++++++++------
 2 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/Ghidra/Processors/ARM/data/languages/ARMTHUMBinstructions.sinc b/Ghidra/Processors/ARM/data/languages/ARMTHUMBinstructions.sinc
index ea89edd..d335ae0 100644
--- a/Ghidra/Processors/ARM/data/languages/ARMTHUMBinstructions.sinc
+++ b/Ghidra/Processors/ARM/data/languages/ARMTHUMBinstructions.sinc
@@ -203,8 +203,6 @@ attach names [ thcpn ] [ p0 p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15
 attach variables [ hrn0002 hrm0305 hrd0002 ]
                  [ r8 r9 r10 r11 r12 sp lr pc ];
                  
-attach names [ thsrsMode ] [ _ _ _ _ _ _ _ _ usr fiq irq svc _ _ mon abt _ _ _ und _ _ _ sys _ _ _ _ _ _ _ _ ];
-
 macro th_addflags(op1,op2) {
   tmpCY = carry(op1,op2);
   tmpOV = scarry(op1,op2);
@@ -923,6 +921,19 @@ taddrmode5: [Rn0003],{immed8}	is thP8=0 & thU7=1 & thW5=0 & Rn0003; immed8
 
 @endif # VERSION_6T2 || VERSION_7
 
+#
+# Modes for SRS instructions
+#
+thSRSMode: "usr" is thsrsMode=8 & thc0004  { export *[const]:1 thc0004; }
+thSRSMode: "fiq" is thsrsMode=9 & thc0004  { export *[const]:1 thc0004; }
+thSRSMode: "irq" is thsrsMode=10 & thc0004 { export *[const]:1 thc0004; }
+thSRSMode: "svc" is thsrsMode=11 & thc0004 { export *[const]:1 thc0004; }
+thSRSMode: "mon" is thsrsMode=14 & thc0004 { export *[const]:1 thc0004; }
+thSRSMode: "abt" is thsrsMode=15 & thc0004 { export *[const]:1 thc0004; }
+thSRSMode: "und" is thsrsMode=19 & thc0004 { export *[const]:1 thc0004; }
+thSRSMode: "sys" is thsrsMode=23 & thc0004 { export *[const]:1 thc0004; }
+thSRSMode: "#"^thsrsMode is thsrsMode      { export *[const]:1 thsrsMode; }
+
 #
 # Detect if the PC is loaded and do a GOTO
 #
@@ -3962,7 +3973,7 @@ thdXtop: "X" is thc0404=1 & Rm0003       { local tmpRm0003 = Rm0003; tmp:2 = tmp
 	Rd0811 = tmp:4;
 }
 
-:srsdb^ItCond sp^"!",thsrsMode 		is TMode=1 & ItCond & op6=0x3a0 & sp & thc0505=1 & thc0004=0xd; op8=0xc0 & sop0507=0 & thsrsMode
+:srsdb^ItCond sp^"!",thSRSMode 		is TMode=1 & ItCond & op6=0x3a0 & sp & thc0505=1 & thc0004=0xd; op8=0xc0 & sop0507=0 & thSRSMode
 {
   build ItCond;
   # register list is always: r14, spsr
@@ -3973,7 +3984,7 @@ thdXtop: "X" is thc0404=1 & Rm0003       { local tmpRm0003 = Rm0003; tmp:2 = tmp
   sp = ptr;
 }
 
-:srsdb^ItCond sp,thsrsMode 		is TMode=1 & ItCond & op6=0x3a0 & sp & thc0505=0 & thc0004=0xd; op8=0xc0 & sop0507=0 & thsrsMode
+:srsdb^ItCond sp,thSRSMode 		is TMode=1 & ItCond & op6=0x3a0 & sp & thc0505=0 & thc0004=0xd; op8=0xc0 & sop0507=0 & thSRSMode
 {
   build ItCond;
   # register list is always: r14, spsr
@@ -3983,7 +3994,7 @@ thdXtop: "X" is thc0404=1 & Rm0003       { local tmpRm0003 = Rm0003; tmp:2 = tmp
   *ptr = spsr;
 }
 
-:srsib^ItCond sp^"!",thsrsMode 		is TMode=1 & ItCond & op6=0x3a6 & sp & thc0505=1 & thc0004=0xd; op8=0xc0 & sop0507=0 & thsrsMode
+:srsib^ItCond sp^"!",thSRSMode 		is TMode=1 & ItCond & op6=0x3a6 & sp & thc0505=1 & thc0004=0xd; op8=0xc0 & sop0507=0 & thSRSMode
 {
   build ItCond;
   # register list is always: r14, spsr
@@ -3994,7 +4005,7 @@ thdXtop: "X" is thc0404=1 & Rm0003       { local tmpRm0003 = Rm0003; tmp:2 = tmp
   sp = ptr;
 }
 
-:srsia^ItCond sp,thsrsMode 		is TMode=1 & ItCond & op6=0x3a6 & sp & thc0505=0 & thc0004=0xd; op8=0xc0 & sop0507=0 & thsrsMode
+:srsia^ItCond sp,thSRSMode 		is TMode=1 & ItCond & op6=0x3a6 & sp & thc0505=0 & thc0004=0xd; op8=0xc0 & sop0507=0 & thSRSMode
 {
   build ItCond;
   # register list is always: r14, spsr
@@ -4915,7 +4926,7 @@ Pcrel: [cloc,Rm0003]  is Rm0003 & thc0404=1 [ cloc = inst_next; ]
   tmp1:4 = UnsignedSaturate(diff1, 16:2);
   tmp2:4 = UnsignedSaturate(diff2, 16:2);
   Rd0811[ 0,16] = tmp1[0,16];
-  Rd0811[16,16] = tmp1[0,16];
+  Rd0811[16,16] = tmp2[0,16];
 }
 
 :uqsub8^ItCond     Rd0811,Rn0003,Rm0003    is TMode=1 & ItCond & op4=0xfac & Rn0003; op12=0xf & Rd0811 & thc0407=0x5 & Rm0003
diff --git a/Ghidra/Processors/ARM/data/languages/ARMinstructions.sinc b/Ghidra/Processors/ARM/data/languages/ARMinstructions.sinc
index 503a85f..2678813 100644
--- a/Ghidra/Processors/ARM/data/languages/ARMinstructions.sinc
+++ b/Ghidra/Processors/ARM/data/languages/ARMinstructions.sinc
@@ -553,8 +553,7 @@ attach variables [ thv_Rd thv_Rn thv_Rt thv_Rt2 ] [ r0 r1 r2 r3 r4 r5 r6 r7 r8 r
 attach names [ cpn ] [ p0 p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15  ];
 attach names [ ibOption ] [ opt0 opt1 opt2 opt3 opt4 opt5 opt6 opt7 opt8 opt9 opt10 opt11 opt12 opt13 opt14 SY ];
 attach names [ dbOption ] [ opt0 opt1 OSHST OSH opt4 opt5 NSHST NSH opt8 opt9 ISHST ISH opt12 opt13 ST SY ];
-attach names [ srsMode ] [ _ _ _ _ _ _ _ _ usr fiq irq svc _ _ mon abt _ _ _ und _ _ _ sys _ _ _ _ _ _ _ _ ];
- 
+
 macro addflags(op1,op2) {
  tmpCY = carry(op1,op2);
  tmpOV = scarry(op1,op2);
@@ -1393,6 +1392,21 @@ bitWidth: "#"^w	is lsb & msb	[ w = msb - lsb + 1; ]  { export *[const]:4 w; }
 
 @endif # VERSION_6T2 || VERSION_7
 
+#
+# Modes for SRS instructions
+#
+@if defined(VERSION_6)
+SRSMode: "usr" is srsMode=8 & c0004  { export *[const]:1 c0004; }
+SRSMode: "fiq" is srsMode=9 & c0004  { export *[const]:1 c0004; }
+SRSMode: "irq" is srsMode=10 & c0004 { export *[const]:1 c0004; }
+SRSMode: "svc" is srsMode=11 & c0004 { export *[const]:1 c0004; }
+SRSMode: "mon" is srsMode=14 & c0004 { export *[const]:1 c0004; }
+SRSMode: "abt" is srsMode=15 & c0004 { export *[const]:1 c0004; }
+SRSMode: "und" is srsMode=19 & c0004 { export *[const]:1 c0004; }
+SRSMode: "sys" is srsMode=23 & c0004 { export *[const]:1 c0004; }
+SRSMode: "#"^srsMode is srsMode      { export *[const]:1 srsMode; }
+@endif # VERSION_6
+
 # Add a hat instruction to set the ARMcond context variable which
 # tells whether this is a legal conditional instruction (for v7 and
 # later).
@@ -1662,7 +1676,7 @@ SetMode: "#"^31  is c0004=0x1f  { setSystemMode(); }
   return [pc];
 }
 
-:srsia srsMode 		is $(AMODE) &  cond=15 & c2527=4 & P24=0 & U23=1 & S22=1 & W21=0 & L20=0 & c1215=0 & c0811=5 & c0507=0 & srsMode
+:srsia SRSMode 		is $(AMODE) &  cond=15 & c2527=4 & P24=0 & U23=1 & S22=1 & W21=0 & L20=0 & c1215=0 & c0811=5 & c0507=0 & SRSMode
 {
   # register list is always: r14, spsr
   ptr:4 = sp;
@@ -1672,7 +1686,7 @@ SetMode: "#"^31  is c0004=0x1f  { setSystemMode(); }
   ptr = ptr + 4;
 }
 
-:srsib srsMode 		is $(AMODE) &  cond=15 & c2527=4 & P24=1 & U23=1 & W21=0 & S22=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & srsMode
+:srsib SRSMode 		is $(AMODE) &  cond=15 & c2527=4 & P24=1 & U23=1 & W21=0 & S22=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & SRSMode
 {
   # register list is always: r14, spsr
   ptr:4 = sp + 4;
@@ -1681,7 +1695,7 @@ SetMode: "#"^31  is c0004=0x1f  { setSystemMode(); }
   *ptr = spsr;
 }
 
-:srsda srsMode 		is $(AMODE) &  cond=15 & c2527=4 & P24=0 & U23=0 & W21=0 & S22=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & srsMode
+:srsda SRSMode 		is $(AMODE) &  cond=15 & c2527=4 & P24=0 & U23=0 & W21=0 & S22=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & SRSMode
 {
   # register list is always: r14, spsr
   ptr:4 = sp;
@@ -1691,7 +1705,7 @@ SetMode: "#"^31  is c0004=0x1f  { setSystemMode(); }
   ptr = ptr - 4;
 }
 
-:srsdb srsMode 		is $(AMODE) &  cond=15 & c2527=4 & P24=1 & U23=0 & W21=0 & S22=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & srsMode
+:srsdb SRSMode 		is $(AMODE) &  cond=15 & c2527=4 & P24=1 & U23=0 & W21=0 & S22=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & SRSMode
 {
   # register list is always: r14, spsr
   ptr:4 = sp - 4;
@@ -1700,7 +1714,7 @@ SetMode: "#"^31  is c0004=0x1f  { setSystemMode(); }
   *ptr = spsr;
 }
 
-:srsia srsMode! 		is $(AMODE) &  cond=15 & c2527=4 & P24=0 & U23=1 & S22=1 & W21=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & srsMode
+:srsia SRSMode! 		is $(AMODE) &  cond=15 & c2527=4 & P24=0 & U23=1 & S22=1 & W21=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & SRSMode
 {
   # register list is always: r14, spsr
   ptr:4 = sp;
@@ -1711,7 +1725,7 @@ SetMode: "#"^31  is c0004=0x1f  { setSystemMode(); }
   sp = ptr;
 }
 
-:srsib srsMode! 		is $(AMODE) &  cond=15 & c2527=4 & P24=1 & U23=1 & W21=1 & S22=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & srsMode
+:srsib SRSMode! 		is $(AMODE) &  cond=15 & c2527=4 & P24=1 & U23=1 & W21=1 & S22=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & SRSMode
 {
   # register list is always: r14, spsr
   ptr:4 = sp + 4;
@@ -1721,7 +1735,7 @@ SetMode: "#"^31  is c0004=0x1f  { setSystemMode(); }
   sp = ptr;
 }
 
-:srsda srsMode! 		is $(AMODE) &  cond=15 & c2527=4 & P24=0 & U23=0 & W21=1 & S22=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & srsMode
+:srsda SRSMode! 		is $(AMODE) &  cond=15 & c2527=4 & P24=0 & U23=0 & W21=1 & S22=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & SRSMode
 {
   # register list is always: r14, spsr
   ptr:4 = sp;
@@ -1732,7 +1746,7 @@ SetMode: "#"^31  is c0004=0x1f  { setSystemMode(); }
   sp = ptr;
 }
 
-:srsdb srsMode! 		is $(AMODE) &  cond=15 & c2527=4 & P24=1 & U23=0 & W21=1 & S22=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & srsMode
+:srsdb SRSMode! 		is $(AMODE) &  cond=15 & c2527=4 & P24=1 & U23=0 & W21=1 & S22=1 & L20=0 & c1215=0 & c0811=5 & c0507=0 & SRSMode
 {
   # register list is always: r14, spsr
   ptr:4 = sp;