I am currently working to solve the stage Hanoi in the Microcorruption CTF. This CTF focusses on the MSP430 Family (RISC, 16Bit).
I stumbled across the following lines:
445c: c443 fcff mov.b #0x0, -0x4(r4)
.
.
.
4472: 5f44 fcff mov.b -0x4(r4), r15
Which contains move instructions referencing a negative operand in front of (r4). I assumed this would point to the registers in front of whatever is stored in r4 (two words in front) but looking at the memory dump this assumption seems not to be correct.
I used https://www.ti.com/lit/ug/slau049f/slau049f.pdf as reference, Page 3-52 is the reference to mov.b.
Please fill me in on what happens here exactly, or give me some keywords to search for.
Any help is appreciated!
P.S.: Please do not spoil how to solve this stage, I want to figure out whatever I can on my own. Thanks!
As pointed out in the coments by Peter Cordes, my initial thought is correct. (Even though the wording is off)
The value stored in the memoryaddress, which is equal to the sum of the value stored in r4 plus the offset -4 is decremented by the register plus -4 (offset) and stored in r15.
That's it really.
Example:
If
r4 = 0x43FC and 0x43F8 = 0xAB
The instruction
mov.b -0x4(r4), r15
would result in the value 0x43FC - 0x4 = 0x43F8
At this addres, 0xAB is stored.
Result:
r15 = 0xAB