AArch64/ARM64 Tutorial

Chapter 23: Basic Register Safety

Well throughout this entire ARM64 tutorial to this point, we have been using examples that included random register selection for instructions. When it comes the time to write out real world instructions, you cannot choose at will which registers you want to use. Some registers will need to have their values kept intact.

Let's discuss Register Safety. When discussing basic register safety, we are assuming that we are inserting code at a random spot in a program. Technically what this means is replacing a program's instruction with a branch that will jump to a portion of unused memory where our custom code resides at. The custom code executes and will branch back to the instruction that is immediately after the inserted branch at the program. This is known as an Exploit. These types of exploits are used in many Video Game Cheat Codes as many Cheat Codes are written in Assembly. 

Most Assembly work you will do won't be of this "exploit" nature, but Register Safety is discussed in this context as it helps the beginner understand what registers he/she can use at any random given point in time.

We will cover GPRs only in this Chapter.

NOTE: The % rankings are arbitrary guesses, take these with a gigantic grain of salt.

99% Very Safe
r16 thru r18

You can use these 3 registers 99% of the time without needing to backup and later restore their values (which would require extra instructions in your custom code/program ofc). 

95% Safe
r9 thru r15

You can use these registers most of the time without backup+restoration.

90% Safe
r8

Not as safe as the above registers, but still considered somewhat safe.

<90% Semi Safe
r0 thru r7

When using these registers, you should backup them up somehow and later restore their values whenever your code/program has completed. r0 thru r7 are known as the volatile registers.

Not Safe
r19 thru r28

You *must* backup+restore these values if you intend to use these registers. r19 thru r28 are known as the non-volatile registers.

Never Safe
r29 (fp), r30 (lr), and sp

Never safe to use, unless you are experienced and know exactly how to safely modify these. It's not as simple as just backing-up then restoring.

For inserting code into a program (i.e. exploit or some video game cheat code), there is a simple method that allows you to use the non-volatile registers safety which also includes modifying the "never safe" sp register. We're not going to go into the nuance of how this works, but just understand you have this 'tool' available for use.

Place this at the start of your exploit/cheat...
stp fp, lr, [sp, #-0x60]!
stp x19, x20, [sp, #0x10]
stp x21, x22, [sp, #0x20]
stp x23, x24, [sp, #0x30]
stp x25, x26, [sp, #0x40]
stp x27, x28, [sp, #0x50]
mov fp, sp

And place this at the end of your exploit/cheat...
ldp x27, x28, [sp, #0x50]
ldp x25, x26, [sp, #0x40]
ldp x23, x24, [sp, #0x30]
ldp x21, x22, [sp, #0x20]
ldp x19, x20, [sp, #0x10]
ldp fp, lr, [sp], #0x60

This will allow you to use any of the non-volatile registers you desire. 

"Advanced" Register safety (i.e. Register Safety for general programs) is much more complicated and is covered in Chapter 26.


Next Chapter

Tutorial Index