ARM processors

April 30, 2025

STM32H743 Nucleo board -- diagnostic firmware

I use my "wrap" program to enclose the binary image in an ELF file. This has proven in many projects to be the best way to get ready to disassemble the code.

At this point I encounter my first difficulty. I am using objdump to do the disassembly and it is treating the file as a series of 32 bit ARM opcodes. However this is encoded at Thumb instructions, so that is all wrong.

I routinely compile code for STM32 controllers and then use objdump to disassemble them using:

arm-none-eabi-objdump -d hydra.elf >hydra.dump

I might add the "-z" switch to this, but the point is that I won't solve my problem by finding "thumb" switches for objdump, I need to change the ELF header generated by my wrap program. I can look at hydra.elf to see what the header needs to look like.

Disassemble the firmware

I spent a lot of time trying to figure out what to do to the ELF file header so that objdump would disassemble the contents as Thumb instructions. I finally gave up. The issue is not in the file header, but perhaps in section headers. The hydra elf file dumps nicely, but it is arranged in a multitude of sections and I am not determined enough to full analyze that file. But I found a way to get much closer to what I want:

--disassembler-options=force-thumb.

I add this switch to the objdump line as per:

arm-none-eabi-objdump --disassembler-options=force-thumb -d -z demo.elf >demo.dis

I have to inject the 32 bit constants (such as the vector table) myself, as now it disassembles everything as thumb instructions. Also note that all jumps have odd addresses, this tells the processor to remain in (or to be in) thumb mode after the jump. The actual address has the low bit forced to zero. This is no surprise and not any flaw of the disassembly.

A last thought

I am curious about how objdump can do a nice disassembly of the hydra elf file, while it fails with mine. If I wanted to pursue this further, rather than working with the entire hydra build, I should use some tiny bare metal demo that would yield a tiny ELF file and then study it in detail. I probably won't do that, as I am eager to start working with what I have obtained using the "force-thumb" switch I discovered.

Feedback? Questions? Drop me a line!

Tom's Computer Info / tom@mmto.org