Running FreeRTOS on ARM Cortex-M4 CPU

[pipe01]

I'm trying to run an app built using FreeRTOS using Unicorn, but I can't seem to get the exception handlers right.

Relevant FreeRTOS code:

0000413c <vPortStartFirstTask>:
    413c:	4805      	ldr	r0, [pc, #20]	; (4154 <vPortStartFirstTask+0x18>)
    413e:	6800      	ldr	r0, [r0, #0]
    4140:	f380 8808 	msr	MSP, r0
    4144:	b662      	cpsie	i
    4146:	b661      	cpsie	f
    4148:	f3bf 8f4f 	dsb	sy
    414c:	f3bf 8f6f 	isb	sy
    4150:	df00      	svc	0
    4152:	bf00      	nop
    4154:	00000000 	andeq	r0, r0, r0

00004158 <SVC_Handler>:
    4158:	4b06      	ldr	r3, [pc, #24]	; (4174 <SVC_Handler+0x1c>)
    415a:	6819      	ldr	r1, [r3, #0]
    415c:	6808      	ldr	r0, [r1, #0]
    415e:	e8b0 4ff0 	ldmia.w	r0!, {r4, r5, r6, r7, r8, r9, sl, fp, lr}
    4162:	f380 8809 	msr	PSP, r0
    4166:	f3bf 8f6f 	isb	sy
    416a:	f04f 0000 	mov.w	r0, #0
    416e:	f380 8811 	msr	BASEPRI, r0
    4172:	4770      	bx	lr
    4174:	2000c6c8 	andcs	ip, r0, r8, asr #13

When the svc 0 exception is raised I set the PC to the corresponding entry in the vector table, which is hard-coded at the moment:

p, _ := mu.MemRead(11*4, 4)
mu.RegWrite(uc.ARM_REG_PC, uint64(binary.LittleEndian.Uint32(p)))

This works until execution gets to 0x4172, where the lr register is pointing to garbage (0x0xfffffffd) so when the code jumps there it dies. The lr register points to a sensible address until the msr PSP, r0 call, which is when it changes into garbage. Any idea what I'm doing wrong?

[lockbox]

See page B1-539 here. That is proper return address from an exception, you need to hook it and handle it how your use case requires.