Unlike with Intel architecture, on the PowerPC, subroutines and functions are not implemented though a 'call' instruction. Instead, the call to function() is begun by a 'bl <function>' instruction. 'bl <function>' (Branch and Link) stores the return address in the hardware register LR (link register), instead of on the stack, before executing the called function. My question is, if I wanted to change the return address before the next function or branch is called, at which point the return address is shuffled to the stack to make room for the new address, how would I do it?

Thanks,
rous

quotes taken from http://www.rtems.com/onlinedocs/releases/4...rpc/a00020.html (http://www.rtems.com/onlinedocs/releases/4.0.0/doc/support/c_powerpc/a00020.html)

The previous contents of the LR are not automatically saved by either the BL or BLA [instructions]. It is the responsibility of the callee to save the contents of the LR before invoking another subroutine. If the callee invokes another subroutine, it must restore the LR before executing the BLR instruction to return to the caller.

It is important to note that the PowerPC subroutine call and return mechanism does not automatically save and restore any registers.

and also

The LR may be accessed as special purpose register 8 (SPR8) using the \"move from special register\" (MFSPR) and \"move to special register\" (MTSPR) instructions.

those are the basics but it seems that you already knew that. what exactly are you trying to do? if i understand your question correctly, what you need to do is let the BL instruction execute and then change the LR register. are you attempting to build an automatic tool of some sort? in that case, may i recommend patching the code instead and re-directing execution to a 'cave'? what debugger are you currently using? keep us posted...

cheers, sna