A problem when patching arm binary with dyn branch

[Ver0n1ca]

When patching arm binary with samples/arm/hello32.py, sometimes the patched binary ended in a infinite loop because the LR register is changed in trampoline so later in the program when it jumps to the address in LR without assigning it to a new address, it jumps back to the injected instructions.

I edited the call function in class arm in arch.py. It worked in my case.

def call(self, dst):
        return '''
        push {lr}
        bl %s
        pop {lr}
        ''' % self.fmtaddr(dst)

Thanks!