[求助]ida pro 32bit arm code 跳转问题-Android安全-看雪-安全社区|安全招聘|kanxue.com

[求助]ida pro 32bit arm code 跳转问题

发表于: 2013-1-29 15:04 6520

[求助]ida pro 32bit arm code 跳转问题

peterchen

2013-1-29 15:04

6520

用ida pro反汇编一下某大牛修改so:
修改前:
.text:0075C12C 6C 30 9F E5    LDR    R3, =(g_iAbsNativeLCDWidth_ptr - 0x75C13C)

.text:0075C1A0 04 3F 65 01    off_75C1A0 DCD g_iAbsNativeLCDWidth_ptr - 0x75C13C
.text:0075C1A0                                              ; DATA XREF: .text:_pieopenr

修改后:
.text:0075C12C 6C 30 9F E5    LDR    R3, =loc_1653F04

.text:0075C1A0 04 3F 65 01    off_75C1A0 DCD loc_1653F04 ; DATA XREF: _pieopenr

我看修改opcode完成看不出来，为什么完全没有修改过。DCD中居然变成跳到别的地方？

下面给出来完整两个对比修改版：

.text:0075C12C 6C 30 9F E5    LDR    R3, =(g_iAbsNativeLCDWidth_ptr - 0x75C13C)
.text:0075C130 10 40 2D E9    STMFD SP!, {R4,LR}
.text:0075C134 03 30 9F E7    LDR    R3, [PC,R3]
.text:0075C138 00 30 93 E5    LDR    R3, [R3]
.text:0075C13C 2D 3E 43 E2    SUB    R3, R3, #0x2D0
.text:0075C140 23 0E 53 E3    CMP    R3, #0x230
.text:0075C144 04 00 00 8A    BHI    loc_75C15C
.text:0075C148 54 30 9F E5    LDR    R3, =(g_iAbsNativeLCDHeight_ptr - 0x75C154)
.text:0075C14C 03 30 9F E7    LDR    R3, [PC,R3]
.text:0075C150 00 30 93 E5    LDR    R3, [R3]
.text:0075C154 05 0C 53 E3    CMP    R3, #0x500
.text:0075C158 10 80 BD D8    LDMLEFD SP!, {R4,PC}
.text:0075C15C
.text:0075C15C                loc_75C15C                   ; CODE XREF: .text:0075C144j
.text:0075C15C 44 30 9F E5    LDR    R3, =(SYC_main_id_ptr - 0x75C174)
.text:0075C160 00 40 A0 E3    MOV    R4, #0
.text:0075C164 40 10 9F E5    LDR    R1, =(aNativeMainGl - 0x75C17C)
.text:0075C168 06 00 A0 E3    MOV    R0, #6
.text:0075C16C 03 30 9F E7    LDR    R3, [PC,R3]
.text:0075C170 38 20 9F E5    LDR    R2, =(aEglsurfacecrea - 0x75C180)
.text:0075C174 01 10 8F E0    ADD    R1, PC, R1          ; "native-main-gl"
.text:0075C178 02 20 8F E0    ADD    R2, PC, R2          ; "eglSurfaceCreate failed"
.text:0075C17C 00 40 83 E5    STR    R4, [R3]
.text:0075C180 BC 5A FA EB    BL    __android_log_print
.text:0075C184 28 00 9F E5    LDR    R0, =(aAmStartNCom_ga - 0x75C190)
.text:0075C188 00 00 8F E0    ADD    R0, PC, R0          ; "am start -n com.garmin.android.apps.gmo"...
.text:0075C18C A1 5A FA EB    BL    system
.text:0075C190 19 0E A0 E3    MOV    R0, #0x190
.text:0075C194 EB 59 FA EB    BL    usleep
.text:0075C198 04 00 A0 E1    MOV    R0, R4
.text:0075C19C 82 5D FA EB    BL    exit
.text:0075C19C                ; ---------------------------------------------------------------------------
.text:0075C1A0 04 3F 65 01    off_75C1A0 DCD g_iAbsNativeLCDWidth_ptr - 0x75C13C
.text:0075C1A0                                              ; DATA XREF: .text:_pieopenr
.text:0075C1A4 60 6C 65 01    off_75C1A4 DCD g_iAbsNativeLCDHeight_ptr - 0x75C154
.text:0075C1A4                                              ; DATA XREF: .text:0075C148r
.text:0075C1A8 00 0C 65 01    off_75C1A8 DCD SYC_main_id_ptr - 0x75C174
.text:0075C1A8                                              ; DATA XREF: .text:loc_75C15Cr
.text:0075C1AC F4 43 2B 01    off_75C1AC DCD aNativeMainGl - 0x75C17C
.text:0075C1AC                                              ; DATA XREF: .text:0075C164r
.text:0075C1AC                                              ; "native-main-gl"
.text:0075C1B0 00 44 2B 01    off_75C1B0 DCD aEglsurfacecrea - 0x75C180
.text:0075C1B0                                              ; DATA XREF: .text:0075C170r
.text:0075C1B0                                              ; "eglSurfaceCreate failed"
.text:0075C1B4 08 44 2B 01    off_75C1B4 DCD aAmStartNCom_ga - 0x75C190
.text:0075C1B4                                              ; DATA XREF: .text:0075C184r
.text:0075C1B4                                              ; "am start -n com.garmin.android.apps.gmo"...

###################################################
.text:0075C12C 6C 30 9F E5    LDR    R3, =loc_1653F04
.text:0075C130 10 40 2D E9    STMFD SP!, {R4,LR}
.text:0075C134 10 80 BD E8    LDMFD SP!, {R4,PC}
.text:0075C134                ; End of function _pieopen
.text:0075C134
.text:0075C138                ; ---------------------------------------------------------------------------
.text:0075C138 00 30 93 E5    LDR    R3, [R3]
.text:0075C13C 2D 3E 43 E2    SUB    R3, R3, #0x2D0
.text:0075C140
.text:0075C140                ; =============== S U B R O U T I N E =======================================
.text:0075C140
.text:0075C140
.text:0075C140                sub_75C140                   ; CODE XREF: sub_744844+84p
.text:0075C140 00 40 2D E9    STMFD SP!, {LR}
.text:0075C144 AB 1A 0A E3 AA 1F+MOV    R1, 0x3FAAAAAB
.text:0075C14C 27 C0 47 EB    BL    __mulsf3
.text:0075C150 23 C1 47 EB    BL    __fixsfsi
.text:0075C154 00 80 BD E8    LDMFD SP!, {PC}
.text:0075C154                ; End of function sub_75C140
.text:0075C154
.text:0075C154                ; ---------------------------------------------------------------------------
.text:0075C158 00 00 00 00 00 00+ALIGN 0x10
.text:0075C160
.text:0075C160                ; =============== S U B R O U T I N E =======================================
.text:0075C160
.text:0075C160
.text:0075C160                sub_75C160                   ; CODE XREF: sub_744844+9Cp
.text:0075C160 00 40 2D E9    STMFD SP!, {LR}
.text:0075C164 AB 1A 0A E3 AA 1F+MOV    R1, 0x3FAAAAAB
.text:0075C16C 1F C0 47 EB    BL    __mulsf3
.text:0075C170 1B C1 47 EB    BL    __fixsfsi
.text:0075C174 00 80 BD E8    LDMFD SP!, {PC}
.text:0075C174                ; End of function sub_75C160
.text:0075C174
.text:0075C174                ; ---------------------------------------------------------------------------
.text:0075C178 00 00 00 00 00 00+ALIGN 0x10
.text:0075C180 BC 5A FA EB    BL    __android_log_print
.text:0075C184 28 00 9F E5    LDR    R0, =(aAmStartNCom_ga - 0x75C190)
.text:0075C188 00 00 8F E0    ADD    R0, PC, R0          ; "am start -n com.garmin.android.apps.gmo"...
.text:0075C18C A1 5A FA EB    BL    system
.text:0075C190 19 0E A0 E3    MOV    R0, #0x190
.text:0075C194 EB 59 FA EB    BL    usleep
.text:0075C198 04 00 A0 E1    MOV    R0, R4
.text:0075C19C 82 5D FA EB    BL    exit
.text:0075C19C                ; ---------------------------------------------------------------------------
.text:0075C1A0 04 3F 65 01    off_75C1A0 DCD loc_1653F04 ; DATA XREF: _pieopenr
.text:0075C1A4 60 6C 65 01    DCD loc_1656C60
.text:0075C1A8 00 0C 65 01    DCD loc_1650C00
.text:0075C1AC F4 43 2B 01    DCD off_12B43F4
.text:0075C1B0 00 44 2B 01    DCD loc_12B4400
.text:0075C1B4 08 44 2B 01    off_75C1B4 DCD aAmStartNCom_ga - 0x75C190
.text:0075C1B4                                              ; DATA XREF: .text:0075C184r
.text:0075C1B4                                              ; "am start -n com.garmin.android.apps.gmo"...

###################################################

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)

收藏・1

免费・0

支持