买了《Android软件安全与逆向分析》这本书,再看到第八章时有点疑问。
最后面,用gdb进行调试的时候,gdbserver启动,端口转发做好,在本地用相应版本的gdb链接到gdbserver,到这里都没有问题。
但是在入口地址下断点后,执行continue命令,会中断在断点的前几条指令,而且我发现,一般是中断在断点的上面一条指令的地址。而且,用ni进行单步,单步一次会走2条机器指令,并伴随下面的提示:
Program terminated with signal SIGILL, Illegal instruction.
走不了几步,程序就SIGILL异常退出了。
(gdb) target remote :12345
Remote debugging using :12345
warning: Can not parse XML target description; XML support was disabled at compile time
0xb6f3fa40 in ?? ()
(gdb) disas 0x82f4,+20
Dump of assembler code from 0x82f4 to 0x8308:
0x000082f4: sub sp, sp, #24
0x000082f8: str r0, [r11, #-24]
0x000082fc: str r1, [r11, #-28]
0x00008300: mov r3, #1
0x00008304: str r3, [r11, #-16]
End of assembler dump.
(gdb) set arm force-mode thumb
(gdb) disas 0x82f4,+20
Dump of assembler code from 0x82f4 to 0x8308:
0x000082f4: beq.n 0x8328
0x000082f6: b.n 0x8794
0x000082f8: movs r0, r3
0x000082fa: b.n 0x7d14
0x000082fc: asrs r4, r3, #32
0x000082fe: b.n 0x7d18
0x00008300: adds r0, #1
0x00008302: b.n 0x8a46
0x00008304: adds r0, #16
0x00008306: b.n 0x7d20
End of assembler dump.
(gdb) info b
Num Type Disp Enb Address What
1 breakpoint keep y 0x000082f4
(gdb) c
Continuing.
Cannot access memory at address 0x0
[Inferior 1 (Remote target) exited normally]
下面是使用arm指令级,并设置断点后的报错:
(gdb) b *0x82f4
Cannot access memory at address 0x0
Breakpoint 1 at 0x82f4
(gdb) info b
Num Type Disp Enb Address What
1 breakpoint keep y 0x000082f4
(gdb) c
Continuing.
Program received signal SIGILL, Illegal instruction.
0x000082f8 in ?? ()