-
-
[求助]IDA如何加载gcc lto的静态库
-
发表于:
2018-8-1 15:04
1981
-
某静态库方式提供的SDK内的.o文件未能在IDA内加载分析,使用readelf得知.text段没有内容,每个函数各存在于自己独立的以.gnu.lto_开头的段里面。
在此请教各位,怎样配置IDA加载这个.o内的函数进行分析?
附:
readelf -s的结果
Symbol table '.symtab' contains 24 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 0 FILE LOCAL DEFAULT ABS bsp_timer.c
2: 00000000 0 SECTION LOCAL DEFAULT 1
3: 00000000 0 SECTION LOCAL DEFAULT 2
4: 00000000 0 SECTION LOCAL DEFAULT 3
5: 00000000 0 SECTION LOCAL DEFAULT 4
6: 00000000 0 SECTION LOCAL DEFAULT 5
7: 00000000 0 SECTION LOCAL DEFAULT 6
8: 00000000 0 SECTION LOCAL DEFAULT 7
9: 00000000 0 SECTION LOCAL DEFAULT 8
10: 00000000 0 SECTION LOCAL DEFAULT 9
11: 00000000 0 SECTION LOCAL DEFAULT 10
12: 00000000 0 SECTION LOCAL DEFAULT 11
13: 00000000 0 SECTION LOCAL DEFAULT 12
14: 00000000 0 SECTION LOCAL DEFAULT 13
15: 00000000 0 SECTION LOCAL DEFAULT 14
16: 00000000 0 SECTION LOCAL DEFAULT 15
17: 00000000 0 SECTION LOCAL DEFAULT 16
18: 00000000 0 SECTION LOCAL DEFAULT 17
19: 00000000 0 SECTION LOCAL DEFAULT 18
20: 00000000 0 SECTION LOCAL DEFAULT 19
21: 00000000 0 SECTION LOCAL DEFAULT 20
22: 00000001 1 OBJECT GLOBAL DEFAULT COM __gnu_lto_v1
23: 00000001 1 OBJECT GLOBAL DEFAULT COM __gnu_lto_slim
readelf -S的结果
There are 24 section headers, starting at offset 0x42b0:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 00000000 000034 000000 00 AX 0 0 2
[ 2] .data PROGBITS 00000000 000034 000000 00 WA 0 0 1
[ 3] .bss NOBITS 00000000 000034 000000 00 WA 0 0 1
[ 4] .gnu.lto_.profile PROGBITS 00000000 000034 000013 00 E 0 0 1
[ 5] .gnu.lto_.icf.fc0 PROGBITS 00000000 000047 000038 00 E 0 0 1
[ 6] .gnu.lto_.jmpfunc PROGBITS 00000000 00007f 0000d2 00 E 0 0 1
[ 7] .gnu.lto_.inline. PROGBITS 00000000 000151 000076 00 E 0 0 1
[ 8] .gnu.lto_.purecon PROGBITS 00000000 0001c7 00001b 00 E 0 0 1
[ 9] .gnu.lto_systick_ PROGBITS 00000000 0001e2 000149 00 E 0 0 1
[10] .gnu.lto_stack_ov PROGBITS 00000000 00032b 0007ec 00 E 0 0 1
[11] .gnu.lto_systick_ PROGBITS 00000000 000b17 0002bb 00 E 0 0 1
[12] .gnu.lto_systick_ PROGBITS 00000000 000dd2 00027e 00 E 0 0 1
[13] .gnu.lto_aw_sys_c PROGBITS 00000000 001050 000126 00 E 0 0 1
[14] .gnu.lto_.symbol_ PROGBITS 00000000 001176 0000af 00 E 0 0 1
[15] .gnu.lto_.refs.fc PROGBITS 00000000 001225 00002c 00 E 0 0 1
[16] .gnu.lto_.decls.f PROGBITS 00000000 001251 002937 00 E 0 0 1
[17] .gnu.lto_.symtab. PROGBITS 00000000 003b88 0001b1 00 E 0 0 1
[18] .gnu.lto_.opts PROGBITS 00000000 003d39 00012b 00 E 0 0 1
[19] .comment PROGBITS 00000000 003e64 00006f 01 MS 0 0 1
[20] .ARM.attributes ARM_ATTRIBUTES 00000000 003ed3 000035 00 0 0 1
[21] .shstrtab STRTAB 00000000 0040b6 0001f8 00 0 0 1
[22] .symtab SYMTAB 00000000 003f08 000180 10 23 22 4
[23] .strtab STRTAB 00000000 004088 00002e 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
y (purecode), p (processor specific)
readelf -t的结果
There are 24 section headers, starting at offset 0x42b0:
Section Headers:
[Nr] Name
Type Addr Off Size ES Lk Inf Al
Flags
[ 0]
NULL 00000000 000000 000000 00 0 0 0
[00000000]:
[ 1] .text
PROGBITS 00000000 000034 000000 00 0 0 2
[00000006]: ALLOC, EXEC
[ 2] .data
PROGBITS 00000000 000034 000000 00 0 0 1
[00000003]: WRITE, ALLOC
[ 3] .bss
NOBITS 00000000 000034 000000 00 0 0 1
[00000003]: WRITE, ALLOC
[ 4] .gnu.lto_.profile.fc057671
PROGBITS 00000000 000034 000013 00 0 0 1
[80000000]: EXCLUDE
[ 5] .gnu.lto_.icf.fc057671
PROGBITS 00000000 000047 000038 00 0 0 1
[80000000]: EXCLUDE
[ 6] .gnu.lto_.jmpfuncs.fc057671
PROGBITS 00000000 00007f 0000d2 00 0 0 1
[80000000]: EXCLUDE
[ 7] .gnu.lto_.inline.fc057671
PROGBITS 00000000 000151 000076 00 0 0 1
[80000000]: EXCLUDE
[ 8] .gnu.lto_.pureconst.fc057671
PROGBITS 00000000 0001c7 00001b 00 0 0 1
[80000000]: EXCLUDE
[ 9] .gnu.lto_systick_isr.fc057671
PROGBITS 00000000 0001e2 000149 00 0 0 1
[80000000]: EXCLUDE
[10] .gnu.lto_stack_overflow_check.fc057671
PROGBITS 00000000 00032b 0007ec 00 0 0 1
[80000000]: EXCLUDE
[11] .gnu.lto_systick_init.part.0.fc057671
PROGBITS 00000000 000b17 0002bb 00 0 0 1
[80000000]: EXCLUDE
[12] .gnu.lto_systick_init.fc057671
PROGBITS 00000000 000dd2 00027e 00 0 0 1
[80000000]: EXCLUDE
[13] .gnu.lto_aw_sys_clkrate_get.fc057671
PROGBITS 00000000 001050 000126 00 0 0 1
[80000000]: EXCLUDE
[14] .gnu.lto_.symbol_nodes.fc057671
PROGBITS 00000000 001176 0000af 00 0 0 1
[80000000]: EXCLUDE
[15] .gnu.lto_.refs.fc057671
PROGBITS 00000000 001225 00002c 00 0 0 1
[80000000]: EXCLUDE
[16] .gnu.lto_.decls.fc057671
PROGBITS 00000000 001251 002937 00 0 0 1
[80000000]: EXCLUDE
[17] .gnu.lto_.symtab.fc057671
PROGBITS 00000000 003b88 0001b1 00 0 0 1
[80000000]: EXCLUDE
[18] .gnu.lto_.opts
PROGBITS 00000000 003d39 00012b 00 0 0 1
[80000000]: EXCLUDE
[19] .comment
PROGBITS 00000000 003e64 00006f 01 0 0 1
[00000030]: MERGE, STRINGS
[20] .ARM.attributes
ARM_ATTRIBUTES 00000000 003ed3 000035 00 0 0 1
[00000000]:
[21] .shstrtab
STRTAB 00000000 0040b6 0001f8 00 0 0 1
[00000000]:
[22] .symtab
SYMTAB 00000000 003f08 000180 10 23 22 4
[00000000]:
[23] .strtab
STRTAB 00000000 004088 00002e 00 0 0 1
[00000000]:
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
