使用版本 33.2.5
1、unidbg读写跟踪
2、unidbg调用运行
3、跟踪字符串生成过程
2)函数输入参数2:
3)每个字节写入过程
第1个字节 0x84,指令地址 0x81138,直接写入无需计算
第2字节 0x04,指令地址 0x805A4,直接写入无需计算
第3字节 0xe0,指令地址 0x803d0
0xe0从地址 0xbfffdb77 读取
地址 0xbfffdb77的值在 地址 0x7e648 处写入:
第4字节 0xa6,指令地址 0x7fbd4
第5和6字节 0x0000,指令地址0x13742c,初始化buffer为0后没有再写入
后20字节 0x06292b2e51bf21d8e270474e655a4379e5d3f7f6,指令地址 0x804e8。都是同一个地址,应该是在做加密运算。0x804e8 是最终写入地址,实际上有每个字节有3次写入。
上述逻辑是取出一个字节,然后做加密运算,再写回。
地址 0x80334 指令:
这里取出了当前字节,和下一个字节做加密运算,然后写回
地址 0x802ac 指令:
这里取出 0x2f,经过运算得到 0xf2,再次写回
地址 0x801cc 处指令:
对原始的输入值,每一个字节加密处理
该地址指令:
会循环初始化该数组的值为 0 – 0xff
上述指令的作用是使用地址 0xbfffdb70 处的值,初始化前面的长256的表
算了不跟踪了,方法就这样。
附上测试代码:
String traceFile = "C:\\Users\\Administrator\\Desktop\\tracecode.txt";
PrintStream traceStream = new PrintStream(new FileOutputStream(traceFile), true);
emulator.traceCode(module.base + 0x7e530, module.base + 0x807B4).setRedirect(traceStream); //追踪函数指令
traceStream = new PrintStream(new FileOutputStream("C:\\Users\\Administrator\\Desktop\\traceread.txt"), true);
emulator.traceRead(0, 0xFFFFFFFF).setRedirect(traceStream);//追踪内存读
traceStream = new PrintStream(new FileOutputStream("C:\\Users\\Administrator\\Desktop\\tracewrite.txt"), true);
emulator.traceWrite(0, 0xFFFFFFFF).setRedirect(traceStream);//追踪内存写
String traceFile = "C:\\Users\\Administrator\\Desktop\\tracecode.txt";
PrintStream traceStream = new PrintStream(new FileOutputStream(traceFile), true);
emulator.traceCode(module.base + 0x7e530, module.base + 0x807B4).setRedirect(traceStream); //追踪函数指令
traceStream = new PrintStream(new FileOutputStream("C:\\Users\\Administrator\\Desktop\\traceread.txt"), true);
emulator.traceRead(0, 0xFFFFFFFF).setRedirect(traceStream);//追踪内存读
traceStream = new PrintStream(new FileOutputStream("C:\\Users\\Administrator\\Desktop\\tracewrite.txt"), true);
emulator.traceWrite(0, 0xFFFFFFFF).setRedirect(traceStream);//追踪内存写
Memory WRITE at 0x4041a6e2, data size = 1, data value = 0xe0, PC=RX@0x405b03d0[libmetasec_ov.so]0x803d0, LR=unidbg@0x13
Memory WRITE at 0x4041a6e3, data size = 1, data value = 0xa6, PC=RX@0x405afbd4[libmetasec_ov.so]0x7fbd4, LR=RX@0x405af5c8[libmetasec_ov.so]0x7f5c8
Memory WRITE at 0x4041a6e4, data size = 1, data value = 0x00, PC=RX@0x4066742c[libmetasec_ov.so]0x13742c, LR=RX@0x405afd88[libmetasec_ov.so]0x7fd88
Memory WRITE at 0x4041a6e5, data size = 1, data value = 0x00, PC=RX@0x4066742c[libmetasec_ov.so]0x13742c, LR=RX@0x405afd88[libmetasec_ov.so]0x7fd88
Memory WRITE at 0x4041a6e6, data size = 1, data value = 0x06, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6e7, data size = 1, data value = 0x29, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6e8, data size = 1, data value = 0x2b, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6e9, data size = 1, data value = 0x2e, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6ea, data size = 1, data value = 0x51, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6eb, data size = 1, data value = 0xbf, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6ec, data size = 1, data value = 0x21, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6ed, data size = 1, data value = 0xd8, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6ee, data size = 1, data value = 0xe2, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6ef, data size = 1, data value = 0x70, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f0, data size = 1, data value = 0x47, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f1, data size = 1, data value = 0x4e, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f2, data size = 1, data value = 0x65, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f3, data size = 1, data value = 0x5a, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f4, data size = 1, data value = 0x43, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f5, data size = 1, data value = 0x79, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f6, data size = 1, data value = 0xe5, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f7, data size = 1, data value = 0xd3, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f8, data size = 1, data value = 0xf7, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f9, data size = 1, data value = 0xf6, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6e2, data size = 1, data value = 0xe0, PC=RX@0x405b03d0[libmetasec_ov.so]0x803d0, LR=unidbg@0x13
Memory WRITE at 0x4041a6e3, data size = 1, data value = 0xa6, PC=RX@0x405afbd4[libmetasec_ov.so]0x7fbd4, LR=RX@0x405af5c8[libmetasec_ov.so]0x7f5c8
Memory WRITE at 0x4041a6e4, data size = 1, data value = 0x00, PC=RX@0x4066742c[libmetasec_ov.so]0x13742c, LR=RX@0x405afd88[libmetasec_ov.so]0x7fd88
Memory WRITE at 0x4041a6e5, data size = 1, data value = 0x00, PC=RX@0x4066742c[libmetasec_ov.so]0x13742c, LR=RX@0x405afd88[libmetasec_ov.so]0x7fd88
Memory WRITE at 0x4041a6e6, data size = 1, data value = 0x06, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6e7, data size = 1, data value = 0x29, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6e8, data size = 1, data value = 0x2b, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6e9, data size = 1, data value = 0x2e, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6ea, data size = 1, data value = 0x51, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6eb, data size = 1, data value = 0xbf, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6ec, data size = 1, data value = 0x21, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6ed, data size = 1, data value = 0xd8, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6ee, data size = 1, data value = 0xe2, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6ef, data size = 1, data value = 0x70, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f0, data size = 1, data value = 0x47, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f1, data size = 1, data value = 0x4e, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f2, data size = 1, data value = 0x65, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f3, data size = 1, data value = 0x5a, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f4, data size = 1, data value = 0x43, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f5, data size = 1, data value = 0x79, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f6, data size = 1, data value = 0xe5, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f7, data size = 1, data value = 0xd3, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f8, data size = 1, data value = 0xf7, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
Memory WRITE at 0x4041a6f9, data size = 1, data value = 0xf6, PC=RX@0x405b04e8[libmetasec_ov.so]0x804e8, LR=unidbg@0x13
.text:0000000000081124 MOV W8,
.text:0000000000081128 MOV W9,
.text:000000000008112C MOV W10,
.text:0000000000081130 STRB W8, [X19,
.text:0000000000081134 STRB W9, [X19]
.text:0000000000081138 STRB W10, [X20] W10 = 0x84
.text:0000000000081124 MOV W8,
.text:0000000000081128 MOV W9,
.text:000000000008112C MOV W10,
.text:0000000000081130 STRB W8, [X19,
.text:0000000000081134 STRB W9, [X19]
.text:0000000000081138 STRB W10, [X20] W10 = 0x84
.text:0000000000080590 LDR X10, [X19,
.text:0000000000080594 MOV W11,
.text:0000000000080598 MOV W12,
.text:000000000008059C MOV W13,
.text:00000000000805A0 LDR X10, [X10,
.text:00000000000805A4 STRB W11, [X10,
.text:0000000000080590 LDR X10, [X19,
.text:0000000000080594 MOV W11,
.text:0000000000080598 MOV W12,
.text:000000000008059C MOV W13,
.text:00000000000805A0 LDR X10, [X10,
.text:00000000000805A4 STRB W11, [X10,
[libmetasec_ov.so 0x0803c8] [ad1d4039] 0x405b03c8: "ldrb w13, [x13, #7]" x13=0xbfffdb70 => w13=0xe0 从0xbfffdb77 加载
[libmetasec_ov.so 0x0803cc] [100a40f9] 0x405b03cc: "ldr x16, [x16, #0x10]" x16=0xbfffdf30 => x16=0x4041a6e0 取内存首地址
[libmetasec_ov.so 0x0803d0] [0d0a0039] 0x405b03d0: "strb w13, [x16, #2]" w13=0xe0 x16=0x4041a6e0 => w13=0xe0 写入 + 0x2 偏移
[libmetasec_ov.so 0x0803c8] [ad1d4039] 0x405b03c8: "ldrb w13, [x13, #7]" x13=0xbfffdb70 => w13=0xe0 从0xbfffdb77 加载
[libmetasec_ov.so 0x0803cc] [100a40f9] 0x405b03cc: "ldr x16, [x16, #0x10]" x16=0xbfffdf30 => x16=0x4041a6e0 取内存首地址
[libmetasec_ov.so 0x0803d0] [0d0a0039] 0x405b03d0: "strb w13, [x16, #2]" w13=0xe0 x16=0x4041a6e0 => w13=0xe0 写入 + 0x2 偏移
Memory WRITE at 0xbfffdb77, data size = 1, data value = 0xe0, PC=RX@0x405ae648[libmetasec_ov.so]0x7e648, LR=RX@0x405ae638[libmetasec_ov.so]0x7e638
Memory WRITE at 0xbfffdb77, data size = 1, data value = 0xe0, PC=RX@0x405ae648[libmetasec_ov.so]0x7e648, LR=RX@0x405ae638[libmetasec_ov.so]0x7e638
[libmetasec_ov.so 0x07e638] [e00a40f9] 0x405ae638: "ldr x0, [x23, #0x10]" x23=0xbfffdf30 => x0=0x4041a6e0 X23是传入的string参数, X0是string对象的buffer地址,通过 malloc分配得到(可以当成随机数)
[libmetasec_ov.so 0x07e644] [087c48d3] 0x405ae644: "ubfx x8, x0, #8, #0x18" x8=0x4041a6e0 x0=0x4041a6e0 => x8=0x4041a6
[libmetasec_ov.so 0x07e648] [80721f38] 0x405ae648: "sturb w0, [x20, #-9]" w0=0x4041a6e0 x20=0xbfffdb80 => w0=0x4041a6e0 这里在 0xbfffdb77 写入 0xe0
[libmetasec_ov.so 0x07e64c] [88321f38] 0x405ae64c: "sturb w8, [x20, #-0xd]" w8=0x4041a6 x20=0xbfffdb80 => w8=0x4041a6 这里在 0xbfffdb73 写入 0xa0
[libmetasec_ov.so 0x07e638] [e00a40f9] 0x405ae638: "ldr x0, [x23, #0x10]" x23=0xbfffdf30 => x0=0x4041a6e0 X23是传入的string参数, X0是string对象的buffer地址,通过 malloc分配得到(可以当成随机数)
[libmetasec_ov.so 0x07e644] [087c48d3] 0x405ae644: "ubfx x8, x0, #8, #0x18" x8=0x4041a6e0 x0=0x4041a6e0 => x8=0x4041a6
[libmetasec_ov.so 0x07e648] [80721f38] 0x405ae648: "sturb w0, [x20, #-9]" w0=0x4041a6e0 x20=0xbfffdb80 => w0=0x4041a6e0 这里在 0xbfffdb77 写入 0xe0
[libmetasec_ov.so 0x07e64c] [88321f38] 0x405ae64c: "sturb w8, [x20, #-0xd]" w8=0x4041a6 x20=0xbfffdb80 => w8=0x4041a6 这里在 0xbfffdb73 写入 0xa0
[libmetasec_ov.so 0x07fbc8] [692a42a9] 0x405afbc8: "ldp x9, x10, [x19, #0x20]" x9=0xaaa2 x10=0xe7700 x19=0xbfffdb90 => x9=0xbfffdb70 x10=0xbfffdf30
[libmetasec_ov.so 0x07fbcc] [290d4039] 0x405afbcc: "ldrb w9, [x9, #3]" x9=0xbfffdb70 => w9=0xa6 从地址 0xbfffdb73 加载一个字节 0xa0
[libmetasec_ov.so 0x07fbd0] [4a0940f9] 0x405afbd0: "ldr x10, [x10, #0x10]" x10=0xbfffdf30 => x10=0x4041a6e0
[libmetasec_ov.so 0x07fbd4] [490d0039] 0x405afbd4: "strb w9, [x10, #3]" w9=0xa6 x10=0x4041a6e0 => w9=0xa6 写入
[libmetasec_ov.so 0x07fbc8] [692a42a9] 0x405afbc8: "ldp x9, x10, [x19, #0x20]" x9=0xaaa2 x10=0xe7700 x19=0xbfffdb90 => x9=0xbfffdb70 x10=0xbfffdf30
[libmetasec_ov.so 0x07fbcc] [290d4039] 0x405afbcc: "ldrb w9, [x9, #3]" x9=0xbfffdb70 => w9=0xa6 从地址 0xbfffdb73 加载一个字节 0xa0
[libmetasec_ov.so 0x07fbd0] [4a0940f9] 0x405afbd0: "ldr x10, [x10, #0x10]" x10=0xbfffdf30 => x10=0x4041a6e0
[libmetasec_ov.so 0x07fbd4] [490d0039] 0x405afbd4: "strb w9, [x10, #3]" w9=0xa6 x10=0x4041a6e0 => w9=0xa6 写入
Memory WRITE at 0x4041a6e4, data size = 1, data value = 0x00, PC=RX@0x4066742c[libmetasec_ov.so]0x13742c, LR=RX@0x405afd88[libmetasec_ov.so]0x7fd88
Memory WRITE at 0x4041a6e5, data size = 1, data value = 0x00, PC=RX@0x4066742c[libmetasec_ov.so]0x13742c, LR=RX@0x405afd88[libmetasec_ov.so]0x7fd88
Memory WRITE at 0x4041a6e4, data size = 1, data value = 0x00, PC=RX@0x4066742c[libmetasec_ov.so]0x13742c, LR=RX@0x405afd88[libmetasec_ov.so]0x7fd88
Memory WRITE at 0x4041a6e5, data size = 1, data value = 0x00, PC=RX@0x4066742c[libmetasec_ov.so]0x13742c, LR=RX@0x405afd88[libmetasec_ov.so]0x7fd88
[17:49:07 930][libmetasec_ov.so 0x0804bc] [8df15f38] 0x405b04bc: "ldurb w13, [x12, #-1]" w13=0x18e x12=0x4041a6e7 => w13=0xb7 去除 0xb7
[17:49:07 930][libmetasec_ov.so 0x0804c0] [50040d0a] 0x405b04c0: "and w16, w2, w13, lsl #1" w2=0xffffffaa w13=0xb7 => w16=0x12a 运算
[17:49:07 931][libmetasec_ov.so 0x0804c4] [6d044d0a] 0x405b04c4: "and w13, w3, w13, lsr #1" w3=0x55 w13=0xb7 => w13=0x51
[17:49:07 931][libmetasec_ov.so 0x0804c8] [0d020d2a] 0x405b04c8: "orr w13, w16, w13" w16=0x12a w13=0x51 => w13=0x17b
[17:49:07 931][libmetasec_ov.so 0x0804cc] [b0751e53] 0x405b04cc: "lsl w16, w13, #2" w16=0x12a w13=0x17b => w16=0x5ec
[17:49:07 931][libmetasec_ov.so 0x0804d0] [8d084d0a] 0x405b04d0: "and w13, w4, w13, lsr #2" w4=0x33 w13=0x17b => w13=0x12
[17:49:07 931][libmetasec_ov.so 0x0804d4] [10761a12] 0x405b04d4: "and w16, w16, #0xffffffcf" w16=0x5ec => w16=0x5cc
[17:49:07 931][libmetasec_ov.so 0x0804d8] [0d020d2a] 0x405b04d8: "orr w13, w16, w13" w16=0x5cc w13=0x12 => w13=0x5de
[17:49:07 932][libmetasec_ov.so 0x0804dc] [b01d0453] 0x405b04dc: "ubfx w16, w13, #4, #4" w16=0x5cc w13=0x5de => w16=0xd
[17:49:07 932][libmetasec_ov.so 0x0804e0] [b06d1c33] 0x405b04e0: "bfi w16, w13, #4, #0x1c" w16=0xd w13=0x5de => w16=0x5ded
[17:49:07 932][libmetasec_ov.so 0x0804e4] [0d02084a] 0x405b04e4: "eor w13, w16, w8" w16=0x5ded w8=0xffffffeb => w13=0xffffa206
[17:49:07 932][libmetasec_ov.so 0x0804e8] [8df11f38] 0x405b04e8: "sturb w13, [x12, #-1]" w13=0xffffa206 x12=0x4041a6e7 => w13=0xffffa206 写入一个字节 0x06
[17:49:07 930][libmetasec_ov.so 0x0804bc] [8df15f38] 0x405b04bc: "ldurb w13, [x12, #-1]" w13=0x18e x12=0x4041a6e7 => w13=0xb7 去除 0xb7
[17:49:07 930][libmetasec_ov.so 0x0804c0] [50040d0a] 0x405b04c0: "and w16, w2, w13, lsl #1" w2=0xffffffaa w13=0xb7 => w16=0x12a 运算
[17:49:07 931][libmetasec_ov.so 0x0804c4] [6d044d0a] 0x405b04c4: "and w13, w3, w13, lsr #1" w3=0x55 w13=0xb7 => w13=0x51
[17:49:07 931][libmetasec_ov.so 0x0804c8] [0d020d2a] 0x405b04c8: "orr w13, w16, w13" w16=0x12a w13=0x51 => w13=0x17b
[17:49:07 931][libmetasec_ov.so 0x0804cc] [b0751e53] 0x405b04cc: "lsl w16, w13, #2" w16=0x12a w13=0x17b => w16=0x5ec
[17:49:07 931][libmetasec_ov.so 0x0804d0] [8d084d0a] 0x405b04d0: "and w13, w4, w13, lsr #2" w4=0x33 w13=0x17b => w13=0x12
[17:49:07 931][libmetasec_ov.so 0x0804d4] [10761a12] 0x405b04d4: "and w16, w16, #0xffffffcf" w16=0x5ec => w16=0x5cc
[17:49:07 931][libmetasec_ov.so 0x0804d8] [0d020d2a] 0x405b04d8: "orr w13, w16, w13" w16=0x5cc w13=0x12 => w13=0x5de
[17:49:07 932][libmetasec_ov.so 0x0804dc] [b01d0453] 0x405b04dc: "ubfx w16, w13, #4, #4" w16=0x5cc w13=0x5de => w16=0xd
[17:49:07 932][libmetasec_ov.so 0x0804e0] [b06d1c33] 0x405b04e0: "bfi w16, w13, #4, #0x1c" w16=0xd w13=0x5de => w16=0x5ded
[17:49:07 932][libmetasec_ov.so 0x0804e4] [0d02084a] 0x405b04e4: "eor w13, w16, w8" w16=0x5ded w8=0xffffffeb => w13=0xffffa206
[17:49:07 932][libmetasec_ov.so 0x0804e8] [8df11f38] 0x405b04e8: "sturb w13, [x12, #-1]" w13=0xffffa206 x12=0x4041a6e7 => w13=0xffffa206 写入一个字节 0x06
[10:40:11 176] Memory WRITE at 0x4041a6e6, data size = 1, data value = 0xb7, PC=RX@0x405b0334[libmetasec_ov.so]0x80334, LR=unidbg@0x13
[10:40:11 176] Memory WRITE at 0x4041a6e6, data size = 1, data value = 0xb7, PC=RX@0x405b0334[libmetasec_ov.so]0x80334, LR=unidbg@0x13
[17:49:07 922][libmetasec_ov.so 0x080320] [50696d38] 0x405b0320: "ldrb w16, [x10, x13]" x10=0x4041a6e7 x13=0x0 => w16=0x45 取出第八个字节
[17:49:07 923][libmetasec_ov.so 0x080324] [87f15f38] 0x405b0324: "ldurb w7, [x12, #-1]" w7=0x2f x12=0x4041a6e7 => w7=0xf2 取出第七个字节
[17:49:07 923][libmetasec_ov.so 0x080328] [f400102a] 0x405b0328: "orr w20, w7, w16" w7=0xf2 w16=0x45 => w20=0xf7 运算
[17:49:07 923][libmetasec_ov.so 0x08032c] [f000100a] 0x405b032c: "and w16, w7, w16" w7=0xf2 w16=0x45 => w16=0x40
[17:49:07 923][libmetasec_ov.so 0x080330] [9002104b] 0x405b0330: "sub w16, w20, w16" w20=0xf7 w16=0x40 => w16=0xb7
[17:49:07 923][libmetasec_ov.so 0x080334] [90f11f38] 0x405b0334: "sturb w16, [x12, #-1]" w16=0xb7 x12=0x4041a6e7 => w16=0xb7 第二次写入第七个字节
[17:49:07 922][libmetasec_ov.so 0x080320] [50696d38] 0x405b0320: "ldrb w16, [x10, x13]" x10=0x4041a6e7 x13=0x0 => w16=0x45 取出第八个字节
[17:49:07 923][libmetasec_ov.so 0x080324] [87f15f38] 0x405b0324: "ldurb w7, [x12, #-1]" w7=0x2f x12=0x4041a6e7 => w7=0xf2 取出第七个字节
[17:49:07 923][libmetasec_ov.so 0x080328] [f400102a] 0x405b0328: "orr w20, w7, w16" w7=0xf2 w16=0x45 => w20=0xf7 运算
[17:49:07 923][libmetasec_ov.so 0x08032c] [f000100a] 0x405b032c: "and w16, w7, w16" w7=0xf2 w16=0x45 => w16=0x40
[17:49:07 923][libmetasec_ov.so 0x080330] [9002104b] 0x405b0330: "sub w16, w20, w16" w20=0xf7 w16=0x40 => w16=0xb7
[17:49:07 923][libmetasec_ov.so 0x080334] [90f11f38] 0x405b0334: "sturb w16, [x12, #-1]" w16=0xb7 x12=0x4041a6e7 => w16=0xb7 第二次写入第七个字节
[10:40:11 170] Memory WRITE at 0x4041a6e6, data size = 1, data value = 0xf2, PC=RX@0x405b02ac[libmetasec_ov.so]0x802ac, LR=unidbg@0x13
[10:40:11 170] Memory WRITE at 0x4041a6e6, data size = 1, data value = 0xf2, PC=RX@0x405b02ac[libmetasec_ov.so]0x802ac, LR=unidbg@0x13
[17:49:07 916][libmetasec_ov.so 0x080298] [87f15f38] 0x405b0298: "ldurb w7, [x12, #-1]" w7=0xca4587e7 x12=0x4041a6e7 => w7=0x2f 取出第七个字节
[17:49:07 916][libmetasec_ov.so 0x08029c] [af050091] 0x405b029c: "add x15, x13, #1" x13=0x0 => x15=0x1
[17:49:07 916][libmetasec_ov.so 0x0802a0] [ff0117eb] 0x405b02a0: "cmp x15, x23" x23=0x14 => nzcv: N=1, Z=0, C=0, V=0 x15=0x1
[17:49:07 916][libmetasec_ov.so 0x0802a4] [f07c0453] 0x405b02a4: "lsr w16, w7, #4" w16=0xd79435f w7=0x2f => w16=0x2 运算
[17:49:07 916][libmetasec_ov.so 0x0802a8] [f01c1c33] 0x405b02a8: "bfi w16, w7, #4, #8" w16=0x2 w7=0x2f => w16=0x2f2
[17:49:07 917][libmetasec_ov.so 0x0802ac] [90f11f38] 0x405b02ac: "sturb w16, [x12, #-1]" w16=0x2f2 x12=0x4041a6e7 => w16=0x2f2 第一次写入
[17:49:07 916][libmetasec_ov.so 0x080298] [87f15f38] 0x405b0298: "ldurb w7, [x12, #-1]" w7=0xca4587e7 x12=0x4041a6e7 => w7=0x2f 取出第七个字节
[17:49:07 916][libmetasec_ov.so 0x08029c] [af050091] 0x405b029c: "add x15, x13, #1" x13=0x0 => x15=0x1
[17:49:07 916][libmetasec_ov.so 0x0802a0] [ff0117eb] 0x405b02a0: "cmp x15, x23" x23=0x14 => nzcv: N=1, Z=0, C=0, V=0 x15=0x1
[17:49:07 916][libmetasec_ov.so 0x0802a4] [f07c0453] 0x405b02a4: "lsr w16, w7, #4" w16=0xd79435f w7=0x2f => w16=0x2 运算
[17:49:07 916][libmetasec_ov.so 0x0802a8] [f01c1c33] 0x405b02a8: "bfi w16, w7, #4, #8" w16=0x2 w7=0x2f => w16=0x2f2
[17:49:07 917][libmetasec_ov.so 0x0802ac] [90f11f38] 0x405b02ac: "sturb w16, [x12, #-1]" w16=0x2f2 x12=0x4041a6e7 => w16=0x2f2 第一次写入
[10:40:11 089] Memory WRITE at 0x4041a6e6, data size = 1, data value = 0x2f, PC=RX@0x405b01cc[libmetasec_ov.so]0x801cc, LR=RX@0x405b007c[libmetasec_ov.so]0x8007c
[10:40:11 089] Memory WRITE at 0x4041a6e6, data size = 1, data value = 0x2f, PC=RX@0x405b01cc[libmetasec_ov.so]0x801cc, LR=RX@0x405b007c[libmetasec_ov.so]0x8007c
[17:49:07 797][libmetasec_ov.so 0x080150] [28030052] 0x405b0150: "eor w8, w25, #1" w25=0x0 => w8=0x1
[17:49:07 797][libmetasec_ov.so 0x080154] [29031f53] 0x405b0154: "ubfiz w9, w25, #1, #1" w9=0x3d w25=0x0 => w9=0x0
[17:49:07 797][libmetasec_ov.so 0x080158] [2801080b] 0x405b0158: "add w8, w9, w8" w9=0x0 w8=0x1 => w8=0x1
[17:49:07 798][libmetasec_ov.so 0x08015c] [09fd0311] 0x405b015c: "add w9, w8, #0xff" w8=0x1 => w9=0x100
[17:49:07 798][libmetasec_ov.so 0x080160] [1f010071] 0x405b0160: "cmp w8, #0" => nzcv: N=0, Z=0, C=1, V=0 w8=0x1
[17:49:07 798][libmetasec_ov.so 0x080164] [29b1881a] 0x405b0164: "csel w9, w9, w8, lt" nzcv: N=0, Z=0, C=1, V=0 w9=0x100 w8=0x1 => w9=0x1
[17:49:07 798][libmetasec_ov.so 0x080168] [295d1812] 0x405b0168: "and w9, w9, #0xffffff00" w9=0x1 => w9=0x0
[17:49:07 798][libmetasec_ov.so 0x08016c] [0801094b] 0x405b016c: "sub w8, w8, w9" w8=0x1 w9=0x0 => w8=0x1
[17:49:07 799][libmetasec_ov.so 0x080170] [0a7d4093] 0x405b0170: "sxtw x10, w8" x10=0x1 w8=0x1 => x10=0x1
[17:49:07 799][libmetasec_ov.so 0x080174] [696b6a38] 0x405b0174: "ldrb w9, [x27, x10]" x27=0xbfffda60 x10=0x1 => w9=0x4b
[17:49:07 799][libmetasec_ov.so 0x080178] [4b03094a] 0x405b0178: "eor w11, w26, w9" w26=0x0 w9=0x4b => w11=0x4b
[17:49:07 799][libmetasec_ov.so 0x08017c] [4903092a] 0x405b017c: "orr w9, w26, w9" w26=0x0 w9=0x4b => w9=0x4b
[17:49:07 799][libmetasec_ov.so 0x080180] [29791f53] 0x405b0180: "lsl w9, w9, #1" w9=0x4b => w9=0x96
[17:49:07 799][libmetasec_ov.so 0x080184] [29010b4b] 0x405b0184: "sub w9, w9, w11" w9=0x96 w11=0x4b => w9=0x4b
[17:49:07 800][libmetasec_ov.so 0x080188] [2bfd0311] 0x405b0188: "add w11, w9, #0xff" w9=0x4b => w11=0x14a
[17:49:07 800][libmetasec_ov.so 0x08018c] [3f010071] 0x405b018c: "cmp w9, #0" => nzcv: N=0, Z=0, C=1, V=0 w9=0x4b
[17:49:07 800][libmetasec_ov.so 0x080190] [6bb1891a] 0x405b0190: "csel w11, w11, w9, lt" nzcv: N=0, Z=0, C=1, V=0 w11=0x14a w9=0x4b => w11=0x4b
[17:49:07 800][libmetasec_ov.so 0x080194] [6b5d1812] 0x405b0194: "and w11, w11, #0xffffff00" w11=0x4b => w11=0x0
[17:49:07 800][libmetasec_ov.so 0x080198] [29010b4b] 0x405b0198: "sub w9, w9, w11" w9=0x4b w11=0x0 => w9=0x4b
[17:49:07 802][libmetasec_ov.so 0x08019c] [2b7d4093] 0x405b019c: "sxtw x11, w9" x11=0x0 w9=0x4b => x11=0x4b
[17:49:07 802][libmetasec_ov.so 0x0801a0] [6c6b6b38] 0x405b01a0: "ldrb w12, [x27, x11]" x27=0xbfffda60 x11=0x4b => w12=0x89
[17:49:07 802][libmetasec_ov.so 0x0801a4] [6c6b2a38] 0x405b01a4: "strb w12, [x27, x10]" w12=0x89 x27=0xbfffda60 x10=0x1 => w12=0x89
[17:49:07 802][libmetasec_ov.so 0x0801a8] [6c6b2b38] 0x405b01a8: "strb w12, [x27, x11]" w12=0x89 x27=0xbfffda60 x11=0x4b => w12=0x89
[17:49:07 802][libmetasec_ov.so 0x0801ac] [6a6b6a38] 0x405b01ac: "ldrb w10, [x27, x10]" x27=0xbfffda60 x10=0x1 => w10=0x89
[17:49:07 802][libmetasec_ov.so 0x0801b0] [0b6b7638] 0x405b01b0: "ldrb w11, [x24, x22]" x24=0x4041a6e6 x22=0x0 => w11=0x12
[17:49:07 802][libmetasec_ov.so 0x0801b4] [4d010c2a] 0x405b01b4: "orr w13, w10, w12" w10=0x89 w12=0x89 => w13=0x89
[17:49:07 803][libmetasec_ov.so 0x0801b8] [4a010c0a] 0x405b01b8: "and w10, w10, w12" w10=0x89 w12=0x89 => w10=0x89
[17:49:07 803][libmetasec_ov.so 0x0801bc] [aa010a0b] 0x405b01bc: "add w10, w13, w10" w13=0x89 w10=0x89 => w10=0x112
[17:49:07 803][libmetasec_ov.so 0x0801c0] [4a1d4092] 0x405b01c0: "and x10, x10, #0xff" x10=0x112 => x10=0x12
[17:49:07 803][libmetasec_ov.so 0x0801c4] [6a6b6a38] 0x405b01c4: "ldrb w10, [x27, x10]" x27=0xbfffda60 x10=0x12 => w10=0x3d
[17:49:07 804][libmetasec_ov.so 0x0801c8] [4a010b4a] 0x405b01c8: "eor w10, w10, w11" w10=0x3d w11=0x12 => w10=0x2f
[17:49:07 804][libmetasec_ov.so 0x0801cc] [0a6b3638] 0x405b01cc: "strb w10, [x24, x22]" w10=0x2f x24=0x4041a6e6 x22=0x0 => w10=0x2f
[17:49:07 797][libmetasec_ov.so 0x080150] [28030052] 0x405b0150: "eor w8, w25, #1" w25=0x0 => w8=0x1
[17:49:07 797][libmetasec_ov.so 0x080154] [29031f53] 0x405b0154: "ubfiz w9, w25, #1, #1" w9=0x3d w25=0x0 => w9=0x0
[17:49:07 797][libmetasec_ov.so 0x080158] [2801080b] 0x405b0158: "add w8, w9, w8" w9=0x0 w8=0x1 => w8=0x1
[17:49:07 798][libmetasec_ov.so 0x08015c] [09fd0311] 0x405b015c: "add w9, w8, #0xff" w8=0x1 => w9=0x100
[17:49:07 798][libmetasec_ov.so 0x080160] [1f010071] 0x405b0160: "cmp w8, #0" => nzcv: N=0, Z=0, C=1, V=0 w8=0x1
[17:49:07 798][libmetasec_ov.so 0x080164] [29b1881a] 0x405b0164: "csel w9, w9, w8, lt" nzcv: N=0, Z=0, C=1, V=0 w9=0x100 w8=0x1 => w9=0x1
[17:49:07 798][libmetasec_ov.so 0x080168] [295d1812] 0x405b0168: "and w9, w9, #0xffffff00" w9=0x1 => w9=0x0
[17:49:07 798][libmetasec_ov.so 0x08016c] [0801094b] 0x405b016c: "sub w8, w8, w9" w8=0x1 w9=0x0 => w8=0x1
[17:49:07 799][libmetasec_ov.so 0x080170] [0a7d4093] 0x405b0170: "sxtw x10, w8" x10=0x1 w8=0x1 => x10=0x1
[17:49:07 799][libmetasec_ov.so 0x080174] [696b6a38] 0x405b0174: "ldrb w9, [x27, x10]" x27=0xbfffda60 x10=0x1 => w9=0x4b
[17:49:07 799][libmetasec_ov.so 0x080178] [4b03094a] 0x405b0178: "eor w11, w26, w9" w26=0x0 w9=0x4b => w11=0x4b
[17:49:07 799][libmetasec_ov.so 0x08017c] [4903092a] 0x405b017c: "orr w9, w26, w9" w26=0x0 w9=0x4b => w9=0x4b
[17:49:07 799][libmetasec_ov.so 0x080180] [29791f53] 0x405b0180: "lsl w9, w9, #1" w9=0x4b => w9=0x96
[17:49:07 799][libmetasec_ov.so 0x080184] [29010b4b] 0x405b0184: "sub w9, w9, w11" w9=0x96 w11=0x4b => w9=0x4b
[17:49:07 800][libmetasec_ov.so 0x080188] [2bfd0311] 0x405b0188: "add w11, w9, #0xff" w9=0x4b => w11=0x14a
[17:49:07 800][libmetasec_ov.so 0x08018c] [3f010071] 0x405b018c: "cmp w9, #0" => nzcv: N=0, Z=0, C=1, V=0 w9=0x4b
[17:49:07 800][libmetasec_ov.so 0x080190] [6bb1891a] 0x405b0190: "csel w11, w11, w9, lt" nzcv: N=0, Z=0, C=1, V=0 w11=0x14a w9=0x4b => w11=0x4b
[17:49:07 800][libmetasec_ov.so 0x080194] [6b5d1812] 0x405b0194: "and w11, w11, #0xffffff00" w11=0x4b => w11=0x0
[17:49:07 800][libmetasec_ov.so 0x080198] [29010b4b] 0x405b0198: "sub w9, w9, w11" w9=0x4b w11=0x0 => w9=0x4b
[17:49:07 802][libmetasec_ov.so 0x08019c] [2b7d4093] 0x405b019c: "sxtw x11, w9" x11=0x0 w9=0x4b => x11=0x4b
[17:49:07 802][libmetasec_ov.so 0x0801a0] [6c6b6b38] 0x405b01a0: "ldrb w12, [x27, x11]" x27=0xbfffda60 x11=0x4b => w12=0x89
[17:49:07 802][libmetasec_ov.so 0x0801a4] [6c6b2a38] 0x405b01a4: "strb w12, [x27, x10]" w12=0x89 x27=0xbfffda60 x10=0x1 => w12=0x89
[17:49:07 802][libmetasec_ov.so 0x0801a8] [6c6b2b38] 0x405b01a8: "strb w12, [x27, x11]" w12=0x89 x27=0xbfffda60 x11=0x4b => w12=0x89
[17:49:07 802][libmetasec_ov.so 0x0801ac] [6a6b6a38] 0x405b01ac: "ldrb w10, [x27, x10]" x27=0xbfffda60 x10=0x1 => w10=0x89
[17:49:07 802][libmetasec_ov.so 0x0801b0] [0b6b7638] 0x405b01b0: "ldrb w11, [x24, x22]" x24=0x4041a6e6 x22=0x0 => w11=0x12
[17:49:07 802][libmetasec_ov.so 0x0801b4] [4d010c2a] 0x405b01b4: "orr w13, w10, w12" w10=0x89 w12=0x89 => w13=0x89
[17:49:07 803][libmetasec_ov.so 0x0801b8] [4a010c0a] 0x405b01b8: "and w10, w10, w12" w10=0x89 w12=0x89 => w10=0x89
[17:49:07 803][libmetasec_ov.so 0x0801bc] [aa010a0b] 0x405b01bc: "add w10, w13, w10" w13=0x89 w10=0x89 => w10=0x112
[17:49:07 803][libmetasec_ov.so 0x0801c0] [4a1d4092] 0x405b01c0: "and x10, x10, #0xff" x10=0x112 => x10=0x12
[17:49:07 803][libmetasec_ov.so 0x0801c4] [6a6b6a38] 0x405b01c4: "ldrb w10, [x27, x10]" x27=0xbfffda60 x10=0x12 => w10=0x3d
[17:49:07 804][libmetasec_ov.so 0x0801c8] [4a010b4a] 0x405b01c8: "eor w10, w10, w11" w10=0x3d w11=0x12 => w10=0x2f
[17:49:07 804][libmetasec_ov.so 0x0801cc] [0a6b3638] 0x405b01cc: "strb w10, [x24, x22]" w10=0x2f x24=0x4041a6e6 x22=0x0 => w10=0x2f
[10:40:08 848] Memory WRITE at 0xbfffda60, data size = 1, data value = 0x00, PC=RX@0x405af6f4[libmetasec_ov.so]0x7f6f4, LR=unidbg@0x17a
[10:40:08 848] Memory WRITE at 0xbfffda60, data size = 1, data value = 0x00, PC=RX@0x405af6f4[libmetasec_ov.so]0x7f6f4, LR=unidbg@0x17a
[17:49:05 332][libmetasec_ov.so 0x07f6f4] [776b3738] 0x405af6f4: "strb w23, [x27, x23]" w23=0xff x27=0xbfffda60 x23=0xff => w23=0xff
[17:49:05 332][libmetasec_ov.so 0x07f6f4] [776b3738] 0x405af6f4: "strb w23, [x27, x23]" w23=0xff x27=0xbfffda60 x23=0xff => w23=0xff
[培训]Windows内核深度攻防:从Hook技术到Rootkit实战!
最后于 2025-2-17 12:06
被CCTV果冻爽编辑
,原因: 新增附件
上传的附件:
