Closed BurningTeng closed 4 years ago
Theres no code at address 0. Thats expected. Imports the flags from the agent side seek there and use af @@ sym* or use the boundaries to tell from where to where to analyze
On 4 May 2020, at 04:51, 18345093167 notifications@github.com wrote:
I want to debug so file on Android10. I use command r2 -d frida://usb//25654(Chrome), Then I use command \dm to show all so files. Then I use commands as following, but there is no message when is use r2 command afl [0x00000000]> \iE libjnigraphics.so f sym.fun.AndroidBitmap_getInfo = 0xde0a8013 f sym.fun.AndroidBitmap_lockPixels = 0xde0a8039 f sym.fun.AndroidBitmap_unlockPixels = 0xde0a8065 [0x00000000]> s 0xde0a8013 [0xde0a8013]> aaa [x] Analyze all flags starting with sym. and entry0 (aa) [Warning: Invalid range. Use different search.in=? or anal.in=dbg.maps.x [x] Analyze function calls (aac) [Warning: Invalid range. Use different search.in=? or anal.in=dbg.maps.x [x] find and analyze function preludes (aap) [x] Analyze len bytes of instructions for references (aar) [x] Check for objc references [x] Check for vtables [x] Finding xrefs in noncode section with anal.in=io.maps [x] Analyze value pointers (aav) [Warning: Invalid range. Use different search.in=? or anal.in=dbg.maps.x [x] Emulate code to find computed references (aae) [TOFIX: aaft can't run in debugger mode.ions (aaft) [x] Type matching analysis for all functions (aaft) [x] Propagate noreturn information [x] Use -AA or aaaa to perform additional experimental analysis. [0xde0a8013]> afl
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
[0x00000000]> s 0xde0a8013
[0xde0a8013]> aaa
From above, I have used s
to forward the address. And it is 0xde0a8013 not 0. What is wrong for my operation?
On the other hand, I want to know how to "Imports the flags from the agent side seek there and use af @@ sym or use the boundaries to tell from where to where to analyze"?
I have tried like this but afl
still show nothing :
[0x00000000]> \iE libjnigraphics.so
f sym.fun.AndroidBitmap_getInfo = 0xddfc7013
f sym.fun.AndroidBitmap_lockPixels = 0xddfc7039
f sym.fun.AndroidBitmap_unlockPixels = 0xddfc7065
[0x00000000]> afl 0xddfc7013
[0x00000000]> afl 0xddfc7039
[0x00000000]>
Hi,
r2 static commands like aaa
and afl
are not a great idea dealing with dynamic memory at runtime.
[0x00000000]> \iE* libjnigraphics.so
f sym.fun.AndroidBitmap_getInfo = 0xddfc7013
f sym.fun.AndroidBitmap_lockPixels = 0xddfc7039
f sym.fun.AndroidBitmap_unlockPixels = 0xddfc7065
[0x00000000]> s 0xddfc7013
[0xddfc7013]> af
[0xddfc7013]> pdf
Just in case of doubt, you might want to read this wiki: https://github.com/enovella/r2frida-wiki
Thanks very much. But I have a question, if I want to see assembly code of so file , how to do?
You seek there and use pd to disassemble
On 4 May 2020, at 12:07, 18345093167 notifications@github.com wrote:
Thanks very much. But I have a question, if I want to see assembly code of so file , how to do?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
I want to debug so file on Android10. I use command
r2 -d frida://usb//25654
(Chrome), Then I use command\dm*
to show all so files. Then I use commands as following, but there is no message when I use r2 commandafl
. [0x00000000]> \iE* libjnigraphics.so f sym.fun.AndroidBitmap_getInfo = 0xde0a8013 f sym.fun.AndroidBitmap_lockPixels = 0xde0a8039 f sym.fun.AndroidBitmap_unlockPixels = 0xde0a8065 [0x00000000]> s 0xde0a8013 [0xde0a8013]> aaa [x] Analyze all flags starting with sym. and entry0 (aa) [Warning: Invalid range. Use different search.in=? or anal.in=dbg.maps.x [x] Analyze function calls (aac) [Warning: Invalid range. Use different search.in=? or anal.in=dbg.maps.x [x] find and analyze function preludes (aap) [x] Analyze len bytes of instructions for references (aar) [x] Check for objc references [x] Check for vtables [x] Finding xrefs in noncode section with anal.in=io.maps [x] Analyze value pointers (aav) [Warning: Invalid range. Use different search.in=? or anal.in=dbg.maps.x [x] Emulate code to find computed references (aae) [TOFIX: aaft can't run in debugger mode.ions (aaft) [x] Type matching analysis for all functions (aaft) [x] Propagate noreturn information [x] Use -AA or aaaa to perform additional experimental analysis. [0xde0a8013]> afl