According to the output of pd, the instruction in 0x10018a408 is nop. So I think there might be some bug dealing with nop instruction. I also use jadx to check the disassembly:
$ rizin apk://Vuldroid.apk
WARNING: No calling convention defined for this file, analysis may be inaccurate.
-- Toggle between disasm and graph with the space key
[0x1004b3df8]> aaaa
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls
[x] Analyze len bytes of instructions for references
[x] Check for classes
[x] Finding xrefs in noncode section with analysis.in=io.maps
[x] Analyze value pointers (aav)
[x] Value from 0x1000bbbd0 to 0x100489df4 (aav)
[x] 0x1000bbbd0-0x100489df4 in 0x1000bbbd0-0x100489df4 (aav)
[x] 0x1000bbbd0-0x100489df4 in 0x8000000000-0x8000004786 (aav)
[x] 0x1000bbbd0-0x100489df4 in 0x1004b3d28-0x1004f6ba8 (aav)
[x] 0x1000bbbd0-0x100489df4 in 0x8000490000-0x8000490156 (aav)
[x] Value from 0x8000000000 to 0x8000004786 (aav)
[x] 0x8000000000-0x8000004786 in 0x1000bbbd0-0x100489df4 (aav)
[x] 0x8000000000-0x8000004786 in 0x8000000000-0x8000004786 (aav)
[x] 0x8000000000-0x8000004786 in 0x1004b3d28-0x1004f6ba8 (aav)
[x] 0x8000000000-0x8000004786 in 0x8000490000-0x8000490156 (aav)
[x] Value from 0x1004b3d28 to 0x1004f6ba8 (aav)
[x] 0x1004b3d28-0x1004f6ba8 in 0x1000bbbd0-0x100489df4 (aav)
[x] 0x1004b3d28-0x1004f6ba8 in 0x8000000000-0x8000004786 (aav)
[x] 0x1004b3d28-0x1004f6ba8 in 0x1004b3d28-0x1004f6ba8 (aav)
[x] 0x1004b3d28-0x1004f6ba8 in 0x8000490000-0x8000490156 (aav)
[x] Value from 0x8000490000 to 0x8000490156 (aav)
[x] 0x8000490000-0x8000490156 in 0x1000bbbd0-0x100489df4 (aav)
[x] 0x8000490000-0x8000490156 in 0x8000000000-0x8000004786 (aav)
[x] 0x8000490000-0x8000490156 in 0x1004b3d28-0x1004f6ba8 (aav)
[x] 0x8000490000-0x8000490156 in 0x8000490000-0x8000490156 (aav)
[x] Emulate functions to find computed references
[x] Analyze local variables and arguments
[x] Applied 0 FLIRT signatures via sigdb
[x] Propagate noreturn information
[x] Resolve pointers to data sections
[x] Finding function preludes
[x] Enable constraint types analysis for variables
[0x1004b3df8]> pdr @ 4296582152
Work environment
rizin -v
full output, not truncated (mandatory)Expected behavior
The pdr and pdrj commands should work fine.
Actual behavior
An error pops up when pdr/pdrj tries to disassemble a function in the APK(SHA1: c6ecdbdd9647107bbb811bfe3c45499e5323519c).
Take address 4296582152 as an example. After I run aaaa command, pdr/pdrj returns an error message:
ERROR: Cannot find function at 0x10018a408
According to the output of pd, the instruction in 0x10018a408 is
nop
. So I think there might be some bug dealing with nop instruction. I also use jadx to check the disassembly:Steps to reproduce the behavior
Get the APK here and analyze it as follows.
Please let me know if anything is unclear.