Command pdr and pdrj come with an error message while disassembling a function.

[sidra-asa]

Work environment

Questions	Answers
OS/arch/bits (mandatory)	MacOS Big Sur version 11.6.8
File format of the file you reverse (mandatory)	APK
Architecture/bits of the file (mandatory)	Dalvik
rizin -v full output, not truncated (mandatory)	rizin 0.5.0 @ darwin-x86-64 commit: d20f68d7aba22a8e5c61dcd1d74c32fe51f2deb0

Expected behavior

The pdr and pdrj commands should work fine.

Actual behavior

An error pops up when pdr/pdrj tries to disassemble a function in the APK(SHA1: c6ecdbdd9647107bbb811bfe3c45499e5323519c).

Take address 4296582152 as an example. After I run aaaa command, pdr/pdrj returns an error message: ERROR: Cannot find function at 0x10018a408

[0x1004b3df8]> pdr @ 4296582152
ERROR: Cannot find function at 0x10018a408

[0x1004b3df8]> pdrj @ 4296582152
ERROR: Cannot find function at 0x10018a408

[0x1004b3df8]> pd 10 @ 4296582152
            ;-- sym.Landroidx_recyclerview_widget_RecyclerView_ViewHolder_.toString__Ljava_lang_String:
            ;-- method.public.Landroidx_recyclerview_widget_RecyclerView_ViewHolder_.toString__Ljava_lang_String:
            0x10018a408      nop                                       ; String toString()
            0x10018a40a      invoke-virtual {v5}, method+34282
            0x10018a410      move-result-object v0
            0x10018a412      invoke-virtual {v0}, method+34171
            0x10018a418      move-result v0
        ┌─< 0x10018a41a      if-eqz v0, 0x10018a424
        │   0x10018a41e      const-string v0, string+13752
       ┌──< 0x10018a422      goto  0x10018a434
       │└─> 0x10018a424      invoke-virtual {v5}, method+34282
       │    0x10018a42a      move-result-object v0

According to the output of pd, the instruction in 0x10018a408 is nop. So I think there might be some bug dealing with nop instruction. I also use jadx to check the disassembly:

Steps to reproduce the behavior

Get the APK here and analyze it as follows.

$ rizin apk://Vuldroid.apk

WARNING: No calling convention defined for this file, analysis may be inaccurate.
 -- Toggle between disasm and graph with the space key
[0x1004b3df8]> aaaa
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls
[x] Analyze len bytes of instructions for references
[x] Check for classes
[x] Finding xrefs in noncode section with analysis.in=io.maps
[x] Analyze value pointers (aav)
[x] Value from 0x1000bbbd0 to 0x100489df4 (aav)
[x] 0x1000bbbd0-0x100489df4 in 0x1000bbbd0-0x100489df4 (aav)
[x] 0x1000bbbd0-0x100489df4 in 0x8000000000-0x8000004786 (aav)
[x] 0x1000bbbd0-0x100489df4 in 0x1004b3d28-0x1004f6ba8 (aav)
[x] 0x1000bbbd0-0x100489df4 in 0x8000490000-0x8000490156 (aav)
[x] Value from 0x8000000000 to 0x8000004786 (aav)
[x] 0x8000000000-0x8000004786 in 0x1000bbbd0-0x100489df4 (aav)
[x] 0x8000000000-0x8000004786 in 0x8000000000-0x8000004786 (aav)
[x] 0x8000000000-0x8000004786 in 0x1004b3d28-0x1004f6ba8 (aav)
[x] 0x8000000000-0x8000004786 in 0x8000490000-0x8000490156 (aav)
[x] Value from 0x1004b3d28 to 0x1004f6ba8 (aav)
[x] 0x1004b3d28-0x1004f6ba8 in 0x1000bbbd0-0x100489df4 (aav)
[x] 0x1004b3d28-0x1004f6ba8 in 0x8000000000-0x8000004786 (aav)
[x] 0x1004b3d28-0x1004f6ba8 in 0x1004b3d28-0x1004f6ba8 (aav)
[x] 0x1004b3d28-0x1004f6ba8 in 0x8000490000-0x8000490156 (aav)
[x] Value from 0x8000490000 to 0x8000490156 (aav)
[x] 0x8000490000-0x8000490156 in 0x1000bbbd0-0x100489df4 (aav)
[x] 0x8000490000-0x8000490156 in 0x8000000000-0x8000004786 (aav)
[x] 0x8000490000-0x8000490156 in 0x1004b3d28-0x1004f6ba8 (aav)
[x] 0x8000490000-0x8000490156 in 0x8000490000-0x8000490156 (aav)
[x] Emulate functions to find computed references
[x] Analyze local variables and arguments
[x] Applied 0 FLIRT signatures via sigdb
[x] Propagate noreturn information
[x] Resolve pointers to data sections
[x] Finding function preludes
[x] Enable constraint types analysis for variables

[0x1004b3df8]> pdr @ 4296582152

Please let me know if anything is unclear.

[wargio]

it might be because it starts with a nop