Git Product home page Git Product logo

Comments (11)

maiyao1988 avatar maiyao1988 commented on May 25, 2024

函数偏移地址只是针对一个函数,dump需要so的开始地址,这个dump不需要用到frida吧,直接命令行就行

from elf-dump-fix.

tmxd09887 avatar tmxd09887 commented on May 25, 2024

谢谢回复

抱歉整理下问题
1、看到readme,查找so开始位置和结束位置需要pid。然后,跟so相关的pid怎么查找呢?
2、frida hook到的地址是否也能用在这个工具呢?(先不管偏移还是绝对地址)

from elf-dump-fix.

maiyao1988 avatar maiyao1988 commented on May 25, 2024

1.ps|grep 包名
2.这个跟frida没有什么关系,这个工具要的so开始地址,需要自动化可以解析map再传给他,如果不是so的话,任何地址都可以dump,只是so的话他可以帮你做修复

from elf-dump-fix.

tmxd09887 avatar tmxd09887 commented on May 25, 2024

这个工具DUMP的是解密过的SO吗?

from elf-dump-fix.

tmxd09887 avatar tmxd09887 commented on May 25, 2024

dump结束了,但是报错好像还是有问题
warning load size [746208] is bigger than so size [733184], dump maybe incomplete!!!

修复的SO,IDA无法打开
binary data is incorrect maximum possible value is 7294

但是APK里解开的SO是可以打开的

IDA是64位

from elf-dump-fix.

maiyao1988 avatar maiyao1988 commented on May 25, 2024

dump结束了,但是报错好像还是有问题
warning load size [746208] is bigger than so size [733184], dump maybe incomplete!!!

修复的SO,IDA无法打开
binary data is incorrect maximum possible value is 7294

但是APK里解开的SO是可以打开的

IDA是64位

so有bss,把bss也dump下来

from elf-dump-fix.

tmxd09887 avatar tmxd09887 commented on May 25, 2024

/proc/3553/task/3553/maps:7f6c157000-7f6c1f8000 r-xp 00000000 103:11 1205468 /data/app/___lib-1/lib/arm64/___lib.so
/proc/3553/task/3553/maps:7f6c208000-7f6c209000 r--p 000a1000 103:11 1205468 /data/app/___lib-1/lib/arm64/___lib.so
/proc/3553/task/3553/maps:7f6c209000-7f6c20a000 rw-p 000a2000 103:11 1205468 /data/app/___lib-1/lib/arm64/___lib.so
这个是map文件里的字符

./dump 3553 0x7f6c157000 0x7f6c20a000 ./out5.so 1 1
我按照readme写的命令,按照readme说的,bss已经包括进去了吧

from elf-dump-fix.

maiyao1988 avatar maiyao1988 commented on May 25, 2024

没有包括,bss在最后一个文件映射后面,请认真看readme的示例

from elf-dump-fix.

tmxd09887 avatar tmxd09887 commented on May 25, 2024

加了bss文件,可以DUMP

有一句报错warning .init exist at 0x0000000000005040(这句有关系吗?)

IDA能打开,字符串窗口大部分关键字符解密了,但是函数窗口还是没解密,识别不了

from elf-dump-fix.

maiyao1988 avatar maiyao1988 commented on May 25, 2024

这个不是问题,只是一个提醒,
是否解密dump不是dump工具管的事,dump只管把内存抓取下来,什么时候解密需要分析者去分析,找准实际dump。

from elf-dump-fix.

tmxd09887 avatar tmxd09887 commented on May 25, 2024

感谢回答

from elf-dump-fix.

Related Issues (7)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.