【android逆向】 ARM for 逆向
阿新 • • 發佈:2022-03-19
C原始碼
#include <stdio.h> int nums[5] = {1, 2, 3, 4, 5}; int for1(int n){ //普通for迴圈 int i = 0; int s = 0; for (i = 0; i < n; i++){ s += i * 2; } return s; } int for2(int n){ //訪問全域性陣列 int i = 0; int s = 0; for (i = 0; i < n; i++){ s += i * i + nums[n-1]; } return s; } int main(int argc, char* argv[]){ printf("for1:%d\n", for1(5)); printf("for2:%d\n", for2(5)); return 0; }
android.mk
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_ARM_MODE := arm
LOCAL_MODULE := for
LOCAL_SRC_FILES := for.c
include $(BUILD_EXECUTABLE)
逆向程式碼+註釋
main
.text:000085FC ; int __cdecl main(int argc, const char **argv, const char **envp) .text:000085FC main ; CODE XREF: j_main↑j .text:000085FC ; __unwind { .text:000085FC PUSH {R4,LR} .text:00008600 MOV R0, #5 .text:00008604 BL for1 .text:00008608 MOV R1, R0 .text:0000860C LDR R0, =(aFor1D - 0x8618) ; "for1:%d\n" .text:00008610 ADD R0, PC, R0 ; "for1:%d\n" .text:00008614 BL printf .text:00008618 MOV R0, #5 .text:0000861C BL for2 .text:00008620 MOV R1, R0 .text:00008624 LDR R0, =(aFor2D - 0x8630) ; "for2:%d\n" .text:00008628 ADD R0, PC, R0 ; "for2:%d\n" .text:0000862C BL printf .text:00008630 MOV R0, #0 .text:00008634 POP {R4,PC} .text:00008634 ; End of function main .text:00008634 .text:00008634 ; --------------------------------------------------------------------------- .text:00008638 off_8638 DCD aFor1D - 0x8618 ; DATA XREF: main+10↑r .text:00008638 ; "for1:%d\n" .text:0000863C off_863C DCD aFor2D - 0x8630 ; DATA XREF: main+28↑r .text:0000863C ; } // starts at 85FC
for1
.text:00008590 ; =============== S U B R O U T I N E ======================================= .text:00008590 .text:00008590 .text:00008590 for1 ; CODE XREF: main+8↓p .text:00008590 ; __unwind { .text:00008590 CMP R0, #0 .text:00008594 MOVLE R0, #0 ; if arg0 <=0 s = 0 .text:00008598 BXLE LR ; if arg0 <= 0 return s = 0 .text:0000859C MOV R3, #0 ; i = 0; .text:000085A0 MOV R2, R0,LSL#1 ; n = arg0*2 = 10 .text:000085A4 MOV R0, R3 ; s = 0 .text:000085A8 .text:000085A8 loc_85A8 ; CODE XREF: for1+24↓j .text:000085A8 ADD R0, R0, R3 ; s += i .text:000085AC ADD R3, R3, #2 ; i += 2 .text:000085B0 CMP R3, R2 .text:000085B4 BNE loc_85A8 ; if (i != n) continue .text:000085B8 BX LR .text:000085B8 ; } // starts at 8590 .text:000085B8 ; End of function for1
for2
.text:000085BC ; =============== S U B R O U T I N E =======================================
.text:000085BC
.text:000085BC
.text:000085BC for2 ; CODE XREF: main+20↓p
.text:000085BC ; __unwind {
.text:000085BC SUBS R1, R0, #0
.text:000085C0 MOVLE R0, #0 ; s = 0
.text:000085C4 BXLE LR
.text:000085C8 LDR R3, =(__data_start_ptr - 0x85DC) ; nums 首地址在GOT中的偏移
.text:000085CC SUB R2, R1, #1 ; n = arg0 - 1 = 4
.text:000085D0 MOV R0, #0 ; i = 0
.text:000085D4 LDR R3, [PC,R3] ; __data_start ; num 首地址
.text:000085D8 LDR R12, [R3,R2,LSL#2] ; num + 4*4 = num[4]
.text:000085DC MOV R3, R0 ; i = 0
.text:000085E0
.text:000085E0 loc_85E0 ; CODE XREF: for2+34↓j
.text:000085E0 MLA R2, R3, R3, R12 ; R2 = i*i + num[4]
.text:000085E4 ADD R3, R3, #1 ; i++
.text:000085E8 CMP R3, R1 ; i < n
.text:000085EC ADD R0, R0, R2 ; s += R2
.text:000085F0 BNE loc_85E0 ; i < n ;繼續迴圈
.text:000085F4 BX LR
.text:000085F4 ; End of function for2