Menu
▾
▴
Re: [Capstone-users] sharedObject Files
|
From: Philipp R. <phi...@si...> - 2015-08-19 12:19:50
|
Hi again, I investigated my shared-object file a little bit more with different tools which are using capstone. On www.CEnigma.org my problem can be reproduced: Settings: Arm, Little Endian Code: 04 00 9F E5 00 00 8F E0 E7 FF FF EA C8 23 00 00 00 00 50 E3 08 40 2D E9 08 80 BD 08 30 FF 2F E1 08 80 BD E8 00 10 A0 E1 0C 20 9F E5 0C 00 9F E5 02 20 8F E0 00 00 8F E0 D8 FF FF EA 9C 23 00 00 D4 FF FF FF 08 B5 03 48 78 44 00 F0 4F FF 01 20 08 BD C0 46 70 11 00 00 03 68 00 B5 5A 00 03 D5 After the instruction "D4 FF FF FF" the output just stops. Move this instruction to the beginning and it tells you "Error: Failed to disassemble! Invalid input?". I do not know if this is a bug or working as intended. Fact is that these byte sequence is present in my shared object file's .text section. It is a sharedObject file created with the Android NDK. Any comments or suggestions on this? Thanks! Philipp On 14.08.2015 15:35, Philipp Roskosch wrote: > Hello, > > I am trying to reverse native libraries for Android (ARM). I used > capstone (with java) and disassembled ARM executables which worked very > good. Doing the same thing with a shared library (created with the > Android NDK) isn't working. Capstone only returns the code for the first > function and ignores all following commands. Am I missing something? > > Thanks! > > ------------------------------------------------------------------------------ > _______________________________________________ > Capstone-users mailing list > Cap...@li... > https://lists.sourceforge.net/lists/listinfo/capstone-users > |
