Menu
▾
▴
Re: [Capstone-users] sharedObject Files
|
From: Philipp R. <phi...@si...> - 2015-08-20 11:23:13
|
Hi aquynh, Jay and derrek, thanks a lot for your help, it's much appreciated! I checked out the "next branch" and adapted the Java bindings. So I am able to use the skipdata mode and it works perfectly. It's exactly the thing I was looking for! Thanks! Philipp On 19.08.2015 20:30, Jay Oster wrote: > Tip: Use Capstone's skipdata mode to handle these situations: > http://www.capstone-engine.org/skipdata.html > > On Wed, Aug 19, 2015 at 7:21 AM, Nguyen Anh Quynh <aq...@gm... > <mailto:aq...@gm...>> wrote: > > > > On Wed, Aug 19, 2015 at 8:19 PM, Philipp Roskosch > <phi...@si... > <mailto:phi...@si...>> wrote: > > Hi again, > > I investigated my shared-object file a little bit more with > different > tools which are using capstone. On www.CEnigma.org > <http://www.CEnigma.org> my problem can be > reproduced: > > Settings: Arm, Little Endian > Code: 04 00 9F E5 00 00 8F E0 E7 FF FF EA C8 23 00 00 > 00 00 50 E3 08 40 2D E9 08 80 BD 08 30 FF 2F E1 > 08 80 BD E8 00 10 A0 E1 0C 20 9F E5 0C 00 9F E5 > 02 20 8F E0 00 00 8F E0 D8 FF FF EA 9C 23 00 00 > D4 FF FF FF 08 B5 03 48 78 44 00 F0 4F FF 01 20 > 08 BD C0 46 70 11 00 00 03 68 00 B5 5A 00 03 D5 > > After the instruction "D4 FF FF FF" the output just stops. Move this > instruction to the beginning and it tells you "Error: Failed to > disassemble! Invalid input?". > > > D4 FF FF FF is not a valid instruction, so you need to look closer > into your binary file. > > the reason is that your assumption that bytes come from .text must > be code is wrong. > > > thanks. > > > > I do not know if this is a bug or working as intended. Fact is that > these byte sequence is present in my shared object file's .text > section. > It is a sharedObject file created with the Android NDK. > > > the reason is that your assumption that bytes come from .text must > be code is wrong. > you can always find in .text section data & rubbish. > > > thanks. > > Any comments or suggestions on this? > > Thanks! > Philipp > > On 14.08.2015 15:35, Philipp Roskosch wrote: > > Hello, > > > > I am trying to reverse native libraries for Android (ARM). I used > > capstone (with java) and disassembled ARM executables which worked very > > good. Doing the same thing with a shared library (created with the > > Android NDK) isn't working. Capstone only returns the code for the first > > function and ignores all following commands. Am I missing something? > > > > Thanks! > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Capstone-users mailing list > >Cap...@li... > <mailto:Cap...@li...> > >https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Capstone-users mailing list > Cap...@li... > <mailto:Cap...@li...> > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Capstone-users mailing list > Cap...@li... > <mailto:Cap...@li...> > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > Capstone-users mailing list > Cap...@li... > https://lists.sourceforge.net/lists/listinfo/capstone-users > |
