逆向工程 --- 从AI分析一个helloworld开始
本人喜欢先入为主,我先解释反编译,在介绍反汇编包括不同硬件架构的版本有arm,x86,mips,elf,最终到底层二进制。
LOAD:0000000000000000 ; LOAD:0000000000000000 ; +-------------------------------------------------------------------------+ LOAD:0000000000000000 ; | This file was generated by The Interactive Disassembler (IDA) | LOAD:0000000000000000 ; | Copyright (c) 2023 Hex-Rays, <support@hex-rays.com> | LOAD:0000000000000000 ; +-------------------------------------------------------------------------+ LOAD:0000000000000000 ; LOAD:0000000000000000 ; Input SHA256 : 4C8D4BB2E8723C2F2BDAA94221C1312C15E33D89E089349CF6892176DD6DA28F LOAD:0000000000000000 ; Input MD5 : 9971ACCE2417DEAFDD5559E4FDF6FE5E LOAD:0000000000000000 ; Input CRC32 : 0EDABED0 LOAD:0000000000000000 LOAD:0000000000000000 ; File Name : C:\Users\21558\Pictures\lib\x86_64\libhello_jni.so LOAD:0000000000000000 ; Format : ELF64 for x86-64 (Shared object) LOAD:0000000000000000 ; Needed Library 'liblog.so' LOAD:0000000000000000 ; Needed Library 'libstdc++.so' LOAD:0000000000000000 ; Needed Library 'libm.so' LOAD:0000000000000000 ; Needed Library 'libc.so' LOAD:0000000000000000 ; Needed Library 'libdl.so' LOAD:0000000000000000 ; Shared Name 'libhello_jni.so' LOAD:0000000000000000 ; LOAD:0000000000000000 LOAD:0000000000000000 .686p LOAD:0000000000000000 .mmx LOAD:0000000000000000 .model flat LOAD:0000000000000000 .intel_syntax noprefix LOAD:0000000000000000 LOAD:0000000000000000 ; =========================================================================== LOAD:0000000000000000 LOAD:0000000000000000 ; Segment type: Pure code LOAD:0000000000000000 ; Segment permissions: Read/Execute LOAD:0000000000000000 LOAD segment mempage public 'CODE' use64 LOAD:0000000000000000 assume cs:LOAD LOAD:0000000000000000 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing LOAD:0000000000000000 dword_0 dd 464C457Fh ; DATA XREF: LOAD:0000000000000240↓o LOAD:0000000000000000 ; LOAD:0000000000000258↓o ... LOAD:0000000000000000 ; File format: \x7FELF LOAD:0000000000000004 db 2 ; File class: 64-bit LOAD:0000000000000005 db 1 ; Data encoding: little-endian LOAD:0000000000000006 db 1 ; File version LOAD:0000000000000007 db 0 ; OS/ABI: UNIX System V ABI LOAD:0000000000000008 db 0 ; ABI Version LOAD:0000000000000009 db 7 dup(0) ; Padding LOAD:0000000000000010 dw 3 ; File type: Shared object LOAD:0000000000000012 dw 3Eh ; Machine: x86-64 LOAD:0000000000000014 dd 1 ; File version LOAD:0000000000000018 dq 0 ; Entry point LOAD:0000000000000020 dq 40h ; PHT file offset LOAD:0000000000000028 dq 1160h ; SHT file offset LOAD:0000000000000030 dd 0 ; Processor-specific flags LOAD:0000000000000034 dw 40h ; ELF header size LOAD:0000000000000036 dw 38h ; PHT entry size LOAD:0000000000000038 dw 8 ; Number of entries in PHT LOAD:000000000000003A dw 40h ; SHT entry size LOAD:000000000000003C dw 19h ; Number of entries in SHT LOAD:000000000000003E dw 18h ; SHT entry index for string table LOAD:0000000000000040 ; ELF64 Program Header LOAD:0000000000000040 ; PHT Entry 0 LOAD:0000000000000040 dword_40 dd 6 ; DATA XREF: LOAD:0000000000000050↓o LOAD:0000000000000040 ; Type: PHDR LOAD:0000000000000044 dd 4 ; Flags LOAD:0000000000000048 dq 40h ; File offset LOAD:0000000000000050 dq offset dword_40 ; Virtual address LOAD:0000000000000058 dq 40h ; Physical address LOAD:0000000000000060 dq 1C0h ; Size in file image LOAD:0000000000000068 dq 1C0h ; Size in memory image LOAD:0000000000000070 dq 8 ; Alignment LOAD:0000000000000078 ; PHT Entry 1 LOAD:0000000000000078 dd 1 ; Type: LOAD LOAD:000000000000007C dd 5 ; Flags LOAD:0000000000000080 dq 0 ; File offset LOAD:0000000000000088 dq 0 ; Virtual address LOAD:0000000000000090 dq 0 ; Physical address LOAD:0000000000000098 dq 858h ; Size in file image LOAD:00000000000000A0 dq 858h ; Size in memory image LOAD:00000000000000A8 dq 1000h ; Alignment LOAD:00000000000000B0 ; PHT Entry 2 LOAD:00000000000000B0 dd 1 ; Type: LOAD LOAD:00000000000000B4 dd 6 ; Flags LOAD:00000000000000B8 dq 0D60h ; File offset LOAD:00000000000000C0 dq offset off_1D60 ; Virtual address LOAD:00000000000000C8 dq 1D60h ; Physical address LOAD:00000000000000D0 dq 2C8h ; Size in file image LOAD:00000000000000D8 dq 2C8h ; Size in memory image LOAD:00000000000000E0 dq 1000h ; Alignment LOAD:00000000000000E8 ; PHT Entry 3 LOAD:00000000000000E8 dd 2 ; Type: DYNAMIC LOAD:00000000000000EC dd 6 ; Flags LOAD:00000000000000F0 dq 0D78h ; File offset LOAD:00000000000000F8 dq offset stru_1D78 ; Virtual address LOAD:0000000000000100 dq 1D78h ; Physical address LOAD:0000000000000108 dq 250h ; Size in file image LOAD:0000000000000110 dq 250h ; Size in memory image LOAD:0000000000000118 dq 8 ; Alignment LOAD:0000000000000120 ; PHT Entry 4 LOAD:0000000000000120 dd 4 ; Type: NOTE LOAD:0000000000000124 dd 4 ; Flags LOAD:0000000000000128 dq 200h ; File offset LOAD:0000000000000130 dq offset dword_200 ; Virtual address LOAD:0000000000000138 dq 200h ; Physical address LOAD:0000000000000140 dq 24h ; Size in file image LOAD:0000000000000148 dq 24h ; Size in memory image LOAD:0000000000000150 dq 4 ; Alignment LOAD:0000000000000158 ; PHT Entry 5 LOAD:0000000000000158 dd 6474E550h ; Type: EH_FRAME LOAD:000000000000015C dd 4 ; Flags LOAD:0000000000000160 dq 814h ; File offset LOAD:0000000000000168 dq offset unk_814 ; Virtual address LOAD:0000000000000170 dq 814h ; Physical address LOAD:0000000000000178 dq 44h ; Size in file image LOAD:0000000000000180 dq 44h ; Size in memory image LOAD:0000000000000188 dq 4 ; Alignment LOAD:0000000000000190 ; PHT Entry 6 LOAD:0000000000000190 dd 6474E551h ; Type: STACK LOAD:0000000000000194 dd 6 ; Flags LOAD:0000000000000198 dq 0 ; File offset LOAD:00000000000001A0 dq 0 ; Virtual address LOAD:00000000000001A8 dq 0 ; Physical address LOAD:00000000000001B0 dq 0 ; Size in file image LOAD:00000000000001B8 dq 0 ; Size in memory image LOAD:00000000000001C0 dq 0 ; Alignment LOAD:00000000000001C8 ; PHT Entry 7 LOAD:00000000000001C8 dd 6474E552h ; Type: RO-AFTER LOAD:00000000000001CC dd 6 ; Flags LOAD:00000000000001D0 dq 0D60h ; File offset LOAD:00000000000001D8 dq offset off_1D60 ; Virtual address LOAD:00000000000001E0 dq 1D60h ; Physical address LOAD:00000000000001E8 dq 2A0h ; Size in file image LOAD:00000000000001F0 dq 2A0h ; Size in memory image LOAD:00000000000001F8 dq 8 ; Alignment LOAD:0000000000000200 ; ELF Note Entry LOAD:0000000000000200 dword_200 dd 4 ; DATA XREF: LOAD:0000000000000130↑o LOAD:0000000000000200 ; Name Size LOAD:0000000000000204 dd 14h ; Desc Size LOAD:0000000000000208 dd 3 ; Type: NT_GNU_BUILD_ID LOAD:000000000000020C aGnu db 'GNU',0 ; Name LOAD:0000000000000210 db 1Bh, 40h, 77h, 0FDh, 47h, 62h, 30h, 0A8h, 0C2h, 30h ; Desc LOAD:000000000000021A db 0C6h, 26h, 0F9h, 5Bh, 0BFh, 64h, 7Fh, 18h, 2Dh, 0A7h LOAD:0000000000000224 align 8 LOAD:0000000000000228 ; ELF Symbol Table LOAD:0000000000000228 Elf64_Sym <0> LOAD:0000000000000240 Elf64_Sym <offset aCxaFinalize - offset byte_318, 12h, 0, 0, \ ; "__cxa_finalize" LOAD:0000000000000240 offset dword_0, 0> LOAD:0000000000000258 Elf64_Sym <offset aCxaAtexit - offset byte_318, 12h, 0, 0, \ ; "__cxa_atexit" LOAD:0000000000000258 offset dword_0, 0> LOAD:0000000000000270 Elf64_Sym <offset aJavaGithubJp10 - offset byte_318, 12h, 0, 0Bh, \ ; "Java_github_jp1017_hellojni_MainActivit"... LOAD:0000000000000270 offset Java_github_jp1017_hellojni_MainActivity_staticRegFromJni,\ LOAD:0000000000000270 13h> LOAD:0000000000000288 Elf64_Sym <offset aJniOnload - offset byte_318, 12h, 0, 0Bh, \ ; "JNI_OnLoad" LOAD:0000000000000288 offset JNI_OnLoad, 7Ch> LOAD:00000000000002A0 Elf64_Sym <offset aNativemethod - offset byte_318, 11h, 0, 14h, \ ; "nativeMethod" LOAD:00000000000002A0 offset nativeMethod, 18h> LOAD:00000000000002B8 Elf64_Sym <offset aStackChkFail - offset byte_318, 12h, 0, 0, \ ; "__stack_chk_fail" LOAD:00000000000002B8 offset dword_0, 0> LOAD:00000000000002D0 Elf64_Sym <offset aEdata - offset byte_318, 10h, 0, 0FFF1h, \ ; "_edata" LOAD:00000000000002D0 offset unk_2028, 0> LOAD:00000000000002E8 Elf64_Sym <offset aBssStart - offset byte_318, 10h, 0, 0FFF1h, \ ; "__bss_start" LOAD:00000000000002E8 offset unk_2028, 0> LOAD:0000000000000300 Elf64_Sym <offset aEnd - offset byte_318, 10h, 0, 0FFF1h, \ ; "_end" LOAD:0000000000000300 offset unk_2028, 0> LOAD:0000000000000318 ; ELF String Table LOAD:0000000000000318 byte_318 db 0 ; DATA XREF: LOAD:0000000000000240↑o LOAD:0000000000000318 ; LOAD:0000000000000258↑o ... LOAD:0000000000000319 aCxaFinalize db '__cxa_finalize',0 ; DATA XREF: LOAD:0000000000000240↑o LOAD:0000000000000328 aLibc db 'LIBC',0 ; DATA XREF: LOAD:0000000000000474↓o LOAD:000000000000032D aLibcSo db 'libc.so',0 ; DATA XREF: LOAD:0000000000000464↓o LOAD:0000000000000335 aLibhelloJniSo db 'libhello_jni.so',0 ; DATA XREF: LOAD:000000000000045C↓o LOAD:0000000000000345 aCxaAtexit db '__cxa_atexit',0 ; DATA XREF: LOAD:0000000000000258↑o LOAD:0000000000000352 aJavaGithubJp10 db 'Java_github_jp1017_hellojni_MainActivity_staticRegFromJni',0 LOAD:0000000000000352 ; DATA XREF: LOAD:0000000000000270↑o LOAD:000000000000038C aJniOnload db 'JNI_OnLoad',0 ; DATA XREF: LOAD:0000000000000288↑o LOAD:0000000000000397 aNativemethod db 'nativeMethod',0 ; DATA XREF: LOAD:00000000000002A0↑o LOAD:00000000000003A4 aStackChkFail db '__stack_chk_fail',0 ; DATA XREF: LOAD:00000000000002B8↑o LOAD:00000000000003B5 aEdata db '_edata',0 ; DATA XREF: LOAD:00000000000002D0↑o LOAD:00000000000003BC aBssStart db '__bss_start',0 ; DATA XREF: LOAD:00000000000002E8↑o LOAD:00000000000003C8 aEnd db '_end',0 ; DATA XREF: LOAD:0000000000000300↑o LOAD:00000000000003CD aLiblogSo db 'liblog.so',0 LOAD:00000000000003D7 aLibstdcSo db 'libstdc++.so',0 LOAD:00000000000003E4 aLibmSo db 'libm.so',0 LOAD:00000000000003EC aLibdlSo db 'libdl.so',0 LOAD:00000000000003F5 align 8 LOAD:00000000000003F8 ; ELF Hash Table LOAD:00000000000003F8 elf_hash_nbucket dd 3 LOAD:00000000000003FC elf_hash_nchain dd 0Ah LOAD:0000000000000400 elf_hash_bucket dd 7, 9, 8 LOAD:000000000000040C elf_hash_chain dd 3 dup(0), 2, 1, 3, 0, 6, 4, 5 LOAD:0000000000000434 ; ELF GNU Symbol Version Table LOAD:0000000000000434 dw 0 LOAD:0000000000000436 dw 2 ; __cxa_finalize@@LIBC LOAD:0000000000000438 dw 2 ; __cxa_atexit@@LIBC LOAD:000000000000043A dw 1 ; global symbol: Java_github_jp1017_hellojni_MainActivity_staticRegFromJni LOAD:000000000000043C dw 1 ; global symbol: JNI_OnLoad LOAD:000000000000043E dw 1 ; global symbol: nativeMethod LOAD:0000000000000440 dw 2 ; __stack_chk_fail@@LIBC LOAD:0000000000000442 dw 1 ; global symbol: _edata LOAD:0000000000000444 dw 1 ; global symbol: __bss_start LOAD:0000000000000446 dw 1 ; global symbol: _end LOAD:0000000000000448 ; ELF GNU Symbol Version Definitions LOAD:0000000000000448 Elf64_Verdef <1, 1, 1, 1, 0EF8E45Fh, 14h, 0> LOAD:000000000000045C Elf64_Verdaux <offset aLibhelloJniSo - offset byte_318, 0> ; "libhello_jni.so" LOAD:0000000000000464 ; ELF GNU Symbol Version Requirements LOAD:0000000000000464 Elf64_Verneed <1, 1, offset aLibcSo - offset byte_318, 10h, 0> ; "libc.so" LOAD:0000000000000474 Elf64_Vernaux <50D63h, 0, 2, offset aLibc - offset byte_318, 0> ; "LIBC" LOAD:0000000000000484 align 8 LOAD:0000000000000488 ; ELF RELA Relocation Table LOAD:0000000000000488 Elf64_Rela <1D60h, 8, 5A0h> ; R_X86_64_RELATIVE +5A0h LOAD:00000000000004A0 Elf64_Rela <1FC8h, 8, 2010h> ; R_X86_64_RELATIVE +2010h LOAD:00000000000004B8 Elf64_Rela <2000h, 8, 2000h> ; R_X86_64_RELATIVE +2000h LOAD:00000000000004D0 Elf64_Rela <2010h, 8, 6E2h> ; R_X86_64_RELATIVE +6E2h LOAD:00000000000004E8 Elf64_Rela <2018h, 8, 6F4h> ; R_X86_64_RELATIVE +6F4h LOAD:0000000000000500 Elf64_Rela <2020h, 8, 5F0h> ; R_X86_64_RELATIVE +5F0h LOAD:0000000000000518 ; ELF JMPREL Relocation Table LOAD:0000000000000518 Elf64_Rela <1FE8h, 200000007h, 0> ; R_X86_64_JUMP_SLOT __cxa_atexit LOAD:0000000000000530 Elf64_Rela <1FF0h, 100000007h, 0> ; R_X86_64_JUMP_SLOT __cxa_finalize LOAD:0000000000000548 Elf64_Rela <1FF8h, 600000007h, 0> ; R_X86_64_JUMP_SLOT __stack_chk_fail LOAD:0000000000000548 LOAD ends LOAD:0000000000000548 .plt:0000000000000560 ; =========================================================================== .plt:0000000000000560 .plt:0000000000000560 ; Segment type: Pure code .plt:0000000000000560 ; Segment permissions: Read/Execute .plt:0000000000000560 _plt segment para public 'CODE' use64 .plt:0000000000000560 assume cs:_plt .plt:0000000000000560 ;org 560h .plt:0000000000000560 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing .plt:0000000000000560 .plt:0000000000000560 ; =============== S U B R O U T I N E ======================================= .plt:0000000000000560 .plt:0000000000000560 .plt:0000000000000560 sub_560 proc near ; CODE XREF: .plt:000000000000057B↓j .plt:0000000000000560 ; .plt:000000000000058B↓j ... .plt:0000000000000560 ; __unwind { .plt:0000000000000560 push cs:qword_1FD8 .plt:0000000000000566 jmp cs:qword_1FE0 .plt:0000000000000566 sub_560 endp .plt:0000000000000566 .plt:0000000000000566 ; --------------------------------------------------------------------------- .plt:000000000000056C align 10h .plt:0000000000000570 ; [00000006 BYTES: COLLAPSED FUNCTION ___cxa_atexit. PRESS CTRL-NUMPAD+ TO EXPAND] .plt:0000000000000576 ; --------------------------------------------------------------------------- .plt:0000000000000576 push 0 .plt:000000000000057B jmp sub_560 .plt:0000000000000580 ; [00000006 BYTES: COLLAPSED FUNCTION ___cxa_finalize. PRESS CTRL-NUMPAD+ TO EXPAND] .plt:0000000000000586 ; --------------------------------------------------------------------------- .plt:0000000000000586 push 1 .plt:000000000000058B jmp sub_560 .plt:0000000000000590 ; [00000006 BYTES: COLLAPSED FUNCTION ___stack_chk_fail. PRESS CTRL-NUMPAD+ TO EXPAND] .plt:0000000000000596 ; --------------------------------------------------------------------------- .plt:0000000000000596 push 2 .plt:000000000000059B jmp sub_560 .plt:000000000000059B ; } // starts at 560 .plt:000000000000059B _plt ends .plt:000000000000059B .text:00000000000005A0 ; =========================================================================== .text:00000000000005A0 .text:00000000000005A0 ; Segment type: Pure code .text:00000000000005A0 ; Segment permissions: Read/Execute .text:00000000000005A0 _text segment para public 'CODE' use64 .text:00000000000005A0 assume cs:_text .text:00000000000005A0 ;org 5A0h .text:00000000000005A0 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing .text:00000000000005A0 .text:00000000000005A0 ; =============== S U B R O U T I N E ======================================= .text:00000000000005A0 .text:00000000000005A0 .text:00000000000005A0 sub_5A0 proc near ; DATA XREF: .fini_array:off_1D60↓o .text:00000000000005A0 ; __unwind { .text:00000000000005A0 lea rdi, off_2000 ; void * .text:00000000000005A7 jmp ___cxa_finalize .text:00000000000005A7 ; } // starts at 5A0 .text:00000000000005A7 sub_5A0 endp .text:00000000000005A7 .text:00000000000005A7 ; --------------------------------------------------------------------------- .text:00000000000005AC align 10h .text:00000000000005B0 .text:00000000000005B0 loc_5B0: ; DATA XREF: .text:00000000000005CA↓o .text:00000000000005B0 ; __unwind { .text:00000000000005B0 test rdi, rdi .text:00000000000005B3 jz short locret_5B8 .text:00000000000005B5 jmp rdi .text:00000000000005B5 ; --------------------------------------------------------------------------- .text:00000000000005B7 align 8 .text:00000000000005B8 .text:00000000000005B8 locret_5B8: ; CODE XREF: .text:00000000000005B3↑j .text:00000000000005B8 retn .text:00000000000005B8 ; } // starts at 5B0 .text:00000000000005B8 ; --------------------------------------------------------------------------- .text:00000000000005B9 align 20h .text:00000000000005C0 ; __unwind { .text:00000000000005C0 mov rsi, rdi .text:00000000000005C3 lea rdx, off_2000 .text:00000000000005CA lea rdi, loc_5B0 .text:00000000000005D1 jmp ___cxa_atexit .text:00000000000005D1 ; } // starts at 5C0 .text:00000000000005D1 ; --------------------------------------------------------------------------- .text:00000000000005D6 db 66h, 2Eh, 0Fh, 1Fh, 84h, 5 dup(0) .text:00000000000005E0 db 0Fh, 1Fh, 40h, 0 .text:00000000000005E4 align 10h .text:00000000000005F0 .text:00000000000005F0 loc_5F0: ; DATA XREF: .data:0000000000002020↓o .text:00000000000005F0 ; __unwind { .text:00000000000005F0 mov rax, [rdi] .text:00000000000005F3 lea rsi, unk_6B0 .text:00000000000005FA mov rax, [rax+538h] .text:0000000000000601 jmp rax .text:0000000000000601 ; } // starts at 5F0 .text:0000000000000601 ; --------------------------------------------------------------------------- .text:0000000000000603 align 10h .text:0000000000000610 .text:0000000000000610 ; =============== S U B R O U T I N E ======================================= .text:0000000000000610 .text:0000000000000610 .text:0000000000000610 public Java_github_jp1017_hellojni_MainActivity_staticRegFromJni .text:0000000000000610 Java_github_jp1017_hellojni_MainActivity_staticRegFromJni proc near .text:0000000000000610 ; DATA XREF: LOAD:0000000000000270↑o .text:0000000000000610 ; __unwind { .text:0000000000000610 mov rax, [rdi] .text:0000000000000613 lea rsi, unk_6C9 .text:000000000000061A mov rax, [rax+538h] .text:0000000000000621 jmp rax .text:0000000000000621 ; } // starts at 610 .text:0000000000000621 Java_github_jp1017_hellojni_MainActivity_staticRegFromJni endp .text:0000000000000621 .text:0000000000000621 ; --------------------------------------------------------------------------- .text:0000000000000623 align 10h .text:0000000000000630 .text:0000000000000630 ; =============== S U B R O U T I N E ======================================= .text:0000000000000630 .text:0000000000000630 .text:0000000000000630 public JNI_OnLoad .text:0000000000000630 JNI_OnLoad proc near ; DATA XREF: LOAD:0000000000000288↑o .text:0000000000000630 .text:0000000000000630 var_18 = qword ptr -18h .text:0000000000000630 var_10 = qword ptr -10h .text:0000000000000630 .text:0000000000000630 ; __unwind { .text:0000000000000630 lea rsp, [rsp-18h] .text:0000000000000635 mov edx, 10004h .text:000000000000063A mov rax, fs:28h .text:0000000000000643 mov [rsp+18h+var_10], rax .text:0000000000000648 xor eax, eax .text:000000000000064A mov rax, [rdi] .text:000000000000064D mov rsi, rsp .text:0000000000000650 call qword ptr [rax+30h] .text:0000000000000653 mov edx, 0FFFFFFFFh .text:0000000000000658 test eax, eax .text:000000000000065A jnz short loc_68F .text:000000000000065C mov rdi, [rsp+18h+var_18] .text:0000000000000660 lea rsi, aGithubJp1017He ; "github/jp1017/hellojni/MainActivity" .text:0000000000000667 mov rax, [rdi] .text:000000000000066A call qword ptr [rax+30h] .text:000000000000066D mov rdi, [rsp+18h+var_18] .text:0000000000000671 mov ecx, 1 .text:0000000000000676 mov rdx, cs:nativeMethod_ptr .text:000000000000067D mov rsi, rax .text:0000000000000680 mov r8, [rdi] .text:0000000000000683 call qword ptr [r8+6B8h] .text:000000000000068A mov edx, 10004h .text:000000000000068F .text:000000000000068F loc_68F: ; CODE XREF: JNI_OnLoad+2A↑j .text:000000000000068F mov rcx, [rsp+18h+var_10] .text:0000000000000694 xor rcx, fs:28h .text:000000000000069D mov eax, edx .text:000000000000069F jnz short loc_6A7 .text:00000000000006A1 lea rsp, [rsp+18h] .text:00000000000006A6 retn .text:00000000000006A7 ; --------------------------------------------------------------------------- .text:00000000000006A7 .text:00000000000006A7 loc_6A7: ; CODE XREF: JNI_OnLoad+6F↑j .text:00000000000006A7 call ___stack_chk_fail .text:00000000000006A7 ; } // starts at 630 .text:00000000000006A7 JNI_OnLoad endp .text:00000000000006A7 .text:00000000000006A7 _text ends .text:00000000000006A7 LOAD:00000000000006AC ; =========================================================================== LOAD:00000000000006AC LOAD:00000000000006AC ; Segment type: Pure code LOAD:00000000000006AC ; Segment permissions: Read/Execute LOAD:00000000000006AC LOAD segment mempage public 'CODE' use64 LOAD:00000000000006AC assume cs:LOAD LOAD:00000000000006AC ;org 6ACh LOAD:00000000000006AC assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing LOAD:00000000000006AC align 10h LOAD:00000000000006AC LOAD ends LOAD:00000000000006AC .rodata:00000000000006B0 ; =========================================================================== .rodata:00000000000006B0 .rodata:00000000000006B0 ; Segment type: Pure data .rodata:00000000000006B0 ; Segment permissions: Read .rodata:00000000000006B0 _rodata segment qword public 'CONST' use64 .rodata:00000000000006B0 assume cs:_rodata .rodata:00000000000006B0 ;org 6B0h .rodata:00000000000006B0 unk_6B0 db 0E5h ; DATA XREF: .text:00000000000005F3↑o .rodata:00000000000006B1 db 8Ah .rodata:00000000000006B2 db 0A8h .rodata:00000000000006B3 db 0E6h .rodata:00000000000006B4 db 80h ; € .rodata:00000000000006B5 db 81h .rodata:00000000000006B6 db 0E6h .rodata:00000000000006B7 db 0B3h .rodata:00000000000006B8 db 0A8h .rodata:00000000000006B9 db 0E5h .rodata:00000000000006BA db 86h .rodata:00000000000006BB db 8Ch .rodata:00000000000006BC db 0E8h .rodata:00000000000006BD db 0B0h .rodata:00000000000006BE db 83h .rodata:00000000000006BF db 0E7h .rodata:00000000000006C0 db 94h .rodata:00000000000006C1 db 0A8h .rodata:00000000000006C2 db 0E6h .rodata:00000000000006C3 db 88h .rodata:00000000000006C4 db 90h .rodata:00000000000006C5 db 0E5h .rodata:00000000000006C6 db 8Ah .rodata:00000000000006C7 db 9Fh .rodata:00000000000006C8 db 0 .rodata:00000000000006C9 unk_6C9 db 0E9h ; DATA XREF: Java_github_jp1017_hellojni_MainActivity_staticRegFromJni+3↑o .rodata:00000000000006CA db 9Dh .rodata:00000000000006CB db 99h .rodata:00000000000006CC db 0E6h .rodata:00000000000006CD db 80h ; € .rodata:00000000000006CE db 81h .rodata:00000000000006CF db 0E6h .rodata:00000000000006D0 db 0B3h .rodata:00000000000006D1 db 0A8h .rodata:00000000000006D2 db 0E5h .rodata:00000000000006D3 db 86h .rodata:00000000000006D4 db 8Ch .rodata:00000000000006D5 db 0E8h .rodata:00000000000006D6 db 0B0h .rodata:00000000000006D7 db 83h .rodata:00000000000006D8 db 0E7h .rodata:00000000000006D9 db 94h .rodata:00000000000006DA db 0A8h .rodata:00000000000006DB db 0E6h .rodata:00000000000006DC db 88h .rodata:00000000000006DD db 90h .rodata:00000000000006DE db 0E5h .rodata:00000000000006DF db 8Ah .rodata:00000000000006E0 db 9Fh .rodata:00000000000006E1 db 0 .rodata:00000000000006E2 aDynamicregfrom db 'dynamicRegFromJni',0 .rodata:00000000000006E2 ; DATA XREF: .data:nativeMethod↓o .rodata:00000000000006F4 aLjavaLangStrin db '()Ljava/lang/String;',0 .rodata:00000000000006F4 ; DATA XREF: .data:0000000000002018↓o .rodata:0000000000000709 align 10h .rodata:0000000000000710 aGithubJp1017He db 'github/jp1017/hellojni/MainActivity',0 .rodata:0000000000000710 ; DATA XREF: JNI_OnLoad+30↑o .rodata:0000000000000710 _rodata ends .rodata:0000000000000710 LOAD:0000000000000734 ; =========================================================================== LOAD:0000000000000734 LOAD:0000000000000734 ; Segment type: Pure code LOAD:0000000000000734 ; Segment permissions: Read/Execute LOAD:0000000000000734 LOAD segment mempage public 'CODE' use64 LOAD:0000000000000734 assume cs:LOAD LOAD:0000000000000734 ;org 734h LOAD:0000000000000734 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing LOAD:0000000000000734 align 8 LOAD:0000000000000734 LOAD ends LOAD:0000000000000734 .eh_frame:0000000000000738 ; =========================================================================== .eh_frame:0000000000000738 .eh_frame:0000000000000738 ; Segment type: Pure data .eh_frame:0000000000000738 ; Segment permissions: Read .eh_frame:0000000000000738 _eh_frame segment qword public 'CONST' use64 .eh_frame:0000000000000738 assume cs:_eh_frame .eh_frame:0000000000000738 ;org 738h .eh_frame:0000000000000738 db 14h .eh_frame:0000000000000739 db 0 .eh_frame:000000000000073A db 0 .eh_frame:000000000000073B db 0 .eh_frame:000000000000073C db 0 .eh_frame:000000000000073D db 0 .eh_frame:000000000000073E db 0 .eh_frame:000000000000073F db 0 .eh_frame:0000000000000740 db 1 .eh_frame:0000000000000741 db 7Ah ; z .eh_frame:0000000000000742 db 52h ; R .eh_frame:0000000000000743 db 0 .eh_frame:0000000000000744 db 1 .eh_frame:0000000000000745 db 78h ; x .eh_frame:0000000000000746 db 10h .eh_frame:0000000000000747 db 1 .eh_frame:0000000000000748 db 1Bh .eh_frame:0000000000000749 db 0Ch .eh_frame:000000000000074A db 7 .eh_frame:000000000000074B db 8 .eh_frame:000000000000074C db 90h .eh_frame:000000000000074D db 1 .eh_frame:000000000000074E db 0 .eh_frame:000000000000074F db 0 .eh_frame:0000000000000750 db 14h .eh_frame:0000000000000751 db 0 .eh_frame:0000000000000752 db 0 .eh_frame:0000000000000753 db 0 .eh_frame:0000000000000754 db 1Ch .eh_frame:0000000000000755 db 0 .eh_frame:0000000000000756 db 0 .eh_frame:0000000000000757 db 0 .eh_frame:0000000000000758 db 58h ; X .eh_frame:0000000000000759 db 0FEh .eh_frame:000000000000075A db 0FFh .eh_frame:000000000000075B db 0FFh .eh_frame:000000000000075C db 9 .eh_frame:000000000000075D db 0 .eh_frame:000000000000075E db 0 .eh_frame:000000000000075F db 0 .eh_frame:0000000000000760 db 0 .eh_frame:0000000000000761 db 0 .eh_frame:0000000000000762 db 0 .eh_frame:0000000000000763 db 0 .eh_frame:0000000000000764 db 0 .eh_frame:0000000000000765 db 0 .eh_frame:0000000000000766 db 0 .eh_frame:0000000000000767 db 0 .eh_frame:0000000000000768 db 14h .eh_frame:0000000000000769 db 0 .eh_frame:000000000000076A db 0 .eh_frame:000000000000076B db 0 .eh_frame:000000000000076C db 34h ; 4 .eh_frame:000000000000076D db 0 .eh_frame:000000000000076E db 0 .eh_frame:000000000000076F db 0 .eh_frame:0000000000000770 db 30h ; 0 .eh_frame:0000000000000771 db 0FEh .eh_frame:0000000000000772 db 0FFh .eh_frame:0000000000000773 db 0FFh .eh_frame:0000000000000774 db 0Ch .eh_frame:0000000000000775 db 0 .eh_frame:0000000000000776 db 0 .eh_frame:0000000000000777 db 0 .eh_frame:0000000000000778 db 0 .eh_frame:0000000000000779 db 0 .eh_frame:000000000000077A db 0 .eh_frame:000000000000077B db 0 .eh_frame:000000000000077C db 0 .eh_frame:000000000000077D db 0 .eh_frame:000000000000077E db 0 .eh_frame:000000000000077F db 0 .eh_frame:0000000000000780 db 14h .eh_frame:0000000000000781 db 0 .eh_frame:0000000000000782 db 0 .eh_frame:0000000000000783 db 0 .eh_frame:0000000000000784 db 4Ch ; L .eh_frame:0000000000000785 db 0 .eh_frame:0000000000000786 db 0 .eh_frame:0000000000000787 db 0 .eh_frame:0000000000000788 db 38h ; 8 .eh_frame:0000000000000789 db 0FEh .eh_frame:000000000000078A db 0FFh .eh_frame:000000000000078B db 0FFh .eh_frame:000000000000078C db 16h .eh_frame:000000000000078D db 0 .eh_frame:000000000000078E db 0 .eh_frame:000000000000078F db 0 .eh_frame:0000000000000790 db 0 .eh_frame:0000000000000791 db 0 .eh_frame:0000000000000792 db 0 .eh_frame:0000000000000793 db 0 .eh_frame:0000000000000794 db 0 .eh_frame:0000000000000795 db 0 .eh_frame:0000000000000796 db 0 .eh_frame:0000000000000797 db 0 .eh_frame:0000000000000798 db 14h .eh_frame:0000000000000799 db 0 .eh_frame:000000000000079A db 0 .eh_frame:000000000000079B db 0 .eh_frame:000000000000079C db 64h ; d .eh_frame:000000000000079D db 0 .eh_frame:000000000000079E db 0 .eh_frame:000000000000079F db 0 .eh_frame:00000000000007A0 db 50h ; P .eh_frame:00000000000007A1 db 0FEh .eh_frame:00000000000007A2 db 0FFh .eh_frame:00000000000007A3 db 0FFh .eh_frame:00000000000007A4 db 13h .eh_frame:00000000000007A5 db 0 .eh_frame:00000000000007A6 db 0 .eh_frame:00000000000007A7 db 0 .eh_frame:00000000000007A8 db 0 .eh_frame:00000000000007A9 db 0 .eh_frame:00000000000007AA db 0 .eh_frame:00000000000007AB db 0 .eh_frame:00000000000007AC db 0 .eh_frame:00000000000007AD db 0 .eh_frame:00000000000007AE db 0 .eh_frame:00000000000007AF db 0 .eh_frame:00000000000007B0 db 14h .eh_frame:00000000000007B1 db 0 .eh_frame:00000000000007B2 db 0 .eh_frame:00000000000007B3 db 0 .eh_frame:00000000000007B4 db 7Ch ; | .eh_frame:00000000000007B5 db 0 .eh_frame:00000000000007B6 db 0 .eh_frame:00000000000007B7 db 0 .eh_frame:00000000000007B8 db 58h ; X .eh_frame:00000000000007B9 db 0FEh .eh_frame:00000000000007BA db 0FFh .eh_frame:00000000000007BB db 0FFh .eh_frame:00000000000007BC db 13h .eh_frame:00000000000007BD db 0 .eh_frame:00000000000007BE db 0 .eh_frame:00000000000007BF db 0 .eh_frame:00000000000007C0 db 0 .eh_frame:00000000000007C1 db 0 .eh_frame:00000000000007C2 db 0 .eh_frame:00000000000007C3 db 0 .eh_frame:00000000000007C4 db 0 .eh_frame:00000000000007C5 db 0 .eh_frame:00000000000007C6 db 0 .eh_frame:00000000000007C7 db 0 .eh_frame:00000000000007C8 db 1Ch .eh_frame:00000000000007C9 db 0 .eh_frame:00000000000007CA db 0 .eh_frame:00000000000007CB db 0 .eh_frame:00000000000007CC db 94h .eh_frame:00000000000007CD db 0 .eh_frame:00000000000007CE db 0 .eh_frame:00000000000007CF db 0 .eh_frame:00000000000007D0 db 60h ; ` .eh_frame:00000000000007D1 db 0FEh .eh_frame:00000000000007D2 db 0FFh .eh_frame:00000000000007D3 db 0FFh .eh_frame:00000000000007D4 db 7Ch ; | .eh_frame:00000000000007D5 db 0 .eh_frame:00000000000007D6 db 0 .eh_frame:00000000000007D7 db 0 .eh_frame:00000000000007D8 db 0 .eh_frame:00000000000007D9 db 45h ; E .eh_frame:00000000000007DA db 0Eh .eh_frame:00000000000007DB db 20h .eh_frame:00000000000007DC db 2 .eh_frame:00000000000007DD db 71h ; q .eh_frame:00000000000007DE db 0Ah .eh_frame:00000000000007DF db 0Eh .eh_frame:00000000000007E0 db 8 .eh_frame:00000000000007E1 db 41h ; A .eh_frame:00000000000007E2 db 0Bh .eh_frame:00000000000007E3 db 0 .eh_frame:00000000000007E4 db 0 .eh_frame:00000000000007E5 db 0 .eh_frame:00000000000007E6 db 0 .eh_frame:00000000000007E7 db 0 .eh_frame:00000000000007E8 db 24h ; $ .eh_frame:00000000000007E9 db 0 .eh_frame:00000000000007EA db 0 .eh_frame:00000000000007EB db 0 .eh_frame:00000000000007EC db 0B4h .eh_frame:00000000000007ED db 0 .eh_frame:00000000000007EE db 0 .eh_frame:00000000000007EF db 0 .eh_frame:00000000000007F0 db 70h ; p .eh_frame:00000000000007F1 db 0FDh .eh_frame:00000000000007F2 db 0FFh .eh_frame:00000000000007F3 db 0FFh .eh_frame:00000000000007F4 db 40h ; @ .eh_frame:00000000000007F5 db 0 .eh_frame:00000000000007F6 db 0 .eh_frame:00000000000007F7 db 0 .eh_frame:00000000000007F8 db 0 .eh_frame:00000000000007F9 db 0Eh .eh_frame:00000000000007FA db 10h .eh_frame:00000000000007FB db 46h ; F .eh_frame:00000000000007FC db 0Eh .eh_frame:00000000000007FD db 18h .eh_frame:00000000000007FE db 4Ah ; J .eh_frame:00000000000007FF db 0Fh .eh_frame:0000000000000800 db 0Bh .eh_frame:0000000000000801 db 77h ; w .eh_frame:0000000000000802 db 8 .eh_frame:0000000000000803 db 80h ; € .eh_frame:0000000000000804 db 0 .eh_frame:0000000000000805 db 3Fh ; ? .eh_frame:0000000000000806 db 1Ah .eh_frame:0000000000000807 db 3Bh ; ; .eh_frame:0000000000000808 db 2Ah ; * .eh_frame:0000000000000809 db 33h ; 3 .eh_frame:000000000000080A db 24h ; $ .eh_frame:000000000000080B db 22h ; " .eh_frame:000000000000080C db 0 .eh_frame:000000000000080D db 0 .eh_frame:000000000000080E db 0 .eh_frame:000000000000080F db 0 .eh_frame:0000000000000810 db 0 .eh_frame:0000000000000811 db 0 .eh_frame:0000000000000812 db 0 .eh_frame:0000000000000813 db 0 .eh_frame:0000000000000813 _eh_frame ends .eh_frame:0000000000000813 .eh_frame_hdr:0000000000000814 ; =========================================================================== .eh_frame_hdr:0000000000000814 .eh_frame_hdr:0000000000000814 ; Segment type: Pure data .eh_frame_hdr:0000000000000814 ; Segment permissions: Read .eh_frame_hdr:0000000000000814 _eh_frame_hdr segment dword public 'CONST' use64 .eh_frame_hdr:0000000000000814 assume cs:_eh_frame_hdr .eh_frame_hdr:0000000000000814 ;org 814h .eh_frame_hdr:0000000000000814 unk_814 db 1 ; DATA XREF: LOAD:0000000000000168↑o .eh_frame_hdr:0000000000000815 db 1Bh .eh_frame_hdr:0000000000000816 db 3 .eh_frame_hdr:0000000000000817 db 3Bh ; ; .eh_frame_hdr:0000000000000818 db 20h .eh_frame_hdr:0000000000000819 db 0FFh .eh_frame_hdr:000000000000081A db 0FFh .eh_frame_hdr:000000000000081B db 0FFh .eh_frame_hdr:000000000000081C db 7 .eh_frame_hdr:000000000000081D db 0 .eh_frame_hdr:000000000000081E db 0 .eh_frame_hdr:000000000000081F db 0 .eh_frame_hdr:0000000000000820 db 4Ch ; L .eh_frame_hdr:0000000000000821 db 0FDh .eh_frame_hdr:0000000000000822 db 0FFh .eh_frame_hdr:0000000000000823 db 0FFh .eh_frame_hdr:0000000000000824 db 0D4h .eh_frame_hdr:0000000000000825 db 0FFh .eh_frame_hdr:0000000000000826 db 0FFh .eh_frame_hdr:0000000000000827 db 0FFh .eh_frame_hdr:0000000000000828 db 8Ch .eh_frame_hdr:0000000000000829 db 0FDh .eh_frame_hdr:000000000000082A db 0FFh .eh_frame_hdr:000000000000082B db 0FFh .eh_frame_hdr:000000000000082C db 54h ; T .eh_frame_hdr:000000000000082D db 0FFh .eh_frame_hdr:000000000000082E db 0FFh .eh_frame_hdr:000000000000082F db 0FFh .eh_frame_hdr:0000000000000830 db 9Ch .eh_frame_hdr:0000000000000831 db 0FDh .eh_frame_hdr:0000000000000832 db 0FFh .eh_frame_hdr:0000000000000833 db 0FFh .eh_frame_hdr:0000000000000834 db 3Ch ; < .eh_frame_hdr:0000000000000835 db 0FFh .eh_frame_hdr:0000000000000836 db 0FFh .eh_frame_hdr:0000000000000837 db 0FFh .eh_frame_hdr:0000000000000838 db 0ACh .eh_frame_hdr:0000000000000839 db 0FDh .eh_frame_hdr:000000000000083A db 0FFh .eh_frame_hdr:000000000000083B db 0FFh .eh_frame_hdr:000000000000083C db 6Ch ; l .eh_frame_hdr:000000000000083D db 0FFh .eh_frame_hdr:000000000000083E db 0FFh .eh_frame_hdr:000000000000083F db 0FFh .eh_frame_hdr:0000000000000840 db 0DCh .eh_frame_hdr:0000000000000841 db 0FDh .eh_frame_hdr:0000000000000842 db 0FFh .eh_frame_hdr:0000000000000843 db 0FFh .eh_frame_hdr:0000000000000844 db 84h .eh_frame_hdr:0000000000000845 db 0FFh .eh_frame_hdr:0000000000000846 db 0FFh .eh_frame_hdr:0000000000000847 db 0FFh .eh_frame_hdr:0000000000000848 db 0FCh .eh_frame_hdr:0000000000000849 db 0FDh .eh_frame_hdr:000000000000084A db 0FFh .eh_frame_hdr:000000000000084B db 0FFh .eh_frame_hdr:000000000000084C db 9Ch .eh_frame_hdr:000000000000084D db 0FFh .eh_frame_hdr:000000000000084E db 0FFh .eh_frame_hdr:000000000000084F db 0FFh .eh_frame_hdr:0000000000000850 db 1Ch .eh_frame_hdr:0000000000000851 db 0FEh .eh_frame_hdr:0000000000000852 db 0FFh .eh_frame_hdr:0000000000000853 db 0FFh .eh_frame_hdr:0000000000000854 db 0B4h .eh_frame_hdr:0000000000000855 db 0FFh .eh_frame_hdr:0000000000000856 db 0FFh .eh_frame_hdr:0000000000000857 db 0FFh .eh_frame_hdr:0000000000000857 _eh_frame_hdr ends .eh_frame_hdr:0000000000000857 .fini_array:0000000000001D60 ; ELF Termination Function Table .fini_array:0000000000001D60 ; =========================================================================== .fini_array:0000000000001D60 .fini_array:0000000000001D60 ; Segment type: Pure data .fini_array:0000000000001D60 ; Segment permissions: Read/Write .fini_array:0000000000001D60 _fini_array segment qword public 'DATA' use64 .fini_array:0000000000001D60 assume cs:_fini_array .fini_array:0000000000001D60 ;org 1D60h .fini_array:0000000000001D60 off_1D60 dq offset sub_5A0 ; DATA XREF: LOAD:00000000000000C0↑o .fini_array:0000000000001D60 ; LOAD:00000000000001D8↑o .fini_array:0000000000001D68 align 10h .fini_array:0000000000001D68 _fini_array ends .fini_array:0000000000001D68 .init_array:0000000000001D70 ; =========================================================================== .init_array:0000000000001D70 .init_array:0000000000001D70 ; Segment type: Pure data .init_array:0000000000001D70 ; Segment permissions: Read/Write .init_array:0000000000001D70 _init_array segment qword public 'DATA' use64 .init_array:0000000000001D70 assume cs:_init_array .init_array:0000000000001D70 ;org 1D70h .init_array:0000000000001D70 db 0 .init_array:0000000000001D71 db 0 .init_array:0000000000001D72 db 0 .init_array:0000000000001D73 db 0 .init_array:0000000000001D74 db 0 .init_array:0000000000001D75 db 0 .init_array:0000000000001D76 db 0 .init_array:0000000000001D77 db 0 .init_array:0000000000001D77 _init_array ends .init_array:0000000000001D77 LOAD:0000000000001D78 ; ELF Dynamic Information LOAD:0000000000001D78 ; =========================================================================== LOAD:0000000000001D78 LOAD:0000000000001D78 ; Segment type: Pure data LOAD:0000000000001D78 ; Segment permissions: Read/Write LOAD:0000000000001D78 LOAD segment mempage public 'DATA' use64 LOAD:0000000000001D78 assume cs:LOAD LOAD:0000000000001D78 ;org 1D78h LOAD:0000000000001D78 stru_1D78 Elf64_Dyn <3, 1FD0h> ; DATA XREF: LOAD:00000000000000F8↑o LOAD:0000000000001D78 ; .got.plt:0000000000001FD0↓o LOAD:0000000000001D78 ; DT_PLTGOT LOAD:0000000000001D88 Elf64_Dyn <2, 48h> ; DT_PLTRELSZ LOAD:0000000000001D98 Elf64_Dyn <17h, 518h> ; DT_JMPREL LOAD:0000000000001DA8 Elf64_Dyn <14h, 7> ; DT_PLTREL LOAD:0000000000001DB8 Elf64_Dyn <7, 488h> ; DT_RELA LOAD:0000000000001DC8 Elf64_Dyn <8, 90h> ; DT_RELASZ LOAD:0000000000001DD8 Elf64_Dyn <9, 18h> ; DT_RELAENT LOAD:0000000000001DE8 Elf64_Dyn <6FFFFFF9h, 6> ; DT_RELACOUNT LOAD:0000000000001DF8 Elf64_Dyn <6, 228h> ; DT_SYMTAB LOAD:0000000000001E08 Elf64_Dyn <0Bh, 18h> ; DT_SYMENT LOAD:0000000000001E18 Elf64_Dyn <5, 318h> ; DT_STRTAB LOAD:0000000000001E28 Elf64_Dyn <0Ah, 0DDh> ; DT_STRSZ LOAD:0000000000001E38 Elf64_Dyn <4, 3F8h> ; DT_HASH LOAD:0000000000001E48 Elf64_Dyn <1, 0B5h> ; DT_NEEDED liblog.so LOAD:0000000000001E58 Elf64_Dyn <1, 0BFh> ; DT_NEEDED libstdc++.so LOAD:0000000000001E68 Elf64_Dyn <1, 0CCh> ; DT_NEEDED libm.so LOAD:0000000000001E78 Elf64_Dyn <1, 15h> ; DT_NEEDED libc.so LOAD:0000000000001E88 Elf64_Dyn <1, 0D4h> ; DT_NEEDED libdl.so LOAD:0000000000001E98 Elf64_Dyn <0Eh, 1Dh> ; DT_SONAME libhello_jni.so LOAD:0000000000001EA8 Elf64_Dyn <1Ah, 1D60h> ; DT_FINI_ARRAY LOAD:0000000000001EB8 Elf64_Dyn <1Ch, 10h> ; DT_FINI_ARRAYSZ LOAD:0000000000001EC8 Elf64_Dyn <19h, 1D70h> ; DT_INIT_ARRAY LOAD:0000000000001ED8 Elf64_Dyn <1Bh, 8> ; DT_INIT_ARRAYSZ LOAD:0000000000001EE8 Elf64_Dyn <10h, 0> ; DT_SYMBOLIC LOAD:0000000000001EF8 Elf64_Dyn <1Eh, 0Ah> ; DT_FLAGS LOAD:0000000000001F08 Elf64_Dyn <6FFFFFFBh, 1> ; DT_FLAGS_1 LOAD:0000000000001F18 Elf64_Dyn <6FFFFFF0h, 434h> ; DT_VERSYM LOAD:0000000000001F28 Elf64_Dyn <6FFFFFFCh, 448h> ; DT_VERDEF LOAD:0000000000001F38 Elf64_Dyn <6FFFFFFDh, 1> ; DT_VERDEFNUM LOAD:0000000000001F48 Elf64_Dyn <6FFFFFFEh, 464h> ; DT_VERNEED LOAD:0000000000001F58 Elf64_Dyn <6FFFFFFFh, 1> ; DT_VERNEEDNUM LOAD:0000000000001F68 Elf64_Dyn <0> ; DT_NULL LOAD:0000000000001F78 db 0 LOAD:0000000000001F79 db 0 LOAD:0000000000001F7A db 0 LOAD:0000000000001F7B db 0 LOAD:0000000000001F7C db 0 LOAD:0000000000001F7D db 0 LOAD:0000000000001F7E db 0 LOAD:0000000000001F7F db 0 LOAD:0000000000001F80 db 0 LOAD:0000000000001F81 db 0 LOAD:0000000000001F82 db 0 LOAD:0000000000001F83 db 0 LOAD:0000000000001F84 db 0 LOAD:0000000000001F85 db 0 LOAD:0000000000001F86 db 0 LOAD:0000000000001F87 db 0 LOAD:0000000000001F88 db 0 LOAD:0000000000001F89 db 0 LOAD:0000000000001F8A db 0 LOAD:0000000000001F8B db 0 LOAD:0000000000001F8C db 0 LOAD:0000000000001F8D db 0 LOAD:0000000000001F8E db 0 LOAD:0000000000001F8F db 0 LOAD:0000000000001F90 db 0 LOAD:0000000000001F91 db 0 LOAD:0000000000001F92 db 0 LOAD:0000000000001F93 db 0 LOAD:0000000000001F94 db 0 LOAD:0000000000001F95 db 0 LOAD:0000000000001F96 db 0 LOAD:0000000000001F97 db 0 LOAD:0000000000001F98 db 0 LOAD:0000000000001F99 db 0 LOAD:0000000000001F9A db 0 LOAD:0000000000001F9B db 0 LOAD:0000000000001F9C db 0 LOAD:0000000000001F9D db 0 LOAD:0000000000001F9E db 0 LOAD:0000000000001F9F db 0 LOAD:0000000000001FA0 db 0 LOAD:0000000000001FA1 db 0 LOAD:0000000000001FA2 db 0 LOAD:0000000000001FA3 db 0 LOAD:0000000000001FA4 db 0 LOAD:0000000000001FA5 db 0 LOAD:0000000000001FA6 db 0 LOAD:0000000000001FA7 db 0 LOAD:0000000000001FA8 db 0 LOAD:0000000000001FA9 db 0 LOAD:0000000000001FAA db 0 LOAD:0000000000001FAB db 0 LOAD:0000000000001FAC db 0 LOAD:0000000000001FAD db 0 LOAD:0000000000001FAE db 0 LOAD:0000000000001FAF db 0 LOAD:0000000000001FB0 db 0 LOAD:0000000000001FB1 db 0 LOAD:0000000000001FB2 db 0 LOAD:0000000000001FB3 db 0 LOAD:0000000000001FB4 db 0 LOAD:0000000000001FB5 db 0 LOAD:0000000000001FB6 db 0 LOAD:0000000000001FB7 db 0 LOAD:0000000000001FB8 db 0 LOAD:0000000000001FB9 db 0 LOAD:0000000000001FBA db 0 LOAD:0000000000001FBB db 0 LOAD:0000000000001FBC db 0 LOAD:0000000000001FBD db 0 LOAD:0000000000001FBE db 0 LOAD:0000000000001FBF db 0 LOAD:0000000000001FC0 db 0 LOAD:0000000000001FC1 db 0 LOAD:0000000000001FC2 db 0 LOAD:0000000000001FC3 db 0 LOAD:0000000000001FC4 db 0 LOAD:0000000000001FC5 db 0 LOAD:0000000000001FC6 db 0 LOAD:0000000000001FC7 db 0 LOAD:0000000000001FC7 LOAD ends LOAD:0000000000001FC7 .got:0000000000001FC8 ; =========================================================================== .got:0000000000001FC8 .got:0000000000001FC8 ; Segment type: Pure data .got:0000000000001FC8 ; Segment permissions: Read/Write .got:0000000000001FC8 _got segment qword public 'DATA' use64 .got:0000000000001FC8 assume cs:_got .got:0000000000001FC8 ;org 1FC8h .got:0000000000001FC8 nativeMethod_ptr dq offset nativeMethod ; DATA XREF: JNI_OnLoad+46↑r .got:0000000000001FC8 _got ends .got:0000000000001FC8 .got.plt:0000000000001FD0 ; =========================================================================== .got.plt:0000000000001FD0 .got.plt:0000000000001FD0 ; Segment type: Pure data .got.plt:0000000000001FD0 ; Segment permissions: Read/Write .got.plt:0000000000001FD0 _got_plt segment qword public 'DATA' use64 .got.plt:0000000000001FD0 assume cs:_got_plt .got.plt:0000000000001FD0 ;org 1FD0h .got.plt:0000000000001FD0 dq offset stru_1D78 .got.plt:0000000000001FD8 qword_1FD8 dq 0 ; DATA XREF: sub_560↑r .got.plt:0000000000001FE0 qword_1FE0 dq 0 ; DATA XREF: sub_560+6↑r .got.plt:0000000000001FE8 off_1FE8 dq offset __cxa_atexit ; DATA XREF: ___cxa_atexit↑r .got.plt:0000000000001FF0 off_1FF0 dq offset __cxa_finalize .got.plt:0000000000001FF0 ; DATA XREF: ___cxa_finalize↑r .got.plt:0000000000001FF8 off_1FF8 dq offset __stack_chk_fail .got.plt:0000000000001FF8 ; DATA XREF: ___stack_chk_fail↑r .got.plt:0000000000001FF8 _got_plt ends .got.plt:0000000000001FF8 .data:0000000000002000 ; =========================================================================== .data:0000000000002000 .data:0000000000002000 ; Segment type: Pure data .data:0000000000002000 ; Segment permissions: Read/Write .data:0000000000002000 _data segment para public 'DATA' use64 .data:0000000000002000 assume cs:_data .data:0000000000002000 ;org 2000h .data:0000000000002000 off_2000 dq offset off_2000 ; DATA XREF: sub_5A0↑o .data:0000000000002000 ; .text:00000000000005C3↑o ... .data:0000000000002008 align 10h .data:0000000000002010 public nativeMethod .data:0000000000002010 nativeMethod dq offset aDynamicregfrom .data:0000000000002010 ; DATA XREF: LOAD:00000000000002A0↑o .data:0000000000002010 ; .got:nativeMethod_ptr↑o .data:0000000000002010 ; "dynamicRegFromJni" .data:0000000000002018 dq offset aLjavaLangStrin ; "()Ljava/lang/String;" .data:0000000000002020 dq offset loc_5F0 .data:0000000000002020 _data ends .data:0000000000002020 .bss:0000000000002028 ; =========================================================================== .bss:0000000000002028 .bss:0000000000002028 ; Segment type: Zero-length .bss:0000000000002028 ; Segment permissions: Read/Write .bss:0000000000002028 _bss segment byte public 'BSS' use64 .bss:0000000000002028 unk_2028 label byte ; DATA XREF: LOAD:00000000000002D0↑o .bss:0000000000002028 ; LOAD:00000000000002E8↑o ... .bss:0000000000002028 _bss ends .bss:0000000000002028 extern:0000000000002030 ; =========================================================================== extern:0000000000002030 extern:0000000000002030 ; Segment type: Externs extern:0000000000002030 ; extern extern:0000000000002030 ; int __fastcall _cxa_finalize(void *) extern:0000000000002030 extrn __cxa_finalize:near extern:0000000000002030 ; CODE XREF: ___cxa_finalize↑j extern:0000000000002030 ; DATA XREF: .got.plt:off_1FF0↑o extern:0000000000002038 ; int __fastcall _cxa_atexit(void (__fastcall *lpfunc)(void *), void *obj, void *lpdso_handle) extern:0000000000002038 extrn __cxa_atexit:near ; CODE XREF: ___cxa_atexit↑j extern:0000000000002038 ; DATA XREF: .got.plt:off_1FE8↑o extern:0000000000002040 extrn __stack_chk_fail:near extern:0000000000002040 ; CODE XREF: ___stack_chk_fail↑j extern:0000000000002040 ; DATA XREF: .got.plt:off_1FF8↑o extern:0000000000002040 abs:0000000000002048 ; =========================================================================== abs:0000000000002048 abs:0000000000002048 ; Segment type: Absolute symbols abs:0000000000002048 ; abs abs:0000000000002048 public _edata abs:0000000000002048 _edata = 2028h abs:0000000000002050 public __bss_start abs:0000000000002050 __bss_start = 2028h abs:0000000000002058 public _end abs:0000000000002058 _end = 2028h abs:0000000000002058 abs:0000000000002058 abs:0000000000002058 end 函数名称 sub_5600x560 push cs:qword_1FD8 0x566 jmp cs:qword_1FE0 // "code-keyword">extern "code-keyword">void* qword_1FD8; // "code-keyword">extern "code-keyword">void (*qword_1FE0)(); /* 作用:一个跳转函数(trampoline),可能是为了实现延迟绑定(PLT)或某种初始化/反初始化调用。它将一个指针(qword_1FD8)压入栈中作为参数,然后无条件跳转到另一个地址(qword_1FE0)执行。 来源:编译器/链接器生成 依赖:无 变量和参数重命名: - qword_1FD8 -> pArgument_or_Handle - qword_1FE0 -> pTargetFunction 控制流结构:无条件跳转 (jmp),可以视为尾调用 (tail call)。 算法识别:无标准算法 加固识别:无明显加固特征。这种间接跳转是动态链接的标准实现。 */ "code-keyword">void trampoline_sub_560() { // 这是一个汇编级别的跳转,无法直接用标准C++表示。 // push cs:qword_1FD8 // jmp cs:qword_1FE0 // 伪代码如下: // target_function(argument); // 由于这是一个尾调用,控制权不会返回到这里。 JUMPOUT(pTargetFunction); // 跳转到目标函数执行,pArgument_or_Handle 已经被压栈作为参数。 } 函数名称 .__cxa_atexit .__cxa_atexit 函数地址 0x570 0x570 函数大小 6 bytes 反汇编代码 0x570 jmp cs:off_1FE8 // "code-keyword">extern "code-keyword">int (*off_1FE8)("code-keyword">void (*func)("code-keyword">void *), "code-keyword">void *arg, "code-keyword">void *dso_handle); /* 作用:一个PLT(Procedure Linkage Table)存根函数,用于将调用重定向到动态链接库(如libc.so)中的 `__cxa_atexit` 真实实现。`__cxa_atexit` 用于注册一个在程序退出时需要被调用的函数(例如,用于销毁静态或全局对象)。 来源:编译器/链接器生成 (PLT stub) 依赖:C++ ABI / C 标准库 变量和参数重命名: - off_1FE8 -> __cxa_atexit_ptr 控制流结构:无条件跳转 (jmp),属于尾调用。 算法识别:无标准算法 加固识别:无。这是标准的动态链接机制。 */ "code-keyword">int thunk_cxa_atexit("code-keyword">void (*func)("code-keyword">void *), "code-keyword">void *arg, "code-keyword">void *dso_handle) { "code-keyword">return __cxa_atexit_ptr(func, arg, dso_handle); // 跳转到 __cxa_atexit 的实际地址执行 } 函数名称 .__cxa_finalize .__cxa_finalize 函数地址 0x580 0x580 函数大小 6 bytes 反汇编代码 0x580 jmp cs:off_1FF0 // "code-keyword">extern "code-keyword">int (*off_1FF0)("code-keyword">void *dso_handle); /* 作用:一个PLT(Procedure Linkage Table)存根函数,用于将调用重定向到动态链接库中的 `__cxa_finalize` 真实实现。`__cxa_finalize` 用于执行由 `__cxa_atexit` 注册的清理函数。 来源:编译器/链接器生成 (PLT stub) 依赖:C++ ABI / C 标准库 变量和参数重命名: - off_1FF0 -> __cxa_finalize_ptr 控制流结构:无条件跳转 (jmp),属于尾调用。 算法识别:无标准算法 加固识别:无。这是标准的动态链接机制。 */ "code-keyword">int thunk_cxa_finalize("code-keyword">void *dso_handle) { "code-keyword">return __cxa_finalize_ptr(dso_handle); // 跳转到 __cxa_finalize 的实际地址执行 } 函数名称 .__stack_chk_fail .__stack_chk_fail 函数地址 0x590 0x590 函数大小 6 bytes 反汇编代码 0x590 jmp cs:off_1FF8 // "code-keyword">extern "code-keyword">void (*off_1FF8)("code-keyword">void); /* 作用:一个PLT(Procedure Linkage Table)存根函数,用于将调用重定向到动态链接库中的 `__stack_chk_fail` 真实实现。该函数在检测到栈缓冲区溢出(即stack canary被破坏)时被调用,并会立即终止程序以防止进一步的攻击。 来源:编译器/链接器生成 (PLT stub) 依赖:C 标准库 / 编译器运行时 变量和参数重命名: - off_1FF8 -> __stack_chk_fail_ptr 控制流结构:无条件跳转 (jmp),属于尾调用。 算法识别:无标准算法 加固识别:该函数本身是栈保护(Stack Canary / Stack Smashing Protector)加固措施的一部分。 */ "code-keyword">void __attribute__((noreturn)) thunk_stack_chk_fail() { __stack_chk_fail_ptr(); // 跳转到 __stack_chk_fail 的实际地址执行,该函数不会返回。 } 函数名称 sub_5A0 sub_5A0 函数地址 0x5a0 0x5a0 函数大小 12 bytes 反汇编代码 0x5a0 lea rdi, off_2000; void * 0x5a7 jmp ___cxa_finalize // "code-keyword">extern "code-keyword">void* off_2000; // "code-keyword">int __cxa_finalize("code-keyword">void *dso_handle); /* 作用:注册一个模块的终结器(finalizer)。它将一个句柄(通常是当前动态共享对象DSO的句柄 `__dso_handle`,此处位于 off_2000)传递给 `__cxa_finalize` 函数。这通常由编译器自动生成,用于在程序退出时清理全局或静态资源。 来源:编译器生成 依赖:C++ ABI / C 标准库 变量和参数重命名: - off_2000 -> __dso_handle 控制流结构:尾调用 (Tail Call) 算法识别:无标准算法 加固识别:无明显加固特征。 */ "code-keyword">int register_module_finalizer_sub_5A0() { "code-keyword">return __cxa_finalize(&__dso_handle); // 调用 __cxa_finalize 并传入模块句柄的地址 } 函数名称 Java_github_jp1017_hellojni_MainActivity_staticRegFromJni Java_github_jp1017_hellojni_MainActivity_staticRegFromJni 函数地址 0x610 0x610 函数大小 19 bytes 反汇编代码 0x610 mov rax, [rdi] 0x613 lea rsi, unk_6C9 0x61a mov rax, [rax+538h] 0x621 jmp rax #include // "code-keyword">extern "code-keyword">const "code-keyword">char unk_6C9[]; /* 作用:这是一个JNI(Java Native Interface)本地方法。当Java代码调用 `github.jp1017.hellojni.MainActivity.staticRegFromJni()` 方法时,此函数会被执行。它的功能是从一个本地C字符串(位于 unk_6C9)创建一个Java字符串对象(jstring)并返回给Java层。 来源:用户自定义 (JNI 实现) 依赖:Android NDK(jni.h) 变量和参数重命名: - a1 -> env - unk_6C9 -> native_string_content 控制流结构:无复杂控制流,直接通过函数指针表调用JNI函数。 算法识别:无标准算法 加固识别:存在变量名称混淆(如 `unk_6C9`)。 */ jstring Java_github_jp1017_hellojni_MainActivity_staticRegFromJni(JNIEnv *env, jobject thiz) { // JNIEnv是一个指向函数指针表的指针。 // (*env) 获取函数指针表。 // (*env)->NewStringUTF 是函数指针表中的一个成员。 // 汇编 `mov rax, [rax+538h]` 表示在 JNIEnv 函数指针表中偏移 0x538 (1336) 字节处找到 NewStringUTF 函数的地址。 "code-keyword">return (*env)->NewStringUTF(env, native_string_content); // 调用NewStringUTF函数,将C字符串转换为Java字符串并返回 } 函数名称 JNI_OnLoad JNI_OnLoad 函数地址 0x630 0x630 函数大小 124 bytes 反汇编代码 0x630 lea rsp, [rsp-18h] 0x635 mov edx, 10004h 0x63a mov rax, fs:28h 0x643 mov [rsp+18h+var_10], rax 0x648 xor eax, eax 0x64a mov rax, [rdi] 0x64d mov rsi, rsp 0x650 call qword ptr [rax+30h] 0x653 mov edx, 0FFFFFFFFh 0x658 test eax, eax 0x65a jnz short loc_68F 0x65c mov rdi, [rsp+18h+var_18] 0x660 lea rsi, aGithubJp1017He; "github/jp1017/hellojni/MainActivity" 0x667 mov rax, [rdi] 0x66a call qword ptr [rax+30h] 0x66d mov rdi, [rsp+18h+var_18] 0x671 mov ecx, 1 0x676 mov rdx, cs:nativeMethod_ptr 0x67d mov rsi, rax 0x680 mov r8, [rdi] 0x683 call qword ptr [r8+6B8h] 0x68a mov edx, 10004h 0x68f mov rcx, [rsp+18h+var_10] 0x694 xor rcx, fs:28h 0x69d mov eax, edx 0x69f jnz short loc_6A7 0x6a1 lea rsp, [rsp+18h] 0x6a6 retn retn 0x6a7 call ___stack_chk_fail #include // "code-keyword">extern JNINativeMethod nativeMethod_ptr[]; /* 作用:当包含此本地代码的库被JVM加载时,此函数被自动调用。它负责库的初始化,主要完成以下工作: 1. 从JavaVM获取JNIEnv指针。 2. 查找名为 "github/jp1017/hellojni/MainActivity" 的Java类。 3. 使用 `RegisterNatives` 函数为该类动态注册一个或多个本地方法。 4. 返回所支持的JNI版本号。 来源:用户自定义 (JNI 库入口点) 依赖:Android NDK(jni.h) 变量和参数重命名: - a1 -> vm(JavaVM*) - v5 -> env(JNIEnv*) - v3 -> main_activity_class(jclass) - nativeMethod_ptr -> g_native_methods 控制流结构:使用"code-keyword">if条件分支检查函数调用是否成功。 算法识别:无标准算法 加固识别:包含栈保护(Stack Canary)机制,在函数进入时设置并在退出时检查,以防止栈溢出攻击。 */ jint JNI_OnLoad(JavaVM *vm, "code-keyword">void *reserved) { JNIEnv *env = "code-keyword">NULL; // 用于存储JNI环境的指针 jint result = -1; // 默认返回失败 // 从JavaVM获取当前线程的JNIEnv接口指针,请求JNI 1.4版本 "code-keyword">if ((*vm)->GetEnv(vm, ("code-keyword">void**)&env, JNI_VERSION_1_4) != JNI_OK) { "code-keyword">return result; // 获取失败,返回-1 } // 查找需要注册本地方法的Java类 jclass main_activity_class = (*env)->FindClass(env, "github/jp1017/hellojni/MainActivity"); "code-keyword">if (main_activity_class == "code-keyword">NULL) { "code-keyword">return result; // 查找失败,返回-1 } // 动态注册本地方法 // 第一个参数是JNI环境指针 // 第二个参数是目标Java类 // 第三个参数是一个JNINativeMethod结构体数组,定义了Java方法与C/C++函数的映射关系 // 第四个参数是要注册的方法数量 "code-keyword">if ((*env)->RegisterNatives(env, main_activity_class, g_native_methods, 1) < 0) { "code-keyword">return result; // 注册失败,返回-1 } "code-keyword">return JNI_VERSION_1_4; // 初始化成功,返回JNI版本号 } 函数名称 __cxa_finalize __cxa_finalize 函数地址 0x2030 0x2030 函数大小 8 bytes 反汇编代码 0x2030 extrn __cxa_finalize:near /* 作用:声明一个外部函数 `__cxa_finalize`。这表示该函数在本模块中未定义,其实现由链接器在链接时从其他库(通常是libc++或C++运行时库)中解析。此函数用于执行通过 `__cxa_atexit` 注册的析构函数或清理函数。 来源:系统库 (libc++ / C++ ABI) 依赖:C++ ABI / C 标准库 变量和参数重命名:无 控制流结构:无 算法识别:无标准算法 加固识别:无 */ // 函数原型声明 "code-keyword">int __cxa_finalize("code-keyword">void *dso_handle); 函数名称 __cxa_atexit __cxa_atexit 函数地址 0x2038 0x2038 函数大小 8 bytes 反汇编代码 0x2038 extrn __cxa_atexit:near /* 作用:声明一个外部函数 `__cxa_atexit`。这表示该函数在本模块中未定义,其实现由链接器在链接时从其他库(通常是libc++或C++运行时库)中解析。此函数用于注册在程序退出时要调用的函数,通常用于销毁全局或静态对象。 来源:系统库 (libc++ / C++ ABI) 依赖:C++ ABI / C 标准库 变量和参数重命名:无 控制流结构:无 算法识别:无标准算法 加固识别:无 */ // 函数原型声明 "code-keyword">int __cxa_atexit("code-keyword">void (*func)("code-keyword">void *), "code-keyword">void *arg, "code-keyword">void *dso_handle); 函数名称 __stack_chk_fail __stack_chk_fail 函数地址 0x2040 0x2040 函数大小 8 bytes 反汇编代码 0x2040 extrn __stack_chk_fail:near /* 作用:声明一个外部函数 `__stack_chk_fail`。这表示该函数在本模块中未定义,其实现由链接器在链接时从其他库(通常是libc或编译器运行时库)中解析。当编译器启用的栈保护机制(Stack Canary)检测到栈被破坏时,会调用此函数来终止程序。 来源:系统库 (libc / 编译器运行时) 依赖:C 标准库 / 编译器运行时 变量和参数重命名:无 控制流结构:无 算法识别:无标准算法 加固识别:该函数本身是栈保护加固措施的核心部分。 */ // 函数原型声明,__attribute__((noreturn)) 表示该函数不会返回 "code-keyword">void __attribute__((noreturn)) __stack_chk_fail("code-keyword">void);
浙公网安备 33010602011771号