Quantcast
Channel: 睿论坛 - 最新话题
Viewing all articles
Browse latest Browse all 5702

如果在IDA中去掉这种花指令干扰?

October 15, 2019, 4:25 am
$
0
0

@liaogang wrote:

在学习逆向的过程中,遇到了一个很感兴趣的app. 查看其中一段函数的时候,发现有花指令干扰。导致ida无法正确的找到函数的结尾。请问如何能使IDA更正?
我下面贴出代码,和我打算实施的做法.

__text:00000001032C0B38     ; =============== S U B R O U T I N E =======================================
__text:00000001032C0B38
__text:00000001032C0B38     ; Attributes: bp-based frame
__text:00000001032C0B38
__text:00000001032C0B38     sub_1032C0B38      ; CODE XREF: sub_1032D58F4+90↓p 函数开始
__text:00000001032C0B38
__text:00000001032C0B38     var_70          = -0x70
__text:00000001032C0B38     var_60          = -0x60
__text:00000001032C0B38     var_50          = -0x50
__text:00000001032C0B38     var_40          = -0x40
__text:00000001032C0B38     var_30          = -0x30
__text:00000001032C0B38     var_s0          =  0
__text:00000001032C0B38
__text:00000001032C0B38 000                 SUB             SP, SP, #0x30
__text:00000001032C0B3C 030                 STP             X29, X30, [SP,#0x20+var_s0]
__text:00000001032C0B40 030                 ADD             X29, SP, #0x20
__text:00000001032C0B44 030                 MOV             W8, #0x2340
__text:00000001032C0B48 030                 MOV             W9, #0x3450
__text:00000001032C0B4C 030                 MOV             W10, #0x4560
__text:00000001032C0B50 030                 SUB             SP, SP, #0x50
__text:00000001032C0B54 080                 STP             X29, X30, [SP,#0x70+var_30]
__text:00000001032C0B58 080                 STP             X0, X1, [SP,#0x70+var_70]
__text:00000001032C0B5C 080                 STP             X2, X3, [SP,#0x70+var_60]
__text:00000001032C0B60 080                 STP             X4, X5, [SP,#0x70+var_50]
__text:00000001032C0B64 080                 STP             X6, X7, [SP,#0x70+var_40]
__text:00000001032C0B68 080                 BL              sub_1032C0B78
__text:00000001032C0B6C 080                 MOV             X1, X0
__text:00000001032C0B70 080                 ADD             X1, X1, #0x38
__text:00000001032C0B74 080                 BR              X1 ; 跳到地址00000001032C0BA4
__text:00000001032C0B74     ; End of function sub_1032C0B38
__text:00000001032C0B74
__text:00000001032C0B78
__text:00000001032C0B78     ; =============== S U B R O U T I N E =======================================
__text:00000001032C0B78
__text:00000001032C0B78
__text:00000001032C0B78     sub_1032C0B78   ; CODE XREF: sub_1032C0B38+30↑j  这应该是一个干扰代码段,用汇编写的
__text:00000001032C0B78
__text:00000001032C0B78     var_10          = -0x10
__text:00000001032C0B78
__text:00000001032C0B78 000                 SUB             SP, SP, #0x10
__text:00000001032C0B7C 000                 STP             X29, X30, [SP]
__text:00000001032C0B80 000                 LDR             X0, [SP,#8]
__text:00000001032C0B84 000                 LDP             X29, X30, [SP]
__text:00000001032C0B88 000                 ADD             SP, SP, #0x10
__text:00000001032C0B8C 000                 RET
__text:00000001032C0B90 000                 SUB             SP, SP, #0x40
__text:00000001032C0B94 040                 STP             X29, X30, [SP,#0x40+var_10]
__text:00000001032C0B98 040                 B               sub_1032C0B78
__text:00000001032C0B9C 040                 SVC             0x80
__text:00000001032C0BA0 040                 ADD             SP, SP, #0x50
__text:00000001032C0BA0     ; End of function sub_1032C0B78
__text:00000001032C0BA4     ; =============== S U B R O U T I N E =======================================
__text:00000001032C0BA4
__text:00000001032C0BA4
__text:00000001032C0BA4     sub_1032C0BA4                           ; CODE XREF: sub_1032C0B78+20↑p
__text:00000001032C0BA4
__text:00000001032C0BA4     arg_0           =  0
__text:00000001032C0BA4     arg_8           =  8
__text:00000001032C0BA4     arg_10          =  0x10
__text:00000001032C0BA4     arg_20          =  0x20
__text:00000001032C0BA4     arg_30          =  0x30
__text:00000001032C0BA4     arg_40          =  0x40
__text:00000001032C0BA4     arg_60          =  0x60
__text:00000001032C0BA4
__text:00000001032C0BA4 000                 LDP             X6, X7, [SP,#arg_30]
__text:00000001032C0BA8 000                 LDP             X4, X5, [SP,#arg_20]
__text:00000001032C0BAC 000                 LDP             X2, X3, [SP,#arg_10]
__text:00000001032C0BB0 000                 LDP             X0, X1, [SP,#arg_0]
__text:00000001032C0BB4 000                 LDP             X29, X30, [SP,#arg_40]
__text:00000001032C0BB8 000                 ADD             SP, SP, #0x50
__text:00000001032C0BBC 000                 STR             X8, [SP,#arg_8]
__text:00000001032C0BC0 -50                 ADD             X8, X0, X9
__text:00000001032C0BC4 -50                 ADD             X9, X10, W1,UXTW
__text:00000001032C0BC8 -50                 ADR             X0, sub_1032C27A0
__text:00000001032C0BCC -50                 STP             X8, X9, [SP,#-0x50+arg_60]
__text:00000001032C0BD0 -50                 SUB             SP, SP, #0x40
__text:00000001032C0BD4 -10                 STP             X29, X30, [SP,#-0x10+arg_40]
__text:00000001032C0BD8 -10                 STP             X0, X1, [SP,#-0x10+arg_10]
__text:00000001032C0BDC -10                 STP             X3, X2, [SP,#-0x10+arg_20]
__text:00000001032C0BE0 -10                 STP             X7, X6, [SP,#-0x10+arg_30]
__text:00000001032C0BE4 -10                 BL              sub_1032C0BF0
__text:00000001032C0BE8 -10                 ADD             X1, X0, #0x34
__text:00000001032C0BEC -10                 BR              X1
__text:00000001032C0BEC     ; End of function sub_1032C0BA4
__text:00000001032C0BEC

Posts: 6

Participants: 4

Read full topic

Search
Viewing all articles
Browse latest Browse all 5702

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search