-
-
[求助]android异常hook中,如何判段目标地址是arm指令还是Thumb指令?为什么判断最后一位?
-
发表于:
2017-3-29 16:23
8132
-
[求助]android异常hook中,如何判段目标地址是arm指令还是Thumb指令?为什么判断最后一位?
在安卓异常hook中,需要在目标地址插入一段非法指令,如何判断目标地址是arm指令还是Thumb指令?
我见有的代码是判断最后一位:
void WriteillegalInstructionAndSaveOpcode(uint32_t addr, uint32_t *OriginOpcode)
{
if(0x00000001 == (addr & 0x00000001))
{
g_bIsThumb = 1;
*OriginOpcode = *(uint32_t *)(addr & (~0x00000001));
//Thumb illegal instruction : 0xdeXX
uint32_t uiThumbillegalValue = 0x0000de00 | (0xFFFF0000 & *OriginOpcode);
write_data_to_addr(addr & (~0x00000001), uiThumbillegalValue);
}
else
{
g_bIsThumb = 0;
//Arm illegal instruction: 0xf7fXaXXX
*OriginOpcode = *(uint32_t *)addr;
uint32_t uiArmillegalValue = 0x7f000f0;
write_data_to_addr(addr, uiArmillegalValue);
}
LOGI("[+] g_bIsThumb is %08x \n",g_bIsThumb);
LOGI("[+] WriteillegalInstruction addr: %08x, OriginalOpcode is %08x",addr & (~0x00000001), *OriginOpcode);
}可是在内存中,无论是Thumb还是arm指令,指令的地址最后一位不都是0吗?BX切换Thumb状态时,也只是在寄存器Rn中加1,这样判断目标地址最后一位怎么能知道是arm指令还是Thumb指令?敬请大神赐教
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
