2022-03-19 11:40阅读: 44评论: 0推荐: 0

【Android 逆向】ARM while 逆向

#include <stdio.h>

int dowhile(int n){
	int i = 1;
	int s = 0;
	do{
		s += i;
	}while(i++ < n);
	return s;
}

int whiledo(int n){
	int i = 1;
	int s = 0;
	while(i <= n){
		s += i++;
	}
	return s;
}

int main(int argc, char* argv[]){
	printf("dowhile:%d\n", dowhile(100));
	printf("while:%d\n", whiledo(100));
	return 0;
}


.text:00008570 ; =============== S U B R O U T I N E =======================================
.text:00008570
.text:00008570
.text:00008570 doWhile                                 ; CODE XREF: main+8↓p
.text:00008570 ; __unwind {
.text:00008570                 MOV     R2, #0
.text:00008574                 MOV     R3, #1          ; i = 1 s=0
.text:00008578
.text:00008578 loc_8578                                ; CODE XREF: doWhile+18↓j
.text:00008578                 ADD     R2, R2, R3      ; s = s + i
.text:0000857C                 ADD     R3, R3, #1      ; i++
.text:00008580                 SUB     R1, R3, #1      ; tmp = i -1
.text:00008584                 CMP     R0, R1
.text:00008588                 BGT     loc_8578        ; if arg0（n） > tmp  continue继续循环
.text:0000858C                 MOV     R0, R2          ; r0 为return值 r0 = s
.text:00008590                 BX      LR              ; 使用LR的值跳转出函数
.text:00008590 ; } // starts at 8570
.text:00008590 ; End of function doWhile
.text:00008590
.text:00008594
.text:00008594 ; =============== S U B R O U T I N E =======================================
.text:00008594
.text:00008594
.text:00008594 whileDo                                 ; CODE XREF: main+20↓p
.text:00008594 ; __unwind {
.text:00008594                 SUBS    R2, R0, #0
.text:00008598                 MOVLE   R0, #0
.text:0000859C                 BXLE    LR              ; if n <= 0 跳出函数
.text:000085A0                 MOV     R0, #0          ; s = 0
.text:000085A4                 MOV     R3, #1          ; i = 1
.text:000085A8
.text:000085A8 loc_85A8                                ; CODE XREF: whileDo+20↓j
.text:000085A8                 ADD     R0, R0, R3      ; s += i
.text:000085AC                 ADD     R3, R3, #1      ; i++
.text:000085B0                 CMP     R2, R3
.text:000085B4                 BGE     loc_85A8        ; if n >= i contiue
.text:000085B8                 BX      LR
.text:000085B8 ; } // starts at 8594
.text:000085B8 ; End of function whileDo
.text:000085B8
.text:000085BC
.text:000085BC ; =============== S U B R O U T I N E =======================================
.text:000085BC
.text:000085BC 
.text:000085BC ;
.text:000085BC
.text:000085BC ; int __cdecl main(int argc, const char **argv, const char **envp)
.text:000085BC main                                    ; CODE XREF: j_main↑j
.text:000085BC ; __unwind {
.text:000085BC                 PUSH    {R4,LR}         ; 栈上保存R4 和 LR 的值
.text:000085C0                 MOV     R0, #0x64 ; 'd' ; 为RO 赋值100
.text:000085C4                 BL      doWhile         ; 跳转到doWhile。同时给LR赋值为0x85C8
.text:000085C8                 MOV     R1, R0
.text:000085CC                 LDR     R0, =(aDowhileD - 0x85D8) ; 获取字符串在GOT的偏移
.text:000085D0                 ADD     R0, PC, R0      ; 获取字符串实际首地址
.text:000085D4                 BL      printf
.text:000085D8                 MOV     R0, #0x64 ; 'd' ; 为R0 赋值100
.text:000085DC                 BL      whileDo         ; 跳转到doWhile。同时给LR赋值为0x85E0
.text:000085E0                 MOV     R1, R0
.text:000085E4                 LDR     R0, =(aWhileD - 0x85F0) ; "while:%d\n"
.text:000085E8                 ADD     R0, PC, R0      ; "while:%d\n"
.text:000085EC                 BL      printf
.text:000085F0                 MOV     R0, #0
.text:000085F4                 POP     {R4,PC}
.text:000085F4 ; End of function main
.text:000085F4
.text:000085F4 ; -----