【Android 逆向】ARM switch 逆向

#include <stdio.h>

int switch1(int a, int b, int i){
	switch (i){
	case 1:
		return a + b;
		break;
	case 2:
		return a - b;
		break;
	case 3:
		return a * b;
		break;
	case 4:
		return a / b;
		break;
	default:
		return a + b;
		break;
	}
}

int main(int argc, char* argv[]){
	printf("switch1:%d\n", switch1(3, 5, 3));
	return 0;
}

.text:000085A0 ; =============== S U B R O U T I N E =======================================
.text:000085A0
.text:000085A0 
.text:000085A0
.text:000085A0 switch1                                 ; CODE XREF: main+10↓p
.text:000085A0 ; __unwind {
.text:000085A0                 SUB     R2, R2, #1      ; arg2 = arg2 - 1
.text:000085A4                 PUSH    {R4,LR}         ; 栈上保存R4 和 LR 的值，当前LR是外层调用函数调用处下一行的地址
.text:000085A8                 MOV     R3, R0          ; a = arg0
.text:000085AC                 CMP     R2, #3          ; switch 4 cases
.text:000085B0                 ADDLS   PC, PC, R2,LSL#2 ; switch jump (if R2 <=3 则 PC = PC + R2*4)
.text:000085B4 ; ---------------------------------------------------------------------------
.text:000085B4
.text:000085B4 loc_85B4                                ; CODE XREF: switch1+10↑j
.text:000085B4                 B       def_85B0        ; jumptable 000085B0 default case
.text:000085B8 ; ---------------------------------------------------------------------------
.text:000085B8
.text:000085B8 loc_85B8                                ; CODE XREF: switch1+10↑j
.text:000085B8                 B       loc_85E0        ; jumptable 000085B0 case 0
.text:000085BC ; ---------------------------------------------------------------------------
.text:000085BC
.text:000085BC loc_85BC                                ; CODE XREF: switch1+10↑j
.text:000085BC                 B       loc_85D8        ; jumptable 000085B0 case 1
.text:000085C0 ; ---------------------------------------------------------------------------
.text:000085C0
.text:000085C0 loc_85C0                                ; CODE XREF: switch1+10↑j
.text:000085C0                 B       loc_85D0        ; jumptable 000085B0 case 2
.text:000085C4 ; ---------------------------------------------------------------------------
.text:000085C4
.text:000085C4 loc_85C4                                ; CODE XREF: switch1+10↑j
.text:000085C4                 B       loc_85C8        ; jumptable 000085B0 case 3
.text:000085C8 ; ---------------------------------------------------------------------------
.text:000085C8
.text:000085C8 loc_85C8                                ; CODE XREF: switch1+10↑j
.text:000085C8                                         ; switch1:loc_85C4↑j
.text:000085C8                 BL      sub_8620        ; jumptable 000085B0 case 3
.text:000085CC                 POP     {R4,PC}         ; 弹出栈上的值，其中LR的值直接赋给了PC，实现出函数
.text:000085D0 ; ---------------------------------------------------------------------------
.text:000085D0
.text:000085D0 loc_85D0                                ; CODE XREF: switch1+10↑j
.text:000085D0                                         ; switch1:loc_85C0↑j
.text:000085D0                 MUL     R0, R3, R1      ; jumptable 000085B0 case 2
.text:000085D4                 POP     {R4,PC}
.text:000085D8 ; ---------------------------------------------------------------------------
.text:000085D8
.text:000085D8 loc_85D8                                ; CODE XREF: switch1+10↑j
.text:000085D8                                         ; switch1:loc_85BC↑j
.text:000085D8                 RSB     R0, R1, R0      ; jumptable 000085B0 case 1
.text:000085DC                 POP     {R4,PC}
.text:000085E0 ; ---------------------------------------------------------------------------
.text:000085E0
.text:000085E0 loc_85E0                                ; CODE XREF: switch1+10↑j
.text:000085E0                                         ; switch1:loc_85B8↑j
.text:000085E0                 ADD     R0, R1, R0      ; jumptable 000085B0 case 0
.text:000085E4                 POP     {R4,PC}
.text:000085E8 ; ---------------------------------------------------------------------------
.text:000085E8
.text:000085E8 def_85B0                                ; CODE XREF: switch1+10↑j
.text:000085E8                                         ; switch1:loc_85B4↑j
.text:000085E8                 ADD     R0, R1, R0      ; jumptable 000085B0 default case
.text:000085EC                 POP     {R4,PC}
.text:000085EC ; } // starts at 85A0
.text:000085EC ; End of function switch1
.text:000085EC
.text:000085F0
.text:000085F0 ; =============== S U B R O U T I N E =======================================
.text:000085F0
.text:000085F0 ; arg0
.text:000085F0 ;
.text:000085F0
.text:000085F0 ; int __cdecl main(int argc, const char **argv, const char **envp)
.text:000085F0 main                                    ; CODE XREF: j_main↑j
.text:000085F0 ; __unwind {
.text:000085F0                 MOV     R0, #3
.text:000085F4                 PUSH    {R4,LR}
.text:000085F8                 MOV     R2, R0          ; arg2
.text:000085FC                 MOV     R1, #5          ; arg1
.text:00008600                 BL      switch1         ; arg2 = arg2 - 1
.text:00008604                 MOV     R1, R0
.text:00008608                 LDR     R0, =(aSwitch1D - 0x8614) ; "switch1:%d\n"
.text:0000860C                 ADD     R0, PC, R0      ; "switch1:%d\n"
.text:00008610                 BL      printf
.text:00008614                 MOV     R0, #0
.text:00008618                 POP     {R4,PC}
.text:00008618 ; End of function main
.text:00008618
.text:00008618 ; ---------------------------------------------------------------------------

posted @ 2022-03-19 11:59 明月照江江阅读(58) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

明月照江江的技术博客

【Android 逆向】ARM switch 逆向

公告