.note.gnu.text:0000007155462F60 .note.gnu.text:0000007155462F60 ; 填充指令 .note.gnu.text:0000007155462F60 .note.gnu.text:0000007155462F60 mmap_so_memcpy_code_sub_71F336CF60 .note.gnu.text:0000007155462F60 .note.gnu.text:0000007155462F60 var_90= -0x90 .note.gnu.text:0000007155462F60 var_80= -0x80 .note.gnu.text:0000007155462F60 var_70= -0x70 .note.gnu.text:0000007155462F60 var_60= -0x60 .note.gnu.text:0000007155462F60 var_50= -0x50 .note.gnu.text:0000007155462F60 var_40= -0x40 .note.gnu.text:0000007155462F60 var_38= -0x38 .note.gnu.text:0000007155462F60 var_28= -0x28 .note.gnu.text:0000007155462F60 var_10= -0x10 .note.gnu.text:0000007155462F60 var_8= -8 .note.gnu.text:0000007155462F60 .note.gnu.text:0000007155462F60 FF 43 02 D1 SUB SP, SP, #0x90 .note.gnu.text:0000007155462F64 EA AF 06 6D STP D10, D11, [SP,#0x90+var_28] .note.gnu.text:0000007155462F68 E8 A7 05 6D STP D8, D9, [SP,#0x90+var_38] .note.gnu.text:0000007155462F6C FB 73 04 A9 STP X27, X28, [SP,#0x90+var_50] .note.gnu.text:0000007155462F70 FC 03 00 AA MOV X28, X0 .note.gnu.text:0000007155462F74 FE 2B 00 F9 STR X30, [SP,#0x90+var_40] .note.gnu.text:0000007155462F78 F3 53 00 A9 STP X19, X20, [SP,#0x90+var_90] .note.gnu.text:0000007155462F7C F5 5B 01 A9 STP X21, X22, [SP,#0x90+var_80] .note.gnu.text:0000007155462F80 F7 63 02 A9 STP X23, X24, [SP,#0x90+var_70] .note.gnu.text:0000007155462F84 F9 6B 03 A9 STP X25, X26, [SP,#0x90+var_60] .note.gnu.text:0000007155462F88 13 00 80 D2 MOV X19, #0 .note.gnu.text:0000007155462F8C 81 43 40 F9 LDR X1, [X28,#0x80] .note.gnu.text:0000007155462F90 F5 03 13 AA MOV X21, X19 .note.gnu.text:0000007155462F94 00 04 40 F9 LDR X0, [X0,#8] .note.gnu.text:0000007155462F98 E2 03 01 AA MOV X2, X1 .note.gnu.text:0000007155462F9C 2B 00 67 9E FMOV D11, X1 .note.gnu.text:0000007155462FA0 01 70 40 79 LDRH W1, [X0,#0x38] .note.gnu.text:0000007155462FA4 41 70 00 79 STRH W1, [X2,#0x38] .note.gnu.text:0000007155462FA8 01 08 80 D2 MOV X1, #0x40 ; '@' .note.gnu.text:0000007155462FAC 41 10 00 F9 STR X1, [X2,#0x20] .note.gnu.text:0000007155462FB0 02 70 40 79 LDRH W2, [X0,#0x38] .note.gnu.text:0000007155462FB4 81 07 40 F9 LDR X1, [X28,#8] .note.gnu.text:0000007155462FB8 80 43 40 F9 LDR X0, [X28,#0x80] .note.gnu.text:0000007155462FBC 43 E4 7A D3 LSL X3, X2, #6 .note.gnu.text:0000007155462FC0 62 0C 02 CB SUB X2, X3, X2,LSL#3 .note.gnu.text:0000007155462FC4 21 00 01 91 ADD X1, X1, #0x40 ; '@' .note.gnu.text:0000007155462FC8 00 00 01 91 ADD X0, X0, #0x40 ; '@' .note.gnu.text:0000007155462FCC 91 F7 FF 97 BL memcpy_1 .note.gnu.text:0000007155462FCC .note.gnu.text:0000007155462FD0 C0 0A 00 94 BL fopen_maps_sub_71F336FAD0 .note.gnu.text:0000007155462FD0 .note.gnu.text:0000007155462FD4 09 00 27 1E FMOV S9, W0 .note.gnu.text:0000007155462FD8 E1 03 13 AA MOV X1, X19 .note.gnu.text:0000007155462FDC 42 00 80 52 MOV W2, #2 .note.gnu.text:0000007155462FE0 10 F7 FF 97 BL lseek_0 .note.gnu.text:0000007155462FE0 .note.gnu.text:0000007155462FE4 0A 00 67 9E FMOV D10, X0 .note.gnu.text:0000007155462FE8 80 0F 40 F9 LDR X0, [X28,#0x18] .note.gnu.text:0000007155462FEC C0 00 00 B5 CBNZ X0, loc_7155463004 .note.gnu.text:0000007155462FEC .note.gnu.text:0000007155462FF0 4D 00 00 14 B loc_7155463124 .note.gnu.text:0000007155462FF0 .note.gnu.text:0000007155462FF4 .note.gnu.text:0000007155462FF4 loc_7155462FF4 .note.gnu.text:0000007155462FF4 B5 06 00 91 ADD X21, X21, #1 .note.gnu.text:0000007155462FF8 73 E2 00 91 ADD X19, X19, #0x38 ; '8' .note.gnu.text:0000007155462FFC 1F 00 15 EB CMP X0, X21 ; 判断是否结束 .note.gnu.text:0000007155463000 29 09 00 54 B.LS loc_7155463124 .note.gnu.text:0000007155463000 .note.gnu.text:0000007155463004 .note.gnu.text:0000007155463004 loc_7155463004 .note.gnu.text:0000007155463004 .note.gnu.text:0000007155463004 81 17 40 F9 LDR X1, [X28,#0x28] .note.gnu.text:0000007155463008 36 00 13 8B ADD X22, X1, X19 .note.gnu.text:000000715546300C 21 68 73 B8 LDR W1, [X1,X19] .note.gnu.text:0000007155463010 3F 04 00 71 CMP W1, #1 .note.gnu.text:0000007155463014 01 FF FF 54 B.NE loc_7155462FF4 .note.gnu.text:0000007155463014 .note.gnu.text:0000007155463018 C0 0A 40 F9 LDR X0, [X22,#0x10] .note.gnu.text:000000715546301C 84 03 40 F9 LDR X4, [X28] .note.gnu.text:0000007155463020 D4 16 40 F9 LDR X20, [X22,#0x28] .note.gnu.text:0000007155463024 98 00 00 8B ADD X24, X4, X0 .note.gnu.text:0000007155463028 C0 06 40 F9 LDR X0, [X22,#8] .note.gnu.text:000000715546302C 94 FE 3F 91 ADD X20, X20, #0xFFF .note.gnu.text:0000007155463030 1A CF 74 92 AND X26, X24, #0xFFFFFFFFFFFFF000 .note.gnu.text:0000007155463034 94 02 18 8B ADD X20, X20, X24 .note.gnu.text:0000007155463038 D9 12 40 F9 LDR X25, [X22,#0x20] .note.gnu.text:000000715546303C 94 CE 74 92 AND X20, X20, #0xFFFFFFFFFFFFF000 .note.gnu.text:0000007155463040 5F 03 14 EB CMP X26, X20 .note.gnu.text:0000007155463044 17 03 19 8B ADD X23, X24, X25 .note.gnu.text:0000007155463048 08 00 67 9E FMOV D8, X0 .note.gnu.text:000000715546304C C3 08 00 54 B.CC loc_7155463164 .note.gnu.text:000000715546304C .note.gnu.text:0000007155463050 .note.gnu.text:0000007155463050 loc_7155463050 .note.gnu.text:0000007155463050 C0 01 00 B0 ADRP X0, #[email protected] .note.gnu.text:0000007155463054 9B 02 1A CB SUB X27, X20, X26 .note.gnu.text:0000007155463058 E1 03 1B AA MOV X1, X27 .note.gnu.text:000000715546305C 02 E8 47 F9 LDR X2, [X0,#[email protected]] .note.gnu.text:0000007155463060 C0 01 00 B0 ADRP X0, #[email protected] .note.gnu.text:0000007155463064 03 F0 47 F9 LDR X3, [X0,#[email protected]] .note.gnu.text:0000007155463068 E0 03 1A AA MOV X0, X26 .note.gnu.text:000000715546306C 42 00 40 B9 LDR W2, [X2] .note.gnu.text:0000007155463070 E3 47 00 F9 STR X3, [SP,#0x90+var_8] .note.gnu.text:0000007155463074 68 08 40 F9 LDR X8, [X3,#(qword_715530E800+8 - 0x715530E7F8)] .note.gnu.text:0000007155463078 42 04 00 32 ORR W2, W2, #3 .note.gnu.text:000000715546307C 00 01 3F D6 BLR X8 ; mprotect .note.gnu.text:000000715546307C .note.gnu.text:0000007155463080 E8 03 00 2A MOV W8, W0 .note.gnu.text:0000007155463084 61 17 80 52 MOV W1, #0xBB .note.gnu.text:0000007155463088 E0 03 1A AA MOV X0, X26 .note.gnu.text:000000715546308C E2 03 1B AA MOV X2, X27 .note.gnu.text:0000007155463090 E8 43 00 F9 STR X8, [SP,#0x90+var_10] .note.gnu.text:0000007155463094 EF F6 FF 97 BL memset_0 ; 用BB填充ELF头 .note.gnu.text:0000007155463094 .note.gnu.text:0000007155463098 E8 43 40 F9 LDR X8, [SP,#0x90+var_10] .note.gnu.text:000000715546309C E3 47 40 F9 LDR X3, [SP,#0x90+var_8] .note.gnu.text:00000071554630A0 1F 05 00 31 CMN W8, #1 .note.gnu.text:00000071554630A4 40 0B 00 54 B.EQ loc_715546320C .note.gnu.text:00000071554630A4 .note.gnu.text:00000071554630A8 B9 06 00 B5 CBNZ X25, loc_715546317C .note.gnu.text:00000071554630A8 .note.gnu.text:00000071554630AC .note.gnu.text:00000071554630AC loc_71554630AC .note.gnu.text:00000071554630AC C0 06 40 B9 LDR W0, [X22,#4] .note.gnu.text:00000071554630B0 60 00 08 36 TBZ W0, #1, loc_71554630BC .note.gnu.text:00000071554630B0 .note.gnu.text:00000071554630B4 E2 2E 40 F2 ANDS X2, X23, #0xFFF .note.gnu.text:00000071554630B8 81 09 00 54 B.NE loc_71554631E8 .note.gnu.text:00000071554630B8 .note.gnu.text:00000071554630BC .note.gnu.text:00000071554630BC loc_71554630BC .note.gnu.text:00000071554630BC .note.gnu.text:00000071554630BC F7 FE 3F 91 ADD X23, X23, #0xFFF .note.gnu.text:00000071554630C0 F7 CE 74 92 AND X23, X23, #0xFFFFFFFFFFFFF000 .note.gnu.text:00000071554630C4 9F 02 17 EB CMP X20, X23 .note.gnu.text:00000071554630C8 A8 06 00 54 B.HI mmap_loc_71F336D19C .note.gnu.text:00000071554630C8 .note.gnu.text:00000071554630CC .note.gnu.text:00000071554630CC loc_71554630CC .note.gnu.text:00000071554630CC C1 01 00 B0 ADRP X1, #[email protected] .note.gnu.text:00000071554630D0 C3 06 40 B9 LDR W3, [X22,#4] .note.gnu.text:00000071554630D4 E0 03 1A AA MOV X0, X26 .note.gnu.text:00000071554630D8 62 00 00 12 AND W2, W3, #1 .note.gnu.text:00000071554630DC 65 08 42 D3 UBFX X5, X3, #2, #1 .note.gnu.text:00000071554630E0 24 F0 47 F9 LDR X4, [X1,#[email protected]] .note.gnu.text:00000071554630E4 5F 00 1F 6B CMP W2, WZR .note.gnu.text:00000071554630E8 63 00 1F 12 AND W3, W3, #2 .note.gnu.text:00000071554630EC 82 00 80 52 MOV W2, #4 .note.gnu.text:00000071554630F0 42 10 9F 1A CSEL W2, W2, WZR, NE .note.gnu.text:00000071554630F4 A3 00 03 2A ORR W3, W5, W3 .note.gnu.text:00000071554630F8 84 08 40 F9 LDR X4, [X4,#(qword_715530E800+8 - 0x715530E7F8)] .note.gnu.text:00000071554630FC E1 03 1B AA MOV X1, X27 .note.gnu.text:0000007155463100 62 00 02 2A ORR W2, W3, W2 .note.gnu.text:0000007155463104 80 00 3F D6 BLR X4 ; mprotect .note.gnu.text:0000007155463104 .note.gnu.text:0000007155463108 1F 04 00 31 CMN W0, #1 .note.gnu.text:000000715546310C 00 08 00 54 B.EQ loc_715546320C .note.gnu.text:000000715546310C .note.gnu.text:0000007155463110 80 0F 40 F9 LDR X0, [X28,#0x18] .note.gnu.text:0000007155463114 B5 06 00 91 ADD X21, X21, #1 .note.gnu.text:0000007155463118 73 E2 00 91 ADD X19, X19, #0x38 ; '8' .note.gnu.text:000000715546311C 1F 00 15 EB CMP X0, X21 .note.gnu.text:0000007155463120 28 F7 FF 54 B.HI loc_7155463004 .note.gnu.text:0000007155463120 .note.gnu.text:0000007155463124 .note.gnu.text:0000007155463124 loc_7155463124 .note.gnu.text:0000007155463124 .note.gnu.text:0000007155463124 20 01 26 1E FMOV W0, S9 .note.gnu.text:0000007155463128 1F 00 1F 6B CMP W0, WZR .note.gnu.text:000000715546312C 6D 00 00 54 B.LE loc_7155463138 .note.gnu.text:000000715546312C .note.gnu.text:0000007155463130 20 01 26 1E FMOV W0, S9 .note.gnu.text:0000007155463134 FB F6 FF 97 BL close_0 .note.gnu.text:0000007155463134 .note.gnu.text:0000007155463138 .note.gnu.text:0000007155463138 loc_7155463138 .note.gnu.text:0000007155463138 20 00 80 52 MOV W0, #1 .note.gnu.text:0000007155463138 .note.gnu.text:000000715546313C .note.gnu.text:000000715546313C loc_715546313C .note.gnu.text:000000715546313C F3 53 40 A9 LDP X19, X20, [SP,#0x90+var_90] .note.gnu.text:0000007155463140 E8 A7 45 6D LDP D8, D9, [SP,#0x90+var_38] .note.gnu.text:0000007155463144 F5 5B 41 A9 LDP X21, X22, [SP,#0x90+var_80] .note.gnu.text:0000007155463148 EA AF 46 6D LDP D10, D11, [SP,#0x90+var_28] .note.gnu.text:000000715546314C F7 63 42 A9 LDP X23, X24, [SP,#0x90+var_70] .note.gnu.text:0000007155463150 F9 6B 43 A9 LDP X25, X26, [SP,#0x90+var_60] .note.gnu.text:0000007155463154 FB 73 44 A9 LDP X27, X28, [SP,#0x90+var_50] .note.gnu.text:0000007155463158 FE 2B 40 F9 LDR X30, [SP,#0x90+var_40] .note.gnu.text:000000715546315C FF 43 02 91 ADD SP, SP, #0x90 .note.gnu.text:0000007155463160 C0 03 5F D6 RET
文章来源: https://www.cnblogs.com/2014asm/p/17086523.html
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh