Comments (6)
Are you sure? It seems like this is something that should've broken things earlier.
Can you provide C code that I can compile for Android to reproduce the issue?
from androidnativeemu.
Yes, It actually only happens e.g. when you have multiple global pointers pointing to offsets of specific array. I found this problem when running libc's printf functions. libc's stdin
, stdout
, stderr
points to __sF array of __sF[0], __sF[1], __sF[2], but since the relocation is broken, the three pointer wrongly point to the same address.
A minimized code snippet:
#include <stdio.h>
char arr[] = {1,2,3};
char* p1 = &arr[1];
char* p2 = &arr[2];
We can see arr
is used to relocate two R_ARM_ABS32 entry, which are acutally p1
and p2
.
readelf -r libtest.so
Relocation section '.rel.dyn' at offset 0x388 contains 5 entries:
Offset Info Type Sym.Value Sym. Name
00001ef0 00000017 R_ARM_RELATIVE
00001ef4 00000017 R_ARM_RELATIVE
00002000 00000017 R_ARM_RELATIVE
00002008 00000402 R_ARM_ABS32 00002004 arr
0000200c 00000402 R_ARM_ABS32 00002004 arr
Relocation section '.rel.plt' at offset 0x3b0 contains 3 entries:
Offset Info Type Sym.Value Sym. Name
00001ff4 00000216 R_ARM_JUMP_SLOT 00000000 __cxa_finalize@LIBC
00001ff8 00000116 R_ARM_JUMP_SLOT 00000000 __cxa_atexit@LIBC
00001ffc 00000316 R_ARM_JUMP_SLOT 00000000 __register_atfork@LIBC
Adding function of returning address of p1 and p2, recompiling with -fPIC
armv7a-linux-androideabi26-clang test.c -shared -o libtest.so -fPIC
#include <stdio.h>
char arr[] = {1,2,3};
char* p1 = &arr[1];
char* p2 = &arr[2];
char* func1()
{
return p1;
}
char* func2()
{
return p2;
}
Calling func1
and func2
with AndroidNativeEmu gives us the same address of
symbol name func1 address cbd16480
returned r0: 0xcbd18004
symbol name func2 address cbd16494
returned r0: 0xcbd18004
Which is obviously incorrect.
Referring to a Java version of emulation:
It's correctly added.
from androidnativeemu.
this is true,you can see linker source code for how to fix R_ARM_ABS32 address.
here is the link
https://android.googlesource.com/platform/bionic/+/738370d9387396922c10910edb61272e585be107/linker/linker.cpp#967
In modules.py, I think the correct code should be like this
`
if rel_info_type == arm.R_ARM_ABS32:
if sym.name in symbols_resolved:
sym_addr = symbols_resolved[sym.name].address
value_orig_bytes = self.emu.mu.mem_read(rel_addr, 4)
value_orig = int.from_bytes(value_orig_bytes, byteorder='little')
#*reinterpret_cast<Elf32_Addr*>(reloc) += sym_addr;
value = sym_addr + value_orig
self.emu.mu.mem_write(rel_addr, value.to_bytes(4, byteorder='little'))
`
from androidnativeemu.
this is true,you can see linker source code for how to fix R_ARM_ABS32 address.
here is the link
https://android.googlesource.com/platform/bionic/+/738370d9387396922c10910edb61272e585be107/linker/linker.cpp#967In modules.py, I think the correct code should be like this
`
if rel_info_type == arm.R_ARM_ABS32: if sym.name in symbols_resolved: sym_addr = symbols_resolved[sym.name].address value_orig_bytes = self.emu.mu.mem_read(rel_addr, 4) value_orig = int.from_bytes(value_orig_bytes, byteorder='little') #*reinterpret_cast<Elf32_Addr*>(reloc) += sym_addr; value = sym_addr + value_orig self.emu.mu.mem_write(rel_addr, value.to_bytes(4, byteorder='little'))
`
So seems R_ARM_REL32 in modules.py also need to be fixed?
from androidnativeemu.
this is true,you can see linker source code for how to fix R_ARM_ABS32 address.
here is the link
https://android.googlesource.com/platform/bionic/+/738370d9387396922c10910edb61272e585be107/linker/linker.cpp#967
In modules.py, I think the correct code should be like this
`if rel_info_type == arm.R_ARM_ABS32: if sym.name in symbols_resolved: sym_addr = symbols_resolved[sym.name].address value_orig_bytes = self.emu.mu.mem_read(rel_addr, 4) value_orig = int.from_bytes(value_orig_bytes, byteorder='little') #*reinterpret_cast<Elf32_Addr*>(reloc) += sym_addr; value = sym_addr + value_orig self.emu.mu.mem_write(rel_addr, value.to_bytes(4, byteorder='little'))
`
So seems R_ARM_REL32 in modules.py also need to be fixed?
yes, the original R_ARM_REL32 fixing method in modules.py is not right.
from androidnativeemu.
I have fixed R_ARM_ABS32.
I'm pretty sure that R_ARM_REL32 is correct, but feel free to reopen if it's not.
from androidnativeemu.
Related Issues (20)
- didn't get any response from douyin levithan function HOT 3
- Do you know how to deal with the return value in the parameter? HOT 3
- Bug with Java ClassFieldDef translated to class 'type' HOT 4
- NotImplementedError: Symbol hook not implemented pthread_create
- Can you help me solve a problem,i can pay.
- Probably find a way to implement JNI methods with unknown args length
- Need help with calling JNIEnv not JavaVM
- so方法种调用java层的参数提示:Could not find field,请问如何定义这个调用参数? HOT 1
- The launch of aarch64 HOT 2
- 关于寻找字段和内部类的处理?
- Error in get_object_array_element HOT 1
- The return value of the emulator.call_symbol function is NONE, and the incoming parameters have no output in the console
- malloc bug Invalid instruction (UC_ERR_INSN_INVALID)
- 请问context参数应该怎么导入?
- AttributeError: 'Emulator' object has no attribute 'uc' HOT 2
- Add Example for native function with context parameter
- Please update package in pypi
- Cannot relocate large libraries HOT 1
- unicorn.unicorn.UcError: Invalid instruction (UC_ERR_INSN_INVALID)
- get_superclass 有一个错误,会导致register_natives 中获取的clazz_id不正确
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from androidnativeemu.