相关文章推荐
小百科  ›  trace 记录不完备 · Issue #504 · zhkl0228/unidbg · GitHub
memory at指令
坏坏的抽屉
1 年前

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

我在 trace 的时候发现 trace 结果不完整,有些函数调用不会被记录下来。

如果打开了内存读写trace,只能看到大量的读写,但并没有指令。 

[16:56:01 259][libmetasec_ml.so 0x08a2bc] [4ad11491] 0x4008a2bc: "add x10, x10, #0x534" x10=0x4008b000 => x10=0x4008b534
[16:56:01 259][libmetasec_ml.so 0x08a2c0] [29211c91] 0x4008a2c0: "add x9, x9, #0x708" x9=0xbfffe548 => x9=0xbfffec50
[16:56:01 259][libmetasec_ml.so 0x08a2c4] [00802c91] 0x4008a2c4: "add x0, x0, #0xb20" x0=0x400c8000 => x0=0x400c8b20
[16:56:01 259][libmetasec_ml.so 0x08a2c8] [42c00991] 0x4008a2c8: "add x2, x2, #0x270" x2=0x400f3000 => x2=0x400f3270
[16:56:01 259][libmetasec_ml.so 0x08a2cc] [63400a91] 0x4008a2cc: "add x3, x3, #0x290" x3=0x400f3000 => x3=0x400f3290
[16:56:01 259][libmetasec_ml.so 0x08a2d0] [e1030091] 0x4008a2d0: "mov x1, sp" sp=0xbfffe520 => x1=0xbfffe520
[16:56:01 259][libmetasec_ml.so 0x08a2d4] [e4430091] 0x4008a2d4: "add x4, sp, #0x10" sp=0xbfffe520 => x4=0xbfffe530
[16:56:01 259][libmetasec_ml.so 0x08a2d8] [ea2701a9] 0x4008a2d8: "stp x10, x9, [sp, #0x10]" x10=0x4008b534 x9=0xbfffec50 sp=0xbfffe520
[16:56:01 260][libmetasec_ml.so 0x08a2dc] [fe1300f9] 0x4008a2dc: "str x30, [sp, #0x20]" lr=0x4008a1d0 sp=0xbfffe520
================ 以下执行有问题 ================
[16:56:01 260][libmetasec_ml.so 0x08a2e0] [ff77fe97] 0x4008a2e0: "bl #0x400282dc"
[16:56:05 262][libmetasec_ml.so 0x029af0] [3fd20071] 0x40029af0: "cmp w17, #0x34" w17=0x35 => nzcv: N=0, Z=0, C=1, V=0
[16:56:05 514][libmetasec_ml.so 0x029af4] [6c450054] 0x40029af4: "b.gt #0x4002a3a0" nzcv: N=0, Z=0, C=1, V=0
[16:56:05 764][libmetasec_ml.so 0x02a3cc] [dfa93571] 0x4002a3cc: "cmp w14, #0xd6a" w14=0xd6a => nzcv: N=0, Z=1, C=1, V=0
[16:56:06 014][libmetasec_ml.so 0x02a3d0] [e2010054] 0x4002a3d0: "b.hs #0x4002a40c" nzcv: N=0, Z=1, C=1, V=0
[16:56:06 265][libmetasec_ml.so 0x02a40c] [e10e0054] 0x4002a40c: "b.ne #0x4002a5e8" nzcv: N=0, Z=1, C=1, V=0
[16:56:06 518][libmetasec_ml.so 0x02a410] [0b230091] 0x4002a410: "add x11, x24, #8" x24=0xbfffeb18 => x11=0xbfffeb20
[16:56:06 771][libmetasec_ml.so 0x02a414] [6a596af8] 0x4002a414: "ldr x10, [x11, w10, uxtw #3]" x11=0xbfffeb20 w10=0x7 => x10=0x4008b534
[16:56:07 020][libmetasec_ml.so 0x02a418] [685968f8] 0x4002a418: "ldr x8, [x11, w8, uxtw #3]" x11=0xbfffeb20 w8=0x0 => x8=0x0
[16:56:07 270][libmetasec_ml.so 0x02a41c] [08010aaa] 0x4002a41c: "orr x8, x8, x10" x8=0x0 x10=0x4008b534 => x8=0x4008b534
[16:56:07 519][libmetasec_ml.so 0x02a420] [71000014] 0x4002a420: "b #0x4002a5e4"
[16:56:07 770][libmetasec_ml.so 0x029af0] [3fd20071] 0x40029af0: "cmp w17, #0x34" w17=0x35 => nzcv: N=0, Z=0, C=1, V=0
[16:56:08 020][libmetasec_ml.so 0x029af4] [6c450054] 0x40029af4: "b.gt #0x4002a3a0" nzcv: N=0, Z=0, C=1, V=0
[16:56:08 270][libmetasec_ml.so 0x02a3cc] [dfa93571] 0x4002a3cc: "cmp w14, #0xd6a" w14=0xd6a => nzcv: N=0, Z=1, C=1, V=0
[16:56:08 520][libmetasec_ml.so 0x02a3d0] [e2010054] 0x4002a3d0: "b.hs #0x4002a40c" nzcv: N=0, Z=1, C=1, V=0

以下是 trace 指令和内存的结果,也是不完整的


[13:41:34 007][libmetasec_ml.so 0x08a2d0] [e1030091] 0x4008a2d0: "mov x1, sp" sp=0xbfffe520 => x1=0xbfffe520
[13:41:34 007][libmetasec_ml.so 0x08a2d4] [e4430091] 0x4008a2d4: "add x4, sp, #0x10" sp=0xbfffe520 => x4=0xbfffe530
[13:41:34 007][libmetasec_ml.so 0x08a2d8] [ea2701a9] 0x4008a2d8: "stp x10, x9, [sp, #0x10]" x10=0x4008b534 x9=0xbfffec50 sp=0xbfffe520
[13:41:34 007] Memory WRITE at 0xbfffe530, data size = 8, data value = 0x4008b534, PC=RX@0x4008a2d8[libmetasec_ml.so]0x8a2d8, LR=RX@0x4008a1d0[libmetasec_ml.so]0x8a1d0
[13:41:34 007] Memory WRITE at 0xbfffe538, data size = 8, data value = 0xbfffec50, PC=RX@0x4008a2d8[libmetasec_ml.so]0x8a2d8, LR=RX@0x4008a1d0[libmetasec_ml.so]0x8a1d0
[13:41:34 007][libmetasec_ml.so 0x08a2dc] [fe1300f9] 0x4008a2dc: "str x30, [sp, #0x20]" lr=0x4008a1d0 sp=0xbfffe520
[13:41:34 007] Memory WRITE at 0xbfffe540, data size = 8, data value = 0x4008a1d0, PC=RX@0x4008a2dc[libmetasec_ml.so]0x8a2dc, LR=RX@0x4008a1d0[libmetasec_ml.so]0x8a1d0
[13:41:34 007][libmetasec_ml.so 0x08a2e0] [ff77fe97] 0x4008a2e0: "bl #0x400282dc"
[13:41:34 007] Memory WRITE at 0xbfffe4c0, data size = 8, data value = 0xd9c1c466, PC=RX@0x400282e0[libmetasec_ml.so]0x282e0, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffe4c8, data size = 8, data value = 0xbffff708, PC=RX@0x400282e0[libmetasec_ml.so]0x282e0, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffe4d0, data size = 8, data value = 0x40460660, PC=RX@0x400282e4[libmetasec_ml.so]0x282e4, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffe4d8, data size = 8, data value = 0x40478270, PC=RX@0x400282e4[libmetasec_ml.so]0x282e4, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffe4e0, data size = 8, data value = 0x400cd67a, PC=RX@0x400282e8[libmetasec_ml.so]0x282e8, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffe4e8, data size = 8, data value = 0x40460680, PC=RX@0x400282e8[libmetasec_ml.so]0x282e8, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffe4f0, data size = 8, data value = 0x404782b0, PC=RX@0x400282ec[libmetasec_ml.so]0x282ec, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffe4f8, data size = 8, data value = 0x40464280, PC=RX@0x400282ec[libmetasec_ml.so]0x282ec, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffe500, data size = 8, data value = 0xbfffed08, PC=RX@0x400282f0[libmetasec_ml.so]0x282f0, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffe508, data size = 8, data value = 0xbffff708, PC=RX@0x400282f0[libmetasec_ml.so]0x282f0, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffe510, data size = 8, data value = 0xbfffec70, PC=RX@0x400282f4[libmetasec_ml.so]0x282f4, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffe518, data size = 8, data value = 0x4008a2e4, PC=RX@0x400282f4[libmetasec_ml.so]0x282f4, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffec18, data size = 8, data value = 0x0, PC=RX@0x40028308[libmetasec_ml.so]0x28308, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffeb20, data size = 8, data value = 0x0, PC=RX@0x4002830c[libmetasec_ml.so]0x2830c, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffec08, data size = 8, data value = 0xbfffeb00, PC=RX@0x40028318[libmetasec_ml.so]0x28318, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
[13:41:34 007] Memory WRITE at 0xbfffec30, data size = 8, data value = 0x0, PC=RX@0x40028320[libmetasec_ml.so]0x28320, LR=RX@0x4008a2e4[libmetasec_ml.so]0x8a2e4
          
遇到过 trace 不完整的情况,只要 bl 跳过去的函数开头不是 stp 等标准开头的话就会出现无 trace 日志的情况,这个情况是 Unidbg 引入的 unicorn 本身就存在的缺陷,不太好解。

@zhkl0228 大佬看看引入最新的 unicorn 是不是会解决这个问题,或者有别的解法吗?
 
推荐文章
Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
小百科 - 百科知识指南