bad_offset .so library with only one function

J

judy121

New User
3
05/14/17
0
Thread Author
I am trying to hack a code in binary .so library .However when I open .so library with IDA the library has only one function and no strings and there is bad_offset before every address.However when I open the library in hex editor I can see the name of the functions.
 

Attachments

  • screen.webp
    screen.webp
    122.5 KB · Views: 49
what settings did you run ida with ex. did it say elf shared library, was it under metapc, etc. it honestly just looks like you disassembled with wrong instructions, or the header was modified to confuse ida to default to the wrong instructions
 
s810car said:
what settings did you run ida with ex. did it say elf shared library, was it under metapc, etc. it honestly just looks like you disassembled with wrong instructions, or the header was modified to confuse ida to default to the wrong instructions
Click to expand...
I run I ida with the following settings
 

Attachments

  • screen1.webp
    screen1.webp
    51.7 KB · Views: 48
make sure you set your processor, just making sure since i see the meta pc mentioned in your console (although that just looks like initial load CL arguments), other thing ive seen is ida 32 seems to disassemble different than ida 64, try the other one you didn't use. Lastly, do you get the python error at startup? hexrays acts funky if you never fix that. other than that, idk might have to experiment with diff load settings cause it looks like the right settings, if none of that works look at the header and see that it doesn't have some weird RVA offsets
 
s810car said:
make sure you set your processor, just making sure since i see the meta pc mentioned in your console (although that just looks like initial load CL arguments), other thing ive seen is ida 32 seems to disassemble different than ida 64, try the other one you didn't use. Lastly, do you get the python error at startup? hexrays acts funky if you never fix that. other than that, idk might have to experiment with diff load settings cause it looks like the right settings, if none of that works look at the header and see that it doesn't have some weird RVA offsets
Click to expand...
I a sure the problem is not in IDA since it works well with other files.
 
it boils down to two possibilities (assuming the python issue doesn't exist in your case). either the file is corrupt in a way ida doesn't understand it (including corrupt file, modified header, etc), or the instructions ida was given are wrong (although i can't recall an android so file where disassembling as ELF with little endian arm wasnt correct for me, doesn't mean it's impossible). if you figure it out if love to see an updated post with the solution just to help future modding, other than that good luck!
 
You must log in or register to reply here.
Back
Top Bottom