0

I have a text trace of the code of the real work of the library, but IDA at the address where the code should be shows that there is data, calling the "convert to instruction" function gives the wrong code, how to make IDA show the same code as in the trace?

this is real code trace:

=> *[libnativelib.so*0x8442b]*[7846    ]*0x4008442a:*mov r0, pc
    [libnativelib.so 0x8442d] [d1b3    ] 0x4008442c: cbz r1, #0x400844a4
    [libnativelib.so 0x8442f] [c8b3    ] 0x4008442e: cbz r0, #0x400844a4
    [libnativelib.so 0x84431] [0a1a    ] 0x40084430: subs r2, r1, r0
    [libnativelib.so 0x84433] [0023    ] 0x40084432: movs r3, #0
    [libnativelib.so 0x84435] [d518    ] 0x40084434: adds r5, r2, r3
    [libnativelib.so 0x84437] [0ed0    ] 0x40084436: beq #0x40084456
    [libnativelib.so 0x84439] [cd5c    ] 0x40084438: ldrb r5, [r1, r3]
    [libnativelib.so 0x8443b] [f12d    ] 0x4008443a: cmp r5, #0xf1
    [libnativelib.so 0x8443d] [09d1    ] 0x4008443c: bne #0x40084452
    [libnativelib.so 0x8443f] [cd18    ] 0x4008443e: adds r5, r1, r3
    [libnativelib.so 0x84441] [6e78    ] 0x40084440: ldrb r6, [r5, #1]
    [libnativelib.so 0x84443] [f62e    ] 0x40084442: cmp r6, #0xf6
    [libnativelib.so 0x84445] [05d1    ] 0x40084444: bne #0x40084452
    [libnativelib.so 0x84447] [ae78    ] 0x40084446: ldrb r6, [r5, #2]
    [libnativelib.so 0x84449] [772e    ] 0x40084448: cmp r6, #0x77

this is what ida shows:

.text:0008442A 78                                DCB 0x78 ; x
.text:0008442B 46                                DCB 0x46 ; F
.text:0008442C D1                                DCB 0xD1
.text:0008442D B3                                DCB 0xB3
.text:0008442E C8                                DCB 0xC8
.text:0008442F B3                                DCB 0xB3
.text:00084430 0A                                DCB  0xA
.text:00084431 1A                                DCB 0x1A
.text:00084432 00                                DCB    0
.text:00084433 23                                DCB 0x23 ; #
.text:00084434 D5                                DCB 0xD5
.text:00084435 18                                DCB 0x18
.text:00084436 0E                                DCB  0xE
.text:00084437 D0                                DCB 0xD0
.text:00084438 CD                                DCB 0xCD
.text:00084439 5C                                DCB 0x5C ; \
.text:0008443A F1                                DCB 0xF1
.text:0008443B 2D                                DCB 0x2D ; -
.text:0008443C 09                                DCB    9
.text:0008443D D1                                DCB 0xD1
.text:0008443E CD                                DCB 0xCD
.text:0008443F 18                                DCB 0x18
.text:00084440 6E                                DCB 0x6E ; n
.text:00084441 78                                DCB 0x78 ; x
.text:00084442 F6                                DCB 0xF6
.text:00084443 2E                                DCB 0x2E ; .
.text:00084444 05                                DCB    5
.text:00084445 D1                                DCB 0xD1
.text:00084446 AE                                DCB 0xAE
.text:00084447 78                                DCB 0x78 ; x
.text:00084448 77                                DCB 0x77 ; w
.text:00084449 2E                                DCB 0x2E ; .

this is what ida makes after force converting to code:

.text:0008442A 78                                DCB 0x78 ; x
.text:0008442B 46                                DCB 0x46 ; F
.text:0008442C                   ; ---------------------------------------------------------------------------
.text:0008442C D1 B3 C8 B3                       BICLT           R11, R8, #0x44000003
.text:00084430 0A 1A 00 23                       MOVWCS          R1, #0xA0A
.text:00084430                   ; ---------------------------------------------------------------------------
.text:00084434 D5                                DCB 0xD5
.text:00084435 18                                DCB 0x18
.text:00084436 0E                                DCB  0xE
.text:00084437 D0                                DCB 0xD0
.text:00084438                   ; ---------------------------------------------------------------------------
.text:00084438 CD 5C F1 2D                       LDCLCS          p12, c5, [R1,#0x334]!
.text:0008443C 09 D1 CD 18                       STMEANE         SP, {R0,R3,R8,R12,LR,PC}^
.text:00084440 6E 78 F6 2E                       CDPCS           p8, 0xF, c7,c6,c14, 3
.text:00084444 05 D1 AE 78                       STMVC           LR!, {R0,R2,R8,R12,LR,PC}
.text:00084448 77 2E 04 BF                       SVCLT           0x42E77

Cutter works good and shows the same code, as in debugger, but how to configure IDA to show the same?

Keil Batrasov
  • 1
  • 1
  • 2
    Notice the addresses are odd in the first dump indicating thumb mode. Looks like the last part is using ARM mode instead. See if you can force thumb. – Jester Feb 21 '23 at 15:12

0 Answers0