登录 注册
开源 企业版 高校版 私有云 模力方舟 模力方舟
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
2 Star 2 Fork 1

刘柏江/adcpp-elf-dump

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
分支 1
标签 0
undefined
贡献代码
同步代码
创建 Pull Request
了解更多
对比差异 通过 Pull Request 同步
同步更新到分支
通过 Pull Request 同步
将会在向当前分支创建一个 Pull
Request,合入后将完成同步
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
doc
jni
libs
.gitignore
LICENSE
README.md
adcpp-elf-dump-yoophone.adc
adcpp-elf-dump.cc
adcpp-elf-dump.py
adcpp-elf-dump32.adc
adcpp-elf-dump64.adc
Loading...
README
MIT

adcpp_elf_dump

介绍

一键Dump Memory ELF至A64Dbg与之对应的缓存目录,源码解读在这里

软件架构

adcpp-elf-dump.py : A64Dbg插件主程序,用于人机交互;

adcpp-elf-dump-yoophone.adc : A64Dbg插件附加程序,用于Dump AArch64 Memory ELF64,它是由主程序发送至目标Android进程中的Payload程序;

adcpp-elf-dump32.adc : A64Dbg插件附加程序,用于Dump ARM Memory ELF32,它是由主程序发送至目标Android进程中的Payload程序;

adcpp-elf-dump64.adc : A64Dbg插件附加程序,用于Dump AArch64 Memory ELF64,它是由主程序发送至目标Android进程中的Payload程序;

adcpp-elf-dump.cpp : A64Dbg插件附加程序源代码,用于开发者模式修改adcpp-elf-dump.cpp的实现逻辑;

jni : Dump ELF的具体实现,原始代码来自于:https://github.com/maiyao1988/elf-dump-fix.git

安装教程

将adcpp-elf-dump.py、adcpp-elf-dump32.adc、adcpp-elf-dump64.adc拷贝至A64Dbg插件目录,然后重启A64Dbg即可。

macOS/Linux目录为:

~/A64Dbg/plugin

Windows目录为:

SysDrive:\Users\~\A64Dbg\plugin

使用说明

1.将A64Dbg调试模式设置为Remote UraniumVM Android;

2.Attach要Dump ELF的目标进程;

3.执行主菜单Plugins/adcpp-elf-dump,然后就可以在A64Dbg缓存目录得到对应的ELF文件:adcpp-elf-dump.elf;

adcpp_elf_dump : Running adcpp-elf-dump (Build Nov  2 2021 22:01:50)...
adcpp_elf_dump : Get elf base 0x73a6e86000 from /data/local/tmp/adcpp-elf-dump.txt.
adcpp_elf_dump : Found module 73a6e86000-73a6f9e000 r-xp 00000000 fd:04 6849                           /data/local/tmp/a64dbg-server-arm64.uvm/libuvmdbg.so
adcpp_elf_dump : Searching module end 0x73a6f9e000, 73a6f9e000-73a6fab000 r--p 00117000 fd:04 6849                           /data/local/tmp/a64dbg-server-arm64.uvm/libuvmdbg.so
adcpp_elf_dump : Searching module end 0x73a6fab000, 73a6fab000-73a6fac000 rw-p 00123000 fd:04 6849                           /data/local/tmp/a64dbg-server-arm64.uvm/libuvmdbg.so
adcpp_elf_dump : Searching module end 0x73a6fac000, 73a6fac000-73a6fae000 rw-p 00000000 00:00 0                              [anon:.bss]
adcpp_elf_dump : Searching module end 0x73a6fae000, 73a6fed000-73a6fef000 r-xp 00000000 fd:04 6851                           /data/local/tmp/a64dbg-server-arm64.uvm/libadzygote.so
adcpp_elf_dump : Get elf end 0x73a6fae000.
adcpp_elf_dump : Get JNIEnv 0xb4000074c674a290.
adcpp_elf_dump : Get /data/user/0/com.topjohnwu.magisk/cache from jstring 0x65 .
adcpp_elf_dump : Dumping with 0x73a6e86000,0x73a6fae000 to /data/user/0/com.topjohnwu.magisk/cache/adcpp.elf.
adcpp_elf_dump : Dump_Fix ~ try dump 0 from 00000073a6e86000 to 00000073a6fae000
adcpp_elf_dump : Dump_Fix ~ try to read /proc/self/mem fp:70, off=00000073a6e86000, sz=1212416
adcpp_elf_dump : Dump_Fix ~ read return 1212416
adcpp_elf_dump : Dump_Fix ~ 1212416 writed
adcpp_elf_dump : Dump_Fix ~ try fix /data/user/0/com.topjohnwu.magisk/cache/adcpp.elf.tmp
adcpp_elf_dump : Dump_Fix ~ warning DT_HASH not found,try to detect dynsym size...
adcpp_elf_dump : Dump_Fix ~ fixed so has write to /data/user/0/com.topjohnwu.magisk/cache/adcpp.elf
adcpp_elf_dump : Dump_Fix ~ end fix /data/user/0/com.topjohnwu.magisk/cache/adcpp.elf.tmp output to /data/user/0/com.topjohnwu.magisk/cache/adcpp.elf
adcpp_elf_dump : Dumper return code 0.
adcpp_elf_dump : Readed file adcpp.elf, size 1213582.
adcpp_elf_dump : Sending adcpp.elf, aarch64, 1213582.
Received adcpp.elf, aarch64, 1213582.
Saved to ~/A64Dbg/decache/android/aarch64-linux-android/dump-adcpp.elf.
adcpp_elf_dump : Finished dumping.

版本历史

2022/11/21:

  • 发布V0.1.1;
  • 1.添加对YooPhone平台的支持;

2021/11/2:

  • 发布V0.1.0;
  • 1.实现一键Dump Memory ELF至A64Dbg对应缓存目录的功能;
  • 2.A64Dbg版本最低要求v1.14.1;
MIT License Copyright (c) 2021 刘柏江 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

简介

一键Dump Memory ELF至A64Dbg与之对应的缓存目录。 展开 收起
暂无标签
/geekneo/adcpp-elf-dump
README
MIT
使用 MIT 开源许可协议
2 Stars
2 Watching
1 Forks
取消

发行版

暂无发行版

贡献者

全部

近期动态

不能加载更多了
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/geekneo/adcpp-elf-dump.git
git@gitee.com:geekneo/adcpp-elf-dump.git
geekneo
adcpp-elf-dump
adcpp-elf-dump
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部