c++filt && update readme

bamqj · Jul 9, 2018 · 7b25029 · 7b25029
1 parent 6c03321
commit 7b25029
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -26,4 +26,14 @@ ps：查看OpenMemory的导出名称，可以将手机中的libart.so通过adb p
 - [frida](https://www.frida.re)
 
 ## 0x06 python脚本支持
-`python frida_unpack.py 应用包名`
+`python frida_unpack.py 应用包名`
+
+## 0x07 相关技巧
+- 利用`c++filt`命令还原C++ name managling之后的函数名
+
+    ```
+    c++filt _ZN3art7DexFile10OpenMemoryEPKhjRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEjPNS_6MemMapEPKNS_10OatDexFileEPS9_
+
+    输出：
+    art::DexFile::OpenMemory(unsigned char const*, unsigned int, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, unsigned int, art::MemMap*, art::OatDexFile const*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*)
+    ```
diff --git a/frida_unpack.py b/frida_unpack.py
@@ -25,7 +25,7 @@ def on_message(message, data):
         var begin = args[1]
         
         console.log("magic : " + Memory.readUtf8String(begin))
-        console.log("size : " + Memory.readUInt(args[2]))
+     
         var address = parseInt(begin,16) + 0x20
 
         var dex_size = Memory.readInt(ptr(address))