Reverse Engineering Asked by Akababa on November 23, 2020
I’ve disassembled and run auto-analysis on a .so file from an Android apk, and then hooked up the remote ARM debugger to an emulator. IDA then asked me if /data/app/com.package.name/lib/arm/libil2cpp.so is the same file as libil2cpp.so on my computer, which it is so I said yes. It took a few minutes to “move database”, “move functions”, etc. and now it’s taking hours to perform auto-analysis all over again on the mapped files.
Is there any way to speed this up, and will it happen every time I start a remote debugging session?
Follow-up question: I learned that this is caused by IDA rebasing the program every time. Why can’t it just use offsets from the start of the program and avoid rerunning the static analysis?
I can confirm that the rebasing is much faster with IDA 7.4, and it seems to be addressed in version 7.3:
Another debugger related news is fast rebasing. Due to widespread use of ASLR, processes get loaded into a new address every time and IDA needs to adjust the database: move all segments to the addresses that the operating system assigned to them. This was a slow process that could take literally hours for big databases.
In IDA 7.3 we implemented another approach for rebasing which is up to 40 times faster and usually takes only a matter of seconds. You no longer have an excuse to take a coffee break every time you start a new debugging session. This makes our debuggers even more pleasant to use ?
However, I can't answer the follow-up question.
Answered by MazeGen on November 23, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP