我们知道有符号的函数调用很简单了,直接像写c语言一样传参调用即可。但是无符号的就不知道怎么弄了,查遍了整个网络我都没有查到怎么做。只好自己想办法了。总体的思路如下
? 1. 保存好所有的现场,如寄存器,当前pc,? 返回地址,堆栈等。
? 2. 替换返回地址,为当前指令下一个地址
? 3. 设置pc去执行函数,
? 4. 使用until 命令到执行到的返回地址
? 5. until命令执行完成,说明函数也执行完成了,因为是返回地址设置了。
? 6. 如果有需要打印一些结果,如p/x x0.
? 7. 恢复现场,恢复$pc
?例子是调用一个对象转json的无符号函数,然后打印它返回的结果。
??
define cs2json
set $func = 0x00C8EE6C+$libil2cppbase
set $Saved_x0 = $x0
set $Saved_x1 = $x1
set $Saved_x2 = $x2
set $Saved_x3 = $x3
set $Saved_x4 = $x4
set $Saved_x5 = $x5
set $Saved_x6 = $x6
set $Saved_x7 = $x7
set $Saved_x8 = $x8
set $Saved_x9 = $x9
set $Saved_x10 = $x10
set $Saved_x11 = $x11
set $Saved_x12 = $x12
set $Saved_x13 = $x13
set $Saved_x14 = $x14
set $Saved_x15 = $x15
set $Saved_x16 = $x16
set $Saved_x17 = $x17
set $Saved_x18 = $x18
set $Saved_x19 = $x19
set $Saved_x20 = $x20
set $Saved_x21 = $x21
set $Saved_x22 = $x22
set $Saved_x23 = $x23
set $Saved_x24 = $x24
set $Saved_x25 = $x25
set $Saved_x26 = $x26
set $Saved_x27 = $x27
set $Saved_x28 = $x28
set $Saved_x29 = $x29
set $Saved_x30 = $x30
set $savePc= $pc
set $x0 = $arg0
set $lr = $pc+4
set $pc = $func
until *$lr
x/hs ($x0+0x14)
set $x0 = $Saved_x0
set $x1 = $Saved_x1
set $x2 = $Saved_x2
set $x3 = $Saved_x3
set $x4 = $Saved_x4
set $x5 = $Saved_x5
set $x6 = $Saved_x6
set $x7 = $Saved_x7
set $x8 = $Saved_x8
set $x9 = $Saved_x9
set $x10 = $Saved_x10
set $x11 = $Saved_x11
set $x12 = $Saved_x12
set $x13 = $Saved_x13
set $x14 = $Saved_x14
set $x15 = $Saved_x15
set $x16 = $Saved_x16
set $x17 = $Saved_x17
set $x18 = $Saved_x18
set $x19 = $Saved_x19
set $x20 = $Saved_x20
set $x21 = $Saved_x21
set $x22 = $Saved_x22
set $x23 = $Saved_x23
set $x24 = $Saved_x24
set $x25 = $Saved_x25
set $x26 = $Saved_x26
set $x27 = $Saved_x27
set $x28 = $Saved_x28
set $x29 = $Saved_x29
set $x30 = $Saved_x30
set $pc = $savePc
end
cs2json