# adcpp-elf-dump **Repository Path**: geekneo/adcpp-elf-dump ## Basic Information - **Project Name**: adcpp-elf-dump - **Description**: 一键Dump Memory ELF至A64Dbg与之对应的缓存目录。 - **Primary Language**: Unknown - **License**: MIT - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 2 - **Forks**: 1 - **Created**: 2021-11-01 - **Last Updated**: 2022-11-21 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # adcpp_elf_dump #### 介绍 一键Dump Memory ELF至A64Dbg与之对应的缓存目录,[源码解读在这里](https://mp.weixin.qq.com/s/X3IU2PRtiOU88JWr2b-EnQ)。 #### 软件架构 adcpp-elf-dump.py : A64Dbg插件主程序,用于人机交互; adcpp-elf-dump-yoophone.adc : A64Dbg插件附加程序,用于Dump AArch64 Memory ELF64,它是由主程序发送至目标Android进程中的Payload程序; adcpp-elf-dump32.adc : A64Dbg插件附加程序,用于Dump ARM Memory ELF32,它是由主程序发送至目标Android进程中的Payload程序; adcpp-elf-dump64.adc : A64Dbg插件附加程序,用于Dump AArch64 Memory ELF64,它是由主程序发送至目标Android进程中的Payload程序; adcpp-elf-dump.cpp : A64Dbg插件附加程序源代码,用于开发者模式修改adcpp-elf-dump.cpp的实现逻辑; jni : Dump ELF的具体实现,原始代码来自于:https://github.com/maiyao1988/elf-dump-fix.git #### 安装教程 将adcpp-elf-dump.py、adcpp-elf-dump32.adc、adcpp-elf-dump64.adc拷贝至A64Dbg插件目录,然后重启A64Dbg即可。 macOS/Linux目录为: ``` ~/A64Dbg/plugin ``` Windows目录为: ``` SysDrive:\Users\~\A64Dbg\plugin ``` #### 使用说明 1.将A64Dbg调试模式设置为Remote UraniumVM Android; 2.Attach要Dump ELF的目标进程; 3.执行主菜单Plugins/adcpp-elf-dump,然后就可以在A64Dbg缓存目录得到对应的ELF文件:adcpp-elf-dump.elf; ```assembly adcpp_elf_dump : Running adcpp-elf-dump (Build Nov 2 2021 22:01:50)... adcpp_elf_dump : Get elf base 0x73a6e86000 from /data/local/tmp/adcpp-elf-dump.txt. adcpp_elf_dump : Found module 73a6e86000-73a6f9e000 r-xp 00000000 fd:04 6849 /data/local/tmp/a64dbg-server-arm64.uvm/libuvmdbg.so adcpp_elf_dump : Searching module end 0x73a6f9e000, 73a6f9e000-73a6fab000 r--p 00117000 fd:04 6849 /data/local/tmp/a64dbg-server-arm64.uvm/libuvmdbg.so adcpp_elf_dump : Searching module end 0x73a6fab000, 73a6fab000-73a6fac000 rw-p 00123000 fd:04 6849 /data/local/tmp/a64dbg-server-arm64.uvm/libuvmdbg.so adcpp_elf_dump : Searching module end 0x73a6fac000, 73a6fac000-73a6fae000 rw-p 00000000 00:00 0 [anon:.bss] adcpp_elf_dump : Searching module end 0x73a6fae000, 73a6fed000-73a6fef000 r-xp 00000000 fd:04 6851 /data/local/tmp/a64dbg-server-arm64.uvm/libadzygote.so adcpp_elf_dump : Get elf end 0x73a6fae000. adcpp_elf_dump : Get JNIEnv 0xb4000074c674a290. adcpp_elf_dump : Get /data/user/0/com.topjohnwu.magisk/cache from jstring 0x65 . adcpp_elf_dump : Dumping with 0x73a6e86000,0x73a6fae000 to /data/user/0/com.topjohnwu.magisk/cache/adcpp.elf. adcpp_elf_dump : Dump_Fix ~ try dump 0 from 00000073a6e86000 to 00000073a6fae000 adcpp_elf_dump : Dump_Fix ~ try to read /proc/self/mem fp:70, off=00000073a6e86000, sz=1212416 adcpp_elf_dump : Dump_Fix ~ read return 1212416 adcpp_elf_dump : Dump_Fix ~ 1212416 writed adcpp_elf_dump : Dump_Fix ~ try fix /data/user/0/com.topjohnwu.magisk/cache/adcpp.elf.tmp adcpp_elf_dump : Dump_Fix ~ warning DT_HASH not found,try to detect dynsym size... adcpp_elf_dump : Dump_Fix ~ fixed so has write to /data/user/0/com.topjohnwu.magisk/cache/adcpp.elf adcpp_elf_dump : Dump_Fix ~ end fix /data/user/0/com.topjohnwu.magisk/cache/adcpp.elf.tmp output to /data/user/0/com.topjohnwu.magisk/cache/adcpp.elf adcpp_elf_dump : Dumper return code 0. adcpp_elf_dump : Readed file adcpp.elf, size 1213582. adcpp_elf_dump : Sending adcpp.elf, aarch64, 1213582. Received adcpp.elf, aarch64, 1213582. Saved to ~/A64Dbg/decache/android/aarch64-linux-android/dump-adcpp.elf. adcpp_elf_dump : Finished dumping. ``` #### 版本历史 2022/11/21: * 发布V0.1.1; * 1.添加对YooPhone平台的支持; 2021/11/2: * 发布V0.1.0; * 1.实现一键Dump Memory ELF至A64Dbg对应缓存目录的功能; * 2.A64Dbg版本最低要求v1.14.1;