ADRP X8, #PspNotifyEnableMask@PAGE
ADD X11, X8, #PspNotifyEnableMask@PAGEOFF
TBNZ W20, #0, loc_140690960
ADD X10, X11, #0x33C
register x11 contains address of PspNotifyEnableMask - in my case this is 0x1408AE6B0 and then x10 loading address of PspNotifyEnableMask + 0x33c = 0x1408AE9EC - this is actually PspCreateThreadNotifyRoutineCount. And no - you cannot fix last instruction with pressing O or Ctrl + O
Given that cross-refs in arm64 is highly dependent from correct code analysis - this is very annoing
Tested in ida pro 6.9 and 7.2
Комментариев нет:
Отправить комментарий