逆向工程 - 为什么我不能读取用 C 编译的 .so 文件公共函数？ - 吾爱随笔录

我可以读取.so与 Android APK 关联的某些文件的公共函数（名称和完整签名），而其他文件仅显示函数名称。

例如，运行此命令仅显示函数名称：

user$ /usr/local/bin/android-ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin/arm-linux-androideabi-nm -gDC libsccrypto.so 
00088952 T a2d_ASN1_OBJECT
000940f4 T a2i_ASN1_ENUMERATED
00093628 T a2i_ASN1_INTEGER
000938a0 T a2i_ASN1_STRING
000a6520 T a2i_GENERAL_NAME
000a5bf6 T a2i_ipadd
000a5d1a T a2i_IPADDRESS
000a5d54 T a2i_IPADDRESS_NC
         U abort
         U accept
000a94d0 T ACCESS_DESCRIPTION_free
000f4db8 D ACCESS_DESCRIPTION_it
000a9518 T ACCESS_DESCRIPTION_new
00051124 T AES_bi_ige_encrypt
00052164 T AES_cbc_encrypt
00050d74 T AES_cfb128_encrypt
00050d9c T AES_cfb1_encrypt
00050dc4 T AES_cfb8_encrypt
00050e10 T AES_ctr128_encrypt
00051d5c T AES_decrypt
00050d5c T AES_ecb_encrypt
00051924 T AES_encrypt
00050e38 T AES_ige_encrypt
00050dec T AES_ofb128_encrypt

而这个库揭示了更多信息以包含函数签名：

user$ /usr/local/bin/android-ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin/arm-linux-androideabi-nm -gDC libBreakpad.so 

00006a24 T google_breakpad::ExceptionHandler::HandleSignal(int, siginfo*, void*)
00006768 T google_breakpad::ExceptionHandler::SignalHandler(int, siginfo*, void*)
00007500 T google_breakpad::ExceptionHandler::WriteMinidump(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const
&, bool (*)(google_breakpad::MinidumpDescriptor const&, void*, bool), void*)
0000766c T google_breakpad::ExceptionHandler::WriteMinidump()
000077f8 T google_breakpad::ExceptionHandler::AddMappingInfo(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > cons
t&, unsigned char const*, unsigned int, unsigned int, unsigned int)
000078f4 T google_breakpad::ExceptionHandler::RegisterAppMemory(void*, unsigned int)
00007960 T google_breakpad::ExceptionHandler::UnregisterAppMemory(void*)
00005f4c T google_breakpad::ExceptionHandler::InstallHandlersLocked()
00006460 T google_breakpad::ExceptionHandler::RestoreHandlersLocked()
00006c34 T google_breakpad::ExceptionHandler::WaitForContinueSignal()
000079ac T google_breakpad::ExceptionHandler::WriteMinidumpForChild(int, int, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::alloc
ator<char> > const&, bool (*)(google_breakpad::MinidumpDescriptor const&, void*, bool), void*)
00007284 T google_breakpad::ExceptionHandler::SimulateSignalDelivery(int)
00007430 T google_breakpad::ExceptionHandler::SendContinueSignalToChild()
00006d34 T google_breakpad::ExceptionHandler::DoDump(int, void const*, unsigned int)
00005bd8 T google_breakpad::ExceptionHandler::ExceptionHandler(google_breakpad::MinidumpDescriptor const&, bool (*)(void*), bool (*)(google_breakpad::M
inidumpDescriptor const&, void*, bool), void*, bool, int)
00005bd8 T google_breakpad::ExceptionHandler::ExceptionHandler(google_breakpad::MinidumpDescriptor const&, bool (*)(void*), bool (*)(google_breakpad::M
inidumpDescriptor const&, void*, bool), void*, bool, int)
00006130 T google_breakpad::ExceptionHandler::~ExceptionHandler()
00006130 T google_breakpad::ExceptionHandler::~ExceptionHandler()
00012408 T google_breakpad::MemoryMappedFile::Map(char const*, unsigned int)
00012688 T google_breakpad::MemoryMappedFile::Unmap()
000123e4 T google_breakpad::MemoryMappedFile::MemoryMappedFile(char const*, unsigned int)
000123d4 T google_breakpad::MemoryMappedFile::MemoryMappedFile()
000123e4 T google_breakpad::MemoryMappedFile::MemoryMappedFile(char const*, unsigned int)
000123d4 T google_breakpad::MemoryMappedFile::MemoryMappedFile()
00012630 T google_breakpad::MemoryMappedFile::~MemoryMappedFile()
00012630 T google_breakpad::MemoryMappedFile::~MemoryMappedFile()
0000df50 T google_breakpad::UTF32ToUTF16Char(wchar_t, unsigned short*)
00010a24 T google_breakpad::LinuxPtraceDumper::ThreadsResume()

我认为函数签名必须在.so文件的动态表中，否则会引发链接器错误。另外，有没有好的参考资料告诉我如何阅读动态符号表？