使用 C++filt 命令还原符号表

作者: 小木桨 | 来源:发表于2022-06-14 16:15 被阅读0次

使用 C++filt 命令还原符号表
关于bugly的iOS符号表
CPP: c++filt
iOS逆向基础03-符号表
iOS高级强化--005：nm命令
符号表还原迷惑
ndk-stack使用及符号表还原
命令行上传友盟dSYM(符号表)
iOS 符号表恢复
自动备份数据库数据并还原编辑

在调试 C++ 时或遇到崩溃native 崩溃栈，有些 native 函数名是经过 Mangling 的，所以看不出原始 API 命名，这时候可以使用 C++filt 来还原符号。

C++filt

C++filt 命令是 linux下的，同时MAC也支持，查询 man c++filt 使用手册：

在 Mac 下使用时，需要加 -n 参数，否则无法还原。

NAME
       c++filt - Demangle C++ and Java symbols.

SYNOPSIS
       c++filt [-_|--strip-underscore]
               [-n|--no-strip-underscore]
               [-p|--no-params]
               [-t|--types]
               [-i|--no-verbose]
               [-s format|--format=format]
               [--help]  [--version]  [symbol...]

DESCRIPTION
       The C++ and Java languages provide function overloading, which means that you can write many functions with the same name, providing that each function takes
       parameters of different types.  In order to be able to distinguish these similarly named functions C++ and Java encode them into a low-level assembler name
       which uniquely identifies each different version.  This process is known as mangling. The c++filt [1] program does the inverse mapping: it decodes
       (demangles) low-level names into user-level names so that they can be read.

       Every alphanumeric word (consisting of letters, digits, underscores, dollars, or periods) seen in the input is a potential mangled name.  If the name decodes
       into a C++ name, the C++ name replaces the low-level name in the output, otherwise the original word is output.  In this way you can pass an entire assembler
       source file, containing mangled names, through c++filt and see the same source file containing demangled names.

       You can also use c++filt to decipher individual symbols by passing them on the command line:

               c++filt <symbol>

       If no symbol arguments are given, c++filt reads symbol names from the standard input instead.  All the results are printed on the standard output.  The
       difference between reading names from the command line versus reading names from the standard input is that command line arguments are expected to be just
       mangled names and no checking is performed to separate them from surrounding text.  Thus for example:

               c++filt -n _Z1fv

       will work and demangle the name to "f()" whereas:

               c++filt -n _Z1fv,

       will not work.  (Note the extra comma at the end of the mangled name which makes it invalid).  This command however will work:

               echo _Z1fv, | c++filt -n

       and will display "f(),", i.e., the demangled name followed by a trailing comma.  This behaviour is because when the names are read from the standard input it
       is expected that they might be part of an assembler source file where there might be extra, extraneous characters trailing after a mangled name.   For
       example:

                   .type   _Z1fv, @function