I'm currently researching how a certain malware works and patches some stuff in a certain Android's library.
Inspecting the library -which is stripped- in IDA I was able to get the symbol for a certain function in it, but I can't get it through any other means (like objdump -T -t
, nm
, readelf
, and executing strings
on the binary doesn't throw that string). I'm quite familiar with the ELF format, and so I made a simple ELF parser just to try something else, but obviously it wasn't able to find the symbol either.
So now I just want to understand how IDA can get this symbol when it appears isn't contained in the binary. The only thing I can think of is that maybe IDA sees through other symbols the class this method belongs to and also the types of the arguments it receives, and thus can guess the symbol.