Wrong native function address

[AsenOsen]

For some reason frida calculates the function address incorrectly.
F.e, this frida code:

var addr = Module.getBaseAddress(LIB);
console.log("Module Base: " + addr)

Module.enumerateExports(LIB, {
	onMatch: function(fn){
		console.log(fn.name + " --- " + fn.address)
	},
	onComplete: function(){}
})

gives me next result:

Module Base: 0xd23c0000
_ZN9NativeHider9getDataESs --- 0xd23c0765

That is what radare says:

[0x0000070c]> afl
0x00000764    7 4724 -> 80   sym.NativeHider::getData

Next we can see, that radare is right:

[[0x0000070c]> pdf @ 0x764
/ (fcn) sym.NativeHider::getData 80
|   sym.Scrambler::getString ();
|           0x00000764      10b5           push {r4, lr}
|           0x00000766      084c           ldr r4, [0x0000078a]        ; [0x788:4]=0x27dea
|           0x00000768      0146           mov r1, r0](url)

As you can see, frida have miscalculated the address with error in 1 byte.
ARM 32 ELF.

P.S The problem is that despite of miscalculated address, frida will overwrite the function memory (on hook on 0xd23c0765 - ptr(func_address).add(0x1)) correctly - starting with its actual address (0xd23c0764) - ptr(func_address).

[oleavr]

The LSB is set to indicate that this is a Thumb function. That is how e.g. Instruction.parse() knows it should parse it as Thumb, and not ARM. I know this is kinda quirky, but it's also what dlsym() would give you so the processor can switch to the appropriate mode when branching.