From 3ef9cb9a654efb64c69a07a8da2723b0ab1ca97c Mon Sep 17 00:00:00 2001 From: ACh Sulfate Date: Tue, 10 Dec 2024 22:46:51 +0800 Subject: [PATCH] chore: update embedded shellcode --- .../core/impl/arch/ShellcodeImpl_Arm32.java | 147 ++++++++------ .../core/impl/arch/ShellcodeImpl_Arm64.java | 118 ++++++----- .../core/impl/arch/ShellcodeImpl_Riscv64.java | 96 +++++---- .../core/impl/arch/ShellcodeImpl_X86.java | 189 ++++++++---------- .../core/impl/arch/ShellcodeImpl_X86_64.java | 112 +++++++---- 5 files changed, 374 insertions(+), 288 deletions(-) diff --git a/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_Arm32.java b/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_Arm32.java index bcc6c20..dcdf87a 100644 --- a/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_Arm32.java +++ b/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_Arm32.java @@ -15,54 +15,87 @@ private ShellcodeImpl_Arm32() { @Override public byte[] getShellcodeBytes() { - //05e0 l O .text 0018 get_hook_info.sHookInfo - //0000 g F .text 0008 NativeBridge_breakpoint - //0008 g F .text 0024 __clear_cache - //002c g F .text 0038 syscall_ext - //0064 g F .text 0040 NativeBridge_nativeSyscall - //00a4 g F .text 0030 NativeBridge_nativeClearCache - //00d4 g F .text 0014 NativeBridge_nativeCallPointerFunction0 - //00e8 g F .text 0018 NativeBridge_nativeCallPointerFunction1 - //0100 g F .text 001c NativeBridge_nativeCallPointerFunction2 - //011c g F .text 0024 NativeBridge_nativeCallPointerFunction3 - //0140 g F .text 0028 NativeBridge_nativeCallPointerFunction4 - //0168 g F .text 0040 NativeBridge_nativeGetJavaVM - //01a8 g F .text 0010 get_hook_info - //01b8 g F .text 003c lsw_pread64 - //01f4 g F .text 0038 lsw_mprotect - //022c g F .text 0104 fake_fstat64 - //0330 g F .text 0284 fake_mmap64 - //05b4 g F .text 002c fake_mmap + //0000 g DF .text 0008 NativeBridge_breakpoint + //0000 g D .text 0000 ___text_section + //0008 g DF .text 0040 NativeBridge_nativeSyscall + //0048 g DF .text 0038 syscall_ext + //0080 g DF .text 0030 NativeBridge_nativeClearCache + //00b0 g DF .text 0020 __clear_cache + //00d0 g DF .text 0014 NativeBridge_nativeCallPointerFunction0 + //00e4 g DF .text 0018 NativeBridge_nativeCallPointerFunction1 + //00fc g DF .text 001c NativeBridge_nativeCallPointerFunction2 + //0118 g DF .text 0024 NativeBridge_nativeCallPointerFunction3 + //013c g DF .text 0028 NativeBridge_nativeCallPointerFunction4 + //0164 g DF .text 0040 NativeBridge_nativeGetJavaVM + //01a4 g DF .text 0038 ashmem_dev_get_size_region + //01dc g DF .text 0010 get_hook_info + //01ec g DF .text 0008 get_current_pc + //01f4 g DF .text 00e0 fake_fstat64 + //02d4 g DF .text 0480 fake_mmap64 + //0858 g DF .text 002c fake_mmap + //0bd0 l O .rodata 0018 _ZZ13get_hook_infoE9sHookInfo String b64 = - "cAAg4R7/L+GATC3pCLCN4gJwAOMAIKDjD3BA4wAAAO8AAFDjgIy9CP7e/+cwSC3pCLCN4ghQi+ID\n" + - "4KDhAMCg4QEAoOECEKDhOACV6A4goOEEcC3lDHCg4QAAAO8EcJ3kMIi96BBMLekIsI3iENBN4gIA\n" + - "oOEIEJvlECCb5Rgwm+UgwJvlMECb5Sjgm+UAUI3oCECN5eT//+sAEKDjCNBL4hCMveiATC3pCLCN\n" + - "4ggQm+UCcADjAgCg4Q9wQOMCEIHgACCg4wAAAO8AAFDjgIy9CP7e/+cASC3pDbCg4TL/L+EAEKDj\n" + - "AIi96ABILekNsKDhCACb5TL/L+EAEKDjAIi96ABILekNsKDhCACb5RAQm+Uy/y/hABCg4wCIvegA\n" + - "SC3pDbCg4QIwoOEIAJvlEBCb5Rggm+Uz/y/hABCg4wCIvegASC3pDbCg4QLAoOEIAJvlEBCb5Rgg\n" + - "m+UgMJvlPP8v4QAQoOMAiL3oEEwt6QiwjeII0E3iABCQ5QBAoOMEQI3lbCOR5QQQjeIy/y/hBBCd\n" + - "5QAAUOMEEKARAQCg4QAQoOMI0EviEIy96AQAn+UAAI/gHv8v4SwEAAAASC3pDbCg4RDQTeICMKDh\n" + - "ASCg4QAQoOEAAKDjCOCb5QzAm+UBQI3otACg4wjAjeWP///rC9Cg4QCIvegASC3pDbCg4RDQTeIC\n" + - "MKDhASCg4QAQoOEAAKDjAACN5QQAjeUIAI3lfQCg44H//+sL0KDhAIi96PBNLekYsI3iENBN4gFA\n" + - "oOEAUKDhAHCg48UAoOMFEKDhBCCg4QAwoOMAcI3lBHCN5QhwjeVx///rAQpw4xIAAIq0AJ/l0CDE\n" + - "4QAAj+AEAJDlqBCf5QAwI+ABEJ/nASAi4AMgkuEFAAAaAACR4QMAAAowALTlBBCU5QEAkOENAAAK\n" + - "BwCg4RjQS+Lwjb3oAGCg4WAAn+UAAI/gCACQ5TD/L+EAEGbiABCA5QBw4OMHAKDhGNBL4vCNvegB\n" + - "gA/jNgCg4wUQoOEEJwfjADCg4/+PT+MAcI3lBHCN5QhwjeVH///rCABQ4QBgoDHwYMQxBwCg4RjQ\n" + - "S+Lwjb3oGAMAAGQDAABUAwAA8E8t6RywjeKM0E3iFACN5QAA4OMcEI3lAkCg4RgAjeUAoKDjTIKf\n" + - "5QCQoOMIEJvlCICP4BAwjeUAAFHjGAAASiIAA+IAYKDjAgBQ4wBwoOMEUKDhFQAAGiAQjeJQAMDy\n" + - "hJCN5QEAoOHNCkD0zQpA9M0KQPTNCkD0zQpA9M0KQPQAkIDlCACb5Zv//+sAAFDjZgAACgAA4OME\n" + - "UKDhGACN5QIAAOoAYKDjAHCg4wRQoOEIAJjlDECN5TD/L+EQMJvlAICg4f8fAOMWAKDjAQAT4VIA\n" + - "ABoAIA/j/y9P4wMgUuAUIJvlAhDR4EwAADoQEJ3lIwag4QAQjeUCCoDhCBCb5QUwoOEEEI3lFBCd\n" + - "5RwgneUIAI3lwACg4/f+/+sBCnDjPQAAihhQneUBAHXjOAAAChQAjeUKAJnhFgAAChRAneUBiqDj\n" + - "BgAA6gBgluAEQIDgAHCn4gCQWeAAoMriCgCZ4QwAAAoBClnjASqg4wkgoDEAAFrjCCCgEQUAoOEE\n" + - "EKDh8GDN4T///+sAAFDj7f//ygQAcOPw//8K4HCf5RwQneUHcI/gDGCd5QFQQeIUQJ3lEACX5QYg\n" + - "oOEAEIXgAABg4gAQAeAEAKDhPf//6wQAoOEEABbjDgAAChAQl+UCcADjD3BA4wAwYeIDIADgAACF\n" + - "4AEAgOADEADgAgCg4QAgoOMAAADvABCg4RQAneUAAFHjFwAAGhzQS+Lwj73oAABg4gAAiOUAAODj\n" + - "HNBL4vCPveggIJ3lJDCd5QQAmOU4EJ/lADAj4AEQn+cBICLgAyCS4Y///xoAAJHhjf//ChyQneUD\n" + - "UITjEGCb5RRwm+UIAJvlif//6v7e/+d4AgAAZAAAAAgBAAAwSC3pCLCN4hDQTeIIwJvlAFCg4wxA\n" + - "m+X4QM3hAMCN5VX//+sI0EviMIi96O++r94AAAAAFEURAAAAAAAAAAAAAAAAAA=="; + "cAAg4R7/L+EQTC3pCLCN4hDQTeICAKDhCBCb5RAgm+UYMJvlIMCb5TBAm+Uo4JvlAFCN6AhAjeUC\n" + + "AADrABCg4wjQS+IQjL3oMEgt6QiwjeIIUIviA+Cg4QDAoOEBAKDhAhCg4TgAlegOIKDhBHAt5Qxw\n" + + "oOEAAADvBHCd5DCIveiATC3pCLCN4ggQm+UCcADjAgCg4Q9wQOMCEIHgACCg4wAAAO8AAFDjgIy9\n" + + "CP7e/+eAQC3pAnAA4wAgoOMPcEDjAAAA7wAAUOOAgL0I/t7/5wBILekNsKDhMv8v4QAQoOMAiL3o\n" + + "AEgt6Q2woOEIAJvlMv8v4QAQoOMAiL3oAEgt6Q2woOEIAJvlEBCb5TL/L+EAEKDjAIi96ABILekN\n" + + "sKDhAjCg4QgAm+UQEJvlGCCb5TP/L+EAEKDjAIi96ABILekNsKDhAsCg4QgAm+UQEJvlGCCb5SAw\n" + + "m+U8/y/hABCg4wCIvegQTC3pCLCN4gjQTeIAEJDlAECg4wRAjeVsI5HlBBCN4jL/L+EEEJ3lAABQ\n" + + "4wQQoBEBAKDhABCg4wjQS+IQjL3oAEgt6Q2woOEQ0E3iABCg4QAAoOMAAI3lBCcH4wQAjeUAMKDj\n" + + "CACN5TYAoOOc///rC9Cg4QCIvegEAJ/lAACP4B7/L+HoCQAADgCg4R7/L+HwTS3pGLCN4hDQTeIB\n" + + "QKDhAFCg4QBwoOPFAKDjBRCg4QQgoOEAMKDjAHCN5QRwjeUIcI3lhv//6wEKcOMKAACaAGCg4YgA\n" + + "n+UAAI/gCACQ5TD/L+EAEGbiABCA5QBw4OMHAKDhGNBL4vCNvehkAJ/l0CDE4QAAj+AEAJDlWBCf\n" + + "5QAwI+ABEJ/nASAi4AMgkuHy//8aAACR4fD//wowALTlBBCU5QEAkOHs//8aAIAP4wUAoOH/j0/j\n" + + "vP//6wgAUOEAYKCR8GDEkQcAoOEY0Evi8I296IwJAABgCQAAUAkAAPBPLekcsI3i3NBN4hAAjeUD\n" + + "UKDhFBCN5QKgoOFMZJ/lAJCg4wgAm+UBcKDjEICb5QZgj+AAAFDjXgAASiIABeICAFDjWwAAGnBw\n" + + "jeJQAMDyCBCb5QAwoOMHAKDhByCg4c0KQPTNCkD0zQpA9M0KQPTNCkD0zQpA9ACQgOXFAKDj1JCN\n" + + "5QCQjeUEkI3lCJCN5Tf//+sBCnDjBgAAmgBAoOEIAJblMP8v4QAQZOIAEIDlAQCg4z4AAOpwIJ3l\n" + + "dDCd5QQAluWoE5/lADAj4AEQn+cBICLgAyCS4Q0AABoAAJHhCwAACqAAneWkEJ3lAQCQ4QcAABoI\n" + + "AJvlAEAP4/9PT+Ny///rBABQ4TAQh5IAMKCTCQCBmHAAneV0EJ3lBCCW5VAzn+UCECHgAzCf5wMA\n" + + "IOABAIDhAhCT4RAPb+EBEAATBAAa46ACoOEBkADgAQCg4xcAAAoYII3iUADA8gAQoOMAMKDjAgCg\n" + + "4WwQjeXNCkD0zQpA9M0KQPTNCkD0zQpA9AAQgOULAQDjABCN5QQQjeUIEI3lCBCb5fX+/+sYEJ3l\n" + + "lCkB4wIhQOMCECHgAQCQ4QEAABMJcMDhCACW5TD/L+H/HwDjFmCg4wEAGOEqAAAaFECb5UoQ4OMM\n" + + "oI3lJKaw4REAABoIEJvlAGCg4QwwneUoBqDhBBCN5QAAWeMQEJ3lBAqA4RQgneUCMIMTCACN5cAA\n" + + "oOMAUI3l1f7/6wAQoOEBCnDjGQAAmgYAoOEMIJ3lpTDg4Q0AceMiIeDhpSKC4QMgguEBIALiByCC\n" + + "4QEgABMAAFLjAQAACgBgYeIGAADqAABa4w1goOMCEAUCASCgA6EQIgAHEJEBPQAACgBggOUAEODj\n" + + "AQCg4RzQS+Lwj73oAABZ4/r//woUAJ3lEBCN5QAAUOMbAAAKEHCd5QBQoOMUoJ3lAZqg4wBgoOMG\n" + + "AADqAICY4AdwgOAAQKTiAKBa4ABgxuIGAJrhDgAACgEKWuMBOqDjCBCb5QowoDEAAFbjtACg4wkw\n" + + "oBEHIKDhIAGN6AhAjeWa/v/rAABQ4+v//8oEAHDj7v//Clxhn+UAEKDjABCN5QZgj+AEEI3lCBCN\n" + + "5RQQneUQAJblAUBB4gxQneUAEITgAABg4gAgAeAQEJ3lfQCg4wUwoOGF/v/rBAAV4zMAABoQEJ3l\n" + + "AQCg4RzQS+Lwj73oKBag4Qggm+UEGoHhDHCd5QQgjeUAoKDhCBCN5QQwx+MQEJ3lwACg4xQgneUA\n" + + "UI3lcv7/6wAQoOEKAKDhAQpx47D//4oUkJ3lAGCg41sAoOMAMKDjAGCN5QkgoOEEYI3lCGCN5WX+\n" + + "/+sAEA/j/x9P4wEQgeIBAFDhHgAAKiAQheMAEI3lEBCd5QAA4OMCMIfjQQCN6cAAoOMJIKDhV/7/\n" + + "6wAQoOEAAA/j/w9P4wAAUeGb//+aAGBh4goAoOGR///qEDCd5RAQluUDcITgACBh4gEQh+ACcADj\n" + + "AwAC4AIQAeAPcEDjACCg4wAAAO8DEKDhAABQ44X//wr+3v/nxAgAACgIAADMBwAA0AUAAABILekN\n" + + "sKDhENBN4gEgoOEAEKDhAACg4wAwoOMAAI3lBACN5QgAjeULAQDjMP7/6wvQoOEAiL3oEEwt6Qiw\n" + + "jeIQ0E3iAsCg4RQgm+UB4KDhABCg4SIGsOFKAODjCQAAGhAAm+UIQJvlGACN6AwwoOEgBqDhAgqA\n" + + "4QgAjeXAAKDjDiCg4Rr+/+sI0EviEIy96ABILekNsKDhENBN4gIwoOEBIKDhABCg4QAAoOMI4Jvl\n" + + "DMCb5QFAjei0AKDjCMCN5Qv+/+sL0KDhAIi96ABILekNsKDhENBN4gIwoOEBIKDhABCg4QAAoOMA\n" + + "AI3lBACN5QgAjeV9AKDj/f3/6wvQoOEAiL3oMEgt6QiwjeIQ0E3iCMCb5QBQoOMMQJvl+EDN4QDA\n" + + "jeWV/v/rCNBL4jCIvegASC3pDbCg4RDQTeIBIKDhABCg4QAAoOMAMKDjAACN5QQAjeUIAI3lWwCg\n" + + "4+T9/+sL0KDhAIi96ABILekNsKDhENBN4gIwoOEBIKDhABCg4QAAoOMAAI3lBACN5QgAjeUDAKDj\n" + + "1v3/6wvQoOEAiL3oAEgt6Q2woOEQ0E3iAjCg4QEgoOEAEKDhAACg4wAAjeUEAI3lCACN5QQAoOPI\n" + + "/f/rC9Cg4QCIvegASC3pDbCg4RDQTeICwKDhASCg4QAQoOEAAKDjADCN5QwwoOEEAI3lCACN5UIB\n" + + "AOO5/f/rC9Cg4QCIvegASC3pDbCg4RDQTeICwKDhASCg4QAQoOEAAKDjADCN5QwwoOEEAI3lCACN\n" + + "5UcBAOOq/f/rC9Cg4QCIvegASC3pDbCg4RDQTeIAIKDhAACg4wEwoOEAAI3lBACN5WMQ4OMIAI3l\n" + + "RwEA45z9/+sL0KDhAIi96ABILekNsKDhENBN4gEgoOEAEKDhAACg4wAwoOMAAI3lBACN5QgAjeXF\n" + + "AKDjjv3/6wvQoOEAiL3oAEgt6Q2woOEQ0E3iABCg4QAAoOMAAI3lACCg4wQAjeUAMKDjCACN5QYA\n" + + "oOOA/f/rC9Cg4QCIvegASC3pDbCg4RDQTeICMKDhASCg4QAQoOEAAKDjAACN5QQAjeUIAI3lNgCg\n" + + "43L9/+sL0KDhAIi96ABILekNsKDhENBN4gAQoOEAAKDjAACN5QAgoOMEAI3lADCg4wgAjeX4AKDj\n" + + "ZP3/6/7e/+cAAFLjPwAACgAwoOEDAFLjAhDD5gEQQ+U6AAA6BwBS4wIQwOUBEMDlAxBD5QIQQ+U0\n" + + "AAA6CQBS4wMQwOUEEEPlHv8vMQBILekNsKDhATEA43EQ7+YBMUDjkQMB4AAwYOIDwAPiADCg4Qwg\n" + + "QuAMEKPnA8DC4wwgg+AJAFzjBBAC5R8AADoZAFzjBBCD5QgQg+UMEALlCBAC5RkAADoMEIPlEBCD\n" + + "5RQQg+UYEIPlHBAC5RgQAuUUEALlEBAC5QQgA+IY4ILjDiBM4CAAUuMMAAA6DjCD4CAgQuIAEIPl\n" + + "BBCD5R8AUuMIEIPlDBCD5RAQg+UUEIPlGBCD5RwQg+UgMIPi8///igBIvege/y/hAAAAAAAAAAAA\n" + + "AAAA776v3gAAAAAURREAAAAAAAAQAAAAAAAAGPT/fwEAAAAY9P9/AQAAAFD0/38BAAAAgPT/fwEA\n" + + "AACo9P9/AQAAAMD0/38BAAAAzPT/fwEAAADc9P9/AQAAAPD0/38BAAAADPX/fwEAAAAs9f9/AQAA\n" + + "AGT1/38BAAAAlPX/fwEAAACc9f9/AQAAAJz1/38BAAAAdPb/fwEAAADs+v9/AQAAABz7/38BAAAA\n" + + "bPv/fwEAAACg+/9/AQAAAND7/38BAAAA9Pv/fwEAAAAk/P9/AQAAAFT8/38BAAAAhPz/fwEAAAC4\n" + + "/P9/AQAAAOz8/38BAAAAHP3/fwEAAABM/f9/AQAAAHz9/38BAAAArP3/fwEAAADU/f9/AQAAAND9\n" + + "/38BAAAA1P7/fwEAAAA=\n"; byte[] bytes = android.util.Base64.decode(b64, android.util.Base64.DEFAULT); - int hookInfoOffset = 0x05e0; + int hookInfoOffset = 0x0bd0; fillInHookInfo(bytes, hookInfoOffset); return bytes; } @@ -74,57 +107,57 @@ public int getNativeDebugBreakOffset() { @Override public int getNativeClearCacheOffset() { - return 0x00a4; + return 0x0080; } @Override public int getNativeSyscallOffset() { - return 0x0064; + return 0x0008; } @Override public int getNativeCallPointerFunction0Offset() { - return 0x00d4; + return 0x00d0; } @Override public int getNativeCallPointerFunction1Offset() { - return 0x00e8; + return 0x00e4; } @Override public int getNativeCallPointerFunction2Offset() { - return 0x0100; + return 0x00fc; } @Override public int getNativeCallPointerFunction3Offset() { - return 0x011c; + return 0x0118; } @Override public int getNativeCallPointerFunction4Offset() { - return 0x0140; + return 0x013c; } @Override public int getNativeGetJavaVmOffset() { - return 0x0168; + return 0x0164; } @Override public int getFakeStat64Offset() { - return 0x022c; + return 0x01f4; } @Override public int getFakeMmap64Offset() { - return 0x0330; + return 0x02d4; } @Override public int getFakeMmapOffset() { - return 0x05b4; + return 0x0858; } @Override diff --git a/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_Arm64.java b/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_Arm64.java index d60a696..66b9839 100644 --- a/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_Arm64.java +++ b/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_Arm64.java @@ -15,52 +15,76 @@ private ShellcodeImpl_Arm64() { @Override public byte[] getShellcodeBytes() { - //0550 l O .text 0018 get_hook_info.sHookInfo - //0000 g F .text 0008 NativeBridge_breakpoint - //0008 g F .text 0068 __clear_cache - //0070 g F .text 0028 syscall_ext - //0098 g F .text 0024 NativeBridge_nativeSyscall - //00bc g F .text 0064 NativeBridge_nativeClearCache - //0120 g F .text 0004 NativeBridge_nativeCallPointerFunction0 - //0124 g F .text 0008 NativeBridge_nativeCallPointerFunction1 - //012c g F .text 000c NativeBridge_nativeCallPointerFunction2 - //0138 g F .text 0014 NativeBridge_nativeCallPointerFunction3 - //014c g F .text 0018 NativeBridge_nativeCallPointerFunction4 - //0164 g F .text 0038 NativeBridge_nativeGetJavaVM - //019c g F .text 000c get_hook_info - //01a8 g F .text 0024 lsw_pread64 - //01cc g F .text 0034 lsw_mprotect - //0200 g F .text 00fc fake_fstat64 - //02fc g F .text 0248 fake_mmap64 - //0544 g F .text 0004 fake_mmap + //0000 g DF .text 0008 NativeBridge_breakpoint + //0000 g D .text 0000 ___text_section + //0008 g DF .text 0024 NativeBridge_nativeSyscall + //002c g DF .text 0028 syscall_ext + //0054 g DF .text 0064 NativeBridge_nativeClearCache + //00b8 g DF .text 0068 __clear_cache + //0120 g DF .text 0004 NativeBridge_nativeCallPointerFunction0 + //0124 g DF .text 0008 NativeBridge_nativeCallPointerFunction1 + //012c g DF .text 000c NativeBridge_nativeCallPointerFunction2 + //0138 g DF .text 0014 NativeBridge_nativeCallPointerFunction3 + //014c g DF .text 0018 NativeBridge_nativeCallPointerFunction4 + //0164 g DF .text 0038 NativeBridge_nativeGetJavaVM + //019c g DF .text 0020 ashmem_dev_get_size_region + //01bc g DF .text 000c get_hook_info + //01c8 g DF .text 0014 get_current_pc + //01dc g DF .text 00e8 fake_fstat64 + //02c4 g DF .text 03d0 fake_mmap64 + //074c g DF .text 0004 fake_mmap + //0a60 l O .rodata 0018 _ZZ13get_hook_infoE9sHookInfo String b64 = - "AAA+1MADX9YfAAHrKAA71aICAFQJTRBTigCAUkkhyRrqAwCqKnsL1UoBCYtfAQHro///VB8AAeuf\n" + - "OwPVAgEAVAgNABKJAIBSKCHIGiB1C9UAAAiLHwAB66P//1TfPwPVwANf1p87A9XfPwPVwANf1gl8\n" + - "QJPgAwGq4QMCquIDA6rjAwSq5AMFquUDBqroAwmqAQAA1MADX9boAwaq5gNA+eEDA6rgAwIq4gME\n" + - "quMDBarkAwiq5QMHqu7//xdoAAKLKQA71V8ACOtiAgBUKk0QU4sAgFJqIcoa6wMCqit7C9VrAQqL\n" + - "fwEI66P//1QpDQASigCAUp87A9VJIckaInUL1UIACYtfAAjro///VN8/A9XAA1/WnzsD1d8/A9XA\n" + + "AAA+1MADX9boAwaq5gNA+eEDA6rgAwIq4gMEquMDBarkAwiq5QMHqgEAABQJfECT4AMBquEDAqri\n" + + "AwOq4wMEquQDBarlAwaq6AMJqgEAANTAA1/WaAACiykAO9VfAAjrYgIAVCpNEFOLAIBSaiHKGusD\n" + + "AqorewvVawEKi38BCOuj//9UKQ0AEooAgFKfOwPVSSHJGiJ1C9VCAAmLXwAI66P//1TfPwPVwANf\n" + + "1p87A9XfPwPVwANf1h8AAesoADvVogIAVAlNEFOKAIBSSSHJGuoDAKoqewvVSgEJi18BAeuj//9U\n" + + "HwAB6587A9UCAQBUCA0AEokAgFIoIcgaIHUL1QAACIsfAAHro///VN8/A9XAA1/WnzsD1d8/A9XA\n" + "A1/WQAAf1uADA6pAAB/W4QMEquADA6pAAB/W4QMEquADA6rjAwKq4gMFqmAAH9bhAwSq4AMDquQD\n" + "AqriAwWq4wMGqoAAH9b/gwDR/XsBqf1DAJEIAED54SMAkf8HAPkIbUP5AAE/1ugHQPkfAABxAAGf\n" + - "mv17Qan/gwCRwANf1h8gA9WAHQAQwANf1gh8QJPkAwOq4wMCqmAIgFLiAwGq5QMfquEDCKrmAx+q\n" + - "qv//F/17v6n9AwCR6AMBqkN8QJPhAwCqQByAUuIDCKrkAx+q5QMfquYDH6qf//+X/XvBqMADX9b9\n" + - "e72p9QsA+fRPAqn9AwCRFHxAk/MDAarjAx+qAAqAUuIDE6rkAx+q4QMUquUDH6rmAx+qj///lx/8\n" + - "P7HiAQBUCAAAkGkCQPngAx8qCKlC+T8BCOuhAABUiAAAtGgaQPkoAgC04AMfKvRPQqn1C0D5/XvD\n" + - "qMADX9YIAACQ9QMAqgitQvkAAT/W6AMVSwgAALkAAIAS9E9CqfULQPn9e8OowANf1qADgFLhAxSq\n" + - "guCOUuMDH6rkAx+q5QMfquYDH6ps//+XHwRAsQgBAFToAwCq4AMfKmgaAPn0T0Kp9QtA+f17w6jA\n" + - "A1/W4AMfKvRPQqn1C0D5/XvDqMADX9b/gwPR/XsIqfxvCan6Zwqp+F8LqfZXDKn0Tw2p/QMCkfcD\n" + - "Bar4AwQq+gMDKvMDAir0AwGq+QMAqvsDH6oVAIAShAL4N0gEgFL2Axuq/AMTKkgDCAofCQBxoQMA\n" + - "VADkAG/hAwCR4AMYKuADAK3gAwGt4AMCreADA62j//+X+wMfquAAADT2Ax+q/AMTKhAAABT2Axuq\n" + - "/AMTKg0AABQIAACQ6QNA+fYDG6oIqUL5/AMTKj8BCOvBAABUqAAAtHwGADL7AxSq9gMXqvUDGCoI\n" + - "AACQCK1C+QABP9b/LkDyoAAAVMgCgFIIAAC5AACAkk8AABSDf0CTRH9AkwV/QJPiAxSq9AMAqsAb\n" + - "gFLhAxmq5gMXqvkDAqoY//+XH/w/saIHAFS/BgAxIAgAVPgDAKr0AxmqWwIAtBkAglL3AxiqBQAA\n" + - "FHsDAMsWABaLFwAXi3sBALR/B0Dx4AMVKuEDF6piM5ma4wMWqlL//5cfAADxrP7/VB8QALHA/v9U\n" + - "FgAAkJUGANHgAxiqyLJC+eIDEyr0AxiqqQIIi+gDCMshAQiKTf//l+ADGKozBBA2yLJC+akCAIvq\n" + - "AwjLKQEIiwgACoopAQqKKgA71R8BCevCAgBUS00QU4wAgFKLIcsa7AMIqix7C9WMAQuLnwEJ66P/\n" + - "/1RKDQASiwCAUp87A9VqIcoaKHUL1QgBCosfAQnro///VAYAABToAwBLAACAkogCALkDAAAUnzsD\n" + - "1d8/A9X0T02p9ldMqfhfS6n6Z0qp/G9Jqf17SKn/gwORwANf1m7//xcAAAAAAAAAAO++r94AAAAA\n" + - "FEURAAAAAAAAAAAAAAAAAA=="; + "mv17Qan/gwCRwANf1gF8QJOC4I5S4wMfqqADgFLkAx+q5QMfquYDH6qd//8XHyAD1QBFABDAA1/W\n" + + "/g8f+P8gA9XgAx6q/gdB+MADX9b9e72p9QsA+fRPAqn9AwCR9AMAKvMDAaoACoBSiH5Ak+IDE6rj\n" + + "Ax+q5AMfquUDH6rmAx+q4QMIqob//5cf/D+xgwEAVAgAAJD1AwCqCDVF+QABP9boAxVLCAAAuQAA\n" + + "gBL0T0Kp9QtA+f17w6jAA1/WCAAAkGkCQPngAx8qCDFF+T8BCOvh/v9UyP7/tGgaQPnIAAC04AMf\n" + + "KvRPQqn1C0D5/XvDqMADX9bgAxQqxf//lx8EQLHJAABU4AMfKvRPQqn1C0D5/XvDqMADX9boAwCq\n" + + "4AMfKmgaAPn0T0Kp9QtA+f17w6jAA1/W/8MF0f17Ean8bxKp+mcTqfhfFKn2VxWp9E8Wqf1DBJH0\n" + + "AwWq+AMEKvcDAyrzAwIq9QMBqvYDAKr8Ax8qOgCAUhsAAJDkCPg3SASAUugCCAofCQBxYQgAVADk\n" + + "AG/5Axgq4gMCkQAKgFLhAxmq4wMfquQDH6rlAx+q5gMfquADBK3gAwWt4AMGreADB603//+XHwRA\n" + + "sSkBAFRoN0X5+gMAqgABP9boAxpL/AMfKggAALkoAIBSKgAAFBoAAJDpQ0D5SDNF+T8BCOshAQBU\n" + + "CAEAtOhbQPnIAAC14AMYKn///5cfBECxSAAAVOBbAPnoQ0D5STNF+R8BCeskCUD6/AefGnMAEDco\n" + + "AIBSFQAAFADkAG/iAwCRgAWAUuEDGarjAx+q5AMfquUDH6rmAx+q/zsA+eCDAK3ggwGt4IMCreAD\n" + + "gD0K//+X6ANA+Ykyg1IfAABxSSCgcgABSfroB58aGgE8Cmg3RfkAAT/Wny5A8oABAFTIAoBSCAAA\n" + + "uQAAgJL0T1ap9ldVqfhfVKn6Z1Op/G9Sqf17Uan/wwWRwANf1p8DAHFIAIBS+X5AkwgRnxoYf0CT\n" + + "+wMAqggBEyrAG4BS4QMWqgN9QJPiAxWq5AMZquUDGKrmAxSq5f7/lx/8P7GjAQBU6H4FUx80ADEI\n" + + "CXMqCAV3KggBABIIARoqCAWfGqgFADToAwBLAACAkmgDALnc//8XfPv/NPYDAKrVAgC0GQCCUvcD\n" + + "Fqr6AxWqBQAAFFoDAMsUABSLFwAXi9oBALRfB0DxYAiAUuEDGKpDM5ma4gMXquQDFKrlAx+q5gMf\n" + + "qsP+/5cfAADxTP7/VB8QALFg/v9UFwAAkLQGANFjfkCT6DpF+UAcgFLhAxaq5AMfquUDH6rmAx+q\n" + + "iQIIi+gDCMsiAQiKsv7/l7MCEDfgAxaqtP//F/8CH3JIF58aiAEAN2h6HRLAG4BS4QMWqgN9QJPi\n" + + "AxWq5AMZquUDGKrmAxSqo/7/lx8EQLFpBABUqAGAUgAAgJJoAwC5ov//F+g6RfmJAhaL4AMWquoD\n" + + "CMspAQiLSAEWiikBCooqADvVHwEJ60ICAFRLTRBTjACAUoshyxrsAwiqLHsL1YwBC4ufAQnro///\n" + + "VEoNABKLAIBSnzsD1WohyhoodQvVCAEKix8BCeuj//9UAgAAFJ87A9XfPwPVhP//F+EDAKrgGoBS\n" + + "4gMVquMDH6rkAx+q5QMfquYDH6p3/v+XH/w/McIBAFRoAh8y6QIbMsAbgFIDfUCTJH1Ak+EDFqri\n" + + "AxWqBQCAkuYDH6pr/v+XH/w/seLx/1ST//8XIAAg1P17v6n9AwCRCHxAk+IDAarjAx+qgAWAUuQD\n" + + "H6rlAx+q4QMIquYDH6pc/v+X/XvBqMADX9ZJfECTanxAk+YDBaroAwGqhXxAk+EDAKrAG4BS4gMI\n" + + "quMDCarkAwqqT/7/Fwh8QJPkAwOq4wMCqmAIgFLiAwGq5QMfquEDCKrmAx+qRv7/F/17v6n9AwCR\n" + + "6AMBqkN8QJPhAwCqQByAUuIDCKrkAx+q5QMfquYDH6o7/v+X/XvBqMADX9be/v8X/Xu/qf0DAJHi\n" + + "AwGq4QMAquAagFLjAx+q5AMfquUDH6rmAx+qLv7/l/17wajAA1/WCHxAk+MDAqriAwGq4AeAUuQD\n" + + "H6rlAx+q4QMIquYDH6oj/v8XCHxAk+MDAqriAwGqAAiAUuQDH6rlAx+q4QMIquYDH6oa/v8X/Xu/\n" + + "qf0DAJFJfECT6AMBqgF8QJPkAwMqAAeAUuIDCKrjAwmq5QMfquYDH6oO/v+X/XvBqMADX9b9e7+p\n" + + "/QMAkQl8QJPoAwKqZHxAk+IDAargCYBS4wMIquEDCarlAx+q5gMfqgD+/5f9e8GowANf1v17v6n9\n" + + "AwCR4wMBquIDAKrgCYBSYQyAkuQDH6rlAx+q5gMfqvT9/5f9e8GowANf1v17v6n9AwCRCHxAk+ID\n" + + "AarjAx+qAAqAUuQDH6rlAx+q4QMIquYDH6rn/f+X/XvBqMADX9b9e7+p/QMAkQF8QJPiAx+q4wMf\n" + + "qiAHgFLkAx+q5QMfquYDH6rb/f+X/XvBqMADX9b9e7+p/QMAkQh8QJPjAwKq4gMBqqADgFLkAx+q\n" + + "5QMfquEDCKrmAx+qzv3/l/17wajAA1/W/Xu/qf0DAJEBfECT4gMfquMDH6rAC4BS5AMfquUDH6rm\n" + + "Ax+qwv3/lyAAINQiCQC0CAACi18MAPEBAAA5AfEfOIMIAFRfHADxAQQAOQEIADkB4R84AdEfOMMH\n" + + "AFRfJADxAQwAOQHBHzhDBwBU6AMASykcABLqwwAyCwVAkil9ChtMAAvLCgALi4j1fpJNAQiLHyUA\n" + + "8UkBALmpwR+4owUAVB9lAPFJpQApqaU+KSMFAFROAX6SIA0ETs8FfbIIAQ/LH4EA8UDBgDygQZ48\n" + + "IwQAVIwBDsspgQmqSgEPi4zhANGfgQHxowIAVIz9RdMgDQhOywELi2sBAIuMBQCRa2EBkY3lfpKv\n" + + "6XvT7gMNqggBD8tKAQ+LYAE+rc4RAPFgAT+tYAEArWABAa1rAQKRQf//VJ8BDevgAABUCIEA0Ukl\n" + + "AKkffQDxSSUBqUqBAJFo//9UwANf1gAAAAAAAAAAAAAAAO++r94AAAAAFEURAAAAAAAAEAAAAAAA\n" + + "AA==\n"; byte[] bytes = android.util.Base64.decode(b64, android.util.Base64.DEFAULT); - int hookInfoOffset = 0x0550; + int hookInfoOffset = 0x0a60; fillInHookInfo(bytes, hookInfoOffset); return bytes; } @@ -72,12 +96,12 @@ public int getNativeDebugBreakOffset() { @Override public int getNativeClearCacheOffset() { - return 0x00bc; + return 0x0054; } @Override public int getNativeSyscallOffset() { - return 0x0098; + return 0x0008; } @Override @@ -112,17 +136,17 @@ public int getNativeGetJavaVmOffset() { @Override public int getFakeStat64Offset() { - return 0x0200; + return 0x01dc; } @Override public int getFakeMmap64Offset() { - return 0x02fc; + return 0x02c4; } @Override public int getFakeMmapOffset() { - return 0x0544; + return 0x074c; } @Override diff --git a/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_Riscv64.java b/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_Riscv64.java index 738788e..5a36567 100644 --- a/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_Riscv64.java +++ b/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_Riscv64.java @@ -15,41 +15,61 @@ private ShellcodeImpl_Riscv64() { @Override public byte[] getShellcodeBytes() { - //0300 l O .text 0018 get_hook_info.sHookInfo - //0000 g F .text 0004 NativeBridge_breakpoint - //0004 g F .text 0010 __clear_cache - //0014 g F .text 0014 syscall_ext - //0028 g F .text 0012 NativeBridge_nativeSyscall - //003a g F .text 0016 NativeBridge_nativeClearCache - //0050 g F .text 0002 NativeBridge_nativeCallPointerFunction0 - //0052 g F .text 0004 NativeBridge_nativeCallPointerFunction1 - //0056 g F .text 0006 NativeBridge_nativeCallPointerFunction2 - //005c g F .text 000a NativeBridge_nativeCallPointerFunction3 - //0066 g F .text 000c NativeBridge_nativeCallPointerFunction4 - //0072 g F .text 0030 NativeBridge_nativeGetJavaVM - //00a2 g F .text 000a get_hook_info - //00ac g F .text 0016 lsw_pread64 - //00c2 g F .text 002a lsw_mprotect - //00ec g F .text 009a fake_fstat64 - //0186 g F .text 016e fake_mmap64 - //02f4 g F .text 0002 fake_mmap + //0000 g DF .text 0004 NativeBridge_breakpoint + //0000 g D .text 0000 ___text_section + //0004 g DF .text 0012 NativeBridge_nativeSyscall + //0016 g DF .text 0014 syscall_ext + //002a g DF .text 0016 NativeBridge_nativeClearCache + //0040 g DF .text 0010 __clear_cache + //0050 g DF .text 0002 NativeBridge_nativeCallPointerFunction0 + //0052 g DF .text 0004 NativeBridge_nativeCallPointerFunction1 + //0056 g DF .text 0006 NativeBridge_nativeCallPointerFunction2 + //005c g DF .text 000a NativeBridge_nativeCallPointerFunction3 + //0066 g DF .text 000c NativeBridge_nativeCallPointerFunction4 + //0072 g DF .text 0030 NativeBridge_nativeGetJavaVM + //00a2 g DF .text 0014 ashmem_dev_get_size_region + //00b6 g DF .text 000a get_hook_info + //00c0 g DF .text 0004 get_current_pc + //00c4 g DF .text 0088 fake_fstat64 + //014c g DF .text 02ac fake_mmap64 + //0478 g DF .text 0002 fake_mmap + //0740 l O .rodata 0018 _ZZ13get_hook_infoE9sHookInfo String b64 = - "ApCCgJMIMBABRnMAAAAR4YKAAACqiC6FsoU2hrqGPofCh3MAAACCgIJitoUyhTqGvoZCh8aHFojx\n" + - "vzKFs4XGAJMIMBABRnMAAAAR4YKAAAAChjaFAoa6hTaFAoa6hTaFMoc+hgKHuoU2hTKHPobChgKH\n" + - "AREG7CLoABAMYQO2hW0jNAT+kwWE/gKWgzWE/jM1oAB9FW2NEwEE/uJgQmQFYYKAFwUAABMF5SWC\n" + - "gCqHEwUwBLaHsoYuhrqFPoeBRwFIkb9BEQbkIuAACLKGLoaqhRMFIA4BR4FHAUjv8L/zASUTAQT/\n" + - "omACZEEBgoB5cQb0IvAm7EroTuQAGK6JKokTBQAFyoVOhoFGAUeBRwFI7/B/8P11hSVjcbUCA7YJ\n" + - "ABcFAACDNSUeAUVjErYChcEDtQkDFcUBRRmoqoQXBQAAAzXlHAKVuwWQQAzBfVUTAQT9onACdOJk\n" + - "QmmiaUVhgoAdZRsGRXB1RcqFgUYBR4FHAUjv8F/qfXaqhQFF42m2/AFFI7i5AuG3UXGG9aLxpu3K\n" + - "6c7l0uFW/Vr5XvVi8Wbtaulu5YAZvoQ6i7aLsokuiSqMAU19WhcFAACTDcUUY0wHAhP1KwKJReqK\n" + - "zoxjF7UEV3C4zVc0AF4TBQTxJ3QFApMFBPFahe/wn/B9WgHJAU2BSs6MHaDqis6MBaCDNQTxA7UN\n" + - "AAFNgUrOjGOYpQARxZPsOQBKjaaKWooDtY0AApUTlkQD2UVN5kqGKokTBeAN4oUyjOaGXofahyaI\n" + - "7/C/3f11hSVjc7UI/VVjBboIKotiiWMHDQKFa3Fc2oQ5oDMNrUCqmqqUYw0NADNWfQtShaaF1obv\n" + - "8L/j40Og/uMFhf8DtQ0BfRmzBakAMwWgQOmN2oRahU6G7/D/4lqFk/VJAJXJg7UNAbMGsEAzdtUA\n" + - "SpUulbN11QCTCDAQMoUBRnMAAACqhVqFmcUAALsFoEBKhQzBfVUTAQTxrnAOdO5kTmmuaQ5q6npK\n" + - "e6p7CnzqbEptqm1tYYKASb0AAAAAAAAAAAAA776v3gAAAAAURREAAAAAAAAAAAAAAAAA"; + "ApCCgIJitoUyhTqGvoZCh8aHFogJoKqILoWyhTaGuoY+h8KHcwAAAIKAMoWzhcYAkwgwEAFGcwAA\n" + + "ABHhgoAAAJMIMBABRnMAAAAR4YKAAAAChjaFAoa6hTaFAoa6hTaFMoc+hgKHuoU2hTKHPobChgKH\n" + + "AREG7CLoABAMYQO2hW0jNAT+kwWE/gKWgzWE/jM1oAB9FW2NEwEE/uJgQmQFYYKAqoUdZRsGRXB1\n" + + "RYFGAUeBRwFIjbcXBQAAEwWlaIKABoWCgHlxBvQi8CbsSuhO5AAYrokqiRMFAAXKhU6GgUYBR4FH\n" + + "AUjv8B/z/XWFJWNttQCqhBcFAAADNUVlApW7BZBADMF9VS2gA7YJABcFAACDNUVjAUVjHbYAmckD\n" + + "tQkDGeVKhe/w//d9dmN8pgABRRMBBP2icAJ04mRCaaJpRWGCgKqFAUUjuLkC3bdJcYb2ovKm7srq\n" + + "zubS4lb+Wvpe9mLyZu5q6m7mgBq+i7qJNosyiS6KqoqBTIVNFwUAABMMZVxjSwcOE3UrAolFYxa1\n" + + "DldwuM1XNABeEwUE8Sd0BQITBQAFEwYE8c6FgUYBR4FHAUjv8F/m/XVj/KUAqoQDNYwAApWBTLsF\n" + + "kEAMwQVFXaCDNQTxAzUMAGOepQABzQM1BPQJ6U6F7/Df6/11Y+SlACMwpPQDNQTxgzUMAC2NEzUV\n" + + "ALM1sACzfLUAk3VJAAVFtcETBQTvV3CBzVc0AF4ndAUCEwUE7id0BQITBQTtJ3QFAldwpM1XNABe\n" + + "EwUE6Sd0BQIjMATwEwXAAhMGBOnOhYFGAUeBRwFI7/D/24M1BOk7BQUINyYCARsGRpmxjU2NMzWg\n" + + "ALN9lUEDNYwAApWTlUsD2UTx5SqNE5UcALNmJQETBeAN1oVShlqHzodeiO/wn9f9dYUlY2m1ApsF\n" + + "BQC1BbM1sAATRvv/BYKTVlsAE0f5/wmD2Y5VjgWKM2a2AdGNvcW7BKBApahjjgwGqopjCgoCBWvx\n" + + "XFaN0oQpoImMqpsqnYXAs9ZkCxMFMATOhWqGXoeBRwFI7/Af0eNBoP7jApX/AzUMAX0aswWqADMG\n" + + "oEBtjhMFIA7WhcqGAUeBRwFI7/B/zhN1SQAd7VaFIagTdSsAEzUVADNltQG1RDnFaoUEwX1VEwEE\n" + + "6bZwFnT2ZFZptmkWavJ6UnuyexJ88mxSbbJtdWGCgIM1DAEzBrBAM3VWAVaa0pXxjZMIMBABRnMA\n" + + "AACqhVaF3d25qJN2uf8TBeAN1oVShlqHzodeiO/wv8b9fKqFaoXj7bz4EwVwDVKGgUYBR4FHAUjv\n" + + "8P/EASWFLGNzlQOTZikAE2cLAhMF4A39V9aFUoYBSO/w/8L9dYUl43G17uW1AABBEQbkIuAACC6G\n" + + "qoUTBcACgUYBR4FHAUjv8H/AASUTAQT/omACZEEBgoAqiBMF4A2+iLqHNoeyhi6GwoVGiMW2KocT\n" + + "BTAEtoeyhi6GuoU+h4FHAUjptkERBuQi4AAIsoYuhqqFEwUgDgFHgUcBSO/wH7sBJRMBBP+iYAJk\n" + + "QQGCgNG5QREG5CLgAAguhqqFEwVwDYFGAUeBRwFI7/BfuAElEwEE/6JgAmRBAYKAqoYTBfADMocu\n" + + "hraFuoYBR4FHAUi5vqqGEwUABDKHLoa2hbqGAUeBRwFIobZBEQbkIuAACLKHLoaqhTuHBggTBYAD\n" + + "voaBRwFI7/C/sgElEwEE/6JgAmRBAYKAQREG5CLgAAg2h7KGLoaqhRMF8ASBRwFI7/AfsAElEwEE\n" + + "/6JgAmRBAYKAQREG5CLgAAiuhiqGEwXwBJMFwPkBR4FHAUjv8F+tASUTAQT/omACZEEBgoBBEQbk\n" + + "IuAACC6GqoUTBQAFgUYBR4FHAUjv8L+qASUTAQT/omACZEEBgoBBEQbkIuAACKqFEwWQAwFGgUYB\n" + + "R4FHAUjv8B+oASUTAQT/omACZEEBgoBBEQbkIuAACLKGLoaqhXVFAUeBRwFI7/CfpQElEwEE/6Jg\n" + + "AmRBAYKAQREG5CLgAAiqhRMF4AUBRoFGAUeBRwFI7/D/ogAAYwYGFCMAtQCzBsUADUejj7b+Y23m\n" + + "EqMAtQAjAbUAI4+2/h1Ho462/mNi5hKjAbUAJUcjjrb+Y2vmELsGoECT9zYAswb1ADMI9kATdsj/\n" + + "4hW3FxAQkgeThwcQs7X1AozCs4fGACOut/5jYuYOzMKMxiOqt/5lRyOst/5jaeYMzMaMyszKjM4j\n" + + "orf+I6S3/iOmt/4T90YAkwiHAbMCFkETBgACI6i3/mPjwgoTlgUCu4XFCDMG6EATBob8FYITCBYA\n" + + "cyYgwhNfJgCzhxYBY3ToAb6GiaizBuBBs3jYAJOWWACzgtJAvpZXd5ANV8QFXg4GV6UIUle1opYT\n" + + "AwACoUNBTuFORodXxqcCJ/RnCif0ww4ndM4OJ/TODjMH50Gyl33zYwYYAxOGAv59RzNW5goTRvb/\n" + + "FpYBmjaWEwYGAozijOaM6ozuk4YGAuOaxv6CgAAAAADvvq/eAAAAABRFEQAAAAAAABAAAAAAAAA=\n"; byte[] bytes = android.util.Base64.decode(b64, android.util.Base64.DEFAULT); - int hookInfoOffset = 0x0300; + int hookInfoOffset = 0x0740; fillInHookInfo(bytes, hookInfoOffset); return bytes; } @@ -61,12 +81,12 @@ public int getNativeDebugBreakOffset() { @Override public int getNativeClearCacheOffset() { - return 0x003a; + return 0x002a; } @Override public int getNativeSyscallOffset() { - return 0x0028; + return 0x0004; } @Override @@ -101,17 +121,17 @@ public int getNativeGetJavaVmOffset() { @Override public int getFakeStat64Offset() { - return 0x00ec; + return 0x00c4; } @Override public int getFakeMmap64Offset() { - return 0x0186; + return 0x014c; } @Override public int getFakeMmapOffset() { - return 0x02f4; + return 0x0478; } @Override diff --git a/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_X86.java b/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_X86.java index d541d84..3872185 100644 --- a/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_X86.java +++ b/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_X86.java @@ -15,100 +15,83 @@ private ShellcodeImpl_X86() { @Override public byte[] getShellcodeBytes() { - //0000 g .text 0000 ___text_dummy - //0000 g F .text 0014 NativeBridge_breakpoint - //0020 g F .text 0013 __clear_cache - //0040 g F .text 007a syscall_ext - //00c0 g F .text 0110 NativeBridge_nativeSyscall - //01d0 g F .text 005c NativeBridge_nativeClearCache - //0230 g F .text 0035 NativeBridge_nativeCallPointerFunction0 - //0270 g F .text 0044 NativeBridge_nativeCallPointerFunction1 - //02c0 g F .text 0052 NativeBridge_nativeCallPointerFunction2 - //0320 g F .text 0060 NativeBridge_nativeCallPointerFunction3 - //0380 g F .text 0074 NativeBridge_nativeCallPointerFunction4 - //0400 g F .text 007b NativeBridge_nativeGetJavaVM - //0480 g F .text 001c get_hook_info - //04a0 g F .text 006c ashmem_dev_get_size_region - //0510 g F .text 0092 lsw_pread64 - //05b0 g F .text 006a lsw_mprotect - //0620 g F .text 01b7 fake_fstat64 - //07e0 g F .text 04b5 fake_mmap64 - //0d80 w F .text 0155 memset - //0d00 g F .text 0079 fake_mmap - //0ee0 l O .text 0018 get_hook_info.sHookInfo - //0ca0 l F .text 0027 align_up - //0cd0 l F .text 0021 align_down + //0000 g DF .text 000b NativeBridge_breakpoint + //0000 g D .text 0000 ___text_section + //0010 g DF .text 003e NativeBridge_nativeSyscall + //0050 g DF .text 0045 syscall_ext + //00a0 g DF .text 000a NativeBridge_nativeClearCache + //00b0 g DF .text 000a __clear_cache + //00c0 g DF .text 0021 NativeBridge_nativeCallPointerFunction0 + //00f0 g DF .text 0027 NativeBridge_nativeCallPointerFunction1 + //0120 g DF .text 002d NativeBridge_nativeCallPointerFunction2 + //0150 g DF .text 0030 NativeBridge_nativeCallPointerFunction3 + //0180 g DF .text 0030 NativeBridge_nativeCallPointerFunction4 + //01b0 g DF .text 004a NativeBridge_nativeGetJavaVM + //0200 g DF .text 0043 ashmem_dev_get_size_region + //0250 g DF .text 001c get_hook_info + //0270 g DF .text 000d get_current_pc + //0280 g DF .text 00a4 fake_fstat64 + //0330 g DF .text 040d fake_mmap64 + //0860 g DF .text 003f fake_mmap + //0c20 l O .rodata 0018 _ZZ13get_hook_infoE9sHookInfo String b64 = - "VYnlg+T8g+wIi0UMi0UIzInsXcOQkJCQkJCQkJCQkJBVieWD5PyD7AiLRQyLRQiJ7F3DkJCQkJCQ\n" + - "kJCQkJCQkFWJ5VdWg+T8g+wgi0Ugi0Uci0UYi0UUi0UQi0UMi0UIi0UIiUQkHItEJByJRCQYi0UM\n" + - "iUQkCItFIIlEJAyLRCQYiUQkEI1EJAiLTRCLVRSLdRiLfRxVU4toBIsYi0AIzYBbXYlEJBSLRCQU\n" + - "iUQkBItEJASNZfheX13DkJCQkJCQVYnlU1dWg+TwgeyAAAAA6AAAAABbgcNsHgAAi0U8iUQkOItN\n" + - "QItVNIt1OIt9LItFMIlEJDSLRSSJRCQwi0UoiUQkLItFHIlEJCiLRSCJRCQki0UUiUQkHItFGIlE\n" + - "JCCLRRCLRQyLRQiLRCQciUQkcItEJCCJRCR0i0QkJIlEJGyLRCQoiUQkaItEJCyJRCRki0QkMIlE\n" + - "JGCLRCQ0iUQkXItEJDiJfCRYiXQkVIlUJFCJTCRMiUQkSItFEIlEJESLVCRwi3QkaIt8JGCLRCRY\n" + - "iUQkQItEJFCJRCQ8i0wkSIngiUgYi0wkPIlIFItMJECJSBCLTCREiXgMiXAIiVAEiQjoev7//zHS\n" + - "jWX0Xl9bXcNVieVTg+Twg+wg6AAAAABbgcNhHQAAi0UYi0Uci0UQi0UUi0UMi0UIi0UQiUQkEItF\n" + - "GIlEJAyLRCQQA0QkDIlEJAiLTCQQi0QkCIkMJIlEJATo+v3//41l/Ftdw5CQkJBVieVTg+Twg+wQ\n" + - "6AAAAABbgcMBHQAAi0UQi0UUi0UMi0UIi0UQiQQkiwQk/9Ax0o1l/Ftdw5CQkJCQkJCQkJCQVYnl\n" + - "U4Pk8IPsIOgAAAAAW4HDwRwAAItFGItFHItFEItFFItFDItFCItFEIlEJBCLRCQQi1UYieGJEf/Q\n" + - "MdKNZfxbXcOQkJCQkJCQkJCQkJBVieVTVoPk8IPsEOgAAAAAW4HDcBwAAItFIItFJItFGItFHItF\n" + - "EItFFItFDItFCItFEIlEJAyLRCQMi1UYi3UgieGJcQSJEf/QMdKNZfheW13DkJCQkJCQkJCQkJCQ\n" + - "kJBVieVTV1aD5PCD7CDoAAAAAFuBww8cAACLRSiLRSyLRSCLRSSLRRiLRRyLRRCLRRSLRQyLRQiL\n" + - "RRCJRCQYi0QkGItVGIt1IIt9KInhiXkIiXEEiRH/0DHSjWX0Xl9bXcNVieVTV1aD5PCD7CDoAAAA\n" + - "AFuBw68bAACLRTCLRTSLRSiLRSyLRSCLRSSLRRiLRRyLRRCLRRSLRQyLRQiLRRCJRCQYi0QkGIlE\n" + - "JBSLVRiLdSCLfSiLRTCJ4YlBDItEJBSJeQiJcQSJEf/QMdKNZfReX1tdw5CQkJCQkJCQkJCQkFWJ\n" + - "5VOD5PCD7CDoAAAAAFuBwzEbAACLRQyLRQjHRCQIAAAAAItFCIsAi4BsAwAAi1UIjUwkCIkUJIlM\n" + - "JAT/0IP4AA+FFQAAAItEJAiJRCQMx0QkEAAAAADpEAAAAMdEJBAAAAAAx0QkDAAAAACLRCQMi1Qk\n" + - "EI1l/Ftdw5CQkJCQVYnlg+T86AAAAABYgcC1GgAAjYCg7///iexdw5CQkJBVieVTg+Twg+ww6AAA\n" + - "AABbgcORGgAAi0UIx0QkIDYAAACLTCQgi0UIMdKJDCSJRCQEx0QkCAR3AADHRCQMAAAAAMdEJBAA\n" + - "AAAAx0QkFAAAAADHRCQYAAAAAOhC+///iUQkHItEJByNZfxbXcOQkJCQVYnlU1dWg+Twg+xA6AAA\n" + - "AABbgcMfGgAAi00Ui0UYi1UQi1UMi1UIiUwkMIlEJDTHRCQstAAAAItEJDSJRCQoi0QkMIlEJCSL\n" + - "fQiLdQyLVRCLTCQki0QkKIlEJCAxwItEJCDHBCS0AAAAiXwkBIl0JAiJVCQMiUwkEIlEJBTHRCQY\n" + - "AAAAAOim+v//jWX0Xl9bXcOQkJCQkJCQkJCQkJCQkFWJ5VNWg+Twg+wg6AAAAABbgcOAGQAAi0UQ\n" + - "i0UMi0UIx0QkHH0AAACLVQiLTQyLRRAx9scEJH0AAACJVCQEiUwkCIlEJAzHRCQQAAAAAMdEJBQA\n" + - "AAAAx0QkGAAAAADoLfr//41l+F5bXcOQkJCQkJBVieVTVoPk8IPsYOgAAAAAW4HDEBkAAIlcJCyL\n" + - "RQyLRQjoOv7//4tcJCyJRCRIi0UMiUQkRMdEJEDFAAAAi00Ii0QkRDHSxwQkxQAAAIlMJASJRCQI\n" + - "x0QkDAAAAADHRCQQAAAAAMdEJBQAAAAAx0QkGAAAAADopvn//4lEJDyLRCQ8iUQkXItEJFyJRCRY\n" + - "McCDfCRYAIhEJDMPjQ8AAACBfCRYAfD//w+dwIhEJDOKRCQzJAEPtsCD+AAPhCgAAACLXCQsi0Qk\n" + - "SP9QCIlEJDgxyStMJDyLRCQ4iQjHRCRM/////+nEAAAAi0wkRIsBi0kEi3QkSIsWi3YEMfEx0AnI\n" + - "D4WeAAAA6QAAAACLTCRIiwGLSQQJyA+EiAAAAOkAAAAAi0wkRItBLItJMAnID4VxAAAA6QAAAACL\n" + - "XCQsi0UIiQQk6Dn9//+JRCQ0i0QkNIlEJFSLRCRUiUQkUDHAg3wkUACIRCQrD40PAAAAgXwkUAHw\n" + - "//8PncCIRCQrikQkKyQBD7bAg/gAD4USAAAAi0wkNItEJESJSCzHQDAAAAAA6QAAAADHRCRMAAAA\n" + - "AItEJEyNZfheW13DkJCQkJCQkJCQVYnlU1dWg+TwgewAAQAA6AAAAABbgcNMFwAAiVwkOItNHItF\n" + - "IItVGItVFItVEItVDItVCImMJOgAAACJhCTsAAAA6Fn8//+JhCTkAAAAx4Qk4AAAAP/////HhCTc\n" + - "AAAAAAAAAMeEJNgAAAAAAAAAx4Qk1AAAAAAAAADHhCTQAAAAAAAAAItFEImEJMwAAACDfRgAD4zi\n" + - "AAAAi0UUg+ACg/gAD4TTAAAAi0UUg+Agg/gAD4XEAAAAi1wkOI1EJGwxyYkEJMdEJAQAAAAAx0Qk\n" + - "CGAAAADoxwQAAItcJDiLTRiNRCRsiQwkiUQkBOhQ/f//g/gAD4V9AAAAi0QkbItMJHCLtCTkAAAA\n" + - "ixaLdgQx8THQCcgPhVgAAADpAAAAAIuMJOQAAACLAYtJBAnID4Q/AAAA6QAAAACLRRiJhCTgAAAA\n" + - "8g8QhCToAAAA8g8RhCTYAAAAi0UMiYQk0AAAAMeEJNQAAAAAAAAAi0UQg8gDiUUQ6QAAAADpAAAA\n" + - "AItcJDiLhCTkAAAAi0AI/9CJRCRoD7eEJOgAAACp/w8AAA+EIAAAAOkAAAAAi0QkaMcAFgAAALj/\n" + - "////iYQk8AAAAOnkAgAAi4Qk7AAAAKkA8P//D4QgAAAA6QAAAACLRCRoxwAWAAAAuP////+JhCTw\n" + - "AAAA6bICAACLXQiLfQyLdRCLVRSLRRiJRCQwi4wk6AAAAIuEJOwAAAAPpMgUi0wkMMcEJMAAAACJ\n" + - "XCQEi1wkOIl8JAiJdCQMiVQkEIlMJBSJRCQY6Bv2//+JRCRki0QkZImEJPgAAACLhCT4AAAAiYQk\n" + - "9AAAADHAg7wk9AAAAACIRCQ3D40SAAAAgbwk9AAAAAHw//8PncCIRCQ3ikQkNyQBD7bAg/gAD4Qd\n" + - "AAAAMckrTCRki0QkaIkIuP////+JhCTwAAAA6e8BAACDvCTgAAAA/w+E0QEAAPIPEIQk2AAAAPIP\n" + - "EUQkWPIPEIQk0AAAAPIPEUQkUItEJGSJRCRMi0QkUItMJFQJyA+E3gAAAOkAAAAAi0wkUItEJFSB\n" + - "6QEQAACD2AAPghMAAADpAAAAALgAEAAAiUQkLOkIAAAAi0QkUIlEJCyLRCQsiUQkSIuMJOAAAACL\n" + - "VCRMi3QkSIt8JFiLXCRcieCJWBCLXCQ4iXgMiXAIiVAEiQjoxvn//4lEJESDfCREAA+PFQAAAIN8\n" + - "JET8D4UFAAAA6WL////pSwAAAIt0JESJ8sH6H4tMJFCLRCRUKfEZ0IlMJFCJRCRUi3QkRInywfof\n" + - "i0wkWItEJFwB8RHQiUwkWIlEJFyLRCRMA0QkRIlEJEzpEv///4tcJDiLRCRkiUQkKItNDIuEJOQA\n" + - "AACLQBCJDCSJRCQE6MIAAACLXCQ4i1QkKInBi4QkzAAAAIkUJIlMJASJRCQI6LH5//+LhCTMAAAA\n" + - "g+AEg/gAD4RfAAAAi1wkOItMJGSLhCTkAAAAi0AQiQwkiUQkBOigAAAAi1wkOIlEJECLTCRkA00M\n" + - "i4Qk5AAAAItAEIkMJIlEJAToSwAAAItcJDiJRCQ8i0wkQItEJDyJDCSJRCQE6K/z///pAAAAAOkA\n" + - "AAAAi0QkZImEJPAAAACLhCTwAAAAjWX0Xl9bXcOQkJCQkJCQkJCQkFWJ5YPk/IPsCItFDItFCItF\n" + - "CANFDIPoAYtNDIPpAYPx/yHIiexdw5CQkJCQkJCQkFWJ5YPk/IPsCItFDItFCItFCItNDIPpAYPx\n" + - "/yHIiexdw5CQkJCQkJCQkJCQkJCQkFWJ5VNXVoPk8IPsMOgAAAAAW4HDLxIAAItFHItFGItFFItF\n" + - "EItFDItFCItFCIlEJCiLVQyLdRCLfRSLRRiJRCQki0UciUQkIDHJieCJSBiLTCQgiUgUi0wkJIlI\n" + - "EItMJCiJeAyJcAiJUASJCOhv+v//jWX0Xl9bXcOQkJCQkJCQVYnlg+T8g+wYi0UQi0UMi0UIi0UI\n" + - "iUQkEIN9EAAPhQwAAACLRQiJRCQU6R4BAACLRQyIwYtEJBCICItFDIjCi0QkEItNEIPpAYgUCIN9\n" + - "EAIPhwwAAACLRQiJRCQU6esAAACLRQyIwYtEJBCISAGLRQyIwYtEJBCISAKLRQyIwotEJBCLTRCD\n" + - "6QKIFAiLRQyIwotEJBCLTRCD6QOIFAiDfRAGD4cMAAAAi0UIiUQkFOmZAAAAi0UMiMGLRCQQiEgD\n" + - "i0UMiMKLRCQQi00Qg+kEiBQIg30QCA+HDAAAAItFCIlEJBTpZQAAAItMJBAxwCnIg+ADiUQkDItE\n" + - "JAwDRCQQiUQkEItMJAyLRRApyIlFEItFEIPg/IlFEIN9EAAPhCQAAACLRQyIwYtEJBCICItFEIPA\n" + - "/4lFEItEJBCDwAGJRCQQ6dL///+LRQiJRCQUi0QkFInsXcPMzMzMzMzMzMzMzO++r94AAAAAFEUR\n" + - "AAAAAAAAEAAAAAAAAA=="; + "VYnlg+T8zInsXcOQkJCQkFWJ5VOD5PCD7BDoAAAAAFuBwynw//+D7AT/dTz/dTT/dSz/dST/dRz/\n" + + "dRT/dRDoDQAAAIPEIDHSjWX8W13DkJBVieVXVoPk/IPsEItNEItVFIt1GIt9HItFDIlEJASLRSCJ\n" + + "RCQIi0UIiUQkDI1EJARVU4toBIsYi0AIzYBbXY1l+F5fXcOQkJCQkJCQkJCQkFWJ5YPk/InsXcOQ\n" + + "kJCQkJBVieWD5PyJ7F3DkJCQkJCQVYnlU4Pk8IPsEOgAAAAAW4HDee////9VEDHSjWX8W13DkJCQ\n" + + "kJCQkJCQkJCQkJCQVYnlU4Pk8IPsEOgAAAAAW4HDSe///4tFGIkEJP9VEDHSjWX8W13DkJCQkJCQ\n" + + "kJCQVYnlU4Pk8IPsEOgAAAAAW4HDGe///4PsCP91IP91GP9VEIPEEDHSjWX8W13DkJCQVYnlU4Pk\n" + + "8IPsEOgAAAAAW4HD6e7//4PsBP91KP91IP91GP9VEIPEEDHSjWX8W13DVYnlU4Pk8IPsEOgAAAAA\n" + + "W4HDue7///91MP91KP91IP91GP9VEIPEEDHSjWX8W13DVYnlU4Pk8IPsEOgAAAAAW4HDie7//4tF\n" + + "CMcEJAAAAACLCIPsCI1UJAhSUP+RbAMAAIPEEInBuAAAAACFyXUDiwQkMdKNZfxbXcOQkJCQkJBV\n" + + "ieVTg+Twg+ww6AAAAABbgcM57v//i0UIDyiDyBsAAA8RRCQIiUQkBMdEJBgAAAAAxwQkNgAAAOgT\n" + + "/v//jWX8W13DkJCQkJCQkJCQkJCQkFWJ5YPk/OgAAAAAWIHA7e3//42A2BsAAInsXcOQkJCQVYnl\n" + + "g+T8i0UEiexdw5CQkFWJ5VNXVoPk8IPsIOgAAAAAW4HDt+3//4t9DItFCA9XwA8RRCQMiXwkCIlE\n" + + "JATHBCTFAAAA6Jb9//89AfD//3ITicb/k+AbAAD33okwuP/////rSIuL2BsAAIuT3BsAAIt3BDHW\n" + + "iz8xzzHACfd1LQnRdCmLdQyLTiwLTjB1HotFCIkEJOj3/v//PQDw//93ColGLMdGMAAAAAAxwI1l\n" + + "9F5fW13DkJCQkJCQkJCQkJCQVYnlU1dWg+TwgezgAAAA6AAAAABbgcME7f//i30ci0UUsgExyYN9\n" + + "GAAPiGIBAACD4CKD+AIPhVYBAAAPV8APKUQkcA8pRCRgDylEJFAPKUQkQA8pRCQwDylEJCCD7CAP\n" + + "EUQkDI1EJECJRCQIi0UYiUQkBMcEJMUAAADoofz//4PEID0A8P//dhWJxv+T4BsAAPfeiTCwATHJ\n" + + "6e0AAACLg9gbAACLi9wbAACLVCQkMcqLdCQgMcYJ1nUvCch0K4tEJEwLRCRQdSGD7Az/dRjo/f3/\n" + + "/4PEED0A8P//dwyJRCRMx0QkUAAAAACLg9gbAACLi9wbAACLVCQkMcqLdCQgMcYJ1g+UwgnID5XA\n" + + "INCJxrABi00Q9sEEdHAPV8APKYQkwAAAAA8phCSwAAAADymEJKAAAAAPKYQkkAAAAA8phCSAAAAA\n" + + "x4Qk0AAAAAAAAACD7CAPEUQkDI2EJKAAAACJRCQIi0UYiUQkBMcEJA0BAADoq/v//4PEILmUGQIB\n" + + "M4wkgAAAAAnBD5XAifGJyvbSIMKIVCQMic7/k+AbAAD3x/8PAAB0EMcAFgAAALj/////6ekBAACJ\n" + + "RCQIi00gi1UMuLX////3wQDw//91NYnwAMAPtsALRRAPpPkUg+wEUf91GP91FFBS/3UIaMAAAADo\n" + + "Lfv//4PEID0B8P//D4K4AAAAiVwkEDHJg/jzD5XBiUwkFDHbi00U9sECD5TDic7B7gWD5gExyYtV\n" + + "EPbCBA+UwQ+2fCQMCd8J8QnPC3wkFHQS99iLTCQIiQG4/////+lMAQAAi1UU9sICD5TB90UgAPD/\n" + + "/4tcJBCLfRx1OgpMJAx1NItNEIPh+4tFIA+k+BSD7ARQ/3UYUlH/dQz/dQhowAAAAOiJ+v//g8Qg\n" + + "PQDw//8PhgEBAACLRCQIxwANAAAAuP/////p5QAAAInxhMmLTSAPhNgAAACJfCQciUQkGIN9DAAP\n" + + "hJgAAACJzzHSi0QkGIlEJBCLTQzrLZCQkJCQkJCLTCQMKcGLVCQIg9oAAceJfCQci3wkFIPXAAHG\n" + + "iXQkEInICdB0Wol8JBSJVCQIiUwkDIH5ABAAALgAEAAAD0LBhdK+ABAAAA9FxoPsBGoAV4t8JChX\n" + + "UIt0JCRW/3UYaLQAAADoyPn//4PEIIXAf5GD+PyLfCQUi1QkCItMJAx0oIuD6BsAAItNDAHBSffY\n" + + "IciD7ARqAGoAagD/dRBQi3QkMFZqfeiH+f//ifCDxCCNZfReX1tdw4PsIA9XwA8RRCQMi3UMiXQk\n" + + "CIlEJATHBCRbAAAA6Fj5//+DxCA9AfD//3M5i0UQg8gCi00Ug8kgg+wEagBq/1FQVv91CGjAAAAA\n" + + "6Cv5//+DxCA9AfD//4tNIA+DOv7//+m7/v//DwuQkJBVieVTg+Twg+ww6AAAAABbgcP56P//i0UI\n" + + "i00MD1fADxFEJAyJTCQIiUQkBMcEJA0BAADo2Pj//41l/Ftdw5CQVYnlU4Pk8IPsEOgAAAAAW4HD\n" + + "uej//4tNILi1////98EA8P//dSeLRRwPpMEUg+wEUf91GP91FP91EP91DP91CGjAAAAA6Ib4//+D\n" + + "xCCNZfxbXcOQkJCQkJCQkJCQkJCQVYnlU4Pk8IPsMOgAAAAAW4HDWej//w8oRQiLRRiJRCQUDxFE\n" + + "JATHRCQYAAAAAMcEJLQAAADoNvj//41l/Ftdw1WJ5VOD5PCD7BDoAAAAAFuBwxno//+D7ARqAGoA\n" + + "agD/dRD/dQz/dQhqfegB+P//g8QgjWX8W13DkJCQkJCQkJBVieVTg+Twg+ww6AAAAABbgcPZ5///\n" + + "DyhFCItFGItNHIlMJBSJRCQQDxEEJMdEJBgAAAAA6Jf6//+NZfxbXcOQVYnlU4Pk8IPsMOgAAAAA\n" + + "W4HDmef//4tFCItNDA9XwA8RRCQMiUwkCIlEJATHBCRbAAAA6Hj3//+NZfxbXcOQkFWJ5VOD5PCD\n" + + "7BDoAAAAAFuBw1nn//+D7ARqAGoAagD/dRD/dQz/dQhqA+hB9///g8QgjWX8W13DkJCQkJCQkJBV\n" + + "ieVTg+Twg+wQ6AAAAABbgcMZ5///g+wEagBqAGoA/3UQ/3UM/3UIagToAff//4PEII1l/Ftdw5CQ\n" + + "kJCQkJCQVYnlU4Pk8IPsEOgAAAAAW4HD2eb//w+3RRSD7ARqAGoAUP91EP91DP91CGgnAQAA6Lv2\n" + + "//+DxCCNZfxbXcOQkFWJ5VOD5PCD7DDoAAAAAFuBw5nm//8PKEUIDxFEJATHRCQYAAAAAMdEJBQA\n" + + "AAAAxwQkLAEAAOh19v//jWX8W13DkJCQkJCQkJCQkJCQkJCQVYnlU4Pk8IPsEOgAAAAAW4HDSeb/\n" + + "/4PsBGoAagBqAP91DP91CGqcaCwBAADoL/b//4PEII1l/Ftdw5CQkJCQkFWJ5VOD5PCD7DDoAAAA\n" + + "AFuBwwnm//+LRQiLTQwPV8APEUQkDIlMJAiJRCQExwQkxQAAAOjo9f//jWX8W13DkJBVieVTg+Tw\n" + + "g+ww6AAAAABbgcPJ5f//i0UID1fADxFEJAiJRCQEx0QkGAAAAADHBCQGAAAA6Kf1//+NZfxbXcOQ\n" + + "VYnlU4Pk8IPsEOgAAAAAW4HDieX//4PsBGoAagBqAP91EP91DP91CGo26HH1//+DxCCNZfxbXcOQ\n" + + "kJCQkJCQkFWJ5VOD5PCD7DDoAAAAAFuBw0nl//+LRQgPV8APEUQkCIlEJATHRCQYAAAAAMcEJPwA\n" + + "AADoJ/X//5CQkJCQkJBVieWD5PwPC5CQkJCQkJCQVYnlU1dWg+T8i00Qi0UIhckPhK0AAACLXQyI\n" + + "GIhcCP+D+QMPgpsAAACIWAGIWAKIXAj+iFwI/YP5Bw+ChAAAAIhYA4hcCPyD+QlyeInH99+D5wON\n" + + "FDgp+YPh/A+282n2AQEBAYk0OIl0EfyD+QlyVIlyBIlyCIl0CvSJdAr4g/kZckFmD27GZg9wwADz\n" + + "D39CDPMPf0QK5InWg+YEg84YKfGD+SByHgHykJCQkJCQkJDzD38C8w9/QhCDweCDwiCD+R937I1l\n" + + "9F5fW13DAAAAAAR3AAAAAAAAAAAAAAAAAADvvq/eAAAAABRFEQAAAAAAABAAAAAAAAA=\n"; byte[] bytes = android.util.Base64.decode(b64, android.util.Base64.DEFAULT); - int hookInfoOffset = 0x0ee0; + int hookInfoOffset = 0x0c20; fillInHookInfo(bytes, hookInfoOffset); return bytes; } @@ -120,57 +103,57 @@ public int getNativeDebugBreakOffset() { @Override public int getNativeClearCacheOffset() { - return 0x01d0; + return 0x00a0; } @Override public int getNativeSyscallOffset() { - return 0x00c0; + return 0x0010; } @Override public int getNativeCallPointerFunction0Offset() { - return 0x0230; + return 0x00c0; } @Override public int getNativeCallPointerFunction1Offset() { - return 0x0270; + return 0x00f0; } @Override public int getNativeCallPointerFunction2Offset() { - return 0x02c0; + return 0x0120; } @Override public int getNativeCallPointerFunction3Offset() { - return 0x0320; + return 0x0150; } @Override public int getNativeCallPointerFunction4Offset() { - return 0x0380; + return 0x0180; } @Override public int getNativeGetJavaVmOffset() { - return 0x0400; + return 0x01b0; } @Override public int getFakeStat64Offset() { - return 0x0620; + return 0x0280; } @Override public int getFakeMmap64Offset() { - return 0x07e0; + return 0x0330; } @Override public int getFakeMmapOffset() { - return 0x0d00; + return 0x0860; } @Override diff --git a/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_X86_64.java b/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_X86_64.java index b8e3bc1..2779570 100644 --- a/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_X86_64.java +++ b/core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_X86_64.java @@ -15,48 +15,74 @@ private ShellcodeImpl_X86_64() { @Override public byte[] getShellcodeBytes() { - // 0000 g F .text 0007 NativeBridge_breakpoint - // 0010 g F .text 0006 __clear_cache - // 0020 g F .text 0031 syscall_ext - // 0060 g F .text 0034 NativeBridge_nativeSyscall - // 00a0 g F .text 0006 NativeBridge_nativeClearCache - // 00b0 g F .text 0009 NativeBridge_nativeCallPointerFunction0 - // 00c0 g F .text 000a NativeBridge_nativeCallPointerFunction1 - // 00d0 g F .text 000d NativeBridge_nativeCallPointerFunction2 - // 00e0 g F .text 0013 NativeBridge_nativeCallPointerFunction3 - // 0100 g F .text 001a NativeBridge_nativeCallPointerFunction4 - // 0120 g F .text 0033 NativeBridge_nativeGetJavaVM - // 0160 g F .text 000d get_hook_info - // 0170 g F .text 002f lsw_pread64 - // 01a0 g F .text 0032 lsw_mprotect - // 01e0 g F .text 00ae fake_fstat64 - // 0290 g F .text 01cc fake_mmap64 - // 0460 g F .text 000a fake_mmap - // 0470 l O .text 0018 get_hook_info.sHookInfo + //0000 g DF .text 0007 NativeBridge_breakpoint + //0000 g D .text 0000 ___text_section + //0010 g DF .text 0034 NativeBridge_nativeSyscall + //0050 g DF .text 0031 syscall_ext + //0090 g DF .text 0006 NativeBridge_nativeClearCache + //00a0 g DF .text 0006 __clear_cache + //00b0 g DF .text 0007 NativeBridge_nativeCallPointerFunction0 + //00c0 g DF .text 000a NativeBridge_nativeCallPointerFunction1 + //00d0 g DF .text 000d NativeBridge_nativeCallPointerFunction2 + //00e0 g DF .text 0013 NativeBridge_nativeCallPointerFunction3 + //0100 g DF .text 001a NativeBridge_nativeCallPointerFunction4 + //0120 g DF .text 0033 NativeBridge_nativeGetJavaVM + //0160 g DF .text 0030 ashmem_dev_get_size_region + //0190 g DF .text 000d get_hook_info + //01a0 g DF .text 000a get_current_pc + //01b0 g DF .text 0090 fake_fstat64 + //0240 g DF .text 03cf fake_mmap64 + //06f0 g DF .text 000a fake_mmap + //0a10 l O .rodata 0018 _ZZ13get_hook_infoE9sHookInfo String b64 = - "VUiJ5cxdw2YPH4QAAAAAAFVIieVdw2YuDx+EAAAAAABVSInlQVdBVlNMictNicZMi30QSGPHSIn3\n" + - "SInWSInKTYnySYnYTYn5DwVbQV5BX13DZmZmZmZmLg8fhAAAAAAAVUiJ5UiD7BBNicpMicCJ10yL\n" + - "RRBMi00YSItVIEiJFCRIic5IicJMidHokv///0iDxBBdw2ZmZi4PH4QAAAAAAFVIieVdw2YuDx+E\n" + - "AAAAAABVSInlMcBd/+IPH4AAAAAAVUiJ5UiJz13/4mYPH0QAAFVIieVMicZIic9d/+IPHwBVSInl\n" + + "VUiJ5cxdw2YPH4QAAAAAAFVIieVIg+wQTYnKTInAiddMi0UQTItNGEiLVSBIiRQkSInOSInCTInR\n" + + "6BIAAABIg8QQXcNmZmYuDx+EAAAAAABVSInlQVdBVlNMictNicZMi30QSGPHSIn3SInWSInKTYny\n" + + "SYnYTYn5DwVbQV5BX13DZmZmZmZmLg8fhAAAAAAAVUiJ5V3DZi4PH4QAAAAAAFVIieVdw2YuDx+E\n" + + "AAAAAABVSInlXf/iZg8fhAAAAAAAVUiJ5UiJz13/4mYPH0QAAFVIieVMicZIic9d/+IPHwBVSInl\n" + "TInGSInQSInPTInKXf/gZmZmZi4PH4QAAAAAAFVIieVMicZIidBMi0UQSInPTInKTInBXf/gZg8f\n" + "RAAAVUiJ5UiD7BBIx0X4AAAAAEiLB0iNdfj/kNgGAACFwHUKSItF+EiDxBBdwzHASIPEEF3DZmZm\n" + - "Zi4PH4QAAAAAAFVIieVIjQUFAwAAXcMPHwBVSInlSIPsEEmJyEiJ0UiJ8khj90jHBCQAAAAAvxEA\n" + - "AABFMcnoh/7//0iDxBBdw5BVSInlSIPsEEiJ8EiJ/khjykjHBCQAAAAAvwoAAABIicJFMcBFMcno\n" + - "VP7//0iDxBBdw2ZmZmZmLg8fhAAAAAAAVUiJ5UFXQVZBVFNIg+wQSYn2TGP/SMcEJAAAAAAx278F\n" + - "AAAATIn+TInyMclFMcBFMcnoCf7//0g9AfD//3NKSIsFSgIAAEk5BnVUSIXAdE9Jg34wAHVISMcE\n" + - "JAAAAAAx27oEdwAAvxAAAABMif4xyUUxwEUxyejF/f//SD0A8P//dxxJiUYw6xZJicQxwP8VBAIA\n" + - "AEH33ESJILv/////idhIg8QQW0FcQV5BX13DZpBVSInlQVdBVkFVQVRTSIHsyAAAAEyJTbhFiceJ\n" + - "00iJdcBFMe3HRdT/////RYXASIl9sIlNzHhticiD4CJBvAAAAABBid6D+AJ1YA9XwA8pRaAPKUWQ\n" + - "DylFgA8phXD///8PKYVg////DymFUP///w8phUD///8PKYUw////DymFIP///0iNtSD///9Eif/o\n" + - "vv7//8dF1P////+FwA+E6gAAAEUx7UUx5EGJ3old0DHA/xUzAQAASInDSItVuEiJ0EjB4DR0C8cD\n" + - "FgAAAOmiAAAASWPOTGNFzE1jz0iJFCS/CQAAAEiLdbBMi3XATIny6J38//9IPQHw//9zc4N91P90\n" + - "eEmJx02F7XQ+TIn76xBmkEkpxUkBxEgBw02F7XQpSYH9ABAAALoAEAAASQ9C1Yt91EiJ3kyJ4eik\n" + - "/f//SIXAf89Ig/j8dNJIizWiAAAASY0ENkj/yEj33kghxkyJ+0yJ/4tV0Oin/f//TIn46wv32IkD\n" + - "SMfA/////0iBxMgAAABbQVxBXUFeQV9dw0iLBU4AAABFMe1IOYUg////D4UC////QbwAAAAAQYne\n" + - "SIXAD4T2/v//QYneQYPOA0yLbcBMi2W4RIl91One/v//Dx9AAFVIieVd6Sb+///MzMzMzMzvvq/e\n" + - "AAAAABRFEQAAAAAAAAAAAAAAAAA=\n"; + "Zi4PH4QAAAAAAFVIieVIg+wQSGP3SMcEJAAAAAC6BHcAAL8QAAAAMclFMcBFMcnoxv7//0iDxBBd\n" + + "w1VIieVIjQV1CAAAXcMPHwBVSInlSItFCF3DZg8fRAAAVUiJ5UFXQVZBVFNIg+wQSYn2QYn/SGP3\n" + + "SMcEJAAAAAAx278FAAAATInyMclFMcBFMcnoaf7//0g9AfD//3IWSYnE/xUgCAAAQffcRIkgu///\n" + + "///rLEiLBQQIAABJOQZ1IEiFwHQbSYN+MAB1FESJ/+g7////SD0A8P//dwRJiUYwidhIg8QQW0Fc\n" + + "QV5BX13DVUiJ5UFXQVZBVUFUU0iB7FgBAABNic5FicdBidRIiXXISIl9uEUx7bMBRYXAiU20D4h1\n" + + "AQAAiciD4CKD+AIPhWcBAABEiWXQD1fADylFkA8pRYAPKYVw////DymFYP///w8phVD///8PKYVA\n" + + "////DymFMP///w8phSD///8PKYUQ////RIn7SMcEJAAAAABIjZUQ////vwUAAABIid4xyUUxwEUx\n" + + "yehl/f//SD0A8P//dh1JicT/FRwHAABB99xEiSCwAUUx7USLZdDp1AAAAEiLBfkGAABIOYUQ////\n" + + "dSZIhcB0IUiDvUD///8AdRdEif/oKf7//0g9APD//3cHSImFQP///0iLBcMGAABIOYUQ////D5TB\n" + + "SIXAQQ+VxUEgzbABRItl0EH2xAR0dw9XwA8phfD+//8PKYXg/v//DymF0P7//w8phcD+//8PKYWw\n" + + "/v//DymFoP7//w8phZD+//9Ix4UA////AAAAAEjHBCQAAAAASI2VkP7//7+KAAAASIneMclFMcBF\n" + + "McnogPz//4nAuZQZAgFIM42Q/v//SAnBD5XARInr9tMgw/8VJwYAAEyJ8UjB4TR0IscAFgAAAEnH\n" + + "xP////9MieBIgcRYAQAAW0FcQV1BXkFfXcNIiUXAQo0EbQAAAAAPtsBECeBIY8hEifhEi320TWPH\n" + + "TGPITIk0JL8JAAAASIt1uEiLVchMiUXQTIlNqOj0+///RInnSYnESD0B8P//ckUxwEGD/PMPlcAx\n" + + "yUH2xwIPlMFEifrB6gWD4gEx9kD2xwRAD5TGCdYPttMJygnyCcIPhLIAAABB99xIi0XARIkg6VH/\n" + + "//+JfdBFhO0PhEz///9Ig33IAEyLfah0UUyJ40yLbcjrD5BJKcVJAcZIAcNNhe10OUmB/QAQAAC5\n" + + "ABAAAEkPQs1IxwQkAAAAAL8RAAAATIn+SInaTYnwRTHJ6ET7//9IhcB/v0iD+Px0wkiLFQIFAABI\n" + + "i0XISAHQSP/ISPfaSCHCSGNN0EjHBCQAAAAAvwoAAABMieZFMcBFMcnoA/v//+m1/v//RIn4qAIP\n" + + "lMAI2EyLZch1L4n7ifiD4PtIY8hMiTQkvwkAAABIi3W4TIniTItF0EyLTajox/r//0g9APD//3YP\n" + + "SItFwMcADQAAAOlg/v//SMcEJAAAAAC/CwAAAEiJxkyJ4jHJRTHARTHJ6JD6//89AfD//3NGiV3Q\n" + + "idiDyAJBg88gSGPITWPHSMcEJAAAAAC/CQAAAEiLdbhMieJJx8H/////6Ff6//9JicRIPQHw//8P\n" + + "g5j+///prv7//w8LkFVIieVIg+wQSInySGP3SMcEJAAAAAC/igAAADHJRTHARTHJ6Bj6//9Ig8QQ\n" + + "XcNmkFVIieVTUEiJ8EiJ/kxj0kxj2Ulj2EyJDCS/CQAAAEiJwkyJ0U2J2EmJ2ejh+f//SIPECFtd\n" + + "w2YuDx+EAAAAAABVSInlSIPsEEmJyEiJ0UiJ8khj90jHBCQAAAAAvxEAAABFMcnop/n//0iDxBBd\n" + + "w5BVSInlSIPsEEiJ8EiJ/khjykjHBCQAAAAAvwoAAABIicJFMcBFMcnodPn//0iDxBBdw2ZmZmZm\n" + + "Lg8fhAAAAAAAVUiJ5V3pRvv//2YPH0QAAFVIieVIg+wQSInySIn+SMcEJAAAAAC/CwAAADHJRTHA\n" + + "RTHJ6Cj5//9Ig8QQXcNmkFVIieVIg+wQSInRSInySGP3SMcEJAAAAAAx/0UxwEUxyej6+P//SIPE\n" + + "EF3DDx9AAFVIieVIg+wQSInRSInySGP3SMcEJAAAAAC/AQAAAEUxwEUxyejH+P//SIPEEF3DkFVI\n" + + "ieVIg+wQSInwSGP3TGPKQYnISMcEJAAAAAC/AQEAAEiJwkyJyUUxyeiR+P//SIPEEF3DZmYuDx+E\n" + + "AAAAAABVSInlSIPsEEiJ0EiJ8khj90xjwUjHBCQAAAAAvwYBAABIicFFMcnoVPj//0iDxBBdw2Zm\n" + + "ZmZmLg8fhAAAAAAAVUiJ5UiD7BBIifFIifpIxwQkAAAAAL8GAQAASMfGnP///0UxwEUxyegT+P//\n" + + "SIPEEF3DZmZmZi4PH4QAAAAAAFVIieVIg+wQSInySGP3SMcEJAAAAAC/BQAAADHJRTHARTHJ6Nj3\n" + + "//9Ig8QQXcNmkFVIieVIg+wQSGP3SMcEJAAAAAC/AwAAADHSMclFMcBFMcnoqff//0iDxBBdww8f\n" + + "AFVIieVIg+wQSInRSInySGP3SMcEJAAAAAC/EAAAAEUxwEUxyeh39///SIPEEF3DkFVIieVIg+wQ\n" + + "SGP3SMcEJAAAAAC/5wAAADHSMclFMcBFMcnoSff//2YPH4QAAAAAAFVIieUPC2YuDx+EAAAAAABI\n" + + "ifhIhdIPhOIAAABAiDBAiHQQ/0iD+gMPgtAAAABAiHABQIhwAkCIdBD+QIh0EP1Ig/oHD4K0AAAA\n" + + "QIhwA0CIdBD8SIP6CQ+CoQAAAInH99+D5wNIjQw4SCn6SIPi/EAPtvZp9gEBAQGJNDiJdAr8SIP6\n" + + "CXJ4iXEEiXEIiXQR9Il0EfhIg/oZcmRmD27GZg9wwADzD39BDPMPf0QR5InPg+cESIPPGEgp+kiD\n" + + "+iByPlVIieVBifBMicZIweYgTAnGSAH5ZmZmLg8fhAAAAAAASIkxSIlxCEiJcRBIiXEYSIPC4EiD\n" + + "wSBIg/ofd+NdwwDvvq/eAAAAABRFEQAAAAAAABAAAAAAAAA=\n"; byte[] bytes = android.util.Base64.decode(b64, android.util.Base64.DEFAULT); - int hookInfoOffset = 0x0470; + int hookInfoOffset = 0x0a10; fillInHookInfo(bytes, hookInfoOffset); return bytes; } @@ -68,12 +94,12 @@ public int getNativeDebugBreakOffset() { @Override public int getNativeClearCacheOffset() { - return 0x00a0; + return 0x0090; } @Override public int getNativeSyscallOffset() { - return 0x0060; + return 0x0010; } @Override @@ -108,17 +134,17 @@ public int getNativeGetJavaVmOffset() { @Override public int getFakeStat64Offset() { - return 0x01e0; + return 0x01b0; } @Override public int getFakeMmap64Offset() { - return 0x0290; + return 0x0240; } @Override public int getFakeMmapOffset() { - return 0x0460; + return 0x06f0; } @Override