2

我试图隐蔽运行时进程以将 shell 命令发送到有根电话我不明白为什么我有分段错误。在互联网上,我发现 java 代码如下:

Runtime.getRuntime().exec(new String[]{"/system/bin/su","-c","reboot now"});` for reboot of the phone or `Runtime.getRuntime().exec("su");

用于 linux root 权限。

我只尝试在转换后发送带有函数的“su”命令,但我认为我错了……我认为一个可能的问题可能是从 java 类型转换的 Jstring 数组。

unit Androidapi.JNI.Root;

interface
    procedure AskRoot;
implementation
   uses  System.SysUtils,
  Androidapi.JNIBridge,
  Androidapi.JNI.GraphicsContentViewText,
  Androidapi.JNI.JavaTypes,
  FMX.Helpers.Android;

 type
  JProcess = interface;
  JRuntime = interface;
 //----------------------------------JProcess----------------------
  JProcessClass = interface(JObjectClass)
  ['{7BFD2CCB-89B6-4382-A00B-A7B5BB0BC7C9}']

  end;
  [JavaSignature('java/lang/Process')]
  JProcess = interface(JObject)
  ['{476414FD-570F-4EDF-B678-A2FE459EA6EB}']
    {Methods}
    procedure destroy; cdecl;
    function exitValue:integer;cdecl;
    function getErrorStream:JInputStream; cdecl;
    function getInputStream:JOutputStream; cdecl;
    function waitFor:integer;cdecl;
  end;
  TJProcess = class(TJavaGenericImport<JProcessClass, JProcess>) end;
  //----------------------------------Jruntime----------------------
  JRuntimeClass = interface(JObjectClass)
    ['{3F2E949D-E97C-4AD8-B5B9-19CB0A6A29F3}']
    {costant}
  end;
  [JavaSignature('java/lang/Runtime')]
  JRuntime = interface(JObject)
  ['{C097A7EC-677B-4BCB-A4BD-7227160750A5}']
       {Methods}
      procedure addShutdownHook(hook:JThread);cdecl;
      function availableProcessors:integer; cdecl;
      function exec(progArray,envp:array of JString):Jprocess; overload;
      function exec(progArray:Jstring; envp:array of JString;directory:JFile):Jprocess; overload;
      function exec(progArray,envp:array of JString;directory:JFile):Jprocess; overload;
      function exec(prog:JString;envp:array of JString):Jprocess;  cdecl; overload;
      function exec(progArray:array of JString):Jprocess; overload;
      function exec(prog:JString):Jprocess;  cdecl; overload;
      procedure Exit(code:Integer);cdecl;
      function freeMemory:LongInt;cdecl;
      procedure gc; cdecl;
      function getLocalizedInputStream(stream:JInputStream):JInputStream; cdecl;
      function getLocalizedOutputStream(stream:JOutputStream):JOutputStream; cdecl;
      function getRuntime:JRuntime;cdecl;
      procedure halt(code:Integer);cdecl;
      procedure load(pathName:JString);cdecl;
      procedure loadLibrary(libName:JString); cdecl;
      function maxMemory:LongInt;cdecl;
      function RemoveShutdownHook(hook:JThread):Boolean;cdecl;
      procedure runFinalization;cdecl;
      procedure runFinalizersOnExit(run:Boolean);cdecl;
      function totalMemory:LongInt;cdecl;
      procedure traceInstructions(enable:Boolean);cdecl;
      procedure traceMethodCalls(enable:Boolean); cdecl;
  end;
  TJRuntime = class(TJavaGenericImport<JRuntimeClass, JRuntime>) end;

  procedure AskRoot;
  var root:JRuntime;
  begin
    root.getRuntime.exec(StringToJString('su'));
  end;
end.
4

2 回答 2

7

您的几个exec覆盖没有标记cdecl

这无济于事 - 堆栈会变得混乱并可能导致分段错误。

但是,您调用的那个是标记的cdecl

另一方面,您正在调用root尚未初始化的对象/接口引用的方法。这种操作肯定会给您带来分段错误。

getRuntime看起来是类的类方法Runtime,所以你放错了接口。当您将它移到正确的位置时,我想像这样的事情可能会做到:

TJRuntime.JavaClass.getRuntime.exec(StringToJString('su'));
于 2013-11-08T10:49:09.770 回答
0

此代码已在柏林德尔福检查

对于以 root 身份执行:

1)在AndroidManifest.template.xml中添加这个字符串

android:sharedUserId="android.uid.system"

2)通过platform.x509.pem和platform.pk8证书将APK签名为System

java.lang.Process, java.lang.Runtime 租用

unit Android.ExecuteShell;

//Checked in Delphi Berlin
// for execute as SU
//Add in AndroidManifest.template.xml this string
//    android:sharedUserId="android.uid.system"
//sign APK as System by platform.x509.pem and platform.pk8 certificates

//java.lang.Process, java.lang.Runtime download path is
//https://github.com/FMXExpress/android-object-pascal-wrapper/tree/master/android-23

interface

uses
    System.SysUtils, System.Classes,
    Androidapi.Helpers, Androidapi.JNI.JavaTypes, Androidapi.JNIBridge,
    java.lang.Process, java.lang.Runtime;

function ExecuteShell(sCmd: string; sOut, sErr : TStringList; const AsSu:boolean=false):integer;

implementation

function ExecuteShell(sCmd: string; sOut, sErr : TStringList; const AsSu:boolean=false):integer;
var
 Process : JProcess;
 Runtime : JRuntime;
 Output  : JOutputstream;

 function StrToJA(st:string):TJavaArray<Byte>;
 var
   len, i:integer;
 begin
   len:=length(st)+1;
   result := TJavaArray<Byte>.Create(len);
   for i := 0 to len - 2 do begin
     result[i]:= ord(st[i]) and $ff;
   end;
   result[len-1]:=$a;
 end;

 procedure StreamToList(str:JInputStream; ls:TStringList);
 var
   x, bufflen: Integer;
   s: string;
   buff : TJavaArray<Byte>;
 begin
   bufflen := str.available;
   buff := TJavaArray<Byte>.Create(bufflen);
   str.read(buff);
   s := '';
   for x := 0 to bufflen - 1 do
      s := s + chr(buff[x]);
   ls.Add(s);
 end;


begin
  try
    if AsSu then begin
      Process := TJRuntime.JavaClass.getRuntime.exec(StringToJString('su'));
      Output:=Process.getOutputStream;
      Output.write(StrToJA(sCmd));
      Output.write(StrToJA('exit'));
    end else
      Process := TJRuntime.JavaClass.getRuntime.exec(StringToJString(sCmd));
    Result:=Process.waitFor;
    Result:=Process.exitValue;
    if Assigned(sOut) then
       StreamToList(Process.getInputStream, sOut);
    if Assigned(sErr) then
       StreamToList(Process.getErrorStream, sErr);
  except
     on e:exception do
       if Assigned(sErr) then
             sErr.Add(e.message);
  end;
end;

end.
于 2017-08-19T18:52:34.717 回答