0

我想拦截 connect() 系统调用并使用我自己的自定义实现。为简单起见,自定义实现将执行一些操作,例如打印日志,然后进一步调用系统实现。

我查看了Audrey 的博客,其中的方法是修补 PLT。但不幸的是,当试图更改重定位表中的地址时,这段代码会崩溃。

经过一段时间的凝视后,我遇到了这个已经回答的问题。但是这里描述的方法给了我以下错误。

*****跳转到案例标签[-fpermissive] jni/test.cpp:107:20:错误:跨过'uint32_t entry_page_start' jni/test.cpp:106:15的初始化:错误:跨过'uint32_t page_size的初始化'*****

建议更改后来自Andrey 博客的钩子调用方法Here,如下所示。

int hook_call(char *soname, char *symbol, unsigned newval) {  
soinfo *si = NULL;  
Elf32_Rel *rel = NULL;  
Elf32_Sym *s = NULL;   
unsigned int sym_offset = 0;  
if (!soname || !symbol || !newval)  
 return 0;  
si = (soinfo*) dlopen(soname, 0);  
if (!si)  
 return 0;  
s = soinfo_elf_lookup(si, elfhash(symbol), symbol);  
if (!s)  
 return 0;  
sym_offset = s - si->symtab;  
rel = si->plt_rel;  
/* walk through reloc table, find symbol index matching one we've got */  
for (int i = 0; i < si->plt_rel_count; i++, rel++) {  
  unsigned type = ELF32_R_TYPE(rel->r_info);  
  unsigned sym = ELF32_R_SYM(rel->r_info);  
  unsigned reloc = (unsigned)(rel->r_offset + si->base);  
  unsigned oldval = 0;  
  if (sym_offset == sym) {  
   switch(type) {  
     case R_ARM_JUMP_SLOT:
      // YOUR LINES
      uint32_t page_size = getpagesize();
      uint32_t entry_page_start = reloc& (~(page_size - 1));
      mprotect((uint32_t *)entry_page_start, page_size, PROT_READ | PROT_WRITE);

      /* we do not have to read original value, but it would be good   
       idea to make sure it contains what we are looking for */  
     oldval = *(unsigned*) reloc;  
     *((unsigned*)reloc) = newval;  
     return 1;  
   default:  
     return 0;  
}

我做错了什么,我是否将 mProtect() 方法放在了错误的地方?我们有人在 Andrey 的博客的帮助下做过吗?还有其他方法吗?我被封锁了。任何帮助,将不胜感激。

4

1 回答 1

2

该错误与 mProtect() 无关。这实际上与我放置代码片段的位置完全相同。这是我的代码,它工作正常:

void* hook_call(char *soname, char *symbol, void* newval) {
 soinfo *si = NULL;
   Elf32_Rel *rel = NULL;
   Elf32_Sym *s = NULL;
   unsigned int sym_offset = 0;
   if (!soname || !symbol || !newval)
      return 0;

   si = (soinfo*) dlopen(soname, RTLD_LAZY);
   if (!si)
    return 0;


   s = soinfo_elf_lookup(si, elfhash(symbol), symbol);
   if (!s)
     return 0;

   sym_offset = s - si->symtab;
   rel = si->plt_rel;


   const char *strtab = si->strtab;
   Elf32_Sym *symtab = si->symtab;

   /* walk through reloc table, find symbol index matching one we've got */
   int i;

   for (i = 0; i < si->plt_rel_count; i++, rel++) {
    unsigned type = ELF32_R_TYPE(rel->r_info);
    unsigned sym = ELF32_R_SYM(rel->r_info);
    unsigned reloc = (unsigned)(rel->r_offset + si->base);
    //unsigned oldval = 0;
    void* pOldFun;

    if (sym_offset == sym) {

     switch(type) {
       case R_ARM_JUMP_SLOT:
          //Set appropriate memory access rights
          uint32_t page_size = getpagesize();
          uint32_t entry_page_start = reloc& (~(page_size - 1));
          mprotect((uint32_t *)entry_page_start, page_size, PROT_READ | PROT_WRITE);

         pOldFun = (void *)*((unsigned *)reloc);

          *((unsigned int*)reloc)= (unsigned)newval;  

          return pOldFun;
       default:
          return 0;
     }
    }
   }
   return 0;

}

*jump to case label ... 错误:交叉初始化通常发生在使用 switch case 时变量未正确初始化的情况下,即在一种情况下初始化并在另一种情况下使用。看看这个问题。发生了类似的错误并已解决。

于 2014-12-04T16:18:15.257 回答