search

MJx0 / AndKittyInjector

Inject a shared library into a process using ptrace
MIT License
161 stars 66 forks source link

好奇 #2

Closed enenH closed 1 year ago

enenH commented 1 year ago

应该可以直接将要注入的so内容写入游戏中,然后通过调用memfd_create 再DlopenMem 类似 https://github.com/Dr-TSNG/ZygiskOnKernelSU/blob/42503e7cfe13bc0c089652f4a57cd07094a1e3ca/loader/src/common/dl.cpp#L47 这样就能绕过 namespace限制了吧

MJx0 commented 1 year ago

应该可以直接将要注入的so内容写入游戏中,然后通过调用memfd_create 再DlopenMem 类似 https://github.com/Dr-TSNG/ZygiskOnKernelSU/blob/42503e7cfe13bc0c089652f4a57cd07094a1e3ca/loader/src/common/dl.cpp#L47 这样就能绕过 namespace限制了吧

You will need to call memfd_create inside the remote process or inject into zygote, create fd then use it after remote process fork. Its more complicated approach and I don't see any point to use it in this example. BTW I don't speak Chinese.

enenH commented 1 year ago

The so path cannot be found in the maps, and the library path can be loaded no matter what path it is in.

MJx0 commented 1 year ago

The so path cannot be found in the maps, and the library path can be loaded no matter what path it is in.

Its still visible in maps as "memfd (deleted)", but it's a good method to bypass path restrictions like you said. I will add it soon. 👍