evilsocket
commented
8 years ago You built it for the wrong architecture.
Closed zvedenyuk closed 8 years ago
evilsocket
commented
8 years ago You built it for the wrong architecture.
zvedenyuk
commented
8 years ago Hey Simone! Thanks for a quick answer. Can you tell me how do I build it for the right architecture?
Here is what I am doing in OS X Terminal:
adbmake testWhat should I change and where?
zvedenyuk
commented
8 years ago I've changed some variables in Application.mk:
APP_PLATFORM := android-18
APP_ABI := x86Now I get:
[x86] Compile++ : injector <= main.cpp
In file included from jni/injector/main.cpp:29:0:
jni/injector/traced.hpp: In member function 'long unsigned int Traced::call(void*, int, ...)':
jni/injector/traced.hpp:167:35: error: braces around scalar initializer for type 'long int'
struct pt_regs regs = {{0}}, rbackup = {{0}};
^
jni/injector/traced.hpp:167:52: error: braces around scalar initializer for type 'long int'
struct pt_regs regs = {{0}}, rbackup = {{0}};
^
jni/injector/traced.hpp:181:22: error: 'struct pt_regs' has no member named 'uregs'
regs.uregs[i] = arg;
^
jni/injector/traced.hpp:185:22: error: 'struct pt_regs' has no member named 'ARM_sp'
regs.ARM_sp -= sizeof(long) ;
^
jni/injector/traced.hpp:186:37: error: 'struct pt_regs' has no member named 'ARM_sp'
write( (size_t)regs.ARM_sp, (uint8_t *)&arg, sizeof(long) );
^
jni/injector/traced.hpp:192:14: error: 'struct pt_regs' has no member named 'ARM_lr'
regs.ARM_lr = 0;
^
jni/injector/traced.hpp:193:14: error: 'struct pt_regs' has no member named 'ARM_pc'
regs.ARM_pc = (long int)function;
^
jni/injector/traced.hpp:195:19: error: 'struct pt_regs' has no member named 'ARM_pc'
if ( regs.ARM_pc & 1 ){
^
jni/injector/traced.hpp:197:18: error: 'struct pt_regs' has no member named 'ARM_pc'
regs.ARM_pc &= (~1u);
^
jni/injector/traced.hpp:198:18: error: 'struct pt_regs' has no member named 'ARM_cpsr'
regs.ARM_cpsr |= CPSR_T_MASK;
^
jni/injector/traced.hpp:202:18: error: 'struct pt_regs' has no member named 'ARM_cpsr'
regs.ARM_cpsr &= ~CPSR_T_MASK;
^
jni/injector/traced.hpp:216:21: error: 'struct pt_regs' has no member named 'ARM_r0'
return regs.ARM_r0;
^
jni/injector/traced.hpp:217:5: error: control reaches end of non-void function [-Werror=return-type]
}
^
cc1plus: all warnings being treated as errors
make[1]: *** [obj/local/x86/objs/injector/main.o] Error 1the code was made to work on ARM architectures, so either you compile and run on ARM, or it won't work.
zvedenyuk
commented
8 years ago For those with the same problem I've managed to compile jni/injector/traced.hpp for x86 with these edits:
unsigned long call( void *function, int nargs, ... ) {
int i = 0;
struct pt_regs {
unsigned long uregs[5];
unsigned long ARM_sp;
unsigned long ARM_lr;
unsigned long ARM_pc;
unsigned long ARM_cpsr;
unsigned long ARM_r0;
};
struct pt_regs regs = {0}, rbackup = {0};Then I edited test.py:
adb.push( "libs/x86/injector", "/data/local/tmp/injector" )
adb.push( "libs/x86/libhook.so", "/data/local/tmp/libhook.so" )Now the script freezes at line:
adb.sudo( "/data/local/tmp/injector %d /data/local/tmp/libhook.so" % pid )So, the binary runs, but I don't get anything from it.
evilsocket
commented
8 years ago it WON'T work, ARM registers are different than x86 registers.
zvedenyuk
commented
8 years ago OK, thank you.
When I run the script I get:
I've modified the code in
test.pya little bit to print the output of the command in the console:What I got is:
Has anyone else had the same problem with the injector file?