search

reveny / Android-GUI-Injector

GUI App for Injecting shared libraries on Android
GNU General Public License v3.0
202 stars 61 forks source link

great project, how to pass parameters, get function return? #12

Closed abbuaus closed 1 year ago

abbuaus commented 1 year ago

great project, how to pass parameters, get function return? i am a beginner

reveny commented 1 year ago

Generally speaking, this is how function calls work in the project:

  1. Get the address of the target function. (in this case dlopen).
  2. Define the parameters as follows: long parameters[2]; //2 is the amount of parameters
  3. Set the parameters: dlopen has 2 parameters: dlopen(const char* path, int mode); 
    parameters[0] = (uintptr_t) remoteMmapAddr;
parameters[1] = RTLD_NOW | RTLD_GLOBAL;

    Note that we are passing a address to a string as the first argument, this was done by allocating memory and then writing a string to it, in this case it is the dlopen path.

  4. Call the function with ptrace call: 
    //                   process id,   address,  parameters, amount of parameters, regs
if (ptrace_call(pid, (uintptr_t) dlopen_addr, parameters, 2, &currentRegs) == -1) {
    LOGE("Call dlopen Failed");
    return -1;
}
  5. Get the return value: The return value will be saved in the register that can be acquired with ptrace_getret. 
    void *remoteModuleAddr = (void *)ptrace_getret(&currentRegs);
LOGI("ptrace_call dlopen success, Remote module Address: 0x%lx", (long)remoteModuleAddr);

And that is it. That is how you can call a function with this project. There is currently no way to pass parameters and get the return value through the UI, you need to implement that on your own :)