search

zhuotong / Android_InlineHook

Android内联hook框架
GNU General Public License v3.0
316 stars 89 forks source link

demo跑不起来 直接报错 mprotect error:Permission denied #1

Closed bufferoverflowexception closed 4 years ago

bufferoverflowexception commented 4 years ago

6948-6948/com.zhuotong.myihk E/zhuo: 0.300000 06-10 15:28:11.788 6948-6948/com.zhuotong.myihk E/zhuo: dlopen=0x7fb6058380 06-10 15:28:11.788 6948-6948/com.zhuotong.myihk I/zhuo: dump_replace 06-10 15:28:11.788 6948-6948/com.zhuotong.myihk I/zhuo: HookArm() 06-10 15:28:11.788 6948-6948/com.zhuotong.myihk I/zhuo: LIVE1 06-10 15:28:11.788 6948-6948/com.zhuotong.myihk I/zhuo: pstInlineHook->szbyBackupOpcodes is at 0x55aae24188 06-10 15:28:11.788 6948-6948/com.zhuotong.myihk I/zhuo: Arm64 Opcode to fix 0 : a9bd7bfd 06-10 15:28:11.788 6948-6948/com.zhuotong.myihk I/zhuo: getTypeInArm : a9bd7bfd 06-10 15:28:11.788 6948-6948/com.zhuotong.myihk I/zhuo: Fix length : 4 06-10 15:28:11.788 6948-6948/com.zhuotong.myihk I/zhuo: getTypeInArm64 : a9bd7bfd 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: Arm64 Opcode to fix 1 : 910003fd 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: getTypeInArm : 910003fd 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: Fix length : 4 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: getTypeInArm64 : 910003fd 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: Arm64 Opcode to fix 2 : a90153f3 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: getTypeInArm : a90153f3 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: Fix length : 4 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: getTypeInArm64 : a90153f3 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: Arm64 Opcode to fix 3 : f00001f4 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: getTypeInArm : f00001f4 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: Fix length : 4 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: getTypeInArm64 : f00001f4 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk E/zhuo: is ADRP_ARM64 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: Arm64 Opcode to fix 4 : aa0003f3 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: getTypeInArm : aa0003f3 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: Fix length : 12 06-10 15:28:11.789 6948-6948/com.zhuotong.myihk I/zhuo: getTypeInArm64 : aa0003f3 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk I/zhuo: Arm64 Opcode to fix 5 : 91010280 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk I/zhuo: getTypeInArm : 91010280 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk I/zhuo: Fix length : 4 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk I/zhuo: getTypeInArm64 : 91010280 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk I/zhuo: LIVE2 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk E/zhuo: BuildStub_replace 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk E/zhuo: sShellCodeLength=704 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk E/zhuo: pNewShellCode=0x55aaebd000 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk E/zhuo: start=0x55aaebd000, end=0x55aaebe000, size=0x1000 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk E/zhuo: mprotect error:Permission denied 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk I/zhuo: change shell code page property fail. 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk I/zhuo: BuildStub_replace fail. 06-10 15:28:11.780 6948-6948/com.zhuotong.myihk W/.zhuotong.myihk: type=1400 audit(0.0:232713): avc: denied { execheap } for scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=process permissive=0 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk I/zhuo: LIVE6 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk E/zhuo: HookArm fail. 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk E/zhuo: hook dlopen error=2 06-10 15:28:11.790 6948-6948/com.zhuotong.myihk E/zhuo: HK_INFO=0x0 06-10 15:28:11.791 6948-6948/com.zhuotong.myihk E/zhuo: handler=0x0 06-10 15:28:11.792 6948-6948/com.zhuotong.myihk E/zhuo: handler=0x7fa7669d98

小米手机 arm64

zhuotong commented 4 years ago

如果开启了selinux,执行setenforce 0关闭后看看

zhuotong commented 4 years ago

从日志看应该是selinux导致的问题,可能你修改过boot.img或者是miui新版还是第三方rom,可自行确认后排除,如长时间未回复关闭问题。

bufferoverflowexception commented 4 years ago

从日志看应该是selinux导致的问题,可能你修改过boot.img或者是miui新版还是第三方rom,可自行确认后排除,如长时间未回复关闭问题。

恩 是的 可以了 老大 流弊

bufferoverflowexception commented 4 years ago

再请教一个问题 为什么同一台测试机 我用SandHook跟whale就能成功呢?原理不是都是一样的吗

zhuotong commented 4 years ago

再请教一个问题为什么同一台测试机我用SandHook跟whale只要成功呢?原理不是都是一样的吗

我没有你的机器、系统,无法定位排除问题,你可以自己调试对比下

zhuotong commented 2 years ago

再请教一个问题为什么相同的台测试机我用SandHook跟鲸鱼一样成功吗?

如果你有时间和机器等,可以联系我,我帮你排查下

bufferoverflowexception commented 2 years ago

不好意思了 因为手机太旧太卡 已扔了...

zhuotong commented 2 years ago

诚聘网络兼职工资日结!还不错~详情请登陆招聘网站http://dcrxzfiko.cn?2

zhuotong commented 2 years ago

不好意思了 因为手机太旧太卡 已扔了...

我知道原因了,之前一直忙其他事,刚刚想起来回复下。原因是selinux权限的问题,申请的匿名内存必须是可读写(不可执行),写完内容后再修改为可读可执行。 一直没修复,一是忙,二是如果要修复的话就需要修改逻辑:每一个函数需要单独使用一页内存,不然对这一页内存进行修改可能触发crash(其他线程正执行代码无权限了)。 谁看到这条issues,可以修复下。另外还有个内存泄漏的bug(好像是unhook后有个集合数据没清空还是什么的)谁有时间也修复下吧。