maps
io
fd
app
int fd = syscall(__NR_openat, AT_FDCWD, "/proc/self/maps", O_RDONLY);
syscall(__NR_read, fd, &byte, 1)
byte
read
LOGE(
"开始读取maps"
);
int
fd = syscall(__NR_openat, AT_FDCWD,
"/proc/self/maps"
, O_RDONLY);
// 使用系统调用打开文件
if
(fd == -1) {
"Failed to open maps file"
}
char
buf[BUF_SIZE];
byte;
bytesRead;
i = 0;
while
((bytesRead = syscall(__NR_read, fd, &byte, 1)) > 0) {
// 逐字节读取文件内容
buf[i++] = byte;
(byte ==
'\n'
) {
buf[i] =
'\0'
;
// 在行末添加字符串终止符
"%s"
, buf);
// 重置缓冲区索引
(bytesRead == -1) {
"Error while reading file"
close(fd);
#define BUF_SIZE 1024
static
count = 0;
checkFd(
fd) {
(count == 0) {
buf[BUF_SIZE] = {0};
(syscall(__NR_read, fd, &byte, 1) > 0) {
(
strstr
(buf,
"libart.so"
)) {
// 读取到指定内容 字节返回fd
return
fd;
else
{
// 回移文件指针
off_t current_pos = lseek(fd, 0, SEEK_CUR);
syscall(__NR_lseek, fd, current_pos - i, SEEK_SET);
count = i;
count--;
bytesRead = syscall(__NR_read, checkFd(fd), &byte, 1)
libart.so
[培训]内核驱动高级班,冲击BAT一流互联网大厂工 作,每周日13:00-18:00直播授课
肉蚌葱鸡 使用seccomp进行拦截svc似乎会导致一些问题 这似乎和在信号处理程序里面再次调用svc有关系[em_5]
万里星河 所以需要做个标记以过滤