-
-
[求助]Zygote注入成功,但没有加载库
-
发表于:
2017-4-7 21:11
9587
-
这几天一直在看腾讯的《游戏安全》,也是看到了代码注入这里。Ptrace注入已经完成,想着试下Zygote注入,就使用随书代码跑了一下。
308是zygote的pid,主要功能就是向zygote里面注入testSo.so库,这条指令执行如下:
看起来确实是执行了库里面的函数,但是logcat中看日志:
04-07 21:03:37.025 17999 17999 E debug : inject arg:
04-07 21:03:37.033 17999 17999 E debug : attch pass
04-07 21:03:37.054 17999 17999 E debug : call remote mmap res:0xf037d000
04-07 21:03:37.082 308 308 I main : type=1400 audit(0.0:336): avc: denied { read } for name="testSo.so" dev="dm-0" ino=26975 scontext=u:r:zygote:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file permissive=1
04-07 21:03:37.082 308 308 I main : type=1400 audit(0.0:337): avc: denied { open } for path="/data/local/tmp/testSo.so" dev="dm-0" ino=26975 scontext=u:r:zygote:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file permissive=1
04-07 21:03:37.082 308 308 I main : type=1400 audit(0.0:338): avc: denied { getattr } for path="/data/local/tmp/testSo.so" dev="dm-0" ino=26975 scontext=u:r:zygote:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file permissive=1
04-07 21:03:37.086 308 308 I main : type=1400 audit(0.0:339): avc: denied { execute } for path="/data/local/tmp/testSo.so" dev="dm-0" ino=26975 scontext=u:r:zygote:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file permissive=1
04-07 21:03:37.087 308 308 D debug : Where am I?__from pid:308
04-07 21:03:37.088 17999 17999 E debug : call remote shellcode res:16385
04-07 21:03:37.088 17999 17999 E debug : injectProcess:341 r0:-496115760, orig_r0:-496115760, r7:336, pc:-269707252, cpsr:1610678288
04-07 21:03:37.088 17999 17999 E debug : injectProcess:360 r0 not -0x200 and -514
04-07 21:03:37.088 17999 17999 E debug : injectProcess:362 r0 not -513
04-07 21:03:37.100 17999 17999 E debug : inject finish
这就很尴尬了,日志中拒绝了我的各种请求,并且/proc/308/maps里面也没有我的库。而且,我在运行之前已经使用setenforce 0 来临时关闭SELinux。所以我想问下各位大大,出现这个问题是什么原因?
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课