Hook函数实现如下所示：

.text:0001E3BC                 EXPORT pFCBBDD4DC45421445688FBC7F6C9F065
.text:0001E3BC pFCBBDD4DC45421445688FBC7F6C9F065       ; CODE XREF: pF8929999EA3C747345B0C0359A04F26A+24Ep
.text:0001E3BC                                         ; pF8929999EA3C747345B0C0359A04F26A+4BE
.text:0001E3BC                 PUSH            {R4-R6,LR}
.text:0001E3BE                 MOVS            R6, R2
.text:0001E3C0                 MOVS            R5, R3
.text:0001E3C2                 BLX             dlsym
.text:0001E3C6                 SUBS            R4, R0, #0
.text:0001E3C8                 BEQ             loc_1E3E4
.text:0001E3CA                 LSLS            R3, R0, #0x1F
.text:0001E3CC                 BPL             loc_1E3DC
.text:0001E3CE                 SUBS            R4, #1
.text:0001E3D0                 MOVS            R0, R4
.text:0001E3D2                 MOVS            R1, R6
.text:0001E3D4                 MOVS            R2, R5
.text:0001E3D6                 BL              sub_1DA64
.text:0001E3DA                 B               loc_1E3E4
.text:0001E3DC ; ---------------------------------------------------------------------------
.text:0001E3DC
.text:0001E3DC loc_1E3DC                               ; CODE XREF: pFCBBDD4DC45421445688FBC7F6C9F065+10j
.text:0001E3DC                 MOVS            R1, R6
.text:0001E3DE                 MOVS            R2, R5
.text:0001E3E0                 BL              sub_1D844
.text:0001E3E4
.text:0001E3E4 loc_1E3E4                               ; CODE XREF: pFCBBDD4DC45421445688FBC7F6C9F065+Cj
.text:0001E3E4                                         ; pFCBBDD4DC45421445688FBC7F6C9F065+1Ej
.text:0001E3E4                 MOVS            R0, R4
.text:0001E3E6                 POP             {R4-R6,PC}
.text:0001E3E6 ; End of function pFCBBDD4DC45421445688FBC7F6C9F065
.text:0001E3E6

总结，子进程的ptrace函数通过此函数进行hook。

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课