-
-
[求助]如何正确dump出解密后的so文件
-
发表于:
2026-4-15 12:15
1026
-
Android的加固so会调用open检测maps文件,我在此时dump so文件使用Thread.backtrace(this.context, Backtracer.FUZZY)查看open的调用栈,用ida在加固so的偏移位置只找到%1的占位符是为什么
var openptr=Module.findExportByName("libc.so","open")
const open=new NativeFunction(openptr,"int",["pointer","int"])
var MapsBuffer = Memory.alloc(512)
var MapsFile=new File(Fakepath,"w")
Interceptor.replace(openptr,new NativeCallback(function(pathname,flag){
var name=pathname.readCString()
if(name.indexOf("maps")!=-1){
dump_so(libcname)
console.log('RegisterNatives called from:\\n' + Thread.backtrace(this.context, Backtracer.FUZZY).map(DebugSymbol.fromAddress).join('\\n') + '\\n');
return open(pathname,flag)
}
return open(pathname,flag)
},"int",["pointer","int"]))
传播安全知识、拓宽行业人脉——看雪讲师团队等你加入!
