AndroidPtraceInject icon indicating copy to clipboard operation
AndroidPtraceInject copied to clipboard

Published 20 hours ago verified publisher icon SsageParuders

just asking

Open wenli7363 opened this issue 2 years ago • 0 comments

我不理解这个0x8000的判断是啥意思

when i review ur source code, in function get_module_base_addr(Utils.h)

what does 0x8000 means?

if (ModuleBaseAddr == 0x8000)
                    ModuleBaseAddr = 0;

The original function is

/**
 * @brief 在指定进程中搜索对应模块的基址
 *
 * @param pid pid表示远程进程的ID 若为-1表示自身进程
 * @param ModuleName ModuleName表示要搜索的模块的名称
 * @return void* 返回0表示获取模块基址失败,返回非0为要搜索的模块基址
 */
void *get_module_base_addr(pid_t pid, const char *ModuleName){
    FILE *fp = NULL;
    long ModuleBaseAddr = 0;
    char szFileName[50] = {0};
    char szMapFileLine[1024] = {0};

    // 读取"/proc/pid/maps"可以获得该进程加载的模块
    if (pid < 0){
        //  枚举自身进程模块
        snprintf(szFileName, sizeof(szFileName), "/proc/self/maps");
    } else {
        snprintf(szFileName, sizeof(szFileName), "/proc/%d/maps", pid);
    }

    fp = fopen(szFileName, "r");

    if (fp != NULL){
        while (fgets(szMapFileLine, sizeof(szMapFileLine), fp)){
            if (strstr(szMapFileLine, ModuleName)){
                char *Addr = strtok(szMapFileLine, "-");
                ModuleBaseAddr = strtoul(Addr, NULL, 16);

                if (ModuleBaseAddr == 0x8000)
                    ModuleBaseAddr = 0;

                break;
            }
        }

        fclose(fp);
    }

    return (void *)ModuleBaseAddr;
}

wenli7363 avatar Feb 08 '23 02:02 wenli7363