xVMP
xVMP copied to clipboard
GANGE666
代码混淆后问题
`#include <stdio.h> #include <stdlib.h> #include <sys/mman.h> #include <unistd.h> #include <sys/syscall.h> __attribute((annotate("vmp"))) // add this annotation long readDword(u_long addr) { long v=0; struct iovec local[1]; struct iovec remote[1]; local[0].iov_base = &v; local[0].iov_len = 4; remote[0].iov_base = (void *) addr; remote[0].iov_len = 4; syscall(__NR_process_vm_readv, getpid(), local, 1, remote, 1, 0); return v; } #include <stdio.h> #include <stdlib.h> #include <sys/mman.h> #include <unistd.h>
int main() { size_t length = 4096; // One page unsigned char vec; void *addr;
// 创建一个匿名内存映射
addr = mmap(NULL, length, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (addr == MAP_FAILED) {
perror("mmap");
exit(EXIT_FAILURE);
}
readDword(addr); // 使用mincore检查页面是否在RAM中 if (mincore(addr, length, &vec) == -1) { perror("mincore"); exit(EXIT_FAILURE); } // 检查这一页 if (vec & 1) { printf("The page is in RAM.\n"); } else { printf("The page is not in RAM.\n"); }
// 清理
munmap(addr, length);
return 0;
}上方代码是一个简单的物理页判断实例,申请的mmap在readdword后被实际映射到物理上,但是在混淆后读取似乎没有达到预期效果? 这是我的编译选项:sudo /data/data/com.termux/files/home/android-ndk-r23b/toolchains/llvm/prebuilt/linux-x86_64/bin/clang-8 /data/data/com.termux/files/home/jni/test4.c /data/data/com.termux/files/home/jni/syscall.s -DENABLE_XVMP -O0 --sysroot=/data/data/com.termux/files/home/android-ndk-r23b/toolchains/llvm/prebuilt/linux-x86_64/sysroot -target aarch64-none-linux-android26 -o u`
