junknet
junknet
通杀方案: 编译内核,关掉内核写入保护,内存管理单元下子系统下直接映射成物理地址(主要为了修改sys_call_table所在页表写入权限) 写个内核模块劫持sys_call_table 里面的hook ptrace中断调用 (参考rootkit技术)
> CPU: Snapdragon 855 X29 == fp X30 == lr X31 == sp
> @junknet can you just add it to the regs spec? Also are all other ARM64 having this reg? Yes, this is the register used by the AARCH64 instruction set...
> @disconnect3d This is the effect of not modifying X29.   X28 x29 x30 display order error. So I just annotated "frame = 'x29',"
Can you show me your profile
> If you are using VSCode, I'd strongly recommend using: https://github.com/saem/vscode-nim > > According to nimlsp README, `textDocument/signatureHelp` isn't implemented yet. Thanks for your advice,but saem/vscode-nim compelte speed is slow.....
maybe shoulde monitor binder spy in kernel;
> As mentioned in the [documentation](https://obfuscator.re/omvll/) Currently, it only supports AArch64 but there is on-going work to support more architectures. I don't quite understand what you mean, are you saying...
> > I don't quite understand what you mean, are you saying that my development platform also needs to be aarch64 architecture? > > Nop but look at your triple...
It's only appears in string obfuscation.