proot
proot copied to clipboard
proot-me
execve args replace .
Hi great developers, I had a problem recently about the execve parameter replacement. My requirement is to replace and modify (parameter 1) and (parameter 2) before some execve commands execute. But I refer to the proroot code now and it doesn t seem to take effect. If the parameters are not modified, the program will print the content normally, but if the parameter is modified, the program will not print any information. I tried to reconstruct the logic of enter.c in execve, which is the code I modified:
//int execve(const char *pathname, char *const argv[], char *const envp[]);
case SC_execve: {
status = 0;
if (getRuntimeIsFinsh()) {
char org_path_buff[PATH_MAX];
get_sysarg_path(tracee, org_path_buff, SYSARG_1);
ArrayOfXPointers *args_array;
fetch_array_of_xpointers(tracee, &args_array, SYSARG_2, 0);
string orig_args, orig_cmd_path(org_path_buff);
size_t args_count = args_array->length;
for (size_t i = 0; i < args_count - 1; i++) {
char *arg_str;
read_xpointee_as_string_t(tracee, args_array, i, &arg_str);
if (i != 0) {
orig_args.append(" ");
}
orig_args.append(arg_str);
}
//get mock value
auto handler_info = ZhenxiRunTime::handlerExecve::handler(orig_args);
if (handler_info.isHandler) {
//set cmd path
set_sysarg_path(tracee, handler_info.cmd_path.c_str(), SYSARG_1);
vector<string> new_args_list = handler_info.args;
resize_array_of_xpointers(args_array, 0, (ssize_t) (new_args_list.size() + 1));
for (size_t i = 0; i < new_args_list.size(); i++) {
write_xpointee(args_array, i, new_args_list[i].c_str());
}
//nullptr
write_xpointee(args_array, new_args_list.size(), nullptr);
//set args
status = push_array_of_xpointers_t(tracee, args_array, SYSARG_2);
if (status < 0) {
LOGE("svc execve error push_array_of_xpointers %d", status);
break;
}
}
}
break;
}
This is the code that I tested, and the main purpose is to replace the return value of [stat-f /], with [cat my_file_path]
const char *logcatPath = "/system/bin/stat";
const char *logcatArgs[] = { "stat", "-f", "/", nullptr,"111","222" };
int pipefd[2];
if (pipe(pipefd) == -1) {
LOGE("pipe error")
return;
}
pid_t pid = fork();
if (pid < 0) {
LOGE("fork");
return;
} else if (pid == 0) {
close(pipefd[0]);
dup2(pipefd[1], STDOUT_FILENO);
dup2(pipefd[1], STDERR_FILENO);
close(pipefd[1]);
//int ret = (int)syscall(__NR_execve,logcatPath, (char *const *)logcatArgs, nullptr);
int ret = execve(logcatPath, (char *const *)logcatArgs, nullptr);
if (ret < 0) {
LOGE("test execve error ret < 0 %s ", strerror(errno))
_exit(EXIT_FAILURE);
}
LOGE("test execve success ret %d",ret)
} else {
close(pipefd[1]);
char buffer[1024];
ssize_t bytesRead;
//read
while ((bytesRead = read(pipefd[0], buffer, sizeof(buffer) - 1)) > 0) {
buffer[bytesRead] = '\0';
LOGE("test execve printf -> %s", buffer)
//break;
}
close(pipefd[0]);
int status;
waitpid(pid, &status, 0);
}
The problem now is that as long as I make a parameter modification and replacement
LOGE("test execve printf -> %s", buffer)
This log will not be printed, the program does not have any translation, if it is ok, I tried to change the stat command to [cat my_file_path] or [sh-c 'cat my_file_path'], I don't know how to solve this problem. Can you help me with something? Great developer
