init64

abcz316 · abcz316 · commit 861950e17a98 · 2021-12-05T00:13:12.000+08:00
diff --git a/testRoot/init64_helper.h b/testRoot/init64_helper.h
@@ -0,0 +1,23 @@
+#ifndef INIT64_HELPER_H_
+#define INIT64_HELPER_H_
+#include <unistd.h>
+#include "process64_inject.h"
+
+//ע��init64����Զ��ִ�������ע����������Զ���Ȩ��ROOT�����ҹر�SELinux���������к�ɸ����Լ�����Ҫ�����Ƿ��ֶ����´�SELinux
+ssize_t inject_init64_run_cmd_wrapper(
+	unsigned int root_key,
+	const char *cmd,
+	const char* p_out_result_buf = NULL,
+	size_t out_result_buf_size = 0) {
+	return inject_process64_run_cmd_wrapper(root_key, 1, cmd, p_out_result_buf, out_result_buf_size, false, false, false, NULL, false, NULL);
+}
+
+//fork��ȫ�汾�������ڰ�׿APPֱ�ӵ��ã�
+ssize_t safe_inject_init64_run_cmd_wrapper(
+	unsigned int root_key,
+	const char *cmd,
+	const char* p_out_result_buf = NULL,
+	size_t out_result_buf_size = 0) {
+	return safe_inject_process64_run_cmd_wrapper(root_key, 1, cmd, p_out_result_buf, out_result_buf_size, false, false, false, NULL, false, NULL);
+}
+#endif /* INIT64_HELPER_H_ */
diff --git a/testRoot/so_symbol_parser.h b/testRoot/so_symbol_parser.h
@@ -0,0 +1,85 @@
+﻿#ifndef SO_SYMBOL_PARSER_H_
+#define SO_SYMBOL_PARSER_H_
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <elf.h>
+#include <fcntl.h>
+#include <iostream>
+#include <sys/mman.h>
+#include <map>
+#include <vector>
+
+static bool is_elf64_file(int fd) {
+	Elf64_Ehdr elf;
+	int r = read(fd, &elf, sizeof(elf));
+	if (r != sizeof(elf)) {
+		return false;
+	}
+	if (*(uint32_t *)&elf != 0x464c457f) {
+		//not an ELF file
+		return false;
+	}
+	unsigned char * b = (unsigned char *)&elf;
+	if (b[EI_CLASS] == ELFCLASS64) {
+		return true;
+	}
+	return false;
+}
+static int get_so_symbol_addr(const char* so_path, std::map<std::string, uint64_t> & funcSymbolMap) {
+	int fd;
+	char *mod;
+	unsigned int size, i, j, shn, n;
+	Elf64_Sym *syms, *sym;
+	Elf64_Shdr *shdrs, *shdr;
+	Elf64_Ehdr *ehdr;
+	const char *strtab;
+
+	fd = open(so_path, O_RDONLY);
+	if (fd < 0) {
+		return -1;
+	}
+	lseek(fd, 0L, SEEK_SET);
+	if (!is_elf64_file(fd)) {
+		close(fd);
+		return -2;
+	}
+	size = lseek(fd, 0L, SEEK_END);
+	mod = (char*)mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
+
+	ehdr = (Elf64_Ehdr *)mod;
+	shdrs = (Elf64_Shdr *)(mod + ehdr->e_shoff);
+	shn = ehdr->e_shnum == 0 ? shdrs[0].sh_size : ehdr->e_shnum;
+
+	for (i = 0; i < shn; i++) {
+		shdr = &shdrs[i];
+
+		if (shdr->sh_type == SHT_SYMTAB || shdr->sh_type == SHT_DYNSYM) {
+			syms = (Elf64_Sym *)(mod + shdr->sh_offset);
+			strtab = mod + shdrs[shdr->sh_link].sh_offset;
+			n = shdr->sh_size / shdr->sh_entsize;
+			for (j = 0; j < n; j++) {
+				char stype, sbind, sinfo;
+
+				sym = &syms[j];
+				stype = ELF64_ST_TYPE(sym->st_info);
+				sbind = ELF32_ST_BIND(sym->st_info);
+				sinfo = ELF32_ST_INFO(sbind, stype);
+				if (stype == STT_FUNC && sbind == STB_GLOBAL &&
+					sym->st_other == STV_DEFAULT &&
+					(uintmax_t)sym->st_size > 0) {
+
+					if (funcSymbolMap.find(strtab + sym->st_name) == funcSymbolMap.end()) {
+						continue;
+					}
+					funcSymbolMap[strtab + sym->st_name] = sym->st_value;
+				}
+			}
+		}
+	}
+	munmap(mod, size);
+	close(fd);
+	return 0;
+}
+#endif /* SO_SYMBOL_PARSER_H_ */
diff --git a/testRoot/testRoot.cpp b/testRoot/testRoot.cpp
@@ -4,6 +4,7 @@
 #include <sys/capability.h>
 #include "process64_inject.h"
 #include "adb64_helper.h"
+#include "init64_helper.h"
 #include "su_install_helper.h"
 #define ROOT_KEY 0x7F6766F8
 
@@ -97,7 +98,7 @@ void test_run_normal_cmd(const char * shell) {
 void test_run_root_cmd(const char * cmd) {
 	printf("test_run_root_cmd(%s)\n", cmd);
 	char result[0x1000] = { 0 };
-	ssize_t ret = inject_adbd64_run_cmd_wrapper(ROOT_KEY, cmd, result, sizeof(result));
+	ssize_t ret = inject_init64_run_cmd_wrapper(ROOT_KEY, cmd, result, sizeof(result));
 	printf("test_run_root_cmd ret val:%zd\n", ret);
 	printf("test_run_root_cmd result:%s\n", result);
 }
@@ -117,7 +118,7 @@ void test_su_env_inject(const char* target_pid_cmdline)
 
 	//1.安装su工具套件
 	std::string su_hidden_path;
-	int install_su_tools_ret = install_su_tools(ROOT_KEY, myself_path, su_hidden_path, "su");
+	int install_su_tools_ret = install_su_tools(ROOT_KEY, myself_path, su_hidden_path, "adb_su");
 	printf("install_su_tools ret val:%d\n", install_su_tools_ret);
 	if (install_su_tools_ret != 0) {
 		return;
@@ -126,17 +127,11 @@ void test_su_env_inject(const char* target_pid_cmdline)
 	//2.杀光所有历史进程
 	std::vector<pid_t> vOut;
 	int find_all_cmdline_process_ret = find_all_cmdline_process(ROOT_KEY, target_pid_cmdline, vOut);
-	printf("find_all_cmdline_process ret val:%d, cnt:%d\n", find_all_cmdline_process_ret, vOut.size());
+	printf("find_all_cmdline_process ret val:%d, cnt:%zu\n", find_all_cmdline_process_ret, vOut.size());
 	if (find_all_cmdline_process_ret != 0) {
 		return;
 	}
-	std::string kill_cmd;
-	for (pid_t t : vOut) {
-		kill_cmd += "kill -9 ";
-		kill_cmd += std::to_string(t);
-		kill_cmd += ";";
-	}
-	int kill_ret = run_normal_cmd(ROOT_KEY, kill_cmd.c_str());
+	int kill_ret = kill_process_ex(ROOT_KEY, vOut);
 	printf("kill_ret ret val:%d\n", kill_ret);
 	if (kill_ret != 0) {
 		return;
@@ -163,7 +158,7 @@ void test_clean_su_env() {
 
 	int uninstall_su_tools_ret = uninstall_su_tools(ROOT_KEY, myself_path, "su");
 	printf("test_clean_su_env ret val:%d\n", uninstall_su_tools_ret);
-}
+}
 
 int main(int argc, char *argv[])
 {
@@ -187,7 +182,7 @@ int main(int argc, char *argv[])
 
 	++argv;
 	--argc;
-	
+	
 	if (strcmp(argv[0], "show") == 0) { //1.显示自身权限信息
 		show_capability_info();
 	}
