代码混淆后问题 #5
Description
`#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>
#include <unistd.h>
#include <sys/syscall.h>
__attribute((annotate("vmp"))) // add this annotation
long readDword(u_long addr) {
long v=0;
struct iovec local[1];
struct iovec remote[1];
local[0].iov_base = &v;
local[0].iov_len = 4;
remote[0].iov_base = (void *) addr;
remote[0].iov_len = 4;
syscall(__NR_process_vm_readv, getpid(), local, 1, remote, 1, 0);
return v;
}
#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>
#include <unistd.h>
int main() {
size_t length = 4096; // One page
unsigned char vec;
void *addr;
// 创建一个匿名内存映射
addr = mmap(NULL, length, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (addr == MAP_FAILED) {
perror("mmap");
exit(EXIT_FAILURE);
}
readDword(addr);
// 使用mincore检查页面是否在RAM中
if (mincore(addr, length, &vec) == -1) {
perror("mincore");
exit(EXIT_FAILURE);
}
// 检查这一页
if (vec & 1) {
printf("The page is in RAM.\n");
} else {
printf("The page is not in RAM.\n");
}
// 清理
munmap(addr, length);
return 0;
}上方代码是一个简单的物理页判断实例,申请的mmap在readdword后被实际映射到物理上,但是在混淆后读取似乎没有达到预期效果? 这是我的编译选项:sudo /data/data/com.termux/files/home/android-ndk-r23b/toolchains/llvm/prebuilt/linux-x86_64/bin/clang-8 /data/data/com.termux/files/home/jni/test4.c /data/data/com.termux/files/home/jni/syscall.s -DENABLE_XVMP -O0 --sysroot=/data/data/com.termux/files/home/android-ndk-r23b/toolchains/llvm/prebuilt/linux-x86_64/sysroot -target aarch64-none-linux-android26 -o u`