各位大佬用纯汇编实现函数和汇编调用该方法,该怎么破?

各位大佬用纯汇编实现函数和汇编调用该方法,该怎么破?

1 个赞

什么玩意???

内联汇编,
asm volatile(
“stmfd sp!,{r0-r6,r8-r11}\n”
“ldmfd sp!,{r0-r6,r8-r11}”
:
:“r”(args),“g”(otherFun)
:“r0”,“r1”,“r2”,“r3”,“r4”,“r5”,“r6”,“s0”,“s1”,“s2”,“s3”,“s4”,“s5”
);

      static __attribute__((always_inline)) void asm_ptrace() {
                  #ifdef __arm64__
                    __asm__ __volatile__(
                     "mov x0, #31\n"
                     "mov x1, #0\n"
                     "mov x2, #0\n"
                     "mov x3, #0\n"
                     "mov x16, #26\n"
                     "svc #0x80\n"
                     );#endif}

然后调用asm_ptrace这个方法的汇编代码写在某个类的+load()里,这种怎么破

debugme

[*] start patch ptrace funtion to bypass antiDebug
[+] success ptrace funtion to bypass antiDebug
[*] start patch svc ins to bypass antiDebug
[+] get text segment start address:0x100017430 and end address:0x10001a398
[+] found svc address:0x100017528
[*] start hook svc at address:0x100017528
[+] success hook svc at address:0x100017528
[+] found svc address:0x100017540
[*] start hook svc at address:0x100017540
[+] success hook svc at address:0x100017540
[*] all patch done
[x] happy debugging~ kill antiDebug by xia0@2019
3 个赞

你的工具真好用