各位大佬用纯汇编实现函数和汇编调用该方法,该怎么破?
1 个赞
什么玩意???
内联汇编,
asm volatile(
“stmfd sp!,{r0-r6,r8-r11}\n”
“ldmfd sp!,{r0-r6,r8-r11}”
:
:“r”(args),“g”(otherFun)
:“r0”,“r1”,“r2”,“r3”,“r4”,“r5”,“r6”,“s0”,“s1”,“s2”,“s3”,“s4”,“s5”
);
static __attribute__((always_inline)) void asm_ptrace() {
#ifdef __arm64__
__asm__ __volatile__(
"mov x0, #31\n"
"mov x1, #0\n"
"mov x2, #0\n"
"mov x3, #0\n"
"mov x16, #26\n"
"svc #0x80\n"
);#endif}
然后调用asm_ptrace这个方法的汇编代码写在某个类的+load()里,这种怎么破
[*] start patch ptrace funtion to bypass antiDebug
[+] success ptrace funtion to bypass antiDebug
[*] start patch svc ins to bypass antiDebug
[+] get text segment start address:0x100017430 and end address:0x10001a398
[+] found svc address:0x100017528
[*] start hook svc at address:0x100017528
[+] success hook svc at address:0x100017528
[+] found svc address:0x100017540
[*] start hook svc at address:0x100017540
[+] success hook svc at address:0x100017540
[*] all patch done
[x] happy debugging~ kill antiDebug by xia0@2019
3 个赞
你的工具真好用