QuiYou
(Laote)
1
Output
/*
[8888]: args[0]: /var/mobile/Documents/opainject
[8888]: args[1]: 855
[8888]: args[2]: /var/mobile/Documents/libDylib.dylib
[8888]: posix_spawn Error 85: Bad executable (or shared library)
[8888]: opainject execution failed, error code:85
*/
int Runopainject(NSString** output, NSString** errorOutput) {
if (!isDylibInstalled() || !isopainjectInstalled()) return 0;
// private/var/mobile/Documents/
NSString *FilePath = [NSString stringWithUTF8String:DocumentsPath()];
NSString* opainjectFile = [FilePath stringByAppendingPathComponent:@"opainject"];
NSString* dylibFile = [FilePath stringByAppendingPathComponent:@"libDylib.dylib"];
if (access([opainjectFile fileSystemRepresentation], X_OK) != 0) {
NSLog(@"[8888]: opainject He does not have executable permissions: %s", strerror(errno));
return -1;
}
// Get Target process pid
pid_t pid = ProcessPid(@"ShadowTrackerExt");
if (pid == -1) return -1;
NSString *pidString = [NSString stringWithFormat:@"%d", pid];
char *args[] = {
(char *)[opainjectFile fileSystemRepresentation], // opainject
(char *)[pidString UTF8String], // pid
(char *)[dylibFile fileSystemRepresentation], // dylib
NULL
};
// Checking args
for (int i = 0; args[i] != NULL; i++) {
NSLog(@"[8888]: args[%d]: %s", i, args[i]);
}
posix_spawnattr_t attr;
posix_spawnattr_init(&attr);
posix_spawnattr_set_persona_np(&attr, 99, POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE);
posix_spawnattr_set_persona_uid_np(&attr, 0);
posix_spawnattr_set_persona_gid_np(&attr, 0);
posix_spawn_file_actions_t action;
posix_spawn_file_actions_init(&action);
int outErr[2];
if (pipe(outErr) != 0) return -1;
posix_spawn_file_actions_adddup2(&action, outErr[1], STDERR_FILENO);
posix_spawn_file_actions_addclose(&action, outErr[0]);
int out[2];
if (pipe(out) != 0) {
close(outErr[0]);
close(outErr[1]);
return -1;
}
posix_spawn_file_actions_adddup2(&action, out[1], STDOUT_FILENO);
posix_spawn_file_actions_addclose(&action, out[0]);
pid_t task_pid;
int status = -200;
int spawnError = posix_spawn(&task_pid, [opainjectFile fileSystemRepresentation], &action, &attr, args, environ);
posix_spawnattr_destroy(&attr);
posix_spawn_file_actions_destroy(&action);
if (spawnError != 0) {
NSLog(@"[8888]: posix_spawn Error %d: %s", spawnError, strerror(spawnError));
close(outErr[0]);
close(outErr[1]);
close(out[0]);
close(out[1]);
return spawnError;
}
do {
if (waitpid(task_pid, &status, 0) != -1) {
NSLog(@"[8888]: Child process status%d", WEXITSTATUS(status));
} else {
perror("waitpid");
close(outErr[0]);
close(outErr[1]);
close(out[0]);
close(out[1]);
return -222;
}
} while (!WIFEXITED(status) && !WIFSIGNALED(status));
close(outErr[1]);
close(out[1]);
NSString* outputStr = getNSStringFromFile(out[0]);
if (output) *output = outputStr;
NSString* errorOutputStr = getNSStringFromFile(outErr[0]);
if (errorOutput) *errorOutput = errorOutputStr;
return WEXITSTATUS(status);
}