diff --git a/module/src/main/cpp/CMakeLists.txt b/module/src/main/cpp/CMakeLists.txt index 4549504..659cb82 100644 --- a/module/src/main/cpp/CMakeLists.txt +++ b/module/src/main/cpp/CMakeLists.txt @@ -36,6 +36,8 @@ aux_source_directory(xdl xdl-src) add_library(${MODULE_NAME} SHARED main.cpp hack.cpp + newriruhide.cpp + pmparser.cpp ${xdl-src}) target_link_libraries(${MODULE_NAME} log) diff --git a/module/src/main/cpp/hack.cpp b/module/src/main/cpp/hack.cpp index 28ef6f0..89436e8 100644 --- a/module/src/main/cpp/hack.cpp +++ b/module/src/main/cpp/hack.cpp @@ -18,6 +18,7 @@ #include //#include #include +#include "newriruhide.h" void load_so(const char *game_data_dir, JavaVM *vm, const char *soname) { bool load = false; LOGI("hack_start %s", game_data_dir); @@ -76,6 +77,9 @@ void load_so(const char *game_data_dir, JavaVM *vm, const char *soname) { if (handle) { LOGI("Successfully loaded %s", new_so_path); load = true; + char new_soname[256]; + sprintf(new_soname, "%s.so", soname); + riru_hide(new_soname); break; } else { LOGE("Failed to load %s: %s", new_so_path, dlerror()); diff --git a/module/src/main/cpp/newriruhide.cpp b/module/src/main/cpp/newriruhide.cpp new file mode 100644 index 0000000..99a6e77 --- /dev/null +++ b/module/src/main/cpp/newriruhide.cpp @@ -0,0 +1,134 @@ +// +// Created by Mac on 2024/11/15. +// +// 给riru修复了内存泄漏的问题 + +#include "newriruhide.h" + +/** + * Magic to hide from /proc/###/maps, the idea is from Haruue Icymoon (https://github.com/haruue) + */ + + +extern "C" { +int riru_hide(const char *name) ; +} + +#ifdef __LP64__ +#define LIB_PATH "/system/lib64/" +#else +#define LIB_PATH "/system/lib/" +#endif + +struct hide_struct { + procmaps_struct *original; + uintptr_t backup_address; +}; + +static int get_prot(const procmaps_struct *procstruct) { + int prot = 0; + if (procstruct->is_r) { + prot |= PROT_READ; + } + if (procstruct->is_w) { + prot |= PROT_WRITE; + } + if (procstruct->is_x) { + prot |= PROT_EXEC; + } + return prot; +} + +#define FAILURE_RETURN(exp, failure_value) ({ \ + __typeof__(exp) _rc; \ + _rc = (exp); \ + if (_rc == failure_value) { \ + LOGE(#exp); \ + return 1; \ + } \ + _rc; }) + +static int do_hide(hide_struct *data) { + auto procstruct = data->original; + auto start = (uintptr_t) procstruct->addr_start; + auto end = (uintptr_t) procstruct->addr_end; + auto length = end - start; + int prot = get_prot(procstruct); + + // backup + data->backup_address = (uintptr_t) FAILURE_RETURN( + mmap(nullptr, length, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0), + MAP_FAILED); + LOGD("%" PRIxPTR"-%" PRIxPTR" %s %ld %s is backup to %" PRIxPTR, start, end, procstruct->perm, + procstruct->offset, + procstruct->pathname, data->backup_address); + + if (procstruct->is_r || procstruct->is_x) { // If readable or executable + LOGD("memcpy -> backup"); + memcpy((void *) data->backup_address, (void *) start, length); + + // Unmap original memory region + LOGD("munmap original"); + FAILURE_RETURN(munmap((void *) start, length), -1); + + // Remap backup memory to original location + LOGD("mmap original with backup"); + FAILURE_RETURN(mmap((void *) start, length, prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0), + MAP_FAILED); + } + + return 0; +} + +int riru_hide(const char *name) { + procmaps_iterator *maps = pmparser_parse(-1); + if (maps == nullptr) { + LOGE("cannot parse the memory map"); + return false; + } + + char buf[PATH_MAX]; + hide_struct *data = nullptr; + size_t data_count = 0; + procmaps_struct *maps_tmp; + while ((maps_tmp = pmparser_next(maps)) != nullptr) { + bool matched = false; +#ifdef DEBUG_APP + matched = strstr(maps_tmp->pathname, "libriru.so"); +#endif + matched = strstr(maps_tmp->pathname, name) != nullptr; + + // Match the memory regions we want to hide + if (!matched) continue; + LOGI("matched %s", maps_tmp->pathname); + auto start = (uintptr_t) maps_tmp->addr_start; + auto end = (uintptr_t) maps_tmp->addr_end; + if (maps_tmp->is_r || maps_tmp->is_x) { // If memory is readable or executable + if (data) { + data = (hide_struct *) realloc(data, sizeof(hide_struct) * (data_count + 1)); + } else { + data = (hide_struct *) malloc(sizeof(hide_struct)); + } + data[data_count].original = maps_tmp; + data_count += 1; + } + LOGD("%" PRIxPTR"-%" PRIxPTR" %s %ld %s", start, end, maps_tmp->perm, maps_tmp->offset, + maps_tmp->pathname); + } + + for (int i = 0; i < data_count; ++i) { + LOGI("do_hide %d", i); + do_hide(&data[i]); + } + + // Free backup memory to avoid leaks + for (int i = 0; i < data_count; ++i) { + FAILURE_RETURN(munmap((void *) data[i].backup_address, + (uintptr_t) data[i].original->addr_end - (uintptr_t) data[i].original->addr_start), -1); + } + + + if (data) free(data); + pmparser_free(maps); + return 0; +} diff --git a/module/src/main/cpp/newriruhide.h b/module/src/main/cpp/newriruhide.h new file mode 100644 index 0000000..10941dc --- /dev/null +++ b/module/src/main/cpp/newriruhide.h @@ -0,0 +1,19 @@ +// +// Created by Mac on 2024/11/15. +// + +#ifndef ZYGISK_MYINJECTOR_NEWRIRUHIDE_H +#define ZYGISK_MYINJECTOR_NEWRIRUHIDE_H +#define EXPORT __attribute__((visibility("default"))) __attribute__((used)) +#include +#include +#include +#include +#include "pmparser.h" +#include "android/log.h" +#include "log.h" +extern "C" { +int riru_hide(const char *name) EXPORT; +} + +#endif //ZYGISK_MYINJECTOR_NEWRIRUHIDE_H diff --git a/module/src/main/cpp/pmparser.cpp b/module/src/main/cpp/pmparser.cpp new file mode 100644 index 0000000..5cc6d04 --- /dev/null +++ b/module/src/main/cpp/pmparser.cpp @@ -0,0 +1,307 @@ +/* + @Author : ouadimjamal@gmail.com + @date : December 2015 + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. No representations are made about the suitability of this +software for any purpose. It is provided "as is" without express or +implied warranty. +*/ + +#include "pmparser.h" +#include "log.h" + +/** + * gobal variables + */ +//procmaps_struct* g_last_head=NULL; +//procmaps_struct* g_current=NULL; + + + +procmaps_iterator* pmparser_parse(int pid){ + LOGI("pmparser_parse called with pid: %d", pid); + + procmaps_iterator* maps_it = (procmaps_iterator *)malloc(sizeof(procmaps_iterator)); + if (!maps_it) { + LOGI("Failed to allocate memory for procmaps_iterator"); + return NULL; + } + LOGI("Allocated memory for procmaps_iterator: %p", maps_it); + + char maps_path[500]; + if(pid >= 0 ){ + snprintf(maps_path, sizeof(maps_path), "/proc/%d/maps", pid); + LOGI("Constructed maps_path for pid: %s", maps_path); + } else { + snprintf(maps_path, sizeof(maps_path), "/proc/self/maps"); + LOGI("Constructed maps_path for self: %s", maps_path); + } + + FILE* file = fopen(maps_path, "r"); + if(!file){ + LOGI("pmparser: cannot open the memory maps, %s", strerror(errno)); + free(maps_it); + return NULL; + } + LOGI("Opened maps file: %s", maps_path); + + int ind = 0; + char buf[PROCMAPS_LINE_MAX_LENGTH]; + procmaps_struct* list_maps = NULL; + procmaps_struct* tmp; + procmaps_struct* current_node = NULL; + char addr1[20], addr2[20], perm[8], offset[20], dev[10], inode[30], pathname[PATH_MAX]; + + while (fgets(buf, PROCMAPS_LINE_MAX_LENGTH, file)) { + LOGI("Read line %d: %s", ind + 1, buf); + + // 分配一个新的节点 + tmp = (procmaps_struct*)malloc(sizeof(procmaps_struct)); + if (!tmp) { + LOGI("Failed to allocate memory for procmaps_struct at line %d", ind + 1); + fclose(file); + // 需要释放已分配的节点,避免内存泄漏 + procmaps_struct* iter = list_maps; + while (iter) { + procmaps_struct* next = iter->next; + free(iter); + iter = next; + } + free(maps_it); + return NULL; + } + LOGI("Allocated memory for procmaps_struct: %p", tmp); + + // 填充节点 + _pmparser_split_line(buf, addr1, addr2, perm, offset, dev, inode, pathname); + LOGI("Parsed line %d - addr1: %s, addr2: %s, perm: %s, offset: %s, dev: %s, inode: %s, pathname: %s", + ind + 1, addr1, addr2, perm, offset, dev, inode, pathname); + + // 使用临时变量解析地址 + unsigned long tmp_addr_start_ul, tmp_addr_end_ul; + if (sscanf(addr1, "%lx", &tmp_addr_start_ul) != 1) { + LOGI("Failed to parse addr_start at line %d", ind + 1); + free(tmp); + continue; + } + if (sscanf(addr2, "%lx", &tmp_addr_end_ul) != 1) { + LOGI("Failed to parse addr_end at line %d", ind + 1); + free(tmp); + continue; + } + LOGI("Parsed addresses - addr_start: 0x%lx, addr_end: 0x%lx", tmp_addr_start_ul, tmp_addr_end_ul); + + tmp->addr_start = (void*)tmp_addr_start_ul; + tmp->addr_end = (void*)tmp_addr_end_ul; + + // size + tmp->length = (unsigned long)((char*)tmp->addr_end - (char*)tmp->addr_start); + LOGI("Calculated length: %lu", tmp->length); + + // perm + strncpy(tmp->perm, perm, sizeof(tmp->perm) - 1); + tmp->perm[sizeof(tmp->perm) - 1] = '\0'; + tmp->is_r = (perm[0] == 'r'); + tmp->is_w = (perm[1] == 'w'); + tmp->is_x = (perm[2] == 'x'); + tmp->is_p = (perm[3] == 'p'); + LOGI("Permissions - is_r: %d, is_w: %d, is_x: %d, is_p: %d", tmp->is_r, tmp->is_w, tmp->is_x, tmp->is_p); + + // offset + if (sscanf(offset, "%lx", &tmp->offset) != 1) { + LOGI("Failed to parse offset at line %d", ind + 1); + free(tmp); + continue; + } + LOGI("Parsed offset: 0x%lx", tmp->offset); + + // device + strncpy(tmp->dev, dev, sizeof(tmp->dev) - 1); + tmp->dev[sizeof(tmp->dev) - 1] = '\0'; + LOGI("Device: %s", tmp->dev); + + // inode + tmp->inode = atoi(inode); + LOGI("Inode: %d", tmp->inode); + + // pathname + strncpy(tmp->pathname, pathname, sizeof(tmp->pathname) - 1); + tmp->pathname[sizeof(tmp->pathname) - 1] = '\0'; + LOGI("Pathname: %s", tmp->pathname); + + tmp->next = NULL; + + // 连接节点到链表 + if(ind == 0){ + list_maps = tmp; + current_node = list_maps; + LOGI("Initialized list_maps with first node: %p", list_maps); + } + else{ + current_node->next = tmp; + current_node = tmp; + LOGI("Appended node to list_maps: %p", tmp); + } + ind++; + } + + if (ferror(file)) { + LOGI("Error occurred while reading the maps file"); + // 释放已分配的节点和 maps_it + procmaps_struct* iter = list_maps; + while (iter) { + procmaps_struct* next = iter->next; + free(iter); + iter = next; + } + fclose(file); + free(maps_it); + return NULL; + } + + // 关闭文件 + fclose(file); + LOGI("Closed maps file: %s", maps_path); + + // 设置迭代器 + maps_it->head = list_maps; + maps_it->current = list_maps; + LOGI("Initialized procmaps_iterator - head: %p, current: %p", maps_it->head, maps_it->current); + + return maps_it; +} + +procmaps_struct* pmparser_next(procmaps_iterator* p_procmaps_it){ + if(p_procmaps_it->current == NULL) + return NULL; + procmaps_struct* p_current = p_procmaps_it->current; + p_procmaps_it->current = p_procmaps_it->current->next; + return p_current; + /* + if(g_current==NULL){ + g_current=g_last_head; + }else + g_current=g_current->next; + + return g_current; + */ +} + + + +void pmparser_free(procmaps_iterator* p_procmaps_it){ + procmaps_struct* maps_list = p_procmaps_it->head; + if(maps_list==NULL) return ; + procmaps_struct* act=maps_list; + procmaps_struct* nxt=act->next; + while(act!=NULL){ + free(act); + act=nxt; + if(nxt!=NULL) + nxt=nxt->next; + } + free(p_procmaps_it); +} + + +void _pmparser_split_line( + char*buf,char*addr1,char*addr2, + char*perm,char* offset,char* device,char*inode, + char* pathname){ + // + int orig=0; + int i=0; + //addr1 + while(buf[i]!='-'){ + addr1[i-orig]=buf[i]; + i++; + } + addr1[i]='\0'; + i++; + //addr2 + orig=i; + while(buf[i]!='\t' && buf[i]!=' '){ + addr2[i-orig]=buf[i]; + i++; + } + addr2[i-orig]='\0'; + + //perm + while(buf[i]=='\t' || buf[i]==' ') + i++; + orig=i; + while(buf[i]!='\t' && buf[i]!=' '){ + perm[i-orig]=buf[i]; + i++; + } + perm[i-orig]='\0'; + //offset + while(buf[i]=='\t' || buf[i]==' ') + i++; + orig=i; + while(buf[i]!='\t' && buf[i]!=' '){ + offset[i-orig]=buf[i]; + i++; + } + offset[i-orig]='\0'; + //dev + while(buf[i]=='\t' || buf[i]==' ') + i++; + orig=i; + while(buf[i]!='\t' && buf[i]!=' '){ + device[i-orig]=buf[i]; + i++; + } + device[i-orig]='\0'; + //inode + while(buf[i]=='\t' || buf[i]==' ') + i++; + orig=i; + while(buf[i]!='\t' && buf[i]!=' '){ + inode[i-orig]=buf[i]; + i++; + } + inode[i-orig]='\0'; + //pathname + pathname[0]='\0'; + while(buf[i]=='\t' || buf[i]==' ') + i++; + orig=i; + while(buf[i]!='\t' && buf[i]!=' ' && buf[i]!='\n'){ + pathname[i-orig]=buf[i]; + i++; + } + pathname[i-orig]='\0'; + +} + +void pmparser_print(procmaps_struct* map, int order){ + + procmaps_struct* tmp=map; + int id=0; + if(order<0) order=-1; + while(tmp!=NULL){ + //(unsigned long) tmp->addr_start; + if(order==id || order==-1){ + printf("Backed by:\t%s\n",strlen(tmp->pathname)==0?"[anonym*]":tmp->pathname); + printf("Range:\t\t%p-%p\n",tmp->addr_start,tmp->addr_end); + printf("Length:\t\t%ld\n",tmp->length); + printf("Offset:\t\t%ld\n",tmp->offset); + printf("Permissions:\t%s\n",tmp->perm); + printf("Inode:\t\t%d\n",tmp->inode); + printf("Device:\t\t%s\n",tmp->dev); + } + if(order!=-1 && id>order) + tmp=NULL; + else if(order==-1){ + printf("#################################\n"); + tmp=tmp->next; + }else tmp=tmp->next; + + id++; + } +} \ No newline at end of file diff --git a/module/src/main/cpp/pmparser.h b/module/src/main/cpp/pmparser.h new file mode 100644 index 0000000..7874215 --- /dev/null +++ b/module/src/main/cpp/pmparser.h @@ -0,0 +1,99 @@ +/* + @Author : ouadimjamal@gmail.com + @date : December 2015 + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. No representations are made about the suitability of this +software for any purpose. It is provided "as is" without express or +implied warranty. + + */ + +#ifndef H_PMPARSER +#define H_PMPARSER +#include +#include +#include +#include +#include +#include +#include +#include +#include + +//maximum line length in a procmaps file +#define PROCMAPS_LINE_MAX_LENGTH (PATH_MAX + 100) +/** + * procmaps_struct + * @desc hold all the information about an area in the process's VM + */ +typedef struct procmaps_struct{ + void* addr_start; //< start address of the area + void* addr_end; //< end address + unsigned long length; //< size of the range + + char perm[5]; //< permissions rwxp + short is_r; //< rewrote of perm with short flags + short is_w; + short is_x; + short is_p; + + long offset; //< offset + char dev[12]; //< dev major:minor + int inode; //< inode of the file that backs the area + + char pathname[600]; //< the path of the file that backs the area + //chained list + struct procmaps_struct* next; //