当我的波纹管c ++代码使用ndk-build内置在ELF文件中并放置在/ data /中时,我的手机已经扎根并且ptrace成功转储了内存,并通过终端中的命令行进行了访问。
#include <stdio.h>
#include <stdlib.h>
#include <sys/ptrace.h>
int main(int argc, char **argv) {
if (argc == 4) {
int pid = atoi(argv[1]);
ptrace(PTRACE_ATTACH, pid, NULL, NULL);
wait(NULL);
long start_address;
sscanf(argv[2], "0x%x", (unsigned int *)&start_address);
int total_words;
sscanf(argv[3], "%d", (int *)&total_words);
unsigned int number = 0;
for(;;){
number=ptrace(PTRACE_PEEKDATA, pid, (void *)start_address, NULL);
printf("\r%X", number);
}
ptrace(PTRACE_CONT, pid, NULL, NULL);
ptrace(PTRACE_DETACH, pid, NULL, NULL);
}
else {
printf("%s <pid> <start_address> <total_words> \nwhere <start_address> is in hexadecimal (remember the \"0x\" in front is needed - by sscanf()\n", argv[0]);
exit(0);
}
}
但是当我将代码放入Java应用程序下的JNI本机库时,总是返回-1的错误。那意味着有错误。
#include <jni.h>
#include <string>
#include <stdio.h>
#include <stdlib.h>
#include <sys/ptrace.h>
#include <sys/wait.h>
using namespace std;
string getval(int pid, string address_)
{
string res = "";
ptrace(PTRACE_ATTACH, pid, NULL, NULL);
wait(NULL);
long start_address;
sscanf(address_, "0x%x", (unsigned int *)&start_address);
long number = 0;
for (int i=0;i<10;i++) {
number = ptrace(PTRACE_PEEKDATA, pid, (void *) start_address, NULL);
res = res + "\n" + to_string(number);
}
ptrace(PTRACE_CONT, pid, NULL, NULL);
ptrace(PTRACE_DETACH, pid, NULL, NULL);
return res;
}
当我调用函数时,函数始终返回-1。我想念什么吗? 如何以root特权运行我的代码? 我在使用Supersu时会提示我,但不能解决我的问题。
system("su");