前面几篇文章,备忘了android的编译环境搭建,搞定之后,现在简单尝试一下修改编译某个模块试一试。这里拿常用脱壳方法dex2oat试一试
一、修改 art\dex2oat\dex2oat.cc 文件
二、找到 函数 static int dex2oat(int argc, char** argv)
在936 行
-
// Ensure opened dex files are writable for dex-to-dex transformations.
-
for (const auto& dex_file : dex_files) {
-
if (!dex_file->EnableWrite()) {
-
PLOG(ERROR) << "Failed to make .dex file writeable '" << dex_file->GetLocation() << "'\n";
-
}
-
}
插入
-
// Ensure opened dex files are writable for dex-to-dex transformations.
-
for (const auto& dex_file : dex_files) {
-
if (!dex_file->EnableWrite()) {
-
PLOG(ERROR) << "Failed to make .dex file writeable '" << dex_file->GetLocation() << "'\n";
-
}
-
////////////////////////////分割线 以下为添加的代码///////////////////////////////////////////////////////////
-
std::string dex_name = dex_file->GetLocation();
-
LOG(INFO)<<":stevenrao:"<<__LINE__<<":" << " dex2oat::dex_file name-->" << dex_name;
-
LOG(INFO)<<":stevenrao:"<<__LINE__<<":" << " dex2oat::oat_location name-->" << oat_location;
-
-
-
if (dex_name.find("jiagu") != std::string::npos
-
|| dex_name.find("cache") != std::string::npos
-
|| dex_name.find("files") != std::string::npos
-
|| dex_name.find("tx_shell") != std::string::npos
-
|| dex_name.find("app_dex") != std::string::npos
-
|| dex_name.find("nagain") != std::string::npos)
-
{
-
int nDexLen = dex_file->Size();
-
char pszDexFileName[260] = {0};
-
sprintf(pszDexFileName, "%s_%d", dex_name.c_str(), nDexLen);
-
int fd = open(pszDexFileName, O_WRONLY | O_CREAT | O_TRUNC, S_IRWXU);
-
if (fd > 0)
-
{
-
if ( write(fd, (char*)dex_file->Begin(), nDexLen) <= 0)
-
{
-
LOG(INFO)<<":stevenrao:"<<__LINE__<<":" << "stevenrao dex2oat::write dex file failed-->" << pszDexFileName;
-
}
-
else
-
{
-
LOG(INFO)<<":stevenrao:"<<__LINE__<<":" << "stevenrao dex2oat::write dex file success-->" << pszDexFileName;
-
}
-
close(fd);
-
}
-
else
-
{
-
LOG(INFO)<<":stevenrao:"<<__LINE__<<":" << "stevenrao dex2oat::open dex file failed-->" << pszDexFileName;
-
}
-
}
-
////////////////////////////分割线 以上为添加的代码///////////////////////////////////////////////////////////
-
}
三、重新编译
编译指令
|
解释
|
m
|
在源码树的根目录执行编译
|
mm
|
编译当前路径下所有模块,但不包含依赖
|
mmm [module_path]
|
编译指定路径下所有模块,但不包含依赖
|
mma
|
编译当前路径下所有模块,且包含依赖
|
mmma [module_path]
|
编译指定路径下所有模块,且包含依赖
|
make [module_name]
|
无参数,则表示编译整个Android代码
|
-
-
-
#进入源码目录,执行这两步
-
$ source build/envsetup.sh
-
$ lunch #选择 hammerhead
-
$ cd art/dex2oat
-
stevenrao@dex2oat$ mm
-
make: Entering directory '/data/code/aosp-4.4.4_r1'
-
============================================
-
PLATFORM_VERSION_CODENAME=REL
-
PLATFORM_VERSION=4.4.4
-
TARGET_PRODUCT=aosp_hammerhead
-
TARGET_BUILD_VARIANT=userdebug
-
TARGET_BUILD_TYPE=release
-
TARGET_BUILD_APPS=
-
TARGET_ARCH=arm
-
TARGET_ARCH_VARIANT=armv7-a-neon
-
TARGET_CPU_VARIANT=krait
-
HOST_ARCH=x86
-
HOST_OS=linux
-
HOST_OS_EXTRA=Linux-4.13.0-41-generic-x86_64-with-Ubuntu-16.04-xenial
-
HOST_BUILD_TYPE=release
-
BUILD_ID=KTU84P
-
OUT_DIR=out
-
============================================
-
Using target GCC 4.7 disables thread-safety checks.
-
PRODUCT_COPY_FILES device/generic/goldfish/data/etc/apns-conf.xml:system/etc/apns-conf.xml ignored.
-
target thumb C++: dex2oat <= art/dex2oat/dex2oat.cc
-
target Executable: dex2oat (out/target/product/hammerhead/obj/EXECUTABLES/dex2oat_intermediates/LINKED/dex2oat)
-
target Symbolic: dex2oat (out/target/product/hammerhead/symbols/system/bin/dex2oat)
-
target Strip: dex2oat (out/target/product/hammerhead/obj/EXECUTABLES/dex2oat_intermediates/dex2oat)
-
Install: out/target/product/hammerhead/system/bin/dex2oat
-
host C++: dex2oat <= art/dex2oat/dex2oat.cc
-
host Executable: dex2oat (out/host/linux-x86/obj/EXECUTABLES/dex2oat_intermediates/dex2oat)
-
Install: out/host/linux-x86/bin/dex2oat
-
target thumb C++: dex2oatd <= art/dex2oat/dex2oat.cc
-
target Executable: dex2oatd (out/target/product/hammerhead/obj/EXECUTABLES/dex2oatd_intermediates/LINKED/dex2oatd)
-
target Symbolic: dex2oatd (out/target/product/hammerhead/symbols/system/bin/dex2oatd)
-
target Strip: dex2oatd (out/target/product/hammerhead/obj/EXECUTABLES/dex2oatd_intermediates/dex2oatd)
-
Install: out/target/product/hammerhead/system/bin/dex2oatd
-
host C++: dex2oatd <= art/dex2oat/dex2oat.cc
-
host Executable: dex2oatd (out/host/linux-x86/obj/EXECUTABLES/dex2oatd_intermediates/dex2oatd)
-
Install: out/host/linux-x86/bin/dex2oatd
编译二进制 文件为
out/target/product/hammerhead/system/bin/dex2oat
三、替换到真机上
-
#先把前面编译的copy到机器的临时目录中
-
stevenrao@aosp-4.4.4_r1$ adb push out/target/product/hammerhead/system/bin/dex2oat /data/tmp/
-
out/target/product/hammerhead/system/bin/dex2oat: 1 file pushed. 0.7 MB/s (62804 bytes in 0.090s)
-
stevenrao@aosp-4.4.4_r1$ adb shell
-
shell@hammerhead:/ $ su
-
root@hammerhead:/ # cd /data/tmp/
-
root@hammerhead:/data/tmp # ll
-
-rwxrwxrwx shell shell 1107664 2017-01-11 09:38 busybox-armv6l
-
-rwxrwxrwx shell shell 62804 2018-05-17 04:35 dex2oat
-
#copy覆盖
-
root@hammerhead:/data/tmp # cp dex2oat /system/bin/dex2oat
-
cp: /system/bin/dex2oat: Read-only file system
-
文件系统只读,需要重新mount
-
root@hammerhead:/data/tmp # mount -o remount,rw /dev/block/mmcblk0p25 /system
-
root@hammerhead:/data/tmp # cp dex2oat /system/bin/dex2oat
四、测试
1、修改虚拟机为art虚拟机
在开发者选项里面,有个 select runtime。 选择art
2、重启机器,这是一个漫长的过程
以下不粘贴某个具体app的过程了,避嫌
3、adb install ××××.apk 安装程序包
4、logcat | grep 'stevenrao' 通过日志观察 dex 文件输出位置
5、如果能成功的话,可以看到一系列dex文件。
阅读(4733) | 评论(0) | 转发(0) |