更新

AndroidReverser-Test · AndroidReverser-Test · commit 7c41d8e53150 · 2025-07-08T22:14:03.000+08:00
diff --git a/README.md b/README.md
@@ -19,7 +19,7 @@
 上述函数的返回结果有SET_TRACE_SUCCESS、SET_TRACE_ERROR两种，分别表示设置成功和失败。
 
 # 使用示例
-编程思路可以大概参考[示例](https://github.com/AndroidReverser-Test/Il2cppTraceModule/blob/main/app/src/main/cpp/il2cpp_trace.cpp)
+编程思路可以参考[示例](https://github.com/AndroidReverser-Test/Il2cppTraceModule/blob/main/app/src/main/cpp/il2cpp_trace.cpp)
 
 # 支持的内核版本
 目前只在5.10以及5.15两个版本通过测试，理论上5.10以上版本都能正常使用。
diff --git a/UprobeClearer/README.md b/UprobeClearer/README.md
@@ -0,0 +1,6 @@
+# UprobeClearer
+一个可执行文件，用于一键清除所有的uprobes挂载点，防止app因残留的uprobe点崩溃。
+
+
+# 构建
+将ndk所在路径设置为环境变量后，在当前项目路径下执行ndk-build即可自动生成相应可执行文件。
diff --git a/UprobeClearer/jni/Android.mk b/UprobeClearer/jni/Android.mk
@@ -0,0 +1,21 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+
+MAIN_LOCAL_PATH := $(call my-dir)
+LOCAL_C_INCLUDES += $(MAIN_LOCAL_PATH)/Headers
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE    := UprobeClearer
+
+# Code optimization
+LOCAL_CPPFLAGS := -fvisibility=hidden -ffunction-sections -fdata-sections -w
+LOCAL_LDFLAGS += -Wl,--gc-sections,--strip-all -llog
+LOCAL_CPPFLAGS += -fexceptions -Werror -Wpedantic -s -std=c++17
+
+LOCAL_SRC_FILES := uprobe_clear.cpp
+
+LOCAL_LDLIBS := -llog -landroid
+
+include $(BUILD_EXECUTABLE)
diff --git a/UprobeClearer/jni/Application.mk b/UprobeClearer/jni/Application.mk
@@ -0,0 +1,5 @@
+APP_ABI := arm64-v8a
+APP_STL := c++_static
+APP_PLATFORM = android-27
+APP_OPTIM    := release
+APP_PIE      := true
diff --git a/UprobeClearer/jni/KernelTrace.cpp b/UprobeClearer/jni/KernelTrace.cpp
@@ -0,0 +1,12 @@
+#include <stdio.h>
+#include <cstring>
+#include <unistd.h>
+
+#include "Headers/uprobe_trace_user.h"
+
+int main(int argc, char const *argv[])
+{
+    clear_all_uprobes();
+    printf("success clear all uprobes\n");
+    return 0;
+}
diff --git a/kernel_trace.c b/kernel_trace.c
@@ -14,7 +14,7 @@
 #include "kernel_trace.h"
 
 KPM_NAME("kernel_trace");
-KPM_VERSION("3.5.0");
+KPM_VERSION("3.7.0");
 KPM_LICENSE("GPL v2");
 KPM_AUTHOR("Test");
 KPM_DESCRIPTION("use uprobe trace some fun in kpm");
@@ -28,6 +28,8 @@ void (*path_put)(const struct path *path) = 0;
 void (*rcu_read_unlock)(void) = 0;
 int (*trace_printk)(unsigned long ip, const char *fmt, ...) = 0;
 
+int (*bpf_probe_read_user)(void *dst, u32 size,const void __user *unsafe_ptr) = 0;
+
 void *show_map_vma_addr;
 void *copy_insn_addr;
 
@@ -49,6 +51,7 @@ void before_copy_insn(hook_fargs5_t *args, void *udata){
     ins_info = search_key_value(&fix_ins_tree,offset);
     if(ins_info){
        memcpy((void *)args->arg2,ins_info->value,INS_LEN);
+//       logkd("+Test-Log+ offset:%lx,fix ins:%x %x %x %x\n",offset,ins_info->value[0],ins_info->value[1],ins_info->value[2],ins_info->value[3]);
        args->ret = 0;
        args->skip_origin = 1;
     }
@@ -92,7 +95,7 @@ void before_mincore(hook_fargs3_t *args, void *udata){
         const char __user *tfun_name = (typeof(tfun_name))syscall_argn(args, 2);
         char fun_name[MAX_FUN_NAME];
         compat_strncpy_from_user(fun_name,tfun_name,sizeof(fun_name));
-        int insert_ret = insert_key_value(&fun_info_tree,fun_offset,fun_name);
+        int insert_ret = insert_key_value(&fun_info_tree,fun_offset,fun_name,strlen(fun_name));
         if(insert_ret==-1){
             logke("+Test-Log+ same fun 0x%llx set uprobe\n",fun_offset);
             goto error_out;
@@ -104,10 +107,10 @@ void before_mincore(hook_fargs3_t *args, void *udata){
     if(trace_info==FIX_ORI_INS){
         unsigned long rfun_offset = (unsigned long)syscall_argn(args, 0);
         const char __user *ufix_ins = (typeof(ufix_ins))syscall_argn(args, 2);
-        char fix_ins[INS_LEN*2];
-        compat_strncpy_from_user(fix_ins,ufix_ins,INS_LEN*2);
+        char fix_ins[INS_LEN];
+        bpf_probe_read_user(fix_ins,INS_LEN,ufix_ins);
 //        logkd("+Test-Log3+ insn:%lx %lx %lx %lx\n",fix_ins[0],fix_ins[1],fix_ins[2],fix_ins[3]);
-        int insert_ins_ret = insert_key_value(&fix_ins_tree,rfun_offset,fix_ins);
+        int insert_ins_ret = insert_key_value(&fix_ins_tree,rfun_offset,fix_ins,INS_LEN);
         if(insert_ins_ret==-1){
             logke("+Test-Log+ set insn for same fun 0x%llx\n",rfun_offset);
             goto error_out;
@@ -125,7 +128,7 @@ void before_mincore(hook_fargs3_t *args, void *udata){
 
         fun_offsets[hook_num] = rfun_offset;
         hook_num++;
-        logkd("+Test-Log+ rfun_offset:%llx\n",rfun_offset);
+//        logkd("+Test-Log+ rfun_offset:%llx\n",rfun_offset);
         goto success_out;
     }
 
@@ -229,6 +232,7 @@ static long kernel_trace_init(const char *args, const char *event, void *__user
     kfree = (typeof(kfree))kallsyms_lookup_name("kfree");
 
     trace_printk = (typeof(trace_printk))kallsyms_lookup_name("__trace_printk");
+    bpf_probe_read_user = (typeof(bpf_probe_read_user))kallsyms_lookup_name("bpf_probe_read_user");
 
     show_map_vma_addr = (void *)kallsyms_lookup_name("show_map_vma");
 
@@ -249,6 +253,7 @@ static long kernel_trace_init(const char *args, const char *event, void *__user
     logkd("+Test-Log+ kfree:%llx\n",kfree);
 
     logkd("+Test-Log+ trace_printk:%llx\n",trace_printk);
+    logkd("+Test-Log+ bpf_probe_read_user:%llx\n",bpf_probe_read_user);
 
     logkd("+Test-Log+ show_map_vma_addr:%llx\n",show_map_vma_addr);
 
@@ -257,7 +262,7 @@ static long kernel_trace_init(const char *args, const char *event, void *__user
     if(!(mtask_pid_nr_ns && uprobe_register && uprobe_unregister
     && kern_path && igrab && path_put && rcu_read_unlock
     && rb_erase && rb_insert_color && rb_first && trace_printk
-    && show_map_vma_addr && copy_insn_addr)){
+    && bpf_probe_read_user && show_map_vma_addr && copy_insn_addr)){
         logke("+Test-Log+ can not find some fun addr\n");
         return -1;
     }
diff --git a/mrbtree.h b/mrbtree.h
@@ -33,7 +33,7 @@ static inline void rb_link_node(struct rb_node *node, struct rb_node *parent,str
 }
 
 
-int insert_key_value(struct rb_root *root, unsigned long key, const char *value)
+int insert_key_value(struct rb_root *root, unsigned long key, const char *value, int value_len)
 {
     struct rb_node **new = &(root->rb_node);
     struct rb_node *parent = NULL;
@@ -63,8 +63,8 @@ int insert_key_value(struct rb_root *root, unsigned long key, const char *value)
         kfree(data);
         return -1;
     }
-    strcpy(data->value, value);
-
+//    strcpy(data->value, value);
+    memcpy(data->value,value,value_len);
     // 设置键值
     data->key = key;
 

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ static inline void rb_link_node(struct rb_node node, struct rb_node parent,str`
`33`	`33`	`}`
`34`	`34`
`35`	`35`
`36`		`-int insert_key_value(struct rb_root root, unsigned long key, const char value)`
	`36`	`+int insert_key_value(struct rb_root root, unsigned long key, const char value, int value_len)`
`37`	`37`	`{`
`38`	`38`	`struct rb_node **new = &(root->rb_node);`
`39`	`39`	`struct rb_node *parent = NULL;`
`@@ -63,8 +63,8 @@ int insert_key_value(struct rb_root root, unsigned long key, const char value)`
`63`	`63`	`kfree(data);`
`64`	`64`	`return -1;`
`65`	`65`	`}`
`66`		`- strcpy(data->value, value);`
`67`		`-`
	`66`	`+// strcpy(data->value, value);`
	`67`	`+ memcpy(data->value,value,value_len);`
`68`	`68`	`// 设置键值`
`69`	`69`	`data->key = key;`
`70`	`70`