diff options
| author | van Hauser <vh@thc.org> | 2022-08-06 09:02:02 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-06 09:02:02 +0200 |
| commit | 94fe62ad8db938757a3052f2041aef390e19c9a1 (patch) | |
| tree | ff645a8bd0a5d81e3f6f825efebf87845b463436 /frida_mode/src/main.c | |
| parent | 4b9c560b07e1ea42633b59e0eb94f7a3f0fe0c58 (diff) | |
| parent | 608ea5f8abbfce9c309d452e2ee3dbb014dc511a (diff) | |
| download | afl++-94fe62ad8db938757a3052f2041aef390e19c9a1.tar.gz | |
Merge pull request #1467 from WorksButNotTested/droid
Android Fixes
Diffstat (limited to 'frida_mode/src/main.c')
| -rw-r--r-- | frida_mode/src/main.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index 844c42b9..c8c50b37 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -36,6 +36,18 @@ #ifdef __APPLE__ extern mach_port_t mach_task_self(); extern GumAddress gum_darwin_find_entrypoint(mach_port_t task); +#elif defined(__ANDROID__) +typedef struct { + + void (**preinit_array)(void); + void (**init_array)(void); + void (**fini_array)(void); + +} structors_array_t; + +extern void __libc_init(void *raw_args, void (*onexit)(void) __unused, + int (*slingshot)(int, char **, char **), + structors_array_t const *const structors); #else extern int __libc_start_main(int (*main)(int, char **, char **), int argc, char **ubp_av, void (*init)(void), @@ -69,7 +81,11 @@ static void on_main_os(int argc, char **argv, char **envp) { GumInterceptor *interceptor = gum_interceptor_obtain(); gum_interceptor_begin_transaction(interceptor); + #if defined(__ANDROID__) + gum_interceptor_revert(interceptor, __libc_init); + #else gum_interceptor_revert(interceptor, __libc_start_main); + #endif gum_interceptor_end_transaction(interceptor); gum_interceptor_flush(interceptor); @@ -277,6 +293,24 @@ static void intercept_main(void) { } +#elif defined(__ANDROID__) +static void on_libc_init(void *raw_args, void (*onexit)(void) __unused, + int (*slingshot)(int, char **, char **), + structors_array_t const *const structors) { + + main_fn = slingshot; + intercept_unhook_self(); + intercept_hook(slingshot, on_main, NULL); + return __libc_init(raw_args, onexit, slingshot, structors); + +} + +static void intercept_main(void) { + + intercept_hook(__libc_init, on_libc_init, NULL); + +} + #else static int on_libc_start_main(int (*main)(int, char **, char **), int argc, char **ubp_av, void (*init)(void), |