Merge branch 'main' of github.com:luoyesiqiu/dpt-shell

luoyesiqiu · Sep 3, 2024 · db3ca96 · db3ca96 · freecode505 · Sep 6, 2024
2 parents 97b376e + 940cef8
commit db3ca96
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/shell/src/main/cpp/dpt_hook.cpp b/shell/src/main/cpp/dpt_hook.cpp
@@ -16,6 +16,7 @@ int g_sdkLevel = 0;
 void dpt_hook() {
     bytehook_init(BYTEHOOK_MODE_AUTOMATIC,false);
     g_sdkLevel = android_get_device_api_level();
+    hook_execve();
     hook_mmap();
     hook_DefineClass();
 }
@@ -298,3 +299,25 @@ DPT_ENCRYPT void hook_mmap(){
         DLOGD("mmap hook success!");
     }
 }
+DPT_ENCRYPT int fake_execve(const char *pathname, char *const argv[], char *const envp[]) {
+    BYTEHOOK_STACK_SCOPE();
+    DLOGW("execve hooked: %s", pathname);
+    if (strstr(pathname, "dex2oat") != nullptr) {
+        DLOGW("execve blocked: %s", pathname);
+        errno = EACCES;
+        return -1;
+    }
+    return BYTEHOOK_CALL_PREV(fake_execve, pathname, argv, envp);
+}
+DPT_ENCRYPT void hook_execve(){
+    bytehook_stub_t stub = bytehook_hook_single(
+            getArtLibName(),
+            "libc.so",
+            "execve",
+            (void *) fake_execve,
+            nullptr,
+            nullptr);
+    if (stub != nullptr) {
+        DLOGD("execve hook success!");
+    }
+}
diff --git a/shell/src/main/cpp/dpt_hook.h b/shell/src/main/cpp/dpt_hook.h
@@ -33,4 +33,5 @@ static void* (*g_originDefineClassV21)(void* thiz,
 
 void hook_DefineClass();
 void hook_mmap();
+void hook_execve();
 #endif //DPT_DPT_HOOK_H