你好。 我按照說明做了一切，但是我得到一個錯誤:
[+] LibPath = /data/local/tmp/libHook.so
[-] Write Remote Memory error, MemoryAddr:0x0, err:I/O error
[-] Write LibPath:/data/local/tmp/libHook.so to RemoteProcess error
[+] detach process success, pid:31658
[-] Inject Erro
這種情況我需要做什麼？

cannot inject into any app

[+] ptrace_call mmap success, return value=FFFFFFFFFFFFFFFC, pc=7B5851976AA0
[+] Remote Process Map Memory Addr:0xfffffffffffffffc
[+] linker_path value:/apex/com.android.runtime/bin/linker64
[+] [get_remote_func_addr] lmod=0x785E24757000, rmod=0x7B585117A000, lfunc=0x785E24758B50, rfunc=0x7B585117BB50
[+] dlopen RemoteFuncAddr:0x7b585117bb50
[+] [get_remote_func_addr] lmod=0x785E24757000, rmod=0x7B585117A000, lfunc=0x785E24758B70, rfunc=0x7B585117BB70
[+] dlsym RemoteFuncAddr:0x7b585117bb70
[+] [get_remote_func_addr] lmod=0x785E24757000, rmod=0x7B585117A000, lfunc=0x785E24758BA0, rfunc=0x7B585117BBA0
[+] dlclose RemoteFuncAddr:0x7b585117bba0
[+] [get_remote_func_addr] lmod=0x785E24757000, rmod=0x7B585117A000, lfunc=0x785E24758B60, rfunc=0x7B585117BB60
[+] dlerror RemoteFuncAddr:0x7b585117bb60
[+] Get imports: dlopen: 5117bb50, dlsym: 5117bb70, dlclose: 5117bba0, dlerror: 5117bb60
[+] LibPath = /data/local/tmp/libHook.so
[-] Write Remote Memory error, MemoryAddr:0xcf375380,, err:I/O error
[-] Call Remote mmap Func Failed, err:I/O error
[+] detach process success, pid:42567
[-] Inject Erro

Android 11 x86_64 emulator

我不理解这个0x8000的判断是啥意思

when i review ur source code, in function get_module_base_addr(Utils.h)

what does 0x8000 means?

if (ModuleBaseAddr == 0x8000)
                    ModuleBaseAddr = 0;

The original function is

/**
 * @brief 在指定进程中搜索对应模块的基址
 *
 * @param pid pid表示远程进程的ID 若为-1表示自身进程
 * @param ModuleName ModuleName表示要搜索的模块的名称
 * @return void* 返回0表示获取模块基址失败，返回非0为要搜索的模块基址
 */
void *get_module_base_addr(pid_t pid, const char *ModuleName){
    FILE *fp = NULL;
    long ModuleBaseAddr = 0;
    char szFileName[50] = {0};
    char szMapFileLine[1024] = {0};

    // 读取"/proc/pid/maps"可以获得该进程加载的模块
    if (pid < 0){
        //  枚举自身进程模块
        snprintf(szFileName, sizeof(szFileName), "/proc/self/maps");
    } else {
        snprintf(szFileName, sizeof(szFileName), "/proc/%d/maps", pid);
    }

    fp = fopen(szFileName, "r");

    if (fp != NULL){
        while (fgets(szMapFileLine, sizeof(szMapFileLine), fp)){
            if (strstr(szMapFileLine, ModuleName)){
                char *Addr = strtok(szMapFileLine, "-");
                ModuleBaseAddr = strtoul(Addr, NULL, 16);

                if (ModuleBaseAddr == 0x8000)
                    ModuleBaseAddr = 0;

                break;
            }
        }

        fclose(fp);
    }

    return (void *)ModuleBaseAddr;
}

Does it works on Android Emulator such as LDPlayer and Nox??

Do you still continue this project?

修复x86_64(模拟器)bug需要处理2个地方:
1.当前压栈后堆栈不平衡
2.少写了个地方导致无法正常call mmap
可参考：
fix from https://github.com/coff33h/LinuxInjector/blob/main/injector.c

Hello，是否可以在 libHook.so 中写 JNI_OnLoad，我这样写，可以编译成功，但是没有执行，使用的平台是 arm64-v8a。

jint JNI_OnLoad(JavaVM* vm, void* reserved) {
	LOGD("JNI_OnLoad\n");

	JNIEnv* env = NULL;

	if (vm->GetEnv((void**)&env, JNI_VERSION_1_6) != JNI_OK) {
		LOGD("JavaVm fail to get JNIEnv\n");
		return -1;
	}

	LOGD("JNI_OnLoad1\n");

	return JNI_VERSION_1_6;
}