1、主要过程
通过定义 __attribute__((constructor(101))) void init0() 来确定构造函数的开始先后顺序
从so中获取到各个soinfo结构体的变量值,并且赋值上去的过
si->decrypt_soinfo = NULL;
si->base = elfreader.getBase();
si->load_bias = elfreader.getLoadBias();
si->phdr = elfreader.getPhdr();
si->phnum = elfreader.getPhnum();
si->dynamic = elfreader.getDynamic();
si->prelinkImage();
repairSymtab(si->symtab,
cs_soinfo->cs_hidden_sym_from,
cs_soinfo->cs_hidden_sym_to,
(unsigned char *)si->strtab,
cs_soinfo->cs_hidden_str_size,
cs_soinfo->cs_hidden_sym_type);
2、自定义so结构体
系统的soinfo还是必须的,这个其实可以换一个名字
这个结构是加密与解密的一个联系,是加固过程与解压缩过程的一个联系
struct customedsoinfo{
ElfW(Addr) cs_loadbias; //需要加壳基址进行重定位, 默认在PAGE_END(DYNAMIC_END)之后
ElfW(Addr) cs_phdr; //pt_load and pt_dynamic
ElfW(Addr) cs_symtab;
ElfW(Addr) cs_strtab;
ElfW(Addr) cs_rel;
ElfW(Addr) cs_rela;
ElfW(Addr) cs_android_rel;
ElfW(Addr) cs_dyn;
ElfW(Addr) cs_encryptsoinfo;
ElfW(Addr) cs_real_jni_onload;
ElfW(Addr) cs_hash_vaddr;
unsigned cs_phnum;
unsigned cs_relcount;
3、重定位到真正的系统SOinfo
si->base = elfreader.getLoadBias();
si->load_bias = elfreader.getLoadBias();
si->dynamic = elfreader.getDynamic();
si->size = elfreader.getLoadSize();
si->phdr = elfreader.getPhdr();
si->phnum = elfreader.getPhnum();
si->symtab = elfreader.getSymtab();
si->strtab = elfreader.getStrtab();
//#ifdef USE_RELA
si->rela = elfreader.getRela();
si->rela_count = elfreader.getRelaCounts();
//#else
si->rel = elfreader.getRel();
si->rel_count = elfreader.getRelCounts();
//#endif
si->android_relocs = elfreader.getAndroidRel();
si->android_relocs_size = elfreader.getAndroidRelSize();
if (!si->prelinkImage()) {
goto LOADFAILED;
}