Sometimes, we have to face the situation where we need to read or write process memory but want the process to be completely unaware. In general, users can achieve this by utilizing the process_vm_readv and process_vm_writev syscalls provided from Android kernel. However, there are several methods to detect such malicious behaviors. Some anti-cheaters insert a type of special memory pages into the game’s memory, they can detect these memory pages being read or written by mincore.

在CTF中经常有Android题需要调试so，或者需要调试so的初始化函数JNI_OnLoad和init_array，正好这次腾讯游戏安全大

折腾了一下Android+SO，用的环境是IDEA+NDK。主要因为IDE和各种环境依赖迭代太快，网上教程很乱，方法基本都是过时的，自己踩了

有的时候做安卓逆向，需要脱壳、patch SO、改代码等操作，需要对安卓apk包做修改。APK包是一个带签名的Package，对其做修改，需要