Seems something wrong in copied codes?

[gzliuqingyun]

Hi, thanks for your adbi!!!

I have read hijack.c, and got some questions on 2 functions: find_linker, find_linker_mem.

1. Function find_linker seems copied from find_name, are the variables' name(libcaddr, libc) unsuitable?

static int find_linker(pid_t pid, unsigned long *addr)
{
	struct mm mm[1000];
	unsigned long libcaddr; // variable name "libcaddr" not suitable?
	int nmm;
	char libc[256];  // variable name "libc" not suitable?
	symtab_t s;

	if (0 > load_memmap(pid, mm, &nmm)) {
		printf("cannot read memory map\n");
		return -1;
	}
	if (0 > find_linker_mem(libc, sizeof(libc), &libcaddr, mm, nmm)) {
		printf("cannot find libc\n");
		return -1;
	}

	*addr = libcaddr;

	return 1;
}

2. Function find_linker_mem seems copied from find_libc
   a. Is the p+=4 wrong(because the string "linker" is 6 bytes)?
   b. I don't understand if (!strncmp(".so", p, 3) || (p[0] == '-' && isdigit(p[1]))) below, we are to find address of "/system/bin/linker", isn't it?

static int
find_linker_mem(char *name, int len, unsigned long *start,
	  struct mm *mm, int nmm)
{
	int i;
	struct mm *m;
	char *p;
	for (i = 0, m = mm; i < nmm; i++, m++) {
		//printf("name = %s\n", m->name);
		//printf("start = %x\n", m->start);
		if (!strcmp(m->name, MEMORY_ONLY))
			continue;
		p = strrchr(m->name, '/');
		if (!p)
			continue;
		p++;
		if (strncmp("linker", p, 6))
			continue;
		break; // <--- hack
		p += 4; // Is this wrong? p += 6?
               
		/* here comes our crude test -> 'libc.so' or 'libc-[0-9]' */
		if (!strncmp(".so", p, 3) || (p[0] == '-' && isdigit(p[1]))) // what's here find for? we are find "/system/bin/linker", isn't it?
			break;
	}
	if (i >= nmm)
		/* not found */
		return -1;

	*start = m->start;
	strncpy(name, m->name, len);
	if (strlen(m->name) >= len)
		name[len-1] = '\0';
	return 0;
}

Apologize for my poor English, look forward to your reply, and thank you again : )