Anti-detect
xyxdaily opened this issue · comments
Since move the so to /data/local/tmp, it is easy to detect the injection. If can hide maps for the injected so, and handle with the soinfo, it will be better.
https://github.com/canyie/Riru-MomoHider.
BTW, good job to inject so without ptrace.
The operation of opening /proc/pid/mem can now be easily detected by inotify.