cydia substrate 有没有办法能够hook linux 内核的调用,目的是在android下面想做如下功能,监控应用的文件读写,观察应用都访问了哪些文件,想通过hook 内核的函数:__NR_open,具体的代码不知道该怎么写,这个hook是比较靠近底层的,刚开始想通过hook /system/lib/libc.so的open(constchar * pathname, int flags, int mode)函数,基本上都能监控到,那第三方的应用做测试,后来发现依然有漏掉的地方,于是看了open的内部实现,发现他最终是调用内核syscall,而syscall的实现是一个通用的实现,猜想具体到open的调用应该是__NR_open(121K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3q4F1k6s2u0G2K9h3c8^5M7X3g2X3i4K6u0W2j5$3!0E0i4K6u0r3y4q4)9J5k6e0u0Q4x3X3f1J5i4K6g2X3M7U0q4Q4x3V1k6^5M7X3g2X3i4K6u0r3j5X3W2G2L8X3W2U0i4K6u0r3L8r3W2T1j5#2)9J5c8X3q4J5j5$3S2Q4x3X3c8S2M7X3#2Q4x3V1k6K6P5i4y4U0j5h3I4D9M7#2)9J5c8W2)9#2k6W2)9#2k6X3!0H3k6h3&6Q4x3X3g2e0i4@1g2r3i4@1u0o6i4K6R3&6i4K6u0o6i4@1f1@1i4@1u0m8i4K6S2q4i4@1f1$3i4K6V1^5i4@1q4r3i4@1f1$3i4K6R3K6i4@1t1K6i4@1f1#2i4K6R3^5i4@1t1H3i4@1f1^5i4K6R3K6i4@1u0p5i4@1f1#2i4K6V1H3i4@1p5$3i4@1f1$3i4K6S2m8i4K6S2m8i4@1f1&6i4K6V1J5i4@1p5&6i4@1f1#2i4@1q4p5i4K6V1H3i4@1f1#2i4K6R3%4i4@1u0p5i4@1f1$3i4K6V1#2i4@1t1H3i4@1f1@1i4@1u0o6i4@1t1^5i4@1f1#2i4K6V1H3i4K6V1I4i4@1f1#2i4K6R3$3i4K6R3#2i4@1f1$3i4@1p5H3i4@1t1^5i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1@1i4@1u0p5i4K6R3$3i4@1f1$3i4K6V1^5i4@1q4r3i4@1f1#2i4K6R3#2i4@1t1%4i4@1f1@1i4@1u0p5i4K6V1K6i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1@1i4@1u0n7i4@1p5K6i4@1f1%4i4@1p5H3i4K6R3I4i4@1f1@1i4@1t1^5i4K6S2p5i4@1f1%4i4K6W2r3i4@1p5#2i4@1f1&6i4K6R3I4i4K6V1K6i4@1f1^5i4@1q4r3i4@1p5#2i4@1f1$3i4K6R3H3i4K6S2q4i4@1f1@1i4@1t1&6i4K6R3^5i4@1f1#2i4@1q4q4i4K6W2q4i4@1f1%4i4K6S2q4i4@1t1H3i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1^5i4@1q4r3i4@1p5#2K9r3!0G2K9#2!0q4y4g2)9&6x3#2!0m8b7g2!0q4y4q4!0n7z5q4!0m8b7g2!0q4c8W2!0n7b7#2)9&6c8R3`.`.
