Dump strings on the stack in logs

JingMatrix · JingMatrix · commit f036a0e03109 · 2025-08-21T12:20:00.000+02:00
These strings help to identify the detection point explained in JingMatrix/NeoZygisk#42.
diff --git a/app/src/main/cpp/include/vmap.hpp b/app/src/main/cpp/include/vmap.hpp
@@ -34,4 +34,6 @@ struct MapInfo {
 };
 
 MapInfo *DetectInjection();
+
+void DumpStackStrings();
 } // namespace VirtualMap
diff --git a/app/src/main/cpp/native-lib.cpp b/app/src/main/cpp/native-lib.cpp
@@ -16,6 +16,7 @@ Java_org_matrix_demo_MainActivity_stringFromJNI(JNIEnv *env,
   SoList::SoInfo *abnormal_soinfo = SoList::DetectInjection();
   VirtualMap::MapInfo *abnormal_vmap = VirtualMap::DetectInjection();
   size_t module_injected = SoList::DetectModules();
+  VirtualMap::DumpStackStrings();
 
   if (abnormal_soinfo != nullptr) {
     solist_detection =
@@ -32,8 +33,8 @@ Java_org_matrix_demo_MainActivity_stringFromJNI(JNIEnv *env,
   }
 
   if (module_injected > 0) {
-    counter_detection =
-        std::format("Module counter: {} shared libraries unloaded", module_injected);
+    counter_detection = std::format(
+        "Module counter: {} shared libraries unloaded", module_injected);
   }
 
   return env->NewStringUTF(
diff --git a/app/src/main/cpp/vmap.cpp b/app/src/main/cpp/vmap.cpp
@@ -9,6 +9,58 @@
 
 namespace VirtualMap {
 
+void logPossibleStrings(const char *start, size_t size,
+                        size_t min_string_length = 4) {
+  const char *end = start + size;
+  const char *ptr = start;
+
+  LOGD("--- Starting String Dump (min length: %zu, range size: %zu) ---",
+       min_string_length, size);
+
+  while (ptr < end) {
+    // Find the beginning of a potential string (a printable character)
+    if (isprint(static_cast<unsigned char>(*ptr))) {
+      const char *string_start = ptr;
+      const char *string_end = ptr + 1;
+
+      // Find the end of the sequence of printable characters
+      while (string_end < end &&
+             isprint(static_cast<unsigned char>(*string_end))) {
+        string_end++;
+      }
+
+      size_t length = string_end - string_start;
+
+      // If the sequence meets our minimum length, log it
+      if (length >= min_string_length) {
+        // Safely create a std::string from the non-null-terminated segment
+        std::string found_str(string_start, length);
+
+        // Log the string and its memory offset using LOGD's format string
+        LOGI("Offset 0x%zx: \"%s\"", (size_t)(string_start - start),
+             found_str.c_str());
+      }
+
+      // Advance the main pointer past the sequence we just processed
+      ptr = string_end;
+    } else {
+      // Not a printable character, just move to the next byte
+      ptr++;
+    }
+  }
+  LOGD("--- Finished String Dump ---");
+}
+
+void DumpStackStrings() {
+  for (auto &map : MapInfo::Scan()) {
+    if (map.dev == 0 && map.inode == 0 && map.offset == 0 &&
+        map.path == "[anon:stack_and_tls:main]") {
+      logPossibleStrings(reinterpret_cast<const char *>(map.start),
+                         map.end - map.start, 3);
+    }
+  }
+}
+
 MapInfo *DetectInjection() {
   int jit_cache_count = 0;
   int jit_zygote_cache_count = 0;
