One 、CPU Cache mechanism

CPU In the architecture model , Instructions At the beginning , Store in memory , Such as : /proc/pid/maps Each of the .so Dynamic libraries have an address in memory , Instructions are stored in the dynamic library ;

CPU And The access rate between memories is relatively low , The low here is with CPU Access register comparison , CPU The speed at which registers are accessed > CPU Speed of accessing memory > CPU The speed at which the disk is accessed ;

In order to improve CPU visit Memory The speed of , stay CPU A piece is prepared inside Cache , Instructions in memory are not put directly into CPU , Instead, put it in the cache first , Then read from the cache to the register for instruction operation ;

If CPU The instruction to be accessed is just in the cache , Then you can execute at high speed Code instructions , At the same time of execution , The subsequent instructions are continuously loaded into the cache , So that's a guarantee CPU Efficient execution of instructions ;

Two 、CPU Cache mechanism Lead to Function interception failed

In the last blog 【Android reverse 】 Function interception principle ( By modifying the GOT Global offset table interception function | Function interception is realized by adding jump code to the actually called function ) Reliable function interception scheme in , Recommended " Add jump code to the actually called function to realize function interception " The scheme implements function interception ;

The above scheme needs to be implemented in The function actually called in , Write a jump instruction , The function of the write instruction is stored in memory , It can only be written in memory , CPU The cache of is entirely composed of CPU Internal hardware call , External code cannot access the cache ;

Here is a question , stay Insert jump code into the intercepted function , If the function has been loaded into CPU In the cache of , that Modify memory , Can't make CPU Execute the modified code instruction ;

CPU Medium The cache is Sort by command rate , The more frequently used functions , The higher the priority , The less likely it is to be removed ;

If the function to be intercepted , Call frequency is very high , Maybe the modified function will always reside in CPU In cache , Just The function has been unable to be intercepted ;

And that leads to this Function interception , unable 100% success ;