ebpf/ebpftracer/tracer/inject/inject_linux_amd64.go

package inject

/*
#cgo CFLAGS: -I include
#cgo amd64 LDFLAGS: ${SRCDIR}/lib/libhotpatch_amd64.a
#cgo arm64 LDFLAGS: ${SRCDIR}/lib/libhotpatch_arm64.a
#include "hotpatch.h"
#include <stdlib.h>
*/
import "C"

import (
	"bufio"
	"debug/elf"
	"fmt"
	"github.com/coroot/coroot-node-agent/utils"
	klog "github.com/sirupsen/logrus"
	"golang.org/x/arch/x86/x86asm"
	"os"
	"path/filepath"
	"strings"
	"syscall"
	"unsafe"
)

const (
	IO_FD_FDID_SYM_OFFSET = 129
	NET_SEND_SYM_OFFSET   = 518
	// 备份指令长度
	ORIGIN_CODE_LEN = 12
)

type InstInfo struct {
	SymName          string
	SymSize          uint64
	SymAddr          uint64
	PC               uint64
	Inst             x86asm.Inst
	OriginInst       x86asm.Inst
	OriginCode       []byte
	TargetAddr       uint64
	OriginTargetAddr uint64
}

type InnerSymbolInfo struct {
	IO_fd_fdID InstInfo
	NET_Send   InstInfo
}

func (j *JvmInjector) findReleaseAddressInfoFromMem() error {
	klog.Infof("findReleaseAddressInfoFromMem start.")
	funcAbsAddress := j.ReleaseLibNetInfo.FuncSymbol.SymAddr
	releaseFuncSym := InnerSymbolInfo{}
	code, err := j.readMemory(funcAbsAddress, j.ReleaseLibNetInfo.FuncSymbol.SymSize)
	if err != nil {
		return err
	}
	pc := uint64(0)
	callCount := 0
	preContext := InstInfo{}
	for pc < uint64(len(code)) {

		inst, err := x86asm.Decode(code[pc:], 64)
		if err != nil {
			klog.Errorf("Decode error at offset 0x%x: %v\n", pc, err)
			pc++ // Skip this byte and try to decode again
			continue
		}
		//fmt.Printf("Decoded instuction at 0x%x: %v\n", funcAbsAddress+pc, Inst)
		//fmt.Printf("Decoded x86 instuction at 0x%x: %v\n", funcAbsAddress+pc, x86asm.IntelSyntax(inst, 0, nil))
		//fmt.Printf("Decoded GNU instuction at 0x%x: %v\n", funcAbsAddress+pc, x86asm.GNUSyntax(Inst, 0, nil))
		currentData := InstInfo{
			PC:      pc,
			SymAddr: funcAbsAddress + pc,
			Inst:    inst,
			//IntelInst: x86asm.IntelSyntax(inst, 0, nil),
		}
		if pc == 10 && inst.Op == x86asm.JMP {
			// 已经被修改过的首指令
			j.PreCheck.EbpfCanInjection = true
			j.Uprobe.ELFPath = j.DebugLibNetInfo.LibPath
			if j.DebugLibNetInfo.FileDeleted {
				j.Uprobe.ELFPath = j.DebugLibNetInfo.MapFile
			}
			klog.Infof("[inject] Inst already modified. <%s>;elf:%s", x86asm.IntelSyntax(inst, 0, nil), j.Uprobe.ELFPath)
			return nil
		}
		if pc == 0 {
			j.ReleaseLibNetInfo.FuncSymbol.PC = currentData.PC
			j.ReleaseLibNetInfo.FuncSymbol.Inst = currentData.Inst
			j.ReleaseLibNetInfo.FuncSymbol.OriginInst = currentData.Inst
		}

		if inst.Op == x86asm.MOV {
			if dst, okDst := inst.Args[0].(x86asm.Mem); okDst {
				if dst.Base == x86asm.RBP {
					if src, okSrc := inst.Args[1].(x86asm.Reg); okSrc {
						if src == x86asm.R9L {
							// debug so
							klog.Infof("[inject] release.so is debug.so. <%s>", x86asm.IntelSyntax(inst, 0, nil))
							j.PreCheck.EbpfCanInjection = true
							j.Uprobe.ELFPath = j.ReleaseLibNetInfo.LibPath
							if j.ReleaseLibNetInfo.FileDeleted {
								j.Uprobe.ELFPath = j.ReleaseLibNetInfo.MapFile
							}
							return fmt.Errorf("MOV from register %v to memory %v\n", src, dst)
							//return nil
						}
					}
				}
			}

			//src, okSrc := inst.Args[1].(x86asm.Reg)
			//fmt.Println(inst.Args)
			//fmt.Printf("Instruction: %+v\n", inst)
			//
			//fmt.Println(okSrc)

			//if okDst && okSrc && dst == x86asm.RBP && src == x86asm.R9L {
			//	fmt.Println("Instruction is 'mov %r9d, %rbp'")
			//}

		}

		if inst.Op == x86asm.CALL {
			//fmt.Printf("Pre instuction at 0x%x: %v\n", preContext.PC, preContext.Inst)
			if callCount == 0 {
				releaseFuncSym.IO_fd_fdID = preContext
				releaseFuncSym.IO_fd_fdID.SymName = "<IO_fd_fdID>(Release)"
				preInst := preContext.Inst
				klog.Infof("[findReleaseAddressInfoFromMem] preInst %v\n]", preInst)
				// 计算目标地址
				if preInst.Op == x86asm.MOV &&
					len(preInst.Args) == 4 &&
					preInst.Args[0] != nil &&
					preInst.Args[0] == x86asm.RDX &&
					preInst.Args[1] != nil {
					if mem, ok := preInst.Args[1].(x86asm.Mem); ok && mem.Base == x86asm.RIP {
						relOffset := mem.Disp // 直接从Mem结构体中读取偏移
						targetAddress := preContext.SymAddr + uint64(preInst.Len) + uint64(relOffset)
						klog.Infof("[findReleaseAddressInfoFromMem] target address 0x%x\n", targetAddress)
						releaseFuncSym.IO_fd_fdID.TargetAddr = targetAddress
					} else {
						return fmt.Errorf("The instruction does not use RIP-relative addressing.")
					}
				} else {
					return fmt.Errorf("[findReleaseAddressInfoFromMem] The decoded instruction is not a MOV to RDX.")
				}

			}
			callCount++
			if callCount == 4 {
				releaseFuncSym.NET_Send = currentData
				klog.Infof("4 call Decoded instuction at 0x%x: %v\n", funcAbsAddress+pc, inst)
				relOffset, ok := inst.Args[0].(x86asm.Rel)
				if !ok {
					return fmt.Errorf("The instruction does not use RIP-relative addressing.")
				}
				targetAddress := currentData.SymAddr + uint64(inst.Len) + uint64(relOffset)
				releaseFuncSym.NET_Send.TargetAddr = targetAddress
				klog.Infof("[findReleaseAddressInfoFromMem] target address 0x%x\n", releaseFuncSym.NET_Send)
				releaseFuncSym.NET_Send.SymName = "<NET_Send>(Release)"
				klog.Infof("[findReleaseAddressInfoFromMem] target address 0x%x\n", targetAddress)
			}
		}
		preContext = InstInfo{
			PC:      pc,
			SymAddr: funcAbsAddress + pc,
			Inst:    inst,
		}
		pc += uint64(inst.Len)
	}
	j.ReleaseLibNetInfo.InnerSymbol = releaseFuncSym
	j.ReleaseLibNetInfo.FuncSymbol.OriginCode = code[0:ORIGIN_CODE_LEN]
	return nil
}

func (j *JvmInjector) findDebugAddressInfoFromMem() (uint64, error) {
	klog.Infof("[findDebugAddressInfoFromMem] Looking for debug address info from Mem")
	funcAbsAddress := j.DebugLibNetInfo.FuncSymbol.SymAddr
	debugFuncSym := InnerSymbolInfo{}
	//debugFuncSym.FuncSymbol.SymAddr = funcAbsAddress
	//offset := sym.Value
	size := j.DebugLibNetInfo.FuncSymbol.SymSize
	code, err := j.readMemory(funcAbsAddress, size)
	//fmt.Println(code, err)
	if err != nil {
		return 0, err
	}

	pc := uint64(0)
	preContext := InstInfo{}

	for pc < uint64(len(code)) {
		inst, err := x86asm.Decode(code[pc:], 64)
		if err != nil {
			klog.Errorf("Decode error at offset 0x%x: %v\n", pc, err)
			pc++ // Skip this byte and try to decode again
			continue
		}
		//fmt.Printf("Decoded instuction at 0x%x: %v\n", funcAbsAddress+pc, Inst)
		//fmt.Printf("Decoded x86 instuction at 0x%x: %v\n", funcAbsAddress+pc, x86asm.IntelSyntax(inst, 0, nil))
		//fmt.Printf("Decoded GNU instuction at 0x%x: %v\n", funcAbsAddress+pc, x86asm.GNUSyntax(Inst, 0, nil))
		currentData := InstInfo{
			PC:      pc,
			SymAddr: funcAbsAddress + pc,
			Inst:    inst,
		}
		if pc == 0 {
			j.DebugLibNetInfo.FuncSymbol.PC = currentData.PC
			j.DebugLibNetInfo.FuncSymbol.Inst = currentData.Inst
			j.DebugLibNetInfo.FuncSymbol.OriginInst = currentData.Inst
		}
		if pc == IO_FD_FDID_SYM_OFFSET {
			klog.Infof("Instuction at 0x%x: %v\n", preContext.PC, preContext.Inst)
			debugFuncSym.IO_fd_fdID = currentData
			debugFuncSym.IO_fd_fdID.SymName = "<IO_fd_fdID>(Debug)"
			// 计算目标地址
			if currentData.Inst.Op == x86asm.MOV &&
				len(currentData.Inst.Args) == 4 &&
				currentData.Inst.Args[0] != nil &&
				currentData.Inst.Args[0] == x86asm.RDX &&
				currentData.Inst.Args[1] != nil {
				if mem, ok := currentData.Inst.Args[1].(x86asm.Mem); ok && mem.Base == x86asm.RIP {
					// 直接从Mem结构体中读取偏移
					relOffset := mem.Disp
					targetAddress := currentData.SymAddr + uint64(currentData.Inst.Len) + uint64(relOffset)
					klog.Infof("Find %s Target address: 0x%x\n", debugFuncSym.IO_fd_fdID.SymName, targetAddress)
					debugFuncSym.IO_fd_fdID.TargetAddr = targetAddress
					// 保存原始数据
					debugFuncSym.IO_fd_fdID.OriginTargetAddr = targetAddress
					debugFuncSym.IO_fd_fdID.OriginInst = currentData.Inst
					j.PreCheck.IoFdCheck = true
				} else {
					return 0, fmt.Errorf("The instruction does not use RIP-relative addressing.")
				}
			} else {
				return 0, fmt.Errorf("[findDebugAddressInfoFromMem] The decoded instruction is not a MOV to RDX.")
			}
		}
		if pc == NET_SEND_SYM_OFFSET {
			debugFuncSym.NET_Send = currentData
			klog.Infof("4 call Decoded instuction at 0x%x: %v\n", funcAbsAddress+pc, inst)
			relOffset, ok := (inst.Args[0].(x86asm.Rel))
			if !ok {
				return 0, fmt.Errorf("The decoded instruction is not a Rel.")
			}
			targetAddress := currentData.SymAddr + uint64(inst.Len) + uint64(relOffset)
			debugFuncSym.NET_Send.TargetAddr = targetAddress
			debugFuncSym.NET_Send.SymName = "<NET_Send>(Debug)"
			klog.Infof("Find %s Target address: 0x%x\n", debugFuncSym.NET_Send.SymName, targetAddress)

			// 保存原始数据
			debugFuncSym.NET_Send.OriginTargetAddr = targetAddress
			debugFuncSym.NET_Send.OriginInst = currentData.Inst

			j.PreCheck.NetSendFuncCheck = true
		}

		preContext = InstInfo{
			PC:      pc,
			SymAddr: funcAbsAddress + pc,
			Inst:    inst,
		}
		pc += uint64(inst.Len)
	}
	j.DebugLibNetInfo.InnerSymbol = debugFuncSym
	return 0, nil
}

func (j *JvmInjector) checkDebugFuncSymAfterChange() (uint64, error) {
	klog.Infof("Checking debug function symbol after injection")
	funcAbsAddress := j.DebugLibNetInfo.FuncSymbol.SymAddr
	debugFuncSym := InnerSymbolInfo{}
	code, err := j.readMemory(funcAbsAddress, j.DebugLibNetInfo.FuncSymbol.SymSize)
	if err != nil {
		return 0, err
	}

	pc := uint64(0)
	preContext := InstInfo{}

	for pc < uint64(len(code)) {
		inst, err := x86asm.Decode(code[pc:], 64)
		if err != nil {
			klog.Infof("Decode error at offset 0x%x: %v\n", pc, err)
			pc++ // Skip this byte and try to decode again
			continue
		}
		//fmt.Printf("Decoded instuction at 0x%x: %v\n", funcAbsAddress+pc, Inst)
		//fmt.Printf("Decoded x86 instuction at 0x%x: %v\n", funcAbsAddress+pc, x86asm.IntelSyntax(inst, 0, nil))
		//fmt.Printf("Decoded GNU instuction at 0x%x: %v\n", funcAbsAddress+pc, x86asm.GNUSyntax(Inst, 0, nil))
		currentData := InstInfo{
			PC:      pc,
			SymAddr: funcAbsAddress + pc,
			Inst:    inst,
		}
		if pc == NET_SEND_SYM_OFFSET {
			klog.Infof("Instuction at 0x%x: %v\n", preContext.PC, preContext.Inst)
			debugFuncSym.IO_fd_fdID = currentData
			debugFuncSym.IO_fd_fdID.SymName = "<IO_fd_fdID>(Debug)"
			// 计算目标地址
			if currentData.Inst.Op == x86asm.MOV &&
				len(currentData.Inst.Args) == 4 &&
				currentData.Inst.Args[0] != nil &&
				currentData.Inst.Args[0] == x86asm.RDX &&
				currentData.Inst.Args[1] != nil {
				if mem, ok := currentData.Inst.Args[1].(x86asm.Mem); ok && mem.Base == x86asm.RIP {
					// 直接从Mem结构体中读取偏移
					relOffset := mem.Disp
					targetAddress := currentData.SymAddr + uint64(currentData.Inst.Len) + uint64(relOffset)
					klog.Infof("Find %s Target address: 0x%x\n", debugFuncSym.IO_fd_fdID.SymName, targetAddress)
					debugFuncSym.IO_fd_fdID.TargetAddr = targetAddress
					//j.PreCheck.IoFdCheck = true

					if targetAddress == j.ReleaseLibNetInfo.InnerSymbol.IO_fd_fdID.TargetAddr {
						j.DebugLibNetInfo.InnerSymbol.IO_fd_fdID.TargetAddr = targetAddress
						j.DebugLibNetInfo.InnerSymbol.IO_fd_fdID.Inst = currentData.Inst
						j.AfterCheck.IoFdCheck = true
						klog.Infoln("ok")
					}
				} else {
					return 0, fmt.Errorf("The instruction does not use RIP-relative addressing.")
				}
			} else {
				return 0, fmt.Errorf("[checkDebugFuncSymAfterChange] The decoded instruction is not a MOV to RDX.")
			}
		}
		if pc == NET_SEND_SYM_OFFSET {
			debugFuncSym.NET_Send = currentData
			//fmt.Println(currentData.IntelInst)
			//klog.Infof("4 call Decoded instuction at 0x%x: %v\n", funcAbsAddress+pc, inst)
			relOffset, ok := (inst.Args[0].(x86asm.Rel))
			if !ok {
				return 0, fmt.Errorf("The decoded instruction is not a Rel.")
			}
			targetAddress := currentData.SymAddr + uint64(inst.Len) + uint64(relOffset)
			debugFuncSym.NET_Send.TargetAddr = targetAddress
			debugFuncSym.NET_Send.SymName = "<NET_Send>(Debug)"
			klog.Infof("Find %s Target address: 0x%x\n", debugFuncSym.NET_Send.SymName, targetAddress)

			if targetAddress == j.ReleaseLibNetInfo.InnerSymbol.NET_Send.TargetAddr {
				j.DebugLibNetInfo.InnerSymbol.NET_Send.TargetAddr = targetAddress
				j.DebugLibNetInfo.InnerSymbol.NET_Send.Inst = currentData.Inst
				j.AfterCheck.NetSendFuncCheck = true
			}
		}

		preContext = InstInfo{
			PC:      pc,
			SymAddr: funcAbsAddress + pc,
			Inst:    inst,
		}
		pc += uint64(inst.Len)
	}
	return 0, nil
}

func (j *JvmInjector) checkReleaseFuncSymAfterChange() error {
	funcAbsAddress := j.ReleaseLibNetInfo.FuncSymbol.SymAddr
	code, err := j.readMemory(funcAbsAddress, j.ReleaseLibNetInfo.FuncSymbol.SymSize)
	if err != nil {
		return fmt.Errorf("readMemory error in checkReleaseFuncSymAfterChange <%v>", err)
	}

	// 原函数内容注释掉
	// inst, err := x86asm.Decode(code[0:], 64)
	// if err != nil {
	// 	return fmt.Errorf("Decode error in checkReleaseFuncSymAfterChange <%v>", err)
	// }
	// if inst.Op != x86asm.JMP {
	// 	return fmt.Errorf("The instruction does not JMP.")
	// }
	// relOffset, ok := inst.Args[0].(x86asm.Rel)
	// if !ok {
	// 	return fmt.Errorf("The instruction does not use RIP-relative addressing.")
	// }
	// // 验证target与Debug入口是否一致
	// targetAddress := funcAbsAddress + uint64(inst.Len) + uint64(relOffset)
	// if targetAddress != j.DebugLibNetInfo.FuncSymbol.SymAddr {
	// 	return fmt.Errorf("Function entry jmp address does not match expectations.")
	// }

	// 新的验证逻辑：验证指令序列：movabs $imm64,%rax 和 jmp *%rax
	if len(code) < 13 { // movabs(10字节) + jmp(3字节) = 13字节
		return fmt.Errorf("Instruction sequence too short, expected at least 13 bytes, got %d", len(code))
	}

	// 验证第一个指令：movabs $imm64,%rax
	// movabs 指令格式：48 B8 + 8字节立即数 (RAX寄存器)
	// 48 B8 = movabs rax, imm64
	if code[0] != 0x48 || code[1] != 0xB8 {
		return fmt.Errorf("First instruction is not movabs rax, imm64. Got: 0x%02x 0x%02x", code[0], code[1])
	}

	// 提取立即数值 (小端序)
	imm64 := uint64(code[2]) | uint64(code[3])<<8 | uint64(code[4])<<16 | uint64(code[5])<<24 |
		uint64(code[6])<<32 | uint64(code[7])<<40 | uint64(code[8])<<48 | uint64(code[9])<<56

	// 验证立即数是否与 Debug 函数地址一致
	expectedAddr := j.DebugLibNetInfo.FuncSymbol.SymAddr
	if imm64 != expectedAddr {
		return fmt.Errorf("movabs immediate value mismatch. Expected: 0x%x (Debug function addr), Got: 0x%x", expectedAddr, imm64)
	}

	// 验证第二个指令：jmp *%rax
	// jmp *%rax 指令格式：FF E0
	if code[10] != 0xFF || code[11] != 0xE0 {
		return fmt.Errorf("Second instruction is not jmp *%%rax. Got: 0x%02x 0x%02x", code[10], code[11])
	}

	klog.Infof("[checkReleaseFuncSymAfterChange] Successfully verified instruction sequence: movabs $0x%x,%%rax; jmp *%%rax", imm64)
	return nil
}

// readMemory 用于读取指定地址的内存数据
func (j *JvmInjector) readMemory(address uint64, size uint64) ([]byte, error) {
	memFile := fmt.Sprintf("/proc/%d/mem", j.Pid)
	file, err := os.Open(memFile)
	if err != nil {
		return nil, err
	}
	defer file.Close()

	data := make([]byte, size)
	_, err = file.ReadAt(data, int64(address))
	if err != nil {
		return nil, err
	}

	return data, nil
}

// findLibraryBases 用于在 /proc/[pid]/maps 文件中查找库的所有基地址

func findLibraryBasesList(pid int, libraryName string, libPath string) ([]uint64, error) {
	mapsFile := fmt.Sprintf("/proc/%d/maps", pid)
	file, err := os.Open(mapsFile)
	if err != nil {
		return nil, err
	}
	defer file.Close()

	var bases []uint64
	scanner := bufio.NewScanner(file)
	for scanner.Scan() {
		line := scanner.Text()
		if strings.Contains(line, libraryName) && strings.Contains(line, libPath) {
			var start, end uint64
			fmt.Sscanf(line, "%x-%x", &start, &end)
			bases = append(bases, start)
		}
	}

	if len(bases) == 0 {
		return nil, fmt.Errorf("library %s not found", libraryName)
	}

	return bases, nil
}

func (j *JvmInjector) findLibBaseFromProcMaps(pid int, libName string) (uint64, string, string, bool, error) {
	mapsFile := fmt.Sprintf("/proc/%d/maps", j.Pid)
	file, err := os.Open(mapsFile)
	if err != nil {
		return 0, "", "", false, err
	}
	defer file.Close()
	var start, end uint64
	var deleted bool
	scanner := bufio.NewScanner(file)
	for scanner.Scan() {
		line := scanner.Text()
		if strings.Contains(line, "/"+libName) {
			fmt.Sscanf(line, "%x-%x", &start, &end)
			fields := strings.Fields(line)
			if len(fields) > 5 {
				path := fields[5]
				if len(fields) > 6 && fields[6] == "(deleted)" {
					deleted = true
				}
				if strings.HasSuffix(path, ".so") {
					klog.Infof("[inject] found library in map %s", path)
					return start, path, fmt.Sprintf("/proc/%d/map_files/%s", j.Pid, fields[0]), deleted, nil
				}
			}
		}
	}

	return 1, "", "", false, fmt.Errorf("library %s not found", libName)
}

func (j *JvmInjector) findLibBaseByPathFromProcMaps(libPath string) (uint64, string, error) {
	mapsFile := fmt.Sprintf("/proc/%d/maps", j.Pid)
	file, err := os.Open(mapsFile)
	if err != nil {
		return 0, "", err
	}
	defer file.Close()
	var start, end uint64
	scanner := bufio.NewScanner(file)
	for scanner.Scan() {
		line := scanner.Text()
		if strings.Contains(line, libPath) {
			fmt.Sscanf(line, "%x-%x", &start, &end)
			fields := strings.Fields(line)
			if len(fields) > 5 {
				path := fields[5]
				if strings.HasSuffix(path, ".so") {
					return start, path, nil
				}
			}
		}
	}

	return 1, "", fmt.Errorf("library %s not found in process.", libPath)
}

func (j *JvmInjector) getFunctionOffset(libPath, functionName string) (elf.Symbol, error) {
	elfFile, err := elf.Open(libPath)
	if err != nil {
		return elf.Symbol{}, fmt.Errorf("failed to open ELF file: %v", err)
	}
	defer elfFile.Close()

	symbols, err := elfFile.DynamicSymbols()
	if err != nil {
		return elf.Symbol{}, fmt.Errorf("failed to read dynamic symbols: %v", err)
	}

	for _, sym := range symbols {
		if sym.Name == functionName {
			//fmt.Println("size:", sym.Size)
			return sym, nil
		}
	}

	//textSection := elfFile.Section(".text")
	//if textSection == nil {
	//	fmt.Println("textSection is null")
	//	//return nil
	//}
	//textSectionData, err := textSection.Data()
	//if err != nil {
	//	fmt.Println("textSectionData error is", err)
	//	//return nil
	//}
	//textSectionLen := uint64(len(textSectionData) - 1)

	return elf.Symbol{}, fmt.Errorf("function %s not found", functionName)
}

//var PID string

func (j *JvmInjector) InitProg() error {
	// 获取release库的基地址
	baseAddress, releaseSoFilePathInProc, mapFilesPath, deleted, err := FindLibBaseFromProcMaps(j.Pid, j.ReleaseLibNetInfo.LibName)
	//j.ReleaseLibNetInfo.LibPath = releaseSoFilePathInProc
	j.ReleaseLibNetInfo.FileDeleted = deleted
	j.ReleaseLibNetInfo.MapFile = mapFilesPath
	pJvmlibnetPhysicalPath := j.Rootfs + releaseSoFilePathInProc
	j.ReleaseLibNetInfo.LibPath = pJvmlibnetPhysicalPath

	if err != nil {
		return fmt.Errorf("Error finding base addresses: %v", err)
	}

	// jvm prog base
	//pJvmLibBaseDir := filepath.Dir(pJvmlibnetPhysicalPath)
	jvmLibBaseDir := filepath.Dir(releaseSoFilePathInProc)
	// proc maps load path

	debugSoFilePathInProc := filepath.Join(jvmLibBaseDir, j.DebugLibNetInfo.LibName)
	// Physical path
	debugSoFilePhysicalPath := filepath.Join(j.Rootfs, debugSoFilePathInProc)
	_, noFileErr := os.Stat(debugSoFilePhysicalPath)

	// find cwlibnet.so in proc maps
	var readDebugSoPathInMaps string
	_, readDebugSoPathInMaps, j.DebugLibNetInfo.MapFile, j.DebugLibNetInfo.FileDeleted, _ = FindLibBaseFromProcMaps(j.Pid, j.DebugLibNetInfo.LibName)
	j.DebugLibNetInfo.LibPath = debugSoFilePhysicalPath
	j.DebugLibNetInfo.ProcLoadPath = filepath.Join(jvmLibBaseDir, j.DebugLibNetInfo.LibName)
	// condition create
	pathFromProg := utils.GetDefaultLibsPath("jvm", j.DebugLibNetInfo.LibName)
	if noFileErr != nil && readDebugSoPathInMaps == "" && !j.DebugLibNetInfo.FileDeleted {
		err = CopyFileAndMatchPermissions(pathFromProg, debugSoFilePhysicalPath, pJvmlibnetPhysicalPath)
		klog.Infof("[src:%s],[target:%s],[perm:%s]", pathFromProg, debugSoFilePhysicalPath, pJvmlibnetPhysicalPath)
		if err != nil {
			return err
		}
	}

	functionName := j.ReleaseLibNetInfo.FuncSymbol.SymName
	//j.ReleaseLibNetInfo.LibPath = pJvmlibnetPhysicalPath

	klog.Infof("[inject] Base address of [%s]:[%x]", j.ReleaseLibNetInfo.LibName, baseAddress)

	// 获取函数的偏移量
	functionSym, err := GetFunctionOffset(pJvmlibnetPhysicalPath, functionName)

	// 计算函数的实际内存地址
	j.ReleaseLibNetInfo.FuncSymbol.SymAddr = baseAddress + functionSym.Value
	j.ReleaseLibNetInfo.FuncSymbol.SymSize = functionSym.Size
	if err != nil {
		klog.WithError(err).Errorf("Error getting function offset")
		return err
	}
	klog.Infof("[inject] Actual memory address of %s at base 0x%x: 0x%x", functionName, baseAddress, j.ReleaseLibNetInfo.FuncSymbol.SymAddr)
	if j.Uprobe.ELFPath == "" {
		if j.DebugLibNetInfo.FileDeleted {
			j.Uprobe.ELFPath = j.DebugLibNetInfo.MapFile
		} else {
			j.Uprobe.ELFPath = debugSoFilePhysicalPath
		}
	}
	err = j.findReleaseAddressInfoFromMem()
	if err != nil {
		return err
	} else {
		j.PreCheck.NeedInjectionCheck = true
	}

	return nil
}

func (j *JvmInjector) findDebugFuncContextFromLibPath() error {
	//libName := j.DebugLibNetInfo.LibPath

	// 获取release库的基地址
	baseAddress, libPath, err := FindLibBaseByPathFromProcMaps(j.Pid, j.DebugLibNetInfo.ProcLoadPath)
	klog.Infof("[inject] debug base address of [%s] : %x", libPath, baseAddress)
	functionName := j.DebugLibNetInfo.FuncSymbol.SymName
	//j.DebugLibNetInfo.LibPath = libPath
	if err != nil {
		klog.WithError(err).Errorf("[inject] error.")
		return err
	}

	// 获取函数的偏移量
	functionSym, err := GetFunctionOffset(j.DebugLibNetInfo.LibPath, functionName)
	// 计算函数的实际内存地址
	j.DebugLibNetInfo.FuncSymbol.SymAddr = baseAddress + functionSym.Value
	j.DebugLibNetInfo.FuncSymbol.SymSize = functionSym.Size

	if err != nil {
		return fmt.Errorf("Error getting function offset: %v", err)
	}

	functionConvert0Sym, err := GetFunctionOffset(j.DebugLibNetInfo.LibPath, j.DebugLibNetInfo.FuncConvert0Symbol.SymName)
	// 计算函数的实际内存地址
	j.DebugLibNetInfo.FuncConvert0Symbol.SymAddr = baseAddress + functionConvert0Sym.Value
	j.DebugLibNetInfo.FuncConvert0Symbol.SymSize = functionConvert0Sym.Size

	if err != nil {
		return fmt.Errorf("Error getting function offset: %v", err)
	}

	functionGetTTLSym, err := GetFunctionOffset(j.DebugLibNetInfo.LibPath, j.DebugLibNetInfo.FuncGetTTLSymbol.SymName)
	// 计算函数的实际内存地址
	j.DebugLibNetInfo.FuncGetTTLSymbol.SymAddr = baseAddress + functionGetTTLSym.Value
	j.DebugLibNetInfo.FuncGetTTLSymbol.SymSize = functionGetTTLSym.Size

	if err != nil {
		return fmt.Errorf("Error getting function offset: %v", err)
	}

	_, err = j.findDebugAddressInfoFromMem()
	if err != nil {
		return fmt.Errorf("Error finding first CALL instuction: %v", err)
	}
	klog.Infof("First CALL instuction o1f %s at base 0x%x\n", functionName, baseAddress)
	return nil
}

func printCodeData(data LibNetInfo) {
	klog.Infof("========FuncEnter <0x%x> \n", data.FuncSymbol.SymAddr)
	klog.Infof("Name %s | CurrentAddr:<0x%x>\nOrigin-TargetAddr:<0x%x> | TargetAddr:<0x%x> \nOrigin-Inst:<%s> | Inst:<%s> \n",
		data.InnerSymbol.IO_fd_fdID.SymName,
		data.InnerSymbol.IO_fd_fdID.SymAddr,
		data.InnerSymbol.IO_fd_fdID.OriginTargetAddr,
		data.InnerSymbol.IO_fd_fdID.TargetAddr,
		x86asm.IntelSyntax(data.InnerSymbol.IO_fd_fdID.OriginInst, 0, nil),
		x86asm.IntelSyntax(data.InnerSymbol.IO_fd_fdID.Inst, 0, nil))
	klog.Infof("\nName %s | CurrentAddr:<0x%x>\nOrigin-TargetAddr:<0x%x> | TargetAddr:<0x%x>\nOrigin-Inst:<%s> | Inst:<%s> \n",
		data.InnerSymbol.NET_Send.SymName,
		data.InnerSymbol.NET_Send.SymAddr,
		data.InnerSymbol.NET_Send.OriginTargetAddr,
		data.InnerSymbol.NET_Send.TargetAddr,
		x86asm.IntelSyntax(data.InnerSymbol.NET_Send.OriginInst, 0, nil),
		x86asm.IntelSyntax(data.InnerSymbol.NET_Send.Inst, 0, nil))
	klog.Infoln("========")
}

func (j *JvmInjector) jvmInjectLib() int {
	dll := C.CString(j.DebugLibNetInfo.ProcLoadPath)
	rootfs := C.CString(j.Rootfs)
	defer C.free(unsafe.Pointer(dll))
	result := C.cw_inject_library(C.int(j.Pid), C.int(1), dll, rootfs)
	klog.Infof("Result: %d\n", result)
	return int(result)
}

func (j *JvmInjector) validateAllPreCheck() bool {
	return j.PreCheck.NeedInjectionCheck && j.PreCheck.LoadingCheck && j.PreCheck.IoFdCheck && j.PreCheck.NetSendFuncCheck
}

func (j *JvmInjector) validateAllModifyCheck() bool {
	return j.AfterCheck.IoFdCheck && j.AfterCheck.NetSendFuncCheck
}

/*修改部分*/
func readData(pid int, addr uintptr) (uint64, error) {
	var data uint64
	if _, err := syscall.PtracePeekData(pid, addr, (*[8]byte)(unsafe.Pointer(&data))[:]); err != nil {
		return 0, fmt.Errorf("ptrace PEEKDATA: %v", err)
	}
	return data, nil
}

func writeData(pid int, addr uintptr, data uint64) error {
	if _, err := syscall.PtracePokeData(pid, addr, (*[8]byte)(unsafe.Pointer(&data))[:]); err != nil {
		return fmt.Errorf("ptrace POKEDATA: %v", err)
	}
	return nil
}

func readDataBytes(pid int, addr uintptr, size int) ([]byte, error) {
	data := make([]byte, size)
	if _, err := syscall.PtracePeekData(pid, addr, data); err != nil {
		return nil, fmt.Errorf("ptrace PEEKDATA: %v", err)
	}
	return data, nil
}

func writeDataBytes(pid int, addr uintptr, data []byte) error {
	if _, err := syscall.PtracePokeData(pid, addr, data); err != nil {
		return fmt.Errorf("ptrace POKEDATA: %v", err)
	}
	return nil
}

func modifyIoFdTargetAddr(pid int, insertAddr, distAddr, getTTLFunctionAddr uintptr) error {
	// newOffset := distAddr - (insertAddr + 7)
	// targetAddr := insertAddr + 3
	// // 获取目标地址处的数据
	// originalData, err := readData(pid, targetAddr)
	// if err != nil {
	// 	return err
	// }

	// // 更新数据中的目标偏移
	// updatedData := (originalData & 0xFFFFFFFF00000000) | uint64(newOffset&0xFFFFFFFF)
	// err = writeData(pid, targetAddr, updatedData)
	// if err != nil {
	// 	return err
	// }

	getTTLOffset := getTTLFunctionAddr - insertAddr - 5

	// 读取原始数据
	// alignedAddr := insertAddr & ^(uintptr(unsafe.Sizeof(uintptr(0))) - 1)
	originalData, err := readDataBytes(pid, insertAddr, 7)
	if err != nil {
		return err
	}

	// offset := insertAddr % uintptr(unsafe.Sizeof(uintptr(0)))
	offset := 0

	// 写入AMD64的绝对跳转指令: mov rax, addr; jmp rax
	var getTTLOffset32 uint32 = uint32(getTTLOffset)
	originalData[offset] = 0xE8 // call
	originalData[offset+1] = byte(getTTLOffset32)
	originalData[offset+2] = byte(getTTLOffset32 >> 8)
	originalData[offset+3] = byte(getTTLOffset32 >> 16)
	originalData[offset+4] = byte(getTTLOffset32 >> 24)
	originalData[offset+5] = 0x90 //nop
	originalData[offset+6] = 0x90 //nop

	err = writeDataBytes(pid, insertAddr, originalData)
	if err != nil {
		return err
	}

	//以上是先跳转到2GB内存的无用函数中
	//以下来写真正的跳转函数

	TTLOriginalData, err := readDataBytes(pid, getTTLFunctionAddr, 16)
	if err != nil {
		return err
	}

	TTLOriginalData[offset] = 0x50
	TTLOriginalData[offset+1] = 0x48
	TTLOriginalData[offset+2] = 0xb8
	TTLOriginalData[offset+3] = byte(distAddr)
	TTLOriginalData[offset+4] = byte(distAddr >> 8)
	TTLOriginalData[offset+5] = byte(distAddr >> 16)
	TTLOriginalData[offset+6] = byte(distAddr >> 24)
	TTLOriginalData[offset+7] = byte(distAddr >> 32)
	TTLOriginalData[offset+8] = byte(distAddr >> 40)
	TTLOriginalData[offset+9] = byte(distAddr >> 48)
	TTLOriginalData[offset+10] = byte(distAddr >> 56)
	TTLOriginalData[offset+11] = 0x48
	TTLOriginalData[offset+12] = 0x8b
	TTLOriginalData[offset+13] = 0x10
	TTLOriginalData[offset+14] = 0x58 //pop rax
	TTLOriginalData[offset+15] = 0xc3 //ret

	err = writeDataBytes(pid, getTTLFunctionAddr, TTLOriginalData)
	if err != nil {
		return err
	}

	return nil
}

func modifyNetSetTargetAddr(pid int, sendDebugAddr, sendReleaseAddr, convert0FunctionAddr uintptr) error {
	// sendOffset := sendReleaseAddr - sendDebugAddr - 5

	// // 读取原始数据
	// alignedAddr := sendDebugAddr & ^(uintptr(unsafe.Sizeof(uintptr(0))) - 1)
	// originalData, err := readData(pid, alignedAddr)
	// if err != nil {
	// 	return err
	// }

	// bytes := (*[8]byte)(unsafe.Pointer(&originalData))
	// offsetLocation := (sendDebugAddr % uintptr(unsafe.Sizeof(uintptr(0)))) + 1
	// *(*uint32)(unsafe.Pointer(&bytes[offsetLocation])) = uint32(sendOffset)

	// err = writeData(pid, alignedAddr, originalData)
	// if err != nil {
	// 	return err
	// }

	convert0Offset := convert0FunctionAddr - sendDebugAddr - 5

	// 读取原始数据
	// alignedAddr := insertAddr & ^(uintptr(unsafe.Sizeof(uintptr(0))) - 1)
	originalData, err := readDataBytes(pid, sendDebugAddr, 5)
	if err != nil {
		return err
	}

	// offset := insertAddr % uintptr(unsafe.Sizeof(uintptr(0)))
	offset := 0

	// 写入AMD64的绝对跳转指令: mov rax, addr; jmp rax
	var convert0Offset32 uint32 = uint32(convert0Offset)
	originalData[offset] = 0xE8 // call
	originalData[offset+1] = byte(convert0Offset32)
	originalData[offset+2] = byte(convert0Offset32 >> 8)
	originalData[offset+3] = byte(convert0Offset32 >> 16)
	originalData[offset+4] = byte(convert0Offset32 >> 24)

	err = writeDataBytes(pid, sendDebugAddr, originalData)
	if err != nil {
		return err
	}

	convert0OriginalData, err := readDataBytes(pid, convert0FunctionAddr, 13)
	if err != nil {
		return err
	}

	convert0OriginalData[offset] = 0x48
	convert0OriginalData[offset+1] = 0xb8
	convert0OriginalData[offset+2] = byte(sendReleaseAddr)
	convert0OriginalData[offset+3] = byte(sendReleaseAddr >> 8)
	convert0OriginalData[offset+4] = byte(sendReleaseAddr >> 16)
	convert0OriginalData[offset+5] = byte(sendReleaseAddr >> 24)
	convert0OriginalData[offset+6] = byte(sendReleaseAddr >> 32)
	convert0OriginalData[offset+7] = byte(sendReleaseAddr >> 40)
	convert0OriginalData[offset+8] = byte(sendReleaseAddr >> 48)
	convert0OriginalData[offset+9] = byte(sendReleaseAddr >> 56)
	convert0OriginalData[offset+10] = 0xff
	convert0OriginalData[offset+11] = 0xd0
	convert0OriginalData[offset+12] = 0xc3

	err = writeDataBytes(pid, convert0FunctionAddr, convert0OriginalData)
	if err != nil {
		return err
	}

	return nil
}

// func modifyReleaseFuncEnter(pid int, originEnterAddr, debugEnterAddr uintptr) error {
// 	offset := debugEnterAddr - (originEnterAddr + 5)

// 	// 读取原始数据
// 	alignedAddr := originEnterAddr & ^(uintptr(unsafe.Sizeof(uintptr(0))) - 1)
// 	originalData, err := readData(pid, alignedAddr)
// 	if err != nil {
// 		return err
// 	}

// 	bytes := (*[8]byte)(unsafe.Pointer(&originalData))
// 	bytes[originEnterAddr%uintptr(unsafe.Sizeof(uintptr(0)))] = 0xe9
// 	*(*uint32)(unsafe.Pointer(&bytes[(originEnterAddr%uintptr(unsafe.Sizeof(uintptr(0))))+1])) = uint32(offset)
// 	err = writeData(pid, alignedAddr, originalData)
// 	if err != nil {
// 		return err
// 	}
// 	return nil
// }

func modifyReleaseFuncEnter(pid int, originEnterAddr, debugEnterAddr uintptr) error {
	// 读取原始数据 - 需要12字节来存储完整的跳转指令
	alignedAddr := originEnterAddr & ^(uintptr(unsafe.Sizeof(uintptr(0))) - 1)
	originalData, err := readDataBytes(pid, alignedAddr, 12)
	if err != nil {
		return err
	}

	offset := originEnterAddr % uintptr(unsafe.Sizeof(uintptr(0)))

	// 写入AMD64的绝对跳转指令: mov rax, addr; jmp rax
	originalData[offset] = 0x48   // REX.W prefix
	originalData[offset+1] = 0xb8 // mov rax, imm64
	// 按小端序写入64位地址
	originalData[offset+2] = byte(debugEnterAddr)
	originalData[offset+3] = byte(debugEnterAddr >> 8)
	originalData[offset+4] = byte(debugEnterAddr >> 16)
	originalData[offset+5] = byte(debugEnterAddr >> 24)
	originalData[offset+6] = byte(debugEnterAddr >> 32)
	originalData[offset+7] = byte(debugEnterAddr >> 40)
	originalData[offset+8] = byte(debugEnterAddr >> 48)
	originalData[offset+9] = byte(debugEnterAddr >> 56)
	originalData[offset+10] = 0xff // jmp rax
	originalData[offset+11] = 0xe0

	err = writeDataBytes(pid, alignedAddr, originalData)
	if err != nil {
		return err
	}
	return nil
}

func restoreOriginalInstructions(pid int, addr uintptr, instructions []byte) error {
	// alignedAddr := addr & ^(uintptr(unsafe.Sizeof(uintptr(0))) - 1)
	// originalData, err := readData(pid, alignedAddr)
	originalData, err := readDataBytes(pid, addr, len(instructions))
	if err != nil {
		return err
	}

	// bytes := (*[8]byte)(unsafe.Pointer(&originalData))
	// for i := 0; i < len(instructions); i++ {
		// bytes[addr%uintptr(unsafe.Sizeof(uintptr(0)))+uintptr(i)] = instructions[i]
	// }

	// offset := addr % uintptr(unsafe.Sizeof(uintptr(0)))

	for i := 0; i < len(instructions); i++ {
		originalData[i] = instructions[i]
	}

	// err = writeData(pid, alignedAddr, originalData)
	err = writeDataBytes(pid, addr, originalData)
	if err != nil {
		return err
	}
	return nil
}

//	func main() {
//		flag.StringVar(&PID, "p", "", "PID")
//		flag.Parse()
//		pidStr := PID // 替换为目标进程的 PID
//		pid, err := strconv.Atoi(pidStr)
//		if err != nil {
//			log.Fatalf("Invalid PID: %v", err)
//		}
//		functionName := "Java_java_net_SocketOutputStream_socketWrite0"
//		libraryName := "libnet.so"
//
//		cwLibraryName := "cwlibnet.so"
//		cwLibraryPath := "/root/cwlibnet.so"
//
//		jvmInjector := &JvmInjector{
//			pid: pid,
//			ReleaseLibNetInfo: LibNetInfo{
//				libName: libraryName,
//				FuncSymbol: instInfo{
//					SymName: functionName,
//				},
//			},
//			DebugLibNetInfo: LibNetInfo{
//				// TODO 根据版本设置
//				libName: cwLibraryName,
//				// TODO 根据版本设置
//				libPath: cwLibraryPath,
//				FuncSymbol: instInfo{
//					SymName: functionName,
//				},
//			},
//		}
//
//		err = jvmInject(jvmInjector)
//		fmt.Println(err)
//	}

func JvmInject(jvmInjector *JvmInjector) error {
	pid := jvmInjector.Pid
	var err error
	err = jvmInjector.InitProg()
	// Debug版本无需修改寄存器
	// 已经加载so并指令修改正确的
	if jvmInjector.PreCheck.EbpfCanInjection {
		klog.Infoln("[inject] eBPF can injection.")
		return nil
	}

	if err != nil {
		klog.WithError(err).Errorf("[inject] Error message during release phase.")
		return err
	}

	// 原指令校验通过
	if !jvmInjector.PreCheck.NeedInjectionCheck {
		return err
	}
	printCodeData(jvmInjector.ReleaseLibNetInfo)
	_type, _, err := FindLibBaseByPathFromProcMaps(pid, jvmInjector.DebugLibNetInfo.ProcLoadPath)
	if err != nil {
		// load so
		if _type == 1 {
			klog.Infoln("[inject] start load so.")
			resCode := jvmInjector.jvmInjectLib()
			if resCode == 0 {
				klog.Infof("[inject] load so successful. proc load path is [%s], file path in node is [%s]", jvmInjector.DebugLibNetInfo.ProcLoadPath, jvmInjector.DebugLibNetInfo.LibPath)
				jvmInjector.PreCheck.LoadingCheck = true
			} else {
				klog.Errorf("[inject] Failed load so. so path is [%s]", jvmInjector.DebugLibNetInfo.LibPath)
				return fmt.Errorf("[inject] Failed load so. code is %d so path is [%s]", resCode, jvmInjector.DebugLibNetInfo.LibPath)
			}
		}
	} else {
		klog.Infoln("[inject] so already loaded.")
		jvmInjector.PreCheck.LoadingCheck = true
	}

	if !jvmInjector.PreCheck.LoadingCheck {
		klog.Infof("Failed load so")
		return err
	}

	err = jvmInjector.findDebugFuncContextFromLibPath()
	if err != nil {
		klog.WithError(err).Errorf("[inject] Failed to find debug Func Context from libPath")
		return err
	}

	if !jvmInjector.validateAllPreCheck() {
		klog.Errorf("[inject] validateAllPreCheck failed: "+
			"NeedInjectionCheck=%v, LoadingCheck=%v, IoFdCheck=%v, NetSendFuncCheck=%v",
			jvmInjector.PreCheck.NeedInjectionCheck,
			jvmInjector.PreCheck.LoadingCheck,
			jvmInjector.PreCheck.IoFdCheck,
			jvmInjector.PreCheck.NetSendFuncCheck,
		)
		return err
	}
	// 修改
	debugFuncEnterAddr := uintptr(jvmInjector.DebugLibNetInfo.FuncSymbol.SymAddr)
	debugFuncGetTTLEnterAddr := uintptr(jvmInjector.DebugLibNetInfo.FuncGetTTLSymbol.SymAddr)
	debugFuncConvert0EnterAddr := uintptr(jvmInjector.DebugLibNetInfo.FuncConvert0Symbol.SymAddr)
	debugIoFdAddr := uintptr(jvmInjector.DebugLibNetInfo.InnerSymbol.IO_fd_fdID.SymAddr)
	debugNetSendAddr := uintptr(jvmInjector.DebugLibNetInfo.InnerSymbol.NET_Send.SymAddr)

	originFuncEnterAddr := uintptr(jvmInjector.ReleaseLibNetInfo.FuncSymbol.SymAddr)
	ioFdReleaseTargetAddr := uintptr(jvmInjector.ReleaseLibNetInfo.InnerSymbol.IO_fd_fdID.TargetAddr)
	netSendReleaseTargetAddr := uintptr(jvmInjector.ReleaseLibNetInfo.InnerSymbol.NET_Send.TargetAddr)

	klog.Infof("<0x%x> -> <0x%x>\n", originFuncEnterAddr, debugFuncEnterAddr)
	klog.Infof("<0x%x> -> <0x%x>\n", debugIoFdAddr, ioFdReleaseTargetAddr)
	klog.Infof("<0x%x> -> <0x%x>\n", debugNetSendAddr, netSendReleaseTargetAddr)
	klog.Infof("conver0 -> <0x%x>\n", debugFuncConvert0EnterAddr)
	klog.Infof("getttl -> <0x%x>\n", debugFuncGetTTLEnterAddr)

	// 附加到目标进程
	klog.Infof("attach")
	err = syscall.PtraceAttach(pid)
	if err != nil {
		klog.Errorf("ptrace ATTACH: %v", err)
	}

	// 等待目标进程停止
	klog.Infof("attach Wait")
	if _, err := syscall.Wait4(pid, nil, 0, nil); err != nil {
		klog.Errorf("wait4: %v", err)
		return err
	}
	//time.Now().UnixNano()
	// 修改目标的内存
	klog.Infof("modifyIoFdTargetAddr")
	err = modifyIoFdTargetAddr(pid, debugIoFdAddr, ioFdReleaseTargetAddr, debugFuncGetTTLEnterAddr)
	if err != nil {
		klog.Error(err)
		PtraceDetach(pid)
		return err
	}

	klog.Infof("modifyNetSetTargetAddr")
	err = modifyNetSetTargetAddr(pid, debugNetSendAddr, netSendReleaseTargetAddr, debugFuncConvert0EnterAddr)
	if err != nil {
		klog.Error(err)
		PtraceDetach(pid)
		return err
	}
	// 二次效验 读取并验证地址
	klog.Infof("checkDebugFuncSymAfterChange")
	_, err = jvmInjector.checkDebugFuncSymAfterChange()
	printCodeData(jvmInjector.ReleaseLibNetInfo)
	printCodeData(jvmInjector.DebugLibNetInfo)
	// 效验目标函数内地址是否与预期一致
	if !jvmInjector.validateAllModifyCheck() && err == nil {
		klog.WithError(err).Errorf("[inject] failed validateAllModifyCheck")
		PtraceDetach(pid)
		return err
	}
	// 更新函数入口
	klog.Infof("modifyReleaseFuncEnter")
	// 计算地址差
	diff := originFuncEnterAddr - debugFuncEnterAddr
	if diff < 0 {
		diff = -diff
	}
	// 检查是否超过 2GB
	if diff > (1 << 31) {
		klog.Infof("[inject] originFuncEnterAddr(0x%x) and debugFuncEnterAddr(0x%x) distance > 2GB",
			originFuncEnterAddr, debugFuncEnterAddr)
	}
	err = modifyReleaseFuncEnter(pid, originFuncEnterAddr, debugFuncEnterAddr)
	if err != nil {
		klog.WithError(err).Errorf("[inject] failed modifyReleaseFuncEnter")
		PtraceDetach(pid)
		return err
	}
	// 校验jmp地址修改正确 临时注释
	klog.Infof("checkReleaseFuncSymAfterChange")
	errReleaseFuncSymAfterChange := jvmInjector.checkReleaseFuncSymAfterChange()
	if errReleaseFuncSymAfterChange != nil {
		klog.WithError(errReleaseFuncSymAfterChange).Errorf("[inject] failed checkReleaseFuncSymAfterChange")
		// 回滚
		if len(jvmInjector.ReleaseLibNetInfo.FuncSymbol.OriginCode) == ORIGIN_CODE_LEN {
			err = restoreOriginalInstructions(pid, originFuncEnterAddr, jvmInjector.ReleaseLibNetInfo.FuncSymbol.OriginCode)
			if err != nil {
				klog.WithError(err).Errorf("[inject] failed restoreOriginalInstructions")
				PtraceDetach(pid)
				return err
			}
		}
		//PtraceDetach(pid)
		//return errReleaseFuncSymAfterChange
	}

	return PtraceDetach(pid)
}

func PtraceDetach(pid int) error {
	// 恢复执行
	klog.Infof("Detach")
	if err := syscall.PtraceDetach(pid); err != nil {
		klog.Errorf("ptrace DETACH: %v", err)
		return err
	}
	return nil
}