android操作系统在5.0之后加入了对64位程序的支持，同时兼容运行32位的进程

android的进程绝大部分是zygote父进程fork出来的子进程

zygote进程fork出来的进程是32位进程

zygote64进程fork出来的进程是64位进程

但是有一些在zygote启动之前的进程，那就是init进程fork出来的，都属于64bit进程

zygote进程在fork出子进程之后，更改了进程的名字(setNiceName)

如果想根据进程名找到进程文件，通过读取elf头的方法来判断目标进程的elf bit

不是太理想

 

通过man proc查阅文档可以知道，解析目标进程的auxv文件可以判断elf bit

内核支持从2.6开始，android的内核版本在这之后，检测auxv文件判断elf bit是可靠的

 

先上makefile，Application.mk

APP_ABI := arm64-v8a APP_PLATFORM := android-21

只编译64位的版本，如果系统无法跑64位程序，证明整个系统都是32位的

Android.mk

# Copyright (C) 2009 The Android Open Source Project## Licensed under the Apache License, Version 2.0 (the "License");# you may not use this file except in compliance with the License.# You may obtain a copy of the License at##      http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an "AS IS" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.#LOCAL_PATH := $(call my-dir)include $(CLEAR_VARS)LOCAL_MODULE    := auxvLOCAL_SRC_FILES := auxv.cLOCAL_ARM_MODE := arminclude $(BUILD_EXECUTABLE)

源码auxv.c

#include 
     
      #include 
      
       #include 
       
        #include 
        
         /* * Parsing auxv: if you parse the auxv structure yourself (not relying on the dynamic loader), then there's  * a bit of a conundrum: the auxv structure follows the rule of the process it describes, so sizeof(unsigned  * long) will be 4 for 32-bit processes and 8 for 64-bit processes. We can make this work for us. In  * order for this to work on 32-bit systems, all key codes must be 0xffffffff or less. On a 64-bit system, * the most significant 32 bits will be zero. Intel machines are little endians, so these 32 bits follow * the least significant ones in memory. * As such, all you need to do is: * 1. Read 16 bytes from the `auxv` file. * 2. Is this the end of the file? * 3.   Then it's a 64-bit process. * 4.   Done. * 5. Is buf[4], buf[5], buf[6] or buf[7] non-zero? * 6.   Then it's a 32-bit process. * 7.   Done. * 8. Go to 1. */int check_auxv(int pid){    if(pid < 0)    {        printf("invalid process id\n");        return -1;    }    char auxv[256];    snprintf(auxv, 256, "/proc/%d/auxv", pid);    int fd = open(auxv, O_RDONLY);    if(fd < 0)    {        printf("%s does not exist\nprocess %d maybe running in 32 bit elf mode", auxv, pid);        return 0;    }    const int SIZE = 16;    char buf[SIZE];    do {        int nread = read(fd, buf, SIZE);        if(nread < SIZE)        {            printf("process %d running in 64 bit elf mode\n", pid);            break;        }                if(buf[4] && buf[5] && buf[6])        {            printf("process %d running in 32 bit elf mode @ line %d\n", pid, __LINE__);            printf("%x, %x, %x, %x\n", buf[4], buf[5], buf[6], buf[7]);            break;        }        else if(buf[7])        {            printf("process %d running in 32 bit elf mode\n", pid);            break;        }    } while(1);    close(fd);    return 0;}int main(int argc, char* argv[]){    if(argc <= 1)    {        printf("usage:auxv pid1 [pid2 pid3 ...]\n");        return 0;    }    int i = 0;    for(i = 1; i < argc; ++i)    {        int pid = atoi(argv[i]);        check_auxv(pid);    }        return 0;}
        
       
      
     

编译命令

call ndk-build NDK_PROJECT_PATH=. NDK_APPLICATION_MK=./Application.mk

 

目录结构

|---Application.mk|---build.bat|---jni||---Android.mk||---auxv.c