yf0994
commented
8 years ago 通过Native hook将nativeOpen的路径修改一下就可以了
Open zhx00100 opened 8 years ago
yf0994
commented
8 years ago 通过Native hook将nativeOpen的路径修改一下就可以了
zhx00100
commented
8 years ago @yf0994 你是说用NativeIORedirect这个项目重定向吗? 那样的话通配性不好吧。 或者能上个实例代码看看吗?
247321453
commented
8 years ago 不是io重定向,是sqlite的nativeOpen方法
zhx00100
commented
8 years ago 最好还是要hook 类的方法,代理的方式,通过修改参数解决这个问题吧
zhx00100
commented
8 years ago @247321453 对nativeOpen这个方法要如何操作呢?
247321453
commented
8 years ago legend这个框架,我hook住了,但是第一次启动hook住不了,之后才可以hook住
zhx00100
commented
8 years ago @247321453 legend框架不稳, 我在模拟器和三星s6 edge+上都 so崩溃
247321453
commented
8 years ago 。。。我就是模拟器测试的,挺ok的(4.2,4.4)
zhx00100
commented
8 years ago 我hook的 opendatabase, 你呢? 可以把代码贴上看看吗
zhx00100
commented
8 years ago Genymotion 4.4必崩, 6.0也hook失败
247321453
commented
8 years ago @Hook(value = "android.database.sqlite.SQLiteDatabase::openDatabase@java.lang.String#android.database.sqlite.SQLiteDatabase$CursorFactory#int#android.database.DatabaseErrorHandler", minApi = 14) public static void SQLiteDatabase_openDatabaseV14(SQLiteDatabase object, String path, SQLiteDatabase.CursorFactory factory, int flags, DatabaseErrorHandler errorHandler) { path = replaceDataDir(path); try { HookManager.getDefault().callSuper(null, path, factory, flags, errorHandler); } catch (Exception e) {
}
}咱俩版本不一样么。。。 minApi哪来的
247321453
commented
8 years ago 这个我加的,根据api来选择hook,不过在5.1以上的x86,我这边是无法hook
zhx00100
commented
8 years ago 6.0崩的 Abort message: 'art/runtime/art_method.cc:214] Failed to find Dex offset for PC offset 0x912da670(PC 0x72776eec, entry_point=0xe149c87c current entry_point=0xe149c87c) in void com.morgoo.droidplugin.hook.xhook.SQLiteDatabaseHook.SQLiteDatabase_openDatabase(android.database.sqlite.SQLiteDatabase, java.lang.String, android.database.sqlite.SQLiteDatabase$CursorFactory, int, android.database.DatabaseErrorHandler)'
zhx00100
commented
8 years ago 我这些都是在x86模拟器
zhx00100
commented
8 years ago 4.4.4崩的 Unable to find method Lcom/morgoo/droidplugin/hook/xhook/SQLiteDatabaseHook;.openDatabase (Ljava/lang/String;Landroid/database/sqlite/SQLiteDatabase$CursorFactory;ILandroid/database/DatabaseErrorHandler;)Landroid/database/sqlite/SQLiteDatabase; in DEX file!
247321453
commented
8 years ago 难怪,是你少了个参数
zhx00100
commented
8 years ago 少啥了? 4个参数嘛。 4.4.4可以了, 但是要把hook代码挪到PluginApplication里执行, 6.0依然跪
Abort message: 'art/runtime/art_method.cc:214] Failed to find Dex offset for PC offset 0x91522aa0(PC 0x72776eec, entry_point=0xe125444c current entry_point=0xe125444c) in void com.morgoo.droidplugin.PluginApplication.SQLiteDatabase_openDatabase(android.database.sqlite.SQLiteDatabase, java.lang.String, android.database.sqlite.SQLiteDatabase$CursorFactory, int, android.database.DatabaseErrorHandler)'
247321453
commented
8 years ago 是的,hook是ok,但是替换方法失败。
zhx00100
commented
8 years ago 对, 看到hook成功, 但是6.0调用的时候就c代码崩了, 悲剧。真的不稳
zhx00100
commented
8 years ago 5.0可以, 5.1又跪了。 看来x86的 5.1+不行啊 art/runtime/mirror/art_method.cc:178] Failed to find Dex offset for PC offset 0xcf789333(PC 0x730792cf, entry_point=0xa38eff9c) in void com.morgoo.droidplugin.PluginApplication.SQLiteDatabase_openDatabase(android.database.sqlite.SQLiteDatabase, java.lang.String, android.database.sqlite.SQLiteDatabase$CursorFactory, int, android.database.DatabaseErrorHandler)
247321453
commented
8 years ago 大哥,你用arm手机测试看看,我这边只有x86的
zhx00100
commented
8 years ago 三星s6edge+6.0.1跪: /data/app/com.example.TestPlugin-2/oat/arm/base.odex (offset 0x45f000) (void com.morgoo.droidplugin.PluginApplication.SQLiteDatabase_openDatabase(android.database.sqlite.SQLiteDatabase, java.lang.String, android.database.sqlite.SQLiteDatabase$CursorFactory, int, android.database.DatabaseErrorHandler)+896)
nexus5 4.4.4 可以。 现在看5.1以上就不行啊
247321453
commented
8 years ago @zhx00100 我做了个处理minApi = 11, maxApi = 20,这样不会异常崩了,最多是数据库打不开,暂时的解决办法
zhx00100
commented
8 years ago @247321453 这样没意思啊, 不能支持5.1 6.0 还做啥。。。 太有限了
247321453
commented
8 years ago 用SQLiteDatabaseHelper,目前我只发现友盟的sdk是用这玩意。
zhx00100
commented
8 years ago @247321453 就是加载带有友盟SDK的app时,遇到问题的 友盟6.0.1sdk代码: public static String a(Context paramContext) { return "/data/data/" + paramContext.getPackageName() + "/databases/cc/"; }
247321453
commented
8 years ago 大哥,其实还有另外一个方法,修改友盟的jar,那个方法改一下。
zhx00100
commented
8 years ago @247321453 任意APK使用友盟, 没法避免, 除非是自己的代码才行, 若自己的代码, 直接复写context的openOrCreateDatabase就可以了
247321453
commented
8 years ago 那现在有2个问题:x86的art方法兼容;其他arm的rom适配。
zhx00100
commented
8 years ago JNI太不靠谱
tongmutou
commented
7 years ago @zhx00100 请问友盟这个数据库的问题后来你解决了吗?
06-26 21:35:12.957 2167-2201/com.example.TestPlugin:PluginP04 E/SQLiteDatabase: Failed to open database '/data/data/com.test.test/databases/cc/cc.db'. android.database.sqlite.SQLiteCantOpenDatabaseException: unknown error (code 14): Could not open database at android.database.sqlite.SQLiteConnection.nativeOpen(Native Method) at android.database.sqlite.SQLiteConnection.open(SQLiteConnection.java:207) at android.database.sqlite.SQLiteConnection.open(SQLiteConnection.java:191) at android.database.sqlite.SQLiteConnectionPool.openConnectionLocked(SQLiteConnectionPool.java:463) at android.database.sqlite.SQLiteConnectionPool.open(SQLiteConnectionPool.java:185) at android.database.sqlite.SQLiteConnectionPool.open(SQLiteConnectionPool.java:177) at android.database.sqlite.SQLiteDatabase.openInner(SQLiteDatabase.java:806) at android.database.sqlite.SQLiteDatabase.open(SQLiteDatabase.java:791) at android.database.sqlite.SQLiteDatabase.openDatabase(SQLiteDatabase.java:694) at android.database.sqlite.SQLiteDatabase.openOrCreateDatabase(SQLiteDatabase.java:717) at u.aly.e.openOrCreateDatabase(UMCCPathDatabaseContext.java:44) at android.database.sqlite.SQLiteOpenHelper.getDatabaseLocked(SQLiteOpenHelper.java:223) at android.database.sqlite.SQLiteOpenHelper.getWritableDatabase(SQLiteOpenHelper.java:163) at u.aly.c.b(UMCCDBHelper.java:56) at u.aly.c.(UMCCDBHelper.java:51)