search

LSPosed / LSPlant

A hook framework for Android Runtime (ART)
https://lsposed.org/LSPlant/
GNU Lesser General Public License v3.0
890 stars 220 forks source link

ZTE A606 v27 arm64 hook虽然成功返回方法备份,但方法并没有被hook #33

Closed eirv closed 1 year ago

eirv commented 1 year ago

InlineHookFunType,InlineUnhookFunType,ArtSymbolResolver,ArtSymbolPrefixResolver均已实现且可正常使用,只在这台设备无法hook,其他设备都能正常hook LSPlant为最新一次提交debug版 logcat如下:

--------- beginning of main
12-20 17:35:43.821 13042 13042 I zygote64: Late-enabling -Xcheck:jni
12-20 17:35:44.175 13042 13042 I LoadedApk: No resource references to update in package androidzte
12-20 17:35:44.210 13042 13042 I Settings: Requested generation tracker for type: /global in package:com.example.lsptest and user:0
12-20 17:35:44.214 13042 13042 I Settings: Received generation tracker for type:/global in package:com.example.lsptest and user:0 with index:0
12-20 17:35:44.317 13042 13042 W asset   : addOverlayPath: packagePath: /data/resource-cache/theme/default_theme_01/androidzte/, idmapPath Path: /data/resource-cache/theme/default_theme_01/androidzte/idmap, resApkPath /data/resource-cache/theme/default_theme_01/androidzte/resources.apk
12-20 17:35:44.378 13042 13042 E BitmapFactory: Unable to decode stream: java.io.FileNotFoundException: /data/resource-cache/cache/icon-cache/icon/icon/com_example_lsptest.png (No such file or directory)
12-20 17:35:44.393 13042 13042 I IconPackHelper: translateBitMap bmp = android.graphics.Bitmap@b5422d1
12-20 17:35:44.431 13042 13042 I IconPackHelper: light = 54 start = 66 end = 100
12-20 17:35:44.431 13042 13042 I IconPackHelper: light = 54 start = 0 end = 65
12-20 17:35:44.443 13042 13042 I IconPackHelper: translateBitMap bgBmp = android.graphics.Bitmap@414b136 maskBmp = android.graphics.Bitmap@921837
12-20 17:35:44.443 13042 13042 I IconPackHelper: translateBitMap overlap = 0
12-20 17:35:44.942 13042 13042 W System.err: java.lang.Exception: Stack trace
12-20 17:35:44.942 13042 13042 W System.err:    at java.lang.Thread.dumpStack(Thread.java:1348)
12-20 17:35:44.943 13042 13042 W System.err:    at com.example.lsptest.MainActivity.test(MainActivity.java:32)
12-20 17:35:44.943 13042 13042 W System.err:    at com.example.lsptest.MainActivity.onCreate(MainActivity.java:16)
12-20 17:35:44.943 13042 13042 W System.err:    at android.app.Activity.performCreate(Activity.java:7023)
12-20 17:35:44.944 13042 13042 W System.err:    at android.app.Activity.performCreate(Activity.java:7014)
12-20 17:35:44.944 13042 13042 W System.err:    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1214)
12-20 17:35:44.945 13042 13042 W System.err:    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2762)
12-20 17:35:44.945 13042 13042 W System.err:    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2889)
12-20 17:35:44.945 13042 13042 W System.err:    at android.app.ActivityThread.-wrap11(Unknown Source:0)
12-20 17:35:44.946 13042 13042 W System.err:    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1617)
12-20 17:35:44.946 13042 13042 W System.err:    at android.os.Handler.dispatchMessage(Handler.java:106)
12-20 17:35:44.947 13042 13042 W System.err:    at android.os.Looper.loop(Looper.java:164)
12-20 17:35:44.947 13042 13042 W System.err:    at android.app.ActivityThread.main(ActivityThread.java:6542)
12-20 17:35:44.947 13042 13042 W System.err:    at java.lang.reflect.Method.invoke(Native Method)
12-20 17:35:44.947 13042 13042 W System.err:    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
12-20 17:35:44.947 13042 13042 W System.err:    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:857)
12-20 17:35:44.948 13042 13042 I MainActivity: test = -1
12-20 17:35:44.948 13042 13042 I MainActivity: before hook
12-20 17:35:44.952 13042 13042 W linker  : "/data/app/com.example.lsptest-Zpn1qdRg_PchPja5bP__tg==/lib/arm64/libc++_shared.so" unused DT entry: type 0x70000001 arg 0x0
12-20 17:35:44.966 13042 13042 D LSPlant : art_method.hpp:186#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod size: 48
12-20 17:35:44.967 13042 13042 D LSPlant : art_method.hpp:240#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod::declaring_class offset: 0
12-20 17:35:44.967 13042 13042 D LSPlant : art_method.hpp:241#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod::entrypoint offset: 40
12-20 17:35:44.967 13042 13042 D LSPlant : art_method.hpp:242#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod::data offset: 32
12-20 17:35:44.967 13042 13042 D LSPlant : art_method.hpp:243#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod::access_flags offset: 4
12-20 17:35:44.973 13042 13042 E LSPTestNative: Symbol '_ZN3art11ClassLinker22FixupStaticTrampolinesEPNS_6ThreadENS_6ObjPtrINS_6mirror5ClassEEE' not found in elf libart.so
12-20 17:35:44.976 13042 13042 E LSPTestNative: Symbol '_ZN3art11ClassLinker14RegisterNativeEPNS_6ThreadEPNS_9ArtMethodEPKv' not found in elf libart.so
12-20 17:35:44.978 13042 13042 E LSPTestNative: Symbol '_ZN3art9ArtMethod14RegisterNativeEPKv' not found in elf libart.so
12-20 17:35:44.981 13042 13042 E LSPTestNative: Symbol '_ZN3art11ClassLinker16UnregisterNativeEPNS_6ThreadEPNS_9ArtMethodE' not found in elf libart.so
12-20 17:35:44.985 13042 13042 E LSPTestNative: Symbol '_ZN3art6mirror5Class9SetStatusENS_6HandleIS1_EENS_11ClassStatusEPNS_6ThreadE' not found in elf libart.so
12-20 17:35:44.990 13042 13042 D LSPlant : runtime.hpp:75#static bool lsplant::art::Runtime::Init(const lsplant::HookHandler &): runtime instance = 0x7092abd600
12-20 17:35:44.991 13042 13042 D LSPTestNative: LSPlant-Init return true
12-20 17:35:45.005 13042 13042 V LSPlant : lsplant.cc:505#bool lsplant::(anonymous namespace)::DoHook(lsplant::art::ArtMethod *, lsplant::art::ArtMethod *, lsplant::art::ArtMethod *): Hooking: target = int com.example.lsptest.MainActivity.test()(0x7116ef7050), hook = int LSPHooker_.test()(0x7114c34160), backup = int LSPHooker_.backup()(0x7114c34130)
12-20 17:35:45.006 13042 13042 V LSPlant : lsplant.cc:486#void *lsplant::(anonymous namespace)::GenerateTrampolineFor(art::ArtMethod *): trampoline: count = 0, address = 7115f4c000, target = 7115f4c000
12-20 17:35:45.006 13042 13042 V LSPlant : lsplant.cc:512#bool lsplant::(anonymous namespace)::DoHook(lsplant::art::ArtMethod *, lsplant::art::ArtMethod *, lsplant::art::ArtMethod *): Generated trampoline 0x7115f4c000
12-20 17:35:45.006 13042 13042 V LSPlant : lsplant.cc:528#bool lsplant::(anonymous namespace)::DoHook(lsplant::art::ArtMethod *, lsplant::art::ArtMethod *, lsplant::art::ArtMethod *): Done hook: target(0x7116ef7050:0x2080009) -> 0x7115f4c000; backup(0x7114c34130:0x2080009) -> 0x70927ff2b0; hook(0x7114c34160:0x2080009) -> 0x70927ff2b0
12-20 17:35:45.008 13042 13042 I MainActivity: backup = public static int LSPHooker_.test()
12-20 17:35:45.008 13042 13042 I MainActivity: after hook
12-20 17:35:45.008 13042 13042 W System.err: java.lang.Exception: Stack trace
12-20 17:35:45.009 13042 13042 W System.err:    at java.lang.Thread.dumpStack(Thread.java:1348)
12-20 17:35:45.010 13042 13042 W System.err:    at com.example.lsptest.MainActivity.test(MainActivity.java:32)
12-20 17:35:45.010 13042 13042 W System.err:    at com.example.lsptest.MainActivity.onCreate(MainActivity.java:28)
12-20 17:35:45.011 13042 13042 W System.err:    at android.app.Activity.performCreate(Activity.java:7023)
12-20 17:35:45.011 13042 13042 W System.err:    at android.app.Activity.performCreate(Activity.java:7014)
12-20 17:35:45.012 13042 13042 W System.err:    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1214)
12-20 17:35:45.012 13042 13042 W System.err:    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2762)
12-20 17:35:45.013 13042 13042 W System.err:    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2889)
12-20 17:35:45.014 13042 13042 W System.err:    at android.app.ActivityThread.-wrap11(Unknown Source:0)
12-20 17:35:45.014 13042 13042 W System.err:    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1617)
12-20 17:35:45.015 13042 13042 W System.err:    at android.os.Handler.dispatchMessage(Handler.java:106)
12-20 17:35:45.015 13042 13042 W System.err:    at android.os.Looper.loop(Looper.java:164)
12-20 17:35:45.016 13042 13042 W System.err:    at android.app.ActivityThread.main(ActivityThread.java:6542)
12-20 17:35:45.016 13042 13042 W System.err:    at java.lang.reflect.Method.invoke(Native Method)
12-20 17:35:45.017 13042 13042 W System.err:    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
12-20 17:35:45.017 13042 13042 W System.err:    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:857)
12-20 17:35:45.018 13042 13042 I MainActivity: test = -1
12-20 17:35:45.038 13042 13042 I SurfaceFactory: [static] sSurfaceFactory = com.mediatek.view.impl.SurfaceFactoryImpl@fc4b10e
12-20 17:35:45.050 13042 13042 D WindowClient: Add to mViews: DecorView@2f19ec5[MainActivity], this = android.view.WindowManagerGlobal@9ed01amViews.size()=1
12-20 17:35:45.052 13042 13042 D OpenGLRenderer: Dumper init 2 threads <0x7087397b00>
12-20 17:35:45.053 13042 13042 D OpenGLRenderer: <com.example.lsptest> is running.
12-20 17:35:45.059 13042 13042 D ViewRootImpl[MainActivity]: hardware acceleration = true , fakeHwAccelerated = false, sRendererDisabled = false, forceHwAccelerated = false, sSystemRendererDisabled = false
12-20 17:35:45.066 13042 13042 V PhoneWindow: DecorView setVisiblity: visibility = 0, Parent = ViewRoot{522b74b com.example.lsptest/com.example.lsptest.MainActivity,ident = 0}, this = DecorView@2f19ec5[MainActivity]
12-20 17:35:45.112 13042 13042 D Surface : Surface::allocateBuffers(this=0x707cddd000)
12-20 17:35:45.112 13042 13042 W RenderThread: type=1400 audit(0.0:500): avc: denied { search } for name="clients" dev="debugfs" ino=7234 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:debugfs_ion:s0 tclass=dir permissive=0
12-20 17:35:45.126 13042 13069 I zygote64: android::hardware::configstore::V1_0::ISurfaceFlingerConfigs::hasWideColorDisplay retrieved: 0
12-20 17:35:45.127 13042 13069 I OpenGLRenderer: Initialized EGL, version 1.4
12-20 17:35:45.127 13042 13069 D OpenGLRenderer: Swap behavior 2
12-20 17:35:45.143 13042 13069 D OpenGLRenderer: [init] completed
12-20 17:35:45.143 13042 13069 D HWUIExtension: MTKProgramCache.init: enable enhancement 1
12-20 17:35:45.143 13042 13069 I HWUIExtension: Get disable program binary service property (0)
12-20 17:35:45.143 13042 13069 I HWUIExtension: Initializing program atlas...
12-20 17:35:45.144 13042 13069 I ProgramBinary/Service: ProgramBinaryService client side disable debugging.
12-20 17:35:45.145 13042 13069 I ProgramBinary/Service: ProgramBinaryService client side disable binary content debugging.
12-20 17:35:45.145 13042 13069 D ProgramBinary/Service: BpProgramBinaryService.getReady
12-20 17:35:45.145 13042 13069 D ProgramBinary/Service: zhiyin- 1 BpProgramBinaryService::getReady()
12-20 17:35:45.146 13042 13069 D ProgramBinary/Service: zhiyin- 2 BpProgramBinaryService::getReady()
12-20 17:35:45.146 13042 13069 D ProgramBinary/Service: BpProgramBinaryService.getProgramBinaryData
12-20 17:35:45.146 13042 13069 I HWUIExtension: Program binary detail: Binary length is 314660, program map length is 104.
12-20 17:35:45.147 13042 13069 I HWUIExtension: Succeeded to mmap program binaries. File descriptor is 66, and path is /dev/ashmem.
12-20 17:35:45.147 13042 13069 I HWUIExtension: No need to use file discriptor anymore, close fd(66).
12-20 17:35:45.147 13042 13069 D HWUIExtension: Dumper init 2 threads <0x707c294b00>
12-20 17:35:45.147 13042 13069 D HWUIExtension: <com.example.lsptest> is running.
12-20 17:35:45.148 13042 13069 D HWUIExtension: Initializing program cache from 0x0, size = -1
12-20 17:35:45.148 13042 13069 D Surface : Surface::connect(this=0x707cddd000,api=1)
12-20 17:35:45.173 13042 13069 D HWUIExtension: MTKProgramCache.generateProgram: 0
12-20 17:35:45.174 13042 13069 D HWUIExtension: createProgram 0x0000000000000000, binary 0x708776f000, length 10736, format 37168 within 1056ns
12-20 17:35:45.183 13042 13069 D HWUIExtension: MTKProgramCache.generateProgram: 240518168576
12-20 17:35:45.184 13042 13069 D HWUIExtension: createProgram 0x0000003800000000, binary 0x7087774661, length 11450, format 37168 within 720ns
12-20 17:35:45.189 13042 13069 D HWUIExtension: MTKProgramCache.generateProgram: 562984313159683
12-20 17:35:45.190 13042 13069 D HWUIExtension: createProgram 0x0002000800000003, binary 0x7087782603, length 11471, format 37168 within 695ns
12-20 17:35:45.992 13042 13042 V PhoneWindow: DecorView setVisiblity: visibility = 4, Parent = ViewRoot{522b74b com.example.lsptest/com.example.lsptest.MainActivity,ident = 0}, this = DecorView@2f19ec5[MainActivity]
12-20 17:35:46.026 13042 13069 D Surface : Surface::disconnect(this=0x707cddd000,api=1)
yujincheng08 commented 1 year ago

你是怎么验证“没被hook”的?

yujincheng08 commented 1 year ago

12-20 17:35:44.973 13042 13042 E LSPTestNative: Symbol '_ZN3art11ClassLinker22FixupStaticTrampolinesEPNS_6ThreadENS_6ObjPtrINS_6mirror5ClassEEE' not found in elf libart.so 12-20 17:35:44.976 13042 13042 E LSPTestNative: Symbol '_ZN3art11ClassLinker14RegisterNativeEPNS_6ThreadEPNS_9ArtMethodEPKv' not found in elf libart.so 12-20 17:35:44.978 13042 13042 E LSPTestNative: Symbol '_ZN3art9ArtMethod14RegisterNativeEPKv' not found in elf libart.so 12-20 17:35:44.981 13042 13042 E LSPTestNative: Symbol '_ZN3art11ClassLinker16UnregisterNativeEPNS_6ThreadEPNS_9ArtMethodE' not found in elf libart.so 12-20 17:35:44.985 13042 13042 E LSPTestNative: Symbol '_ZN3art6mirror5Class9SetStatusENS_6HandleIS1_EENS_11ClassStatusEPNS_6ThreadE' not found in elf libart.so

eirv commented 1 year ago

你是怎么验证“没被hook”的?

target方法返回值永远是-1,callback方法返回值永远是Integer.MIN_VALUE,hook之后仅在这台设备返回值为-1,其他设备返回值为Integer.MIN_VALUE,hook前后调用Thread#dumpStack仅在这台设备没有出现callback方法

yujincheng08 commented 1 year ago

从上面看到几个符号没找到,所以导致 static 方法 hook 不上。日志上也没看到 static 方法第一次调用时候会有的 fixup trampoline 的日志。你可以试试改成非 static 方法,如果可以那就证明是那几个符号的问题。

eirv commented 1 year ago

非static方法也还是无法hook logcat如下。:

--------- beginning of main
12-21 11:19:39.962  5158  5158 I zygote64: Late-enabling -Xcheck:jni
12-21 11:19:40.124  5158  5158 I LoadedApk: No resource references to update in package androidzte
12-21 11:19:40.153  5158  5158 I Settings: Requested generation tracker for type: /global in package:com.example.lsptest and user:0
12-21 11:19:40.158  5158  5158 I Settings: Received generation tracker for type:/global in package:com.example.lsptest and user:0 with index:0
12-21 11:19:40.243  5158  5158 W asset   : addOverlayPath: packagePath: /data/resource-cache/theme/default_theme_01/androidzte/, idmapPath Path: /data/resource-cache/theme/default_theme_01/androidzte/idmap, resApkPath /data/resource-cache/theme/default_theme_01/androidzte/resources.apk
12-21 11:19:40.316  5158  5158 E BitmapFactory: Unable to decode stream: java.io.FileNotFoundException: /data/resource-cache/cache/icon-cache/icon/icon/com_example_lsptest.png (No such file or directory)
12-21 11:19:40.332  5158  5158 I IconPackHelper: translateBitMap bmp = android.graphics.Bitmap@9e32bd3
12-21 11:19:40.366  5158  5158 I IconPackHelper: light = 54 start = 66 end = 100
12-21 11:19:40.367  5158  5158 I IconPackHelper: light = 54 start = 0 end = 65
12-21 11:19:40.377  5158  5158 I IconPackHelper: translateBitMap bgBmp = android.graphics.Bitmap@5462310 maskBmp = android.graphics.Bitmap@bebfe09
12-21 11:19:40.378  5158  5158 I IconPackHelper: translateBitMap overlap = 0
12-21 11:19:40.418  5158  5158 W System.err: java.lang.Exception: Stack trace
12-21 11:19:40.419  5158  5158 W System.err:    at java.lang.Thread.dumpStack(Thread.java:1348)
12-21 11:19:40.420  5158  5158 W System.err:    at com.example.lsptest.MainActivity.test(MainActivity.java:36)
12-21 11:19:40.420  5158  5158 W System.err:    at com.example.lsptest.MainActivity.onCreate(MainActivity.java:17)
12-21 11:19:40.420  5158  5158 W System.err:    at android.app.Activity.performCreate(Activity.java:7023)
12-21 11:19:40.421  5158  5158 W System.err:    at android.app.Activity.performCreate(Activity.java:7014)
12-21 11:19:40.422  5158  5158 W System.err:    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1214)
12-21 11:19:40.422  5158  5158 W System.err:    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2762)
12-21 11:19:40.423  5158  5158 W System.err:    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2889)
12-21 11:19:40.423  5158  5158 W System.err:    at android.app.ActivityThread.-wrap11(Unknown Source:0)
12-21 11:19:40.424  5158  5158 W System.err:    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1617)
12-21 11:19:40.424  5158  5158 W System.err:    at android.os.Handler.dispatchMessage(Handler.java:106)
12-21 11:19:40.425  5158  5158 W System.err:    at android.os.Looper.loop(Looper.java:164)
12-21 11:19:40.425  5158  5158 W System.err:    at android.app.ActivityThread.main(ActivityThread.java:6542)
12-21 11:19:40.425  5158  5158 W System.err:    at java.lang.reflect.Method.invoke(Native Method)
12-21 11:19:40.426  5158  5158 W System.err:    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
12-21 11:19:40.426  5158  5158 W System.err:    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:857)
12-21 11:19:40.426  5158  5158 I MainActivity: test = -1
12-21 11:19:40.427  5158  5158 I MainActivity: before hook
12-21 11:19:40.427  5158  5158 I MainActivity: target = public int com.example.lsptest.MainActivity.test()
12-21 11:19:40.431  5158  5158 W linker  : "/data/app/com.example.lsptest-QVbJTma9570TF1yn-jzIRw==/lib/arm64/libc++_shared.so" unused DT entry: type 0x70000001 arg 0x0
12-21 11:19:40.449  5158  5158 D LSPlant : art_method.hpp:186#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod size: 48
12-21 11:19:40.449  5158  5158 D LSPlant : art_method.hpp:240#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod::declaring_class offset: 0
12-21 11:19:40.449  5158  5158 D LSPlant : art_method.hpp:241#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod::entrypoint offset: 40
12-21 11:19:40.449  5158  5158 D LSPlant : art_method.hpp:242#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod::data offset: 32
12-21 11:19:40.449  5158  5158 D LSPlant : art_method.hpp:243#static bool lsplant::art::ArtMethod::Init(JNIEnv *, const lsplant::HookHandler): ArtMethod::access_flags offset: 4
12-21 11:19:40.456  5158  5158 E LSPTestNative: Symbol '_ZN3art11ClassLinker22FixupStaticTrampolinesEPNS_6ThreadENS_6ObjPtrINS_6mirror5ClassEEE' not found in elf libart.so
12-21 11:19:40.460  5158  5158 E LSPTestNative: Symbol '_ZN3art11ClassLinker14RegisterNativeEPNS_6ThreadEPNS_9ArtMethodEPKv' not found in elf libart.so
12-21 11:19:40.462  5158  5158 E LSPTestNative: Symbol '_ZN3art9ArtMethod14RegisterNativeEPKv' not found in elf libart.so
12-21 11:19:40.465  5158  5158 E LSPTestNative: Symbol '_ZN3art11ClassLinker16UnregisterNativeEPNS_6ThreadEPNS_9ArtMethodE' not found in elf libart.so
12-21 11:19:40.470  5158  5158 E LSPTestNative: Symbol '_ZN3art6mirror5Class9SetStatusENS_6HandleIS1_EENS_11ClassStatusEPNS_6ThreadE' not found in elf libart.so
12-21 11:19:40.476  5158  5158 D LSPlant : runtime.hpp:75#static bool lsplant::art::Runtime::Init(const lsplant::HookHandler &): runtime instance = 0x7c31ebd600
12-21 11:19:40.477  5158  5158 D LSPTestNative: LSPlant-Init return true
12-21 11:19:40.497  5158  5158 V LSPlant : lsplant.cc:505#bool lsplant::(anonymous namespace)::DoHook(lsplant::art::ArtMethod *, lsplant::art::ArtMethod *, lsplant::art::ArtMethod *): Hooking: target = int com.example.lsptest.MainActivity.test()(0x7cb62b5080), hook = int LSPHooker_.test(java.lang.Object)(0x7cb3a8a180), backup = int LSPHooker_.backup(java.lang.Object)(0x7cb3a8a150)
12-21 11:19:40.497  5158  5158 V LSPlant : lsplant.cc:486#void *lsplant::(anonymous namespace)::GenerateTrampolineFor(art::ArtMethod *): trampoline: count = 0, address = 7cb43fe000, target = 7cb43fe000
12-21 11:19:40.497  5158  5158 V LSPlant : lsplant.cc:512#bool lsplant::(anonymous namespace)::DoHook(lsplant::art::ArtMethod *, lsplant::art::ArtMethod *, lsplant::art::ArtMethod *): Generated trampoline 0x7cb43fe000
12-21 11:19:40.497  5158  5158 V LSPlant : lsplant.cc:528#bool lsplant::(anonymous namespace)::DoHook(lsplant::art::ArtMethod *, lsplant::art::ArtMethod *, lsplant::art::ArtMethod *): Done hook: target(0x7cb62b5080:0xa080001) -> 0x7cb43fe000; backup(0x7cb3a8a150:0xa080002) -> 0x7c31c042b0; hook(0x7cb3a8a180:0x2080009) -> 0x7c31c042b0
12-21 11:19:40.498  5158  5158 I MainActivity: backup = public static int LSPHooker_.test()
12-21 11:19:40.499  5158  5158 I MainActivity: after hook
12-21 11:19:40.499  5158  5158 W System.err: java.lang.Exception: Stack trace
12-21 11:19:40.500  5158  5158 W System.err:    at java.lang.Thread.dumpStack(Thread.java:1348)
12-21 11:19:40.501  5158  5158 W System.err:    at com.example.lsptest.MainActivity.test(MainActivity.java:36)
12-21 11:19:40.501  5158  5158 W System.err:    at com.example.lsptest.MainActivity.onCreate(MainActivity.java:31)
12-21 11:19:40.502  5158  5158 W System.err:    at android.app.Activity.performCreate(Activity.java:7023)
12-21 11:19:40.502  5158  5158 W System.err:    at android.app.Activity.performCreate(Activity.java:7014)
12-21 11:19:40.503  5158  5158 W System.err:    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1214)
12-21 11:19:40.504  5158  5158 W System.err:    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2762)
12-21 11:19:40.505  5158  5158 W System.err:    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2889)
12-21 11:19:40.506  5158  5158 W System.err:    at android.app.ActivityThread.-wrap11(Unknown Source:0)
12-21 11:19:40.506  5158  5158 W System.err:    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1617)
12-21 11:19:40.507  5158  5158 W System.err:    at android.os.Handler.dispatchMessage(Handler.java:106)
12-21 11:19:40.508  5158  5158 W System.err:    at android.os.Looper.loop(Looper.java:164)
12-21 11:19:40.508  5158  5158 W System.err:    at android.app.ActivityThread.main(ActivityThread.java:6542)
12-21 11:19:40.509  5158  5158 W System.err:    at java.lang.reflect.Method.invoke(Native Method)
12-21 11:19:40.510  5158  5158 W System.err:    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
12-21 11:19:40.510  5158  5158 W System.err:    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:857)
12-21 11:19:40.511  5158  5158 I MainActivity: test = -1
yujincheng08 commented 1 year ago

你编译的是 debug build?试试 release build。

eirv commented 1 year ago

你编译的是 debug build?试试 release build。

这次hook成功了

yujincheng08 commented 1 year ago

我们对 debug 编译有一定兼容,但是没保证一定能 hook 上。主要原因是 debugger 会把所有方法都给重设一遍导致我们的 hook 失效。我们会尝试在 debug 版本上阻止这个过程重设已经 hook 的方法,但是部分设备上可能会阻止失败,这属于预期行为,不会花太多时间修复。

具体阻止逻辑如下:

https://github.com/LSPosed/LSPlant/blob/845ec5dc400cf68a9872fdb03c8c337ad52af88e/lsplant/src/main/jni/art/runtime/instrumentation.hpp#L50-L51

可能你的设备还需要加上 UpdateMethodsCodeForJavaDebuggable 的 hook。

eirv commented 1 year ago

我们对 debug 编译有一定兼容,但是没保证一定能 hook 上。主要原因是 debugger 会把所有方法都给重设一遍导致我们的 hook 失效。我们会尝试在 debug 版本上阻止这个过程重设已经 hook 的方法,但是部分设备上可能会阻止失败,这属于预期行为,不会花太多时间修复。

具体阻止逻辑如下:

https://github.com/LSPosed/LSPlant/blob/845ec5dc400cf68a9872fdb03c8c337ad52af88e/lsplant/src/main/jni/art/runtime/instrumentation.hpp#L50-L51

可能你的设备还需要加上 UpdateMethodsCodeForJavaDebuggable 的 hook。

感谢