search

LSPosed / LSPlant

A hook framework for Android Runtime (ART)
https://lsposed.org/LSPlant/
GNU Lesser General Public License v3.0
861 stars 210 forks source link

hook成功但无法跑到钩子(replaced method) #45

Closed SharkFall closed 1 year ago

SharkFall commented 1 year ago

感谢您的阅读,通过调用lsplant::hook hook方法以后返回的backup获取方法名是正确的,但是无法跑到钩子方法(replaced method),没有任何崩溃日志,错误日志出现,尝试过deOptimize仍然未解决问题; Android 10, Google Pixel真机,arm64-v8a

代码如下:

        Method target = Class.forName("android.content.pm.IPackageManager$Stub$Proxy").getDeclaredMethod("getPackageInfo", String.class, int.class, int.class);
        Method replaced = App.class.getDeclaredMethod("Hook", Object[].class);
        backup = ArtHooker.doHook(target, replaced, new App());
        //ArtHooker.deOptimize(target);

        Method t = PackageInfo.CREATOR.getClass().getDeclaredMethod("createFromParcel", Parcel.class);
        Method r = App.class.getDeclaredMethod("Hook1", Object[].class);
        backup1 = ArtHooker.doHook(t, r, new App());
        //ArtHooker.deOptimize(t);

        Log.i(TAG, "attachBaseContext: " + backup.getName());
        Log.i(TAG, "attachBaseContext: " + backup1.getName());

控制台log: attachBaseContext: getPackageInfo attachBaseContext: createFromParcel

yujincheng08 commented 1 year ago

不是这样 deOptimize 的,仔细看文档。

SharkFall commented 1 year ago

好的,打扰了

SharkFall commented 1 year ago

您好,现在我改变了代码,但是回调仍然未被调用,请问这是不是意味着我并没有找到所有的caller

        Method t = PackageInfo.CREATOR.getClass().getDeclaredMethod("createFromParcel", Parcel.class);
        Method r = App.class.getDeclaredMethod("Hook1", Object[].class);
        backup1 = ArtHooker.doHook(t, r, new App());

        Method target = Parcel.class.getDeclaredMethod("readTypedObject", Parcelable.Creator.class);
        boolean b = ArtHooker.deOptimize(target);

        Log.i(TAG, "attachBaseContext: " + b);
        Log.i(TAG, "attachBaseContext: " + backup1.getName());