Closed wjy000 closed 7 years ago
rk700
commented
7 years ago 如果是hook和目标app在一起,可以考虑直接使用YAHFA的这个方法:
public native void findAndBackupAndHook(Class targetClass, String methodName, String methodSig, Method hook, Method backup);通过反射,拿到hook方法和backup方法(如果需要backup);然后把目标类和目标方法的信息也传进去
wjy000
commented
7 years ago // copy libva-native.so so that the symbol MSHookFunction() can be accessed in patch plugin after Android N
FileUtils.createSymlink(
new File(VirtualCore.get().getContext().getApplicationInfo().dataDir, "lib/libva-native.so").getAbsolutePath()
, new File(libDir, "libva-native.so").getAbsolutePath());大哥,不太理解你这句话是什么意思,因为总是异常报错 "android.system.ErrnoException: symlink failed: EEXIST (File exists)",您也用try cache包起来了,请问这个异常报错对hook有影响吗?
rk700
commented
7 years ago 没什么影响,这个只是把VirtualApp的libva-native.so文件做一个符号链接到hook的lib目录。因为Android N下面dlsym()必须是可访问的lib,所以如果插件里要做native hook,就需要把libva-native.so复制一份
当然这里可以判断下,比如是不是Android N,文件是不是已经存在
wjy000
commented
7 years ago 大神.你终于来了,我已经成功把代码注入到被虚拟化的应用中了,下面是一些log,可以看出已经成功hook了,但是实际上并没有hook成功,我很郁闷,hook代码写的是没问题的,我在主程序中做了测试,可以成功hook,但是注入到虚拟化app中就不行了,这该是什么问题呢? I/YAHFA-Native: init to SDK 23 E/hook: hookJni success I/hook: Start hooking with item zpp.wjy.xvirtual.patch.hook.Hook_Phone I/YAHFA-Native: Start findAndBackupAndHook for method getDeviceId()Ljava/lang/String; I/YAHFA-Native: hook and backup done I/hook: Start hooking with item zpp.wjy.xvirtual.patch.hook.Hook_Test I/YAHFA-Native: Start findAndBackupAndHook for method test()Ljava/lang/String; I/YAHFA-Native: hook and backup done
rk700
commented
7 years ago 可以再找几个app,试下自带的demoHookPlugin
上面这段是您的注入代码,注入的插件是apk文件,但是在开发阶段用apk载入的话会非常麻烦,我想把hook代码暂时写到主程序中,调试运行即可hook,请问怎样写呢?