Open 9c-x opened 2 weeks ago
@9c-x
void *handle = shadowhook_dlopen("libdl.so");
void *original = shadowhook_dlsym(handle, "android_dlopen_ext");
@9c-x
void *handle = shadowhook_dlopen("libdl.so"); void *original = shadowhook_dlsym(handle, "android_dlopen_ext");
请问一下这个libdl.so是如何确定的?具体原因能够解释一下吗,感谢
@9c-x
void *handle = shadowhook_dlopen("libdl.so"); void *original = shadowhook_dlsym(handle, "android_dlopen_ext");
请问一下这个libdl.so是如何确定的?具体原因能够解释一下吗,感谢
android_dlopen_ext
的实现在libdl.so中: https://cs.android.com/android/platform/superproject/main/+/main:bionic/libdl/libdl.cpp;l=135
另外:
llvm-readelf -sW ~/Documents/libdl.so
Symbol table '.dynsym' contains 28 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 FUNC WEAK DEFAULT UND __loader_android_get_LD_LIBRARY_PATH
2: 0000000000000000 0 FUNC WEAK DEFAULT UND __loader_dlopen
3: 0000000000000000 0 FUNC WEAK DEFAULT UND __loader_dlerror
4: 0000000000000000 0 FUNC WEAK DEFAULT UND __loader_dlsym
5: 0000000000000000 0 FUNC WEAK DEFAULT UND __loader_dlvsym
6: 0000000000000000 0 FUNC WEAK DEFAULT UND __loader_dladdr
7: 0000000000000000 0 FUNC WEAK DEFAULT UND __loader_dlclose
8: 0000000000000000 0 FUNC WEAK DEFAULT UND __loader_dl_iterate_phdr
9: 0000000000000000 0 FUNC WEAK DEFAULT UND __loader_android_dlopen_ext
10: 0000000000000000 0 FUNC WEAK DEFAULT UND __loader_android_get_application_target_sdk_version
11: 0000000000000000 0 FUNC WEAK DEFAULT UND __loader_android_handle_signal
12: 0000000000000000 0 FUNC WEAK DEFAULT UND __loader_cfi_fail
13: 0000000000001060 28 FUNC WEAK DEFAULT 10 dlsym@@LIBC
14: 0000000000001080 28 FUNC WEAK DEFAULT 10 dlvsym@@LIBC_N
15: 00000000000010c0 20 FUNC WEAK DEFAULT 10 dlclose@@LIBC
16: 0000000000001120 20 FUNC WEAK DEFAULT 10 android_get_application_target_sdk_version@@LIBC_N
17: 0000000000001000 20 FUNC WEAK DEFAULT 10 android_get_LD_LIBRARY_PATH@@LIBC_PLATFORM
18: 0000000000001020 28 FUNC WEAK DEFAULT 10 dlopen@@LIBC
19: 0000000000001040 20 FUNC WEAK DEFAULT 10 dlerror@@LIBC
20: 00000000000010e0 20 FUNC WEAK DEFAULT 10 dl_iterate_phdr@@LIBC
21: 00000000000010a0 20 FUNC WEAK DEFAULT 10 dladdr@@LIBC
22: 0000000000001100 28 FUNC WEAK DEFAULT 10 android_dlopen_ext@@LIBC
23: 0000000000001140 24 FUNC WEAK DEFAULT 10 android_handle_signal@@LIBC_PLATFORM
24: 0000000000001160 24 FUNC GLOBAL DEFAULT 10 __cfi_init@@LIBC_PLATFORM
25: 0000000000001180 24 FUNC GLOBAL DEFAULT 10 __cfi_shadow_size@@LIBC_OMR1
26: 00000000000011a0 108 FUNC GLOBAL DEFAULT 10 __cfi_slowpath@@LIBC_OMR1
27: 0000000000001210 100 FUNC GLOBAL DEFAULT 10 __cfi_slowpath_diag@@LIBC_OMR1
Ndx不为UND(0)表示这是一个导出符号,符号对应的机器码在当前ELF中。
ShadowHook Version
1.0.10
Android OS Version
13
Android ABIs
arm64-v8a
Device Manufacturers and Models
小米11,Android 13 ,api 33
Describe the Bug
使用下面方式找不到 void handle = shadowhook_dlopen("libc.so"); void original = shadowhook_dlsym(handle, "android_dlopen_ext"); 而使用下面系统方式能够找到 void handle = dlopen("libc.so", RTLD_NOW); void original = dlsym(handle, "android_dlopen_ext");