search

bytedance / bhook

:fire: ByteHook is an Android PLT hook library which supports armeabi-v7a, arm64-v8a, x86 and x86_64.
https://github.com/bytedance/bhook/tree/main/doc#readme
MIT License
2.05k stars 315 forks source link

@caikelun hook时机 #37

Closed fh2002 closed 2 years ago

fh2002 commented 2 years ago

@caikelun 感谢回复!这两天我尝试了一下,但没有找到比较好的方案。 原因是linker内部的dl_iterate_phdr和dlopen是有互斥锁的,而.init和.init_array调用是在dlopen内部,所以直到dlopen结束前是无法读取到elf的 😭

是否可以从导出符号dlZN6soinfo17call_constructorsEv入手

caikelun commented 2 years ago

是的,不太好处理。可以考虑用 inlinehook 试试:https://github.com/bytedance/android-inline-hook

fh2002 commented 2 years ago

已现实了。通过inlinehook call_constructors入手的,再对bhook改了一点点。 void (*old_call_constructors)(void* self); void new_call_constructors(void* self) { bytehook_refresh(); old_call_constructors(self); }

char* function_name = NULL; void* call_constructors = bytehook_find_symbol_by_linker("soinfo.*call_constructors", &function_name); if(call_constructors != NULL){ DobbyHook((void*)call_constructors, (void*)new_call_constructors, (void**)&old_call_constructors); }

void bh_core_refresh(){ bh_dl_monitor_dlclose_rdlock(); bh_elf_manager_refresh(bh_core.elf_mgr, false, bh_task_manager_post_new_elf, bh_core.task_mgr); bh_dl_monitor_dlclose_unlock(); }

fh2002 commented 2 years ago

bhook比xhook好用,如果bhook能提供一个对外的refresh接口就更好了,使用者可以自己决定hook时机。