Open fh2002 opened 2 years ago
1.0.5
6
armeabi-v7a
xiaomi 4
我通过注册回调函数: bytehook_add_dlopen_callback(dlopen_pre_callback, dlopen_callback, NULL); 发现加载so后未被监控到。 于是我修改bh_hook_manager_verify_got_value输出了一下日志
bytehook_add_dlopen_callback(dlopen_pre_callback, dlopen_callback, NULL);
rs = dladdr(*((void *)got_addr), &info); BH_LOG_INFO("dladdr: %s got_addr=%p callee: %s %s", got_addr, info.dli_fname, info.dli_sname); ... if (NULL == info.dli_sname) { ElfW(Sym) sym = bh_elf_find_export_func_symbol_by_symbol_name(callee_elf, task->sym_name); BH_LOG_INFO("callee: %s(%s), sym:%p", callee_elf->pathname, task->sym_name, sym); if (NULL != sym && STT_GNU_IFUNC == ELF_ST_TYPE(sym->st_info)) { BH_LOG_INFO("hook chain: verify bypass ifunc: %s in %s", task->sym_name, info.dli_fname); r = 0; } }
日志如下: 06-22 18:23:57.609 32110-32110/? I/bhook: hook symbol(dlopen) in /system/lib/libart.so 06-22 18:23:57.609 32110-32110/? I/bhook: trampo: created for GOT b4abcbf0 at b5de608c, size 20 + 8 = 28 06-22 18:23:57.609 32110-32110/? I/bhook: hook chain: created for GOT b4abcbf0, orig func ab53e961 06-22 18:23:57.609 32110-32110/? I/bhook: hook chain: add(new) func, GOT b4abcbf0, func b377cf61 06-22 18:23:57.610 32110-32110/? I/bhook: dladdr gotaddr=b4abcbf0 callee: **/system/lib/libsechook.so_** (null) 06-22 18:23:57.610 32110-32110/? I/bhook: /system/lib/libsechook.so(dlopen), sym:0x0 06-22 18:23:57.610 32110-32110/? I/bhook: hook chain: del func, GOT b4abcbf0, func b377cf61
这个问题可能是因为dlopen已经被别的库(/system/lib/libsechook.so)hook了,然后bhook就不处理了?
bytehook Version
1.0.5
Android OS Version
6
Android ABIs
armeabi-v7a
Device Manufacturers and Models
xiaomi 4
Describe the Bug
我通过注册回调函数:
bytehook_add_dlopen_callback(dlopen_pre_callback, dlopen_callback, NULL);发现加载so后未被监控到。 于是我修改bh_hook_manager_verify_got_value输出了一下日志rs = dladdr(*((void *)got_addr), &info); BH_LOG_INFO("dladdr: %s got_addr=%p callee: %s %s", got_addr, info.dli_fname, info.dli_sname); ... if (NULL == info.dli_sname) { ElfW(Sym) sym = bh_elf_find_export_func_symbol_by_symbol_name(callee_elf, task->sym_name); BH_LOG_INFO("callee: %s(%s), sym:%p", callee_elf->pathname, task->sym_name, sym); if (NULL != sym && STT_GNU_IFUNC == ELF_ST_TYPE(sym->st_info)) { BH_LOG_INFO("hook chain: verify bypass ifunc: %s in %s", task->sym_name, info.dli_fname); r = 0; } }
日志如下: 06-22 18:23:57.609 32110-32110/? I/bhook: hook symbol(dlopen) in /system/lib/libart.so 06-22 18:23:57.609 32110-32110/? I/bhook: trampo: created for GOT b4abcbf0 at b5de608c, size 20 + 8 = 28 06-22 18:23:57.609 32110-32110/? I/bhook: hook chain: created for GOT b4abcbf0, orig func ab53e961 06-22 18:23:57.609 32110-32110/? I/bhook: hook chain: add(new) func, GOT b4abcbf0, func b377cf61 06-22 18:23:57.610 32110-32110/? I/bhook: dladdr gotaddr=b4abcbf0 callee: **/system/lib/libsechook.so_** (null) 06-22 18:23:57.610 32110-32110/? I/bhook: /system/lib/libsechook.so(dlopen), sym:0x0 06-22 18:23:57.610 32110-32110/? I/bhook: hook chain: del func, GOT b4abcbf0, func b377cf61
这个问题可能是因为dlopen已经被别的库(/system/lib/libsechook.so)hook了,然后bhook就不处理了?