search

bytedance / bhook

:fire: ByteHook is an Android PLT hook library which supports armeabi-v7a, arm64-v8a, x86 and x86_64.
https://github.com/bytedance/bhook/tree/main/doc#readme
MIT License
2.02k stars 310 forks source link

Can't hook library #99

Open neervanbiqs opened 1 month ago

neervanbiqs commented 1 month ago

bytehook Version

1.0.10

Android OS Version

12

Android ABIs

x86_64

Device Manufacturers and Models

OnePlus A5000

Describe the Bug

I try to hook droidguard library (libxxxxxxx.so). I hooked java layer System.load and see that com.google.android.gms.unstable process loads libxxxxxxx.so library, but bhook can't find it in /proc/self/maps to change funcs elf addresses. I tried to find this lib manually by cat /proc/(pid_of_unstable)/maps but it is not exists in the maps list. So it’s very strange why doesn’t the lib appear in the maps list after loading. Do you have any ideas?

neervanbiqs commented 1 month ago

I have discovered that unstable process loads lib inside apk: /data/user/0/com.google.android.gms/app_cache_dg/1c78b49374f6a3e6aab0ae6ae5c5a6e6a7d1f80a/the.apk!/libdD37F1B2FCC82.so That's why there is "...the.apk " line instead of "...so" line in the /proc/self/maps list: fopen /proc/self/maps 7f51ada88000-7f51adae7000 r-xp 00004000 08:13 132638 /data/data/com.google.android.gms/app_cache_dg/1c78b49374f6a3e6aab0ae6ae5c5a6e6a7d1f80a/the.apk fopen /proc/self/maps 7f51adae8000-7f51adae9000 r--p 00064000 08:13 132638 /data/data/com.google.android.gms/app_cache_dg/1c78b49374f6a3e6aab0ae6ae5c5a6e6a7d1f80a/the.apk fopen /proc/self/maps 7f51adaec000-7f51adaed000 rw-p 00064000 08:13 132638 /data/data/com.google.android.gms/app_cache_dg/1c78b49374f6a3e6aab0ae6ae5c5a6e6a7d1f80a/the.apk

But when I try register hooking .app_cache_dg.the.apk nothing is hooked Do I understand correctly that I can hook only so files? How to hook so files inside the apk?