neervanbiqs
commented
1 month ago I have discovered that unstable process loads lib inside apk: /data/user/0/com.google.android.gms/app_cache_dg/1c78b49374f6a3e6aab0ae6ae5c5a6e6a7d1f80a/the.apk!/libdD37F1B2FCC82.so That's why there is "...the.apk " line instead of "...so" line in the /proc/self/maps list: fopen /proc/self/maps 7f51ada88000-7f51adae7000 r-xp 00004000 08:13 132638 /data/data/com.google.android.gms/app_cache_dg/1c78b49374f6a3e6aab0ae6ae5c5a6e6a7d1f80a/the.apk fopen /proc/self/maps 7f51adae8000-7f51adae9000 r--p 00064000 08:13 132638 /data/data/com.google.android.gms/app_cache_dg/1c78b49374f6a3e6aab0ae6ae5c5a6e6a7d1f80a/the.apk fopen /proc/self/maps 7f51adaec000-7f51adaed000 rw-p 00064000 08:13 132638 /data/data/com.google.android.gms/app_cache_dg/1c78b49374f6a3e6aab0ae6ae5c5a6e6a7d1f80a/the.apk
But when I try register hooking .app_cache_dg.the.apk nothing is hooked Do I understand correctly that I can hook only so files? How to hook so files inside the apk?
I try to hook droidguard library (libxxxxxxx.so). I hooked java layer System.load and see that com.google.android.gms.unstable process loads libxxxxxxx.so library, but xhook can't find it in /proc/self/maps to change funcs elf addresses. I tried to find this lib manually by cat /proc/(pid_of_unstable)/maps but it is not exists in the maps list. So it’s very strange why doesn’t the lib appear in the maps list after loading. Do you have any ideas?