Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nexus5 5.1.1 hook不工作 #26

Closed
ghost opened this issue Aug 17, 2017 · 13 comments
Closed

nexus5 5.1.1 hook不工作 #26

ghost opened this issue Aug 17, 2017 · 13 comments

Comments

@ghost
Copy link

ghost commented Aug 17, 2017

日志全部打印了,但是hook不成功。
只hook了Log.e,同样的代码6.0 OK。
我把plugin和mainapp放一块了,没有用classloader,直接使用的findAndBackupAndHook。
@rk700
Copy link
Member

rk700 commented Aug 17, 2017

5.1失败,6.0正常,可能与调用系统方法代码优化有关:https://github.com/rk700/YAHFA#workaround-for-method-inlining

具体需要检查应用调用Log.e处的机器指令

@uniking
Copy link

uniking commented Aug 22, 2017

直接使用的findAndBackupAndHook
------------Nexus5 6.0.1hook成功,但没有调用自己的hook函数
08-22 16:46:07.260 26476 26476 I YAHFA-Native: init to SDK 23
08-22 16:46:07.261 26476 26476 D YAHFA : target method param count is 4
08-22 16:46:07.261 26476 26476 I YAHFA-Native: Start findAndBackupAndHook for method tac(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
08-22 16:46:07.261 26476 26476 W YAHFA-Native: not enough capacity. Allocating...
08-22 16:46:07.261 26476 26476 I YAHFA-Native: Allocating done
08-22 16:46:07.261 26476 26476 I YAHFA-Native: hook and backup done
08-22 16:46:07.261 26476 26476 W origin : virtual tac a,b,c,d, got dcba

------------华为P9 7.0 ,不改代码也可以成功
08-22 17:09:57.382 3475 3475 I YAHFA-Native: init to SDK 24
08-22 17:09:57.383 3475 3475 I YAHFA-Native: Start findAndBackupAndHook for method tac(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
08-22 17:09:57.383 3475 3475 W YAHFA-Native: not enough capacity. Allocating...
08-22 17:09:57.383 3475 3475 I YAHFA-Native: Allocating done
08-22 17:09:57.383 3475 3475 I YAHFA-Native: hook and backup done
08-22 17:09:57.383 3475 3475 W YAHFA : in ClassWithVirtualMethod.tac(): a, b, c, d
08-22 17:09:57.383 3475 3475 W origin : virtual tac a,b,c,d, got dcba

@rk700
Copy link
Member

rk700 commented Aug 23, 2017

提供下6.0的完整日志

@uniking
Copy link

uniking commented Aug 23, 2017
edited
Loading

01-01 20:06:56.658 200 789 D audio_hw_primary: out_set_parameters: enter: usecase(1: low-latency-playback) kvpairs: routing=2
01-01 20:06:56.658 5795 5795 W origin : virtual tac a,b,c,d, got dcba
01-01 20:06:56.669 200 788 D audio_hw_primary: select_devices: out_snd_device(2: speaker) in_snd_device(0: none)
01-01 20:06:56.669 200 788 D msm8974_platform: platform_send_audio_calibration: sending audio calibration for snd_device(2) acdb_id(15)
01-01 20:06:56.669 200 788 D audio_hw_primary: enable_snd_device: snd_device(2: speaker)
01-01 20:06:56.671 5795 5795 I YAHFA-Native: init to SDK 23
01-01 20:06:56.672 5795 5795 D YAHFA : target method param count is 4
01-01 20:06:56.672 5795 5795 I YAHFA-Native: Start findAndBackupAndHook for method tac(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
01-01 20:06:56.672 5795 5795 W YAHFA-Native: not enough capacity. Allocating...
01-01 20:06:56.672 5795 5795 I YAHFA-Native: Allocating done
01-01 20:06:56.672 200 788 D audio_hw_primary: enable_audio_route: apply and update mixer path: low-latency-playback
01-01 20:06:56.672 5795 5795 I YAHFA-Native: hook and backup done
01-01 20:06:56.672 5795 5795 W origin : virtual tac a,b,c,d, got dcba
上面是6.0打印的所有日志
测试了下,5.0, 6.0都不可用,不管是模拟器还是真机,但7.0可用

@uniking
Copy link

uniking commented Aug 23, 2017
edited
Loading

贴一下使用的代码,是在Button的onClick触发的,不知有没有什么影响

            Log.w("origin", "virtual tac a,b,c,d, got "+ new ClassWithVirtualMethod().tac("a","b","c","d"));

            Method hook = null;
            Method backup = null;
            Class obj_class = null;
            try {
                Class[] pareTyple = {Object.class, String.class, String.class, String.class, String.class};
                obj_class = Class.forName("lab.galaxy.yahfa.internalPlugin.Hook_ClassWithVirtualMethod_tac");
                hook = obj_class.getMethod("hook",pareTyple);
                backup = obj_class.getMethod("origin",pareTyple);

                obj_class = Class.forName("lab.galaxy.yahfa.demoApp.ClassWithVirtualMethod");
                HookMain.findAndBackupAndHook(obj_class, "tac", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;", hook, backup);


                Log.w("origin", "virtual tac a,b,c,d, got "+ new ClassWithVirtualMethod().tac("a","b","c","d"));
            } catch (Exception e) {
                e.printStackTrace();
            }

@uniking
Copy link

uniking commented Aug 24, 2017

经测试,插件版的5.0,6.0,7.0都没问题, 内部直接findAndBackupAndHook,只有7.0可以,不是hook时机问题,同MainApp处hook也不行, 不知内部直接findAndBackupAndHook和插件版有什么不同,ArtMethod不一样??

@rk700
Copy link
Member

rk700 commented Aug 25, 2017
edited
Loading

从反馈来看,如果hook代码与目标处于不同classloader,可以正常hook;如果处于同一个classloader则会发生问题。

PAGalaxyLab/VirtualHook#28

@ghost
Copy link
Author

ghost commented Aug 25, 2017

通过测试发现
android studio debug编译可hook成功,release编译出来的apk就hook无效(能打印hook过程,但是没实际效果)

@rk700
Copy link
Member

rk700 commented Aug 28, 2017

debug模式下dex2oat编译时不会做代码优化,所以方法调用还是按照ArtMethod->entrypoint的方式;release模式下会优化代码,某些方法调用会直接跳转到已知的entrypoint

https://github.com/rk700/YAHFA#workaround-for-method-inlining

@zhuotong
Copy link
Contributor

zhuotong commented Sep 5, 2017

通过测试发现
android studio debug编译可hook成功,release编译出来的apk就hook无效(能打印hook过程,但是没实际效果)

你这个结论是在什么安卓版本得出的?5.0-5.1是不适用的,5.x没有判断debug,内联条件分Quick和Optimizing
默认的Quick像空方法等条件

@zhuotong
Copy link
Contributor

zhuotong commented Sep 5, 2017

暂时解决了所有版本内联问题,只是牺牲性能太大

@Rprop
Copy link

Rprop commented Sep 5, 2017

@zhuotong 不知道你咋解决的, 对于内联的方法, 对应ArtMethod的entrypoint并不会被调用, 实际上其它字段也没用到, 所以目前还没有兼顾性能的方案

@rk700
Copy link
Member

rk700 commented Sep 7, 2017

#29 统一跟踪DexClassLoader的问题

@rk700 rk700 closed this as completed Sep 7, 2017
@solohsu solohsu mentioned this issue Jan 4, 2019
Closed
@uniking uniking mentioned this issue Aug 19, 2020
Open
@Gstalker Gstalker mentioned this issue Sep 10, 2021
Closed
@shuajinanhai shuajinanhai mentioned this issue Feb 17, 2022
Open
This was referenced Jun 2, 2022
Open
Open
@shuajinanhai shuajinanhai mentioned this issue Jun 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rk700 @Rprop @zhuotong @uniking