Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

是否可以对.init_array中的调用进行hook #18

Closed
yimun opened this issue Dec 2, 2021 · 3 comments
Closed

是否可以对.init_array中的调用进行hook #18

yimun opened this issue Dec 2, 2021 · 3 comments
Labels
enhancement New feature or request

Comments

@yimun
Copy link

yimun commented Dec 2, 2021
edited
Loading

从原理上来看,bhook执行的时机应该是在dlopen之后?现在有个需求是:dlopen里会执行.init和.init_array区块的代码,我需要hook一个在.init_array区块中执行的函数,从本地尝试来看hook是无效的,原因是dlopen阶段hook还未执行,是否有其他办法可以做到呢?

image
@caikelun
Copy link
Member

caikelun commented Dec 6, 2021

@yimun 是的,目前执行hook的时机是dlopen完成之后,所以.init和.init_array中的逻辑在执行时还没有hook。我有空想想怎么提前一下hook时机,有什么好的建议和想法欢迎一起探讨哈~

@caikelun caikelun added the enhancement New feature or request label Dec 6, 2021
@yimun
Copy link
Author

yimun commented Dec 9, 2021

@caikelun 感谢回复!这两天我尝试了一下,但没有找到比较好的方案。
原因是linker内部的dl_iterate_phdr和dlopen是有互斥锁的,而.init和.init_array调用是在dlopen内部,所以直到dlopen结束前是无法读取到elf的 😭

@tyrionchen tyrionchen mentioned this issue Feb 22, 2022
Closed
@fh2002
Copy link

fh2002 commented Apr 15, 2022
edited
Loading

[](#37 (comment))

cmzy pushed a commit to cmzy/bhook that referenced this issue Mar 28, 2023
#Bugfix [Crash]: Crashed on multi thread:
018dd74 
Crash Thread-> [pid:15662]:[pname:com.example_for_hidden.ph] [tid:16061]:[tname:sps-core]
    x0  00000071217f7d90  x1  000000710b01e350  x2  0000000000000000  x3  0000000000000000
    x4  8080808080000000  x5  0000000000000000  x6  0000008080808080  x7  fefefefeff6e722d
    x8  726569727261626f  x9  00000071ddf30280  x10 0000000a30203020  x11 0000000000000000
    x12 000000000000018c  x13 98e1752cb5d3e1ab  x14 007491a877137aec  x15 ffffffffffffffff
    x16 00000071637dbf20  x17 000000726dc6087c  x18 000000711de9e000  x19 0000000000000000
    x20 0000000000000000  x21 00000071d66640e0  x22 726569727261626f  x23 00000071d6664108
    x24 00000071217fc000  x25 00000071d66640e8  x26 0000000000000001  x27 0000000000000000
    x28 00000000655785c7  x29 00000071217f7dc0
    sp  00000071217f7d90  lr  00000071637d450c  pc  00000071637d4530

stack:
  #00 pc 000000000000a530  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!liblubanhook.so (offset 0x1b17000) (bh_elf_manager_refresh+1436) (BuildId: 8bf4f411698f5d0194eb5f99234231ec40b3f469)
  bytedance#1 pc 0000000000008560  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!liblubanhook.so (offset 0x1b17000) (BuildId: 8bf4f411698f5d0194eb5f99234231ec40b3f469)
  bytedance#2 pc 000000000000108c  /apex/com.android.runtime/lib64/bionic/libdl.so (dlclose+8) (BuildId: 0ef8b9fd3ba84892809321b735317a50)
  #03 pc 0000000000155264  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#4 pc 00000000001577e8  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  #05 pc 00000000000dd730  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#6 pc 000000000011fa70  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  #07 pc 000000000005bedc  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#8 pc 000000000002ffc4  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#9 pc 000000000002fbb4  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#10 pc 000000000002f4e4  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#11 pc 00000000001b2978  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#12 pc 00000000002daf18  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/oat/arm64/base.odex (art_jni_trampoline+152)
  bytedance#13 pc 0000000000913f54  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/oat/arm64/base.odex (com.example_for_hidden.example_for_hidden.wvvvuwwu.vwvvvuvuv+84)
  bytedance#14 pc 00000000008f018c  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/oat/arm64/base.odex (com.example_for_hidden.example_for_hidden.uvuuwwuww.vuwuwuuuw.vvwvwwwwu+1084)
  bytedance#15 pc 00000000008f0ffc  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/oat/arm64/base.odex (com.example_for_hidden.example_for_hidden.uvuuwwuww.vuwuwuuuw.handleMessage+620)
  bytedance#16 pc 00000000006a4cf8  /system/framework/arm64/boot-framework.oat (android.os.Handler.dispatchMessage+136) (BuildId: adacda98a7a45bd33ea7f02316d4c011be2906a6)
  bytedance#17 pc 000000000074044c  /system/framework/arm64/boot-framework.oat (android.os.Looper.loop+2220) (BuildId: adacda98a7a45bd33ea7f02316d4c011be2906a6)
  bytedance#18 pc 00000000006a6ea0  /system/framework/arm64/boot-framework.oat (android.os.HandlerThread.run+544) (BuildId: adacda98a7a45bd33ea7f02316d4c011be2906a6)
  bytedance#19 pc 0000000000133564  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: 2cc47e90cab939f919f347ffb2e8950a)
  bytedance#20 pc 00000000001a8a78  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200) (BuildId: 2cc47e90cab939f919f347ffb2e8950a)
  bytedance#21 pc 0000000000555830  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+460) (BuildId: 2cc47e90cab939f919f347ffb2e8950a)
  bytedance#22 pc 00000000005a3fb8  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1308) (BuildId: 2cc47e90cab939f919f347ffb2e8950a)
  bytedance#23 pc 00000000000da278  /apex/com.android.runtime/lib64/bionic/libc.so!libc.so (offset 0xd2000) (__pthread_start(void*)+64) (BuildId: 1ca28d785d6567d2b225cf978ef04de5)
  bytedance#24 pc 000000000007a448  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 1ca28d785d6567d2b225cf978ef04de5)
@cmzy cmzy mentioned this issue Mar 28, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@caikelun @yimun @fh2002