Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

通过hook pthread_create 来获取(java+native)线程的创建,但是有大部分的线程没有被hook到,是什么原因呢? #20

Closed
beyondckw opened this issue Dec 16, 2021 · 8 comments
Closed

通过hook pthread_create 来获取(java+native)线程的创建,但是有大部分的线程没有被hook到,是什么原因呢? #20

beyondckw opened this issue Dec 16, 2021 · 8 comments
Labels
invalid This doesn't seem right question Further information is requested

Comments

@beyondckw
Copy link

在应用启动的时候开始hook,还是有大部分的线程没有被hook到,是什么原因呢?
bytehook_hook_all(nullptr, "pthread_create", reinterpret_cast<void*>(pthread_create_hook), nullptr,nullptr);
@caikelun
Copy link
Member

是不是执行hook之前那些线程已经创建了?可以hook之前先dump一下 /proc/self/task,然后分析下。

@beyondckw
Copy link
Author

不是的,大部分都是hook之后才创建的,你们有用bhook来hook线程吗?

@caikelun
Copy link
Member

不是的,大部分都是hook之后才创建的,你们有用bhook来hook线程吗?

我们hook很多地方,也包括线程的创建。你贴下完整一些的代码?包括proxy函数。

@beyondckw
Copy link
Author

类似这样,帮忙看下

void start_hook(){
bytehook_hook_all(nullptr, "pthread_create",reinterpret_cast<void *>(pthread_create_hook),nullptr, nullptr);
}

int pthread_create_hook(pthread_t *thread_id, const pthread_attr_t* attr,void* (*start_routine) (void *), void* arg) {
    INDEX ++;
    int rc = pthread_create(thread_id, attr,reinterpret_cast<void *(*)(void *)>(method_proxy), nullptr);
    if(rc){
        LOG_E("error to create thread");
    }
    return rc;
}

void method_proxy(){
    LOG_E("success to create thread");
}

@caikelun
Copy link
Member

@beyondckw proxy函数写法不对,先看下文档吧:https://github.com/bytedance/bhook/blob/main/doc/quickstart.zh-CN.md#%E7%BC%96%E5%86%99-proxy-%E5%87%BD%E6%95%B0%E4%BB%A3%E7%90%86%E5%87%BD%E6%95%B0

@s1rius
Copy link

s1rius commented Dec 16, 2021

@beyondckw 最近正好用bhook练手hook了线程创建,可以参考下 android-thread-inspector

@caikelun caikelun added the question Further information is requested label Dec 16, 2021
@beyondckw
Copy link
Author

@beyondckw proxy函数写法不对,先看下文档吧:https://github.com/bytedance/bhook/blob/main/doc/quickstart.zh-CN.md#%E7%BC%96%E5%86%99-proxy-%E5%87%BD%E6%95%B0%E4%BB%A3%E7%90%86%E5%87%BD%E6%95%B0

好的,谢谢哈

@beyondckw
Copy link
Author

@beyondckw 最近正好用bhook练手hook了线程创建,可以参考下 android-thread-inspector

谢谢~

@caikelun caikelun added the invalid This doesn't seem right label Dec 16, 2021
@tyrionchen tyrionchen mentioned this issue Feb 22, 2022
Closed
cmzy pushed a commit to cmzy/bhook that referenced this issue Mar 28, 2023
#Bugfix [Crash]: Crashed on multi thread:
018dd74 
Crash Thread-> [pid:15662]:[pname:com.example_for_hidden.ph] [tid:16061]:[tname:sps-core]
    x0  00000071217f7d90  x1  000000710b01e350  x2  0000000000000000  x3  0000000000000000
    x4  8080808080000000  x5  0000000000000000  x6  0000008080808080  x7  fefefefeff6e722d
    x8  726569727261626f  x9  00000071ddf30280  x10 0000000a30203020  x11 0000000000000000
    x12 000000000000018c  x13 98e1752cb5d3e1ab  x14 007491a877137aec  x15 ffffffffffffffff
    x16 00000071637dbf20  x17 000000726dc6087c  x18 000000711de9e000  x19 0000000000000000
    x20 0000000000000000  x21 00000071d66640e0  x22 726569727261626f  x23 00000071d6664108
    x24 00000071217fc000  x25 00000071d66640e8  x26 0000000000000001  x27 0000000000000000
    x28 00000000655785c7  x29 00000071217f7dc0
    sp  00000071217f7d90  lr  00000071637d450c  pc  00000071637d4530

stack:
  #00 pc 000000000000a530  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!liblubanhook.so (offset 0x1b17000) (bh_elf_manager_refresh+1436) (BuildId: 8bf4f411698f5d0194eb5f99234231ec40b3f469)
  bytedance#1 pc 0000000000008560  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!liblubanhook.so (offset 0x1b17000) (BuildId: 8bf4f411698f5d0194eb5f99234231ec40b3f469)
  bytedance#2 pc 000000000000108c  /apex/com.android.runtime/lib64/bionic/libdl.so (dlclose+8) (BuildId: 0ef8b9fd3ba84892809321b735317a50)
  #03 pc 0000000000155264  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#4 pc 00000000001577e8  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  #05 pc 00000000000dd730  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#6 pc 000000000011fa70  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  #07 pc 000000000005bedc  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#8 pc 000000000002ffc4  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#9 pc 000000000002fbb4  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#10 pc 000000000002f4e4  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#11 pc 00000000001b2978  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#12 pc 00000000002daf18  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/oat/arm64/base.odex (art_jni_trampoline+152)
  bytedance#13 pc 0000000000913f54  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/oat/arm64/base.odex (com.example_for_hidden.example_for_hidden.wvvvuwwu.vwvvvuvuv+84)
  bytedance#14 pc 00000000008f018c  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/oat/arm64/base.odex (com.example_for_hidden.example_for_hidden.uvuuwwuww.vuwuwuuuw.vvwvwwwwu+1084)
  bytedance#15 pc 00000000008f0ffc  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/oat/arm64/base.odex (com.example_for_hidden.example_for_hidden.uvuuwwuww.vuwuwuuuw.handleMessage+620)
  bytedance#16 pc 00000000006a4cf8  /system/framework/arm64/boot-framework.oat (android.os.Handler.dispatchMessage+136) (BuildId: adacda98a7a45bd33ea7f02316d4c011be2906a6)
  bytedance#17 pc 000000000074044c  /system/framework/arm64/boot-framework.oat (android.os.Looper.loop+2220) (BuildId: adacda98a7a45bd33ea7f02316d4c011be2906a6)
  bytedance#18 pc 00000000006a6ea0  /system/framework/arm64/boot-framework.oat (android.os.HandlerThread.run+544) (BuildId: adacda98a7a45bd33ea7f02316d4c011be2906a6)
  bytedance#19 pc 0000000000133564  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: 2cc47e90cab939f919f347ffb2e8950a)
  bytedance#20 pc 00000000001a8a78  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200) (BuildId: 2cc47e90cab939f919f347ffb2e8950a)
  bytedance#21 pc 0000000000555830  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+460) (BuildId: 2cc47e90cab939f919f347ffb2e8950a)
  bytedance#22 pc 00000000005a3fb8  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1308) (BuildId: 2cc47e90cab939f919f347ffb2e8950a)
  bytedance#23 pc 00000000000da278  /apex/com.android.runtime/lib64/bionic/libc.so!libc.so (offset 0xd2000) (__pthread_start(void*)+64) (BuildId: 1ca28d785d6567d2b225cf978ef04de5)
  bytedance#24 pc 000000000007a448  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 1ca28d785d6567d2b225cf978ef04de5)
@cmzy cmzy mentioned this issue Mar 28, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
invalid This doesn't seem right question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@caikelun @s1rius @beyondckw