Skip to content

Commit

Permalink
fix new function signature
Browse files Browse the repository at this point in the history
  • Loading branch information
@yujincheng08 @kotori2
yujincheng08 authored and kotori2 committed Jan 11, 2021
1 parent 14604ea commit 1b839af
Show file tree
Hide file tree
Showing 9 changed files with 202 additions and 143 deletions.
64 changes: 35 additions & 29 deletions edxp-core/src/main/cpp/main/include/art/runtime/art_method.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,30 +26,40 @@ namespace art {
return PrettyMethod(thiz, true);
}

CREATE_MEM_HOOK_STUB_ENTRIES(void *, GetOatQuickMethodHeader, void *thiz, uintptr_t pc) {
// This is a partial copy from AOSP. We only touch them if they are hooked.
if (UNLIKELY(edxp::isHooked(thiz))) {
uintptr_t original_ep = reinterpret_cast<uintptr_t>(getOriginalEntryPointFromTargetMethod(
thiz)) & ~0x1;
if (original_ep) {
char *code_length_loc =
reinterpret_cast<char *>(original_ep) + oat_header_code_length_offset;
uint32_t code_length =
*reinterpret_cast<uint32_t *>(code_length_loc) & ~0x80000000u;
LOGD("art_method::GetOatQuickMethodHeader: ArtMethod=%p (%s), isHooked=true, original_ep=0x%zux, code_length=0x%x, pc=0x%zux",
thiz, PrettyMethod(thiz).c_str(), original_ep, code_length, pc);
if (original_ep <= pc && pc <= original_ep + code_length)
return reinterpret_cast<void *>(original_ep - oat_header_length);
// If PC is not in range, we mark it as not found.
LOGD("art_method::GetOatQuickMethodHeader: PC not found in current method.");
return nullptr;
} else {
LOGD("art_method::GetOatQuickMethodHeader: ArtMethod=%p (%s) isHooked but not backup, fallback to system",
thiz, PrettyMethod(thiz).c_str());
}
}
return GetOatQuickMethodHeaderBackup(thiz, pc);
}
CREATE_MEM_HOOK_STUB_ENTRIES(
LP_SELECT("_ZN3art9ArtMethod23GetOatQuickMethodHeaderEj", "_ZN3art9ArtMethod23GetOatQuickMethodHeaderEm"),
void *, GetOatQuickMethodHeader,
(void * thiz, uintptr_t pc), {
// This is a partial copy from AOSP. We only touch them if they are hooked.
if (UNLIKELY(edxp::isHooked(thiz))) {
uintptr_t original_ep =
reinterpret_cast<uintptr_t>(getOriginalEntryPointFromTargetMethod(
thiz)) & ~0x1;
if (original_ep) {
char *code_length_loc =
reinterpret_cast<char *>(original_ep) +
oat_header_code_length_offset;
uint32_t code_length =
*reinterpret_cast<uint32_t *>(code_length_loc) &
~0x80000000u;
LOGD("art_method::GetOatQuickMethodHeader: ArtMethod=%p (%s), isHooked=true, original_ep=0x%zux, code_length=0x%x, pc=0x%zux",
thiz, PrettyMethod(thiz).c_str(),
original_ep, code_length, pc);
if (original_ep <= pc &&
pc <= original_ep + code_length)
return reinterpret_cast<void *>(
original_ep -
oat_header_length);
// If PC is not in range, we mark it as not found.
LOGD("art_method::GetOatQuickMethodHeader: PC not found in current method.");
return nullptr;
} else {
LOGD("art_method::GetOatQuickMethodHeader: ArtMethod=%p (%s) isHooked but not backup, fallback to system",
thiz, PrettyMethod(thiz).c_str());
}
}
return backup(thiz, pc);
});

static void Setup(void *handle, HookFunType hook_func) {
LOGD("art_method hook setup, handle=%p", handle);
Expand All @@ -74,11 +84,7 @@ namespace art {
oat_header_code_length_offset = -4;
break;
}
if constexpr (edxp::is64) {
HOOK_MEM_FUNC(GetOatQuickMethodHeader, "_ZN3art9ArtMethod23GetOatQuickMethodHeaderEm");
} else {
HOOK_MEM_FUNC(GetOatQuickMethodHeader, "_ZN3art9ArtMethod23GetOatQuickMethodHeaderEj");
}
edxp::HookSyms(handle, hook_func, GetOatQuickMethodHeader);

RETRIEVE_MEM_FUNC_SYMBOL(PrettyMethod, "_ZN3art9ArtMethod12PrettyMethodEb");
}
Expand Down
51 changes: 33 additions & 18 deletions edxp-core/src/main/cpp/main/include/art/runtime/class_linker.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,13 +20,13 @@ namespace art {
private:
inline static ClassLinker *instance_;

CREATE_MEM_FUNC_SYMBOL_ENTRY(void, SetEntryPointsToInterpreter, void *thiz, void *art_method) {
CREATE_MEM_FUNC_SYMBOL_ENTRY(void, SetEntryPointsToInterpreter, void *thiz,
void *art_method) {
if (LIKELY(SetEntryPointsToInterpreterSym))
SetEntryPointsToInterpreterSym(thiz, art_method);
}

CREATE_MEM_HOOK_STUB_ENTRIES(void, FixupStaticTrampolines, void *thiz, void *clazz_ptr) {
FixupStaticTrampolinesBackup(thiz, clazz_ptr);
ALWAYS_INLINE static void MaybeDelayHook(void *clazz_ptr) {
art::mirror::Class mirror_class(clazz_ptr);
auto class_def = mirror_class.GetClassDef();
bool should_intercept = class_def && edxp::IsClassPending(class_def);
Expand All @@ -37,20 +37,37 @@ namespace art {
}
}

CREATE_MEM_HOOK_STUB_ENTRIES(
"_ZN3art11ClassLinker22FixupStaticTrampolinesENS_6ObjPtrINS_6mirror5ClassEEE",
void, FixupStaticTrampolines, (void * thiz, void * clazz_ptr), {
backup(thiz, clazz_ptr);
MaybeDelayHook(clazz_ptr);
});

CREATE_MEM_HOOK_STUB_ENTRIES(
"_ZN3art11ClassLinker22FixupStaticTrampolinesEPNS_6ThreadENS_6ObjPtrINS_6mirror5ClassEEE",
void, FixupStaticTrampolinesWithThread, (void * thiz,
void * thread, void * clazz_ptr), {
backup(thiz, thread, clazz_ptr);
MaybeDelayHook(clazz_ptr);
});

CREATE_MEM_FUNC_SYMBOL_ENTRY(void, MakeInitializedClassesVisiblyInitialized, void *thiz,
void *self, bool wait) {
void *self, bool wait) {
if (LIKELY(MakeInitializedClassesVisiblyInitializedSym))
MakeInitializedClassesVisiblyInitializedSym(thiz, self, wait);
}


CREATE_HOOK_STUB_ENTRIES(bool, ShouldUseInterpreterEntrypoint, void *art_method,
const void *quick_code) {
if (quick_code != nullptr && UNLIKELY(edxp::isHooked(art_method))) {
return false;
}
return ShouldUseInterpreterEntrypointBackup(art_method, quick_code);
}
CREATE_HOOK_STUB_ENTRIES(
"_ZN3art11ClassLinker30ShouldUseInterpreterEntrypointEPNS_9ArtMethodEPKv",
bool, ShouldUseInterpreterEntrypoint, (void * art_method,
const void *quick_code), {
if (quick_code != nullptr && UNLIKELY(edxp::isHooked(art_method))) {
return false;
}
return backup(art_method, quick_code);
});

public:
ClassLinker(void *thiz) : HookedObject(thiz) {}
Expand Down Expand Up @@ -107,16 +124,14 @@ namespace art {
instance_ = new ClassLinker(thiz);

RETRIEVE_MEM_FUNC_SYMBOL(SetEntryPointsToInterpreter,
"_ZNK3art11ClassLinker27SetEntryPointsToInterpreterEPNS_9ArtMethodE");

HOOK_MEM_FUNC(FixupStaticTrampolines,
"_ZN3art11ClassLinker22FixupStaticTrampolinesENS_6ObjPtrINS_6mirror5ClassEEE");
"_ZNK3art11ClassLinker27SetEntryPointsToInterpreterEPNS_9ArtMethodE");

HOOK_FUNC(ShouldUseInterpreterEntrypoint,
"_ZN3art11ClassLinker30ShouldUseInterpreterEntrypointEPNS_9ArtMethodEPKv");
edxp::HookSyms(handle, hook_func, FixupStaticTrampolines,
FixupStaticTrampolinesWithThread);
edxp::HookSyms(handle, hook_func, ShouldUseInterpreterEntrypoint);

// MakeInitializedClassesVisiblyInitialized will cause deadlock
// IsQuickToInterpreterBridge cannot be hooked by Dobby yet
// IsQuickToInterpreterBridge is inlined
// So we use GetSavedEntryPointOfPreCompiledMethod instead
// if (api_level >= __ANDROID_API_R__) {
// RETRIEVE_FUNC_SYMBOL(MakeInitializedClassesVisiblyInitialized,
Expand Down
54 changes: 27 additions & 27 deletions edxp-core/src/main/cpp/main/include/art/runtime/hidden_api.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,21 +14,29 @@ namespace art {
kDeny
};

CREATE_HOOK_STUB_ENTRIES(Action, GetMethodActionImpl) {
return Action::kAllow;
}

CREATE_HOOK_STUB_ENTRIES(Action, GetFieldActionImpl) {
return Action::kAllow;
}

CREATE_HOOK_STUB_ENTRIES(bool, ShouldDenyAccessToMethodImpl) {
return false;
}

CREATE_HOOK_STUB_ENTRIES(bool, ShouldDenyAccessToFieldImpl) {
return false;
}
CREATE_HOOK_STUB_ENTRIES(
"_ZN3art9hiddenapi6detail19GetMemberActionImplINS_9ArtMethodEEENS0_6ActionEPT_NS_20HiddenApiAccessFlags7ApiListES4_NS0_12AccessMethodE",
Action, GetMethodActionImpl, (), {
return Action::kAllow;
});

CREATE_HOOK_STUB_ENTRIES(
"_ZN3art9hiddenapi6detail19GetMemberActionImplINS_8ArtFieldEEENS0_6ActionEPT_NS_20HiddenApiAccessFlags7ApiListES4_NS0_12AccessMethodE",
Action, GetFieldActionImpl, (), {
return Action::kAllow;
});

CREATE_HOOK_STUB_ENTRIES(
"_ZN3art9hiddenapi6detail28ShouldDenyAccessToMemberImplINS_9ArtMethodEEEbPT_NS0_7ApiListENS0_12AccessMethodE",
bool, ShouldDenyAccessToMethodImpl, (), {
return false;
});

CREATE_HOOK_STUB_ENTRIES(
"_ZN3art9hiddenapi6detail28ShouldDenyAccessToMemberImplINS_8ArtFieldEEEbPT_NS0_7ApiListENS0_12AccessMethodE",
bool, ShouldDenyAccessToFieldImpl, (), {
return false;
});

// @ApiSensitive(Level.HIGH)
static void DisableHiddenApi(void *handle, HookFunType hook_func) {
Expand All @@ -37,19 +45,11 @@ namespace art {
return;
}
if (api_level == __ANDROID_API_P__) {
HOOK_FUNC(GetMethodActionImpl,
"_ZN3art9hiddenapi6detail19GetMemberActionImplINS_9ArtMethodEEENS0_"
"6ActionEPT_NS_20HiddenApiAccessFlags7ApiListES4_NS0_12AccessMethodE");
HOOK_FUNC(GetFieldActionImpl,
"_ZN3art9hiddenapi6detail19GetMemberActionImplINS_8ArtFieldEEENS0_"
"6ActionEPT_NS_20HiddenApiAccessFlags7ApiListES4_NS0_12AccessMethodE");
edxp::HookSyms(handle, hook_func, GetMethodActionImpl);
edxp::HookSyms(handle, hook_func, GetFieldActionImpl);
} else {
HOOK_FUNC(ShouldDenyAccessToMethodImpl,
"_ZN3art9hiddenapi6detail28ShouldDenyAccessToMemberImplINS_"
"9ArtMethodEEEbPT_NS0_7ApiListENS0_12AccessMethodE");
HOOK_FUNC(ShouldDenyAccessToFieldImpl,
"_ZN3art9hiddenapi6detail28ShouldDenyAccessToMemberImplINS_"
"8ArtFieldEEEbPT_NS0_7ApiListENS0_12AccessMethodE");
edxp::HookSyms(handle, hook_func, ShouldDenyAccessToMethodImpl);
edxp::HookSyms(handle, hook_func, ShouldDenyAccessToFieldImpl);
}
};

Expand Down
12 changes: 6 additions & 6 deletions edxp-core/src/main/cpp/main/include/art/runtime/jit/jit_code_cache.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,16 @@ namespace art {

namespace jit {

CREATE_MEM_HOOK_STUB_ENTRIES(const void*, GetSavedEntryPointOfPreCompiledMethod, void *thiz,
void *art_method) {
CREATE_MEM_HOOK_STUB_ENTRIES("_ZN3art3jit12JitCodeCache37GetSavedEntryPointOfPreCompiledMethodEPNS_9ArtMethodE",
const void*, GetSavedEntryPointOfPreCompiledMethod, (void *thiz,
void *art_method), {
if (UNLIKELY(edxp::isHooked(art_method))) {
LOGD("Found hooked method %p (%s), return entrypoint as jit entrypoint", art_method,
art::art_method::PrettyMethod(art_method).c_str());
return getEntryPoint(art_method);
}
return GetSavedEntryPointOfPreCompiledMethodBackup(thiz, art_method);
}
return backup(thiz, art_method);
});

static void HookJitCacheCode(void *handle, HookFunType hook_func) {
const int api_level = edxp::GetAndroidApiLevel();
Expand All @@ -24,8 +25,7 @@ namespace art {
// our hooked entry point won't be overwritten.
// This is for SandHook and YAHFA
if (api_level >= __ANDROID_API_R__) {
HOOK_MEM_FUNC(GetSavedEntryPointOfPreCompiledMethod,
"_ZN3art3jit12JitCodeCache37GetSavedEntryPointOfPreCompiledMethodEPNS_9ArtMethodE");
edxp::HookSyms(handle, hook_func, GetSavedEntryPointOfPreCompiledMethod);
}
}

Expand Down
14 changes: 7 additions & 7 deletions edxp-core/src/main/cpp/main/include/art/runtime/mirror/class.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,10 @@ namespace art {
return "";
}

CREATE_MEM_HOOK_STUB_ENTRIES(bool, IsInSamePackage, void *thiz, void *that) {
std::string storage1, storage2;
CREATE_MEM_HOOK_STUB_ENTRIES("_ZN3art6mirror5Class15IsInSamePackageENS_6ObjPtrIS1_EE",
bool, IsInSamePackage, (void *thiz, void* that), {
std::string storage1;
std::string storage2;
const char *thisDesc = GetDescriptor(thiz, &storage1);
const char *thatDesc = GetDescriptor(that, &storage2);
// Note: these identifiers should be consistent with those in Java layer
Expand All @@ -40,8 +42,8 @@ namespace art {
|| strstr(thatDesc, "android/content/res/XResources$XTypedArray") != nullptr) {
return true;
}
return IsInSamePackageBackup(thiz, that);
}
return backup(thiz, that);
});

CREATE_MEM_FUNC_SYMBOL_ENTRY(void*, GetClassDef, void* thiz) {
if (LIKELY(GetClassDefSym))
Expand All @@ -62,9 +64,7 @@ namespace art {
// RETRIEVE_FIELD_SYMBOL(mutator_lock_, "_ZN3art5Locks13mutator_lock_E");
// LOGE("mutator_lock_: %p", mutator_lock_);

HOOK_MEM_FUNC(IsInSamePackage,
"_ZN3art6mirror5Class15IsInSamePackageENS_6ObjPtrIS1_EE", //8.0-
"_ZN3art6mirror5Class15IsInSamePackageEPS1_"); //5.0-7.1
edxp::HookSyms(handle, hook_func, IsInSamePackage);

// HOOK_FUNC(ClassForName,
// "_ZN3artL18Class_classForNameEP7_JNIEnvP7_jclassP8_jstringhP8_jobject");
Expand Down
21 changes: 14 additions & 7 deletions edxp-core/src/main/cpp/main/include/art/runtime/oat_file_manager.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,20 +7,27 @@ namespace art {

namespace oat_file_manager {

CREATE_HOOK_STUB_ENTRIES(void, SetOnlyUseSystemOatFiles) {
return;
}
CREATE_HOOK_STUB_ENTRIES(
"_ZN3art14OatFileManager24SetOnlyUseSystemOatFilesEv", // 9 & 11
void, SetOnlyUseSystemOatFiles, (), {
return;
});

CREATE_HOOK_STUB_ENTRIES(
"_ZN3art14OatFileManager24SetOnlyUseSystemOatFilesEbb", // 10
void, SetOnlyUseSystemOatFilesQ, (), {
return;
});

// @ApiSensitive(Level.LOW)
// http://androidxref.com/9.0.0_r3/xref/art/runtime/oat_file_manager.cc#637
static void DisableOnlyUseSystemOatFiles(void *handle, HookFunType hook_func) {
const int api_level = edxp::GetAndroidApiLevel();
if (api_level >= __ANDROID_API_P__) {
HOOK_FUNC(SetOnlyUseSystemOatFiles,
"_ZN3art14OatFileManager24SetOnlyUseSystemOatFilesEv", // 9 & 11
"_ZN3art14OatFileManager24SetOnlyUseSystemOatFilesEbb"); // 10
edxp::HookSyms(handle, hook_func, SetOnlyUseSystemOatFiles,
SetOnlyUseSystemOatFilesQ);
}
};
}

}

Expand Down
Loading

0 comments on commit 1b839af

Please sign in to comment.