From 14e38beec38e34099ecb3db4df40c45759e2cdc8 Mon Sep 17 00:00:00 2001 From: LoveSy Date: Fri, 11 Dec 2020 00:10:18 +0800 Subject: [PATCH] Hook ShouldUseInterpreterEntrypoint for O-Q --- .../cpp/external/yahfa/include/HookMain.h | 2 -- .../main/cpp/external/yahfa/src/HookMain.c | 34 ------------------- .../main/include/art/runtime/class_linker.h | 16 ++------- .../cpp/main/src/jni/edxp_pending_hooks.cpp | 8 ++--- .../cpp/main/src/jni/edxp_pending_hooks.h | 2 -- 5 files changed, 4 insertions(+), 58 deletions(-) diff --git a/edxp-core/src/main/cpp/external/yahfa/include/HookMain.h b/edxp-core/src/main/cpp/external/yahfa/include/HookMain.h index 71b95240..16794ff0 100644 --- a/edxp-core/src/main/cpp/external/yahfa/include/HookMain.h +++ b/edxp-core/src/main/cpp/external/yahfa/include/HookMain.h @@ -30,8 +30,6 @@ void *getArtMethod(JNIEnv *env, jobject jmethod); // TODO: move to common utils instead of in YAHFA's code void *getEntryPoint(void* method); -void setEntryPoint(void* method, void* entry); - #ifdef __cplusplus } #endif diff --git a/edxp-core/src/main/cpp/external/yahfa/src/HookMain.c b/edxp-core/src/main/cpp/external/yahfa/src/HookMain.c index b59db555..99b30ac0 100644 --- a/edxp-core/src/main/cpp/external/yahfa/src/HookMain.c +++ b/edxp-core/src/main/cpp/external/yahfa/src/HookMain.c @@ -113,38 +113,10 @@ void setNonCompilable(void *method) { LOGI("setNonCompilable: change access flags from 0x%x to 0x%x", old_flags, access_flags); } -bool setNativeFlag(void *method, bool isNative) { - uint32_t access_flags = getFlags(method); - uint32_t old_flags = access_flags; - LOGI("setNativeFlag: access flags is 0x%x", access_flags); - uint32_t old_access_flags = access_flags; - if (isNative) { - access_flags |= kAccNative; - if (SDKVersion >= __ANDROID_API_Q__) { - // On API 29 whether to use the fast path or not is cached in the ART method structure - access_flags &= ~kAccFastInterpreterToInterpreterInvoke; - } - } else { - access_flags &= ~kAccNative; - } - if (access_flags != old_access_flags) { - setFlags(method, access_flags); - LOGI("change access flags from 0x%x to 0x%x", old_flags, access_flags); - return true; - } - return false; -} - void *getEntryPoint(void* method) { return readAddr((char *) method + OFFSET_entry_point_from_quick_compiled_code_in_ArtMethod); } -void setEntryPoint(void* method, void* entry) { - memcpy((char *) method + OFFSET_entry_point_from_quick_compiled_code_in_ArtMethod, - &entry, - pointer_size); -} - static int replaceMethod(void *fromMethod, void *toMethod, int isBackup) { if (hookCount >= hookCap) { LOGI("not enough capacity. Allocating..."); @@ -188,12 +160,6 @@ static int replaceMethod(void *fromMethod, void *toMethod, int isBackup) { pointer_size); } - // set the target method to native so that Android O wouldn't invoke it with interpreter - // for Q or above, we use ShouldUseInterpreterEntrypoint - if (SDKVersion >= __ANDROID_API_O__ && SDKVersion < __ANDROID_API_Q__) { - setNativeFlag(fromMethod, true); - } - hookCount += 1; return 0; } diff --git a/edxp-core/src/main/cpp/main/include/art/runtime/class_linker.h b/edxp-core/src/main/cpp/main/include/art/runtime/class_linker.h index 2ec73009..502b50f5 100644 --- a/edxp-core/src/main/cpp/main/include/art/runtime/class_linker.h +++ b/edxp-core/src/main/cpp/main/include/art/runtime/class_linker.h @@ -58,21 +58,12 @@ namespace art { CREATE_HOOK_STUB_ENTRIES(bool, ShouldUseInterpreterEntrypoint, void *art_method, const void *quick_code) { - if (UNLIKELY(quick_code != nullptr && edxp::isEntryHooked(quick_code))) { + if (quick_code != nullptr && UNLIKELY(edxp::isHooked(art_method))) { return false; } return ShouldUseInterpreterEntrypointBackup(art_method, quick_code); } - CREATE_HOOK_STUB_ENTRIES(bool, IsQuickToInterpreterBridge, void *thiz, - const void *quick_code) { - if (quick_code != nullptr && UNLIKELY(edxp::isEntryHooked(quick_code))) { - LOGD("Pretend to be quick to interpreter bridge %p", quick_code); - return true; - } - return IsQuickToInterpreterBridgeBackup(thiz, quick_code); - } - public: ClassLinker(void *thiz) : HookedObject(thiz) {} @@ -138,8 +129,7 @@ namespace art { // Sandhook will hook ShouldUseInterpreterEntrypoint, so we just skip // edxp::Context::GetInstance()->GetVariant() will not work here, so we use smh dirty hack - if (api_level >= __ANDROID_API_Q__ && - edxp::path_exists(edxp::kLibSandHookNativePath)) { + if (!edxp::path_exists(edxp::kLibSandHookNativePath)) { LOGD("Not sandhook, installing _ZN3art11ClassLinker30ShouldUseInterpreterEntrypointEPNS_9ArtMethodEPKv"); HOOK_FUNC(ShouldUseInterpreterEntrypoint, "_ZN3art11ClassLinker30ShouldUseInterpreterEntrypointEPNS_9ArtMethodEPKv"); @@ -151,8 +141,6 @@ namespace art { // if (api_level >= __ANDROID_API_R__) { // RETRIEVE_FUNC_SYMBOL(MakeInitializedClassesVisiblyInitialized, // "_ZN3art11ClassLinker40MakeInitializedClassesVisiblyInitializedEPNS_6ThreadEb"); -// HOOK_FUNC(IsQuickToInterpreterBridge, -// "_ZNK3art11ClassLinker26IsQuickToInterpreterBridgeEPKv"); // } } diff --git a/edxp-core/src/main/cpp/main/src/jni/edxp_pending_hooks.cpp b/edxp-core/src/main/cpp/main/src/jni/edxp_pending_hooks.cpp index 8b05556b..8e256cd1 100644 --- a/edxp-core/src/main/cpp/main/src/jni/edxp_pending_hooks.cpp +++ b/edxp-core/src/main/cpp/main/src/jni/edxp_pending_hooks.cpp @@ -30,16 +30,12 @@ namespace edxp { REGISTER_EDXP_NATIVE_METHODS("de.robv.android.xposed.PendingHooks"); } - bool isEntryHooked(const void* entry) { - return hooked_methods_.count(entry); - } - bool isHooked(void* art_method) { - return isEntryHooked(getEntryPoint(art_method)); + return hooked_methods_.count(art_method); } void recordHooked(void * art_method) { - hooked_methods_.insert(getEntryPoint(art_method)); + hooked_methods_.insert(art_method); } } \ No newline at end of file diff --git a/edxp-core/src/main/cpp/main/src/jni/edxp_pending_hooks.h b/edxp-core/src/main/cpp/main/src/jni/edxp_pending_hooks.h index 09071675..b952a2c5 100644 --- a/edxp-core/src/main/cpp/main/src/jni/edxp_pending_hooks.h +++ b/edxp-core/src/main/cpp/main/src/jni/edxp_pending_hooks.h @@ -9,8 +9,6 @@ namespace edxp { void RegisterPendingHooks(JNIEnv *); - bool isEntryHooked(const void* entry); - bool isHooked(void* art_method); void recordHooked(void* art_method);