Skip to content

Commit

Permalink
Update LSPlant
Browse files Browse the repository at this point in the history
Remove the usage of `tstring` since it is removed in the upstream.
This should be safe since lib names remain unchanged.

In commit aa98da5, the return value of android::ResStringPool::setup
was mistaken.

We should also set a proper symbol resolver for native_api.
  • Loading branch information
JingMatrix committed Aug 31, 2024
1 parent 30043e2 commit 32ec9ae
Show file tree
Hide file tree
Showing 6 changed files with 27 additions and 47 deletions.
1 change: 0 additions & 1 deletion core/src/main/jni/include/config.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ namespace lspd {

//#define LOG_DISABLED
//#define DEBUG
using lsplant::operator""_tstr;

inline bool constexpr Is64() {
#if defined(__LP64__)
Expand Down
32 changes: 9 additions & 23 deletions core/src/main/jni/include/framework/androidfw/resource_types.h
Original file line number Diff line number Diff line change
Expand Up @@ -142,31 +142,19 @@ namespace android {

using stringAtRet = expected<StringPiece16, NullOrIOError>;

CREATE_MEM_FUNC_SYMBOL_ENTRY(stringAtRet, stringAtS, void *thiz, size_t idx) {
if (stringAtSSym) {
return stringAtSSym(thiz, idx);
}
return {.var_ = unexpected<NullOrIOError>{.val_ = std::nullopt}};

};
inline static lsplant::MemberFunction<{"_ZNK7android13ResStringPool8stringAtEjPj",
"_ZNK7android13ResStringPool8stringAtEmPm"}, ResStringPool, stringAtRet (size_t)> stringAtS_;

CREATE_MEM_FUNC_SYMBOL_ENTRY(const char16_t*, stringAt, void *thiz, size_t idx,
size_t *u16len) {
if (stringAtSym) {
return stringAtSym(thiz, idx, u16len);
} else {
*u16len = 0u;
return nullptr;
}
};
inline static lsplant::MemberFunction<{"_ZNK7android13ResStringPool8stringAtEj",
"_ZNK7android13ResStringPool8stringAtEm"}, ResStringPool, const char16_t* (size_t, size_t *)> stringAt_;

StringPiece16 stringAt(size_t idx) const {
if (stringAtSym) {
if (stringAt_) {
size_t len;
const char16_t *str = stringAt(const_cast<ResStringPool *>(this), idx, &len);
const char16_t *str = stringAt_(const_cast<ResStringPool *>(this), idx, &len);
return {str, len};
} else if (stringAtSSym) {
auto str = stringAtS(const_cast<ResStringPool *>(this), idx);
} else if (stringAtS_) {
auto str = stringAtS_(const_cast<ResStringPool *>(this), idx);
if (str.has_value()) {
return {str->data_, str->length_};
}
Expand All @@ -175,9 +163,7 @@ namespace android {
}

static bool setup(const lsplant::HookHandler &handler) {
RETRIEVE_MEM_FUNC_SYMBOL(stringAt, LP_SELECT("_ZNK7android13ResStringPool8stringAtEjPj", "_ZNK7android13ResStringPool8stringAtEmPm"));
RETRIEVE_MEM_FUNC_SYMBOL(stringAtS, LP_SELECT("_ZNK7android13ResStringPool8stringAtEj", "_ZNK7android13ResStringPool8stringAtEm"));
return !stringAtSym || !stringAtSSym;
return handler.dlsym(stringAt_) || handler.dlsym(stringAtS_);
}
};

Expand Down
8 changes: 4 additions & 4 deletions core/src/main/jni/include/native_util.h
Original file line number Diff line number Diff line change
Expand Up @@ -78,10 +78,10 @@ inline bool RegisterNativeMethodsInternal(JNIEnv *env, std::string_view class_na

static dev_t dev = 0;
static ino_t inode = 0;
static std::vector<std::pair<std::string_view, void **>> plt_hook_saved = {};
static std::vector<std::pair<const char *, void **>> plt_hook_saved = {};

inline int HookArtFunction(void *original, void *callback, void **backup, bool save = true) {
auto symbol = *reinterpret_cast<std::string_view *>(original);
auto symbol = reinterpret_cast<const char *>(original);
if (dev == 0 || inode == 0) {
auto libart_path = GetArt()->name();
for (auto map : lsplt::MapInfo::Scan()) {
Expand All @@ -98,7 +98,7 @@ inline int HookArtFunction(void *original, void *callback, void **backup, bool s
if (save) plt_hook_saved.emplace_back(symbol, backup);
} else if (auto addr = GetArt()->getSymbAddress(symbol); addr) {
Dl_info info;
if (dladdr(addr, &info) && info.dli_sname != nullptr && info.dli_sname == symbol)
if (dladdr(addr, &info) && info.dli_sname != nullptr && strcmp(info.dli_sname, symbol) == 0)
HookFunction(addr, callback, backup);
} else if (*backup == nullptr && isDebug) {
LOGW("Failed to {} Art symbol {}", save ? "hook" : "unhook", symbol);
Expand All @@ -107,7 +107,7 @@ inline int HookArtFunction(void *original, void *callback, void **backup, bool s
}

inline int UnhookArtFunction(void *original) {
std::string_view func_name = *reinterpret_cast<std::string_view *>(original);
std::string_view func_name = reinterpret_cast<const char *>(original);
auto hook_iter = std::find_if(plt_hook_saved.begin(), plt_hook_saved.end(),
[func_name](auto record) { return record.first == func_name; });

Expand Down
2 changes: 1 addition & 1 deletion core/src/main/jni/src/jni/resources_hook.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ namespace lspd {
"_ZNK7android12ResXMLParser18getAttributeNameIDEm")))) {
return false;
}
return android::ResStringPool::setup(HookHandler{
return android::ResStringPool::setup(lsplant::InitInfo {
.art_symbol_resolver = [&](auto s) {
return fw.template getSymbAddress(s);
}
Expand Down
29 changes: 12 additions & 17 deletions core/src/main/jni/src/native_api.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
#include <list>
#include <dlfcn.h>
#include "elf_util.h"
#include "symbol_cache.h"


/*
Expand All @@ -48,7 +49,6 @@

namespace lspd {

using lsplant::operator""_tstr;
std::list<NativeOnModuleLoaded> moduleLoadedCallbacks;
std::list<std::string> moduleNativeLibs;
std::unique_ptr<void, std::function<void(void *)>> protected_page(
Expand All @@ -68,11 +68,14 @@ namespace lspd {

void RegisterNativeLib(const std::string &library_name) {
static bool initialized = []() {
return InstallNativeAPI({
return InstallNativeAPI(lsplant::InitInfo {
.inline_hooker = [](auto t, auto r) {
void* bk = nullptr;
return HookFunction(t, r, &bk) == 0 ? bk : nullptr;
},
.art_symbol_resolver = [](auto symbol){
return GetLinker()->getSymbAddress(symbol);
},
});
}();
if (!initialized) [[unlikely]] return;
Expand All @@ -88,11 +91,10 @@ namespace lspd {
return false;
}

CREATE_HOOK_STUB_ENTRY(
"__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv",
void*, do_dlopen, (const char* name, int flags, const void* extinfo,
const void* caller_addr), {
auto *handle = backup(name, flags, extinfo, caller_addr);
inline static lsplant::Hooker<"__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv",
void*(const char*, int, const void*, const void*)>
do_dlopen = +[](const char* name, int flags, const void* extinfo, const void* caller_addr) {
auto *handle = do_dlopen(name, flags, extinfo, caller_addr);
std::string ns;
if (name) {
ns = std::string(name);
Expand All @@ -101,7 +103,7 @@ namespace lspd {
}
LOGD("native_api: do_dlopen({})", ns);
if (handle == nullptr) {
return nullptr;
return handle;
}
for (std::string_view module_lib: moduleNativeLibs) {
// the so is a module so
Expand All @@ -128,16 +130,9 @@ namespace lspd {
callback(name, handle);
}
return handle;
});
};

bool InstallNativeAPI(const lsplant::HookHandler & handler) {
auto *do_dlopen_sym = SandHook::ElfImg("/linker").getSymbAddress(
"__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv");
LOGD("InstallNativeAPI: {}", do_dlopen_sym);
if (do_dlopen_sym) [[likely]] {
HookSymNoHandle(handler, do_dlopen_sym, do_dlopen);
return true;
}
return false;
return handler.hook(do_dlopen);
}
}

0 comments on commit 32ec9ae

Please sign in to comment.