Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

华为MT7-TL10 hook失败 #9

Closed
zhaowq32 opened this issue Sep 12, 2021 · 5 comments
Closed

华为MT7-TL10 hook失败 #9

zhaowq32 opened this issue Sep 12, 2021 · 5 comments
Labels
help wanted Extra attention is needed

Comments

@zhaowq32
Copy link

MainActivity为webview,加载网页时未hook掉connect函数。红米k20 pro及模拟器均正常hook。
@caikelun
Copy link
Member

华为MT7-TL10上其他函数hook正常吗?hook执行流程不会对某个函数做区别对待。
可以分析下华为MT7-TL10 webview 执行 connect在哪个so,以及执行流程是否调用到了 connect(用readelf,objdump,ida等等)

@caikelun caikelun added the help wanted Extra attention is needed label Sep 12, 2021
@zhaowq32
Copy link
Author

执行流程肯定是调用到了connect,因为我其他手机和模拟器均能走到替换函数内。

@caikelun
Copy link
Member

可以注册hooked回调,来看下connect是否hook成功了。

@tyrionchen tyrionchen mentioned this issue Feb 22, 2022
Closed
cmzy pushed a commit to cmzy/bhook that referenced this issue Mar 28, 2023
#Bugfix [Crash]: Crashed on multi thread:
018dd74 
Crash Thread-> [pid:15662]:[pname:com.example_for_hidden.ph] [tid:16061]:[tname:sps-core]
    x0  00000071217f7d90  x1  000000710b01e350  x2  0000000000000000  x3  0000000000000000
    x4  8080808080000000  x5  0000000000000000  x6  0000008080808080  x7  fefefefeff6e722d
    x8  726569727261626f  x9  00000071ddf30280  x10 0000000a30203020  x11 0000000000000000
    x12 000000000000018c  x13 98e1752cb5d3e1ab  x14 007491a877137aec  x15 ffffffffffffffff
    x16 00000071637dbf20  x17 000000726dc6087c  x18 000000711de9e000  x19 0000000000000000
    x20 0000000000000000  x21 00000071d66640e0  x22 726569727261626f  x23 00000071d6664108
    x24 00000071217fc000  x25 00000071d66640e8  x26 0000000000000001  x27 0000000000000000
    x28 00000000655785c7  x29 00000071217f7dc0
    sp  00000071217f7d90  lr  00000071637d450c  pc  00000071637d4530

stack:
  #00 pc 000000000000a530  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!liblubanhook.so (offset 0x1b17000) (bh_elf_manager_refresh+1436) (BuildId: 8bf4f411698f5d0194eb5f99234231ec40b3f469)
  bytedance#1 pc 0000000000008560  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!liblubanhook.so (offset 0x1b17000) (BuildId: 8bf4f411698f5d0194eb5f99234231ec40b3f469)
  bytedance#2 pc 000000000000108c  /apex/com.android.runtime/lib64/bionic/libdl.so (dlclose+8) (BuildId: 0ef8b9fd3ba84892809321b735317a50)
  #03 pc 0000000000155264  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#4 pc 00000000001577e8  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  #05 pc 00000000000dd730  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#6 pc 000000000011fa70  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  #07 pc 000000000005bedc  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#8 pc 000000000002ffc4  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#9 pc 000000000002fbb4  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#10 pc 000000000002f4e4  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#11 pc 00000000001b2978  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/split_config.arm64_v8a.apk!libexample_for_hidden.so (offset 0x2299000) (BuildId: 606487eb6a92f9fcc2f957ccd85c2943a22edc26)
  bytedance#12 pc 00000000002daf18  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/oat/arm64/base.odex (art_jni_trampoline+152)
  bytedance#13 pc 0000000000913f54  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/oat/arm64/base.odex (com.example_for_hidden.example_for_hidden.wvvvuwwu.vwvvvuvuv+84)
  bytedance#14 pc 00000000008f018c  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/oat/arm64/base.odex (com.example_for_hidden.example_for_hidden.uvuuwwuww.vuwuwuuuw.vvwvwwwwu+1084)
  bytedance#15 pc 00000000008f0ffc  /data/app/~~4OPpN4vZ38SuvHU2NPnRnA==/com.example_for_hidden.ph-SPA1I_lJ-Zc2SPOE9_ucRQ==/oat/arm64/base.odex (com.example_for_hidden.example_for_hidden.uvuuwwuww.vuwuwuuuw.handleMessage+620)
  bytedance#16 pc 00000000006a4cf8  /system/framework/arm64/boot-framework.oat (android.os.Handler.dispatchMessage+136) (BuildId: adacda98a7a45bd33ea7f02316d4c011be2906a6)
  bytedance#17 pc 000000000074044c  /system/framework/arm64/boot-framework.oat (android.os.Looper.loop+2220) (BuildId: adacda98a7a45bd33ea7f02316d4c011be2906a6)
  bytedance#18 pc 00000000006a6ea0  /system/framework/arm64/boot-framework.oat (android.os.HandlerThread.run+544) (BuildId: adacda98a7a45bd33ea7f02316d4c011be2906a6)
  bytedance#19 pc 0000000000133564  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: 2cc47e90cab939f919f347ffb2e8950a)
  bytedance#20 pc 00000000001a8a78  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200) (BuildId: 2cc47e90cab939f919f347ffb2e8950a)
  bytedance#21 pc 0000000000555830  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+460) (BuildId: 2cc47e90cab939f919f347ffb2e8950a)
  bytedance#22 pc 00000000005a3fb8  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1308) (BuildId: 2cc47e90cab939f919f347ffb2e8950a)
  bytedance#23 pc 00000000000da278  /apex/com.android.runtime/lib64/bionic/libc.so!libc.so (offset 0xd2000) (__pthread_start(void*)+64) (BuildId: 1ca28d785d6567d2b225cf978ef04de5)
  bytedance#24 pc 000000000007a448  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 1ca28d785d6567d2b225cf978ef04de5)
@cmzy cmzy mentioned this issue Mar 28, 2023
Merged
@wustwg
Copy link

wustwg commented Sep 23, 2024

MainActivity为webview,加载网页时未hook掉connect函数。红米k20 pro及模拟器均正常hook。

webview你确定能hook到?

@zhaowq32
Copy link
Author

后续没有再使用,改用其他框架了。webview里的connect是可以被hook的

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@caikelun @wustwg @zhaowq32