Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

安卓9.0下 找不到backup #105

Open
sunya0753 opened this issue Mar 6, 2019 · 9 comments
Open

安卓9.0下 找不到backup #105

sunya0753 opened this issue Mar 6, 2019 · 9 comments

Comments

@sunya0753
Copy link

大佬您好,我最近在做yahfa的接入。其他低版本的安卓系统都运行很完美,但是在安卓9.0的设备上,很大概率会出现backup方法找不到。测试了同一台设备也是安卓8.1正常,升级到9.0上就找不到方法。
例如我hook WindowManagerImpl 的 addView 函数,有些包能正常使用,大多数包会报错。以下是我的代码和具体的报错内容。希望能解决安卓9.0上的这个问题。
public class HookViewDemo {
public static String className = "android.view.WindowManagerImpl";
public static String methodName = "addView";
public static String methodSig = "(Landroid/view/View;Landroid/view/ViewGroup$LayoutParams;)V";
public static void hook(Object obj,Object param1,Object param2) {
Log.d("TIPS","addview in");
backup(obj,param1,param2);
Log.d("TIPS","addview out");
return;
}
public static void backup(Object obj,Object param1,Object param2) {
try { Log.w("TIPS", "load should not be here"); }
catch (Exception e){ e.printStackTrace(); }
return;
}
}

03-05 21:01:28.083 11045-11045/ D/TIPS: addview in
03-05 21:01:28.083 11045-11045/ D/AndroidRuntime: Shutting down VM
03-05 21:01:28.085 11045-11045/ E/AndroidRuntime: FATAL EXCEPTION: main
Process: com.avalon.caveonline.cn.leiting, PID: 11045
java.lang.NoSuchMethodError: No static method backup(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)V in class Lcom/sunya/test/Global/HookViewDemo; or its super classes (declaration of 'com.sunya.test.Global.HookViewDemo' appears in /data/app/com.sunya.test-l5xC2x_HsfTFmXynvLRsPw==/base.apk)
at com.sunya.test.Global.HookViewDemo.hook(HookViewDemo.java:13)
at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:3869)
at android.app.servertransaction.ResumeActivityItem.execute(ResumeActivityItem.java:51)
at android.app.servertransaction.TransactionExecutor.executeLifecycleState(TransactionExecutor.java:145)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:70)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1809)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6680)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
03-05 21:01:28.086 11045-11045/ E/uncaught: java.lang.NoSuchMethodError: No static method backup(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)V in class Lcom/sunya/test/Global/HookViewDemo; or its super classes (declaration of 'com.sunya.test.Global.HookViewDemo' appears in /data/app/com.sunya.test-l5xC2x_HsfTFmXynvLRsPw==/base.apk)
at com.sunya.test.Global.HookViewDemo.hook(HookViewDemo.java:13)
at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:3869)
at android.app.servertransaction.ResumeActivityItem.execute(ResumeActivityItem.java:51)
at android.app.servertransaction.TransactionExecutor.executeLifecycleState(TransactionExecutor.java:145)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:70)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1809)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6680)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)

@rk700
Copy link
Member

rk700 commented May 24, 2019

我这边系统9是台华为EMUI 9,有空我试下android.view.WindowManagerImpl.addView()

不过你也提到8.1上没问题,9上少部分包可以,所以估计问题原因可能比较复杂,不一定能确定。毕竟这个Hook项目也只是之前出于概念验证所写的,这些年Android系统不断更新,修修补补适配高版本系统也变得越来越难。

@xuxingcan
Copy link

xuxingcan commented Sep 22, 2019

同出现了这个问题java.lang.NoSuchMethodError: No static method backup,华为NOVA 4,EMUI 9,比较奇怪。
我这边的现象是,使用YAHFA源码编译的apk,刚装上是好的,过了一晚上,再次运行就不行了,报如上错误,感觉会不会是代码被优化之类的

@Mivik
Copy link

Mivik commented Mar 28, 2020

表示同样有这个issue。我用的是Mi9/Android10,第一次安装软件正常,第二次及以后就无法找到了

@rk700
Copy link
Member

rk700 commented Mar 30, 2020

有可能是和method cache数组被覆盖了有关。

创建了一个新的分支 https://github.com/PAGalaxyLab/YAHFA/tree/test_backup 通过malloc的方式来保存目标方法供backupMethod来调用,可以试验下。

@Mivik
Copy link

Mivik commented Mar 30, 2020

有可能是和method cache数组被覆盖了有关。

创建了一个新的分支 https://github.com/PAGalaxyLab/YAHFA/tree/test_backup 通过malloc的方式来保存目标方法供backupMethod来调用,可以试验下。

虽然方法很简单但确实可行,本机上问题解决,谢谢

@rk700
Copy link
Member

rk700 commented Mar 30, 2020

如果这种方式可以,那看来可能确实和method cache数组有关。

后面会在master分支里合并更新

@Mivik
Copy link

Mivik commented Mar 30, 2020

如果这种方式可以,那看来可能确实和method cache数组有关。

后面会在master分支里合并更新

不过... 我hook的是系统一个类,做的是远端加载另一个目标程序的工作,目前出现了本地hook成功,但通过DexClassLoader加载的目标类无法调用到hook后的函数而是调用原函数的情况(同样是只在release架构下出现问题)。我会尽量把问题研究一下再发出来。当然我觉得我这种问题普适性不大,不影响你merge

@sunya0753
Copy link
Author

sunya0753 commented Jul 29, 2020

cache
replaceMethod(backupMethod, targetMethod, 1);
感谢! 使用这种备份cache的方式确实很大程度上解决了9 10系统上hook找不到backup的问题。
但是又造成了新的问题,在低版本系统上调用backup会造成crash。
例如我这有一台vivo设备,安卓5.1.1, 尝试挂钩WindowManagerImpl.addView。
用旧的memcpy备份方式,可以正常调用backup。使用新的replaceMethod方式,则必定crash。

@rk700
Copy link
Member

rk700 commented Jul 30, 2020

那后面可以这样改下,对不同系统版本采用不同的方式

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants