hexhacking / xdl Goto Github PK
View Code? Open in Web Editor NEW:fire: xDL is an enhanced implementation of the Android DL series functions.
License: MIT License
xdl's People
Contributors
Stargazers
Watchers
Forkers
crackercat cmzy stevezhou6 biysaiy kalu-github zhaopufeng ckandroidproject whulzz1993 netstu tjzhou23 eugene-lookout brynhildrinthedarkness allenk 4872866 kingking888 aweasomepro smoonthsky ygage737 seeyouonedayday chenpeng25 magicjva fanchangwang chenlongkk st-rnd zzg080643 lmhmike shixinzhang zhongqingsong xdcs100 n-ever ldw5821cn yuknight heropanda jiangtao89 x4317350 hongyangandroid mrdevilzeyes hackcatml chago hotfighter satyamisme exiahan guoshan-yang meowboy326 gmh5225 voidkenny vaginessa rmnscnce meilaopo x20888450 zuiliu woowooxxx czlee32 xyzasian opoojkk evgeniy986 rpg3d 1sland99 uni7corn initialjie jyotidwi light-echo-3 xzhao23 hyowe park671 qiaofengboss rulxz212 hgy413 louismari1991 familyye jpacg thelumberjhackxdl's Issues
-
对于未加载的so,无法正常打开
xDL Version
2.0.0
Android OS Version
8.1
Android ABIs
armeabi-v7a, arm64-v8a
Device Manufacturers and Models
Nexus 6p
Describe the Bug
执行函数LOGE("xdl_open1 %p",xdl_open("libxxx.so",XDL_TRY_FORCE_LOAD));
我在函数进行了插桩输出
LOGE("xdl_linker_dlopen %p",xdl_linker_dlopen);
LOGE("xdl_linker_load// >= Android 8.0");
LOGE("xdl_linker_caller_addr[%d] %p",i,xdl_linker_caller_addr[i]);
LOGE("xdl_linker_load// >= Android 8.0 handle:%p",handle);
以下是结果
2023-12-25 09:45:52.485 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_linker_dlopen 0x78514dde3c
2023-12-25 09:45:52.485 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_linker_load// >= Android 8.0
2023-12-25 09:45:52.485 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_linker_caller_addr[0] 0x7850649000
2023-12-25 09:45:52.501 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_linker_caller_addr[1] 0x77cc39e000
2023-12-25 09:45:52.512 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_linker_caller_addr[2] 0x77c2047000
2023-12-25 09:45:52.513 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_linker_load// >= Android 8.0 handle:0x0
2023-12-25 09:45:52.513 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_open1 0x0
可以看到xdl_open返回的是null.
值得一提的是我直接使用dlopen反而还能正常打开so获取handle,先用dlopen打开so,再执行xdl_open也能获取到handle
vivo Y35 android5.0有些符号找不到
xDL Version
2.0.0
Android OS Version
5.0
Android ABIs
arm64-v8a
Device Manufacturers and Models
vivo Y35
Describe the Bug
本地使用nm -D可以找到符号, 但是xDL找不到符号对应的函数
*** --------------------------------------------------------------
2023-01-09 10:56:34.465 23494-23494 xdl_tag io.github.hexhacking.xdl.sample I +++ xdl_open + xdl_info + xdl_dsym + xdl_addr
2023-01-09 10:56:34.466 23494-23494 xdl_tag io.github.hexhacking.xdl.sample I >>> xdl_open(libart.so) : handle 558ed70050
2023-01-09 10:56:34.466 23494-23494 xdl_tag io.github.hexhacking.xdl.sample I >>> xdl_info(558ed70050) : 7f9e56e000 libart.so (phdr 7f9e56e040, phnum 6)
2023-01-09 10:56:34.476 23494-23494 xdl_tag io.github.hexhacking.xdl.sample I >>> xdl_dsym(ZN3art7DexFile10OpenMemoryEPKhjRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEjPNS_6MemMapEPS9) : addr 0, sz 0
2023-01-09 10:56:34.476 23494-23494 xdl_tag io.github.hexhacking.xdl.sample I >>> xdl_addr(0) : FAILED
2023-01-09 10:56:34.476 23494-23494 xdl_tag io.github.hexhacking.xdl.sample I *** --------------------------------------------------------------
是否能够添加获取动态库so section信息的功能
比如查找.text的首地址 大小 查找地址属于哪个section中 也可以做一个回调获得所有section info信息
Static library
the Feature, Motivation and Pitch
If it is possible, could a static version of the library be shipped in addition to the shared version? I am not sure about the limitations of Prefab, but I hope that it can be done. This would be very helpful for building it into my own native library without the need for 2+ shared libraries (and can potentially cause conflicts, etc.).
Alternatives
Currently I manually download and modify the repo to build a static version to implement into my own native library.
Additional context
No response
在雷电模拟器中获取动态库libart.so 地址失败
xDL Version
2.0.0
Android OS Version
9.0
Android ABIs
armeabi-v7a
Device Manufacturers and Models
雷电模拟器 9.0.35 android 9.0(64位)
Describe the Bug
我打了一个包含32位和64位动态库的apk,安装到雷电模拟器后,尝试
xdl_open(“libart.so”, XDL_DEFAULT);
结果返回了nullptr
需要特别说明的是,雷电模拟器运行的是32的动态库(实际我提供了64位的库,并且模拟器自身也是64位的)
同样的代码,我在真机上尝试过,是可以正常获取到目标地址的
Can't use vendor namespace libraries
xDL Version
2.1.1
Android OS Version
14
Android ABIs
armeabi-v7a, arm64-v8a
Device Manufacturers and Models
Samsung Galaxy A53 5G
Describe the Bug
xdl_open returns null if I try to open any library in the vendor namespace. Attaching log from sample app.
xdl_tag com.mdnssknght.mycamera I +++ xdl_open + xdl_info + xdl_dsym + xdl_addr
xdl_tag com.mdnssknght.mycamera I >>> xdl_open(libart.so) : handle b4000071f32906d0
xdl_tag com.mdnssknght.mycamera I >>> xdl_info(b4000071f32906d0) : 71afc12000 /apex/com.android.art/lib64/libart.so (phdr 71afc12040, phnum 10)
xdl_tag com.mdnssknght.mycamera I >>> xdl_dsym(_ZN3artL16FindOatMethodForEPNS_9ArtMethodENS_11PointerSizeEPb) : addr 71afefb4cc, sz 3400
xdl_tag com.mdnssknght.mycamera I >>> xdl_addr(71afefb4cc) : 71afc12000 /apex/com.android.art/lib64/libart.so (phdr 71afc12040, phnum 10), 71afefb4cc _ZN3artL16FindOatMethodForEPNS_9ArtMethodENS_11PointerSizeEPb.__uniq.231987612005477677052516648077052451092.llvm.3250098303042339366 (sz 3400)
...
xdl_tag com.mdnssknght.mycamera I --- dlopen(libOpenCL.so) : handle 0
xdl_tag com.mdnssknght.mycamera I +++ xdl_open + xdl_info + xdl_sym + xdl_addr
xdl_tag com.mdnssknght.mycamera I >>> xdl_open(libOpenCL.so) : handle 0
xdl_tag com.mdnssknght.mycamera I >>> xdl_info(0) : 0 (NULL) (phdr 0, phnum 0)
xdl_tag com.mdnssknght.mycamera I >>> xdl_sym(clCreateContext) : addr 0, sz 0
xdl_tag com.mdnssknght.mycamera I >>> xdl_addr(0) : FAILED
能否为xdl_open添加一些flag参数?
我使用xdl加载一个so库(此前该so从未被加载到内存),但它加载失败了,它似乎是由undefined symbol: xxxx导致的,某些符号未被定义。仅当我使用dlopen并使用RTLD_LAZY才会成功。而我注意到XDL默认使用RTLD_NOW来加载库,能否为xdl_open添加一些flag参数,与dlopen相同?
Android9.0-Android6.0 arm64模式下获取libart.so加载基地址是有问题的
xDL Version
1.1.3
Android OS Version
8.1.0
Android ABIs
arm64-v8a
Device Manufacturers and Models
小米平板4
Describe the Bug
void *so_base_addr = xdlInfo.dli_fbase;
so_base_addr 输出就是soStartAddrFromMaps这项的地址为0x799cbdb000,但是我自己手动扫描maps时,发现libart.so的加载地址,也就是第一项,为0x799cc00000。目前只发现在 Android9.0-Android6.0 arm64/32模式下libart.so会出现此情况。libc.so都是正确的,没有任何问题。(自身做了mmap操作,但是都在调用xdl之前munmap了或者在xdl调用之后mmap)
xdl最新版本在x86的架构下,运行在模拟器上会crash
xDL Version
1.2.1
Android OS Version
9
Android ABIs
x86
Device Manufacturers and Models
模拟器
Describe the Bug
必现,使用的是mumu模拟器,夜神模拟器也会闪退,会卡死或者无响应
info->dlpi_name指向了一个野指针
xDL Version
1.1.3
Android OS Version
9.0
Android ABIs
armeabi-v7a
Device Manufacturers and Models
Google Pixel 3
Describe the Bug
xDL/xdl/src/main/cpp/xdl_iterate.c
Line 147 in 3865f1d
老师你好,
buf在作用域结束时变成了野指针,callback继续操作info->dlpi_name的话非常危险。
解决方案:在堆上malloc一段空间存放pathname;在callback结束后进行free
能不能添加一个遍历ELF全部函数的方法
the Feature, Motivation and Pitch
有时候需要对函数插装,所以需要对全部的函数进行遍历,包括debug符号 。
Alternatives
No response
Additional context
No response
请问 xdl_sym 与 xdl_dsym 的实现是不是反了
xDL Version
1.1.4
Android OS Version
不限版本
Android ABIs
armeabi-v7a, arm64-v8a, x86, x86_64
Device Manufacturers and Models
不限设备
Describe the Bug
xdl_sym 内部实现是读取 .dynsym,xdl_dsym 内部实现是读取 .symtab,会不会是搞反了,还是有什么特殊含义?
Impossible to use vendor namespace libraries
xDL Version
v1.1.3
Android OS Version
11-12
Android ABIs
armeabi-v7a, arm64-v8a
Device Manufacturers and Models
Xiaomi mi9, Xiaomi mi10 ultra, Motorola moto g8, etc.
Describe the Bug
Every time I trying to xdl_open library from system/vendor/lib64 there's no success.
xdl_open crash
版本:
implementation 'io.hexhacking:xdl:1.0.4'
执行条件:
在APP主进程的主线程中通过jni调用xdl_open,加载libbluetooth.so (/system/lib64/libbluetooth.so)
调用xdl_open之前,该so没有加载到进程的内存空间中,是第一次加载
崩溃日志:
`*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/flame/flame:11/RP1A.200720.009/6720564:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2021-04-25 17:29:56+0800
pid: 15387, tid: 15387, name: example.bledemo >>> com.example.bledemo <<<
uid: 10030
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
Cause: null pointer dereference
x0 0000000000000006 x1 0000007fc98f3188 x2 0000007fc98f31c0 x3 0000007199bf9080
x4 000000719cafd740 x5 000000719cafd733 x6 2f6d65747379732f x7 696c2f343662696c
x8 000000719dcdd4a8 x9 0000000000000000 x10 000000000000003f x11 0000000000000028
x12 65756c6262696c2f x13 6f732e68746f6f74 x14 00000000afd231bc x15 0000000002bf48c6
x16 000000719dcd9448 x17 000000719dcae4b0 x18 0000000000000000 x19 0000007199bf9080
x20 000000719dbf3058 x21 0000006ef6095390 x22 0000000000000000 x23 000000719dbf6f61
x24 0000000000000066 x25 000000719dcdd4b8 x26 000000719dcdd4b0 x27 0000006ef5b7b86c
x28 000000719dcdd000 x29 0000007fc98eb8b0
lr 000000719dc380f4 sp 0000007fc98eb8b0 pc 0000006ef5b7b86c pst 0000000080000000
backtrace:
#00 pc 000000000017b86c /system/lib64/libbluetooth.so (_GLOBAL__sub_I_bta_ag_act.cc) (BuildId: d07643cbd5d9d34c52b587b199da32f3)
#1 pc 000000000004a0f0 /apex/com.android.runtime/bin/linker64 (_dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5+284) (BuildId: 3616c064c2d540887bd8b30030a981de)
#2 pc 000000000004a2f0 /apex/com.android.runtime/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+380) (BuildId: 3616c064c2d540887bd8b30030a981de)
#3 pc 0000000000035a4c /apex/com.android.runtime/bin/linker64 (__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv+2088) (BuildId: 3616c064c2d540887bd8b30030a981de)
#4 pc 00000000000310e8 /apex/com.android.runtime/bin/linker64 (__dl__ZL10dlopen_extPKciPK17android_dlextinfoPKv+80) (BuildId: 3616c064c2d540887bd8b30030a981de)
#5 pc 000000000000120c /data/app/~~yxqS3Fy6-6fNtXX7A_xKMw==/com.example.bledemo-QfW-KfzEF2wbfbY9Arjt7Q==/base.apk!libxdl.so (offset 0xe000) (xdl_open+128) (BuildId: 154fa0245579a20c11a832dd43fe69784a9c157a)
#6 pc 0000000000000980 /data/app/~~yxqS3Fy6-6fNtXX7A_xKMw==/com.example.bledemo-QfW-KfzEF2wbfbY9Arjt7Q==/base.apk!libble_compat.so (offset 0x7000) (BuildId: 2f66c2f22a2ba64935b061936938d659925aaf79)
#7 pc 00000000000008b8 /data/app/~~yxqS3Fy6-6fNtXX7A_xKMw==/com.example.bledemo-QfW-KfzEF2wbfbY9Arjt7Q==/base.apk!libble_compat.so (offset 0x7000) (Java_com_connect_ble_BLECompat_getBLEAddress+32) (BuildId: 2f66c2f22a2ba64935b061936938d659925aaf79)`
tombstone_pixel_4_android_11.txt
tombstone_pixel_xl_android_10.txt
tombstone_vivo_y15_android_11.txt
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.