hexhacking / xdl Goto Github PK
View Code? Open in Web Editor NEW:fire: xDL is an enhanced implementation of the Android DL series functions.
License: MIT License
:fire: xDL is an enhanced implementation of the Android DL series functions.
License: MIT License
2.0.0
8.1
armeabi-v7a, arm64-v8a
Nexus 6p
执行函数LOGE("xdl_open1 %p",xdl_open("libxxx.so",XDL_TRY_FORCE_LOAD));
我在函数进行了插桩输出
LOGE("xdl_linker_dlopen %p",xdl_linker_dlopen);
LOGE("xdl_linker_load// >= Android 8.0");
LOGE("xdl_linker_caller_addr[%d] %p",i,xdl_linker_caller_addr[i]);
LOGE("xdl_linker_load// >= Android 8.0 handle:%p",handle);
以下是结果
2023-12-25 09:45:52.485 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_linker_dlopen 0x78514dde3c
2023-12-25 09:45:52.485 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_linker_load// >= Android 8.0
2023-12-25 09:45:52.485 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_linker_caller_addr[0] 0x7850649000
2023-12-25 09:45:52.501 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_linker_caller_addr[1] 0x77cc39e000
2023-12-25 09:45:52.512 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_linker_caller_addr[2] 0x77c2047000
2023-12-25 09:45:52.513 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_linker_load// >= Android 8.0 handle:0x0
2023-12-25 09:45:52.513 21743-22152 MZHY com.mz.fkrdcg.a233 E xdl_open1 0x0
可以看到xdl_open返回的是null.
值得一提的是我直接使用dlopen反而还能正常打开so获取handle,先用dlopen打开so,再执行xdl_open也能获取到handle
2.0.0
5.0
arm64-v8a
vivo Y35
本地使用nm -D可以找到符号, 但是xDL找不到符号对应的函数
*** --------------------------------------------------------------
2023-01-09 10:56:34.465 23494-23494 xdl_tag io.github.hexhacking.xdl.sample I +++ xdl_open + xdl_info + xdl_dsym + xdl_addr
2023-01-09 10:56:34.466 23494-23494 xdl_tag io.github.hexhacking.xdl.sample I >>> xdl_open(libart.so) : handle 558ed70050
2023-01-09 10:56:34.466 23494-23494 xdl_tag io.github.hexhacking.xdl.sample I >>> xdl_info(558ed70050) : 7f9e56e000 libart.so (phdr 7f9e56e040, phnum 6)
2023-01-09 10:56:34.476 23494-23494 xdl_tag io.github.hexhacking.xdl.sample I >>> xdl_dsym(ZN3art7DexFile10OpenMemoryEPKhjRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEjPNS_6MemMapEPS9) : addr 0, sz 0
2023-01-09 10:56:34.476 23494-23494 xdl_tag io.github.hexhacking.xdl.sample I >>> xdl_addr(0) : FAILED
2023-01-09 10:56:34.476 23494-23494 xdl_tag io.github.hexhacking.xdl.sample I *** --------------------------------------------------------------
比如查找.text的首地址 大小 查找地址属于哪个section中 也可以做一个回调获得所有section info信息
If it is possible, could a static version of the library be shipped in addition to the shared version? I am not sure about the limitations of Prefab, but I hope that it can be done. This would be very helpful for building it into my own native library without the need for 2+ shared libraries (and can potentially cause conflicts, etc.).
Currently I manually download and modify the repo to build a static version to implement into my own native library.
No response
2.0.0
9.0
armeabi-v7a
雷电模拟器 9.0.35 android 9.0(64位)
我打了一个包含32位和64位动态库的apk,安装到雷电模拟器后,尝试
xdl_open(“libart.so”, XDL_DEFAULT);
结果返回了nullptr
需要特别说明的是,雷电模拟器运行的是32的动态库(实际我提供了64位的库,并且模拟器自身也是64位的)
同样的代码,我在真机上尝试过,是可以正常获取到目标地址的
2.1.1
14
armeabi-v7a, arm64-v8a
Samsung Galaxy A53 5G
xdl_open returns null if I try to open any library in the vendor namespace. Attaching log from sample app.
xdl_tag com.mdnssknght.mycamera I +++ xdl_open + xdl_info + xdl_dsym + xdl_addr
xdl_tag com.mdnssknght.mycamera I >>> xdl_open(libart.so) : handle b4000071f32906d0
xdl_tag com.mdnssknght.mycamera I >>> xdl_info(b4000071f32906d0) : 71afc12000 /apex/com.android.art/lib64/libart.so (phdr 71afc12040, phnum 10)
xdl_tag com.mdnssknght.mycamera I >>> xdl_dsym(_ZN3artL16FindOatMethodForEPNS_9ArtMethodENS_11PointerSizeEPb) : addr 71afefb4cc, sz 3400
xdl_tag com.mdnssknght.mycamera I >>> xdl_addr(71afefb4cc) : 71afc12000 /apex/com.android.art/lib64/libart.so (phdr 71afc12040, phnum 10), 71afefb4cc _ZN3artL16FindOatMethodForEPNS_9ArtMethodENS_11PointerSizeEPb.__uniq.231987612005477677052516648077052451092.llvm.3250098303042339366 (sz 3400)
...
xdl_tag com.mdnssknght.mycamera I --- dlopen(libOpenCL.so) : handle 0
xdl_tag com.mdnssknght.mycamera I +++ xdl_open + xdl_info + xdl_sym + xdl_addr
xdl_tag com.mdnssknght.mycamera I >>> xdl_open(libOpenCL.so) : handle 0
xdl_tag com.mdnssknght.mycamera I >>> xdl_info(0) : 0 (NULL) (phdr 0, phnum 0)
xdl_tag com.mdnssknght.mycamera I >>> xdl_sym(clCreateContext) : addr 0, sz 0
xdl_tag com.mdnssknght.mycamera I >>> xdl_addr(0) : FAILED
我使用xdl加载一个so库(此前该so从未被加载到内存),但它加载失败了,它似乎是由undefined symbol: xxxx导致的,某些符号未被定义。仅当我使用dlopen并使用RTLD_LAZY才会成功。而我注意到XDL默认使用RTLD_NOW来加载库,能否为xdl_open添加一些flag参数,与dlopen相同?
1.1.3
8.1.0
arm64-v8a
小米平板4
void *so_base_addr = xdlInfo.dli_fbase;
so_base_addr 输出就是soStartAddrFromMaps这项的地址为0x799cbdb000,但是我自己手动扫描maps时,发现libart.so的加载地址,也就是第一项,为0x799cc00000。目前只发现在 Android9.0-Android6.0 arm64/32模式下libart.so会出现此情况。libc.so都是正确的,没有任何问题。(自身做了mmap操作,但是都在调用xdl之前munmap了或者在xdl调用之后mmap)
1.1.3
9.0
armeabi-v7a
Google Pixel 3
xDL/xdl/src/main/cpp/xdl_iterate.c
Line 147 in 3865f1d
老师你好,
buf在作用域结束时变成了野指针,callback继续操作info->dlpi_name的话非常危险。
解决方案:在堆上malloc一段空间存放pathname;在callback结束后进行free
有时候需要对函数插装,所以需要对全部的函数进行遍历,包括debug符号 。
No response
No response
1.1.4
不限版本
armeabi-v7a, arm64-v8a, x86, x86_64
不限设备
xdl_sym 内部实现是读取 .dynsym,xdl_dsym 内部实现是读取 .symtab,会不会是搞反了,还是有什么特殊含义?
v1.1.3
11-12
armeabi-v7a, arm64-v8a
Xiaomi mi9, Xiaomi mi10 ultra, Motorola moto g8, etc.
Every time I trying to xdl_open library from system/vendor/lib64 there's no success.
版本:
implementation 'io.hexhacking:xdl:1.0.4'
执行条件:
在APP主进程的主线程中通过jni调用xdl_open,加载libbluetooth.so (/system/lib64/libbluetooth.so)
调用xdl_open之前,该so没有加载到进程的内存空间中,是第一次加载
崩溃日志:
`*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/flame/flame:11/RP1A.200720.009/6720564:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm64'
Timestamp: 2021-04-25 17:29:56+0800
pid: 15387, tid: 15387, name: example.bledemo >>> com.example.bledemo <<<
uid: 10030
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
Cause: null pointer dereference
x0 0000000000000006 x1 0000007fc98f3188 x2 0000007fc98f31c0 x3 0000007199bf9080
x4 000000719cafd740 x5 000000719cafd733 x6 2f6d65747379732f x7 696c2f343662696c
x8 000000719dcdd4a8 x9 0000000000000000 x10 000000000000003f x11 0000000000000028
x12 65756c6262696c2f x13 6f732e68746f6f74 x14 00000000afd231bc x15 0000000002bf48c6
x16 000000719dcd9448 x17 000000719dcae4b0 x18 0000000000000000 x19 0000007199bf9080
x20 000000719dbf3058 x21 0000006ef6095390 x22 0000000000000000 x23 000000719dbf6f61
x24 0000000000000066 x25 000000719dcdd4b8 x26 000000719dcdd4b0 x27 0000006ef5b7b86c
x28 000000719dcdd000 x29 0000007fc98eb8b0
lr 000000719dc380f4 sp 0000007fc98eb8b0 pc 0000006ef5b7b86c pst 0000000080000000
backtrace:
#00 pc 000000000017b86c /system/lib64/libbluetooth.so (_GLOBAL__sub_I_bta_ag_act.cc) (BuildId: d07643cbd5d9d34c52b587b199da32f3)
#1 pc 000000000004a0f0 /apex/com.android.runtime/bin/linker64 (_dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5+284) (BuildId: 3616c064c2d540887bd8b30030a981de)
#2 pc 000000000004a2f0 /apex/com.android.runtime/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+380) (BuildId: 3616c064c2d540887bd8b30030a981de)
#3 pc 0000000000035a4c /apex/com.android.runtime/bin/linker64 (__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv+2088) (BuildId: 3616c064c2d540887bd8b30030a981de)
#4 pc 00000000000310e8 /apex/com.android.runtime/bin/linker64 (__dl__ZL10dlopen_extPKciPK17android_dlextinfoPKv+80) (BuildId: 3616c064c2d540887bd8b30030a981de)
#5 pc 000000000000120c /data/app/~~yxqS3Fy6-6fNtXX7A_xKMw==/com.example.bledemo-QfW-KfzEF2wbfbY9Arjt7Q==/base.apk!libxdl.so (offset 0xe000) (xdl_open+128) (BuildId: 154fa0245579a20c11a832dd43fe69784a9c157a)
#6 pc 0000000000000980 /data/app/~~yxqS3Fy6-6fNtXX7A_xKMw==/com.example.bledemo-QfW-KfzEF2wbfbY9Arjt7Q==/base.apk!libble_compat.so (offset 0x7000) (BuildId: 2f66c2f22a2ba64935b061936938d659925aaf79)
#7 pc 00000000000008b8 /data/app/~~yxqS3Fy6-6fNtXX7A_xKMw==/com.example.bledemo-QfW-KfzEF2wbfbY9Arjt7Q==/base.apk!libble_compat.so (offset 0x7000) (Java_com_connect_ble_BLECompat_getBLEAddress+32) (BuildId: 2f66c2f22a2ba64935b061936938d659925aaf79)`
tombstone_pixel_4_android_11.txt
tombstone_pixel_xl_android_10.txt
tombstone_vivo_y15_android_11.txt
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.