TEST

appveyor.yml

@@ -1,4 +1,4 @@
-version: '0.4.6.3 ({build})'
+version: '0.5.0.0 ({build})'
 
 environment:
   ANDROID_HOME: C:\android-sdk-windows

edxp-core/.gitignore

@@ -4,5 +4,6 @@
 /obj
 /release
 /template_override/module.prop
+/template_override/system
 /template_override/system_x86
 *.iml

edxp-core/build.gradle

@@ -4,7 +4,7 @@ import org.gradle.internal.os.OperatingSystem
 apply plugin: 'com.android.library'
 
 // Values set here will be overriden by AppVeyor, feel free to modify during development.
-def buildVersionName = 'v0.4.6.3'
+def buildVersionName = 'v0.5.0.0'
 def buildVersionCode = 233
 
 if (System.env.APPVEYOR_BUILD_VERSION != null) {

edxp-core/src/main/cpp/main/include/android_build.h

@@ -21,6 +21,7 @@
 #define ANDROID_O_MR1                   27
 #define ANDROID_P                       28
 #define ANDROID_Q                       29
+#define ANDROID_R                       30
 
 static inline int32_t GetAndroidApiLevel() {
     char prop_value[PROP_VALUE_MAX];

edxp-core/src/main/cpp/main/include/art/runtime/class_linker.h

@@ -44,6 +44,15 @@ namespace art {
             }
         }
 
+        CREATE_HOOK_STUB_ENTRIES(bool, ShouldUseInterpreterEntrypoint, void *art_method, const void* quick_code) {
+            // TODO check hooked
+            bool hooked = false;
+            if (hooked && quick_code != nullptr) {
+                return false;
+            }
+            return ShouldUseInterpreterEntrypointBackup(art_method, quick_code);
+        }
+
     public:
         ClassLinker(void *thiz) : HookedObject(thiz) {}
 
@@ -59,6 +68,10 @@ namespace art {
 
             HOOK_FUNC(FixupStaticTrampolines,
                       "_ZN3art11ClassLinker22FixupStaticTrampolinesENS_6ObjPtrINS_6mirror5ClassEEE");
+            if (GetAndroidApiLevel() >= ANDROID_R) {
+                HOOK_FUNC(ShouldUseInterpreterEntrypoint,
+                          "_ZN3art11ClassLinker30ShouldUseInterpreterEntrypointEPNS_9ArtMethodEPKv");
+            }
         }
 
         ALWAYS_INLINE void SetEntryPointsToInterpreter(void *art_method) const {

edxp-core/src/main/cpp/main/include/art/runtime/oat_file_manager.h

@@ -14,13 +14,10 @@ namespace art {
         // http://androidxref.com/9.0.0_r3/xref/art/runtime/oat_file_manager.cc#637
         static void DisableOnlyUseSystemOatFiles(void *handle, HookFunType hook_func) {
             const int api_level = GetAndroidApiLevel();
-            if (api_level == ANDROID_P) {
+            if (api_level >= ANDROID_P) {
                 HOOK_FUNC(SetOnlyUseSystemOatFiles,
-                          "_ZN3art14OatFileManager24SetOnlyUseSystemOatFilesEv");
-            }
-            if (api_level == ANDROID_Q) {
-                HOOK_FUNC(SetOnlyUseSystemOatFiles,
-                          "_ZN3art14OatFileManager24SetOnlyUseSystemOatFilesEbb");
+                          "_ZN3art14OatFileManager24SetOnlyUseSystemOatFilesEv", // 9 & 11
+                          "_ZN3art14OatFileManager24SetOnlyUseSystemOatFilesEbb"); // 10
             }
         };
 

edxp-core/src/main/cpp/main/include/config.h

@@ -29,20 +29,23 @@ namespace edxp {
 
     static constexpr auto kLibArtName = "libart.so";
     static constexpr auto kLibFwkName = "libandroid_runtime.so";
+    static constexpr auto kLibFwName = "libandroidfw.so";
     static constexpr auto kLibWhaleName = "libwhale.edxp.so";
     static constexpr auto kLibSandHookName = "libsandhook.edxp.so";
+    static constexpr auto kLibSandHookNativeName = "libsandhook-native.so";
 
-    static const auto kLibBasePath = std::string(LP_SELECT("/system/lib/", "/system/lib64/"));
-    static const auto kLibRuntimeBasePath = std::string(
-            LP_SELECT("/apex/com.android.runtime/lib/", "/apex/com.android.runtime/lib64/"));
-
-    static const auto kLibArtPath =
-            (GetAndroidApiLevel() >= ANDROID_Q ? kLibRuntimeBasePath : kLibBasePath) + kLibArtName;
+    static const auto kLibBasePath = std::string(
+            LP_SELECT("/system/lib/",
+                      "/system/lib64/"));
+    static const auto kLinkerPath = std::string(
+            LP_SELECT("/apex/com.android.runtime/bin/linker",
+                      "/apex/com.android.runtime/bin/linker64"));
 
+    static const auto kLibArtLegacyPath = kLibBasePath + kLibArtName;
     static const auto kLibWhalePath = kLibBasePath + kLibWhaleName;
     static const auto kLibSandHookPath = kLibBasePath + kLibSandHookName;
-    static const auto kLibFwPath = kLibBasePath + "libandroidfw.so";
-    static const auto kLibDlPath = kLibBasePath + "libdl.so";
+    static const auto kLibSandHookNativePath = kLibBasePath + kLibSandHookNativeName;
+    static const auto kLibFwPath = kLibBasePath + kLibFwName;
     static const auto kLibFwkPath = kLibBasePath + kLibFwkName;
 
     inline const char *const BoolToString(bool b) {

edxp-core/src/main/cpp/main/src/native_hook.cpp

@@ -21,18 +21,21 @@
 
 namespace edxp {
 
-    static bool installed = false;
-    static bool art_hooks_installed = false;
-    static bool fwk_hooks_installed = false;
+    static volatile bool installed = false;
+    static volatile bool art_hooks_installed = false;
+    static volatile bool fwk_hooks_installed = false;
     static HookFunType hook_func = nullptr;
 
     void InstallArtHooks(void *art_handle);
 
     void InstallFwkHooks(void *fwk_handle);
 
+    bool InstallLinkerHooks(const char *linker_path);
+
     CREATE_HOOK_STUB_ENTRIES(void *, mydlopen, const char *file_name, int flags,
+                             const void *ext_info,
                              const void *caller) {
-        void *handle = mydlopenBackup(file_name, flags, caller);
+        void *handle = mydlopenBackup(file_name, flags, ext_info, caller);
         if (file_name != nullptr && std::string(file_name).find(kLibArtName) != std::string::npos) {
             InstallArtHooks(handle);
         }
@@ -66,24 +69,50 @@ namespace edxp {
         }
         hook_func = reinterpret_cast<HookFunType>(hook_func_symbol);
 
-        if (api_level > ANDROID_P) {
-            ScopedDlHandle dl_handle(kLibDlPath.c_str());
-            void *handle = dl_handle.Get();
-            HOOK_FUNC(mydlopen, "__loader_dlopen");
+        if (api_level >= ANDROID_Q) {
+            InstallLinkerHooks(kLinkerPath.c_str());
         } else {
-            ScopedDlHandle art_handle(kLibArtPath.c_str());
+            ScopedDlHandle art_handle(kLibArtLegacyPath.c_str());
             InstallArtHooks(art_handle.Get());
         }
 
         ScopedDlHandle fwk_handle(kLibFwkPath.c_str());
         InstallFwkHooks(fwk_handle.Get());
     }
 
+    bool InstallLinkerHooks(const char *linker_path) {
+        void *handle = dlopen(kLibSandHookNativePath.c_str(), RTLD_NOW);
+
+        if (!handle) {
+            LOGI("Failed to open libsandhook-native");
+            return false;
+        }
+
+        auto getSym = reinterpret_cast<void *(*)(const char *, const char *)>(dlsym(handle,
+                                                                                    "SandGetSym"));
+        if (!getSym) {
+            LOGI("SandGetSym is null");
+            return false;
+        }
+
+        auto dlopen_symbol = "__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv";
+        void *dlopen_addr = getSym(linker_path, dlopen_symbol);
+        if (dlopen_addr) {
+            hook_func(dlopen_addr, (void *) mydlopenReplace,
+                      (void **) &mydlopenBackup);
+            LOGI("dlopen hooked");
+            return true;
+        }
+
+        LOGI("dlopen_addr is null");
+        return false;
+    }
+
     void InstallArtHooks(void *art_handle) {
         if (art_hooks_installed) {
             return;
         }
-        if (ConfigManager::GetInstance() -> IsHiddenAPIBypassEnabled()) {
+        if (ConfigManager::GetInstance()->IsHiddenAPIBypassEnabled()) {
             art::hidden_api::DisableHiddenApi(art_handle, hook_func);
         }
         art::Runtime::Setup(art_handle, hook_func);

edxp-core/template_override/customize.sh

@@ -295,10 +295,12 @@ mv "${MODPATH}/system/framework/eddexmaker.jar" "${MODPATH}/system/framework/${J
 mv "${MODPATH}/system/framework/edconfig.jar" "${MODPATH}/system/framework/${JAR_EDCONFIG}"
 mv "${MODPATH}/system/lib/libriru_edxp.so" "${MODPATH}/system/lib/${LIB_RIRU_EDXP}"
 mv "${MODPATH}/system/lib/libwhale.edxp.so" "${MODPATH}/system/lib/${LIB_WHALE_EDXP}"
+mv "${MODPATH}/system/lib/libsandhook-native.so" "${MODPATH}/system/lib/libsandhook-native.so"
 
 if [[ "${IS64BIT}" == true ]]; then
     mv "${MODPATH}/system/lib64/libriru_edxp.so" "${MODPATH}/system/lib64/${LIB_RIRU_EDXP}"
     mv "${MODPATH}/system/lib64/libwhale.edxp.so" "${MODPATH}/system/lib64/${LIB_WHALE_EDXP}"
+    mv "${MODPATH}/system/lib64/libsandhook-native.so" "${MODPATH}/system/lib64/libsandhook-native.so"
 fi
 
 if [[ "${VARIANTS}" == "SandHook" ]]; then

edxp-sandhook/build.gradle

@@ -28,7 +28,7 @@ dependencies {
     compileOnly files("${hiddenApiStubJarFilePath}")
     implementation project(':edxp-common')
     implementation project(':xposed-bridge')
-    implementation 'com.swift.sandhook:hooklib:4.1.6'
+    implementation 'com.swift.sandhook:hooklib:4.2.1'
     compileOnly project(':dexmaker')
 }
 

edxp-sandhook/src/main/java/com/swift/sandhook/xposedcompat/hookstub/HookStubManager.java

@@ -281,6 +281,7 @@ public static long hookBridge(int id, CallOriginCallBack callOrigin, long... stu
                 ((XC_MethodHook) snapshot[beforeIdx]).callBeforeHookedMethod(param);
             } catch (Throwable t) {
                 // reset result (ignoring what the unexpectedly exiting callback did)
+                XposedBridge.log(t);
                 param.setResult(null);
                 param.returnEarly = false;
                 continue;
@@ -304,6 +305,7 @@ public static long hookBridge(int id, CallOriginCallBack callOrigin, long... stu
                     param.setResult(SandHook.callOriginMethod(originMethod, entity.backup, thiz, param.args));
                 }
             } catch (Throwable e) {
+                XposedBridge.log(e);
                 param.setThrowable(e);
             }
         }
@@ -317,6 +319,7 @@ public static long hookBridge(int id, CallOriginCallBack callOrigin, long... stu
             try {
                 ((XC_MethodHook) snapshot[afterIdx]).callAfterHookedMethod(param);
             } catch (Throwable t) {
+                XposedBridge.log(t);
                 if (lastThrowable == null)
                     param.setResult(lastResult);
                 else
@@ -375,6 +378,7 @@ public static Object hookBridge(Member origin, Method backup, XposedBridge.Addit
             try {
                 param.setResult(SandHook.callOriginMethod(true, origin, backup, thiz, param.args));
             } catch (Throwable e) {
+                XposedBridge.log(e);
                 param.setThrowable(e);
             }
         }