Comments (5)
caikelun
commented on August 11, 2024
这个函数是用来查询导入符号的,.gnu_hash中不包含导入符号。你可以仔细看下这个函数中每种查找的注释,约靠前的查找方式查找到的概率越大,如果概率相同,则速度快的放在前面。
from bhook.
Mr-JingShi
commented on August 11, 2024
大佬,不好意思,这个文件相似符号名字的函数太多了,我标记错位置了。
应该是这个位置:
bhook/bytehook/src/main/cpp/bh_elf.c
Line 544 in 19f99d9
个人觉得xhook的写法更好:
static int xh_elf_gnu_hash_lookup(xh_elf_t *self, const char *symbol, uint32_t *symidx)
{
if(0 == xh_elf_gnu_hash_lookup_def(self, symbol, symidx)) return 0;
// 当然对于export符号查找,这个import符号查找需要屏蔽掉
// if(0 == xh_elf_gnu_hash_lookup_undef(self, symbol, symidx)) return 0;
return XH_ERRNO_NOTFND;
}
static int xh_elf_find_symidx_by_name(xh_elf_t *self, const char *symbol, uint32_t *symidx)
{
if(self->is_use_gnu_hash)
return xh_elf_gnu_hash_lookup(self, symbol, symidx);
else
return xh_elf_hash_lookup(self, symbol, symidx);
}存在gnu_hash段、sym_name确实不存在于gnu_hash布隆过滤器中时,不应该继续到sysv-hash中查找,而是提前退出。
from bhook.
Mr-JingShi
commented on August 11, 2024
查询一个不存在的数据,容易造成白嫖,布隆过滤器可以快速识别白嫖,识别到白嫖之后就应该快速制止。
from bhook.
caikelun
commented on August 11, 2024
我理解你说的意思。在实际的线上环境中,我们遇到过一些不太正常的so,有符号信息仅存在于.hash但是不存在于.gnu_hash中。
另外,请不要太相信xhook,这真的是一份很老的代码了,很多年前我就已经放弃维护了,xhook的很多细节也没有在线上做过大规模的验证。
from bhook.
Mr-JingShi
commented on August 11, 2024
谢谢老师的细心回答。
from bhook.
Related Issues (20)
- 自动hook新加载的动态库可能没被hook的问题 HOT 4
- android 4.4 等版本找不到符号 sigfillset HOT 4
- c++在Andorid 11上hook android_dlopen_ext会崩溃 HOT 2
- 使用帮助 HOT 1
- 有人遇到开启hook后native heap明显增加的问题吗 HOT 4
- hook so库的open函数在访问/apex/com.android.runtime/lib64/bionic/libc.so出现崩溃 HOT 2
- Android 11 没有命中自己App中加载的so HOT 5
- @caikelun hook时机 HOT 3
- called in a non-hook status?
- 是否遗漏了self->cfi_hook_lock的destroy操作 HOT 1
- bhook 的dlopen未监控到加载的so
- 通过bytehook_hook_single hook pthread_create函数,新函数只会被执行一次 HOT 1
- armeabi-v7a hook失败,用xhook库能成功 HOT 4
- hook jni 方法失败 HOT 2
- 老哥,BYTESIG_TRY好像不能生效 HOT 2
- hook 构造函数崩溃问题 HOT 2
- 可否支持armeabi架构呢?
- native crash at android 13 HOT 2
- 鲜时光TV APK Android 13平台无法打开 HOT 1
- mprotect 返回-1 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bhook.