pagalaxylab / virtualhook Goto Github PK

09-15 10:33:04.376 791-950/? E/NativeCrashListener: Exception dealing with report
android.system.ErrnoException: read failed: EAGAIN (Try again)
at libcore.io.Posix.readBytes(Native Method)
at libcore.io.Posix.read(Posix.java:147)
at libcore.io.BlockGuardOs.read(BlockGuardOs.java:230)
at android.system.Os.read(Os.java:364)
at com.android.server.am.NativeCrashListener.consumeNativeCrashData(NativeCrashListener.java:240)
at com.android.server.am.NativeCrashListener.run(NativeCrashListener.java:138)

我就把https://github.com/rk700/ChangePhoneInfo。这个demo生成的apk，push到/sdcard/
就出现了如下问题
W/System.err( 7310): java.lang.ClassNotFoundException: lab.galaxy.yahfa.HookInfo

W/System.err( 7310): at java.lang.Class.classForName(Native Method)

W/System.err( 7310): at java.lang.Class.forName(Class.java:308)

W/System.err( 7310): at lab.galaxy.yahfa.HookMain.doHookDefault(HookMain.java:29)

W/System.err( 7310): at com.lody.virtual.client.VClientImpl.applyHookPlugin(VClientImpl.java:337)

W/System.err( 7310): at com.lody.virtual.client.VClientImpl.bindApplicationNoCheck(VClientImpl.java:321)

W/System.err( 7310): at com.lody.virtual.client.VClientImpl.bindApplication(VClientImpl.java:190)

W/System.err( 7310): at com.lody.virtual.client.hook.proxies.am.HCallbackStub.handleLaunchActivity(HCallbackStub.java:114)

W/System.err( 7310): at com.lody.virtual.client.hook.proxies.am.HCallbackStub.handleMessage(HCallbackStub.java:71)

W/System.err( 7310): at android.os.Handler.dispatchMessage(Handler.java:107)

W/System.err( 7310): at android.os.Looper.loop(Looper.java:194)

W/System.err( 7310): at android.app.ActivityThread.main(ActivityThread.java:5537)

W/System.err( 7310): at java.lang.reflect.Method.invoke(Native Method)

W/System.err( 7310): at java.lang.reflect.Method.invoke(Method.java:372)

W/System.err( 7310): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:955)

W/System.err( 7310): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:750)

W/System.err( 7310): Caused by: java.lang.ClassNotFoundException: Didn't find class "lab.galaxy.yahfa.HookInfo" on path: DexPathList[[zip file "/data/user/0/io.virtualhook/virtual/data/app/lab.galaxy.changephoneinfo/base.apk"],nativeLibraryDirectories=[/data/user/0/io.virtualhook/virtual/data/app/lab.galaxy.changephoneinfo/lib, /vendor/lib, /system/lib]]

W/System.err( 7310): at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)

W/System.err( 7310): at java.lang.ClassLoader.loadClass(ClassLoader.java:511)

W/System.err( 7310): at java.lang.ClassLoader.loadClass(ClassLoader.java:469)

W/System.err( 7310): ... 15 more

W/System.err( 7310): Suppressed: java.lang.ClassNotFoundException: Didn't find class "lab.galaxy.yahfa.HookInfo" on path: DexPathList[[zip file "/data/app/com.example.myxposed-1/base.apk", zip file "/data/app/com.example.myxposed-1/base.apk"],nativeLibraryDirectories=[/data/user/0/io.virtualhook/virtual/data/app/com.example.myxposed/lib, /vendor/lib, /system/lib]]

D/OpenGLRenderer( 974): DrawFrameTask 0x5588ea3278, canUnblockUiThread 1, canDrawThisFrame 1

W/System.err( 7310): at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)

W/System.err( 7310): at java.lang.ClassLoader.loadClass(ClassLoader.java:511)

D/Surface ( 974): Surface::setBuffersDimensions(this=0x5588ec6f20,w=720,h=50)

W/System.err( 7310): at java.lang.ClassLoader.loadClass(ClassLoader.java:504)

W/System.err( 7310): ... 16 more

W/System.err( 7310): Suppressed: java.lang.ClassNotFoundException: lab.galaxy.yahfa.HookInfo

W/System.err( 7310): at java.lang.Class.classForName(Native Method)

W/System.err( 7310): at java.lang.BootClassLoader.findClass(ClassLoader.java:781)

W/System.err( 7310): at java.lang.BootClassLoader.loadClass(ClassLoader.java:841)

W/System.err( 7310): at java.lang.ClassLoader.loadClass(ClassLoader.java:504)

W/System.err( 7310): ... 17 more

W/System.err( 7310): Caused by: java.lang.NoClassDefFoundError: Class not found using the boot class loader; no stack available

Lody 11:23:21
@全体成员 昨天更新已支持最新所有加固，已兼容的应用包括12306，招商银行客户端。此外，最新版本app启动速度比原来会快70%。

如下面的代码,如果定义的返回值是Object,但是实际上需要返回基本类型例如int,就会出现值异常的情况.如果把Object改为int的话就没问题

public static Object hook (Object thiz)
{
    return 1;
}

例如file类,如果只hook构造函数那没问题,但是一旦hook其他方法,例如file.exists(); 就会导致虚拟app无法启动,而且报错我也看不懂,我测试了很多次,实在是无解了,
hook IoBridge类的open方法也是同样问题,请问这是什么原因?

请问一直在报这个错如何解？

这个库得有多大呀，clone每次到33%就下不下来了，10几次了，哭

大神,如何在hook回调下面使被hook的函数抛出异常,类似于xposed的 param.setThrowable(throwable);

例如说我想要hook一个methodSig 为(Landroid/app/Application;Lcom/c/d/e/f/Configuration;)Lcom/c/d/e/f/g;的类.
在xposed框架中可以用类似
final Class<?> Configuration= XposedHelpers.findClass("com.c.d.e.f.Configuration", loadPackageParam.classLoader);的方法来给定自定义类型.
在yahfa中没找到相关方法,只是在HookMain.java中找到Class<?> clazz = Class.forName(className, true, originClassLoader);,但hook插件中拿不到ClassLoader.
请问这种自定义类型如何给定?

我想Hook DexFile的 loadClass 方法。
代码如下
public class Hook_DexFile_loadClass {
public static String className = "dalvik.system.DexFile";
public static String methodName = "loadClass";
public static String methodSig = "(Ljava/lang/String;Ljava/lang/ClassLoader;)Ljava/lang/Class;";
public static Class hook( Object thiz, String name, ClassLoader loader) {

    Log.w("YAHFA", "load class " + name);
    return origin( thiz , name, loader);
}

public static Class origin(Object thiz, String name, ClassLoader loader) {
    Log.w("YAHFA", "should not be here");
    return null;
}

插件加载后，没看到load class 日志信息 。是不能Hook吗

现在VirtualHook能虚拟化运行梆梆加固后的app吗？

大神,除了在VClientImpl中注入插件,还有没有其他地方的修改?我用你的demo可以成功hook,但是自己弄的时候,虽然打印了hook信息,但是实际上并没有成功hook

Error:Execution failed for task ':app:transformClassesWithRetrolambdaForDebug'.

Missing javaCompileTask for variant: debug/0 from output dir: C:\Users\Administrator\Desktop\Test\VirtualHook\VirtualApp\app\build\intermediates\transforms\retrolambda\debug\0

之前版本clone可以运行,最新一次clone后总是无法运行,提示这个错误

没事了，发现是因为在LoadedApk.makeApplication.call(data.info, false, null);之后Log.i输出被加载的应用吃掉了

最新版的va还是有很多优点的,但是我不知道virtualhook修改了va哪些东西,我自己升级va总是无法成功hook,麻烦大神抽个空更新一下va的版本吧,非常感谢

请问怎么做到在插件里面读取VirtualHook参数？

10-22 01:55:28.336: W/System.err(31309): java.lang.ClassCastException: android.telephony.cdma.CdmaCellLocation cannot be cast to android.telephony.gsm.GsmCellLocation
10-22 01:55:28.336: W/System.err(31309): at com.meizu.experiencedatasync.util.Utils.getCellId(Utils.java:852)
10-22 01:55:28.336: W/System.err(31309): at com.meizu.experiencedatasync.service.ReceiveErrorLogService$ErrorHandlerRunnable.run(ReceiveErrorLogService.java:312)
10-22 01:55:28.337: W/System.err(31309): at android.os.Handler.handleCallback(Handler.java:815)
10-22 01:55:28.337: W/System.err(31309): at android.os.Handler.dispatchMessage(Handler.java:104)
10-22 01:55:28.337: W/System.err(31309): at android.os.Looper.loop(Looper.java:194)
10-22 01:55:28.337: W/System.err(31309): at android.os.HandlerThread.run(HandlerThread.java:61)

魅蓝 note3 android: 6.0.1

自动载入的hook用的apk只支持/sdcard/io.virtualhook/patch.apk一个有点不方便。例如说我以前写了一个通用的patch1.apk来打印部分调用，后面要hook一个单独的新应用就必须在原来patch1的基础上修改，而不能单独写一个patch2.apk。这样添加也麻烦，移除也麻烦，做成模块化的样子就方便很多。如果做成模块化的话，直接扫描/sdcard/io.virtualhook/patch/*.apk，并自动添加就好了。（当然，如果你愿意搞成xposed install那样支持启用或禁用就更好，不过感觉写起来有点麻烦）

Hello, i cloned and compiled VirtualHook in Android Studio, install app in Samsung S7(Android 7.0),and push demoHookPlugin.apk to /sdcard/, install demoHookPlugin.apk with VirtualApp, but it cannot work at all, i cannot start demoHookPlugin.apk.

    ClassLoader appClassLoader = mInitialApplication.getClassLoader();
    String patchApkPath = "/sdcard/io.virtualhook/patch.apk";
    File libDir = ensureCreated(new File(VEnvironment.getDataUserPackageDirectory(VUserHandle.myUserId(), "patch"), "lib"));

    try
    {
        // copy native libraries from patch plugin
        NativeLibraryHelperCompat.copyNativeBinaries(new File(patchApkPath), libDir);
        // copy libva-native.so so that the symbol MSHookFunction() can be accessed in patch plugin after Android N
        FileUtils.createSymlink(
                new File(VirtualCore.get().getContext().getApplicationInfo().dataDir, "lib/libva-native.so").getAbsolutePath()
                , new File(libDir, "libva-native.so").getAbsolutePath());
    } catch (Exception e)
    {
        e.printStackTrace();
    }

    DexClassLoader dexClassLoader = new DexClassLoader(patchApkPath,
            VEnvironment.getDalvikCacheDirectory().getAbsolutePath(),
            libDir.getAbsolutePath(),
            appClassLoader);
    HookMain hookMain = new HookMain();
    hookMain.doHookDefault(dexClassLoader, appClassLoader);

上面这段是您的注入代码,注入的插件是apk文件,但是在开发阶段用apk载入的话会非常麻烦,我想把hook代码暂时写到主程序中,调试运行即可hook,请问怎样写呢?

被hook的apk的方法调用流程有办法获悉吗？

目前virtualhook是等虚拟化app启动后才注入hook,这样app在application启动时候的初始化代码根本hook不到,请问大神,可不可以在application调用onCreate之前就注入代码?

应用虽然没有x86的libs, 但借助houdini在x86平台正常打开, 并无异常。
然而相同应用使用VirtualHook却装载失败，看日志出现了以下异常, 是lib指令集问题, 不知道可有解决方案?

E/art ( 3403): dlopen("/data/user/0/io.virtualhook/virtual/data/app/com.jingdong.pdj/lib/libjdpdj.so", RTLD_LAZY) failed: dlopen failed: "/data/user/0/io.virtualhook/virtual/data/app/com.jingdong.pdj/lib/libjdpdj.so" has unexpected e_machine: 40
D/AndroidRuntime( 3403): Shutting down VM
E/uncaught( 3403): java.lang.UnsatisfiedLinkError: dlopen failed: "/data/user/0/io.virtualhook/virtual/data/app/com.jingdong.pdj/lib/libjdpdj.so" has unexpected e_machine: 40
E/uncaught( 3403): at java.lang.Runtime.loadLibrary(Runtime.java:371)
E/uncaught( 3403): at java.lang.System.loadLibrary(System.java:989)
E/uncaught( 3403): at jd.net.z.(z.java:15)
E/uncaught( 3403): at jd.net.ServiceProtocol.baseUrl(ServiceProtocol.java:1838)
E/uncaught( 3403): at jd.net.ServiceProtocol.getUpdateResponse(ServiceProtocol.java:2183)
E/uncaught( 3403): at jd.UpdateServer.checkUpdate(UpdateServer.java:65)
E/uncaught( 3403): at pdj.start.StartActivity.onCreate(StartActivity.java:237)
E/uncaught( 3403): at android.app.Activity.performCreate(Activity.java:5933)
E/uncaught( 3403): at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1105)
E/uncaught( 3403): at com.lody.virtual.client.hook.delegate.InstrumentationDelegate.callActivityOnCreate(InstrumentationDelegate.java:244)
E/uncaught( 3403): at com.lody.virtual.client.hook.delegate.AppInstrumentation.callActivityOnCreate(AppInstrumentation.java:92)
E/uncaught( 3403): at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2251)
E/uncaught( 3403): at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2360)
E/uncaught( 3403): at android.app.ActivityThread.access$800(ActivityThread.java:144)
E/uncaught( 3403): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1278)
E/uncaught( 3403): at android.os.Handler.dispatchMessage(Handler.java:102)
E/uncaught( 3403): at android.os.Looper.loop(Looper.java:135)
E/uncaught( 3403): at android.app.ActivityThread.main(ActivityThread.java:5221)
E/uncaught( 3403): at java.lang.reflect.Method.invoke(Native Method)
E/uncaught( 3403): at java.lang.reflect.Method.invoke(Method.java:372)
E/uncaught( 3403): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:899)
E/uncaught( 3403): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:694)
I/art ( 3403): System.exit called, status: 0
I/AndroidRuntime( 3403): VM exiting with result code 0, cleanup skipped.

10-21 03:16:47.468: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:47.576: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:47.689: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:47.807: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:47.919: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:48.032: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:48.143: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:48.254: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:48.364: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:48.469: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:48.579: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:48.693: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:48.803: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:48.910: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:49.022: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:49.139: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:49.209: W/ContextImpl(19698): Failed to ensure directory: /storage/sdcard1/Android/data/com.fengxv.app/files/log
10-21 03:16:49.228: W/AudioALSAHardware(361): setParameters(), still have param.size() = 1, remain param = "mediaserver_monitor=1"
10-21 03:16:49.250: W/ContextImpl(19698): Failed to ensure directory: /storage/sdcard1/Android/data/com.fengxv.app/files/log
10-21 03:16:49.255: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:49.267: W/ActivityManager(1173): getRunningAppProcesses: caller 10102 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:49.284: W/ContextImpl(19698): Failed to ensure directory: /storage/sdcard1/Android/data/com.fengxv.app/files/log
10-21 03:16:49.360: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:49.454: E/WifiStateMachine(1173): WifiStateMachine starting scan for "xm_notok"WPA_PSK with 5745,2452
10-21 03:16:49.466: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:49.584: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:49.689: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:49.817: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:49.945: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:50.062: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:50.179: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:50.291: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:50.405: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:50.527: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:50.637: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:50.740: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:50.845: W/ActivityManager(1173): getTasks: caller 10099 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:50.937: W/ActivityManager(1173): Scheduling restart of crashed service io.virtualhook/com.lody.virtual.client.stub.DaemonService in 1000ms
10-21 03:16:50.944: W/ADB_SERVICES(398): terminating JDWP 17376 connection: Try again
10-21 03:16:50.950: W/System.err(19698): android.os.DeadObjectException
10-21 03:16:50.954: W/System.err(19698): at android.os.BinderProxy.transactNative(Native Method)
10-21 03:16:50.954: W/System.err(19698): at android.os.BinderProxy.transact(Binder.java:508)
10-21 03:16:50.954: W/System.err(19698): at com.lody.virtual.server.IPackageManager$Stub$Proxy.checkPermission(IPackageManager.java:646)
10-21 03:16:50.954: W/System.err(19698): at com.lody.virtual.client.ipc.VPackageManager.checkPermission(VPackageManager.java:56)
10-21 03:16:50.954: W/System.err(19698): at com.lody.virtual.client.hook.proxies.pm.MethodProxies$CheckPermission.call(MethodProxies.java:726)
10-21 03:16:50.954: W/System.err(19698): at com.lody.virtual.client.hook.base.MethodInvocationStub$HookInvocationHandler.invoke(MethodInvocationStub.java:186)
10-21 03:16:50.954: W/System.err(19698): at java.lang.reflect.Proxy.invoke(Proxy.java:397)
10-21 03:16:50.954: W/System.err(19698): at $Proxy4.checkPermission(Unknown Source)
10-21 03:16:50.955: W/System.err(19698): at android.app.ApplicationPackageManager.checkPermission(ApplicationPackageManager.java:407)
10-21 03:16:50.955: W/System.err(19698): at com.mob.tools.b.c.a(Unknown Source)
10-21 03:16:50.955: W/System.err(19698): at com.mob.tools.b.c.y(Unknown Source)
10-21 03:16:50.955: W/System.err(19698): at cn.sharesdk.framework.statistics.b.b(Unknown Source)
10-21 03:16:50.955: W/System.err(19698): at cn.sharesdk.framework.statistics.b.a(Unknown Source)
10-21 03:16:50.955: W/System.err(19698): at cn.sharesdk.framework.statistics.b.onMessage(Unknown Source)
10-21 03:16:50.955: W/System.err(19698): at com.mob.tools.b.handleMessage(Unknown Source)
10-21 03:16:50.955: W/System.err(19698): at android.os.Handler.dispatchMessage(Handler.java:107)
10-21 03:16:50.955: W/System.err(19698): at android.os.Looper.loop(Looper.java:194)
10-21 03:16:50.955: W/System.err(19698): at android.os.HandlerThread.run(HandlerThread.java:61)
10-21 03:16:50.955: E/NativeEngine(19698): killProcess: pid = 19698, signal = 9.
10-21 03:16:50.956: E/NativeEngine(19698): java.lang.Throwable
10-21 03:16:50.956: E/NativeEngine(19698): at com.lody.virtual.client.NativeEngine.onKillProcess(NativeEngine.java:201)
10-21 03:16:50.956: E/NativeEngine(19698): at android.os.Process.sendSignal(Native Method)
10-21 03:16:50.956: E/NativeEngine(19698): at android.os.Process.killProcess(Process.java:1258)
10-21 03:16:50.956: E/NativeEngine(19698): at com.lody.virtual.client.env.VirtualRuntime.crash(VirtualRuntime.java:58)
10-21 03:16:50.956: E/NativeEngine(19698): at com.lody.virtual.client.ipc.VPackageManager.checkPermission(VPackageManager.java:58)
10-21 03:16:50.956: E/NativeEngine(19698): at com.lody.virtual.client.hook.proxies.pm.MethodProxies$CheckPermission.call(MethodProxies.java:726)
10-21 03:16:50.956: E/NativeEngine(19698): at com.lody.virtual.client.hook.base.MethodInvocationStub$HookInvocationHandler.invoke(MethodInvocationStub.java:186)
10-21 03:16:50.956: E/NativeEngine(19698): at java.lang.reflect.Proxy.invoke(Proxy.java:397)
10-21 03:16:50.956: E/NativeEngine(19698): at $Proxy4.checkPermission(Unknown Source)
10-21 03:16:50.956: E/NativeEngine(19698): at android.app.ApplicationPackageManager.checkPermission(ApplicationPackageManager.java:407)
10-21 03:16:50.956: E/NativeEngine(19698): at com.mob.tools.b.c.a(Unknown Source)
10-21 03:16:50.956: E/NativeEngine(19698): at com.mob.tools.b.c.y(Unknown Source)
10-21 03:16:50.956: E/NativeEngine(19698): at cn.sharesdk.framework.statistics.b.b(Unknown Source)
10-21 03:16:50.956: E/NativeEngine(19698): at cn.sharesdk.framework.statistics.b.a(Unknown Source)
10-21 03:16:50.956: E/NativeEngine(19698): at cn.sharesdk.framework.statistics.b.onMessage(Unknown Source)
10-21 03:16:50.956: E/NativeEngine(19698): at com.mob.tools.b.handleMessage(Unknown Source)
10-21 03:16:50.956: E/NativeEngine(19698): at android.os.Handler.dispatchMessage(Handler.java:107)
10-21 03:16:50.956: E/NativeEngine(19698): at android.os.Looper.loop(Looper.java:194)
10-21 03:16:50.956: E/NativeEngine(19698): at android.os.HandlerThread.run(HandlerThread.java:61)
10-21 03:16:51.142: W/MediaFocusControl(1173): AudioFocus audio focus client died
10-21 03:16:51.142: W/MediaFocusControl(1173): AudioFocus audio focus client died
10-21 03:16:51.158: W/ActivityManager(1173): Force removing ActivityRecord{1a9a60d0 u0 io.virtualhook/com.lody.virtual.client.stub.StubActivity$C0 t841}: app died, no saved state
10-21 03:16:51.173: W/ADB_SERVICES(398): terminating JDWP 19698 connection: Try again
10-21 03:16:51.216: W/InputMethodManagerService(1173): Got RemoteException sending setActive(false) notification to pid 19698 uid 10099
10-21 03:16:51.222: W/ActivityManager(1173): getRunningAppProcesses: caller 10094 does not hold REAL_GET_TASKS; limiting output
10-21 03:16:51.238: W/PerfScheduler(1173): Not Boost !
10-21 03:16:51.881: E/WifiConfigStore(1173): rewrite network history for "xm_notok"WPA_PSK
10-21 03:16:51.883: E/WifiStateMachine(1173): mIsFullScanOngoing: true, mSendScanResultsBroadcast: false
10-21 03:16:51.883: E/WifiStateMachine(1173): mWifiOnScanCount: 1243
10-21 03:16:51.972: W/Zygote(20147): mz_is_rooted true
10-21 03:16:51.987: W/ADB_SERVICES(398): looking for pid 20147 in JDWP process list return fds0(23) fds1(24)
10-21 03:16:52.001: E/NotificationService(1173): Not posting notification with icon==0: Notification(pri=0 contentView=io.virtualhook/0xa030053 headsUpContentView=/0xa030057 bigContentView=null vibrate=null sound=null defaults=0x0 flags=0x62 color=0xff607d8b vis=PRIVATE)
10-21 03:16:52.001: E/NotificationService(1173): WARNING: In a future release this will crash the app: io.virtualhook
10-21 03:16:52.148: W/linker(20147): libva-native.so: unused DT entry: type 0x6ffffffe arg 0x33d8
10-21 03:16:52.148: W/linker(20147): libva-native.so: unused DT entry: type 0x6fffffff arg 0x2
10-21 03:16:52.155: W/NativeEngine(20147): gAudioRecordNativeCheckPermission is null

大神,我想强烈建议您在hookMain中写一个扫描hook类的方法,不然一个一个写到hookInfo中,几百个hook类,手都复制粘贴残了

1.包名必须为 lab.galaxy.yahfa吗？

2.HookInfo类的包名如果一定为 lab.galaxy.yahfa的话，其他类的包名也必须是这个包名吗？

3.我看了好几个demo，vh中自带的 demohookplugin只需要从sdcard添加即可。但有的demo下面写的是，需要push到 /sdcar/io.virtualhook/ 目录下。这两种方法到底是哪一种？

要HOOK一个函数，只要调用origin 函数，运行一段时间就会弹出 virtualHOOK无响应的提示。HOOK别的函数却没有这问题，这是什么原因呢

I'm new to jni, what can i do to fix it?

大神,加了hook之后,市面上几乎所有的app运行没多久都会闪退,
如果去掉/mnt/shell/emulated/0/io.virtualhook中所有的apk,则能正常使用,那么这个hook就没啥实际意义了呀,求大神指教一二.

看了所有示例，都是对method进行hook，不知道如何对filed进行hook，请指教一下，谢谢

@rk700
@liupeng110 （可能 @ 不到。。。）

Reference:

• #28

关于硬编码的问题，在上面的 reference 中有过讨论，但是没有一个结果说如何来做。

Requirements:

• 取消 hookPlugin.apk , 直接讲 plugin 的代码写入到 yahfa 或者其他 module 中。
• 安装 apk 时候不需要另外单独安装 hookPlugin.apk 因为 代码已经写入 在项目中。

Try:

• 删除 通过 apk 创建 classLoader 的代码，hookPlugin 的代码放入 yahfa 中。

Problem:

• 这么做了之后， 运行出现异常， apk 崩溃。

Question:

• 怎么来实现？

我自己更新到VirtualApp最新版总是无法成功hook java函数,用你目前版本的就没问题,但是你目前用的VirtualApp版本有点旧了,做so hook不方便,希望可以更新一下,期待中...

我在你的一个ChangePhoneInfo示例插件里加入了一个Activity之后测试，点击之后开启时从日志看好像陷入了循环，启动不了； 是本来机制不支持吗？
我想要插件提供一个界面，以便自定义设置一些参数给底层Hook处理时使用，可否实现？

设备是红米2 4G联通版

系统是刷的android5.1.1 LMY47VMIUI8 7.6.8|开发版

目标应用有微信6.5.8,高德地图v8.1.0.2109

hook代码:

package lab.galaxy.changephoneinfo;

import android.content.ContentResolver;
import android.util.Log;

public class Hook_Secure_getAndroidID {

public static String className = "android.provider.Settings$Secure";
public static String methodName = "getString";
public static String methodSig = "(Landroid/content/ContentResolver;Ljava/lang/String;)Ljava/lang/String;";

private static int i = 0;

public static String hook(Object thiz, ContentResolver resolver, String name) {
	Log.i("YAHFA", "Settings$Secure getString hooked");

	i++;
	Log.i("YAHFA2", "i=" + i);

	try {
		// TODO 此处为什么会发生异常? 说name的下标越界
		System.out.println("YAHFA2..." + name);
	} catch (Exception e) {
		Log.e("YAHFA2", e.getMessage(), e);
	}

	return "666666";
}

}

异常信息:

07-11 12:01:57.519 32637-32637/io.virtualhook:p2 E/art: No implementation found for java.util.ArrayList com.tencent.mars.smc.SmcLogic.getLoadLibraries() (tried Java_com_tencent_mars_smc_SmcLogic_getLoadLibraries and

Java_com_tencent_mars_smc_SmcLogic_getLoadLibraries__)
07-11 12:01:57.819 32637-32637/io.virtualhook:p2 W/linker: libtenpay_utils.so: unused DT entry: type 0x6ffffffe arg 0x3284
07-11 12:01:57.819 32637-32637/io.virtualhook:p2 W/linker: libtenpay_utils.so: unused DT entry: type 0x6fffffff arg 0x1
07-11 12:01:59.069 32637-32652/io.virtualhook:p2 I/art: Background sticky concurrent mark sweep GC freed 10440(667KB) AllocSpace objects, 8(128KB) LOS objects, 4% free, 18MB/19MB, paused 8.727ms total 54.973ms
07-11 12:01:59.089 32637-32637/io.virtualhook:p2 W/linker: libyahfa.so: unused DT entry: type 0x6ffffffe arg 0x4fc
07-11 12:01:59.089 32637-32637/io.virtualhook:p2 W/linker: libyahfa.so: unused DT entry: type 0x6fffffff arg 0x1
07-11 12:01:59.089 32637-32637/io.virtualhook:p2 I/YAHFA-Native: init to SDK 22
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: android.system.ErrnoException: symlink failed: EEXIST (File exists)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at libcore.io.Posix.symlink(Native Method)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at java.lang.reflect.Method.invoke(Native Method)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at java.lang.reflect.Method.invoke(Method.java:372)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at com.lody.virtual.client.hook.base.MethodInvocationStub$HookInvocationHandler.invoke(MethodInvocationStub.java:189)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at java.lang.reflect.Proxy.invoke(Proxy.java:397)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at $Proxy1.symlink(Unknown Source)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at android.system.Os.symlink(Os.java:474)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at com.lody.virtual.helper.utils.FileUtils.createSymlink(FileUtils.java:56)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at com.lody.virtual.client.VClientImpl.applyHookPlugin(VClientImpl.java:337)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at com.lody.virtual.client.VClientImpl.bindApplicationNoCheck(VClientImpl.java:318)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at com.lody.virtual.client.VClientImpl.bindApplication(VClientImpl.java:187)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at com.lody.virtual.client.hook.proxies.am.HCallbackStub.handleLaunchActivity(HCallbackStub.java:114)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at com.lody.virtual.client.hook.proxies.am.HCallbackStub.handleMessage(HCallbackStub.java:71)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at android.os.Handler.dispatchMessage(Handler.java:98)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at android.os.Looper.loop(Looper.java:135)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at android.app.ActivityThread.main(ActivityThread.java:5296)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at java.lang.reflect.Method.invoke(Native Method)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at java.lang.reflect.Method.invoke(Method.java:372)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:912)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 W/System.err: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:707)
07-11 12:01:59.109 32637-32637/io.virtualhook:p2 D/NativeEngine: DexOrJarPath = /sdcard/io.virtualhook/ChangePhoneInfo-debug.apk, OutputPath = /data/user/0/io.virtualhook/virtual/opt/ChangePhoneInfo-debug.dex.
07-11 12:01:59.119 32637-32705/io.virtualhook:p2 V/NFC: this device does not have NFC support
07-11 12:01:59.119 32637-32637/io.virtualhook:p2 W/linker: libhookprop.so: unused DT entry: type 0x6ffffffe arg 0x4d0
07-11 12:01:59.119 32637-32637/io.virtualhook:p2 W/linker: libhookprop.so: unused DT entry: type 0x6fffffff arg 0x2
07-11 12:01:59.119 32637-32637/io.virtualhook:p2 I/ChangePhoneInfo: native hook done

virtualapp支持4.0之后，现在问题在于YAHFA，已经解决。

我想添加一个功能：映射存储至具体的目录，比如 '/mnt/sdcard/'映射到'/mnt/sdcard/VirtualHook/'，实现VirtualHook内应用和本机应用的存储读写完全相互隔离，不知道应该怎么处理，代码怎么实现？

app加固后可以运行，但是hook plugin加固后不起作用了

I faced a problem when I attempted to build this awesome project.
My command: ./gradlew build --stacktrace.
The output is the following:

FAILURE: Build failed with an exception.

• What went wrong:
  A problem occurred configuring project ':YAHFA'.

java.lang.NullPointerException (no error message)

• Try:
  Run with --info or --debug option to get more log output.

• Exception is:
  org.gradle.api.ProjectConfigurationException: A problem occurred configuring project ':YAHFA'.
  at org.gradle.configuration.project.LifecycleProjectEvaluator.addConfigurationFailure(LifecycleProjectEvaluator.java:94)
  at org.gradle.configuration.project.LifecycleProjectEvaluator.notifyAfterEvaluate(LifecycleProjectEvaluator.java:89)
  at org.gradle.configuration.project.LifecycleProjectEvaluator.doConfigure(LifecycleProjectEvaluator.java:76)
  at org.gradle.configuration.project.LifecycleProjectEvaluator.access$000(LifecycleProjectEvaluator.java:33)
  at org.gradle.configuration.project.LifecycleProjectEvaluator$1.execute(LifecycleProjectEvaluator.java:53)
  at org.gradle.configuration.project.LifecycleProjectEvaluator$1.execute(LifecycleProjectEvaluator.java:50)
  at org.gradle.internal.Transformers$4.transform(Transformers.java:169)
  at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:106)
  at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:61)
  at org.gradle.configuration.project.LifecycleProjectEvaluator.evaluate(LifecycleProjectEvaluator.java:50)
  at org.gradle.api.internal.project.DefaultProject.evaluate(DefaultProject.java:628)
  at org.gradle.api.internal.project.DefaultProject.evaluate(DefaultProject.java:129)
  at org.gradle.execution.TaskPathProjectEvaluator.configure(TaskPathProjectEvaluator.java:35)
  at org.gradle.execution.TaskPathProjectEvaluator.configureHierarchy(TaskPathProjectEvaluator.java:62)
  at org.gradle.configuration.DefaultBuildConfigurer.configure(DefaultBuildConfigurer.java:38)
  at org.gradle.initialization.DefaultGradleLauncher$1.execute(DefaultGradleLauncher.java:161)
  at org.gradle.initialization.DefaultGradleLauncher$1.execute(DefaultGradleLauncher.java:158)
  at org.gradle.internal.Transformers$4.transform(Transformers.java:169)
  at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:106)
  at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:56)
  at org.gradle.initialization.DefaultGradleLauncher.doBuildStages(DefaultGradleLauncher.java:158)
  at org.gradle.initialization.DefaultGradleLauncher.doBuild(DefaultGradleLauncher.java:119)
  at org.gradle.initialization.DefaultGradleLauncher.run(DefaultGradleLauncher.java:102)
  at org.gradle.launcher.exec.GradleBuildController.run(GradleBuildController.java:71)
  at org.gradle.tooling.internal.provider.ExecuteBuildActionRunner.run(ExecuteBuildActionRunner.java:28)
  at org.gradle.launcher.exec.ChainingBuildActionRunner.run(ChainingBuildActionRunner.java:35)
  at org.gradle.launcher.exec.InProcessBuildActionExecuter.execute(InProcessBuildActionExecuter.java:41)
  at org.gradle.launcher.exec.InProcessBuildActionExecuter.execute(InProcessBuildActionExecuter.java:26)
  at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:75)
  at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:49)
  at org.gradle.tooling.internal.provider.ServicesSetupBuildActionExecuter.execute(ServicesSetupBuildActionExecuter.java:44)
  at org.gradle.tooling.internal.provider.ServicesSetupBuildActionExecuter.execute(ServicesSetupBuildActionExecuter.java:29)
  at org.gradle.launcher.daemon.server.exec.ExecuteBuild.doBuild(ExecuteBuild.java:67)
  at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:36)
  at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
  at org.gradle.launcher.daemon.server.exec.WatchForDisconnection.execute(WatchForDisconnection.java:47)
  at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
  at org.gradle.launcher.daemon.server.exec.ResetDeprecationLogger.execute(ResetDeprecationLogger.java:26)
  at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
  at org.gradle.launcher.daemon.server.exec.RequestStopIfSingleUsedDaemon.execute(RequestStopIfSingleUsedDaemon.java:34)
  at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
  at org.gradle.launcher.daemon.server.exec.ForwardClientInput$2.call(ForwardClientInput.java:74)
  at org.gradle.launcher.daemon.server.exec.ForwardClientInput$2.call(ForwardClientInput.java:72)
  at org.gradle.util.Swapper.swap(Swapper.java:38)
  at org.gradle.launcher.daemon.server.exec.ForwardClientInput.execute(ForwardClientInput.java:72)
  at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
  at org.gradle.launcher.daemon.server.exec.LogAndCheckHealth.execute(LogAndCheckHealth.java:55)
  at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
  at org.gradle.launcher.daemon.server.exec.LogToClient.doBuild(LogToClient.java:60)
  at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:36)
  at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
  at org.gradle.launcher.daemon.server.exec.EstablishBuildEnvironment.doBuild(EstablishBuildEnvironment.java:72)
  at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:36)
  at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
  at org.gradle.launcher.daemon.server.exec.StartBuildOrRespondWithBusy$1.run(StartBuildOrRespondWithBusy.java:50)
  at org.gradle.launcher.daemon.server.DaemonStateCoordinator$1.run(DaemonStateCoordinator.java:297)
  at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:54)
  at org.gradle.internal.concurrent.StoppableExecutorImpl$1.run(StoppableExecutorImpl.java:40)
  Caused by: java.lang.NullPointerException
  at com.google.common.base.Preconditions.checkNotNull(Preconditions.java:210)
  at com.android.build.gradle.internal.ndk.NdkHandler.getPlatformVersion(NdkHandler.java:145)
  at com.android.build.gradle.internal.ndk.NdkHandler.supports64Bits(NdkHandler.java:291)
  at com.android.build.gradle.internal.ndk.NdkHandler.getSupportedAbis(NdkHandler.java:354)
  at com.android.build.gradle.tasks.ExternalNativeJsonGenerator.create(ExternalNativeJsonGenerator.java:571)
  at com.android.build.gradle.internal.TaskManager.createExternalNativeBuildJsonGenerators(TaskManager.java:1241)
  at com.android.build.gradle.internal.LibraryTaskManager.lambda$createTasksForVariantData$11(LibraryTaskManager.java:240)
  at com.android.build.gradle.internal.LibraryTaskManager$$Lambda$187/176971027.call(Unknown Source)
  at com.android.builder.profile.ThreadRecorder.record(ThreadRecorder.java:81)
  at com.android.build.gradle.internal.LibraryTaskManager.createTasksForVariantData(LibraryTaskManager.java:235)
  at com.android.build.gradle.internal.VariantManager.createTasksForVariantData(VariantManager.java:460)
  at com.android.build.gradle.internal.VariantManager.lambda$createAndroidTasks$1(VariantManager.java:282)
  at com.android.build.gradle.internal.VariantManager$$Lambda$114/502705833.call(Unknown Source)
  at com.android.builder.profile.ThreadRecorder.record(ThreadRecorder.java:81)
  at com.android.build.gradle.internal.VariantManager.createAndroidTasks(VariantManager.java:278)
  at com.android.build.gradle.BasePlugin.lambda$createAndroidTasks$6(BasePlugin.java:601)
  at com.android.build.gradle.BasePlugin$$Lambda$71/1616315485.call(Unknown Source)
  at com.android.builder.profile.ThreadRecorder.record(ThreadRecorder.java:81)
  at com.android.build.gradle.BasePlugin.createAndroidTasks(BasePlugin.java:596)
  at com.android.build.gradle.BasePlugin.lambda$null$4(BasePlugin.java:526)
  at com.android.build.gradle.BasePlugin$$Lambda$40/761741777.call(Unknown Source)
  at com.android.builder.profile.ThreadRecorder.record(ThreadRecorder.java:81)
  at com.android.build.gradle.BasePlugin.lambda$createTasks$5(BasePlugin.java:522)
  at com.android.build.gradle.BasePlugin$$Lambda$39/1216325937.execute(Unknown Source)
  at org.gradle.internal.event.BroadcastDispatch$ActionInvocationHandler.dispatch(BroadcastDispatch.java:93)
  at org.gradle.internal.event.BroadcastDispatch$ActionInvocationHandler.dispatch(BroadcastDispatch.java:82)
  at org.gradle.internal.event.AbstractBroadcastDispatch.dispatch(AbstractBroadcastDispatch.java:44)
  at org.gradle.internal.event.BroadcastDispatch.dispatch(BroadcastDispatch.java:79)
  at org.gradle.internal.event.BroadcastDispatch.dispatch(BroadcastDispatch.java:30)
  at org.gradle.internal.dispatch.ProxyDispatchAdapter$DispatchingInvocationHandler.invoke(ProxyDispatchAdapter.java:93)
  at com.sun.proxy.$Proxy16.afterEvaluate(Unknown Source)
  at org.gradle.configuration.project.LifecycleProjectEvaluator.notifyAfterEvaluate(LifecycleProjectEvaluator.java:82)
  ... 56 more

BUILD FAILED

Anyone who can give me some idea to some this problem?

please, make an example using VirtualHook to hook any "popular" app or any "popular" game please, thanks.

11-07 11:24:44.366 W/System.err(22498): java.lang.ClassNotFoundException: com.android.server.LocationManagerService
11-07 11:24:44.366 W/System.err(22498): at java.lang.Class.classForName(Native Method)
11-07 11:24:44.366 W/System.err(22498): at java.lang.Class.forName(Class.java:309)
11-07 11:24:44.366 W/System.err(22498): at lab.galaxy.yahfa.HookMain.doHookItemDefault(HookMain.java:54)
11-07 11:24:44.366 W/System.err(22498): at lab.galaxy.yahfa.HookMain.doHookDefault(HookMain.java:32)
11-07 11:24:44.366 W/System.err(22498): at com.lody.virtual.client.VClientImpl.bindApplicationNoCheck(VClientImpl.java:335)
11-07 11:24:44.366 W/System.err(22498): at com.lody.virtual.client.VClientImpl.bindApplication(VClientImpl.java:196)
11-07 11:24:44.366 W/System.err(22498): at com.lody.virtual.client.hook.proxies.am.HCallbackStub.handleLaunchActivity(HCallbackStub.java:114)
11-07 11:24:44.366 W/System.err(22498): at com.lody.virtual.client.hook.proxies.am.HCallbackStub.handleMessage(HCallbackStub.java:71)
11-07 11:24:44.366 W/System.err(22498): at android.os.Handler.dispatchMessage(Handler.java:98)
11-07 11:24:44.366 W/System.err(22498): at android.os.Looper.loop(Looper.java:135)
11-07 11:24:44.366 W/System.err(22498): at android.app.ActivityThread.main(ActivityThread.java:5671)
11-07 11:24:44.366 W/System.err(22498): at java.lang.reflect.Method.invoke(Native Method)
11-07 11:24:44.366 W/System.err(22498): at java.lang.reflect.Method.invoke(Method.java:372)
11-07 11:24:44.366 W/System.err(22498): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:960)

Environment:

• Type: Mi-4c
• MIUI Version: MIUI 8 7.7.20 | 开发版
• Android Version: 7.0

Issue and codes:
被 hook 的 app： 微信
测试类： demoHookPlugin 中原始的 三个 demo 测试成功。
出现错误的类：

    public static String className = "dalvik.system.BaseDexClassLoader";
    public static String methodName = "findClass";
    public static String methodSig = "(Ljava/lang/String;)Ljava/lang/Class;";

    public static void hook(String name) {
        Log.w("YAHFA", "open file " + name);
        origin(name);
    }

    public static void origin(String name) {
        Log.w("YAHFA", "should not be here");
        return;
    }

    public static String className = "ct.cs";
    public static String methodName = "getLatitude";
    public static String methodSig = "()D";

    public static double hook() {
        Log.e("hook", "latitude changed");
        return 116.4067155093;
    }

    public static double origin() {
        return 0.0d;
    }

Error Message:

08-14 16:37:32.626 29663-29663/io.virtualhook:p1 E/YAHFA-Native: Cannot find target method findClass(Ljava/lang/String;)Ljava/lang/Class;
08-14 16:37:32.626 29663-29663/io.virtualhook:p1 I/YAHFA: Start hooking with item lab.galaxy.demeHookPlugin.Hook_tencent_e_latitude
08-14 16:37:32.633 29663-29663/io.virtualhook:p1 I/YAHFA-Native: Start findAndBackupAndHook for method getLatitude()D
08-14 16:37:32.633 29663-29663/io.virtualhook:p1 E/YAHFA-Native: Cannot find target method getLatitude()D
08-14 16:37:32.633 29663-29663/io.virtualhook:p1 I/YAHFA: Start hooking with item lab.galaxy.demeHookPlugin.Hook_tencent_e_longtitude
08-14 16:37:32.636 29663-29663/io.virtualhook:p1 I/YAHFA-Native: Start findAndBackupAndHook for method getLongitude()D
08-14 16:37:32.637 29663-29663/io.virtualhook:p1 E/YAHFA-Native: Cannot find target method getLongitude()D

大神,早上好
如题,麻烦解答一下,非常感谢

如下：
07-28 18:29:44.311 17396-17396/io.virtualhook:p0 A/libc: Fatal signal 11 (SIGSEGV), code 2, fault addr 0x508d88ab in tid 17396 (om.qts.customer)
07-28 18:29:44.413 1342-1342/? I/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
07-28 18:29:44.413 1342-1342/? I/DEBUG: Build fingerprint: 'Android-x86/android_x86/x86:5.1.1/LMY48Z/denglibo06021006:userdebug/test-keys'
07-28 18:29:44.413 1342-1342/? I/DEBUG: Revision: '0'
07-28 18:29:44.413 1342-1342/? I/DEBUG: ABI: 'x86'
07-28 18:29:44.413 1342-1342/? I/DEBUG: pid: 17396, tid: 17396, name: om.qts.customer >>> com.qts.customer <<<
07-28 18:29:44.413 1342-1342/? I/DEBUG: signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x508d88ab
07-28 18:29:44.418 1342-1342/? I/DEBUG: eax bffceda8 ebx b3bfca8c ecx bffcf840 edx b27120e0
07-28 18:29:44.419 1342-1342/? I/DEBUG: esi 9090906f edi bffceda8
07-28 18:29:44.420 1342-1342/? I/DEBUG: xcs 00000073 xds 0000007b xes 0000007b xfs 00000007 xss 0000007b
07-28 18:29:44.421 1342-1342/? I/DEBUG: eip b3a4b172 ebp bffcee30 esp bffced30 flags 00210246
07-28 18:29:44.421 1342-1342/? I/DEBUG: backtrace:
07-28 18:29:44.421 1342-1342/? I/DEBUG: #00 pc 003dc172 /system/lib/libart.so (art::StackVisitor::WalkStack(bool)+210)
07-28 18:29:44.421 1342-1342/? I/DEBUG: #1 pc 003ec91a /system/lib/libart.so (_jobject* art::Thread::CreateInternalStackTrace(art::ScopedObjectAccessAlreadyRunnable const&) const+90)
07-28 18:29:44.422 1342-1342/? I/DEBUG: #2 pc 003879e4 /system/lib/libart.so (art::Throwable_nativeFillInStackTrace(_JNIEnv*, _jclass*)+52)
07-28 18:29:44.422 1342-1342/? I/DEBUG: #3 pc 00000f3a /data/dalvik-cache/x86/system@[email protected]
07-28 18:29:44.442 1342-1342/? I/DEBUG: Tombstone written to: /data/tombstones/tombstone_00
07-28 18:29:44.449 1512-17430/system_process W/ActivityManager: Force finishing activity 1 io.virtualhook/com.lody.virtual.client.stub.StubActivity$C0
07-28 18:29:44.451 1512-17430/system_process E/JavaBinder: !!! FAILED BINDER TRANSACTION !!!

public static String className = "java.lang.Class";
public static String methodName = "getSimpleName";
public static String methodSig = "()Ljava/lang/String;";
public static String hook(Object a) {
Log.e("DDDDDDD","GET context00");
return origin(a);
}
public static String origin(Object a) {
Log.d("dddd","ddddd");
return "" ;
}

只要在hook 返回时调用origin，会出现死循环