npm - frida-java-bridge - Versions diffs - 6.1.2 → 6.2.1 - Mend

frida-java-bridge 6.1.2 → 6.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.js CHANGED Viewed

@@ -21,6 +21,19 @@ const jsizeSize = 4;
 const pointerSize = Process.pointerSize;
 class Runtime {
+  ACC_PUBLIC       = 0x0001;
+  ACC_PRIVATE      = 0x0002;
+  ACC_PROTECTED    = 0x0004;
+  ACC_STATIC       = 0x0008;
+  ACC_FINAL        = 0x0010;
+  ACC_SYNCHRONIZED = 0x0020;
+  ACC_BRIDGE       = 0x0040;
+  ACC_VARARGS      = 0x0080;
+  ACC_NATIVE       = 0x0100;
+  ACC_ABSTRACT     = 0x0400;
+  ACC_STRICT       = 0x0800;
+  ACC_SYNTHETIC    = 0x1000;
   constructor () {
     this.classFactory = null;
     this.ClassFactory = ClassFactory;

package/lib/android.js CHANGED Viewed

@@ -30,6 +30,7 @@ const kAccSkipAccessChecks = 0x00080000;
 const kAccSingleImplementation = 0x08000000;
 const kAccNterpEntryPointFastPathFlag = 0x00100000;
 const kAccNterpInvokeFastPathFlag = 0x00200000;
+const kAccCompileDontBother = 0x02000000;
 const kAccPublicApi = 0x10000000;
 const kAccXposedHookedMethod = 0x10000000;
@@ -242,6 +243,9 @@ function _getApi () {
           _ZN3art6mirror5Class13GetDescriptorEPNSt3__112basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEE: function (address) {
             this['art::mirror::Class::GetDescriptor'] = address;
           },
+          _ZN3art6mirror5Class11GetLocationEv: function (address) {
+            this['art::mirror::Class::GetLocation'] = makeCxxMethodWrapperReturningStdStringByValue(address, ['pointer']);
+          },
           _ZN3art9ArtMethod12PrettyMethodEb: function (address) {
             this['art::ArtMethod::PrettyMethod'] = makeCxxMethodWrapperReturningStdStringByValue(address, ['pointer', 'bool']);
@@ -332,6 +336,7 @@ function _getApi () {
           '_ZNK3art12StackVisitor24GetCurrentQuickFrameInfoEv',
           '_ZN3art6Thread18GetLongJumpContextEv',
           '_ZN3art6mirror5Class13GetDescriptorEPNSt3__112basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEE',
+          '_ZN3art6mirror5Class11GetLocationEv',
           '_ZN3art9ArtMethod12PrettyMethodEb',
           '_ZN3art12PrettyMethodEPNS_9ArtMethodEb',
           '_ZN3art3Dbg13ConfigureJdwpERKNS_4JDWP11JdwpOptionsE',
@@ -2270,6 +2275,7 @@ typedef struct _ArtStackFrame ArtStackFrame;
 typedef struct _ArtStackVisitor ArtStackVisitor;
 typedef struct _ArtStackVisitorVTable ArtStackVisitorVTable;
+typedef struct _ArtClass ArtClass;
 typedef struct _ArtMethod ArtMethod;
 typedef struct _ArtThread ArtThread;
 typedef struct _ArtContext ArtContext;
@@ -2340,6 +2346,12 @@ struct _ArtStackVisitor
   ArtBacktrace * backtrace;
 };
+struct _ArtMethod
+{
+  guint32 declaring_class;
+  guint32 access_flags;
+};
 extern GumTlsKey current_backtrace;
 extern void (* perform_art_thread_state_transition) (JNIEnv * env);
@@ -2353,6 +2365,7 @@ extern ArtMethod * art_stack_visitor_get_method (ArtStackVisitor * visitor);
 extern void art_stack_visitor_describe_location (StdString * description, ArtStackVisitor * visitor);
 extern ArtMethod * translate_method (ArtMethod * method);
 extern void translate_location (ArtMethod * method, guint32 pc, const gchar ** source_file, gint32 * line_number);
+extern void get_class_location (StdString * result, ArtClass * klass);
 extern void cxx_delete (void * mem);
 extern unsigned long strtoul (const char * str, char ** endptr, int base);
@@ -2495,6 +2508,7 @@ _get_frames (ArtBacktrace * backtrace)
     GString * signature;
     gchar * cursor;
     ArtMethod * translated_method;
+    StdString location;
     gsize dexpc;
     const gchar * source_file;
     gint32 line_number;
@@ -2559,6 +2573,8 @@ _get_frames (ArtBacktrace * backtrace)
     translated_method = translate_method (frame->method);
     dexpc = (translated_method == frame->method) ? frame->dexpc : 0;
+    get_class_location (&location, GSIZE_TO_POINTER (translated_method->declaring_class));
     translate_location (translated_method, dexpc, &source_file, &line_number);
     json_builder_begin_object (b);
@@ -2566,12 +2582,18 @@ _get_frames (ArtBacktrace * backtrace)
     json_builder_set_member_name (b, "signature");
     json_builder_add_string_value (b, signature->str);
+    json_builder_set_member_name (b, "origin");
+    json_builder_add_string_value (b, std_string_get_data (&location));
     json_builder_set_member_name (b, "className");
     json_builder_add_string_value (b, class_name);
     json_builder_set_member_name (b, "methodName");
     json_builder_add_string_value (b, method_name);
+    json_builder_set_member_name (b, "methodFlags");
+    json_builder_add_int_value (b, translated_method->access_flags);
     json_builder_set_member_name (b, "fileName");
     json_builder_add_string_value (b, source_file);
@@ -2580,6 +2602,7 @@ _get_frames (ArtBacktrace * backtrace)
     json_builder_end_object (b);
+    std_string_destroy (&location);
     g_string_free (signature, TRUE);
   }
@@ -2691,6 +2714,7 @@ std_string_get_data (StdString * str)
     art_stack_visitor_describe_location: api['art::StackVisitor::DescribeLocation'],
     translate_method: artController.replacedMethods.translate,
     translate_location: api['art::Monitor::TranslateLocation'],
+    get_class_location: api['art::mirror::Class::GetLocation'],
     cxx_delete: api.$delete,
     strtoul: Module.getExportByName('libc.so', 'strtoul')
   });
@@ -2786,7 +2810,7 @@ const artQuickCodeReplacementTrampolineWriters = {
   arm64: writeArtQuickCodeReplacementTrampolineArm64
 };
-function writeArtQuickCodeReplacementTrampolineIA32 (trampoline, target, redirectSize, vm) {
+function writeArtQuickCodeReplacementTrampolineIA32 (trampoline, target, redirectSize, constraints, vm) {
   const threadOffsets = getArtThreadSpec(vm).offset;
   const artMethodOffsets = getArtMethodSpec(vm).offset;
@@ -2849,7 +2873,7 @@ function writeArtQuickCodeReplacementTrampolineIA32 (trampoline, target, redirec
   return offset;
 }
-function writeArtQuickCodeReplacementTrampolineX64 (trampoline, target, redirectSize, vm) {
+function writeArtQuickCodeReplacementTrampolineX64 (trampoline, target, redirectSize, constraints, vm) {
   const threadOffsets = getArtThreadSpec(vm).offset;
   const artMethodOffsets = getArtMethodSpec(vm).offset;
@@ -2912,7 +2936,7 @@ function writeArtQuickCodeReplacementTrampolineX64 (trampoline, target, redirect
   return offset;
 }
-function writeArtQuickCodeReplacementTrampolineArm (trampoline, target, redirectSize, vm) {
+function writeArtQuickCodeReplacementTrampolineArm (trampoline, target, redirectSize, constraints, vm) {
   const artMethodOffsets = getArtMethodSpec(vm).offset;
   const targetAddress = target.and(THUMB_BIT_REMOVAL_MASK);
@@ -2999,7 +3023,7 @@ function writeArtQuickCodeReplacementTrampolineArm (trampoline, target, redirect
   return offset;
 }
-function writeArtQuickCodeReplacementTrampolineArm64 (trampoline, target, redirectSize, vm) {
+function writeArtQuickCodeReplacementTrampolineArm64 (trampoline, target, redirectSize, { availableScratchRegs }, vm) {
   const artMethodOffsets = getArtMethodSpec(vm).offset;
   let offset;
@@ -3068,8 +3092,9 @@ function writeArtQuickCodeReplacementTrampolineArm64 (trampoline, target, redire
     relocator.writeAll();
     if (!relocator.eoi) {
-      writer.putLdrRegAddress('x17', target.add(offset));
-      writer.putBrReg('x17');
+      const scratchReg = Array.from(availableScratchRegs)[0];
+      writer.putLdrRegAddress(scratchReg, target.add(offset));
+      writer.putBrReg(scratchReg);
     }
     writer.putLabel('invoke_replacement');
@@ -3146,7 +3171,7 @@ class ArtQuickCodeInterceptor {
     this.overwrittenPrologueLength = 0;
   }
-  _canRelocateCode (relocationSize) {
+  _canRelocateCode (relocationSize, constraints) {
     const Writer = thunkWriters[Process.arch];
     const Relocator = thunkRelocators[Process.arch];
@@ -3156,14 +3181,44 @@ class ArtQuickCodeInterceptor {
     const relocator = new Relocator(quickCodeAddress, writer);
     let offset;
-    do {
-      offset = relocator.readOne();
-    } while (offset < relocationSize && !relocator.eoi);
+    if (Process.arch === 'arm64') {
+      let availableScratchRegs = new Set(['x16', 'x17']);
+      do {
+        const nextOffset = relocator.readOne();
+        const nextScratchRegs = new Set(availableScratchRegs);
+        const { read, written } = relocator.input.regsAccessed;
+        for (const regs of [read, written]) {
+          for (const reg of regs) {
+            let name;
+            if (reg.startsWith('w')) {
+              name = 'x' + reg.substring(1);
+            } else {
+              name = reg;
+            }
+            nextScratchRegs.delete(name);
+          }
+        }
+        if (nextScratchRegs.size === 0) {
+          break;
+        }
+        offset = nextOffset;
+        availableScratchRegs = nextScratchRegs;
+      } while (offset < relocationSize && !relocator.eoi);
+      constraints.availableScratchRegs = availableScratchRegs;
+    } else {
+      do {
+        offset = relocator.readOne();
+      } while (offset < relocationSize && !relocator.eoi);
+    }
     return offset >= relocationSize;
   }
-  _createTrampoline () {
+  _allocateTrampoline () {
     if (trampolineAllocator === null) {
       const trampolineSize = (pointerSize === 4) ? 128 : 256;
       trampolineAllocator = makeCodeAllocator(trampolineSize);
@@ -3173,7 +3228,8 @@ class ArtQuickCodeInterceptor {
     let redirectSize, spec;
     let alignment = 1;
-    if (pointerSize === 4 || this._canRelocateCode(maxRedirectSize)) {
+    const constraints = {};
+    if (pointerSize === 4 || this._canRelocateCode(maxRedirectSize, constraints)) {
       redirectSize = maxRedirectSize;
       spec = {};
@@ -3193,6 +3249,8 @@ class ArtQuickCodeInterceptor {
     this.redirectSize = redirectSize;
     this.trampoline = trampolineAllocator.allocateSlice(spec, alignment);
+    return constraints;
   }
   _destroyTrampoline () {
@@ -3200,12 +3258,12 @@ class ArtQuickCodeInterceptor {
   }
   activate (vm) {
-    this._createTrampoline();
+    const constraints = this._allocateTrampoline();
     const { trampoline, quickCode, redirectSize } = this;
     const writeTrampoline = artQuickCodeReplacementTrampolineWriters[Process.arch];
-    const prologueLength = writeTrampoline(trampoline, quickCode, redirectSize, vm);
+    const prologueLength = writeTrampoline(trampoline, quickCode, redirectSize, constraints, vm);
     this.overwrittenPrologueLength = prologueLength;
     this.overwrittenPrologue = Memory.dup(this.quickCodeAddress, prologueLength);
@@ -3273,7 +3331,7 @@ class ArtMethodMangler {
     patchArtMethod(replacementMethodId, {
       jniCode: impl,
-      accessFlags: ((originalFlags & ~(kAccCriticalNative | kAccFastNative | kAccNterpEntryPointFastPathFlag)) | kAccNative) >>> 0,
+      accessFlags: ((originalFlags & ~(kAccCriticalNative | kAccFastNative | kAccNterpEntryPointFastPathFlag)) | kAccNative | kAccCompileDontBother) >>> 0,
       quickCode: api.artClassLinker.quickGenericJniTrampoline,
       interpreterCode: api.artInterpreterToCompiledCodeBridge
     }, vm);
@@ -3286,7 +3344,7 @@ class ArtMethodMangler {
     }
     patchArtMethod(hookedMethodId, {
-      accessFlags: (originalFlags & ~(hookedMethodRemovedFlags)) >>> 0
+      accessFlags: ((originalFlags & ~(hookedMethodRemovedFlags)) | kAccCompileDontBother) >>> 0
     }, vm);
     const quickCode = this.originalMethod.quickCode;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "frida-java-bridge",
-  "version": "6.1.2",
+  "version": "6.2.1",
   "description": "Java runtime interop from Frida",
   "main": "index.js",
   "files": [