Hooked System.loadLibrary() cannot work

[X1ehua]

Pine.hook(System.class.getDeclaredMethod("loadLibrary", String.class), new MethodHook() {
    @Override
    public void beforeCall(Pine.CallFrame callFrame) {
        String msg = String.format("Before loadLibrary('%s')", callFrame.args[0]);
        Log.w("Pine", msg);
    }

    @Override
    public void afterCall(Pine.CallFrame callFrame) {
        String msg = String.format("After loadLibrary('%s')", callFrame.args[0]);
        Log.w("Pine", msg);
    }
});

15:28:06.104 Pine I handleBridge: artMethod=0x6f510640 originExtras=0x784b6addc0 extras=0x784b6add00 sp=0x7ff4df62c0
15:28:06.104 Pine D handleCall for method public static void java.lang.System.loadLibrary(java.lang.String)
15:28:06.105 Pine W Before loadLibrary('xxxxx')
15:28:06.106 Pine W After loadLibrary('xxxxx')
15:28:06.106 System.err W java.lang.UnsatisfiedLinkError: dlopen failed: library "libxxxxx.so" not found
15:28:06.107 System.err W at java.lang.Runtime.loadLibrary0(Runtime.java:1082)
15:28:06.107 System.err W at java.lang.Runtime.loadLibrary0(Runtime.java:1007)
15:28:06.107 System.err W at java.lang.System.loadLibrary(System.java:1668)
15:28:06.107 System.err W at java.lang.reflect.Method.invoke(Native Method)
15:28:06.107 System.err W at top.canyie.pine.Pine.callBackupMethod(Pine.java:436)
15:28:06.107 System.err W at top.canyie.pine.Pine$CallFrame.invokeOriginalMethod(Pine.java:997)
15:28:06.108 System.err W at top.canyie.pine.Pine.handleCall(Pine.java:681)
15:28:06.108 System.err W at top.canyie.pine.entry.Arm64Entry.handleBridge(Arm64Entry.java:159)
15:28:06.108 System.err W at top.canyie.pine.entry.Arm64Entry.voidBridge(Arm64Entry.java:24)
15:28:06.108 System.err W at org.appplay.lib.utils.SoLoadUtil.loadDynamicLibrary(SoLoadUtil.java:146)
15:28:06.108 System.err W at org.appplay.lib.GameBaseActivity.initLoad(GameBaseActivity.java:484)
15:28:06.108 System.err W at org.appplay.lib.GameBaseActivity.onHandleMessage(GameBaseActivity.java:469)
15:28:06.108 System.err W at org.appplay.lib.GameBaseActivity$InnerHandler.handleMessage(GameBaseActivity.java:126)
15:28:06.108 System.err W at android.os.Handler.dispatchMessage(Handler.java:107)
15:28:06.108 System.err W at android.os.Looper.loop(Looper.java:213)
15:28:06.108 System.err W at android.app.ActivityThread.main(ActivityThread.java:8178)
15:28:06.108 System.err W at java.lang.reflect.Method.invoke(Native Method)
15:28:06.108 System.err W at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:513)
15:28:06.108 System.err W at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1101)

[canyie]

http://aospxref.com/android-13.0.0_r3/xref/libcore/ojluni/src/main/java/java/lang/System.java#1660

This method is caller-sensitive, and hooking changes its direct caller. You need to hook the internal API java.lang.Runtime#loadLibrary0(Class<?> fromClass, String libname) instead.

[X1ehua]

Thanks. But how can I get Class<?>.class for the getDeclaredMethod()'s parameter ?

[canyie]

Just Class.class

[X1ehua]

Just Class.class

I tried, but did not work

Pine.hook(Runtime.class.getDeclaredMethod("loadLibrary0", Class.class, String.class), new MethodHook() {
    @Override
    public void beforeCall(Pine.CallFrame callFrame) {
        String msg = String.format("Before loadLibrary('%s')", callFrame.args[1]);
        Log.w("Pine", msg);
    }
}

18:17:59.917 System.err W java.lang.NoSuchMethodException: java.lang.Runtime.loadLibrary0 [class java.lang.Class, class java.lang.String]
18:17:59.918 System.err W at java.lang.Class.getMethod(Class.java:2072)
18:17:59.918 System.err W at java.lang.Class.getDeclaredMethod(Class.java:2050)

[canyie]

Maybe the hidden api restriction prevents you from getting the method. Try to call Pine.ensureInitialized() before getDeclaredMethod.

[X1ehua]

Maybe the hidden api restriction prevents you from getting the method. Try to call Pine.ensureInitialized() before getDeclaredMethod.

Thanks! it works on Huawei P30 with Android 10, but still failed on Samsung Galaxy S9 with Android 8.0