function hookDlopen() {
let linker64_base_addr
=
Module.getBaseAddress(
'linker64'
)
let offset
=
0x3ba00
/
/
__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv
let android_dlopen_ext
=
linker64_base_addr.add(offset)
if
(android_dlopen_ext !
=
null) {
Interceptor.attach(android_dlopen_ext, {
onEnter: function(args){
this.name
=
args[
0
].readCString()
if
(this.name !
=
null && this.name.indexOf(
'libmsaoaidsec.so'
) >
=
0
) {
hook_linker_call_constructors()
}
}, onLeave: function(retval){
Log.log(`dlopen onLeave name: ${this.name}`)
if
(this.name !
=
null && this.name.indexOf(
'libmsaoaidsec.so'
) >
=
0
) {
let JNI_OnLoad
=
Module.getExportByName(this.name,
'JNI_OnLoad'
)
Log.log(`dlopen onLeave JNI_OnLoad: ${JNI_OnLoad}`)
}
}
})
}
}
function hook_linker_call_constructors() {
let linker64_base_addr
=
Module.getBaseAddress(
'linker64'
)
let offset
=
0x521f0
/
/
__dl__ZN6soinfo17call_constructorsEv
let call_constructors
=
linker64_base_addr.add(offset)
let listener
=
Interceptor.attach(call_constructors, {
onEnter: function (args) {
Log.log(
'hook_linker_call_constructors onEnter'
)
let secmodule
=
Process.findModuleByName(
"libmsaoaidsec.so"
)
if
(secmodule !
=
null) {
hook_sub_1b924(secmodule)
listener.detach()
}
}
})
}
function hook_sub_1b924(secmodule) {
Interceptor.replace(secmodule.base.add(
0x1b924
), new NativeCallback(function () {
Log.log(`hook_sub_1b924 >>>>>>>>>>>>>>>>> replace`)
},
'void'
, []));
}