android: Better support new ART on compatible OSes (#343)

frida · Feb 18, 2025 · 89007ab · 89007ab
1 parent 3f14b86
commit 89007ab
Showing 1 changed file with 27 additions and 8 deletions.
diff --git a/lib/android.js b/lib/android.js
@@ -151,6 +151,11 @@ function _getApi () {
     addLocalReference: null
   };
 
+  temporaryApi.isApiLevel34OrApexEquivalent = isArt && (
+    temporaryApi.find('_ZN3art7AppInfo29GetPrimaryApkReferenceProfileEv') !== null ||
+    temporaryApi.find('_ZN3art6Thread15RunFlipFunctionEPS0_') !== null
+  );
+
   const pending = isArt
     ? {
         functions: {
@@ -623,8 +628,7 @@ function _getArtRuntimeSpec (api) {
 
   const apiLevel = getAndroidApiLevel();
   const codename = getAndroidCodename();
-  const isApiLevel34OrApexEquivalent = api.find('_ZN3art7AppInfo29GetPrimaryApkReferenceProfileEv') !== null ||
-    api.find('_ZN3art6Thread15RunFlipFunctionEPS0_') !== null;
+  const { isApiLevel34OrApexEquivalent } = api;
 
   let spec = null;
 
@@ -633,7 +637,7 @@ function _getArtRuntimeSpec (api) {
     if (value.equals(vm)) {
       let classLinkerOffsets;
       let jniIdManagerOffset = null;
-      if (apiLevel >= 33 || codename === 'Tiramisu') {
+      if (apiLevel >= 33 || codename === 'Tiramisu' || isApiLevel34OrApexEquivalent) {
         classLinkerOffsets = [offset - (4 * pointerSize)];
         jniIdManagerOffset = offset - pointerSize;
       } else if (apiLevel >= 30 || codename === 'R') {
@@ -829,6 +833,7 @@ function _getArtInstrumentationSpec () {
     '4-28': 212,
     '4-29': 172,
     '4-30': 180,
+    '4-31': 180,
     '8-21': 224,
     '8-22': 224,
     '8-23': 296,
@@ -838,7 +843,8 @@ function _getArtInstrumentationSpec () {
     '8-27': 352,
     '8-28': 392,
     '8-29': 328,
-    '8-30': 336
+    '8-30': 336,
+    '8-31': 336
   };
 
   const deoptEnabledOffset = deoptimizationEnabledOffsets[`${pointerSize}-${getAndroidApiLevel()}`];
@@ -944,6 +950,8 @@ function tryGetArtClassLinkerSpec (runtime, runtimeSpec) {
 
   if (spec !== null) {
     cachedArtClassLinkerSpec = spec;
+  } else {
+    throw new Error('Unable to determine ClassLinker field offsets');
   }
 
   return spec;
@@ -1853,19 +1861,30 @@ function instrumentArtQuickEntrypoints (vm) {
 }
 
 function instrumentArtMethodInvocationFromInterpreter () {
+  const api = getApi();
+
   const apiLevel = getAndroidApiLevel();
+  const { isApiLevel34OrApexEquivalent } = api;
 
   let artInterpreterDoCallExportRegex;
   if (apiLevel <= 22) {
     artInterpreterDoCallExportRegex = /^_ZN3art11interpreter6DoCallILb[0-1]ELb[0-1]EEEbPNS_6mirror9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE$/;
-  } else if (apiLevel <= 33) {
+  } else if (apiLevel <= 33 && !isApiLevel34OrApexEquivalent) {
     artInterpreterDoCallExportRegex = /^_ZN3art11interpreter6DoCallILb[0-1]ELb[0-1]EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE$/;
-  } else {
+  } else if (isApiLevel34OrApexEquivalent) {
     artInterpreterDoCallExportRegex = /^_ZN3art11interpreter6DoCallILb[0-1]EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtbPNS_6JValueE$/;
+  } else {
+    throw new Error('Unable to find method invocation in ART; please file a bug');
+  }
+
+  const art = api.module;
+  const entries = [...art.enumerateExports(), ...art.enumerateSymbols()].filter(entry => artInterpreterDoCallExportRegex.test(entry.name));
+
+  if (entries.length === 0) {
+    throw new Error('Unable to find method invocation in ART; please file a bug');
   }
 
-  const art = getApi().module;
-  for (const entry of [...art.enumerateExports(), ...art.enumerateSymbols()].filter(entry => artInterpreterDoCallExportRegex.test(entry.name))) {
+  for (const entry of entries) {
     Interceptor.attach(entry.address, artController.hooks.Interpreter.doCall);
   }
 }