forked from jltxgcy/fart
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathframework_patch.txt
194 lines (190 loc) · 8.66 KB
/
framework_patch.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
diff --git a/core/java/android/app/ActivityThread.java b/core/java/android/app/ActivityThread.java
index 14a622a..6a6a5af 100644
--- a/core/java/android/app/ActivityThread.java
+++ b/core/java/android/app/ActivityThread.java
@@ -182,6 +182,10 @@ import java.util.Map;
import java.util.Objects;
import java.util.TimeZone;
import java.util.concurrent.Executor;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
final class RemoteServiceException extends AndroidRuntimeException {
public RemoteServiceException(String msg) {
@@ -2844,6 +2848,7 @@ public final class ActivityThread extends ClientTransactionHandler {
/** Core implementation of activity launch. */
private Activity performLaunchActivity(ActivityClientRecord r, Intent customIntent) {
+ Log.e(TAG, "go into performLaunchActivity");
ActivityInfo aInfo = r.activityInfo;
if (r.packageInfo == null) {
r.packageInfo = getPackageInfo(aInfo.applicationInfo, r.compatInfo,
@@ -2951,10 +2956,161 @@ public final class ActivityThread extends ClientTransactionHandler {
+ ": " + e.toString(), e);
}
}
-
+ Log.e(TAG, "app name:" + r.packageInfo.getPackageName());
+ if (r.packageInfo.getPackageName().equals("com.example.jltxgcy.arttest")) {
+ ActivityThread.fartthread();
+ }
return activity;
}
+ public static ClassLoader getClassloader() {
+ Object currentActivityThread = invokeStaticMethod("android.app.ActivityThread", "currentActivityThread", new Class[]{}, new Object[]{});
+ Object mBoundApplication = getFieldOjbect("android.app.ActivityThread", currentActivityThread, "mBoundApplication");
+ return ((Application) getFieldOjbect("android.app.LoadedApk", getFieldOjbect("android.app.ActivityThread$AppBindData", mBoundApplication, "info"), "mApplication")).getClassLoader();
+ }
+
+ public static Object invokeStaticMethod(String class_name, String method_name, Class[] pareTyple, Object[] pareVaules) {
+ try {
+ return Class.forName(class_name).getMethod(method_name, pareTyple).invoke(null, pareVaules);
+ } catch (IllegalAccessException e) {
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ e.printStackTrace();
+ } catch (NoSuchMethodException e) {
+ e.printStackTrace();
+ } catch (ClassNotFoundException e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ public static Object getFieldOjbect(String class_name, Object obj, String fieldName) {
+ try {
+ Class obj_class = Class.forName(class_name);
+ Field field = obj_class.getDeclaredField(fieldName);
+ field.setAccessible(true);
+ return field.get(obj);
+ } catch (ClassNotFoundException e) {
+ e.printStackTrace();
+ } catch (NoSuchFieldException e) {
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ public static Field getClassField(ClassLoader class_loader, String class_name, String fieldName) {
+ try {
+ Field field = class_loader.loadClass(class_name).getDeclaredField(fieldName);
+ field.setAccessible(true);
+ return field;
+ } catch (NoSuchFieldException e) {
+ e.printStackTrace();
+ } catch (ClassNotFoundException e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ public static Object getClassFieldObject(ClassLoader class_loader, String class_name, Object obj, String fieldName) {
+ try {
+ Field field = class_loader.loadClass(class_name).getDeclaredField(fieldName);
+ field.setAccessible(true);
+ return field.get(obj);
+ } catch (NoSuchFieldException e) {
+ e.printStackTrace();
+ } catch (ClassNotFoundException e) {
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ public static void fart() {
+ try {
+ ClassLoader class_loader = getClassloader();
+ Method[] md = class_loader.loadClass("dalvik.system.DexFile").getDeclaredMethods();
+ Method getClassNameListMethod = null;
+ Method dumpMethodCodeMethod = null;
+ int mdCount = md.length;
+ for (int i = 0; i < mdCount; i++) {
+ if (md[i].getName().equals("getClassNameList")) {
+ getClassNameListMethod = md[i];
+ md[i].setAccessible(true);
+ } else if (md[i].getName().equals("dumpMethodCode")) {
+ dumpMethodCodeMethod = md[i];
+ md[i].setAccessible(true);
+ }
+ }
+
+ Object[] dexElementsObjs = (Object[]) getFieldOjbect("dalvik.system.DexPathList", getFieldOjbect("dalvik.system.BaseDexClassLoader", class_loader, "pathList"), "dexElements");
+ Field dexFileField = getClassField(class_loader, "dalvik.system.DexPathList$Element", "dexFile");
+ for (int i = 0; i < dexElementsObjs.length; i++) {
+ Object dexFileObj = dexFileField.get(dexElementsObjs[i]);
+ Object cookObj = getClassFieldObject(class_loader, "dalvik.system.DexFile", dexFileObj, "mCookie");
+ String[] classNames = (String[]) getClassNameListMethod.invoke(dexFileObj, new Object[]{cookObj});
+ for (int j = 0; j < classNames.length; j++) {
+ Log.e(TAG, "fart classNames:" + classNames[j]);
+ loadClassAndInvoke(class_loader, classNames[j], dumpMethodCodeMethod);
+ }
+ }
+ } catch (ClassNotFoundException e) {
+ Log.e(TAG, "fart ClassNotFoundException" + e.getMessage());
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ Log.e(TAG, "fart IllegalAccessException" + e.getMessage());
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ Log.e(TAG, "fart InvocationTargetException" + e.getMessage());
+ e.printStackTrace();
+ }
+
+ }
+
+ public static void loadClassAndInvoke(ClassLoader class_loader, String className, Method dumpMethodCodeMethod) {
+ try {
+ Class class1 = class_loader.loadClass(className);
+ Constructor[] constructors = class1.getDeclaredConstructors();
+ for (int i = 0; i < constructors.length; i++) {
+ dumpMethodCodeMethod.invoke(null, new Object[]{constructors[i]});
+ }
+
+ Method[] methods = class1.getDeclaredMethods();
+ for (int i = 0; i < methods.length; i++) {
+ dumpMethodCodeMethod.invoke(null, new Object[]{methods[i]});
+ }
+ Log.e(TAG, "className:" + className + ",constructors length:" + constructors.length + ",method length:" + methods.length);
+ } catch (ClassNotFoundException e) {
+ Log.e(TAG, "fart ClassNotFoundException" + e.getMessage());
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ Log.e(TAG, "fart IllegalAccessException" + e.getMessage());
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ Log.e(TAG, "fart InvocationTargetException" + e.getMessage());
+ e.printStackTrace();
+ }
+ return;
+ }
+
+ public static void fartthread() {
+ (new Thread(new Runnable() {
+ public void run() {
+ try {
+ Log.e("ActivityThread", "start sleep......");
+ Thread.sleep(10000L);
+ } catch (InterruptedException interruptedException) {
+ interruptedException.printStackTrace();
+ }
+ Log.e("ActivityThread", "sleep over and start fart");
+ ActivityThread.fart();
+ Log.e("ActivityThread", "fart run over");
+ }
+ })).start();
+ }
+
@Override
public void handleStartActivity(ActivityClientRecord r,
PendingTransactionActions pendingActions) {
@@ -5583,6 +5739,7 @@ public final class ActivityThread extends ClientTransactionHandler {
}
private void handleBindApplication(AppBindData data) {
+ Log.e(TAG, "go into handleBindApplication");
// Register the UI Thread as a sensitive thread to the runtime.
VMRuntime.registerSensitiveThread();
if (data.trackAllocation) {