Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page How to link a dynamic .so library to create a static executable?
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #5  
Old 02-11-2024, 21:20
dion dion is offline
game tech
  
Join Date: Jan 2002
Posts: 173
Rept. Given: 17
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 9
Thanks Rcvd at 13 Times in 8 Posts
dion Reputation: 2
no intention to hijack the thread, but i am on the same goal as CZC, to understand codes in android .so native library (arm64).

i have tried to debug using jeb (the apk itself) on rooted phone, turned out one has to set debuggable flag. I did (after repack and resign the apk), but then the app crashed. so i try another way.

the native has somekind of java wrapper, it load them using system.loadlibrary. so, i look into android studio sample, which incorporate external native library and calls them. then i add the target native library and modify gradle, cmakelists.txt, the source code, and i don't remember whatelse, to accomodate the new native library.

so, i press debug in android studio, and the app crashed, i know by looking at the logcat window. the cause was something like this :

Code:
JNI NewGlobalRef called with pending exception java.lang.ClassNotFoundException: Didn't find class "com.example.hello" on path: DexPathList [[zip file "/data/app/com.example.hello-JXyLr8y_WKw9Tt8GbtoaIw==/base.apk"],nativeLibraryDirectories=[/data/app/com.example.hello-JXyLr8y_WKw9Tt8GbtoaIw==/lib/arm64, /data/app/com.example.hello-JXyLr8y_WKw9Tt8GbtoaIw==/base.apk!/lib/arm64-v8a, /system/lib64]]'
i looked, it turned out it is on JNI_OnLoad() function inside one of the native library. ida 'interpret' the function like this :

Code:
jint JNI_OnLoad(JavaVM *vm, void *reserved)
{
  jint result; // w0
  __int64 v3; // x19
  __int64 v4; // x8
  __int64 v5[2]; // [xsp+0h] [xbp-30h] BYREF

  v5[1] = *(_QWORD *)(_ReadStatusReg(ARM64_SYSREG(3, 3, 13, 0, 2)) + 40);
  v5[0] = 0LL;
  if ( (*vm)->GetEnv(vm, (void **)v5, 65540LL)
    || (v3 = v5[0],
        (v4 = (*(__int64 (__fastcall **)(__int64, const char *))(*(_QWORD *)v5[0] + 48LL))(
                v5[0],
                "com/original/class/name")) == 0) )
  {
    result = -1;
  }
  else
  {
    result = ((*(int (__fastcall **)(__int64, __int64, char **, __int64))(*(_QWORD *)v3 + 1720LL))(
                v3,
                v4,
                off_70010,
                53LL) >> 31) | 0x10004;
  }
  return result;
}
since the expected class name was different (i masked the original class name here), i hex edited the class name inside the so file, and got the logcat like above when debug.

later, i know the function that return the error was findclass(). i was thinking to patch the function, but i am not sure about the function after else syntax, that looks like do something with the results.

have search google couple days, and applied what suggested, like using -keepclass at proguard.pro rule. but nothing works so far.

does anyone can help with the problem?
thanks in advance.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How create Static Library (lib) in delphi? Newbie_Cracker General Discussion 7 10-26-2011 22:33
Link To Us, several banners and logos for you to link with us Shub-Nigurrath General Discussion 0 01-03-2008 20:51


All times are GMT +8. The time now is 16:50.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )