Fix PendingHook

This will fix the random failure of static method hook

Co-Authored-By: LoveSy <[email protected]>

Author: MlgmXyysd

Diff for: edxp-common/src/main/java/com/elderdrivers/riru/edxp/util/ClassUtils.java

@@ -2,8 +2,8 @@
 
 import android.os.Build;
 
-import java.lang.reflect.Constructor;
 import java.lang.reflect.Member;
+import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
 
 import de.robv.android.xposed.XposedHelpers;
@@ -29,14 +29,14 @@ public static int getClassStatus(Class clazz, boolean isUnsigned) {
      * 5.0-8.0: kInitialized = 10 int
      * 8.1:     kInitialized = 11 int
      * 9.0+:    kInitialized = 14 uint8_t
-     * 11.0+:   kVisiblyInitialized = 15 uint8_t
+     * 11.0+:   kInitialized = 14 uint8_t
+     *          kVisiblyInitialized = 15 uint8_t
      */
     @ApiSensitive(Level.MIDDLE)
     public static boolean isInitialized(Class clazz) {
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
-            return getClassStatus(clazz, true) == 15;
-        }
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+            return getClassStatus(clazz, true) >= 14;
+        } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
             return getClassStatus(clazz, true) == 14;
         } else if (Build.VERSION.SDK_INT == Build.VERSION_CODES.O_MR1) {
             return getClassStatus(clazz, false) == 11;
@@ -46,7 +46,7 @@ public static boolean isInitialized(Class clazz) {
     }
 
     public static boolean shouldDelayHook(Member hookMethod) {
-        if (hookMethod == null || hookMethod instanceof Constructor) {
+        if (!(hookMethod instanceof Method)) {
             return false;
         }
         Class declaringClass = hookMethod.getDeclaringClass();

Diff for: edxp-core/src/main/cpp/main/include/art/runtime/art_method.h

@@ -10,10 +10,6 @@
 
 namespace art {
     namespace art_method {
-
-        inline static size_t oat_header_length;
-        inline static int32_t oat_header_code_length_offset;
-
         CREATE_MEM_FUNC_SYMBOL_ENTRY(std::string, PrettyMethod, void *thiz, bool with_signature) {
             if (UNLIKELY(thiz == nullptr))
                 return "null";
@@ -26,66 +22,8 @@ namespace art {
             return PrettyMethod(thiz, true);
         }
 
-        CREATE_MEM_HOOK_STUB_ENTRIES(
-                LP_SELECT("_ZN3art9ArtMethod23GetOatQuickMethodHeaderEj", "_ZN3art9ArtMethod23GetOatQuickMethodHeaderEm"),
-                void *, GetOatQuickMethodHeader,
-                (void * thiz, uintptr_t pc), {
-                    // This is a partial copy from AOSP. We only touch them if they are hooked.
-                    if (UNLIKELY(edxp::isHooked(thiz))) {
-                        uintptr_t original_ep =
-                                reinterpret_cast<uintptr_t>(getOriginalEntryPointFromTargetMethod(
-                                        thiz)) & ~0x1;
-                        if (original_ep) {
-                            char *code_length_loc =
-                                    reinterpret_cast<char *>(original_ep) +
-                                    oat_header_code_length_offset;
-                            uint32_t code_length =
-                                    *reinterpret_cast<uint32_t *>(code_length_loc) &
-                                    ~0x80000000u;
-                            LOGD("art_method::GetOatQuickMethodHeader: ArtMethod=%p (%s), isHooked=true, original_ep=0x%zux, code_length=0x%x, pc=0x%zux",
-                                 thiz, PrettyMethod(thiz).c_str(),
-                                 original_ep, code_length, pc);
-                            if (original_ep <= pc &&
-                                pc <= original_ep + code_length)
-                                return reinterpret_cast<void *>(
-                                        original_ep -
-                                        oat_header_length);
-                            // If PC is not in range, we mark it as not found.
-                            LOGD("art_method::GetOatQuickMethodHeader: PC not found in current method.");
-                            return nullptr;
-                        } else {
-                            LOGD("art_method::GetOatQuickMethodHeader: ArtMethod=%p (%s) isHooked but not backup, fallback to system",
-                                 thiz, PrettyMethod(thiz).c_str());
-                        }
-                    }
-                    return backup(thiz, pc);
-                });
-
         static void Setup(void *handle, HookFunType hook_func) {
             LOGD("art_method hook setup, handle=%p", handle);
-            int api_level = edxp::GetAndroidApiLevel();
-            switch (api_level) {
-                case __ANDROID_API_O__:
-                    [[fallthrough]];
-                case __ANDROID_API_O_MR1__:
-                    [[fallthrough]];
-                case __ANDROID_API_P__:
-                    oat_header_length = 24;
-                    oat_header_code_length_offset = -4;
-                    break;
-                default:
-                    LOGW("No valid offset in SDK %d for oat_header_length, using offset from Android R",
-                         api_level);
-                    [[fallthrough]];
-                case __ANDROID_API_Q__:
-                    [[fallthrough]];
-                case __ANDROID_API_R__:
-                    oat_header_length = 8;
-                    oat_header_code_length_offset = -4;
-                    break;
-            }
-            edxp::HookSyms(handle, hook_func, GetOatQuickMethodHeader);
-
             RETRIEVE_MEM_FUNC_SYMBOL(PrettyMethod, "_ZN3art9ArtMethod12PrettyMethodEb");
         }
     }

Diff for: edxp-core/src/main/cpp/main/include/art/runtime/class_linker.h

@@ -34,6 +34,7 @@ namespace art {
                 LOGD("Pending hook for %p (%s)", clazz_ptr,
                      art::mirror::Class(clazz_ptr).GetDescriptor().c_str());
                 edxp::Context::GetInstance()->CallOnPostFixupStaticTrampolines(clazz_ptr);
+                edxp::DonePendingHook(class_def);
             }
         }
 
@@ -45,11 +46,12 @@ namespace art {
                 });
 
         CREATE_MEM_HOOK_STUB_ENTRIES(
-                "_ZN3art11ClassLinker22FixupStaticTrampolinesEPNS_6ThreadENS_6ObjPtrINS_6mirror5ClassEEE",
-                void, FixupStaticTrampolinesWithThread, (void * thiz,
-                void * thread, void * clazz_ptr), {
-                    backup(thiz, thread, clazz_ptr);
-                    MaybeDelayHook(clazz_ptr);
+                "_ZN3art11ClassLinker20MarkClassInitializedEPNS_6ThreadENS_6HandleINS_6mirror5ClassEEE",
+                void*, MarkClassInitialized, (void * thiz, void * self, uint32_t * clazz_ptr), {
+                    void *result = backup(thiz, self, clazz_ptr);
+                    auto ptr = reinterpret_cast<void *>(*clazz_ptr);
+                    MaybeDelayHook(ptr);
+                    return result;
                 });
 
         CREATE_MEM_FUNC_SYMBOL_ENTRY(void, MakeInitializedClassesVisiblyInitialized, void *thiz,
@@ -63,7 +65,7 @@ namespace art {
                 "_ZN3art11ClassLinker30ShouldUseInterpreterEntrypointEPNS_9ArtMethodEPKv",
                 bool, ShouldUseInterpreterEntrypoint, (void * art_method,
                         const void *quick_code), {
-                    if (quick_code != nullptr && UNLIKELY(edxp::isHooked(art_method))) {
+                    if (quick_code != nullptr && UNLIKELY(edxp::isHooked(art_method) || edxp::IsMethodPending(art_method))) {
                         return false;
                     }
                     return backup(art_method, quick_code);
@@ -126,10 +128,19 @@ namespace art {
             RETRIEVE_MEM_FUNC_SYMBOL(SetEntryPointsToInterpreter,
                                      "_ZNK3art11ClassLinker27SetEntryPointsToInterpreterEPNS_9ArtMethodE");
 
-            edxp::HookSyms(handle, hook_func, FixupStaticTrampolines,
-                           FixupStaticTrampolinesWithThread);
             edxp::HookSyms(handle, hook_func, ShouldUseInterpreterEntrypoint);
 
+            if (api_level >= __ANDROID_API_R__) {
+                // In android R, FixupStaticTrampolines won't be called unless it's marking it as
+                // visiblyInitialized.
+                // So we miss some calls between initialized and visiblyInitialized.
+                // Therefore we hook the new introduced MarkClassInitialized instead
+                // This only happens on non-x86 devices
+                edxp::HookSyms(handle, hook_func, MarkClassInitialized);
+            } else {
+                edxp::HookSyms(handle, hook_func, FixupStaticTrampolines);
+            }
+
             // MakeInitializedClassesVisiblyInitialized will cause deadlock
             // IsQuickToInterpreterBridge is inlined
             // So we use GetSavedEntryPointOfPreCompiledMethod instead

Diff for: edxp-core/src/main/cpp/main/src/edxp_context.cpp

@@ -218,7 +218,7 @@ namespace edxp {
         if (!ConfigManager::GetInstance()->IsInitialized()) {
             LOGE("skip injecting into android because configurations are not loaded properly");
         }
-        if (skip_ && !ConfigManager::GetInstance()->IsAppNeedHook("android")) {
+        if (!skip_ && !ConfigManager::GetInstance()->IsAppNeedHook("android")) {
             skip_ = true;
             LOGD("skip injecting into android because it's whitelisted/blacklisted");
         }

Diff for: edxp-core/src/main/cpp/main/src/jni/edxp_pending_hooks.cpp

@@ -11,33 +11,66 @@
 #include "art/runtime/mirror/class.h"
 
 namespace edxp {
+    namespace {
+        std::unordered_set<const void *> pending_classes_;
+        std::shared_mutex pending_classes_lock_;
 
-    static std::unordered_set<const void *> pending_classes_;
-    static std::shared_mutex pending_classes_lock_;
+        std::unordered_set<const void *> pending_methods_;
+        std::shared_mutex pending_methods_lock_;
 
-    static std::unordered_set<const void *> hooked_methods_;
-    static std::shared_mutex hooked_methods_lock_;
+        std::unordered_set<const void *> hooked_methods_;
+        std::shared_mutex hooked_methods_lock_;
+    }
 
     bool IsClassPending(void *clazz) {
         std::shared_lock lk(pending_classes_lock_);
         return pending_classes_.count(clazz);
     }
 
-    static void PendingHooks_recordPendingMethodNative(JNI_START, jclass class_ref) {
+    bool IsMethodPending(void *art_method) {
+        bool result;
+        {
+            std::shared_lock lk(pending_methods_lock_);
+            result = pending_methods_.count(art_method);
+        }
+        if (result) {
+            std::unique_lock lk(pending_methods_lock_);
+            pending_methods_.erase(art_method);
+        }
+        return result;
+    }
+
+    void DonePendingHook(void *clazz) {
+        std::unique_lock lk(pending_classes_lock_);
+        pending_classes_.erase(clazz);
+    }
+
+    static void
+    PendingHooks_recordPendingMethodNative(JNI_START, jobject method_ref, jclass class_ref) {
         auto *class_ptr = art::Thread::Current().DecodeJObject(class_ref);
+        auto *method = getArtMethod(env, method_ref);
         art::mirror::Class mirror_class(class_ptr);
         if (auto def = mirror_class.GetClassDef(); LIKELY(def)) {
-            LOGD("record pending: %p (%s)", class_ptr, mirror_class.GetDescriptor().c_str());
-            std::unique_lock lk(pending_classes_lock_);
-            pending_classes_.insert(def);
+            LOGD("record pending: %p (%s) with %p", class_ptr, mirror_class.GetDescriptor().c_str(),
+                 method);
+            // Add it for ShouldUseInterpreterEntrypoint
+            {
+                std::unique_lock lk(pending_methods_lock_);
+                pending_methods_.insert(method);
+            }
+            {
+                std::unique_lock lk(pending_classes_lock_);
+                pending_classes_.insert(def);
+            }
         } else {
             LOGW("fail to record pending for : %p (%s)", class_ptr,
                  mirror_class.GetDescriptor().c_str());
         }
     }
 
     static JNINativeMethod gMethods[] = {
-            NATIVE_METHOD(PendingHooks, recordPendingMethodNative, "(Ljava/lang/Class;)V"),
+            NATIVE_METHOD(PendingHooks, recordPendingMethodNative,
+                          "(Ljava/lang/reflect/Method;Ljava/lang/Class;)V"),
     };
 
     void RegisterPendingHooks(JNIEnv *env) {

Diff for: edxp-core/src/main/cpp/main/src/jni/edxp_pending_hooks.h

@@ -13,4 +13,8 @@ namespace edxp {
 
     void recordHooked(void* art_method);
 
+    void DonePendingHook(void *clazz);
+
+    bool IsMethodPending(void* art_method);
+
 } // namespace edxp

Diff for: xposed-bridge/src/main/java/de/robv/android/xposed/PendingHooks.java

@@ -1,6 +1,7 @@
 package de.robv.android.xposed;
 
 import java.lang.reflect.Member;
+import java.lang.reflect.Method;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.function.Function;
@@ -18,10 +19,11 @@ public synchronized static void hookPendingMethod(Class<?> clazz) {
             for (Map.Entry<Member, XposedBridge.AdditionalHookInfo> hook : sPendingHooks.get(clazz).entrySet()) {
                 hookMethodNative(hook.getKey(), clazz, 0, hook.getValue());
             }
+            sPendingHooks.remove(clazz);
         }
     }
 
-    public synchronized static void recordPendingMethod(Member hookMethod,
+    public synchronized static void recordPendingMethod(Method hookMethod,
                                                         XposedBridge.AdditionalHookInfo additionalInfo) {
         ConcurrentHashMap<Member, XposedBridge.AdditionalHookInfo> pending =
                 sPendingHooks.computeIfAbsent(hookMethod.getDeclaringClass(),
@@ -33,12 +35,12 @@ public ConcurrentHashMap<Member, XposedBridge.AdditionalHookInfo> apply(Class<?>
                         });
 
         pending.put(hookMethod, additionalInfo);
-        recordPendingMethodNative(hookMethod.getDeclaringClass());
+        recordPendingMethodNative(hookMethod, hookMethod.getDeclaringClass());
     }
 
     public synchronized void cleanUp() {
         sPendingHooks.clear();
     }
 
-    private static native void recordPendingMethodNative(Class clazz);
+    private static native void recordPendingMethodNative(Method hookMethod, Class clazz);
 }

Diff for: xposed-bridge/src/main/java/de/robv/android/xposed/XposedBridge.java

@@ -240,7 +240,7 @@ public static XC_MethodHook.Unhook hookMethod(Member hookMethod, XC_MethodHook c
             if (reflectMethod != null) {
 				hookMethodNative(reflectMethod, declaringClass, slot, additionalInfo);
 			} else {
-				PendingHooks.recordPendingMethod(hookMethod, additionalInfo);
+				PendingHooks.recordPendingMethod((Method)hookMethod, additionalInfo);
 			}
         }