VirtualApp hook so及activity回調

先推幾篇VA原理
1. http://rk700.github.io/2017/03/15/virtualapp-basic/
2. https://blog.csdn.net/ganyao939543405/article/details/76146760?ref=myread

VA項目地址：

https://github.com/asLody/VirtualApp

IOUniformer.cpp hook so

void inlineHookSymbol(void *sohandle, const char *symbol, void *replace, void **result) {
    void *address = dlsym(sohandle, symbol);
    if (address) {
        MSHookFunction(address, replace, result);
    }
}


void *(*org_runtime_invoke)(void *a_method, void *a_obj, void **a_params, int **a_exc) = NULL;

void *new_runtime_invoke(void *a_method, void *a_obj, void **a_params, int **a_exc) {
//    register_Class_From_Image(a_method);
//    runInMonoInvokeRuntimeHooker(a_method, a_obj, a_params);
    return org_runtime_invoke(a_method, a_obj, a_params, a_exc);
}


void onSoLoaded(const char *name, void *handle) {
    ALOGE("%s %s %d", __FUNCTION__, name, handle);
    if (strstr(name, "libil2cpp.so"))
        inlineHookSymbol(handle, "il2cpp_runtime_invoke", (void *) &new_runtime_invoke,
                         (void **) &org_runtime_invoke);
}

int findSymbol(const char *name, const char *libn,
               unsigned long *addr) {
    int ret = find_name(getpid(), name, libn, addr);
    return ret;
}


int hook_dlopen_rom24(void *symbol, const char *rom) {
    //hw mate8_8.0
    int ret = findSymbol("__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv", "linker",
                         (unsigned long *) &symbol);
    if (ret == 0) {
        MSHookFunction(symbol, (void *) new_do_dlopen_V24,
                       (void **) &orig_do_dlopen_V24);
    }
    ALOGE("%s %s %d", __FUNCTION__, rom, ret);
    return ret;
}

void hook_dlopen(int api_level, const char *rom) {
    void *symbol = NULL;
    if (api_level > 23) {

        if (findSymbol("__dl__Z9do_dlopenPKciPK17android_dlextinfoPv", "linker",
                       (unsigned long *) &symbol) == 0) {
            MSHookFunction(symbol, (void *) new_do_dlopen_V24,
                           (void **) &orig_do_dlopen_V24);
        } else {
            hook_dlopen_rom24(symbol, rom);
        }

    } else if (api_level >= 19) {
        if (findSymbol("__dl__Z9do_dlopenPKciPK17android_dlextinfo", "linker",
                       (unsigned long *) &symbol) == 0) {
            MSHookFunction(symbol, (void *) new_do_dlopen_V19,
                           (void **) &orig_do_dlopen_V19);
        }
    } else {
        if (findSymbol("__dl_dlopen", "linker",
                       (unsigned long *) &symbol) == 0) {
            MSHookFunction(symbol, (void *) new_dlopen, (void **) &orig_dlopen);
        }
    }
}

activity回調

com.lody.virtual.client.ipc.VActivityManager

 public void onActivityResumed(Activity activity) {
        VLog.e("ga",activity.getClass().getName());
        IBinder token = mirror.android.app.Activity.mToken.get(activity);
        try {
            getService().onActivityResumed(VUserHandle.myUserId(), token);
        } catch (RemoteException e) {
            e.printStackTrace();
        }
    }

activity 就是 app 的activity