1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include "code_ir.h" 20 #include "common.h" 21 #include "dex_ir.h" 22 #include "dex_ir_builder.h" 23 24 #include <memory> 25 #include <set> 26 #include <utility> 27 #include <vector> 28 29 namespace slicer { 30 31 // Interface for a single transformation operation 32 class Transformation { 33 public: 34 virtual ~Transformation() = default; 35 virtual bool Apply(lir::CodeIr* code_ir) = 0; 36 }; 37 38 // Insert a call to the "entry hook" at the start of the instrumented method: 39 // The "entry hook" will be forwarded the original incoming arguments plus 40 // an explicit "this" argument for non-static methods. 41 class EntryHook : public Transformation { 42 public: 43 enum class Tweak { 44 None, 45 // Expose the "this" argument of non-static methods as the "Object" type. 46 // This can be helpful when the code you want to handle the hook doesn't 47 // have access to the actual type in its classpath. 48 ThisAsObject, 49 // Forward incoming arguments as an array. Zero-th element of the array is 50 // the method signature. First element of the array is 51 // "this" object if instrumented method isn't static. 52 // It is helpul, when you inject the same hook into the different 53 // methods. 54 ArrayParams, 55 }; 56 EntryHook(const ir::MethodId & hook_method_id,Tweak tweak)57 explicit EntryHook(const ir::MethodId& hook_method_id, Tweak tweak) 58 : hook_method_id_(hook_method_id), tweak_(tweak) { 59 // hook method signature is generated automatically 60 SLICER_CHECK_EQ(hook_method_id_.signature, nullptr); 61 } 62 63 // TODO: Delete this legacy constrcutor. 64 // It is left in temporarily so we can move callers away from it to the new 65 // `tweak` constructor. 66 explicit EntryHook(const ir::MethodId& hook_method_id, 67 bool use_object_type_for_this_argument = false) 68 : EntryHook(hook_method_id, use_object_type_for_this_argument 69 ? Tweak::ThisAsObject 70 : Tweak::None) {} 71 72 virtual bool Apply(lir::CodeIr* code_ir) override; 73 74 private: 75 ir::MethodId hook_method_id_; 76 Tweak tweak_; 77 78 bool InjectArrayParamsHook(lir::CodeIr* code_ir, lir::Bytecode* bytecode); 79 }; 80 81 // Insert a call to the "exit hook" method before every return 82 // in the instrumented method. The "exit hook" will be passed the 83 // original return value and it may return a new return value. 84 class ExitHook : public Transformation { 85 public: 86 enum class Tweak { 87 None = 0, 88 // return value will be passed as "Object" type. 89 // This can be helpful when the code you want to handle the hook doesn't 90 // have access to the actual type in its classpath or when you want to inject 91 // the same hook in multiple methods. 92 ReturnAsObject = 1 << 0, 93 // Pass method signature as the first parameter of the hook method. 94 PassMethodSignature = 1 << 1, 95 }; 96 ExitHook(const ir::MethodId & hook_method_id,Tweak tweak)97 explicit ExitHook(const ir::MethodId& hook_method_id, Tweak tweak) 98 : hook_method_id_(hook_method_id), tweak_(tweak) { 99 // hook method signature is generated automatically 100 SLICER_CHECK_EQ(hook_method_id_.signature, nullptr); 101 } 102 ExitHook(const ir::MethodId & hook_method_id)103 explicit ExitHook(const ir::MethodId& hook_method_id) : ExitHook(hook_method_id, Tweak::None) {} 104 105 virtual bool Apply(lir::CodeIr* code_ir) override; 106 107 private: 108 ir::MethodId hook_method_id_; 109 Tweak tweak_; 110 }; 111 112 inline ExitHook::Tweak operator|(ExitHook::Tweak a, ExitHook::Tweak b) { 113 return static_cast<ExitHook::Tweak>(static_cast<int>(a) | static_cast<int>(b)); 114 } 115 116 inline int operator&(ExitHook::Tweak a, ExitHook::Tweak b) { 117 return static_cast<int>(a) & static_cast<int>(b); 118 } 119 120 // Base class for detour hooks. Replace every occurrence of specific opcode with 121 // something else. The detour is a static method which takes the same arguments 122 // as the original method plus an explicit "this" argument and returns the same 123 // type as the original method. Derived classes must implement GetNewOpcode. 124 class DetourHook : public Transformation { 125 public: DetourHook(const ir::MethodId & orig_method_id,const ir::MethodId & detour_method_id)126 DetourHook(const ir::MethodId& orig_method_id, 127 const ir::MethodId& detour_method_id) 128 : orig_method_id_(orig_method_id), detour_method_id_(detour_method_id) { 129 // detour method signature is automatically created 130 // to match the original method and must not be explicitly specified 131 SLICER_CHECK_EQ(detour_method_id_.signature, nullptr); 132 } 133 134 virtual bool Apply(lir::CodeIr* code_ir) override; 135 136 protected: 137 ir::MethodId orig_method_id_; 138 ir::MethodId detour_method_id_; 139 140 // Returns a new opcode to replace the desired opcode or OP_NOP otherwise. 141 virtual dex::Opcode GetNewOpcode(dex::Opcode opcode) = 0; 142 }; 143 144 // Replace every invoke-virtual[/range] to the a specified method with 145 // a invoke-static[/range] to the detour method. 146 class DetourVirtualInvoke : public DetourHook { 147 public: DetourVirtualInvoke(const ir::MethodId & orig_method_id,const ir::MethodId & detour_method_id)148 DetourVirtualInvoke(const ir::MethodId& orig_method_id, 149 const ir::MethodId& detour_method_id) 150 : DetourHook(orig_method_id, detour_method_id) {} 151 152 protected: 153 virtual dex::Opcode GetNewOpcode(dex::Opcode opcode) override; 154 }; 155 156 // Replace every invoke-interface[/range] to the a specified method with 157 // a invoke-static[/range] to the detour method. 158 class DetourInterfaceInvoke : public DetourHook { 159 public: DetourInterfaceInvoke(const ir::MethodId & orig_method_id,const ir::MethodId & detour_method_id)160 DetourInterfaceInvoke(const ir::MethodId& orig_method_id, 161 const ir::MethodId& detour_method_id) 162 : DetourHook(orig_method_id, detour_method_id) {} 163 164 protected: 165 virtual dex::Opcode GetNewOpcode(dex::Opcode opcode) override; 166 }; 167 168 // Allocates scratch registers without doing a full register allocation 169 class AllocateScratchRegs : public Transformation { 170 public: 171 explicit AllocateScratchRegs(int allocate_count, bool allow_renumbering = true) allocate_count_(allocate_count)172 : allocate_count_(allocate_count), allow_renumbering_(allow_renumbering) { 173 SLICER_CHECK_GT(allocate_count, 0); 174 } 175 176 virtual bool Apply(lir::CodeIr* code_ir) override; 177 ScratchRegs()178 const std::set<dex::u4>& ScratchRegs() const { 179 SLICER_CHECK_EQ(scratch_regs_.size(), static_cast<size_t>(allocate_count_)); 180 return scratch_regs_; 181 } 182 183 private: 184 void RegsRenumbering(lir::CodeIr* code_ir); 185 void ShiftParams(lir::CodeIr* code_ir); 186 void Allocate(lir::CodeIr* code_ir, dex::u4 first_reg, int count); 187 188 private: 189 const int allocate_count_; 190 const bool allow_renumbering_; 191 int left_to_allocate_ = 0; 192 std::set<dex::u4> scratch_regs_; 193 }; 194 195 // A friendly helper for instrumenting existing methods: it allows batching 196 // a set of transformations to be applied to method (the batching allow it 197 // to build and encode the code IR once per method regardless of how many 198 // transformation are applied) 199 // 200 // For example, if we want to add both entry and exit hooks to a 201 // Hello.Test(int) method, the code would look like this: 202 // 203 // ... 204 // slicer::MethodInstrumenter mi(dex_ir); 205 // mi.AddTransformation<slicer::EntryHook>(ir::MethodId("LTracer;", "OnEntry")); 206 // mi.AddTransformation<slicer::ExitHook>(ir::MethodId("LTracer;", "OnExit")); 207 // SLICER_CHECK(mi.InstrumentMethod(ir::MethodId("LHello;", "Test", "(I)I"))); 208 // ... 209 // 210 class MethodInstrumenter { 211 public: MethodInstrumenter(std::shared_ptr<ir::DexFile> dex_ir)212 explicit MethodInstrumenter(std::shared_ptr<ir::DexFile> dex_ir) : dex_ir_(dex_ir) {} 213 214 // No copy/move semantics 215 MethodInstrumenter(const MethodInstrumenter&) = delete; 216 MethodInstrumenter& operator=(const MethodInstrumenter&) = delete; 217 218 // Queue a transformation 219 // (T is a class derived from Transformation) 220 template<class T, class... Args> AddTransformation(Args &&...args)221 T* AddTransformation(Args&&... args) { 222 T* transformation = new T(std::forward<Args>(args)...); 223 transformations_.emplace_back(transformation); 224 return transformation; 225 } 226 227 // Apply all the queued transformations to the specified method 228 bool InstrumentMethod(ir::EncodedMethod* ir_method); 229 bool InstrumentMethod(const ir::MethodId& method_id); 230 231 private: 232 std::shared_ptr<ir::DexFile> dex_ir_; 233 std::vector<std::unique_ptr<Transformation>> transformations_; 234 }; 235 236 } // namespace slicer 237