From 5750728eeb1e1c5670bc0ee0898a83f423d06aaf Mon Sep 17 00:00:00 2001
From: kotori0 <admin@0x.mk>
Date: Fri, 17 Jul 2020 02:09:36 +0800
Subject: [PATCH 1/2] Fix bootloop on R Public Beta 2

---
 .../main/cpp/external/yahfa/src/HookMain.c    | 31 +++++++++++++++++--
 .../src/main/cpp/external/yahfa/src/env.h     |  1 +
 2 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/edxp-core/src/main/cpp/external/yahfa/src/HookMain.c b/edxp-core/src/main/cpp/external/yahfa/src/HookMain.c
index c9fda4663..81f4ffbe1 100644
--- a/edxp-core/src/main/cpp/external/yahfa/src/HookMain.c
+++ b/edxp-core/src/main/cpp/external/yahfa/src/HookMain.c
@@ -22,6 +22,8 @@ static int kAccNative = 0x0100;
 static int kAccCompileDontBother = 0x01000000;
 static int kAccFastInterpreterToInterpreterInvoke = 0x40000000;
 
+static jfieldID fieldArtMethod = NULL;
+
 static inline uint16_t read16(void *addr) {
     return *((uint16_t *) addr);
 }
@@ -37,8 +39,12 @@ static inline void write32(void *addr, uint32_t value) {
 void Java_lab_galaxy_yahfa_HookMain_init(JNIEnv *env, jclass clazz, jint sdkVersion) {
     int i;
     SDKVersion = sdkVersion;
+    jclass classExecutable;
     LOGI("init to SDK %d", sdkVersion);
     switch (sdkVersion) {
+        case ANDROID_R:
+            classExecutable = (*env)->FindClass(env, "java/lang/reflect/Executable");
+            fieldArtMethod = (*env)->GetFieldID(env, classExecutable, "artMethod", "J");
         case ANDROID_Q:
         case ANDROID_P:
             kAccCompileDontBother = 0x02000000;
@@ -255,6 +261,25 @@ static void ensureMethodCached(void *hookMethod, void *backupMethod,
     }
 }
 
+static void *getArtMethod(JNIEnv *env, jobject jmethod) {
+    void *artMethod = NULL;
+
+    if(jmethod == NULL) {
+        return artMethod;
+    }
+
+    if(SDKVersion == ANDROID_R) {
+        artMethod = (void *) (*env)->GetLongField(env, jmethod, fieldArtMethod);
+    }
+    else {
+        artMethod = (void *) (*env)->FromReflectedMethod(env, jmethod);
+    }
+
+    LOGI("ArtMethod: %p", artMethod);
+    return artMethod;
+
+}
+
 jobject Java_lab_galaxy_yahfa_HookMain_findMethodNative(JNIEnv *env, jclass clazz,
                                                         jclass targetClass, jstring methodName,
                                                         jstring methodSig) {
@@ -287,9 +312,9 @@ jboolean Java_lab_galaxy_yahfa_HookMain_backupAndHookNative(JNIEnv *env, jclass
                                                             jobject backup) {
 
     if (!doBackupAndHook(env,
-                         (void *) (*env)->FromReflectedMethod(env, target),
-                         (void *) (*env)->FromReflectedMethod(env, hook),
-                         backup == NULL ? NULL : (void *) (*env)->FromReflectedMethod(env, backup)
+                         getArtMethod(env, target),
+                         getArtMethod(env, hook),
+                         getArtMethod(env, backup)
     )) {
         (*env)->NewGlobalRef(env,
                              hook); // keep a global ref so that the hook method would not be GCed
diff --git a/edxp-core/src/main/cpp/external/yahfa/src/env.h b/edxp-core/src/main/cpp/external/yahfa/src/env.h
index 026f20edc..df6915aeb 100644
--- a/edxp-core/src/main/cpp/external/yahfa/src/env.h
+++ b/edxp-core/src/main/cpp/external/yahfa/src/env.h
@@ -14,6 +14,7 @@
 #define ANDROID_O2 27
 #define ANDROID_P 28
 #define ANDROID_Q 29
+#define ANDROID_R 30
 
 #define roundUpTo4(v) ((v+4-1) - ((v+4-1)&3))
 #define roundUpTo8(v) ((v+8-1) - ((v+8-1)&7))

From d9747cc679c0ab664c4217821e3e48d1587e01af Mon Sep 17 00:00:00 2001
From: kotori0 <admin@0x.mk>
Date: Sat, 18 Jul 2020 02:57:30 +0800
Subject: [PATCH 2/2] Fix crashes with some apps

---
 edxp-core/src/main/cpp/external/yahfa/src/HookMain.c | 4 ++++
 edxp-core/src/main/cpp/main/src/jni/edxp_yahfa.cpp   | 5 +++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/edxp-core/src/main/cpp/external/yahfa/src/HookMain.c b/edxp-core/src/main/cpp/external/yahfa/src/HookMain.c
index 81f4ffbe1..c1e04dde6 100644
--- a/edxp-core/src/main/cpp/external/yahfa/src/HookMain.c
+++ b/edxp-core/src/main/cpp/external/yahfa/src/HookMain.c
@@ -217,6 +217,10 @@ static int doBackupAndHook(JNIEnv *env, void *targetMethod, void *hookMethod, vo
 
 static void ensureMethodCached(void *hookMethod, void *backupMethod,
                                void *hookClassResolvedMethods) {
+    if (!backupMethod || (long) backupMethod < 0x1000) {
+        LOGW("ensureMethodCached: backupMethod is null or illegal: %p", backupMethod);
+        return;
+    }
     void *dexCacheResolvedMethods;
     // then we get the dex method index of the static backup method
     int methodIndex = read32(
diff --git a/edxp-core/src/main/cpp/main/src/jni/edxp_yahfa.cpp b/edxp-core/src/main/cpp/main/src/jni/edxp_yahfa.cpp
index ef8fd37f7..f6c677bf3 100644
--- a/edxp-core/src/main/cpp/main/src/jni/edxp_yahfa.cpp
+++ b/edxp-core/src/main/cpp/main/src/jni/edxp_yahfa.cpp
@@ -32,8 +32,9 @@ namespace edxp {
             return;
         }
         void *art_method = env->FromReflectedMethod(member);
-        if (!art_method) {
-            LOGE("setNonCompilableNative: art_method is null");
+
+        if (!art_method || (long)art_method < 0x1000) {
+            LOGE("setNonCompilableNative: art_method is null or invalid: %p", art_method);
             return;
         }
         setNonCompilable(art_method);