Android 8.0 上报错
liukuo362573 opened this issue · 1 comments
liukuo362573 commented
执行 hook 的方法时候报错。
2023-03-28 10:18:20.575 29835-29835 SO_TEST com.friday.sotest I target method is at 0x7c3d10d390, hook method is at 0x7c22ed4f94, backup method is at 0x0
2023-03-28 10:18:20.575 29835-29835 SO_TEST com.friday.sotest I setNonCompilable: change access flags from 0x80009 to 0x1080009
2023-03-28 10:18:20.575 29835-29835 SO_TEST com.friday.sotest I replace method from 0x7c3d10d390 to 0x7c22ed4f94
2023-03-28 10:18:20.575 29835-29835 SO_TEST com.friday.sotest I allocating space for trampoline code at 0x7c3e69f000
2023-03-28 10:18:20.575 29835-29835 SO_TEST com.friday.sotest I replace entry point from 0x7c3cea27c0 to 0x7c3e69f004
2023-03-28 10:18:20.575 29835-29835 SO_TEST com.friday.sotest I change access flags from 0x1080009 to 0x1080109
--------- beginning of crash
2023-03-28 10:18:20.575 29835-29835 SO_TEST com.friday.sotest I hook and backup done
2023-03-28 10:18:20.576 29835-29835 libc com.friday.sotest A Fatal signal 7 (SIGBUS), code 1, fault addr 0x903e2d10043a1 in tid 29835 (m.friday.sotest)
2023-03-28 10:18:20.669 29889-29889 crash_dump64 pid-29889 I obtaining output fd from tombstoned
2023-03-28 10:18:20.679 1024-1024 /system/bin/tombstoned tombstoned I received crash request for pid 29835
2023-03-28 10:18:20.685 29889-29889 crash_dump64 pid-29889 I performing dump of process 29835 (target tid = 29835)
2023-03-28 10:18:20.685 29889-29889 DEBUG pid-29889 A *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2023-03-28 10:18:20.685 29889-29889 DEBUG pid-29889 A Build fingerprint: 'Xiaomi/gemini/gemini:8.0.0/OPR1.170623.032/8.11.22:user/release-keys'
2023-03-28 10:18:20.686 29889-29889 DEBUG pid-29889 A Revision: '0'
2023-03-28 10:18:20.686 29889-29889 DEBUG pid-29889 A ABI: 'arm64'
2023-03-28 10:18:20.686 29889-29889 DEBUG pid-29889 A pid: 29835, tid: 29835, name: m.friday.sotest >>> com.friday.sotest <<<
2023-03-28 10:18:20.686 29889-29889 DEBUG pid-29889 A signal 7 (SIGBUS), code 1 (BUS_ADRALN), fault addr 0x903e2d10043a1
2023-03-28 10:18:20.686 29889-29889 DEBUG pid-29889 A x0 0000007c22ed4f94 x1 0000007fd58197a0 x2 0000000000000000 x3 0000007c3d20dc00
2023-03-28 10:18:20.686 29889-29889 DEBUG pid-29889 A x4 0000007fd5819780 x5 0000007c23d6fd3d x6 0000000000000000 x7 0000007fd5819dc8
2023-03-28 10:18:20.686 29889-29889 DEBUG pid-29889 A x8 0000000000000000 x9 0000007c3e69f004 x10 0000007c23d6fd3f x11 0000007c3ce994cc
2023-03-28 10:18:20.686 29889-29889 DEBUG pid-29889 A x12 0000007c3ce99520 x13 0000007c3ce99574 x14 0000007c3ce995d4 x15 0000000000000000
2023-03-28 10:18:20.686 29889-29889 DEBUG pid-29889 A x16 aa0903e2d10043a1 x17 0000000000000000 x18 0000007fd5817c94 x19 0000007c3d20dc00
2023-03-28 10:18:20.686 29889-29889 DEBUG pid-29889 A x20 0000007c3d10d390 x21 0000007c3d20dc00 x22 0000007fd58197a0 x23 0000007c23d6fd3d
2023-03-28 10:18:20.686 29889-29889 DEBUG pid-29889 A x24 0000000000000000 x25 0000007c3d20dc98 x26 0000007c3d10d390 x27 0000007fd5819dc8
2023-03-28 10:18:20.686 29889-29889 DEBUG pid-29889 A x28 0000000000000043 x29 0000007fd5819518 x30 0000007c3ce9963c
2023-03-28 10:18:20.686 29889-29889 DEBUG pid-29889 A sp 0000007fd5819510 pc 000903e2d10043a1 pstate 0000000060000000
2023-03-28 10:18:20.699 29889-29889 DEBUG pid-29889 A
backtrace:
2023-03-28 10:18:20.700 29889-29889 DEBUG pid-29889 A #00 pc 000903e2d10043a1 <unknown>
2023-03-28 10:18:20.700 29889-29889 DEBUG pid-29889 A #01 pc 000000000050e638 /system/lib64/libart.so (art_quick_invoke_static_stub+600)
2023-03-28 10:18:20.700 29889-29889 DEBUG pid-29889 A #02 pc 00000000000d8e84 /system/lib64/libart.so (_ZN3art9ArtMethod6InvokeEPNS_6ThreadEPjjPNS_6JValueEPKc+260)
2023-03-28 10:18:20.700 29889-29889 DEBUG pid-29889 A #03 pc 00000000004322cc /system/lib64/libart.so (_ZN3artL18InvokeWithArgArrayERKNS_33ScopedObjectAccessAlreadyRunnableEPNS_9ArtMethodEPNS_8ArgArrayEPNS_6JValueEPKc+104)
2023-03-28 10:18:20.700 29889-29889 DEBUG pid-29889 A #04 pc 0000000000431f28 /system/lib64/libart.so (_ZN3art17InvokeWithVarArgsERKNS_33ScopedObjectAccessAlreadyRunnableEP8_jobjectP10_jmethodIDSt9__va_list+424)
2023-03-28 10:18:20.700 29889-29889 DEBUG pid-29889 A #05 pc 000000000033bfe4 /system/lib64/libart.so (_ZN3art3JNI23CallStaticObjectMethodVEP7_JNIEnvP7_jclassP10_jmethodIDSt9__va_list+624)
2023-03-28 10:18:20.700 29889-29889 DEBUG pid-29889 A #06 pc 000000000010c2f0 /system/lib64/libart.so (_ZN3art8CheckJNI11CallMethodVEPKcP7_JNIEnvP8_jobjectP7_jclassP10_jmethodIDSt9__va_listNS_9Primitive4TypeENS_10InvokeTypeE+1456)
2023-03-28 10:18:20.700 29889-29889 DEBUG pid-29889 A #07 pc 00000000000fc088 /system/lib64/libart.so (_ZN3art8CheckJNI23CallStaticObjectMethodVEP7_JNIEnvP7_jclassP10_jmethodIDSt9__va_list+92)
2023-03-28 10:18:20.700 29889-29889 DEBUG pid-29889 A #08 pc 00000000000113ec /data/app/com.friday.sotest-mQAJqee2eL1fs8xD1zfJ6g==/lib/arm64/libmyso.so (_ZN7_JNIEnv22CallStaticObjectMethodEP7_jclassP10_jmethodIDz+192)
2023-03-28 10:18:20.700 29889-29889 DEBUG pid-29889 A #09 pc 0000000000014e34 /data/app/com.friday.sotest-mQAJqee2eL1fs8xD1zfJ6g==/lib/arm64/libmyso.so (Java_com_friday_myso_NativeLib_testHook+560)
2023-03-28 10:18:20.700 29889-29889 DEBUG pid-29889 A #10 pc 000000000001f150 /data/app/com.friday.sotest-mQAJqee2eL1fs8xD1zfJ6g==/oat/arm64/base.odex (offset 0x11000)
liukuo362573 commented
doBackupAndHook 方法中,targetMethod 是 Java 方法,hookMethod 如果是 JNI 方法会报以上的错误,如果 hookMethod 也是 Java 方法,就不会报错了。
2023-03-28 16:59:57.950 26315-26315 SO_TEST com.friday.sotest I getHelloWorld: Hello World
2023-03-28 16:59:57.951 26315-26315 SO_TEST com.friday.sotest I getHelloWorld1 : Hello World Hooked
2023-03-28 16:59:57.951 26315-26315 SO_TEST com.friday.sotest I target method is at 0x7ba64cd930, hook method is at 0x7ba64cd960, backup method is at 0x0
2023-03-28 16:59:57.951 26315-26315 SO_TEST com.friday.sotest I setNonCompilable: change access flags from 0x80009 to 0x1080009
2023-03-28 16:59:57.951 26315-26315 SO_TEST com.friday.sotest I replace method from 0x7ba64cd930 to 0x7ba64cd960
2023-03-28 16:59:57.951 26315-26315 SO_TEST com.friday.sotest I allocating space for trampoline code at 0x7c27298000
2023-03-28 16:59:57.951 26315-26315 SO_TEST com.friday.sotest I replace entry point from 0x7ba5bddcb0 to 0x7c27298004
2023-03-28 16:59:57.951 26315-26315 SO_TEST com.friday.sotest I change access flags from 0x1080009 to 0x1080109
2023-03-28 16:59:57.951 26315-26315 SO_TEST com.friday.sotest I hook and backup done
2023-03-28 16:59:57.951 26315-26315 SO_TEST com.friday.sotest I getHelloWorld hooked: Hello World Hooked1