PAGalaxyLab/YAHFA

Android 8.0 上报错

liukuo362573 opened this issue · 1 comments

执行 hook 的方法时候报错。

2023-03-28 10:18:20.575 29835-29835 SO_TEST                 com.friday.sotest                    I  target method is at 0x7c3d10d390, hook method is at 0x7c22ed4f94, backup method is at 0x0
2023-03-28 10:18:20.575 29835-29835 SO_TEST                 com.friday.sotest                    I  setNonCompilable: change access flags from 0x80009 to 0x1080009
2023-03-28 10:18:20.575 29835-29835 SO_TEST                 com.friday.sotest                    I  replace method from 0x7c3d10d390 to 0x7c22ed4f94
2023-03-28 10:18:20.575 29835-29835 SO_TEST                 com.friday.sotest                    I  allocating space for trampoline code at 0x7c3e69f000
2023-03-28 10:18:20.575 29835-29835 SO_TEST                 com.friday.sotest                    I  replace entry point from 0x7c3cea27c0 to 0x7c3e69f004
2023-03-28 10:18:20.575 29835-29835 SO_TEST                 com.friday.sotest                    I  change access flags from 0x1080009 to 0x1080109
--------- beginning of crash
2023-03-28 10:18:20.575 29835-29835 SO_TEST                 com.friday.sotest                    I  hook and backup done
2023-03-28 10:18:20.576 29835-29835 libc                    com.friday.sotest                    A  Fatal signal 7 (SIGBUS), code 1, fault addr 0x903e2d10043a1 in tid 29835 (m.friday.sotest)
2023-03-28 10:18:20.669 29889-29889 crash_dump64            pid-29889                            I  obtaining output fd from tombstoned
2023-03-28 10:18:20.679  1024-1024  /system/bin/tombstoned  tombstoned                           I  received crash request for pid 29835
2023-03-28 10:18:20.685 29889-29889 crash_dump64            pid-29889                            I  performing dump of process 29835 (target tid = 29835)
2023-03-28 10:18:20.685 29889-29889 DEBUG                   pid-29889                            A  *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2023-03-28 10:18:20.685 29889-29889 DEBUG                   pid-29889                            A  Build fingerprint: 'Xiaomi/gemini/gemini:8.0.0/OPR1.170623.032/8.11.22:user/release-keys'
2023-03-28 10:18:20.686 29889-29889 DEBUG                   pid-29889                            A  Revision: '0'
2023-03-28 10:18:20.686 29889-29889 DEBUG                   pid-29889                            A  ABI: 'arm64'
2023-03-28 10:18:20.686 29889-29889 DEBUG                   pid-29889                            A  pid: 29835, tid: 29835, name: m.friday.sotest  >>> com.friday.sotest <<<
2023-03-28 10:18:20.686 29889-29889 DEBUG                   pid-29889                            A  signal 7 (SIGBUS), code 1 (BUS_ADRALN), fault addr 0x903e2d10043a1
2023-03-28 10:18:20.686 29889-29889 DEBUG                   pid-29889                            A      x0   0000007c22ed4f94  x1   0000007fd58197a0  x2   0000000000000000  x3   0000007c3d20dc00
2023-03-28 10:18:20.686 29889-29889 DEBUG                   pid-29889                            A      x4   0000007fd5819780  x5   0000007c23d6fd3d  x6   0000000000000000  x7   0000007fd5819dc8
2023-03-28 10:18:20.686 29889-29889 DEBUG                   pid-29889                            A      x8   0000000000000000  x9   0000007c3e69f004  x10  0000007c23d6fd3f  x11  0000007c3ce994cc
2023-03-28 10:18:20.686 29889-29889 DEBUG                   pid-29889                            A      x12  0000007c3ce99520  x13  0000007c3ce99574  x14  0000007c3ce995d4  x15  0000000000000000
2023-03-28 10:18:20.686 29889-29889 DEBUG                   pid-29889                            A      x16  aa0903e2d10043a1  x17  0000000000000000  x18  0000007fd5817c94  x19  0000007c3d20dc00
2023-03-28 10:18:20.686 29889-29889 DEBUG                   pid-29889                            A      x20  0000007c3d10d390  x21  0000007c3d20dc00  x22  0000007fd58197a0  x23  0000007c23d6fd3d
2023-03-28 10:18:20.686 29889-29889 DEBUG                   pid-29889                            A      x24  0000000000000000  x25  0000007c3d20dc98  x26  0000007c3d10d390  x27  0000007fd5819dc8
2023-03-28 10:18:20.686 29889-29889 DEBUG                   pid-29889                            A      x28  0000000000000043  x29  0000007fd5819518  x30  0000007c3ce9963c
2023-03-28 10:18:20.686 29889-29889 DEBUG                   pid-29889                            A      sp   0000007fd5819510  pc   000903e2d10043a1  pstate 0000000060000000
2023-03-28 10:18:20.699 29889-29889 DEBUG                   pid-29889                            A  
                                                                                                    backtrace:
2023-03-28 10:18:20.700 29889-29889 DEBUG                   pid-29889                            A      #00 pc 000903e2d10043a1  <unknown>
2023-03-28 10:18:20.700 29889-29889 DEBUG                   pid-29889                            A      #01 pc 000000000050e638  /system/lib64/libart.so (art_quick_invoke_static_stub+600)
2023-03-28 10:18:20.700 29889-29889 DEBUG                   pid-29889                            A      #02 pc 00000000000d8e84  /system/lib64/libart.so (_ZN3art9ArtMethod6InvokeEPNS_6ThreadEPjjPNS_6JValueEPKc+260)
2023-03-28 10:18:20.700 29889-29889 DEBUG                   pid-29889                            A      #03 pc 00000000004322cc  /system/lib64/libart.so (_ZN3artL18InvokeWithArgArrayERKNS_33ScopedObjectAccessAlreadyRunnableEPNS_9ArtMethodEPNS_8ArgArrayEPNS_6JValueEPKc+104)
2023-03-28 10:18:20.700 29889-29889 DEBUG                   pid-29889                            A      #04 pc 0000000000431f28  /system/lib64/libart.so (_ZN3art17InvokeWithVarArgsERKNS_33ScopedObjectAccessAlreadyRunnableEP8_jobjectP10_jmethodIDSt9__va_list+424)
2023-03-28 10:18:20.700 29889-29889 DEBUG                   pid-29889                            A      #05 pc 000000000033bfe4  /system/lib64/libart.so (_ZN3art3JNI23CallStaticObjectMethodVEP7_JNIEnvP7_jclassP10_jmethodIDSt9__va_list+624)
2023-03-28 10:18:20.700 29889-29889 DEBUG                   pid-29889                            A      #06 pc 000000000010c2f0  /system/lib64/libart.so (_ZN3art8CheckJNI11CallMethodVEPKcP7_JNIEnvP8_jobjectP7_jclassP10_jmethodIDSt9__va_listNS_9Primitive4TypeENS_10InvokeTypeE+1456)
2023-03-28 10:18:20.700 29889-29889 DEBUG                   pid-29889                            A      #07 pc 00000000000fc088  /system/lib64/libart.so (_ZN3art8CheckJNI23CallStaticObjectMethodVEP7_JNIEnvP7_jclassP10_jmethodIDSt9__va_list+92)
2023-03-28 10:18:20.700 29889-29889 DEBUG                   pid-29889                            A      #08 pc 00000000000113ec  /data/app/com.friday.sotest-mQAJqee2eL1fs8xD1zfJ6g==/lib/arm64/libmyso.so (_ZN7_JNIEnv22CallStaticObjectMethodEP7_jclassP10_jmethodIDz+192)
2023-03-28 10:18:20.700 29889-29889 DEBUG                   pid-29889                            A      #09 pc 0000000000014e34  /data/app/com.friday.sotest-mQAJqee2eL1fs8xD1zfJ6g==/lib/arm64/libmyso.so (Java_com_friday_myso_NativeLib_testHook+560)
2023-03-28 10:18:20.700 29889-29889 DEBUG                   pid-29889                            A      #10 pc 000000000001f150  /data/app/com.friday.sotest-mQAJqee2eL1fs8xD1zfJ6g==/oat/arm64/base.odex (offset 0x11000)

doBackupAndHook 方法中,targetMethod 是 Java 方法,hookMethod 如果是 JNI 方法会报以上的错误,如果 hookMethod 也是 Java 方法,就不会报错了。

2023-03-28 16:59:57.950 26315-26315 SO_TEST                 com.friday.sotest                    I  getHelloWorld: Hello World
2023-03-28 16:59:57.951 26315-26315 SO_TEST                 com.friday.sotest                    I  getHelloWorld1 : Hello World Hooked
2023-03-28 16:59:57.951 26315-26315 SO_TEST                 com.friday.sotest                    I  target method is at 0x7ba64cd930, hook method is at 0x7ba64cd960, backup method is at 0x0
2023-03-28 16:59:57.951 26315-26315 SO_TEST                 com.friday.sotest                    I  setNonCompilable: change access flags from 0x80009 to 0x1080009
2023-03-28 16:59:57.951 26315-26315 SO_TEST                 com.friday.sotest                    I  replace method from 0x7ba64cd930 to 0x7ba64cd960
2023-03-28 16:59:57.951 26315-26315 SO_TEST                 com.friday.sotest                    I  allocating space for trampoline code at 0x7c27298000
2023-03-28 16:59:57.951 26315-26315 SO_TEST                 com.friday.sotest                    I  replace entry point from 0x7ba5bddcb0 to 0x7c27298004
2023-03-28 16:59:57.951 26315-26315 SO_TEST                 com.friday.sotest                    I  change access flags from 0x1080009 to 0x1080109
2023-03-28 16:59:57.951 26315-26315 SO_TEST                 com.friday.sotest                    I  hook and backup done
2023-03-28 16:59:57.951 26315-26315 SO_TEST                 com.friday.sotest                    I  getHelloWorld hooked: Hello World Hooked1