Hook Toast crash when calling backup on Huawei Honor DUK-AL20 device

Question

Hook Toast crash when calling backup on Huawei Honor DUK-AL20 device

canyie opened this issue 4 years ago · 0 comments

Rooted: 'Yes'
API level: '24'
OS version: '7.0'
Kernel version: 'Linux version 4.1.18-gebc47dc #1 SMP PREEMPT Wed Nov 15 05:49:58 CST 2017 (aarch64)'
ABI list: 'arm64-v8a,armeabi-v7a,armeabi'
Manufacturer: 'HUAWEI'
Brand: 'HONOR'
Model: 'DUK-AL20'
Build fingerprint: 'HONOR/DUK-AL20/HWDUK:7.0/HUAWEIDUK-AL20/C00B208:user/release-keys'
ABI: 'arm64'
pid: 14377, tid: 14377, name: e.pine.examples  >>> top.canyie.pine.examples <<<
signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0x77e1a9509c (*pc=0xe1a95000)
    x0  0000000070d49f40  x1  0000000012ea93d0  x2  0000000012c637e8  x3  0000000012dacca0
    x4  0000000012cb1640  x5  000000000000000b  x6  00000000020600db  x7  0000000000000000
    x8  0000000000000000  x9  0000000012cb1640  x10 0000000070582318  x11 000000000000000f
    x12 0000000000003000  x13 000000000000000c  x14 00000077e8ecfdd0  x15 0000000000000000
    x16 0000000000024468  x17 0000000070cebec0  x18 00000077e9415038  x19 00000077e9ea1a00
    x20 0000000070d49fe8  x21 0000000012cb1640  x22 0000000012ea93d0  x23 0000000012c637e8
    x24 0000000012dacca0  x25 0000000000000000  x26 0000000012e50e40  x27 0000000012e7d358
    x28 000000000000000b  x29 0000000012c637e8
    sp  0000007fc3e19a30  lr  00000077c1e98624  pc  00000077e1a9509c

backtrace:
    #00 pc 000000000000009c  [anon:pine codes]

部分关键log：

D Pine    : InstallInlineTrampoline: target_code_addr 0x77e8ed8fe0 backup 0x77e1a95000 bridge_jump 0x77e1a95030
I Pine    : handleBridge: artMethod=0x70cebec0 extras=0x77ad2b9040 sp=0x7fc3e1dbe0
D Pine    : handleCall: target=public static android.widget.Toast android.widget.Toast.makeText(android.content.Context,java.lang.CharSequence,int) thisObject=null args=[top.canyie.pine.examples.ExampleApp@4b98d33, ToastHookTest failed, 0]
I PineExample: Before android.widget.Toast.makeText() with thisObject null and args [top.canyie.pine.examples.ExampleApp@4b98d33, ToastHookTest failed, 0]

--- crash ---

Backup方法dump信息：

E0 00 00 58 // ldr x0, 0x77e1a9501c (origin method addr)
FF 83 03 D1 // origin code
E0 07 01 6D // origin code
E2 0F 02 6D // origin code
E4 17 03 6D // origin code
91 00 00 58 // ldr x17, 0x77e1a95024
20 02 1F D6 // br x17
<origin method (8 bytes)>
<remaining code entry of original code (8 bytes)>

毫无头绪。。。。