Vivo X90 Android 13 异常闪退
allenjq opened this issue · 5 comments
allenjq commented
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Softversion: PD2227B_A_*********.W10.V000L1
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Time: 2023-04-28 17:21:18
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Build fingerprint: 'vivo/PD2227/PD2227:13/TP1A.220624.014/compiler02180032:user/release-keys'
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Revision: '0'
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: ABI: 'arm'
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Timestamp: 2023-04-28 17:21:18.495547616+0800
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Process uptime: 3s
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: Cmdline: com.
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: pid: 19494, tid: 19511, name: binder:19494_3 >>> com.<<<
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: uid: 10378
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xf26c8020
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: r0 00000000 r1 dec5ebec r2 00000000 r3 ea8fb140
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: r4 00000018 r5 dec5ebb8 r6 dec5eb6c r7 eaf0b7d2
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: r8 00000000 r9 ed091810 r10 ed613080 r11 eaa507ec
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: ip f3cdd110 sp dec5eb40 lr ed61c430 pc f26c8020
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: backtrace:
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #00 pc 00000020 [anon:pine codes]
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #01 pc 000dc42c /apex/com.android.art/lib/libart.so (nterp_helper+1948) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #02 pc 001bc7ec /system/framework/framework.jar (android.os.Binder.execTransact+0)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #03 pc 000e0bd5 /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #04 pc 004d9427 /apex/com.android.art/lib/libart.so (art_quick_invoke_stub+270) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #05 pc 001336d7 /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+138) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #06 pc 003fa17f /apex/com.android.art/lib/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+354) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #07 pc 003fa297 /apex/com.android.art/lib/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+42) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #08 pc 00300d4f /apex/com.android.art/lib/libart.so (art::JNI<true>::CallBooleanMethodV(_JNIEnv*, _jobject*, _jmethodID*, std::__va_list)+550) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #09 pc 00291327 /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::CheckJNI::CallMethodV(char const*, _JNIEnv*, _jobject*, _jclass*, _jmethodID*, std::__va_list, art::Primitive::Type, art::InvokeType)+1274) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #10 pc 00282309 /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::CheckJNI::CallBooleanMethodV(_JNIEnv*, _jobject*, _jmethodID*, std::__va_list) (.llvm.3576642306481517745)+44) (BuildId: c4564b448d4fa634e0c6ac09e9deca3e)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #11 pc 00083a39 /system/lib/libandroid_runtime.so (_JNIEnv::CallBooleanMethod(_jobject*, _jmethodID*, ...)+28) (BuildId: 86b1e77d3e121e43800ede952e025ce3)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #12 pc 000fcf79 /system/lib/libandroid_runtime.so (JavaBBinder::onTransact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+96) (BuildId: 86b1e77d3e121e43800ede952e025ce3)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #13 pc 00039aab /system/lib/libbinder.so (android::BBinder::transact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+222) (BuildId: 0******************630b8d0dc41ef)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #14 pc 00040d81 /system/lib/libbinder.so (android::IPCThreadState::executeCommand(int)+604) (BuildId: 0******************630b8d0dc41ef)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #15 pc 00040a8b /system/lib/libbinder.so (android::IPCThreadState::getAndExecuteCommand()+98) (BuildId: 0******************630b8d0dc41ef)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #16 pc 00041139 /system/lib/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+44) (BuildId: 0******************630b8d0dc41ef)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #17 pc 00060969 /system/lib/libbinder.so (android::PoolThread::threadLoop()+12) (BuildId: 0******************630b8d0dc41ef)
2023-04-28 17:21:18.804 19585-19585/? A/DEBUG: #18 pc 0000d779 /system/lib/libutils.so (android::Thread::_threadLoop(void*)+264) (BuildId: 67575d9eb04856f75b463fba5ef73717)
2023-04-28 17:21:18.805 19585-19585/? A/DEBUG: #19 pc 0008a261 /system/lib/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+84) (BuildId: 86b1e77d3e121e43800ede952e025ce3)
2023-04-28 17:21:18.805 19585-19585/? A/DEBUG: #20 pc 000b49e5 /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void*)+40) (BuildId: 6586ece0dfc09c7750993482d2ca596c)
2023-04-28 17:21:18.805 19585-19585/? A/DEBUG: #21 pc 0006b7e9 /apex/com.android.runtime/lib/bionic/libc.so (__start_thread+30) (BuildId: 6586ece0dfc09c7750993482d2ca596c)
canyie commented
能提供一下 hook 的是哪个方法吗,我这里没有复现出来
allenjq commented
String methodName = Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT ? "openDexFileNative" : "openDexFile";
XposedBridge.hookAllMethods(DexFile.class, methodName,new XC_MethodHook()
XposedBridge.hookAllMethods(Camera.class, "native_setup",new XC_MethodHook() {}
canyie commented
我尝试使用如下代码,未能复现闪退。麻烦确认一下同样的代码是否能在你那里复现闪退。
另外麻烦提供一下一些配置信息,比如应用是否 debuggable,是否打开了 pending hook.
try {
Pine.hook(Camera.class.getDeclaredMethod("native_setup", Object.class, int.class, String.class), new MethodHook() {
@Override
public void beforeCall(Pine.CallFrame callFrame) throws Throwable {
Log.e(TAG, "Calling with" + Arrays.toString(callFrame.args));
}
});
} catch (NoSuchMethodException e) {
throw new RuntimeException(e);
}
for (int i = 0;i < 2000;i++) {
Camera camera = Camera.open();
Log.e(TAG, "Opened " + i + " camera");
camera.release();
}
Log.e(TAG, "Camera test done");allenjq commented
在另一款小米13(也是Android 13的系统)使用了上面那段代码,debuggable=true/false都是一样的,没有开启pending hook
Build fingerprint: 'Xiaomi/fuxi/fuxi:13/TKQ1.220905.001/V14.0.29.0.TMCCNXM:user/release-keys'
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: Revision: '0'
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: ABI: 'arm'
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: Timestamp: 2023-06-25 16:32:09.155326060+0800
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: Process uptime: 2s
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: Cmdline: com.~
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: pid: 7247, tid: 7247, name: com. ~ >>> com.~ <<<
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: uid: 10330
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: Abort message: 'JNI DETECTED ERROR IN APPLICATION: GetStringChars received NULL jstring
in call to GetStringChars
from int android.hardware.Camera.native_setup(java.lang.Object, int, java.lang.String)'
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: r0 00000000 r1 00001c4f r2 00000006 r3 ffa20288
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: r4 ffa20298 r5 ffa20280 r6 00001c4f r7 0000016b
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: r8 00000000 r9 ffffffff r10 ffa20288 r11 e7fb5eb4
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: ip 00001c4f sp ffa20268 lr ebfccb37 pc ebfccb4a
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: backtrace:
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #00 pc 00063b4a /apex/com.android.runtime/lib/bionic/libc.so (abort+138) (BuildId: 79262a0e455f0f20f5258286ba5eba30)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #01 pc 00404ae7 /apex/com.android.art/lib/libart.so (art::Runtime::Abort(char const*)+1018) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #02 pc 0000fcbf /apex/com.android.art/lib/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+46) (BuildId: 373512feb6576769e502d4ef74f6d413)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #03 pc 0000f57f /apex/com.android.art/lib/libbase.so (android::base::LogMessage::~LogMessage()+230) (BuildId: 373512feb6576769e502d4ef74f6d413)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #04 pc 0029e5fb /apex/com.android.art/lib/libart.so (art::JavaVMExt::JniAbort(char const*, char const*)+1834) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #05 pc 0029e671 /apex/com.android.art/lib/libart.so (art::JavaVMExt::JniAbortV(char const*, char const*, std::__va_list)+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #06 pc 00293491 /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::ScopedCheck::AbortF(char const*, ...)+40) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #07 pc 00292a0b /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::ScopedCheck::CheckInstance(art::ScopedObjectAccess&, art::(anonymous namespace)::ScopedCheck::InstanceKind, _jobject*, bool)+146) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #08 pc 00291901 /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::ScopedCheck::CheckPossibleHeapValue(art::ScopedObjectAccess&, char, art::(anonymous namespace)::JniValueType)+608) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #09 pc 00291093 /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::ScopedCheck::Check(art::ScopedObjectAccess&, bool, char const*, art::(anonymous namespace)::JniValueType*)+590) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #10 pc 00298841 /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::CheckJNI::GetStringCharsInternal(char const*, _JNIEnv*, _jstring*, unsigned char*, bool, bool)+556) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #11 pc 002890d3 /apex/com.android.art/lib/libart.so (art::(anonymous namespace)::CheckJNI::GetStringChars(_JNIEnv*, _jstring*, unsigned char*) (.llvm.1416632536408479998)+22) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #12 pc 0011f111 /system/lib/libandroid_runtime.so (android_hardware_Camera_native_setup(_JNIEnv*, _jobject*, _jobject*, int, _jstring*)+44) (BuildId: 2b706c35181e2b4a0aa88c7d93ca32f5)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #13 pc 001ae541 /system/framework/arm/boot-framework.oat (art_jni_trampoline+88) (BuildId: f3da7917d13e0db8a465710eb6bb679f0d7ca9e3)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #14 pc 000e1dd5 /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #15 pc 004deebf /apex/com.android.art/lib/libart.so (art_quick_invoke_stub+270) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #16 pc 001348d7 /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+138) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #17 pc 003fd995 /apex/com.android.art/lib/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)4>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int)+904) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #18 pc 0039df29 /apex/com.android.art/lib/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+40) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #19 pc 00092db1 /system/framework/arm/boot.oat (art_jni_trampoline+56) (BuildId: ace044f53a49db959a0ab67948203ce43c6f338c)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #20 pc 000dd9ec /apex/com.android.art/lib/libart.so (nterp_helper+2908) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #21 pc 00a1978a /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (top.canyie.pine.Pine.callBackupMethod+26)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #22 pc 000dcec8 /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #23 pc 00a191cc /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (top.canyie.pine.Pine$CallFrame.invokeOriginalMethod+24)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #24 pc 000dd980 /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #25 pc 00a198ca /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (top.canyie.pine.Pine.handleCall+234)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #26 pc 000dcec8 /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #27 pc 00a1ac90 /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (top.canyie.pine.entry.Arm32Entry.handleBridge+1076)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #28 pc 000dcec8 /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #29 pc 00a1a834 /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (top.canyie.pine.entry.Arm32Entry.intBridge+0)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #30 pc 000de040 /apex/com.android.art/lib/libart.so (nterp_helper+4528) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #31 pc 00486fae /system/framework/framework.jar (android.hardware.Camera.cameraInit+158)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #32 pc 000dd980 /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #33 pc 004871c8 /system/framework/framework.jar (android.hardware.Camera.<init>+136)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #34 pc 000dd980 /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #35 pc 00486a4a /system/framework/framework.jar (android.hardware.Camera.open+42)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #36 pc 000dcec8 /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #37 pc 0075da4c /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.o.JniEngine.testHook+128)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #38 pc 000dcec8 /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #39 pc 0075d632 /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.o.JniEngine.launchEngine+10)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #40 pc 000dd674 /apex/com.android.art/lib/libart.so (nterp_helper+2020) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #41 pc 0072776c /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.c.VClient.bindApplicationNoCheck+1608)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #42 pc 000dd980 /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #43 pc 007270ae /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.c.VClient.bindApplication+238)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #44 pc 000dd980 /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #45 pc 00734532 /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.c.hook.proxies.am.HCallbackStub.handleLaunchActivity+342)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #46 pc 000dd980 /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #47 pc 00734320 /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.c.hook.proxies.am.HCallbackStub.handleExecuteTransaction+160)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #48 pc 000dd980 /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #49 pc 0073480c /data/app/~~6qpzyJOVOZME_-dHvIl9iw==/com.olym.sandboxcqspbwzw-_TlVMOMJyM82ozixOLLvxQ==/oat/arm/base.vdex (com.olym.v.c.hook.proxies.am.HCallbackStub.handleMessage+164)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #50 pc 000de32c /apex/com.android.art/lib/libart.so (nterp_helper+5276) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.355 7324-7324/? A/DEBUG: #51 pc 001c867c /system/framework/framework.jar (android.os.Handler.dispatchMessage+24)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #52 pc 000dd980 /apex/com.android.art/lib/libart.so (nterp_helper+2800) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #53 pc 001eba78 /system/framework/framework.jar (android.os.Looper.loopOnce+364)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #54 pc 000dcec8 /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #55 pc 001ec1a0 /system/framework/framework.jar (android.os.Looper.loop+164)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #56 pc 000dcec8 /apex/com.android.art/lib/libart.so (nterp_helper+56) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #57 pc 001c70de /system/framework/framework.jar (android.app.ActivityThread.main+246)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #58 pc 000e1dd5 /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #59 pc 004defe9 /apex/com.android.art/lib/libart.so (art_quick_invoke_static_stub+260) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #60 pc 001348ff /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+178) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #61 pc 003fd995 /apex/com.android.art/lib/libart.so (_jobject* art::InvokeMethod<(art::PointerSize)4>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int)+904) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #62 pc 0039df29 /apex/com.android.art/lib/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+40) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #63 pc 00092db1 /system/framework/arm/boot.oat (art_jni_trampoline+56) (BuildId: ace044f53a49db959a0ab67948203ce43c6f338c)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #64 pc 000dd9ec /apex/com.android.art/lib/libart.so (nterp_helper+2908) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #65 pc 00413b7e /system/framework/framework.jar (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+22)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #66 pc 006ade41 /system/framework/arm/boot-framework.oat (com.android.internal.os.ZygoteInit.main+2896) (BuildId: f3da7917d13e0db8a465710eb6bb679f0d7ca9e3)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #67 pc 000e1dd5 /apex/com.android.art/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #68 pc 004defe9 /apex/com.android.art/lib/libart.so (art_quick_invoke_static_stub+260) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #69 pc 001348ff /apex/com.android.art/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+178) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #70 pc 003feec1 /apex/com.android.art/lib/libart.so (art::JValue art::InvokeWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+336) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #71 pc 003ff193 /apex/com.android.art/lib/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+42) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #72 pc 00329ed1 /apex/com.android.art/lib/libart.so (art::JNI<true>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+484) (BuildId: b3121501aa7df5485404a9d06a48fa06)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #73 pc 000821f1 /system/lib/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+28) (BuildId: 2b706c35181e2b4a0aa88c7d93ca32f5)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #74 pc 0008b2d5 /system/lib/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+632) (BuildId: 2b706c35181e2b4a0aa88c7d93ca32f5)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #75 pc 00002655 /system/bin/app_process32 (main+1096) (BuildId: ea351c7ae4acd66f472ef9d2083624b7)
2023-06-25 16:32:09.356 7324-7324/? A/DEBUG: #76 pc 0005ce47 /apex/com.android.runtime/lib/bionic/libc.so (__libc_init+54) (BuildId: 79262a0e455f0f20f5258286ba5eba30)
2023-06-25 16:32:09.373 7324-7324/? E/MIUINDBG: miui_native_debug_process_O
2023-06-25 16:32:09.373 7324-7324/? E/MIUINDBG: unable to connect to mqsas native socket
2023-06-25 16:32:09.378 1549-1549/? E/tombstoned: Tombstone written to: tombstone_00```
canyie commented
看起来这个错误和一开始的错误不一样,我怀疑是 ROM bug 或者参数解析方面有问题?把 hook 去掉,只保留循环和循环里面的代码再试试