rovo89/XposedBridge

Method.invoke crash in Android 7.0-7.1

SaricVr opened this issue · 0 comments

Calling "XposedBridge.hookMethod" to hook "java.lang.reflect.Method.invoke" causes a crash in the Genymotion emulator with Android 7.0-7.1. The log is the following:

04-22 05:09:52.953 1517-1517/? A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0xfffe6f48 in tid 1517 (re-initialized>)
04-22 05:09:53.013 1531-1531/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'Android/vbox86p/vbox86p:7.1.1/NMF26Q/25:userdebug/test-keys'
Revision: '0'
ABI: 'x86'
pid: 1517, tid: 1517, name: re-initialized> >>> <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xfffe6f48
eax ffcbd438 ebx e647bb68 ecx fffe6f48 edx e647bb68
esi fffe6f48 edi ffcbd490
xcs 00000023 xds 0000002b xes 0000002b xfs 0000006b xss 0000002b
eip e60eee62 ebp ffcbd348 esp ffcbd330 flags 00010286
04-22 05:09:53.014 1531-1531/? A/DEBUG: backtrace:
#00 pc 003bee62 /system/lib/libart.so (_ZN3art16CodeInfoEncodingC2EPKv+18)
#1 pc 0053f0d9 /system/lib/libart.so (_ZN3art12StackVisitor9WalkStackEb+297)
#2 pc 00115cb2 /system/lib/libart.so (_ZN3artL43StackReplaceMethodAndInstallInstrumentationEPNS_6ThreadEPv+114)
#3 pc 0056948f /system/lib/libart.so (ZN3art10ThreadList7ForEachEPFvPNS_6ThreadEPvES3+63)
#4 pc 001158a2 /system/lib/libart.so (_ZN3art9ArtMethod16EnableXposedHookERNS_18ScopedObjectAccessEP8_jobject+834)
#5 pc 000047ee /system/lib/libxposed_art.so (ZN6xposed29XposedBridge_hookMethodNativeEP7_JNIEnvP7_jclassP8_jobjectS5_iS5+910)
#6 pc 000757e4 /data/dalvik-cache/x86/system@framework@XposedBridge.jar@classes.dex (offset 0x62000)

This problem does not occur in Genymotion with Android 6.0 and lower. I guess that the massive work Xposed is doing to deal with ART changes in Nougat may be causing the crash, and maybe there is nothing that can be done about it (other than avoid to hook "invoke").

Now I do understand that hooking "invoke" can be dangerous by itself. However I'm studying obfuscators and packers so such method is crucial for the analysis. I'm interested in knowing if there are any hopes or if I should just give up on "invoke" (or just stick to 6.0 for the moment).

Thanks