今年360加固增加了对dex包的加密处理,脱壳出无法解析,请问怎么办,谢谢

While i am trying to dump dynamically loaded dex files i got exception
this is the error log
[Except] - Error: access violation accessing 0x7854600000 at <anonymous> (frida/runtime/core.js:127) at memorydump (/script1.js:110) at apply (native) at <anonymous> (frida/runtime/message-dispatcher.js:13) at c (frida/runtime/message-dispatcher.js:23): {'addr': '0x78545fa880', 'size': 90320} [Except] - Error: access violation accessing 0x7861600000 at <anonymous> (frida/runtime/core.js:127) at memorydump (/script1.js:110) at apply (native) at <anonymous> (frida/runtime/message-dispatcher.js:13) at c (frida/runtime/message-dispatcher.js:23): {'addr': '0x7861543820', 'size': 4618488}

[Except] - Unable to inject into process: 'NoneType' object has no attribute 'pid' in
File "main.py", line 147, in choose
return target.pid, target.identifier

DEVICE: nexus 5X , SYSTEM: 6.0.1 (MMB29K)
CLIENT: 15.1.17, SERVER: frida-server-15.1.17-android-arm64
COMMAND: frida-ps -U
CAUSE: Android UI Crash

error log:
{"type":"error","description":"RangeError: Maximum call stack size exceeded","stack":"RangeError: Maximum call stack size exceeded\n at Proxy.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:722:1)\n at frida/node_modules/frida-java-bridge/lib/class-factory.js:627:1\n at Array.forEach ()\n at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:624:1)\n at CallbackContext. (frida/node_modules/frida-java-bridge/lib/class-factory.js:592:1)\n at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:1058:1)\n at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:580:1)\n at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:964:1)\n at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:547:1)\n at Proxy.sendMessageDelayed.implementation (/internal-agent.js:443:31)","fileName":"frida/node_modules/frida-java-bridge/lib/class-factory.js","lineNumber":722,"columnNumber":1}

Hey. After dumping all .dex from memory and trying to decompile it getting:
#disallowed odex opcode
#iget-object-quick v2, p0, field@0x8
nop
Lot of code like this. Tried to decompile with deodex, not worked too.
How to decompile it?

00 00 00 00 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 70 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 70 00 00 00

[Except] - Unable to inject into process: unexpectedly timed out while waiting for FIFO to establish in
File "/home/kwaiching/.local/lib/python3.8/site-packages/frida/core.py", line 93, in get_frontmost_application
return self._impl.get_frontmost_application()

Then my phone reboot

FRIDA-Dexdump tool does not unpack successfully the following malware and dumps an erroneous DEX file that disassemblers fail to process. It seems there is a checksum issue.

How to reproduce / grab the sample
See this tweet: https://twitter.com/ReBensk/status/1485569424874938371?s=20 and download 53108_Video_Oynatıcı.apk (sha256: 62a313bcf8611205a25850405fdf45c5c207d4755411d1ce26607eeb41581fd7). It is a malware, be cautious, don't install it on a real phone, rather an emulator.

Dump the DEXes

Launch it the app, and try to dump its DEXes with frida-dexdump (I personally needed to attach to its PID, the other ways did not work). You should get 2 DEXs: the main one, and the payload.

com.donkey.fragile$ ls
0x7acff17e401c.dex  0x7acff1a4401c.dex

Now, try and decompile 0x7acff17e401c.dex (sha256: 7b9961dbba9b6fb9522d15ef7169af26e30810989b4bb8b58b40f087896d1956).

Disassembly errors

For instance, head to com.about.across.bot.a.a.
With JADX, you get an error at opening the DEX: "Load failed, Error count: 1" and the following logs:

ERROR - File open error: /workshop/./0x7acff17e401c.dex
jadx.plugins.input.dex.DexException: Bad checksum: 0x73eb147b, expected: 0x6f8eb545
	at jadx.plugins.input.dex.utils.DexCheckSum.verify(DexCheckSum.java:22)
	at jadx.plugins.input.dex.DexFileLoader.checkFileMagic(DexFileLoader.java:57)
	at jadx.plugins.input.dex.DexFileLoader.loadDexFromFile(DexFileLoader.java:40)
	at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
	at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
	at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1384)
	at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
	at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
	at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
	at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:566)
	at jadx.plugins.input.dex.DexFileLoader.collectDexFiles(DexFileLoader.java:35)
	at jadx.plugins.input.dex.DexInputPlugin.loadDexFiles(DexInputPlugin.java:29)
	at jadx.plugins.input.dex.DexInputPlugin.loadFiles(DexInputPlugin.java:25)
	at jadx.api.JadxDecompiler.loadInputFiles(JadxDecompiler.java:126)
	at jadx.api.JadxDecompiler.load(JadxDecompiler.java:111)
	at jadx.gui.JadxWrapper.openFile(JadxWrapper.java:45)
	at jadx.gui.ui.MainWindow.lambda$open$0(MainWindow.java:419)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
INFO  - Loaded classes: 0, methods: 0, instructions: 0

With JEB decompiler you get:

public static void a(Context arg5) {
        // ERROR - The method was not decompiled
        // Cannot decompile method containing odex instructions: Lcom/about/across/bot/a/a;->a(Landroid/content/Context;)V
        // Restore the original dex first, then load it into JEB.
        // Reference: https://www.pnfsoftware.com/jeb/manual/android/#optimized-dex-odex
    }

With baksmali you get:

   aput-object v3, v2, v4

    invoke-static {v0, v2}, Lcom/about/across/bot/e/d;->a(Ljava/lang/String;[Ljava/lang/Object;)V

    invoke-static {p0, v1}, Lcom/about/across/bot/a/a;->a(Landroid/content/Context;Z)V

    #disallowed odex opcode
    #return-void-no-barrier
    nop
.end method

With baksmali + jd-gui, you get:

public class a {
  public static void a(Context paramContext) {
    d.a("!!!!!", new Object[] { "attempt to enable internet" });
    a(paramContext, true);
    throw new VerifyError("bad dex opcode");
  }

I am using latest FRIDA-Dexdump from git and Frida server 15.1.14.

Traceback (most recent call last):
File "main.py", line 8, in
import click
ModuleNotFoundError: No module named 'click'

FRIDA-DEXDump use dump(dexptr, map_offset), but I got an uncorrected dex file. When using dex2jar on it, I got an error:
╰─$ sh d2j-dex2jar.sh 0x7ba1f1f01c.dex
dex2jar 0x7ba1f1f01c.dex -> ./0x7ba1f1f01c-dex2jar.jar
java.lang.IllegalArgumentException: newPosition > limit: (1605878 > 427976)
at java.base/java.nio.Buffer.createPositionException(Buffer.java:318)
at java.base/java.nio.Buffer.position(Buffer.java:293)
at java.base/java.nio.ByteBuffer.position(ByteBuffer.java:1094)
at java.base/java.nio.ByteBuffer.position(ByteBuffer.java:262)
at com.googlecode.d2j.reader.DexFileReader.getString(DexFileReader.java:967)
at com.googlecode.d2j.reader.DexFileReader.getType(DexFileReader.java:981)
at com.googlecode.d2j.reader.DexFileReader.accept(DexFileReader.java:654)
at com.googlecode.d2j.reader.DexFileReader.accept(DexFileReader.java:625)
at com.googlecode.d2j.dex.Dex2jar.doTranslate(Dex2jar.java:88)
at com.googlecode.d2j.dex.Dex2jar.to(Dex2jar.java:280)
at com.googlecode.dex2jar.tools.Dex2jarCmd.doCommandLine(Dex2jarCmd.java:112)
at com.googlecode.dex2jar.tools.BaseCmd.doMain(BaseCmd.java:290)
at com.googlecode.dex2jar.tools.Dex2jarCmd.main(Dex2jarCmd.java:33)
So, I found that the dump size is wrong. After modifying the dump size to fileSize, I got a correct dex file, and successfully run dex2jar on it.

My question is why using map_offset?
and why it can dump correctly when dex_size > map_offset?

360加固头部抹除的无法dump

现在很多壳带反调试，frida附不上。我现在遇到一个厉害的，梆梆的壳。用spawn -f参数都绕不过，打开直接黑屏。大佬有啥好思路一键脱这种壳的dex吗？

frida.PermissionDeniedError: unable to access process with pid 20541 due to system restrictions; try sudo sysctl kernel.yama.ptrace_scope=0, or run Frida as root

是app内部，有检测么

unable to access process with pid 1333 due to system restrictions; try sudo sysctl kernel.yama.ptrace_scope=0, or run Frida as root

怎么解决

只找出一些依赖包的，应用包名下的没有？怎么回事？

尝试用其脱壳，main.py 49行报错
发生异常: RPCException
Error: expected an integer
at frida/runtime/core.js:144
at frida/runtime/message-dispatcher.js:15
at o (frida/runtime/message-dispatcher.js:25)
File "E:\Win_tools\FRIDA-DEXDump-master\main.py", line 49, in
bs = script.exports.memorydump(dex['addr'], dex['size'])

打印 (dex['addr'], dex['size']）发现最后一个[DEXDump]是负值
像这样 addr:-1727442502,size:-1727442502

第一次用Frida，不太明白。求大神解惑。server,core也是最新的

嘿嘿嘿

C:\Users\jin10>objection -g wind.android explore -P C:\Users\kingking\.objection\plugins Using USB device Pixel 2`
Agent injected and responds ok!
[plugin] C:\Users\kingking.objection\plugins\dexdump does not appear to be a valid plugin. Missing init.py
Loaded plugin: wallbreaker

 _   _         _   _

| |||__ | |||__ ___
| . | . | | -| | | | . | |
||| |||| |||||
|___|(object)inject(ion) v1.9.6

 Runtime Mobile Exploration
    by: @leonjza from @sensepost

[tab] for command suggestions
`

on Android Emulator (Google APIs), DEXDump cannot stop the process using the su -c 'cmd' because the su format is su [UID[,GID[,GID2]...]] [COMMAND [ARG...]]

02-08/15:17:00 INFO [DEXDump]: found target [19245] logcat
su: invalid uid/gid '-c'
su: invalid uid/gid '-c'

frida模块不能正常启动的原因还是在于多python环境的环境变量问题,python2和python3都可以成功启动,这里举例python2方法.
1,卸载python2和python3下frida和frida-tools
2,确保运行"python"运行的是python2
-->解决此问题将python2的两个环境变量放在python3的两个环境变量前面,python3记得改名位python3.exe(目录里没有python.exe)
3,重新安装pip,重新安装pip后,pip会自动关联python版本
4,重新安装frida和frida-tools
解决

首先感谢大神这个骨骼惊奇且高效的解决方案。
怀着激动地心情我在真机上进行了测试，用的是没加壳的APK(我觉得没加壳的apk在内存里也有dex结构)。
脱出的dex文件和原dex文件大小一致，但是MD5不用。
进一步发现，脱出来的dex文件转成jar的时候会产生很多错误。
样本：
WiFi ADB Debug Over Air_v3.0.2.apk.zip

测试环境
Nexus 6 （android 5.1）
Nexus 6 （android 7.0）
Google Pixel （android 7.0）

结果均一样。

请问这个方案是只针对加壳的dex才有效吗？还是我的测试环境有问题？
如果方便的话能提供样本apk吗，加壳之前和之后的

谢谢

请问大佬这个报错是什么原因

frida-server_12.0.5
root@ubuntu:~/apktool/FRIDA-DEXDump# python3 main.py [DEXDump]: found target [24720] com.xxx.android.xxxx Traceback (most recent call last): File "main.py", line 46, in <module> matches = script.exports.scandex() File "/usr/local/lib/python3.6/dist-packages/frida/core.py", line 322, in method return script._rpc_request('call', js_name, args) File "/usr/local/lib/python3.6/dist-packages/frida/core.py", line 250, in _rpc_request raise result[2] frida.core.RPCException: Error: missing argument at frida/runtime/core.js:223 at scandex (script1.js:13) at e (frida/runtime/message-dispatcher.js:45) at t (frida/runtime/message-dispatcher.js:24)

After I did dump a package using frida-dexdump command and find new classes, I hooked new classes, but Frida said like "trace class failed Error: java.lang.ClassNotFoundException: Didn't find class "com.priguard.C4510KernelInstance" on path: DexPathList[[zip file "/data/app/com.ui-1/base.apk"],nativeLibraryDirectories=[/data/app/com.ui-1/lib/x86, /data/app/com.ui-1/base.apk!/lib/x86, /system/lib, /vendor/lib]]"

Hook code is:
Java.perform(function (targetClass) {
var hook;
try {
hook = Java.use(targetClass);
} catch (e) {
console.error("trace class failed", e);
return;
}
}

Could anyone help me how to hook to com.priguard.C4510KernelInstance?

环境：frida 15.1.2，对象顺丰速运
在choose函数中target.identifier的值是包名
Application(identifier="com.sf.activity", name="顺丰速运", pid=14246, parameters={})
但是在device.enumerate_processes()中process的name值却是“顺丰速运”，而非包名"com.sf.activity"，导致匹配失败。
建议在choose函数处理如下
if pid is None and pkg is None:
target = device.get_frontmost_application()
pid = target.pid
#return target.pid, target.identifier

frida 的版本 和模拟器安卓版本 推荐一下

frida.InvalidOperationError: script has been destroyed

(frida-dexdump -U -f com.sec.n1book1 -d --sleep 5

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
                                                               __      _     _                 _              _                                                                                   
                                                             / _|_ __(_) __| | __ _        __| | _____  ____| |_   _ _ __ ___  _ __                                                              
                                                            | |_| '__| |/ _` |/ _` |_____ / _` |/ _ \ \/ / _` | | | | '_ ` _ \| '_ \                                                             
                                                            |  _| |  | | (_| | (_| |_____| (_| |  __/>  < (_| | |_| | | | | | | |_) |                                                            
                                                            |_| |_|  |_|\__,_|\__,_|      \__,_|\___/_/\_\__,_|\__,_|_| |_| |_| .__/                                                             
                                                                                                                              |_|                                                                
                                                                              https://github.com/hluwa/frida-dexdump                                                                             
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Spawning `com.sec.n1book1`...                                           
INFO:Agent:DexDumpAgent<Connection(pid=Session(pid=21402), connected:True), attached=True>: Attach.
INFO:frida-dexdump:Waiting 5s...
INFO:frida-dexdump:[+] Searching...
INFO:frida-dexdump:[*] Successful found 12 dex, used 5 time.
INFO:frida-dexdump:[+] Starting dump to '/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1'...
INFO:frida-dexdump:[+] DexMd5=df2b99537b2d11d3074d6fe752a763bb, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes.dex, DexSize=0x2154fc
INFO:frida-dexdump:[+] DexMd5=b0cef7130867f8df4b2612290ef8a639, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes02.dex, DexSize=0x21c000
INFO:frida-dexdump:[+] DexMd5=4d956f9be62251c9b41aec34bdc39ad4, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes03.dex, DexSize=0x77e4
INFO:frida-dexdump:[+] DexMd5=e0ade20e9e8fa40707ca9311ef7471ac, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes04.dex, DexSize=0xc2000
INFO:frida-dexdump:[+] DexMd5=f1771b68f5f9b168b79ff59ae2daabe4, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes05.dex, DexSize=0x11c
INFO:frida-dexdump:[+] DexMd5=f787db82adb852244f53363bef7debc1, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes06.dex, DexSize=0x3e3c2
INFO:frida-dexdump:[+] DexMd5=97b84ab1fdeff52bd3b0dadeab89e7bc, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes07.dex, DexSize=0x180000
ERROR:frida-dexdump:[-] Error: access violation accessing 0xea280000
    at <anonymous> (frida/runtime/core.js:141)
    at memorydump (src/search.ts:41)
    at apply (native)
    at <anonymous> (frida/runtime/message-dispatcher.js:13)
    at c (frida/runtime/message-dispatcher.js:23): {'addr': '0xea2097b0', 'size': 2210360}
Traceback (most recent call last):
  File "/Users/xxx/Desktop/hack/tools/ooo/env/lib/python3.8/site-packages/frida_dexdump/__main__.py", line 81, in dump
    bs = self.agent.memory_dump(dex['addr'], dex['size'])
  File "/Users/xxx/Desktop/hack/tools/ooo/env/lib/python3.8/site-packages/frida_dexdump/agent/__init__.py", line 24, in memory_dump
    return self._rpc.memorydump(base, size)
  File "/Users/xxx/Desktop/hack/tools/ooo/env/lib/python3.8/site-packages/frida/core.py", line 468, in method
    return script._rpc_request('call', js_name, args, **kwargs)
  File "/Users/xxx/Desktop/hack/tools/ooo/env/lib/python3.8/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/Users/xxx/Desktop/hack/tools/ooo/env/lib/python3.8/site-packages/frida/core.py", line 400, in _rpc_request
    raise result[2]
frida.core.RPCException: Error: access violation accessing 0xea280000
    at <anonymous> (frida/runtime/core.js:141)
    at memorydump (src/search.ts:41)
    at apply (native)
    at <anonymous> (frida/runtime/message-dispatcher.js:13)
    at c (frida/runtime/message-dispatcher.js:23)
INFO:frida-dexdump:[+] DexMd5=259b24fa37bd13fc13441551db3dc4a2, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes08.dex, DexSize=0x76850
INFO:frida-dexdump:[*] All done...)

n1book_android1.apk.zip

赶紧更新版本，目前版本太老了，速度。。。

使用葫芦娃本尊教程，测试发现两个问题。

1. su -c在我root过的手机上无法使用，提示invalid option --c，不知道是否为root权限问题，没有其他更多手机做测试了。
2. 获取的代码无法正常打开，提示了错误
   
   成片这样的代码，应该是哪里错误了。

小白提问，不知道我使用错误还是其他问题。

apk: https://www.wandoujia.com/apps/7868176
安装apk后修改脚本:
把get_usb_device替换为get_remote_device (win64)
测试

1. 启动fridaServer.
2. tcp转发
3. python main.py
   [DEXDump]: found target [1596] com.jtjsb.xndwsq [DEXDump]: DexSize=0x6df168, SavePath=./com.jtjsb.xndwsq/0xe208f000.dex [DEXDump]: DexSize=0x23162c, SavePath=./com.jtjsb.xndwsq/0xe276f000.dex [DEXDump]: DexSize=0x11c, SavePath=./com.jtjsb.xndwsq/0xf46ce678.dex [DEXDump]: DexSize=0x1, SavePath=./com.jtjsb.xndwsq/0xf46cf0f8.dex [DEXDump]: DexSize=0x789, SavePath=./com.jtjsb.xndwsq/0xf7531000.dex
4. 去手机对应的data/data/com.jtjsb.xndwsq或者data/app/com.jtjsb.xndwsq无法找到对应的dex
5. 在data目录全局搜 find . -name 0xe208f000.dex 没有对应的结果.

大佬辛苦了.

如图启动frida-server：

然后运行main.py，adb-shell直接就退了出来到夜神模拟器目录

环境是夜神模拟器，frida14.2.2

This is a minor issue.

I have frida-dexdump 2.0.1:

$ pip list | grep dexdump
frida-dexdump  2.0.1

But if I do frida-dexdump --version, it says 15.1.17, which is Frida's version.

The program's help says:

 --version             show program's version number and exit

So, with this comment, I think that we should get 2.0.1. If not, it's just as simple as modifying the help with something like "show Frida's version number and exit"

大佬，我想请教一下，app使用了TracerPid反调试怎样脱壳呢

frida-dexdump 获取到的dex中的类 和 trace method 获取到的类对比，发现dump下来的类缺失。除了利用dexdump这种手段，可以有哪些手段获取下缺失的dex文件呢？

plugin dexdump dump包括：
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ebef4a01c', 'size': 686392}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ec862f01c', 'size': 237732}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ecbd5401c', 'size': 6384772}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ecc6b201c', 'size': 7980312}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7eccee901c', 'size': 9034624}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ecdc9c01c', 'size': 4631576}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ecf7b0028', 'size': 355688}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ecf806d94', 'size': 2436}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ecf807718', 'size': 2436}

[Except] - Error: access violation accessing 0xe7402000
at (frida/runtime/core.js:127)
at memorydump (/script1.js:110)
at apply (native)
at (frida/runtime/message-dispatcher.js:13)
at c (frida/runtime/message-dispatcher.js:23): {'addr': '0xe7323490', 'size': 6680424}
[Except] - Error: access violation accessing 0xe7402000
at (frida/runtime/core.js:127)
at memorydump (/script1.js:110)
at apply (native)
at (frida/runtime/message-dispatcher.js:13)
at c (frida/runtime/message-dispatcher.js:23): {'addr': '0xe7323500', 'size': 7013392}
[Except] - Error: access violation accessing 0xe7402000
at (frida/runtime/core.js:127)
at memorydump (/script1.js:110)
at apply (native)
at (frida/runtime/message-dispatcher.js:13)
at c (frida/runtime/message-dispatcher.js:23): {'addr': '0xe73235e0', 'size': 5704696}

FRIDA-DEXDump-1.0.3
frida version 14.2.18

Spawning xxxxxxxx...
一直保持这个页面是什么情况。。。

[Except] - Unable dump dex: process with pid 2023 either refused to load frida-agent, or terminated during injection in
File "/home/kwaiching/.local/lib/python3.8/site-packages/frida/core.py", line 165, in attach
return Session(self._impl.attach(self._pid_of(target), *args, **kwargs))

[Except] - Unable dump dex: process with pid 2262 either refused to load frida-agent, or terminated during injection in
File "/home/kwaiching/.local/lib/python3.8/site-packages/frida/core.py", line 165, in attach
return Session(self._impl.attach(self._pid_of(target), *args, **kwargs))

The Tool didn't give any runtime loaded DEXs with DexProtector.
Thank you for this Repo.

[Except] - Unable to inject into process: unable to connect to remote frida-server in
File "d:\python\python37\lib\site-packages\frida\core.py", line 101, in enumerate_processes
return self._impl.enumerate_processes()

我是用pip install安装的frida-dexdump然后直接运行frida-dexdump提示上述报错
我检查了下frida-server都是连接正常的，frida-ps -U 也能正常读 ，请问该怎么解决

jadx.plugins.input.dex.DexException: Bad checksum: 0x7d0b2ec3, expected: 0xb39bba93
at jadx.plugins.input.dex.utils.DexCheckSum.verify(DexCheckSum.java:22)
at jadx.plugins.input.dex.DexFileLoader.load(DexFileLoader.java:68)
at jadx.plugins.input.dex.DexFileLoader.loadDexFromFile(DexFileLoader.java:50)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source)
at jadx.plugins.input.dex.DexFileLoader.collectDexFiles(DexFileLoader.java:45)
at jadx.plugins.input.dex.DexInputPlugin.loadFiles(DexInputPlugin.java:34)
at jadx.plugins.input.dex.DexInputPlugin.loadFiles(DexInputPlugin.java:30)
at jadx.api.JadxDecompiler.loadInputFiles(JadxDecompiler.java:130)
at jadx.api.JadxDecompiler.load(JadxDecompiler.java:114)
at jadx.gui.JadxWrapper.openFile(JadxWrapper.java:52)
at jadx.gui.ui.MainWindow.lambda$openFiles$0(MainWindow.java:427)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)

脱出的hex分好几个文件，是需要合并吗？如果需要合并具体怎么操作？
我测试的一个脱出三个hex文件，前两个能打开，最后一个打开啥也没有，但是文件大小有2M.

脱壳招行app，frida报错

[DEXDump]: found target [2940] cmb.pb
Permission denied
[Except] - Unable dump dex: process with pid 2940 either refused to load frida-agent, or ter
minated during injection in
File "C:\Users\xyz\AppData\Roaming\Python\Python37\site-packages\frida\core.py", line
156, in attach
return Session(selfattach(self._pid_of(target), *args, **kwargs))

[Except] - Unable dump dex: Error: missing argument
at frida/runtime/core.js:225
at scandex (/script1.js:117)
at frida/runtime/message-dispatcher.js:45
at o (frida/runtime/message-dispatcher.js:27) in
File "d:\python37\lib\site-packages\frida\core.py", line 333, in _rpc_request
raise result[2]

貌似 python3 main.py 这个命令运行之后，是按照 frida-ps --usb 这个默认命令来的。
我再虚拟机（vmware）上的usb设备无法访问。

所以，想了解下，如何在frida-dexdump 中，为frida-ps 这个命令增加 --host参数。谢谢。
（现在的报错是：unable to connect to remote server）