Comments (5)
hnyaoqingping
commented on July 23, 2024
估计这个库只是用于ios, 对android没做测试.
from dobby.
jmpews
commented on July 23, 2024
华为真机?
hnyaoqingping <[email protected]> 于2019年9月17日周二 下午3:40写道:
… 估计这个库只是用于ios, 对android没做测试.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#60>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABDSANLBZ3XT7KIF6YA4RR3QKCCXLANCNFSM4IGWUT7A>
.
from dobby.
0n1y3nd
commented on July 23, 2024
我今天用最新版测试了下,还是有问题。
设备信息:pixel2,android Q
尝试hook libc的free函数,(代码在6.0版本上运行成功)
崩溃信息:
华为真机? hnyaoqingping [email protected] 于2019年9月17日周二 下午3:40写道:
…
估计这个库只是用于ios, 对android没做测试. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#60?email_source=notifications&email_token=ABDSANIERDVTLP6WQIDIZL3QKCCXLA5CNFSM4IGWUT7KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD63TV5I#issuecomment-532101877>, or mute the thread https://github.com/notifications/unsubscribe-auth/ABDSANLBZ3XT7KIF6YA4RR3QKCCXLANCNFSM4IGWUT7A .
from dobby.
foundkey
commented on July 23, 2024
Mix 2s(Android 9) 同样是这个问题,测试代码:
int (*origin_remove)(const char *path);
int fake_remove(const char *path) {
__android_log_print(ANDROID_LOG_DEBUG, "hook remove", "arg: %s", path);
return origin_remove(path);
}
extern "C"
JNIEXPORT void JNICALL
Java_com_example_hookzzdemo_MainActivity_startHook(JNIEnv *env, jobject thiz) {
__android_log_print(ANDROID_LOG_DEBUG, "hook begin", "remove(): %p", fake_remove);
int result = ZzReplace((void *)remove, (void *)fake_remove, (void **)&origin_remove);
__android_log_print(ANDROID_LOG_DEBUG, "hook begin", "result: %d", result);
}
crash dump:
2019-11-07 18:17:23.352 9683-9683/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2019-11-07 18:17:23.352 9683-9683/? A/DEBUG: Build fingerprint: 'Xiaomi/polaris/polaris:9/PKQ1.180729.001/9.5.17:user/release-keys'
2019-11-07 18:17:23.352 9683-9683/? A/DEBUG: Revision: '0'
2019-11-07 18:17:23.352 9683-9683/? A/DEBUG: ABI: 'arm64'
2019-11-07 18:17:23.352 9683-9683/? A/DEBUG: pid: 9625, tid: 9625, name: mple.hookzzdemo >>> com.example.hookzzdemo <<<
2019-11-07 18:17:23.352 9683-9683/? A/DEBUG: signal 7 (SIGBUS), code 1 (BUS_ADRALN), fault addr 0x1f022058000011
2019-11-07 18:17:23.352 9683-9683/? A/DEBUG: x0 0000006f56aa9000 x1 0000007fdaf8d060 x2 0000000000000000 x3 0000006f5d31fd86
2019-11-07 18:17:23.352 9683-9683/? A/DEBUG: x4 0000007fdaf8d048 x5 0000000000000000 x6 60694b16ff3a666d x7 7f7f7f7f7f7f7f7f
2019-11-07 18:17:23.352 9683-9683/? A/DEBUG: x8 4bfcf13cb68351a7 x9 4bfcf13cb68351a7 x10 0000000000430000 x11 0000000000000004
2019-11-07 18:17:23.352 9683-9683/? A/DEBUG: x12 0000006f5da0d688 x13 0000006f5d30d8c0 x14 0000006f5d30d920 x15 0000000000000000
2019-11-07 18:17:23.352 9683-9683/? A/DEBUG: x16 0000006f57894430 x17 d61f022058000011 x18 0000000000000008 x19 0000006f5dae8460
2019-11-07 18:17:23.352 9683-9683/? A/DEBUG: x20 0000000000000075 x21 0000006f56aa9000 x22 0000007fdaf8d400 x23 0000000072c3e6df
2019-11-07 18:17:23.353 9683-9683/? A/DEBUG: x24 0000000000000008 x25 0000006fe33955e0 x26 0000006f5da14ca0 x27 0000000000000002
2019-11-07 18:17:23.353 9683-9683/? A/DEBUG: x28 0000000000000001 x29 0000007fdaf8d130
2019-11-07 18:17:23.353 9683-9683/? A/DEBUG: sp 0000007fdaf8d110 lr 0000006f57864974 pc 001f022058000011
2019-11-07 18:17:23.489 743-743/? V/DisplayFeatureHal: dataCallback value=< 227.9070, 0.0000, 0.0000>,time=1729048902288455, sensor=5, temperature(K)= 0.0000
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: backtrace:
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #00 pc 001f022058000011 <unknown>
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #01 pc 000000000001f970 /system/lib64/libopenjdk.so (Java_java_io_UnixFileSystem_delete0+92)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #02 pc 0000000000317df8 /system/framework/arm64/boot-core-oj.oat (offset 0x2dc000) (java.lang.invoke.VarHandle.compareAndSet [DEDUPED]+152)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #03 pc 000000000055c988 /system/lib64/libart.so (art_quick_invoke_stub+584)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #04 pc 00000000000d0520 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #05 pc 0000000000280b90 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #06 pc 000000000027aba4 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+968)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #07 pc 000000000052d684 /system/lib64/libart.so (MterpInvokeDirect+296)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #08 pc 000000000054f194 /system/lib64/libart.so (ExecuteMterpImpl+14484)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #09 pc 00000000000cae74 /system/framework/boot-core-oj.vdex (java.io.UnixFileSystem.delete+34)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #10 pc 00000000002548a8 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #11 pc 000000000025a39c /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #12 pc 000000000027ab88 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #13 pc 000000000052c344 /system/lib64/libart.so (MterpInvokeVirtual+588)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #14 pc 000000000054f094 /system/lib64/libart.so (ExecuteMterpImpl+14228)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #15 pc 00000000000bc510 /system/framework/boot-core-oj.vdex (java.io.File.delete+42)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #16 pc 00000000002548a8 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #17 pc 000000000025a39c /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #18 pc 000000000027ab88 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #19 pc 000000000052c344 /system/lib64/libart.so (MterpInvokeVirtual+588)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #20 pc 000000000054f094 /system/lib64/libart.so (ExecuteMterpImpl+14228)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #21 pc 000000000011dc34 /dev/ashmem/dalvik-classes.dex extracted in memory from /data/app/com.example.hookzzdemo-wKbAarXpsOZJ9MVghjn0pg==/base.apk (deleted) (com.example.hookzzdemo.MainActivity$1.onClick+32)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #22 pc 00000000002548a8 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #23 pc 000000000025a39c /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #24 pc 000000000027ab88 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #25 pc 000000000052d2c0 /system/lib64/libart.so (MterpInvokeInterface+1392)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #26 pc 000000000054f294 /system/lib64/libart.so (ExecuteMterpImpl+14740)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #27 pc 0000000000d5d2fe /system/framework/boot-framework.vdex (android.view.View.performClick+34)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #28 pc 00000000002548a8 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #29 pc 000000000025a39c /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #30 pc 000000000027ab88 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #31 pc 000000000052c344 /system/lib64/libart.so (MterpInvokeVirtual+588)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #32 pc 000000000054f094 /system/lib64/libart.so (ExecuteMterpImpl+14228)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #33 pc 0000000000d5d324 /system/framework/boot-framework.vdex (android.view.View.performClickInternal+6)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #34 pc 00000000002548a8 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #35 pc 000000000025a39c /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #36 pc 000000000027ab88 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #37 pc 000000000052d684 /system/lib64/libart.so (MterpInvokeDirect+296)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #38 pc 000000000054f194 /system/lib64/libart.so (ExecuteMterpImpl+14484)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #39 pc 0000000000d59af8 /system/framework/boot-framework.vdex (android.view.View.access$3100)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #40 pc 00000000002548a8 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #41 pc 000000000025a39c /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #42 pc 000000000027ab88 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #43 pc 000000000052d848 /system/lib64/libart.so (MterpInvokeStatic+204)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #44 pc 000000000054f214 /system/lib64/libart.so (ExecuteMterpImpl+14612)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #45 pc 0000000000d3f544 /system/framework/boot-framework.vdex (android.view.View$PerformClick.run+4)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #46 pc 00000000002548a8 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #47 pc 000000000025a39c /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #48 pc 000000000027ab88 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #49 pc 000000000052d2c0 /system/lib64/libart.so (MterpInvokeInterface+1392)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #50 pc 000000000054f294 /system/lib64/libart.so (ExecuteMterpImpl+14740)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #51 pc 0000000000bb85b2 /system/framework/boot-framework.vdex (android.os.Handler.handleCallback+4)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #52 pc 00000000002548a8 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #53 pc 000000000025a39c /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #54 pc 000000000027ab88 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #55 pc 000000000052d848 /system/lib64/libart.so (MterpInvokeStatic+204)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #56 pc 000000000054f214 /system/lib64/libart.so (ExecuteMterpImpl+14612)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #57 pc 0000000000bb843c /system/framework/boot-framework.vdex (android.os.Handler.dispatchMessage+8)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #58 pc 00000000002548a8 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #59 pc 000000000025a39c /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #60 pc 000000000027ab88 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #61 pc 000000000052c344 /system/lib64/libart.so (MterpInvokeVirtual+588)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #62 pc 000000000054f094 /system/lib64/libart.so (ExecuteMterpImpl+14228)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #63 pc 0000000000bcaf8c /system/framework/boot-framework.vdex (android.os.Looper.loop+422)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #64 pc 00000000002548a8 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #65 pc 000000000025a39c /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #66 pc 000000000027ab88 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #67 pc 000000000052d848 /system/lib64/libart.so (MterpInvokeStatic+204)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #68 pc 000000000054f214 /system/lib64/libart.so (ExecuteMterpImpl+14612)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #69 pc 0000000000426862 /system/framework/boot-framework.vdex (android.app.ActivityThread.main+214)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #70 pc 00000000002548a8 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #71 pc 000000000051cbf8 /system/lib64/libart.so (artQuickToInterpreterBridge+1020)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #72 pc 0000000000565afc /system/lib64/libart.so (art_quick_to_interpreter_bridge+92)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #73 pc 000000000055cc4c /system/lib64/libart.so (art_quick_invoke_static_stub+604)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #74 pc 00000000000d0540 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #75 pc 000000000045f2bc /system/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #76 pc 0000000000460d10 /system/lib64/libart.so (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+1440)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #77 pc 00000000003f072c /system/lib64/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+52)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #78 pc 000000000078eed4 /system/framework/arm64/boot-core-oj.oat (offset 0x2dc000) (java.lang.Class.getDeclaredMethodInternal [DEDUPED]+180)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #79 pc 000000000055c988 /system/lib64/libart.so (art_quick_invoke_stub+584)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #80 pc 00000000000d0520 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #81 pc 0000000000280b90 /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
2019-11-07 18:17:23.567 9683-9683/? A/DEBUG: #82 pc 000000000027aba4 /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+968)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #83 pc 000000000052c344 /system/lib64/libart.so (MterpInvokeVirtual+588)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #84 pc 000000000054f094 /system/lib64/libart.so (ExecuteMterpImpl+14228)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #85 pc 000000000128e9e8 /system/framework/boot-framework.vdex (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+22)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #86 pc 00000000002548a8 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.223931584+488)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #87 pc 000000000051cbf8 /system/lib64/libart.so (artQuickToInterpreterBridge+1020)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #88 pc 0000000000565afc /system/lib64/libart.so (art_quick_to_interpreter_bridge+92)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #89 pc 00000000024790ac /system/framework/arm64/boot-framework.oat (offset 0xa37000) (com.android.internal.os.ZygoteInit.main+2172)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #90 pc 000000000055cc4c /system/lib64/libart.so (art_quick_invoke_static_stub+604)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #91 pc 00000000000d0540 /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #92 pc 000000000045f2bc /system/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #93 pc 000000000045ef1c /system/lib64/libart.so (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+424)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #94 pc 0000000000363440 /system/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+652)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #95 pc 00000000000bf6c4 /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+120)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #96 pc 00000000000c21f0 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+928)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #97 pc 0000000000002304 /system/bin/app_process64 (main+1392)
2019-11-07 18:17:23.568 9683-9683/? A/DEBUG: #98 pc 00000000000acec0 /system/lib64/libc.so (offset 0x7d000) (__libc_init+88)
from dobby.
foundkey
commented on July 23, 2024
@0n1y3nd
找到问题了,
/HookZz/srcxx/core/modules/codegen/codegen-arm64.cc的CodeGen::LiteralLdrBranch()方法中,使用了PseudoLabel生成patch字节码。PseudoLabel会在bind时,修复bind前相关的ldr指令, 见TurboAssembler::PseudoBind():
void PseudoBind(PseudoLabel *label) {
const addr_t bound_pc = buffer_->getSize();
label->bind_to(bound_pc);
// If some instructions have been wrote, before the label bound, we need link these `confused` instructions
if (label->has_confused_instructions()) {
label->link_confused_instructions(reinterpret_cast<CodeBuffer *>(this->GetCodeBuffer()));
}
}
在PseudoLabel::link_confused_instructions()方法中执行修复操作:
PseudoLabelInstruction *instruction;
LiteCollectionIterator *iter = LiteCollectionIterator::withCollection(&instructions_);
while ((instruction = reinterpret_cast<PseudoLabelInstruction *>(iter->getNextObject())) != NULL) {
//...
}
这里会使用迭代器遍历需要修复的指令,问题就出在这里。迭代器初始化有问题,导致无法访问元素,修复循环无法被执行。
查看迭代器初始化代码:
bool LiteCollectionIterator::initWithCollection(const LiteCollection *inCollection) {
collection = inCollection;
innerIterator = 0;
// 这里申请了迭代器内存,但是未初始化。
int *iterIndexPtr = (int *)LiteMemOpt::alloc(sizeof(int));
innerIterator = (void *)iterIndexPtr;
return true;
}
使用容器提供的初始化方法,初始化迭代器:
inCollection->initIterator(innerIterator);
from dobby.
Related Issues (20)
- release file `arm64/libdobby.so` has an incorrect arch caused by mistake in cmake file
- 遍历查询符号时, 非so后缀结尾ELF文件崩溃
- built-in plugin ImportTableReplace cannot be enabled with compile parameter '-DPlugin.ImportTableReplace=ON' HOT 1
- report a problem with the instruction fix
- hook x86_64, crash
- hook一个get_text函数,arm32正常,arm64 奔溃
- `DobbySymbolResolver` cannot find function address
- A compile error on Windows (building for Android) HOT 1
- iOS 16.5 hook unvalid
- Is `DOBBY_GENERATE_SHARED` still recognized?
- fatal error: 'core/arch/Cpu.h' file not found HOT 3
- DOBBY_GENERATE_SHARED配置后不起作用 HOT 2
- iOS error
- How to find out which app is using Dobby?
- closure_bridge_template LR 寄存器保存错误
- 最新master分支hook memcpy crash
- error: unknown type name 'DBICallTy' HOT 2
- Thread 1: EXC_BAD_ACCESS (code=1, address=0x0) HOT 1
- 编译Mac库时报错 HOT 3
- Can't compile latest version on Android Studio HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dobby.