search

FrenchYeti / interruptor

Human-friendly cross-platform system call tracing and hooking library based on Frida's Stalker
Other
324 stars 45 forks source link

Crash on attempting to trace any application #15

Open casept opened 5 months ago

casept commented 5 months ago

The crash also happens when trying to trace other applications as well. Device is a Moto G8 on stock ROM rooted via Magisk, Android 11. 

$ frida -U --codeshare FrenchYeti/android-arm64-strace -f lv.amberphone.pasazieruvilciens
     ____
    / _  |   Frida 16.1.5 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to moto g 8  (id=ZY2282SCS6)
Spawned `lv.amberphone.pasazieruvilciens`. Resuming main thread!
[moto g 8 ::lv.amberphone.pasazieruvilciens ]-> [LINKER] Loading '/data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so'
[INTERRUPTOR][STARTING] Module '/data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so' is loading, tracer will start
[INTERRUPTOR][STARTING] Tracing thread 11412 []
[STARTING TRACE] UID=0 Thread 11412
Deploying pthread_create hook
0 1
 [TID=11412] [/apex/com.android.runtime/lib64/bionic/libc.so +0x38c]   futex (   word = 0x780fc3de40 ,  op = FUTEX_WAKE_PRIVATE ,  u32 val = 0x7fffffff ,  struct __kernel_timespec *utime = 0x0 ,  u32 *uaddr2 = 0x0 ,  u32 val3[ = 0x0  )    > 0x0
 [TID=11412] [/apex/com.android.runtime/lib64/bionic/libc.so +0x38c]   futex (   word = 0x780fc3de20 ,  op = FUTEX_WAKE_PRIVATE ,  u32 val = 0x7fffffff ,  struct __kernel_timespec *utime = 0x0 ,  u32 *uaddr2 = 0x0 ,  u32 val3[ = 0x0  )    > 0x0
Process crashed: Bad access due to invalid address

***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'motorola/rav_reteu/rav:11/RPJS31.Q4U-47-35-17/4bff0:user/release-keys'
Revision: 'pvt1'
ABI: 'arm64'
Timestamp: 2024-04-21 13:04:08+0200
pid: 11412, tid: 11412, name: sazieruvilciens  >>> lv.amberphone.pasazieruvilciens <<<
uid: 10252
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x8
Cause: null pointer dereference
    x0  0000007fe8cd7038  x1  0000000000000006  x2  0000007831111bc0  x3  0000007fe8cd6fb0
    x4  0000007fe8cd6fa0  x5  0000007882848280  x6  000000780fc3f1f0  x7  0000007fe8cd72f8
    x8  0000000000000000  x9  0000000000000000  x10 000000000000062b  x11 0000000000000001
    x12 000000780fc3e510  x13 48646e4a362d736e  x14 0000000000000000  x15 000000780fafa43c
    x16 0000000000000001  x17 0000000000000000  x18 0000007b27098000  x19 0000000000000000
    x20 0000007fe8cd7038  x21 000000780fc25000  x22 000000780fc25000  x23 000000780fc25000
    x24 00000000ffffffff  x25 000000780fc3d2f8  x26 000000780fc12fd0  x27 0000007b24405d50
    x28 000000780fc3d2f8  x29 0000007fe8cd7010
    lr  000000780faf99fc  sp  0000007fe8cd7010  pc  000000787eb960d8  pst 0000000080000000
backtrace:
      #00 pc 000000000001a0d8  <anonymous:787eb7c000>
      #01 pc 000000000031d9f8  /data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so!librealm-jni.so (offset 0x319000) (BuildId: 00148e37ca2d0eb9a73ff48909a15a181c3134eb)
      #02 pc 000000000031d9f8  /data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so!librealm-jni.so (offset 0x319000) (BuildId: 00148e37ca2d0eb9a73ff48909a15a181c3134eb)
      #03 pc 000000000031df78  /data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so!librealm-jni.so (offset 0x319000) (BuildId: 00148e37ca2d0eb9a73ff48909a15a181c3134eb)
      #04 pc 00000000000915ec  /data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so!librealm-jni.so (offset 0x8f000) (BuildId: 00148e37ca2d0eb9a73ff48909a15a181c3134eb)
      #05 pc 000000000004a0f0  /apex/com.android.runtime/bin/linker64!ld-android.so (offset 0x49000) (__dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5_+284) (BuildId: f973854810260f3568df23436074dee3)
      #06 pc 000000000004a2f0  /apex/com.android.runtime/bin/linker64!ld-android.so (offset 0x49000) (__dl__ZN6soinfo17call_constructorsEv+380) (BuildId: f973854810260f3568df23436074dee3)
      #07 pc 0000000000000e08  <anonymous:7b27f59000>
***
[moto g 8 ::lv.amberphone.pasazieruvilciens ]->

Thank you for using Frida!