search

LSPosed / LSPlant

A hook framework for Android Runtime (ART)
https://lsposed.org/LSPlant/
GNU Lesser General Public License v3.0
861 stars 210 forks source link

App crashes when debugger is attached #27

Closed ibradwan closed 2 years ago

ibradwan commented 2 years ago

Hi there,

Thanks for providing and maintaining this awesome library. I'm currently building a testing app to test the library and it works fine as long as there is no attached debugger. When I attach a debugger, I get this error message, and the app crashes:

A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xfffffffe01864cb8 in tid 22089 (JDWP Transport )

A stack trace if that would be helpful:

art_sigsegv_fault 0x0000006e34a7d0a0
art::FaultManager::HandleFault(int, siginfo*, void*) 0x0000006e34a7d5d4
art::SignalChain::Handler(int, siginfo*, void*) 0x0000005af6fc7ea0
<unknown> 0x00000070cb6a58b0
unsigned long art::jni::JniIdManager::EncodeGenericId<art::ArtMethod>(art::ReflectiveHandle<art::ArtMethod>) 0x0000006e34bd6b3c
art::jni::JniIdManager::EncodeMethodId(art::ArtMethod*) 0x0000006e34bd65f8
openjdkjvmti::ClassUtil::GetClassMethods(_jvmtiEnv*, _jclass*, int*, _jmethodID***) 0x0000006dcd267088
methods1 0x0000006dcd1cff88
methodsWithGeneric 0x0000006dcd1cf8a0
debugLoop_run 0x0000006dcd1db420
acceptThread 0x0000006dcd1ee6ac
openjdkjvmti::AgentCallback(void*) 0x0000006dcd2e5f54
__pthread_start(void*) 0x00000070c6f7475c
__start_thread 0x00000070c6f14154

I'm using this version: org.lsposed.lsplant:lsplant-standalone:5.0 and testing on a Pixel 2XL running Android 11. I would appreciate it if you give me any hints to overcome this issue.

Regards.

yujincheng08 commented 2 years ago

Looks like it's your native hooker's issue:

https://github.com/LSPosed/LSPlant/blob/cf9b95f6d6d00119b9cebfd1d3e29c3ab77ad9fb/lsplant/src/main/jni/art/runtime/jni/jni_id_manager.h#L12

We hooked EncodeMethodId for debug apps and in your stacktrace this hook crashes.

ibradwan commented 2 years ago

So do you have any suggestions or workarounds to overcome this issue?

yujincheng08 commented 2 years ago
  1. change ur native hooker
  2. dont use debugger
ibradwan commented 2 years ago

Sorry but can you elaborate more about changing the native hooker? All I did was mimic what you did in the provided test in a POC app without changing anything. Should not this work out of the box?

yujincheng08 commented 2 years ago

It should. But I only tested with LSPosed which works with a debugger attached.