search

Perfare / Zygisk-Il2CppDumper

Using Zygisk to dump il2cpp data at runtime
MIT License
2.15k stars 5.3k forks source link

DYHook 之后就奔溃了 #50

Closed daaoling closed 2 years ago

daaoling commented 3 years ago

04-23 21:25:53.494 11782 11793 I Perfare : loader_dlopen at: 0x7134adb190 04-23 21:25:53.494 11782 11793 I Dobby : [] [DobbyHook] Initialize at 0x7134adb190 04-23 21:25:53.494 11782 11793 I Dobby : [] ================ FunctionInlineReplaceRouting Start ================ 04-23 21:25:53.494 11782 11793 I Dobby : [] [trampoline] Generate trampoline buffer 0x7134adb190 -> 0x6e96225400 04-23 21:25:53.494 11782 11793 I Dobby : [] [insn relocate] origin 0x7134adb190 - 16 04-23 21:25:53.494 11782 11793 I Dobby : [] [insn relocate] relocated 0x71332a0000 - 56 04-23 21:25:53.494 11782 11793 I Dobby : [] [intercept routing] Active patch 0x7134adb190 04-23 21:25:53.494 11782 11793 I Dobby : [*] ================ FunctionInlineReplaceRouting End ================ 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> send_audio_cal, acdb_id = 513, path = 0, app id = 0x11130, sample rate = 48000 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> send_asm_topology 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> ACDB_CMD_GET_AUDPROC_STREAM_TOPOLOGY_ID 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> send_adm_topology 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> ACDB_CMD_GET_AUDPROC_COMMON_TOPOLOGY_ID 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> send_audtable 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> ACDB_CMD_GET_AUDPROC_COMMON_TABLE_SIZE 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> ACDB_CMD_GET_AUDPROC_COMMON_TABLE 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> AUDIO_SET_AUDPROC_CAL 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> send_audvoltable 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> ACDB_CMD_GET_AUDPROC_VOL_STEP_TABLE_SIZE 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> ACDB_CMD_GET_AUDPROC_GAIN_DEP_STEP_TABLE, vol index 0 04-23 21:25:53.500 1019 4256 D android.hardware.audio.service: Failed to fetch the lookup information of the device 00000201 04-23 21:25:53.500 1019 4256 E ACDB-LOADER: Error: ACDB AudProc vol returned = -19 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> AUDIO_SET_VOL_CAL cal type = 12 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> ACDB_CMD_GET_AUDPROC_STREAM_TABLE_SIZE 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> send_audstrmtable 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> ACDB_CMD_GET_AUDPROC_STREAM_TABLE_V2 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> audstrm_cal->cal_type.cal_data.cal_size = 456 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> send_afe_topology 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> ACDB_CMD_GET_AFE_TOPOLOGY_ID 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> GET_AFE_TOPOLOGY_ID for adcd_id 513, Topology Id 10000ccc 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> send_afe_cal 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> ACDB_CMD_GET_AFE_COMMON_TABLE_SIZE 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> ACDB_CMD_GET_AFE_COMMON_TABLE 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> AUDIO_SET_AFE_CAL 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> send_hw_delay : acdb_id = 513 path = 0 04-23 21:25:53.500 1019 4256 D ACDB-LOADER: ACDB -> ACDB_AVSYNC_INFO: ACDB_CMD_GET_DEVICE_PROPERTY 04-23 21:25:53.500 1019 4256 D audio_hw_primary: enable_audio_route: usecase(1) apply and update mixer path: low-latency-playback speaker 04-23 21:25:53.500 1019 4256 D audio_route: Apply path: low-latency-playback speaker 04-23 21:25:53.511 11782 11782 D ApplicationLoaders: Returning zygote-cached class loader: /system/framework/android.test.base.jar 04-23 21:25:53.515 11782 11782 F libc : Fatal signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0x7134adb19c in tid 11782 (com.xf.local), pid 11782 (com.xf.local) 04-23 21:25:53.546 11806 11806 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone 04-23 21:25:53.548 983 983 I tombstoned: received crash request for pid 11782 04-23 21:25:53.548 11806 11806 I crash_dump64: performing dump of process 11782 (target tid = 11782) 04-23 21:25:53.549 1019 4256 D audio_hw_primary: out_write: retry previous failed cal level set 04-23 21:25:53.553 11806 11806 F DEBUG : 04-23 21:25:53.553 11806 11806 F DEBUG : Build fingerprint: 'google/blueline/blueline:11/RP1A.201105.002/6869500:user/release-keys' 04-23 21:25:53.553 11806 11806 F DEBUG : Revision: 'MP1.0' 04-23 21:25:53.553 11806 11806 F DEBUG : ABI: 'arm64' 04-23 21:25:53.554 11806 11806 F DEBUG : Timestamp: 2021-04-23 21:25:53+0800 04-23 21:25:53.554 11806 11806 F DEBUG : pid: 11782, tid: 11782, name: com.xf.local >>> com.xf.local <<< 04-23 21:25:53.554 11806 11806 F DEBUG : uid: 10217 04-23 21:25:53.554 11806 11806 F DEBUG : signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0x7134adb19c (*pc=0x00006e) 04-23 21:25:53.554 11806 11806 F DEBUG : x0 fc767ebe1b06b24b x1 0000007ffc649fd1 x2 0000000000000000 x3 0000006e9e1750d0 04-23 21:25:53.554 11806 11806 F DEBUG : x4 0000000000000010 x5 000000713393bff4 x6 70612f617461642f x7 33754c377e7e2f70 04-23 21:25:53.554 11806 11806 F DEBUG : x8 000000000000000e x9 0000000000000000 x10 0000000000000007 x11 0000000000000070 04-23 21:25:53.554 11806 11806 F DEBUG : x12 0000000000000000 x13 7043484f7a48764c x14 0000000000000000 x15 005891870830db1f 04-23 21:25:53.554 11806 11806 F DEBUG : x16 000000713160d140 x17 0000007134adb274 x18 0000007134232000 x19 0000007ffc649ff0 04-23 21:25:53.554 11806 11806 F DEBUG : x20 0000007ffc64a128 x21 0000006f5e3b24b0 x22 0000007133944000 x23 0000000000000000 04-23 21:25:53.554 11806 11806 F DEBUG : x24 0000007ffc64a128 x25 0000000000000000 x26 0000007ffc64a110 x27 0000006f5e3b24b0 04-23 21:25:53.554 11806 11806 F DEBUG : x28 0000000000000001 x29 0000007ffc649fa0 04-23 21:25:53.554 11806 11806 F DEBUG : lr 000000713160c050 sp 0000007ffc649fa0 pc 0000007134adb19c pst 0000000040000000 04-23 21:25:53.645 11806 11806 F DEBUG : backtrace: 04-23 21:25:53.645 11806 11806 F DEBUG : #00 pc 000000000003119c /apex/com.android.runtime/bin/linker64 (dlZ10dlsym_implPvPKcS1_PKv) (BuildId: 3616c064c2d540887bd8b30030a981de) 04-23 21:25:53.645 11806 11806 F DEBUG : #01 pc 000000000000104c /apex/com.android.runtime/lib64/bionic/libdl.so (dlsym+12) (BuildId: 0ef8b9fd3ba84892809321b735317a50) 04-23 21:25:53.645 11806 11806 F DEBUG : #02 pc 00000000004e50cc /apex/com.android.art/lib64/libart.so (art::DlOpenOatFile::FindDynamicSymbolAddress(std::1::basic_string<char, std::1::char_traits, std::1::allocator > const&, std::1::basic_string<char, std::1::char_traits, std::1::allocator >*) const+36) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.645 11806 11806 F DEBUG : #03 pc 00000000004dd910 /apex/com.android.art/lib64/libart.so (art::OatFileBase::ComputeFields(std::1::basic_string<char, std::1::char_traits, std::1::allocator > const&, std::1::basic_string<char, std::1::char_traits, std::1::allocator >*)+108) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.645 11806 11806 F DEBUG : #04 pc 00000000004e1564 /apex/com.android.art/lib64/libart.so (art::OatFile::Open(int, std::1::basic_string<char, std::1::char_traits, std::1::allocator > const&, std::1::basic_string<char, std::1::char_traits, std::1::allocator > const&, bool, bool, art::ArrayRef<std::1::basic_string<char, std::1::char_traits, std::1::allocator > const>, art::MemMap*, std::1::basic_string<char, std::1::char_traits, std::1::allocator >)+420) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.645 11806 11806 F DEBUG : #05 pc 00000000004e7d78 /apex/com.android.art/lib64/libart.so (art::OatFileAssistant::OatFileInfo::GetFile()+696) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.645 11806 11806 F DEBUG : #06 pc 00000000004e7038 /apex/com.android.art/lib64/libart.so (art::OatFileAssistant::OatFileInfo::Status()+76) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.645 11806 11806 F DEBUG : #07 pc 00000000004e6ea8 /apex/com.android.art/lib64/libart.so (art::OatFileAssistant::GetBestInfo()+124) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.645 11806 11806 F DEBUG : #08 pc 00000000004e740c /apex/com.android.art/lib64/libart.so (art::OatFileAssistant::GetBestOatFile()+16) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.645 11806 11806 F DEBUG : #09 pc 00000000004ec944 /apex/com.android.art/lib64/libart.so (art::OatFileManager::OpenDexFilesFromOat(char const, _jobject, _jobjectArray, art::OatFile const**, std::1::vector<std::1::basic_string<char, std::__1::char_traits, std::1::allocator >, std::1::allocator<std::1::basic_string<char, std::1::char_traits, std::1::allocator > > >)+292) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.645 11806 11806 F DEBUG : #10 pc 00000000004a0718 /apex/com.android.art/lib64/libart.so (art::DexFile_openDexFileNative(_JNIEnv, _jclass, _jstring, _jstring, int, _jobject, _jobjectArray)+144) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.645 11806 11806 F DEBUG : #11 pc 0000000000010a88 /apex/com.android.art/javalib/arm64/boot-core-libart.oat (art_jni_trampoline+264) (BuildId: cece53e2a9cb15fd6f4352063958474b93a4610d) 04-23 21:25:53.645 11806 11806 F DEBUG : #12 pc 000000000001f584 /apex/com.android.art/javalib/arm64/boot-core-libart.oat (dalvik.system.DexFile.openDexFile+244) (BuildId: cece53e2a9cb15fd6f4352063958474b93a4610d) 04-23 21:25:53.645 11806 11806 F DEBUG : #13 pc 00000000000213a0 /apex/com.android.art/javalib/arm64/boot-core-libart.oat (dalvik.system.DexPathList.makeDexElements+784) (BuildId: cece53e2a9cb15fd6f4352063958474b93a4610d) 04-23 21:25:53.645 11806 11806 F DEBUG : #14 pc 0000000000020b78 /apex/com.android.art/javalib/arm64/boot-core-libart.oat (dalvik.system.DexPathList.+664) (BuildId: cece53e2a9cb15fd6f4352063958474b93a4610d) 04-23 21:25:53.645 11806 11806 F DEBUG : #15 pc 000000000001d934 /apex/com.android.art/javalib/arm64/boot-core-libart.oat (dalvik.system.BaseDexClassLoader.+228) (BuildId: cece53e2a9cb15fd6f4352063958474b93a4610d) 04-23 21:25:53.645 11806 11806 F DEBUG : #16 pc 00000000000580e4 /apex/com.android.art/javalib/arm64/boot-core-libart.oat (dalvik.system.PathClassLoader.+68) (BuildId: cece53e2a9cb15fd6f4352063958474b93a4610d) 04-23 21:25:53.645 11806 11806 F DEBUG : #17 pc 0000000000885dc4 /system/framework/arm64/boot-framework.oat (com.android.internal.os.ClassLoaderFactory.createClassLoader+820) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #18 pc 0000000000885edc /system/framework/arm64/boot-framework.oat (com.android.internal.os.ClassLoaderFactory.createClassLoader+92) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #19 pc 000000000031a040 /system/framework/arm64/boot-framework.oat (android.app.ApplicationLoaders.getClassLoader+368) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #20 pc 000000000031a8c4 /system/framework/arm64/boot-framework.oat (android.app.ApplicationLoaders.getClassLoaderWithSharedLibraries+84) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #21 pc 0000000000325030 /system/framework/arm64/boot-framework.oat (android.app.LoadedApk.createOrUpdateClassLoaderLocked+3856) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #22 pc 0000000000328114 /system/framework/arm64/boot-framework.oat (android.app.LoadedApk.getClassLoader+84) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #23 pc 00000000003286ac /system/framework/arm64/boot-framework.oat (android.app.LoadedApk.getResources+332) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #24 pc 00000000004188e0 /system/framework/arm64/boot-framework.oat (android.app.ContextImpl.createAppContext+160) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #25 pc 0000000000418814 /system/framework/arm64/boot-framework.oat (android.app.ContextImpl.createAppContext+52) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #26 pc 00000000003f5af0 /system/framework/arm64/boot-framework.oat (android.app.ActivityThread.handleBindApplication+5184) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #27 pc 00000000003eaea4 /system/framework/arm64/boot-framework.oat (android.app.ActivityThread$H.handleMessage+6660) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #28 pc 00000000006384c4 /system/framework/arm64/boot-framework.oat (android.os.Handler.dispatchMessage+180) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #29 pc 000000000063b9bc /system/framework/arm64/boot-framework.oat (android.os.Looper.loop+1516) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #30 pc 00000000003fce90 /system/framework/arm64/boot-framework.oat (android.app.ActivityThread.main+752) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.645 11806 11806 F DEBUG : #31 pc 00000000001337e8 /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.645 11806 11806 F DEBUG : #32 pc 00000000001a8a94 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+228) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.646 11806 11806 F DEBUG : #33 pc 000000000055431c /apex/com.android.art/lib64/libart.so (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject, _jobject, _jobject, unsigned long)+1364) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.646 11806 11806 F DEBUG : #34 pc 00000000004d3b28 /apex/com.android.art/lib64/libart.so (art::Method_invoke(_JNIEnv, _jobject, _jobject, _jobjectArray)+52) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.646 11806 11806 F DEBUG : #35 pc 00000000000896f4 /apex/com.android.art/javalib/arm64/boot.oat (art_jni_trampoline+180) (BuildId: 13577ce71153c228ecf0eb73fc39f45010d487f8) 04-23 21:25:53.646 11806 11806 F DEBUG : #36 pc 000000000088ee88 /system/framework/arm64/boot-framework.oat (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+136) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.646 11806 11806 F DEBUG : #37 pc 00000000008975b8 /system/framework/arm64/boot-framework.oat (com.android.internal.os.ZygoteInit.main+2280) (BuildId: a7dd0eff5bdbc65cfca1e16bfa63f1bc14ff1b8a) 04-23 21:25:53.646 11806 11806 F DEBUG : #38 pc 00000000001337e8 /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.646 11806 11806 F DEBUG : #39 pc 00000000001a8a94 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+228) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.646 11806 11806 F DEBUG : #40 pc 0000000000552d58 /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs<art::ArtMethod>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject, art::ArtMethod*, std::va_list)+448) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.646 11806 11806 F DEBUG : #41 pc 000000000055320c /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject, _jmethodID, std::__va_list)+92) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.646 11806 11806 F DEBUG : #42 pc 000000000043811c /apex/com.android.art/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv, _jclass, _jmethodID, std::__va_list)+656) (BuildId: 0252adff22f4c0297f97cb35735c7649) 04-23 21:25:53.646 11806 11806 F DEBUG : #43 pc 0000000000099424 /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass, _jmethodID, ...)+124) (BuildId: b79898a84f04b7398c4e478f52b7ac53) 04-23 21:25:53.646 11806 11806 F DEBUG : #44 pc 00000000000a08b0 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector const&, bool)+836) (BuildId: b79898a84f04b7398c4e478f52b7ac53) 04-23 21:25:53.646 11806 11806 F DEBUG : #45 pc 0000000000003580 /system/bin/app_process64 (main+1336) (BuildId: 3254c0fd94c1b04edc39169c6c635aac) 04-23 21:25:53.646 11806 11806 F DEBUG : #46 pc 0000000000049418 /apex/com.android.runtime/lib64/bionic/libc.so (libc_init+108) (BuildId: 03452a4a418e14ff93948f26561eace6)

daaoling commented 3 years ago

很奇怪 初始化是 0x7134adb190 这个地址 为啥奔溃在 Fatal signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0x7134adb19c 这个地址压 大佬跪拜求指点

daaoling commented 3 years ago

04-23 21:25:53.474 1573 1647 I ActivityManager: Start proc 11782:com.xf.local/u0a217 for pre-top-activity {com.xf.local/com.xf.AppActivity} 04-23 21:25:53.478 9433 9577 W Settings: Setting airplane_mode_on has moved from android.provider.Settings.System to android.provider.Settings.Global, returning read-only value. 04-23 21:25:53.485 11782 11782 E com.xf.local: Not starting debugger since process cannot load the jdwp agent. 04-23 21:25:53.493 11782 11782 W Riru64 : il2cppdumper is too old to hide so 04-23 21:25:53.493 11782 11793 I Perfare : hack thread: 11793 04-23 21:25:53.493 11782 11793 I Perfare : api level: 30

还有之前一部分的信息

Perfare commented 3 years ago

安卓11问题,应该需要换hook dlopen方式,需要等我把手机升级后才能测试