search

Rprop / And64InlineHook

Lightweight ARMv8-A(ARM64, AArch64, Little-Endian) Inline Hook Library for Android C/C++
MIT License
620 stars 199 forks source link

使用MSHookFunction hook一个get_text函数,arm32正常,arm64 奔溃 #11

Open shuajinanhai opened 1 year ago

shuajinanhai commented 1 year ago

F libc : Pointer tag for 0x7166ac9660 was truncated. E CRASH : E CRASH : Version '2021.3.18f1 (3129e69bc0c7)', Build type 'Release', Scripting Backend 'il2cpp', CPU 'arm64-v8a' E CRASH : Build fingerprint: 'Lenovo/TB-9707F_PRC/TB-9707F:11/RKQ1.210303.002/13.1.541_220421:user/release-keys' E CRASH : Revision: '0' E CRASH : ABI: 'arm64' E CRASH : Timestamp: 2023-05-29 23:20:57+0800 E CRASH : pid: 17787, tid: 17830, name: UnityMain >>> com.dynamicgames.worldtruckdrivingsimulator.zh <<< E CRASH : uid: 10397 E CRASH : signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr -------- E CRASH : x0 0000000000000000 x1 00000000000045a6 x2 0000000000000006 x3 0000007270279e00 E CRASH : x4 0000000000000000 x5 0000000000000000 x6 0000000000000000 x7 0000000000000020 E CRASH : x8 00000000000000f0 x9 ac9a84abbd467725 x10 0000000000000000 x11 ffffffc0fffffbdf E CRASH : x12 0000000000000001 x13 000008f615434407 x14 000dccc56dce3c44 x15 0000000034155555 E CRASH : x16 00000075dacfdc80 x17 00000075dacdfbb0 x18 00000071e1186b18 x19 000000000000457b E CRASH : x20 00000000000045a6 x21 00000000ffffffff x22 000000725fc98c60 x23 000000725fcd4280 E CRASH : x24 000000725fccec70 x25 000000725fcd2aa8 x26 000000725fce1d38 x27 000000725fccb618 E CRASH : x28 0000000000000043 x29 0000007270279e80 E CRASH : sp 0000007270279de0 lr 00000075dac933e0 pc 00000075dac9340c E CRASH : backtrace: E CRASH : #00 pc 000000000004e40c /apex/com.android.runtime/lib64/bionic/libc.so (abort+164) (BuildId: 4b0a60ca3b69d2d66dca24bb01c8d1aa) E CRASH : #01 pc 000000000003bb1c /apex/com.android.runtime/lib64/bionic/libc.so (mallinfo) (BuildId: 4b0a60ca3b69d2d66dca24bb01c8d1aa) E CRASH : #02 pc 0000000000b29890 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libil2cpp.so (BuildId: d94909590ee8ec2d9e88eab761a3941035d54a67) E CRASH : #03 pc 0000000000804f74 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libil2cpp.so (BuildId: d94909590ee8ec2d9e88eab761a3941035d54a67) E CRASH : #04 pc 0000000000804de8 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libil2cpp.so (BuildId: d94909590ee8ec2d9e88eab761a3941035d54a67) E CRASH : #05 pc 00000000002f2528 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E CRASH : #06 pc 00000000003000a8 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E CRASH : #07 pc 000000000030edf0 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E CRASH : #08 pc 000000000030f02c /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E CRASH : #09 pc 000000000030f868 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E CRASH : #10 pc 000000000018245c /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E CRASH : #11 pc 0000000000226e80 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E CRASH : #12 pc 0000000000226ec0 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E CRASH : #13 pc 00000000002270f8 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E CRASH : #14 pc 000000000037bf20 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E CRASH : #15 pc 0000000000392728 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E CRASH : #16 pc 0000000000046d2c /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/oat/arm64/base.odex W ingsimulator.z: <0x06f49c2e> for 7.163s Unlock long monitor contention with owner firebase-installations-executor-2 (17826) waiters=0 E SELinux : avc: denied { find } for pid=28498 uid=10114 name=tethering scontext=u:r:permissioncontroller_app:s0:c114,c256,c512,c768 tcontext=u:object_r:tethering_service:s0 tclass=service_manager permissive=0 E SELinux : avc: denied { find } for pid=3333 uid=10193 name=tethering scontext=u:r:vendor_systemhelper_app:s0:c512,c768 tcontext=u:object_r:tethering_service:s0 tclass=service_manager permissive=0 E CRASH : Tombstone written to: /storage/emulated/0/Android/data/com.dynamicgames.worldtruckdrivingsimulator.zh/files/tombstone_00 E AndroidRuntime: FATAL EXCEPTION: UnityMain E AndroidRuntime: Process: com.dynamicgames.worldtruckdrivingsimulator.zh, PID: 17787 E AndroidRuntime: java.lang.Error: E AndroidRuntime: Version '2021.3.18f1 (3129e69bc0c7)', Build type 'Release', Scripting Backend 'il2cpp', CPU 'arm64-v8a' E AndroidRuntime: Build fingerprint: 'Lenovo/TB-9707F_PRC/TB-9707F:11/RKQ1.210303.002/13.1.541_220421:user/release-keys' E AndroidRuntime: Revision: '0' E AndroidRuntime: ABI: 'arm64' E AndroidRuntime: Timestamp: 2023-05-29 23:20:57+0800 E AndroidRuntime: pid: 17787, tid: 17830, name: UnityMain >>> com.dynamicgames.worldtruckdrivingsimulator.zh <<< E AndroidRuntime: uid: 10397 E AndroidRuntime: signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr -------- E AndroidRuntime: x0 0000000000000000 x1 00000000000045a6 x2 0000000000000006 x3 0000007270279e00 E AndroidRuntime: x4 0000000000000000 x5 0000000000000000 x6 0000000000000000 x7 0000000000000020 E AndroidRuntime: x8 00000000000000f0 x9 ac9a84abbd467725 x10 0000000000000000 x11 ffffffc0fffffbdf E AndroidRuntime: x12 0000000000000001 x13 000008f615434407 x14 000dccc56dce3c44 x15 0000000034155555 E AndroidRuntime: x16 00000075dacfdc80 x17 00000075dacdfbb0 x18 00000071e1186b18 x19 000000000000457b E AndroidRuntime: x20 00000000000045a6 x21 00000000ffffffff x22 000000725fc98c60 x23 000000725fcd4280 E AndroidRuntime: x24 000000725fccec70 x25 000000725fcd2aa8 x26 000000725fce1d38 x27 000000725fccb618 E AndroidRuntime: x28 0000000000000043 x29 0000007270279e80 E AndroidRuntime: sp 0000007270279de0 lr 00000075dac933e0 pc 00000075dac9340c E AndroidRuntime: E AndroidRuntime: backtrace: E AndroidRuntime: #00 pc 000000000004e40c /apex/com.android.runtime/lib64/bionic/libc.so (abort+164) (BuildId: 4b0a60ca3b69d2d66dca24bb01c8d1aa) E AndroidRuntime: #01 pc 000000000003bb1c /apex/com.android.runtime/lib64/bionic/libc.so (mallinfo) (BuildId: 4b0a60ca3b69d2d66dca24bb01c8d1aa) E AndroidRuntime: #02 pc 0000000000b29890 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libil2cpp.so (BuildId: d94909590ee8ec2d9e88eab761a3941035d54a67) E AndroidRuntime: #03 pc 0000000000804f74 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libil2cpp.so (BuildId: d94909590ee8ec2d9e88eab761a3941035d54a67) E AndroidRuntime: #04 pc 0000000000804de8 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libil2cpp.so (BuildId: d94909590ee8ec2d9e88eab761a3941035d54a67) E AndroidRuntime: #05 pc 00000000002f2528 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E AndroidRuntime: #06 pc 00000000003000a8 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E AndroidRuntime: #07 pc 000000000030edf0 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E AndroidRuntime: #08 pc 000000000030f02c /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E AndroidRuntime: #09 pc 000000000030f868 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E AndroidRuntime: #10 pc 000000000018245c /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E AndroidRuntime: #11 pc 0000000000226e80 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E AndroidRuntime: #12 pc 0000000000226ec0 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E AndroidRuntime: #13 pc 00000000002270f8 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E AndroidRuntime: #14 pc 000000000037bf20 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E AndroidRuntime: #15 pc 0000000000392728 /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/lib/arm64/libunity.so (BuildId: 01bdcdb9cb0e19a01b0cfcc4a55b66822bfdc830) E AndroidRuntime: #16 pc 0000000000046d2c /data/app/~~QTRsI35I4xNycUAC02pwCQ==/com.dynamicgames.worldtruckdrivingsimulator.zh-cQZz0ASEwkO_ivB7RQ_pGA==/oat/arm64/base.odex E AndroidRuntime: E AndroidRuntime: at libc.abort(abort:164) E AndroidRuntime: at libc.mallinfo(mallinfo:0) E AndroidRuntime: at libil2cpp.0xb29890(Native Method) E AndroidRuntime: at libil2cpp.0x804f74(Native Method) E AndroidRuntime: at libil2cpp.0x804de8(Native Method) E AndroidRuntime: at libunity.0x2f2528(Native Method) E AndroidRuntime: at libunity.0x3000a8(Native Method) E AndroidRuntime: at libunity.0x30edf0(Native Method) E AndroidRuntime: at libunity.0x30f02c(Native Method) E AndroidRuntime: at libunity.0x30f868(Native Method) E AndroidRuntime: at libunity.0x18245c(Native Method) E AndroidRuntime: at libunity.0x226e80(Native Method) E AndroidRuntime: at libunity.0x226ec0(Native Method) E AndroidRuntime: at libunity.0x2270f8(Native Method) E AndroidRuntime: at libunity.0x37bf20(Native Method) E AndroidRuntime: at libunity.0x392728(Native Method) E AndroidRuntime: at base.0x46d2c(Native Method)

shuajinanhai commented 1 year ago

好像是这两处if (llabs(pc_offset) >= (mask>>1))判断有问题,安卓10系统之下是走else,游戏正常,但在安卓10及10+是进if块导致游戏崩溃,强制改为else正常,大佬可否优化下判断

Rprop commented 1 year ago 
A64HookFunction(void *const symbol, void *const replace, void **result)

你需要提供hook前后symbol和result的实际address及内存hexdump, 大概64字节