search

asLody / SandHook

Android ART Hook/Native Inline Hook/Single Instruction Hook - support 4.4 - 11.0 32/64 bit - Xposed API Compat
Other
2.06k stars 446 forks source link

Native Hook崩溃 #39

Closed canyie closed 5 years ago

canyie commented 5 years ago

设备信息:三星J3109,Android 5.1.1,armeabi-v7a

测试代码:

bool targetFunction() {
    LOGI("target function");
    for(int i = 0;i < 1;++i) {
        LOGI("for loop %d", i);
    }
    return false;
}

bool (*orgi_target)() = nullptr;

bool hook() {
    LOGI("Before hook method");
    bool result = orgi_target();
    LOGI("After hook method: result is %s", result ? "yes" : "no");
    result = !result;
    LOGI("Reset result to %s", result ? "yes" : "no");
    return result;
}

void test() {
    orgi_target = reinterpret_cast<bool (*)()> (SandInlineHook((void *) targetFunction, (void *) hook));
    LOGI("Hooked target function; try call it");
    bool result = targetFunction();
    LOGI("target() returned %s", result ? "yes" : "no");
}

log:

I/DEBUG   (29383): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 
I/DEBUG   (29383): Build fingerprint: 'samsung/j3ltectc/j3ltectc:5.1.1/LMY47X/J3109KES1AQI1:user/release-keys'
I/DEBUG   (29383): Revision: '6'
I/DEBUG   (29383): ABI: 'arm'
I/DEBUG   (29383): pid: 12928, tid: 12928, name: .nativehooktest  >>> com.canyie.nativehooktest <<<
I/DEBUG   (29383): signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0xb7f3ef78
I/DEBUG   (29383):     r0 b7f63a58  r1 b7f63a58  r2 b7f3ef78  r3 beaea8e8
I/DEBUG   (29383):     r4 00000008  r5 a232d315  r6 b7f63740  r7 beaeabf0
I/DEBUG   (29383):     r8 12c42ef0  r9 b7c46778  sl 00000000  fp 00000000
I/DEBUG   (29383):     ip b6e58128  sp beaeaae8  lr a233c569  pc b7f3ef78  cpsr 200b0010
I/DEBUG   (29383):
I/DEBUG   (29383): backtrace:
I/DEBUG   (29383):     #00 pc 000dff78  [heap]
I/DEBUG   (29383):     #01 pc 0004b567  /data/app/com.canyie.nativehooktest-2/lib/arm/libsandhook-native.so (_ZN8SandHook7Decoder12Arm32Decoder11DisassembleEPvjRNS0_11InstVisitorEb+1510)
I/DEBUG   (29383):     #02 pc 0004d9dd  /data/app/com.canyie.nativehooktest-2/lib/arm/libsandhook-native.so (_ZN8SandHook3Asm15CodeRelocateA328RelocateEPvjS2_+228)
I/DEBUG   (29383):     #03 pc 0004bc2d  /data/app/com.canyie.nativehooktest-2/lib/arm/libsandhook-native.so (_ZN8SandHook4Hook22InlineHookArm32Android4HookEPvS2_+412)
I/DEBUG   (29383):     #04 pc 0003c587  /data/app/com.canyie.nativehooktest-2/lib/arm/libsandhook-native.so (SandInlineHook+42)
I/DEBUG   (29383):     #05 pc 0003c44f  /data/app/com.canyie.nativehooktest-2/lib/arm/libsandhook-native.so (Java_com_swift_sandhook_nativehook_NativeHook_test+30)
I/DEBUG   (29383):     #06 pc 00000305  /data/dalvik-cache/arm/data@app@com.canyie.nativehooktest-2@base.apk@classes.dex
canyie commented 5 years ago

好像是我方法体太短了...