search

asLody / SandHook

Android ART Hook/Native Inline Hook/Single Instruction Hook - support 4.4 - 11.0 32/64 bit - Xposed API Compat
Other
2.03k stars 443 forks source link

"execute-only (no-read) memory access error" on android 10 #51

Open baibaomen opened 4 years ago

baibaomen commented 4 years ago

I tried to inject sandhook into com.android.systemui. Same code works on Android 9, and Android 8, but fails on my Android 10 device.

Related topic about system binaries/libraries mapped to execute-only memory: https://developer.android.com/about/versions/10/behavior-changes-all

Log as following:

2020-04-29 09:41:50.293 3856-3856/? E//system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_41 2020-04-29 09:41:50.425 4315-4793/system_process E/PowerHintCallback: sceneId: 0 is invalid 2020-04-29 09:41:52.428 28267-28267/com.android.systemui A/libc: Fatal signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x7ddf72e0f0 in tid 28267 (ndroid.systemui), pid 28267 (ndroid.systemui) 2020-04-29 09:41:52.563 28364-28364/? A/DEBUG: 2020-04-29 09:41:52.564 28364-28364/? A/DEBUG: Native Crash TIME: 699171 2020-04-29 09:41:52.564 28364-28364/? A/DEBUG: 2020-04-29 09:41:52.564 28364-28364/? A/DEBUG: Build fingerprint: 'Hisense/HITV101C/HITV101C:10/QP1A.190711.020/L1704.6.01.02:userdebug/release-keys' 2020-04-29 09:41:52.564 28364-28364/? A/DEBUG: Revision: '0' 2020-04-29 09:41:52.564 28364-28364/? A/DEBUG: ABI: 'arm64' 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: Timestamp: 2020-04-29 09:41:52+0800 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: pid: 28267, tid: 28267, name: ndroid.systemui >>> com.android.systemui <<< 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: uid: 10124 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x7ddf72e0f0 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: Cause: execute-only (no-read) memory access error; likely due to data in .text. 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: x0 0000007e649fc500 x1 0000007ddf72e0f0 x2 0000000000000010 x3 0000007ffa6e7938 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: x4 0000000000000001 x5 0000000000000004 x6 0000007ffa6e774c x7 0000000000000000 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: x8 0000007dd5a6b1b8 x9 0000000000000001 x10 0000000000000002 x11 0000007e649f45fc 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: x12 0000000000000004 x13 0000000000000020 x14 0000800000000000 x15 000040785b61b01a 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: x16 0000007dd5ab13b0 x17 0000007dd5a64f9c x18 0000007e65baa000 x19 0000000000000001 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: x20 0000007ddf72e0f0 x21 0000007ffa6e7938 x22 0000007ddf72e0f0 x23 0000007ddf72e100 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: x24 0000000014000000 x25 0000000036000000 x26 0000000034000000 x27 0000000018000000 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: x28 0000000010000000 x29 0000007ffa6e78e0 2020-04-29 09:41:52.565 28364-28364/? A/DEBUG: sp 0000007ffa6e7890 lr 0000007dd5a6b87c pc 0000007dd5a6b200 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: backtrace: 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #00 pc 0000000000038200 /system/lib64/libsandhook-native.so (SandHook::Decoder::Arm64Decoder::Disassemble(void, unsigned long, SandHook::Decoder::InstVisitor&, bool)+72) (BuildId: b5895ae75b6d2c9c0d91e7009e375560b584adf4) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #01 pc 0000000000038878 /system/lib64/libsandhook-native.so (SandHook::Asm::CodeRelocateA64::Relocate(void, unsigned long, void)+112) (BuildId: b5895ae75b6d2c9c0d91e7009e375560b584adf4) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #02 pc 000000000003951c /system/lib64/libsandhook-native.so (SandHook::Hook::InlineHookArm64Android::Hook(void, void)+248) (BuildId: b5895ae75b6d2c9c0d91e7009e375560b584adf4) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #03 pc 000000000001f5d8 /system/lib64/libsandhook.so (hookClassInit+96) (BuildId: c984836bf8b0da7e47ef63c5dca156a78920d345) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #04 pc 000000000001d01c /system/lib64/libsandhook.so (Java_com_swift_sandhook_SandHook_initForPendingHook+116) (BuildId: c984836bf8b0da7e47ef63c5dca156a78920d345) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #05 pc 000000000013f350 /apex/com.android.runtime/lib64/libart.so (art_quick_generic_jni_trampoline+144) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #06 pc 00000000001365b8 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #07 pc 0000000000145080 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+276) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #08 pc 00000000002ddb90 /apex/com.android.runtime/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread, art::ArtMethod, art::ShadowFrame, unsigned short, art::JValue)+384) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #09 pc 00000000002d88f0 /apex/com.android.runtime/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod, art::Thread, art::ShadowFrame&, art::Instruction const, unsigned short, art::JValue)+900) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #10 pc 0000000000590dbc /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+552) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #11 pc 0000000000130994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #12 pc 00000000002fb87e [anon:dalvik-classes.dex extracted in memory from /data/app/com.fundot.p4bu-VEgF03mfNA2m_RImDQGnig==/base.apk] (com.swift.sandhook.PendingHookHandler.+14) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #13 pc 00000000002ae3b4 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.17415170899301012833+240) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #14 pc 000000000057f954 /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1024) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #15 pc 000000000013f468 /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #16 pc 00000000001365b8 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #17 pc 0000000000145080 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+276) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #18 pc 00000000001705cc /apex/com.android.runtime/lib64/libart.so (art::ClassLinker::InitializeClass(art::Thread, art::Handle, bool, bool)+1912) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #19 pc 000000000015b7c0 /apex/com.android.runtime/lib64/libart.so (art::ClassLinker::EnsureInitialized(art::Thread, art::Handle, bool, bool)+92) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #20 pc 00000000002ddc24 /apex/com.android.runtime/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread, art::ArtMethod, art::ShadowFrame, unsigned short, art::JValue)+532) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #21 pc 00000000002d88f0 /apex/com.android.runtime/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod, art::Thread, art::ShadowFrame&, art::Instruction const, unsigned short, art::JValue)+900) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #22 pc 0000000000590dbc /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+552) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #23 pc 0000000000130994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #24 pc 00000000002fc546 [anon:dalvik-classes.dex extracted in memory from /data/app/com.fundot.p4bu-VEgF03mfNA2m_RImDQGnig==/base.apk] (com.swift.sandhook.SandHook.hook+70) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #25 pc 0000000000591004 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+1136) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #26 pc 0000000000130994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #27 pc 00000000002fe84e [anon:dalvik-classes.dex extracted in memory from /data/app/com.fundot.p4bu-VEgF03mfNA2m_RImDQGnig==/base.apk] (com.swift.sandhook.wrapper.HookWrapper.addHookClass+66) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #28 pc 0000000000591004 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+1136) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #29 pc 0000000000130994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #30 pc 00000000002fe8cc [anon:dalvik-classes.dex extracted in memory from /data/app/com.fundot.p4bu-VEgF03mfNA2m_RImDQGnig==/base.apk] (com.swift.sandhook.wrapper.HookWrapper.addHookClass+12) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #31 pc 0000000000591004 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+1136) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #32 pc 0000000000130994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #33 pc 00000000002fe8ee [anon:dalvik-classes.dex extracted in memory from /data/app/com.fundot.p4bu-VEgF03mfNA2m_RImDQGnig==/base.apk] (com.swift.sandhook.wrapper.HookWrapper.addHookClass+2) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #34 pc 00000000002ae3b4 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.17415170899301012833+240) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.673 28364-28364/? A/DEBUG: #35 pc 000000000057f954 /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1024) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #36 pc 000000000013f468 /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #37 pc 00000000001365b8 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #38 pc 0000000000145080 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+276) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #39 pc 00000000002ddb90 /apex/com.android.runtime/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread, art::ArtMethod, art::ShadowFrame, unsigned short, art::JValue)+384) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #40 pc 00000000002d88f0 /apex/com.android.runtime/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod, art::Thread, art::ShadowFrame&, art::Instruction const, unsigned short, art::JValue)+900) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #41 pc 0000000000590dbc /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+552) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #42 pc 0000000000130994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #43 pc 00000000002fc4a8 [anon:dalvik-classes.dex extracted in memory from /data/app/com.fundot.p4bu-VEgF03mfNA2m_RImDQGnig==/base.apk] (com.swift.sandhook.SandHook.addHookClass) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #44 pc 0000000000591004 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+1136) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #45 pc 0000000000130994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #46 pc 000000000029de30 [anon:dalvik-classes.dex extracted in memory from /data/app/com.fundot.p4bu-VEgF03mfNA2m_RImDQGnig==/base.apk] (com.fundot.p4bu.ii.hooks.HookHelper.start+404) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #47 pc 00000000002ae3b4 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.17415170899301012833+240) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #48 pc 000000000057f954 /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1024) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #49 pc 000000000013f468 /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #50 pc 00000000001365b8 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #51 pc 0000000000145080 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+276) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #52 pc 00000000002ddb90 /apex/com.android.runtime/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread, art::ArtMethod, art::ShadowFrame, unsigned short, art::JValue)+384) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #53 pc 00000000002d88f0 /apex/com.android.runtime/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod, art::Thread, art::ShadowFrame&, art::Instruction const, unsigned short, art::JValue)+900) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #54 pc 0000000000590dbc /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+552) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #55 pc 0000000000130994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #56 pc 000000000029e13e [anon:dalvik-classes.dex extracted in memory from /data/app/com.fundot.p4bu-VEgF03mfNA2m_RImDQGnig==/base.apk] (com.fundot.p4bu.ii.hooks.androidUiHook.AndroidUiHookMngr.start+26) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #57 pc 000000000058e468 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+1432) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #58 pc 0000000000130814 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #59 pc 000000000029b13c [anon:dalvik-classes.dex extracted in memory from /data/app/com.fundot.p4bu-VEgF03mfNA2m_RImDQGnig==/base.apk] (com.fundot.p4bu.ii.appMonitors.AndroidUiMonitor.init+16) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #60 pc 000000000058e468 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+1432) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #61 pc 0000000000130814 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #62 pc 0000000000299dae [anon:dalvik-classes.dex extracted in memory from /data/app/com.fundot.p4bu-VEgF03mfNA2m_RImDQGnig==/base.apk] (com.fundot.p4bu.ii.Monitor.lambda$init$0+286) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #63 pc 0000000000591004 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+1136) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #64 pc 0000000000130994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #65 pc 0000000000299460 [anon:dalvik-classes.dex extracted in memory from /data/app/com.fundot.p4bu-VEgF03mfNA2m_RImDQGnig==/base.apk] (com.fundot.p4bu.ii.-$$Lambda$Monitor$YdIBKFMUa8iIUEg19Fa2l-zjVoI.call+8) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #66 pc 000000000058fc5c /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1740) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #67 pc 0000000000130a14 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #68 pc 0000000000299c1a [anon:dalvik-classes.dex extracted in memory from /data/app/com.fundot.p4bu-VEgF03mfNA2m_RImDQGnig==/base.apk] (com.fundot.p4bu.ii.Monitor.init+290) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #69 pc 00000000002ae3b4 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.17415170899301012833+240) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #70 pc 000000000057f954 /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1024) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #71 pc 000000000013f468 /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #72 pc 00000000001365b8 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #73 pc 0000000000145080 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+276) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #74 pc 00000000004a15d0 /apex/com.android.runtime/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod, art::(anonymous namespace)::ArgArray, art::JValue, char const)+104) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #75 pc 00000000004a300c /apex/com.android.runtime/lib64/libart.so (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject, _jobject, _jobject, unsigned long)+1476) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #76 pc 00000000004314fc /apex/com.android.runtime/lib64/libart.so (art::Method_invoke(_JNIEnv, _jobject, _jobject, _jobjectArray)+52) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #77 pc 000000000013f350 /apex/com.android.runtime/lib64/libart.so (art_quick_generic_jni_trampoline+144) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #78 pc 0000000000136334 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.674 28364-28364/? A/DEBUG: #79 pc 0000000000145060 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+244) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #80 pc 00000000002ddb90 /apex/com.android.runtime/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread, art::ArtMethod, art::ShadowFrame, unsigned short, art::JValue)+384) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #81 pc 00000000002d88f0 /apex/com.android.runtime/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod, art::Thread, art::ShadowFrame&, art::Instruction const, unsigned short, art::JValue)+900) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #82 pc 000000000058e214 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+836) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #83 pc 0000000000130814 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #84 pc 000000000020738e /system/framework/framework.jar (android.app.Instrumentation.newApplication+122) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #85 pc 000000000058e468 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+1432) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #86 pc 0000000000130814 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #87 pc 000000000020c26c /system/framework/framework.jar (android.app.LoadedApk.makeApplication+120) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #88 pc 000000000058e468 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+1432) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #89 pc 0000000000130814 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #90 pc 000000000019672a /system/framework/framework.jar (android.app.ActivityThread.handleBindApplication+2126) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #91 pc 00000000005907f8 /apex/com.android.runtime/lib64/libart.so (MterpInvokeDirect+1168) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #92 pc 0000000000130914 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_direct+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #93 pc 0000000000193580 /system/framework/framework.jar (android.app.ActivityThread.access$1300) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #94 pc 0000000000591004 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+1136) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #95 pc 0000000000130994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #96 pc 000000000018faec /system/framework/framework.jar (android.app.ActivityThread$H.handleMessage+1504) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #97 pc 000000000058e468 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+1432) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #98 pc 0000000000130814 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #99 pc 000000000030942e /system/framework/framework.jar (android.os.Handler.dispatchMessage+38) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #100 pc 000000000058e468 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+1432) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #101 pc 0000000000130814 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #102 pc 000000000032fc56 /system/framework/framework.jar (android.os.Looper.loop+466) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #103 pc 0000000000591004 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+1136) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #104 pc 0000000000130994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #105 pc 000000000019a2d2 /system/framework/framework.jar (android.app.ActivityThread.main+430) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #106 pc 00000000002ae3b4 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.17415170899301012833+240) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #107 pc 000000000057f954 /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1024) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #108 pc 000000000013f468 /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #109 pc 00000000001365b8 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #110 pc 0000000000145080 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+276) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #111 pc 00000000004a15d0 /apex/com.android.runtime/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod, art::(anonymous namespace)::ArgArray, art::JValue, char const)+104) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #112 pc 00000000004a300c /apex/com.android.runtime/lib64/libart.so (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject, _jobject, _jobject, unsigned long)+1476) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #113 pc 00000000004314fc /apex/com.android.runtime/lib64/libart.so (art::Method_invoke(_JNIEnv, _jobject, _jobject, _jobjectArray)+52) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #114 pc 000000000013f350 /apex/com.android.runtime/lib64/libart.so (art_quick_generic_jni_trampoline+144) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #115 pc 0000000000136334 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.675 28364-28364/? A/DEBUG: #116 pc 0000000000145060 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+244) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #117 pc 00000000002ddb90 /apex/com.android.runtime/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread, art::ArtMethod, art::ShadowFrame, unsigned short, art::JValue)+384) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #118 pc 00000000002d88f0 /apex/com.android.runtime/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod, art::Thread, art::ShadowFrame&, art::Instruction const, unsigned short, art::JValue)+900) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #119 pc 000000000058e214 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+836) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #120 pc 0000000000130814 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #121 pc 000000000036de56 /system/framework/framework.jar (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+22) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #122 pc 000000000058fc5c /apex/com.android.runtime/lib64/libart.so (MterpInvokeInterface+1740) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #123 pc 0000000000130a14 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #124 pc 00000000003723d0 /system/framework/framework.jar (com.android.internal.os.ZygoteInit.main+544) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #125 pc 00000000002ae3b4 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.17415170899301012833+240) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #126 pc 000000000057f954 /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1024) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #127 pc 000000000013f468 /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #128 pc 00000000001365b8 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #129 pc 0000000000145080 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+276) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #130 pc 00000000004a15d0 /apex/com.android.runtime/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod, art::(anonymous namespace)::ArgArray, art::JValue, char const)+104) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #131 pc 00000000004a1234 /apex/com.android.runtime/lib64/libart.so (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject, _jmethodID, std::__va_list)+408) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #132 pc 00000000003b24e0 /apex/com.android.runtime/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv, _jclass, _jmethodID, std::__va_list)+764) (BuildId: dc624d4880c5a020715c75873cdb3162) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #133 pc 00000000000bf560 /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass, _jmethodID, ...)+116) (BuildId: ccbaf629716e65229e6045c140cc8de4) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #134 pc 00000000000c23f4 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector const&, bool)+780) (BuildId: ccbaf629716e65229e6045c140cc8de4) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #135 pc 00000000000034e0 /system/bin/app_process64 (main+1168) (BuildId: 7e61d8aa51b58d718770bc767df8b480) 2020-04-29 09:41:52.676 28364-28364/? A/DEBUG: #136 pc 000000000007d458 /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+108) (BuildId: f870d577419d3c0e6b7c369961c66fbd) 2020-04-29 09:41:52.917 3856-3856/? E//system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_42 2020-04-29 09:41:53.038 4315-4793/system_process E/PowerHintCallback: sceneId: 0 is invalid 2020-04-29 09:41:53.703 3736-3736/? E/KERNEL_MON: The error is No such file or directory 2020-04-29 09:41:54.288 3860-3860/? E/CRASH_MON: The error is No such file or directory 2020-04-29 09:41:55.035 28371-28371/com.android.systemui A/libc: Fatal signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x7ddf72e0f0 in tid 28371 (ndroid.systemui), pid 28371 (ndroid.systemui) 2020-04-29 09:41:55.172 28406-28406/? A/DEBUG: 2020-04-29 09:41:55.172 28406-28406/? A/DEBUG: Native Crash TIME: 701779 2020-04-29 09:41:55.172 28406-28406/? A/DEBUG: 2020-04-29 09:41:55.173 28406-28406/? A/DEBUG: Build fingerprint: 'Hisense/HITV101C/HITV101C:10/QP1A.190711.020/L1704.6.01.02:userdebug/release-keys' 2020-04-29 09:41:55.173 28406-28406/? A/DEBUG: Revision: '0' 2020-04-29 09:41:55.173 28406-28406/? A/DEBUG: ABI: 'arm64' 2020-04-29 09:41:55.174 28406-28406/? A/DEBUG: Timestamp: 2020-04-29 09:41:55+0800 2020-04-29 09:41:55.174 28406-28406/? A/DEBUG: pid: 28371, tid: 28371, name: ndroid.systemui >>> com.android.systemui <<< 2020-04-29 09:41:55.174 28406-28406/? A/DEBUG: uid: 10124 2020-04-29 09:41:55.174 28406-28406/? A/DEBUG: signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x7ddf72e0f0 2020-04-29 09:41:55.174 28406-28406/? A/DEBUG: Cause: execute-only (no-read) memory access error; likely due to data in .text.

shuajinanhai commented 3 years ago

execute-only (no-read) memory access error 我也遇到了

Wudelin commented 3 years ago

解决了吗

shuajinanhai commented 3 years ago

必须的------------------ 原始邮件 ------------------ 发件人: "Kobayashi"<notifications@github.com> 发送时间: 2021年1月4日(星期一) 上午9:51 收件人: "ganyao114/SandHook"<SandHook@noreply.github.com>; 抄送: "shuajinanhai"<1281579248@qq.com>;"Comment"<comment@noreply.github.com>; 主题: Re: [ganyao114/SandHook] "execute-only (no-read) memory access error" on android 10 (#51)

Wudelin commented 3 years ago

我这边直接集成还是一样的

aviraxp commented 3 years ago

Should be fixed by https://github.com/ganyao114/SandHook/pull/83/commits/8039b52cb3a8d2699946dae938eccb9d205501a2.