zy990081568
commented
5 years ago Android 8.1 和 9.0测试都还存在这个问题, 偶现
Closed zy990081568 closed 5 years ago
zy990081568
commented
5 years ago Android 8.1 和 9.0测试都还存在这个问题, 偶现
ghost
commented
5 years ago 是Native层的问题,是引用了地址为0的指针,如果可以的话请定位一下代码(log太长不看)
zy990081568
commented
5 years ago 是Native层的问题,是引用了地址为0的指针,如果可以的话请定位一下代码(log太长不看)
无法定位呀, 应该是hook某个方法导致, 闪退后再XposedManager看不到模块,点击微信也没有反应, 重启SandVXposed后正常但还是一样闪退, 重新安装微信后可能就没有这个问题
zy990081568
commented
5 years ago 04-22 18:25:03.568 24234 24234 E VA++ : skip dex2oat hooker! 04-22 18:25:03.569 24234 24234 E zygote : Failed to execve(/system/bin/dex2oat --debuggable --instruction-set=arm --instruction-set-features=div, atomic_ldrd_strd,armv8a --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=cortex-a53 --instruction-set-features=default --debuggable --dex-file=/data/data/io.virtualapp.sandvxposed/virtual/data/user/0/com.tencent.mm/cache/73jkm7rochaqo6gf6p7q3jbsq8/sandxposed/SandHookerNew_2hqdifrmn671ia1cio4j81k51s.jar --output-vdex-fd=133 --oat-fd=135 --oat-location=/data/data/io.virtualapp.sandvxposed/virtual/data/user/0/com.tencent.mm/cache/73jkm7rochaqo6gf6p7q3jbsq8/sandxposed/oat/arm/SandHookerNew_2hqdifrmn671ia1cio4j81k51s.odex --compiler-filter=quicken --class-loader-context=&): No such file or directory
跟这个有没有关系呢?
ganyao114
commented
5 years ago 04-22 18:25:03.568 24234 24234 E VA++ : skip dex2oat hooker! 04-22 18:25:03.569 24234 24234 E zygote : Failed to execve(/system/bin/dex2oat --debuggable --instruction-set=arm --instruction-set-features=div, atomic_ldrd_strd,armv8a --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=cortex-a53 --instruction-set-features=default --debuggable --dex-file=/data/data/io.virtualapp.sandvxposed/virtual/data/user/0/com.tencent.mm/cache/73jkm7rochaqo6gf6p7q3jbsq8/sandxposed/SandHookerNew_2hqdifrmn671ia1cio4j81k51s.jar --output-vdex-fd=133 --oat-fd=135 --oat-location=/data/data/io.virtualapp.sandvxposed/virtual/data/user/0/com.tencent.mm/cache/73jkm7rochaqo6gf6p7q3jbsq8/sandxposed/oat/arm/SandHookerNew_2hqdifrmn671ia1cio4j81k51s.odex --compiler-filter=quicken --class-loader-context=&): No such file or directory
跟这个有没有关系呢?
这个没关系。。。
zy990081568
commented
5 years ago 跟踪了一下 这是其中一个崩溃的hook点
04-23 10:37:48.766 23993 24009 F zygote : profile_saver.cc:432] Check failed: method.GetCounter() == 0u (method.GetCounter()=35, 0u=0) int com.tencent.wcdb.database.SQLiteDatabase.executeSql!(java.lang.String, java.lang.Object[], com.tencent.wcdb.support.CancellationSignal) access_flags=42467586
https://github.com/asLody/AndHook/issues/35 跟这个感觉像是差不多的
zy990081568
commented
5 years ago android-8.1.0_r1\art\runtime\jit\profile_saver.cc SampleClassesAndExecutedMethods
zy990081568
commented
5 years ago 04-24 16:17:33.383 1464 2012 E HwWifiStatStore: updateLinkSpeed linkSpeed =72 lastSpdLev=2 index=2 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] JNI DETECTED ERROR IN APPLICATION: JNI NewStringUTF called with pending exception java.lang.StackOverflowError: stack size 8MB 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at java.lang.Object java.lang.reflect.Method.invoke(java.lang.Object, java.lang.Object[]) (Method.java:-2) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at java.lang.Object com.swift.sandhook.SandHook.callOriginMethod(boolean, java.lang.reflect.Member, java.lang.reflect.Method, java.lang.Object, java.lang.Object[]) (SandHook.java:166) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at java.lang.Object com.swift.sandhook.SandHook.callOriginMethod(java.lang.reflect.Member, java.lang.reflect.Method, java.lang.Object, java.lang.Object[]) (SandHook.java:154) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at long com.swift.sandhook.xposedcompat.hookstub.HookStubManager.hookBridge(int, com.swift.sandhook.xposedcompat.hookstub.CallOriginCallBack, long[]) (HookStubManager.java:302) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at int com.swift.sandhook.xposedcompat.hookstub.MethodHookerStubs32.stub_hook_3(int, int) (MethodHookerStubs32.java:218) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at void com.tencent.mm.ui.z.pv(boolean) (SourceFile:2155) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at void com.tencent.mm.ui.z.pw(boolean) (SourceFile:101)
...........
04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] native: #21 pc 000252be /dev/ashmem/dalvik-jit-code-cache (deleted) (???) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at java.lang.reflect.Method.invoke(Native method) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.SandHook.callOriginMethod(SandHook.java:166) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.SandHook.callOriginMethod(SandHook.java:154) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.xposedcompat.hookstub.HookStubManager.hookBridge(HookStubManager.java:302) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.xposedcompat.hookstub.MethodHookerStubs32.stub_hook_3(MethodHookerStubs32.java:218) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.tencent.mm.ui.z.pv(SourceFile:2155) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] - locked <0x0fb3e57f> (a com.tencent.mm.ui.z)
ganyao114
commented
5 years ago 04-24 16:17:33.383 1464 2012 E HwWifiStatStore: updateLinkSpeed linkSpeed =72 lastSpdLev=2 index=2 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] JNI DETECTED ERROR IN APPLICATION: JNI NewStringUTF called with pending exception java.lang.StackOverflowError: stack size 8MB 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at java.lang.Object java.lang.reflect.Method.invoke(java.lang.Object, java.lang.Object[]) (Method.java:-2) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at java.lang.Object com.swift.sandhook.SandHook.callOriginMethod(boolean, java.lang.reflect.Member, java.lang.reflect.Method, java.lang.Object, java.lang.Object[]) (SandHook.java:166) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at java.lang.Object com.swift.sandhook.SandHook.callOriginMethod(java.lang.reflect.Member, java.lang.reflect.Method, java.lang.Object, java.lang.Object[]) (SandHook.java:154) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at long com.swift.sandhook.xposedcompat.hookstub.HookStubManager.hookBridge(int, com.swift.sandhook.xposedcompat.hookstub.CallOriginCallBack, long[]) (HookStubManager.java:302) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at int com.swift.sandhook.xposedcompat.hookstub.MethodHookerStubs32.stub_hook_3(int, int) (MethodHookerStubs32.java:218) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at void com.tencent.mm.ui.z.pv(boolean) (SourceFile:2155) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at void com.tencent.mm.ui.z.pw(boolean) (SourceFile:101)
...........
04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] native: #21 pc 000252be /dev/ashmem/dalvik-jit-code-cache (deleted) (???) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at java.lang.reflect.Method.invoke(Native method) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.SandHook.callOriginMethod(SandHook.java:166) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.SandHook.callOriginMethod(SandHook.java:154) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.xposedcompat.hookstub.HookStubManager.hookBridge(HookStubManager.java:302) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.xposedcompat.hookstub.MethodHookerStubs32.stub_hook_3(MethodHookerStubs32.java:218) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.tencent.mm.ui.z.pv(SourceFile:2155) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] - locked <0x0fb3e57f> (a com.tencent.mm.ui.z)
我自己试出来的也是这个,但是只在 MIUI 上出现
zy990081568
commented
5 years ago 04-24 16:17:33.383 1464 2012 E HwWifiStatStore: updateLinkSpeed linkSpeed =72 lastSpdLev=2 index=2 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] JNI DETECTED ERROR IN APPLICATION: JNI NewStringUTF called with pending exception java.lang.StackOverflowError: stack size 8MB 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at java.lang.Object java.lang.reflect.Method.invoke(java.lang.Object, java.lang.Object[]) (Method.java:-2) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at java.lang.Object com.swift.sandhook.SandHook.callOriginMethod(boolean, java.lang.reflect.Member, java.lang.reflect.Method, java.lang.Object, java.lang.Object[]) (SandHook.java:166) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at java.lang.Object com.swift.sandhook.SandHook.callOriginMethod(java.lang.reflect.Member, java.lang.reflect.Method, java.lang.Object, java.lang.Object[]) (SandHook.java:154) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at long com.swift.sandhook.xposedcompat.hookstub.HookStubManager.hookBridge(int, com.swift.sandhook.xposedcompat.hookstub.CallOriginCallBack, long[]) (HookStubManager.java:302) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at int com.swift.sandhook.xposedcompat.hookstub.MethodHookerStubs32.stub_hook_3(int, int) (MethodHookerStubs32.java:218) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at void com.tencent.mm.ui.z.pv(boolean) (SourceFile:2155) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at void com.tencent.mm.ui.z.pw(boolean) (SourceFile:101) ........... 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] native: #21 pc 000252be /dev/ashmem/dalvik-jit-code-cache (deleted) (???) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at java.lang.reflect.Method.invoke(Native method) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.SandHook.callOriginMethod(SandHook.java:166) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.SandHook.callOriginMethod(SandHook.java:154) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.xposedcompat.hookstub.HookStubManager.hookBridge(HookStubManager.java:302) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.xposedcompat.hookstub.MethodHookerStubs32.stub_hook_3(MethodHookerStubs32.java:218) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.tencent.mm.ui.z.pv(SourceFile:2155) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] - locked <0x0fb3e57f> (a com.tencent.mm.ui.z)
我自己试出来的也是这个,但是只在 MIUI 上出现
我在HookStubManager.hookBridge(int id, CallOriginCallBack callOrigin, long... stubArgs)中SandHook.callOriginMethod()前sleep 1ms就没有问题
ganyao114
commented
5 years ago android-8.1.0_r1\art\runtime\jit\profile_saver.cc SampleClassesAndExecutedMethods
这个已经尝试修复了
https://github.com/ganyao114/SandHook/commit/9179864a61e3855730d479dd2e1a4a19e7005b82
zy990081568
commented
5 years ago android-8.1.0_r1\art\runtime\jit\profile_saver.cc SampleClassesAndExecutedMethods
这个已经尝试修复了
好的, 谢谢
zy990081568
commented
5 years ago 04-24 16:17:33.383 1464 2012 E HwWifiStatStore: updateLinkSpeed linkSpeed =72 lastSpdLev=2 index=2 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] JNI DETECTED ERROR IN APPLICATION: JNI NewStringUTF called with pending exception java.lang.StackOverflowError: stack size 8MB 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at java.lang.Object java.lang.reflect.Method.invoke(java.lang.Object, java.lang.Object[]) (Method.java:-2) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at java.lang.Object com.swift.sandhook.SandHook.callOriginMethod(boolean, java.lang.reflect.Member, java.lang.reflect.Method, java.lang.Object, java.lang.Object[]) (SandHook.java:166) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at java.lang.Object com.swift.sandhook.SandHook.callOriginMethod(java.lang.reflect.Member, java.lang.reflect.Method, java.lang.Object, java.lang.Object[]) (SandHook.java:154) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at long com.swift.sandhook.xposedcompat.hookstub.HookStubManager.hookBridge(int, com.swift.sandhook.xposedcompat.hookstub.CallOriginCallBack, long[]) (HookStubManager.java:302) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at int com.swift.sandhook.xposedcompat.hookstub.MethodHookerStubs32.stub_hook_3(int, int) (MethodHookerStubs32.java:218) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at void com.tencent.mm.ui.z.pv(boolean) (SourceFile:2155) 04-24 16:17:33.393 31454 31454 F zygote : java_vm_ext.cc:534] at void com.tencent.mm.ui.z.pw(boolean) (SourceFile:101) ........... 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] native: #21 pc 000252be /dev/ashmem/dalvik-jit-code-cache (deleted) (???) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at java.lang.reflect.Method.invoke(Native method) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.SandHook.callOriginMethod(SandHook.java:166) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.SandHook.callOriginMethod(SandHook.java:154) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.xposedcompat.hookstub.HookStubManager.hookBridge(HookStubManager.java:302) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.swift.sandhook.xposedcompat.hookstub.MethodHookerStubs32.stub_hook_3(MethodHookerStubs32.java:218) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] at com.tencent.mm.ui.z.pv(SourceFile:2155) 04-24 16:17:33.877 31454 31454 F zygote : runtime.cc:528] - locked <0x0fb3e57f> (a com.tencent.mm.ui.z)
我自己试出来的也是这个,但是只在 MIUI 上出现
请问闪退这个问题有没有解决呀
目前发现在微信7.0.3上hook com.tencent.mm.sdk.platformtools.bs.z(String substring, final String s) 这个函数会闪退
新建文本文档 (2).txt
华为畅玩8C Android8.1上测试 使用Xposed模块, 打开微信7.0.3过几秒直接闪退, log在附件, 麻烦看下什么原因,谢谢.