search

canyie / pine

Dynamic java method hook framework on ART. Allowing you to change almost all java methods' behavior dynamically.
1.01k stars 188 forks source link

Hooking ContextWrapper.attachBaseContext in debug mode - segfault #54

Open hacker-cb opened 9 months ago

hacker-cb commented 9 months ago

Hello.

There is always segfault when I run debug on app from Android Studio when I trying to hook ContextWrapper.attachBaseContext

Pine.hook(ContextWrapper.class.getDeclaredMethod("attachBaseContext", Context.class), new MethodHook() {
    @Override
    public void beforeCall(Pine.CallFrame callFrame) throws Throwable {
        ...
    }
});

Here is log:

Hooking method protected void android.content.ContextWrapper.attachBaseContext(android.content.Context) with callback com.modules.LocaleChangerModule$1@eed873d
JIT compilation is not supported in Android R yet
InstallReplacementTrampoline: origin 0x70f17c08 origin_entry 0x6da79fdfa0 bridge_jump 0x703bd3d0a0
attachBaseContext; base: android.app.ContextImpl@855b32
handleBridge: artMethod=0x70f17c08 originExtras=0xb400006e07fa9f70 extras=0xb400006e07f98bd0 sp=0x7ffa2aa510
handleCall for method protected void android.content.ContextWrapper.attachBaseContext(android.content.Context)
Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xfffffffdf4489cb8 in tid 11925 (ple.allfeatures), pid 11925 (ple.allfeatures)
pid: 11925, tid: 11925, name: ple.allfeatures  >>> com.example.allfeatures <<<
      #22 pc 000000000029ae58  /data/app/~~VqzCA3Hstorc-eYIvNxnbw==/com.example.allfeatures-MOLI7OyBeYO8XK24ZiCZaQ==/base.apk (offset 0x10d000) (top.canyie.pine.Pine.callBackupMethod)
      #28 pc 000000000029a84c  /data/app/~~VqzCA3Hstorc-eYIvNxnbw==/com.example.allfeatures-MOLI7OyBeYO8XK24ZiCZaQ==/base.apk (offset 0x10d000) (top.canyie.pine.Pine$CallFrame.invokeOriginalMethod)
      #34 pc 000000000029aeb4  /data/app/~~VqzCA3Hstorc-eYIvNxnbw==/com.example.allfeatures-MOLI7OyBeYO8XK24ZiCZaQ==/base.apk (offset 0x10d000) (top.canyie.pine.Pine.handleCall)
      #40 pc 000000000029c794  /data/app/~~VqzCA3Hstorc-eYIvNxnbw==/com.example.allfeatures-MOLI7OyBeYO8XK24ZiCZaQ==/base.apk (offset 0x10d000) (top.canyie.pine.entry.Arm64Entry.handleBridge)
      #46 pc 000000000029cd74  /data/app/~~VqzCA3Hstorc-eYIvNxnbw==/com.example.allfeatures-MOLI7OyBeYO8XK24ZiCZaQ==/base.apk (offset 0x10d000) (top.canyie.pine.entry.Arm64Entry.voidBridge)
      #56 pc 000000000000117c  /data/app/~~VqzCA3Hstorc-eYIvNxnbw==/com.example.allfeatures-MOLI7OyBeYO8XK24ZiCZaQ==/base.apk (offset 0x56000) (com.example.allfeatures.App.attachBaseContext)
ramanbranavitski commented 4 months ago

Same issue. Any updates here?