search

frida / frida-gum

Cross-platform instrumentation and introspection library written in C
https://frida.re
Other
733 stars 242 forks source link

gum_stalker_new() Crash!!!!!!!!!! #756

Closed yujack008 closed 10 months ago

yujack008 commented 10 months ago

I use frida gum version is frida-gum-devkit-16.1.5-android-arm64.tar.xz My Code

#include <thread>
#include "frida-gum.h"
[[maybe_unused]] __attribute__((constructor))
void lib_main() {
    GumStalker * stalker = gum_stalker_new();
    DEBUG("stalker :%p",stalker);
}

Backtrace:

11-17 16:49:20.916 13760 13760 F DEBUG   :
11-17 16:49:20.916 13760 13760 F DEBUG   : backtrace:
11-17 16:49:20.916 13760 13760 F DEBUG   :       #00 pc 000000000096a2d0  /data/app/io.supercent.toysrus-IHwTWFg_qWOVY8IxqQQV0g==/lib/arm64/libaaa.so (g_hash_table_lookup_node+28) (BuildId: cc7be8c530cc37710552b0abd14931967b5d89d6)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #01 pc 000000000096a270  /data/app/io.supercent.toysrus-IHwTWFg_qWOVY8IxqQQV0g==/lib/arm64/libaaa.so (_frida_g_hash_table_lookup+16) (BuildId: cc7be8c530cc37710552b0abd14931967b5d89d6)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #02 pc 000000000094db00  /data/app/io.supercent.toysrus-IHwTWFg_qWOVY8IxqQQV0g==/lib/arm64/libaaa.so (_frida_g_type_from_name+48) (BuildId: cc7be8c530cc37710552b0abd14931967b5d89d6)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #03 pc 000000000094cf3c  /data/app/io.supercent.toysrus-IHwTWFg_qWOVY8IxqQQV0g==/lib/arm64/libaaa.so (_frida_g_type_register_static+36) (BuildId: cc7be8c530cc37710552b0abd14931967b5d89d6)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #04 pc 000000000094cf08  /data/app/io.supercent.toysrus-IHwTWFg_qWOVY8IxqQQV0g==/lib/arm64/libaaa.so (_frida_g_type_register_static_simple+48) (BuildId: cc7be8c530cc37710552b0abd14931967b5d89d6)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #05 pc 00000000008c5660  /data/app/io.supercent.toysrus-IHwTWFg_qWOVY8IxqQQV0g==/lib/arm64/libaaa.so (gum_stalker_get_type+40) (BuildId: cc7be8c530cc37710552b0abd14931967b5d89d6)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #06 pc 00000000008c5798  /data/app/io.supercent.toysrus-IHwTWFg_qWOVY8IxqQQV0g==/lib/arm64/libaaa.so (gum_stalker_new+8) (BuildId: cc7be8c530cc37710552b0abd14931967b5d89d6)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #07 pc 0000000000874914  /data/app/io.supercent.toysrus-IHwTWFg_qWOVY8IxqQQV0g==/lib/arm64/libaaa.so (lib_main()+44) (BuildId: cc7be8c530cc37710552b0abd14931967b5d89d6)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #08 pc 0000000000052358  /apex/com.android.runtime/bin/linker64 (__dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5_+276) (BuildId: 9618c16b11f1d0b9db7bd99342459ec9)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #09 pc 0000000000052574  /apex/com.android.runtime/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+376) (BuildId: 9618c16b11f1d0b9db7bd99342459ec9)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #10 pc 0000000000052480  /apex/com.android.runtime/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+132) (BuildId: 9618c16b11f1d0b9db7bd99342459ec9)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #11 pc 000000000003cc34  /apex/com.android.runtime/bin/linker64 (__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv+2416) (BuildId: 9618c16b11f1d0b9db7bd99342459ec9)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #12 pc 00000000000380dc  /apex/com.android.runtime/bin/linker64 (__loader_android_dlopen_ext+72) (BuildId: 9618c16b11f1d0b9db7bd99342459ec9)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #13 pc 00000000000010b8  /apex/com.android.runtime/lib64/bionic/libdl.so (android_dlopen_ext+12) (BuildId: eaf850ad282e2aa45253983f09c5a3aa)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #14 pc 0000000000007fd8  /apex/com.android.runtime/lib64/libnativeloader.so (OpenNativeLibraryInNamespace+128) (BuildId: 2eafad962cd273ea43c52686ecdc9a06)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #15 pc 0000000000007c5c  /apex/com.android.runtime/lib64/libnativeloader.so (OpenNativeLibrary+200) (BuildId: 2eafad962cd273ea43c52686ecdc9a06)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #16 pc 000000000037a8a0  /apex/com.android.runtime/lib64/libart.so (art::JavaVMExt::LoadNativeLibrary(_JNIEnv*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, _jobject*, _jclass*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>*)+2032) (BuildId: 73b70c72840dc1a70da54c3b68fba381)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #17 pc 00000000000050e0  /apex/com.android.runtime/lib64/libopenjdkjvm.so (JVM_NativeLoad+412) (BuildId: c2077345ff6e91e8db8537a556e4ef84)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #18 pc 000000000025a874  /system/framework/arm64/boot.oat (art_jni_trampoline+228) (BuildId: 15a836e8de69e9d4083af6f0540cf1401e9d35a6)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #19 pc 000000000025a0ec  /system/framework/arm64/boot.oat (java.lang.Runtime.loadLibrary0+236) (BuildId: 15a836e8de69e9d4083af6f0540cf1401e9d35a6)
11-17 16:49:20.916 13760 13760 F DEBUG   :       #20 pc 000000000025c1d4  /system/framework/arm64/boot.oat (java.lang.Runtime.loadLibrary0+180) (BuildId: 15a836e8de69e9d4083af6f0540cf1401e9d35a6)
oleavr commented 10 months ago

You need to initialize the library before using it:

gum_init_embedded ();