search

jmpews / Dobby

a lightweight, multi-platform, multi-architecture hook framework.
Apache License 2.0
3.89k stars 798 forks source link

Signal 11 code 1 #116

Closed Lamfi closed 3 years ago

Lamfi commented 3 years ago

I something don't understand how to hook symbol. I compile and connect Dobby.h And debug version of dobby. But when i hook void i get s11 code 1.

Code: void *a = DobbySymbolResolver("minecraftpe", "_ZNK4Core15FilePathManager11getRootPathEv");

        if(a){
            LOG("gsgsg");

            DobbyHook((void*) a,(void*) &root,(void**) &root_hook);
        }
jmpews commented 3 years ago

Android Version ?

jmpews commented 3 years ago

or stacktrace ?

Lamfi commented 3 years ago

Android 10 12-08 10:45:42.642 14564 14564 F DEBUG Build fingerprint: 'Redmi/curtana_ru/curtana:10/QKQ1.191215.002/V12.0.2.0.QJWRUXM:user/release-keys' 12-08 10:45:42.642 14564 14564 F DEBUG Revision: '0' 12-08 10:45:42.642 14564 14564 F DEBUG ABI: 'arm' 12-08 10:45:42.644 14564 14564 F DEBUG Timestamp: 2020-12-08 10:45:42+0300 12-08 10:45:42.644 14564 14564 F DEBUG pid: 14518, tid: 14518, name: evinc.modengine >>> com.revinc.modengine <<< 12-08 10:45:42.644 14564 14564 F DEBUG uid: 10350 12-08 10:45:42.644 14564 14564 F DEBUG signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 12-08 10:45:42.644 14564 14564 F DEBUG Cause: null pointer dereference 12-08 10:45:42.644 14564 14564 F DEBUG r0 00000000 r1 d296e7c8 r2 00000008 r3 00000040 12-08 10:45:42.644 14564 14564 F DEBUG r4 c1397e80 r5 00000000 r6 bbab64c9 r7 ffa21b30 12-08 10:45:42.644 14564 14564 F DEBUG r8 ffa21b3c r9 00000000 r10 d2706b48 r11 ffa21bec 12-08 10:45:42.644 14564 14564 F DEBUG ip 00000000 sp ffa21b18 lr c0a55631 pc c0a5569e 12-08 10:45:43.322 14564 14564 F DEBUG
12-08 10:45:43.322 14564 14564 F DEBUG backtrace: 12-08 10:45:43.322 14564 14564 F DEBUG #00 pc 0004a69e /data/app/com.revinc.modengine-AcSASdrkJV6hgC3awt-OGw==/lib/arm/libmodengine.so 12-08 10:45:43.322 14564 14564 F DEBUG #01 pc 0004a62d /data/app/com.revinc.modengine-AcSASdrkJV6hgC3awt-OGw==/lib/arm/libmodengine.so 12-08 10:45:43.322 14564 14564 F DEBUG #02 pc 0004a55b /data/app/com.revinc.modengine-AcSASdrkJV6hgC3awt-OGw==/lib/arm/libmodengine.so 12-08 10:45:43.322 14564 14564 F DEBUG #03 pc 0004a9e7 /data/app/com.revinc.modengine-AcSASdrkJV6hgC3awt-OGw==/lib/arm/libmodengine.so 12-08 10:45:43.322 14564 14564 F DEBUG #04 pc 0004831f /data/app/com.revinc.modengine-AcSASdrkJV6hgC3awt-OGw==/lib/arm/libmodengine.so (DobbyHook+106) 12-08 10:45:43.322 14564 14564 F DEBUG #05 pc 000096d0 /data/app/com.revinc.modengine-AcSASdrkJV6hgC3awt-OGw==/lib/arm/libmodengine.so (Java_com_revinc_modengine_MinecraftActivity_init+196) 12-08 10:45:43.322 14564 14564 F DEBUG #06 pc 0002473f /data/app/com.revinc.modengine-AcSASdrkJV6hgC3awt-OGw==/oat/arm/base.odex (art_jni_trampoline+94) 12-08 10:45:43.322 14564 14564 F DEBUG #07 pc 000d7bc5 /apex/com.android.runtime/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.322 14564 14564 F DEBUG #08 pc 0043cb4f /apex/com.android.runtime/lib/libart.so (art_quick_invoke_static_stub+246) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.322 14564 14564 F DEBUG #09 pc 000dff95 /apex/com.android.runtime/lib/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+188) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.322 14564 14564 F DEBUG #10 pc 00214683 /apex/com.android.runtime/lib/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread, art::ArtMethod, art::ShadowFrame, unsigned short, art::JValue)+270) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.322 14564 14564 F DEBUG #11 pc 00210877 /apex/com.android.runtime/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod, art::Thread, art::ShadowFrame&, art::Instruction const, unsigned short, art::JValue)+738) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.322 14564 14564 F DEBUG #12 pc 0043433f /apex/com.android.runtime/lib/libart.so (MterpInvokeStatic+326) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.322 14564 14564 F DEBUG #13 pc 000d2994 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_static+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.322 14564 14564 F DEBUG #14 pc 0012d48a /data/app/com.revinc.modengine-AcSASdrkJV6hgC3awt-OGw==/oat/arm/base.vdex (com.revinc.modengine.MinecraftActivity.onCreate+90) 12-08 10:45:43.322 14564 14564 F DEBUG #15 pc 00432027 /apex/com.android.runtime/lib/libart.so (MterpInvokeVirtual+1226) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.322 14564 14564 F DEBUG #16 pc 000d2814 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #17 pc 001af946 /system/framework/framework.jar (android.app.Activity.performCreate+38) 12-08 10:45:43.323 14564 14564 F DEBUG #18 pc 00432027 /apex/com.android.runtime/lib/libart.so (MterpInvokeVirtual+1226) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #19 pc 000d2814 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #20 pc 001af906 /system/framework/framework.jar (android.app.Activity.performCreate+2) 12-08 10:45:43.323 14564 14564 F DEBUG #21 pc 00432027 /apex/com.android.runtime/lib/libart.so (MterpInvokeVirtual+1226) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #22 pc 000d2814 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #23 pc 00211f82 /system/framework/framework.jar (android.app.Instrumentation.callActivityOnCreate+6) 12-08 10:45:43.323 14564 14564 F DEBUG #24 pc 00432027 /apex/com.android.runtime/lib/libart.so (MterpInvokeVirtual+1226) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #25 pc 000d2814 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #26 pc 0019e654 /system/framework/framework.jar (android.app.ActivityThread.performLaunchActivity+752) 12-08 10:45:43.323 14564 14564 F DEBUG #27 pc 00433e61 /apex/com.android.runtime/lib/libart.so (MterpInvokeDirect+976) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #28 pc 000d2914 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_direct+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #29 pc 0019e2d2 /system/framework/framework.jar (android.app.ActivityThread.handleLaunchActivity+94) 12-08 10:45:43.323 14564 14564 F DEBUG #30 pc 00432027 /apex/com.android.runtime/lib/libart.so (MterpInvokeVirtual+1226) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #31 pc 000d2814 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #32 pc 00282962 /system/framework/framework.jar (android.app.servertransaction.LaunchActivityItem.execute+126) 12-08 10:45:43.323 14564 14564 F DEBUG #33 pc 00432027 /apex/com.android.runtime/lib/libart.so (MterpInvokeVirtual+1226) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #34 pc 000d2814 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #35 pc 00284eae /system/framework/framework.jar (android.app.servertransaction.TransactionExecutor.executeCallbacks+154) 12-08 10:45:43.323 14564 14564 F DEBUG #36 pc 00432027 /apex/com.android.runtime/lib/libart.so (MterpInvokeVirtual+1226) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #37 pc 000d2814 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #38 pc 00284dea /system/framework/framework.jar (android.app.servertransaction.TransactionExecutor.execute+146) 12-08 10:45:43.323 14564 14564 F DEBUG #39 pc 00432027 /apex/com.android.runtime/lib/libart.so (MterpInvokeVirtual+1226) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #40 pc 000d2814 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #41 pc 0019d1c2 /system/framework/framework.jar (android.app.ActivityThread$H.handleMessage+86) 12-08 10:45:43.323 14564 14564 F DEBUG #42 pc 00432027 /apex/com.android.runtime/lib/libart.so (MterpInvokeVirtual+1226) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #43 pc 000d2814 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #44 pc 00324a52 /system/framework/framework.jar (android.os.Handler.dispatchMessage+38) 12-08 10:45:43.323 14564 14564 F DEBUG #45 pc 00432027 /apex/com.android.runtime/lib/libart.so (MterpInvokeVirtual+1226) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #46 pc 000d2814 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #47 pc 00349be8 /system/framework/framework.jar (android.os.Looper.loop+484) 12-08 10:45:43.323 14564 14564 F DEBUG #48 pc 0043459f /apex/com.android.runtime/lib/libart.so (MterpInvokeStatic+934) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #49 pc 000d2994 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_static+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #50 pc 001a749c /system/framework/framework.jar (android.app.ActivityThread.main+196) 12-08 10:45:43.323 14564 14564 F DEBUG #51 pc 001f069f /apex/com.android.runtime/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.3851647361611683220+166) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #52 pc 001f50b3 /apex/com.android.runtime/lib/libart.so (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread, art::CodeItemDataAccessor const&, art::ShadowFrame)+122) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #53 pc 00426497 /apex/com.android.runtime/lib/libart.so (artQuickToInterpreterBridge+866) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #54 pc 000dc5a1 /apex/com.android.runtime/lib/libart.so (art_quick_to_interpreter_bridge+32) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #55 pc 000d7bc5 /apex/com.android.runtime/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #56 pc 0043cb4f /apex/com.android.runtime/lib/libart.so (art_quick_invoke_static_stub+246) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #57 pc 000dff95 /apex/com.android.runtime/lib/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+188) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #58 pc 0037ce07 /apex/com.android.runtime/lib/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod, art::(anonymous namespace)::ArgArray, art::JValue, char const)+54) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #59 pc 0037e2f5 /apex/com.android.runtime/lib/libart.so (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject, _jobject, _jobject, unsigned int)+872) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #60 pc 003284a3 /apex/com.android.runtime/lib/libart.so (art::Method_invoke(_JNIEnv, _jobject, _jobject, _jobjectArray)+30) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #61 pc 005f97e7 /system/framework/arm/boot.oat (art_jni_trampoline+110) (BuildId: 0694314653ce33ac4194ec55c7a89fff25965dba) 12-08 10:45:43.323 14564 14564 F DEBUG #62 pc 000d7bc5 /apex/com.android.runtime/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #63 pc 0043ca3d /apex/com.android.runtime/lib/libart.so (art_quick_invoke_stub+248) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #64 pc 000dff81 /apex/com.android.runtime/lib/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+168) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #65 pc 00214683 /apex/com.android.runtime/lib/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread, art::ArtMethod, art::ShadowFrame, unsigned short, art::JValue)+270) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #66 pc 00210877 /apex/com.android.runtime/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod, art::Thread, art::ShadowFrame&, art::Instruction const, unsigned short, art::JValue)+738) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #67 pc 00431daf /apex/com.android.runtime/lib/libart.so (MterpInvokeVirtual+594) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #68 pc 000d2814 /apex/com.android.runtime/lib/libart.so (mterp_op_invoke_virtual+20) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #69 pc 003a06ea /system/framework/framework.jar (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+22) 12-08 10:45:43.323 14564 14564 F DEBUG #70 pc 001f069f /apex/com.android.runtime/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.3851647361611683220+166) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #71 pc 001f50b3 /apex/com.android.runtime/lib/libart.so (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread, art::CodeItemDataAccessor const&, art::ShadowFrame)+122) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #72 pc 00426497 /apex/com.android.runtime/lib/libart.so (artQuickToInterpreterBridge+866) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #73 pc 000dc5a1 /apex/com.android.runtime/lib/libart.so (art_quick_to_interpreter_bridge+32) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #74 pc 01dbc1c1 /system/framework/arm/boot-framework.oat (com.android.internal.os.ZygoteInit.main+1784) (BuildId: 831e5ad1547c369b331d49583325dd80ccd9c9af) 12-08 10:45:43.323 14564 14564 F DEBUG #75 pc 000d7bc5 /apex/com.android.runtime/lib/libart.so (art_quick_invoke_stub_internal+68) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #76 pc 0043cb4f /apex/com.android.runtime/lib/libart.so (art_quick_invoke_static_stub+246) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #77 pc 000dff95 /apex/com.android.runtime/lib/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+188) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #78 pc 0037ce07 /apex/com.android.runtime/lib/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod, art::(anonymous namespace)::ArgArray, art::JValue, char const)+54) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #79 pc 0037cba3 /apex/com.android.runtime/lib/libart.so (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject, _jmethodID, std::__va_list)+290) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #80 pc 002c3d01 /apex/com.android.runtime/lib/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv, _jclass, _jmethodID, std::__va_list)+492) (BuildId: 4412ccc62c65ede033f2daf89857c596) 12-08 10:45:43.323 14564 14564 F DEBUG #81 pc 0007f6a9 /system/lib/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass, _jmethodID, ...)+28) (BuildId: 11ab93e040a01a5a9cfc83a78dc4f916) 12-08 10:45:43.323 14564 14564 F DEBUG #82 pc 00081ca9 /system/lib/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector const&, bool)+552) (BuildId: 11ab93e040a01a5a9cfc83a78dc4f916) 12-08 10:45:43.323 14564 14564 F DEBUG #83 pc 000023bd /system/bin/app_process32 (main+880) (BuildId: 225b439036e590753eec73eeb0a320c5) 12-08 10:45:43.323 14564 14564 F DEBUG #84 pc 0005ba83 /apex/com.android.runtime/lib/bionic/libc.so (libc_init+66) (BuildId: dcf0e174e93e33d22f35a631ba9c0de5) 12-08 10:45:43.323 14564 14564 F DEBUG #85 pc 00002037 /system/bin/app_process32 (_start_main+46) (BuildId: 225b439036e590753eec73eeb0a320c5) 12-08 10:45:43.323 14564 14564 F DEBUG #86 pc 0002fd71 /apex/com.android.runtime/bin/linker (dl__ZN6soinfoD1Ev+16) (BuildId: 0283ae5e668b077ecc9eff3d97052fa3) 12-08 10:45:43.323 14564 14564 F DEBUG #87 pc 007fe695 [stack]

jmpews commented 3 years ago

check DobbySymbolResolver result, it looks like the function address was not founded