search

jmpews / Dobby

a lightweight, multi-platform, multi-architecture hook framework.
Apache License 2.0
3.89k stars 796 forks source link

arm64 下,hook 之后报 `SIGILL`/`ILL_ILLOPC` #201

Closed yujincheng08 closed 1 year ago

yujincheng08 commented 1 year ago

libart.zip

hook 的是 0x3C87C8_ZN3art15instrumentation15Instrumentation21InitializeMethodsCodeEPNS_9ArtMethodEPKv。hook 完之后,0x3C87D4SIGILL/ILL_ILLOPC

hook 前:

0x00000000003c87c8:  FD 7B BD A9    stp x29, x30, [sp, #-0x30]!
0x00000000003c87cc:  F5 0B 00 F9    str x21, [sp, #0x10]
0x00000000003c87d0:  FD 03 00 91    mov x29, sp
0x00000000003c87d4:  F4 4F 02 A9    stp x20, x19, [sp, #0x20]
0x00000000003c87d8:  08 0C 40 B9    ldr w8, [x0, #0xc]

hook 后:

0x00000000003c87c8:  51 1B F6 B0    adrp x17, #0xffffffffec731000
0x00000000003c87cc:  31 42 3B 91    add  x17, x17, #0xed0
0x00000000003c87d0:  20 02 1F D6    br   x17
0x00000000003c87d4:  F4 4F 02 A9    stp  x20, x19, [sp, #0x20]
0x00000000003c87d8:  08 0C 40 B9    ldr  w8, [x0, #0xc]
yujincheng08 commented 1 year ago

crash 前函数内容:

0x0000000000000000:  50 00 00 58    ldr   x16, #8
0x0000000000000004:  00 02 1F D6    br    x16
0x0000000000000008:  EC 28 C4 79    ldrsh w12, [x7, #0x214]

是 hook 之后又被人 hook 了。