Hook Android系统API时崩溃（所有系统版本 SO 是：armeabi-v7a）

0n1y3nd commented 5 years ago

崩溃堆栈如下：


2019-07-10 17:34:48.682 20622-20622/? A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0 in tid 20622 (om.example.prop)
2019-07-10 17:34:48.712 20646-20646/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2019-07-10 17:34:48.712 20646-20646/? A/DEBUG: Build fingerprint: 'HUAWEI/MHA-AL00/HWMHA:8.0.0/HUAWEIMHA-AL00/323daily(C00):user/release-keys'
2019-07-10 17:34:48.712 20646-20646/? A/DEBUG: Revision: '0'
2019-07-10 17:34:48.712 20646-20646/? A/DEBUG: ABI: 'arm'
2019-07-10 17:34:48.712 20646-20646/? A/DEBUG: pid: 20622, tid: 20622, name: om.example.prop  >>> com.example.prop <<<
2019-07-10 17:34:48.712 20646-20646/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
2019-07-10 17:34:48.712 20646-20646/? A/DEBUG: Cause: null pointer dereference
2019-07-10 17:34:48.712 20646-20646/? A/DEBUG:     r0 ecd6ed20  r1 ecd19bd0  r2 ff7f9240  r3 00000000
2019-07-10 17:34:48.712 20646-20646/? A/DEBUG:     r4 eeca91c8  r5 ecd6ed20  r6 00000008  r7 ff7f9250
2019-07-10 17:34:48.712 20646-20646/? A/DEBUG:     r8 00000002  r9 4606461c  sl eec62d30  fp ff7f928c
2019-07-10 17:34:48.712 20646-20646/? A/DEBUG:     ip eeca2d60  sp ff7f9240  lr ccb1f747  pc ccb201bc  cpsr 200d0030
2019-07-10 17:34:48.713 20646-20646/? A/DEBUG: backtrace:
2019-07-10 17:34:48.713 20646-20646/? A/DEBUG:     #00 pc 0000d1bc  /data/app/com.example.prop-DXtwn0768217AYyePMp1rw==/lib/arm/libhookzz.so (_ZN22LiteCollectionIterator13getNextObjectEv+19)
2019-07-10 17:34:48.713 20646-20646/? A/DEBUG:     #01 pc 0000c745  /data/app/com.example.prop-DXtwn0768217AYyePMp1rw==/lib/arm/libhookzz.so (_Z23gen_thumb_relocate_codePvPijj+276)
2019-07-10 17:34:48.713 20646-20646/? A/DEBUG:     #02 pc 0000ccdf  /data/app/com.example.prop-DXtwn0768217AYyePMp1rw==/lib/arm/libhookzz.so (_ZN16InterceptRouting7PrepareEv+62)
2019-07-10 17:34:48.713 20646-20646/? A/DEBUG:     #03 pc 0000ce51  /data/app/com.example.prop-DXtwn0768217AYyePMp1rw==/lib/arm/libhookzz.so (_ZN28FunctionInlineReplaceRouting8DispatchEv+12)
2019-07-10 17:34:48.713 20646-20646/? A/DEBUG:     #04 pc 0000cec9  /data/app/com.example.prop-DXtwn0768217AYyePMp1rw==/lib/arm/libhookzz.so (ZzReplace+100)
2019-07-10 17:34:48.713 20646-20646/? A/DEBUG:     #05 pc 000022f1  /data/app/com.example.prop-DXtwn0768217AYyePMp1rw==/lib/arm/libnative-lib.so (Java_com_example_prop_MainActivity_stringFromJNI+48)
2019-07-10 17:34:48.713 20646-20646/? A/DEBUG:     #06 pc 0005eff3  /data/app/com.example.prop-DXtwn0768217AYyePMp1rw==/oat/arm/base.odex (offset 0x1c000)
2019-07-10 17:34:48.726 1117-1257/system_process E/AwareLog: RMS.AwareIntelligentRecg: delete com.example.prop from iAware.db```

HOOK代码：
size_t (*origin_fread)(void * ptr, size_t size, size_t nitems, FILE * stream);

size_t (fake_fread)(void * ptr, size_t size, size_t nitems, FILE * stream) {
    // Do What you Want.
    return origin_fread(ptr, size, nitems, stream);
}

void hook_fread() {
    ZzReplace((void *)fread, (void *)fake_fread, (void **)&origin_fread);
}

0n1y3nd commented 5 years ago

已解决

Pancts commented 4 years ago

能请教一下是怎么解决的么同样遇到这个问题

crtthas commented 3 years ago

同问，怎么解决的

jmpews / Dobby

Hook Android系统API时崩溃（所有系统版本 SO 是：armeabi-v7a） #59

jmpews / Dobby

Hook Android系统API时 崩溃（所有系统版本 SO 是：armeabi-v7a） #59

Hook Android系统API时崩溃（所有系统版本 SO 是：armeabi-v7a） #59