search

maoabc / nmmp

dex-vm used to protect the android classes.dex file
780 stars 269 forks source link

Android 6.0 上与 JNA 兼容性问题 #31

Closed shawnbc closed 1 year ago

shawnbc commented 2 years ago

你好,在 Android 6.0 的机器上,加固JNA调用方式的代码会出现崩溃(加固下面这段代码)

public class MyApplication extends Application {
    @Override
    public void onCreate() {
        super.onCreate();
        Log.e("MyApplication", "test.");
        String str = "jna test";
        TestJna.INSTANCE.test_jna(str);
        Log.e("MyApplication", "test end.");

    }
}

TestJna的代码:

import com.sun.jna.Library;
import com.sun.jna.Native;

public interface TestJna extends Library {
    TestJna INSTANCE = Native.load("native-test-jna", TestJna.class);
    void test_jna(String msg);
}

native-test-jna 中的代码:

void test_jna(jstring msg) {
    LOGE("method = %s", __FUNCTION__);
}

模拟器中的错误日志:

2022-01-18 19:04:20.476 4644-4644/com.example.jnatestapplication E/MyApplication: test.
2022-01-18 19:04:20.483 4644-4644/com.example.jnatestapplication E/art: JNI ERROR (app bug): accessed stale weak global reference 0x745f545b (index 54550 in a table of size 31)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410] JNI DETECTED ERROR IN APPLICATION: use of deleted weak global reference 0x745f545b
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]     from void com.example.jnatestapplication.MyApplication.onCreate()
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410] "main" prio=5 tid=1 Runnable
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   | group="main" sCount=0 dsCount=0 obj=0x75a82710 self=0x7fdcce5fba00
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   | sysTid=4644 nice=0 cgrp=default sched=0/0 handle=0x7fdcd1f7d200
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   | state=R schedstat=( 0 0 0 ) utm=1 stm=2 core=0 HZ=100
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   | stack=0x7fffaac24000-0x7fffaac26000 stackSize=8MB
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   | held mutexes= "mutator lock"(shared held)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   native: #00 pc 00000000005678e7  /system/lib64/libart.so (art::DumpNativeStack(std::__1::basic_ostream<char, std::__1::char_traits<char> >&, int, char const*, art::ArtMethod*, void*)+215)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   native: #01 pc 0000000000530b30  /system/lib64/libart.so (art::Thread::Dump(std::__1::basic_ostream<char, std::__1::char_traits<char> >&) const+208)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   native: #02 pc 000000000039cde9  /system/lib64/libart.so (art::JavaVMExt::JniAbort(char const*, char const*)+1177)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   native: #03 pc 000000000039e5c3  /system/lib64/libart.so (art::JavaVMExt::JniAbortF(char const*, char const*, ...)+227)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   native: #04 pc 0000000000529078  /system/lib64/libart.so (art::Thread::DecodeJObject(_jobject*) const+312)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   native: #05 pc 00000000004f64e2  /system/lib64/libart.so (art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue*)+754)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   native: #06 pc 00000000003cb51f  /system/lib64/libart.so (art::JNI::CallVoidMethodA(_JNIEnv*, _jobject*, _jmethodID*, jvalue*)+511)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   native: #07 pc 00000000001aaa6b  /system/lib64/libart.so (art::CheckJNI::CallMethodA(char const*, _JNIEnv*, _jobject*, _jclass*, _jmethodID*, jvalue*, art::Primitive::Type, art::InvokeType)+1755)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   native: #08 pc 00000000001ab551  /system/lib64/libart.so (art::CheckJNI::CallVoidMethodA(_JNIEnv*, _jobject*, _jmethodID*, jvalue*)+33)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   native: #09 pc 0000000000021dda  /data/app/com.example.jnatestapplication-1/lib/x86_64/libnmmvm.so (vmInterpret+34442)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   native: #10 pc 000000000000136e  /data/app/com.example.jnatestapplication-1/lib/x86_64/libnmmp.so (???)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   native: #11 pc 0000000000b7e589  /data/app/com.example.jnatestapplication-1/oat/x86_64/base.odex (void com.example.jnatestapplication.MyApplication.onCreate()+157)
2022-01-18 19:04:20.488 4644-4644/com.example.jnatestapplication A/art: art/runtime/java_vm_ext.cc:410]   native: #12 pc 0000000000b78aa5  /data/dalvik-cache/x86_64/system@framework@boot.oat (???)

我单独在jni测试调用 TestJna.INSTANCE.test_jna() 是可以的。

maoabc commented 2 years ago

去掉TestJna.INSTANCE.test_jna(str);就正常了是吧? 我后面加个测试看看

shawnbc commented 2 years ago

是的 test_jna 的参数去掉也是正常的。

maoabc commented 2 years ago

加了一个jna相关测试, 已经复现这个问题. 具体原因还要分析

maoabc commented 2 years ago

问题在android6的art或者jna实现的bug, 感觉art有问题的概率更大, 具体原因还是没找到. 目前解决方法, 只能绕过这类代码不对它们native化.

maoabc commented 2 years ago

加了是否有调用jna方法的分析, 有的话则不能进行native化.

winte1 commented 1 year ago

安卓7.0以下的不太兼容,试用过安卓5运行出错,但用vm保护又正常