frida -U -f 進(jìn)程名 --no-pause -l hook腳本時(shí)報(bào)“Process crashed: Illegal instruction”
我在用frida -U -f 進(jìn)程名 --no-pause -l hook腳本 命令啟動(dòng)程序并hook時(shí)frida報(bào)"Process crashed: Illegal instruction"。后面我發(fā)現(xiàn)要hook的應(yīng)用對(duì)libart.so中的一些函數(shù)進(jìn)行了inline hook,不知道與這個(gè)是否有關(guān)。而我需要hook的位置會(huì)在程序啟動(dòng)過(guò)程中觸發(fā),啟動(dòng)完了就過(guò)了時(shí)機(jī)了。路過(guò)的大神能忙指點(diǎn)指點(diǎn)嗎,小女在此先謝過(guò)了
具體報(bào)錯(cuò)如下:
Spawned 進(jìn)程名略
. Use %resume to let the main thread start executing!
[Pixel::進(jìn)程名略]-> %resume
[Pixel::進(jìn)程名略]-> Process crashed: Illegal instruction
Build fingerprint: 'google/sailfish/sailfish:9/PQ3A.190705.001/5565753:user/release-keys'
Revision: '0'
ABI: 'arm'
pid: 20084, tid: 20084, name: re-initialized> >>> <pre-initialized> <<<
signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xea7ea000
r0 7194f354 r1 12c459c0 r2 12e87010 r3 713d5870
r4 acc2f3ff r5 12e87010 r6 12c459c0 r7 12c45b08
r8 00000000 r9 e70c7000 r10 12e87058 r11 00000001
ip 7131d358 sp ffdd8110 lr 73510b1f pc ea7ea000
backtrace:
#00 pc 00000000 <anonymous:ea7ea000>
#01 pc 00756b1d /system/framework/arm/boot-framework.oat (offset 0x3ab000) (android.app.ActivityThread$H.handleMessage+6140)
#02 pc 0090e701 /system/framework/arm/boot-framework.oat (offset 0x765000) (android.os.Handler.dispatchMessage+136)
#03 pc 00910dfb /system/framework/arm/boot-framework.oat (offset 0x765000) (android.os.Looper.loop+1162)
#04 pc 0075fdf3 /system/framework/arm/boot-framework.oat (offset 0x3ab000) (android.app.ActivityThread.main+674)
#05 pc 0040d575 /system/lib/libart.so (offset 0x344000) (art_quick_invoke_stub_internal+68)
#06 pc 003e6c93 /system/lib/libart.so (offset 0x344000) (art_quick_invoke_static_stub+222)
#07 pc 000a1027 /system/lib/libart.so (offset 0x95000) (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+154)
#08 pc 00347ac5 /system/lib/libart.so (offset 0x305000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+52)
#09 pc 00348f15 /system/lib/libart.so (offset 0x305000) (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int)+1024)
#10 pc 002fb0c5 /system/lib/libart.so (offset 0x2b0000) (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+40)
#11 pc 0011226f /system/framework/arm/boot.oat (offset 0x10c000) (java.lang.Class.getDeclaredMethodInternal [DEDUPED]+110)
#12 pc 00a0aa33 /system/framework/arm/boot-framework.oat (offset 0x765000) (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+114)
#13 pc 00a1091d /system/framework/arm/boot-framework.oat (offset 0x765000) (com.android.internal.os.ZygoteInit.main+2836)
#14 pc 0040d575 /system/lib/libart.so (offset 0x344000) (art_quick_invoke_stub_internal+68)
#15 pc 003e6c93 /system/lib/libart.so (offset 0x344000) (art_quick_invoke_static_stub+222)
#16 pc 000a1027 /system/lib/libart.so (offset 0x95000) (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+154)
#17 pc 00347ac5 /system/lib/libart.so (offset 0x305000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+52)
#18 pc 003478ef /system/lib/libart.so (offset 0x305000) (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+310)
#19 pc 0028eb11 /system/lib/libart.so (offset 0x1d6000) (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+444)
#20 pc 0006cb4b /system/lib/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+30)
#21 pc 0006eda3 /system/lib/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+458)
#22 pc 00001989 /system/bin/app_process32 (main+728)
#23 pc 0008ae3d /system/lib/libc.so (offset 0x66000) (__libc_init+48)
#24 pc 0000166f /system/bin/app_process32 (_start_main+38)
#25 pc 00000306 <anonymous:eac9b000>
[Pixel::進(jìn)程名略]->