Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Process crashed: SIGBUS BUS_ADRALN | backtrace: #00 pc 005c47b2 /memfd:frida-agent-32.so (deleted) #2853

Closed
brunoaduarte opened this issue May 16, 2024 · 1 comment
Closed

Process crashed: SIGBUS BUS_ADRALN | backtrace: #00 pc 005c47b2 /memfd:frida-agent-32.so (deleted) #2853

brunoaduarte opened this issue May 16, 2024 · 1 comment

Comments

@brunoaduarte
Copy link

I'm trying to intercept a native method from a ".so" arm64 library using frida-server-16.2.1 and a few mS after intercepting it (without calling it) I get this error:

Process crashed: SIGBUS BUS_ADRALN

***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'samsung/redroid_arm64/redroid_arm64:11/RD2A.211001.002/eng.frank.20231013.062931:userdebug/test-keys'
Revision: '0'
ABI: 'arm'
Timestamp: 2024-05-16 21:11:07+0000
pid: 9354, tid: 9370, name: Thread-7  >>> com.testapp<<<
uid: 10116
signal 7 (SIGBUS), code 1 (BUS_ADRALN), fault addr 0xbfbdfbae
    r0  eec33008  r1  e51ff000  r2  bfbdfbae  r3  bfbdfbb2
    r4  00000000  r5  ef2cfa00  r6  eec33000  r7  c96327b0
    r8  eec33008  r9  00000001  r10 ef29a400  r11 e48ca8a0
    ip  c8716a30  sp  c96327a8  lr  c7dcba13  pc  c7dcb7b2
backtrace:
      #00 pc 005c47b2  /memfd:frida-agent-32.so (deleted)

Here's the intercept code:

        Interceptor.attach(ptr(baseAddressOfLib + '').add(0x243bae), {
                    onEnter: function(args) {
                        console.log("Entered");
                        // this.context.x0=0x1;
                    },
                    onLeave: function(retval) {
                        console.log("Exited, retval:"+retval);
                        // retval.replace(0x1);
                    }
        });         
       Interceptor.flush();

Everything else works fine.

Is it some sort of frida detection mechanism ? If so, how can I bypass it?
@brunoaduarte
Copy link
Author

So, this was happening because this was a thumb address. So we must set the LSB to 1.

.or(1) the address

        Interceptor.attach(ptr(baseAddressOfLib + '').add(0x243bae).or(1), {
                    onEnter: function(args) {
                        console.log("Entered");
                        // this.context.x0=0x1;
                    },
                    onLeave: function(retval) {
                        console.log("Exited, retval:"+retval);
                        // retval.replace(0x1);
                    }
        });         
       Interceptor.flush();

Same as #790

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brunoaduarte