Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Android ART Implementation can't return Object #105

Closed
spacecowboy3141 opened this issue Aug 31, 2015 · 1 comment
Closed

Android ART Implementation can't return Object #105

spacecowboy3141 opened this issue Aug 31, 2015 · 1 comment

Comments

@spacecowboy3141
Copy link

When I attempt to override a function which returns an int, frida works. However when I attempt to override a function which returns an Object, the Application crashes with the following traceback:

F/libc    ( 1373): Fatal signal 11 (SIGSEGV), code 1, fault addr 0x45852e0 in tid 1373 (r.myapplication)
I/DEBUG   (   60): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG   (   60): Build fingerprint: 'generic/sdk_phone_armv7/generic:5.0.2/LSY64/1772600:eng/test-keys'
I/DEBUG   (   60): Revision: '0'
I/DEBUG   (   60): ABI: 'arm'
I/DEBUG   (   60): pid: 1373, tid: 1373, name: r.myapplication  >>> com.example.user.myapplication <<<
I/DEBUG   (   60): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x45852e0
I/DEBUG   (   60):     r0 71eb0039  r1 73510788  r2 00000001  r3 b0830a20
I/DEBUG   (   60):     r4 b4db5d61  r5 b4ffefe0  r6 b5069300  r7 73510788
I/DEBUG   (   60):     r8 b4db5d01  r9 00000000  sl b4db5d00  fp b6f7ad94
I/DEBUG   (   60):     ip fffffaac  sp bea8fce8  lr 045852e0  pc b4ee62b2  cpsr 20000030
I/DEBUG   (   60): 
I/DEBUG   (   60): backtrace:
I/DEBUG   (   60):     #00 pc 001d42b2  /system/lib/libart.so (art::mirror::ArtMethod::ToDexPc(unsigned int, bool)+141)
I/DEBUG   (   60):     #01 pc 0021c81d  /system/lib/libart.so (art::CurrentMethodVisitor::VisitFrame()+40)
I/DEBUG   (   60):     #02 pc 0021abf1  /system/lib/libart.so (art::StackVisitor::WalkStack(bool)+240)
I/DEBUG   (   60):     #03 pc 0021d141  /system/lib/libart.so (art::Thread::GetCurrentMethod(unsigned int*, bool) const+44)
I/DEBUG   (   60):     #04 pc 0025ba6f  /system/lib/libart.so (art::CheckReferenceResult(art::mirror::Object*, art::Thread*)+42)
I/DEBUG   (   60):     #05 pc 0008714b  /system/lib/libart.so (art::JniMethodEndWithReference(_jobject*, unsigned int, art::Thread*)+62)
I/DEBUG   (   60):     #06 pc 0027c95f  /system/lib/libart.so (artQuickGenericJniEndTrampoline+286)
I/DEBUG   (   60):     #07 pc 000a3d2d  /system/lib/libart.so (art_quick_generic_jni_trampoline+44)
I/DEBUG   (   60):     #08 pc 00000000  <unknown>
I/DEBUG   (   60):

This is the hook code I'm using:

Dalvik.perform(function() {
    var myclass = Dalvik.use("com.example.user.myapplication.MyClass");
    myclass.handleObject.implementation = function(myObject) {
        send("Handle Object called within Frida!!");
        return this.handleObject(myObject);
    };
});

The send command succeeds however fails on the return.

This is with the latest git build (ba1a8ce)
This was referenced Sep 10, 2015
Closed
Closed
@oleavr
Copy link
Member

oleavr commented Jan 19, 2017

Fixed in latest Frida 9.x.

@oleavr oleavr closed this as completed Jan 19, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oleavr @spacecowboy3141