DroidPlugin icon indicating copy to clipboard operation
DroidPlugin copied to clipboard

Published 20 hours ago verified publisher icon DroidPluginTeam

JNI 层调用IActivityManager.getLaunchedUid崩溃

Open YuanYuan927 opened this issue 7 years ago • 1 comments

应用里集成了腾讯广点通广告SDK,广告SDK里在JNI层调用了IActivityManager.getLaunchedUid崩溃。非常奇怪,返回值明显是int,但是错误提示说返回值不匹配。把DroidPlugin初始化代码去掉就OK了,应该是ActivityManager的Hook导致的。

A/art: art/runtime/java_vm_ext.cc:410] JNI DETECTED ERROR IN APPLICATION: the return type of CallIntMethodV does not match int android.app.IActivityManager.getLaunchedFromUid(android.os.IBinder)
A/art: art/runtime/java_vm_ext.cc:410]     in call to CallIntMethodV
A/art: art/runtime/java_vm_ext.cc:410]     from java.lang.String com.tencent.beacontsa.nativeimpl.a.a(android.content.Context, int, android.app.Activity, java.lang.String)
A/art: art/runtime/java_vm_ext.cc:410] "beacon-thread-2" prio=5 tid=93 Runnable
A/art: art/runtime/java_vm_ext.cc:410]   | group="main" sCount=0 dsCount=0 obj=0x12e4b3a0 self=0x9523e700
A/art: art/runtime/java_vm_ext.cc:410]   | sysTid=18868 nice=0 cgrp=default sched=0/0 handle=0x91582930
A/art: art/runtime/java_vm_ext.cc:410]   | state=R schedstat=( 625140256 108437028 365 ) utm=56 stm=6 core=2 HZ=100
A/art: art/runtime/java_vm_ext.cc:410]   | stack=0x91480000-0x91482000 stackSize=1038KB
A/art: art/runtime/java_vm_ext.cc:410]   | held mutexes= "mutator lock"(shared held)
A/art: art/runtime/java_vm_ext.cc:410]   native: #00 pc 00370e21  /system/lib/libart.so (_ZN3art15DumpNativeStackERNSt3__113basic_ostreamIcNS0_11char_traitsIcEEEEiPKcPNS_9ArtMethodEPv+160)
A/art: art/runtime/java_vm_ext.cc:410]   native: #01 pc 0035048f  /system/lib/libart.so (_ZNK3art6Thread4DumpERNSt3__113basic_ostreamIcNS1_11char_traitsIcEEEE+150)
A/art: art/runtime/java_vm_ext.cc:410]   native: #02 pc 0025a715  /system/lib/libart.so (_ZN3art9JavaVMExt8JniAbortEPKcS2_+740)
A/art: art/runtime/java_vm_ext.cc:410]   native: #03 pc 0025aded  /system/lib/libart.so (_ZN3art9JavaVMExt9JniAbortVEPKcS2_St9__va_list+64)
A/art: art/runtime/java_vm_ext.cc:410]   native: #04 pc 000fd1e1  /system/lib/libart.so (_ZN3art11ScopedCheck6AbortFEPKcz+32)
A/art: art/runtime/java_vm_ext.cc:410]   native: #05 pc 000fd36f  /system/lib/libart.so (_ZN3art11ScopedCheck17CheckMethodAndSigERNS_18ScopedObjectAccessEP8_jobjectP7_jclassP10_jmethodIDNS_9Primitive4TypeENS_10InvokeTypeE+190)
A/art: art/runtime/java_vm_ext.cc:410]   native: #06 pc 00110b9f  /system/lib/libart.so (_ZN3art8CheckJNI11CallMethodVEPKcP7_JNIEnvP8_jobjectP7_jclassP10_jmethodIDSt9__va_listNS_9Primitive4TypeENS_10InvokeTypeE+562)
A/art: art/runtime/java_vm_ext.cc:410]   native: #07 pc 001121e5  /system/lib/libart.so (_ZN3art8CheckJNI14CallIntMethodVEP7_JNIEnvP8_jobjectP10_jmethodIDSt9__va_list+36)
A/art: art/runtime/java_vm_ext.cc:410]   native: #08 pc 00002961   (???)
A/art: art/runtime/java_vm_ext.cc:410]   native: #09 pc 0000178f   (???)
A/art: art/runtime/java_vm_ext.cc:410]   native: #10 pc 000017f5   (???)
A/art: art/runtime/java_vm_ext.cc:410]   native: #11 pc 000005a7   (???)
A/art: art/runtime/java_vm_ext.cc:410]   native: #12 pc 00001053  /data/data/com.test.example/files/beacontsa/odex/5.dex (java.lang.String com.tencent.beacontsa.nativeimpl.a.a(android.content.Context, int, android.app.Activity, java.lang.String)+158)
A/art: art/runtime/java_vm_ext.cc:410]   native: #13 pc 00001125  /data/data/com.test.example/files/beacontsa/odex/5.dex (java.lang.String com.tencent.beacontsa.nativeimpl.a.b(android.content.Context, int, android.app.Activity, java.lang.String)+136)
A/art: art/runtime/java_vm_ext.cc:410]   native: #14 pc 00000c55  /data/data/com.test.example/files/beacontsa/odex/5.dex (void com.tencent.beacontsa.c.ModuleImpl.a_()+1016)
A/art: art/runtime/java_vm_ext.cc:410]   native: #15 pc 00016ea3  /data/data/com.test.example/files/beacontsa/odex/1.dex (void com.tencent.beacontsa.core.b.g()+438)
A/art: art/runtime/java_vm_ext.cc:410]   native: #16 pc 000524b5  /data/data/com.test.example/files/beacontsa/odex/1.dex (void com.tencent.beacontsa.core.strategy.c.run()+4720)
A/art: art/runtime/java_vm_ext.cc:410]   native: #17 pc 0039afcf  /data/dalvik-cache/arm/system@[email protected] (???)
A/art: art/runtime/java_vm_ext.cc:410]   at com.tencent.beacontsa.nativeimpl.a.a(Native method)
A/art: art/runtime/java_vm_ext.cc:410]   at com.tencent.beacontsa.nativeimpl.a.b(ProGuard:33)
A/art: art/runtime/java_vm_ext.cc:410]   at com.tencent.beacontsa.c.ModuleImpl.a_(ProGuard:1097)
A/art: art/runtime/java_vm_ext.cc:410]   at com.tencent.beacontsa.core.b.g(ProGuard:65)
A/art: art/runtime/java_vm_ext.cc:410]   at com.tencent.beacontsa.core.strategy.c.run(ProGuard:191)
A/art: art/runtime/java_vm_ext.cc:410]   at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:423)
A/art: art/runtime/java_vm_ext.cc:410]   at java.util.concurrent.FutureTask.run(FutureTask.java:237)
A/art: art/runtime/java_vm_ext.cc:410]   at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:154)
A/art: art/runtime/java_vm_ext.cc:410]   at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:269)
A/art: art/runtime/java_vm_ext.cc:410]   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
A/art: art/runtime/java_vm_ext.cc:410]   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
A/art: art/runtime/java_vm_ext.cc:410]   at java.lang.Thread.run(Thread.java:818)
A/art: art/runtime/java_vm_ext.cc:410]

YuanYuan927 avatar Apr 28 '17 05:04 YuanYuan927

应用里集成了腾讯广点通广告SDK,广告SDK里在JNI层调用了IActivityManager.getLaunchedUid崩溃。非常奇怪,返回值明显是int,但是错误提示说返回值不匹配。把DroidPlugin初始化代码去掉就OK了,应该是ActivityManager的Hook导致的。

A/art: art/runtime/java_vm_ext.cc:410] JNI DETECTED ERROR IN APPLICATION: the return type of CallIntMethodV does not match int android.app.IActivityManager.getLaunchedFromUid(android.os.IBinder)
A/art: art/runtime/java_vm_ext.cc:410]     in call to CallIntMethodV
A/art: art/runtime/java_vm_ext.cc:410]     from java.lang.String com.tencent.beacontsa.nativeimpl.a.a(android.content.Context, int, android.app.Activity, java.lang.String)
A/art: art/runtime/java_vm_ext.cc:410] "beacon-thread-2" prio=5 tid=93 Runnable
A/art: art/runtime/java_vm_ext.cc:410]   | group="main" sCount=0 dsCount=0 obj=0x12e4b3a0 self=0x9523e700
A/art: art/runtime/java_vm_ext.cc:410]   | sysTid=18868 nice=0 cgrp=default sched=0/0 handle=0x91582930
A/art: art/runtime/java_vm_ext.cc:410]   | state=R schedstat=( 625140256 108437028 365 ) utm=56 stm=6 core=2 HZ=100
A/art: art/runtime/java_vm_ext.cc:410]   | stack=0x91480000-0x91482000 stackSize=1038KB
A/art: art/runtime/java_vm_ext.cc:410]   | held mutexes= "mutator lock"(shared held)
A/art: art/runtime/java_vm_ext.cc:410]   native: #00 pc 00370e21  /system/lib/libart.so (_ZN3art15DumpNativeStackERNSt3__113basic_ostreamIcNS0_11char_traitsIcEEEEiPKcPNS_9ArtMethodEPv+160)
A/art: art/runtime/java_vm_ext.cc:410]   native: #01 pc 0035048f  /system/lib/libart.so (_ZNK3art6Thread4DumpERNSt3__113basic_ostreamIcNS1_11char_traitsIcEEEE+150)
A/art: art/runtime/java_vm_ext.cc:410]   native: #02 pc 0025a715  /system/lib/libart.so (_ZN3art9JavaVMExt8JniAbortEPKcS2_+740)
A/art: art/runtime/java_vm_ext.cc:410]   native: #03 pc 0025aded  /system/lib/libart.so (_ZN3art9JavaVMExt9JniAbortVEPKcS2_St9__va_list+64)
A/art: art/runtime/java_vm_ext.cc:410]   native: #04 pc 000fd1e1  /system/lib/libart.so (_ZN3art11ScopedCheck6AbortFEPKcz+32)
A/art: art/runtime/java_vm_ext.cc:410]   native: #05 pc 000fd36f  /system/lib/libart.so (_ZN3art11ScopedCheck17CheckMethodAndSigERNS_18ScopedObjectAccessEP8_jobjectP7_jclassP10_jmethodIDNS_9Primitive4TypeENS_10InvokeTypeE+190)
A/art: art/runtime/java_vm_ext.cc:410]   native: #06 pc 00110b9f  /system/lib/libart.so (_ZN3art8CheckJNI11CallMethodVEPKcP7_JNIEnvP8_jobjectP7_jclassP10_jmethodIDSt9__va_listNS_9Primitive4TypeENS_10InvokeTypeE+562)
A/art: art/runtime/java_vm_ext.cc:410]   native: #07 pc 001121e5  /system/lib/libart.so (_ZN3art8CheckJNI14CallIntMethodVEP7_JNIEnvP8_jobjectP10_jmethodIDSt9__va_list+36)
A/art: art/runtime/java_vm_ext.cc:410]   native: #08 pc 00002961   (???)
A/art: art/runtime/java_vm_ext.cc:410]   native: #09 pc 0000178f   (???)
A/art: art/runtime/java_vm_ext.cc:410]   native: #10 pc 000017f5   (???)
A/art: art/runtime/java_vm_ext.cc:410]   native: #11 pc 000005a7   (???)
A/art: art/runtime/java_vm_ext.cc:410]   native: #12 pc 00001053  /data/data/com.test.example/files/beacontsa/odex/5.dex (java.lang.String com.tencent.beacontsa.nativeimpl.a.a(android.content.Context, int, android.app.Activity, java.lang.String)+158)
A/art: art/runtime/java_vm_ext.cc:410]   native: #13 pc 00001125  /data/data/com.test.example/files/beacontsa/odex/5.dex (java.lang.String com.tencent.beacontsa.nativeimpl.a.b(android.content.Context, int, android.app.Activity, java.lang.String)+136)
A/art: art/runtime/java_vm_ext.cc:410]   native: #14 pc 00000c55  /data/data/com.test.example/files/beacontsa/odex/5.dex (void com.tencent.beacontsa.c.ModuleImpl.a_()+1016)
A/art: art/runtime/java_vm_ext.cc:410]   native: #15 pc 00016ea3  /data/data/com.test.example/files/beacontsa/odex/1.dex (void com.tencent.beacontsa.core.b.g()+438)
A/art: art/runtime/java_vm_ext.cc:410]   native: #16 pc 000524b5  /data/data/com.test.example/files/beacontsa/odex/1.dex (void com.tencent.beacontsa.core.strategy.c.run()+4720)
A/art: art/runtime/java_vm_ext.cc:410]   native: #17 pc 0039afcf  /data/dalvik-cache/arm/system@[email protected] (???)
A/art: art/runtime/java_vm_ext.cc:410]   at com.tencent.beacontsa.nativeimpl.a.a(Native method)
A/art: art/runtime/java_vm_ext.cc:410]   at com.tencent.beacontsa.nativeimpl.a.b(ProGuard:33)
A/art: art/runtime/java_vm_ext.cc:410]   at com.tencent.beacontsa.c.ModuleImpl.a_(ProGuard:1097)
A/art: art/runtime/java_vm_ext.cc:410]   at com.tencent.beacontsa.core.b.g(ProGuard:65)
A/art: art/runtime/java_vm_ext.cc:410]   at com.tencent.beacontsa.core.strategy.c.run(ProGuard:191)
A/art: art/runtime/java_vm_ext.cc:410]   at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:423)
A/art: art/runtime/java_vm_ext.cc:410]   at java.util.concurrent.FutureTask.run(FutureTask.java:237)
A/art: art/runtime/java_vm_ext.cc:410]   at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:154)
A/art: art/runtime/java_vm_ext.cc:410]   at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:269)
A/art: art/runtime/java_vm_ext.cc:410]   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
A/art: art/runtime/java_vm_ext.cc:410]   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
A/art: art/runtime/java_vm_ext.cc:410]   at java.lang.Thread.run(Thread.java:818)
A/art: art/runtime/java_vm_ext.cc:410]

遇到类似问题,楼主这个问题解决了么

sdsxwangwei avatar Apr 22 '21 11:04 sdsxwangwei