frida-java-bridge icon indicating copy to clipboard operation
frida-java-bridge copied to clipboard

Published 20 hours ago verified publisher icon frida

Java.enumerateLoadedClasses() terminates the process

Open rachit0011 opened this issue 5 years ago • 7 comments

Hi,

I'm trying to enumerate loaded classes for the android app using the following simple code, but it terminates the process:

Java.perform(function() { Java.enumerateLoadedClasses({ onMatch: function(className) { console.log(className); }, onComplete: function() {} }); });

I just get "Process Terminated"

Have spent a lot of time in finding the root cause for this issue but no luck. This used to work before but i don't know what's the problem now.

Have tried with couple of Frida-server versions : 12.6.12/12.1.1/12.4.0 (android-arm64)

Frida version: 12.1.0 I'm using Nexus6P with Android 6.0.1

Please Help!

rachit0011 avatar Aug 09 '19 09:08 rachit0011

Thanks for reporting and looking into this. Could you try 12.6.13 just to be sure? Also, could you build Frida yourself with debug symbols (remove --strip from config.mk and then make core-android-arm64) and post the backtrace that you get from adb logcat -b crash?

oleavr avatar Aug 09 '19 16:08 oleavr

I tried with 12.6.13 but no luck. I also tried to build frida with debug symbols but got nothing in the adb logcat -b crash. Not sure if I did it correctly. I built the binary using:

make core-android-arm64 ( I did remove --strip from config.mk)

and then used the frida-server binary from frida/build/frida-android-arm64/bin/ directory.

rachit0011 avatar Aug 09 '19 22:08 rachit0011

Hi @Oleavr,

Any update on this issue or any suggestions to fix it ?

rachit0011 avatar Aug 12 '19 21:08 rachit0011

No, this is a device- or ROM-specific issue, so not much I can do about it. But you can try attaching GDB after attaching Frida, right before you run your script. By moving your script's contents into a function and using Frida's REPL, you can call it once GDB is attached.

oleavr avatar Aug 13 '19 01:08 oleavr

I made some tests, and below is the result:

  • ARM64/API23: failed for all version after 12.00.
  • ARM32/API23: success for version 12.6.16
  • Emulator X64/API 25: success for version 12.6.16

I made some traces for function calls, and found it is terminated in withRunnableArtThread()->getArtThreadStateTransitionImpl->Memory.patchCode.

gebing avatar Aug 20 '19 05:08 gebing

This bug is cause by gum_memory_patch_code(), and i made a new Issue on frida-gum(https://github.com/frida/frida-gum/issues/343)(url). I also make a fix and pull request for this bug. (https://github.com/frida/frida-gum/pull/344)

@oleavr

gebing avatar Aug 20 '19 16:08 gebing

version:12.8.14 Java.enumerateLoadedClasses() terminates the process why?

burst3166 avatar Mar 20 '20 03:03 burst3166