ndk16编译不过
用了ndk17，可以编译过，但是一运行app就crash

02-18 14:21:38.113 20993-20993/com.example.cx.testcompile E/Whale: Failed to resolve symbol : kArt_Object_CloneWithClass
02-18 14:21:38.113 20993-20993/com.example.cx.testcompile E/Whale: Runtime setup failed
02-18 14:21:38.114 20993-20993/com.example.cx.testcompile D/AndroidRuntime: Shutting down VM
02-18 14:21:38.114 20993-20993/com.example.cx.testcompile E/AndroidRuntime: FATAL EXCEPTION: main
    Process: com.example.cx.testcompile, PID: 20993
    java.lang.UnsatisfiedLinkError: JNI_ERR returned from JNI_OnLoad in "/data/app/com.example.cx.testcompile-2/lib/arm/libwhale.so"
        at java.lang.Runtime.loadLibrary(Runtime.java:372)
        at java.lang.System.loadLibrary(System.java:1076)
        at com.lody.whale.WhaleRuntime.<clinit>(WhaleRuntime.java:19)
        at com.lody.whale.xposed.XposedBridge.hookMethod(XposedBridge.java:100)
        at com.lody.whale.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:187)
        at com.lody.whale.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:263)
        at com.example.cx.testcompile.MainActivity.onCreate(MainActivity.java:23)
        at android.app.Activity.performCreate(Activity.java:6303)
        at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1108)
        at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2402)
        at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2509)
        at android.app.ActivityThread.access$1000(ActivityThread.java:153)
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1373)
        at android.os.Handler.dispatchMessage(Handler.java:102)
        at android.os.Looper.loop(Looper.java:154)
        at android.app.ActivityThread.main(ActivityThread.java:5528)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:740)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:630)
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:102)
02-18 14:26:38.211 20993-20993/com.example.cx.testcompile W/MIUI-BLOCK-MONITOR: The binder call took 300094ms.
    java.lang.Throwable
        at android.os.AnrMonitor.checkBinderCallTime(AnrMonitor.java:354)
        at android.os.BinderProxy.transact(Binder.java:508)
        at android.app.ActivityManagerProxy.handleApplicationCrash(ActivityManagerNative.java:4458)
        at com.android.internal.os.RuntimeInit$UncaughtHandler.uncaughtException(RuntimeInit.java:169)
        at java.lang.ThreadGroup.uncaughtException(ThreadGroup.java:693)
        at java.lang.ThreadGroup.uncaughtException(ThreadGroup.java:690)

应该是build的原因，用build好的二进制就不会crash

support android 10 changes:

In Android 10, the ART build system creates the Runtime module in two variants: release and debug (contains additional diagnostic and debugging tools). The release version is installed on user builds and the debug version is installed on userdebug and eng builds. When a device boots, apexd mounts the Runtime module under /apex/com.android.runtime.

Native libraries
Android 10 refactors native libraries that support the Managed Core Library. Several dynamically linked libraries (for example, libcrypto, libexpat, and zlib) that were previously shared with other parts of the platform are now duplicated so that the Runtime module has its own copies loaded into the runtime linker namespace. Dynamically linked native libraries provided by the Runtime module are in /apex/com.android.runtime/{lib,lib64}.

Android 10 moves the libnativebridge library to the Runtime module as this library is tightly coupled with libnativeloader and the Bionic C libraries that are part of the Runtime module.

refs:

https://source.android.com/devices/architecture/modular-system/runtime
https://source.android.com/devices/architecture/vndk/linker-namespace

art_runtime.cc:58 refs libart.so

art_runtime.h:18

static constexpr const char *kAndroidLibDir = "/system/lib64/";
static constexpr const char *kLibNativeBridgePath = "/system/lib64/libnativebridge.so";
static constexpr const char *kLibArtPath = "/system/lib64/libart.so";
static constexpr const char *kLibAocPath = "/system/lib64/libaoc.so";
static constexpr const char *kLibHoudiniArtPath = "/system/lib64/arm64/libart.so";

static constexpr const char *kAndroidLibDir = "/system/lib/";
static constexpr const char *kLibArtPath = "/system/lib/libart.so";
static constexpr const char *kLibAocPath = "/system/lib/libaoc.so";
static constexpr const char *kLibHoudiniArtPath = "/system/lib/arm/libart.so";

真机arm64是vivo 5.1.1，x86是逍遥模拟器5.1.1 ，把whale编译静态库，链接到动态库，按照demo的hook libc.so的getenv，方法在x86和arm64都正常拦截到了，hook art.so的defineClass方法时，arm64正常拦截，但x86会报A/libc: Fatal signal 11 (SIGSEGV), code 2, fault addr 0xa3b2ab33 in tid 10899。望大佬有空修复一下，膜拜，对了，调试时断点进了自定义方法，说明地址跳转没问题，但是抛出了一个信号，SIGSEGV (signal SIGSEGV: address access protected (fault address: 0xa3b2ab33))，不知道是不是内存权限问题。

int main() {
#if defined(APPLE)
void *handle = dlopen("libc.dylib", RTLD_NOW);
#else
void *handle = dlopen("libc.so", RTLD_NOW);
#endif
assert(handle != nullptr);
void *symbol = dlsym(handle, "getenv");
assert(symbol != nullptr);
printf("Orig getenv = %p\n", symbol);
WInlineHookFunction(
symbol,
reinterpret_cast<void *>(Hooked_getenv),
reinterpret_cast<void **>(&Origin_getenv)
);
// WImportHookFunction(
// "_getenv",
// reinterpret_cast<void *>(Hooked_getenv),
// reinterpret_cast<void **>(&Origin_getenv)
// );
const char *val = getenv("lody1"); //这里如果是输入“lody“可以hook成功打印出了"are you ok?"，但是如果是“lody1”就会出现Segmentation fault 139错误
std::cout << val;
return 0;
}

Do you have any ideas about support Android 11?

A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x17b468 in tid 6159 (xxx), pid 6159 (xxxx)
 *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
 Build fingerprint: 'google/sdk_gphone_x86_arm/generic_x86_arm:9/PSR1.180720.117/5875966:userdebug/dev-keys'
 Revision: '0'
 ABI: 'x86'
 pid: 6159, tid: 6159, name: xxxx  >>> xxxxx <<<
 signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x17b468
     eax ffcfde18  ebx eec6c85c  ecx 70d5db38  edx ffcfde18
     edi 0017b468  esi 8f2a24c8
     ebp ffcfddc8  esp ffcfdd90  eip ee9043e9
 backtrace:
     #00 pc 003443e9  /system/lib/libart.so (art::CodeInfoEncoding::CodeInfoEncoding(void const*)+121)
     #01 pc 0046c0cb  /system/lib/libart.so (offset 0x460000) (art::OatQuickMethodHeader::ToDexPc(art::ArtMethod*, unsigned int, bool) const+107)
     #02 pc 00114157  /system/framework/x86/boot.oat (offset 0x114000)

while exec hook method and then System.loadLibrary("whale");

发现在安卓x86的环境下从Android7.0开始就不能正常运行，arm和x64都是正常的

将Whale修改兼容xposed模块加载，
加载手机上已经安装的xposed模块，在android 8，7手机上报错，在android 9手机上正常运行

android 8.0 ， sansung s8报错日志：

--------- beginning of crash
2019-02-21 10:13:50.623 23365-23365/com.storm.wind.explib A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x7cb3c974b8 in tid 23365 (orm.wind.explib)
2019-02-21 10:13:50.645 23383-23383/? E/propClient: PropClient failed to load
2019-02-21 10:13:50.662 23384-23384/? I/crash_dump64: obtaining output fd from tombstoned
2019-02-21 10:13:50.662 1080-1080/? I//system/bin/tombstoned: received crash request for pid 23365
2019-02-21 10:13:50.667 23384-23384/? I/crash_dump64: performing dump of process 23365 (target tid = 23365)
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG: Build fingerprint: 'samsung/dreamqltezc/dreamqltechn:8.0.0/R16NW/G9500ZCS3CRL1:user/release-keys'
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG: Revision: '12'
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG: ABI: 'arm64'
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG: pid: 23365, tid: 23365, name: orm.wind.explib  >>> com.storm.wind.explib <<<
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x7cb3c974b8
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG:     x0   000000006f7a00d8  x1   0000000000000001  x2   000000000000001d  x3   0000000000000003
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG:     x4   0000007c13125158  x5   0000007c0679680d  x6   7865646e6920646f  x7   72697620726f6620
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG:     x8   0000007c132a6a00  x9   0000007c10695d38  x10  00000000a3601780  x11  0000000000000010
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG:     x12  206c617574726976  x13  203a646f6874656d  x14  000000001478f410  x15  071d050000000000
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG:     x16  0000007c131de608  x17  0000007c154e6970  x18  0000007fc024d724  x19  0000007c18630a90
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG:     x20  0000000000000001  x21  000000001478f410  x22  00000000146c02f0  x23  0000007c186309c0
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG:     x24  000000001478f41c  x25  0000007c18630a90  x26  000000000000000b  x27  0000000ae5c0f400
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG:     x28  0000000000000000  x29  0000007c18630a30  x30  0000007c12cd6c94
2019-02-21 10:13:50.668 23384-23384/? A/DEBUG:     sp   0000007c18630920  pc   0000007c12cd5710  pstate 0000000000000000
2019-02-21 10:13:50.802 1539-1967/? I/WifiTrafficPoller: mCpuCoreBooster Lock
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG: backtrace:
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #00 pc 00000000000d8710  /system/lib64/libart.so (_ZN3art9ArtMethod12PrettyMethodEb+136)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #01 pc 00000000000d9c90  /system/lib64/libart.so (_ZN3artL16FindOatMethodForEPNS_9ArtMethodENS_11PointerSizeEPb+512)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #02 pc 00000000000da238  /system/lib64/libart.so (_ZN3art9ArtMethod23GetOatQuickMethodHeaderEm+236)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #03 pc 00000000001b5154  /system/lib64/libart.so (_ZN3art12FaultManager17IsInGeneratedCodeEP7siginfoPvb+508)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #04 pc 00000000001b4d4c  /system/lib64/libart.so (_ZN3art12FaultManager11HandleFaultEiP7siginfoPv+92)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #05 pc 0000000000002f50  /system/bin/app_process64 (_ZN3art11SignalChain7HandlerEiP7siginfoPv+536)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #06 pc 000000000000069c  [vdso:0000007c18638000]
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #07 pc 0000000000309a38  /system/lib64/libart.so (_ZN3art13ProfilingInfo14GetInlineCacheEj+40)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #08 pc 0000000000309b70  /system/lib64/libart.so (_ZN3art13ProfilingInfo13AddInvokeInfoEjPNS_6mirror5ClassE+28)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #09 pc 00000000004efc28  /system/lib64/libart.so (MterpInvokeVirtual+508)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #10 pc 00000000004f9e94  /system/lib64/libart.so (ExecuteMterpImpl+14228)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #11 pc 000000000025df6c  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+444)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #12 pc 000000000026466c  /system/lib64/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+212)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #13 pc 000000000027d1d0  /system/lib64/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+640)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #14 pc 00000000004efc90  /system/lib64/libart.so (MterpInvokeVirtual+612)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #15 pc 00000000004f9e94  /system/lib64/libart.so (ExecuteMterpImpl+14228)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #16 pc 000000000025df6c  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+444)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #17 pc 000000000026466c  /system/lib64/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+212)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #18 pc 000000000027d1d0  /system/lib64/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+640)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #19 pc 00000000004f0ffc  /system/lib64/libart.so (MterpInvokeDirect+504)
2019-02-21 10:13:50.935 23384-23384/? A/DEBUG:     #20 pc 00000000004f9f94  /system/lib64/libart.so (ExecuteMterpImpl+14484)

android 7.1.1, meizu pro6s 上的报错日志：

handleLoadPackage packageName=com.storm.wind.explib, processName=com.storm.wind.explib, isFirstApplication=true sourceDir= /data/app/com.storm.wind.explib-2/base.apk
2019-02-21 10:17:01.720 9855-9855/com.storm.wind.explib A/art: art/runtime/class_linker.cc:2718] Check failed: found_virtual Didn't find oat method index for virtual method: void android.Manifest$permission.<init>()
2019-02-21 10:17:01.729 9855-9855/com.storm.wind.explib A/art: art/runtime/class_linker.cc:2718] Check failed: found_virtual Didn't find oat method index for virtual method: void android.Manifest$permission.<init>()
2019-02-21 10:17:01.729 9855-9855/com.storm.wind.explib A/art: art/runtime/runtime.cc:422] Runtime aborting --- recursively, so no thread-specific detail!
2019-02-21 10:17:01.729 9855-9855/com.storm.wind.explib A/art: art/runtime/runtime.cc:422] 
    
    --------- beginning of crash
2019-02-21 10:17:01.729 9855-9855/com.storm.wind.explib A/libc: Fatal signal 6 (SIGABRT), code -6 in tid 9855 (orm.wind.explib)
2019-02-21 10:17:01.730 983-983/? D/AEE_AED: $===AEE===AEE===AEE===$
2019-02-21 10:17:01.730 983-983/? D/AEE_AED: p 2 poll events 1 revents 1
2019-02-21 10:17:01.731 983-983/? D/AEE_AED: PPM cpu cores:10, online:7
2019-02-21 10:17:01.731 983-983/? D/AEE_AED: aed_main_fork_worker: generator 0x7864c2e540, worker 0x7fe4c2a780, recv_fd 12
2019-02-21 10:17:01.732 2165-2175/? D/FRR: buff=0x76033f8306, len=176
2019-02-21 10:17:01.732 9871-9871/? I/AEE_AED: handle_request(12)
2019-02-21 10:17:01.732 2165-2175/? D/FRR: uevent[0]=0x76033f8306, len=41, "change@/devices/virtual/misc/m_smart_misc"
2019-02-21 10:17:01.732 2165-2175/? D/FRR: voteFps(60, 0)
2019-02-21 10:17:01.732 2165-2175/? D/FRR: ThermalListener loop:
2019-02-21 10:17:01.733 9871-9871/? I/AEE_AED: check process 9855 name:orm.wind.explib
2019-02-21 10:17:01.733 9871-9871/? I/AEE_AED: tid 9855 abort msg address:0x0000007c9d634000 si_code:-6 (request from 9855:10252)
2019-02-21 10:17:01.733 9871-9871/? W/AEE_AED: debuggerd: handling request: pid=9855 uid=10252 gid=10252 tid=9855
2019-02-21 10:17:01.734 9871-9871/? I/AEE_AED: [preset_info] pid: 9855, tid: 9855, name: orm.wind.explib  >>> com.storm.wind.explib <<<
2019-02-21 10:17:01.735 9871-9871/? D/AEE_AED: ptrace_siblings
2019-02-21 10:17:01.750 9871-9871/? D/AEE_AED: debuggerd: drop privileges
2019-02-21 10:17:01.750 1004-1397/? D/FlymeTrafficTracking: tag  (237) android Thread-8 uid 1000
2019-02-21 10:17:01.751 1004-1397/? D/FlymeTrafficTracking: set tracking tag android 8000ffff
2019-02-21 10:17:01.801 9871-9871/? I/AEE_AED: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2019-02-21 10:17:01.801 9871-9871/? I/AEE_AED: Build fingerprint: 'Meizu/meizu_PRO6/PRO6:7.1.1/NMF26O/1531990520:user/release-keys'
2019-02-21 10:17:01.801 9871-9871/? I/AEE_AED: Revision: '0'
2019-02-21 10:17:01.801 9871-9871/? I/AEE_AED: ABI: 'arm64'
2019-02-21 10:17:01.801 9871-9871/? I/AEE_AED: pid: 9855, tid: 9855, name: orm.wind.explib  >>> com.storm.wind.explib <<<
2019-02-21 10:17:01.801 9871-9871/? I/AEE_AED: signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
2019-02-21 10:17:01.804 9871-9871/? I/AEE_AED: Abort message: 'art/runtime/class_linker.cc:2718] Check failed: found_virtual Didn't find oat method index for virtual method: void android.Manifest$permission.<init>()'
2019-02-21 10:17:01.804 9871-9871/? I/AEE_AED:     x0   0000000000000000  x1   000000000000267f  x2   0000000000000006  x3   0000000000000008
2019-02-21 10:17:01.805 9871-9871/? I/AEE_AED:     x4   000000000000008b  x5   0000800000000000  x6   0000007ca3060000  x7   0000000000000000
2019-02-21 10:17:01.805 9871-9871/? I/AEE_AED:     x8   0000000000000083  x9   ffffffffffffffdf  x10  0000000000000000  x11  0000000000000001
2019-02-21 10:17:01.805 9871-9871/? I/AEE_AED:     x12  0000000000000018  x13  0000000000000000  x14  0000000000000000  x15  002b7acf9efa551c
2019-02-21 10:17:01.805 9871-9871/? I/AEE_AED:     x16  0000007c9fdb0ee0  x17  0000007c9fd598c8  x18  0000000000000000  x19  0000007ca3116b40
2019-02-21 10:17:01.805 9871-9871/? I/AEE_AED:     x20  0000000000000006  x21  0000007ca3116a98  x22  0000000000000000  x23  0000007c9e9fe000
2019-02-21 10:17:01.805 9871-9871/? I/AEE_AED:     x24  0000007c90263300  x25  0000000000000000  x26  0000007ffe6986b1  x27  0000000000000000
2019-02-21 10:17:01.805 9871-9871/? I/AEE_AED:     x28  0000000071d97a68  x29  0000007ffe698590  x30  0000007c9fd56cf4
2019-02-21 10:17:01.805 9871-9871/? I/AEE_AED:     sp   0000007ffe698570  pc   0000007c9fd598d0  pstate 0000000060000000
2019-02-21 10:17:01.820 9871-9871/? I/AEE_AED: backtrace:
2019-02-21 10:17:01.820 9871-9871/? I/AEE_AED:     #00 pc 000000000006d8d0  /system/lib64/libc.so (tgkill+8)
2019-02-21 10:17:01.820 9871-9871/? I/AEE_AED:     #01 pc 000000000006acf0  /system/lib64/libc.so (pthread_kill+64)
2019-02-21 10:17:01.820 9871-9871/? I/AEE_AED:     #02 pc 00000000000240d8  /system/lib64/libc.so (raise+24)
2019-02-21 10:17:01.820 9871-9871/? I/AEE_AED:     #03 pc 000000000001c97c  /system/lib64/libc.so (abort+52)
2019-02-21 10:17:01.820 9871-9871/? I/AEE_AED:     #04 pc 000000000043635c  /system/lib64/libart.so (_ZN3art7Runtime5AbortEPKc+464)
2019-02-21 10:17:01.820 9871-9871/? I/AEE_AED:     #05 pc 00000000000e637c  /system/lib64/libart.so (_ZN3art10LogMessageD2Ev+1592)
2019-02-21 10:17:01.820 9871-9871/? I/AEE_AED:     #06 pc 000000000012aec8  /system/lib64/libart.so (_ZN3art11ClassLinker16FindOatMethodForEPNS_9ArtMethodEPb+492)
2019-02-21 10:17:01.820 9871-9871/? I/AEE_AED:     #07 pc 00000000000e095c  /system/lib64/libart.so (_ZN3art9ArtMethod23GetOatQuickMethodHeaderEm+256)
2019-02-21 10:17:01.820 9871-9871/? I/AEE_AED:     #08 pc 0000000000449580  /system/lib64/libart.so (_ZN3art12StackVisitor9WalkStackEb+208)
2019-02-21 10:17:01.820 9871-9871/? I/AEE_AED:     #09 pc 00000000004480d0  /system/lib64/libart.so (_ZNK3art12StackVisitor7GetVRegEPNS_9ArtMethodEtNS_8VRegKindEPj+144)
2019-02-21 10:17:01.820 9871-9871/? I/AEE_AED:     #10 pc 0000000000381a3c  /system/lib64/libart.so (_ZN3art7Monitor10VisitLocksEPNS_12StackVisitorEPFvPNS_6mirror6ObjectEPvES6_b+1660)
2019-02-21 10:17:01.820 9871-9871/? I/AEE_AED:     #11 pc 0000000000461f14  /system/lib64/libart.so (_ZN3art16StackDumpVisitor10VisitFrameEv+688)
2019-02-21 10:17:01.821 9871-9871/? I/AEE_AED:     #12 pc 000000000044974c  /system/lib64/libart.so (_ZN3art12StackVisitor9WalkStackEb+668)
2019-02-21 10:17:01.821 9871-9871/? I/AEE_AED:     #13 pc 0000000000457fd4  /system/lib64/libart.so (_ZNK3art6Thread13DumpJavaStackERNSt3__113basic_ostreamIcNS1_11char_traitsIcEEEE+304)
2019-02-21 10:17:01.821 9871-9871/? I/AEE_AED:     #14 pc 0000000000454b80  /system/lib64/libart.so (_ZNK3art6Thread9DumpStackERNSt3__113basic_ostreamIcNS1_11char_traitsIcEEEEbP12BacktraceMap+956)
2019-02-21 10:17:01.821 9871-9871/? I/AEE_AED:     #15 pc 0000000000442a10  /system/lib64/libart.so (_ZNK3art10AbortState10DumpThreadERNSt3__113basic_ostreamIcNS1_11char_traitsIcEEEEPNS_6ThreadE+56)
2019-02-21 10:17:01.821 9871-9871/? I/AEE_AED:     #16 pc 0000000000442830  /system/lib64/libart.so (_ZNK3art10AbortState4DumpERNSt3__113basic_ostreamIcNS1_11char_traitsIcEEEE+576)
2019-02-21 10:17:01.821 9871-9871/? I/AEE_AED:     #17 pc 0000000000436220  /system/lib64/libart.so (_ZN3art7Runtime5AbortEPKc+148)
2019-02-21 10:17:01.821 9871-9871/? I/AEE_AED:     #18 pc 00000000000e637c  /system/lib64/libart.so (_ZN3art10LogMessageD2Ev+1592)
2019-02-21 10:17:01.821 9871-9871/? I/AEE_AED:     #19 pc 000000000012aec8  /system/lib64/libart.so (_ZN3art11ClassLinker16FindOatMethodForEPNS_9ArtMethodEPb+492)
2019-02-21 10:17:01.821 9871-9871/? I/AEE_AED:     #20 pc 00000000000e095c  /system/lib64/libart.so (_ZN3art9ArtMethod23GetOatQuickMethodHeaderEm+256)
2019-02-21 10:17:01.821 9871-9871/? I/AEE_AED:     #21 pc 0000000000449580  /system/lib64/libart.so (_ZN3art12StackVisitor9WalkStackEb+208)
2019-02-21 10:17:01.821 9871-9871/? I/AEE_AED:     #22 pc 000000000044ec24  /system/lib64/libart.so (_ZNK3art6Thread24CreateInternalStackTraceILb0EEEP8_jobjectRKNS_33ScopedObjectAccessAlreadyRunnableE+108)
2019-02-21 10:17:01.821 9871-9871/? I/AEE_AED:     #23 pc 000000000039afc8  /system/lib64/libart.so (_ZN3artL32Throwable_nativeFillInStackTraceEP7_JNIEnvP7_jclass+56)
2019-02-21 10:17:01.821 9871-9871/? I/AEE_AED:     #24 pc 0000000074e63dac  /data/dalvik-cache/arm64/system@[email protected] (offset 0x315d000)
2019-02-21 10:17:01.833 1004-1349/? D/PerfServiceManager: [PerfService] MESSAGE_SET_UEVENT_INDEX: 6 

arm64, android 7.1.2 , lineageos14

英文不好写中文算了!!!
https://github.com/asLody/whale/blob/master/whale/src/android/art/art_method.cc:36

access_flags |= kAccSkipAccessChecks;

kAccSkipAccessChecks 的定义

static constexpr uint32_t kAccFastNative = 0x00080000u;   // method (dex only)
static constexpr uint32_t kAccPreverified = kAccFastNative;  // class (runtime)
static constexpr uint32_t kAccSkipAccessChecks = kAccPreverified;

首先我不太明白这一行的用意。
从日志和报错可以看出和这里的代码是有冲突的
http://androidxref.com/6.0.1_r10/xref/art/runtime/art_method.cc#523

02-25 23:43:30.471 E/easybike_easybike(10313): java.lang.UnsatisfiedLinkError: JNI_ERR returned from JNI_OnLoad in "/data/app/com.jingyao.easybike-2/lib/arm/libwhale.so"
02-25 23:43:30.471 E/easybike_easybike(10313): at java.lang.Runtime.loadLibrary0(Runtime.java:977)
02-25 23:43:30.471 E/easybike_easybike(10313): at java.lang.System.loadLibrary(System.java:1530)
02-25 23:43:30.471 E/easybike_easybike(10313): at com.lody.whale.WhaleRuntime.(WhaleRuntime.java:19)
02-25 23:43:30.471 E/easybike_easybike(10313): at com.lody.whale.WhaleRuntime.hookMethodNative(Native Method)
02-25 23:43:30.471 E/easybike_easybike(10313): at com.lody.whale.xposed.XposedBridge.hookMethod(XposedBridge.java:100)
02-25 23:43:30.471 E/easybike_easybike(10313): at com.lody.whale.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:187)
02-25 23:43:30.471 E/easybike_easybike(10313): at com.jingyao.easybike.tools.upi.Hooks.init(Hooks.kt:34)
02-25 23:43:30.471 E/easybike_easybike(10313): at com.hellobike.atlas.application.HelloBikeApp.onCreate(HelloBikeApp.java:87)
02-25 23:43:30.471 E/easybike_easybike(10313): at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1025)
02-25 23:43:30.471 E/easybike_easybike(10313): at android.app.ActivityThread.handleBindApplication(ActivityThread.java:5530)
02-25 23:43:30.471 E/easybike_easybike(10313): at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
02-25 23:43:30.471 E/easybike_easybike(10313): at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:360)
02-25 23:43:30.471 E/easybike_easybike(10313): at android.app.ActivityThread.handleBindApplication()
02-25 23:43:30.471 E/easybike_easybike(10313): at android.app.ActivityThread.-wrap2(ActivityThread.java)
02-25 23:43:30.471 E/easybike_easybike(10313): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1611)
02-25 23:43:30.471 E/easybike_easybike(10313): at android.os.Handler.dispatchMessage(Handler.java:102)
02-25 23:43:30.471 E/easybike_easybike(10313): at android.os.Looper.loop(Looper.java:165)
02-25 23:43:30.471 E/easybike_easybike(10313): at android.app.ActivityThread.main(ActivityThread.java:6375)
02-25 23:43:30.471 E/easybike_easybike(10313): at java.lang.reflect.Method.invoke(Native Method)
02-25 23:43:30.471 E/easybike_easybike(10313): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:912)
02-25 23:43:30.471 E/easybike_easybike(10313): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:802)
02-25 23:43:30.471 E/easybike_easybike(10313): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)

Build fingerprint: 'Xiaomi/sagit/sagit:9/PKQ1.190118.001/9.9.25:user/release-keys'
Revision: '0'
ABI: 'arm'
pid: 18358, tid: 18358, name: encent.mobileqq >>> com.tencent.mobileqq <<<
signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
Abort message: 'quick_trampoline_entrypoints.cc:1321] Check failed: dex_pc < accessor.InsnsSizeInCodeUnits() (dex_pc=1, accessor.InsnsSizeInCodeUnits()=0) '
r0 00000000 r1 000047b6 r2 00000006 r3 00000008
r4 000047b6 r5 000047b6 r6 ffb9e654 r7 0000010c
r8 00000002 r9 e4095647 r10 e4b73d2c r11 e405dee2
ip e4eea3cc sp ffb9e640 lr e4e55789 pc e4e4cfaa

backtrace:
#00 pc 0001cfaa /system/lib/libc.so (abort+58)
#01 pc 0034fe33 /system/lib/libart.so (offset 0x307000) (art::Runtime::Abort(char const*)+910)
#2 pc 0000738f /system/lib/libbase.so (android::base::LogMessage::~LogMessage()+494)
#3 pc 003de101 /system/lib/libart.so (offset 0x307000) (artQuickResolutionTrampoline+3188)
#4 pc 00417801 /system/lib/libart.so (offset 0x307000) (art_quick_resolution_trampoline+32)
#5 pc 00240423 /data/app/com.tencent.mobileqq-8oSI5Y5Z892PnHe7xlRI_A==/oat/arm/base.odex (offset 0x1b1000) (awzc.a+298)
#6 pc 0023fc9d /data/app/com.tencent.mobileqq-8oSI5Y5Z892PnHe7xlRI_A==/oat/arm/base.odex (offset 0x1b1000) (awzc.a+252)
#7 pc 0024bced /data/app/com.tencent.mobileqq-8oSI5Y5Z892PnHe7xlRI_A==/oat/arm/base.odex (offset 0x1b1000) (com.tencent.common.app.BaseApplicationImpl.onCreate+1148)
#8 pc 0024cb19 /data/app/com.tencent.mobileqq-8oSI5Y5Z892PnHe7xlRI_A==/oat/arm/base.odex (offset 0x1b1000) (com.tencent.mobileqq.qfix.QFixApplication.onCreate+72)
#9 pc 00260c95 /data/app/com.tencent.mobileqq-8oSI5Y5Z892PnHe7xlRI_A==/oat/arm/base.odex (offset 0x1b1000) (mqq.app.AppContentProvider.onCreate+92)
#10 pc 00275b4d /data/app/com.tencent.mobileqq-8oSI5Y5Z892PnHe7xlRI_A==/oat/arm/base.odex (offset 0x1b1000) (cooperation.readinjoy.content.ReadInJoyDataProvider.onCreate+44)
#11 pc 011f2ea9 /system/framework/arm/boot-framework.oat (offset 0x9ee000) (android.content.ContentProvider.attachInfo+448)
#12 pc 011f39fd /system/framework/arm/boot-framework.oat (offset 0x9ee000) (android.content.ContentProvider.attachInfo+52)
#13 pc 00dd3def /system/framework/arm/boot-framework.oat (offset 0x9ee000) (android.app.ActivityThread.installProvider+1366)
#14 pc 00dd3771 /system/framework/arm/boot-framework.oat (offset 0x9ee000) (android.app.ActivityThread.installContentProviders+208)
#15 pc 00dce365 /system/framework/arm/boot-framework.oat (offset 0x9ee000) (android.app.ActivityThread.handleBindApplication+6532)
#16 pc 00dc569d /system/framework/arm/boot-framework.oat (offset 0x9ee000) (android.app.ActivityThread$H.handleMessage+6332)
#17 pc 0146f781 /system/framework/arm/boot-framework.oat (offset 0x9ee000) (android.os.Handler.dispatchMessage+136)
#18 pc 01ae0ca3 /system/framework/arm/boot-framework.oat (offset 0x9ee000) (android.os.Looper.loop+1194)
#19 pc 00dd4ea3 /system/framework/arm/boot-framework.oat (offset 0x9ee000) (android.app.ActivityThread.main+674)
#20 pc 00413375 /system/lib/libart.so (offset 0x307000) (art_quick_invoke_stub_internal+68)
#21 pc 003ecda3 /system/lib/libart.so (offset 0x307000) (art_quick_invoke_static_stub+222)
#22 pc 000a1c9f /system/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+154)
#23 pc 00349d4d /system/lib/libart.so (offset 0x307000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+52)
#24 pc 0034b19d /system/lib/libart.so (offset 0x307000) (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int)+1024)
#25 pc 002fcf75 /system/lib/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+40)
#26 pc 006aaee7 /system/framework/arm/boot-core-oj.oat (offset 0x2c9000) (java.lang.Class.getDeclaredMethodInternal [DEDUPED]+110)
#27 pc 01ef0693 /system/framework/arm/boot-framework.oat (offset 0x9ee000) (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+114)
#28 pc 01f05219 /system/framework/arm/boot-framework.oat (offset 0x9ee000) (com.android.internal.os.ZygoteInit.main+1928)
#29 pc 00413375 /system/lib/libart.so (offset 0x307000) (art_quick_invoke_stub_internal+68)
#30 pc 003ecda3 /system/lib/libart.so (offset 0x307000) (art_quick_invoke_static_stub+222)
#31 pc 000a1c9f /system/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+154)
#32 pc 00349d4d /system/lib/libart.so (offset 0x307000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+52)
#33 pc 00349b77 /system/lib/libart.so (offset 0x307000) (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+310)
#34 pc 0028ff05 /system/lib/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+444)
#35 pc 00077a75 /system/lib/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+28)
#36 pc 00079d21 /system/lib/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vectorandroid::String8 const&, bool)+520)
#37 pc 00001b1f /system/bin/app_process32 (main+886)
#38 pc 000a0f65 /system/lib/libc.so (__libc_init+48)
#39 pc 00001767 /system/bin/app_process32 (_start_main+38)
#40 pc 000000c4

Android Studio 3.3.1
===========LOG===========
2019-02-12 15:15:44.125 30569-30569/? E/Whale: Unable to read data from libart.so.
2019-02-12 15:15:44.125 30569-30569/? E/Whale: Runtime setup failed

===========异常===========
E/AndroidRuntime: FATAL EXCEPTION: main
Process: com.ting, PID: 29789
java.lang.UnsatisfiedLinkError: JNI_ERR returned from JNI_OnLoad in "/data/app/com.ting-wjPnF8gWMDr42MYlTbSJEQ==/lib/arm64/libwhale.so"
at java.lang.Runtime.loadLibrary0(Runtime.java:1016)
at java.lang.System.loadLibrary(System.java:1657)
at com.ting.MainActivity.(MainActivity.java:13)
at java.lang.Class.newInstance(Native Method)
at android.app.Instrumentation.newActivity(Instrumentation.java:1174)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2743)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2927)
at android.app.ActivityThread.-wrap11(Unknown Source:0)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1616)
at android.os.Handler.dispatchMessage(Handler.java:105)
at android.os.Looper.loop(Looper.java:164)
at android.app.ActivityThread.main(ActivityThread.java:6685)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.Zygote$MethodAndArgsCaller.run(Zygote.java:240)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:782)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:108)

please provide a whole demo.thanks!

请提供一个完整的demo供学习？
邮箱：[email protected]

请问大佬欢迎给whale加点功能吗？比如全局注入，动态hook别的app逻辑之类的
hook QQ encodeRequest 方法正常
实现已经实现好了，静态注入zygote，重启app就可以更新hook逻辑，不需要重启zygote

报错信息
java.lang.UnsatisfiedLinkError: JNI_ERR returned from JNI_OnLoad in "/data/app/com.mycompany.myapp2-DLOtD7x501pU-Ny_bXg98w==/lib/arm64/libwhale.so"
at java.lang.Runtime.loadLibrary0(Runtime.java:1016)
at java.lang.System.loadLibrary(System.java:1669)
at com.lody.whale.WhaleRuntime.(WhaleRuntime.java:19)
at com.lody.whale.WhaleRuntime.hookMethodNative(Native Method)
at com.lody.whale.xposed.XposedBridge.hookMethod(XposedBridge.java:100)
at com.lody.whale.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:187)
at com.mycompany.myapp2.MainActivity.onCreate(MainActivity.java:16)
at android.app.Activity.performCreate(Activity.java:7224)
at android.app.Activity.performCreate(Activity.java:7213)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1272)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2933)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3088)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:78)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1838)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:201)
at android.app.ActivityThread.main(ActivityThread.java:6835)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:547)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:873)

I built the lib for ios in debug mode. And build a demo iOS app with objective-c
Below is my function to test hook:

char *(*Origin_getenv)(const char *);
char *Hooked_getenv(const char *name) {
if (!strcmp(name, "lody")) {
return strdup("are you ok?");
}
char *(*O)(const char *) = Origin_getenv;
return O(name);
}

int testHook() {
void *handle = dlopen("libc.dylib", RTLD_NOW);
assert(handle != nullptr);
void *symbol = dlsym(handle, "getenv");
assert(symbol != nullptr);
WInlineHookFunction(
symbol,
reinterpret_cast<void *>(Hooked_getenv),
reinterpret_cast<void **>(&Origin_getenv)
);
const char *val = getenv("lody");
if (val != nullptr) {
std::cout << val;
}
return 0;
}

After call testHook function, hooked function work, but the app is crashed later.

iOS 12 - iPhone 6 & iPhone 7.

我在 hook OkHttp 的 BridgeInterceptor 的 intercept 很容易出现这个错误，一台 魅族 MX6，一台锤子 R1 均是如此，另外一台 红米 Note 7 则是好的。

07 18:50:27.063 I/AEE_AED (11074): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
04-07 18:50:27.063 I/AEE_AED (11074): Build fingerprint: 'Meizu/meizu_MX6/MX6:7.1.1/NMF26O/1531996438:user/release-keys'
04-07 18:50:27.064 I/AEE_AED (11074): Revision: '0'
04-07 18:50:27.064 I/AEE_AED (11074): ABI: 'arm'
04-07 18:50:27.064 I/AEE_AED (11074): pid: 10949, tid: 11021, name: i.sobot.com/... >>> <<<
04-07 18:50:27.064 I/AEE_AED (11074): signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0xd78a59bc
04-07 18:50:27.064 I/AEE_AED (11074): r0 d78a59ac r1 00000003 r2 d78a59bc r3 00000000
04-07 18:50:27.064 I/AEE_AED (11074): r4 d73a8440 r5 12ce4450 r6 000000b8 r7 c37f3e00
04-07 18:50:27.064 I/AEE_AED (11074): r8 d78980a8 r9 12d57238 sl c7069320 fp c1e8c220
04-07 18:50:27.064 I/AEE_AED (11074): ip 000000e9 sp c1e8c170 lr e56109ef pc e5463cae cpsr 800b0030
04-07 18:50:27.096 I/AEE_AED (11074):
04-07 18:50:27.096 I/AEE_AED (11074): backtrace:
04-07 18:50:27.096 I/AEE_AED (11074): #00 pc 0025ecae /system/lib/libart.so (_ZN3art13ProfilingInfo13AddInvokeInfoEjPNS_6mirror5ClassE+241)
04-07 18:50:27.096 I/AEE_AED (11074): #01 pc 0040b9eb /system/lib/libart.so (MterpInvokeVirtualQuick+302)
04-07 18:50:27.096 I/AEE_AED (11074): #2 pc 000a1694 /system/lib/libart.so (ExecuteMterpImpl+29972)
04-07 18:50:27.096 I/AEE_AED (11074): #3 pc 001cf10f /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+290)
04-07 18:50:27.096 I/AEE_AED (11074): #4 pc 001d3c6f /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
04-07 18:50:27.096 I/AEE_AED (11074): #5 pc 001ebea7 /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
04-07 18:50:27.096 I/AEE_AED (11074): #6 pc 00409ca1 /system/lib/libart.so (MterpInvokeInterface+836)
04-07 18:50:27.096 I/AEE_AED (11074): #7 pc 0009db14 /system/lib/libart.so (ExecuteMterpImpl+14740)
04-07 18:50:27.096 I/AEE_AED (11074): #8 pc 001cf10f /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+290)
04-07 18:50:27.097 I/AEE_AED (11074): #9 pc 001d3c6f /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
04-07 18:50:27.097 I/AEE_AED (11074): #10 pc 001ebea7 /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
04-07 18:50:27.097 I/AEE_AED (11074): #11 pc 0040ba1d /system/lib/libart.so (MterpInvokeVirtualQuick+352)
04-07 18:50:27.097 I/AEE_AED (11074): #12 pc 000a1694 /system/lib/libart.so (ExecuteMterpImpl+29972)
04-07 18:50:27.097 I/AEE_AED (11074): #13 pc 001cf10f /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+290)
04-07 18:50:27.097 I/AEE_AED (11074): #14 pc 001d3c6f /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
04-07 18:50:27.097 I/AEE_AED (11074): #15 pc 001ebea7 /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
04-07 18:50:27.097 I/AEE_AED (11074): #16 pc 00409ca1 /system/lib/libart.so (MterpInvokeInterface+836)
04-07 18:50:27.097 I/AEE_AED (11074): #17 pc 0009db14 /system/lib/libart.so (ExecuteMterpImpl+14740)
04-07 18:50:27.097 I/AEE_AED (11074): #18 pc 001cf10f /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+290)
04-07 18:50:27.097 I/AEE_AED (11074): #19 pc 001d3c6f /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
04-07 18:50:27.097 I/AEE_AED (11074): #20 pc 001ebea7 /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
04-07 18:50:27.097 I/AEE_AED (11074): #21 pc 0040ba1d /system/lib/libart.so (MterpInvokeVirtualQuick+352)
04-07 18:50:27.098 I/AEE_AED (11074): #22 pc 000a1694 /system/lib/libart.so (ExecuteMterpImpl+29972)
04-07 18:50:27.098 I/AEE_AED (11074): #23 pc 001cf10f /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+290)
04-07 18:50:27.098 I/AEE_AED (11074): #24 pc 001d3c6f /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
04-07 18:50:27.098 I/AEE_AED (11074): #25 pc 001ebea7 /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
04-07 18:50:27.098 I/AEE_AED (11074): #26 pc 00409ca1 /system/lib/libart.so (MterpInvokeInterface+836)
04-07 18:50:27.098 I/AEE_AED (11074): #27 pc 0009db14 /system/lib/libart.so (ExecuteMterpImpl+14740)
04-07 18:50:27.098 I/AEE_AED (11074): #28 pc 001cf10f /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+290)
04-07 18:50:27.098 I/AEE_AED (11074): #29 pc 001d3c6f /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
04-07 18:50:27.098 I/AEE_AED (11074): #30 pc 001ebea7 /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
04-07 18:50:27.098 I/AEE_AED (11074): #31 pc 0040ba1d /system/lib/libart.so (MterpInvokeVirtualQuick+352)
04-07 18:50:27.098 I/AEE_AED (11074): #32 pc 000a1694 /system/lib/libart.so (ExecuteMterpImpl+29972)
04-07 18:50:27.099 I/AEE_AED (11074): #33 pc 001cf10f /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+290)
04-07 18:50:27.099 I/AEE_AED (11074): #34 pc 001d3c6f /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
04-07 18:50:27.099 I/AEE_AED (11074): #35 pc 001ebea7 /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+450)
04-07 18:50:27.099 I/AEE_AED (11074): #36 pc 0040ba1d /system/lib/libart.so (MterpInvokeVirtualQuick+352)
04-07 18:50:27.099 I/AEE_AED (11074): #37 pc 000a1694 /system/lib/libart.so (ExecuteMterpImpl+29972)
04-07 18:50:27.099 I/AEE_AED (11074): #38 pc 001cf10f /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+290)
04-07 18:50:27.099 I/AEE_AED (11074): #39 pc 001d3bd9 /system/lib/libart.so (_ZN3art11interpreter30EnterInterpreterFromEntryPointEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameE+92)
04-07 18:50:27.099 I/AEE_AED (11074): #40 pc 004009e1 /system/lib/libart.so (artQuickToInterpreterBridge+716)
04-07 18:50:27.099 I/AEE_AED (11074): #41 pc 000af513 /system/lib/libart.so (art_quick_to_interpreter_bridge+34)
04-07 18:50:27.099 I/AEE_AED (11074): #42 pc 73b897c7 /data/dalvik-cache/arm/system@[email protected] (offset 0x2f6c000)

Fatal signal 11 (SIGSEGV), code 1, fault addr 0xe3 in tid 2513 (pool-19-thread-)
Build fingerprint: 'SMARTISAN/oxford/oxford:7.1.1/NGI77B/1526981672:user/dev-keys'
Revision: '0'
ABI: 'arm'
pid: 2284, tid: 2513, name: pool-19-thread- >>> com.mm.android.mika<<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xe3
r0 000000d3 r1 e5be5140 r2 0001000a r3 c1a6b067
r4 0000002d r5 e5b83000 r6 000000c7 r7 d656f000
r8 c1a6b05c r9 c1a6b067 sl 00000000 fp 00000000
ip 7093eaaa sp c1a6b000 lr e571631f pc e5750740 cpsr 200d0030
backtrace:
#00 pc 000ec740 /system/lib/libart.so (_ZN3art11ClassLinker16FindOatMethodForEPNS_9ArtMethodEPb+319)
#01 pc 000b231b /system/lib/libart.so (_ZN3art9ArtMethod23GetOatQuickMethodHeaderEj+158)
#2 pc 00353aa7 /system/lib/libart.so (_ZN3art12StackVisitor9WalkStackEb+106)
#3 pc 00357a01 /system/lib/libart.so (_ZNK3art6Thread24CreateInternalStackTraceILb0EEEP8_jobjectRKNS_33ScopedObjectAccessAlreadyRunnableE+56)
#4 pc 002d1471 /system/lib/libart.so (_ZN3artL32Throwable_nativeFillInStackTraceEP7_JNIEnvP7_jclass+28)
#5 pc 00527a55 /system/framework/arm/boot.oat (offset 0x51b000) (java.lang.Throwable.nativeFillInStackTrace+72)
#6 pc 005288ef /system/framework/arm/boot.oat (offset 0x51b000) (java.lang.Throwable.fillInStackTrace+74)
#7 pc 005275e7 /system/framework/arm/boot.oat (offset 0x51b000) (java.lang.Throwable.+138)
#8 pc 00529289 /system/framework/arm/boot.oat (offset 0x51b000) (java.lang.Exception.+44)
#10 pc 005a76f9 /system/framework/arm/boot.oat (offset 0x51b000) (java.lang.UnsupportedOperationException.+44)
#9 pc 0055a119 /system/framework/arm/boot.oat (offset 0x51b000) (java.lang.RuntimeException.+44)
#11 pc 000aa241 /system/lib/libart.so (art_quick_invoke_stub_internal+64)
#12 pc 004323b3 /system/lib/libart.so (art_quick_invoke_stub+230)
#13 pc 000b1a79 /system/lib/libart.so (_ZN3art9ArtMethod6InvokeEPNS_6ThreadEPjjPNS_6JValueEPKc+144)
#14 pc 00207e81 /system/lib/libart.so (_ZN3art11interpreter34ArtInterpreterToCompiledCodeBridgeEPNS_6ThreadEPNS_9ArtMethodEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+200)
#15 pc 00201fe1 /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+432)
#16 pc 0042accf /system/lib/libart.so (MterpInvokeDirect+270)
#17 pc 0009d194 /system/lib/libart.so (ExecuteMterpImpl+14484)
#18 pc 001e51c7 /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+282)
#19 pc 001e9c7f /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
#20 pc 00201fc9 /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+408)
#21 pc 0042c7cd /system/lib/libart.so (MterpInvokeVirtualQuick+316)
#22 pc 000a0e14 /system/lib/libart.so (ExecuteMterpImpl+29972)
#23 pc 001e51c7 /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+282)
#24 pc 001e9c7f /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
#25 pc 00201fc9 /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+408)
#26 pc 0042c7cd /system/lib/libart.so (MterpInvokeVirtualQuick+316)
#27 pc 000a0e14 /system/lib/libart.so (ExecuteMterpImpl+29972)
#28 pc 001e51c7 /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+282)
#29 pc 001e9c7f /system/lib/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+114)
#30 pc 00201fc9 /system/lib/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+408)

Build fingerprint: 'Huawei/ALE-UL00/hwALE-H:5.0.2/HuaweiALE-UL00/C00B250:user/release-keys'
Revision: '0'
ABI: 'arm'
pid: 14140, tid: 14140, name: com.dianping.v1  >>> com.dianping.v1 <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xb8cf992c
    r0 ab3e2700  r1 73ad1039  r2 f5594091  r3 b8cf9930
    r4 ffb08e2c  r5 b91ef1f0  r6 f57f8fec  r7 00000000
    r8 f57f6a60  r9 00000000  sl ab3d7a50  fp f5594030
    ip fffffa90  sp ffb08d60  lr f5720b45  pc f5720b70  cpsr a0070030
    d0  12f9f20075aeb058  d1  0000000000000000
    d2  7470697263532f63  d3  4e24726573726150
    d4  0000000000000000  d5  0000000000000000
    d6  3f7fffbe00001915  d7  459848003f800000
    d8  41dfffffffc00000  d9  c1e0000000000000
    d10 43e0000000000000  d11 c3e0000000000000
    d12 df0000005f000000  d13 0000000000000000
    d14 0000000000000000  d15 0000000000000000
    d16 ffb0a74000000000  d17 0000000000000000
    d18 0000000000000000  d19 3ff0000000000000
    d20 c038000000000000  d21 c035000000000000
    d22 0000000000000000  d23 c038000000000000
    d24 0000000000000000  d25 0000000000000000
    d26 3ff0000000000000  d27 0000000000000000
    d28 3ff0000000000000  d29 0000000000000000
    d30 0000000000000000  d31 c035000000000000
    scr 20000011

backtrace:
    #00 pc 0022fb70  /system/lib/libart.so (_ZN3art12StackVisitor9WalkStackEb+239)
    #01 pc 0023aa59  /system/lib/libart.so (_ZNK3art6Thread24CreateInternalStackTraceILb0EEEP8_jobjectRKNS_33ScopedObjectAccessAlreadyRunnableE+76)
    #02 pc 0020b0df  /system/lib/libart.so (_ZN3artL32Throwable_nativeFillInStackTraceEP7_JNIEnvP7_jclass+22)
    #03 pc 00000be9  /data/dalvik-cache/arm/system@[email protected]

多品牌手机可复现

Build fingerprint: 'HONOR/PRA-AL00X/HWPRA-H:7.0/HONORPRA-AL00X/C00B223:user/release-keys'
Revision: '0'
ABI: 'arm'
pid: 14593, tid: 14603, name: HeapTaskDaemon >>> com.xunmeng.pinduoduo <<<
signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
Abort message: 'art/runtime/gc/collector/mark_sweep.cc:413] Tried to mark 0xe92d000f not contained by any spaces'
r0 00000000 r1 0000390b r2 00000006 r3 00000008
r4 f2e8c978 r5 00000006 r6 f2e8c920 r7 0000010c
r8 00003847 r9 00000000 sl f3be9de4 fp 00003040
ip 0000000d sp f2e8c058 lr f4c95e57 pc f4c986c0 cpsr 600f0010
backtrace:
#00 pc 0004a6c0 /system/lib/libc.so (tgkill+12)
#01 pc 00047e53 /system/lib/libc.so (pthread_kill+34)
#2 pc 0001d8b5 /system/lib/libc.so (raise+10)
#3 pc 00019401 /system/lib/libc.so (__libc_android_abort+34)
#4 pc 000170e4 /system/lib/libc.so (abort+4)
#5 pc 0031f309 /system/lib/libart.so (_ZN3art7Runtime5AbortEv+252)
#6 pc 000b60d7 /system/lib/libart.so (_ZN3art10LogMessageD2Ev+898)
#7 pc 00345d13 /system/lib/libart.so (_ZN3artL40UnsafeLogFatalForThreadSuspendAllTimeoutEv+590)
#8 pc 00345749 /system/lib/libart.so (_ZN3art10ThreadList10SuspendAllEPKcb+412)
#9 pc 00349b09 /system/lib/libart.so (_ZN3art16ScopedSuspendAllC2EPKcb+16)
#10 pc 0017a7f1 /system/lib/libart.so (_ZNK3art2gc9collector27MarkSweepMarkObjectSlowPathclEPKNS_6mirror6ObjectE+2460)
#11 pc 0017824b /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep17MarkObjectNonNullEPNS_6mirror6ObjectES5_NS_12MemberOffsetE+174)
#12 pc 00178139 /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep10MarkObjectEPNS_6mirror6ObjectE+12)
#13 pc 00176551 /system/lib/libart.so (_ZN3art9ArtMethod10VisitRootsIKNS_2gc9collector28MarkCompactMarkObjectVisitorEEEvRT_j+142)
#14 pc 001764b3 /system/lib/libart.so (_ZN3art6mirror5Class16VisitNativeRootsIKNS_2gc9collector11MarkVisitorEEEvRT_j+138)
#15 pc 00178ca7 /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep16ProcessMarkStackEb+206)
#16 pc 00177e15 /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep20MarkReachableObjectsEv+32)
#17 pc 00176d45 /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep12MarkingPhaseEv+132)
#18 pc 00176bdd /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep9RunPhasesEv+144)
#19 pc 00171851 /system/lib/libart.so (_ZN3art2gc9collector16GarbageCollector3RunENS0_7GcCauseEb+244)
#20 pc 001951f9 /system/lib/libart.so (_ZN3art2gc4Heap22CollectGarbageInternalENS0_9collector6GcTypeENS0_7GcCauseEb+2360)
#21 pc 0019aae5 /system/lib/libart.so (_ZN3art2gc4Heap12ConcurrentGCEPNS_6ThreadEb+68)
#22 pc 0019f683 /system/lib/libart.so (_ZN3art2gc4Heap16ConcurrentGCTask3RunEPNS_6ThreadE+18)
#23 pc 001b7b5b /system/lib/libart.so (_ZN3art2gc13TaskProcessor11RunAllTasksEPNS_6ThreadE+30)
#24 pc 71263def /data/dalvik-cache/arm/system@[email protected] (offset 0x512000)

backtrace:
#00 pc 0000000000234d5a /system/lib/libart.so (art::StackVisitor::WalkStack(bool)+221)
#01 pc 000000000023695f /system/lib/libart.so (art::Thread::VisitRoots(void ()(art::mirror::Object**, void, art::RootInfo const&), void*)+974)
#2 pc 000000000013661d /system/lib/libart.so (art::gc::collector::CheckpointMarkThreadRoots::Run(art::Thread*)+116)
#3 pc 0000000000242e9d /system/lib/libart.so (art::ThreadList::RunCheckpoint(art::Closure*)+280)
#4 pc 00000000001353d9 /system/lib/libart.so (art::gc::collector::MarkSweep::MarkRootsCheckpoint(art::Thread*, bool)+80)
#5 pc 0000000000138a0f /system/lib/libart.so (art::gc::collector::MarkSweep::PreCleanCards()+134)
#6 pc 0000000000138b81 /system/lib/libart.so (art::gc::collector::MarkSweep::MarkingPhase()+116)
#7 pc 0000000000138c4b /system/lib/libart.so (art::gc::collector::MarkSweep::RunPhases()+158)
#8 pc 00000000001302a7 /system/lib/libart.so (art::gc::collector::GarbageCollector::Run(art::gc::GcCause, bool)+234)
#9 pc 000000000014e283 /system/lib/libart.so (art::gc::Heap::CollectGarbageInternal(art::gc::collector::GcType, art::gc::GcCause, bool)+1358)
#10 pc 000000000014f6d5 /system/lib/libart.so (art::gc::Heap::ConcurrentGC(art::Thread*)+48)
#11 pc 00000000000003ef /system/framework/arm/boot.oat

backtrace:
#00 pc 0000000000234d5a /system/lib/libart.so (art::StackVisitor::WalkStack(bool)+221)
#01 pc 000000000023695f /system/lib/libart.so (art::Thread::VisitRoots(void ()(art::mirror::Object**, void, art::RootInfo const&), void*)+974)
#2 pc 000000000013661d /system/lib/libart.so (art::gc::collector::CheckpointMarkThreadRoots::Run(art::Thread*)+116)
#3 pc 0000000000236e61 /system/lib/libart.so (art::Thread::RunCheckpointFunction()+172)
#4 pc 000000000008c8bf /system/lib/libart.so (art::JniMethodStart(art::Thread*)+358)
#5 pc 00000000007bd4a3 /data/dalvik-cache/arm/data@[email protected]@[email protected]

coreprimevelte version 5.1

backtrace:
#00 pc 0000000000234c7e /system/lib/libart.so (_ZN3art12StackVisitor9WalkStackEb+221)
#01 pc 000000000023693b /system/lib/libart.so (ZN3art6Thread10VisitRootsEPFvPPNS_6mirror6ObjectEPvRKNS_8RootInfoEES5+974)
#2 pc 0000000000136595 /system/lib/libart.so (_ZN3art2gc9collector25CheckpointMarkThreadRoots3RunEPNS_6ThreadE+116)
#3 pc 0000000000242e41 /system/lib/libart.so (_ZN3art10ThreadList13RunCheckpointEPNS_7ClosureE+280)
#4 pc 0000000000135351 /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep19MarkRootsCheckpointEPNS_6ThreadEb+80)
#5 pc 0000000000138987 /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep13PreCleanCardsEv+134)
#6 pc 0000000000138af9 /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep12MarkingPhaseEv+116)
#7 pc 0000000000138bc3 /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep9RunPhasesEv+158)
#8 pc 000000000013021f /system/lib/libart.so (_ZN3art2gc9collector16GarbageCollector3RunENS0_7GcCauseEb+234)
#9 pc 000000000014e1fb /system/lib/libart.so (_ZN3art2gc4Heap22CollectGarbageInternalENS0_9collector6GcTypeENS0_7GcCauseEb+1358)
#10 pc 000000000014f64d /system/lib/libart.so (_ZN3art2gc4Heap12ConcurrentGCEPNS_6ThreadE+48)
#11 pc 00000000000003ef /system/framework/arm/boot.oat

grandprimevelte version 5.1

backtrace:
#00 pc 000000000022145c /system/lib/libart.so (_ZN3art12StackVisitor9WalkStackEb+227)
#01 pc 0000000000223083 /system/lib/libart.so (ZN3art6Thread10VisitRootsEPFvPPNS_6mirror6ObjectEPvRKNS_8RootInfoEES5+990)
#2 pc 00000000001263d3 /system/lib/libart.so (_ZN3art2gc9collector25CheckpointMarkThreadRoots3RunEPNS_6ThreadE+114)
#3 pc 000000000022fb25 /system/lib/libart.so (_ZN3art10ThreadList13RunCheckpointEPNS_7ClosureE+280)
#4 pc 0000000000125179 /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep19MarkRootsCheckpointEPNS_6ThreadEb+80)
#5 pc 000000000012598b /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep9MarkRootsEPNS_6ThreadE+98)
#6 pc 0000000000128923 /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep12MarkingPhaseEv+102)
#7 pc 00000000001289fb /system/lib/libart.so (_ZN3art2gc9collector9MarkSweep9RunPhasesEv+158)
#8 pc 000000000011ff69 /system/lib/libart.so (_ZN3art2gc9collector16GarbageCollector3RunENS0_7GcCauseEb+232)
#9 pc 000000000013d597 /system/lib/libart.so (_ZN3art2gc4Heap22CollectGarbageInternalENS0_9collector6GcTypeENS0_7GcCauseEb+1382)
#10 pc 000000000013e969 /system/lib/libart.so (_ZN3art2gc4Heap12ConcurrentGCEPNS_6ThreadE+48)
#11 pc 00000000000003ef /system/framework/arm/boot.oat

j3xlte version 5.1
gtexslte version 5.1

related to #33

致敬

360 N6 pro
android 7.1.1
E/Whale: Unable to read data from libart.so.
E/Whale: Runtime setup failed

samsung galaxy j3 pro
sm-j330f
android 8.0
E/Whale: Failed to resolve symbol : kArt_Object_CloneWithSize
E/Whale: Runtime setup failed
ida分析libart.so发
libart.so.zip
现没有这个导出函数art::mirror::Object::Clone(art::Thread*, unsigned int)

1574695699.873 5437-5437/com.comacdb E/Whale: Unable to read data from libart.so.
1574695699.873 5437-5437/comacdb E/Whale: Runtime setup failed
1574695699.879 5437-5437/comacdbE/AndroidRuntime: FATAL EXCEPTION: main
Process: com.dn.habadu, PID: 5437
java.lang.UnsatisfiedLinkError: JNI_ERR returned from JNI_OnLoad in "/data/app/comacdb-BAvmWM1IArBrqemtkQWygw==/lib/arm64/libwhale.so"
at java.lang.Runtime.loadLibrary0(Runtime.java:1016)
at java.lang.System.loadLibrary(System.java:1669)
at com.lody.whale.WhaleRuntime.(WhaleRuntime.java:19)
at com.lody.whale.WhaleRuntime.hookMethodNative(Native Method)
at com.lody.whale.xposed.XposedBridge.hookMethod(XposedBridge.java:103)
at com.dn.habadu.activity.MainA.hook_methods(MainA.java:100)
at com.dn.habadu.activity.MainA.executeHook(MainA.java:110)
at com.dn.habadu.activity.MainA.onCreate(MainA.java:71)
at android.app.Activity.performCreate(Activity.java:7144)
at android.app.Activity.performCreate(Activity.java:7135)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1271)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2894)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3049)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:78)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1809)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6680)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)

often when debugging app breakpoins make app crash

     A/libc: Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 18249 (JDWP Transport ), pid 18216 (xxxx)
     *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
     android.os.Build fingerprint: 'Android/sdk_phone_x86_64/generic_x86_64:10/QPP6.190730.005.B1/5775370:userdebug/test-keys'
     Revision: '0'
     ABI: 'x86_64'
     Timestamp: 2020-02-09 21:43:50+0100
     pid: 18216, tid: 18249, name: JDWP Transport  >>> xxxx <<<
    uid: 10106
     signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
     Abort message: 'Check failed: !method->IsNative() '
         rax 0000000000000000  rbx 0000000000004728  rcx 00007a26882a63f8  rdx 0000000000000006
         r8  00007a25fa409940  r9  0000000000000000  r10 00007a25aefc5660  r11 0000000000000246
         r12 000000000000005d  r13 00007a2689bf0258  r14 00007a25aefc56e8  r15 0000000000004749
         rdi 0000000000004728  rsi 0000000000004749
         rbp 00007a25fa409940  rsp 00007a25aefc5658  rip 00007a26882a63f8
    backtrace:
     #00 pc 00000000000943f8  /apex/com.android.runtime/lib64/bionic/libc.so (syscall+24) (BuildId: a08a19770d6696739c847e29c3f5f650)
     #01 pc 0000000000097146  /apex/com.android.runtime/lib64/bionic/libc.so (abort+182) (BuildId: a08a19770d6696739c847e29c3f5f650)
     #02 pc 000000000055321f  /apex/com.android.runtime/lib64/libart.so (art::Runtime::Abort(char const*)+2399) (BuildId: 8bb3225e7c408f2ca23abac3db0417f2)
     #03 pc 000000000000c873  /system/lib64/libbase.so (android::base::LogMessage::~LogMessage()+611) (BuildId: 40d2b536dbf0730fdc31abd2b469f94f)
     #04 pc 0000000000303329  /apex/com.android.runtime/lib64/libart.so (art::instrumentation::android.app.Instrumentation::Undeoptimize(art::ArtMethod*)+761) (BuildId: 8bb3225e7c408f2ca23abac3db0417f2)
     #05 pc 000000000002fe17  /apex/com.android.runtime/lib64/libopenjdkjvmti.so (openjdkjvmti::DeoptManager::PerformLimitedUndeoptimization(art::Thread*, art::ArtMethod*)+199) (BuildId: fcb5650c971027b975909ccf15919720)
     #06 pc 000000000002fa2c  /apex/com.android.runtime/lib64/libopenjdkjvmti.so (openjdkjvmti::DeoptManager::RemoveMethodBreakpoint(art::ArtMethod*)+444) (BuildId: fcb5650c971027b975909ccf15919720)
     #07 pc 000000000005095c  /apex/com.android.runtime/lib64/libopenjdkjvmti.so (openjdkjvmti::BreakpointUtil::ClearBreakpoint(_jvmtiEnv*, _jmethodID*, long)+956) (BuildId: fcb5650c971027b975909ccf15919720)
     #08 pc 000000000002a811  /apex/com.android.runtime/lib64/libjdwp.so (eventFilterRestricted_deinstall+481) (BuildId: 0832054aa2d4fc0bb61a3ed135cfa687)
     #09 pc 000000000002afe9  /apex/com.android.runtime/lib64/libjdwp.so (eventHandler_freeByID+265) (BuildId: 0832054aa2d4fc0bb61a3ed135cfa687)
     #10 pc 000000000001b1de  /apex/com.android.runtime/lib64/libjdwp.so (clearCommand+78) (BuildId: 0832054aa2d4fc0bb61a3ed135cfa687)
     #11 pc 00000000000286f6  /apex/com.android.runtime/lib64/libjdwp.so (debugLoop_run+566) (BuildId: 0832054aa2d4fc0bb61a3ed135cfa687)
     #12 pc 000000000003af00  /apex/com.android.runtime/lib64/libjdwp.so (acceptThread+256) (BuildId: 0832054aa2d4fc0bb61a3ed135cfa687)
     #13 pc 00000000000aa58d  /apex/com.android.runtime/lib64/libopenjdkjvmti.so (openjdkjvmti::AgentCallback(void*)+1133) (BuildId: fcb5650c971027b975909ccf15919720)
     #14 pc 0000000000100fce  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+30) (BuildId: a08a19770d6696739c847e29c3f5f650)
     #15 pc 0000000000098fe7  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+55) (BuildId: a08a19770d6696739c847e29c3f5f650)


 instrumentation.cc:986] xxxxx.runnable.Check failed: !method->IsNative() 
 runtime.cc:630] Runtime aborting...
 runtime.cc:630] Skipping all-threads dump as mutator lock is exclusively held.Aborting thread:
 runtime.cc:630] "JDWP Transport Listener: dt_fd_forward" prio=5 tid=16 Suspended
 runtime.cc:630]   | group="" sCount=0 dsCount=0 flags=0 obj=0x12c40ba8 self=0x7a25fa464400
 runtime.cc:630]   | sysTid=18249 nice=0 cgrp=default sched=0/0 handle=0x7a25aefc5d50
 runtime.cc:630]   | state= xxx.R schedstat=( 1186341590 717812868 4312 ) utm=91 stm=26 core=1 HZ=100
 runtime.cc:630]   | stack=0x7a25aeecf000-0x7a25aeed1000 stackSize=991KB
 runtime.cc:630]   | held mutexes= "abort lock"
 runtime.cc:630]   native: #00 pc 000000000048df0e  /apex/com.android.runtime/lib64/libart.so (art::DumpNativeStack(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, int, BacktraceMap*, char const*, art::ArtMethod*, void*, bool)+126)
 runtime.cc:630]   native: #01 pc 00000000005a77b3  /apex/com.android.runtime/lib64/libart.so (art::Thread::DumpStack(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, bool, BacktraceMap*, bool) const+675)
 runtime.cc:630]   native: #02 pc 0000000000565f4f  /apex/com.android.runtime/lib64/libart.so (art::AbortState::DumpThread(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, art::Thread*) const+47)
 runtime.cc:630]   native: #03 pc 000000000055326d  /apex/com.android.runtime/lib64/libart.so (art::Runtime::Abort(char const*)+2477)
 runtime.cc:630]   native: #04 pc 000000000000c873  /system/lib64/libbase.so (android::base::LogMessage::~LogMessage()+611)
 runtime.cc:630]   native: #05 pc 0000000000303329  /apex/com.android.runtime/lib64/libart.so (art::instrumentation::android.app.Instrumentation::Undeoptimize(art::ArtMethod*)+761)
 runtime.cc:630]   native: #06 pc 000000000002fe17  /apex/com.android.runtime/lib64/libopenjdkjvmti.so (openjdkjvmti::DeoptManager::PerformLimitedUndeoptimization(art::Thread*, art::ArtMethod*)+199)
 runtime.cc:630]   native: #07 pc 000000000002fa2c  /apex/com.android.runtime/lib64/libopenjdkjvmti.so (openjdkjvmti::DeoptManager::RemoveMethodBreakpoint(art::ArtMethod*)+444)
 runtime.cc:630]   native: #08 pc 000000000005095c  /apex/com.android.runtime/lib64/libopenjdkjvmti.so (openjdkjvmti::BreakpointUtil::ClearBreakpoint(_jvmtiEnv*, _jmethodID*, long)+956)
 runtime.cc:630]   native: #09 pc 000000000002a811  /apex/com.android.runtime/lib64/libjdwp.so (eventFilterRestricted_deinstall+481)
 runtime.cc:630]   native: #10 pc 000000000002afe9  /apex/com.android.runtime/lib64/libjdwp.so (eventHandler_freeByID+265)
 runtime.cc:630]   native: #11 pc 000000000001b1de  /apex/com.android.runtime/lib64/libjdwp.so (clearCommand+78)
 runtime.cc:630]   native: #12 pc 00000000000286f6  /apex/com.android.runtime/lib64/libjdwp.so (debugLoop_run+566)
 runtime.cc:630]   native: #13 pc 000000000003af00  /apex/com.android.runtime/lib64/libjdwp.so (acceptThread+256)
 runtime.cc:630]   native: #14 pc 00000000000aa58d  /apex/com.android.runtime/lib64/libopenjdkjvmti.so (openjdkjvmti::AgentCallback(void*)+1133)
 runtime.cc:630]   native: #15 pc 0000000000100fce  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+30)
 runtime.cc:630]   native: #16 pc 0000000000098fe7  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+55)
 runtime.cc:630]   (no managed stack frames)
 runtime.cc:630]

日志有打印　MovingGC cause the GcRoot References changed　如果没有去ｈｏｏｋ method就不会有问题　在前台ｈｏｏｋ也没问题

art_elf_image_ = WDynamicLibOpenAlias("/libart.so", art_path);
if (art_elf_image_ == nullptr) {
LOG(ERROR) << "Unable to read data from libart.so.";
return false;
}
int art_runtime.cc

if /system/fake-libs/libart.so loaded!
/libart.so base address may be return /system/fake-libs/libart.so address

System.loadLibrary("whale");永远出错
以下是stack：

tgkill 0x0000007f8796fc34
pthread_kill 0x0000007f8796d3c8
raise 0x0000007f87928ae8
abort 0x0000007f87923288
art::Runtime::Abort() 0x0000007f83b3d7b4
art::LogMessage::~LogMessage() 0x0000007f8383e020
art::JavaVMExt::JniAbort(char const*, char const*) 0x0000007f83a182ec
art::JavaVMExt::JniAbortV(char const*, char const*, std::__va_list) 0x0000007f83a1876c
art::ScopedCheck::AbortF(char const*, ...) 0x0000007f83849dd8
art::ScopedCheck::Check(art::ScopedObjectAccess&, bool, char const*, art::JniValueType*) (.constprop.116) 0x0000007f83850c88
art::CheckJNI::NewRef(char const*, _JNIEnv*, _jobject*, art::IndirectRefKind) 0x0000007f83858180
art::Thread::SetClassLoaderOverride(_jobject*) 0x0000007f83b5b63c
art::JavaVMExt::LoadNativeLibrary(_JNIEnv*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, _jobject*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*) 0x0000007f83a190e0
art::Runtime_nativeLoad(_JNIEnv*, _jclass*, _jstring*, _jobject*, _jstring*) 0x0000007f83ab7cf8
[Dedup]java.lang.Class dalvik.system.DexFile.defineClassNative(java.lang.String, java.lang.ClassLoader, java.lang.Object) 0x0000000074068c50
java.lang.String java.lang.Runtime.doLoad(java.lang.String, java.lang.ClassLoader) 0x00000000740e4958
void java.lang.Runtime.loadLibrary(java.lang.String, java.lang.ClassLoader) 0x00000000740e604c
void java.lang.System.loadLibrary(java.lang.String) 0x00000000741056fc
art_quick_invoke_static_stub 0x0000007f83825d1c
art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) 0x0000007f83836b64
artInterpreterToCompiledCodeBridge 0x0000007f83bd8504
bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x0000007f839b1cf8
art::JValue art::interpreter::ExecuteGotoImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue) 0x0000007f837e5d90
art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame*) 0x0000007f8398f4cc
artQuickToInterpreterBridge 0x0000007f83c44830
art_quick_to_interpreter_bridge 0x0000007f8382f7e8
void android.app.Activity.performCreate(android.os.Bundle) 0x0000000074827e94
void android.app.Instrumentation.callActivityOnCreate(android.app.Activity, android.os.Bundle) 0x000000007497d3a0
android.app.Activity android.app.ActivityThread.performLaunchActivity(android.app.ActivityThread$ActivityClientRecord, android.content.Intent) 0x00000000748d71f8
void android.app.ActivityThread.handleLaunchActivity(android.app.ActivityThread$ActivityClientRecord, android.content.Intent) 0x00000000748ced4c
void android.app.ActivityThread.access$1000(android.app.ActivityThread, android.app.ActivityThread$ActivityClientRecord, android.content.Intent) 0x00000000748c2a80
void android.app.ActivityThread$H.handleMessage(android.os.Message) 0x00000000748bba78

android 10 必定crash

04-12 19:15:19.055 3147-3147/? E/memtrack: Couldn't load memtrack module (No such file or directory) 04-12 19:15:19.055 3147-3147/? E/android.os.Debug: failed to load memtrack module: -2 04-12 19:15:19.261 3163-3163/? E/memtrack: Couldn't load memtrack module (No such file or directory) 04-12 19:15:19.261 3163-3163/? E/android.os.Debug: failed to load memtrack module: -2 04-12 19:15:20.352 3174-3174/? E/memtrack: Couldn't load memtrack module (No such file or directory) 04-12 19:15:20.352 3174-3174/? E/android.os.Debug: failed to load memtrack module: -2 04-12 19:15:20.387 3174-3183/? E/art: Thread attaching while runtime is shutting down: Binder_1 04-12 19:15:20.693 3187-3187/? E/memtrack: Couldn't load memtrack module (No such file or directory) 04-12 19:15:20.693 3187-3187/? E/android.os.Debug: failed to load memtrack module: -2 04-12 19:15:20.721 3187-3195/? E/art: Thread attaching while runtime is shutting down: Binder_1 04-12 19:15:21.254 3196-3196/com.example.day42 A/libc: Fatal signal 11 (SIGSEGV), code 2, fault addr 0x3173f888 in tid 3196 (m.example.day42) 04-12 19:15:21.489 1509-2871/system_process E/EGL_adreno: tid 2871: eglSurfaceAttrib(1266): error 0x3009 (EGL_BAD_MATCH) 04-12 19:15:21.690 3218-3218/com.example.day42 A/libc: Fatal signal 11 (SIGSEGV), code 2, fault addr 0x3173f888 in tid 3218 (m.example.day42) 04-12 19:15:21.898 3241-3250/? E/art: Failed writing handshake bytes (-1 of 14): Broken pipe 04-12 19:15:21.907 1509-2871/system_process E/EGL_adreno: tid 2871: eglSurfaceAttrib(1266): error 0x3009 (EGL_BAD_MATCH) 04-12 19:15:22.139 3241-3241/? A/libc: Fatal signal 11 (SIGSEGV), code 2, fault addr 0x3173f888 in tid 3241 (m.example.day42) 04-12 19:15:22.313 1337-1337/? E/lowmemorykiller: Error opening /proc/3241/oom_score_adj; errno=2 04-12 19:15:28.874 1509-1567/system_process E/WifiStateMachine: WifiStateMachine CMD_START_SCAN source -2 txSuccessRate=0.00 rxSuccessRate=0.00 targetRoamBSSID=00:81:25:08:db:c6 RSSI=-45 04-12 19:15:48.879 1509-1567/system_process E/WifiStateMachine: WifiStateMachine CMD_START_SCAN source -2 txSuccessRate=0.00 rxSuccessRate=0.00 targetRoamBSSID=00:81:25:08:db:c6 RSSI=-45

`package com.example.day42;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.widget.TextView;

import com.lody.whale.xposed.XC_MethodHook;
import com.lody.whale.xposed.XposedHelpers;
public class MainActivity extends AppCompatActivity {
private static final String TAG = "MainActivity";
@OverRide
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);

    try {
        XposedHelpers.findAndHookMethod(
                Test.class,
                "myname",
                new XC_MethodHook(){
                    @Override
                    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                        super.beforeHookedMethod(param);

                    }

                    @Override
                    protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                        super.afterHookedMethod(param);

                        param.setResult("你大爷的大西瓜");
                    }
                });
    }catch (Exception e){

        e.printStackTrace();
    }

    TextView textView = (TextView) findViewById(R.id.main_text);
    Test test = new Test();
    textView.setText(test.myname());

}

}`

环境：雷电模拟器 5.1.1

Hi, i was trying out this library and for hooking it works really well, but it crash when i try to unhook, i tried to use this funtion from interceptor.cc
void Interceptor::RemoveHook(int id);
but it crash at the following instruction:
entry->StopHook()
i called it like this:
whale::Interceptor::Instance()->RemoveHook(id)
where the id is the index of the hook in the list
to create the hook i used
void WInlineHookFunction(void *address, void *replace, void **backup)
i tried to put log messages inside
void ArmInlineHook::StopHook()
but they weren't executed.
I tried to look the crash address in the library using ida pro, and it crash on the function call without even reaching the function.
This is the function call pseudocode:
(int *)(*(int (**)(void))(**(_DWORD **)v5 + 20))();
This is the assembly:

LDR             R0, [R4]
LDR             R1, [R0]
LDR             R1, [R1,#0x14]
BLX             R1

有大佬可以提供一个hook第三方app的Demo吗? issue里边 fettdrac 提供的编译失败 ...

Pls solve this problem. @asLody

Current hook can not support hooked method throw any exception.

Trace log as fellow.

05-09 13:20:50.668 9651 9651 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
05-09 13:20:50.668 9651 9651 F DEBUG : Build fingerprint: 'htc/htc_tetdugl_00709/htc_tetdugl:9/PKQ1.181030.001/190408:userdebug/release-keys'
05-09 13:20:50.668 9651 9651 F DEBUG : Revision: '0'
05-09 13:20:50.668 9651 9651 F DEBUG : ABI: 'arm'
05-09 13:20:50.668 9651 9651 F DEBUG : pid: 9532, tid: 9541, name: FinalizerDaemon >>> com.demo <<<
05-09 13:20:50.668 9651 9651 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x31fcd9e2
05-09 13:20:50.668 9651 9651 F DEBUG : r0 31fcd9de r1 00000000 r2 00000004 r3 d0189560
05-09 13:20:50.668 9651 9651 F DEBUG : r4 d01898f8 r5 00000004 r6 e99bb400 r7 d01899f0
05-09 13:20:50.668 9651 9651 F DEBUG : r8 d01898f8 r9 d01898f8 r10 d0189554 r11 d0189560
05-09 13:20:50.668 9651 9651 F DEBUG : ip 00000004 sp d0189488 lr e90e8093 pc e90e559e
05-09 13:20:50.678 9651 9651 F DEBUG :
05-09 13:20:50.678 9651 9651 F DEBUG : backtrace:
05-09 13:20:50.678 9651 9651 F DEBUG : #00 pc 0009f59e /system/lib/libart.so (art::ArtMethod::GetObsoleteDexCache()+50)
05-09 13:20:50.678 9651 9651 F DEBUG : #01 pc 000a208f /system/lib/libart.so (_ZN3artL16FindOatMethodForEPNS_9ArtMethodENS_11PointerSizeEPb.llvm.3954054040+958)
05-09 13:20:50.678 9651 9651 F DEBUG : #2 pc 000a1ba7 /system/lib/libart.so (art::ArtMethod::GetOatQuickMethodHeader(unsigned int)+170)
05-09 13:20:50.678 9651 9651 F DEBUG : #3 pc 003613a3 /system/lib/libart.so (offset 0x305000) (_ZN3art12StackVisitor9WalkStackILNS0_16CountTransitionsE0EEEvb+1290)
05-09 13:20:50.679 9651 9651 F DEBUG : #4 pc 00343101 /system/lib/libart.so (offset 0x305000) (art::QuickExceptionHandler::FindCatch(art::ObjPtrart::mirror::Throwable)+100)
05-09 13:20:50.679 9651 9651 F DEBUG : #5 pc 003778e1 /system/lib/libart.so (offset 0x305000) (art::Thread::QuickDeliverException()+512)
05-09 13:20:50.679 9651 9651 F DEBUG : #6 pc 003d4cc7 /system/lib/libart.so (offset 0x305000) (artDeliverPendingExceptionFromCode+2)
05-09 13:20:50.679 9651 9651 F DEBUG : #7 pc 004116cd /system/lib/libart.so (offset 0x305000) (art_quick_generic_jni_trampoline+124)
05-09 13:20:50.679 9651 9651 F DEBUG : #8 pc 003d4b27 /system/lib/libart.so (offset 0x305000) (art::GenericJniMethodEnd(art::Thread*, unsigned int, jvalue, unsigned long long, art::ArtMethod*, art::HandleScope*)+458)
05-09 13:20:50.679 9651 9651 F DEBUG : #9 pc 00000030

04-05 19:47:36.010: D/MainActivityLog(22859): beforeHookedMethod:param=com.lody.whale.xposed.XC_MethodHook$MethodHookParam@154140e
04-05 19:47:36.010: D/MainActivityLog(22859): hooking:thisObject=
04-05 19:47:36.010: D/MainActivityLog(22859): hooked args:com.example.looper.TestMessage@3fbcfe2f
04-05 19:47:36.110: I/DEBUG(463): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
04-05 19:47:36.110: I/DEBUG(463): Build fingerprint: 'OPPO/R9PlusmA/R9PlusA:5.1.1/LMY47V/1390465867:user/release-keys'
04-05 19:47:36.110: I/DEBUG(463): Revision: '0'
04-05 19:47:36.110: I/DEBUG(463): ABI: 'arm'
04-05 19:47:36.120: I/DEBUG(463): pid: 22859, tid: 22859, name: .example.looper >>> com.example.looper <<<
04-05 19:47:36.120: I/DEBUG(463): signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x54ae86c0
04-05 19:47:36.140: I/DEBUG(463): r0 fffffaa0 r1 ab006718 r2 72ac5039 r3 ed2d4ff0
04-05 19:47:36.140: I/DEBUG(463): r4 41dbd711 r5 ab0012c8 r6 00080001 r7 749dcbd0
04-05 19:47:36.140: I/DEBUG(463): r8 41dbd6b1 r9 00000000 sl 00000001 fp 40186de4
04-05 19:47:36.140: I/DEBUG(463): ip 41dbd6b0 sp fffb7910 lr 54ae86c0 pc 41f009a0 cpsr 000f0030
04-05 19:47:36.140: I/DEBUG(463): backtrace:
04-05 19:47:36.140: I/DEBUG(463): #00 pc 001e69a0 /system/lib/libart.so (art::mirror::ArtMethod::ToDexPc(unsigned int, bool)+143)
04-05 19:47:36.140: I/DEBUG(463): #01 pc 00232099 /system/lib/libart.so (art::CurrentMethodVisitor::VisitFrame()+40)
04-05 19:47:36.140: I/DEBUG(463): #2 pc 002310df /system/lib/libart.so (art::StackVisitor::WalkStack(bool)+254)
04-05 19:47:36.140: I/DEBUG(463): #3 pc 002329e9 /system/lib/libart.so (art::Thread::GetCurrentMethod(unsigned int*, bool) const+44)
04-05 19:47:36.140: I/DEBUG(463): #4 pc 0027722f /system/lib/libart.so (art::CheckReferenceResult(art::mirror::Object*, art::Thread*)+34)
04-05 19:47:36.140: I/DEBUG(463): #5 pc 00087e53 /system/lib/libart.so (art::JniMethodEndWithReference(_jobject*, unsigned int, art::Thread*)+62)
04-05 19:47:36.140: I/DEBUG(463): #6 pc 00296cc7 /system/lib/libart.so (artQuickGenericJniEndTrampoline+286)
04-05 19:47:36.140: I/DEBUG(463): #7 pc 000a36dd /system/lib/libart.so (art_quick_generic_jni_trampoline+44)
04-05 19:47:36.140: I/DEBUG(463): #8 pc 00000000
04-05 19:47:36.150: E/WifiStateMachine(1238): fetchRssiLinkSpeedAndFrequencyNative rssi=-57 linkspeed=86

In my project I have error:

E/Whale: Unable to read data from libart.so.
E/Whale: Runtime setup failed
E/AndroidRuntime: FATAL EXCEPTION: main
Process: my.app.kotlin, PID: 9952
java.lang.UnsatisfiedLinkError: JNI_ERR returned from JNI_OnLoad in "/data/app/my.app.kotlin-Dx78UYOq3EhE5pOC6XgTyw==/my.apk!/lib/x86/libwhale.so"

I reproduce it on simulator API 29 with x86 and x86_64
I try already builded *.so files, and try rebuild it locally

Do you have any ideas?

很感谢大佬能把好东西分享出来。

1. 是否支持SYSCALL？
2. 是否支持短指令函数？
3. 对动态参数，是否有样例？

有没有hook jni层的demo

Hi,
I came to know this hooking library is supporting Android 9 and x86_64 platform.
In my case I need to hook libGLES functions used by Android application(apk).

Am I able to do the same using Whale library?

机型：Meizu pro6s, android 7.1.1, sansung S8 android 8.0

XposedHelpers.findAndHookMethod("android.app.LoadedApk", classLoader, "makeApplication", boolean.class, Instrumentation.class,
                new XC_MethodHook() {
                    @Override
                    protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                        Log.e("wind", "wind -- beforeHookedMethod LoadedApk makeApplication  ");
                        super.beforeHookedMethod(param);
                    }
        });

在Application的attachBaseContext中hook LoadedApk的makeApplication方法出现崩溃（在Application onCreate中hook没有问题）
崩溃日志：

 --------- beginning of crash
2019-02-21 14:47:48.499 30290-30290/com.storm.wind.explib A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0 in tid 30290 (orm.wind.explib)
2019-02-21 14:47:48.500 982-982/? D/AEE_AED: $===AEE===AEE===AEE===$
2019-02-21 14:47:48.500 982-982/? D/AEE_AED: p 2 poll events 1 revents 1
2019-02-21 14:47:48.501 982-982/? D/AEE_AED: PPM cpu cores:10, online:6
2019-02-21 14:47:48.501 982-982/? D/AEE_AED: aed_main_fork_worker: generator 0xe8194e88, worker 0xffbcd564, recv_fd 0
2019-02-21 14:47:48.503 30305-30305/? I/AEE_AED: handle_request(0)
2019-02-21 14:47:48.503 30305-30305/? I/AEE_AED: check process 30290 name:orm.wind.explib
2019-02-21 14:47:48.503 30305-30305/? I/AEE_AED: tid 30290 abort msg address:0x00000000, si_code:1 (request from 30290:10252)
2019-02-21 14:47:48.503 30305-30305/? W/AEE_AED: debuggerd: handling request: pid=30290 uid=10252 gid=10252 tid=30290
2019-02-21 14:47:48.505 30305-30305/? I/AEE_AED: [preset_info] pid: 30290, tid: 30290, name: orm.wind.explib  >>> com.storm.wind.explib <<<
2019-02-21 14:47:48.505 30305-30305/? D/AEE_AED: ptrace_siblings
2019-02-21 14:47:48.506 352-352/? D/MALI: eglCreateImageKHR:513: [Crop] 0 0 0 0  img[1080 1920] 
2019-02-21 14:47:48.521 30305-30305/? D/AEE_AED: debuggerd: drop privileges
2019-02-21 14:47:48.521 1004-1397/? D/FlymeTrafficTracking: tag  (243) android Thread-8 uid 1000
2019-02-21 14:47:48.521 1004-1397/? D/FlymeTrafficTracking: set tracking tag android 8000ffff
2019-02-21 14:47:48.527 352-352/? D/BufferQueueProducer: [FrameBufferSurface_0](this:0x75716f6800,id:0,api:1,p:352,c:352) queueBuffer: fps=2.71 dur=16225.70 max=15470.13 min=15.45
2019-02-21 14:47:48.535 1373-1373/? D/SystemServicesProxy: getTopMostTask: tasks: 1329
2019-02-21 14:47:48.535 1632-1632/? W/recents.Component: create a new LoadPlan to load thumbnail -- background
2019-02-21 14:47:48.565 1632-1632/? I/recents.TaskLoadPlan: 		 load thumbnail from system
2019-02-21 14:47:48.571 30305-30305/? I/AEE_AED: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2019-02-21 14:47:48.572 30305-30305/? I/AEE_AED: Build fingerprint: 'Meizu/meizu_PRO6/PRO6:7.1.1/NMF26O/1531990520:user/release-keys'
2019-02-21 14:47:48.572 30305-30305/? I/AEE_AED: Revision: '0'
2019-02-21 14:47:48.572 30305-30305/? I/AEE_AED: ABI: 'arm'
2019-02-21 14:47:48.572 30305-30305/? I/AEE_AED: pid: 30290, tid: 30290, name: orm.wind.explib  >>> com.storm.wind.explib <<<
2019-02-21 14:47:48.572 30305-30305/? I/AEE_AED: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
2019-02-21 14:47:48.572 30305-30305/? I/AEE_AED:     r0 00000000  r1 00000000  r2 2f39d396  r3 fffa4c10
2019-02-21 14:47:48.572 30305-30305/? I/AEE_AED:     r4 7080a880  r5 33333333  r6 742f8897  r7 00000000
2019-02-21 14:47:48.572 30305-30305/? I/AEE_AED:     r8 ed685400  r9 ed685400  sl 709415c0  fp 00000006
2019-02-21 14:47:48.572 30305-30305/? I/AEE_AED:     ip 12c03f20  sp fffa49d8  lr ed23ebcb  pc ed5113ca  cpsr 600e0030
2019-02-21 14:47:48.576 30305-30305/? I/AEE_AED: backtrace:
2019-02-21 14:47:48.576 30305-30305/? I/AEE_AED:     #00 pc 003843ca  /system/lib/libart.so (_ZN3art25GetCalleeSaveMethodCallerEPPNS_9ArtMethodENS_7Runtime14CalleeSaveTypeEb+181)
2019-02-21 14:47:48.576 30305-30305/? I/AEE_AED:     #01 pc 003f7f35  /system/lib/libart.so (artQuickResolutionTrampoline+528)
2019-02-21 14:47:48.576 30305-30305/? I/AEE_AED:     #02 pc 000aea13  /system/lib/libart.so (art_quick_resolution_trampoline+34)
2019-02-21 14:47:48.576 30305-30305/? I/AEE_AED:     #03 pc 742f8895  /data/dalvik-cache/arm/system@[email protected] (offset 0x2f6f000)
2019-02-21 14:47:48.580 1632-1632/? I/recents.TaskLoadPlan: 		 load thumbnail from system
2019-02-21 14:47:48.581 1632-1632/? I/recents.TaskLoadPlan: 		 load thumbnail from system
2019-02-21 14:47:48.582 1632-1632/? I/recents.TaskLoadPlan: 		 load thumbnail from system
2019-02-21 14:47:48.583 1632-1632/? I/recents.TaskLoadPlan: 		 load thumbnail from system
2019-02-21 14:47:48.583 1632-1632/? W/recents.Performance: preload while task Change spend : 49
2019-02-21 14:47:48.674 1004-1349/? D/PerfServiceManager: [PerfService] MESSAGE_TIMEOUT:107 

XposedHelpers.findAndHookMethod("android.app.ActivityThread", classLoader, "main", String[].class,
                    new XC_MethodHook() {
                        @Override
                        protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                            Log.e("wind", "wind -- beforeHookedMethod ActivityThread main object ");
                            super.beforeHookedMethod(param);
                        }
                    });

在任意位置hook ActivityThread的main方法，必先崩溃，崩溃日志：
（app中hook ActivityThread的main方法，其实是徒劳的，因为肯定调用不到，此处只是上报此类问题，并无该需求场景）

2019-02-21 14:50:20.314 1632-1632/? I/recents.TaskLoadPlan: 		 load thumbnail from system
2019-02-21 14:50:20.314 1632-1632/? W/recents.Performance: preload while task Change spend : 54
2019-02-21 14:50:20.337 30746-30746/? I/AEE_AED: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2019-02-21 14:50:20.337 30746-30746/? I/AEE_AED: Build fingerprint: 'Meizu/meizu_PRO6/PRO6:7.1.1/NMF26O/1531990520:user/release-keys'
2019-02-21 14:50:20.337 30746-30746/? I/AEE_AED: Revision: '0'
2019-02-21 14:50:20.338 30746-30746/? I/AEE_AED: ABI: 'arm'
2019-02-21 14:50:20.338 30746-30746/? I/AEE_AED: pid: 30731, tid: 30731, name: orm.wind.explib  >>> com.storm.wind.explib <<<
2019-02-21 14:50:20.338 30746-30746/? I/AEE_AED: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x2f39d392
2019-02-21 14:50:20.338 30746-30746/? I/AEE_AED:     r0 2f39d382  r1 2f39d397  r2 73bfa029  r3 0000ffff
2019-02-21 14:50:20.338 30746-30746/? I/AEE_AED:     r4 2f39d396  r5 fffa5028  r6 fffa5068  r7 ed6ed140
2019-02-21 14:50:20.338 30746-30746/? I/AEE_AED:     r8 00000000  r9 ed23bb97  sl fffa29cc  fp 00000000
2019-02-21 14:50:20.338 30746-30746/? I/AEE_AED:     ip 00000021  sp fffa28f8  lr ed23ebef  pc ed23ec04  cpsr 00070030
2019-02-21 14:50:20.342 30746-30746/? I/AEE_AED: backtrace:
2019-02-21 14:50:20.342 30746-30746/? I/AEE_AED:     #00 pc 000b1c04  /system/lib/libart.so (_ZN3art9ArtMethod23GetOatQuickMethodHeaderEj+111)
2019-02-21 14:50:20.343 30746-30746/? I/AEE_AED:     #01 pc 0032ac11  /system/lib/libart.so (_ZN3art12StackVisitor9WalkStackEb+120)
2019-02-21 14:50:20.343 30746-30746/? I/AEE_AED:     #02 pc 0032e991  /system/lib/libart.so (_ZNK3art6Thread24CreateInternalStackTraceILb0EEEP8_jobjectRKNS_33ScopedObjectAccessAlreadyRunnableE+56)
2019-02-21 14:50:20.343 30746-30746/? I/AEE_AED:     #03 pc 002b6821  /system/lib/libart.so (_ZN3artL32Throwable_nativeFillInStackTraceEP7_JNIEnvP7_jclass+28)

在Android5.1设备上对Activity的onCreate（以及其他生命周期方法）进行hook时发现，如果自己定义的Activity复写了某些方法后，对Activity.class的对应方法进行hook时会hook不到，没有异常信息，没有复写的方法可以正常hook

麒麟970设备卡开机第二屏无限循环，经别人研究是whale问题，libwhale.edxp.so文件删除可正常开机

java.lang.NullPointerException: null receiver
02-26 22:51:23.068 E/AndroidRuntime(31196): at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3000)
02-26 22:51:23.068 E/AndroidRuntime(31196): at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3104)
02-26 22:51:23.068 E/AndroidRuntime(31196): at android.app.ActivityThread.-wrap12(Unknown Source:0)
02-26 22:51:23.068 E/AndroidRuntime(31196): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1756)
02-26 22:51:23.068 E/AndroidRuntime(31196): at android.os.Handler.dispatchMessage(Handler.java:106)
02-26 22:51:23.068 E/AndroidRuntime(31196): at android.os.Looper.loop(Looper.java:164)
02-26 22:51:23.068 E/AndroidRuntime(31196): at android.app.ActivityThread.main(ActivityThread.java:6905)
02-26 22:51:23.068 E/AndroidRuntime(31196): at java.lang.reflect.Method.invoke(Native Method)
02-26 22:51:23.068 E/AndroidRuntime(31196): at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
02-26 22:51:23.068 E/AndroidRuntime(31196): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:820)
02-26 22:51:23.068 E/AndroidRuntime(31196): Caused by: java.lang.NullPointerException: null receiver
02-26 22:51:23.068 E/AndroidRuntime(31196): at java.lang.reflect.Method.invoke(Native Method)
02-26 22:51:23.068 E/AndroidRuntime(31196): at com.lody.whale.WhaleRuntime.invokeOriginalMethodNative(Native Method)
02-26 22:51:23.068 E/AndroidRuntime(31196): at com.lody.whale.xposed.XposedBridge.invokeOriginalMethod(XposedBridge.java:293)
02-26 22:51:23.068 E/AndroidRuntime(31196): at com.lody.whale.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:238)
02-26 22:51:23.068 E/AndroidRuntime(31196): at com.lody.whale.WhaleRuntime.handleHookedMethod(WhaleRuntime.java:53)
02-26 22:51:23.068 E/AndroidRuntime(31196): at com.hellobike.publicbundle.logger.Logger.d(Native Method)
02-26 22:51:23.068 E/AndroidRuntime(31196): at com.hellobike.atlas.application.AppLifecycleCallback.onActivityCreated(AppLifecycleCallback.java:21)

Hello,

I try test_hook.cc on android. It seem work great if:
const char *val = getenv("lody");
But hang when:
const char *val = getenv("lody2");
It seem it hang when call backup function: Origin_getenv()
Please help!
Thanks!