hluwa / frida-dexdump Goto Github PK

现在很多壳带反调试，frida附不上。我现在遇到一个厉害的，梆梆的壳。用spawn -f参数都绕不过，打开直接黑屏。大佬有啥好思路一键脱这种壳的dex吗？

[Except] - Unable dump dex: Error: missing argument
at frida/runtime/core.js:225
at scandex (/script1.js:117)
at frida/runtime/message-dispatcher.js:45
at o (frida/runtime/message-dispatcher.js:27) in
File "d:\python37\lib\site-packages\frida\core.py", line 333, in _rpc_request
raise result[2]

FRIDA-Dexdump tool does not unpack successfully the following malware and dumps an erroneous DEX file that disassemblers fail to process. It seems there is a checksum issue.

How to reproduce / grab the sample
See this tweet: https://twitter.com/ReBensk/status/1485569424874938371?s=20 and download 53108_Video_Oynatıcı.apk (sha256: 62a313bcf8611205a25850405fdf45c5c207d4755411d1ce26607eeb41581fd7). It is a malware, be cautious, don't install it on a real phone, rather an emulator.

Dump the DEXes

Launch it the app, and try to dump its DEXes with frida-dexdump (I personally needed to attach to its PID, the other ways did not work). You should get 2 DEXs: the main one, and the payload.

com.donkey.fragile$ ls
0x7acff17e401c.dex  0x7acff1a4401c.dex

Now, try and decompile 0x7acff17e401c.dex (sha256: 7b9961dbba9b6fb9522d15ef7169af26e30810989b4bb8b58b40f087896d1956).

Disassembly errors

For instance, head to com.about.across.bot.a.a.
With JADX, you get an error at opening the DEX: "Load failed, Error count: 1" and the following logs:

ERROR - File open error: /workshop/./0x7acff17e401c.dex
jadx.plugins.input.dex.DexException: Bad checksum: 0x73eb147b, expected: 0x6f8eb545
	at jadx.plugins.input.dex.utils.DexCheckSum.verify(DexCheckSum.java:22)
	at jadx.plugins.input.dex.DexFileLoader.checkFileMagic(DexFileLoader.java:57)
	at jadx.plugins.input.dex.DexFileLoader.loadDexFromFile(DexFileLoader.java:40)
	at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
	at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
	at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1384)
	at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
	at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
	at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
	at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:566)
	at jadx.plugins.input.dex.DexFileLoader.collectDexFiles(DexFileLoader.java:35)
	at jadx.plugins.input.dex.DexInputPlugin.loadDexFiles(DexInputPlugin.java:29)
	at jadx.plugins.input.dex.DexInputPlugin.loadFiles(DexInputPlugin.java:25)
	at jadx.api.JadxDecompiler.loadInputFiles(JadxDecompiler.java:126)
	at jadx.api.JadxDecompiler.load(JadxDecompiler.java:111)
	at jadx.gui.JadxWrapper.openFile(JadxWrapper.java:45)
	at jadx.gui.ui.MainWindow.lambda$open$0(MainWindow.java:419)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
INFO  - Loaded classes: 0, methods: 0, instructions: 0

With JEB decompiler you get:

public static void a(Context arg5) {
        // ERROR - The method was not decompiled
        // Cannot decompile method containing odex instructions: Lcom/about/across/bot/a/a;->a(Landroid/content/Context;)V
        // Restore the original dex first, then load it into JEB.
        // Reference: https://www.pnfsoftware.com/jeb/manual/android/#optimized-dex-odex
    }

With baksmali you get:

   aput-object v3, v2, v4

    invoke-static {v0, v2}, Lcom/about/across/bot/e/d;->a(Ljava/lang/String;[Ljava/lang/Object;)V

    invoke-static {p0, v1}, Lcom/about/across/bot/a/a;->a(Landroid/content/Context;Z)V

    #disallowed odex opcode
    #return-void-no-barrier
    nop
.end method

With baksmali + jd-gui, you get:

public class a {
  public static void a(Context paramContext) {
    d.a("!!!!!", new Object[] { "attempt to enable internet" });
    a(paramContext, true);
    throw new VerifyError("bad dex opcode");
  }

I am using latest FRIDA-Dexdump from git and Frida server 15.1.14.

jadx.plugins.input.dex.DexException: Bad checksum: 0x7d0b2ec3, expected: 0xb39bba93
at jadx.plugins.input.dex.utils.DexCheckSum.verify(DexCheckSum.java:22)
at jadx.plugins.input.dex.DexFileLoader.load(DexFileLoader.java:68)
at jadx.plugins.input.dex.DexFileLoader.loadDexFromFile(DexFileLoader.java:50)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source)
at jadx.plugins.input.dex.DexFileLoader.collectDexFiles(DexFileLoader.java:45)
at jadx.plugins.input.dex.DexInputPlugin.loadFiles(DexInputPlugin.java:34)
at jadx.plugins.input.dex.DexInputPlugin.loadFiles(DexInputPlugin.java:30)
at jadx.api.JadxDecompiler.loadInputFiles(JadxDecompiler.java:130)
at jadx.api.JadxDecompiler.load(JadxDecompiler.java:114)
at jadx.gui.JadxWrapper.openFile(JadxWrapper.java:52)
at jadx.gui.ui.MainWindow.lambda$openFiles$0(MainWindow.java:427)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)

C:\Users\jin10>objection -g wind.android explore -P C:\Users\kingking\.objection\plugins Using USB device Pixel 2`
Agent injected and responds ok!
[plugin] C:\Users\kingking.objection\plugins\dexdump does not appear to be a valid plugin. Missing init.py
Loaded plugin: wallbreaker

 _   _         _   _

| |||__ | |||__ ___
| . | . | | -| | | | . | |
||| |||| |||||
|___|(object)inject(ion) v1.9.6

 Runtime Mobile Exploration
    by: @leonjza from @sensepost

[tab] for command suggestions
`

Spawning xxxxxxxx...
一直保持这个页面是什么情况。。。

frida模块不能正常启动的原因还是在于多python环境的环境变量问题,python2和python3都可以成功启动,这里举例python2方法.
1,卸载python2和python3下frida和frida-tools
2,确保运行"python"运行的是python2
-->解决此问题将python2的两个环境变量放在python3的两个环境变量前面,python3记得改名位python3.exe(目录里没有python.exe)
3,重新安装pip,重新安装pip后,pip会自动关联python版本
4,重新安装frida和frida-tools
解决

今年360加固增加了对dex包的加密处理,脱壳出无法解析,请问怎么办,谢谢

[Except] - Unable to inject into process: unable to connect to remote frida-server in
File "d:\python\python37\lib\site-packages\frida\core.py", line 101, in enumerate_processes
return self._impl.enumerate_processes()

我是用pip install安装的frida-dexdump然后直接运行frida-dexdump提示上述报错
我检查了下frida-server都是连接正常的，frida-ps -U 也能正常读 ，请问该怎么解决

frida 的版本 和模拟器安卓版本 推荐一下

Traceback (most recent call last):
File "main.py", line 8, in
import click
ModuleNotFoundError: No module named 'click'

请问大佬这个报错是什么原因

frida-server_12.0.5
root@ubuntu:~/apktool/FRIDA-DEXDump# python3 main.py [DEXDump]: found target [24720] com.xxx.android.xxxx Traceback (most recent call last): File "main.py", line 46, in <module> matches = script.exports.scandex() File "/usr/local/lib/python3.6/dist-packages/frida/core.py", line 322, in method return script._rpc_request('call', js_name, args) File "/usr/local/lib/python3.6/dist-packages/frida/core.py", line 250, in _rpc_request raise result[2] frida.core.RPCException: Error: missing argument at frida/runtime/core.js:223 at scandex (script1.js:13) at e (frida/runtime/message-dispatcher.js:45) at t (frida/runtime/message-dispatcher.js:24)

如图启动frida-server：

然后运行main.py，adb-shell直接就退了出来到夜神模拟器目录

环境是夜神模拟器，frida14.2.2

on Android Emulator (Google APIs), DEXDump cannot stop the process using the su -c 'cmd' because the su format is su [UID[,GID[,GID2]...]] [COMMAND [ARG...]]

02-08/15:17:00 INFO [DEXDump]: found target [19245] logcat
su: invalid uid/gid '-c'
su: invalid uid/gid '-c'

00 00 00 00 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 70 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 70 00 00 00

frida-dexdump 获取到的dex中的类 和 trace method 获取到的类对比，发现dump下来的类缺失。除了利用dexdump这种手段，可以有哪些手段获取下缺失的dex文件呢？

脱壳招行app，frida报错

[DEXDump]: found target [2940] cmb.pb
Permission denied
[Except] - Unable dump dex: process with pid 2940 either refused to load frida-agent, or ter
minated during injection in
File "C:\Users\xyz\AppData\Roaming\Python\Python37\site-packages\frida\core.py", line
156, in attach
return Session(selfattach(self._pid_of(target), *args, **kwargs))

The Tool didn't give any runtime loaded DEXs with DexProtector.
Thank you for this Repo.

嘿嘿嘿

FRIDA-DEXDump use dump(dexptr, map_offset), but I got an uncorrected dex file. When using dex2jar on it, I got an error:
╰─$ sh d2j-dex2jar.sh 0x7ba1f1f01c.dex
dex2jar 0x7ba1f1f01c.dex -> ./0x7ba1f1f01c-dex2jar.jar
java.lang.IllegalArgumentException: newPosition > limit: (1605878 > 427976)
at java.base/java.nio.Buffer.createPositionException(Buffer.java:318)
at java.base/java.nio.Buffer.position(Buffer.java:293)
at java.base/java.nio.ByteBuffer.position(ByteBuffer.java:1094)
at java.base/java.nio.ByteBuffer.position(ByteBuffer.java:262)
at com.googlecode.d2j.reader.DexFileReader.getString(DexFileReader.java:967)
at com.googlecode.d2j.reader.DexFileReader.getType(DexFileReader.java:981)
at com.googlecode.d2j.reader.DexFileReader.accept(DexFileReader.java:654)
at com.googlecode.d2j.reader.DexFileReader.accept(DexFileReader.java:625)
at com.googlecode.d2j.dex.Dex2jar.doTranslate(Dex2jar.java:88)
at com.googlecode.d2j.dex.Dex2jar.to(Dex2jar.java:280)
at com.googlecode.dex2jar.tools.Dex2jarCmd.doCommandLine(Dex2jarCmd.java:112)
at com.googlecode.dex2jar.tools.BaseCmd.doMain(BaseCmd.java:290)
at com.googlecode.dex2jar.tools.Dex2jarCmd.main(Dex2jarCmd.java:33)
So, I found that the dump size is wrong. After modifying the dump size to fileSize, I got a correct dex file, and successfully run dex2jar on it.

My question is why using map_offset?
and why it can dump correctly when dex_size > map_offset?

plugin dexdump dump包括：
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ebef4a01c', 'size': 686392}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ec862f01c', 'size': 237732}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ecbd5401c', 'size': 6384772}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ecc6b201c', 'size': 7980312}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7eccee901c', 'size': 9034624}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ecdc9c01c', 'size': 4631576}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ecf7b0028', 'size': 355688}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ecf806d94', 'size': 2436}
[Except] - can only concatenate str (not "int") to str: {'addr': '0x7ecf807718', 'size': 2436}

frida.PermissionDeniedError: unable to access process with pid 20541 due to system restrictions; try sudo sysctl kernel.yama.ptrace_scope=0, or run Frida as root

是app内部，有检测么

大佬，我想请教一下，app使用了TracerPid反调试怎样脱壳呢

While i am trying to dump dynamically loaded dex files i got exception
this is the error log
[Except] - Error: access violation accessing 0x7854600000 at <anonymous> (frida/runtime/core.js:127) at memorydump (/script1.js:110) at apply (native) at <anonymous> (frida/runtime/message-dispatcher.js:13) at c (frida/runtime/message-dispatcher.js:23): {'addr': '0x78545fa880', 'size': 90320} [Except] - Error: access violation accessing 0x7861600000 at <anonymous> (frida/runtime/core.js:127) at memorydump (/script1.js:110) at apply (native) at <anonymous> (frida/runtime/message-dispatcher.js:13) at c (frida/runtime/message-dispatcher.js:23): {'addr': '0x7861543820', 'size': 4618488}

尝试用其脱壳，main.py 49行报错
发生异常: RPCException
Error: expected an integer
at frida/runtime/core.js:144
at frida/runtime/message-dispatcher.js:15
at o (frida/runtime/message-dispatcher.js:25)
File "E:\Win_tools\FRIDA-DEXDump-master\main.py", line 49, in
bs = script.exports.memorydump(dex['addr'], dex['size'])

打印 (dex['addr'], dex['size']）发现最后一个[DEXDump]是负值
像这样 addr:-1727442502,size:-1727442502

第一次用Frida，不太明白。求大神解惑。server,core也是最新的

[Except] - Error: access violation accessing 0xe7402000
at (frida/runtime/core.js:127)
at memorydump (/script1.js:110)
at apply (native)
at (frida/runtime/message-dispatcher.js:13)
at c (frida/runtime/message-dispatcher.js:23): {'addr': '0xe7323490', 'size': 6680424}
[Except] - Error: access violation accessing 0xe7402000
at (frida/runtime/core.js:127)
at memorydump (/script1.js:110)
at apply (native)
at (frida/runtime/message-dispatcher.js:13)
at c (frida/runtime/message-dispatcher.js:23): {'addr': '0xe7323500', 'size': 7013392}
[Except] - Error: access violation accessing 0xe7402000
at (frida/runtime/core.js:127)
at memorydump (/script1.js:110)
at apply (native)
at (frida/runtime/message-dispatcher.js:13)
at c (frida/runtime/message-dispatcher.js:23): {'addr': '0xe73235e0', 'size': 5704696}

FRIDA-DEXDump-1.0.3
frida version 14.2.18

Hey. After dumping all .dex from memory and trying to decompile it getting:
#disallowed odex opcode
#iget-object-quick v2, p0, field@0x8
nop
Lot of code like this. Tried to decompile with deodex, not worked too.
How to decompile it?

After I did dump a package using frida-dexdump command and find new classes, I hooked new classes, but Frida said like "trace class failed Error: java.lang.ClassNotFoundException: Didn't find class "com.priguard.C4510KernelInstance" on path: DexPathList[[zip file "/data/app/com.ui-1/base.apk"],nativeLibraryDirectories=[/data/app/com.ui-1/lib/x86, /data/app/com.ui-1/base.apk!/lib/x86, /system/lib, /vendor/lib]]"

Hook code is:
Java.perform(function (targetClass) {
var hook;
try {
hook = Java.use(targetClass);
} catch (e) {
console.error("trace class failed", e);
return;
}
}

Could anyone help me how to hook to com.priguard.C4510KernelInstance?

apk: https://www.wandoujia.com/apps/7868176
安装apk后修改脚本:
把get_usb_device替换为get_remote_device (win64)
测试

1. 启动fridaServer.
2. tcp转发
3. python main.py
   [DEXDump]: found target [1596] com.jtjsb.xndwsq [DEXDump]: DexSize=0x6df168, SavePath=./com.jtjsb.xndwsq/0xe208f000.dex [DEXDump]: DexSize=0x23162c, SavePath=./com.jtjsb.xndwsq/0xe276f000.dex [DEXDump]: DexSize=0x11c, SavePath=./com.jtjsb.xndwsq/0xf46ce678.dex [DEXDump]: DexSize=0x1, SavePath=./com.jtjsb.xndwsq/0xf46cf0f8.dex [DEXDump]: DexSize=0x789, SavePath=./com.jtjsb.xndwsq/0xf7531000.dex
4. 去手机对应的data/data/com.jtjsb.xndwsq或者data/app/com.jtjsb.xndwsq无法找到对应的dex
5. 在data目录全局搜 find . -name 0xe208f000.dex 没有对应的结果.

大佬辛苦了.

This is a minor issue.

I have frida-dexdump 2.0.1:

$ pip list | grep dexdump
frida-dexdump  2.0.1

But if I do frida-dexdump --version, it says 15.1.17, which is Frida's version.

The program's help says:

 --version             show program's version number and exit

So, with this comment, I think that we should get 2.0.1. If not, it's just as simple as modifying the help with something like "show Frida's version number and exit"

环境：frida 15.1.2，对象顺丰速运
在choose函数中target.identifier的值是包名
Application(identifier="com.sf.activity", name="顺丰速运", pid=14246, parameters={})
但是在device.enumerate_processes()中process的name值却是“顺丰速运”，而非包名"com.sf.activity"，导致匹配失败。
建议在choose函数处理如下
if pid is None and pkg is None:
target = device.get_frontmost_application()
pid = target.pid
#return target.pid, target.identifier

frida.InvalidOperationError: script has been destroyed

只找出一些依赖包的，应用包名下的没有？怎么回事？

首先感谢大神这个骨骼惊奇且高效的解决方案。
怀着激动地心情我在真机上进行了测试，用的是没加壳的APK(我觉得没加壳的apk在内存里也有dex结构)。
脱出的dex文件和原dex文件大小一致，但是MD5不用。
进一步发现，脱出来的dex文件转成jar的时候会产生很多错误。
样本：
WiFi ADB Debug Over Air_v3.0.2.apk.zip

测试环境
Nexus 6 （android 5.1）
Nexus 6 （android 7.0）
Google Pixel （android 7.0）

结果均一样。

请问这个方案是只针对加壳的dex才有效吗？还是我的测试环境有问题？
如果方便的话能提供样本apk吗，加壳之前和之后的

谢谢

使用葫芦娃本尊教程，测试发现两个问题。

1. su -c在我root过的手机上无法使用，提示invalid option --c，不知道是否为root权限问题，没有其他更多手机做测试了。
2. 获取的代码无法正常打开，提示了错误
   
   成片这样的代码，应该是哪里错误了。

小白提问，不知道我使用错误还是其他问题。

[Except] - Unable to inject into process: 'NoneType' object has no attribute 'pid' in
File "main.py", line 147, in choose
return target.pid, target.identifier

[Except] - Unable dump dex: process with pid 2023 either refused to load frida-agent, or terminated during injection in
File "/home/kwaiching/.local/lib/python3.8/site-packages/frida/core.py", line 165, in attach
return Session(self._impl.attach(self._pid_of(target), *args, **kwargs))

[Except] - Unable dump dex: process with pid 2262 either refused to load frida-agent, or terminated during injection in
File "/home/kwaiching/.local/lib/python3.8/site-packages/frida/core.py", line 165, in attach
return Session(self._impl.attach(self._pid_of(target), *args, **kwargs))

unable to access process with pid 1333 due to system restrictions; try sudo sysctl kernel.yama.ptrace_scope=0, or run Frida as root

怎么解决

(frida-dexdump -U -f com.sec.n1book1 -d --sleep 5

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
                                                               __      _     _                 _              _                                                                                   
                                                             / _|_ __(_) __| | __ _        __| | _____  ____| |_   _ _ __ ___  _ __                                                              
                                                            | |_| '__| |/ _` |/ _` |_____ / _` |/ _ \ \/ / _` | | | | '_ ` _ \| '_ \                                                             
                                                            |  _| |  | | (_| | (_| |_____| (_| |  __/>  < (_| | |_| | | | | | | |_) |                                                            
                                                            |_| |_|  |_|\__,_|\__,_|      \__,_|\___/_/\_\__,_|\__,_|_| |_| |_| .__/                                                             
                                                                                                                              |_|                                                                
                                                                              https://github.com/hluwa/frida-dexdump                                                                             
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Spawning `com.sec.n1book1`...                                           
INFO:Agent:DexDumpAgent<Connection(pid=Session(pid=21402), connected:True), attached=True>: Attach.
INFO:frida-dexdump:Waiting 5s...
INFO:frida-dexdump:[+] Searching...
INFO:frida-dexdump:[*] Successful found 12 dex, used 5 time.
INFO:frida-dexdump:[+] Starting dump to '/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1'...
INFO:frida-dexdump:[+] DexMd5=df2b99537b2d11d3074d6fe752a763bb, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes.dex, DexSize=0x2154fc
INFO:frida-dexdump:[+] DexMd5=b0cef7130867f8df4b2612290ef8a639, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes02.dex, DexSize=0x21c000
INFO:frida-dexdump:[+] DexMd5=4d956f9be62251c9b41aec34bdc39ad4, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes03.dex, DexSize=0x77e4
INFO:frida-dexdump:[+] DexMd5=e0ade20e9e8fa40707ca9311ef7471ac, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes04.dex, DexSize=0xc2000
INFO:frida-dexdump:[+] DexMd5=f1771b68f5f9b168b79ff59ae2daabe4, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes05.dex, DexSize=0x11c
INFO:frida-dexdump:[+] DexMd5=f787db82adb852244f53363bef7debc1, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes06.dex, DexSize=0x3e3c2
INFO:frida-dexdump:[+] DexMd5=97b84ab1fdeff52bd3b0dadeab89e7bc, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes07.dex, DexSize=0x180000
ERROR:frida-dexdump:[-] Error: access violation accessing 0xea280000
    at <anonymous> (frida/runtime/core.js:141)
    at memorydump (src/search.ts:41)
    at apply (native)
    at <anonymous> (frida/runtime/message-dispatcher.js:13)
    at c (frida/runtime/message-dispatcher.js:23): {'addr': '0xea2097b0', 'size': 2210360}
Traceback (most recent call last):
  File "/Users/xxx/Desktop/hack/tools/ooo/env/lib/python3.8/site-packages/frida_dexdump/__main__.py", line 81, in dump
    bs = self.agent.memory_dump(dex['addr'], dex['size'])
  File "/Users/xxx/Desktop/hack/tools/ooo/env/lib/python3.8/site-packages/frida_dexdump/agent/__init__.py", line 24, in memory_dump
    return self._rpc.memorydump(base, size)
  File "/Users/xxx/Desktop/hack/tools/ooo/env/lib/python3.8/site-packages/frida/core.py", line 468, in method
    return script._rpc_request('call', js_name, args, **kwargs)
  File "/Users/xxx/Desktop/hack/tools/ooo/env/lib/python3.8/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/Users/xxx/Desktop/hack/tools/ooo/env/lib/python3.8/site-packages/frida/core.py", line 400, in _rpc_request
    raise result[2]
frida.core.RPCException: Error: access violation accessing 0xea280000
    at <anonymous> (frida/runtime/core.js:141)
    at memorydump (src/search.ts:41)
    at apply (native)
    at <anonymous> (frida/runtime/message-dispatcher.js:13)
    at c (frida/runtime/message-dispatcher.js:23)
INFO:frida-dexdump:[+] DexMd5=259b24fa37bd13fc13441551db3dc4a2, SavePath=/Users/xxx/Desktop/hack/tools/ooo/com.sec.n1book1/classes08.dex, DexSize=0x76850
INFO:frida-dexdump:[*] All done...)

n1book_android1.apk.zip

360加固头部抹除的无法dump

貌似 python3 main.py 这个命令运行之后，是按照 frida-ps --usb 这个默认命令来的。
我再虚拟机（vmware）上的usb设备无法访问。

所以，想了解下，如何在frida-dexdump 中，为frida-ps 这个命令增加 --host参数。谢谢。
（现在的报错是：unable to connect to remote server）

DEVICE: nexus 5X , SYSTEM: 6.0.1 (MMB29K)
CLIENT: 15.1.17, SERVER: frida-server-15.1.17-android-arm64
COMMAND: frida-ps -U
CAUSE: Android UI Crash

error log:
{"type":"error","description":"RangeError: Maximum call stack size exceeded","stack":"RangeError: Maximum call stack size exceeded\n at Proxy.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:722:1)\n at frida/node_modules/frida-java-bridge/lib/class-factory.js:627:1\n at Array.forEach ()\n at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:624:1)\n at CallbackContext. (frida/node_modules/frida-java-bridge/lib/class-factory.js:592:1)\n at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:1058:1)\n at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:580:1)\n at Function.value (frida/node_modules/frida-java-bridge/lib/class-factory.js:964:1)\n at Proxy.e (frida/node_modules/frida-java-bridge/lib/class-factory.js:547:1)\n at Proxy.sendMessageDelayed.implementation (/internal-agent.js:443:31)","fileName":"frida/node_modules/frida-java-bridge/lib/class-factory.js","lineNumber":722,"columnNumber":1}

脱出的hex分好几个文件，是需要合并吗？如果需要合并具体怎么操作？
我测试的一个脱出三个hex文件，前两个能打开，最后一个打开啥也没有，但是文件大小有2M.

赶紧更新版本，目前版本太老了，速度。。。

[Except] - Unable to inject into process: unexpectedly timed out while waiting for FIFO to establish in
File "/home/kwaiching/.local/lib/python3.8/site-packages/frida/core.py", line 93, in get_frontmost_application
return self._impl.get_frontmost_application()

Then my phone reboot