夜神模拟器跑unity应用,hook libunity.so #22
Description
我现在在夜神模拟器7.0.0.8 32位上跑bhook,hook了libunity的fseek函数或者其他函数,fopen等等。我单纯调用bytehook_init没问题,但是一旦调用了bytehook_hook_single去hook函数,也是显示hook成功的,但是后面就闪退了:
2021-12-17 12:12:00.127 5510-5510/? A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0xfff33011 in tid 5510 (xxx.xxx.xxx)
2021-12-17 12:12:00.133 5567-5567/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2021-12-17 12:12:00.133 5567-5567/? A/DEBUG: Build fingerprint: 'samsung/dream2qltezh/dream2qltechn:7.1/N2G48H/G9550ZHU1AQEE:user/release-keys'
2021-12-17 12:12:00.133 5567-5567/? A/DEBUG: Revision: '12'
2021-12-17 12:12:00.133 5567-5567/? A/DEBUG: ABI: 'x86'
2021-12-17 12:12:00.133 5567-5567/? A/DEBUG: pid: 5510, tid: 5510, name: xxx.xxx.xxx >>> xxx.xxx.xxx <<<
2021-12-17 12:12:00.133 5567-5567/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xfff33011
2021-12-17 12:12:00.133 5567-5567/? A/DEBUG: eax f66d4127 ebx 98724ff4 ecx 00000001 edx fff32e99
2021-12-17 12:12:00.133 5567-5567/? A/DEBUG: esi 989a720c edi fff32e99
2021-12-17 12:12:00.133 5567-5567/? A/DEBUG: xcs 00000073 xds 0000007b xes 0000007b xfs 0000003b xss 0000007b
2021-12-17 12:12:00.133 5567-5567/? A/DEBUG: eip 984fa373 ebp 988c67e4 esp bfa9c334 flags 00010282
2021-12-17 12:12:00.133 5567-5567/? A/DEBUG: backtrace:
2021-12-17 12:12:00.133 5567-5567/? A/DEBUG: #00 pc 00238373 /system/lib/libhoudini.so
我的应用是只打了arm32和arm64的,没打x86,在模拟器上应该是跑的arm32。应该是libhoudini.so转码导致的。用你的demo只打arm32和arm64,在模拟器上跑却没问题。