记App Native Crash分析

记录某APP在我们设备上频繁崩溃(问题病没解决, 只是记录下如何通过ida 分析native crash )

案例1

先看看崩溃栈

--------- beginning of crash
09-28 11:05:49.640  3992  4046 F libc    : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x732d782f6e6f69 in tid 4046 (Thread-3), pid 3992 (netease.mhxyhtb)
09-28 11:05:49.885 26307 26307 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
09-28 11:05:49.887  2436  2436 I /system/bin/tombstoned: received crash request for pid 3992
09-28 11:05:49.898 26307 26307 I crash_dump64: performing dump of process 3992 (target tid = 4046)
09-28 11:05:49.898 26307 26307 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-28 11:05:49.898 26307 26307 F DEBUG   : Build fingerprint: 'samsung/GT-P7500/GT-P7500:3.2/HTJ85B/XWKL1:user/release-keys'
09-28 11:05:49.898 26307 26307 F DEBUG   : Revision: '0'
09-28 11:05:49.898 26307 26307 F DEBUG   : ABI: 'arm64'
09-28 11:05:49.898 26307 26307 F DEBUG   : pid: 3992, tid: 4046, name: Thread-3  >>> com.netease.mhxyhtb <<<
09-28 11:05:49.898 26307 26307 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x732d782f6e6f69
09-28 11:05:49.898 26307 26307 F DEBUG   :     x0   70732d782f6e6f69  x1   0000007ebdee9dc8  x2   0000007efd98d290  x3   0000007eb82f8420
09-28 11:05:49.898 26307 26307 F DEBUG   :     x4   0000007f01d65e68  x5   0000007f01d65e88  x6   0000007ebd237060  x7   0000007ebd01e460
09-28 11:05:49.898 26307 26307 F DEBUG   :     x8   0000007eb82e2e70  x9   0000007ecc6725b0  x10  fffffffffffffffe  x11  0000000000000000
09-28 11:05:49.898 26307 26307 F DEBUG   :     x12  0000000000000030  x13  0000007ebd04c4c0  x14  00000000ffffffff  x15  0000000000000000
09-28 11:05:49.898 26307 26307 F DEBUG   :     x16  0000007efe2fa538  x17  0000007efd941478  x18  0000000000000000  x19  0000007ec8170440
09-28 11:05:49.898 26307 26307 F DEBUG   :     x20  0000007eff461f80  x21  0000000000000002  x22  0000007ed030fc58  x23  0000007efd9ac314
09-28 11:05:49.898 26307 26307 F DEBUG   :     x24  0000007efe881d18  x25  0000000000000000  x26  0000000000000000  x27  0000007ee6f7d3b0
09-28 11:05:49.898 26307 26307 F DEBUG   :     x28  0000007ee6f7d3b0  x29  0000007eff9c09e0  x30  0000007efd97703c
09-28 11:05:49.898 26307 26307 F DEBUG   :     sp   0000007eff9c09e0  pc   0000007efd977084  pstate 0000000020000000
09-28 11:05:49.945 26307 26307 F DEBUG   : 
09-28 11:05:49.945 26307 26307 F DEBUG   : backtrace:
09-28 11:05:49.945 26307 26307 F DEBUG   :     #00 pc 0000000002be6084  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #01 pc 0000000002bcd128  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #02 pc 0000000002c1b690  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #03 pc 0000000002bcc434  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so (PyDict_Clear+336)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #04 pc 0000000002bcf694  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #05 pc 0000000002c3c584  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so (PyEval_EvalFrameEx+14244)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #06 pc 0000000002c3f124  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #07 pc 0000000002c3bbd8  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so (PyEval_EvalFrameEx+11768)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #08 pc 0000000002c3f124  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #09 pc 0000000002c3bbd8  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so (PyEval_EvalFrameEx+11768)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #10 pc 0000000002c3f124  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #11 pc 0000000002c3bbd8  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so (PyEval_EvalFrameEx+11768)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #12 pc 0000000002c3f124  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #13 pc 0000000002c3bbd8  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so (PyEval_EvalFrameEx+11768)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #14 pc 0000000002c38af4  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so (PyEval_EvalCodeEx+1588)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #15 pc 0000000002c3f088  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #16 pc 0000000002c3bbd8  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so (PyEval_EvalFrameEx+11768)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #17 pc 0000000002c3f124  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #18 pc 0000000002c3bbd8  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so (PyEval_EvalFrameEx+11768)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #19 pc 0000000002c3f124  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #20 pc 0000000002c3bbd8  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so (PyEval_EvalFrameEx+11768)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #21 pc 0000000002c38af4  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so (PyEval_EvalCodeEx+1588)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #22 pc 0000000002bdfc88  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #23 pc 0000000002bb8218  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so (PyObject_Call+116)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #24 pc 0000000002bb8360  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so (PyObject_CallFunction+216)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #25 pc 0000000002085b14  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #26 pc 0000000002066874  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #27 pc 00000000020665ac  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #28 pc 000000000202d954  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #29 pc 00000000020252ec  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #30 pc 0000000001c6e25c  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #31 pc 0000000001c94f18  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #32 pc 0000000001ca0e3c  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #33 pc 0000000001c952ec  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #34 pc 0000000001c9494c  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #35 pc 0000000001c955c0  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #36 pc 0000000001c919b4  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #37 pc 0000000001ebc2ac  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #38 pc 0000000001ebc3c8  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #39 pc 0000000001eb8e9c  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #40 pc 0000000001d10da4  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #41 pc 0000000001d9bde0  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #42 pc 0000000001d889b4  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #43 pc 00000000017661e0  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #44 pc 0000000001762290  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #45 pc 000000000177f31c  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #46 pc 0000000001c4a120  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #47 pc 00000000025f1140  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #48 pc 00000000025ef880  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #49 pc 00000000025f07f0  /data/app/com.netease.mhxyhtb-5ZfKnU0CHlDE2iBq-p1VSQ==/lib/arm64/libclient.so
09-28 11:05:49.945 26307 26307 F DEBUG   :     #50 pc 0000000000067e70  /system/lib64/libc.so (__pthread_start(void*)+36)
09-28 11:05:49.945 26307 26307 F DEBUG   :     #51 pc 000000000001ebe4  /system/lib64/libc.so (__start_thread+68)
09-28 11:05:50.504  2408  2547 I AudioFlinger: BUFFER TIMEOUT: remove(4098) from active list on thread 0xf2003080
09-28 11:05:51.002  2598 26308 D ActivityManager: addErrorToDropBox:com.netease.mhxyhtb, native_crash

查看下地址2be6084的反汇编代码

大概问题确定是错误是SEGV_MAPERR, v4解引用的时候, 并且知道向前遍历了内存result + 8 * v3 - 8,取决于函数的传参a1[2]的值

根据上面信息,x0寄存器的值70732d782f6e6f69 ,对比 fault addr 0x732d782f6e6f69一样没错 (别问我为什么前面多个70, 我不知道)

案例2

崩溃栈

--------- beginning of crash
09-28 10:34:19.207  3920  3975 F libc    : Fatal signal 11 (SIGSEGV), code 2, fault addr 0x7f1251e6f8 in tid 3975 (Thread-4), pid 3920 (netease.mhxyhtb)
09-28 10:34:19.484 20726 20726 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
09-28 10:34:19.485  2472  2472 I /system/bin/tombstoned: received crash request for pid 3920
09-28 10:34:19.488 20726 20726 I crash_dump64: performing dump of process 3920 (target tid = 3975)
09-28 10:34:19.488 20726 20726 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-28 10:34:19.488 20726 20726 F DEBUG   : Build fingerprint: 'samsung/GT-P7500/GT-P7500:3.2/HTJ85B/XWKL1:user/release-keys'
09-28 10:34:19.488 20726 20726 F DEBUG   : Revision: '0'
09-28 10:34:19.488 20726 20726 F DEBUG   : ABI: 'arm64'
09-28 10:34:19.488 20726 20726 F DEBUG   : pid: 3920, tid: 3975, name: Thread-4  >>> com.netease.mhxyhtb <<<
09-28 10:34:19.488 20726 20726 F DEBUG   : signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x7f1251e6f8
09-28 10:34:19.488 20726 20726 F DEBUG   :     x0   0000007eddacb320  x1   0000000000000000  x2   0000000000000010  x3   0000007f11c3ace4
09-28 10:34:19.488 20726 20726 F DEBUG   :     x4   0000007ed7c66e10  x5   0000000000000000  x6   0000007f13c7dcd8  x7   0000000000000000
09-28 10:34:19.488 20726 20726 F DEBUG   :     x8   0000007ed7c66e00  x9   0000007eca905268  x10  0000007f1251e6f8  x11  0000007f11476b71
09-28 10:34:19.488 20726 20726 F DEBUG   :     x12  0000007f15dcea40  x13  0000007f11c8f744  x14  00000000000000d1  x15  0000000000000000
09-28 10:34:19.488 20726 20726 F DEBUG   :     x16  0000007f125bd4c8  x17  0000007faf9844b0  x18  00000000ffffff99  x19  0000000000000001
09-28 10:34:19.488 20726 20726 F DEBUG   :     x20  0000007ec9f89e60  x21  0000000000000000  x22  0000007ec4d08178  x23  000000000000003c
09-28 10:34:19.488 20726 20726 F DEBUG   :     x24  0000000000000000  x25  0000000000000000  x26  0000007ec9f89e60  x27  0000007ec9f89e60
09-28 10:34:19.488 20726 20726 F DEBUG   :     x28  0000000000000000  x29  0000007f13c7dce0  x30  0000007f11c3ad34
09-28 10:34:19.488 20726 20726 F DEBUG   :     sp   0000007f13c7dce0  pc   0000007f11c3ad5c  pstate 0000000020000000
09-28 10:34:19.527 20726 20726 F DEBUG   : 
09-28 10:34:19.527 20726 20726 F DEBUG   : backtrace:
09-28 10:34:19.527 20726 20726 F DEBUG   :     #00 pc 0000000002be4d5c  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #01 pc 0000000002c3b900  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so (PyEval_EvalFrameEx+11040)
09-28 10:34:19.527 20726 20726 F DEBUG   :     #02 pc 0000000002c38af4  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so (PyEval_EvalCodeEx+1588)
09-28 10:34:19.527 20726 20726 F DEBUG   :     #03 pc 0000000002bdfc88  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #04 pc 0000000002bb8218  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so (PyObject_Call+116)
09-28 10:34:19.527 20726 20726 F DEBUG   :     #05 pc 0000000002bc4b1c  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #06 pc 0000000002bb8218  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so (PyObject_Call+116)
09-28 10:34:19.527 20726 20726 F DEBUG   :     #07 pc 0000000002c17cd4  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #08 pc 0000000002bb8218  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so (PyObject_Call+116)
09-28 10:34:19.527 20726 20726 F DEBUG   :     #09 pc 0000000002c3c0cc  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so (PyEval_EvalFrameEx+13036)
09-28 10:34:19.527 20726 20726 F DEBUG   :     #10 pc 0000000002c38af4  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so (PyEval_EvalCodeEx+1588)
09-28 10:34:19.527 20726 20726 F DEBUG   :     #11 pc 0000000002bdfc88  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #12 pc 0000000002bb8218  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so (PyObject_Call+116)
09-28 10:34:19.527 20726 20726 F DEBUG   :     #13 pc 0000000002c3b218  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so (PyEval_EvalFrameEx+9272)
09-28 10:34:19.527 20726 20726 F DEBUG   :     #14 pc 0000000002c38af4  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so (PyEval_EvalCodeEx+1588)
09-28 10:34:19.527 20726 20726 F DEBUG   :     #15 pc 0000000002bdfc88  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #16 pc 0000000002bb8218  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so (PyObject_Call+116)
09-28 10:34:19.527 20726 20726 F DEBUG   :     #17 pc 0000000002c3ea64  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so (PyEval_CallObjectWithKeywords+200)
09-28 10:34:19.527 20726 20726 F DEBUG   :     #18 pc 0000000002d0c268  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so (PyEval_CallFunction+256)
09-28 10:34:19.527 20726 20726 F DEBUG   :     #19 pc 00000000021cc48c  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #20 pc 00000000022146b8  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #21 pc 0000000001cbc038  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #22 pc 0000000001cbbfc0  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #23 pc 0000000001cbbfc0  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #24 pc 0000000001cbc840  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #25 pc 0000000001cc751c  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #26 pc 000000000202d480  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #27 pc 000000000202d9ec  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #28 pc 00000000020252ec  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #29 pc 0000000001c6e25c  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #30 pc 0000000001c94f18  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #31 pc 0000000001ca0e3c  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #32 pc 0000000001c952ec  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #33 pc 0000000001c9494c  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #34 pc 0000000001c955c0  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #35 pc 0000000001c919b4  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #36 pc 0000000001ebc2ac  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #37 pc 0000000001ebc3c8  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #38 pc 0000000001eb8e9c  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #39 pc 0000000001d10da4  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.527 20726 20726 F DEBUG   :     #40 pc 0000000001d9bde0  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.528 20726 20726 F DEBUG   :     #41 pc 0000000001d889b4  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.528 20726 20726 F DEBUG   :     #42 pc 00000000017661e0  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.528 20726 20726 F DEBUG   :     #43 pc 0000000001762290  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.528 20726 20726 F DEBUG   :     #44 pc 000000000177f31c  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.528 20726 20726 F DEBUG   :     #45 pc 0000000001c4a120  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.528 20726 20726 F DEBUG   :     #46 pc 00000000025f1140  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.528 20726 20726 F DEBUG   :     #47 pc 00000000025ef880  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.528 20726 20726 F DEBUG   :     #48 pc 00000000025f07f0  /data/app/com.netease.mhxyhtb-TkLvqcrhdBljRG8kCSetYg==/lib/arm64/libclient.so
09-28 10:34:19.528 20726 20726 F DEBUG   :     #49 pc 0000000000067e70  /system/lib64/libc.so (__pthread_start(void*)+36)
09-28 10:34:19.528 20726 20726 F DEBUG   :     #50 pc 000000000001ebe4  /system/lib64/libc.so (__start_thread+68)

查看地址2be4d5c

又是循环遍历,又是解引用, fault addr是 0x7f1251e6f8 正好是x10寄存器

结合上面的情况,

两次崩溃都是根据函数传参过来的指针做遍历,解引用导致崩溃.
都是在程序运行一段时间.
整个崩溃栈都没是在APP SO 内部

2次崩溃核心都是是传递给函数的这个参数,而调用栈完全是游戏本身,并未经过任何系统库

posted @ 2023-09-28 15:45 梦过无声阅读(248) 评论(0) 编辑收藏举报

刷新页面返回顶部

登录后才能查看或发表评论，立即登录或者逛逛博客园首页

相关博文：

· ARM64上内联汇编实现系统调用

· APP再次启动崩溃

· gdb调试core dump文件之二

· /lib64/libc.so.6 错误导致的系统崩溃

· UE4 Android打印出所有线程的调用栈

阅读排行：
· 无需6万激活码！GitHub神秘组织3小时极速复刻Manus，手把手教你使用OpenManus搭建本
· Manus爆火，是硬核还是营销？
· 终于写完轮子一部分：tcp代理了，记录一下
· 别再用vector＜bool＞了！Google高级工程师：这可能是STL最大的设计失误
· 单元测试从入门到精通

历史上的今天：
2022-09-28 SystemCall系统调用流程

公告

昵称：梦过无声
园龄： 4年8个月
粉丝： 5
关注： 2

+加关注

2025年3月

日

一

二

三

四

五

六

梦过无声

记App Native Crash分析

案例1

案例2

公告

搜索

常用链接

我的标签

随笔分类

随笔档案

阅读排行榜

评论排行榜

推荐排行榜

最新评论