Unable to intercept function

[glzlaohuai]

Hi, I got an error when using jnitrace :

ERROR: {'type': 'error', 'description': 'Error: unable to intercept function at 0x7a833a1000; please file a bug', 'stack': 'Error: unable to intercept function at 0x7a833a1000; please file a bug\n    at value (frida/runtime/core.js:315)\n    at create (node_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js:39)\n    at <anonymous> (node_modules/jnitrace-engine/dist/jni/java_vm_interceptor.js:45)', 'fileName': 'frida/runtime/core.js', 'lineNumber': 315, 'columnNumber': 1}

And at the same time, the app crashed,

? A/OpenGLRenderer: Failed to choose config, error = EGL_SUCCESS
    
    --------- beginning of crash
? A/libc: Fatal signal 6 (SIGABRT), code -6 in tid 19594 (RenderThread), pid 19492 (on_test.xxx)
? I/crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
? I//system/bin/tombstoned: received crash request for pid 19492
? I/crash_dump64: performing dump of process 19492 (target tid = 19594)
? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
? A/DEBUG: Build fingerprint: 'google/walleye/walleye:8.1.0/OPM4.171019.021.Q1/4820346:user/release-keys'
? A/DEBUG: Revision: 'MP1'
? A/DEBUG: ABI: 'arm64'
? A/DEBUG: pid: 19492, tid: 19594, name: RenderThread  >>> com.xxx.test <<<
? A/DEBUG: signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
? A/DEBUG: Abort message: 'Failed to choose config, error = EGL_SUCCESS'
? A/DEBUG:     x0   0000000000000000  x1   0000000000004c8a  x2   0000000000000006  x3   0000007a6732d770
? A/DEBUG:     x4   0000000000000000  x5   0000000000000000  x6   0000000000000000  x7   7f7f7f7f7f7f7f7f
? A/DEBUG:     x8   00000000000000f0  x9   8f7d662b3a37c327  x10  8f7d662b3a37c327  x11  0000000000000001
? A/DEBUG:     x12  0000007a6732d4b8  x13  0000007b0def1ff0  x14  0000000000000100  x15  0000007a6732d368
? A/DEBUG:     x16  0000000000000000  x17  0000007b0c1ee52c  x18  cf2f6f00bcb045f8  x19  0000007a6732d770
? A/DEBUG:     x20  0000000000004c24  x21  0000007a6732d770  x22  0000000000000000  x23  0000007a6732d4b8
? A/DEBUG:     x24  0000000000004cec  x25  0000000000000062  x26  0000007a6732f588  x27  0000000000000000
? A/DEBUG:     x28  0000000000000001  x29  0000007a6732d3c0  x30  0000007b0df580a0
? A/DEBUG:     sp   0000007a6732d3b0  pc   0000007b0dfcce00  pstate 0000000000000000
? A/DEBUG: backtrace:
? A/DEBUG:     #00 pc 000000000009de00  /system/bin/linker64 (__dl_syscall+32)
? A/DEBUG:     #01 pc 000000000002909c  /system/bin/linker64 (__dl__ZL13resend_signalP7siginfob+96)
? A/DEBUG:     #02 pc 0000000000028f4c  /system/bin/linker64 (__dl__ZL24debuggerd_signal_handleriP7siginfoPv+1180)
? A/DEBUG:     #03 pc 00000000001b1c30  /data/local/tmp/re.frida.server/frida-agent-64.so

Please help me to resolve it, thanks.

[glzlaohuai]

Just tested on another device(Redmi note 3), it worked fine now.

[chame1eon]

Glad it worked on another device. What was the device you were having the issues with first time?

[glzlaohuai]

It's Pixel 2 and the OS version is 8.1.0

[shp7724]

In my case, rebooting the device and rerunning frida-server solved the problem.

[NesurChen]

I also met this problem and tried all the methods except changing my phone(oppo R11). But it didn't work, any suggestions?

[chame1eon]

What version of Frida are you running with? Can you try again with Frida 16?

[stathamcheng]

I had this problem too, using the latest version:
Frida - 16.0.19
Jnitrace - 3.3.1

[yoin528]

After running "jnitrace - l xxx. so xx. xxx. com" using frida16.2.1 and jnistrac 3.3.1, the app cannot start and the following error is reported

     /* TID 4234 */

7727 ms [+] JNIEnv->ExceptionCheck
7727 ms |- JNIEnv* : 0xd7258180
7727 ms |= jboolean : 0 { false }

7727 ms ------------------------Backtrace------------------------
7727 ms |-> 0xb45a039b: libbili.so!0x439b (libbili.so:0xb459c000)

       /* TID 4234 */

7735 ms [+] JNIEnv->NewStringUTF
7735 ms |- JNIEnv* : 0xd7258180
7735 ms |- char* : 0xb75bcad0
7735 ms |: 1715244737
7735 ms |= jstring : 0x39 { 1715244737 }

7735 ms ------------------------Backtrace------------------------
7735 ms |-> 0xb459f471: libbili.so!0x3471 (libbili.so:0xb459c000)

ERROR: {'type': 'error', 'description': 'Error: access violation accessing 0x4', 'stack': 'Error: access violation accessing 0x4\n at (node_modules/jnitrace-engine/dist/jni/
jni_env_interceptor.js:159)', 'fileName': 'node_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js', 'lineNumber': 159, 'columnNumber': 1}
/* TID 4234 /
7743 ms [+] JNIEnv->DeleteLocalRef
7743 ms |- JNIEnv : 0xd7258180
7743 ms |- jobject : 0x21

7743 ms ------------------------Backtrace------------------------
7743 ms |-> 0xb459f485: libbili.so!0x3485 (libbili.so:0xb459c000)

ERROR: {'type': 'error', 'description': 'Error: access violation accessing 0x4', 'stack': 'Error: access violation accessing 0x4\n at (node_modules/jnitrace-engine/dist/jni/
7765 ms ------------------------Backtrace------------------------
7765 ms |-> 0xb459f1b1: libbili.so!0x31b1 (libbili.so:0xb459c000)

ERROR: {'type': 'error', 'description': 'Error: access violation accessing 0x4', 'stack': 'Error: access violation accessing 0x4\n at (node_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js:159)', 'fileName': 'n
ode_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js', 'lineNumber': 159, 'columnNumber': 1}