题主在复现某个大佬的分析流程的时候遇到了很糟心的问题
那个大佬是通过frida -f com.xxx.xxx -l script.js --pause启动的,然后ida attach上去
他用的是安卓10
问题是现在安卓10+有冷启动(也不清楚这个是不是根本性问题)
题主用pixel6 + frida 16 +安卓13 带pause参数启动之后frida 会自己就退出
我尝试过这样用
```
import frida
import time
import sys
import subprocess
PACKAGE_NAME = "com.xxxx.xxxx"
def sys_freeze(pid):
"""调用 ADB 发送 SIGSTOP (19),强行冻结所有线程"""
try:
# print(f" [Python] 正在发送 SIGSTOP -> PID {pid}")
subprocess.run(f"adb shell su -c kill -19 {pid}", shell=True)
print(f"[OK] 进程已系统级冻结 (PID: {pid})")
except Exception as e:
print(f"[X] 冻结失败: {e}")
try:
device = frida.get_usb_device()
except Exception:
print("[-] 未找到 USB 设备")
sys.exit(1)
print(f"[*] 启动: {PACKAGE_NAME}")
try:
temp_pid = device.spawn([PACKAGE_NAME])
device.resume(temp_pid)
except Exception as e:
print(f"[-] 启动失败: {e}")
sys.exit(1)
current_pid=temp_pid
sys_freeze(current_pid)
```
用kill -19暂停之后,ida attach上去,然后kill -18恢复,可以看到基本没有别的so载入:
```
...
70CE5000: loaded /system/framework/arm64/boot-framework.oat
6FA92000: loaded /apex/com.android.art/javalib/arm64/boot-apache-xml.oat
6FA6F000: loaded /apex/com.android.art/javalib/arm64/boot-bouncycastle.oat
6FA24000: loaded /apex/com.android.art/javalib/arm64/boot-okhttp.oat
6F9C4000: loaded /apex/com.android.art/javalib/arm64/boot-core-libart.oat
6F5A4000: loaded /apex/com.android.art/javalib/arm64/boot.oat
7B00D90000: loaded /apex/com.android.runtime/bin/linker64
Debugger: attached to process /system/bin/app_process64 (pid=31751)
FFFFFFFFFFFFFFFF: got EXC_FF signal () (exc.code ff, tid 31790)
Debugger: thread 31761 has exited (code 0)
Debugger: thread 31762 has exited (code 0)
Debugger: thread 31763 has exited (code 0)
Debugger: thread 31764 has exited (code 0)
7ADE761D94: got SIGCONT signal (Continue) (exc.code 12, tid 31751)
7ADE761D94: got EXC_21 signal () (exc.code 21, tid 31751)
```
我点击恢复运行,然后这里直接就退出了
我确定我断点下在加固还没开始正式运行的位置(il2cpp.so),而且没有反调试
只有等他il2cpp载入解密了一个其他so才开始反调试然后anti frida
是不是我没有附加到真正的那个线程上
或者总的来说,我想调试一个加载非常早的so,观察他的行为,我怎么去处理,只能走am start吗,这玩意太老了而且非常不好用
有没有什么好一点的办法让这个程序运行之后然后停下来
[培训]Windows内核深度攻防:从Hook技术到Rootkit实战!
