Frida生成过程在Android上失败

Question

After ran the command "frida-trace -U -i open -f com.example.hellojni" , the application HelloJni would be set up normally. But after I executed the fellowing python script, i got a crash.

device = frida.get_device_manager().enumerate_devices()[-1]
session = device.attach(device.spawn(["com.example.hellojni"]))   
ss = '''
       console.log("hello")
'''    
script = session.create_script(ss)
script.load()
session.detach()

The log "hello" showed in the console. But the app just crashed, even the UI didn't show up. And the logcat printed something like these:

04-17 06:14:58.279: E/WindowManager(570): Starting window AppWindowToken{41e429c0 token=Token{41f753c8 ActivityRecord{41ea5dc0 u0 com.example.hellojni/.view.MainActivity t39}}} timed out
04-17 06:14:58.279: W/ActivityManager(570): Process ProcessRecord{41dffd18 16943:com.example.hellojni/u0a203} failed to attach
04-17 06:14:58.289: I/ActivityManager(570): Killing 16943:com.example.hellojni/u0a203 (adj -100): start timeout

Was my script wrong? I'm using android4.4.4(dalvik mode), windows7, frida7.0.11.. Any help would be appreciated.

Answer 1

Well the tool is remarkable but man they seriously need to update their docs. Took me almost a week to dig into the source code trying to solve the same problem, only to find out that there's no problem at all. Just that we need to call device.resume() after everything is set. In your case:

device = frida.get_device_manager().enumerate_devices()[-1]
pid = device.spawn(["com.example.hellojni"])
session = device.attach(pid)
ss = '''
       console.log("hello")
'''    
script = session.create_script(ss)
script.load()
device.resume(pid)
session.detach()