Frida: [Frida x86 on Android] unable to spawn and/or attach to process

Created on 1 Aug 2017  Â·  14Comments  Â·  Source: frida/frida

Hey there!

I just want to report that the x86 version of frida-server (both ver. 1.2x and the as of now latest ver. 1.3.x) cannot be used to attach or spawn processes.

commands like:

frida -U --no-pause -f com.android.browser
frida-trace -U -i open -f com.android.browser

will always fail and the emulator will crash the App that it was supposed to spawn or attach to.

other ABI versions such as the ARM and Frida's tools ran without a hitch. Except for frida-trace which kept crashing on x86_64, but Frida's CLI still worked perfectly on both ABIs regardless.

Kind Regards,
Disane

Most helpful comment

Fixed in 10.6.12. Cheers!

All 14 comments

I'm having the same problem with the x86 Emulator (Android 6.0) and Frida 10.3.9

I also having the same problem

Hi,
since this issue looks similar to my issue, I'm going to share my experience here.
I just tried (with pip install frida==10.5.11):

  • frida-server-10.5.11-android-x86
  • frida-server-10.5.2-android-x86
    on Android Emulators 6.0/7.0/7.11 and
  • frida-server-10.5.11-android-arm
    on a 4.1.2 ARM Device

For all these frida-ps -U worked, but frida-trace -U -i open com.android.browser (or any other App) did crash the App.

The next version I tried was

  • frida-server-9.1.16-android-i386
    together with pip install frida==9.1.16 and Android Emulator 6.0 and then frida-trace -U -i open com.android.browser finally worked.

Fixed in 10.6.12. Cheers!

Still getting the error with freshly installed emulator (Android 8.0, x86).

PS C:\Users\User> frida --version
10.6.13
PS C:\Users\User> frida-trace -U -f com.android.browser
Failed to spawn: timed out while waiting for session to establish

PS C:\Users\User> frida-ps -U
  PID  Name
-----  ---------------------------------------------------
 1412  adbd
 8321  [email protected]
 1564  [email protected]
 1385  [email protected]
 1386  [email protected]
 1387  [email protected]
 1388  [email protected]
 1389  [email protected]
 1526  [email protected]
 1390  [email protected]
 1391  [email protected]
 1340  [email protected]
 1392  [email protected]
 1393  [email protected]
 1383  [email protected]
 9184  android.process.acore
10305  android.process.media
 8317  audioserver
 8318  cameraserver
10158  com.android.keychain
 8731  com.android.phone
 8996  com.android.printspooler
 9291  com.android.providers.calendar
11137  com.android.systemui
10011  com.google.android.apps.messaging:rcs
 8980  com.google.android.apps.nexuslauncher
 9535  com.google.android.calendar
10282  com.google.android.deskclock
 8814  com.google.android.dialer
10214  com.google.android.ext.services
 9607  com.google.android.gm
 9114  com.google.android.gms
 9260  com.google.android.gms.feedback
 8909  com.google.android.gms.persistent
 9836  com.google.android.gms.ui
 9765  com.google.android.gms.unstable
 8945  com.google.android.googlequicksearchbox:interactor
 9056  com.google.android.googlequicksearchbox:search
 8483  com.google.android.inputmethod.latin
 9782  com.google.android.videos
 9026  com.google.process.gapps
 1516  drmserver
 8287  frida-helper-32
 8278  frida-server
 1544  gatekeeperd
 1394  healthd
 1336  hwservicemanager
    1  init
 1517  installd
 8325  ip6tables-restore
 8323  iptables-restore
 1518  keystore
 1398  lmkd
 1329  logd
 1527  media.codec
 1520  media.extractor
 1521  media.metrics
 1519  mediadrmserver
 8319  mediaserver
 8320  netd
 1396  qemu-props
 1528  rild
 1335  servicemanager
 1409  sh
 4595  sh
 4598  sh
 1525  storaged
 1402  surfaceflinger
 8390  system_server
 1563  tombstoned
 1042  ueventd
 1337  vndservicemanager
 1341  vold
 1817  webview_zygote32
 8316  zygote
PS C:\Users\User> adb shell getprop
[dalvik.vm.appimageformat]: [lz4]
[dalvik.vm.dex2oat-Xms]: [64m]
[dalvik.vm.dex2oat-Xmx]: [512m]
[dalvik.vm.dexopt.secondary]: [true]
[dalvik.vm.heapsize]: [384m]
[dalvik.vm.image-dex2oat-Xms]: [64m]
[dalvik.vm.image-dex2oat-Xmx]: [64m]
[dalvik.vm.isa.x86.features]: [default]
[dalvik.vm.isa.x86.variant]: [x86]
[dalvik.vm.lockprof.threshold]: [500]
[dalvik.vm.stack-trace-file]: [/data/anr/traces.txt]
[dalvik.vm.usejit]: [true]
[dalvik.vm.usejitprofiles]: [true]
[debug.atrace.tags.enableflags]: [0]
[debug.force_rtl]: [0]
[dev.bootcomplete]: [1]
[drm.service.enabled]: [true]
[gsm.current.phone-type]: [1]
[gsm.defaultpdpcontext.active]: [true]
[gsm.network.type]: [LTE]
[gsm.nitz.time]: [1508160723171]
[gsm.operator.alpha]: [Android]
[gsm.operator.iso-country]: [us]
[gsm.operator.isroaming]: [false]
[gsm.operator.numeric]: [310260]
[gsm.sim.operator.alpha]: [Android]
[gsm.sim.operator.iso-country]: [us]
[gsm.sim.operator.numeric]: [310260]
[gsm.sim.state]: [READY]
[gsm.version.ril-impl]: [android reference-ril 1.0]
[hwservicemanager.ready]: [true]
[init.svc.adbd]: [running]
[init.svc.audio-hal-2-0]: [running]
[init.svc.audioserver]: [running]
[init.svc.bootanim]: [stopped]
[init.svc.bugreport]: [stopped]
[init.svc.camera-provider-2-4]: [running]
[init.svc.cameraserver]: [running]
[init.svc.clear-bcb]: [stopped]
[init.svc.configstore-hal-1-0]: [running]
[init.svc.console]: [running]
[init.svc.drm]: [running]
[init.svc.drm-hal-1-0]: [running]
[init.svc.drm-widevine-hal-1-0]: [running]
[init.svc.dumpstate]: [stopped]
[init.svc.dumpstatez]: [stopped]
[init.svc.fingerprintd]: [stopped]
[init.svc.flash_recovery]: [stopped]
[init.svc.fps_hal]: [running]
[init.svc.gatekeeper-1-0]: [running]
[init.svc.gatekeeperd]: [running]
[init.svc.gnss_service]: [running]
[init.svc.goldfish-logcat]: [stopped]
[init.svc.gralloc-2-0]: [running]
[init.svc.healthd]: [running]
[init.svc.hidl_memory]: [running]
[init.svc.hwcomposer-2-1]: [running]
[init.svc.hwservicemanager]: [running]
[init.svc.installd]: [running]
[init.svc.keymaster-3-0]: [running]
[init.svc.keystore]: [running]
[init.svc.lmkd]: [running]
[init.svc.logcatd]: [stopped]
[init.svc.logd]: [running]
[init.svc.logd-reinit]: [stopped]
[init.svc.mdnsd]: [stopped]
[init.svc.media]: [running]
[init.svc.mediacodec]: [running]
[init.svc.mediadrm]: [running]
[init.svc.mediaextractor]: [running]
[init.svc.mediametrics]: [running]
[init.svc.mtpd]: [stopped]
[init.svc.netd]: [running]
[init.svc.perfprofd]: [stopped]
[init.svc.power-hal-1-0]: [running]
[init.svc.qemu-props]: [running]
[init.svc.racoon]: [stopped]
[init.svc.ranchu-net]: [stopped]
[init.svc.ranchu-setup]: [stopped]
[init.svc.ril-daemon]: [running]
[init.svc.sensors-hal-1-0]: [running]
[init.svc.servicemanager]: [running]
[init.svc.setup-bcb]: [stopped]
[init.svc.storaged]: [running]
[init.svc.surfaceflinger]: [running]
[init.svc.tombstoned]: [running]
[init.svc.ueventd]: [running]
[init.svc.uncrypt]: [stopped]
[init.svc.vndservicemanager]: [running]
[init.svc.vold]: [running]
[init.svc.webview_zygote32]: [running]
[init.svc.zygote]: [running]
[log.tag.WifiHAL]: [D]
[logd.logpersistd.enable]: [true]
[media.mediadrmservice.enable]: [true]
[net.bt.name]: [Android]
[net.eth0.dns1]: [10.0.2.3]
[net.eth0.gw]: [10.0.2.2]
[net.gprs.local-ip]: [10.0.2.15]
[net.qtaguid_enabled]: [1]
[net.tcp.default_init_rwnd]: [60]
[persist.sys.dalvik.vm.lib.2]: [libart.so]
[persist.sys.gps.lpp]: []
[persist.sys.profiler_ms]: [0]
[persist.sys.timezone]: [GMT]
[persist.sys.usb.config]: [adb]
[persist.sys.webview.vmsize]: [143029120]
[pm.dexopt.ab-ota]: [speed-profile]
[pm.dexopt.bg-dexopt]: [speed-profile]
[pm.dexopt.boot]: [verify]
[pm.dexopt.first-boot]: [quicken]
[pm.dexopt.install]: [quicken]
[qemu.adbd]: [start]
[qemu.gles]: [1]
[qemu.hw.mainkeys]: [0]
[qemu.sf.fake_camera]: [both]
[qemu.sf.lcd_density]: [480]
[rild.libpath]: [/vendor/lib/libreference-ril.so]
[ro.allow.mock.location]: [0]
[ro.baseband]: [unknown]
[ro.board.platform]: []
[ro.boot.android_dt_dir]: [/sys/bus/platform/devices/ANDR0001:00/properties/android/]
[ro.boot.hardware]: [ranchu]
[ro.bootimage.build.date]: [Mon Sep 11 21:08:22 UTC 2017]
[ro.bootimage.build.date.utc]: [1505164102]
[ro.bootimage.build.fingerprint]: [google/sdk_gphone_x86/generic_x86:8.0.0/OSR1.170901.008/4328566:userdebug/dev-keys]
[ro.bootloader]: [unknown]
[ro.bootmode]: [unknown]
[ro.build.characteristics]: [emulator]
[ro.build.date]: [Mon Sep 11 21:08:22 UTC 2017]
[ro.build.date.utc]: [1505164102]
[ro.build.description]: [sdk_gphone_x86-userdebug 8.0.0 OSR1.170901.008 4328566 dev-keys]
[ro.build.display.id]: [sdk_gphone_x86-userdebug 8.0.0 OSR1.170901.008 4328566 dev-keys]
[ro.build.fingerprint]: [google/sdk_gphone_x86/generic_x86:8.0.0/OSR1.170901.008/4328566:userdebug/dev-keys]
[ro.build.flavor]: [sdk_gphone_x86-userdebug]
[ro.build.host]: [wprh3.hot.corp.google.com]
[ro.build.id]: [OSR1.170901.008]
[ro.build.product]: [generic_x86]
[ro.build.tags]: [dev-keys]
[ro.build.type]: [userdebug]
[ro.build.user]: [android-build]
[ro.build.version.all_codenames]: [REL]
[ro.build.version.base_os]: []
[ro.build.version.codename]: [REL]
[ro.build.version.incremental]: [4328566]
[ro.build.version.preview_sdk]: [0]
[ro.build.version.release]: [8.0.0]
[ro.build.version.sdk]: [26]
[ro.build.version.security_patch]: [2017-09-05]
[ro.com.google.locationfeatures]: [1]
[ro.config.alarm_alert]: [Alarm_Classic.ogg]
[ro.config.nocheckin]: [yes]
[ro.config.notification_sound]: [OnTheHunt.ogg]
[ro.crypto.fs_crypto_blkdev]: [/dev/block/dm-0]
[ro.crypto.state]: [encrypted]
[ro.crypto.type]: [block]
[ro.dalvik.vm.native.bridge]: [0]
[ro.debuggable]: [1]
[ro.device_owner]: [false]
[ro.hardware]: [ranchu]
[ro.hardware.audio.primary]: [goldfish]
[ro.hwui.drop_shadow_cache_size]: [6]
[ro.hwui.gradient_cache_size]: [1]
[ro.hwui.layer_cache_size]: [48]
[ro.hwui.path_cache_size]: [32]
[ro.hwui.r_buffer_cache_size]: [8]
[ro.hwui.text_large_cache_height]: [1024]
[ro.hwui.text_large_cache_width]: [2048]
[ro.hwui.text_small_cache_height]: [1024]
[ro.hwui.text_small_cache_width]: [1024]
[ro.hwui.texture_cache_flushrate]: [0.4]
[ro.hwui.texture_cache_size]: [72]
[ro.kernel.android.checkjni]: [1]
[ro.kernel.android.qemud]: [1]
[ro.kernel.androidboot.android_dt_dir]: [/sys/bus/platform/devices/ANDR0001:00/properties/android/]
[ro.kernel.androidboot.hardware]: [ranchu]
[ro.kernel.clocksource]: [pit]
[ro.kernel.cma]: [288M]
[ro.kernel.console]: [0]
[ro.kernel.ndns]: [4]
[ro.kernel.qemu]: [1]
[ro.kernel.qemu.encrypt]: [1]
[ro.kernel.qemu.gles]: [1]
[ro.kernel.qemu.opengles.version]: [131072]
[ro.product.board]: []
[ro.product.brand]: [google]
[ro.product.cpu.abi]: [x86]
[ro.product.cpu.abilist]: [x86]
[ro.product.cpu.abilist32]: [x86]
[ro.product.cpu.abilist64]: []
[ro.product.device]: [generic_x86]
[ro.product.locale]: [en-US]
[ro.product.manufacturer]: [Google]
[ro.product.model]: [Android SDK built for x86]
[ro.product.name]: [sdk_gphone_x86]
[ro.property_service.version]: [2]
[ro.radio.use-ppp]: [no]
[ro.revision]: [0]
[ro.secure]: [1]
[ro.serialno]: []
[ro.setupwizard.mode]: [EMULATOR]
[ro.treble.enabled]: [true]
[ro.vendor.build.date]: [Mon Sep 11 21:08:22 UTC 2017]
[ro.vendor.build.date.utc]: [1505164102]
[ro.vendor.build.fingerprint]: [google/sdk_gphone_x86/generic_x86:8.0.0/OSR1.170901.008/4328566:userdebug/dev-keys]
[ro.wifi.channels]: []
[ro.zygote]: [zygote32]
[security.perf_harden]: [1]
[service.bootanim.exit]: [1]
[service.sf.present_timestamp]: [0]
[status.battery.level]: [5]
[status.battery.level_raw]: [50]
[status.battery.level_scale]: [9]
[status.battery.state]: [Slow]
[sys.boot_completed]: [1]
[sys.logbootcomplete]: [1]
[sys.rescue_boot_count]: [1]
[sys.rescue_boot_start]: [955225]
[sys.retaildemo.enabled]: [0]
[sys.sysctl.extra_free_kbytes]: [24300]
[sys.sysctl.tcp_def_init_rwnd]: [60]
[sys.usb.config]: [adb]
[sys.usb.configfs]: [0]
[sys.usb.state]: [adb]
[sys.wifitracing.started]: [1]
[vold.decrypt]: [trigger_restart_framework]
[vold.encrypt_progress]: [100]
[vold.encrypt_time_remaining]: [0]
[vold.has_adoptable]: [0]
[vold.post_fs_data_done]: [1]
[xmpp.auto-presence]: [true]

@Yeradon Did you also upgrade the device side?

@oleavr same error happening here for 10.6.13
updated in both places

@oleavr Yes i used a completely freshly installed emulator with frida 10.6.13 on client & server side.

Its happening with me too, 10.6.32. Its working fine on arm image but crashes the app on x86.

@waqarrashid33 Yeah the dlopen() hack hasn't been ported to x86 yet.

i use frida-server-12.1.1-android-arm64 in my phone(android 6.0), it is listening, but exec frida -U -f xxx --no-pause -l xxx in my ubuntu16.04 , it appared "Failed to spawn: unexpected error while attaching to process with pid 362", what's wrong??

@xuehenIT same you, the name of the process is zygote on my phone(android 7.0)

I recently had problems with spawning processes on android aswell. Setting SELinux to permissive solved the problem for me.

same error happening here,
there are my command:

H:>frida --version
12.2.25

H:>frida-ps -U
PID Name
459 ATFWD-daemon
367 adbd
383 adspd
5242 android.process.acore
3814 android.process.media
455 bridgemgrd
3729 com.android.cellbroadcastreceiver
5672 com.android.chrome
5697 com.android.chrome:sandboxed_process0

H:>frida-discover -p 5672
Failed to attach: unable to find process with pid 5672

H:>frida-trace -i "send" 5672
Failed to attach: unable to find process with pid 5672
thank you for your help!

Was this page helpful?
0 / 5 - 0 ratings