find method failed: doCommandNative(I[Ljava/lang/Object;)Ljava/lang/Object;

[HandsomeXi]

Exception in thread "main" java.lang.IllegalArgumentException: find method failed: doCommandNative(I[Ljava/lang/Object;)Ljava/lang/Object; at cn.banny.unidbg.linux.android.dvm.DvmClass.findNativeFunction(DvmClass.java:172) at cn.banny.unidbg.linux.android.dvm.DvmClass.callStaticJniMethod(DvmClass.java:178) at xyj.SignSoK.initSign(SignSoK.kt:45) at xyj.SignSoK.(SignSoK.kt:27) at xyj.AutoForestK.start(AutoForestK.kt:20) at xyj.MainKt.main(Main.kt:6) at xyj.MainKt.main(Main.kt)

[HandsomeXi]

private val APK_FILE = File("E:\forest\alipay.apk")

val dm = vm.loadLibrary("sgmainso-6.4.11174435", false)

dm.callJNI_OnLoad(emulator)

Native = vm.resolveClass("com.taobao.wireless.security.adapter.JNICLibrary".replace(".", "/"))

val context = vm.resolveClass("android/content/Context").newObject(null)

Native.callStaticJniMethod(emulator, "doCommandNative(I[Ljava/lang/Object;)Ljava/lang/Object;",10101,ArrayObject(context, DvmInteger.valueOf(vm, 3), StringObject(vm, ""),StringObject(vm,File("target/app_SGLib").absolutePath), StringObject(vm, "")) )

最后一句报错，已经把libsgmainso-6.4.11174435.so放入支付宝apk/lib/arm64-v8a目录下

[WithHades]

unidbg中你看一下动态注册了哪些方法.

[HandsomeXi]

怎么看，不会玩唉。打印emulator.getMemory().getLoadedModules()只有一个libmain.so

[WithHades]

emmm我现在不方便看这个项目. 你可以跟踪一下callStaticJniMethod这个函数. 其中有一个地方储存了所有动态注册的函数

[HandsomeXi]

确实还是找不到，您遇到过这种问题吗？

[HandsomeXi]

把架构改为32位的，方法倒是找到了。结果又报错了。 12月 11, 2019 4:13:33 下午 cn.banny.unidbg.linux.ARMSyscallHandler pthread_clone 信息: pthread_clone child_stack=unicorn@0x4028cdd0, thread_id=1, fn=unicorn@0x40034df5[libmain.so]0x34df5, arg=null, flags=[CLONE_VM, CLONE_FS, CLONE_FILES, CLONE_SIGHAND, CLONE_THREAD, CLONE_SYSVSEM] 12月 11, 2019 4:13:33 下午 cn.banny.unidbg.linux.ARMSyscallHandler access 信息: access pathname=C:\Users\HandsomeX\Desktop\unidbg-master\target/storage/com.taobao.maindex, mode=0 12月 11, 2019 4:13:33 下午 cn.banny.unidbg.linux.ARMSyscallHandler open 信息: open pathname=C:\Users\HandsomeX\Desktop\unidbg-master\target/0a231bd8575dcf72.txt, oflags=0x20000, mode=0 12月 11, 2019 4:13:33 下午 cn.banny.unidbg.linux.ARMSyscallHandler pthread_clone 信息: pthread_clone child_stack=unicorn@0x4038add0, thread_id=2, fn=unicorn@0x4002f031[libmain.so]0x2f031, arg=unicorn@0x804be40, flags=[CLONE_VM, CLONE_FS, CLONE_FILES, CLONE_SIGHAND, CLONE_THREAD, CLONE_SYSVSEM] 12月 11, 2019 4:13:33 下午 cn.banny.unidbg.linux.ARMSyscallHandler pthread_clone 信息: pthread_clone child_stack=unicorn@0x40488dd0, thread_id=3, fn=unicorn@0x4002f031[libmain.so]0x2f031, arg=unicorn@0x804be40, flags=[CLONE_VM, CLONE_FS, CLONE_FILES, CLONE_SIGHAND, CLONE_THREAD, CLONE_SYSVSEM] 12月 11, 2019 4:13:33 下午 cn.banny.unidbg.linux.ARMSyscallHandler pthread_clone 信息: pthread_clone child_stack=unicorn@0x40586dd0, thread_id=4, fn=unicorn@0x4002f031[libmain.so]0x2f031, arg=unicorn@0x804be40, flags=[CLONE_VM, CLONE_FS, CLONE_FILES, CLONE_SIGHAND, CLONE_THREAD, CLONE_SYSVSEM] registerAppLifeCyCleCallBack 12月 11, 2019 4:13:33 下午 cn.banny.unidbg.linux.ARMSyscallHandler pthread_clone 信息: pthread_clone child_stack=unicorn@0x40684dd0, thread_id=5, fn=unicorn@0x4002eeb1[libmain.so]0x2eeb1, arg=unicorn@0x805cc70, flags=[CLONE_VM, CLONE_FS, CLONE_FILES, CLONE_SIGHAND, CLONE_THREAD, CLONE_SYSVSEM] 12月 11, 2019 4:13:33 下午 cn.banny.unidbg.linux.ARMSyscallHandler hook 警告: handleInterrupt intno=2, NR=67, svcNumber=0x0, PC=unicorn@0x400fa124[libc.so]0x21124, syscall=null java.lang.UnsupportedOperationException: signum=7 at cn.banny.unidbg.unix.UnixSyscallHandler.sigaction(UnixSyscallHandler.java:254) at cn.banny.unidbg.linux.ARMSyscallHandler.sigaction(ARMSyscallHandler.java:1112) at cn.banny.unidbg.linux.ARMSyscallHandler.hook(ARMSyscallHandler.java:172) at unicorn.Unicorn.invokeInterruptCallbacks(Unicorn.java:123) at unicorn.Unicorn.emu_start(Native Method) at cn.banny.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:272) at cn.banny.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:371) at cn.banny.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:201) at cn.banny.unidbg.linux.LinuxModule.emulateFunction(LinuxModule.java:205) at cn.banny.unidbg.linux.android.dvm.DvmClass.callStaticJniMethod(DvmClass.java:194) at xyj.SignSoK.initSign(SignSoK.kt:46) at xyj.SignSoK.(SignSoK.kt:28) at xyj.MainKt.main(Main.kt:8) at xyj.MainKt.main(Main.kt)

12月 11, 2019 4:13:34 下午 cn.banny.unidbg.linux.ARMSyscallHandler hook 警告: handleInterrupt intno=2, NR=3, svcNumber=0x0, PC=unicorn@0x400f931c[libc.so]0x2031c, syscall=null java.lang.NegativeArraySizeException: -2811 at cn.banny.unidbg.linux.file.SimpleFileIO.read(SimpleFileIO.java:100) at cn.banny.unidbg.unix.UnixSyscallHandler.read(UnixSyscallHandler.java:139) at cn.banny.unidbg.linux.ARMSyscallHandler.read(ARMSyscallHandler.java:1729) at cn.banny.unidbg.linux.ARMSyscallHandler.hook(ARMSyscallHandler.java:112) at unicorn.Unicorn.invokeInterruptCallbacks(Unicorn.java:123) at unicorn.Unicorn.emu_start(Native Method) at cn.banny.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:272) at cn.banny.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:371) at cn.banny.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:201) at cn.banny.unidbg.linux.LinuxModule.emulateFunction(LinuxModule.java:205) at cn.banny.unidbg.linux.android.dvm.DvmClass.callStaticJniMethod(DvmClass.java:194) at xyj.SignSoK.initSign(SignSoK.kt:46) at xyj.SignSoK.(SignSoK.kt:28) at xyj.MainKt.main(Main.kt:8) at xyj.MainKt.main(Main.kt)

12月 11, 2019 4:13:34 下午 cn.banny.unidbg.linux.ARMSyscallHandler pthread_clone 信息: pthread_clone child_stack=unicorn@0x4085fdd0, thread_id=6, fn=unicorn@0x4002eeb1[libmain.so]0x2eeb1, arg=unicorn@0x8060a70, flags=[CLONE_VM, CLONE_FS, CLONE_FILES, CLONE_SIGHAND, CLONE_THREAD, CLONE_SYSVSEM]

[HandsomeXi]

请问您用的什么版本的支付宝？

[HandsomeXi]

是unidbg的bug，给作者提了个issues就解决了。