search

zhkl0228 / unidbg

Allows you to emulate an Android native library, and an experimental iOS emulation
Apache License 2.0
3.93k stars 971 forks source link

对于非导出的native方法,如何进行hook? #115

Open Lua12138 opened 4 years ago

Lua12138 commented 4 years ago 
IxHook xHook = XHookImpl.getInstance(emulator);
xHook.register(...)

可以hook导出方法,但对于一些内部方法,能否通过base + offset的方式,进行hook呢?

zhkl0228 commented 4 years ago

用HookZz结合base + offset

Lua12138 commented 4 years ago

用HookZz结合base + offset

感谢,如果native方法中直接访问网络,并没有回到Java层,是否有简便的方法,能够使得其能够正常通讯?

四月 21, 2020 5:20:33 下午 com.github.unidbg.linux.ARMSyscallHandler hook
警告: handleInterrupt intno=2, NR=4, svcNumber=0x0, PC=RX@0x400e9d8c[libc.so]0x40d8c, syscall=null
java.lang.AbstractMethodError
    at com.github.unidbg.linux.file.DnsProxyDaemon.handle(DnsProxyDaemon.java:61)
    at com.github.unidbg.linux.file.LocalSocketIO.write(LocalSocketIO.java:46)
    at com.github.unidbg.unix.UnixSyscallHandler.write(UnixSyscallHandler.java:442)
    at com.github.unidbg.linux.ARMSyscallHandler.write(ARMSyscallHandler.java:1997)
    at com.github.unidbg.linux.ARMSyscallHandler.hook(ARMSyscallHandler.java:139)
    at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128)
    at unicorn.Unicorn.emu_start(Native Method)
    at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:339)
    at com.github.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:436)
    at com.github.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:196)
    at com.github.unidbg.Module.emulateFunction(Module.java:155)
    at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:48)