search

zhkl0228 / unidbg

Allows you to emulate an Android native library, and an experimental iOS emulation
Apache License 2.0
3.79k stars 959 forks source link

memory failed: address=0x29a4, size=1, value=0x0 #133

Open justcodedroid opened 4 years ago

justcodedroid commented 4 years ago

` package com;

import java.io.File; import java.io.IOException; import java.net.URLDecoder; import java.nio.charset.Charset;

import com.github.unidbg.Emulator; import com.github.unidbg.Module; import com.github.unidbg.debugger.DebuggerType; import com.github.unidbg.file.FileResult; import com.github.unidbg.file.IOResolver; import com.github.unidbg.file.linux.AndroidFileIO; import com.github.unidbg.linux.android.AndroidARMEmulator; import com.github.unidbg.linux.android.AndroidResolver; import com.github.unidbg.linux.android.dvm.AbstractJni; import com.github.unidbg.linux.android.dvm.BaseVM; import com.github.unidbg.linux.android.dvm.DalvikModule; import com.github.unidbg.linux.android.dvm.DvmClass; import com.github.unidbg.linux.android.dvm.DvmObject; import com.github.unidbg.linux.android.dvm.StringObject; import com.github.unidbg.linux.android.dvm.VM; import com.github.unidbg.linux.android.dvm.VaList; import com.github.unidbg.memory.Memory; import com.github.unidbg.utils.Inspector;

import okhttp3.FormBody; import okhttp3.FormBody.Builder; import okhttp3.Headers; import okhttp3.HttpUrl; import okhttp3.Interceptor; import okhttp3.Request; import okhttp3.RequestBody; import okhttp3.ResponseBody; import okhttp3.internal.http.RealInterceptorChain; import okio.Buffer; import okio.BufferedSink; import okio.Okio; import okio.Sink;

public class XhsService extends AbstractJni implements IOResolver {

private final AndroidARMEmulator emulator;
private static String APP_PACKAGE_NAME = "com.xingin.xhs";
private final VM vm;
private final DvmClass jni;
private  Module module;
private String url;
private RequestBody requestBody;
private String method = "GET";
private Headers headers;
private final Memory memory;

public XhsService(){
    emulator = new AndroidARMEmulator(APP_PACKAGE_NAME);
    emulator.getSyscallHandler().addIOResolver(this);
    memory = emulator.getMemory();
    memory.setLibraryResolver(new AndroidResolver(19));
    File file = new File("src/test/java/com/xiaohongshu.apk");
    vm = emulator.createDalvikVM(file);
    vm.setVerbose(true);

    vm.setJni(this);
    DalvikModule dalvikModule = vm.loadLibrary(new File("src/test/java/com/libshield.so"), false);
    dalvikModule.callJNI_OnLoad(emulator);
    module = dalvikModule.getModule();
    jni = vm.resolveClass("com/xingin/shield/http/XhsHttpInterceptor");
    jni.callStaticJniMethod(emulator,"initializeNative()V");

}

@Override
public int getIntField(BaseVM vm, DvmObject<?> dvmObject, String signature) {
        switch (signature){
            case "android/content/pm/PackageInfo->versionCode:I":
                return 6370100;
        }

    return super.getIntField(vm, dvmObject, signature);
}

@Override
public DvmObject<?> getStaticObjectField(BaseVM vm, DvmClass dvmClass, String signature) {
    switch (signature){
        case "com/xingin/shield/http/ContextHolder->deviceId:Ljava/lang/String;":
            return new StringObject(vm,"93879ae5-2581-38c1-aaa3-22096955417e");
    }
    return super.getStaticObjectField(vm, dvmClass, signature);
}

@Override
public DvmObject<?> callStaticObjectMethodV(BaseVM vm, DvmClass dvmClass, String signature, VaList vaList){
    switch (signature){
        case "java/nio/charset/Charset->defaultCharset()Ljava/nio/charset/Charset;":
            return new DvmObject<>(vm.resolveClass("java/nio/charset/Charset"), Charset.defaultCharset());

    }

    return super.callStaticObjectMethodV(vm,dvmClass,signature,vaList);
}

public static void main(String[] args) {
    XhsService xhsService = new XhsService();
    String url = "https://www.xiaohongshu.com/api/sns/v1/system_service/check_code?zone=86&phone=17611262716&code=111111&platform=android&deviceId=93879ae5-2581-38c1-aaa3-22096955417e&device_fingerprint=2020042212064946aa912284e39630dbaf67a13ad903f401bd83ef18e40e80&device_fingerprint1=2020042212064946aa912284e39630dbaf67a13ad903f401bd83ef18e40e80&versionName=6.37.0.1&channel=xiaohongshu&sid=&lang=zh-Hans&t=1587888231&fid=1587721176107ca47573a1e9a5c3fc0862f0ecb0d305&sign=485d645326477f685ae6f5c0a2d97daf";
    xhsService.setUrl(url);
    xhsService.setMethod("GET");
    xhsService.setHeaders();
    xhsService.getShield();

}

private void setHeaders() {

    Headers headers = new Headers.Builder()
            .add("xy-common-params","platform=android&deviceId=93879ae5-2581-38c1-aaa3-22096955417e&device_fingerprint=2020042212064946aa912284e39630dbaf67a13ad903f401bd83ef18e40e80&device_fingerprint1=2020042212064946aa912284e39630dbaf67a13ad903f401bd83ef18e40e80&versionName=6.37.0.1&channel=xiaohongshu&sid=&t=1587888232&fid=1587721176107ca47573a1e9a5c3fc0862f0ecb0d305&uis=light&identifier_flag=0")
            .add("User-Agent","Dalvik/2.1.0 (Linux; U; Android 6.0.1; MuMu Build/V417IR) Resolution/900*1440 Version/6.37.0.1 Build/6370100 Device/(Netease;MuMu) discover/6.37.0.1 NetType/WiFi").build();
    this.headers = headers;
}

private void setMethod(String method) {
    this.method = method;
}

private void setRequestBody(String s) {
    Builder builder = new Builder();
    for (String param:s.split("&")
    ) {
        String[] split = param.split("=");
        if(split.length==2) {
            builder.add(split[0], split[1]);
        }else {
            builder.add(split[0],"");
        }
    }
    this.requestBody = builder.build();

}

private void setUrl(String url) {
    this.url = URLDecoder.decode(url);
}

private void  getShield(){

    DvmObject<?> chain = vm.resolveClass("okhttp3/Interceptor$Chain").newObject(null);
    Number number = jni.newObject(null)
            .callJniMethod(emulator, "intercept(Lokhttp3/Interceptor$Chain;J)Lokhttp3/Response;", chain, 10010L);
    System.out.println(number.longValue());
    System.out.println(vm.getObject(number.longValue()));
    vm.deleteLocalRefs();

}

@Override
public DvmObject<?> callObjectMethodV(BaseVM vm, DvmObject<?> dvmObject, String signature, VaList vaList) {
    switch (signature){
        case "okhttp3/Interceptor$Chain->request()Lokhttp3/Request;":
            if ("POST".equals(this.method)) {
                System.out.println("post");
                return new DvmObject<>(vm.resolveClass("okhttp3/Request"),
                        new Request.Builder().url(this.url).method("POST",this.requestBody).build());
            }
            return new DvmObject<>(vm.resolveClass("okhttp3/Request"),new Request.Builder().url(this.url).method("GET",null).build());

        case "okio/Buffer->writeString(Ljava/lang/String;Ljava/nio/charset/Charset;)Lokio/Buffer;":
            String content = (String) vaList.getObject(0).getValue();
            Buffer buffer = (Buffer) dvmObject.getValue();
            buffer.writeString(content,Charset.defaultCharset());

            return dvmObject;
        case "okhttp3/Request->url()Lokhttp3/HttpUrl;": {
            Request request = (Request) dvmObject.getValue();
            HttpUrl url = request.url();
            return new DvmObject<>(vm.resolveClass("okhttp3/HttpUrl"), url);
        }
        case "okhttp3/HttpUrl->encodedPath()Ljava/lang/String;": {
            HttpUrl url = (HttpUrl) dvmObject.getValue();
            return new StringObject(vm,url.encodedPath());
        }
        case "okhttp3/HttpUrl->encodedQuery()Ljava/lang/String;":{
            HttpUrl url = (HttpUrl) dvmObject.getValue();
            String query = url.encodedQuery();
            return new StringObject(vm,query);
        }
        case "okhttp3/Request->body()Lokhttp3/RequestBody;":{
            if(method.equals("GET")){
                return new DvmObject<>(vm.resolveClass("okhttp3/RequestBody"),new Builder().build());

            }
            Request request = (Request) dvmObject.getValue();

            return new DvmObject<>(vm.resolveClass("okhttp3/RequestBody"),request.body());
        }

        case "okhttp3/Request->headers()Lokhttp3/Headers;":{
            return new DvmObject<>(vm.resolveClass("okhttp3/Headers"),this.headers);
        }
        case "okhttp3/Headers->name(I)Ljava/lang/String;":{
            return new StringObject(vm,headers.name(vaList.getInt(0)));
        }
        case "okhttp3/Headers->value(I)Ljava/lang/String;":{
            return new StringObject(vm,headers.value(vaList.getInt(0)));

        }

    }
    return super.callObjectMethodV(vm, dvmObject, signature, vaList);
}

@Override
public void callVoidMethodV(BaseVM vm, DvmObject<?> dvmObject, String signature, VaList vaList) {
    switch (signature){
        case "okhttp3/RequestBody->writeTo(Lokio/BufferedSink;)V":
            FormBody requestBody = (FormBody) dvmObject.getValue();
            try {
                Buffer paramsBuffer = (Buffer) vaList.getObject(0).getValue();
                requestBody.writeTo(paramsBuffer);
            } catch (IOException e) {
            }
            return;
    }
    super.callVoidMethodV(vm, dvmObject, signature, vaList);
}

@Override
public int callIntMethodV(BaseVM vm, DvmObject<?> dvmObject, String signature, VaList vaList) {
    switch (signature){
        case "okhttp3/Headers->size()I":

            return this.headers.size();
    }
    return super.callIntMethodV(vm, dvmObject, signature, vaList);
}

@Override
public DvmObject<?> newObjectV(BaseVM vm, DvmClass dvmClass, String signature, VaList vaList) {

    switch (signature){
        case "okio/Buffer-><init>()V":

            return new DvmObject<>(vm.resolveClass("okio/Buffer"),new Buffer());

    }

    return super.newObjectV(vm, dvmClass, signature, vaList);
}

@Override
public FileResult<AndroidFileIO> resolve(Emulator<AndroidFileIO> emulator, String pathname, int oflags) {
    return null;
}

}

` 下面是日志

[22:51:54 350] INFO [com.github.unidbg.linux.ARMSyscallHandler] (ARMSyscallHandler:802) - pthread_clone child_stack=RW@0x40236dd0, thread_id=1, fn=RX@0x40073251[libshield.so]0x73251, arg=null, flags=[CLONE_VM, CLONE_FS, CLONE_FILES, CLONE_SIGHAND, CLONE_THREAD, CLONE_SYSVSEM] JNIEnv->FindClass(android/app/ActivityThread) was called from RX@0x4000a4e9[libshield.so]0xa4e9 JNIEnv->CallStaticObjectMethodV(class android/app/ActivityThread, currentApplication() => android.app.Application@3590fc5b) was called from RX@0x40009e75[libshield.so]0x9e75 JNIEnv->FindClass(com/xingin/shield/http/XhsHttpInterceptor) was called from RX@0x400735eb[libshield.so]0x735eb JNIEnv->RegisterNatives(com/xingin/shield/http/XhsHttpInterceptor, RW@0x4008e0d0[libshield.so]0x8e0d0, 4) was called from RX@0x400735ff[libshield.so]0x735ff RegisterNative(com/xingin/shield/http/XhsHttpInterceptor, initializeNative()V, RX@0x40074095[libshield.so]0x74095) RegisterNative(com/xingin/shield/http/XhsHttpInterceptor, intercept(Lokhttp3/Interceptor$Chain;J)Lokhttp3/Response;, RX@0x40073b29[libshield.so]0x73b29) RegisterNative(com/xingin/shield/http/XhsHttpInterceptor, initialize(Ljava/lang/String;)J, RX@0x40073911[libshield.so]0x73911) RegisterNative(com/xingin/shield/http/XhsHttpInterceptor, destroy(J)V, RX@0x40073ad5[libshield.so]0x73ad5) JNIEnv->FindClass(android/content/Context) was called from RX@0x40073697[libshield.so]0x73697 JNIEnv->FindClass(java/lang/String) was called from RX@0x400736af[libshield.so]0x736af JNIEnv->FindClass(android/content/SharedPreferences) was called from RX@0x400736c7[libshield.so]0x736c7 JNIEnv->FindClass(android/content/SharedPreferences$Editor) was called from RX@0x400736df[libshield.so]0x736df JNIEnv->FindClass(android/content/pm/PackageManager) was called from RX@0x400736f7[libshield.so]0x736f7 JNIEnv->FindClass(okhttp3/Request) was called from RX@0x4007370f[libshield.so]0x7370f JNIEnv->FindClass(okhttp3/HttpUrl) was called from RX@0x40073727[libshield.so]0x73727 JNIEnv->FindClass(okhttp3/Request$Builder) was called from RX@0x4007373f[libshield.so]0x7373f JNIEnv->FindClass(okhttp3/RequestBody) was called from RX@0x40073757[libshield.so]0x73757 JNIEnv->FindClass(okhttp3/Headers) was called from RX@0x4007376f[libshield.so]0x7376f JNIEnv->FindClass(okio/Buffer) was called from RX@0x40073785[libshield.so]0x73785 JNIEnv->FindClass(okhttp3/Interceptor$Chain) was called from RX@0x4007379d[libshield.so]0x7379d JNIEnv->FindClass(java/util/List) was called from RX@0x400737b3[libshield.so]0x737b3 JNIEnv->FindClass(java/nio/charset/Charset) was called from RX@0x400737cb[libshield.so]0x737cb JNIEnv->FindClass(com/xingin/shield/http/ContextHolder) was called from RX@0x400737e1[libshield.so]0x737e1 JNIEnv->FindClass(okhttp3/Response) was called from RX@0x400737f7[libshield.so]0x737f7 JNIEnv->FindClass(okhttp3/ResponseBody) was called from RX@0x4007380d[libshield.so]0x7380d JNIEnv->FindClass(com/xingin/shield/http/Base64Helper) was called from RX@0x40073823[libshield.so]0x73823 JNIEnv->FindClass(android/app/Application) was called from RX@0x40073381[libshield.so]0x73381 JNIEnv->CallObjectMethodV(android.app.Application@3590fc5b, getPackageManager() => android.content.pm.PackageManager@397fbdb) was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->FindClass(android/content/pm/PackageManager) was called from RX@0x400733b1[libshield.so]0x733b1 JNIEnv->FindClass(android/app/Application) was called from RX@0x4000a413[libshield.so]0xa413 JNIEnv->CallObjectMethodV(android.app.Application@3590fc5b, getPackageName() => "com.xingin.xhs") was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->CallObjectMethodV(android.content.pm.PackageManager@397fbdb, getPackageInfo("com.xingin.xhs", 0x40) => android.content.pm.PackageInfo@6aaceffd) was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->FindClass(android/content/pm/PackageInfo) was called from RX@0x400733e9[libshield.so]0x733e9 JNIEnv->FindClass(android/content/pm/Signature) was called from RX@0x40073405[libshield.so]0x73405 JNIEnv->GetObjectField(android.content.pm.PackageInfo@6aaceffd, signatures [Landroid/content/pm/Signature; => [Lcom.github.unidbg.linux.android.dvm.api.Signature;@49dc7102) was called from RX@0x40073429[libshield.so]0x73429 JNIEnv->GetArrayLength([Lcom.github.unidbg.linux.android.dvm.api.Signature;@49dc7102 => 1) was called from RX@0x40073437[libshield.so]0x73437 JNIEnv->GetObjectArrayElement([Lcom.github.unidbg.linux.android.dvm.api.Signature;@49dc7102, 0) was called from RX@0x40073465[libshield.so]0x73465 JNIEnv->CallIntMethodV(android.content.pm.Signature@68c72235, hashCode() => 0xbf6f07ea) was called from RX@0x40009d61[libshield.so]0x9d61 Find native function Java_com_xingin_shield_http_XhsHttpInterceptor_initializeNative()V => RX@0x40074095[libshield.so]0x74095 JNIEnv->CallStaticObjectMethodV(class java/nio/charset/Charset, defaultCharset() => java.nio.charset.Charset@10959ece) was called from RX@0x40009e75[libshield.so]0x9e75 JNIEnv->CallObjectMethodV(android.app.Application@3590fc5b, getPackageManager() => android.content.pm.PackageManager@3a6bb9bf) was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->CallObjectMethodV(android.app.Application@3590fc5b, getPackageName() => "com.xingin.xhs") was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->CallObjectMethodV(android.content.pm.PackageManager@3a6bb9bf, getPackageInfo("com.xingin.xhs", 0x20000) => android.content.pm.PackageInfo@65f095f8) was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->FindClass(android/content/pm/PackageInfo) was called from RX@0x4000a9cb[libshield.so]0xa9cb JNIEnv->GetIntField(android.content.pm.PackageInfo@65f095f8, versionCode => 0x613334) was called from RX@0x4000a9e9[libshield.so]0xa9e9 JNIEnv->GetStaticObjectField(class com/xingin/shield/http/ContextHolder, deviceId Ljava/lang/String; => "93879ae5-2581-38c1-aaa3-22096955417e") was called from RX@0x40074505[libshield.so]0x74505 JNIEnv->NewStringUTF("xy-ter-str") was called from RX@0x40074513[libshield.so]0x74513 JNIEnv->GetStringUtfChars("93879ae5-2581-38c1-aaa3-22096955417e") was called from RX@0x40074535[libshield.so]0x74535 JNIEnv->ReleaseStringUTFChars("93879ae5-2581-38c1-aaa3-22096955417e") was called from RX@0x40074573[libshield.so]0x74573 JNIEnv->NewStringUTF("platform=android&build=6370100&deviceId=93879ae5-2581-38c1-aaa3-22096955417e") was called from RX@0x40074589[libshield.so]0x74589 JNIEnv->NewStringUTF("xy-platform-info") was called from RX@0x400745b3[libshield.so]0x745b3 JNIEnv->NewStringUTF("shield") was called from RX@0x400745dd[libshield.so]0x745dd Find native function Java_com_xingin_shield_http_XhsHttpInterceptor_intercept(Lokhttp3/Interceptor$Chain;J)Lokhttp3/Response; => RX@0x40073b29[libshield.so]0x73b29 JNIEnv->CallObjectMethodV(okhttp3.Interceptor$Chain@79da8dc5, request() => okhttp3.Request@7e5afaa6) was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->CallObjectMethodV(okhttp3.Request@7e5afaa6, url() => okhttp3.HttpUrl@63a12c68) was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->CallObjectMethodV(okhttp3.HttpUrl@63a12c68, encodedPath() => "/api/sns/v1/system_service/check_code") was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->CallObjectMethodV(okhttp3.HttpUrl@63a12c68, encodedQuery() => "zone=86&phone=17611262716&code=111111&platform=android&deviceId=93879ae5-2581-38c1-aaa3-22096955417e&device_fingerprint=2020042212064946aa912284e39630dbaf67a13ad903f401bd83ef18e40e80&device_fingerprint1=2020042212064946aa912284e39630dbaf67a13ad903f401bd83ef18e40e80&versionName=6.37.0.1&channel=xiaohongshu&sid=&lang=zh-Hans&t=1587888231&fid=1587721176107ca47573a1e9a5c3fc0862f0ecb0d305&sign=485d645326477f685ae6f5c0a2d97daf") was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->CallObjectMethodV(okhttp3.Request@7e5afaa6, body() => okhttp3.RequestBody@fa49800) was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->CallObjectMethodV(okhttp3.Request@7e5afaa6, headers() => okhttp3.Headers@71238fc2) was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->NewObjectV(class okio/Buffer, <init>() => okio.Buffer@2a54a73f) was called from RX@0x4000b549[libshield.so]0xb549 JNIEnv->CallObjectMethodV(okio.Buffer@2a54a73f, writeString("/api/sns/v1/system_service/check_code", java.nio.charset.Charset@10959ece) => okio.Buffer@2a54a73f) was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->CallObjectMethodV(okio.Buffer@2a54a73f, writeString("zone=86&phone=17611262716&code=111111&platform=android&deviceId=93879ae5-2581-38c1-aaa3-22096955417e&device_fingerprint=2020042212064946aa912284e39630dbaf67a13ad903f401bd83ef18e40e80&device_fingerprint1=2020042212064946aa912284e39630dbaf67a13ad903f401bd83ef18e40e80&versionName=6.37.0.1&channel=xiaohongshu&sid=&lang=zh-Hans&t=1587888231&fid=1587721176107ca47573a1e9a5c3fc0862f0ecb0d305&sign=485d645326477f685ae6f5c0a2d97daf", java.nio.charset.Charset@10959ece) => okio.Buffer@2a54a73f) was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->CallIntMethodV(okhttp3.Headers@71238fc2, size() => 0x2) was called from RX@0x40009d61[libshield.so]0x9d61 JNIEnv->CallObjectMethodV(okhttp3.Headers@71238fc2, name(0x0) => "xy-common-params") was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->GetStringUtfChars("xy-common-params") was called from RX@0x40073c69[libshield.so]0x73c69 JNIEnv->CallObjectMethodV(okhttp3.Headers@71238fc2, value(0x0) => "platform=android&deviceId=93879ae5-2581-38c1-aaa3-22096955417e&device_fingerprint=2020042212064946aa912284e39630dbaf67a13ad903f401bd83ef18e40e80&device_fingerprint1=2020042212064946aa912284e39630dbaf67a13ad903f401bd83ef18e40e80&versionName=6.37.0.1&channel=xiaohongshu&sid=&t=1587888232&fid=1587721176107ca47573a1e9a5c3fc0862f0ecb0d305&uis=light&identifier_flag=0") was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->ReleaseStringUTFChars("xy-common-params") was called from RX@0x40073cd7[libshield.so]0x73cd7 JNIEnv->CallObjectMethodV(okhttp3.Headers@71238fc2, name(0x1) => "User-Agent") was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->GetStringUtfChars("User-Agent") was called from RX@0x40073c69[libshield.so]0x73c69 JNIEnv->ReleaseStringUTFChars("User-Agent") was called from RX@0x40073cd7[libshield.so]0x73cd7 JNIEnv->CallObjectMethodV(okio.Buffer@2a54a73f, writeString("platform=android&deviceId=93879ae5-2581-38c1-aaa3-22096955417e&device_fingerprint=2020042212064946aa912284e39630dbaf67a13ad903f401bd83ef18e40e80&device_fingerprint1=2020042212064946aa912284e39630dbaf67a13ad903f401bd83ef18e40e80&versionName=6.37.0.1&channel=xiaohongshu&sid=&t=1587888232&fid=1587721176107ca47573a1e9a5c3fc0862f0ecb0d305&uis=light&identifier_flag=0", java.nio.charset.Charset@10959ece) => okio.Buffer@2a54a73f) was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->CallObjectMethodV(okio.Buffer@2a54a73f, writeString("platform=android&build=6370100&deviceId=93879ae5-2581-38c1-aaa3-22096955417e", java.nio.charset.Charset@10959ece) => okio.Buffer@2a54a73f) was called from RX@0x40009885[libshield.so]0x9885 JNIEnv->CallVoidMethodV(okhttp3/RequestBody, writeTo(okio.Buffer@2a54a73f)) was called from RX@0x400098d5[libshield.so]0x98d5 [22:51:54 526] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:54) - memory failed: address=0x29a4, size=1, value=0x0 [22:51:54 527] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:354) - emulate RX@0x40073b29[libshield.so]0x73b29 exception sp=unicorn@0xbffff6d0, msg=Invalid memory read (UC_ERR_READ_UNMAPPED), offset=30ms -1 null

justcodedroid commented 4 years ago

尝试了很多次,看不出问题在哪。

justcodedroid commented 4 years ago

issue没人处理么?

qiang commented 4 years ago

尝试了很多次,看不出问题在哪。

感觉是 10010L ,这个值有问题,这个东西是 执行 "initialize(Ljava/lang/String;)J" 之后返回的jni层的一个指针,你乱传应该不行。。

kingshine58668 commented 3 years ago

[22:52:01 768] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:406) - emulate RX@0x40073b79[libshield.so]0x73b79 exception sp=unidbg@0xbffff6d8, msg=Invalid memory read (UC_ERR_READ_UNMAPPED), offset=131ms

18670775011 commented 3 years ago

请问解决了吗,我也遇见一样的问题了- -

osanllyer commented 3 years ago

我和lz代码几乎一样,但是遇到了同样的问题,最后一步总不对,@qiang 我传入的也是 initialize返回的指针地址