search

zhkl0228 / unidbg

Allows you to emulate an Android native library, and an experimental iOS emulation
Apache License 2.0
3.88k stars 966 forks source link

unicorn.UnicornException #145

Closed Rh3x4r closed 4 years ago

Rh3x4r commented 4 years ago

java--->

`package com.rm.jnitext;

import androidx.appcompat.app.AppCompatActivity;

import android.os.Bundle; import android.view.View; import android.widget.TextView;

public class MainActivity extends AppCompatActivity {

static {

    System.loadLibrary("native-lib");
}
TextView tv;

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);

     tv = findViewById(R.id.sample_text);

}

public void kt(View h){
    tv.setText("-->"+new String(lxx("jni")));
}

String getstr(String lol){

    return "Java"+lol ;

}

public native byte[] lxx(String op);

} `

cpp --->

`#include

include

extern "C" JNIEXPORT jbyteArray JNICALL Java_com_rm_jnitext_MainActivity_lxx(JNIEnv *env, jobject thiz, jstring op) {

jclass stringClass = env->FindClass( "com/rm/jnitext/MainActivity");

jmethodID getBytesMId = env->GetMethodID( stringClass, "getstr", "(Ljava/lang/String;)Ljava/lang/String;");

jobject jx= env->CallObjectMethod(thiz, getBytesMId, op);

jclass ss= env->FindClass("java/lang/String");

jmethodID xtcz = env->GetMethodID( ss, "getBytes", "()[B");

jbyteArray  ops= static_cast<jbyteArray>(env->CallObjectMethod(jx, xtcz,jx));

return ops ;

}`

unidbg --->

`package com.rm.jnitext;

import com.github.unidbg.linux.android.AndroidARM64Emulator; import com.github.unidbg.linux.android.AndroidResolver;

import com.github.unidbg.linux.android.dvm.*;

import com.github.unidbg.linux.android.dvm.array.ByteArray;

import com.github.unidbg.memory.Memory;

import org.apache.log4j.Level;

import java.io.File;

public class MainActivity extends AbstractJni { private final AndroidARM64Emulator emulator; private final VM vm;

DvmClass dvmClass;

public MainActivity() {

    emulator = new AndroidARM64Emulator("com.rm.jnitext");
    final Memory memory = emulator.getMemory();
    memory.setLibraryResolver(new AndroidResolver(23));
    vm = emulator.createDalvikVM(null);

    // org.apache.log4j.Logger.getLogger("com.github.unidbg.AbstractEmulator").setLevel(Level.DEBUG);
    org.apache.log4j.Logger.getLogger("com.github.unidbg.linux.android.dvm").setLevel(Level.DEBUG);
    //org.apache.log4j.Logger.getLogger("com.github.unidbg.file").setLevel(Level.DEBUG);
    // org.apache.log4j.Logger.getLogger("com.github.unidbg.linux.ARMSyscallHandler").setLevel(Level.DEBUG);

    vm.setVerbose(true);

    vm.setJni(this);

    DalvikModule dm = vm.loadLibrary(new File("src/test/java/libnative-lib.so"), false);
    dm.callJNI_OnLoad(emulator);
    dvmClass = vm.resolveClass("com/rm/jnitext/MainActivity");

}

public static void main(String[] argvs) {

    MainActivity px = new MainActivity();

    px.lop();

}

void p(Object o) {

    System.err.println(o);

}

void lop() {

    Number ret = dvmClass.callStaticJniMethod(emulator, "lxx([B)[B", new ByteArray("textx".getBytes()));
    long hash = ret.intValue() & 0xffffffffL;
    DvmObject array = vm.getObject(hash);
    p(new String((byte[]) array.getValue()));

}

@Override
public DvmObject<?> callObjectMethodV(BaseVM vm, DvmObject<?> dvmObject, String signature, VaList vaList) {

    p("hit -callObjectMethodV-->" + signature);
    return super.callObjectMethodV(vm, dvmObject, signature, vaList);

}

} `

Error --->

`[17:52:16 899] DEBUG [com.github.unidbg.linux.android.dvm.BaseVM] (BaseVM:88) - addObject hash=0x76f84423 [17:52:16 901] DEBUG [com.github.unidbg.linux.android.dvm.BaseVM] (BaseVM:88) - addObject hash=0x1e49398a Find native function Java_com_rm_jnitext_MainActivity_lxx([B)[B => RX@0x4000063c[libnative-lib.so]0x63c [17:52:16 904] DEBUG [com.github.unidbg.linux.android.dvm.BaseVM] (BaseVM:88) - addObject hash=0x1e49398a [17:52:16 904] DEBUG [com.github.unidbg.linux.android.dvm.BaseVM] (BaseVM:88) - addObject hash=0x21a06946 JNIEnv->FindClass(com/rm/jnitext/MainActivity) was called from RX@0x40000754[libnative-lib.so]0x754 [17:52:16 905] DEBUG [com.github.unidbg.linux.android.dvm.DalvikVM64] (DalvikVM64$1:64) - FindClass env=unicorn@0xffffe0ca0, className=com/rm/jnitext/MainActivity, hash=0x1e49398a [17:52:16 906] DEBUG [com.github.unidbg.linux.android.dvm.DalvikVM64] (DalvikVM64$18:319) - GetMethodID class=unicorn@0x1e49398a, methodName=getstr, args=(Ljava/lang/String;)Ljava/lang/String; [17:52:16 906] DEBUG [com.github.unidbg.linux.android.dvm.DvmClass] (DvmClass:111) - getMethodID signature=com/rm/jnitext/MainActivity->getstr(Ljava/lang/String;)Ljava/lang/String;, hash=0x2b3ad1b8 [17:52:16 908] DEBUG [com.github.unidbg.linux.android.dvm.DalvikVM64] (DalvikVM64$20:360) - CallObjectMethodV object=unicorn@0x1e49398a, jmethodID=unicorn@0x2b3ad1b8, va_list=unicorn@0xbffff690, lr=RX@0x4000086c[libnative-lib.so]0x86c [17:52:16 909] WARN [com.github.unidbg.linux.ARM64SyscallHandler] (ARM64SyscallHandler:389) - handleInterrupt intno=2, NR=-1073744200, svcNumber=0x113, PC=unicorn@0xffffe01c4, LR=unicorn@0x70000cdaea00, syscall=null unicorn.UnicornException: dvmObject=class com/rm/jnitext/MainActivity, dvmClass=class java/lang/Class, jmethodID=unicorn@0x2b3ad1b8 at com.github.unidbg.linux.android.dvm.DalvikVM64$20.handle(DalvikVM64.java:366) at com.github.unidbg.linux.ARM64SyscallHandler.hook(ARM64SyscallHandler.java:95) at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128) at unicorn.Unicorn.emu_start(Native Method) at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:336) at com.github.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:415) at com.github.unidbg.arm.AbstractARM64Emulator.eFunc(AbstractARM64Emulator.java:202) at com.github.unidbg.Module.emulateFunction(Module.java:155) at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:58) at com.github.unidbg.linux.android.dvm.DvmClass.callStaticJniMethod(DvmClass.java:222) at com.rm.jnitext.MainActivity.lop(MainActivity.java:68) at com.rm.jnitext.MainActivity.main(MainActivity.java:54) [17:52:16 910] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:349) - emulate RX@0x4000063c[libnative-lib.so]0x63c exception sp=unicorn@0xbffff5b0, msg=dvmObject=class com/rm/jnitext/MainActivity, dvmClass=class java/lang/Class, jmethodID=unicorn@0x2b3ad1b8, offset=5ms Exception in thread "main" java.lang.NullPointerException at com.rm.jnitext.MainActivity.lop(MainActivity.java:71) at com.rm.jnitext.MainActivity.main(MainActivity.java:54)

Process finished with exit code 1`

file---> https://www53.zippyshare.com/v/yzKeQKGF/file.html

zhkl0228 commented 4 years ago

`package com.rm.jnitext;

import com.github.unidbg.linux.android.AndroidARM64Emulator; import com.github.unidbg.linux.android.AndroidResolver;

import com.github.unidbg.linux.android.dvm.*;

import com.github.unidbg.linux.android.dvm.array.ByteArray;

import com.github.unidbg.memory.Memory;

import com.github.unidbg.utils.Inspector; import org.apache.log4j.Level;

import java.io.File;

public class MainActivity extends AbstractJni { private final AndroidARM64Emulator emulator; private final VM vm;

DvmClass dvmClass;

public MainActivity() {

    emulator = new AndroidARM64Emulator("com.rm.jnitext");
    final Memory memory = emulator.getMemory();
    memory.setLibraryResolver(new AndroidResolver(23));
    vm = emulator.createDalvikVM(null);

    // org.apache.log4j.Logger.getLogger("com.github.unidbg.AbstractEmulator").setLevel(Level.DEBUG);
    org.apache.log4j.Logger.getLogger("com.github.unidbg.linux.android.dvm").setLevel(Level.DEBUG);
    //org.apache.log4j.Logger.getLogger("com.github.unidbg.file").setLevel(Level.DEBUG);
    // org.apache.log4j.Logger.getLogger("com.github.unidbg.linux.ARMSyscallHandler").setLevel(Level.DEBUG);

    vm.setVerbose(true);

    vm.setJni(this);

    DalvikModule dm = vm.loadLibrary(new File("src/test/java/libnative-lib.so"), false);
    dm.callJNI_OnLoad(emulator);
    dvmClass = vm.resolveClass("com/rm/jnitext/MainActivity");

}

public static void main(String[] argvs) {

    MainActivity px = new MainActivity();

    px.lop();

}

void p(Object o) {

    System.err.println(o);

}

void lop() {

    Number ret = dvmClass.newObject(null).callJniMethod(emulator, "lxx(Ljava/lang/String)[B", new StringObject(vm, "textx"));
    long hash = ret.intValue() & 0xffffffffL;
    ByteArray array = vm.getObject(hash);
    Inspector.inspect(array.getValue(), "result");

}

@Override
public DvmObject<?> callObjectMethodV(BaseVM vm, DvmObject<?> dvmObject, String signature, VaList vaList) {
    switch (signature) {
        case "com/rm/jnitext/MainActivity->getstr(Ljava/lang/String;)Ljava/lang/String;":
            StringObject lol = vaList.getObject(0);
            assert lol != null;
            return new StringObject(vm, "Java" + lol.getValue());
        case "java/lang/String->getBytes()[B": {
            String str = (String) dvmObject.getValue();
            return new ByteArray(str.getBytes());
        }
    }

    p("hit -callObjectMethodV-->" + signature);
    return super.callObjectMethodV(vm, dvmObject, signature, vaList);

}

}`