初学Unicorn, 还请大佬看看这个是怎么回事 谢谢 UC_ERR_READ_UNMAPPED

[hejiheji001]

首先是一段Python+AndroidNativeEmu的代码，调用JNI方法并获取加密后的字符串，整体比较简单。

test.zip

emulator = Emulator() emulator.modules.add_symbol_hook('__aeabi_memclr', emulator.hooker.write_function(__aeabi_memclr) + 1) emulator.modules.add_symbol_hook('__aeabi_memcpy', emulator.hooker.write_function(__aeabi_memcpy) + 1) emulator.modules.add_symbol_hook('sprintf', emulator.hooker.write_function(sprintf) + 1)

emulator.load_library('lib/libc.so', do_init=False) libmod = emulator.load_library('lib/libnative-lib.so', do_init=False)

dbg = udbg.UnicornDebugger(emulator.mu) s = emulator.call_symbol(libmod, 'Java_com_sec_udemo_MainActivity_sign_1lv2', emulator.java_vm.jni_env.address_ptr, 0, "123") print(s)

我自己照着python进行改动，基于AndroidNativeEmuTest.java 进行了一系列尝试 发现提示 [15:05:08 890] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:55) - memory failed: address=0x0, size=4, value=0x0, PC=RX@0x40009f3c[libnative-lib.so]0x9f3c, LR=null [15:05:08 891] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:357) - emulate RX@0x40009f95[libnative-lib.so]0x9f95 exception sp=unicorn@0xbffff6c0, msg=Invalid memory read (UC_ERR_READ_UNMAPPED), offset=195ms

从报错来看，应该是unicorn这边的内存地址没有map到，但是不清楚具体该如何操作

Module module = emulator.loadLibrary(new File("src/test/resources/tutorial/0x3/libnative-lib.so")); Symbol sign = module.findSymbolByName("Java_com_sec_udemo_MainActivity_sign_1lv2");

[satng]

这个看不到什么，把DEBUG打开，看过一点详细的信息

大佬应该都很忙， @zhkl0228 是否可以建个群？

[hejiheji001]

@satng 其实并没有特别多的信息 这两句WARN已经是全部了 其他都是INFO 仅仅是加载文件之类的

[16:06:57 506] INFO [com.github.unidbg.linux.AndroidElfLoader] (AndroidElfLoader:386) - libdl.so load dependency ld-android.so failed

[16:06:57 567] INFO [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:1818) - faccessat dirfd=-100, pathname=/dev/urandom, oflags=0x4, mode=0 File opened failed '/proc/sys/vm/overcommit_memory' from RX@0x400a2319[libc.so]0x71319

[16:06:57 572] INFO [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:1873) - openat dirfd=-100, pathname=/proc/sys/vm/overcommit_memory, oflags=0x20000, mode=0 File opened failed '/sys/devices/system/cpu/online' from RX@0x4005141d[libc.so]0x2041d

[16:06:57 584] INFO [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:1873) - openat dirfd=-100, pathname=/sys/devices/system/cpu/online, oflags=0xa0000, mode=0 File opened '/dev/properties' from RX@0x40053bdf[libc.so]0x22bdf File closed '/dev/properties' from RX@0x4004c653[libc.so]0x1b653

[16:06:57 619] INFO [com.github.unidbg.linux.android.ArmLD] (ArmLD:157) - dlopen failed: libvendorconn.so propClient: PropClient failed to load

[16:06:57 625] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:55) - memory failed: address=0x0, size=4, value=0x0, PC=RX@0x40009f28[libnative-lib.so]0x9f28, LR=null

[16:06:57 625] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:357) - emulate RX@0x40009f95[libnative-lib.so]0x9f95 exception sp=unicorn@0xbffff6c0, msg=Invalid memory read (UC_ERR_READ_UNMAPPED), offset=1ms test offset=520ms

如果打开traceCode 可以多看到一些内容 倒数10条如下

Trace Instruction [libnative-lib.so] [0x09f2b] [ 02 af ] 0x40009f2a: add r7, sp, #8

Trace Instruction [libnative-lib.so] [0x09f2d] [ 88 b0 ] 0x40009f2c: sub sp, #0x20

Trace Instruction [libnative-lib.so] [0x09f2f] [ 13 46 ] 0x40009f2e: mov r3, r2

Trace Instruction [libnative-lib.so] [0x09f31] [ 8c 46 ] 0x40009f30: mov ip, r1

Trace Instruction [libnative-lib.so] [0x09f33] [ 86 46 ] 0x40009f32: mov lr, r0

Trace Instruction [libnative-lib.so] [0x09f35] [ 07 90 ] 0x40009f34: str r0, [sp, #0x1c]

Trace Instruction [libnative-lib.so] [0x09f37] [ 06 91 ] 0x40009f36: str r1, [sp, #0x18]

Trace Instruction [libnative-lib.so] [0x09f39] [ 05 92 ] 0x40009f38: str r2, [sp, #0x14]

Trace Instruction [libnative-lib.so] [0x09f3b] [ 07 98 ] 0x40009f3a: ldr r0, [sp, #0x1c]

Trace Instruction [libnative-lib.so] [0x09f3d] [ 01 68 ] 0x40009f3c: ldr r1, [r0]