zhkl0228
commented
4 years ago Please vm.setJni(jni)
On Fri, Sep 25, 2020 at 16:00 nantian-dog notifications@github.com wrote:
以下是代码: `package com.bytedance.frameworks.core.encrypt;
import com.github.unidbg.AndroidEmulator; import com.github.unidbg.Module; import com.github.unidbg.linux.android.AndroidARMEmulator; import com.github.unidbg.linux.android.AndroidResolver; import com.github.unidbg.linux.android.dvm.*; import com.github.unidbg.linux.android.dvm.array.ByteArray; import com.github.unidbg.memory.Memory; import org.apache.commons.codec.binary.Base64;
import java.io.File; import java.io.IOException;
public class Candy {
private final AndroidEmulator emulator;
private final VM vm;
private final Module module;
private final DvmClass Native;
Candy(boolean logging) {
emulator = new AndroidARMEmulator("com.qidian.dldl.official"); // 创建模拟器实例,要模拟32位或者64位,在这里区分 final Memory memory = emulator.getMemory(); // 模拟器的内存操作接口 memory.setLibraryResolver(new AndroidResolver(23)); // 设置系统类库解析 vm = emulator.createDalvikVM(null); // 创建Android虚拟机 vm.setVerbose(logging); // 设置是否打印Jni调用细节 DalvikModule dm = vm.loadLibrary(new File("unidbg-android/src/test/resources/example_binaries/libmtguard.so"), false); // 加载libttEncrypt.so到unicorn虚拟内存,加载成功以后会默认调用init_array等函数 dm.callJNI_OnLoad(emulator); // 手动执行JNI_OnLoad函数 module = dm.getModule(); // 加载好的libttEncrypt.so对应为一个模块 Native = vm.resolveClass("com/meituan/android/common/candy/CandyJni");}
void destroy() throws IOException {
emulator.close();}
public static void main(String[] args) throws Exception {
Candy test = new Candy(false); test.candy(); test.destroy();}
void candy() {
byte[] data = Base64.decodeBase64("R0VUIGh0dHBzOi8vZ2FlYS5tZWl0dWFuLmNvbS90YXJ6YW5fYXBwYXBpL2RhdGFfcHJlbG9hZC9wcmVsb2FkIF9fcmVxVHJhY2VJRD04MDA1NzcxZi00YmFkLTRjMzAtOTQzMi03YzJhZWRkYTQ2ZmImX19za2NrPThmNTk3M2IwODU0NDYwOTBmMjI0YWY3NGUzMGUwMTgxJl9fc2tubz03ZTVlYzhhNS0wNzg4LTQ0NzMtYTBlYy1iNmI1NGVjMjE3MDImX19za3NjPWh0dHBzJl9fc2t0cz0xNjAxMDE2MDU2Jl9fc2t1YT0zOGZlMGVmNWYzYWI3OGFjZWNhOGM5OGNmYjRmNjY2OCZjaT0xMTQmZGV2aWNlX2lkPTIxMzkxMzQyOTExMDY3NCZsYXVuY2hfdHlwZT0zMDAmbXNpZD0yMTM5MTM0MjkxMTA2NzQxNjAxMDE0ODA5MjI1Jm5ldHdvcmtfdHlwZT0xJm9zX3ZlcnNpb249OC4xLjAmcGhvbmVfbW9kZT1SZWRtaSUyMDZBJnVzZXJpZD0tMSZ1dG1fY2FtcGFpZ249QWdyb3VwQmdyb3VwQzBFMCZ1dG1fY29udGVudD0yMTM5MTM0MjkxMTA2NzQmdXRtX21lZGl1bT1hbmRyb2lkJnV0bV9zb3VyY2U9d2FuZG91amlhJnV0bV90ZXJtPTExMDAwMjAyMDUmdXVpZD0wMDAwMDAwMDAwMDAwNjZFMDFDQ0U1NTc5NEY5N0JGRkYwRjdBQzM0RjE0RjNBMTYwMDg2OTY2Mjg2Mzc2MDIwJnZlcnNpb25fbmFtZT0xMS4yLjIwNSZ3aWZpX21hYz1BQiUzQTQzJTNBOTElM0ExQiUzQUQ4JTNBMzE="); Object custom = null; DvmObject context = vm.resolveClass("android/content/Context").newObject(custom); Object obj = Native.callStaticJniMethodObject(emulator, "getCandyDataWithKey(Ljava/lang/Object;[BLjava/lang/String;)Ljava/lang/String;", context,new ByteArray(vm, data),"CandyKey"); // 执行Jni方法 System.err.println(obj);}
} 调用后出现一个错误并返回null:D:\java\jdk\bin\java.exe "-javaagent:E:\01-软件安装\IntelliJ IDEA Community Edition 2018.3.5\lib\idea_rt.jar=63845:E:\01-软件安装\IntelliJ IDEA Community Edition 2018.3.5\bin" -Dfile.encoding=UTF-8 -classpath D:\java\jdk\jre\lib\charsets.jar;D:\java\jdk\jre\lib\deploy.jar;D:\java\jdk\jre\lib\ext\access-bridge-64.jar;D:\java\jdk\jre\lib\ext\cldrdata.jar;D:\java\jdk\jre\lib\ext\dnsns.jar;D:\java\jdk\jre\lib\ext\jaccess.jar;D:\java\jdk\jre\lib\ext\jfxrt.jar;D:\java\jdk\jre\lib\ext\localedata.jar;D:\java\jdk\jre\lib\ext\nashorn.jar;D:\java\jdk\jre\lib\ext\sunec.jar;D:\java\jdk\jre\lib\ext\sunjce_provider.jar;D:\java\jdk\jre\lib\ext\sunmscapi.jar;D:\java\jdk\jre\lib\ext\sunpkcs11.jar;D:\java\jdk\jre\lib\ext\zipfs.jar;D:\java\jdk\jre\lib\javaws.jar;D:\java\jdk\jre\lib\jce.jar;D:\java\jdk\jre\lib\jfr.jar;D:\java\jdk\jre\lib\jfxswt.jar;D:\java\jdk\jre\lib\jsse.jar;D:\java\jdk\jre\lib\management-agent.jar;D:\java\jdk\jre\lib\plugin.jar;D:\java\jdk\jre\lib\resources.jar;D:\java\jdk\jre\lib\rt.jar;F:\03-project\14-爬虫API\12-unidbg\unidbg-master\unidbg-android\target\test-classes;F:\03-project\14-爬虫API\12-unidbg\unidbg-master\unidbg-android\target\classes;F:\03-project\14-爬虫API\12-unidbg\unidbg-master\unidbg-api\target\classes;D:\apache-maven\repository\com\github\zhkl0228\unicorn\1.0.9\unicorn-1.0.9.jar;D:\apache-maven\repository\org\scijava\native-lib-loader\2.3.4\native-lib-loader-2.3.4.jar;D:\apache-maven\repository\com\github\zhkl0228\capstone\3.0.8\capstone-3.0.8.jar;D:\apache-maven\repository\net\java\dev\jna\jna\4.5.2\jna-4.5.2.jar;D:\apache-maven\repository\com\github\zhkl0228\keystone\0.9.2\keystone-0.9.2.jar;D:\apache-maven\repository\commons-codec\commons-codec\1.6\commons-codec-1.6.jar;D:\apache-maven\repository\commons-io\commons-io\2.4\commons-io-2.4.jar;D:\apache-maven\repository\commons-logging\commons-logging\1.1.3\commons-logging-1.1.3.jar;D:\apache-maven\repository\com\alibaba\fastjson\1.2.60\fastjson-1.2.60.jar;D:\apache-maven\repository\net\dongliu\apk-parser\2.6.4\apk-parser-2.6.4.jar;D:\apache-maven\repository\log4j\log4j\1.2.17\log4j-1.2.17.jar;D:\apache-maven\repository\junit\junit\3.8.2\junit-3.8.2.jar;D:\apache-maven\repository\org\slf4j\slf4j-api\1.7.26\slf4j-api-1.7.26.jar;D:\apache-maven\repository\org\slf4j\slf4j-log4j12\1.7.26\slf4j-log4j12-1.7.26.jar com.bytedance.frameworks.core.encrypt.Candy [15:57:58 897] INFO [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:809) - pthread_clone child_stack=RW@0x4037e930, thread_id=1, fn=RX@0x401227f5[libc.so]0x3f7f5, arg=RW@0x4037e930, flags=[CLONE_VM, CLONE_FS, CLONE_FILES, CLONE_SIGHAND, CLONE_THREAD, CLONE_SYSVSEM, CLONE_SETTLS, CLONE_PARENT_SETTID, CLONE_CHILD_CLEARTID] [15:57:58 920] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:57) - memory failed: address=0x10, size=1, value=0x0, PC=unicorn@0x10, LR=RX@0x40008ca7[libmtguard.so]0x8ca7 [15:57:58 921] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:376) - emulate RX@0x40008bad[libmtguard.so]0x8bad exception sp=unicorn@0xbffff770, msg=Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=71ms [15:57:58 942] WARN [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:446) - handleInterrupt intno=2, NR=-1073744072, svcNumber=0x113, PC=unicorn@0xfffe01c4, syscall=null java.lang.IllegalStateException: Please vm.setJni(jni) at com.github.unidbg.linux.android.dvm.Hashable.checkJni(Hashable.java:7) at com.github.unidbg.linux.android.dvm.DvmMethod.callObjectMethod(DvmMethod.java:58) at com.github.unidbg.linux.android.dvm.DalvikVM$20.handle(DalvikVM.java:363) at com.github.unidbg.linux.ARM32SyscallHandler.hook(ARM32SyscallHandler.java:103) at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128) at unicorn.Unicorn.emu_start(Native Method) at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:357) at com.github.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:445) at com.github.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:208) at com.github.unidbg.Module.emulateFunction(Module.java:154) at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:115) at com.github.unidbg.linux.android.dvm.DvmClass.callStaticJniMethodObject(DvmClass.java:250) at com.bytedance.frameworks.core.encrypt.Candy.candy(Candy.java:54) at com.bytedance.frameworks.core.encrypt.Candy.main(Candy.java:45) [15:57:58 948] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:376) - emulate RX@0x400071c5[libmtguard.so]0x71c5 exception sp=unicorn@0xbffff668, msg=Please vm.setJni(jni), offset=20ms null
Process finished with exit code 0 `
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/zhkl0228/unidbg/issues/186, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKSR74NJMPTEUHKCT5REILSHRE2BANCNFSM4RZHMF5Q .
nantian-dog
以下是代码: `package com.bytedance.frameworks.core.encrypt;
import com.github.unidbg.AndroidEmulator; import com.github.unidbg.Module; import com.github.unidbg.linux.android.AndroidARMEmulator; import com.github.unidbg.linux.android.AndroidResolver; import com.github.unidbg.linux.android.dvm.*; import com.github.unidbg.linux.android.dvm.array.ByteArray; import com.github.unidbg.memory.Memory; import org.apache.commons.codec.binary.Base64;
import java.io.File; import java.io.IOException;
public class Candy {
}
调用后出现一个错误并返回null:D:\java\jdk\bin\java.exe "-javaagent:E:\01-软件安装\IntelliJ IDEA Community Edition 2018.3.5\lib\idea_rt.jar=63845:E:\01-软件安装\IntelliJ IDEA Community Edition 2018.3.5\bin" -Dfile.encoding=UTF-8 -classpath D:\java\jdk\jre\lib\charsets.jar;D:\java\jdk\jre\lib\deploy.jar;D:\java\jdk\jre\lib\ext\access-bridge-64.jar;D:\java\jdk\jre\lib\ext\cldrdata.jar;D:\java\jdk\jre\lib\ext\dnsns.jar;D:\java\jdk\jre\lib\ext\jaccess.jar;D:\java\jdk\jre\lib\ext\jfxrt.jar;D:\java\jdk\jre\lib\ext\localedata.jar;D:\java\jdk\jre\lib\ext\nashorn.jar;D:\java\jdk\jre\lib\ext\sunec.jar;D:\java\jdk\jre\lib\ext\sunjce_provider.jar;D:\java\jdk\jre\lib\ext\sunmscapi.jar;D:\java\jdk\jre\lib\ext\sunpkcs11.jar;D:\java\jdk\jre\lib\ext\zipfs.jar;D:\java\jdk\jre\lib\javaws.jar;D:\java\jdk\jre\lib\jce.jar;D:\java\jdk\jre\lib\jfr.jar;D:\java\jdk\jre\lib\jfxswt.jar;D:\java\jdk\jre\lib\jsse.jar;D:\java\jdk\jre\lib\management-agent.jar;D:\java\jdk\jre\lib\plugin.jar;D:\java\jdk\jre\lib\resources.jar;D:\java\jdk\jre\lib\rt.jar;F:\03-project\14-爬虫API\12-unidbg\unidbg-master\unidbg-android\target\test-classes;F:\03-project\14-爬虫API\12-unidbg\unidbg-master\unidbg-android\target\classes;F:\03-project\14-爬虫API\12-unidbg\unidbg-master\unidbg-api\target\classes;D:\apache-maven\repository\com\github\zhkl0228\unicorn\1.0.9\unicorn-1.0.9.jar;D:\apache-maven\repository\org\scijava\native-lib-loader\2.3.4\native-lib-loader-2.3.4.jar;D:\apache-maven\repository\com\github\zhkl0228\capstone\3.0.8\capstone-3.0.8.jar;D:\apache-maven\repository\net\java\dev\jna\jna\4.5.2\jna-4.5.2.jar;D:\apache-maven\repository\com\github\zhkl0228\keystone\0.9.2\keystone-0.9.2.jar;D:\apache-maven\repository\commons-codec\commons-codec\1.6\commons-codec-1.6.jar;D:\apache-maven\repository\commons-io\commons-io\2.4\commons-io-2.4.jar;D:\apache-maven\repository\commons-logging\commons-logging\1.1.3\commons-logging-1.1.3.jar;D:\apache-maven\repository\com\alibaba\fastjson\1.2.60\fastjson-1.2.60.jar;D:\apache-maven\repository\net\dongliu\apk-parser\2.6.4\apk-parser-2.6.4.jar;D:\apache-maven\repository\log4j\log4j\1.2.17\log4j-1.2.17.jar;D:\apache-maven\repository\junit\junit\3.8.2\junit-3.8.2.jar;D:\apache-maven\repository\org\slf4j\slf4j-api\1.7.26\slf4j-api-1.7.26.jar;D:\apache-maven\repository\org\slf4j\slf4j-log4j12\1.7.26\slf4j-log4j12-1.7.26.jar com.bytedance.frameworks.core.encrypt.Candy [15:57:58 897] INFO [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:809) - pthread_clone child_stack=RW@0x4037e930, thread_id=1, fn=RX@0x401227f5[libc.so]0x3f7f5, arg=RW@0x4037e930, flags=[CLONE_VM, CLONE_FS, CLONE_FILES, CLONE_SIGHAND, CLONE_THREAD, CLONE_SYSVSEM, CLONE_SETTLS, CLONE_PARENT_SETTID, CLONE_CHILD_CLEARTID] [15:57:58 920] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:57) - memory failed: address=0x10, size=1, value=0x0, PC=unicorn@0x10, LR=RX@0x40008ca7[libmtguard.so]0x8ca7 [15:57:58 921] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:376) - emulate RX@0x40008bad[libmtguard.so]0x8bad exception sp=unicorn@0xbffff770, msg=Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=71ms [15:57:58 942] WARN [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:446) - handleInterrupt intno=2, NR=-1073744072, svcNumber=0x113, PC=unicorn@0xfffe01c4, syscall=null java.lang.IllegalStateException: Please vm.setJni(jni) at com.github.unidbg.linux.android.dvm.Hashable.checkJni(Hashable.java:7) at com.github.unidbg.linux.android.dvm.DvmMethod.callObjectMethod(DvmMethod.java:58) at com.github.unidbg.linux.android.dvm.DalvikVM$20.handle(DalvikVM.java:363) at com.github.unidbg.linux.ARM32SyscallHandler.hook(ARM32SyscallHandler.java:103) at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128) at unicorn.Unicorn.emu_start(Native Method) at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:357) at com.github.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:445) at com.github.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:208) at com.github.unidbg.Module.emulateFunction(Module.java:154) at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:115) at com.github.unidbg.linux.android.dvm.DvmClass.callStaticJniMethodObject(DvmClass.java:250) at com.bytedance.frameworks.core.encrypt.Candy.candy(Candy.java:54) at com.bytedance.frameworks.core.encrypt.Candy.main(Candy.java:45) [15:57:58 948] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:376) - emulate RX@0x400071c5[libmtguard.so]0x71c5 exception sp=unicorn@0xbffff668, msg=Please vm.setJni(jni), offset=20ms nullProcess finished with exit code 0 `