search

zhkl0228 / unidbg

Allows you to emulate an Android native library, and an experimental iOS emulation
Apache License 2.0
3.88k stars 966 forks source link

求大佬赐教,这个是什么原因导致的呀?万分感谢 #406

Open localhost02 opened 2 years ago

localhost02 commented 2 years ago

报错:

>>> d8=0x0(0.0) d9=0x0(0.0) d10=0x0(0.0) d11=0x0(0.0) d12=0x0(0.0) d13=0x0(0.0) d14=0x0(0.0) d15=0x0(0.0)
07:11:15.947 [main] DEBUG com.github.unidbg.linux.ARM32SyscallHandler - mmap2 start=0x40004000, length=732857, prot=0x3, flags=0x32, fd=-1, offset=0, from=RWX@0x40338289
07:11:15.947 [main] DEBUG com.github.unidbg.linux.AndroidElfLoader - mmap2 MAP_FIXED start=0x40004000, length=732857, prot=3
[libc.so]CallInitFunction: RX@0x401877bd[libc.so]0x167bd, offset=26ms
[libc++.so]CallInitFunction: RX@0x4010e821[libc++.so]0x32821, offset=18ms
java.lang.IllegalStateException: munmap aligned=0xb3000, start=0x40004000
    at com.github.unidbg.spi.AbstractLoader.munmap(AbstractLoader.java:133)
    at com.github.unidbg.linux.AndroidElfLoader.mmap2(AndroidElfLoader.java:740)
    at com.github.unidbg.linux.ARM32SyscallHandler.mmap2(ARM32SyscallHandler.java:1810)
    at com.github.unidbg.linux.ARM32SyscallHandler.hook(ARM32SyscallHandler.java:290)
    at com.github.unidbg.arm.backend.UnicornBackend$6.hook(UnicornBackend.java:305)
    at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128)
    at unicorn.Unicorn.emu_start(Native Method)
    at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:331)
    at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:370)
    at com.github.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:446)
    at com.github.unidbg.arm.AbstractARMEmulator.eInit(AbstractARMEmulator.java:232)
    at com.github.unidbg.linux.LinuxInitFunction.call(LinuxInitFunction.java:31)
    at com.github.unidbg.linux.LinuxModule.callInitFunction(LinuxModule.java:123)
    at com.github.unidbg.linux.AndroidElfLoader.loadInternal(AndroidElfLoader.java:202)
    at com.github.unidbg.linux.AndroidElfLoader.loadInternal(AndroidElfLoader.java:63)
    at com.github.unidbg.spi.AbstractLoader.load(AbstractLoader.java:219)
    at com.github.unidbg.linux.android.dvm.BaseVM.loadLibrary(BaseVM.java:295)
    at com.sn.jni.SnWorker.<init>(SnWorker.java:42)
    at com.sn.jni.SnWorker.main(SnWorker.java:26)
07:11:15.950 [main] WARN com.github.unidbg.linux.ARM32SyscallHandler - handleInterrupt intno=2, NR=192, svcNumber=0x0, PC=RWX@0x4033829a, LR=RWX@0x40338289, syscall=null
java.lang.IllegalStateException: munmap aligned=0xb3000, start=0x40004000
    at com.github.unidbg.spi.AbstractLoader.munmap(AbstractLoader.java:133)
    at com.github.unidbg.linux.AndroidElfLoader.mmap2(AndroidElfLoader.java:740)
    at com.github.unidbg.linux.ARM32SyscallHandler.mmap2(ARM32SyscallHandler.java:1810)
    at com.github.unidbg.linux.ARM32SyscallHandler.hook(ARM32SyscallHandler.java:290)
    at com.github.unidbg.arm.backend.UnicornBackend$6.hook(UnicornBackend.java:305)
    at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128)
    at unicorn.Unicorn.emu_start(Native Method)
    at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:331)
    at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:370)
    at com.github.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:446)
    at com.github.unidbg.arm.AbstractARMEmulator.eInit(AbstractARMEmulator.java:232)
    at com.github.unidbg.linux.LinuxInitFunction.call(LinuxInitFunction.java:31)
    at com.github.unidbg.linux.LinuxModule.callInitFunction(LinuxModule.java:123)
    at com.github.unidbg.linux.AndroidElfLoader.loadInternal(AndroidElfLoader.java:202)
    at com.github.unidbg.linux.AndroidElfLoader.loadInternal(AndroidElfLoader.java:63)
    at com.github.unidbg.spi.AbstractLoader.load(AbstractLoader.java:219)
    at com.github.unidbg.linux.android.dvm.BaseVM.loadLibrary(BaseVM.java:295)
    at com.sn.jni.SnWorker.<init>(SnWorker.java:42)
    at com.sn.jni.SnWorker.main(SnWorker.java:26)
debugger break at: 0x4033829a
>>> r0=0x40004000 r1=0xb2eb9 r2=0x3 r3=0x32 r4=0xffffffff r5=0x0 r6=0x40004000 r7=0xc0 r8=0x0 sb=0x0 sl=0x0 fp=0x0 ip=0x46734770
>>> SP=0xbffff71c LR=RWX@0x40338289 PC=RWX@0x4033829a cpsr: N=0, Z=0, C=0, V=0, T=1, mode=0b10000
>>> d0=0x0(0.0) d1=0x3933312032203120(3.696225012140986E-33) d2=0x3220302034203736(3.0022298612178987E-67) d3=0x3436333832203235(3.536676186840298E-57) d4=0x2030203020302030(1.2027122125173386E-153) d5=0x2030203020302030(1.2027122125173386E-153) d6=0x2030203020302030(1.2027122125173386E-153) d7=0x2030203020302030(1.2027122125173386E-153)
>>> d8=0x0(0.0) d9=0x0(0.0) d10=0x0(0.0) d11=0x0(0.0) d12=0x0(0.0) d13=0x0(0.0) d14=0x0(0.0) d15=0x0(0.0)
=> *[*      b0 42 ]*0x4033829a:*cmp r0, r6
    [       00 d0 ] 0x4033829c: beq #0x403382a0
    [       01 de ] 0x4033829e: udf #1
    [       0b 9d ] 0x403382a0: ldr r5, [sp, #0x2c]
    [       0f 99 ] 0x403382a2: ldr r1, [sp, #0x3c]
    [ 00 f0 27 f8 ] 0x403382a4: bl #0x403382f6
    [       1f bc ] 0x403382a8: pop {r0, r1, r2, r3, r4}
    [       a0 47 ] 0x403382aa: blx r4
    [       08 bc ] 0x403382ac: pop {r3}
    [       03 bc ] 0x403382ae: pop {r0, r1}
    [       01 23 ] 0x403382b0: movs r3, #1
    [       03 b4 ] 0x403382b2: push {r0, r1}
    [       40 18 ] 0x403382b4: adds r0, r0, r1
    [       01 30 ] 0x403382b6: adds r0, #1
    [       98 43 ] 0x403382b8: bics r0, r3
    [       3f bc ] 0x403382ba: pop {r0, r1, r2, r3, r4, r5}

测试代码:

package com.sn.jni;

import com.github.unidbg.AndroidEmulator;
import com.github.unidbg.Module;
import com.github.unidbg.linux.android.AndroidEmulatorBuilder;
import com.github.unidbg.linux.android.AndroidResolver;
import com.github.unidbg.linux.android.dvm.AbstractJni;
import com.github.unidbg.linux.android.dvm.DalvikModule;
import com.github.unidbg.linux.android.dvm.DvmClass;
import com.github.unidbg.linux.android.dvm.StringObject;
import com.github.unidbg.linux.android.dvm.VM;
import com.github.unidbg.memory.Memory;
import com.github.unidbg.worker.Worker;
import org.springframework.core.io.ClassPathResource;

import java.io.IOException;

public class SnWorker extends AbstractJni implements Worker {
    private final AndroidEmulator emulator;
    private VM vm = null;
    private Module module = null;

    private final String runtimePath = "/data/app/com.suning.mobile.ebuy.apk";

    public static void main(String[] args) {
        new SnWorker();
    }

    public SnWorker() {
        String pkgName = "com.suning.mobile.ebuy";
        String apkPath = "suning.apk";
        String soPath = "libldp.so";

        emulator = AndroidEmulatorBuilder.for32Bit().setProcessName(pkgName).build();
        Memory memory = emulator.getMemory();
        memory.setLibraryResolver(new AndroidResolver(23));

        try {
            //        vm = emulator.createDalvikVM();
            vm = emulator.createDalvikVM(new ClassPathResource(apkPath).getFile());
            DalvikModule dm = vm.loadLibrary(new ClassPathResource(soPath).getFile(), false);
            vm.setJni(this);
            vm.setVerbose(true);
            dm.callJNI_OnLoad(emulator);
            module = dm.getModule();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    public String ba(String param, byte[] bytes) {
        DvmClass b = vm.resolveClass("com/suning/fpcore/b");

        StringObject ret = b
                .callStaticJniMethodObject(emulator, "a()(Ljava/lang/String;[B)Ljava/lang/String;", param, bytes);
        return ret.getValue();
    }

    public String eb() {
        DvmClass b = vm.resolveClass("com/suning/fpcore/e");
        StringObject ret = b.callStaticJniMethodObject(emulator, "b()()Ljava/lang/String;");
        return ret.getValue();
    }

    public String am() {
        DvmClass b = vm.resolveClass("com/suning/fpcore/a");
        StringObject ret = b.callStaticJniMethodObject(emulator, "m()()Ljava/lang/String;");
        return ret.getValue();
    }

    public String an() {
        DvmClass b = vm.resolveClass("com/suning/fpcore/a");
        StringObject ret = b.callStaticJniMethodObject(emulator, "n()(Landroid/content/Context;)Ljava/lang/String;",
                vm.resolveClass("android/content/Context").newObject(null));
        return ret.getValue();
    }

    public String ao() {
        DvmClass b = vm.resolveClass("com/suning/fpcore/a");
        StringObject ret = b.callStaticJniMethodObject(emulator, "o()()Ljava/lang/String;");
        return ret.getValue();
    }

    @Override
    public void close() throws IOException {
        emulator.close();
    }

}

so文件:https://down.a.mtres.cn/assets/1c9c00dd-bbb9-4147-b72b-6979d1562fe9/so%E6%96%87%E4%BB%B6%2B%E6%B5%8B%E8%AF%95%E4%BB%A3%E7%A0%81.zip?sign=1647214190-QD5ntllSFbJZc26P-0-87d344298f0976d564dcdd702c6ebccb

ctycode commented 2 years ago

看看完整日志

STfly commented 1 year ago

JDK 版本不对,换成jdk1.8应该就好了