search

zhkl0228 / unidbg

Allows you to emulate an Android native library, and an experimental iOS emulation
Apache License 2.0
3.76k stars 950 forks source link

Read memory failed: address=0x706b6ca020, size=8, value=0x0 #555

Open a1274807709 opened 1 year ago

a1274807709 commented 1 year ago

版本:安卓qq8.9.70 so文件:libqimei.so Hook出的参数:

{ "param1": "/data/user/0/com.tencent.mobileqq/files/com.tencent.qimei.sdk.QimeiSDK", "param2": [ ["com/tencent/qimei/n/b", "sendError", "(III)I", "k2"], ["com/tencent/qimei/n/b", "sendSample", "(III)I", "k1"], ["com/tencent/qimei/l/a", "getLauncherActivity", "(Landroid/content/Context;)Landroid/app/Activity;", "k4"], ["com/tencent/qimei/u/b", "p", "(ILjava/lang/String;)Ljava/lang/String;", "k5"] ], "Times": "2023-07-31-22:24:58" } native层: private static native void n(Context context, String str, Object[] objArr);

代码: ` ArrayList<String[]> f296371a = new ArrayList<>(); String[] strArr = new String[4]; strArr[0]="com/tencent/qimei/n/b"; strArr[1]="sendSample"; strArr[2]="(III)I"; strArr[3]="k1"; f296371a.add(strArr); strArr[0]="com/tencent/qimei/n/b"; strArr[1]="sendError"; strArr[2]="(III)I"; strArr[3]="k2"; f296371a.add(strArr);

    strArr[0]="com/tencent/qimei/l/a";
    strArr[1]="getLauncherActivity";
    strArr[2]="(Landroid/content/Context;)Landroid/app/Activity;";
    strArr[3]="k4";
    f296371a.add(strArr);
    strArr[0]="com/tencent/qimei/u/b";
    strArr[1]="p";
    strArr[2]="(ILjava/lang/String;)Ljava/lang/String;";
    strArr[3]="k5";
    f296371a.add(strArr);
    Object[] objects=   f296371a.toArray();

    String n = "n(Landroid/content/Context;Ljava/lang/String;[Ljava/lang/Object;)V";
     this.dvmClassQimei.callStaticJniMethod(emulator,n,context,str,  ProxyDvmObject.createObject(vm,objects));`

报错:

debugger break at: 0x40cc74a0 @ Function64 address=0x40cd3a0c, arguments=[unidbg@0xfffe1640[libandroid.so]0x640, -1688988207, 1056860985, 624795507, 337799666]

x0=0x65107976 x1=0xbffff3d0 x2=0x0 x3=0x20 x4=0xfffffffffffffff0 x5=0x40 x6=0x3f x7=0x0 x8=0x706b6ca000 x9=0x7f454c46 x10=0x706b6ca000 x11=0xdcaa2465 x12=0xbffff458 x13=0xbffff468 x14=0x1 x15=0x3ed4be59 x16=0x40d07e60 x17=0xa749 x18=0x40189f50 x19=0x133ae5fe x20=0x0 x21=0x90fd6129 x22=0xe5705dd0 x23=0xfef5 x24=0xdfcf39cd x25=0x6186dbdb x26=0xa56b5961 x27=0x1d935179 x28=0x41d3 fp=0xe36c q0=0x72727272727272727272727272727272(1.9680840716716443E243, 1.9680840716716443E243) q1=0x0(0.0) q2=0x702d2d72(2.143833868430176E29) q3=0x80200802802008028020080280200802(-4.458850023827439E-308, -4.458850023827439E-308) q4=0x80200802802008028020080200000000(-4.45884789975736E-308, -4.458850023827439E-308) q5=0x0(0.0) q6=0x1(1.401298464324817E-45) q7=0x80200802802008028020080280200802(-4.458850023827439E-308, -4.458850023827439E-308) q8=0x0(0.0) q9=0x0(0.0) q10=0x0(0.0) q11=0x0(0.0) q12=0x0(0.0) q13=0x0(0.0) q14=0x0(0.0) q15=0x0(0.0) q16=0x40100401401004014010040140100401(4.003911019303815, 4.003911019303815) q17=0xa00aa00aa00a0001aaaaaa01aaaaaaaa(-3.720302283390508E-103, -2.482244139579132E-154) q18=0x80200802802008028020080200000001(-4.458847899757361E-308, -4.458850023827439E-308) q19=0x5003474657514c53535650034e564e4a(2.9088939508169216E93, 2.79036023712085E77) q20=0xa4bdb1fcafb8b9b9bfa4b9fcfbb2fbfc(-0.04048147747516137, -1.0458973637743107E-131) q21=0x34373f33357d373c3d26353c3b207d21(3.9449244407276354E-14, 3.703440873897255E-57) q22=0xf9e3e8e0f8eee2c9a2e9ffeceee9fea2(-1.705691643836012E-140, -1.4117257583346367E279) q23=0x672f656e6f74676e69722f636973754d(8.69987647388894E199, 1.0928602047774224E189) q24=0x3b6f666e49656369767265532f6d702f(3.620386432783241E262, 2.0778856622684563E-22) q25=0x6c6d782f6e6f69746163696c707061(3.983861098561292E252, 1.265070865790262E-306) q26=0x746e65746e6f632f64696f72646e614c(5.032746132294561E175, 6.964135520393147E252) q27=0x4965636976726573(3.815805220542376E45) q28=0x66643139313230626434313335633938(4.994141873244771E174, 1.7159818404838045E185) q29=0x62323161356161353336356661353330(5.398610010944219E-62, 1.047657493609918E165) q30=0xe2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2(-2.227377823277027E168, -2.227377823277027E168) q31=0x62613934333231303030303030303061(1.398043286095304E-76, 7.934651310604643E165) LR=RX@0x40cc9ad8[libqimei.so]0x2dad8 SP=0xbffff1c0 PC=RX@0x40cc74a0[libqimei.so]0x2b4a0 nzcv: N=0, Z=1, C=1, V=0, EL0, use SP_EL0 22:48:03.614 [main] DEBUG org.scijava.nativelib.NativeLibraryUtil - architecture is WINDOWS_64 os.name is windows 11 22:48:03.614 [main] DEBUG org.scijava.nativelib.NativeLibraryUtil - platform specific path is natives/windows_64/ 22:48:03.614 [main] DEBUG org.scijava.nativelib.BaseJniExtractor - mappedLib is disassembler.dll 22:48:03.617 [main] DEBUG org.scijava.nativelib.BaseJniExtractor - Couldn't find resource natives/windows_64/disassembler.dll 22:48:03.617 [main] DEBUG org.scijava.nativelib.NativeLibraryUtil - platform specific path is windows_64/ 22:48:03.617 [main] DEBUG org.scijava.nativelib.BaseJniExtractor - mappedLib is disassembler.dll 22:48:03.620 [main] DEBUG org.scijava.nativelib.BaseJniExtractor - Couldn't find resource windows_64/disassembler.dll 22:48:03.620 [main] DEBUG org.scijava.nativelib.NativeLibraryUtil - platform specific path is META-INF/lib/windows_64/ 22:48:03.620 [main] DEBUG org.scijava.nativelib.BaseJniExtractor - mappedLib is disassembler.dll 22:48:03.624 [main] DEBUG org.scijava.nativelib.BaseJniExtractor - Couldn't find resource META-INF/lib/windows_64/disassembler.dll => [libqimei.so 0x02b4a0][fd7bbaa9]0x40cc74a0:*"stp x29, x30, [sp, #-0x60]!" [libqimei.so 0x02b4a4] [fc6f01a9] 0x40cc74a4: "stp x28, x27, [sp, #0x10]" [libqimei.so 0x02b4a8] [fa6702a9] 0x40cc74a8: "stp x26, x25, [sp, #0x20]" [libqimei.so 0x02b4ac] [f85f03a9] 0x40cc74ac: "stp x24, x23, [sp, #0x30]" [libqimei.so 0x02b4b0] [f65704a9] 0x40cc74b0: "stp x22, x21, [sp, #0x40]" [libqimei.so 0x02b4b4] [f44f05a9] 0x40cc74b4: "stp x20, x19, [sp, #0x50]" [libqimei.so 0x02b4b8] [ffc306d1] 0x40cc74b8: "sub sp, sp, #0x1b0" [libqimei.so 0x02b4bc] [e12f00f9] 0x40cc74bc: "str x1, [sp, #0x58]" [libqimei.so 0x02b4c0] [e82f40f9] 0x40cc74c0: "ldr x8, [sp, #0x58]" [libqimei.so 0x02b4c4] [49058052] 0x40cc74c4: "movz w9, #0x2a" [libqimei.so 0x02b4c8] [2d400391] 0x40cc74c8: "add x13, x1, #0xd0" [libqimei.so 0x02b4cc] [2ce00291] 0x40cc74cc: "add x12, x1, #0xb8" [libqimei.so 0x02b4d0] [000100f9] 0x40cc74d0: "str x0, [x8]" [libqimei.so 0x02b4d4] [29200039] 0x40cc74d4: "strb w9, [x1, #8]" [libqimei.so 0x02b4d8] [e82f40f9] 0x40cc74d8: "ldr x8, [sp, #0x58]" [libqimei.so 0x02b4dc] [c9888952] 0x40cc74dc: "movz w9, #0x4c46"

Alphamerry commented 1 year ago

QIMEI不是这个native吧

a1274807709 commented 1 year ago

QIMEI不是这个native吧

8.9.70里是这个

a810291783 commented 2 months ago

解决了吗,我也遇到类似的问题。