[11:20:39 109] WARN [com.github.unidbg.linux.ARM64SyscallHandler] (ARM64SyscallHandler:412) - handleInterrupt intno=2, NR=192, svcNumber=0x1f0, PC=unidbg@0xfffe1734[libandroid.so]0x734, LR=RX@0x40038c4c[libkwsgmain.so]0x38c4c, syscall=null com.github.unidbg.arm.backend.BackendException at com.github.unidbg.virtualmodule.android.AndroidModule$11.handle(AndroidModule.java:90) at com.github.unidbg.linux.ARM64SyscallHandler.hook(ARM64SyscallHandler.java:121) at com.github.unidbg.arm.backend.UnicornBackend$11.hook(UnicornBackend.java:345) at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128) at unicorn.Unicorn.emu_start(Native Method) at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:376) at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:378) at com.github.unidbg.thread.Function64.run(Function64.java:39) at com.github.unidbg.thread.MainTask.dispatch(MainTask.java:19) at com.github.unidbg.thread.UniThreadDispatcher.run(UniThreadDispatcher.java:175) at com.github.unidbg.thread.UniThreadDispatcher.runMainForResult(UniThreadDispatcher.java:99) at com.github.unidbg.AbstractEmulator.runMainForResult(AbstractEmulator.java:341) at com.github.unidbg.arm.AbstractARM64Emulator.eFunc(AbstractARM64Emulator.java:262) at com.github.unidbg.Module.emulateFunction(Module.java:163) at com.github.unidbg.linux.LinuxModule.callFunction(LinuxModule.java:262) at com.ks.ks2.callByAddress(ks2.java:79) at com.ks.ks2.main(ks2.java:175)
此时可能需要修改AndroidModule类中的onInitialize方法,将其中的throw new BackendException();给替换为return read(emulator, vm);
在64位模拟器中执行下面这个代码:
new AndroidModule(emulator, vm).register(memory);
调用VirtualModule补libandroid.so的时候,如果加密so用到AAsset_read这个函数,那么可能会遇到下面这种异常:
[11:20:39 109] WARN [com.github.unidbg.linux.ARM64SyscallHandler] (ARM64SyscallHandler:412) - handleInterrupt intno=2, NR=192, svcNumber=0x1f0, PC=unidbg@0xfffe1734[libandroid.so]0x734, LR=RX@0x40038c4c[libkwsgmain.so]0x38c4c, syscall=null com.github.unidbg.arm.backend.BackendException at com.github.unidbg.virtualmodule.android.AndroidModule$11.handle(AndroidModule.java:90) at com.github.unidbg.linux.ARM64SyscallHandler.hook(ARM64SyscallHandler.java:121) at com.github.unidbg.arm.backend.UnicornBackend$11.hook(UnicornBackend.java:345) at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128) at unicorn.Unicorn.emu_start(Native Method) at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:376) at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:378) at com.github.unidbg.thread.Function64.run(Function64.java:39) at com.github.unidbg.thread.MainTask.dispatch(MainTask.java:19) at com.github.unidbg.thread.UniThreadDispatcher.run(UniThreadDispatcher.java:175) at com.github.unidbg.thread.UniThreadDispatcher.runMainForResult(UniThreadDispatcher.java:99) at com.github.unidbg.AbstractEmulator.runMainForResult(AbstractEmulator.java:341) at com.github.unidbg.arm.AbstractARM64Emulator.eFunc(AbstractARM64Emulator.java:262) at com.github.unidbg.Module.emulateFunction(Module.java:163) at com.github.unidbg.linux.LinuxModule.callFunction(LinuxModule.java:262) at com.ks.ks2.callByAddress(ks2.java:79) at com.ks.ks2.main(ks2.java:175)
此时可能需要修改
AndroidModule
类中的onInitialize
方法,将其中的throw new BackendException();
给替换为return read(emulator, vm);
这里对于64位模拟器为什么要抛一个异常呀,有没有大佬可以解释一下呀?