Open weechatfly opened 4 years ago
作者,你好,我在调用一个so的函数的时出现以下错误,请教下如何解决: [10:55:10 266] DEBUG [cn.banny.unidbg.linux.ARMSyscallHandler] (ARMSyscallHandler:1493) - prctl addr=unicorn@0x40013000[libc++.so]0x1000, len=4096, pointer=unicorn@0x4028fec8[libcms.so]0x8fec8, name=czl-file [10:55:10 267] DEBUG [cn.banny.unidbg.linux.ARMSyscallHandler] (ARMSyscallHandler:1616) - mprotect address=0x40013000, alignedAddress=0x40013000, offset=0, length=4096, alignedLength=4096, prot=0x1 [10:55:10 268] DEBUG [cn.banny.unidbg.linux.ARMSyscallHandler] (ARMSyscallHandler:1790) - close fd=10 [10:55:10 270] DEBUG [cn.banny.unidbg.unix.UnixSyscallHandler] (UnixSyscallHandler:330) - fstat fd=0, stat=unicorn@0xbfffe5e0 [10:55:10 270] DEBUG [cn.banny.unidbg.unix.UnixSyscallHandler] (UnixSyscallHandler:339) - fstat file=cn.banny.unidbg.linux.file.Stdin@2ef5e5e3, stat=unicorn@0xbfffe5e0 [10:55:10 272] DEBUG [cn.banny.unidbg.linux.ARMSyscallHandler] (ARMSyscallHandler:1637) - mmap2 start=0x0, length=-1073741824, prot=0x3, flags=0x22, fd=-1, offset=0 [10:55:10 273] DEBUG [cn.banny.unidbg.spi.AbstractLoader] (AbstractLoader:117) - mmap2 addr=0x40006000, mmapBaseAddress=0x40292000, start=0, fd=-1, offset=0, aligned=-1073737728, LR=unicorn@0x400c57a3[libc.so]0x1e7a3 [10:55:10 274] WARN [cn.banny.unidbg.linux.ARMSyscallHandler] (ARMSyscallHandler:403) - handleInterrupt intno=2, NR=192, svcNumber=0x0, PC=unicorn@0x400e7bf8[libc.so]0x40bf8, syscall=null unicorn.UnicornException: Invalid argument (UC_ERR_ARG) at unicorn.Unicorn.mem_map(Native Method) at cn.banny.unidbg.spi.AbstractLoader.mmap2(AbstractLoader.java:118) at cn.banny.unidbg.linux.ARMSyscallHandler.mmap2(ARMSyscallHandler.java:1640) at cn.banny.unidbg.linux.ARMSyscallHandler.hook(ARMSyscallHandler.java:271) at unicorn.Unicorn.invokeInterruptCallbacks(Unicorn.java:123) at unicorn.Unicorn.emu_start(Native Method) at cn.banny.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:302) at cn.banny.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:400) at cn.banny.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:205) at cn.banny.unidbg.linux.LinuxModule.emulateFunction(LinuxModule.java:203) at cn.banny.unidbg.linux.android.dvm.DvmClass.callStaticJniMethod(DvmClass.java:209) at cn.banny.unidbg.android.dx.DxSoUtilTest.Xgor(DxSoUtilTest.java:1347) at cn.banny.unidbg.android.dx.DxSoUtilTest.main(DxSoUtilTest.java:1106) unicorn.UnicornException: Invalid argument (UC_ERR_ARG) at unicorn.Unicorn.mem_map(Native Method) at cn.banny.unidbg.spi.AbstractLoader.mmap2(AbstractLoader.java:118) at cn.banny.unidbg.linux.ARMSyscallHandler.mmap2(ARMSyscallHandler.java:1640) at cn.banny.unidbg.linux.ARMSyscallHandler.hook(ARMSyscallHandler.java:271) at unicorn.Unicorn.invokeInterruptCallbacks(Unicorn.java:123) at unicorn.Unicorn.emu_start(Native Method) at cn.banny.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:302) at cn.banny.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:400) at cn.banny.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:205) at cn.banny.unidbg.linux.LinuxModule.emulateFunction(LinuxModule.java:203) at cn.banny.unidbg.linux.android.dvm.DvmClass.callStaticJniMethod(DvmClass.java:209) at cn.banny.unidbg.android.dx.DxSoUtilTest.Xgor(DxSoUtilTest.java:1347) at cn.banny.unidbg.android.dx.DxSoUtilTest.main(DxSoUtilTest.java:1106) debugger break at: 0x400e7bf8 => [ libc.so][0x40bf8][ f0 00 bd e8 ]0x400e7bf8:*pop {r4, r5, r6, r7} [ libc.so] [0x40bfc] [ 01 0a 70 e3 ] 0x400e7bfc: cmn r0, #0x1000 [ libc.so] [0x40c00] [ 1e ff 2f 91 ] 0x400e7c00: bxls lr [ libc.so] [0x40c04] [ 00 00 60 e2 ] 0x400e7c04: rsb r0, r0, #0 [ libc.so] [0x40c08] [ 5d 86 00 ea ] 0x400e7c08: b #0x40109584 [ libc.so] [0x40c0c] [ 07 c0 a0 e1 ] 0x400e7c0c: mov ip, r7 [ libc.so] [0x40c10] [ eb 70 a0 e3 ] 0x400e7c10: mov r7, #0xeb [ libc.so] [0x40c14] [ 00 00 00 ef ] 0x400e7c14: svc #0 [ libc.so] [0x40c18] [ 0c 70 a0 e1 ] 0x400e7c18: mov r7, ip [ libc.so] [0x40c1c] [ 01 0a 70 e3 ] 0x400e7c1c: cmn r0, #0x1000
你好,请问问题解决了么?遇到了相同的问题
spacehehe1
commented
4 years ago spacehehe1
commented
4 years ago
作者,你好,我在调用一个so的函数的时出现以下错误,请教下如何解决: [10:55:10 266] DEBUG [cn.banny.unidbg.linux.ARMSyscallHandler] (ARMSyscallHandler:1493) - prctl addr=unicorn@0x40013000[libc++.so]0x1000, len=4096, pointer=unicorn@0x4028fec8[libcms.so]0x8fec8, name=czl-file [10:55:10 267] DEBUG [cn.banny.unidbg.linux.ARMSyscallHandler] (ARMSyscallHandler:1616) - mprotect address=0x40013000, alignedAddress=0x40013000, offset=0, length=4096, alignedLength=4096, prot=0x1 [10:55:10 268] DEBUG [cn.banny.unidbg.linux.ARMSyscallHandler] (ARMSyscallHandler:1790) - close fd=10 [10:55:10 270] DEBUG [cn.banny.unidbg.unix.UnixSyscallHandler] (UnixSyscallHandler:330) - fstat fd=0, stat=unicorn@0xbfffe5e0 [10:55:10 270] DEBUG [cn.banny.unidbg.unix.UnixSyscallHandler] (UnixSyscallHandler:339) - fstat file=cn.banny.unidbg.linux.file.Stdin@2ef5e5e3, stat=unicorn@0xbfffe5e0 [10:55:10 272] DEBUG [cn.banny.unidbg.linux.ARMSyscallHandler] (ARMSyscallHandler:1637) - mmap2 start=0x0, length=-1073741824, prot=0x3, flags=0x22, fd=-1, offset=0 [10:55:10 273] DEBUG [cn.banny.unidbg.spi.AbstractLoader] (AbstractLoader:117) - mmap2 addr=0x40006000, mmapBaseAddress=0x40292000, start=0, fd=-1, offset=0, aligned=-1073737728, LR=unicorn@0x400c57a3[libc.so]0x1e7a3 [10:55:10 274] WARN [cn.banny.unidbg.linux.ARMSyscallHandler] (ARMSyscallHandler:403) - handleInterrupt intno=2, NR=192, svcNumber=0x0, PC=unicorn@0x400e7bf8[libc.so]0x40bf8, syscall=null unicorn.UnicornException: Invalid argument (UC_ERR_ARG) at unicorn.Unicorn.mem_map(Native Method) at cn.banny.unidbg.spi.AbstractLoader.mmap2(AbstractLoader.java:118) at cn.banny.unidbg.linux.ARMSyscallHandler.mmap2(ARMSyscallHandler.java:1640) at cn.banny.unidbg.linux.ARMSyscallHandler.hook(ARMSyscallHandler.java:271) at unicorn.Unicorn.invokeInterruptCallbacks(Unicorn.java:123) at unicorn.Unicorn.emu_start(Native Method) at cn.banny.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:302) at cn.banny.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:400) at cn.banny.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:205) at cn.banny.unidbg.linux.LinuxModule.emulateFunction(LinuxModule.java:203) at cn.banny.unidbg.linux.android.dvm.DvmClass.callStaticJniMethod(DvmClass.java:209) at cn.banny.unidbg.android.dx.DxSoUtilTest.Xgor(DxSoUtilTest.java:1347) at cn.banny.unidbg.android.dx.DxSoUtilTest.main(DxSoUtilTest.java:1106) unicorn.UnicornException: Invalid argument (UC_ERR_ARG) at unicorn.Unicorn.mem_map(Native Method) at cn.banny.unidbg.spi.AbstractLoader.mmap2(AbstractLoader.java:118) at cn.banny.unidbg.linux.ARMSyscallHandler.mmap2(ARMSyscallHandler.java:1640) at cn.banny.unidbg.linux.ARMSyscallHandler.hook(ARMSyscallHandler.java:271) at unicorn.Unicorn.invokeInterruptCallbacks(Unicorn.java:123) at unicorn.Unicorn.emu_start(Native Method) at cn.banny.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:302) at cn.banny.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:400) at cn.banny.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:205) at cn.banny.unidbg.linux.LinuxModule.emulateFunction(LinuxModule.java:203) at cn.banny.unidbg.linux.android.dvm.DvmClass.callStaticJniMethod(DvmClass.java:209) at cn.banny.unidbg.android.dx.DxSoUtilTest.Xgor(DxSoUtilTest.java:1347) at cn.banny.unidbg.android.dx.DxSoUtilTest.main(DxSoUtilTest.java:1106) debugger break at: 0x400e7bf8 => [ libc.so][0x40bf8][ f0 00 bd e8 ]0x400e7bf8:*pop {r4, r5, r6, r7} [ libc.so] [0x40bfc] [ 01 0a 70 e3 ] 0x400e7bfc: cmn r0, #0x1000 [ libc.so] [0x40c00] [ 1e ff 2f 91 ] 0x400e7c00: bxls lr [ libc.so] [0x40c04] [ 00 00 60 e2 ] 0x400e7c04: rsb r0, r0, #0 [ libc.so] [0x40c08] [ 5d 86 00 ea ] 0x400e7c08: b #0x40109584 [ libc.so] [0x40c0c] [ 07 c0 a0 e1 ] 0x400e7c0c: mov ip, r7 [ libc.so] [0x40c10] [ eb 70 a0 e3 ] 0x400e7c10: mov r7, #0xeb [ libc.so] [0x40c14] [ 00 00 00 ef ] 0x400e7c14: svc #0 [ libc.so] [0x40c18] [ 0c 70 a0 e1 ] 0x400e7c18: mov r7, ip [ libc.so] [0x40c1c] [ 01 0a 70 e3 ] 0x400e7c1c: cmn r0, #0x1000