zhkl0228
commented
4 years ago 要测试代码才能检查
Closed Lv9S closed 4 years ago
zhkl0228
commented
4 years ago 要测试代码才能检查
Lv9S
commented
4 years ago package com.bangcle.andjni;
import cn.banny.unidbg.LibraryResolver; import cn.banny.unidbg.Module; import cn.banny.unidbg.arm.ARMEmulator; import cn.banny.unidbg.file.FileIO; import cn.banny.unidbg.file.IOResolver; import cn.banny.unidbg.linux.android.AndroidARMEmulator; import cn.banny.unidbg.linux.android.AndroidResolver; import cn.banny.unidbg.linux.android.dvm.*; import cn.banny.unidbg.linux.android.dvm.array.ArrayObject; import cn.banny.unidbg.linux.android.dvm.array.ByteArray; import cn.banny.unidbg.linux.android.dvm.array.ObjectArray; import cn.banny.unidbg.linux.file.ByteArrayFileIO; import cn.banny.unidbg.linux.file.SimpleFileIO; import cn.banny.unidbg.memory.Memory;
import java.io.File; import java.io.IOException; import java.util.ArrayList; import java.util.List; import java.util.Map; import java.util.concurrent.TimeUnit;
public class JniLib extends AbstractJni implements IOResolver {
private static final String APP_PACKAGE_NAME = "cn.missfresh.application";
private static LibraryResolver createLibraryResolver() {
return new AndroidResolver(23);
}
private static ARMEmulator createARMEmulator() {
return new AndroidARMEmulator(APP_PACKAGE_NAME);
}
private static String APK_PATH;
static {
APK_PATH = JniLib.class.getResource("/").getPath() + "/bin/app/missfresh9.8.11.apk";
}
//ARM模拟器
private final ARMEmulator emulator;
//vm
private final VM vm;
//载入的模块
private final Module module;
private final DvmClass clazz;
public JniLib() throws IOException {
File file = new File(APK_PATH);
if (!file.exists()){
APK_PATH = JniLib.class.getResource("/").getPath() + "/app/missfresh9.8.11.apk";
}
emulator = createARMEmulator();
emulator.getSyscallHandler().addIOResolver(this);
// System.out.println("== init ===");
final Memory memory = emulator.getMemory();
memory.setLibraryResolver(createLibraryResolver());
memory.setCallInitFunction();
vm = emulator.createDalvikVM(new File(APK_PATH));
DalvikModule dm = vm.loadLibrary("dexjni", false);
dm.callJNI_OnLoad(emulator);
module = dm.getModule();
clazz = vm.resolveClass("com.bangcle.andjni.JniLib".replace(".", "/"));
}
public static void main(String[] args) throws IOException {
JniLib jniLib = new JniLib();
InterceptorHelper helper = (InterceptorHelper) jniLib.cL(66);
Map<String, String> map = (Map<String, String>) jniLib.cL(helper,64);
for (Map.Entry<String,String> m : map.entrySet()){
System.out.println(m.getKey() + "\t" + m.getValue());
}
}
public Object cL(Object ... objArr) throws IOException {
vm.setJni(this);
Number ret = clazz.callStaticJniMethod(emulator, "cL([Ljava/lang/Object;)Ljava/lang/Object;",
vm.addLocalObject(new ObjectArray(objArr))
);
long hash = ret.intValue() & 0xffffffffL;
DvmObject obj = vm.getObject(hash);
vm.deleteLocalRefs();
Object helper = obj.getValue();
return helper;
}
@Override
public FileIO resolve(File workDir, String pathname, int oflags) {
if ("/proc/self/cmdline".equals(pathname)) {
return new ByteArrayFileIO(oflags, pathname, APP_PACKAGE_NAME.getBytes());
}
if (APK_PATH.equals(pathname)) {
return new SimpleFileIO(oflags, new File(APK_PATH), pathname);
}
return null;
}}
class InterceptorHelper{
public static final ArrayList
Lv9S
commented
4 years ago 感谢大佬回复。 apk是:每日优鲜 missfresh9.8.11.apk
zhkl0228
commented
4 years ago apk下载不到,你发我邮箱吧,zhkl0228@gmail.com
Lv9S
commented
4 years ago 发送失败了。我存到网盘了。 https://pan.baidu.com/s/1WkYG59MjQfIIYBo7jyE3Vg p3qb
zhkl0228
commented
4 years ago 已增加支持部分Call*MethodA,配合最新版代码
Lv9S
commented
4 years ago 好的,感谢
smali代码: .method public static varargs native cL([Ljava/lang/Object;)Ljava/lang/Object; .end method
调用代码: Number ret = clazz.callStaticJniMethod(emulator, "cL([Ljava/lang/Object;)Ljava/lang/Object;", vm.addLocalObject(new ObjectArray(objArr)));
报错: Exception in thread "main" java.lang.IllegalArgumentException: find method failed: cL([Ljava/lang/Object;)Ljava/lang/Object;