Comments (4)
zhkl0228
commented on July 17, 2024
通过vaList获取到对应的ArrayObject跟StringObject,再调用new String(data, encoding)生成字符串,再返回StringObject
from unidbg.
chenliquan2
commented on July 17, 2024
通过vaList获取到对应的ArrayObject跟StringObject,再调用new String(data, encoding)生成字符串,再返回StringObject
有点抽象,是这样吗?小弟不才啊 /(ㄒoㄒ)/~~
@OverRide
public DvmObject newObjectV(BaseVM vm, DvmClass dvmClass, String signature, VaList vaList) {
System.out.println("newObjectV signature:" + signature);
if ("java/io/ByteArrayInputStream->([B)V".equals(signature)) {
ByteArray array = vaList.getObject(0);
return new DvmObject<>(vm.resolveClass("java/io/ByteArrayInputStream"), new ByteArrayInputStream(array.value));
} else if ("java/lang/String-><init>([BLjava/lang/String;)V".equals(signature)) {
//通过vaList获取到对应的ArrayObject跟StringObject,再调用new String(data, encoding)生成字符串,再返回StringObject
ByteArray data = vaList.getObject(0);
String str = new String(data.value, StandardCharsets.UTF_8);
return new StringObject(vm, str);
}
throw new AbstractMethodError(signature);
}
from unidbg.
chenliquan2
commented on July 17, 2024
通过vaList获取到对应的ArrayObject跟StringObject,再调用new String(data, encoding)生成字符串,再返回StringObject
或者这样对吗?
@OverRide
public DvmObject newObjectV(BaseVM vm, DvmClass dvmClass, String signature, VaList vaList) {
System.out.println("newObjectV signature:" + signature);
if ("java/io/ByteArrayInputStream->([B)V".equals(signature)) {
ByteArray array = vaList.getObject(0);
return new DvmObject<>(vm.resolveClass("java/io/ByteArrayInputStream"), new ByteArrayInputStream(array.value));
} else if ("java/lang/String-><init>([BLjava/lang/String;)V".equals(signature)) {
//通过vaList获取到对应的ArrayObject跟StringObject,再调用new String(data, encoding)生成字符串,再返回StringObject
ByteArray data = vaList.getObject(0);
String str = new String(data.value, StandardCharsets.UTF_8);
return new DvmObject<>(vm.resolveClass("java/lang/String"), new StringObject(vm, str));
}
throw new AbstractMethodError(signature);
}
好像后面这一种是可以返回有效地值得,但是不确定这样对不对 ...
from unidbg.
chenliquan2
commented on July 17, 2024
大神啊,万分感谢,我感觉后面一种方法应该就是对的,我直接拿生产的sign去重放是OK的。只是我有些强迫症,在看到诸如以下的错误打印时,很想搞清楚原因是什么,我可以有什么解决思路,希望大神有空再帮我指点迷津,再次表示感谢!逆向领域原子弹级别的发明!
错误信息如下:(虽然最后能输出正确的结果)
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.AndroidElfLoader resolveSymbols
信息: [libLLVM.so]symbol ElfSymbol[name=__modsi3, type=function, size=0] is missing relocationAddr=unicorn@0x413fed24[libLLVM.so]0x8fcd24, offset=0x0
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.AndroidElfLoader resolveSymbols
信息: [libLLVM.so]symbol ElfSymbol[name=__umoddi3, type=function, size=0] is missing relocationAddr=unicorn@0x413fed2c[libLLVM.so]0x8fcd2c, offset=0x0
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.AndroidElfLoader resolveSymbols
信息: [libLLVM.so]symbol ElfSymbol[name=__moddi3, type=function, size=0] is missing relocationAddr=unicorn@0x413fedd0[libLLVM.so]0x8fcdd0, offset=0x0
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.AndroidElfLoader resolveSymbols
信息: [libLLVM.so]symbol ElfSymbol[name=__clear_cache, type=function, size=0] is missing relocationAddr=unicorn@0x413feed8[libLLVM.so]0x8fced8, offset=0x0
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.AndroidElfLoader resolveSymbols
信息: [libbcc.so]symbol ElfSymbol[name=__clear_cache, type=function, size=0] is missing relocationAddr=unicorn@0x41427fec[libbcc.so]0x20fec, offset=0x0
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.ARMSyscallHandler openat
信息: openat dirfd=-100, pathname=/dev/smem_log, oflags=0x20002, mode=0
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.ARMSyscallHandler openat
信息: openat dirfd=-100, pathname=/system/etc/qmi_fw.conf, oflags=0x20000, mode=0
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.ARMSyscallHandler openat
信息: openat dirfd=-100, pathname=/proc/filesystems, oflags=0x20000, mode=0
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.ARMSyscallHandler hook
警告: handleInterrupt intno=2, NR=125, svcNumber=0x0, PC=unicorn@0x401cc284[libc.so]0x41284, syscall=null
unicorn.UnicornException: No memory available or memory not present (UC_ERR_NOMEM)
at unicorn.Unicorn.mem_protect(Native Method)
at cn.banny.unidbg.spi.AbstractLoader.mprotect(AbstractLoader.java:188)
at cn.banny.unidbg.linux.ARMSyscallHandler.mprotect(ARMSyscallHandler.java:1479)
at cn.banny.unidbg.linux.ARMSyscallHandler.hook(ARMSyscallHandler.java:215)
at unicorn.Unicorn.invokeInterruptCallbacks(Unicorn.java:123)
at unicorn.Unicorn.emu_start(Native Method)
at cn.banny.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:267)
at cn.banny.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:360)
at cn.banny.unidbg.arm.AbstractARMEmulator.eInit(AbstractARMEmulator.java:213)
at cn.banny.unidbg.linux.AbsoluteInitFunction.call(AbsoluteInitFunction.java:33)
at cn.banny.unidbg.linux.LinuxModule.callInitFunction(LinuxModule.java:46)
at cn.banny.unidbg.linux.AndroidElfLoader.loadInternal(AndroidElfLoader.java:171)
at cn.banny.unidbg.linux.AndroidElfLoader.loadInternal(AndroidElfLoader.java:30)
at cn.banny.unidbg.spi.AbstractLoader.load(AbstractLoader.java:211)
at cn.banny.unidbg.linux.android.dvm.BaseVM.loadLibrary(BaseVM.java:249)
at cn.passguard.PassGuardEncrypt.(PassGuardEncrypt.java:40)
at cn.passguard.PassGuardEncrypt.main(PassGuardEncrypt.java:54)
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.AbstractEmulator emulate
警告: emulate unicorn@0x401a168d[libc.so]0x1668d failed: sp=unicorn@0xbffff60c, offset=288ms
unicorn.UnicornException: No memory available or memory not present (UC_ERR_NOMEM)
at unicorn.Unicorn.mem_protect(Native Method)
at cn.banny.unidbg.spi.AbstractLoader.mprotect(AbstractLoader.java:188)
at cn.banny.unidbg.linux.ARMSyscallHandler.mprotect(ARMSyscallHandler.java:1479)
at cn.banny.unidbg.linux.ARMSyscallHandler.hook(ARMSyscallHandler.java:215)
at unicorn.Unicorn.invokeInterruptCallbacks(Unicorn.java:123)
at unicorn.Unicorn.emu_start(Native Method)
at cn.banny.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:267)
at cn.banny.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:360)
at cn.banny.unidbg.arm.AbstractARMEmulator.eInit(AbstractARMEmulator.java:213)
at cn.banny.unidbg.linux.AbsoluteInitFunction.call(AbsoluteInitFunction.java:33)
at cn.banny.unidbg.linux.LinuxModule.callInitFunction(LinuxModule.java:46)
at cn.banny.unidbg.linux.AndroidElfLoader.loadInternal(AndroidElfLoader.java:171)
at cn.banny.unidbg.linux.AndroidElfLoader.loadInternal(AndroidElfLoader.java:30)
at cn.banny.unidbg.spi.AbstractLoader.load(AbstractLoader.java:211)
at cn.banny.unidbg.linux.android.dvm.BaseVM.loadLibrary(BaseVM.java:249)
at cn.passguard.PassGuardEncrypt.(PassGuardEncrypt.java:40)
at cn.passguard.PassGuardEncrypt.main(PassGuardEncrypt.java:54)
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.LinuxModule callInitFunction
信息: [libLLVM.so]__modsi3 symbol is missing before init relocationAddr=unicorn@0x413fed24[libLLVM.so]0x8fcd24
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.LinuxModule callInitFunction
信息: [libLLVM.so]__umoddi3 symbol is missing before init relocationAddr=unicorn@0x413fed2c[libLLVM.so]0x8fcd2c
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.LinuxModule callInitFunction
信息: [libLLVM.so]__moddi3 symbol is missing before init relocationAddr=unicorn@0x413fedd0[libLLVM.so]0x8fcdd0
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.LinuxModule callInitFunction
信息: [libLLVM.so]__clear_cache symbol is missing before init relocationAddr=unicorn@0x413feed8[libLLVM.so]0x8fced8
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.LinuxModule callInitFunction
信息: [libbcc.so]__clear_cache symbol is missing before init relocationAddr=unicorn@0x41427fec[libbcc.so]0x20fec
九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.ARMSyscallHandler ptrace
信息: ptrace request=0x0, pid=0, addr=null, data=null
getKey:124268048476002231160546874792054445205859695541773682585510549341692856527133748338173673409724680644261254462092544451007823053290585560919751502040858723643650222704101093197109429006854655834856230931813529754840873403742860610007429079738487054902351423296508023834355690216104617853526135691550059952419&65537
SM2Encrypt value:BPWd+QBVzCUpiMZK7JrGk6/MltgABPmme+jQE4Aw2k8nYBDrJprTfc7/607B1NVYz+UWN4MVBy3f0iDqLaniL3/B8GlnA9HwMr6TOoQtcfgtnENGCEdlywVgVvGwTZj5jlUbFMb1qv8IGA==
destroy
from unidbg.
Related Issues (20)
- getIFaceFlags: tun0 这个应该怎么搞 HOT 1
- so 加壳了 unidbg 能跑起来吗
- 关于unidbg模拟执行mtguard.so之mt3.0问题
- unidbg 执行SO里面的一个方法空指针异常
- 执行错误 HOT 2
- Can I changed emulator info? HOT 1
- 这个环境怎么补啊,android/content/pm/Signature->toChars()[C
- nativeInitialize mmap failed[dynarmic.cpp->Java_com_github_unidbg_arm_backend_dynarmic_Dynarmic_nativeInitialize:583] size=0x8000000, errno=1455, msg=Unknown error terminate called after throwing an instance of 'Xbyak::Error' what(): can't alloc
- 开始模板启动就断点是什么情况啊?求大佬解答
- so 里面ftruncate方法时会报错
- 调用so的方法后怎么释放内存?我看这些都是GCRoot,调用次数多了直接内存吃满了
- ExceptionRaised[dynarmic.cpp->ExceptionRaised:231] HOT 3
- 执行报错:Read memory failed和 Invalid memory read (UC_ERR_READ_UNMAPPED) HOT 1
- Dynarmic link in README is gone
- 有没有大佬知道java/lang/String->toCharArray()[C该怎么补啊?求解
- BackendException on CallObjectMethodV
- 大佬们,看看 这种怎么补啊 "android/os/Parcel->setDataPosition(I)V"
- libopenjdk.so
- 需要api文档 HOT 1
- 最新版代码32位好像不支持Unicorn2Factory? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from unidbg.