unidbg 调用
unidbg模拟执行so出现如下错误,求大佬讲解,如果处理JNIEnv->GetMethodID(android/telephony/TelephonyManager.getDeviceIdLjava/lang/String;) => 0x4928fbf4 was called from RX@0x400233fd0x233fd
WARN (ARM32SyscallHandler:533) - handleInterrupt intno=2, NR=-1073753424, svcNumber=0x11f, PC=unidbg@0xfffe0284, LR=RX@0x400234450x23445, syscall=null
java.lang.IllegalStateException: i=1, char=j, args=Ljava/lang/String;
at com.github.unidbg.linux.android.dvm.DvmMethod.decodeArgsShorty(DvmMethod.java:301)
at com.github.unidbg.linux.android.dvm.VarArg.<init>(VarArg.java:15)
at com.github.unidbg.linux.android.dvm.VaList.<init>(VaList.java:6)
at com.github.unidbg.linux.android.dvm.VaList32.<init>(VaList32.java:15)
at com.github.unidbg.linux.android.dvm.DalvikVM$32.handle(DalvikVM.java:546)
at com.github.unidbg.linux.ARM32SyscallHandler.hook(ARM32SyscallHandler.java:132)
at com.github.unidbg.arm.backend.UnicornBackend$11.hook(UnicornBackend.java:345)
at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128)
at unicorn.Unicorn.emu_start(Native Method)
at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:376)
at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:380)
at com.github.unidbg.thread.Function32.run(Function32.java:39)
at com.github.unidbg.thread.MainTask.dispatch(MainTask.java:19)
at com.github.unidbg.thread.UniThreadDispatcher.run(UniThreadDispatcher.java:172)
at com.github.unidbg.thread.UniThreadDispatcher.runMainForResult(UniThreadDispatcher.java:96)
at com.github.unidbg.AbstractEmulator.runMainForResult(AbstractEmulator.java:340)
at com.github.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:229)
at com.github.unidbg.Module.emulateFunction(Module.java:163)
at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:135)
at com.github.unidbg.linux.android.dvm.DvmClass.callStaticJniMethodObject(DvmClass.java:316)
at com.einnovation.temu.NG2Token.ng2(NG2Token.java:59)
at com.einnovation.temu.NG2Token.main(NG2Token.java:177)
你需要补环境;
case "android/telephony/TelephonyManager->getDeviceId()Ljava/lang/String;": {
return new StringObject(vm, "");
} mengtao 发表于 2023-1-7 15:11
你需要补环境;
case "android/telephony/TelephonyManager->getDeviceId()Ljava/lang/String;": {
...
感谢大佬 mengtao 发表于 2023-1-7 15:11
你需要补环境;
case "android/telephony/TelephonyManager->getDeviceId()Ljava/lang/String;": {
...
再请教下大佬,这个环境怎么搞。看到应该要调用内部类的,但是却调用的外部
SystemServiceHooker: "phone"
JNIEnv->CallStaticObjectMethodV(class xmg/mobilebase/service_hook/SystemServiceHooker, getService("phone") => android.os.IBinder@5ccddd20) was called from RX@0x404228c10x238c1
JNIEnv->FindClass(com/android/internal/telephony/ITelephony$Stub) was called from RX@0x4041777b0x1877b
JNIEnv->GetStaticMethodID(com/android/internal/telephony/ITelephony$Stub.asInterface(Landroid/os/IBinder;)Lcom/android/internal/telephony/ITelephony;) => 0xda722255 was called from RX@0x404178970x18897
JNIEnv->CallStaticObjectMethod(class com/android/internal/telephony/ITelephony$Stub, asInterface(android.os.IBinder@5ccddd20) => com.android.internal.telephony.ITelephony@1ed1993a) was called from RX@0x4041594d0x1694d
JNIEnv->FindClass(java/lang/Object) was called from RX@0x404226450x23645
JNIEnv->GetMethodID(java/lang/Object.getClass()Ljava/lang/Class;) => 0xb529717c was called from RX@0x4042269d0x2369d
WARN (ARM32SyscallHandler:533) - handleInterrupt intno=2, NR=-1073753608, svcNumber=0x11f, PC=unidbg@0xfffe0284, LR=RX@0x404226e50x236e5, syscall=null
com.github.unidbg.arm.backend.BackendException: dvmObject=com.android.internal.telephony.ITelephony@1ed1993a, dvmClass=class com/android/internal/telephony/ITelephony, jmethodID=unidbg@0xb529717c
at com.github.unidbg.linux.android.dvm.DalvikVM$32.handle(DalvikVM.java:544)
at com.github.unidbg.linux.ARM32SyscallHandler.hook(ARM32SyscallHandler.java:132)
at com.github.unidbg.arm.backend.UnicornBackend$11.hook(UnicornBackend.java:345)
at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128)
at unicorn.Unicorn.emu_start(Native Method)
at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:376)
at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:380)
at com.github.unidbg.thread.Function32.run(Function32.java:39)
at com.github.unidbg.thread.MainTask.dispatch(MainTask.java:19)
at com.github.unidbg.thread.UniThreadDispatcher.run(UniThreadDispatcher.java:172)
at com.github.unidbg.thread.UniThreadDispatcher.runMainForResult(UniThreadDispatcher.java:96)
at com.github.unidbg.AbstractEmulator.runMainForResult(AbstractEmulator.java:340)
at com.github.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:229)
at com.github.unidbg.Module.emulateFunction(Module.java:163)
at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:135)
at com.github.unidbg.linux.android.dvm.DvmClass.callStaticJniMethodObject(DvmClass.java:316)
at com.einnovation.temu.NG2Token.ng2(NG2Token.java:63)
at com.einnovation.temu.NG2Token.main(NG2Token.java:281)
w1344246287 发表于 2023-1-7 16:30
再请教下大佬,这个环境怎么搞。看到应该要调用内部类的,但是却调用的外部
SystemServiceHooker: "phon ...
多学学补环境吧 看我主页加我私聊吧
页:
[1]