unidbg 调用

w1344246287

unidbg模拟执行so出现如下错误，求大佬讲解，如果处理

JNIEnv->GetMethodID(android/telephony/TelephonyManager.getDeviceIdLjava/lang/String;) => 0x4928fbf4 was called from RX@0x400233fd[libpdd_secure.so]0x233fd
[20:48:13 468] WARN [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:533) - handleInterrupt intno=2, NR=-1073753424, svcNumber=0x11f, PC=unidbg@0xfffe0284, LR=RX@0x40023445[libpdd_secure.so]0x23445, syscall=null
java.lang.IllegalStateException: i=1, char=j, args=Ljava/lang/String;
at com.github.unidbg.linux.android.dvm.DvmMethod.decodeArgsShorty(DvmMethod.java:301)
at com.github.unidbg.linux.android.dvm.VarArg.<init>(VarArg.java:15)
at com.github.unidbg.linux.android.dvm.VaList.<init>(VaList.java:6)
at com.github.unidbg.linux.android.dvm.VaList32.<init>(VaList32.java:15)
at com.github.unidbg.linux.android.dvm.DalvikVM$32.handle(DalvikVM.java:546)
at com.github.unidbg.linux.ARM32SyscallHandler.hook(ARM32SyscallHandler.java:132)
at com.github.unidbg.arm.backend.UnicornBackend$11.hook(UnicornBackend.java:345)
at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128)
at unicorn.Unicorn.emu_start(Native Method)
at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:376)
at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:380)
at com.github.unidbg.thread.Function32.run(Function32.java:39)
at com.github.unidbg.thread.MainTask.dispatch(MainTask.java:19)
at com.github.unidbg.thread.UniThreadDispatcher.run(UniThreadDispatcher.java:172)
at com.github.unidbg.thread.UniThreadDispatcher.runMainForResult(UniThreadDispatcher.java:96)
at com.github.unidbg.AbstractEmulator.runMainForResult(AbstractEmulator.java:340)
at com.github.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:229)
at com.github.unidbg.Module.emulateFunction(Module.java:163)
at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:135)
at com.github.unidbg.linux.android.dvm.DvmClass.callStaticJniMethodObject(DvmClass.java:316)
at com.einnovation.temu.NG2Token.ng2(NG2Token.java:59)
at com.einnovation.temu.NG2Token.main(NG2Token.java:177)

mengtao · 发表于 2023-1-7 15:11:24

你需要补环境；
case "android/telephony/TelephonyManager->getDeviceId()Ljava/lang/String;": {
return new StringObject(vm, "");
}

w1344246287 · 发表于 2023-1-7 16:24:54

mengtao 发表于 2023-1-7 15:11
你需要补环境；
case "android/telephony/TelephonyManager->getDeviceId()Ljava/lang/String;": {
...

感谢大佬

w1344246287 · 发表于 2023-1-7 16:30:06

mengtao 发表于 2023-1-7 15:11
你需要补环境；
case "android/telephony/TelephonyManager->getDeviceId()Ljava/lang/String;": {
...

再请教下大佬，这个环境怎么搞。看到应该要调用内部类的，但是却调用的外部

SystemServiceHooker: "phone"
JNIEnv->CallStaticObjectMethodV(class xmg/mobilebase/service_hook/SystemServiceHooker, getService("phone") => android.os.IBinder@5ccddd20) was called from RX@0x404228c1[libpdd_secure.so]0x238c1
JNIEnv->FindClass(com/android/internal/telephony/ITelephony$Stub) was called from RX@0x4041777b[libpdd_secure.so]0x1877b
JNIEnv->GetStaticMethodID(com/android/internal/telephony/ITelephony$Stub.asInterface(Landroid/os/IBinder;)Lcom/android/internal/telephony/ITelephony;) => 0xda722255 was called from RX@0x40417897[libpdd_secure.so]0x18897
JNIEnv->CallStaticObjectMethod(class com/android/internal/telephony/ITelephony$Stub, asInterface(android.os.IBinder@5ccddd20) => com.android.internal.telephony.ITelephony@1ed1993a) was called from RX@0x4041594d[libpdd_secure.so]0x1694d
JNIEnv->FindClass(java/lang/Object) was called from RX@0x40422645[libpdd_secure.so]0x23645
JNIEnv->GetMethodID(java/lang/Object.getClass()Ljava/lang/Class;) => 0xb529717c was called from RX@0x4042269d[libpdd_secure.so]0x2369d
[16:22:19 941] WARN [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:533) - handleInterrupt intno=2, NR=-1073753608, svcNumber=0x11f, PC=unidbg@0xfffe0284, LR=RX@0x404226e5[libpdd_secure.so]0x236e5, syscall=null
com.github.unidbg.arm.backend.BackendException: dvmObject=com.android.internal.telephony.ITelephony@1ed1993a, dvmClass=class com/android/internal/telephony/ITelephony, jmethodID=unidbg@0xb529717c
at com.github.unidbg.linux.android.dvm.DalvikVM$32.handle(DalvikVM.java:544)
at com.github.unidbg.linux.ARM32SyscallHandler.hook(ARM32SyscallHandler.java:132)
at com.github.unidbg.arm.backend.UnicornBackend$11.hook(UnicornBackend.java:345)
at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128)
at unicorn.Unicorn.emu_start(Native Method)
at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:376)
at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:380)
at com.github.unidbg.thread.Function32.run(Function32.java:39)
at com.github.unidbg.thread.MainTask.dispatch(MainTask.java:19)
at com.github.unidbg.thread.UniThreadDispatcher.run(UniThreadDispatcher.java:172)
at com.github.unidbg.thread.UniThreadDispatcher.runMainForResult(UniThreadDispatcher.java:96)
at com.github.unidbg.AbstractEmulator.runMainForResult(AbstractEmulator.java:340)
at com.github.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:229)
at com.github.unidbg.Module.emulateFunction(Module.java:163)
at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:135)
at com.github.unidbg.linux.android.dvm.DvmClass.callStaticJniMethodObject(DvmClass.java:316)
at com.einnovation.temu.NG2Token.ng2(NG2Token.java:63)
at com.einnovation.temu.NG2Token.main(NG2Token.java:281)

mengtao · 发表于 2023-1-9 14:33:33

w1344246287 发表于 2023-1-7 16:30
再请教下大佬，这个环境怎么搞。看到应该要调用内部类的，但是却调用的外部

SystemServiceHooker: "phon ...

多学学补环境吧看我主页加我私聊吧

unidbg 调用

w1344246287 LV2