maiyao1988 / exandroidnativeemu Goto Github PK
View Code? Open in Web Editor NEWAn improved version of AndroidNativeEmu,Allow running android elf on PC
exandroidnativeemu's People
Contributors
Stargazers
Watchers
Forkers
kingking888 1683942030 learnre yuknight sanchahua dddddz gyyfifafans alvarofe pancts xam0482 wyhuan windseason666 ouyangfengfeng shuixi2013 nnn7h waterman178 yfw123 xwangkai litttley gtict112 dormzz supperspiderman onegithuber xingkong123600 linhere20 liuhe3647 omenglvrong llpp1984 frank13810055034 celestialwy zbx911 623687677 binge1993 nudtlio dsphper gbkhero 55zapletnev heyaug satnglove lin1man vxzhong sumerzhang asuralove zhuke945 loy2000 zhbing angrykobe sanqudui8ban furtif meilanzhuju json1109 q251995379 dxcyber409 cydianyu webappsecproj snyiu100 crackercat crewcutbro a627414850 126217832 mrdhy qingshuiyuyu xjoker daudcanugerah zjzdy ondreji bingdff fastjien alan717 luyu344 omasko pkm1118 dazhix luorui110120 wanliliu breathleas jdf159357 shark-lucas kingsun0 h1code2 qqizai ttttupup walwel cherry93 guroto biaolv dawn-breaking stevezhou6 zhangchichi gitbenxing cxapython ioshome2 1509788891 mgaic blueszeng andrewpedia mrright2019 ygage737 tinymagicka lleavesgexandroidnativeemu's Issues
C call strftime from localtime error
JAVA JNI:
mynative-lib.cpp
#include <jni.h>
#include <string>
#include <time.h>
extern "C" JNIEXPORT jstring JNICALL
Java_com_miui_calculator_MainActivity_stringFromJNI(
JNIEnv* env,
jobject /* this */) {
time_t rawtime;
struct tm *info;
char buffer[80];
time( &rawtime );
info = localtime( &rawtime );
strftime(buffer, 80, "%Y-%m-%d %H:%M:%S", info);
std::string hello = buffer;
return env->NewStringUTF(hello.c_str());
}
ExAndroidNativeEmu:
emulator = Emulator(
vfs_root=posixpath.join(posixpath.dirname(__file__), "vfs")
)
lib_module = emulator.load_library("libmynative-lib.so")
try:
res = emulator.call_symbol(lib_module, 'Java_com_miui_calculator_MainActivity_stringFromJNI', emulator.java_vm.jni_env.address_ptr, 0x00)
print("Response from JNI call: %s" % res)
except UcError as e:
print("Exit at %x" % emulator.mu.reg_read(UC_ARM_REG_PC))
raise
Call error:
2022-02-18 18:31:28,848 DEBUG root | 22868 syscall 6 lr=0xCBC12653
2022-02-18 18:31:28,848 DEBUG root | 22868 Executing syscall close(0x0000000C) at 0xCBC40854
Exit at cbc1644c
Traceback (most recent call last):
File "E:\Android\ExAndroidNativeEmu\mytest.py", line 59, in <module>
res = emulator.call_symbol(lib_module, 'Java_com_miui_calculator_MainActivity_stringFromJNI', emulator.java_vm.jni_env.address_ptr, 0x00)
File "E:\Android\ExAndroidNativeEmu\androidemu\emulator.py", line 259, in call_symbol
return self.call_native(symbol_addr, *argv)
File "E:\Android\ExAndroidNativeEmu\androidemu\emulator.py", line 265, in __call_native32
self.__sch.exec(addr)
File "E:\Android\ExAndroidNativeEmu\androidemu\scheduler.py", line 283, in exec
self.__emu.mu.emu_start(start_pos, self.__stop_pos, 0, 0)
File "D:\Python39\lib\site-packages\unicorn\unicorn.py", line 318, in emu_start
raise UcError(status)
unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)
ENV:
I used the libc.so form this project issues( because the project run all test happen : unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)):
https://github.com/AeonLucid/AndroidNativeEmu/blob/master/examples/example_binaries/32/libc.so
想请教下call_native的时候call addr is None是什么情况导致的
代码和so见附件。
crack.zip
实现完类之后
调用的时候发现native_wrapper.jvm_method.native_addr的值为None 所以导致emulator.call_native()的时候会直接异常退出 『call addr is None』
当我直接调用emulator.call_symbol的时候 有报错
『RuntimeError: Could not find method 3523215512 in object android/app/ContextImpl by id.』
也将so里面的symbol打印出来看过,是加载进去的。
load symbols tests/bin/libxxx_utils.so {'name': 'Java_xxx_xxx_xxx_xxx_XXXUtil_init', 'st_name': 184, 'st_value': 53361, 'st_size': 340, 'st_info': b'\x12', 'st_other': b'\x00', 'st_shndx': 12, 'st_info_bind': 1, 'st_info_type': 2}
load symbols tests/bin/libxxx_utils.so {'name': 'Java_xxx_xxx_xxx_xxx_XXXUtil_decryptResponse', 'st_name': 750, 'st_value': 54529, 'st_size': 416, 'st_info': b'\x12', 'st_other': b'\x00', 'st_shndx': 12, 'st_info_bind': 1, 'st_info_type': 2}
想问下这两种情况分别是为啥导致的,有啥解决方法嘛?
import logging
import posixpath
from androidemu.emulator import Emulator
from androidemu.java.classes.activity_thread import ActivityThread
from androidemu.java.java_class_def import JavaClassDef
from androidemu.java.java_method_def import java_method_def
class XXXUtil(metaclass=JavaClassDef, jvm_name='com/xxx/xxxx/xxx/XXXUtil'):
def __init__(self):
pass
@java_method_def(name='init', signature='(Landroid/content/Context;)Ljava/lang/String;', native=True)
def init(self, mu):
pass
@java_method_def(name='decryptResponse', signature='(Ljava/lang/String;)Ljava/lang/String;', native=True)
def decryptResponse(self, mu):
pass
logger = logging.getLogger(__name__)
emulator = Emulator(
vfp_inst_set=True,
vfs_root=posixpath.join(posixpath.dirname(__file__), "vfs")
)
emulator.java_classloader.add_class(FDLUtil)
lib_module = emulator.load_library("tests/bin/libxxx.so")
at = ActivityThread()
ctx = at.getSystemContext(emulator)
xxx = XXXUtil()
res = xxx.init(emulator, ctx)
print(res)
emulator.call_symbol(module, 'Java_com_xxx_xxx_xxx_XXXUtil_init', emulator.java_vm.jni_env.address_ptr, 0x00, ctx)有些地方,可以参考https://github.com/iGio90/uDdbg
值得学习。
file_helpers.py中stat_to_memory2方法有问题
第47行中uc.mem_write(buf_ptr + 12, int(stat.st_ino).to_bytes(4, byteorder='little'))
st_ino是64位的,无法转换成4字节的bytes
unicorn.unicorn.UcError: Invalid instruction (UC_ERR_INSN_INVALID)
7933 - 2020-04-10 01:18:20,813 - ERROR - => Undefined external symbol:
7933 - 2020-04-10 01:18:20,813 - ERROR - => Undefined external symbol: __cxa_finalize
7933 - 2020-04-10 01:18:20,813 - ERROR - => Undefined external symbol: __cxa_atexit
7933 - 2020-04-10 01:18:20,813 - ERROR - => Undefined external symbol: memcpy
Traceback (most recent call last):
File "example_wochacha.py", line 171, in <module>
result = x.enReq(emulator, arr, size)
File "/Users/Documents/workspace/programs/frida-work/ExAndroidNativeEmu/androidemu/java/java_method_def.py", line 41, in native_wrapper
*extra_args # Extra args.
File "/Users/Documents/workspace/programs/frida-work/ExAndroidNativeEmu/androidemu/emulator.py", line 181, in call_native
r = self.mu.emu_start(addr, stop_pos - 1)
File "/Users/.local/share/virtualenvs/frida-work-l1_vgqRW/lib/python3.7/site-packages/unicorn/unicorn.py", line 317, in emu_start
raise UcError(status)
unicorn.unicorn.UcError: Invalid instruction (UC_ERR_INSN_INVALID)
请教一下这个错误是什么原因?是由于上面的那几个ERROR造成的吗?找了些文章实在不知道哪里的问题。调了好久。来这里请教一下。感谢。
X-Gorgon Signature For Tiktok
I really appreciate for your great work towards open source community :)
can you please write one example for tiktok app (international version of douyin) also? to generate x-gorgon value?
thanks in advance <3
怎么实现signature
Traceback (most recent call last):
File "/Users/dunchen/PycharmProjects/ExAndroidNativeEmu/androidemu/hooker.py", line 100, in _hook
hook_func(self._emu)
File "/Users/dunchen/PycharmProjects/ExAndroidNativeEmu/androidemu/java/helpers/native_method.py", line 112, in native_method_wrapper
native_write_arg_register(emu, UC_ARM_REG_R0, result)
File "/Users/dunchen/PycharmProjects/ExAndroidNativeEmu/androidemu/java/helpers/native_method.py", line 83, in native_write_arg_register
emu.mu.reg_write(reg, native_translate_arg(emu, val))
File "/Users/dunchen/PycharmProjects/ExAndroidNativeEmu/androidemu/java/helpers/native_method.py", line 79, in native_translate_arg
raise NotImplementedError("Unable to write response '%s' type '%s' to emulator." % (str(val), type(val)))
NotImplementedError: Unable to write response '[<androidemu.java.classes.package_manager.Signature object at 0x111d4ef60>]' type '<class 'list'>' to emulator.
class Signature(metaclass=JavaClassDef,jvm_name='android/content/pm/Signature'):
def __init__(self):
pass
@java_method_def(name='hashCode', signature='()I', native=False)
def hashCode(self):
pass
class PackageInfo(metaclass=JavaClassDef, jvm_name='android/content/pm/PackageInfo',
jvm_fields=[
JavaFieldDef('applicationInfo', 'Landroid/content/pm/ApplicationInfo;', False),
JavaFieldDef('firstInstallTime', 'J', False),
JavaFieldDef('lastUpdateTime', 'J', False),
JavaFieldDef('signatures','[Landroid/content/pm/Signature;',False)
]):
def __init__(self, pyPkgName):
self.applicationInfo = ApplicationInfo(pyPkgName)
self.firstInstallTime = int(time.time())
self.lastUpdateTime = self.firstInstallTime
self.signature = Signature()
self.signatures = [self.signature]
Windows - Core engine package
Windows - Core engine package is difficult to download, can you help me? full thanks
ExAndroidNativeEmu跑libcms跑不起来
大佬, ExAndroidNativeEmu跑libcms下的leviathan方法, 跑不起来。有法子解决吗?
timezone issue for getimeofday syscall [tzdata]
Tried adding persist.sys.timezone to emulator.py and also placed tzdata file in data directory. program execution stop after gettimeofday time
2022-02-15 11:48:50,756 DEBUG root | 115 Executing syscall gettimeofday(0x00000000100DD4F8, 0x0000000000000000) at 0x00000000CC44FF3C
2022-02-15 11:48:51,467 DEBUG androidemu.native.symbol_hooks | Called __system_property_get(persist.sys.timezone, 0xcc4c6c50)
persist.sys.timezone was not found in system_properties dictionary.
2022-02-15 11:48:51,490 DEBUG root | 115 syscall 56 lr=0x00000000CC409464
2022-02-15 11:48:51,491 DEBUG root | 115 Executing syscall openat(0x00000000FFFFFF9C, 0x00000000300D3060, 0x0000000000000000, 0x0000000000000000) at 0x00000000CC44FF6C
2022-02-15 11:48:51,491 WARNING root | File does not exist '/data//misc/zoneinfo/current/tzdata'
2022-02-15 11:48:51,496 DEBUG root | 115 syscall 56 lr=0x00000000CC409464
2022-02-15 11:48:51,496 DEBUG root | 115 Executing syscall openat(0x00000000FFFFFF9C, 0x00000000300D3060, 0x0000000000000000, 0x0000000000000000) at 0x00000000CC44FF6C
2022-02-15 11:48:51,497 WARNING root | File does not exist '/system//usr/share/zoneinfo/tzdata'
2022-02-15 11:48:51,506 DEBUG root | 115 syscall 64 lr=0x00000000CC45AE9C
2022-02-15 11:48:51,506 DEBUG root | 115 Executing syscall write(0x0000000000000002, 0x00000000100DCBA8, 0x000000000000004B) at 0x00000000CC450F44
2022-02-15 11:48:51,507 WARNING root | stderr:[__bionic_open_tzdata: couldn't find any tzdata when looking for localtime!
]
.....
6c50)
persist.sys.timezone was not found in system_properties dictionary.
2022-02-15 11:48:51,572 DEBUG root | 115 syscall 169 lr=0x00000000CC404530
2022-02-15 11:48:51,572 DEBUG root | 115 Executing syscall gettimeofday(0x00000000100DD1C8, 0x0000000000000000) at 0x00000000CC44FF3C
2022-02-15 11:48:51,598 DEBUG root | 115 scheduling exit
2022-02-15 11:48:51,598 DEBUG root | main_thead tid [115] exit exec return
get_reference 错误
41414 - 2020-05-25 16:08:26,379 - DEBUG - JNIEnv->GetMethodId(250, deviceId, ()Ljava/lang/String;) was called
Traceback (most recent call last):
File "/Users/PycharmProjects/ExAndroidNativeEmu/androidemu/hooker.py", line 100, in _hook
hook_func(self._emu)
File "/Users/PycharmProjects/ExAndroidNativeEmu/androidemu/java/helpers/native_method.py", line 109, in native_method_wrapper
result = func(argv[0], mu, *native_args)
File "/Users/PycharmProjects/ExAndroidNativeEmu/androidemu/java/jni_env.py", line 676, in get_method_id
raise ValueError('Expected a jclass.')
ValueError: Expected a jclass.
StringBuffer 实现好像没加
如何加载libandroid.so
感谢大佬的项目,我现在遇到个问题,由于目标so需要调用AAssetManager_fromJava,我尝试让它加载libandroid.so,提示
"can not detect nsymbol by DT_HASH, DT_GNUHASH, not support now"
how to transfer local funtion?
hook to transfer local funtion
Failed To Load Library
$ pip install -r requirements.txt
Requirement already satisfied: unicorn==1.0.1 in /data/data/com.termux/files/usr/lib/python3.9/site-packages (from -r requirements.txt (line 1)) (1.0.1)
Requirement already satisfied: capstone==4.0.1 in /data/data/com.termux/files/usr/lib/python3.9/site-packages (from -r requirements.txt (line 2)) (4.0.1)
$ python example_jni.py
Traceback (most recent call last):
File "/data/data/com.termux/files/home/ExAndroidNativeEmu-master/example_jni.py", line 9, in
from androidemu.emulator import Emulator
File "/data/data/com.termux/files/home/ExAndroidNativeEmu-master/androidemu/emulator.py", line 19, in
from .hooker import Hooker
File "/data/data/com.termux/files/home/ExAndroidNativeEmu-master/androidemu/hooker.py", line 1, in
from .keystone_in import Ks, KS_ARCH_ARM, KS_MODE_THUMB
File "/data/data/com.termux/files/home/ExAndroidNativeEmu-master/androidemu/keystone_in/init.py", line 4, in
from .keystone import Ks, ks_version, ks_arch_supported, version_bind, debug, KsError, version
File "/data/data/com.termux/files/home/ExAndroidNativeEmu-master/androidemu/keystone_in/keystone.py", line 75, in
raise ImportError("ERROR: fail to load the dynamic library.")
ImportError: ERROR: fail to load the dynamic library.
$
All Example showing fail to load dynamic library.
强化debug_utils,下面的代码是我自己用的debug工具,可以参考下
import logging
import struct
from io import BytesIO
from unicorn import *
from unicorn.arm_const import *
# 控制call层
SPACE_NUM = 0
LAST_ADDR=0
def disasm_arm(mu, address, size):
import capstone as cp
local_arch = mu._arch
local_mode = mu._mode
capstone_arch = cp.CS_ARCH_ARM
capstone_mode = cp.CS_MODE_THUMB
# if local_arch == UC_ARCH_X86:
# capstone_arch = cp.CS_ARCH_X86
# if local_mode == UC_MODE_64:
# capstone_mode = cp.CS_MODE_64
md = cp.Cs(capstone_arch, capstone_mode) # 构造函数中初始化的Capstone对象 Cs(CS_ARCH_ARM, CS_MODE_ARM)
code = mu.mem_read(address, size)
r = ""
for ins in md.disasm(code, address):
# r = r + f"0x{ins.address:016x}:\t{ins.mnemonic}\t{ins.op_str}\n"
r = r + f" {code.hex():20}\t{ins.mnemonic}\t{ins.op_str}\n"
# return r[:-1]
global SPACE_NUM
try:
if any([
"{r4, r6, r7, lr}" in r,
"{r4, r5, r6, r7, lr}" in r
]):
SPACE_NUM = SPACE_NUM + 1
if any([
"bl" in r,
"bx" in r,
"beq" in r,
"blo" in r,
"bne" in r,
"cmp" in r,
"bgt" in r,
" b " in r,
]):
global LAST_ADDR
jflag = ""
# if LAST_ADDR - address < -8:
# jflag ="↓↓"
# if LAST_ADDR - address > 8:
# jflag = "↑↑"
return SPACE_NUM * ">" + f"0x{address:x} \033[1;31m{r[:-1]} {jflag}\033[0m" # 红色输出
if any([
"xmmword" in r,
]):
return SPACE_NUM * ">" + f"0x{address:x} \033[1;33m{r[:-1]} \033[0m" # 黄色输出
return SPACE_NUM * ">" + f"0x{address:x} " + r[:-1]
finally:
if any([
"{r4, r6, r7, pc}" in r,
"{r4, r5, r6, r7, pc}" in r,
"bx lr" in r,
]):
SPACE_NUM = SPACE_NUM - 1
if SPACE_NUM < 0:
SPACE_NUM = 0
import sys
import hexdump
logger = logging.getLogger(__name__)
REG_ARM = {arm_const.UC_ARM_REG_R0: "R0",
arm_const.UC_ARM_REG_R1: "R1",
arm_const.UC_ARM_REG_R2: "R2",
arm_const.UC_ARM_REG_R3: "R3",
arm_const.UC_ARM_REG_R4: "R4",
arm_const.UC_ARM_REG_R5: "R5",
arm_const.UC_ARM_REG_R6: "R6",
arm_const.UC_ARM_REG_R7: "R7",
arm_const.UC_ARM_REG_R8: "R8",
arm_const.UC_ARM_REG_R9: "R9",
arm_const.UC_ARM_REG_R10: "R10",
arm_const.UC_ARM_REG_R11: "R11",
arm_const.UC_ARM_REG_R12: "R12",
arm_const.UC_ARM_REG_R13: "R13",
arm_const.UC_ARM_REG_R14: "R14",
arm_const.UC_ARM_REG_R15: "R15",
arm_const.UC_ARM_REG_PC: "PC",
arm_const.UC_ARM_REG_SP: "SP",
arm_const.UC_ARM_REG_LR: "LR"
}
REG_TABLE = {UC_ARCH_ARM: REG_ARM}
def format_dump(data:bytes)->str:
PY3K = sys.version_info >= (3, 0)
generator = hexdump.genchunks(data, 16)
retstr = ''
for addr, d in enumerate(generator):
# 00000000:
line = ""
for byte in d:
# printable ASCII range 0x20 to 0x7E
if not PY3K:
byte = ord(byte)
if 0x20 <= byte <= 0x7E:
line += chr(byte)
else:
line += '.'
# retstr += f"{line:16}"+"\n"
retstr += f"{line:8}"
return retstr
def struct2str(s):
return BytesIO(s).read()
p8 = lambda x:struct.pack("<B", x)
u8 = lambda x:struct.unpack("<B", x)[0]
p16 = lambda x:struct.pack("<H", x)
u16 = lambda x:struct.unpack("<H", x)[0]
p32 = lambda x:struct.pack("<I", x)
u32 = lambda x:struct.unpack("<I", x)[0]
p64 = lambda x:struct.pack("<Q", x)
u64 = lambda x:struct.unpack("<Q", x)[0]
hex_ = lambda bs:''.join('{:02x} '.format(x) for x in bs)
def read_string(mu, address):
buf = []
while True:
c = mu.mem_read(address, 1)[0]
if c == 0: # strings end with a null terminator
break
if 0x20 <= c <= 0x7E:
buf.append(c)
address += 1
else:
return False,""
if len(buf)==0:
return False,""
return True,"".join(map(chr, buf))
def try_read_string(mu, address):
r,d= read_string(mu, address)
if r:
return d
d = mu.mem_read(address, 0x8)[::-1]
return format_dump(d)
def dump_regs(mu, info="[+] local reg:"):
result_format = ''
data_len=4
for rno, rname in REG_ARM.items():
value = mu.reg_read(rno)
d=""
try:
d=mu.mem_read(value,data_len)
except:
d=""
if len(d)>0:
# result_format += f"\n{rname:3} = 0x{value:16x} -> {d.hex()}"
result_format += f"\n{rname:3} = {value:8x} |{format_dump(p64(value))}|-> {d[::-1].hex()} <==> {try_read_string(mu,value)}"
else:
result_format += f"\n{rname:3} = {value:8x} |{format_dump(p64(value))}|"
return info + result_format+"\n"
def print_regs(mu, info="[+] local reg:"):
print(dump_regs(mu, info))
def print_sp_stack(mu,deep=0x50):
data_len = 4
rsp=mu.reg_read(UC_ARM_REG_SP)
r=""
for i in range(rsp-deep,rsp+deep,data_len):
b=mu.mem_read(i,data_len)[::-1]
if rsp<i:
r+=f"SP + {i-rsp:04x} <=> {i:08x} => {b.hex():8}\n"
elif rsp==i:
r += f"SP ->{i - rsp:04x} <=> {i:08x} => {b.hex():8}\n"
else:
r += f"SP - {rsp-i:04x} <=> {i:08x} => {b.hex():8}\n"
print(r)
def read_reg_value(mu, reg_name):
reg_no = REG_TABLE[reg_name]
return mu.reg_read(reg_no)
def print_reg_stack(mu,reg_name,deep=0x50):
data_len=4
reg_value=read_reg_value(mu,reg_name)
r=""
for i in range(reg_value-deep,reg_value+deep,data_len):
b=mu.mem_read(i,data_len)[::-1]
if i<reg_value:
r+=f"{reg_name} + {i-reg_value:04x} <=> {i:016x} => {b.hex():16}\n"
else:
r += f"{reg_name} - {i - reg_value:04x} <=> {i:016x} => {b.hex():16}\n"
print(r)
def get_module(address,modules):
for n in modules:
if n.base<= address<=n.base+n.size:
return n
def str2int(s):
if s.startswith('0x') or s.startswith("0X"):
return int(s[2:], 16)
return int(s)
def dump_mem(mu, addr, size=0x50):
data = mu.mem_read(addr, size)
print(data.hex())
hexdump.hexdump(data)
def dump_mem_hex(mu,addr,size):
data = mu.mem_read(addr, size)
print(data.hex())
def bytes_to_int(bytes):
import struct
num = struct.unpack("<L", bytes)[0]
return num
def int_to_bytes(int):
import struct
bytes = struct.pack("<L", int)
return bytes
def simple_debug(mu,address,debugflag=True):
if address in [] or debugflag:
debugflag = True
while True:
c = input(">")
if c == '':
break
if c == 's':
mu.emu_stop()
return
if c == 'r':
debugflag = False
break
if c[0] == '!':
print_regs(mu)
continue
if c[0] == "d":
if len(c) >= 3:
nsize = str2int(c[2])
else:
nsize = 4 * 16
dump_mem(mu,str2int(c[1]), nsize)
douyin example run failure
It seems that the JavaMethodDef's native_addr is always None, and this is confusing.
什么时候能支持arm64?
这个其实也很关键的。
unicorn.unicorn.UcError: Invalid memory write (UC_ERR_WRITE_UNMAPPED)
Traceback (most recent call last):
File "/Users/PycharmProjects/ExAndroidNativeEmu/example_grab.py", line 176, in
emulator.load_library("tests/bin/libc.so", do_init=False)
File "/Users/PycharmProjects/ExAndroidNativeEmu/androidemu/emulator.py", line 144, in load_library
libmod = self.modules.load_module(filename, True)
File "/Users/PycharmProjects/ExAndroidNativeEmu/androidemu/internal/modules.py", line 345, in load_module
module.call_init(self.emu)
File "/Users/PycharmProjects/ExAndroidNativeEmu/androidemu/internal/module.py", line 42, in call_init
emu.call_native(fun_ptr)
File "/Users/PycharmProjects/ExAndroidNativeEmu/androidemu/emulator.py", line 171, in call_native
r = self.mu.emu_start(addr, stop_pos - 1)
File "/Users/.conda/envs/wecash/lib/python3.6/site-packages/unicorn-1.0.2-py3.6.egg/unicorn/unicorn.py", line 317, in emu_start
unicorn.unicorn.UcError: Invalid memory write (UC_ERR_WRITE_UNMAPPED)
jbyteArray类型应该如何定义
原项目是直接有jbyteArray类型的,这里好像将其删除了,请问应该如何定义呢?
# Create java class.
class MainActivity(metaclass=JavaClassDef, jvm_name='com/crackme/bbbbutton/MainActivity'):
def __init__(self):
pass
@java_method_def(name='getBytes', signature='([B)[B', args_list=['jbyteArray'])
def getBytes(self, *args, **kwargs):
bArr = args[0].value
print(bArr, type(bArr))
bArr2 = bytearray(b'\0'*(len(bArr)//4))
i = 0
for i2 in range(len(bArr)//4):
i3 = i2 * 4
bArr2[i] = ((bArr[i3] << 6) + (bArr[i3 + 1] << 4) +
(bArr[i3 + 2] << 2) + bArr[i3 + 3]) & 0xff
i += 1
return bArr2
def test(self):
pass报错
Traceback (most recent call last):
File "E:\REVERSE\AndroidNativeEmu\androidemu\hooker.py", line 106, in _hook
hook_func(self._emu)
File "E:\REVERSE\AndroidNativeEmu\androidemu\java\helpers\native_method.py", line 123, in native_method_wrapper
result = func(argv[0], mu, *native_args)
File "E:\REVERSE\AndroidNativeEmu\androidemu\java\jni_env.py", line 1462, in call_static_object_method_v
return self.__call_static_xxx_method(mu, env, clazz_idx, method_id, args, 1)
File "E:\REVERSE\AndroidNativeEmu\androidemu\java\jni_env.py", line 1444, in __call_static_xxx_method
v = method.func(self._emu, *constructor_args)
File "E:\REVERSE\AndroidNativeEmu\androidemu\java\java_method_def.py", line 105, in normal_wrapper
result = func(*args, **kwargs)
File "E:\REVERSE\AndroidNativeEmu\emu.py", line 71, in getBytes
bArr = args[0].value
AttributeError: 'bytearray' object has no attribute 'value'
run example_douyin8.py AttributeError: 'os.stat_result' object has no attribute 'st_rdev'
D:\microsoft\python37\python.exe D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/example_douyin8.py
4152 - 2020-04-11 20:02:40,885 - INFO - process pid:4152
map addr:0x10000000, end:0x10100000, sz:0x00100000 off=0x00000000
stack addr 10100000
map addr:0x01000000, end:0x01200000, sz:0x00200000 off=0x00000000
4152 - 2020-04-11 20:02:41,643 - DEBUG - Loading module 'vfs/system/lib/libdvm.so'.
ok
map addr:0xCBBCB000, end:0xCBC71784, sz:0x000A6784 off=0x00000000
read for offset 0 sz 681860 data sz:681860
map addr:0xCBC72000, end:0xCBC72000, sz:0x00000000 off=0x00000000
map addr:0xCBC72000, end:0xCBC7A1C8, sz:0x000081C8 off=0x000A6000
read for offset 679936 sz 33224 data sz:33224
map addr:0xCBC7B000, end:0xCBC7D000, sz:0x00002000 off=0x00000000
4152 - 2020-04-11 20:02:41,655 - WARNING - libcorkscrew.so needed by vfs/system/lib/libdvm.so do not exist in vfs D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs
4152 - 2020-04-11 20:02:41,655 - DEBUG - Loading module 'D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libcutils.so'.
ok
map addr:0xCBC7D000, end:0xCBC85BA1, sz:0x00008BA1 off=0x00000000
read for offset 0 sz 35745 data sz:35745
map addr:0xCBC86000, end:0xCBC86000, sz:0x00000000 off=0x00000000
map addr:0xCBC86000, end:0xCBC8704C, sz:0x0000104C off=0x00008000
read for offset 32768 sz 4172 data sz:4172
map addr:0xCBC88000, end:0xCBC88000, sz:0x00000000 off=0x00000000
4152 - 2020-04-11 20:02:41,660 - DEBUG - Loading module 'D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/liblog.so'.
ok
map addr:0xCBC88000, end:0xCBC8AA4E, sz:0x00002A4E off=0x00000000
read for offset 0 sz 10830 data sz:10830
map addr:0xCBC8B000, end:0xCBC8B000, sz:0x00000000 off=0x00000000
map addr:0xCBC8B000, end:0xCBC8C018, sz:0x00001018 off=0x00002000
read for offset 8192 sz 4120 data sz:4120
map addr:0xCBC8D000, end:0xCBC8D000, sz:0x00000000 off=0x00000000
4152 - 2020-04-11 20:02:41,663 - DEBUG - Loading module 'D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libc.so'.
ok
map addr:0xCBC8D000, end:0xCBCD3EF0, sz:0x00046EF0 off=0x00000000
read for offset 0 sz 290544 data sz:290544
map addr:0xCBCD4000, end:0xCBCD4000, sz:0x00000000 off=0x00000000
map addr:0xCBCD5000, end:0xCBCD92E8, sz:0x000042E8 off=0x00047000
read for offset 290816 sz 17128 data sz:17128
map addr:0xCBCDA000, end:0xCBCE8000, sz:0x0000E000 off=0x00000000
4152 - 2020-04-11 20:02:41,718 - DEBUG - Loading module 'D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libdl.so'.
ok
map addr:0xCBCE8000, end:0xCBCE9BE0, sz:0x00001BE0 off=0x00000000
read for offset 0 sz 7136 data sz:7136
map addr:0xCBCEA000, end:0xCBCEA000, sz:0x00000000 off=0x00000000
map addr:0xCBCEA000, end:0xCBCEB004, sz:0x00001004 off=0x00001000
read for offset 4096 sz 4100 data sz:4100
map addr:0xCBCEC000, end:0xCBCEC000, sz:0x00000000 off=0x00000000
4152 - 2020-04-11 20:02:41,723 - ERROR - => Undefined external symbol:
4152 - 2020-04-11 20:02:41,723 - ERROR - => Undefined external symbol: __cxa_finalize
4152 - 2020-04-11 20:02:41,723 - ERROR - => Undefined external symbol: __cxa_atexit
4152 - 2020-04-11 20:02:41,723 - ERROR - => Undefined external symbol: memcpy
4152 - 2020-04-11 20:02:41,724 - INFO - finish load lib D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libdl.so base 0xCBCE8000
4152 - 2020-04-11 20:02:41,724 - ERROR - => Undefined external symbol:
Calling Init_array D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libc.so function: 0xCBC9B2F9
4152 - 2020-04-11 20:02:41,746 - INFO - syscall 5 lr=0xCBCBA761
4152 - 2020-04-11 20:02:41,747 - DEBUG - Executing syscall open(0xCBCD72E4, 0x000A8000, 0x00000000) at 0xCBCAD358
4152 - 2020-04-11 20:02:41,747 - WARNING - File does not exist '/dev/properties'
4152 - 2020-04-11 20:02:41,749 - INFO - syscall 240 lr=0xCBC9C020
4152 - 2020-04-11 20:02:41,749 - DEBUG - Executing syscall futex(0xCBCD9540, 0x00000081, 0x7FFFFFFF, 0x00000000, 0xCBCD9540, 0xCBC9AF05) at 0xCBCAE908
4152 - 2020-04-11 20:02:41,749 - INFO - futext call op=0x00000081 *uaddr=0x00000002 val=0x7FFFFFFF
Calling Init_array D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libc.so function: 0xCBC9FA51
Calling Init_array D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libc.so function: 0xCBC9FA65
Calling Init_array D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libc.so function: 0xCBCA0401
Calling Init_array D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libc.so function: 0xCBCA0539
Calling Init_array D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libc.so function: 0xCBCB220D
4152 - 2020-04-11 20:02:41,753 - INFO - syscall 263 lr=0xCBCB21B3
4152 - 2020-04-11 20:02:41,753 - DEBUG - Executing syscall clock_gettime(0x00000001, 0x100FFFE8) at 0xCBCADEA4
4152 - 2020-04-11 20:02:41,855 - INFO - finish load lib D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libc.so base 0xCBC8D000
4152 - 2020-04-11 20:02:41,855 - DEBUG - Loading module 'D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libstdc++.so'.
ok
map addr:0xCBCEC000, end:0xCBCECAB1, sz:0x00000AB1 off=0x00000000
read for offset 0 sz 2737 data sz:2737
map addr:0xCBCED000, end:0xCBCED000, sz:0x00000000 off=0x00000000
map addr:0xCBCED000, end:0xCBCEE004, sz:0x00001004 off=0x00000000
read for offset 0 sz 4100 data sz:4100
map addr:0xCBCEF000, end:0xCBCEF000, sz:0x00000000 off=0x00000000
4152 - 2020-04-11 20:02:41,859 - ERROR - => Undefined external symbol:
4152 - 2020-04-11 20:02:41,860 - INFO - finish load lib D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libstdc++.so base 0xCBCEC000
4152 - 2020-04-11 20:02:41,860 - DEBUG - Loading module 'D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libm.so'.
ok
map addr:0xCBCEF000, end:0xCBD06EE4, sz:0x00017EE4 off=0x00000000
read for offset 0 sz 98020 data sz:98020
map addr:0xCBD07000, end:0xCBD07000, sz:0x00000000 off=0x00000000
map addr:0xCBD07000, end:0xCBD0806C, sz:0x0000106C off=0x00017000
read for offset 94208 sz 4204 data sz:4204
map addr:0xCBD09000, end:0xCBD09000, sz:0x00000000 off=0x00000000
4152 - 2020-04-11 20:02:41,890 - ERROR - => Undefined external symbol:
4152 - 2020-04-11 20:02:41,891 - INFO - finish load lib D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libm.so base 0xCBCEF000
4152 - 2020-04-11 20:02:41,891 - ERROR - => Undefined external symbol:
4152 - 2020-04-11 20:02:41,892 - INFO - finish load lib D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/liblog.so base 0xCBC88000
4152 - 2020-04-11 20:02:41,893 - ERROR - => Undefined external symbol:
4152 - 2020-04-11 20:02:41,894 - INFO - finish load lib D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libcutils.so base 0xCBC7D000
4152 - 2020-04-11 20:02:41,894 - DEBUG - Loading module 'D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libnativehelper.so'.
ok
map addr:0xCBD09000, end:0xCBD0CAB0, sz:0x00003AB0 off=0x00000000
read for offset 0 sz 15024 data sz:15024
map addr:0xCBD0D000, end:0xCBD0D000, sz:0x00000000 off=0x00000000
map addr:0xCBD0D000, end:0xCBD0E004, sz:0x00001004 off=0x00003000
read for offset 12288 sz 4100 data sz:4100
map addr:0xCBD0F000, end:0xCBD0F000, sz:0x00000000 off=0x00000000
4152 - 2020-04-11 20:02:41,904 - DEBUG - Loading module 'D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libstlport.so'.
ok
map addr:0xCBD0F000, end:0xCBD403D0, sz:0x000313D0 off=0x00000000
read for offset 0 sz 201680 data sz:201680
map addr:0xCBD41000, end:0xCBD41000, sz:0x00000000 off=0x00000000
map addr:0xCBD41000, end:0xCBD43048, sz:0x00002048 off=0x00031000
read for offset 200704 sz 8264 data sz:8264
map addr:0xCBD44000, end:0xCBD44000, sz:0x00000000 off=0x00000000
4152 - 2020-04-11 20:02:41,992 - ERROR - => Undefined external symbol:
Calling Init_array D:/PyhonProject/venv/Projects/fridahook/ExAndroidNativeEmu/vfs/system/lib/libstlport.so function: 0xCBD384E1
4152 - 2020-04-11 20:02:42,030 - INFO - syscall 78 lr=0xCBCB21FD
4152 - 2020-04-11 20:02:42,030 - DEBUG - Executing syscall gettimeofday(0x100FFF48, 0x00000000) at 0xCBCADE24
4152 - 2020-04-11 20:02:42,032 - INFO - syscall 45 lr=0xCBCA021D
4152 - 2020-04-11 20:02:42,032 - DEBUG - Executing syscall brk(0x00000000) at 0xCBCAD0A0
4152 - 2020-04-11 20:02:42,032 - INFO - syscall 45 lr=0xCBCA022D
4152 - 2020-04-11 20:02:42,032 - DEBUG - Executing syscall brk(0xFFFFFFFF) at 0xCBCAD0A0
4152 - 2020-04-11 20:02:42,033 - INFO - syscall 192 lr=0xCBC9FC83
4152 - 2020-04-11 20:02:42,033 - DEBUG - Executing syscall mmap2(0x00000000, 0x00001000, 0x00000003, 0x00000022, 0xFFFFFFFF, 0x00000000) at 0xCBCAD42C
map addr:0x00000000, end:0x00001000, sz:0x00001000 off=0x00000000
before mem_map addr:0x30000000, sz:0x00002000
mmap return 0x30000000
4152 - 2020-04-11 20:02:42,034 - INFO - syscall 220 lr=0xCBC9FC9F
4152 - 2020-04-11 20:02:42,034 - DEBUG - Executing syscall madvise(0x30000000, 0x00001000, 0x0000000C) at 0xCBCAD4CC
4152 - 2020-04-11 20:02:42,035 - INFO - syscall 172 lr=0xCBCBA6F7
4152 - 2020-04-11 20:02:42,035 - DEBUG - Executing syscall prctl(0x53564D41, 0x00000000, 0x30000000, 0x00001000, 0xCBCCCC52) at 0xCBCAD228
4152 - 2020-04-11 20:02:42,037 - INFO - syscall 192 lr=0xCBC9FC83
4152 - 2020-04-11 20:02:42,037 - DEBUG - Executing syscall mmap2(0x00000000, 0x00001000, 0x00000003, 0x00000022, 0xFFFFFFFF, 0x00000000) at 0xCBCAD42C
map addr:0x00000000, end:0x00001000, sz:0x00001000 off=0x00000000
before mem_map addr:0x30002000, sz:0x00002000
mmap return 0x30002000
4152 - 2020-04-11 20:02:42,039 - INFO - syscall 220 lr=0xCBC9FC9F
4152 - 2020-04-11 20:02:42,039 - DEBUG - Executing syscall madvise(0x30002000, 0x00001000, 0x0000000C) at 0xCBCAD4CC
4152 - 2020-04-11 20:02:42,039 - INFO - syscall 125 lr=0xCBCB5747
4152 - 2020-04-11 20:02:42,039 - DEBUG - Executing syscall mprotect(0x30002000, 0x00001000, 0x00000001) at 0xCBCAD4AC
4152 - 2020-04-11 20:02:42,044 - INFO - syscall 192 lr=0xCBC9FC83
4152 - 2020-04-11 20:02:42,045 - DEBUG - Executing syscall mmap2(0x00000000, 0x00002000, 0x00000003, 0x00000022, 0xFFFFFFFF, 0x00000000) at 0xCBCAD42C
map addr:0x00000000, end:0x00002000, sz:0x00002000 off=0x00000000
before mem_map addr:0x30004000, sz:0x00003000
mmap return 0x30004000
4152 - 2020-04-11 20:02:42,046 - INFO - syscall 220 lr=0xCBC9FC9F
4152 - 2020-04-11 20:02:42,046 - DEBUG - Executing syscall madvise(0x30004000, 0x00002000, 0x0000000C) at 0xCBCAD4CC
4152 - 2020-04-11 20:02:42,046 - INFO - syscall 172 lr=0xCBCBA6F7
4152 - 2020-04-11 20:02:42,046 - DEBUG - Executing syscall prctl(0x53564D41, 0x00000000, 0x30004000, 0x00002000, 0xCBCCCC52) at 0xCBCAD228
4152 - 2020-04-11 20:02:42,095 - INFO - syscall 192 lr=0xCBC9FC83
4152 - 2020-04-11 20:02:42,095 - DEBUG - Executing syscall mmap2(0x00000000, 0x00001000, 0x00000003, 0x00000022, 0xFFFFFFFF, 0x00000000) at 0xCBCAD42C
map addr:0x00000000, end:0x00001000, sz:0x00001000 off=0x00000000
before mem_map addr:0x30007000, sz:0x00002000
mmap return 0x30007000
4152 - 2020-04-11 20:02:42,096 - INFO - syscall 220 lr=0xCBC9FC9F
4152 - 2020-04-11 20:02:42,097 - DEBUG - Executing syscall madvise(0x30007000, 0x00001000, 0x0000000C) at 0xCBCAD4CC
4152 - 2020-04-11 20:02:42,097 - INFO - syscall 172 lr=0xCBCBA6F7
4152 - 2020-04-11 20:02:42,097 - DEBUG - Executing syscall prctl(0x53564D41, 0x00000000, 0x30007000, 0x00001000, 0xCBCCCC52) at 0xCBCAD228
4152 - 2020-04-11 20:02:42,112 - INFO - syscall 125 lr=0xCBCB56E7
4152 - 2020-04-11 20:02:42,112 - DEBUG - Executing syscall mprotect(0x30002000, 0x00001000, 0x00000003) at 0xCBCAD4AC
4152 - 2020-04-11 20:02:42,113 - INFO - syscall 125 lr=0xCBCB5747
4152 - 2020-04-11 20:02:42,113 - DEBUG - Executing syscall mprotect(0x30002000, 0x00001000, 0x00000001) at 0xCBCAD4AC
4152 - 2020-04-11 20:02:42,114 - INFO - syscall 125 lr=0xCBCB56E7
4152 - 2020-04-11 20:02:42,114 - DEBUG - Executing syscall mprotect(0x30002000, 0x00001000, 0x00000003) at 0xCBCAD4AC
4152 - 2020-04-11 20:02:42,115 - INFO - syscall 125 lr=0xCBCB5747
4152 - 2020-04-11 20:02:42,115 - DEBUG - Executing syscall mprotect(0x30002000, 0x00001000, 0x00000001) at 0xCBCAD4AC
4152 - 2020-04-11 20:02:42,119 - INFO - syscall 125 lr=0xCBCB56E7
4152 - 2020-04-11 20:02:42,119 - DEBUG - Executing syscall mprotect(0x30002000, 0x00001000, 0x00000003) at 0xCBCAD4AC
4152 - 2020-04-11 20:02:42,120 - INFO - syscall 125 lr=0xCBCB5747
4152 - 2020-04-11 20:02:42,121 - DEBUG - Executing syscall mprotect(0x30002000, 0x00001000, 0x00000001) at 0xCBCAD4AC
4152 - 2020-04-11 20:02:42,134 - INFO - syscall 221 lr=0xCBCB8C03
4152 - 2020-04-11 20:02:42,135 - DEBUG - Executing syscall fcntl64(0x00000000, 0x00000003, 0x00000008, 0x100FFF70, 0x30000B08, 0x00000000) at 0xCBCAD7D8
4152 - 2020-04-11 20:02:42,136 - INFO - syscall 197 lr=0xCBD26765
4152 - 2020-04-11 20:02:42,136 - DEBUG - Executing syscall fstat64(0x00000000, 0x100FFF08) at 0xCBCADAC8
4152 - 2020-04-11 20:02:42,136 - ERROR - An error occured during in c5 syscall hander, stopping emulation
Traceback (most recent call last):
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\cpu\syscall_handlers.py", line 43, in _handle_syscall
result = handler.callback(mu, *args)
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\vfs\file_system.py", line 262, in _handle_fstat64
file_helpers.stat_to_memory2(mu, buf_ptr, stats, uid)
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\vfs\file_helpers.py", line 76, in stat_to_memory2
uc.mem_write(buf_ptr + 32, int(stat.st_rdev).to_bytes(8, byteorder='little'))
AttributeError: 'os.stat_result' object has no attribute 'st_rdev'
4152 - 2020-04-11 20:02:42,156 - ERROR - exception in _hook_interrupt intno:[2]
Traceback (most recent call last):
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\cpu\interrupt_handler.py", line 24, in _hook_interrupt
self._handlersintno
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\cpu\syscall_handlers.py", line 43, in _handle_syscall
result = handler.callback(mu, *args)
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\vfs\file_system.py", line 262, in _handle_fstat64
file_helpers.stat_to_memory2(mu, buf_ptr, stats, uid)
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\vfs\file_helpers.py", line 76, in stat_to_memory2
uc.mem_write(buf_ptr + 32, int(stat.st_rdev).to_bytes(8, byteorder='little'))
AttributeError: 'os.stat_result' object has no attribute 'st_rdev'
Need help to call JNIEnv function
how to call JNIEnv call with function name Java_com_example_ab_MainActivity_NativeFunction(JNIEnv *env, jobject obj, jbyteArray data)
加载类问题
某些app在特定类中需要增加函数,例如需要在Activity类里增加一个函数,然而ExAndroidNativeEmu貌似只使用程序定义的Activity类,导致RuntimeError,我尝试在自己的代码中自定义Activity类,然后 add_class 加载,运行后提示: The class 'android/app/Activity' is already registered. 屏蔽 add_class 语句则返回相同的提示: RuntimeError: Could not find method ('getPackageManager', '()Landroid/content/pm/PackageManager;') in class android/app/Activity. 可能不止这个Activity类,Application类等也会出现这个情况,目前没有找到能解决这个情况的文档,希望作者大大能帮忙解答一下:(
WARNING:root:File does not exist
When I write the code I have, I get the following error
on macbook i put it in '/proc/cpuinfo' folder but it can't see it
where is the right place?
emulator = Emulator(
vfs_root=posixpath.join(posixpath.dirname(file), "vfs")
)
Error message is
WARNING:root:File does not exist '/proc/cpuinfo'
WARNING:root:File does not exist '/proc/self/auxv'
example_*.py都跑不起来,报错unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)
Can you add fprintf?
Can you add fprintf?
想跑vx一个接口跑不起来
大佬,我用你这个项目想跑vx libwechatnormsg里的SignRqtBufByAutoChosenKey函数,但是应该是在load_library的时候就出错了.
emulator.load_library("tests/bin/libwechatnormsg.so")
期间出过几个systemcall调用未实现的错误,我参考现在的写法实现了一下,可能实现的不对,后面抛出的异常不知道怎么处理,太菜了,大佬能帮忙提供一下思路吗?
diff和so:归档.zip
错误信息:
12676 - 2020-04-10 11:37:45,979 - INFO - syscall 220 lr=0xCBD02C9F
12676 - 2020-04-10 11:37:45,979 - DEBUG - Executing syscall madvise(0x302C3000, 0x0000001C, 0x0000000C) at 0xCBD104CC
12676 - 2020-04-10 11:37:45,979 - INFO - syscall 126 lr=0xCBD01F1D
12676 - 2020-04-10 11:37:45,980 - DEBUG - Executing syscall sigaltstack(0x00000002, 0x100F0DDC) at 0xCBD110F0
12676 - 2020-04-10 11:37:45,980 - INFO - syscall 67 lr=0xCBD01F43
12676 - 2020-04-10 11:37:45,980 - DEBUG - Executing syscall sigaction(0x00000006, 0x100F0DE0, 0x100F0DE0) at 0xCBD110D0
12676 - 2020-04-10 11:37:45,980 - WARNING - sa_handler [0x00000000] sa_mask [0x00000000] sa_flag [0x10000000] sa_restorer [0x100F0E14]
12676 - 2020-04-10 11:37:45,980 - INFO - syscall 126 lr=0xCBD01F4D
12676 - 2020-04-10 11:37:45,980 - DEBUG - Executing syscall sigaltstack(0x00000002, 0x100F0DDC) at 0xCBD110F0
12676 - 2020-04-10 11:37:45,981 - INFO - syscall 248 lr=0xCBD01F59
12676 - 2020-04-10 11:37:45,981 - DEBUG - Executing syscall faccessat(0x00000001, 0x00000000, 0x00000001, 0x00000000) at 0xCBD0FD68
12676 - 2020-04-10 11:37:45,981 - INFO - faccessat filename:[]
12676 - 2020-04-10 11:37:45,982 - INFO - syscall 5 lr=0xCBD1D761
12676 - 2020-04-10 11:37:45,982 - DEBUG - Executing syscall open(0xCBD2FD4A, 0x000A0001, 0x00000000) at 0xCBD10358
12676 - 2020-04-10 11:37:45,982 - INFO - File opened '/dev/log/main'
12676 - 2020-04-10 11:37:45,982 - INFO - openat return fd 15
12676 - 2020-04-10 11:37:45,982 - INFO - syscall 146 lr=0xCBD02441
12676 - 2020-04-10 11:37:45,983 - DEBUG - Executing syscall writev(0x0000000F, 0x100F0958, 0x00000003) at 0xCBD105CC
12676 - 2020-04-10 11:37:45,983 - INFO - Writev b'\x07'
12676 - 2020-04-10 11:37:45,983 - INFO - Writev b'libc\x00'
12676 - 2020-04-10 11:37:45,988 - INFO - Writev b':0: assertion "" failed\x00'
12676 - 2020-04-10 11:37:45,988 - INFO - syscall 6 lr=0xCBD02457
12676 - 2020-04-10 11:37:45,988 - DEBUG - Executing syscall close(0x0000000F) at 0xCBD1039C
12676 - 2020-04-10 11:37:45,988 - INFO - syscall 192 lr=0xCBD02C83
12676 - 2020-04-10 11:37:45,989 - DEBUG - Executing syscall mmap2(0x00000000, 0x0000001C, 0x00000003, 0x00000022, 0xFFFFFFFF, 0x00000000) at 0xCBD1042C
map addr:0x00000000, end:0x0000001C, sz:0x0000001C off=0x00000000
before mem_map addr:0x302C4000, sz:0x00001000
mmap return 0x302C4000
12676 - 2020-04-10 11:37:46,136 - INFO - syscall 220 lr=0xCBD02C9F
12676 - 2020-04-10 11:37:46,136 - DEBUG - Executing syscall madvise(0x302C4000, 0x0000001C, 0x0000000C) at 0xCBD104CC
12676 - 2020-04-10 11:37:46,136 - INFO - syscall 126 lr=0xCBD01F1D
12676 - 2020-04-10 11:37:46,136 - DEBUG - Executing syscall sigaltstack(0x00000002, 0x100F0D84) at 0xCBD110F0
12676 - 2020-04-10 11:37:46,137 - INFO - syscall 67 lr=0xCBD01F43
12676 - 2020-04-10 11:37:46,137 - DEBUG - Executing syscall sigaction(0x00000006, 0x100F0D88, 0x100F0D88) at 0xCBD110D0
12676 - 2020-04-10 11:37:46,137 - WARNING - sa_handler [0x00000000] sa_mask [0x00000000] sa_flag [0x10000000] sa_restorer [0x100F0DBC]
12676 - 2020-04-10 11:37:46,138 - INFO - syscall 126 lr=0xCBD01F4D
12676 - 2020-04-10 11:37:46,138 - DEBUG - Executing syscall sigaltstack(0x00000002, 0x100F0D84) at 0xCBD110F0
12676 - 2020-04-10 11:37:46,139 - INFO - syscall 248 lr=0xCBD01F59
12676 - 2020-04-10 11:37:46,139 - DEBUG - Executing syscall faccessat(0x00000001, 0x00000000, 0x00000001, 0x00000000) at 0xCBD0FD68
12676 - 2020-04-10 11:37:46,139 - INFO - faccessat filename:[]
12676 - 2020-04-10 11:37:46,140 - INFO - syscall 5 lr=0xCBD1D761
12676 - 2020-04-10 11:37:46,140 - DEBUG - Executing syscall open(0xCBD2FD4A, 0x000A0001, 0x00000000) at 0xCBD10358
12676 - 2020-04-10 11:37:46,141 - INFO - File opened '/dev/log/main'
12676 - 2020-04-10 11:37:46,141 - INFO - openat return fd 15
12676 - 2020-04-10 11:37:46,141 - INFO - syscall 146 lr=0xCBD02441
12676 - 2020-04-10 11:37:46,141 - DEBUG - Executing syscall writev(0x0000000F, 0x100F0900, 0x00000003) at 0xCBD105CC
12676 - 2020-04-10 11:37:46,141 - INFO - Writev b'\x07'
12676 - 2020-04-10 11:37:46,141 - INFO - Writev b'libc\x00'
12676 - 2020-04-10 11:37:46,141 - INFO - Writev b':0: assertion "" failed\x00'
12676 - 2020-04-10 11:37:46,142 - INFO - syscall 6 lr=0xCBD02457
12676 - 2020-04-10 11:37:46,142 - DEBUG - Executing syscall close(0x0000000F) at 0xCBD1039C
12676 - 2020-04-10 11:37:46,142 - INFO - syscall 192 lr=0xCBD02C83
12676 - 2020-04-10 11:37:46,142 - DEBUG - Executing syscall mmap2(0x00000000, 0x0000001C, 0x00000003, 0x00000022, 0xFFFFFFFF, 0x00000000) at 0xCBD1042C
map addr:0x00000000, end:0x0000001C, sz:0x0000001C off=0x00000000
before mem_map addr:0x302C5000, sz:0x00001000
mmap return 0x302C5000
12676 - 2020-04-10 11:37:46,284 - INFO - syscall 220 lr=0xCBD02C9F
12676 - 2020-04-10 11:37:46,284 - DEBUG - Executing syscall madvise(0x302C5000, 0x0000001C, 0x0000000C) at 0xCBD104CC
12676 - 2020-04-10 11:37:46,284 - INFO - syscall 126 lr=0xCBD01F1D
12676 - 2020-04-10 11:37:46,285 - DEBUG - Executing syscall sigaltstack(0x00000002, 0x100F0D2C) at 0xCBD110F0
12676 - 2020-04-10 11:37:46,285 - INFO - syscall 67 lr=0xCBD01F43
12676 - 2020-04-10 11:37:46,285 - DEBUG - Executing syscall sigaction(0x00000006, 0x100F0D30, 0x100F0D30) at 0xCBD110D0
12676 - 2020-04-10 11:37:46,285 - WARNING - sa_handler [0x00000000] sa_mask [0x00000000] sa_flag [0x10000000] sa_restorer [0x100F0D64]
12676 - 2020-04-10 11:37:46,285 - INFO - syscall 126 lr=0xCBD01F4D
12676 - 2020-04-10 11:37:46,285 - DEBUG - Executing syscall sigaltstack(0x00000002, 0x100F0D2C) at 0xCBD110F0
12676 - 2020-04-10 11:37:46,286 - INFO - syscall 248 lr=0xCBD01F59
12676 - 2020-04-10 11:37:46,286 - DEBUG - Executing syscall faccessat(0x00000001, 0x00000000, 0x00000001, 0x00000000) at 0xCBD0FD68
12676 - 2020-04-10 11:37:46,286 - INFO - faccessat filename:[]
12676 - 2020-04-10 11:37:46,287 - INFO - syscall 5 lr=0xCBD1D761
12676 - 2020-04-10 11:37:46,287 - DEBUG - Executing syscall open(0xCBD2FD4A, 0x000A0001, 0x00000000) at 0xCBD10358
12676 - 2020-04-10 11:37:46,287 - INFO - File opened '/dev/log/main'
12676 - 2020-04-10 11:37:46,287 - INFO - openat return fd 15
12676 - 2020-04-10 11:37:46,292 - INFO - syscall 146 lr=0xCBD02441
12676 - 2020-04-10 11:37:46,293 - DEBUG - Executing syscall writev(0x0000000F, 0x100F08A8, 0x00000003) at 0xCBD105CC
12676 - 2020-04-10 11:37:46,293 - INFO - Writev b'\x07'
12676 - 2020-04-10 11:37:46,293 - INFO - Writev b'libc\x00'
12676 - 2020-04-10 11:37:46,293 - INFO - Writev b':0: assertion "" failed\x00'
12676 - 2020-04-10 11:37:46,294 - INFO - syscall 6 lr=0xCBD02457
12676 - 2020-04-10 11:37:46,294 - DEBUG - Executing syscall close(0x0000000F) at 0xCBD1039C
12676 - 2020-04-10 11:37:46,296 - INFO - syscall 192 lr=0xCBD02C83
12676 - 2020-04-10 11:37:46,296 - DEBUG - Executing syscall mmap2(0x00000000, 0x0000001C, 0x00000003, 0x00000022, 0xFFFFFFFF, 0x00000000) at 0xCBD1042C
map addr:0x00000000, end:0x0000001C, sz:0x0000001C off=0x00000000
before mem_map addr:0x302C6000, sz:0x00001000
mmap return 0x302C6000
12676 - 2020-04-10 11:37:46,440 - INFO - syscall 220 lr=0xCBD02C9F
12676 - 2020-04-10 11:37:46,440 - DEBUG - Executing syscall madvise(0x302C6000, 0x0000001C, 0x0000000C) at 0xCBD104CC
12676 - 2020-04-10 11:37:46,440 - INFO - syscall 126 lr=0xCBD01F1D
12676 - 2020-04-10 11:37:46,440 - DEBUG - Executing syscall sigaltstack(0x00000002, 0x100F0CD4) at 0xCBD110F0
12676 - 2020-04-10 11:37:46,441 - INFO - syscall 67 lr=0xCBD01F43
12676 - 2020-04-10 11:37:46,441 - DEBUG - Executing syscall sigaction(0x00000006, 0x100F0CD8, 0x100F0CD8) at 0xCBD110D0
12676 - 2020-04-10 11:37:46,441 - WARNING - sa_handler [0x00000000] sa_mask [0x00000000] sa_flag [0x10000000] sa_restorer [0x100F0D0C]
12676 - 2020-04-10 11:37:46,441 - INFO - syscall 126 lr=0xCBD01F4D
12676 - 2020-04-10 11:37:46,441 - DEBUG - Executing syscall sigaltstack(0x00000002, 0x100F0CD4) at 0xCBD110F0
12676 - 2020-04-10 11:37:46,441 - INFO - syscall 248 lr=0xCBD01F59
12676 - 2020-04-10 11:37:46,441 - DEBUG - Executing syscall faccessat(0x00000001, 0x00000000, 0x00000001, 0x00000000) at 0xCBD0FD68
12676 - 2020-04-10 11:37:46,441 - INFO - faccessat filename:[]
12676 - 2020-04-10 11:37:46,443 - INFO - syscall 5 lr=0xCBD1D761
12676 - 2020-04-10 11:37:46,443 - DEBUG - Executing syscall open(0xCBD2FD4A, 0x000A0001, 0x00000000) at 0xCBD10358
12676 - 2020-04-10 11:37:46,443 - INFO - File opened '/dev/log/main'
12676 - 2020-04-10 11:37:46,443 - INFO - openat return fd 15
12676 - 2020-04-10 11:37:46,444 - INFO - syscall 146 lr=0xCBD02441
12676 - 2020-04-10 11:37:46,444 - DEBUG - Executing syscall writev(0x0000000F, 0x100F0850, 0x00000003) at 0xCBD105CC
12676 - 2020-04-10 11:37:46,451 - INFO - Writev b'\x07'
12676 - 2020-04-10 11:37:46,451 - INFO - Writev b'libc\x00'
12676 - 2020-04-10 11:37:46,451 - INFO - Writev b':0: assertion "" failed\x00'
12676 - 2020-04-10 11:37:46,451 - INFO - syscall 6 lr=0xCBD02457
12676 - 2020-04-10 11:37:46,452 - DEBUG - Executing syscall close(0x0000000F) at 0xCBD1039C
12676 - 2020-04-10 11:37:46,452 - INFO - syscall 192 lr=0xCBD02C83
12676 - 2020-04-10 11:37:46,452 - DEBUG - Executing syscall mmap2(0x00000000, 0x0000001C, 0x00000003, 0x00000022, 0xFFFFFFFF, 0x00000000) at 0xCBD1042C
map addr:0x00000000, end:0x0000001C, sz:0x0000001C off=0x00000000
before mem_map addr:0x302C7000, sz:0x00001000
Assertion failed: (map->sections_nb < TARGET_PAGE_SIZE), function phys_section_add_arm, file /private/var/folders/84/y7q_xm292c99pxpf1mtjgjhw0000gn/T/pip-install-0h9tk2r5/unicorn/src/qemu/exec.c, line 798.
Abort trap: 6
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xcb in position 0
6023 - 2020-06-09 18:07:23,112 - ERROR - An error occured during in 147 syscall hander, stopping emulation
Traceback (most recent call last):
File "/Users/raju/raju/soft/ExAndroidNativeEmu/androidemu/cpu/syscall_handlers.py", line 43, in _handle_syscall
result = handler.callback(mu, *args)
File "/Users/raju/raju/soft/ExAndroidNativeEmu/androidemu/vfs/file_system.py", line 521, in _handle_fstatat64
pathname = memory_helpers.read_utf8(mu, pathname_ptr)
File "/Users/raju/raju/soft/ExAndroidNativeEmu/androidemu/utils/memory_helpers.py", line 26, in read_utf8
return buffer[:null_pos].decode("utf-8")
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xcb in position 0: unexpected end of data
6023 - 2020-06-09 18:07:23,113 - ERROR - exception in _hook_interrupt intno:[2]
Traceback (most recent call last):
File "/Users/raju/raju/soft/ExAndroidNativeEmu/androidemu/cpu/interrupt_handler.py", line 24, in _hook_interrupt
self._handlersintno
File "/Users/raju/raju/soft/ExAndroidNativeEmu/androidemu/cpu/syscall_handlers.py", line 43, in _handle_syscall
result = handler.callback(mu, *args)
File "/Users/raju/raju/soft/ExAndroidNativeEmu/androidemu/vfs/file_system.py", line 521, in _handle_fstatat64
pathname = memory_helpers.read_utf8(mu, pathname_ptr)
File "/Users/raju/raju/soft/ExAndroidNativeEmu/androidemu/utils/memory_helpers.py", line 26, in read_utf8
return buffer[:null_pos].decode("utf-8")
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xcb in position 0: unexpected end of data
T@kT@k apk--> https://www21.zippyshare.com/v/rw7SMEGq/file.html
libcms .so --> https://www21.zippyshare.com/v/zNiqBaxx/file.html
尝试跑起so的时候出现了如下错误
贴出错误信息如下:
hook_id:65314, hook_func:<bound method native_method..native_method_wrapper of <androidemu.java.jni_env.JNIEnv object at 0x0000019B77784408>>
2020-03-19 09:50:21,236 DEBUG androidemu.java.jni_env | JNIEnv->GetMethodId(4097, getBytes, (Ljava/lang/String;)[B) was called
Traceback (most recent call last):
File "D:\python_project\ExAndroidNativeEmu\androidemu\hooker.py", line 100, in _hook
hook_func(self._emu)
File "D:\python_project\ExAndroidNativeEmu\androidemu\java\helpers\native_method.py", line 113, in native_method_wrapper
result = func(argv[0], mu, *native_args)
File "D:\python_project\ExAndroidNativeEmu\androidemu\java\jni_env.py", line 671, in get_method_id
method = clazz.value.find_method(name, sig)
AttributeError: type object 'str' has no attribute 'find_method'
run example_douyin8.py raise erro
2020-03-22 21:38:05,261 INFO androidemu.vfs.file_system | Reading 1 bytes from '/proc/self/cmdline'
2020-03-22 21:38:05,262 INFO androidemu.cpu.syscall_handlers | syscall 6 lr=0xCBBE19FD
2020-03-22 21:38:05,262 DEBUG androidemu.cpu.syscall_handlers | Executing syscall close(0x00000004) at 0xCBBD4EA0
2020-03-22 21:38:05,263 INFO androidemu.vfs.file_system | File closed '/proc/self/cmdline'
2020-03-22 21:38:05,567 INFO androidemu.cpu.syscall_handlers | syscall 359 lr=0xCBBE4A81
2020-03-22 21:38:05,568 DEBUG androidemu.cpu.syscall_handlers | Executing syscall pipe2(0x100FE2D0, 0x00000000) at 0xCBBD4EA0
2020-03-22 21:38:05,568 ERROR androidemu.cpu.syscall_handlers | An error occured during in 167 syscall hander, stopping emulation
Traceback (most recent call last):
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\cpu\syscall_handlers.py", line 43, in _handle_syscall
result = handler.callback(mu, *args)
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\cpu\syscall_hooks.py", line 353, in __pipe2
raise NotImplementedError()
NotImplementedError
2020-03-22 21:38:05,624 ERROR androidemu.cpu.interrupt_handler | exception in _hook_interrupt intno:[2]
Traceback (most recent call last):
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\cpu\interrupt_handler.py", line 24, in _hook_interrupt
self._handlersintno
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\cpu\syscall_handlers.py", line 43, in _handle_syscall
result = handler.callback(mu, *args)
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\cpu\syscall_hooks.py", line 353, in __pipe2
raise NotImplementedError()
NotImplementedError
run the example_bb.py ....
map addr:0xCBD6A000, end:0xCBDBC580, sz:0x00052580 off=0x00000000 read for offset 0 sz 337280 data sz:337280 map addr:0xCBDBD000, end:0xCBDBD000, sz:0x00000000 off=0x00000000 map addr:0xCBDBE000, end:0xCBDC3614, sz:0x00005614 off=0x00053000 read for offset 339968 sz 22036 data sz:22036 map addr:0xCBDC4000, end:0xCBDD8000, sz:0x00014000 off=0x00000000 8472 - 2020-06-14 20:44:56,142 - ERROR - => Undefined external symbol: Calling Init_array tests/bin/libSecShell.so function: 0xCBD76FD9 8472 - 2020-06-14 20:44:56,155 - INFO - syscall 20 lr=0xCBD7705B 8472 - 2020-06-14 20:44:56,155 - DEBUG - Executing syscall getpid() at 0xCBCAD404 8472 - 2020-06-14 20:44:56,161 - INFO - syscall 5 lr=0xCBCBA761 8472 - 2020-06-14 20:44:56,161 - DEBUG - Executing syscall open(0x100FFDDC, 0x00020000, 0x00000000) at 0xCBCAD358 8472 - 2020-06-14 20:44:56,178 - INFO - openat return fd 15 8472 - 2020-06-14 20:44:56,179 - INFO - syscall 197 lr=0xCBCA1CB3 8472 - 2020-06-14 20:44:56,179 - DEBUG - Executing syscall fstat64(0x0000000F, 0x100FF960) at 0xCBCADAC8 8472 - 2020-06-14 20:44:56,180 - ERROR - An error occured during in c5 syscall hander, stopping emulation Traceback (most recent call last): File "D:\PyhonProject\venv\GitHub_Projects\AndroidNativeSimulator\ExAndroidNativeEmu\androidemu\cpu\syscall_handlers.py", line 43, in _handle_syscall result = handler.callback(mu, *args) File "D:\PyhonProject\venv\GitHub_Projects\AndroidNativeSimulator\ExAndroidNativeEmu\androidemu\vfs\file_system.py", line 414, in _handle_fstat64 file_helpers.stat_to_memory2(mu, buf_ptr, stats, uid) File "D:\PyhonProject\venv\GitHub_Projects\AndroidNativeSimulator\ExAndroidNativeEmu\androidemu\vfs\file_helpers.py", line 46, in stat_to_memory2 uc.mem_write(buf_ptr + 12, int(stat.st_ino).to_bytes(4, byteorder='little')) OverflowError: int too big to convert 8472 - 2020-06-14 20:44:56,181 - ERROR - exception in _hook_interrupt intno:[2] Traceback (most recent call last): File "D:\PyhonProject\venv\GitHub_Projects\AndroidNativeSimulator\ExAndroidNativeEmu\androidemu\cpu\interrupt_handler.py", line 24, in _hook_interrupt self._handlers[intno](uc) File "D:\PyhonProject\venv\GitHub_Projects\AndroidNativeSimulator\ExAndroidNativeEmu\androidemu\cpu\syscall_handlers.py", line 43, in _handle_syscall result = handler.callback(mu, *args) File "D:\PyhonProject\venv\GitHub_Projects\AndroidNativeSimulator\ExAndroidNativeEmu\androidemu\vfs\file_system.py", line 414, in _handle_fstat64 file_helpers.stat_to_memory2(mu, buf_ptr, stats, uid) File "D:\PyhonProject\venv\GitHub_Projects\AndroidNativeSimulator\ExAndroidNativeEmu\androidemu\vfs\file_helpers.py", line 46, in stat_to_memory2 uc.mem_write(buf_ptr + 12, int(stat.st_ino).to_bytes(4, byteorder='little')) OverflowError: int too big to convert
can not detect nsymbol by DT_HASH, DT_GNUHASH, not support now
seems your elf reader has some problem.
这个现在还不支持吗?同样的so, 原生AndroidNativeEmu就可以加载
尝试跑so文件后,出现如下错误
ERROR:root:Unable to find symbol 'JNI_OnLoad' in module 'tests/bin/libprotect.so'.
GetStringUTFChars 会导致 Invalid memory read
自己代码写错了
Invalid memory read (UC_ERR_READ_UNMAPPED)
since the last update, the emulator gives the same error in running modules
hooks.py中dladdr的实现似乎有问题
hooks.py中第101行
memory_helpers.write_uints(uc, addr, [dli_fname, mod.base, 0, 0])
写入地址应当是info,应改为
memory_helpers.write_uints(uc, info, [dli_fname, mod.base, 0, 0])
run example_douyin8.py raise err
2020-03-22 21:38:05,261 INFO androidemu.vfs.file_system | Reading 1 bytes from '/proc/self/cmdline'
2020-03-22 21:38:05,262 INFO androidemu.cpu.syscall_handlers | syscall 6 lr=0xCBBE19FD
2020-03-22 21:38:05,262 DEBUG androidemu.cpu.syscall_handlers | Executing syscall close(0x00000004) at 0xCBBD4EA0
2020-03-22 21:38:05,263 INFO androidemu.vfs.file_system | File closed '/proc/self/cmdline'
2020-03-22 21:38:05,567 INFO androidemu.cpu.syscall_handlers | syscall 359 lr=0xCBBE4A81
2020-03-22 21:38:05,568 DEBUG androidemu.cpu.syscall_handlers | Executing syscall pipe2(0x100FE2D0, 0x00000000) at 0xCBBD4EA0
2020-03-22 21:38:05,568 ERROR androidemu.cpu.syscall_handlers | An error occured during in 167 syscall hander, stopping emulation
Traceback (most recent call last):
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\cpu\syscall_handlers.py", line 43, in _handle_syscall
result = handler.callback(mu, *args)
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\cpu\syscall_hooks.py", line 353, in __pipe2
raise NotImplementedError()
NotImplementedError
2020-03-22 21:38:05,624 ERROR androidemu.cpu.interrupt_handler | exception in _hook_interrupt intno:[2]
Traceback (most recent call last):
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\cpu\interrupt_handler.py", line 24, in _hook_interrupt
self._handlersintno
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\cpu\syscall_handlers.py", line 43, in _handle_syscall
result = handler.callback(mu, *args)
File "D:\PyhonProject\venv\Projects\fridahook\ExAndroidNativeEmu\androidemu\cpu\syscall_hooks.py", line 353, in __pipe2
raise NotImplementedError()
NotImplementedError
callback catch the exception but can't exit
Thanks for your good work, i found that the exception wound be caught when the hook_func error in hooker.py .However the emulator restart and repeat the error always but can not exit.
# Call hook.
try:
hook_func(self._emu)
except Exception as e:
# Make sure we catch exceptions inside hooks and stop emulation.
mu.emu_stop()
traceback.print_exc()
logging.exception("catch error on _hook")
sys.exit(-1)2022-02-08 22:25:38,500 DEBUG androidemu.java.jni_env | JNIEnv->GetObjectClass(<androidemu.java.classes.package_manager.PackageInfo object at 0x0000017FFF996460>) was called
2022-02-08 22:25:38,859 DEBUG androidemu.java.jni_env | JNIEnv->GetFieldId(9, signatures, [Landroid/content/pm/Signature;) was called
2022-02-08 22:25:39,267 DEBUG androidemu.java.jni_env | JNIEnv->GetXXXField(android/content/pm/PackageInfo, signatures <[Landroid/content/pm/Signature;>) was called
Traceback (most recent call last):
File "e:\pythoncode\ExAndroidEmu\androidemu\hooker.py", line 106, in _hook
hook_func(self._emu)
File "e:\pythoncode\ExAndroidEmu\androidemu\java\helpers\native_method.py", line 123, in native_method_wrapper
result = func(argv[0], mu, *native_args)
File "e:\pythoncode\ExAndroidEmu\androidemu\java\jni_env.py", line 1238, in get_object_field
return self.__get_xxx_field(mu, env, obj_idx, field_id)
File "e:\pythoncode\ExAndroidEmu\androidemu\java\jni_env.py", line 1227, in __get_xxx_field
v = getattr(pyobj, field.name)
AttributeError: 'PackageInfo' object has no attribute 'signatures'
2022-02-08 22:25:39,867 ERROR root | catch error on _hook
Traceback (most recent call last):
File "e:\pythoncode\ExAndroidEmu\androidemu\hooker.py", line 106, in _hook
hook_func(self._emu)
File "e:\pythoncode\ExAndroidEmu\androidemu\java\helpers\native_method.py", line 123, in native_method_wrapper
result = func(argv[0], mu, *native_args)
File "e:\pythoncode\ExAndroidEmu\androidemu\java\jni_env.py", line 1238, in get_object_field
return self.__get_xxx_field(mu, env, obj_idx, field_id)
File "e:\pythoncode\ExAndroidEmu\androidemu\java\jni_env.py", line 1227, in __get_xxx_field
v = getattr(pyobj, field.name)
AttributeError: 'PackageInfo' object has no attribute 'signatures'
Exception ignored on calling ctypes callback function: <bound method Uc._hookcode_cb of <unicorn.unicorn.Uc object at 0x0000017FFE042F40>>
Traceback (most recent call last):
File "E:\Anaconda3\lib\site-packages\unicorn\unicorn.py", line 438, in _hookcode_cb
cb(self, address, size, data)
File "e:\pythoncode\ExAndroidEmu\androidemu\hooker.py", line 112, in _hook
sys.exit(-1)
SystemExit: -1
2022-02-08 22:25:39,872 DEBUG root | 21020 scheduling paused
2022-02-08 22:25:39,872 DEBUG root | 21020 scheduling enter
2022-02-08 22:25:41,135 DEBUG androidemu.java.jni_env | JNIEnv->GetXXXField(android/content/pm/PackageInfo, signatures <[Landroid/content/pm/Signature;>) was called
Traceback (most recent call last):
File "e:\pythoncode\ExAndroidEmu\androidemu\hooker.py", line 106, in _hook
hook_func(self._emu)
File "e:\pythoncode\ExAndroidEmu\androidemu\java\helpers\native_method.py", line 123, in native_method_wrapper
result = func(argv[0], mu, *native_args)
File "e:\pythoncode\ExAndroidEmu\androidemu\java\jni_env.py", line 1238, in get_object_field
return self.__get_xxx_field(mu, env, obj_idx, field_id)
File "e:\pythoncode\ExAndroidEmu\androidemu\java\jni_env.py", line 1227, in __get_xxx_field
v = getattr(pyobj, field.name)
AttributeError: 'PackageInfo' object has no attribute 'signatures'just like this , the program trapped in a dead end just because i didn't populate the sign_hex field of the config file.Some error like this made me trapped in a dead end , such as getPackageInfo with PackageManager.GET_SIGNATURES is called but no 'sign_hex' set in config!!! when i didn't set the sign_hex field also made the error report repeat again and again. Maybe the problem is task schedule section in the scheduler.py.
{
"__pkg_name":"com.netease.cloudmusic",
"pkg_name":"com.ss.android.ugc.aweme",
"pid": 4386,
"uid": 10023,
"android_id": "39cc04a2ae83db0b",
"ip":"192.168.31.52",
"mac":[204, 250, 166, 0, 138, 169],
"sign_hex":""
}Thanks again.
大神,请教下,ArrayObject类型的怎么用python定义会好点?
这种类型的。
里面的参数是:
10401,new ArrayObject(vm.resolveClass("java/util/HashMap").newObject(map),new StringObject(vm, "21646297"), DvmInteger.valueOf(vm, 7), null, DvmBoolean.valueOf(vm, true))
PermissionError: [Errno 13] Permission denied:
Connected to pydev debugger (build 193.5662.61)
map addr:0x10000000, end:0x10100000, sz:0x00100000 off=0x00000000
stack addr 10100000
map addr:0x01000000, end:0x01200000, sz:0x00200000 off=0x00000000
2020-02-16 12:01:45,819 DEBUG androidemu.internal.modules | Loading module 'tests/bin/libcms.so'.
map addr:0xCBBCB000, end:0xCBCA8627, sz:0x000DD627 off=0x00000000
map addr:0xCBCA9000, end:0xCBCA9000, sz:0x00000000 off=0x00000000
map addr:0xCBCA9000, end:0xCBCB304C, sz:0x0000A04C off=0x000DD000
map addr:0xCBCB4000, end:0xCBCBB000, sz:0x00007000 off=0x00000000
2020-02-16 12:01:52,875 DEBUG androidemu.internal.modules | Loading module 'D:/Python_Projects/AndroidProjects/ExAndroidNativeEmu/vfs/system/lib/'.
Traceback (most recent call last):
File "D:\Python_Projects\AndroidProjects\ExAndroidNativeEmu\androidemu\internal\modules.py", line 207, in load_module
libmod = self.load_module(path)
File "D:\Python_Projects\AndroidProjects\ExAndroidNativeEmu\androidemu\internal\modules.py", line 77, in load_module
with open(filename, 'rb') as fstream:
PermissionError: [Errno 13] Permission denied: 'D:/Python_Projects/AndroidProjects/ExAndroidNativeEmu/vfs/system/lib/'
Unhandled relocation type 7.这个是什么问题?
ERROR:androidemu.internal.modules:=> Undefined external symbol:
ERROR:androidemu.internal.modules:=> Undefined external symbol: __cxa_finalize
ERROR:androidemu.internal.modules:=> Undefined external symbol: __register_atfork
ERROR:androidemu.internal.modules:=> Undefined external symbol: __cxa_atexit
ro.kernel.qemu was not found in system_properties dictionary.
libc.debug.malloc was not found in system_properties dictionary.
WARNING:root:File does not exist '/proc/stat'
ERROR:androidemu.internal.modules:=> Undefined external symbol: __write_chk
ERROR:androidemu.internal.modules:Unhandled relocation type 7.
get_string_utf_chars 这个函数使用过后不释放内存,时间长,会崩溃
get_string_utf_chars 这个函数使用过后不释放内存,时间长,会崩溃
navtive对数字进行传参的时候为空
navtive对数字进行传参的时候为空
支持下arm64?
支持下arm64?
运行速度有优化空间吗
请教一下,在我本地脚本运行时间大概2秒种左右,有什么好的方式提升性能吗,感谢!
Unhandled relocation type 7.这个是什么问题?
ERROR:androidemu.internal.modules:=> Undefined external symbol:
ERROR:androidemu.internal.modules:=> Undefined external symbol: __cxa_finalize
ERROR:androidemu.internal.modules:=> Undefined external symbol: __register_atfork
ERROR:androidemu.internal.modules:=> Undefined external symbol: __cxa_atexit
ro.kernel.qemu was not found in system_properties dictionary.
libc.debug.malloc was not found in system_properties dictionary.
WARNING:root:File does not exist '/proc/stat'
ERROR:androidemu.internal.modules:=> Undefined external symbol: __write_chk
ERROR:androidemu.internal.modules:Unhandled relocation type 7.
virtual_file找不到
File "G:\Unicorn\ExAndroidNativeEmu-master\androidemu\pcb.py", line 8, in
from androidemu.vfs.virtual_file import VirtualFile
ModuleNotFoundError: No module named 'androidemu.vfs.virtual_file'
__read_args_v 方法 在 arm64 下对 可变参数列表 的读取有误
- bug的复现
运行 example_uzm.zip 中的example_uzm_test.py脚本
报错如下
File "D:\workspace\programming\python\remote\ExAndroidNativeEmu\androidemu\java\jni_env.py", line 932, in call_object_method_v
return self.__call_xxx_method(mu, env, obj_idx, method_id, args, 1)
File "D:\workspace\programming\python\remote\ExAndroidNativeEmu\androidemu\java\jni_env.py", line 907, in __call_xxx_method
constructor_args = self.__read_args_common(mu, args, method.args_list, args_type)
File "D:\workspace\programming\python\remote\ExAndroidNativeEmu\androidemu\java\jni_env.py", line 494, in __read_args_common
return self.__read_args_v(mu, args_ptr, args_type_list)
File "D:\workspace\programming\python\remote\ExAndroidNativeEmu\androidemu\java\jni_env.py", line 471, in __read_args_v64
jobj = self.get_reference(ref)
File "D:\workspace\programming\python\remote\ExAndroidNativeEmu\androidemu\java\jni_env.py", line 289, in get_reference
raise RuntimeError('Invalid get_reference(%d)' % idx)
RuntimeError: Invalid get_reference(269473136)
-
原因分析
脚本对应的 so 文件通过 art中的
InvokeVirtualOrInterfaceWithVarArgs实现调用 java层PackageManager的getPackageInfo方法
分析InvokeVirtualOrInterfaceWithVarArgs方法的源码可知对不定参数的读取是通过va_arg来实现的。
当然默认会使用”栈读取“的方式,这个在__read_args_v中已经实现
但根据文档 IHI0055B_aapcs64.pdf 中对va_arg的说明,当ap.__gr_offs为负数的时候读取参数是另外的一套逻辑 -
解决方法
目前我只是根据 文档 IHI0055B_aapcs64.pdf 中的说明对
__read_args_v64方法做了如下修改
def __read_args_v64(self, mu, args_ptr, args_type_list):
...
va_ap= int.from_bytes(mu.mem_read(args_ptr+0x8, 8), byteorder='little')
va_off = int.from_bytes(mu.mem_read(args_ptr+0x18, 4), byteorder='little', signed=True)
arg_off_acc = 0
for arg_name in args_type_list:
if va_off + arg_off_acc < 0:
v = int.from_bytes(mu.mem_read(va_ap+ va_off + arg_off_acc, ptr_size), byteorder='little')
else:
v = int.from_bytes(mu.mem_read(args_ptr + arg_off_acc, ptr_size), byteorder='little')
...
arg_off_acc += ptr_size
#
return result
以上改动针对本例可以测试通过,
但根据文档说明考虑到还有其它分支情况的处理且缺乏相应的测试样例,所以就没提交修改。
希望 @maiyao1988 大佬有空时可以了解并处理下这个问题
Need help for getUserInfo() function
Version 8.5 also need as, cp, mas arguments to do http request
as and cp are generate by com.ss.android.common.applog.UserInfo.getUserInfo() function
I user ExAndroidEmu to run this function, but the result is not same as real package capture result
I create a gist here https://gist.github.com/playniuniu/dd4140f26cb6d4aff89982624ba47043
The exandoridemu result is: a0100ffee45e8deaa0100fff34100ffee4100fff2c30
but real result is: aad1d780985e8dd408d1d780e8d1d78098d1d780e038
I thought I do something wrong with Array("java.lang.String")
Could you help me with how to create []String in exandroidemu please?
Thanks
missing androidemu.java.classes.clazz file
I wonder run the project
But seems missing androidemu.java.classes.clazz file in java_classloader.py
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.