Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

调用so错误,大佬帮看下 ((ARM32SyscallHandler:533) - handleInterrupt intno=2, NR=192) #672

Open
hayXiang opened this issue Sep 5, 2024 · 2 comments
Open

调用so错误,大佬帮看下 ((ARM32SyscallHandler:533) - handleInterrupt intno=2, NR=192) #672

hayXiang opened this issue Sep 5, 2024 · 2 comments

Comments

@hayXiang
Copy link

hayXiang commented Sep 5, 2024

报错:
"C:\Program Files\Java\jdk1.8.0_202\bin\java.exe" -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:56480,suspend=y,server=n -javaagent:C:\Users\hxiang.ARCVIDEO\AppData\Local\JetBrains\IntelliJIdea2022.1\captureAgent\debugger-agent.jar -Dfile.encoding=UTF-8 -classpath "C:\Program Files\Java\jdk1.8.0_202\jre\lib\charsets.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\deploy.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\access-bridge-64.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\cldrdata.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\dnsns.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\jaccess.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\jfxrt.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\localedata.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\nashorn.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\sunec.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\sunjce_provider.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\sunmscapi.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\sunpkcs11.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\zipfs.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\javaws.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\jce.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\jfr.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\jfxswt.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\jsse.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\management-agent.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\plugin.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\resources.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\rt.jar;D:\unidbg-0.9.7\unidbg-android\target\test-classes;D:\unidbg-0.9.7\unidbg-android\target\classes;D:\unidbg-0.9.7\unidbg-api\target\classes;D:\maven_repo\com\github\zhkl0228\unicorn\1.0.12\unicorn-1.0.12.jar;D:\maven_repo\org\scijava\native-lib-loader\2.3.5\native-lib-loader-2.3.5.jar;D:\maven_repo\com\github\zhkl0228\capstone\3.1.8\capstone-3.1.8.jar;D:\maven_repo\net\java\dev\jna\jna\5.10.0\jna-5.10.0.jar;D:\maven_repo\com\github\zhkl0228\keystone\0.9.7\keystone-0.9.7.jar;D:\maven_repo\commons-codec\commons-codec\1.15\commons-codec-1.15.jar;D:\maven_repo\org\apache\commons\commons-collections4\4.4\commons-collections4-4.4.jar;D:\maven_repo\commons-io\commons-io\2.11.0\commons-io-2.11.0.jar;D:\maven_repo\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;D:\maven_repo\com\alibaba\fastjson\1.2.83\fastjson-1.2.83.jar;D:\maven_repo\com\github\zhkl0228\demumble\1.0.4\demumble-1.0.4.jar;D:\maven_repo\net\dongliu\apk-parser\2.6.10\apk-parser-2.6.10.jar;D:\unidbg-0.9.7\backend\dynarmic\target\classes;D:\unidbg-0.9.7\backend\hypervisor\target\classes;D:\unidbg-0.9.7\backend\kvm\target\classes;D:\unidbg-0.9.7\backend\unicorn2\target\classes;D:\maven_repo\log4j\log4j\1.2.17\log4j-1.2.17.jar;D:\maven_repo\junit\junit\4.13.2\junit-4.13.2.jar;D:\maven_repo\org\hamcrest\hamcrest-core\1.3\hamcrest-core-1.3.jar;D:\maven_repo\org\slf4j\slf4j-api\1.7.36\slf4j-api-1.7.36.jar;D:\maven_repo\org\slf4j\slf4j-reload4j\1.7.36\slf4j-reload4j-1.7.36.jar;D:\maven_repo\ch\qos\reload4j\reload4j\1.2.19\reload4j-1.2.19.jar;C:\Program Files\JetBrains\IntelliJ IDEA 2022.1\lib\idea_rt.jar" com.iptv.mktv.Mktv
Connected to the target VM, address: '127.0.0.1:56480', transport: 'socket'
当前进程PID -> 13984
[10:28:51 167] INFO [com.github.unidbg.linux.AndroidElfLoader] (AndroidElfLoader:468) - libtvcore.so load dependency liblog.so failed
[10:28:51 170] INFO [com.github.unidbg.linux.AndroidElfLoader] (AndroidElfLoader:468) - libtvcore.so load dependency libz.so failed
[10:28:51 170] INFO [com.github.unidbg.linux.AndroidElfLoader] (AndroidElfLoader:468) - libtvcore.so load dependency libstdc++.so failed
[10:28:51 170] INFO [com.github.unidbg.linux.AndroidElfLoader] (AndroidElfLoader:468) - libtvcore.so load dependency libm.so failed
[10:28:51 171] INFO [com.github.unidbg.linux.AndroidElfLoader] (AndroidElfLoader:468) - libtvcore.so load dependency libc.so failed
[10:28:51 171] INFO [com.github.unidbg.linux.AndroidElfLoader] (AndroidElfLoader:468) - libtvcore.so load dependency libdl.so failed
[10:28:51 221] WARN [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:533) - handleInterrupt intno=2, NR=192, svcNumber=0x0, PC=RWX@0x4044aa7a, LR=RWX@0x4044aa69, syscall=null
java.lang.IllegalStateException: munmap aligned=0x271000, start=0x4005e000
at com.github.unidbg.spi.AbstractLoader.munmap(AbstractLoader.java:144)
at com.github.unidbg.linux.AndroidElfLoader.mmap2(AndroidElfLoader.java:735)
at com.github.unidbg.linux.ARM32SyscallHandler.mmap2(ARM32SyscallHandler.java:1840)
at com.github.unidbg.linux.ARM32SyscallHandler.hook(ARM32SyscallHandler.java:346)
at com.github.unidbg.arm.backend.UnicornBackend$11.hook(UnicornBackend.java:345)
at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128)
at unicorn.Unicorn.emu_start(Native Method)
at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:376)
at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:380)
at com.github.unidbg.thread.Function32.run(Function32.java:39)
at com.github.unidbg.thread.MainTask.dispatch(MainTask.java:19)
at com.github.unidbg.thread.UniThreadDispatcher.run(UniThreadDispatcher.java:172)
at com.github.unidbg.thread.UniThreadDispatcher.runMainForResult(UniThreadDispatcher.java:96)
at com.github.unidbg.AbstractEmulator.runMainForResult(AbstractEmulator.java:340)
at com.github.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:229)
at com.github.unidbg.linux.LinuxInitFunction.call(LinuxInitFunction.java:31)
at com.github.unidbg.linux.LinuxModule.callInitFunction(LinuxModule.java:141)
at com.github.unidbg.linux.AndroidElfLoader.loadInternal(AndroidElfLoader.java:180)
at com.github.unidbg.linux.AndroidElfLoader.loadInternal(AndroidElfLoader.java:62)
at com.github.unidbg.spi.AbstractLoader.load(AbstractLoader.java:233)
at com.github.unidbg.linux.android.dvm.BaseVM.loadLibrary(BaseVM.java:312)
at com.iptv.mktv.Mktv.(Mktv.java:42)
at com.iptv.mktv.Mktv.main(Mktv.java:96)
[10:28:51 223] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:420) - emulate RX@0x401d0c49[libtvcore.so]0x1d0c49 exception sp=unidbg@0xbffff6c4, msg=munmap aligned=0x271000, start=0x4005e000, offset=7ms
[10:28:51 224] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:64) - Fetch memory failed: address=0x4005f8f0, size=1, value=0x0, PC=RX@0x4005f8f0[libtvcore.so]0x5f8f0, LR=unidbg@0xffff0000
[10:28:51 224] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:420) - emulate RX@0x4005f8f1[libtvcore.so]0x5f8f1 exception sp=unidbg@0xbffff730, msg=unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=1ms
[10:28:51 224] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:64) - Fetch memory failed: address=0x4005f970, size=1, value=0x0, PC=RX@0x4005f970[libtvcore.so]0x5f970, LR=unidbg@0xffff0000
[10:28:51 224] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:420) - emulate RX@0x4005f971[libtvcore.so]0x5f971 exception sp=unidbg@0xbffff730, msg=unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=0ms
[10:28:51 224] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:64) - Fetch memory failed: address=0x4005f99c, size=1, value=0x0, PC=RX@0x4005f99c[libtvcore.so]0x5f99c, LR=unidbg@0xffff0000
[10:28:51 224] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:420) - emulate RX@0x4005f99d[libtvcore.so]0x5f99d exception sp=unidbg@0xbffff730, msg=unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=0ms
[10:28:51 225] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:64) - Fetch memory failed: address=0x4005f9c8, size=1, value=0x0, PC=RX@0x4005f9c8[libtvcore.so]0x5f9c8, LR=unidbg@0xffff0000
[10:28:51 225] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:420) - emulate RX@0x4005f9c9[libtvcore.so]0x5f9c9 exception sp=unidbg@0xbffff730, msg=unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=1ms
[10:28:51 226] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:64) - Fetch memory failed: address=0x4005fa00, size=1, value=0x0, PC=RX@0x4005fa00[libtvcore.so]0x5fa00, LR=unidbg@0xffff0000
[10:28:51 226] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:420) - emulate RX@0x4005fa01[libtvcore.so]0x5fa01 exception sp=unidbg@0xbffff730, msg=unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=0ms
[10:28:51 226] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:64) - Fetch memory failed: address=0x4005fa2c, size=1, value=0x0, PC=RX@0x4005fa2c[libtvcore.so]0x5fa2c, LR=unidbg@0xffff0000
[10:28:51 226] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:420) - emulate RX@0x4005fa2d[libtvcore.so]0x5fa2d exception sp=unidbg@0xbffff730, msg=unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=0ms
[10:28:51 226] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:64) - Fetch memory failed: address=0x4005fa84, size=1, value=0x0, PC=RX@0x4005fa84[libtvcore.so]0x5fa84, LR=unidbg@0xffff0000
[10:28:51 227] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:420) - emulate RX@0x4005fa85[libtvcore.so]0x5fa85 exception sp=unidbg@0xbffff730, msg=unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=1ms
[10:28:51 227] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:64) - Fetch memory failed: address=0x4005fad4, size=1, value=0x0, PC=RX@0x4005fad4[libtvcore.so]0x5fad4, LR=unidbg@0xffff0000
[10:28:51 227] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:420) - emulate RX@0x4005fad5[libtvcore.so]0x5fad5 exception sp=unidbg@0xbffff730, msg=unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=0ms
[10:28:51 227] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:64) - Fetch memory failed: address=0x4005fbb0, size=1, value=0x0, PC=RX@0x4005fbb0[libtvcore.so]0x5fbb0, LR=unidbg@0xffff0000
[10:28:51 227] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:420) - emulate RX@0x4005fbb1[libtvcore.so]0x5fbb1 exception sp=unidbg@0xbffff730, msg=unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=0ms
[10:28:51 227] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:64) - Fetch memory failed: address=0x4005fc8c, size=1, value=0x0, PC=RX@0x4005fc8c[libtvcore.so]0x5fc8c, LR=unidbg@0xffff0000
[10:28:51 227] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:420) - emulate RX@0x4005fc8d[libtvcore.so]0x5fc8d exception sp=unidbg@0xbffff730, msg=unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=0ms
[10:28:51 228] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:64) - Fetch memory failed: address=0x4005fcc8, size=1, value=0x0, PC=RX@0x4005fcc8[libtvcore.so]0x5fcc8, LR=unidbg@0xffff0000
[10:28:51 228] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:420) - emulate RX@0x4005fcc9[libtvcore.so]0x5fcc9 exception sp=unidbg@0xbffff730, msg=unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=0ms
[10:28:51 231] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:64) - Fetch memory failed: address=0x400984f8, size=1, value=0x0, PC=RX@0x400984f8[libtvcore.so]0x984f8, LR=unidbg@0xffff0000
[10:28:51 231] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:420) - emulate RX@0x400984f9[libtvcore.so]0x984f9 exception sp=unidbg@0xbffff730, msg=unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED), offset=0ms
Exception in thread "main" java.lang.IllegalStateException: Illegal JNI version: 0xffffffff
at com.github.unidbg.linux.android.dvm.BaseVM.checkVersion(BaseVM.java:207)
at com.github.unidbg.linux.android.dvm.DalvikModule.callJNI_OnLoad(DalvikModule.java:39)
at com.iptv.mktv.Mktv.(Mktv.java:45)
at com.iptv.mktv.Mktv.main(Mktv.java:96)
Disconnected from the target VM, address: '127.0.0.1:56480', transport: 'socket'

Process finished with exit code 1
@hayXiang
Copy link
Author

hayXiang commented Sep 5, 2024

源码

package com.iptv.mktv;

import com.github.unidbg.AndroidEmulator;
import com.github.unidbg.Emulator;
import com.github.unidbg.Module;
import com.github.unidbg.file.FileResult;
import com.github.unidbg.file.IOResolver;
import com.github.unidbg.linux.android.AndroidEmulatorBuilder;
import com.github.unidbg.linux.android.AndroidResolver;
import com.github.unidbg.linux.android.dvm.*;
import com.github.unidbg.linux.android.dvm.array.ArrayObject;
import com.github.unidbg.linux.android.dvm.array.ByteArray;
import com.github.unidbg.linux.file.SimpleFileIO;
import com.github.unidbg.memory.Memory;

import java.io.File;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class Mktv extends AbstractJni implements IOResolver {
    private final AndroidEmulator emulator;
    private final VM vm;
    private final Module module;

    private MessageDigest md = MessageDigest.getInstance("MD5");

    private Mktv() throws NoSuchAlgorithmException {
        emulator = AndroidEmulatorBuilder
                .for32Bit()
                .setProcessName("com.bslive.mktv")
                .build();

        System.out.println("当前进程PID -> " + emulator.getPid());

        final Memory memory = emulator.getMemory(); // 模拟器的内存操作接口
        memory.setLibraryResolver(new AndroidResolver(28)); // 设置系统类库解析

        emulator.getSyscallHandler().addIOResolver(this); // 绑定IO重定向接口
        vm = emulator.createDalvikVM();
        vm.setVerbose(true); // 设置是否打印Jni调用细节

        DalvikModule dm = vm.loadLibrary(new File("unidbg-android/src/test/resources/example_binaries/libtvcore.so"), true);
        module = dm.getModule();
        vm.setJni(this);
        dm.callJNI_OnLoad(emulator);
    }

    @Override
    public DvmObject<?> callStaticObjectMethod(BaseVM vm, DvmClass dvmClass, String signature, VarArg varArg) {
        switch (signature) {
            case "java/security/MessageDigest->getInstance(Ljava/lang/String;)Ljava/security/MessageDigest;":
                return vm.resolveClass("java/security/MessageDigest").newObject(null);
        }
        return super.callStaticObjectMethod(vm, dvmClass, signature, varArg);
    }

    @Override
    public DvmObject<?> callObjectMethod(BaseVM vm, DvmObject<?> dvmObject, String signature, VarArg varArg) {
        switch (signature) {
            case "java/security/MessageDigest->digest([B)[B":
            {
                byte[] m = (byte[])vm.getObject(varArg.getIntArg(0)).getValue();
                String test = new String(m);
                return new ByteArray(vm, md.digest(m));
            }
        }
        return super.callObjectMethod(vm, dvmObject, signature, varArg);
    }

    @Override
    public DvmObject<?> callObjectMethodV(BaseVM vm, DvmObject<?> dvmObject, String signature, VaList vaList) {
        return super.callObjectMethodV(vm, dvmObject, signature, vaList);
    }

    @Override
    public FileResult resolve(Emulator emulator, String pathname, int oflags) {
        System.out.println("访问 -> " + pathname);
        if (("/proc/self/maps").equals(pathname)) {
            return FileResult.success(new SimpleFileIO(oflags, new File("unidbg-android/src/test/java/com/cmcc/migutv/encryptor/maps"), pathname));
        }
        return null;
    }

    public void getSignFromNative(){
        DvmClass CYUtil = vm.resolveClass("com/linklib/utils/CYUtil");

        String methodSign = "genS(Ljava/lang/String;)[Ljava/lang/String;";
        ArrayObject obj = CYUtil.callStaticJniMethodObject(emulator, methodSign, new StringObject(vm, "1-1-13"));

        System.out.println(obj.getValue()[0]);
        System.out.println(obj.getValue()[1]);
    }


    public static void main(String[] args) throws NoSuchAlgorithmException {
        Mktv tv = new Mktv();
        //tv.getSignFromNative();
    }
}

@hayXiang
Copy link
Author

hayXiang commented Sep 5, 2024

libtvcore.zip
so文件

@hayXiang hayXiang changed the title 调用so错误,大佬帮看下 调用so错误,大佬帮看下 ((ARM32SyscallHandler:533) - handleInterrupt intno=2, NR=192) Sep 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hayXiang