-
Notifications
You must be signed in to change notification settings - Fork 924
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
执行到方法:AbstractJni.newObjectV 时,找不到对应的函数签名类型 #55
Comments
通过vaList获取到对应的ArrayObject跟StringObject,再调用new String(data, encoding)生成字符串,再返回StringObject |
有点抽象,是这样吗?小弟不才啊 /(ㄒoㄒ)/~~ @OverRide
|
或者这样对吗? @OverRide
好像后面这一种是可以返回有效地值得,但是不确定这样对不对 ... |
大神啊,万分感谢,我感觉后面一种方法应该就是对的,我直接拿生产的sign去重放是OK的。只是我有些强迫症,在看到诸如以下的错误打印时,很想搞清楚原因是什么,我可以有什么解决思路,希望大神有空再帮我指点迷津,再次表示感谢!逆向领域原子弹级别的发明! 错误信息如下:(虽然最后能输出正确的结果) 九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.AndroidElfLoader resolveSymbols 九月 17, 2019 11:16:31 上午 cn.banny.unidbg.AbstractEmulator emulate 九月 17, 2019 11:16:31 上午 cn.banny.unidbg.linux.LinuxModule callInitFunction getKey:124268048476002231160546874792054445205859695541773682585510549341692856527133748338173673409724680644261254462092544451007823053290585560919751502040858723643650222704101093197109429006854655834856230931813529754840873403742860610007429079738487054902351423296508023834355690216104617853526135691550059952419&65537 |
具体的报错为:
newObjectV signature:java/lang/String->([BLjava/lang/String;)V
[19:51:27 721] WARN [cn.banny.unidbg.linux.ARMSyscallHandler] (ARMSyscallHandler:384) - handleInterrupt intno=2, NR=-2083121372, svcNumber=0x10d, PC=unicorn@0xfffe0164, syscall=null
java.lang.AbstractMethodError: java/lang/String->([BLjava/lang/String;)V
at cn.banny.unidbg.linux.android.dvm.AbstractJni.newObjectV(AbstractJni.java:346)
at cn.banny.unidbg.linux.android.dvm.DvmMethod.newObjectV(DvmMethod.java:177)
at cn.banny.unidbg.linux.android.dvm.DalvikVM$14.handle(DalvikVM.java:218)
at cn.banny.unidbg.linux.ARMSyscallHandler.hook(ARMSyscallHandler.java:92)
at unicorn.Unicorn.invokeInterruptCallbacks(Unicorn.java:123)
at unicorn.Unicorn.emu_start(Native Method)
at cn.banny.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:267)
at cn.banny.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:360)
at cn.banny.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:201)
at cn.banny.unidbg.linux.LinuxModule.emulateFunction(LinuxModule.java:154)
at cn.banny.unidbg.linux.android.dvm.DvmClass.callStaticJniMethod(DvmClass.java:140)
at cn.passguard.PassGuardEncrypt.sig_1init(PassGuardEncrypt.java:170)
at cn.passguard.PassGuardEncrypt.main(PassGuardEncrypt.java:71)
涉及到的方法原型:
@OverRide
public DvmObject newObjectV(BaseVM vm, DvmClass dvmClass, String signature, VaList vaList) {
System.out.println("newObjectV signature:" + signature);
if ("java/io/ByteArrayInputStream->([B)V".equals(signature)) {
ByteArray array = vaList.getObject(0);
return new DvmObject<>(vm.resolveClass("java/io/ByteArrayInputStream"), new ByteArrayInputStream(array.value));
}
throw new AbstractMethodError(signature);
}
结果:
当sugbature为java/lang/String->([BLjava/lang/String;)V的时候,直接抛出异常,我应该怎么续写该类型的返回值?求大神解答。
附件:
TestPag.zip
The text was updated successfully, but these errors were encountered: