Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read memory failed: address=0x706b6ca020, size=8, value=0x0 #555

Open
a1274807709 opened this issue Jul 31, 2023 · 2 comments
Open

Read memory failed: address=0x706b6ca020, size=8, value=0x0 #555

a1274807709 opened this issue Jul 31, 2023 · 2 comments

Comments

@a1274807709
Copy link

版本:安卓qq8.9.70 so文件:libqimei.so
Hook出的参数:

{
"param1": "/data/user/0/com.tencent.mobileqq/files/com.tencent.qimei.sdk.QimeiSDK",
"param2": [
["com/tencent/qimei/n/b", "sendError", "(III)I", "k2"],
["com/tencent/qimei/n/b", "sendSample", "(III)I", "k1"],
["com/tencent/qimei/l/a", "getLauncherActivity", "(Landroid/content/Context;)Landroid/app/Activity;", "k4"],
["com/tencent/qimei/u/b", "p", "(ILjava/lang/String;)Ljava/lang/String;", "k5"]
],
"Times": "2023-07-31-22:24:58"
}
native层: private static native void n(Context context, String str, Object[] objArr);

代码:
` ArrayList<String[]> f296371a = new ArrayList<>();
String[] strArr = new String[4];
strArr[0]="com/tencent/qimei/n/b";
strArr[1]="sendSample";
strArr[2]="(III)I";
strArr[3]="k1";
f296371a.add(strArr);
strArr[0]="com/tencent/qimei/n/b";
strArr[1]="sendError";
strArr[2]="(III)I";
strArr[3]="k2";
f296371a.add(strArr);

    strArr[0]="com/tencent/qimei/l/a";
    strArr[1]="getLauncherActivity";
    strArr[2]="(Landroid/content/Context;)Landroid/app/Activity;";
    strArr[3]="k4";
    f296371a.add(strArr);
    strArr[0]="com/tencent/qimei/u/b";
    strArr[1]="p";
    strArr[2]="(ILjava/lang/String;)Ljava/lang/String;";
    strArr[3]="k5";
    f296371a.add(strArr);
    Object[] objects=   f296371a.toArray();

    String n = "n(Landroid/content/Context;Ljava/lang/String;[Ljava/lang/Object;)V";
     this.dvmClassQimei.callStaticJniMethod(emulator,n,context,str,  ProxyDvmObject.createObject(vm,objects));`

报错:

debugger break at: 0x40cc74a0 @ Function64 address=0x40cd3a0c, arguments=[unidbg@0xfffe1640[libandroid.so]0x640, -1688988207, 1056860985, 624795507, 337799666]

x0=0x65107976 x1=0xbffff3d0 x2=0x0 x3=0x20 x4=0xfffffffffffffff0 x5=0x40 x6=0x3f x7=0x0 x8=0x706b6ca000 x9=0x7f454c46 x10=0x706b6ca000 x11=0xdcaa2465 x12=0xbffff458 x13=0xbffff468 x14=0x1
x15=0x3ed4be59 x16=0x40d07e60 x17=0xa749 x18=0x40189f50 x19=0x133ae5fe x20=0x0 x21=0x90fd6129 x22=0xe5705dd0 x23=0xfef5 x24=0xdfcf39cd x25=0x6186dbdb x26=0xa56b5961 x27=0x1d935179 x28=0x41d3 fp=0xe36c
q0=0x72727272727272727272727272727272(1.9680840716716443E243, 1.9680840716716443E243) q1=0x0(0.0) q2=0x702d2d72(2.143833868430176E29) q3=0x80200802802008028020080280200802(-4.458850023827439E-308, -4.458850023827439E-308) q4=0x80200802802008028020080200000000(-4.45884789975736E-308, -4.458850023827439E-308) q5=0x0(0.0) q6=0x1(1.401298464324817E-45) q7=0x80200802802008028020080280200802(-4.458850023827439E-308, -4.458850023827439E-308) q8=0x0(0.0) q9=0x0(0.0) q10=0x0(0.0) q11=0x0(0.0) q12=0x0(0.0) q13=0x0(0.0) q14=0x0(0.0) q15=0x0(0.0)
q16=0x40100401401004014010040140100401(4.003911019303815, 4.003911019303815) q17=0xa00aa00aa00a0001aaaaaa01aaaaaaaa(-3.720302283390508E-103, -2.482244139579132E-154) q18=0x80200802802008028020080200000001(-4.458847899757361E-308, -4.458850023827439E-308) q19=0x5003474657514c53535650034e564e4a(2.9088939508169216E93, 2.79036023712085E77) q20=0xa4bdb1fcafb8b9b9bfa4b9fcfbb2fbfc(-0.04048147747516137, -1.0458973637743107E-131) q21=0x34373f33357d373c3d26353c3b207d21(3.9449244407276354E-14, 3.703440873897255E-57) q22=0xf9e3e8e0f8eee2c9a2e9ffeceee9fea2(-1.705691643836012E-140, -1.4117257583346367E279) q23=0x672f656e6f74676e69722f636973754d(8.69987647388894E199, 1.0928602047774224E189) q24=0x3b6f666e49656369767265532f6d702f(3.620386432783241E262, 2.0778856622684563E-22) q25=0x6c6d782f6e6f69746163696c707061(3.983861098561292E252, 1.265070865790262E-306) q26=0x746e65746e6f632f64696f72646e614c(5.032746132294561E175, 6.964135520393147E252) q27=0x4965636976726573(3.815805220542376E45) q28=0x66643139313230626434313335633938(4.994141873244771E174, 1.7159818404838045E185) q29=0x62323161356161353336356661353330(5.398610010944219E-62, 1.047657493609918E165) q30=0xe2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2(-2.227377823277027E168, -2.227377823277027E168) q31=0x62613934333231303030303030303061(1.398043286095304E-76, 7.934651310604643E165)
LR=RX@0x40cc9ad8[libqimei.so]0x2dad8
SP=0xbffff1c0
PC=RX@0x40cc74a0[libqimei.so]0x2b4a0
nzcv: N=0, Z=1, C=1, V=0, EL0, use SP_EL0
22:48:03.614 [main] DEBUG org.scijava.nativelib.NativeLibraryUtil - architecture is WINDOWS_64 os.name is windows 11
22:48:03.614 [main] DEBUG org.scijava.nativelib.NativeLibraryUtil - platform specific path is natives/windows_64/
22:48:03.614 [main] DEBUG org.scijava.nativelib.BaseJniExtractor - mappedLib is disassembler.dll
22:48:03.617 [main] DEBUG org.scijava.nativelib.BaseJniExtractor - Couldn't find resource natives/windows_64/disassembler.dll
22:48:03.617 [main] DEBUG org.scijava.nativelib.NativeLibraryUtil - platform specific path is windows_64/
22:48:03.617 [main] DEBUG org.scijava.nativelib.BaseJniExtractor - mappedLib is disassembler.dll
22:48:03.620 [main] DEBUG org.scijava.nativelib.BaseJniExtractor - Couldn't find resource windows_64/disassembler.dll
22:48:03.620 [main] DEBUG org.scijava.nativelib.NativeLibraryUtil - platform specific path is META-INF/lib/windows_64/
22:48:03.620 [main] DEBUG org.scijava.nativelib.BaseJniExtractor - mappedLib is disassembler.dll
22:48:03.624 [main] DEBUG org.scijava.nativelib.BaseJniExtractor - Couldn't find resource META-INF/lib/windows_64/disassembler.dll
=> *[libqimei.so 0x02b4a0][fd7bbaa9]0x40cc74a0:"stp x29, x30, [sp, #-0x60]!"
[libqimei.so 0x02b4a4] [fc6f01a9] 0x40cc74a4: "stp x28, x27, [sp, #0x10]"
[libqimei.so 0x02b4a8] [fa6702a9] 0x40cc74a8: "stp x26, x25, [sp, #0x20]"
[libqimei.so 0x02b4ac] [f85f03a9] 0x40cc74ac: "stp x24, x23, [sp, #0x30]"
[libqimei.so 0x02b4b0] [f65704a9] 0x40cc74b0: "stp x22, x21, [sp, #0x40]"
[libqimei.so 0x02b4b4] [f44f05a9] 0x40cc74b4: "stp x20, x19, [sp, #0x50]"
[libqimei.so 0x02b4b8] [ffc306d1] 0x40cc74b8: "sub sp, sp, #0x1b0"
[libqimei.so 0x02b4bc] [e12f00f9] 0x40cc74bc: "str x1, [sp, #0x58]"
[libqimei.so 0x02b4c0] [e82f40f9] 0x40cc74c0: "ldr x8, [sp, #0x58]"
[libqimei.so 0x02b4c4] [49058052] 0x40cc74c4: "movz w9, #0x2a"
[libqimei.so 0x02b4c8] [2d400391] 0x40cc74c8: "add x13, x1, #0xd0"
[libqimei.so 0x02b4cc] [2ce00291] 0x40cc74cc: "add x12, x1, #0xb8"
[libqimei.so 0x02b4d0] [000100f9] 0x40cc74d0: "str x0, [x8]"
[libqimei.so 0x02b4d4] [29200039] 0x40cc74d4: "strb w9, [x1, #8]"
[libqimei.so 0x02b4d8] [e82f40f9] 0x40cc74d8: "ldr x8, [sp, #0x58]"
[libqimei.so 0x02b4dc] [c9888952] 0x40cc74dc: "movz w9, #0x4c46"
@Alphamerry
Copy link

QIMEI不是这个native吧

@a1274807709
Copy link
Author

QIMEI不是这个native吧

8.9.70里是这个

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@a1274807709 @Alphamerry