方法调用方式应该正确，但就是报java.lang.IllegalStateException: obj is null: class android/content/Context

[abbypop]

public String parseSig(String plainText) {
DvmObject contexts = vm.resolveClass("android/content/Context").newObject(null);
String methodSign = "getClock(Landroid/content/Context;[BI)Ljava/lang/String;";
StringObject obj = sigUtil.callStaticJniMethodObject(emulator, methodSign, contexts, plainText.getBytes(), 1);
return obj.getValue();
}

Find native function Java_com_yxcorp_gifshow_util_CPU_getClock => RX@0x40002030[libcore.so]0x2030
JNIEnv->GetMethodID(java/lang/Class.getName()Ljava/lang/String;) => 0x4a974877 was called from RX@0x40000aa0[libcore.so]0xaa0
[21:39:05 788] WARN [com.github.unidbg.linux.ARM64SyscallHandler] (ARM64SyscallHandler:412) - handleInterrupt intno=2, NR=-130432, svcNumber=0x11f, PC=unidbg@0xfffe0284, LR=RX@0x40000ba4[libcore.so]0xba4, syscall=null
java.lang.IllegalStateException: obj is null: class android/content/Context
at com.github.unidbg.linux.android.dvm.jni.ProxyJni.callObjectMethodV(ProxyJni.java:407)
at com.github.unidbg.linux.android.dvm.DvmMethod.callObjectMethodV(DvmMethod.java:89)
at com.github.unidbg.linux.android.dvm.DalvikVM64$32.handle(DalvikVM64.java:559)
at com.github.unidbg.linux.ARM64SyscallHandler.hook(ARM64SyscallHandler.java:121)
at com.github.unidbg.arm.backend.UnicornBackend$11.hook(UnicornBackend.java:345)
at unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:128)
at unicorn.Unicorn.emu_start(Native Method)
at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:376)
at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:378)
at com.github.unidbg.thread.Function64.run(Function64.java:39)
at com.github.unidbg.thread.MainTask.dispatch(MainTask.java:19)
at com.github.unidbg.thread.UniThreadDispatcher.run(UniThreadDispatcher.java:175)
at com.github.unidbg.thread.UniThreadDispatcher.runMainForResult(UniThreadDispatcher.java:99)
at com.github.unidbg.AbstractEmulator.runMainForResult(AbstractEmulator.java:341)
at com.github.unidbg.arm.AbstractARM64Emulator.eFunc(AbstractARM64Emulator.java:262)
at com.github.unidbg.Module.emulateFunction(Module.java:163)
at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:135)
at com.github.unidbg.linux.android.dvm.DvmClass.callStaticJniMethodObject(DvmClass.java:316)

[abbypop]

大佬指点迷津啊，抓狂。

[zhaodice]

1. 自己实现JNI类，public class xxxxxx extends AbstractJni ，不要用自带的，自行处理 callObjectMethodV

vm.setJni(new xxxxx());

2.要么就别给null，给个实际点的类。

DvmObject contexts = vm.resolveClass("android/content/Context").newObject(new Context());

[abbypop]

首先感谢回复，第二种方法不可行，补的是安卓上下文环境，是无实际的类，第一方法尝试实现，是直接调用父类AbstractJni的callObjectMethodV，但无结果返回，callObjectMethodV应如何处理。

[abbypop]

NIEnv->FindClass(com/yxcorp/gifshow/util/CPU) was called from RX@0x4000240c[libcore.so]0x240c
JNIEnv->RegisterNatives(com/yxcorp/gifshow/util/CPU, RW@0x40006018[libcore.so]0x6018, 2) was called from RX@0x40002430[libcore.so]0x2430
RegisterNative(com/yxcorp/gifshow/util/CPU, getClock(Landroid/content/Context;[BI)Ljava/lang/String;, RX@0x40002030[libcore.so]0x2030)
RegisterNative(com/yxcorp/gifshow/util/CPU, getMagic(Landroid/content/Context;I)Ljava/lang/String;, RX@0x40002330[libcore.so]0x2330)
Find native function Java_com_yxcorp_gifshow_util_CPU_getClock => RX@0x40002030[libcore.so]0x2030
JNIEnv->GetMethodID(java/lang/Class.getName()Ljava/lang/String;) => 0x4a974877 was called from RX@0x40000aa0[libcore.so]0xaa0
JNIEnv->CallObjectMethodV(class android/content/Context, getName() => "android.content.Context") was called from RX@0x40000ba4[libcore.so]0xba4
JNIEnv->GetStringUtfChars("android.content.Context") was called from RX@0x40001868[libcore.so]0x1868
JNIEnv->ReleaseStringUTFChars("android.content.Context") was called from RX@0x40001894[libcore.so]0x1894
Exception in thread "main" java.lang.NullPointerException
at com.kuaishou.KuaishouSign.parseSig(KuaishouSign.java:66)
at com.kuaishou.KuaishouSign.main(KuaishouSign.java:87)

[zhaodice]

你可以重载函数callObjectMethodV，使之支持该返回。

@Override
public DvmObject<?> callObjectMethodV(BaseVM vm, DvmObject<?> dvmObject, String signature, VaList vaList) {
    if ("android/content/Context->getName()Ljava/lang/String;".equals(signature)) {
        return new StringObject(
                vm,
                "NMSL"
        );
    }
}

其中NMSL是你希望它获得的字符串。
例如，我希望欺骗getPackageResourcePath函数，返回正确的apk路径

@Override
public DvmObject<?> callObjectMethodV(BaseVM vm, DvmObject<?> dvmObject, String signature, VaList vaList) {
  if ("android/content/Context->getPackageResourcePath()Ljava/lang/String;".equals(signature)) {
        return new StringObject(
                vm,
                "/data/app/com.tencent.mobileqq/base.apk"
        );
    }
}

总而言之，在实际应用中需要根据你自己的需求自定义，建议通过HOOK等手段获取真机是怎么返回的。