svcNumber=0x103 这个找不到在哪,麻烦看下样本链接 aHR0cHM6Ly93d3cud2FuZG91amlhLmNvbS9hcHBzLzYyMzM3MzkvaGlzdG9yeV92ODQzMTE0MQ== #699
Comments
从ida中查看 BLR x8 指向了错误地址导致的
|
frida hook返回值是一个反射对象
|
|
看起来像是Systemcall报错了,handleInterrupt intno=2, NR=-130880, svcNumber=0x103, 但是查系统调用表查不到对应的值 |
但是看报错异常仿佛是反射方法pointer 找不到
|
|
哥们 解决了吗?我也遇到了; |
|
@createnewdemo 没,要不要一起研究研究,我问了下其它人说都不行 |
|
q320783214 一起研究一下 |
|
但是从trace 的情况来看 返回的是一个MethodId |
|
这问题解决了吗 |
|
@airqj 暂无方法 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
list 0 :-1534962946
[14:48:53 785] DEBUG [com.github.unidbg.linux.android.dvm.BaseVM] (BaseVM:146) - addObject hash=0x76f84423, global=true
[14:48:53 785] DEBUG [com.github.unidbg.linux.android.dvm.BaseVM] (BaseVM:146) - addObject hash=0xffffffff857edf86, global=true
[14:48:53 785] DEBUG [com.github.unidbg.linux.android.dvm.BaseVM] (BaseVM:146) - addObject hash=0x6737fd8f, global=true
JNIEnv->CallStaticObjectMethodV(class com/xingin/tiny/internal/t, b(0xa48252fe, [class android/content/Context, "getSharedPreferencesPath", ["String"]]) => java.lang.reflect.Method@6737fd8f) was called from RX@0x1219c934[libtiny.so]0x19c934
[14:48:53 786] DEBUG [com.github.unidbg.linux.android.dvm.BaseVM] (BaseVM:146) - addObject hash=0x6737fd8f, global=false
[14:48:53 786] DEBUG [com.github.unidbg.linux.android.dvm.DalvikVM64] (DalvikVM64$225:3563) - ExceptionCheck throwable=null
[14:48:53 786] DEBUG [com.github.unidbg.linux.android.dvm.DalvikVM64] (DalvikVM64$234:3901) - GetEnv vm=unidbg@0xfffe0080, env=unidbg@0x799e72a69aeb4952, version=0x10006
[14:48:53 786] DEBUG [com.github.unidbg.linux.android.dvm.DalvikVM64] (DalvikVM64$20:309) - DeleteLocalRef object=unidbg@0x63e2203c
[14:48:53 786] DEBUG [com.github.unidbg.linux.android.dvm.DalvikVM64] (DalvikVM64$234:3901) - GetEnv vm=unidbg@0xfffe0080, env=unidbg@0xfffe1640[libmediandk.so]0x640, version=0x10006
[14:48:53 786] DEBUG [com.github.unidbg.linux.android.dvm.DalvikVM64] (DalvikVM64$20:309) - DeleteLocalRef object=unidbg@0x3b084709
[14:48:53 786] WARN [com.github.unidbg.linux.ARM64SyscallHandler] (ARM64SyscallHandler:410) - handleInterrupt intno=2, NR=-130880, svcNumber=0x103, PC=unidbg@0xfffe00c4, LR=RX@0x12249e28[libtiny.so]0x249e28, syscall=null
java.lang.UnsupportedOperationException
at com.github.unidbg.linux.android.dvm.DalvikVM64$4.handle(DalvikVM64.java:96)
at com.github.unidbg.linux.ARM64SyscallHandler.hook(ARM64SyscallHandler.java:119)
at com.github.unidbg.arm.backend.Unicorn2Backend$11.hook(Unicorn2Backend.java:352)
at com.github.unidbg.arm.backend.unicorn.Unicorn$NewHook.onInterrupt(Unicorn.java:109)
at com.github.unidbg.arm.backend.unicorn.Unicorn.emu_start(Native Method)
at com.github.unidbg.arm.backend.unicorn.Unicorn.emu_start(Unicorn.java:312)
at com.github.unidbg.arm.backend.Unicorn2Backend.emu_start(Unicorn2Backend.java:389)
at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:378)
at com.github.unidbg.thread.Function64.run(Function64.java:39)
at com.github.unidbg.thread.MainTask.dispatch(MainTask.java:19)
at com.github.unidbg.thread.UniThreadDispatcher.run(UniThreadDispatcher.java:165)
at com.github.unidbg.thread.UniThreadDispatcher.runMainForResult(UniThreadDispatcher.java:97)
at com.github.unidbg.AbstractEmulator.runMainForResult(AbstractEmulator.java:341)
at com.github.unidbg.arm.AbstractARM64Emulator.eFunc(AbstractARM64Emulator.java:262)
at com.github.unidbg.Module.emulateFunction(Module.java:163)
at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:135)
at com.github.unidbg.linux.android.dvm.DvmClass.callStaticJniMethodObject(DvmClass.java:316)
at com.xhs._8431.Tiny.init1(Tiny.java:1122)
at com.xhs._8431.Tiny.main(Tiny.java:1167)
debugger break at: 0xfffe00c4 @ Runnable|Function64 address=0x120d2544, arguments=[unidbg@0xfffe1640[libmediandk.so]0x640, -1733448322, 1184568860, 36333492]
The text was updated successfully, but these errors were encountered: