unidbg
unidbg copied to clipboard
Published
20 hours ago •
zhkl0228
zhkl0228
求助memory failed: address=0x63bb904d,Invalid memory read (UC_ERR_READ_UNMAPPED)
大佬们帮忙看下,万分感谢!!!
环境都补全了,最后出现memory failed:错误。
通过上下文发现:0x63bb904d地址来自0x63bb9035(jmethod结构体) + 0x18,偏移24字节位置。google没有找到jmethod定义,无法进一步分析。
ands r0, r7, #0x100000,r0虽然是0x63bb904d,但是并没有访问啊。
为什么会这样? 如何解决这个问题?
报错的指令:
.text:0000B294 sub_B294 ; CODE XREF: td_c73b6d93a362e6b32e83+858↑p
.text:0000B294
.text:0000B294 var_2C = -0x2C
.text:0000B294 var_28 = -0x28
.text:0000B294 var_24 = -0x24
.text:0000B294 var_20 = -0x20
.text:0000B294
.text:0000B294 ; __unwind {
.text:0000B294 STMFD SP!, {R4-R11,LR}
.text:0000B298 ADD R11, SP, #0x1C
.text:0000B29C SUB SP, SP, #0x14
.text:0000B2A0 LDR R0, =(__stack_chk_guard_ptr - 0xB2B8)
.text:0000B2A4 MOV R4, R1
.text:0000B2A8 MOV R7, R2
.text:0000B2AC ADD R1, SP, #0x30+var_24
.text:0000B2B0 LDR R0, [PC,R0] ; __stack_chk_guard
.text:0000B2B4 LDR R0, [R0]
.text:0000B2B8 STR R0, [SP,#0x30+var_20]
.text:0000B2BC MOV R0, #0
.text:0000B2C0 LDR R8, [R4,#0x24]
.text:0000B2C4 STR R0, [SP,#0x30+var_24]
.text:0000B2C8 UBFX R6, R7, #0x10, #4
.text:0000B2CC MOV R0, R4
.text:0000B2D0 MOV R2, R6
.text:0000B2D4 BL sub_655C
.text:0000B2D8 LDR R5, [SP,#0x30+var_24]
.text:0000B2DC ANDS R10, R7, #0x1000000
.text:0000B2E0 STR R5, [SP,#0x30+var_28]
.text:0000B2E4 UBFX R9, R7, #0xC, #4
.text:0000B2E8 BEQ loc_B2FC
.text:0000B2EC ADD R2, SP, #0x30+var_28
.text:0000B2F0 MOV R0, R4
.text:0000B2F4 MOV R1, R7
.text:0000B2F8 BL sub_7594
.text:0000B2FC
.text:0000B2FC loc_B2FC ; CODE XREF: sub_B294+54↑j
.text:0000B2FC ANDS R0, R7, #0x100000 // unidbg报错的位置
.text:0000B300 STR R0, [SP,#0x30+var_2C]
.text:0000B304 BEQ loc_B350
.text:0000B308 TST R7, #0x400000
.text:0000B30C BNE loc_B388
.text:0000B310 LDR R0, [SP,#0x30+var_28]
.text:0000B314 CMP R6, #0xF
.text:0000B318 BNE loc_B3B0
.text:0000B31C LDR R2, [R4,#0x1C]
.text:0000B320 ADD R0, R0, #4
.text:0000B324 LDR R1, [R4,#0x20]
.text:0000B328 BL sub_21DC
.text:0000B32C CMP R0, #0
.text:0000B330 BEQ loc_B3C8
.text:0000B334 LDR R1, [R0]
.text:0000B338 CMP R1, #0x1C
.text:0000B33C BEQ loc_B3EC
.text:0000B340 CMP R1, #0x60 ; '`'
.text:0000B344 BNE loc_B3E0
.text:0000B348 ADD R5, R0, #8
.text:0000B34C B loc_B40C
下面是unidbg日志:
JNIEnv->CallObjectMethod("com.baidu.input", getBytes("utf-8") => [B@3514a4c0) was called from RX@0x4007bd38[libtongdun.so]0x7bd38
JNIEnv->GetArrayLength([B@3514a4c0 => 15) was called from RX@0x400aef34[libtongdun.so]0xaef34
JNIEnv->NewStringUTF("ims_o") was called from RX@0x400aeda8[libtongdun.so]0xaeda8
JNIEnv->NewStringUTF("[]") was called from RX@0x400aeda8[libtongdun.so]0xaeda8
JNIEnv->GetMethodID(org/json/JSONObject.put(Ljava/lang/String;Ljava/lang/Object;)Lorg/json/JSONObject;) => 0x500317ae was called from RX@0x400ae700[libtongdun.so]0xae700
[17:00:02 843] INFO [cn.tongdun.android.shell.GeneralJNI] (GeneralJNI:216) - 写入后Json:{"du":"0","at":"0","ims_o":"[]","btmac":"22:22:66:b4:b5:b7","exrcid":"0x1a7acf9264fddc06e281ec03bb52091a0ed5f581000000000000000000000000","rcid":"0x6b78fd86865759b45d0bd0d62dc14dbe5bec6c74000000000000000000000000","cmd":"com.jiuxianapk.ui","serialno":"0157b34321c72505"}
JNIEnv->CallObjectMethodV(org.json.JSONObject@1cbb87f3, put("ims_o", "[]") => org.json.JSONObject@1cbb87f3) was called from RX@0x4009e0c4[libtongdun.so]0x9e0c4
JNIEnv->FindClass(android/os/Build$VERSION) was called from RX@0x400af238[libtongdun.so]0xaf238
JNIEnv->GetStaticFieldID(android/os/Build$VERSION.SDK_INTI) => 0x1e4ff4f1 was called from RX@0x400ae940[libtongdun.so]0xae940
JNIEnv->GetStaticIntField(class android/os/Build$VERSION, SDK_INT => 0x1c) was called from RX@0x400aeb80[libtongdun.so]0xaeb80
JNIEnv->FindClass(android/os/Build$VERSION) was called from RX@0x400af238[libtongdun.so]0xaf238
JNIEnv->GetStaticFieldID(android/os/Build$VERSION.SDK_INTI) => 0x1e4ff4f1 was called from RX@0x400ae940[libtongdun.so]0xae940
JNIEnv->GetStaticIntField(class android/os/Build$VERSION, SDK_INT => 0x1c) was called from RX@0x400aeb80[libtongdun.so]0xaeb80
JNIEnv->FindClass(android/telephony/TelephonyManager) was called from RX@0x40056ecc[libtongdun.so]0x56ecc
JNIEnv->GetMethodID(android/telephony/TelephonyManager.getDeviceId()Ljava/lang/String;) => 0x63bb9035 was called from RX@0x40056f74[libtongdun.so]0x56f74
[17:00:02 847] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:58) - memory failed: address=0x63bb904d, size=4, value=0x0, PC=RX@0x402d52fc, LR=RX@0x402d52fc
debugger break at: 0x402d52fc
>>> r0=0x63bb904d "" r1=0x0 "" r2=0xbfffe200 "" r3=0x1 "" r4=0xbfffe278 "" r5=0x0 "" r6=0x0 "" r7=0xe5900000 "" r8=0x0 "" sb=0x0 "" sl=0x1000000 "" fp=0xbfffe228 ip=0x8
>>> SP=0xbfffe1f8 "" LR=RX@0x402d52fc PC=RX@0x402d52fc cpsr: N=0, Z=0, C=1, V=0, T=0, mode=0b10000
>>> d0=0x4057f7c84057f63b(95.87159737195991) d1=0x6c2e73656f64646e(1.2814013619145185E213) d2=0x726568636e7561(1.637309392477546E-306) d3=0x4057f7c84057f63b(95.87159737195991) d4=0x0(0.0) d5=0x0(0.0) d6=0x0(0.0) d7=0x0(0.0)
>>> d8=0x0(0.0) d9=0x0(0.0) d10=0x0(0.0) d11=0x0(0.0) d12=0x0(0.0) d13=0x0(0.0) d14=0x0(0.0) d15=0x0(0.0)
=> *[ 01 06 17 e2 ]*0x402d52fc:*ands r0, r7, #0x100000
[ 04 00 8d e5 ] 0x402d5300: str r0, [sp, #4]
[ 11 00 00 0a ] 0x402d5304: beq #0x402d5350
[ 01 05 17 e3 ] 0x402d5308: tst r7, #0x400000
[ 1d 00 00 1a ] 0x402d530c: bne #0x402d5388
[ 08 00 9d e5 ] 0x402d5310: ldr r0, [sp, #8]
[ 0f 00 56 e3 ] 0x402d5314: cmp r6, #0xf
[ 24 00 00 1a ] 0x402d5318: bne #0x402d53b0
[ 1c 20 94 e5 ] 0x402d531c: ldr r2, [r4, #0x1c]
[ 04 00 80 e2 ] 0x402d5320: add r0, r0, #4
[ 20 10 94 e5 ] 0x402d5324: ldr r1, [r4, #0x20]
[ ab db ff eb ] 0x402d5328: bl #0x402cc1dc
[ 00 00 50 e3 ] 0x402d532c: cmp r0, #0
[ 24 00 00 0a ] 0x402d5330: beq #0x402d53c8
[ 00 10 90 e5 ] 0x402d5334: ldr r1, [r0]
[ 1c 00 51 e3 ] 0x402d5338: cmp r1, #0x1c
c
com.github.unidbg.arm.backend.BackendException: unicorn.UnicornException: Invalid memory read (UC_ERR_READ_UNMAPPED)
at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:356)
at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:370)
at com.github.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:446)
at com.github.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:221)
at com.github.unidbg.Module.emulateFunction(Module.java:159)
at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:133)
at com.github.unidbg.linux.android.dvm.DvmClass.callStaticJniMethodObject(DvmClass.java:292)
at cn.tongdun.android.shell.HelperJNI.init(HelperJNI.java:821)
at cn.tongdun.android.shell.HelperJNI.main(HelperJNI.java:844)
Caused by: unicorn.UnicornException: Invalid memory read (UC_ERR_READ_UNMAPPED)
at unicorn.Unicorn.emu_start(Native Method)
at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:354)
... 8 more
大佬们帮忙看下,万分感谢!!! 环境都补全了,最后出现memory failed:错误。 通过上下文发现:
0x63bb904d地址来自0x63bb9035(jmethod结构体) + 0x18,偏移24字节位置。google没有找到jmethod定义,无法进一步分析。
ands r0, r7, #0x100000,r0虽然是0x63bb904d,但是并没有访问啊。为什么会这样? 如何解决这个问题?
报错的指令:
.text:0000B294 sub_B294 ; CODE XREF: td_c73b6d93a362e6b32e83+858↑p .text:0000B294 .text:0000B294 var_2C = -0x2C .text:0000B294 var_28 = -0x28 .text:0000B294 var_24 = -0x24 .text:0000B294 var_20 = -0x20 .text:0000B294 .text:0000B294 ; __unwind { .text:0000B294 STMFD SP!, {R4-R11,LR} .text:0000B298 ADD R11, SP, #0x1C .text:0000B29C SUB SP, SP, #0x14 .text:0000B2A0 LDR R0, =(__stack_chk_guard_ptr - 0xB2B8) .text:0000B2A4 MOV R4, R1 .text:0000B2A8 MOV R7, R2 .text:0000B2AC ADD R1, SP, #0x30+var_24 .text:0000B2B0 LDR R0, [PC,R0] ; __stack_chk_guard .text:0000B2B4 LDR R0, [R0] .text:0000B2B8 STR R0, [SP,#0x30+var_20] .text:0000B2BC MOV R0, #0 .text:0000B2C0 LDR R8, [R4,#0x24] .text:0000B2C4 STR R0, [SP,#0x30+var_24] .text:0000B2C8 UBFX R6, R7, #0x10, #4 .text:0000B2CC MOV R0, R4 .text:0000B2D0 MOV R2, R6 .text:0000B2D4 BL sub_655C .text:0000B2D8 LDR R5, [SP,#0x30+var_24] .text:0000B2DC ANDS R10, R7, #0x1000000 .text:0000B2E0 STR R5, [SP,#0x30+var_28] .text:0000B2E4 UBFX R9, R7, #0xC, #4 .text:0000B2E8 BEQ loc_B2FC .text:0000B2EC ADD R2, SP, #0x30+var_28 .text:0000B2F0 MOV R0, R4 .text:0000B2F4 MOV R1, R7 .text:0000B2F8 BL sub_7594 .text:0000B2FC .text:0000B2FC loc_B2FC ; CODE XREF: sub_B294+54↑j .text:0000B2FC ANDS R0, R7, #0x100000 // unidbg报错的位置 .text:0000B300 STR R0, [SP,#0x30+var_2C] .text:0000B304 BEQ loc_B350 .text:0000B308 TST R7, #0x400000 .text:0000B30C BNE loc_B388 .text:0000B310 LDR R0, [SP,#0x30+var_28] .text:0000B314 CMP R6, #0xF .text:0000B318 BNE loc_B3B0 .text:0000B31C LDR R2, [R4,#0x1C] .text:0000B320 ADD R0, R0, #4 .text:0000B324 LDR R1, [R4,#0x20] .text:0000B328 BL sub_21DC .text:0000B32C CMP R0, #0 .text:0000B330 BEQ loc_B3C8 .text:0000B334 LDR R1, [R0] .text:0000B338 CMP R1, #0x1C .text:0000B33C BEQ loc_B3EC .text:0000B340 CMP R1, #0x60 ; '`' .text:0000B344 BNE loc_B3E0 .text:0000B348 ADD R5, R0, #8 .text:0000B34C B loc_B40C下面是unidbg日志:
JNIEnv->CallObjectMethod("com.baidu.input", getBytes("utf-8") => [B@3514a4c0) was called from RX@0x4007bd38[libtongdun.so]0x7bd38 JNIEnv->GetArrayLength([B@3514a4c0 => 15) was called from RX@0x400aef34[libtongdun.so]0xaef34 JNIEnv->NewStringUTF("ims_o") was called from RX@0x400aeda8[libtongdun.so]0xaeda8 JNIEnv->NewStringUTF("[]") was called from RX@0x400aeda8[libtongdun.so]0xaeda8 JNIEnv->GetMethodID(org/json/JSONObject.put(Ljava/lang/String;Ljava/lang/Object;)Lorg/json/JSONObject;) => 0x500317ae was called from RX@0x400ae700[libtongdun.so]0xae700 [17:00:02 843] INFO [cn.tongdun.android.shell.GeneralJNI] (GeneralJNI:216) - 写入后Json:{"du":"0","at":"0","ims_o":"[]","btmac":"22:22:66:b4:b5:b7","exrcid":"0x1a7acf9264fddc06e281ec03bb52091a0ed5f581000000000000000000000000","rcid":"0x6b78fd86865759b45d0bd0d62dc14dbe5bec6c74000000000000000000000000","cmd":"com.jiuxianapk.ui","serialno":"0157b34321c72505"} JNIEnv->CallObjectMethodV(org.json.JSONObject@1cbb87f3, put("ims_o", "[]") => org.json.JSONObject@1cbb87f3) was called from RX@0x4009e0c4[libtongdun.so]0x9e0c4 JNIEnv->FindClass(android/os/Build$VERSION) was called from RX@0x400af238[libtongdun.so]0xaf238 JNIEnv->GetStaticFieldID(android/os/Build$VERSION.SDK_INTI) => 0x1e4ff4f1 was called from RX@0x400ae940[libtongdun.so]0xae940 JNIEnv->GetStaticIntField(class android/os/Build$VERSION, SDK_INT => 0x1c) was called from RX@0x400aeb80[libtongdun.so]0xaeb80 JNIEnv->FindClass(android/os/Build$VERSION) was called from RX@0x400af238[libtongdun.so]0xaf238 JNIEnv->GetStaticFieldID(android/os/Build$VERSION.SDK_INTI) => 0x1e4ff4f1 was called from RX@0x400ae940[libtongdun.so]0xae940 JNIEnv->GetStaticIntField(class android/os/Build$VERSION, SDK_INT => 0x1c) was called from RX@0x400aeb80[libtongdun.so]0xaeb80 JNIEnv->FindClass(android/telephony/TelephonyManager) was called from RX@0x40056ecc[libtongdun.so]0x56ecc JNIEnv->GetMethodID(android/telephony/TelephonyManager.getDeviceId()Ljava/lang/String;) => 0x63bb9035 was called from RX@0x40056f74[libtongdun.so]0x56f74 [17:00:02 847] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:58) - memory failed: address=0x63bb904d, size=4, value=0x0, PC=RX@0x402d52fc, LR=RX@0x402d52fc debugger break at: 0x402d52fc >>> r0=0x63bb904d "" r1=0x0 "" r2=0xbfffe200 "" r3=0x1 "" r4=0xbfffe278 "" r5=0x0 "" r6=0x0 "" r7=0xe5900000 "" r8=0x0 "" sb=0x0 "" sl=0x1000000 "" fp=0xbfffe228 ip=0x8 >>> SP=0xbfffe1f8 "" LR=RX@0x402d52fc PC=RX@0x402d52fc cpsr: N=0, Z=0, C=1, V=0, T=0, mode=0b10000 >>> d0=0x4057f7c84057f63b(95.87159737195991) d1=0x6c2e73656f64646e(1.2814013619145185E213) d2=0x726568636e7561(1.637309392477546E-306) d3=0x4057f7c84057f63b(95.87159737195991) d4=0x0(0.0) d5=0x0(0.0) d6=0x0(0.0) d7=0x0(0.0) >>> d8=0x0(0.0) d9=0x0(0.0) d10=0x0(0.0) d11=0x0(0.0) d12=0x0(0.0) d13=0x0(0.0) d14=0x0(0.0) d15=0x0(0.0) => *[ 01 06 17 e2 ]*0x402d52fc:*ands r0, r7, #0x100000 [ 04 00 8d e5 ] 0x402d5300: str r0, [sp, #4] [ 11 00 00 0a ] 0x402d5304: beq #0x402d5350 [ 01 05 17 e3 ] 0x402d5308: tst r7, #0x400000 [ 1d 00 00 1a ] 0x402d530c: bne #0x402d5388 [ 08 00 9d e5 ] 0x402d5310: ldr r0, [sp, #8] [ 0f 00 56 e3 ] 0x402d5314: cmp r6, #0xf [ 24 00 00 1a ] 0x402d5318: bne #0x402d53b0 [ 1c 20 94 e5 ] 0x402d531c: ldr r2, [r4, #0x1c] [ 04 00 80 e2 ] 0x402d5320: add r0, r0, #4 [ 20 10 94 e5 ] 0x402d5324: ldr r1, [r4, #0x20] [ ab db ff eb ] 0x402d5328: bl #0x402cc1dc [ 00 00 50 e3 ] 0x402d532c: cmp r0, #0 [ 24 00 00 0a ] 0x402d5330: beq #0x402d53c8 [ 00 10 90 e5 ] 0x402d5334: ldr r1, [r0] [ 1c 00 51 e3 ] 0x402d5338: cmp r1, #0x1c c com.github.unidbg.arm.backend.BackendException: unicorn.UnicornException: Invalid memory read (UC_ERR_READ_UNMAPPED) at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:356) at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:370) at com.github.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:446) at com.github.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:221) at com.github.unidbg.Module.emulateFunction(Module.java:159) at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:133) at com.github.unidbg.linux.android.dvm.DvmClass.callStaticJniMethodObject(DvmClass.java:292) at cn.tongdun.android.shell.HelperJNI.init(HelperJNI.java:821) at cn.tongdun.android.shell.HelperJNI.main(HelperJNI.java:844) Caused by: unicorn.UnicornException: Invalid memory read (UC_ERR_READ_UNMAPPED) at unicorn.Unicorn.emu_start(Native Method) at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:354) ... 8 more
大佬们帮忙看下,万分感谢!!! 环境都补全了,最后出现memory failed:错误。 通过上下文发现:
0x63bb904d地址来自0x63bb9035(jmethod结构体) + 0x18,偏移24字节位置。google没有找到jmethod定义,无法进一步分析。
ands r0, r7, #0x100000,r0虽然是0x63bb904d,但是并没有访问啊。为什么会这样? 如何解决这个问题?
报错的指令:
.text:0000B294 sub_B294 ; CODE XREF: td_c73b6d93a362e6b32e83+858↑p .text:0000B294 .text:0000B294 var_2C = -0x2C .text:0000B294 var_28 = -0x28 .text:0000B294 var_24 = -0x24 .text:0000B294 var_20 = -0x20 .text:0000B294 .text:0000B294 ; __unwind { .text:0000B294 STMFD SP!, {R4-R11,LR} .text:0000B298 ADD R11, SP, #0x1C .text:0000B29C SUB SP, SP, #0x14 .text:0000B2A0 LDR R0, =(__stack_chk_guard_ptr - 0xB2B8) .text:0000B2A4 MOV R4, R1 .text:0000B2A8 MOV R7, R2 .text:0000B2AC ADD R1, SP, #0x30+var_24 .text:0000B2B0 LDR R0, [PC,R0] ; __stack_chk_guard .text:0000B2B4 LDR R0, [R0] .text:0000B2B8 STR R0, [SP,#0x30+var_20] .text:0000B2BC MOV R0, #0 .text:0000B2C0 LDR R8, [R4,#0x24] .text:0000B2C4 STR R0, [SP,#0x30+var_24] .text:0000B2C8 UBFX R6, R7, #0x10, #4 .text:0000B2CC MOV R0, R4 .text:0000B2D0 MOV R2, R6 .text:0000B2D4 BL sub_655C .text:0000B2D8 LDR R5, [SP,#0x30+var_24] .text:0000B2DC ANDS R10, R7, #0x1000000 .text:0000B2E0 STR R5, [SP,#0x30+var_28] .text:0000B2E4 UBFX R9, R7, #0xC, #4 .text:0000B2E8 BEQ loc_B2FC .text:0000B2EC ADD R2, SP, #0x30+var_28 .text:0000B2F0 MOV R0, R4 .text:0000B2F4 MOV R1, R7 .text:0000B2F8 BL sub_7594 .text:0000B2FC .text:0000B2FC loc_B2FC ; CODE XREF: sub_B294+54↑j .text:0000B2FC ANDS R0, R7, #0x100000 // unidbg报错的位置 .text:0000B300 STR R0, [SP,#0x30+var_2C] .text:0000B304 BEQ loc_B350 .text:0000B308 TST R7, #0x400000 .text:0000B30C BNE loc_B388 .text:0000B310 LDR R0, [SP,#0x30+var_28] .text:0000B314 CMP R6, #0xF .text:0000B318 BNE loc_B3B0 .text:0000B31C LDR R2, [R4,#0x1C] .text:0000B320 ADD R0, R0, #4 .text:0000B324 LDR R1, [R4,#0x20] .text:0000B328 BL sub_21DC .text:0000B32C CMP R0, #0 .text:0000B330 BEQ loc_B3C8 .text:0000B334 LDR R1, [R0] .text:0000B338 CMP R1, #0x1C .text:0000B33C BEQ loc_B3EC .text:0000B340 CMP R1, #0x60 ; '`' .text:0000B344 BNE loc_B3E0 .text:0000B348 ADD R5, R0, #8 .text:0000B34C B loc_B40C下面是unidbg日志:
JNIEnv->CallObjectMethod("com.baidu.input", getBytes("utf-8") => [B@3514a4c0) was called from RX@0x4007bd38[libtongdun.so]0x7bd38 JNIEnv->GetArrayLength([B@3514a4c0 => 15) was called from RX@0x400aef34[libtongdun.so]0xaef34 JNIEnv->NewStringUTF("ims_o") was called from RX@0x400aeda8[libtongdun.so]0xaeda8 JNIEnv->NewStringUTF("[]") was called from RX@0x400aeda8[libtongdun.so]0xaeda8 JNIEnv->GetMethodID(org/json/JSONObject.put(Ljava/lang/String;Ljava/lang/Object;)Lorg/json/JSONObject;) => 0x500317ae was called from RX@0x400ae700[libtongdun.so]0xae700 [17:00:02 843] INFO [cn.tongdun.android.shell.GeneralJNI] (GeneralJNI:216) - 写入后Json:{"du":"0","at":"0","ims_o":"[]","btmac":"22:22:66:b4:b5:b7","exrcid":"0x1a7acf9264fddc06e281ec03bb52091a0ed5f581000000000000000000000000","rcid":"0x6b78fd86865759b45d0bd0d62dc14dbe5bec6c74000000000000000000000000","cmd":"com.jiuxianapk.ui","serialno":"0157b34321c72505"} JNIEnv->CallObjectMethodV(org.json.JSONObject@1cbb87f3, put("ims_o", "[]") => org.json.JSONObject@1cbb87f3) was called from RX@0x4009e0c4[libtongdun.so]0x9e0c4 JNIEnv->FindClass(android/os/Build$VERSION) was called from RX@0x400af238[libtongdun.so]0xaf238 JNIEnv->GetStaticFieldID(android/os/Build$VERSION.SDK_INTI) => 0x1e4ff4f1 was called from RX@0x400ae940[libtongdun.so]0xae940 JNIEnv->GetStaticIntField(class android/os/Build$VERSION, SDK_INT => 0x1c) was called from RX@0x400aeb80[libtongdun.so]0xaeb80 JNIEnv->FindClass(android/os/Build$VERSION) was called from RX@0x400af238[libtongdun.so]0xaf238 JNIEnv->GetStaticFieldID(android/os/Build$VERSION.SDK_INTI) => 0x1e4ff4f1 was called from RX@0x400ae940[libtongdun.so]0xae940 JNIEnv->GetStaticIntField(class android/os/Build$VERSION, SDK_INT => 0x1c) was called from RX@0x400aeb80[libtongdun.so]0xaeb80 JNIEnv->FindClass(android/telephony/TelephonyManager) was called from RX@0x40056ecc[libtongdun.so]0x56ecc JNIEnv->GetMethodID(android/telephony/TelephonyManager.getDeviceId()Ljava/lang/String;) => 0x63bb9035 was called from RX@0x40056f74[libtongdun.so]0x56f74 [17:00:02 847] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:58) - memory failed: address=0x63bb904d, size=4, value=0x0, PC=RX@0x402d52fc, LR=RX@0x402d52fc debugger break at: 0x402d52fc >>> r0=0x63bb904d "" r1=0x0 "" r2=0xbfffe200 "" r3=0x1 "" r4=0xbfffe278 "" r5=0x0 "" r6=0x0 "" r7=0xe5900000 "" r8=0x0 "" sb=0x0 "" sl=0x1000000 "" fp=0xbfffe228 ip=0x8 >>> SP=0xbfffe1f8 "" LR=RX@0x402d52fc PC=RX@0x402d52fc cpsr: N=0, Z=0, C=1, V=0, T=0, mode=0b10000 >>> d0=0x4057f7c84057f63b(95.87159737195991) d1=0x6c2e73656f64646e(1.2814013619145185E213) d2=0x726568636e7561(1.637309392477546E-306) d3=0x4057f7c84057f63b(95.87159737195991) d4=0x0(0.0) d5=0x0(0.0) d6=0x0(0.0) d7=0x0(0.0) >>> d8=0x0(0.0) d9=0x0(0.0) d10=0x0(0.0) d11=0x0(0.0) d12=0x0(0.0) d13=0x0(0.0) d14=0x0(0.0) d15=0x0(0.0) => *[ 01 06 17 e2 ]*0x402d52fc:*ands r0, r7, #0x100000 [ 04 00 8d e5 ] 0x402d5300: str r0, [sp, #4] [ 11 00 00 0a ] 0x402d5304: beq #0x402d5350 [ 01 05 17 e3 ] 0x402d5308: tst r7, #0x400000 [ 1d 00 00 1a ] 0x402d530c: bne #0x402d5388 [ 08 00 9d e5 ] 0x402d5310: ldr r0, [sp, #8] [ 0f 00 56 e3 ] 0x402d5314: cmp r6, #0xf [ 24 00 00 1a ] 0x402d5318: bne #0x402d53b0 [ 1c 20 94 e5 ] 0x402d531c: ldr r2, [r4, #0x1c] [ 04 00 80 e2 ] 0x402d5320: add r0, r0, #4 [ 20 10 94 e5 ] 0x402d5324: ldr r1, [r4, #0x20] [ ab db ff eb ] 0x402d5328: bl #0x402cc1dc [ 00 00 50 e3 ] 0x402d532c: cmp r0, #0 [ 24 00 00 0a ] 0x402d5330: beq #0x402d53c8 [ 00 10 90 e5 ] 0x402d5334: ldr r1, [r0] [ 1c 00 51 e3 ] 0x402d5338: cmp r1, #0x1c c com.github.unidbg.arm.backend.BackendException: unicorn.UnicornException: Invalid memory read (UC_ERR_READ_UNMAPPED) at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:356) at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:370) at com.github.unidbg.AbstractEmulator.eFunc(AbstractEmulator.java:446) at com.github.unidbg.arm.AbstractARMEmulator.eFunc(AbstractARMEmulator.java:221) at com.github.unidbg.Module.emulateFunction(Module.java:159) at com.github.unidbg.linux.android.dvm.DvmObject.callJniMethod(DvmObject.java:133) at com.github.unidbg.linux.android.dvm.DvmClass.callStaticJniMethodObject(DvmClass.java:292) at cn.tongdun.android.shell.HelperJNI.init(HelperJNI.java:821) at cn.tongdun.android.shell.HelperJNI.main(HelperJNI.java:844) Caused by: unicorn.UnicornException: Invalid memory read (UC_ERR_READ_UNMAPPED) at unicorn.Unicorn.emu_start(Native Method) at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:354) ... 8 more
楼主,你解决了吗?相同的问题困扰我好久了...
