地址调用函数提示Read memory failed及 Invalid memory read

[lihuiboy]

` package com.momo;

import com.github.unidbg.AndroidEmulator;
import com.github.unidbg.Module;
import com.github.unidbg.arm.backend.Backend;
import com.github.unidbg.arm.backend.DynarmicFactory;
import com.github.unidbg.linux.android.AndroidEmulatorBuilder;
import com.github.unidbg.linux.android.AndroidResolver;
import com.github.unidbg.linux.android.dvm.*;
import com.github.unidbg.linux.android.dvm.array.ByteArray;
import com.github.unidbg.linux.android.dvm.wrapper.DvmInteger;
import com.github.unidbg.memory.Memory;
import com.sun.jna.Pointer;
import unicorn.UnicornConst;

import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

public class sign extends AbstractJni{

private final AndroidEmulator emulator;
private final VM vm;
private final DvmClass Sign;
private final Module module;
private final boolean logging;

public sign(boolean logging){
    this.logging = logging;
    emulator = AndroidEmulatorBuilder
            .for64Bit()
            .addBackendFactory(new DynarmicFactory(true))
            .setProcessName("com.immomo.momo")
            .build(); // 创建模拟器实例，要模拟32位或者64位，在这里区分

    final Memory memory = emulator.getMemory(); // 模拟器的内存操作接口
    memory.setLibraryResolver(new AndroidResolver(23)); // 设置系统类库解析
    vm = emulator.createDalvikVM(new File("/home/lh/unidbg-0.9.3/unidbg-android/src/test/java/com/momo/resources/momo64.apk")); // 创建Android虚拟机

    vm.setJni(this);
    vm.setVerbose(true); // 设置是否打印Jni调用细节

    DalvikModule dmcode = vm.loadLibrary(new File("/home/lh/unidbg-0.9.3/unidbg-android/src/test/java/com/momo/resources/libcoded_jni64.so"), false);
    module = dmcode.getModule(); // 加载好的so对应为一个模块
    Sign = vm.resolveClass("com/immomo/momo/util/jni/Coded");//需要调用的jni函数--package+methodname

    dmcode.callJNI_OnLoad(emulator); // 手动执行JNI_OnLoad函数
}

void destroy() throws IOException {
    emulator.close();
    if (logging) {
        System.out.println("destroy");
    }
}

public int CallFunc1(){

    byte[] data1 = new byte[10];
    for (int i = 0; i < data1.length; i++) {
        data1[i] = (byte) (i + 1);
    }
    byte[] data2 = new byte[10];
    for (int j = 20; j < data2.length; j++) {
        data2[j] = (byte) (j + 1);
    }
    byte[] data3 = new byte[10];
    for (int k = 40; k < data3.length; k++) {
        data3[k] = (byte) (k + 1);
    }
    int retval = Sign.callStaticJniMethodInt(emulator,
            "a49kdEba83h([BI[BI[B)I",
            new ByteArray(vm,data1),
            data1.length,
            new ByteArray(vm,data2),
            data2.length,
            new ByteArray(vm,data3));
    return retval;
}

public int CallFunc2(){

    Pointer jniEnv = vm.getJNIEnv();
    DvmClass dvmClass = vm.resolveClass("com/immomo/momo/util/jni/Coded");
    DvmObject<?> dvmObject = dvmClass.newObject(null);

    List<Object> Params = new ArrayList<>(10);
    Params.add(jniEnv);
    Params.add(vm.addLocalObject(dvmObject));

    ByteArray param1 = new ByteArray(vm, "123456".getBytes(StandardCharsets.UTF_8));
    Params.add(vm.addLocalObject(param1));

    DvmInteger param2 = DvmInteger.valueOf(vm, 10);
    Params.add(vm.addLocalObject(param2));

    ByteArray param3 = new ByteArray(vm, "123456".getBytes(StandardCharsets.UTF_8));
    Params.add(vm.addLocalObject(param3));

    DvmInteger param4 = DvmInteger.valueOf(vm, 10);
    Params.add(vm.addLocalObject(param4));

    ByteArray param5 = new ByteArray(vm, "123456".getBytes(StandardCharsets.UTF_8));
    Params.add(vm.addLocalObject(param5));

    Number[] number = module.callFunction(
            emulator,
            0x15f8,
            Params.toArray());

    int retval = number[0].intValue();
    System.out.println("sign result:" + number);
    return retval;
}


public static void main(String[] args) throws Exception {
    sign test = new sign(true);
    int retval1 = test.CallFunc2();
    System.out.println("retval:" + retval1);
    test.destroy();
}

}`
运行test.CallFunc1()运行正常，test.CallFunc1()报错如下：
[07:01:30 682] WARN [com.github.unidbg.linux.ARM64SyscallHandler] (ARM64SyscallHandler:1332) - mmap start=0x0, length=1879048192, prot=0x3, flags=0x22, fd=-1, offset=0
[07:01:30 683] WARN [com.github.unidbg.arm.AbstractARM64Emulator] (AbstractARM64Emulator$1:66) - Read memory failed: address=0x123c4000, size=8, value=0x0
[07:01:30 684] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:417) - emulate RX@0x120015f8[libcoded_jni.so]0x15f8 exception sp=unidbg@0xe4fff3b0, msg=unicorn.UnicornException: Invalid memory read (UC_ERR_READ_UNMAPPED), offset=17ms @ Runnable|Function64 address=0x120015f8, arguments=[unidbg@0xfffe1640, 757108857, 1809787067, 1802598046, 659748578, 240650537, 483422889]

[jalee0606]

你忘了添加安卓module

new AndroidModule(emulator, dalvikVM).register(memory);