记录学习笔记~文章来源:https://www.toymoban.com/news/detail-509277.html
package com.dta.lesson2;
import com.github.unidbg.AndroidEmulator;
import com.github.unidbg.Module;
import com.github.unidbg.arm.backend.DynarmicFactory;
import com.github.unidbg.linux.android.AndroidEmulatorBuilder;
import com.github.unidbg.linux.android.AndroidResolver;
import com.github.unidbg.linux.android.dvm.DalvikModule;
import com.github.unidbg.linux.android.dvm.DvmObject;
import com.github.unidbg.linux.android.dvm.StringObject;
import com.github.unidbg.linux.android.dvm.VM;
import com.github.unidbg.linux.android.dvm.jni.ProxyDvmObject;
import com.github.unidbg.memory.Memory;
import com.sun.jna.Pointer;
import net.dongliu.apk.parser.Main;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
public class MainActivity {
private final AndroidEmulator emulator;
private final VM vm;
private final Memory memory;
private final Module module;
public MainActivity(){
emulator = AndroidEmulatorBuilder
.for32Bit()
//.setRootDir(new File("target/rootfs/default"))
//.addBackendFactory(new DynarmicFactory(true))
.build();
memory = emulator.getMemory();
memory.setLibraryResolver(new AndroidResolver(23));
vm = emulator.createDalvikVM(new File("unidbg-android/src/test/java/com/dta/lesson2/app-debug.apk"));
DalvikModule dalvikModule = vm.loadLibrary(new File("unidbg-android/src/test/java/com/dta/lesson2/libnative-lib.so"), true);
module = dalvikModule.getModule();
vm.callJNI_OnLoad(emulator,module);
}
public void callMd5(){
DvmObject obj = ProxyDvmObject.createObject(vm,this);
String data = "dta";
DvmObject dvmObject = obj.callJniMethodObject(emulator, "md5(Ljava/lang/String;)Ljava/lang/String;", data);
String result = (String) dvmObject.getValue();
System.out.println("[symble] Call the so md5 function result is ==> "+ result);
}
private void call_address() {
Pointer jniEnv = vm.getJNIEnv();
DvmObject obj = ProxyDvmObject.createObject(vm,this);
StringObject data = new StringObject(vm,"dta");
List<Object> args = new ArrayList<>();
args.add(jniEnv);
args.add(vm.addLocalObject(obj));
args.add(vm.addLocalObject(data));
Number[] numbers = module.callFunction(emulator, 0x8E81, args.toArray());
DvmObject<?> object = vm.getObject(numbers[0].intValue());
String value = (String) object.getValue();
System.out.println("[addr] Call the so md5 function result is ==> "+ value);
}
public static void main(String[] args) {
long start = System.currentTimeMillis();
MainActivity mainActivity = new MainActivity();
System.out.println("load the vm "+( System.currentTimeMillis() - start )+ "ms");
mainActivity.callMd5();
mainActivity.call_address();
}
}
other文章来源地址https://www.toymoban.com/news/detail-509277.html
package com.r0ysue;
import com.github.unidbg.AndroidEmulator;
import com.github.unidbg.Module;
import com.github.unidbg.linux.android.AndroidEmulatorBuilder;
import com.github.unidbg.linux.android.AndroidResolver;
import com.github.unidbg.linux.android.dvm.*;
import com.github.unidbg.linux.android.dvm.jni.ProxyDvmObject;
import com.github.unidbg.memory.Memory;
import com.sun.jna.Pointer;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
public class demo1 extends AbstractJni {
private final AndroidEmulator emulator;
private final VM vm;
private final Memory memory;
private final Module module;
public demo1() {
emulator = AndroidEmulatorBuilder
.for32Bit()
//.setRootDir(new File("target/rootfs/default"))
//.addBackendFactory(new DynarmicFactory(true))
.build();
memory = emulator.getMemory();
memory.setLibraryResolver(new AndroidResolver(23));
// vm = emulator.createDalvikVM(new File("unidbg-android/src/test/java/com/dta/lesson2/app-debug.apk"));
vm = emulator.createDalvikVM(new File("unidbg-android/src/test/resources/ro/uuu.apk"));
// vm.setVerbose(true);
vm.setJni(this);
DalvikModule dalvikModule = vm.loadLibrary("native-lib", true);
module = dalvikModule.getModule();
vm.callJNI_OnLoad(emulator, module);
}
public demo1(AndroidEmulator emulator, VM vm, Memory memory, Module module) {
this.emulator = emulator;
this.vm = vm;
this.memory = memory;
this.module = module;
}
public void callMd5() {
// DvmObject obj = ProxyDvmObject.createObject(vm, "com/dta/lesson2/MainActivity");
DvmObject obj = vm.resolveClass("com/dta/lesson2/MainActivity").newObject(null);
String data = "dta";
DvmObject dvmObject = obj.callJniMethodObject(emulator, "md5(Ljava/lang/String;)Ljava/lang/String;", data);
String result = (String) dvmObject.getValue();
System.out.println("[symble] Call the so md5 function result is ==> " + result);
}
private void call_address() {
Pointer jniEnv = vm.getJNIEnv();
DvmObject obj = ProxyDvmObject.createObject(vm, this);
StringObject data = new StringObject(vm, "dta");
List<Object> args = new ArrayList<>();
args.add(jniEnv);
args.add(vm.addLocalObject(obj));
args.add(vm.addLocalObject(data));
Number numbers = module.callFunction(emulator, 0x8E81, args.toArray());
DvmObject<?> object = vm.getObject(numbers.intValue());
String value = (String) object.getValue();
System.out.println("[addr] Call the so md5 function result is ==> " + value);
}
public static void main(String[] args) {
long start = System.currentTimeMillis();
demo1 demo1 = new demo1();
System.out.println("load the vm " + (System.currentTimeMillis() - start) + "ms");
demo1.callMd5();
demo1.call_address();
}
}
到了这里,关于unidbg非反射调用demo(一)的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
